Login
It started with a DM.
For five months, 25-year-old computer programmer Maggie K. exchanged daily messages with the man she met on Instagram, convinced she had found something real.
When it was finally time to meet in person, he never showed. Instead, he claimed he missed his flight and needed money to rebook. Desperate to finally see him, she sent the cash.
Then, silence. His accounts vanished. He hadn’t just ghosted her—he had never existed at all.
“I ignored my gut feeling… I sent him $1,200. Then he disappeared,” Maggie told McAfee, hoping that her story would educate others. “When I reported the scam, the police told me his images were AI-generated. He wasn’t even a real person. That was the scariest part – I had trusted someone who never even existed.”
These scams work because they prey on trust and emotions. And they aren’t just targeting the naïve; anyone, even tech professionals as Maggie’s case shows, can be fooled.
McAfee’s latest research reveals more than half (52%) of people have been scammed out of money or pressured to send money or gifts by someone they met online.
And romance scams aren’t just happening in dating apps anymore. Social media, messaging platforms and AI chatbots are fuelling an explosion of online romance fraud.
McAfee’s findings highlight a staggering rise in:
With 62% of people saying they’ve used dating apps, social media, or messaging platforms to connect with potential partners, scammers have a bigger pool of victims than ever before.
Younger users are the most active online daters, with 31% of 18-24-year-olds currently using online dating platforms. Tinder is the most popular dating app overall (46%), with its highest engagement among 18-24-year-olds (73%). Just over 40% of respondents said they use Instagram, 29% use Snapchat and 25% use TikTok to meet potential partners. But these platforms also present new risks, as fake apps designed to steal personal information lurk in app stores.
McAfee researchers found nearly 11,000 attempts to download fraudulent dating apps in recent months. The most impersonated?
Downloading a fake app could expose your login credentials, financial information or even install malware onto your device.
And once money is lost, its rarely recovered, as scammers use cryptocurrency, untraceable gift cards and offshore accounts to move stolen funds.
McAfee researchers urge anyone looking for love online to stay vigilant by following these critical safety measures:
1) Watch for “love bombing.” Scammers overwhelm victims with affection early on to gain trust.
2) Verify their identity. Use reverse image searches and insist on live video calls which AI-generated scammers avoid.
3) Never send money. No real partner will pressure you for financial help—especially when you’ve never met.
4) Be wary of celebrity DMs. If a famous figure suddenly messages you, it’s likely a scam.
5) Avoid suspicious links. McAfee blocked over 321,000 fraudulent dating sites—avoid clicking on unknown links or apps.
6) Use online protection tools. Tools like McAfee+ can detect and block suspicious messages, phishing attempts, and AI-generated fraud in real time. McAfee+ offers maximum identity, privacy, and device protection to detect and prevent fraudulent activity before it causes harm.
The post AI chatbots are becoming romance scammers—and 1 in 3 people admit they could fall for one appeared first on McAfee Blog.
Beyoncé has officially announced her Cowboy Carter world tour, and the excitement is through the roof! With her last tour selling out in record time, fans know they need to act fast to secure their tickets. Unfortunately, that urgency is exactly what scammers prey on.
In 2022 alone, Americans lost nearly $8.8 billion to fraud, and ticket scams are one of the most common ways scammers cash in on eager fans. But don’t worry—we’ve got you covered. Before you rush to buy tickets to Beyoncé’s latest tour, here’s how to spot and avoid ticket scams so you don’t get left outside the stadium with nothing but regret.
Ticket scams come in different forms, but the most common ones include:
Scammers know how to create a sense of urgency, often advertising tickets to sold-out events at too-good-to-be-true prices. If you’re desperate to see Beyoncé, it’s easy to get caught up in the rush—but staying cautious can save you from getting scammed.
The best way to avoid being scammed is to buy only from reputable sources like official ticketing platforms (Ticketmaster, Live Nation, AXS) or directly from the event’s website. However, if you’re looking elsewhere, be on the lookout for these red flags:
When an event sells out, scammers flood social media with offers. Platforms like Facebook Marketplace, Instagram, and Craigslist are filled with fake ticket sellers. If you didn’t get tickets during the official sale, be cautious about where you’re looking.
Pro Tip: Follow Beyoncé’s official social media pages and event organizers for updates. Sometimes, extra dates or official resale opportunities become available.
Scammers often advertise tickets below face value to lure in victims. While real fans sometimes sell their tickets at a discount, it’s a huge red flag if the price is way lower than expected.
Pro Tip: If you’re buying from an individual, check their profile carefully. Look for signs of a fake account, such as recently created pages or multiple listings in different cities.
Some scammers go the extra mile, creating entire websites that mimic real ticket platforms. These fake sites not only sell counterfeit tickets but may also steal your credit card information.
Pro Tip: Always type in the official ticketing site’s URL manually or search for it on Google. Avoid clicking links from unknown sources, and double-check that the site uses “HTTPS” and has no misspellings in the URL.
Even if you get a real ticket, that doesn’t mean it’s yours alone. Some scammers sell the same ticket to multiple people, leading to chaos when multiple buyers show up at the event.
Pro Tip: Only buy from platforms that offer verified resale tickets with guarantees, like StubHub, SeatGeek, or VividSeats.
Some scammers sell general admission tickets as if they were premium seats. You may think you’re getting front-row access, only to find out you overpaid for a standing-room ticket.
Pro Tip: Always confirm the seat location with the seller. Many venues have seating charts available online, so check before purchasing.
Scammers hack into Ticketmaster accounts and transfer tickets to themselves, effectively locking the rightful owner out of their seats. Victims often receive a flood of emails, including notifications of ticket transfers they never authorized. By the time they realize what’s happened, their tickets are gone, likely resold by the scammer.
Pro Tip: To prevent this, ensure your Ticketmaster account is secure by using a strong password, enabling two-factor authentication, and being wary of suspicious login attempts or phishing emails.
To make sure you don’t fall victim to a ticket scam, follow these golden rules:
Buy from official sources – Beyoncé’s official website, Ticketmaster, and AXS are your safest bets.
Use a credit card – If something goes wrong, you can dispute the charge.
Be wary of social media sellers – If you’re buying from a stranger, research their profile and history first.
Check the URL – Make sure you’re on the real ticketing website before purchasing.
Avoid high-pressure sales tactics – Scammers want you to act fast—don’t fall for it!
Beyond ticket scams, cybercriminals also use major events like Beyoncé’s tour to spread malware and phishing attacks. McAfee’s comprehensive online protection can help keep your devices and personal information safe by blocking malicious websites, preventing identity theft, and alerting you to potential fraud.
Beyoncé’s Cowboy Carter tour is one of the most anticipated events of the year, and everyone wants to be part of the experience. But scammers know this too, and they’re out in full force. By staying smart, sticking to verified ticket sources, and being wary of deals that seem too good to be true, you can avoid scams and secure your spot at one of the biggest concerts of 2025.
Stay safe, Beyhive—and get ready to enjoy the show!
The post Buying Tickets for Beyoncé’s Cowboy Carter Tour? Don’t Let Scammers Ruin Your Experience appeared first on McAfee Blog.
Data Privacy Week is here, and there’s no better time to shine a spotlight on one of the biggest players in the personal information economy: data brokers. These entities collect, buy, and sell hundreds—sometimes thousands—of data points on individuals like you. But how do they manage to gather so much information, and for what purpose? From your browsing habits and purchase history to your location data and even more intimate details, these digital middlemen piece together surprisingly comprehensive profiles. The real question is: where are they getting it all, and why is your personal data so valuable to them? Let’s unravel the mystery behind the data broker industry.
Data brokers aggregate user info from various sources on the internet. They collect, collate, package, and sometimes even analyze this data to create a holistic and coherent version of you online. This data then gets put up for sale to nearly anyone who’ll buy it. That can include marketers, private investigators, tech companies, and sometimes law enforcement as well. They’ll also sell to spammers and scammers. (Those bad actors need to get your contact info from somewhere — data brokers are one way to get that and more.)
And that list of potential buyers goes on, which includes but isn’t limited to:
These companies and social media platforms use your data to better understand target demographics and the content with which they interact. While the practice isn’t unethical in and of itself (personalizing user experiences and creating more convenient UIs are usually cited as the primary reasons for it), it does make your data vulnerable to malicious attacks targeted toward big-tech servers.
Most of your online activities are related. Devices like your phone, laptop, tablets, and even fitness watches are linked to each other. Moreover, you might use one email ID for various accounts and subscriptions. This online interconnectedness makes it easier for data brokers to create a cohesive user profile.
Mobile phone apps are the most common way for data brokerage firms to collect your data. You might have countless apps for various purposes, such as financial transactions, health and fitness, or social media.
A number of these apps usually fall under the umbrella of the same or subsidiary family of apps, all of which work toward collecting and supplying data to big tech platforms. Programs like Google’s AdSense make it easier for developers to monetize their apps in exchange for the user information they collect.
Data brokers also collect data points like your home address, full name, phone number, and date of birth. They have automated scraping tools to quickly collect relevant information from public records (think sales of real estate, marriages, divorces, voter registration, and so on).
Lastly, data brokers can gather data from other third parties that track your cookies or even place trackers or cookies on your browsers. Cookies are small data files that track your online activities when visiting different websites. They track your IP address and browsing history, which third parties can exploit. Cookies are also the reason you see personalized ads and products.
Data brokers collate your private information into one package and sell it to “people search” websites. As mentioned above, practically anyone can access these websites and purchase extensive consumer data, for groups of people and individuals alike.
Next, marketing and sales firms are some of data brokers’ biggest clients. These companies purchase massive data sets from data brokers to research your data profile. They have advanced algorithms to segregate users into various consumer groups and target you specifically. Their predictive algorithms can suggest personalized ads and products to generate higher lead generation and conversation percentages for their clients.
We tend to accept the terms and conditions that various apps ask us to accept without thinking twice or reading the fine print. You probably cannot proceed without letting the app track certain data or giving your personal information. To a certain extent, we trade some of our privacy for convenience. This becomes public information, and apps and data brokers collect, track, and use our data however they please while still complying with the law.
There is no comprehensive privacy law in the U.S. on a federal level. This allows data brokers to collect personal information and condense it into marketing insights. While not all methods of gathering private data are legal, it is difficult to track the activities of data brokers online (especially on the dark web). As technology advances, there are also easier ways to harvest and exploit data.
As of March 2024, 15 states in the U.S. have data privacy laws in place. That includes California, Virginia, Connecticut, Colorado, Utah, Iowa, Indiana, Tennessee, Oregon, Montana, Texas, Delaware, Florida, New Jersey, and New Hampshire.[i] The laws vary by state, yet generally, they grant rights to individuals around the collection, use, and disclosure of their personal data by businesses.
However, these laws make exceptions for certain types of data and certain types of collectors. In short, these laws aren’t absolute.
Some data brokers let you remove your information from their websites. There are also extensive guides available online that list the method by which you can opt-out of some of the biggest data brokering firms. For example, a guide by Griffin Boyce, the systems administrator at Harvard University’s Berkman Klein Center for Internet and Society, provides detailed information on how to opt-out of a long list of data broker companies.
Yet the list of data brokers is long. Cleaning up your personal data online can quickly eat up your time, as it requires you to reach out to multiple data brokers and opt-out.
Rather than removing yourself one by one from the host of data broker sites out there, you have a solid option: our Personal Data Cleanup.
Personal Data Cleanup scans data broker sites and shows you which ones are selling your personal info. It also provides guidance on how you can remove your data from those sites. And if you want to save time on manually removing that info, you have options. Our McAfee+ Advanced and Ultimate plans come with full-service Personal Data Cleanup, which sends requests to remove your data automatically.
If the thought of your personal info getting bought and sold in such a public way bothers you, our Personal Data Cleanup can put you back in charge of it.
[i] https://pro.bloomberglaw.com/insights/privacy/state-privacy-legislation-tracker/
The post How Data Brokers Sell Your Identity appeared first on McAfee Blog.
McAfee Total Protection users can feel even more secure online knowing that AV-Comparatives has named it the best in 2024 for both real-world protection and overall speed.
The two awards – the 2024 Real-World Protection Gold Award and the Best Overall Speed Gold Award – underscore McAfee’s commitment to providing powerful security without compromising PC performance, a critical combination at a time when 59% of people globally report falling victim to an online scam or knowing someone who has, with 87% of these individuals losing money—an astounding average loss of $1,366 USD.
“We are honored to receive both the Best Real-World Protection and the Best PC Performance awards,” said McAfee Chief Technology Officer Steve Grobman. “AV-Comparatives is a renowned institute with a reputation for analysis and quality assurance that stands tall, and this recognition further reinforces our leadership in online protection. With our AI-powered threat protection, we remain committed to staying one step ahead of cybercriminals while having the lowest impact on PC performance, so that people can enjoy their online lives with confidence.”
Each year, AV-Comparatives rigorously tests leading consumer security products to evaluate their effectiveness in real-world scenarios as well as their impact on system performance. McAfee’s standout results reflect the strength of its:
Protect yourself and your family today with McAfee Total Protection, which includes the award-winning anti-malware technology, scam protection, identity monitoring, Secure VPN, password management, and safe browsing capabilities for all-in-one security.
Get started with a free trial of McAfee Total Protection here. McAfee’s award-winning technology is also available in McAfee+ Premium, McAfee+ Advanced, and McAfee+ Ultimate.
Read the full report on AV-Comparatives’ awards here.
The post AV-Comparatives Crowns McAfee as 2024’s Leader in Online Protection and Speed appeared first on McAfee Blog.
Private tech companies gather tremendous amounts of user data. These companies can afford to let you use social media platforms free of charge because it’s paid for by your data, attention, and time.
Big tech derives most of its profits by selling your attention to advertisers — a well-known business model. Various documentaries (like Netflix’s “The Social Dilemma”) have tried to get to the bottom of the complex algorithms that big tech companies employ to mine and analyze user data for the benefit of third-party advertisers.
Tech companies benefit from personal info by being able to provide personalized ads. When you click “yes” at the end of a terms and conditions agreement found on some web pages, you might be allowing the companies to collect the following data:
For someone unfamiliar with privacy issues, it is important to understand the extent of big tech’s tracking and data collection. After these companies collect data, all this info can be supplied to third-party businesses or used to improve user experience.
The problem with this is that big tech has blurred the line between collecting customer data and violating user privacy in some cases. While tracking what content you interact with can be justified under the garb of personalizing the content you see, big tech platforms have been known to go too far. Prominent social networks like Facebook and LinkedIn have faced legal trouble for accessing personal user data like private messages and saved photos.
The info you provide helps build an accurate character profile and turns it into knowledge that gives actionable insights to businesses. Private data usage can be classified into three cases: selling it to data brokers, using it to improve marketing, or enhancing customer experience.
To sell your info to data brokers
Along with big data, another industry has seen rapid growth: data brokers. Data brokers buy, analyze, and package your data. Companies that collect large amounts of data on their users stand to profit from this service. Selling data to brokers is an important revenue stream for big tech companies.
Advertisers and businesses benefit from increased info on their consumers, creating a high demand for your info. The problem here is that companies like Facebook and Alphabet (Google’s parent company) have been known to mine massive amounts of user data for the sake of their advertisers.
To personalize marketing efforts
Marketing can be highly personalized thanks to the availability of large amounts of consumer data. Tracking your response to marketing campaigns can help businesses alter or improve certain aspects of their campaign to drive better results.
The problem is that most AI-based algorithms are incapable of assessing when they should stop collecting or using your info. After a point, users run the risk of being constantly subjected to intrusive ads and other unconsented marketing campaigns that pop up frequently.
To cater to the customer experience
Analyzing consumer behavior through reviews, feedback, and recommendations can help improve customer experience. Businesses have access to various facets of data that can be analyzed to show them how to meet consumer demands. This might help improve any part of a consumer’s interaction with the company, from designing special offers and discounts to improving customer relationships.
For most social media platforms, the goal is to curate a personalized feed that appeals to users and allows them to spend more time on the app. When left unmonitored, the powerful algorithms behind these social media platforms can repeatedly subject you to the same kind of content from different creators.
Here are the big tech companies that collect and mine the most user data.
Users need a comprehensive data privacy solution to tackle the rampant, large-scale data mining carried out by big tech platforms. While targeted advertisements and easily found items are beneficial, many of these companies collect and mine user data through several channels simultaneously, exploiting them in several ways.
It’s important to ensure your personal info is protected. Protection solutions like McAfee’s Personal Data Cleanup feature can help. It scours the web for traces of your personal info and helps remove it for your online privacy.
McAfee+ provides antivirus software for all your digital devices and a secure VPN connection to avoid exposure to malicious third parties while browsing the internet. Our Identity Monitoring and personal data removal solutions further remove gaps in your devices’ security systems.
With our data protection and custom guidance (complete with a protection score for each platform and tips to keep you safer), you can be sure that your internet identity is protected.
The post What Personal Data Do Companies Track? appeared first on McAfee Blog.
In a world where deepfake scams and misinformation are increasingly pervasive, McAfee is taking a bold step forward with major enhancements to its AI-powered deepfake detection technology. By partnering with AMD and harnessing the Neural Processing Unit (NPU) within the latest AMD Ryzen AI 300 Series processors announced at CES, McAfee Deepfake Detector is designed to empower users to discern truth from fiction like never before.
As deepfake technology becomes more sophisticated, so too does the challenge of identifying manipulated content. Nearly two-thirds of people globally report rising concerns over deepfakes, emphasizing the need for tools that can accurately detect falsified content.
To address this growing issue, McAfee introduced its cutting-edge AI technology, now supercharged through its collaboration with AMD, McAfee Deepfake Detector can deliver detection in seconds to help consumers navigate videos increasingly riddled with misinformation.
Cybercriminals are leveraging AI to manipulate audio and video, creating hyper-realistic deepfakes that are difficult to identify with the naked eye. McAfee’s Deepfake Detector uses advanced Convolution Neural Network models—AI tools specifically trained to identify manipulated or AI-generated audio within videos.
This groundbreaking technology is aimed at not only enhancing online safety but also setting a new standard for AI-powered tools.
McAfee’s partnership with AMD takes deepfake detection to the next level. By leveraging the 50 TOPS of performance in the latest AMD Ryzen AI 300 Series processors, McAfee Deepfake Detector achieves lightning–fast detection of deepfakes. This collaboration announced at CES marks a significant leap forward in balancing AI performance with user privacy, giving consumers the best of both worlds: robust protection and peace of mind.
This newest generation of AMD mobile processors represents huge leaps forward not just in compute and graphics performance but also in AI capabilities and experiences, all powered by the world’s most advanced family of processors1. McAfee Deepfake Detector leverages AMD XDNA 2 architecture providing up to a 5X increase in NPU power vs. the previous generation2, confirming continued AMD leadership in innovation and performance in this new category of AI PC computing.
McAfee’s Deepfake Detector integrates effortlessly into the user’s workflow, ensuring that everyone—from professionals to casual users—can access next-level protection without technical hurdles.
As deepfake technology evolves, McAfee Deepfake Detector is a game-changer in the fight against misinformation and scams. By combining AI-powered detection with the cutting-edge AMD Ryzen AI 300 Series processors and NPU technology, McAfee delivers:
Stay one step ahead of deepfake threats. Whether you’re a professional, a consumer, or simply navigating the digital world, McAfee empowers you to discern truth from fiction—designed for a safer, more secure online experience.
1 Based on node size. As of January 2024, AMD Ryzen AI 300 Series processors are amongst the most advanced series of processors based on 4nm node size, whereas available competitive (non-AMD) x86 laptop processors are based on 7nm TSMC process.
2 Based on engineering specifications as of May 2024 comparing total TOPS capacity for Ryzen AI 300 Series processor’s NPU to Ryzen 7040 Series processor’s NPU.
The post McAfee Deepfake Detector: Fighting Misinformation with AMD AI-Powered Precision appeared first on McAfee Blog.
You know that “Hi, how are you?” text from a stranger? It’s one of the top scams worldwide—right along with those fake delivery notices that try to reel you in a scam site with a fishy link. Now you have extra protection against them and all other kinds of scams with our new McAfee Scam Detector.
The time’s right for it too. Those scam stats above came from our latest research, which also uncovered just how often people get hit with scams and how costly they can be. 59% of Americans said they or someone they know has fallen for an online scam in the last 12 months, with scam victims losing an average of $1,471 to the scam.
Now here’s where our Scam Detector comes in. It helps stop scammers in their tracks with real-time protection against fake emails, suspicious texts, and deepfake videos that look incredibly real. By design, it helps you protect what scammers want — your money and your personal info.
McAfee Scam Detector starts with McAfee Smart AI, the same technology that already powers our online protection. From there, it helps keep you safe from email, text message, and video scams:
The best part is that we do this automatically. Once it’s set up, McAfee Scam Detector goes to work immediately. No need to copy, paste, or second-guess if a message is fake — we take care of it all for you, all in real-time. If we spot something sketchy, it lets you know, whether that’s on your mobile app, email inbox, or video platform.
Also, it lets you know what’s suspicious and why. That’s important to us. When it comes to scams, “knowing one when you see one” goes a long way toward keeping yourself safer online. Explaining why something’s dangerous can help you spot threats even when you’re on devices without McAfee-powered protection.
Soon, McAfee Scam Detector will be included in all McAfee+, McAfee Total Protection, and McAfee LiveSafe plans at no extra cost. It protects you wherever you’re online. Whether you’re using a phone, laptop, tablet, or Chromebook, our Scam Detector keeps you safe.
The post Introducing McAfee Scam Detector— Stop Scams Before They Strike appeared first on McAfee Blog.
As CES kicks off in Las Vegas, McAfee proudly stands at the forefront of innovation, showcasing our leadership in AI and our commitment to driving transformative breakthroughs in tech. Here are the key highlights of McAfee’s participation at CES 2025:
At CES, we are announcing McAfee Scam Detector – the most comprehensive protection against text, email, and video scams. Today’s scams are smarter, sneakier, and more convincing than ever. We’re helping consumers take back control with AI-powered scam detection to stop scammers in their tracks.
Tuesday Spotlight:
Dan Huynh, McAfee’s VP of Business Development, joins a panel of business leaders to explore the capabilities of AI-powered PCs. From enhanced video and photo editing to faster computing speeds and improved security, this session delves into how AI PCs are reshaping work, play, and creativity.
McAfee has announced an exciting partnership with AMD to combat deepfake scams and misinformation. The McAfee Deepfake Detector now leverages the Neural Processing Unit (NPU) in AMD Ryzen AI 300 Series processors, enabling faster and more accurate detection of manipulated content.
Qualcomm is also showcasing McAfee’s Deepfake Detector technology at CES, with demos running on their high-performance, low-powered AI silicon. These demonstrations highlight McAfee’s commitment to tackling the growing threat of malicious AI deepfakes.
Thursday Spotlight:
German Lancioni, McAfee’s Chief AI Scientist, takes the stage to discuss using AI as a tool against AI-generated disinformation. This session will tackle the question: How can people trust what they see in a world of malicious AI deepfakes?
As CES 2025 unfolds, McAfee is proud to lead the charge in addressing the challenges and opportunities that AI brings to our increasingly digital world. Through groundbreaking innovations, strategic partnerships, and thought leadership, we’re not just imagining the future of tech—we’re actively shaping it.
We invite you to join us and our partners at CES to experience our cutting-edge technologies firsthand, engage with experts, and learn how McAfee is redefining security in the age of AI. Together, we’re building a safer, smarter, and more trusted digital landscape for everyone. Stay tuned for more updates as we continue to push the boundaries of what’s possible.
The post McAfee Shines at CES 2025: Redefining AI Protection for All appeared first on McAfee Blog.
For less than the cost of a latte and in under 10 minutes, scammers today can create shockingly convincing deepfake videos of anyone: your mom, your boss, or even your child.
Imagine receiving a video call from your mom asking to borrow money for an emergency, or getting a voicemail from your boss requesting urgent access to company accounts. These scenarios might seem straightforward, but in 2025, they represent a growing threat: deepfake scams that can be created for just $5 in under 10 minutes. According to McAfee’s latest “State of the Scamiverse” report, deepfake scams have become an everyday reality. The average American now encounters 2.6 deepfake videos daily, with younger adults (18-24) seeing even more – about 3.5 per day. These aren’t just celebrity face-swaps or entertaining memes; they’re sophisticated scams designed to separate people from their money.
Welcome to the Scamiverse: an ever-expanding realm of online scams and fraud that’s targeting people everywhere. Despite increasing awareness, scams are on the rise globally, costing victims money, time, and emotional well-being. Understanding this evolving landscape is key to staying protected.
According to McAfee’s December 2024 survey of 5,000 adults:
Beyond financial losses, there’s a significant emotional toll. More than a third of victims reported moderate to significant distress after falling for an online scam, with many spending over a month trying to resolve the resulting issues. Deepfake scams surged tenfold in 2024, with North America experiencing a jaw-dropping 1,740% increase. Over 500,000 deepfakes circulated on social media in 2023 alone. Unsurprisingly, two-thirds of people report being more worried about scams than ever before.
Deepfakes are no longer futuristic tech—they’re an everyday reality. McAfee’s survey showed:
Deepfake videos are most commonly encountered on:
| Platform | % Reporting Deepfakes |
| 68% | |
| 30% | |
| TikTok | 28% |
| X (formerly Twitter) | 17% |
Interestingly, different age groups tend to encounter deepfakes on different platforms. While older Americans are more likely to see them on Facebook (over 80% of those 65+ report this), younger users more frequently encounter them on Instagram and TikTok. Younger Americans encounter more deepfakes (3.5 daily for ages 18-24) than older groups (1.2 for ages 65+), while seniors report higher exposure to deepfakes on Facebook.
Deepfakes leverage generative AI to create convincing fake videos and audio. Initially popularized through memes featuring celebrities like Tom Cruise and Mark Zuckerberg, deepfakes are now weaponized by scammers. These tools can:
McAfee Labs tested 17 deepfake creation tools, finding that scammers can:
These tools enable scammers to achieve professional-grade results with minimal effort, making deepfake scams increasingly accessible.
The McAfee survey highlighted a wide range of scams. Some frequently involve deepfakes, such as:
| Scam Type | % Reporting |
| Fake shipping notifications | 36% |
| Fake news videos | 21% |
| Celebrity endorsement scams | 18% |
With deepfake technology becoming more accessible and sophisticated, here are McAfee’s top tips to protect yourself:
As we move further into 2025, the threat of deepfake scams is likely to grow. While about half of Americans feel confident they can spot these scams, the technology is evolving rapidly. The best defense is staying informed, maintaining healthy skepticism, and using modern security tools designed to combat these AI-powered threats. Scams have evolved with AI, but so have defenses. Staying vigilant, leveraging advanced cybersecurity tools, and educating yourself can help you navigate the Scamiverse safely. As scammers grow smarter, so must we. Remember, if something seems off about a video call or message from a loved one or colleague, take a moment to verify through another channel. In the age of $5 deepfakes, that extra step could save you thousands of dollars and countless hours of stress.
The post State of the Scamiverse – How AI is Revolutionizing Online Fraud appeared first on McAfee Blog.
Brushing scams are a type of online fraud where sellers send unsolicited packages to individuals, even though they never made an order. These deceptive tactics are often used on popular e-commerce platforms such as Amazon and AliExpress. The goal of scammers is to artificially inflate product rankings and create fake reviews, ultimately boosting their sales and visibility. Read on to understand how brushing scams work and what steps you can take to stay safe.
A brushing scam is a fraudulent practice in which sellers send packages to people without their knowledge or consent. These items are typically cheap and low-quality, such as inexpensive jewelry or random gadgets, and are sent to fake addresses or addresses obtained illegally. Once the item is delivered, the fraudster writes a fake review praising the product, which helps the seller’s rating rise.
The term “brushing” originates from Chinese e-commerce, where the act of “brushing up” sales numbers involves creating fake orders and sending goods to random individuals. This practice boosts a product’s perceived popularity, tricking other buyers into thinking the product is highly rated, thus increasing its sales.
Here’s how a brushing scam typically unfolds:
These scammers often send products like costume jewelry, seeds, or inexpensive gadgets to inflate their reviews and rankings. If you find an unsolicited package at your door, there’s a high chance it’s part of a brushing scam.
Personal Data Exposure:
Receiving unsolicited parcels may indicate that your personal information has been compromised. Scammers typically access names and addresses through data breaches or purchase this information from illegal sources. In some cases, they may possess additional sensitive details, opening the door to identity theft.
Account Suspension:
If a fraudster uses your name to write fake reviews, your e-commerce account could be flagged or suspended by the platform while the issue is investigated.
Misleading Consumers:
Fake reviews can mislead you into purchasing low-quality products, especially when inflated ratings and positive comments are posted en masse.
Safety Hazards:
Some items involved in brushing scams, such as cosmetics, could be harmful. Other items, like flower seeds, may pose biosecurity risks or introduce invasive species to your local ecosystem.
If you’ve received an unexpected package and suspect it’s part of a brushing scam, report it to the online marketplace involved. Platforms typically provide a form for users to submit reports on fraudulent packages. Here’s how to handle it:
You can also report the incident to your local consumer protection agency or, in the case of U.S. residents, to the Federal Trade Commission (FTC).
If the scam occurs on Amazon, follow these steps:
It’s important not to consume or use the product, especially if its quality is questionable or if it’s an item like cosmetics or food. Update your passwords for Amazon and any linked accounts and monitor your financial statements for suspicious activity.
Here are some steps to prevent falling victim to brushing scams:
If you receive unexpected items from China or other overseas locations, it could be a sign of a brushing scam, especially if the items appear low-quality or irrelevant.
If you receive a package you didn’t order via USPS:
Brushing scams are a growing concern, but by staying vigilant and taking appropriate steps, you can protect your personal information and avoid falling prey to these deceptive tactics. Always report suspicious packages and reviews, and be cautious when interacting with unfamiliar sellers.
The post How to Protect Yourself from a Brushing Scam appeared first on McAfee Blog.
Winter travel is filled with excitement—whether you’re heading to a snow-covered ski resort, visiting family for the holidays, or enjoying a cozy retreat in a picturesque town. According to Tripadvisor’s Winter Travel Index, 57% of Americans are gearing up for winter travel this year, with a staggering 96% planning to travel as much or more than they did last winter. Yet, with this seasonal joy comes a hidden danger: public Wi-Fi. Airports, hotels, coffee shops, and even ski lodges offer free Wi-Fi, making it easy to stay connected while on the go. But while these networks are convenient, they can also be risky.
Common threats include Man-in-the-Middle attacks, where hackers intercept data exchanged between your device and the Wi-Fi network, and rogue hotspots, where cybercriminals set up fake Wi-Fi networks with names that mimic legitimate ones, tricking users into connecting.
Despite these risks, many travelers still connect to public Wi-Fi without taking the necessary precautions. But with a few simple steps, you can significantly reduce your exposure while traveling this winter.
The most effective way to protect your data on public Wi-Fi is by using a Virtual Private Network (VPN). A VPN encrypts your internet connection, making it virtually impossible for hackers to intercept your data. It creates a secure tunnel between your device and the internet, ensuring that your online activity remains private.
By encrypting your data, a VPN ensures that any information transmitted over the network is unreadable to anyone attempting to intercept it, such as hackers or cybercriminals. It also masks your IP address, adding a layer of anonymity that makes it difficult for snoopers to trace your online movements or identify your location.
Even with a VPN, it’s wise to avoid performing sensitive transactions on public Wi-Fi networks. For activities like online banking, shopping with credit cards, or accessing sensitive work documents, it’s best to reserve those tasks for secure, private networks. Taking a few extra precautions can further reduce your risk of data theft.
Not all Wi-Fi networks are created equal. Some are outright traps set by hackers to lure unsuspecting users. Always verify the official network name with a staff member before connecting, especially in places like airports, hotels, or cafes. Knowing how to identify suspicious networks can save you from connecting to a rogue hotspot.
Protecting your data on public Wi-Fi isn’t just about the network—it’s also about securing your devices. Cybercriminals can exploit vulnerabilities in your smartphone, tablet, or laptop to gain access to your personal information.
Public Wi-Fi can be a lifesaver when you’re traveling, but it doesn’t have to be a risk. By following these simple tips—using a VPN, avoiding sensitive transactions, and securing your devices—you can enjoy your winter adventures without compromising your personal data. So, whether you’re sipping hot cocoa in a ski lodge or waiting for a flight home, stay connected, stay secure, and make the most of your winter travels.
The post How to Protect Your Data While On-the-Go appeared first on McAfee Blog.
Winter Travel Wi-Fi Safety: How to Protect Your Data While On-the-Go
Winter travel is filled with excitement—whether you’re heading to a snow-covered ski resort, visiting family for the holidays, or enjoying a cozy retreat in a picturesque town. According to Tripadvisor’s Winter Travel Index, 57% of Americans are gearing up for winter travel this year, with a staggering 96% planning to travel as much or more than they did last winter. Yet, with this seasonal joy comes a hidden danger: public Wi-Fi. Airports, hotels, coffee shops, and even ski lodges offer free Wi-Fi, making it easy to stay connected while on the go. But while these networks are convenient, they can also be risky.
Public Wi-Fi networks are notorious for their lack of security. Unlike your home network, which is likely password-protected and encrypted, many public networks are open and vulnerable to cyberattacks. Hackers can intercept your data, monitor your online activity, and even steal sensitive information like passwords, credit card numbers, and personal identification.
Common threats include Man-in-the-Middle attacks, where hackers intercept data exchanged between your device and the Wi-Fi network, and rogue hotspots, where cybercriminals set up fake Wi-Fi networks with names that mimic legitimate ones, tricking users into connecting.
Despite these risks, many travelers still connect to public Wi-Fi without taking the necessary precautions. But with a few simple steps, you can significantly reduce your exposure while traveling this winter.
1. Use a Virtual Private Network (VPN): Your Best Defense
The most effective way to protect your data on public Wi-Fi is by using a Virtual Private Network (VPN). A VPN encrypts your internet connection, making it virtually impossible for hackers to intercept your data. It creates a secure tunnel between your device and the internet, ensuring that your online activity remains private.
By encrypting your data, a VPN ensures that any information transmitted over the network is unreadable to anyone attempting to intercept it, such as hackers or cybercriminals. It also masks your IP address, adding a layer of anonymity that makes it difficult for snoopers to trace your online movements or identify your location.
2. Avoid Sensitive Transactions on Public Wi-Fi
Even with a VPN, it’s wise to avoid performing sensitive transactions on public Wi-Fi networks. For activities like online banking, shopping with credit cards, or accessing sensitive work documents, it’s best to reserve those tasks for secure, private networks. Taking a few extra precautions can further reduce your risk of data theft.
Safer Alternatives:
3. Spot Suspicious Wi-Fi Networks
Not all Wi-Fi networks are created equal. Some are outright traps set by hackers to lure unsuspecting users. Always verify the official network name with a staff member before connecting, especially in places like airports, hotels, or cafes. Knowing how to identify suspicious networks can save you from connecting to a rogue hotspot.
Red Flags to Watch For:
4. Keep Your Devices Secure
Protecting your data on public Wi-Fi isn’t just about the network—it’s also about securing your devices. Cybercriminals can exploit vulnerabilities in your smartphone, tablet, or laptop to gain access to your personal information.
Device Security Tips:
Stay Safe and Enjoy Your Winter Travels
Public Wi-Fi can be a lifesaver when you’re traveling, but it doesn’t have to be a risk. By following these simple tips—using a VPN, avoiding sensitive transactions, and securing your devices—you can enjoy your winter adventures without compromising your personal data. So, whether you’re sipping hot cocoa in a ski lodge or waiting for a flight home, stay connected, stay secure, and make the most of your winter travels.
The post Winter Travel Wi-Fi Safety: How to Protect Your Data While On-the-Go appeared first on McAfee Blog.
Two-step verification, two-factor authentication, multi-factor authentication…whatever your social media platform calls it, it’s an excellent way to protect your accounts.
There’s a good chance you’re already using multi-factor verification with your other accounts — for your bank, your finances, your credit card, and any number of things. The way it requires an extra one-time code in addition to your login and password makes life far tougher for hackers.
It’s increasingly common to see nowadays, where all manner of online services only allow access to your accounts after you’ve provided a one-time passcode sent to your email or smartphone. That’s where two-step verification comes in. You get sent a code as part of your usual login process (usually a six-digit number), and then you enter that along with your username and password.
Some online services also offer the option to use an authenticator app, which sends the code to a secure app rather than via email or your smartphone. Authenticator apps work much in the same way, yet they offer three unique features:
Google, Microsoft, and others offer authenticator apps if you want to go that route. You can get a good list of options by checking out the “editor’s picks” at your app store or in trusted tech publications.
Whichever form of authentication you use, always keep that secure code to yourself. It’s yours and yours alone. Anyone who asks for that code, say someone masquerading as a customer service rep, is trying to scam you. With that code, and your username/password combo, they can get into your account.
Passwords and two-step verification work hand-in-hand to keep you safer. Yet not any old password will do. You’ll want a strong, unique password. Here’s how that breaks down:
Now, with strong passwords in place, you can get to setting up multi-factor verification on your social media accounts.
When you set up two-factor authentication on Facebook, you’ll be asked to choose one of three security methods:
And here’s a link to the company’s full walkthrough: https://www.facebook.com/help/148233965247823
When you set up two-factor authentication on Instagram, you’ll be asked to choose one of three security methods: an authentication app, text message, or WhatsApp.
And here’s a link to the company’s full walkthrough: https://help.instagram.com/566810106808145
And here’s a link to the company’s full walkthrough: https://faq.whatsapp.com/1920866721452534
And here’s a link to the company’s full walkthrough: https://support.google.com/accounts/answer/185839?hl=en&co=GENIE.Platform%3DDesktop
1. TapProfileat the bottom of the screen.
2. Tap the Menu button at the top.
3. Tap Settings and Privacy, then Security.
4. Tap 2-step verification and choose at least two verification methods: SMS (text), email, and authenticator app.
5. Tap Turn on to confirm.
And here’s a link to the company’s full walkthrough: https://support.tiktok.com/en/account-and-privacy/personalized-ads-and-data/how-your-phone-number-is-used-on-tiktok
The post How to Protect Your Social Media Passwords with Multi-factor Verification appeared first on McAfee Blog.
It’s been a big year for big data breaches. Billions of records on millions of people have been exposed at an estimated cost of nearly $10 trillion dollars to people and businesses alike worldwide.[i]
While we still have a few weeks in the year left to go, here’s a roundup of five of the most noteworthy breaches this year. And while you can’t prevent big data breaches from happening, you can still take several preventive steps to protect yourself from the fallout. We’ll cover them here too.
News of a major data breach that involved nearly three billion records came to light over the summer from a somewhat unusual source — a class-action complaint filed in Florida.
The complaint concerned National Public Data (NPD), a company that provides background checks. Per their website, “[NPD obtains] information from various public record databases, court records, state and national databases, and other repositories nationwide.”
The complaint alleged that NPD was hit by a data breach in or around April 2024. [ii] The complaint filed in the U.S. District Court further alleges:
Typically, companies self-report these breaches, thanks to regulations and legislation that require them to do so in a timely manner. That way, initial word of breaches reaches customers through emails, news reports, and sometimes through notifications to certain state attorney generals.
In this case, it appeared that no notices were immediately sent to potential victims.
As to how the primary plaintiff discovered the breach, he “received a notification from his identity theft protection service provider notifying him that his [personal info] was compromised as a direct result of the ‘nationalpublicdata.com’ breach …” (And you can certainly add online protection software to the list of ways you can find out about a data breach before a company notifies you.)
Further, in June, The Register reported that a hacker group by the name of USDoD claimed it hacked the records of 2.9 billion people and put them up for sale on the dark web.[iii] The price tag, U.S. $3.5 million. The group further claimed that the records include U.S., Canadian, and British citizens.
Just how big was the Ticketmaster data breach? It appears that over a half-billion people might have had their personal info compromised.
Ticketmaster’s parent company, Live Nation Entertainment, first announced the breach in late May. The company said that it had identified “unauthorized activity” from April 2 to May 18, 2024.
Soon after, the noted hacking group ShinyHunters claimed responsibility for the breach.[iv] According to the hackers, their 1.3 terabyte haul of data includes 560 million people — along with a mix of their names, addresses, email addresses, phone numbers, order information, and partial payment card details. They allegedly posted that info for sale on the dark web in late May.[v]
Live Nation then began notifying potential victims by physical mail, stating:
“The personal information that may have been obtained by the third party may have included your name, basic contact information, and <extra>.”
Per a support document posted by Ticketmaster, the <extra> part varied by individual. Depending on what was compromised, that might have included “email, phone number, encrypted credit card information as well as some other personal information provided to [Ticketmaster].”[vi]
Also affecting millions of people in 2024, a breach at Infosys McCamish Systems (IMS), a company that provides solutions and services to insurance companies and financial institutions. Per an announcement from IMS[vii], the company,
“[D]etermined that unauthorized activity occurred between October 29, 2023, and November 2, 2023. Through the investigation, it was also determined that data was subject to unauthorized access and acquisition.”
There’s a good chance you haven’t heard of IMS before reading this article. Yet to put the attack in perspective, it affected people who hold accounts with companies like Bank of America, Oceanview Life and Annuity Company, Fidelity Investments Life Insurance, Newport Group, and Union Labor Life Insurance.
Also per IMS, the full run of personal info swept up in the attack included:
| · Social Security Numbers
· Dates of birth · Medical records · Biometric data · Email address and passwords · Usernames and passwords |
· Driver’s license and state ID numbers
· Financial account info · Payment card info · Passport numbers · Tribal ID numbers · US military ID numbers |
Notifications went out to potential victims in several ways and at several times. Bank of America sent notices to 50,000 people in February, alerting them that their info was compromised by an unidentified third party.[viii] Fidelity Investments Life Insurance notified 28,000 potential victims in March.[ix] In late June, IMS began contacting the six million potential victims overall — eight months after the date of the initial attack.[x]
The second breach involves (FBCS), a bonded collection agency based on the U.S. east coast. On February 26, 2024, the company noted unauthorized access to their systems, which covered a twelve-day period starting on February 14.[xi] In an April notice of a “data event,” FBCS stated that people might have had the following info compromised:
“[C]onsumer name, address, date of birth, Social Security number, driver’s license number, other state identification number, medical claims information, provider information, and clinical information (including diagnosis/conditions, medications, and other treatment information), and/or health insurance information.”
FBCS went on to say that the compromised info varied from person to person.
Initially, the scope of the breach appeared to approach two million victims.[xii] Several updated filings continued to increase that number. At last reporting, the figure had ballooned to more than four million people affected.[xiii]
In April, mobile carrier AT&T learned that hackers had stolen the call and text logs of nearly all its customers, estimated at nearly 100 million people. That further included customers who used Cricket, Boost Mobile, and Consumer Cellular, which are mobile virtual network operators (MVNOs) that use AT&T’s network.
The compromised data covered a period between May 1, 2022, and October 31, 2022, with a small number of records from January 2, 2023, also affected. According to AT&T, hackers gained access through a third-party cloud platform account.[xiv]
The stolen data revealed the phone numbers customers communicated with, along with the frequency and total duration of calls and texts for specific periods. In this way, the breach affected more than just customers of AT&T — it affected anyone who may have called or texted with an AT&T customer.
However, AT&T assured customers that the content of calls or texts, timestamps, Social Security numbers, dates of birth, or other personal details were not compromised.
Of concern, a determined hacker with access to the data could infer a lot from these logs, such as businesses and people customers regularly speak with. In turn, this could fuel phishing scams by giving them extra credibility if the scammer poses as the businesses and people involved.
These breaches show the risks and frustrations that we, as consumers, face in the wake of such attacks. It often takes months before we receive any kind of notification. And of course, that gap gives hackers plenty of time to do their damage. They might use stolen info to commit identity crimes, or they might sell it to others who’ll do the same. Sometimes, we’re in the dark about a data breach until we get hit with a case of identity theft ourselves.
Indeed, plenty of breaches go unreported or under-reported. Even so, word of an attack that affects you might take some time to reach you. With that, preventative measures offer the strongest protection from data breaches.
To fully cover yourself, we suggest the following:
Check your credit, consider a security freeze, and get ID theft protection.
With your personal info potentially on the dark web, strongly consider taking preventive measures now. Checking your credit and getting identity theft protection can help keep you safer in the aftermath of a breach. Further, a security freeze can help prevent identity theft if you spot any unusual activity. You can get all three in place with our McAfee+ Advanced or Ultimate plans. Features include:
Monitor your identity and transactions.
Breaches and leaks can lead to exposure, particularly on dark web marketplaces where personal info gets bought and sold. Our Identity Monitoring can help notify you quickly if that happens. It keeps tabs on everything from email addresses to IDs and phone numbers for signs of breaches. If spotted, it offers advice that can help secure your accounts before they’re used for identity theft.
Also in our McAfee+ plans, you’ll find several types of transaction monitoring that can spot unusual activity. These features track transactions on credit cards and bank accounts — along with retirement accounts, investments, and loans for questionable transactions. Finally, further features can help prevent a bank account takeover and keep others from taking out short-term payday loans in your name.
Keep an eye out for phishing attacks.
With some personal info in hand, bad actors might seek out more. They might follow up a breach with rounds of phishing attacks that direct you to bogus sites designed to steal your personal info — either by tricking you into providing it or by stealing it without your knowledge. So look out for phishing attacks, particularly after breaches.
If you are contacted by a company, make certain the communication is legitimate. Bad actors might pose as them to steal personal info. Don’t click or tap on links sent in emails, texts, or messages. Instead, go straight to the appropriate website or contact them by phone directly.
For even more security, you can use our Text Scam Detector. It scans links in texts and lets you know if it’s risky. And if you accidentally click or tap a bad link, it blocks the sketchy sites they can take you to.
Update your passwords and use two-factor authentication.
Changing your password is a strong preventive measure. Strong and unique passwords are best, which means never reusing your passwords across different sites and platforms. Using a password manager helps you keep on top of it all, while also storing your passwords securely.
While a strong and unique password is a good first line of defense, enabling two-factor authentication across your accounts helps your cause by providing an added layer of security. It’s increasingly common to see nowadays, where banks and all manner of online services will only allow access to your accounts after you’ve provided a one-time passcode sent to your email or smartphone.
[i] https://www.statista.com/forecasts/1280009/cost-cybercrime-worldwide
[ii]https://www.bloomberglaw.com/public/desktop/document/HofmannvJericoPicturesIncDocketNo024cv61383SDFlaAug012024CourtDoc?doc_id=X6S27DVM6H69DSQO6MTRAQRIVBS
[iii] https://www.theregister.com/2024/06/03/usdod_data_dump/
[iv] https://www.pcmag.com/news/ticketmaster-confirms-user-email-addresses-phone-numbers-stolen-in-hack
[v] https://www.sec.gov/Archives/edgar/data/1335258/000133525824000081/lyv-20240520.htm
[vi] https://help.ticketmaster.com/hc/en-us/articles/26110487861137-Ticketmaster-Data-Security-Incident
[vii] https://www.infosysbpm.com/mccamish/about/notice-of-cybersecurity-incident.html
[viii] https://www.bankinfosecurity.com/bank-america-responds-to-breach-a-4487
[ix] https://www.securityweek.com/fidelity-investments-notifying-28000-people-of-data-breach/
[x] https://www.maine.gov/agviewer/content/ag/985235c7-cb95-4be2-8792-a1252b4f8318/b152fd39-9f84-4ca5-a149-d20b94ed8ef6.html
[xi] https://www.fbcs-inc.com/cyber-incident/
[xii] https://www.maine.gov/agviewer/content/ag/985235c7-cb95-4be2-8792-a1252b4f8318/5fe1ede5-aafd-4da2-b1a4-0057a6cdadc6.shtml
[xiii] https://www.maine.gov/agviewer/content/ag/985235c7-cb95-4be2-8792-a1252b4f8318/7e6ff931-a035-480f-a977-e11a8af7f768.html
[xiv] https://about.att.com/story/2024/addressing-illegal-download.html
The post 2024 Data Breaches Wrapped appeared first on McAfee Blog.
The holiday season often brings a rush of new gadgets—smartphones, tablets, laptops, and smart home devices—into households. One survey revealed that nearly 199 million U.S. adults planned to purchase tech products and services as gifts for the holiday season. For the tech-savvy among us, it also means becoming the go-to person for setting up, troubleshooting, and securing those shiny new devices. But while it’s great to help your loved ones get the most out of their tech, it’s just as important to ensure they’re protected from digital threats like malware, phishing, and privacy breaches.
This year, step up as the digital IT hero of the holidays by taking proactive measures to safeguard your family’s online life. Here’s a guide to help you create a safer digital environment for your loved ones by setting up their devices with robust cybersecurity protections.
One of the first steps in protecting new devices is ensuring that internet connections are secure. A Virtual Private Network (VPN) is essential for safeguarding your family’s data, especially when using public Wi-Fi networks at coffee shops, airports, or hotels. Without a VPN, any data you send or receive—such as login details, personal information, or banking credentials—can be intercepted by cybercriminals using simple hacking tools. A VPN encrypts your internet connection, making it much harder for anyone to spy on or steal your information, even on public networks. This layer of security is crucial to protect your privacy and keep your data safe from potential threats.
How to help:
Antivirus software plays a crucial role in protecting devices from malware, ransomware, and other cyber threats by continuously scanning for malicious activity and preventing harmful files from executing. It acts as a first line of defense, detecting and removing viruses before they can compromise your system or steal sensitive data.
How to help:
Passwords are the first and often most critical line of defense for online accounts, but unfortunately, many people still rely on weak or predictable combinations like “password123” or simple sequences of numbers. These easy-to-guess passwords leave accounts vulnerable to cybercriminals who use automated tools to crack them within minutes.
However, the threat doesn’t stop at weak passwords—data breaches pose an even greater risk. When large-scale breaches occur, they often expose millions of usernames and passwords to the public. Even strong, unique passwords can be compromised if they’ve been leaked in a breach, allowing attackers to use those credentials in credential-stuffing attacks, where they attempt to log in to multiple accounts using the same exposed password.
To counteract this, it’s critical to not only set strong, unique passwords for every account but also to enable multi-factor authentication (MFA) so that even if your password falls into the wrong hands, attackers can’t access your account without a second form of verification.
How to help:
Data loss can be catastrophic, whether it’s due to a hardware failure, theft, or ransomware attack. Setting up automatic backups ensures that your family’s important data—such as photos, videos, and documents—is safe, no matter what happens.
How to help:
New devices often come pre-loaded with a myriad of apps, many of which your family members may never use. Some of these could be bloatware or even pose security risks by running in the background and collecting data.
How to help:
By helping your family with these key cybersecurity steps, you’re not just setting up their devices—you’re providing them with the tools and knowledge to stay safe online. As the digital IT hero of the holidays, you’ll empower your loved ones to enjoy their new tech with confidence, knowing their data and privacy are protected.
The post How to Be Your Family’s Digital IT Hero for the Holidays appeared first on McAfee Blog.
As 89% of Americans plan to shop online during this holiday shopping season, many say they’re more concerned about being scammed online than they were last year. One big reason why—AI deepfakes.
Our 2024 Global Holiday Shopping Scams Study uncovered that 70% of American shoppers say AI-driven scams are changing the way they shop online.
In all, they think scam emails and messages will be more believable than ever and that it’ll be harder to tell what’s a real message from a retailer or delivery service. With that in mind, 58% of people say they’ll be more alert than ever to when it comes to fake messages. Another 11% said they’ll do less online shopping because of how AI is helping cybercriminals.
Overall, people say their confidence in spotting online scams is low, particularly when it comes to scams featuring AI-created content. Only 59% of Americans feel confident they can identify deepfakes or AI-generated content.
The effectiveness of deepfake shopping scams has been shown already, 1 in 5 Americans (21%) said they unknowingly paid for fake products endorsed by deepfake celebrities. For Gen Z and Millennials, that number leaps yet higher, with 1 in 3 people aged 18-34 falling victim to a deepfake scam. Meanwhile, older Americans have avoided these scams, with only 5% of shoppers aged 55 and up saying that they’ve fallen victim to one.
Additionally, 1 in 5 Americans (20%) say they or someone they know has fallen victim to a deepfake shopping scam, celebrity-based or otherwise. 70% of those people lost money to the deepfake holiday scam. Of those who lost money:
Across our research, three big findings stood out. The volume of scam messages is only increasing, chasing deals could lead to scams, and shopping on social media has risks of its own.
64% of Americans say they receive most of their scam messages via email, 20% encounter them primarily via text, and 16% find them on social media. These messages fall into several categories:
As the holiday season warms up, 84% of Americans say they’re on the hunt for the best holiday deals. But the rush for discounts could put them at risk. Scammers notoriously underprice hot items to lure in victims.
More than 100 million Americans shop on social media.i While social shopping offers convenience, it also exposes people to new risks, especially as scammers use these platforms to reach victims. We found that shoppers are increasingly turning to social channels, often in significant ways.
This is a great one to start with. Directly typing in the correct address for online stores and retailers is a prime way to avoid scammers online. In the case of retailers that you don’t know much about, the U.S. Better Business Bureau (BBB) asks shoppers to do their research and make sure that retailer has a good reputation. The BBB makes that easier with a listing of retailers you can search simply by typing in their name.
In the U.S., the Fair Credit Billing Act offers the public protection against fraudulent charges on credit cards. Citizens can dispute charges of over $50 for goods and services that were never delivered or otherwise billed incorrectly. (Note that many credit card companies have their own policies that improve upon the Fair Credit Billing Act as well.) However, debit cards don’t get the same protection under the Act. Avoid using a debit card while shopping online and use your credit card instead.
Scammers have to get your contact info from somewhere. Often, they get it from online data brokers and other “people finder” sites. These sites collect and sell massive amounts of personal info to any buyer. You can remove that info from some of the riskiest data brokers with our Personal Data Cleanup service. It can help you remove that info, and with select products it can even manage the removal for you. Likewise, set your social media accounts to “friends and family” only so that your profile info doesn’t show up in search results.
Phishing emails, texts, and sites lure people into clicking links that might lead to malware or handing over their personal info. And they look more believable than ever. If you receive an email or text message asking you to click on a link, it’s best to avoid interacting with the message altogether. Even if it’s a great-sounding deal or indicates it’ll provide useful info such as a parcel delivery update. Always go direct to the source and interact with reputable companies.
Yet better, you can use the combo of our Scam Protection and Web Protection found in our McAfee+ plans. Powered by our AI technology, they detect sketchy links and keep you from clicking on them by mistake.
Many scams are effective because the scammer creates a false sense of urgency or preys on a heightened emotional state. Pause before you rush to interact with any message that is threatening or urgent, especially if it is from an unknown or unlikely sender. The same very much applies for deals and sales online. Scammers will pop up bogus online ads and stores for sought-after gifts, of course with no intention of shipping you anything. Look out for offers that seem priced too low and hard-to-find items that are miraculously in stock at an online store you’ve never heard of. Stick with reputable retailers instead.
Survey methodology
The survey, which focused on the topic of deepfakes, scam messages, and holiday shopping, was conducted online in November 2024. 7,128 adults, age 18+, In 7 countries (US, Australia, India, UK, France, Germany, Japan), participated in the study.
The post How AI Deepfakes and Scams Are Changing the Way We Shop Online appeared first on McAfee Blog.
What is a botnet? And what does it have to do with a toaster?
We’ll get to that. First, a definition:
A botnet is a group of internet-connected devices that bad actors hijack with malware. Using remote controls, bad actors can harness the power of the network to perform several types of attacks. These include distributed denial-of-service (DDoS) attacks that shut down internet services, breaking into other networks to steal data, and sending massive volumes of spam.
In a way, the metaphor of an “army of devices” leveling a cyberattack works well. With thousands or even millions of compromised devices working in concert, bad actors can do plenty of harm. As we’ll see in a moment, they’ve done their share already.
Which brings us back to that toaster.
The pop-up toaster as we know it first hit the shelves in 1926, under the brand name “Toastmaster.”[i] With a familiar springy *pop*, it has ejected toast just the way we like it for nearly a century. Given that its design was so simple and effective, it’s remained largely unchanged. Until now. Thanks to the internet and so-called “smart home” devices.
Toasters, among other things, are all getting connected. And have been for a few years now, to the point where the number of connected Internet of Things (IoT) devices reaches well into the billions worldwide — which includes smart home devices.[ii]
Businesses use IoT devices to track shipments and various aspects of their supply chain. Cities use them to manage traffic flow and monitor energy use. (Does your home have a smart electric meter?) And for people like us, we use them to play music on smart speakers, see who’s at the front door with smart doorbells, and order groceries from an LCD screen on our smart refrigerators — just to name a few ways we’ve welcomed smart home devices into our households.
In the U.S. alone, smart home devices make up a $30-plus billion marketplace per year.[iii] However, it’s still a relatively young marketplace. And with that comes several security issues.
First and foremost, many of these devices still lack sophisticated security measures, which makes them easy pickings for cybercriminals. Why would a cybercriminal target that smart lightbulb in your living room reading lamp? Networks are only as secure as their least secure device. Thus, if a cybercriminal can compromise that smart lightbulb, it can potentially give them access to the entire home network it is on — along with all the other devices and data on it.
More commonly, though, hackers target smart home devices for another reason. They conscript them into botnets. It’s a highly automated affair. Hackers use bots to add devices to their networks. They scan the internet in search of vulnerable devices and use brute-force password attacks to take control of them.
At issue: many of these devices ship with factory usernames and passwords. Fed with that info, a hacker’s bot can have a relatively good success rate because people often leave the factory password unchanged. It’s an easy in.
Results from one real-life test show just how active these hacker bots are:
We created a fake smart home and set up a range of real consumer devices, from televisions to thermostats to smart security systems and even a smart kettle – and hooked it up to the internet.
What happened next was a deluge of attempts by cybercriminals and other unknown actors to break into our devices, at one stage, reaching 14 hacking attempts every single hour.
Put another way, that hourly rate added up to more than 12,000 unique scans and attack attempts a week.[iv] Imagine all that activity pinging your smart home devices.
Now, with a botnet in place, hackers can wage the kinds of attacks we mentioned above, particularly DDoS attacks. DDoS attacks can shut down websites, disrupt service and even choke traffic across broad swathes of the internet.
Remember the “Mirai” botnet attack of 2016, where hackers targeted a major provider of internet infrastructure?[v] It ended up crippling traffic in concentrated areas across the U.S., including the northeast, Great Lakes, south-central, and western regions. Millions of internet users were affected, people, businesses, and government workers alike.
Another more recent set of headline-makers are the December 2023 and July 2024 attacks on Amazon Web Services (AWS).[vi],[vii] AWS provides cloud computing services to millions of businesses and organizations, large and small. Those customers saw slowdowns and disruptions for three days, which in turn slowed down and disrupted the people and services that wanted to connect with them.
Also in July 2024, Microsoft likewise fell victim to a DDoS attack. It affected everything from Outlook email to Azure web services, and Microsoft Office to online games of Minecraft. They all got swept up in it.[viii]
These attacks stand out as high-profile DDoS attacks, yet smaller botnet attacks abound, ones that don’t make headlines. They can disrupt the operations of websites, public infrastructure, and businesses, not to mention the well-being of people who rely on the internet.
Earlier we mentioned the problem of unchanged factory usernames and passwords. These include everything from “admin123” to the product’s name. Easy to remember, and highly insecure. The practice is so common that they get posted in bulk on hacking websites, making it easy for cybercriminals to simply look up the type of device they want to attack.
Complicating security yet further is the fact that some IoT and smart home device manufacturers introduce flaws in their design, protocols, and code that make them susceptible to attacks.[ix] The thought gets yet more unsettling when you consider that some of the flaws were found in things like smart door locks.
The ease with which IoT devices can be compromised is a big problem. The solution, however, starts with manufacturers that develop IoT devices with security in mind. Everything in these devices will need to be deployed with the ability to accept security updates and embed strong security solutions from the get-go.
Until industry standards get established to ensure such basic security, a portion of securing your IoT and smart home devices falls on us, as people and consumers.
As for security, you can take steps that can help keep you safer. Broadly speaking, they involve two things: protecting your devices and protecting the network they’re on. These security measures will look familiar, as they follow many of the same measures you can take to protect your computers, tablets, and phones.
Grab online protection for your smartphone.
Many smart home devices use a smartphone as a sort of remote control, not to mention as a place for gathering, storing, and sharing data. So whether you’re an Android owner or iOS owner, use online protection software on your phone to help keep it safe from compromise and attack.
Don’t use the default — Set a strong, unique password.
One issue with many IoT devices is that they often come with a default username and password. This could mean that your device and thousands of others just like it all share the same credentials, which makes it painfully easy for a hacker to gain access to them because those default usernames and passwords are often published online. When you purchase any IoT device, set a fresh password using a strong method of password creation, such as ours. Likewise, create an entirely new username for additional protection as well.
Use multi-factor authentication.
Online banks, shops, and other services commonly offer multi-factor authentication to help protect your accounts — with the typical combination of your username, password, and a security code sent to another device you own (often a mobile phone). If your IoT device supports multi-factor authentication, consider using it there too. It throws a big barrier in the way of hackers who simply try and force their way into your device with a password/username combination.
Secure your internet router too.
Another device that needs good password protection is your internet router. Make sure you use a strong and unique password as well to help prevent hackers from breaking into your home network. Also, consider changing the name of your home network so that it doesn’t personally identify you. Fun alternatives to using your name or address include everything from movie lines like “May the Wi-Fi be with you” to old sitcom references like “Central Perk.” Also check that your router is using an encryption method, like WPA2 or the newer WPA3, which keeps your signal secure.
Upgrade to a newer internet router.
Older routers might have outdated security measures, which might make them more prone to attacks. If you’re renting yours from your internet provider, contact them for an upgrade. If you’re using your own, visit a reputable news or review site such as Consumer Reports for a list of the best routers that combine speed, capacity, and security.
Update your apps and devices regularly.
In addition to fixing the odd bug or adding the occasional new feature, updates often fix security gaps. Out-of-date apps and devices might have flaws that hackers can exploit, so regular updating is a must from a security standpoint. If you can set your smart home apps and devices to receive automatic updates, that’s even better.
Set up a guest network specifically for your IoT devices.
Just as you can offer your guests secure access that’s separate from your own devices, creating an additional network on your router allows you to keep your computers and smartphones separate from IoT devices. This way, if an IoT device is compromised, a hacker will still have difficulty accessing your other devices on your primary network, the one where you connect your computers and smartphones.
Shop smart.
Read trusted reviews and look up the manufacturer’s track record online. Have their devices been compromised in the past? Do they provide regular updates for their devices to ensure ongoing security? What kind of security features do they offer? And privacy features too? Resources like Consumer Reports can provide extensive and unbiased information that can help you make a sound purchasing decision.
As more and more connected devices make their way into our homes, the need to ensure that they’re secure only increases. More devices mean more potential avenues of attack, and your home network is only as secure as the least secure device that’s on it.
While standards put forward by industry groups such as UL and Matter have started to take root, a good portion of keeping IoT and smart home devices secure falls on us as consumers. Taking the steps above can help prevent your connected toaster from playing its part in a botnet army attack — and it can also protect your network and your home from getting hacked.
It’s no surprise that IoT and smart home devices have raked in billions of dollars over the years. They introduce conveniences and little touches into our homes that make life more comfortable and enjoyable. However, they’re still connected devices. And like anything that’s connected, they must be protected.
[i] https://www.hagley.org/librarynews/history-making-toast
[ii] https://www.statista.com/statistics/1183457/iot-connected-devices-worldwide/
[iii] https://www.statista.com/outlook/dmo/smart-home/united-states
[iv] https://www.which.co.uk/news/article/how-the-smart-home-could-be-at-risk-from-hackers-akeR18s9eBHU
[v] https://en.wikipedia.org/wiki/Mirai_(malware)
[vi] https://www.darkreading.com/cloud-security/eight-hour-ddos-attack-struck-aws-customers
[vii] https://www.forbes.com/sites/emilsayegh/2024/07/31/microsoft-and-aws-outages-a-wake-up-call-for-cloud-dependency/
[viii] https://www.bbc.com/news/articles/c903e793w74o
[ix] https://news.fit.edu/academics-research/apps-for-popular-smart-home-devices-contain-security-flaws-new-research-finds/
The post What Is a Botnet? appeared first on McAfee Blog.
As we honor Veterans Day, it’s crucial to recognize not only the sacrifices made by those who served but also the unique cybersecurity challenges they face in today’s digital age. Veterans, with their deep ties to sensitive military information and benefits, are increasingly being targeted by cybercriminals seeking to exploit their personal data. Seven in 10 military vets and active-duty service members have been a victim of at least one digital crime.
From phishing scams impersonating official VA communications to the risk of military identity theft, veterans encounter specific threats that require tailored cybersecurity awareness and precautions. By taking proactive steps, veterans can implement strong security practices to better protect their identities and enjoy a safer online experience.
Veterans possess a wealth of sensitive information tied to their military service. This includes not only Social Security numbers, medical records, and details about deployments and benefits, but also personal histories that can include addresses, family information, and even details about combat experiences. Such comprehensive information is highly valuable to cybercriminals for various malicious activities, including identity theft and financial fraud.
Cybercriminals can exploit this data to impersonate veterans, gain unauthorized access to financial accounts, file false claims for VA benefits, or sell the information on the dark web. The repercussions of such breaches extend beyond financial loss, impacting veterans’ reputations, access to essential services, and overall peace of mind. Safeguarding this sensitive data is critical to ensuring veterans’ security and well-being in the digital age.
One of the primary threats that veterans encounter is phishing scams. These scams often impersonate official communications from the Department of Veterans Affairs (VA) or other military organizations. Cybercriminals use deceptive emails, text messages, or phone calls to trick veterans into revealing personal information or clicking malicious links that can compromise their devices.
Another prevalent danger is military identity theft, where criminals use stolen or fabricated military credentials to access benefits, obtain loans, or commit fraud in the veteran’s name. This type of identity theft can be particularly devastating, affecting not only financial stability but also the veteran’s reputation and access to crucial services.
In 2023, military consumers filed more than 93,000 fraud complaints, with imposter scams alone accounting for 42,766 cases, resulting in reported losses exceeding $178 million. To combat these threats, veterans must be equipped with robust cybersecurity awareness and practices:
If you think you have been the victim of identity theft, immediately take steps to protect yourself and your family:
As veterans continue to navigate the complexities of modern life, safeguarding their personal information online is paramount. By staying informed about cybersecurity best practices and leveraging available resources, veterans can significantly reduce their risk of falling victim to cyber threats.
The post Safeguarding Those Who Served: Cybersecurity Challenges for Veterans appeared first on McAfee Blog.
So, what does your phone know about you? Taken all together it knows plenty — sometimes in ways that feel like your phone is watching you.
It all comes down to the data that courses through your phone and your apps, along with a phone’s built-in tracking capabilities. Indeed, your phone certainly knows plenty about you. And companies keep tabs on that. Here’s how…
The apps on our phones entertain us, inform us, and help us shop. Many of them also track our activities and location — and then sell or share that info with third parties. From there, that info can end up with data brokers who sell that info to anyone who’ll pay. That includes advertisers, spammers, insurance companies, hackers, law enforcement, private investigators, and so on. It’s all legal, and it’s all part of a multi-billion-dollar industry worldwide.
Still, you can take charge of your privacy amidst all this data and info gathering. Several steps can reduce what your phone collects and shares with others.
For starters, though, let’s look at several of the things your phone knows about you.
Unless you’ve turned it off completely, your phone can track you in several ways with several degrees of accuracy:
GPS: The Global Positioning System, or GPS as many of us know it, is a system of satellites run by the U.S. government for navigation purposes. First designed for national defense, the system became available for public use in the 1980s. It’s highly accurate, to anywhere between nine to 30 feet depending on conditions and technology used, making it one of the strongest tools for determining a phone’s location. This is what powers location services on cell phones, and thus can help an app recommend a great burger joint nearby.
Cell towers: Cell phone providers can track a phone’s location by the distance it is to various cell phone towers and by the strength of its signal. The location info this method provides is a bit coarser than GPS, providing results that can place a phone within 150 feet. It’s most accurate in urban areas with high densities of cell phone towers, although it does not always work well indoors as some buildings can weaken or block cell phone signals.
One of the most significant public benefits of this method is that it automatically routes emergency service calls (like 911 in the U.S.) to the proper local authorities without any guesswork from the caller.
Public Wi-Fi: Larger tech companies and internet providers will sometimes provide free public Wi-Fi hotspots that people can tap into at airports, restaurants, coffeehouses, and such. It’s a nice convenience, but connecting to their Wi-Fi might share a phone’s MAC address, a unique identifier for connected devices, along with other identifiers on the smartphone.
Taken together, this can allow the Wi-Fi hosting company to gather location and behavioral data while you use your phone on their Wi-Fi network.
Bluetooth: Like with public Wi-Fi, companies can use strategically placed Bluetooth devices to gather location info as well. If Bluetooth is enabled on a phone, it will periodically seek out Bluetooth-enabled devices to connect to while the phone is awake. This way, a Bluetooth receiver can then capture that phone’s unique MAC address. This provides highly exact location info to within just a few feet because of Bluetooth’s short broadcast range.
In the past, we’ve seen retailers use this method to track customers in their physical stores to better understand their shopping habits. However, newer phones often create dummy MAC addresses when they seek out Bluetooth connections, which helps thwart this practice.
Certain apps pair location info with other info they collect while you use that app. In some cases, an app shares that precise combination of info with third parties. (It all depends on the terms in the user agreement you accepted once you installed it.)
What does that look like in the real world? Third parties might know:
Those are just a few examples of many.
Just to emphasize what we said above, not every app sells shares or sells your info to third parties. However, that gets into the complicated nature of user agreements. The language that covers what’s collected, for what reasons, what’s done with it, and who it’s shared can be tough to tease out because it’s often written in some form of legalese.
Broadly though, apps need to request permission to access location tracking services. In the past, we’ve seen some sketchy apps request location permissions even though they have no reason to. Examples include coupon apps, wallpaper apps, productivity apps, and plenty of games too. When apps like those ask for permission to access location tracking services, raises a red flag that your privacy is in jeopardy.
Depending on what apps and services you use, your phone might know a lot about your health. That can include range of info, as apps can track things like step counts, vital signs, and menstrual cycles. Other apps manage health conditions or work as symptom checkers. In all, this data can get very private. Unfortunately, sometimes that data winds up in the hands of third parties.
With that, we’ve seen cases where people’s medical info was shared without their knowledge by medical apps and services.
In April 2024, The U.S. Federal Trade Commission (FTC) ruled against an online mental health service that “disclosed consumers’ sensitive personal health information and other sensitive data to third parties for advertising purposes…”[i] Also according to the complaint, the company gave third parties personal data about its users including names, medical and prescription histories, pharmacy and health insurance info, and other health info.
Also in April 2024, U.S. healthcare provider Kaiser Permanente disclosed that more than 13 million people had some of their personal data shared by third parties via tracking technologies on its websites and apps. Companies such as Microsoft (Bing), Google, and X (Twitter) were all named.[ii] That info possibly included how people interacted with and navigated through their website or mobile app, along with search terms used in Kaiser’s health encyclopedia.
So, is someone on the other end of your smartphone listening to your recordings when you use Siri or Google Assistant? Possibly, yes. Companies make constant improvements to their devices and services, which may include the review of commands from users to make sure they are interpreted correctly. There are typically two types of review — machine and human. As the names suggest, a machine review is a digital analysis. Human reviews entail someone listening to and evaluating a recorded command or reading and evaluating a transcript of a written command.
However, several manufacturers let you opt out of those reviews. In fact, you’ll find that they post a fair share of articles about this collection and review process, along with your choices for opting in or out as you wish:
Turn off your phone or switch to Airplane Mode. Disconnect. Without a Wi-Fi or data connection, you can’t get tracked. While this makes you unreachable, it also makes you untraceable, which you might want to consider if you’d rather keep your whereabouts and travels to yourself for periods of time.
Turn off location services altogether. As noted above, your smartphone can get tracked by other means, yet disabling location services in your phone settings shuts down a primary avenue of location data collection. Note that your maps apps won’t offer directions, and your restaurant app won’t point you toward that tasty burger when location services are off, but you’ll be more private than with them turned on.
Provide permissions on an app-by-app basis. Another option is to go into your phone settings and enable location services for specific apps in specific cases. For example, you can set your map app to enable location services only while in use. For other apps, you can disable location services entirely. Yet another option is to have the app ask for permissions each time. Note that this is a great way to discover if apps have defaulted to using location services without your knowledge when you installed them.
On an iPhone, you can find this in Settings -> Privacy & Security -> Location Services. On an Android, go to Settings -> Locations -> App Locations Permissions.
Turn off app tracking. As you’ve seen, some apps will ask to track your activity and potentially share it with data brokers and other third parties. You can halt this by turning off app tracking. On an iPhone, go to Settings -> Privacy & Security -> Tracking and disable “Allow Apps to Request to Track.” On an Android phone, go to Settings -> Privacy and Security, then turn on “Do Not Track.”
And just as you can with location services, you can set apps to make tracking requests on an app-by-app basis. You’ll see it on the same screen that has the global “Do Not Track” option.
Opt yourself out of cell phone carrier ad programs. Different cell phone carriers have different user agreements, yet some might allow the carrier to share insights about you with third parties based on browsing and usage history. Opting out of these programs might not stop your cell phone carrier from collecting data about you, but it might prevent it from sharing insights about you with others.
To see if you take part in one of these programs, log into your account portal or app. Look for settings around “relevant advertising,” “custom experience,” or even “advertising,” and then figure out if these programs are worth it.
Delete old apps. And be choosy about new ones. Fewer apps mean fewer avenues of potential data collection. If you have old, unused apps, consider deleting them, along with the accounts and data associated with them. Our Online Account Cleanup Online Account Cleanup can make quick work of it. It scans for accounts you no longer use, shows how risky they are, and helps you delete them, along with your personal info. In all, breaches and leaks are a numbers game. The fewer you keep, the better, when it comes to protecting your personal info.
Remove your info from data broker sites. As we’ve seen, the personal info on your smartphone can wind up on data broker sites. And they’ll sell it to practically anyone. Our Personal Data Cleanup can help you remove your personal info from several of the sketchiest brokers out there. Running it periodically can help keep your info off those sites if it crops up again.
[i] https://www.ftc.gov/news-events/news/press-releases/2024/04/proposed-ftc-order-will-prohibit-telehealth-firm-cerebral-using-or-disclosing-sensitive-data?utm_source=govdelivery
[ii] https://www.hipaajournal.com/kaiser-permanente-website-tracker-breach-affects-13-4-million-individuals/
The post Every Step You Take, Every Call You Make: Is Your Phone Tracking You? appeared first on McAfee Blog.
As Black Friday approaches, eager bargain hunters are gearing up to snag the best deals online. But with the excitement of holiday shopping also comes the risk of cyber threats, as cybercriminals see this busy time as an opportunity to exploit unsuspecting shoppers. Here’s what you need to know to protect yourself from potential risks while scoring your favorite holiday deals.
Authorities are already sounding the alarm about the risks associated with online shopping during the festive season. Cybersecurity agencies, including the UK’s National Cyber Security Centre (NCSC) and the Canadian Royal Canadian Mounted Police (RCMP), have warned that cybercriminals are using increasingly sophisticated tactics, including leveraging AI to create more convincing scams, malicious ads, and spoofed websites. In the United States, the FBI and Cybersecurity and Infrastructure Security Agency (CISA) have issued advisories to stay vigilant against ransomware attacks during holiday periods when many businesses operate with minimal staff. Cybercriminals take advantage of widely celebrated holidays like Black Friday to launch impactful attacks.
Modern AI tools have made it easier for scammers to create:
During the bustling shopping period that spans Thanksgiving, Black Friday, Small Business Saturday, and Cyber Monday, online sales hit record highs, and cybercriminals follow the money trail. Here are some of the most common scams to watch out for and ways to protect yourself.
Phishing attacks often involve fake emails or social media messages that mimic legitimate promotional offers or shipping notifications. These messages are designed to trick you into revealing sensitive information, such as credit card details, or to download malware onto your device. Common tactics include sending fake order confirmations or gift card scams, which pressure recipients to act quickly by purchasing gift cards to resolve a fabricated issue.
Fake websites that imitate popular online retailers pop up frequently during the Black Friday shopping season. These sites may look identical to the real thing, but their sole purpose is to steal your payment information.
Malicious advertisements can infiltrate legitimate websites, leading you to infected sites that install malware on your device. E-skimming occurs when hackers insert malicious code into payment pages on legitimate eCommerce sites, stealing your credit card information during checkout.
During the busy holiday season, identity theft and credit card fraud rise sharply. Cybercriminals use stolen personal information to make fraudulent purchases or open accounts in your name.
Here are some extra tips to keep your online shopping secure during the holiday season:
While Black Friday is a fantastic time to grab deals, it’s also a time to be extra cautious. By understanding common threats and following these safety tips, you can enjoy your holiday shopping while minimizing the risks. Remember, If a deal seems too good to be true, it probably is. Legitimate retailers won’t pressure you into quick decisions or require unusual payment methods. Take your time, verify offers, and trust your instincts.
The best defense against AI scams is a careful, methodical approach to holiday shopping. Create a budget, make a list of what you want to buy, and stick to trusted retailers. A missed deal is better than falling victim to a scam.
The post How To Protect Yourself from Black Friday and Cyber Monday AI Scams appeared first on McAfee Blog.
In today’s fast-paced educational environment, productivity is a key determinant of academic success. Enter AI PCs—computers enhanced with artificial intelligence (AI) capabilities—that are reshaping how students interact with productivity tools. AI PCs are designed with built-in AI capabilities that optimize performance and user experience by leveraging machine learning algorithms to enhance software applications. This makes routine tasks more efficient and allows for a more personalized user experience.
For students, this means AI tools are becoming not just supplementary resources but integral parts of their academic toolkit. A new report, “The Dawn of the AI Era: Teens, Parents, and the Adoption of Generative AI at Home and School,” found that seven in 10 teenagers say they have used at least one type of generative AI tool, with 40% report using generative AI for school assignments.
From advanced writing assistants to research enhancers, these AI-driven machines have the power to elevate the academic experience. This blog post will explore how AI PCs integrate with AI tools to boost productivity and offer actionable tips to maximize these features for academic success.
ChatGPT, an AI language model developed by OpenAI, serves as a powerful research assistant, capable of summarizing articles, generating topic ideas, and answering questions on a wide range of subjects. When integrated into an AI PC, ChatGPT can be accessed directly from the desktop or through dedicated applications, providing students with on-demand research support. Several other AI tools can also greatly benefit students in research and writing, such as Google Bard, Jasper, and Copy.ai.
McAfee Tip: Use an AI tool like ChatGPT to brainstorm ideas and outline essays or research papers. For instance, if you’re writing a paper on climate change, ChatGPT can help you outline key points, suggest relevant sources, and even provide a summary of complex scientific articles.
Beyond research, AI tools can assist with writing tasks by generating content, offering suggestions, and even helping with creative projects. Its ability to understand context and generate coherent text means that students can use it for drafting essays, creating reports, or even composing emails.
McAfee Tip: Check with your school policies to ensure you remain compliant with their rules around AI usage. For example, use the tool to generate insights and ideas, but cross-check and cite any specific sources or information included in your work to maintain academic integrity.
Grammarly, an AI-powered writing assistant, is renowned for its grammar and style-checking capabilities. On an AI PC, Grammarly is not just a browser extension but a deeply integrated tool that offers real-time feedback on spelling, punctuation, and stylistic errors. This seamless integration ensures that students can produce polished and professional documents with ease.
McAfee Tip: Use Grammarly’s advanced features, such as clarity and engagement suggestions, to help enhance the readability of your work. Before submitting any paper, run it through Grammarly’s plagiarism checker to ensure that all sources are properly cited and that your work is original.
AI PCs can streamline study sessions by using tools to create comprehensive study guides, generate practice questions, and summarize textbook chapters. For example, AI PCs can integrate with note-taking apps, like Evernote and Microsoft OneNote, to organize lecture notes, create study guides, and sync information across devices. AI features can then assist in summarizing notes and organizing content for easier review.
McAfee Tip: Zotero and Mendeley can help students organize research papers, manage citations, and create bibliographies. Integration with Khan Academy and Coursera on AI PCs allows students to access and interact with educational content, complete with AI-driven recommendations for supplemental learning and practice.
For group projects, AI tools can enhance collaboration by providing a platform for drafting and reviewing content together. AI PCs with integrated ChatGPT can help in brainstorming sessions, while Grammarly ensures that all written contributions are cohesive and professionally presented. Integration with tools like Natural Reader and Otter.ai to convert text to speech and vice versa can help with reviewing study materials and transcribing spoken content into written form.
McAfee Tip: Utilize shared documents with built-in Grammarly and ChatGPT features to collaborate on essays or research papers. This allows for real-time feedback and adjustments, leading to a more polished final product.
In the realm of online research and media consumption, discerning authentic content from manipulated material is increasingly important. This is where McAfee Deepfake Detector comes into play. Integrated into AI PCs, this tool provides real-time alerts when it detects AI-generated audio within videos. By utilizing advanced AI technology, Deepfake Detector helps students quickly identify whether a video’s audio has been manipulated, right from their browser without extra steps.
McAfee Tip: When engaging with online videos for research or study, use Deepfake Detector to ensure the content is authentic. This tool helps you avoid falling for misleading or false information, which is crucial for maintaining the integrity of your academic work.
Ultimately, AI PCs are revolutionizing students’ daily academic routines by integrating advanced AI tools into everyday life. AI-driven tools are offering unprecedented support in writing, research, and creative projects, making them invaluable assets in achieving academic and professional success. By leveraging these capabilities, students can enhance their productivity, produce high-quality work, and prepare for future challenges with confidence.
The post How AI PCs Are Optimizing Productivity Tools for Students appeared first on McAfee Blog.
As malicious deepfakes continue to flood our screens with disinformation during this election year, we’ve released our 2024 Election AI Toolkit to help voters protect themselves and their vote.
Our own research reveals just how deep the problem runs. More than six in ten (63%) of Americans said they’ve seen a deepfake in the past 60 days. As for the impact of those deepfakes, nearly half (48%) who’ve seen one said it’s influenced who they’ll vote for in the upcoming election.
In all, we found that 91% of Americans said they’re concerned that AI-generated disinformation could interfere with public perception of candidates, their platforms, or even election results.
Disinformation has played a long and shady role in politics. For some time now. George Washington fell victim to it in 1777 when forged letters painted him as a British sympathizer — disinformation that followed him to the first presidency. [i]
And it’s appeared on the internet for some time too. For years, creating disinformation on the internet called for plenty of manual labor. Writers, designers, and developers all put hours into writing, creating images, and creating sites for spreading disinformation. Now, it takes just one person mere minutes. The advent of cheap and free AI tools has put disinformation into overdrive.
We’ve seen an explosive rise in malicious deepfakes in the run-up to Election Day.
With polling in some states already underway, we can expect the glut of malicious deepfakes to continue. They might:
With that, it’s little surprise that nearly 60% of Americans say that they’re extremely or very concerned about AI’s influence on the election.[vi] Deepfakes have simply become pervasive.
AI has given new life to the old problem of disinformation and fake news. In many ways, it’s supercharged it.
It’s done so in two primary ways:
In all, it’s easier, cheaper, and quicker than ever to create malicious deepfakes with AI tools. On top of that, the image and sound quality of deepfakes continues to improve. In all, it’s only getting tougher when it’s time to tell the difference between what’s real and what’s fake.
Taken together, this has put voters in a lurch. Who and what can they trust online?
Even as the creators of malicious AI-generated content have gotten cagier in their ways, their work still gives off signs of a fake. However, spotting this malicious content calls for extra effort on everyone’s part when getting their news or scrolling their feeds online. That means scrutinizing what we consume and relying on trusted fact-checking resources to get at the truth. It also means using AI as any ally, with AI tools that detect AI deepfakes in real time.
Our Election Year Toolkit will help you do just that. It covers the basics of fake news and malicious AI deepfakes, how to spot them, and more. As you’ll see, it’s a topic both broad and deep, and we explore it in a step-by-step way that helps make sense of it all for voters.
Sharing info about AI with voters is one of several steps we’ve taken to fight against malicious deepfakes.
In a first-of-its-kind collaboration, we’ve teamed up with Yahoo News to bolster the credibility of images on the Yahoo News platform. This collaboration integrates McAfee’s sophisticated deepfake image detection technology into Yahoo News’s content quality system, offering readers an added layer of trust.
And we’re rolling out our McAfee Deepfake detector through our partners too. It checks audio being played through your browser to figure out if the content you’re watching or listening to contains AI-generated audio. When AI audio is detected, users are notified in seconds.
AI makes disinformation look and sound far more credible than ever. And bad actors can produce it on a tremendous scale, thanks to the ease and speed of AI tools. In an election year that calls for more scrutiny on our collective part — and our 2024 Election AI Toolkit can help. It covers how to spot a deepfake, how they spread, and several fact-checking resources that you can rely on when that bit of news you stumble across seems a little sketchy.
Download the full McAfee AI Election Toolkit here
[i] https://www.politifact.com/article/2022/feb/21/when-george-washington-fought-misinformation/
[v] https://techcrunch.com/2024/03/06/political-deepfakes-are-spreading-like-wildfire-thanks-to-genai/
The post How To Survive the Deepfake Election with McAfee’s 2024 Election AI Toolkit appeared first on McAfee Blog.
Think you can spot a fake on social media? It’s getting tougher. Particularly as deepfake technology gets far better and far easier to use.
Here’s why that matters.
You might find yourself among the 50% of Americans who say they get their news on social media at least “sometimes.”[i] Plenty of deepfakes deliberately pose as legitimate news. You might also stumble across promos or deals on social media. Scammers create yet more deepfakes for phony giveaways and bogus investment opportunities.
In short, what you’re seeing might be a fake. And your odds of stumbling across a deepfake on social media are on the climb.
That means using social media today requires more scrutiny and skepticism, which are two of your best tools for spotting deepfakes.
Whether you’re staring down AI-generated text, photography, audio, or video, some straightforward steps can help you spot a fake. Even as AI tools create increasingly convincing deepfakes, a consistent truth applies — they’re lies. And you have ways of calling out a liar.
Malicious deepfakes share something in common. They play on emotions. And they play to biases as well. By stirring up excitement about a “guaranteed” investment or outrage at the apparent words of a politician or public figure, deepfakes cloud judgment. That’s by design. It makes deepfakes more difficult to spot because people want to believe them on some level.
With that, slow down. Especially if you see something that riles you up. This offers one of the best ways to spot a fake. From there, the next step is to validate what you’ve seen or heard.
Because what you’re seeing got posted on social media, you can see who posted the piece of content in question. If it’s a friend, did they repost it? Who was the original poster? Could it be a bot or a bogus account? How long has the account been active? What kind of other posts have popped up on it? If an organization posted it, look it up online. Does it seem reputable? This bit of detective work might not provide a definitive answer, but it can let you know if something seems fishy.
Whether they aim to spread disinformation, commit fraud, or rile up emotions, malicious deepfakes try to pass themselves off as legitimate. Consider a video clip that looks like it got recorded at a press conference. The figure behind the podium says some outrageous things. Did that really happen? Consult other established and respected sources. If they’re not reporting on it, you’re likely dealing with a deepfake.
Moreover, they might report that what you’re looking at is a deepfake that’s making the rounds on the internet. Consider the Taylor Swift “Le Creuset scam” of early 2024. News outlets quickly revealed that the singer was not giving away free, high-end cookware.
A technique called SIFT can help root out a fake. It stands for: Stop, Investigate the source, Find better coverage, and Trace the media to the original context. With the SIFT method, you can indeed slow down and determine what’s real.
De-bunking fake news takes time and effort. Often a bit of digging and research too. Professional fact-checkers at news and media organizations do this work daily. Posted for all to see, they provide a quick way to get your answers. Some fact-checking groups include:
This gets to the tricky bit. The AI tools for creating deepfakes continually improve. It’s getting tougher and yet tougher still to spot the signs of a deepfake. The advice we give here now might not broadly apply later. Still, bad actors still use older and less sophisticated tools. As such, they can leave signs.
Look for typos. If you spot some, a human likely did the writing. AI generally writes clean text when it comes to spelling and grammar.
Look for repetition. AI chatbots get trained on volumes and volumes of text. As such, they often latch onto pet terms and phrases that they learned as they were trained. Stylistically, AI chatbots often overlook that repetition.
Look for style (or lack thereof). Today’s chatbots are no Ernest Hemingway, Mark Twain, or Vladimir Nabokov. They lack style. The text they generate often feels canned and flat. Moreover, they tend to spit out statements, yet with little consideration for how they flow together.
Zoom in. A close look at deepfake photos often reveals inconsistencies and flat-out oddities. Consider this viral picture of the “Puffer Pope” that circulated recently. Several things point toward a bogus image.
Keep an eye on the speaker. A close look at who’s doing the talking in a deepfake video can reveal if it’s a fake. Subtle things reveal themselves. Is the speaker blinking too much? Too little? At all? How about their speech. Does it sync up with their mouth perfectly? These might be signs of a deepfake.
Watch how the speaker moves. In the example of the Ukrainian presidential deepfake, it appears that only President Zelensky’s head moves. Just slightly. This is a sign of lower-grade video deepfake technology. It has difficulty tracking movement. Another possible sign is if the speaker never moves their hand across their face. Once again, that might indicate the work of lesser AI tools. In that case, they render the facial image on the hand.
How does the speaker sound? In the case of audio-only deepfakes, today’s AI tools work best when they’re fed smaller chunks of text to create speech. They don’t work as well with big blocks. This requires creators to stitch those chunks together. As a result, the cadence and flow might sound on the copy side. Also, you might not hear the speaker taking breaths, as normal speakers do.
With AI tools improving so quickly, we can no longer take things at face value. Malicious deepfakes look to deceive, defraud, and disinform. And the people who create them hope you’ll consume their content in one, unthinking gulp. Scrutiny is key today. Fact-checking is a must, particularly as deepfakes look sharper and sharper as the technology evolves.
Plenty of deepfakes can lure you into sketchy corners of the internet. Places where malware and phishing sites take root. Consider using comprehensive online protection software with McAfee+ to keep safe. In addition to several features that protect your devices, privacy, and identity, they can warn you of unsafe sites too. While it might not sniff out AI content (yet), it offers strong protection against bad actors who might use fake news to steal your info or harm your data and devices.
[i] https://www.pewresearch.org/journalism/fact-sheet/social-media-and-news-fact-sheet
The post How to Spot a Deepfake on Social Media appeared first on McAfee Blog.
Thinking about deleting your Instagram account? We can show you how.
Before we get to that, you might be interested to find what kind of data Instagram collects about you — and how long Instagram keeps your account data, even after you delete it.
For that answer, we turn to Instagram’s privacy policy page.[i] As you might imagine, the list of what they collect is long — long enough that you’ll want to read it for yourself. Yet, broadly, Instagram provides the following summary as part of its June 2024 Privacy Policy.
Per Instagram they collect:
The last bullet is an important one. Instagram very likely knows about things you do even when you’re not using Instagram. How do they get a hold of that info? Per Instagram, third parties use a mix of “Business Tools,” integrations, and Meta Audience Network technologies to share info.
So, what are these “Business Tools?” Per Instagram, they’re technologies used by website owners and publishers, app developers, and business partners, including advertisers and others. These technologies integrate and share data with Meta (Instagram’s parent company) to understand and measure their products and services. They also help them better reach and serve people who use or might be interested in their products and services.
Also per Instagram, here are examples of info they might receive this way:
Everyone has their own appetite for privacy, and we’ve all known for some time that with using a “free” social media platform comes a price — privacy to some extent or other. The more you know how much a platform knows about you, the better decision you can make about participating on it.
As for how long they keep all that data and info they collect, the answer varies. Per Instagram, “We keep information as long as we need it to provide our Products, comply with legal obligations or protect our or other’s interests. We decide how long we need information on a case-by-case basis.”
Also per Instagram, here’s what they consider when they keep data info:
In short, deleting your Instagram account is no guarantee that your data will immediately get deleted along with it. Per the list above, Instagram’s Privacy Policy allows the platform to keep your data for an indeterminate amount of time.
Per Instagram’s policy, your access to your account and info will be permanently removed 30 days after your request. However, according to Instagram, it may take up to 90 days to complete the deletion process after it begins. Copies of your content may remain after the 90 days in backup storage that Instagram uses to recover in case of a disaster, software error, or other data loss event.
Now, onto the steps for deleting your Instagram account.
From your computer:
More in the bottom left, then click Settings .From your Android device:
or your profile picture in the bottom right to go to your profile. in the top right.From your iOS device:
or your profile picture in the bottom right to go to your profile. in the top right.We suggest one more step in addition to the ones above.
Remove your info from the data broker sites that sell it.
Here’s why you might want to do that … Given the way social media companies share info with third parties, there’s a chance your personal info might have made it onto one or several data broker sites. These sites buy and sell extensive lists of personal to anyone, which ranges anywhere from advertisers to spammers and scammers.
If the thought of your personal info being bought and sold puts you off, there’s something you can do about it. Our Personal Data Cleanup service can scan some of the riskiest data broker sites and show you which ones are selling your personal info. It also provides guidance on how you can remove your data from those sites, and with select products, it can even manage the removal for you.
[i] https://privacycenter.instagram.com/policy/
The post How to Delete Your Instagram Account appeared first on McAfee Blog.
Thinking about deleting your Facebook account? We can show you how.
Before we get to that, you might be interested to find what kind of data Facebook collects about you — and how long Facebook keeps your account data, even after you delete it.
For that answer, we turn to Facebook’s privacy policy page.[i] As you might imagine, the list of what they collect is long—long enough that you’ll want to read it for yourself. Yet, broadly, Facebook provides the following summary as part of its June 2024 Privacy Policy.
Per Facebook, they collect:
The last bullet is an important one. Facebook very likely knows about things you do even when you’re not using Facebook.
How do they know about that? Increasingly, that comes through a technology called “server-side tracking.” It’s a form of ad and behavior tracking where a company’s servers communicate directly with each other. In this case, that’s a company’s servers and Facebook’s servers. It can track custom events like page visits, purchases, and the like. This way, companies can track the performance of their Facebook campaigns. It’s like using tracking cookies, with one important difference — it bypasses the user’s device. (Cookies rely on data stored on your device.) The process is invisible to the user.
How extensive is its use? A recent study by Consumer Reports of more than 700 Facebook users found that the average user was tracked by more than 2,200 companies partly using this technology.[ii] Consumer Reports was quick to state that their findings don’t reflect a representative sample because participants were volunteers, and the results weren’t adjusted for demographics. Yet it is telling that across these 700-plus Facebook users, roughly 7,000 different companies shared their data with Facebook.
Everyone has their own appetite for privacy, and we’ve all known for some time that with using a “free” social media platform comes a price — privacy to some extent or other. The more you know how much a platform knows about you, the better decision you can make about participating in it.
As for how long they keep all that data and info they collect, the answer varies. Per Facebook,
In short, deleting your Facebook account is no guarantee that your data will immediately get deleted along with it. Per the list above, Facebook’s Privacy Policy allows the platform to keep your data for an indeterminate amount of time.
Now, onto the steps for deleting your Facebook account.
Before you permanently delete your account, keep a few things in mind. Per Facebook:
Note that Facebook provides a 30-day grace period once you delete your account. If you want to hop back onto the platform, you can simply reactivate your account during that period. All your info, data, and posts will be there. After those 30 days, you’ll no longer have access to them.
As for the steps, that varies. If you’re deleting Facebook from a computer:
If you’re deleting Facebook from an iOS device:
in the bottom right of Facebook.And from an Android device:
in the top right of Facebook.We suggest one more step in addition to the ones above.
Remove your info from the data broker sites that sell it.
Here’s why you might want to do that … Given the way social media companies share info with third parties, there’s a chance your personal info might have made it onto one or several data broker sites. These sites buy and sell extensive lists of personal to anyone, which ranges anywhere from advertisers to spammers and scammers.
If the thought of your personal info being bought and sold puts you off, there’s something you can do about it. Our Personal Data Cleanup service can scan some of the riskiest data broker sites and show you which ones are selling your personal info. It also provides guidance on how you can remove your data from those sites, and with select products, it can even manage the removal for you.
[i] https://www.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0
[ii] https://www.consumerreports.org/electronics/privacy/each-facebook-user-is-monitored-by-thousands-of-companies-a5824207467/
The post How to Delete Your Facebook Account appeared first on McAfee Blog.
Thinking about deleting your TikTok account? We can show you how.
Before we get to that, you might be interested to find what kind of data TikTok collects about you — and how long TikTok keeps your account data, even after you delete it.
For that, we turn to TikTok’s privacy policy page.[i] TikTok collects data just like practically any other social media platform, and the list of what they collect runs long. You can see a full list in their privacy policy, yet here are a few things you might want to know about. Per TikTok:
So, TikTok knows the content you create, the content you appear in, and the messages you send (and the specific contents of those messages) — and potentially payment info and the people in your phone contacts. Additionally, it collects info on you from other sources and on any purchases you might have made through the platform.
The list continues. Once again, you can visit their privacy policy page for more details, yet here’s a partial rundown of other data they collect about you automatically. Per TikTok:
As for how long they keep all that data and info they collect, the answer is unclear. Per TikTok,
“We retain information for as long as necessary to provide the Platform and for the other purposes set out in this Privacy Policy. We also retain information when necessary to comply with contractual and legal obligations, when we have a legitimate business interest to do so (such as improving and developing the Platform and enhancing its safety, security, and stability), and for the exercise or defense of legal claims.” [ii]
The key phrases here are “as long as necessary” and “when necessary.” TikTok doesn’t set a specific period in its policy. In fact, TikTok goes on to say that the periods vary based on “different criteria, such as the type of information and the purposes for which we use the information.”
Now, onto the steps for deleting your TikTok account.
Note that TikTok provides a 30-day grace period once you delete your account. If you want to hop back onto the platform, you can simply reactivate your account during that period. All your info, data, and posts will be there. After those 30 days, you’ll no longer have access to them.
We suggest one more step in addition to the ones above.
Here’s why you might want to do that … Given the way social media companies share info with third parties, there’s a chance your personal info might have made it onto one or several data broker sites. These sites buy and sell extensive lists of personal to anyone, which ranges anywhere from advertisers to spammers and scammers.
If the thought of your personal info being bought and sold puts you off, there’s something you can do about it. Our Personal Data Cleanup service can scan some of the riskiest data broker sites and show you which ones are selling your personal info. It also provides guidance on how you can remove your data from those sites, and with select products, it can even manage the removal for you.
[i] https://www.tiktok.com/legal/page/row/privacy-policy/en
[ii] https://www.tiktok.com/legal/page/row/privacy-policy/en
The post How to Delete Your TikTok Account appeared first on McAfee Blog.
What is oversharing on social media? And how do you avoid it?
Oversharing on social media takes on a couple different aspects. There’s one that’s personal, like what you share and how often you share it. Another revolves around your privacy and your security. Namely, how does what you share and how often you share it affect your privacy — and what further effect does that have on your security? Does it open you up to scams, identity theft, and other forms of cybercrime?
A grasp on that can help you avoid oversharing and post on social media in a way that’s “just right.”
Granted, it might seem a little odd to talk about privacy and the like on social media, which is, by definition, social in nature. The idea, though, is striking a balance — getting all the benefits of connection and keeping up with people and groups that matter to you in a way that’s enjoyable and safe. And healthy too.
Let’s start with a look at what oversharing looks like and its possible effects. From there, we can check out some specific ways you can avoid oversharing on social media.
For starters, oversharing usually conjures up the notion of T.M.I., or “too much information.” That might involve posting too often, yet it can also involve sharing too many personal details. Along those lines, a long-standing definition of oversharing goes like this:
“The excessive generosity with information about one’s private life or the private lives of others.”[i]
Of course, “excessive” is a relative term. Different people have different boundaries when it comes to what’s personal. Likewise, the people reading a post have different ideas of what counts as sharing “too much” and what doesn’t.
Further complicating the matter is how many people choose to have multiple accounts on the same platform.
In particular, teens and younger adults often have a broader public account with many followers along with a more private account that they share with select friends. A post that might be fine, and expected, on a private account might come across as an overshare on a public account.
However, there are cases where oversharing can point to deeper issues, like anxiety, depression, and unhealthy attention-seeking behavior. So-called “sadfishing” offers one example, where people create negative posts in a bid to get sympathy. Other examples include sharing details about oneself online that a person would normally never share on a phone call or in a face-to-face conversation.
If you have concerns about yourself or someone you know, confide in someone you trust for advice. See if they have the same concerns as you do. Also, in the U.S., you can speak to speak to a licensed counselor through the “988” service, which you can learn more about at https://988lifeline.org. It’s free and confidential.
When it comes to privacy and security, oversharing takes on a different meaning. Elsewhere in our blogs, we’ve talked about that issue like this:
“Saying more than you should to more people than you should.”
Now, here’s where your privacy and security come in. Consider the audience you have across your social media profiles. Perhaps you have dozens, if not hundreds of friends and followers. All with various degrees of closeness and familiarity. Post something personal on social media to that broad audience, and you indeed might end up sharing something that puts your personal privacy and security at risk. After all, if you have hundreds of followers, how many of them are people you truly know and absolutely trust?
Here are a few scenarios:
In other words, social media posts have a way of saying much more than we might think. And when shared publicly or to a large audience of friends and followers you don’t know well, that can expose you in ways you might not want.
As with so many things online, staying safer and more private calls for a mix of technology and internet street smarts. Things like settings, privacy tools, and what you post can help you enjoy social media safely.
Be more selective with your settings.
Social media platforms like Facebook, Instagram, and others give you the choice of making your profile and posts visible to friends only. Choosing this setting keeps the broader internet from seeing what you’re doing, saying, and posting — not to mention your relationships and likes. (Think of your social media profile showing up in a Google search.) Taking a “friends only” approach to your social media profiles can help protect your privacy because that gives a possible scammer or stalker much less material to work with.
Some platforms further allow you to create sub-groups of friends and followers. With a quick review of your network, you can create a sub-group of your most trusted friends and restrict your posts to them as needed.
Stay on top of your privacy with our Social Privacy Manager.
Here’s the thing with those social media settings — they can be challenging to locate and confusing to adjust. In all, it can take time to make sure that your info and posts are only shown to people you want to see them. Our Social Privacy Manager can do that work for you.
Based on your preferences, it adjusts more than 100 privacy settings across your social media accounts in just a few clicks. This way, your personal info is only visible to the people you want to share it with.
Say “no” to bots and bogus accounts.
There are plenty of fake accounts out there on social media. On Facebook, the platform acted on 1.2 billion fake accounts between April and June 2024 alone.[iii] On X, formerly Twitter, the platform announced a “bot purge” in 2024. However, in May 2023, the platform suspended access to a publicly available data set that helped find and track bots on the platform. Still, researchers continue to find false accounts, particularly ones powered by AI tools.[iv]
The bottom line is this: don’t accept invites from people you don’t know. Bad actors might use them to launch scams, gather personal info on potential identity theft victims, and spread disinformation. Also, be aware that some followers might not be who they appear to be. In the immediate wake of the “bot purge” on X, many accounts saw themselves losing thousands of followers.[v]
Consider what you post.
Think about posting those vacation pictures after you get back home, so people don’t know you’re away when you’re away. Also, consider if your post pinpoints where you are or where you go regularly. Do you want people in your broader network to know that? Closely review the pics you take and see if there’s any revealing information in the background. If so, you can crop it out (think notes on a whiteboard, reflections in a window, or revealing location info). Further, ask anyone you want to include in their post for their permission. In all, consider their privacy too.
Consider what you post about others, too.
Indeed, oversharing can include what you post and say about others online as well. A good rule of thumb when posting group pictures online is to ask if the other people in them are okay with it going onto social media. Also ask yourself, “Is this my news to share?” For example, a friend leaves one job to take on a new role elsewhere. Before posting, “Congrats on the new job!” let them make that first announcement themselves.
For parents, this calls for extra consideration too. Anything you post about your child becomes a part of their permanent online record. What might seem funny or cute today might become embarrassing or even fodder for cyberbullies tomorrow.
Yes, you give up some privacy by using social media. That’s the very nature of it. The trick is in sharing just enough and with just the right people.
Being careful of who you accept as a friend, keeping an eye on accounts that follow you, and paying mind to what you post and how often are all ways you can prevent oversharing. Likewise, using tools to fine-tune who sees your posts, keeping things to close friends in sub-groups or secondary accounts, and keeping your social media accounts out of the public eye are yet more steps you can take to protect yourself, your privacy, and your security on social media.
[i] https://portal.research.lu.se/en/publications/front-and-backstage-in-social-media
[ii] https://www.theguardian.com/world/2019/oct/11/japanese-assault-suspect-tracked-down-pop-star-via-eye-reflection-in-selfie
[iii] https://transparency.meta.com/reports/community-standards-enforcement/fake-accounts/facebook
[iv] https://arxiv.org/pdf/2307.16336
[v] https://www.socialmediatoday.com/news/x-formerly-twitter-bot-purge-sees-big-accounts-lose-followers/712495/
The post How to Avoid Oversharing on Social Media appeared first on McAfee Blog.
With its built-in location services, your smartphone can point you to plenty of places. To the location of your vacation rental. To the quickest route around a traffic jam. And to a tasty burger. It’s a tremendous convenience. Yet, there’s a flip side. Your smartphone also tracks your location. Getting to know how your phone tracks you and how you can limit that tracking can make you far more private online.
The basic privacy issue with location services is this: many companies use your activities and apps as a way of gathering info on you. They might collect that info for their own purposes, and they might sell that info to third parties.
As to why some companies do that, the answer typically boils down to a handful of things. They will:
So, it’s a bit of a tradeoff. You might use an app to show you the closest Indian restaurant to your hotel — but depending on the user agreement for that app, the company behind it might collect your info for their own financial gain.
We can boil that down yet further. Sometimes what you gain in convenience you lose in privacy.
Let’s look at how smartphones track your movements and follow that up with ways you can limit that tracking.
Unless you’ve turned it off completely, your phone can track you in several ways with several degrees of accuracy:
GPS: The Global Positioning System, or GPS as many of us know it, is a system of satellites operated by the U.S. government for navigation purposes. First designed for national defense, the system became available for public use in the 1980s. It’s highly accurate, to anywhere between nine to 30 feet depending on conditions and technology used, making it one of the strongest tools for determining a phone’s location. This is what powers location services on cell phones, and thus can help an app recommend a great burger joint nearby.
Cell towers: Cell phone providers can track a phone’s location by the distance it is to various cell phone towers and by the strength of its signal. The location info this method provides is a bit coarser than GPS, providing results that can place a phone within 150 feet. It’s most accurate in urban areas with high densities of cell phone towers, although it does not always work well indoors as some buildings can weaken or block cell phone signals.
One of the most significant public benefits of this method is that it automatically routes emergency services calls (like 911 in the U.S.) to the proper local authorities without any guesswork from the caller.
Public Wi-Fi: Larger tech companies and internet providers will sometimes provide free public Wi-Fi hotspots that people can tap into at airports, restaurants, coffeehouses, and such. It’s a nice convenience, but connecting to their Wi-Fi might share a phone’s MAC address, a unique identifier for connected devices, along with other identifiers on the smartphone.
Taken together, this can allow the Wi-Fi hosting company to gather location and behavioral data while you use your phone on their Wi-Fi network.
Bluetooth: Like with public Wi-Fi, companies can use strategically placed Bluetooth devices to gather location info as well. If Bluetooth is enabled on a phone, it will periodically seek out Bluetooth-enabled devices to connect to while the phone is awake. This way, a Bluetooth receiver can then capture that phone’s unique MAC address. This provides highly accurate location info to within just a few feet because of Bluetooth’s short broadcast range.
In the past, we’ve seen retailers use this method to track customers in their physical stores to better understand their shopping habits. However, newer phones often create dummy MAC addresses when they seek out Bluetooth connections, which helps thwart this practice.
So, just to emphasize what we said above, not every app sells shares or sells your info to third parties. However, that gets into the complicated nature of user agreements. The language that covers what’s collected, for what reasons, what’s done with it, and who it’s shared with often finds itself buried in a wall of legalese.
Ultimately, it’s up to you to determine what your comfort level is in any kind of convenience in exchange for a loss of privacy. Everyone has their own comfort levels.
With that, you can take several steps to limit tracking on your smartphone to various degrees — and boost your privacy to various degrees as a result:
Turn off your phone or switch to Airplane Mode. Disconnect. Without a Wi-Fi or data connection, you can’t get tracked. While this makes you unreachable, it also makes you untraceable, which you might want to consider if you’d rather keep your whereabouts and travels to yourself for periods of time.
Turn off location services altogether. As noted above, your smartphone can get tracked by other means, yet disabling location services in your phone settings shuts down a primary avenue of location data collection. Note that your maps apps won’t offer directions and your restaurant app won’t point you toward that tasty burger when location services are off, but you’ll be more private than with them turned on.
Provide permissions on an app-by-app basis. Another option is to go into your phone settings and enable location services for specific apps in specific cases. For example, you can set your map app to enable location services only while in use. For other apps, you can disable location services entirely. Yet another option is to have the app ask for permissions each time. Note that this is a great way to discover if apps have defaulted to using location services without your knowledge when you installed them.
On an iPhone, you can find this in Settings -> Privacy & Security -> Location Services. On an Android, go to Settings -> Locations -> App Locations Permissions.
Delete old apps. And be choosy about new ones. Fewer apps mean fewer avenues of potential data collection. If you have old, unused apps, consider deleting them, along with the accounts and data associated with them.
Use a VPN. A VPN can make your time online more private and more secure by obscuring things like your IP address and by preventing snoops from monitoring your activity.
Turn off app tracking. As you’ve seen, some apps will ask to track your activity and potentially share it with data brokers and other third parties. You can halt this by turning off app tracking. On an iPhone, go to Settings -> Privacy & Security -> Tracking and disable “Allow Apps to Request to Track.” On an Android phone, go to Settings -> Privacy and Security, then turn on “Do Not Track.”
And just as you can with location services, you can set apps to make tracking requests on an app-by-app basis. You’ll see it on the same screen that has the global “Do Not Track” option.
Opt yourself out of cell phone carrier ad programs. Different cell phone carriers have different user agreements, yet some might allow the carrier to share insights about you with third parties based on browsing and usage history. Opting out of these programs might not stop your cell phone carrier from collecting data about you, but it might prevent it from sharing insights about you with others.
To see if you participate in one of these programs, log into your account portal or app. Look for settings around “relevant advertising,” “custom experience,” or even “advertising,” and then determine if these programs are of worth to you.
The post Location, Location, Location: Three Reasons It Matters for Your Smartphone appeared first on McAfee Blog.
What is malware? A dictionary-like definition is “malicious software that attacks computers, smartphones, and other connected devices.”
In fact, “malware” is a mash-up of “malicious software.” It describes any type of software or code specifically designed to exploit a connected device or network without consent. And, unsurprisingly, hackers design most of it for financial gain.
Think of malware as an umbrella term that covers an entire host of “bad stuff,” such as:
Spyware that tracks activity, like what you type and where you type it. (Think snooping on your bank account logins.
Ransomware that holds devices or the data on them hostage, that hackers only release for a price. (And even so, payment is no guarantee you’ll get back your access.)
Adware that serves up spammy ads on your device. (The hacker gets paid for the number of “impressions” the ads have. The more they show up on people’s devices, the more they get paid.)
Botnet software, that hijacks a device into a remote-controlled network of other devices. (These networks are used to shut down websites or even shut down large portions of the internet, just to mention two of the things they can do.)
Rootkit that attacks that give hackers remote-control access to a device. (And with that control, they can wage all manner of attacks — on the device and on other devices too.)
Viruses that modify the way a device and its apps function. Also, they can effectively bring a device or network to a grinding halt. (Yes, viruses are a subset of malware. They can copy, delete, and steal data, among other things.)
You might know malware by its more commonly used name — viruses.
There’s a pretty good reason why people commonly refer to malware as a “virus.” Viruses have been on our collective minds for some time.
Viruses have a long history. You could call it “the original malware.” And depending on how you define what a virus is, the first one took root in 1971 — more than 50 years ago. It was known as Creeper, and rather than being malicious in nature, the creator designed it to show how a self-replicating program could spot other devices on a network, transfer itself to them, and find yet more devices to repeat the process. Later, the same programmer who created a refined version of Creeper developed Reaper, a program that could remove the Creeper program. In a way, Reaper could be considered the first piece of antivirus software.[i]
From there, it wasn’t until the 1980s that malware started affecting the broader population, a time when computers became more commonplace in businesses and people’s homes.
At first, malware typically spread by infected floppy disks, much like the “Brain” virus in 1986. While recognized today as the first large-scale computer virus, its authors say they never intended it to work that way. Rather, they say they created Brain as an anti-piracy measure to protect their proprietary software from theft. However, Brain got loose. It went beyond their software and affected computers worldwide. Although not malicious or destructive in nature, Brain most certainly put the industry, businesses, and consumers on notice. Computer viruses were a thing.[ii]
Another piece of malware that got passed along via floppy disks was the “PC Cyborg” attack that targeted the medical research community in and around 1989. There, the malware would lie in wait until the user rebooted their computer for the 90th time and was presented with a digital ransom note.[iii]
An early example of ransomware – Source, Wikipedia
Upon that 90th boot, PC Cyborg encrypted the computer’s files, which would only get unencrypted if the victim paid a fee, making it the first documented form of ransomware.
Shortly thereafter, the internet started connecting computers, which opened millions of doors for hackers as people went online. Among the most noteworthy was 1999’s “Melissa” virus, which spread by way of infected email attachments and overloaded hundreds of corporate and governmental email servers worldwide.
It was quickly followed in 2000 by what’s considered among the most damaging malware to date — ILOVEYOU, which also spread by way of an attachment, this one posing as a love letter. Specifically, it was a self-replicating worm that installed itself on the victim’s computer where it destroyed some info and stole other info, then spread to other computers. One estimate put the global cost of ILOVEYOU at $10 billion. It further speculated that it infected 10% of the world’s internet-connected computers at the time.[iv]
With that history, it’s no surprise that anti-malware software is commonly called “antivirus.”
Antivirus forms a major cornerstone of online protection software. It protects your devices against malware through a combination of prevention, detection, and removal. Our antivirus uses AI to detect the absolute latest threats — and has for several years now.
Today, McAfee registers more than a million new malicious programs and potentially unwanted apps (PUA) each day, which contributes to the millions and millions already in existence. Now with the arrival of AI-powered coding tools, hackers can create new strains at rates unseen before.
That’s another reason why we use AI in our antivirus software. We use AI to protect against AI-created malware. It does so in three ways:
Once again, it’s important to remind ourselves that today’s malware is created largely for profit. Hackers use it to gain personal and financial info, either for their own purposes or to sell it for profit. The files you have stored on your devices have a street value. That includes tax returns, financial docs, payment info, and so on. Moreover, when you consider all the important things you keep on your devices, like your photos and documents, those have value too. Should you get caught up in a ransomware attack, a hacker puts a price tag on them for their return.
Needless to say, and you likely know this already, antivirus is essential for you and your devices.
You’ll find our AI-powered antivirus in all our McAfee+ plans. Better yet, our plans have dozens of protections that block the ways hackers distribute malware. To name just a few, our Text Scam Detector blocks links to suspicious sites that host malware and other attacks — and our Web Protection does the same for your browser. It also includes our industry-first online protection score that shows you just how safe you are, along with suggestions that can make you safer still. Together, our McAfee+ plans offer more than just antivirus. They protect your devices, your privacy, and your identity overall.
[i] https://www.historyofinformation.com/detail.php?entryid=2860
[ii] https://www.historyofinformation.com/detail.php?id=1676
[iii] https://www.theatlantic.com/technology/archive/2016/05/the-computer-virus-that-haunted-early-aids-researchers/481965/
[iv] https://www.forbes.com/sites/daveywinder/2020/05/04/this-20-year-old-virus-infected-50-million-windows-computers-in-10-days-why-the-iloveyou-pandemic-matters-in-2020
The post What is Malware? appeared first on McAfee Blog.
If you think your Gmail account’s been hacked, you’ll want to act. And act quickly.
The fact is that your email has all manner of personal info in there. Receipts, tax correspondence, medical info, and so on. With a hacked account, that info might get deleted, shared, or used against you for identity theft.
Luckily, Google has mechanisms in place to restore a hacked Gmail account. We’ll walk through the steps here — and a few others that can keep you secure in the long term after you have your account back.
Several things can tip you off, including:
With varying degrees of certainty, those are some signs that your account has been hacked.
Also, many people have a Google Account linked with their Gmail password and login. Beyond email, that might include files in Google Drive, photos, a YouTube account, and other features that contain personal info. In those cases, that only increases the potential harm of a hacked account.
Additionally, services like Google Pay and Google Play complicate matters more in the event of a hacked account because they contain financial info.
If you see any unusual changes in those apps or services, that might be a sign of a hacked account as well.
If you think someone else has changed your password or deleted your account, head to Google’s account recovery page. It’ll take you through a multi-step process to restore your account.
With that, you’ll want to do some quick prep. First, do your best to begin the recovery process with a device that you typically use to access your account. Also, if possible, do it in a location where you typically access your account. This provides Google with identifiers that you are who you say you are.
After that, gather up your Gmail account passwords, old and current. The recovery page will ask for them, along with other questions. Do your best to answer each question the very best you can. There’s no penalty for a wrong answer and the more info you can provide, the better.
If you can log into your account, yet worry it’s been hacked, take these steps:
Next, run a virus scan on your device. Your password might have gotten compromised in one of several ways, including malware. This can remove any malware that might be spying on your device (and your passwords).
At this point, create a new password that’s strong and unique. Use at least 14 characters using a mix of upper- and lowercase letters, symbols, and numbers. Or have a password manager do that work for you.
And finally, set two-factor verification on your account if you aren’t already using it. This makes your account far tougher to hack, as two-factor verification requires a unique code to log in. One that only you receive. And just like with your password, never share your unique code. Anyone asking for it is a scammer.
By taking the steps we just covered, you’ve done two important things that can protect you moving forward. One is setting up a strong, unique password. The second is using two-factor verification.
The next thing is to get comprehensive online protection in place. Protection like you’ll find in our McAfee+ plans offers several features that can keep you and your accounts safe.
Once again, your password got compromised one way or another. It could have been spyware on your device. It could have been a phishing attack. It could have been a data breach. The list goes on. However, we refer to it as comprehensive online protection because it’s exactly that. In addition to antivirus, our McAfee+ plans have dozens of features that can protect your devices, identity, and privacy.
For example:
The important thing is this: if you think your Gmail account got hacked, act quickly. You might have much more than just your email linked to that account. Files, photos, and finances might be tied to it as well.
Even if something looks just slightly off, act as if your account got hacked. Log in, change your password, establish two-step verification if you haven’t, and take the other steps mentioned above. Above and beyond your email and all the personal info packed in there, your account can give a hacker access to plenty more.
The post How to Reset Your Gmail Password After Being Hacked appeared first on McAfee Blog.
The number of AI-powered fake news sites has now surpassed the number of real local newspaper sites in the U.S.
How? AI tools have made creating entire fake news sites quicker and easier than before — taking one person minutes to create what once took days for dozens and dozens of people.
Researchers say we crossed this threshold in June 2024, a “sad milestone” by their reckoning.[i] As traditional, trusted sources of local news shut down, they’re getting replaced with sensationalistic and often divisive fake news sites. What’s more, many of these fake news sites pose as hometown newspapers.
They’re anything but.
These sites produce disinformation in bulk and give it a home. In turn, the articles on these fake news sites fuel social media posts by the thousands and thousands. Unsuspecting social media users fall for the clickbait-y headlines, click the links, read the articles, and get exposed to yet more “news” on those sites – which they then share on their social feeds thinking the stories are legit. And the cycle continues.
As a result, social media feeds find themselves flooded with falsehoods, misrepresentations, and flat-out lies. Researchers spotted the first of them in mid-2023, and they number of them are growing rapidly today.
In all, the rise of AI-powered fake news sites now plays a major role in the spread of disinformation.
When we talk about so-called “fake news,” we’re really talking about disinformation and misinformation. You might see and hear those two terms used interchangeably. They’re different, yet they’re closely related.
Disinformation is intentionally spreading misleading info.
Misinformation is unintentionally spreading misleading info (the person sharing the info thinks it’s true).
This way, you can see how disinformation spreads. A bad actor posts a deepfake with deliberately misleading info — a form of disinformation. From there, others take the misleading info at face value and pass it along as truth via social media — a form of misinformation.
The bad actors behind disinformation campaigns know this relationship well. Indeed, they feed it. In many ways, they rely on others to amplify their message for them.
With that, we’re seeing an explosion of fake news sites with content nearly, if not entirely, created by AI — with bad actors pushing the buttons.
Funded by partisan operations in the U.S. and by disinformation operations abroad, these sites pose as legitimate news sources yet push fake news that suits their agenda — whether to undermine elections, tarnish the reputation of candidates, create rifts in public opinion, or simply foster a sense of unease.
One media watchdog organization put some striking figures to the recent onrush of fake news sites. In May 2023, the organization found 49 sites that it defined as “Unreliable AI-Generated News Websites,” or UAINS. In February 2024, that number grew to more than 700 UAINS.[ii]
Per the watchdog group, these sites run with little to no human oversight. Additionally, they try to pass themselves off as legitimate by presenting their AI “authors” as people.[iii] Brazenly, at least one publisher had to say this when confronted with the fact that his “reporter” bylines were really AI bots:
The goal was to create “AI personas” that can eventually “grow into having their own following,” maybe even one day becoming a TV anchor. “Each AI persona has a unique style … Some sort of — this is probably not the right word — personality style to it.” [iv]
Beyond spreading disinformation, these sites are profitable. Recent research found that among the top 100 digital advertisers, 55% of them had their ads placed on disinformation sites. Across all industries and brands, 67% of those with digital ads wound up on disinformation sites.[v]
To clarify, these advertisers support these disinformation sites unwittingly. The researchers cite the way that online advertising platforms algorithmically place ads on various sites as the culprit. Not the advertisers themselves.
So as we talk about disinformation sites cropping up at alarming rates, we also see bad actors profiting as they prop them up.
Follow-up research pushes the estimated number of AI-powered fake news sites yet higher. In June, analysts discovered 1,265 sites targeting U.S. internet users with fake news – many posing as “local” news outlets. Shockingly, that figure surpasses the number of local newspapers still running in the U.S., at 1,213 outlets.[vi] (Side note: between 2005 and 2022, some 2,500 local newspapers shuttered in the U.S.[vii])
The actors and interests behind these sites follow a straightforward formula. In word salad fashion, they’ll mix the name of a town with classic publication names like Times, Post, or Chronicle to try to give themselves an air of credibility. Yet the content they post is anything but credible. AI generates the content from tip-to-tail, all to suit the disinformation the site wants to pump out.
The U.S. isn’t alone here. Similar sites have cropped up in the European Union as well. The European Union’s Disinformation Lab (EU DisinfoLab) found that outside actors mimicked several legitimate European sites and used them to spread disinformation.[viii] Legitimate sites that outside actors mimicked included Bild, The Guardian, and the NATO website.
The answer is that it’s getting tougher and tougher.
Fake news sites once gave off several cues that they were indeed fake, whether because they were created by earlier, cruder versions of AI tools or by human content creators. They simply didn’t look, feel, or read right. That’s because it took a lot of manual work to create a fake news site and make it look legitimate.
For starters, the site needed a sharp visual design and an easy way of surfacing articles to readers. It also meant cooking up a virtual staff, including bios of owners, publishers, editors, and bylines for the writers on the site. It also called for creating credible “About” pages and other deeper site content that legitimate news sites feature. Oh, and it needed a nice logo too. Then, and only then, could the actors behind these sites start writing fake news articles.
Now, AI does all this in minutes.
The Poynter Institute for Media Studies, a non-profit journalism school and research organization, showed how it indeed took minutes using several different AI tools.[ix] One tool created fake journalists, along with backgrounds, bylines, and photos. Another tool provided the framework of web code to design and build the site. As for the articles themselves, a few prompts into ChatGPT wrote serviceable, if not bland, articles in minutes as well.
As a result, these sites can look “real enough” to casual viewers. Taken at face value, all the trappings of a legitimate news site are there, with one exception — the articles. They’re fake. And they go on to do the damage that the bad actors behind them want them to do.
The people who create these fake news sites rely on others to take the lies they push at face value — and then immediately react to the feelings they stir up. Outrage. Anger. Dark joy. Without pause. Without consideration. If an article or post you come across online acts taps into those emotions, it’s a sure-fire sign you should follow up and see if what you’ve stumbled across is really real.
Here are a few things you can do:
Seek out objective reporting.
Outside of a newspaper’s Op-Ed pages where editorial opinions get aired, legitimate editorial staff strive for objectivity—reporting multiple dimensions of a story and letting the facts speak for themselves. If you find articles that are blatantly one-sided or articles that blast one party while going excessively easy on another, consider that type of reporting a red flag.
Watch out for clickbait.
Sensationalism, raw plays to emotion, headlines that conjure outrage — they’re all profitable because they stir people up and get them to click. Content like this is the hallmark of fake news, and it’s certainly the hallmark of AI-powered fake news as well. Consider stories like these as red flags as well.
Use fact-checking resources.
Come across something questionable? Still uncertain of what you’re seeing? You can turn to one of the several fact-checking organizations and media outlets that make it their business to separate fact from fiction. Each day, they assess the latest claims making their way across the internet — and then figure out if they’re true, false, or somewhere in between.
Check other known and long-standing news sources.
Search for other reputable sources and see what they’re saying on the topic. If anything at all. If the accounts differ, or you can’t find other accounts at all, that might be a sign you’re looking at fake news.
Additionally, for a list of reputable information sources, along with the reasons they’re reputable, check out “10 Journalism Brands Where You Find Real Facts Rather Than Alternative Facts.” It’s published by Forbes and authored by an associate professor at The King’s College in New York City.[x] It certainly isn’t the end-all, be-all of lists, yet it provides you with a good starting point. Both left-leaning and right-leaning editorial boards are included in the list for balance.
Stick with trusted voter resources.
With Election Day coming around here in the U.S., expect many bad actors to push false voting info, polling results, and other fake news that tries to undermine your vote. Go straight to the source for voting info, like how to register, when, where, and how to vote — along with how to confirm your voting registration status. You can find all this info and far more with a visit to https://www.usa.gov/voting-and-elections.
You can find another excellent resource for voters at https://www.vote411.org, which is made possible by the League of Women Voters. Particularly helpful is the personalized voting info it offers. By entering your address, you can:
If you have further questions, contact your state, territory, or local election office. Once again, usa.gov offers a quick way to get that info at https://www.usa.gov/state-election-office.
[i] https://www.newsguardtech.com/press/sad-milestone-fake-local-news-sites-now-outnumber-real-local-newspaper-sites-in-u-s/
[ii] https://www.newsguardtech.com/press/newsguard-launches-2024-election-misinformation-tracking-center-rolls-out-new-election-safety-assurance-package-for-brand-advertising/
[iii] https://www.bloomberg.com/news/newsletters/2024-05-17/ai-fake-bylines-on-news-site-raise-questions-of-credibility-for-journalists
[iv] Ibid.
[v] https://www.nature.com/articles/s41586-024-07404-1
[vi] https://www.newsguardtech.com/press/sad-milestone-fake-local-news-sites-now-outnumber-real-local-newspaper-sites-in-u-s/
[vii] https://localnewsinitiative.northwestern.edu/research/state-of-local-news/2022/report/
[viii] https://www.cybercom.mil/Media/News/Article/3895345/russian-disinformation-campaign-doppelgnger-unmasked-a-web-of-deception/
[ix] https://www.poynter.org/fact-checking/2023/chatgpt-build-fake-news-organization-website/
[x] https://www.forbes.com/sites/berlinschoolofcreativeleadership/2017/02/01/10-journalism-brands-where-you-will-find-real-facts-rather-than-alternative-facts
The post Hallucinating Headlines: The AI-Powered Rise of Fake News appeared first on McAfee Blog.
In the aftermath of a major disaster like Hurricane Helene and Milton, people come together to rebuild and recover. Unfortunately, alongside the genuine help, there are always opportunistic scammers ready to exploit the chaos for personal gain. Knowing what to look out for can help protect you and your community from falling victim to these fraudulent schemes.
The National Center for Disaster Fraud (NCDF), established by the Justice Department after Hurricane Katrina in 2005, reminds the public to be cautious of hurricane-related solicitations. As natural disasters, like Hurricane Helene, often bring out the best in people eager to help, they also provide an opportunity for criminals to exploit the situation by stealing money or personal information. Here are some of common scams and fraud to watch out for, and how you can safeguard yourself.
As residents begin to rebuild, many turn to contractors for help with repairs. Scammers often pose as legitimate contractors but lack proper licensing or qualifications. They may demand upfront payment and then disappear without completing the work or do subpar repairs.
How to Protect Yourself:
Disasters often inspire a wave of generosity, but they also give rise to fake charities. Scammers may set up fraudulent organizations that claim to be helping victims of Hurricane Helene and Milton, only to pocket the money for themselves.
How to Protect Yourself:
After a major disaster, there is often a sharp increase in demand for essential goods like water, fuel, and building supplies. Unscrupulous businesses or individuals may take advantage by charging exorbitant prices.
How to Protect Yourself:
Scammers may pose as FEMA representatives, insurance adjusters, or other government officials. They’ll claim to help expedite your relief or insurance claim in exchange for personal information or payment.
How to Protect Yourself:
Cybercriminals often send out emails or texts that look like they’re from legitimate organizations, trying to trick people into clicking on malicious links. These phishing scams can lead to identity theft or financial loss.
How to Protect Yourself:
In the wake of Hurricane Helene and Milton, the most important thing you can do is stay vigilant. While the majority of people are focused on helping and healing, there will always be a small number looking to take advantage. By recognizing the signs of common scams and taking precautionary measures, you can protect yourself and your community from further harm. If you suspect you’ve been targeted by a scam, report it to local law enforcement or the Federal Trade Commission (FTC) immediately.
The post How to Avoid Scams in the Wake of Hurricane Helene and Milton appeared first on McAfee Blog.
With the election quickly approaching, it’s essential to be informed and cautious about the growing number of voting scams. Scammers are becoming more sophisticated, using everything from artificial intelligence to fake text messages to trick people into sharing sensitive information. Here’s a breakdown of the types of voting scams that have already been seen this year and the specific steps you can take to protect yourself.
Scammers pretending to be election workers are sending fraudulent text messages to Maryland voters, falsely claiming they are not registered to vote in November. The texts urge recipients to click a fake link to “resolve” their registration status. Similar scams have been reported across the country from Sacramento, California to Marietta, Georgia.
How to protect yourself:
A new voting scam is targeting seniors in Michigan, where scammers are asking for Social Security and credit card information under the pretense of early voting opportunities. Michigan’s Secretary of State office has received numerous complaints about seniors being approached in person by imposters posing as election workers while trying to steal individuals’ identities.
How to protect yourself:
A bipartisan group of 51 attorneys general issued a warning to Life Corporation, a company accused of sending scam robocalls during the New Hampshire primary. These calls used AI to impersonate President Biden and spread false information to discourage voter participation. While this bipartisan task force is committed to tackling illegal robocalls nationwide, citizens should still be aware of the risk of deepfake audio.
How to protect yourself:
Scams tend to increase during election years, so be proactive in safeguarding against these latest fraud tactics. By following these steps, you can help protect yourself from falling victim to election-related scams. Voting is a critical part of democracy, and staying vigilant is key to both safeguarding your personal information and your right to participate.
The post Beware of These Voting Scams Happening Now appeared first on McAfee Blog.
In today’s digital world, the line between reality and deception has become increasingly blurred, with cybercriminals leveraging cutting-edge AI technologies to exploit our trust and interest in celebrities. As we continue to engage with the internet in unprecedented ways, McAfee’s 2024 Celebrity Hacker Hotlist sheds light on a growing threat—online scams using the identities of our favorite stars.
At the forefront of McAfee’s latest list is Scarlett Johansson, a renowned actress, recognized for her roles in Marvel’s Black Widow and Lost in Translation. However, this time, Johansson isn’t making headlines for a movie—she’s ranked as the U.S. celebrity whose name is most frequently used in online scams. Her likeness has been used in AI-generated deepfakes, from unauthorized ads to fake endorsements, creating a major risk for unsuspecting fans. The list doesn’t stop with Johansson. Celebrities like Kylie Jenner, Taylor Swift, and Tom Hanks also find themselves in the top 10, with hackers exploiting their images, voices, and reputations to deceive internet users. Whether it’s for fake giveaways, cryptocurrency scams, tickets to high-demand concerts, free downloads, or disinformation campaigns, these stars are unwilling participants in the cybercrime ecosystem.
McAfee’s Threat Research Labs Team compiled the Celebrity Hacker Hotlist by identifying the celebrities – including social media influencers – whose names and likenesses are most often exploited to lead consumers to online scams. This ranges from the purchase of fake goods or services that then steal your money or bank details to social media or email scams that convince consumers to click a risky link that unknowingly installs malware. All of these scams jeopardize consumers’ data, privacy, and identity.
The top ten list includes a combination of longtime talent and more recently well-known names from various fields, showcasing their potential influence on consumers of all generations:
The advent of AI has revolutionized many industries, but it’s also given cybercriminals a powerful new tool: the deepfake. In addition to phishing scams and links containing malware that exploit the popularity and reputation of celebrities and deceive their fans, these highly realistic video or audio clips can mimic the likeness of a person, making it nearly impossible to tell whether the content is real or fake. Deepfakes of celebrities are now being used to promote fraudulent products, steal personal information, and trick people into downloading malware. Imagine watching a video of your favorite star endorsing a new product, only to find out later it wasn’t them at all. This is no longer a distant possibility but a reality many fans face as scammers get better at crafting fake content. In fact, some of these AI-generated videos are so convincing that even the savviest of internet users can fall for them.
For instance, Tom Hanks’ image was manipulated to promote dubious “miracle cures,” while Taylor Swift’s likeness has been used in fake political endorsements. Johnny Depp and Kylie Jenner’s names have been used by scammers in fake cryptocurrency giveaways, luring fans to engage with risky websites or phishing scams.
While these scams primarily aim to steal money or personal data from consumers, the effects are far-reaching. For fans, the consequences can be devastating, with financial losses ranging from a few hundred dollars to over half a million. In addition to the financial risks, victims often feel violated after engaging with fraudulent content. For celebrities, these scams can have a serious impact on their public image and brand. Many stars, including Johansson, have taken a firm stand against the unauthorized use of their images in AI-generated content. As Johansson has publicly expressed, it’s not just about personal privacy but about the broader implications of AI and the need for accountability in the tech world.
As AI becomes more accessible, these scams are only expected to rise. To combat this growing issue, McAfee recently introduced a powerful combination of educational resources and advanced, AI-powered technology: McAfee Deepfake Detector, the world’s first automatic and AI-powered deepfake detector, and the McAfee Smart AI Hub, a go-to online space for the latest in AI security knowledge and news. Here are some practical tips to protect yourself from AI-generated scams:
In 2024, staying safe online means being aware of the rapidly evolving landscape of AI and cybercrime. Scammers are getting better at mimicking trusted names like Scarlett Johansson, Kylie Jenner, and Johnny Depp to deceive fans. With AI-powered tools like deepfake detectors and informed vigilance, we can reduce the risk of falling victim to these digital traps. Stay informed, stay cautious, and always think twice before clicking on a too-good-to-be-true celebrity endorsement. For more information about McAfee’s 2024 Celebrity Hacker Hotlist and ways to protect yourself, visit https://www.mcafee.ai
The study was conducted by McAfee® threat intelligence researchers to determine the number of risky sites and amount of misleading content generated by searching a celebrity name with commonly used terms. A risk score was calculated for each celebrity using a combination of McAfee WebAdvisor results and an analysis of known deepfakes recorded between January 1 to September 15, 2024. McAfee’s WebAdvisor browser extension leverages McAfee’s technology to protect users from malicious websites and, when turned on, rates nearly every internet website it finds, using red, yellow and green icons to indicate the website’s risk level and blocking access to or warning a user if they click on a malicious or risky URL link. Ratings are created by using patented advanced technology to conduct automated website tests and works with Chrome, Edge, Safari, and Firefox.
The post Scarlett Johansson Tops McAfee’s 2024 Celebrity Hacker Hotlist for AI Online Scams appeared first on McAfee Blog.
Bad news travels quickly. Or so goes the old saying. Yet we do know this: disinformation and fake news spread faster than the truth. And what makes it spread even faster is AI.
A recent study on the subject shows that fake news travels across the internet than stories that are true. Complicating matters is just how quickly and easily people can create fake news stories with AI tools.
Broadly speaking, AI-generated content has flooded the internet in the past year — an onrush of AI voice clones, AI-altered images, video AI deepfakes, and all manner of text in posts. Not to mention, entire websites are populated with AI-created content.
One set of published research shows how this glut of AI-created content has grown since AI tools started becoming publicly available in 2023. In just the first three months of 2024, one set of research suggests that the volume of deepfakes worldwide surged by 245% compared to the start of 2023. In the U.S., that figure jumped to 303%.[i]
But before we dive into the topic, we need to make an important point — not all AI-generated content is bad. Companies use AI deepfake technologies to create training videos. Studios use AI tools to dub movies into other languages and create captions. And some content creators just want to get a laugh out of Arnold Schwarzenegger singing show tunes. So, while deepfakes are on the rise, not all of them are malicious.
The problem arises when people use deepfakes and other AI tools to spread disinformation. That’s what we’ll focus on here.
First, let’s look at what deepfakes are and what disinformation really is.
First, what is a deepfake? One dictionary definition of a deepfake reads like this:
An image or recording that has been convincingly altered and manipulated to misrepresent someone as doing or saying something that was not actually done or said.[ii]
Looking closely at that definition, three key terms stand out: “altered,” “manipulated,” and “misrepresent.”
Altered
This term relates to how AI tools work. People with little to no technical expertise can tamper with existing source materials (images, voices, video) and create clones of them.
Manipulated
This speaks to what can be done with these copies and clones. With them, people can create entirely new images, tracts of speech, and videos.
Misrepresent
Lastly, this gets to the motives of the creators. They might create a deepfake as an obvious spoof like many of the parody deepfakes that go viral. Or maliciously, they might create a deepfake of a public official spewing hate speech and try to pass it off as real.
Again, not all deepfakes are malicious. It indeed comes down to what drives the creator. Does the creator want to entertain with a gag reel or inform with a how-to video narrated by AI? That’s fine. Yet if the creator wants to besmirch a political candidate, make a person look like they’ve said or done something they haven’t, or to pump out false polling location info to skew an election, that’s malicious. They clearly want to spread disinformation.
You might see and hear these terms used interchangeably. They’re different, yet they’re closely related. And both will play a role in this election.
Disinformation is intentionally spreading misleading info.
Misinformation is unintentionally spreading misleading info (the person sharing the info thinks it’s true).
This way, you can see how disinformation spreads. A bad actor posts a deepfake with misleading info — a form of disinformation. From there, others take the misleading info at face value, and pass it along as truth — a form of misinformation.
The two work hand-in-hand by design, because bad actors have a solid grasp on how lies spread online.
Deepfakes primarily spread on social media. And disinformation there has a way of spreading quickly.
Researchers found that disinformation travels deeper and more broadly, reaches more people, and goes more viral than any other category of false info.[iii]
According to the research findings published in Science,
“We found that false news was more novel than true news, which suggests that people were more likely to share novel information … Contrary to conventional wisdom, robots accelerated the spread of true and false news at the same rate, implying that false news spreads more than the truth because humans, not robots, are more likely to spread it.”
Thus, bad actors pump false info about them into social media channels and let people spread it by way of shares, retweets, and the like.
And convincing deepfakes have only made it easier for bad actors to spread disinformation.
The advent of AI tools has spawned a glut of disinformation unseen before, and for two primary reasons:
In effect, the malicious use of AI makes it easier for fakery to masquerade as reality, with chilling authenticity that’s only increasing. Moreover, it churns out fake news on a massive scope and scale that’s increasing rapidly, as we cited above.
AI tools can certainly create content quickly, but they also do the work of many. What once took sizable ranks of writers, visual designers, and content producers to create fake stories, fake images, and fake videos now gets done with AI tools. Also as mentioned above, we’re seeing entire websites that run on AI-generated content, which then spawn social media posts that point to their phony articles.
Largely we’ve talked about disinformation, fake news, and deepfakes in the context of politics and in attempts to mislead people. Yet there’s another thing about malicious deepfakes and the bad news they peddle. They’re profitable.
Bad news gets clicks, and clicks generate ad revenue. Now with AI powering increasingly high volumes of clickbait-y bad news, it’s led to what some researchers have coined the “Disinformation Economy.” This means that the creators of some deepfakes might not be politically motivated at all. They’re in it just for the money. The more people who fall for their fake stories, the more money they make as people click.
And early indications show that disinformation has broader economic effects as well.
Researchers at the Centre for Economic Policy Research (CEPR) in Europe have started exploring the impact of fake news on economic stability. In their first findings, they said, “Fake news profoundly influences economic dynamics.”[iv] Specifically they found that as fake news sows seeds of uncertainty, it reverberates through the economy, leading to increased unemployment rates and lower industrial production.
They further found bad news can lead to pessimism, particularly about the economy, which leads to people spending less and lower sales for companies — which further fuels unemployment and reductions in available jobs as companies cut back.[v]
Granted, these early findings beg more research. Yet we can say this: many people turn to social media for their news, the place where fake news and malicious deepfakes spread.
Global research from Reuters uncovered that more people primarily get their news from social media (30%) rather than from an established news site or app (22%).[vi] This marks the first time that social media has toppled direct access to news. Now, if that leads to exposure to significant portions of pessimistic fake news, it makes sense that millions of people could have their perceptions altered by it to some extent — which could translate into some form of economic impact.
As you can quickly surmise, that comes down to us. Collectively. The fewer people who like and share disinformation and malicious deepfakes, the quicker they’ll die off.
A few steps can help you do your part in curbing disinformation and malicious deepfakes …
Verify, then share.
This all starts by ensuring what you’re sharing is indeed the truth. Doubling back and doing some quick fact-checking can help you make sure that you’re passing along the truth. Once more, bad actors entirely rely on just how readily people can share and amplify content on social media. The platforms are built for it. Stop and verify the truth of the post before you share.
Come across something questionable? You can turn to one of the several fact-checking organizations and media outlets that make it their business to separate fact from fiction:
Flag falsehoods.
If you strongly suspect that something in your feed is a malicious deepfake, flag it. Social media platforms have reporting mechanisms built in, which typically include a reason for flagging the content.
Get yourself a Deepfake Detector.
Our new Deepfake Detector spots AI phonies in seconds. It works in the background as you browse — and lets you know if a video or audio clip was created with AI audio. All with 95% accuracy.
Deepfake Detector monitors audio being played through your browser to determine if the content you’re watching or listening to contains AI-generated audio. McAfee doesn’t store any of this audio or browsing history.
Further, a browser extension shows just how much audio was deepfaked, and at what point in the video that content cropped up.
McAfee Deepfake Detector is available for English language detection in select new Lenovo AI PCs, ordered on Lenovo.com and select local retailers in the U.S., UK, and Australia.
From January to July of 2024, states across the U.S. introduced or passed 151 bills that deal with malicious deepfakes and deceptive media.[vii] However, stopping their spread really comes down to us.
The people behind AI-powered fake news absolutely rely on us to pass them along. That’s how fake news takes root, and that’s how it gets an audience. Verifying that what you’re about to share is true is vital — as is flagging what you find to be untrue or questionable.
Whether you use fact-checking sites to verify what you come across online, use a tool like our Deepfake Detector, or simply take a pass on sharing something that seems questionable, they’re all ways you can stop the spread of disinformation.
[i] https://sumsub.com/newsroom/deepfake-cases-surge-in-countries-holding-2024-elections-sumsub-research-shows/
[ii] https://www.merriam-webster.com/dictionary/deepfake
[iii] https://science.sciencemag.org/content/359/6380/1146
[iv] https://cepr.org/voxeu/columns/buzz-bust-how-fake-news-shapes-business-cycle
[v] https://www.uni-bonn.de/en/news/134-2024
[vi] https://reutersinstitute.politics.ox.ac.uk/digital-news-report/2023/dnr-executive-summary
[vii] Ibid.
The post Clickbait and Switch: How AI Makes Disinformation Go Viral appeared first on McAfee Blog.
You crack open your credit card statement and something seems … off. Maybe it’s a couple of small online purchases that make you think, “Hmm, that’s strange.” Or maybe a statement shows up in your mailbox — one for a card that you don’t own at all. That calls for a huge “What the heck???” Sure enough, you’re looking at cases of identity fraud and theft.
And there’s a difference between identity fraud and identity theft. It’s subtle. And because of that, they often get used interchangeably. Each one can really sting but in different ways.
So, put simply, identity fraud involves stealing from an existing account. Identity theft means that someone used your personal info to impersonate you in some way, such as opening new accounts in your name.
Each year, the U.S. Federal Trade Commission (FTC) publishes a data book that collects consumer reports of fraud, identity theft, and other similar crimes. Using the most recent data from the FTC, we can plot what the top forms of identity theft and fraud look like.
Credit cards
By far the top form of identity theft and fraud. As mentioned in the examples above, these can include crooks who string out several small purchases over time. All in the hope that the cardholder will overlook it. It can also include a one-whopper of a purchase for a big-ticket item. Here, the crook knows the card will likely get canceled quickly afterward. It’s a one-and-done deal.
Loans and leases
Second, we have loans and leases. This can range from student loans, personal loans, and auto loans, and to real estate rentals as well. Common across them all is someone impersonating you to take them out or tap into their funds in some way.
Bank accounts
Here, the creation of totally new accounts leads the way in this category. As we described above, that’s a form of identity theft. Yet identity fraud accounts for a noticeable chuck, which includes account takeovers. In these cases, crooks siphon off funds via debit cards, Electronic Funds Transfer (ETF), and other forms of withdrawal and transfer.
ID and government benefits
This covers cases where crooks use stolen personal info to get IDs. That includes driver’s licenses, passports, and other government documentation. Further, this category also encompasses the theft of government-issued benefits ranging from medical assistance to veteran’s pay.
Tax returns
While all forms of identity theft and fraud can pack a punch, this type hits particularly hard because it involves your SSN. Around tax time, scammers with access to SSNs will file bogus returns, all with the aim of claiming the refund for themselves.
Utilities
Largely, this involves people buying cell phones and opening new mobile accounts along with them. Yet it also includes people opening other utilities in other people’s names. Indeed, crooks will scam their way into getting free electricity, water, gas, and yes…cable TV.
Although these forms don’t top the list in terms of reports, they still bear mentioning. They’re serious enough, and they can go undetected for some time before their victims find out.
Medical identity theft
In this form, an imposter receives care, medications, or medical devices in someone else’s name. They might pass off phony documentation to the care provider involved, the insurance company that pays for the care, or a combination of the two. A few things can happen as a result. It can impact the care you can get and the benefits you can use. In extreme cases, the thief’s health info can get mixed in with yours and impact your care. Medical identity theft is a good reason to closely review all the medical and insurance statements you get.
Child identity theft
Imagine your child about to rent a first apartment. The property management company runs a credit check, only to find a horrendous credit rating. But how? An identity thief has been using your child’s identity for years now. After all, what parent thinks, “I really should run a credit report on my kindergartener.” And that’s fair. However, signing up your child for identity is a sound move. It can help spot if your child’s identity got stolen.
1) Notify the companies and institutions involved and consider a credit freeze.
Whether you spot a curious charge on your bank statement or you discover what looks like a fraudulent account in your credit monitoring service, let the bank or business involved know you suspect fraud. With a visit to their website, you can track down the appropriate number to call and get the investigation process started.
In the meantime, consider putting a security freeze in place. A security freeze service prevents others from opening new credit, bank, and utility accounts in your name. It won’t hit your credit score, and you can unfreeze it when needed. You’ll find this feature in our McAfee+ plans as well.
2) File a police report.
Some businesses will require you to file a local police report to acquire a case number to complete your claim. Beyond that, filing a report is still a good idea. Identity theft is still theft, and reporting it provides an official record of it.
Should your case of identity theft lead to someone impersonating you or committing a crime in your name, filing a police report right away can help you clear your name down the road. Likewise, save any evidence you have, such as statements or documents associated with the theft. They can help you clean up your record as well.
3) Contact the Federal Trade Commission (FTC).
The FTC’s identity theft website is a fantastic resource should you find yourself in need. Above and beyond simply reporting the theft, the FTC can provide you with a step-by-step recovery plan—and even walk you through the process if you create an account with them. Additionally, reporting theft to the FTC can prove helpful if debtors come knocking to collect on any bogus charges in your name. You can provide them with a copy of your FTC report and ask them to stop.
4) Contact the IRS, if needed.
If you receive a notice from the IRS that someone used your identity to file a tax return in your name, follow the information provided by the IRS in the notice. From there, you can file an identity theft affidavit with the IRS. If the notice mentions that you were paid by an employer you don’t know, contact that employer as well and let them know of possible fraud — namely that someone has stolen your identity and that you don’t truly work for them.
Also, be aware that the IRS has specific guidelines as to how and when they will contact you. As a rule, they will most likely contact you via physical mail delivered by the U.S. Postal Service. (They won’t call, nor will they call and apply harassing pressure tactics — only scammers do that.) Identity-based tax scams are a topic all of their own, and for more on it, you can check out this article on tax scams and how to avoid them.
5) Continue to monitor your credit report, invoices, and statements.
Another downside of identity theft is that it can mark the start of a long, drawn-out affair. One instance of theft can possibly lead to another, so even what may appear to be an isolated bad charge on your credit card calls for keeping an eye on your identity. Many of the tools you would use up to this point still apply, such as checking up on your credit reports, maintaining fraud alerts as needed, in addition to reviewing your accounts closely.
Several features in our McAfee+ plans can do this work, and quite a bit more, for you:
The post What Are the 6 Types of Identity Theft appeared first on McAfee Blog.
Imagine this: you wake up one morning to find that your bank account has been emptied overnight. Someone halfway across the world has accessed your account using a password you thought was secure. Incidents like these are unfortunately becoming more common, with identity theft and fraud cases steadily increasing over the last decade.
This month is Cybersecurity Awareness Month, with the theme “Secure Our World,” which serves as a timely reminder to reassess and enhance your cybersecurity strategies against ever-evolving cyber threats. In an election year, the digital landscape becomes a breeding ground for cyber scams and malicious activities aimed at exploiting political fervor and public uncertainty. With the 2024 election on the horizon, it’s more critical than ever to strengthen our cybersecurity defenses.
By prioritizing cybersecurity awareness and implementing robust protective measures during this dedicated month, you can safeguard your personal information, protect your financial assets, and ensure the security of your digital interactions. Let’s explore five simple yet powerful ways to increase your internet security and have peace of mind in today’s digital landscape.
Passwords serve as the first line of defense against unauthorized access to your accounts but 78% of people use the same password for more than one account. Here’s how you can create and manage complex passwords:
Multifactor authentication (MFA) adds an extra layer of security by requiring two or more of the following factors to access your accounts:
Follow these steps to enable multifactor authentication:
Phishing is a common tactic used by cybercriminals to trick you into revealing sensitive information by impersonating legitimate entities, such as banks or reputable companies, to lure individuals into disclosing sensitive information like passwords or credit card numbers. These attacks often occur via email, text messages, or fake websites designed to appear authentic, exploiting human trust and curiosity to steal valuable data for malicious purposes.
Identifying Phishing Emails:
Reporting Phishing:
Software updates, also known as patches, often include security fixes to protect against known vulnerabilities. Here’s how to keep your software up to date:
Updating Operating Systems and Applications:
Social media platforms are integral parts of modern communication, but they also pose significant security risks if not managed carefully. Here are essential tips to enhance your social media security:
By implementing these straightforward yet effective cybersecurity practices, you can significantly reduce the risk of falling victim to online threats. McAfee+ can also keep you more secure and private online with 24/7 scans of the dark web to ensure your personal and financial info is safe, alerts about suspicious financial transactions and credit activity, and up to $2 million in identity theft coverage and restoration.
The post Top Tips for Cybersecurity Awareness Month appeared first on McAfee Blog.
In today’s digital world, both personal and professional environments are evolving faster than ever. As artificial intelligence (AI) becomes integral to our daily lives, it’s crucial that the devices we use stay ahead of the curve—both in terms of performance and security. According to Gartner, AI PCs are projected to total 114 million units in 2025, an increase of 165.5% from 2024. That’s why we’re excited to introduce the next generation of AI-powered PCs with our partners, designed to provide cutting-edge computing experiences with next-level AI-protection with McAfee Deepfake Detector.
These AI PCs have been built with one goal in mind: to harness the power of AI for every user. Whether you’re a content creator, business professional, gamer, or researcher, AI PCs adapt to your needs, offering enhanced processing speed, personalized optimization, and smart task management. From boosting productivity to delivering immersive entertainment, AI PCs are designed to handle it all.
We understand that in an age where digital content is omnipresent, online security must be a top priority. That’s why the following AI PCs come with McAfee Deepfake Detector preinstalled. This advanced tool is designed to protect you against the growing threat of AI-manipulated media, ensuring that you can trust the content you see online. McAfee’s Deepfake Detector uses cutting-edge algorithms to analyze AI-generated audio, distinguishing between real and manipulated content.
McAfee’s recent research shows that 27% of Americans say they may or will purchase an AI PC for themselves or a loved one during the 2024 holiday season. 40% of people aged 25-34 say the same. When asked what characteristics of an AI PC are most important to consumers:
As deepfakes become more sophisticated, this feature provides peace of mind, ensuring that you’re always one step ahead of malicious actors.
Our new AI PC range combines world-class performance with trusted security solutions. Whether you’re using these devices for work, play, or creativity, you’ll have the confidence of knowing your personal data and online experiences are safeguarded by the latest in AI-driven protection. McAfee Deepfake Detector is available on the following AI PC:
Stay tuned for more details about this exciting new range, and discover how we’re redefining the future of online protection
The post Introducing AI PCs with McAfee Deepfake Detector appeared first on McAfee Blog.
As we head into a season filled with moments that matter to consumers – from the upcoming U.S. election to the holiday shopping rush – online safety is more important than ever. With AI-generated content on the rise and scammers able to carry out more sophisticated scams, it’s crucial to stay vigilant and ensure you’re fully protected. If you’ve ever thought, “is that text message really from my bank?” Or “I don’t want my personal life to be available to people I don’t know on my social media?” McAfee+ can help you.
This autumn, McAfee has introduced a set of innovative tools designed to make online protection simpler, faster, and more effective. This includes streamlined experiences that make it easier and faster to be protected from the start, as well as enhancements that reinforce privacy protection across social media platforms, protect against the latest smishing texts in real time, and provide control over performance impact of malware scans. Whether it’s staying safe during the rush of holiday shopping or navigating potential misinformation leading up to the elections, McAfee has you covered with the latest online protection.
During the busy autumn season, time is of the essence. With more people shopping online and receiving an influx of emails and text messages, the last thing you need is complicated, time-consuming setup processes. McAfee’s latest update is all about making protection simpler and more accessible.
The newly streamlined setup ensures you’re fully protected in fewer steps, whether you’re setting up Windows or mobile. And by integrating experiences that were initially cloud-based directly in Windows and mobile apps, consumers can seamlessly manage their online privacy and social media settings directly from their devices.
With the upcoming elections and family gatherings on the horizon, many of us may be sharing more on social media than usual. But how much is too much? With McAfee’s Social Privacy Manager, people get personalized privacy settings based on their sharing preferences – now with industry-first support for TikTok – in addition to platforms like Facebook, Instagram, and LinkedIn. In an era where online privacy concerns are skyrocketing, and 9 out of 10 social media users are concerned about protecting their online privacy and identity, McAfee continues to stand at the forefront of online security.
Whether you’re prepping for holiday photos or protecting your kids’ privacy on TikTok and YouTube, Social Privacy Manager empowers you to adjust over 100 privacy settings across seven social platforms – Facebook, Instagram, X, LinkedIn, YouTube, Google and TikTok – ensuring your information stays private with just a few clicks.
By adding TikTok support Social Privacy Manager also covers the top two platforms that teens use1, TikTok and YouTube. With a family plan, parents can now easily help set privacy settings for their kids – and with 43% of people feeling that online privacy risks have increased in 2024, McAfee’s focus on providing control over social media privacy is both timely and essential.
The McAfee Social Privacy Dashboard
Heading into the holiday season, consumers often face an uptick in phishing and smishing scams, as fraudsters take advantage of shopping rushes and delivery notifications to deceive people. More than a third (39%) of people who use mobile phones admit they have clicked on a text scam message such as a suspicious text from an unknown number or a fake package delivery text, and nearly half (44%) state that they or someone they know have been a victim of such a text scam.
In response to rising phishing and text scam threats, McAfee has upgraded its AI-powered Text Scam Detector. When a text message arrives that contains a link to a website, that link will be scanned and analyzed by McAfee Smart AITM in real-time. If the link leads to a malicious or phishing website, the text message will be blocked.
On iPhones, scam texts are automatically filtered into a junk folder, and on Android, you’ll receive instant alerts when a suspicious message arrives, helping you avoid costly mistakes when you’re busiest.
Text Scam Detector as part of McAfee Mobile Security
“Antivirus protection slows down my PC” is something that is often heard, however recent research from AV-Comparatives shows that this is not the case; in fact, McAfee provides protection with the least amount of performance impact on PCs, of all tested vendors.
To ensure people do not even have to worry about their computer slowing down during holiday shopping or while working through election news, McAfee’s Antivirus now offers a ‘Fast Scanning’ feature. This allows people to balance performance and security, offering customizable options for quick scans or deeper system checks without compromising PC speed.
The Antivirus Dashboard
Whether you’re working remotely, traveling for the holidays, or accessing election news online, privacy is essential – and while a VPN service is sometimes seen as a double-edged sword, providing privacy when people are connected to the internet but impacting the speed of that connection, McAfee’s Secure VPN now offers even faster, more stable connections with an expanded network of 7,000 servers in 48 countries. Additionally, consumers can enjoy extended WireGuard protocol support on Android, Windows, and iOS, for online privacy protection across devices no matter where you are.
VPN Settings
From safeguarding social media privacy to blocking scam texts and ensuring secure browsing, McAfee+ is designed to help you stay safe in an increasingly complex digital world. McAfee+ plans are available for both individuals and families – and with protections such as McAfee’s Social Privacy Manager and McAfee’s Text Scam Detector included, consumers can rest easy knowing that McAfee is constantly watching out for their online protection.
In today’s digital age, securing your online identity and privacy has never been more critical. McAfee’s latest product enhancements reflect the company’s commitment to delivering advanced, easy-to-use solutions that help consumers stay safe online. Whether you’re looking for protection from phishing and smishing scams, safeguarding privacy on social media, or malware, our expanded product range offers solutions for all consumers.
For more information on McAfee’s latest products and plans, visit McAfee.com.
The post How to Maximize the Latest McAfee+ Enhancements for Peace of Mind This Autumn appeared first on McAfee Blog.
Elections are the bedrock of democratic societies, but historically, they have been vulnerable to various forms of manipulation and fraud. Over the last decade, there have only been 1,465 proven cases of election fraud out of the hundreds of millions of votes cast, but election interference through tactics like deliberately spreading disinformation has become increasingly more common.
Election Day for determining the next U.S. President isn’t until November 5th, but early voting starts as early as September 6th in some states. With election season officially underway, understanding past election scams and current threats is crucial for safeguarding the future of democratic processes. As technology and political landscapes evolve, so do the methods used to undermine electoral integrity. Let’s examine the impact of historical election scams, how cybersecurity measures have advanced in response, and the current landscape of election cybersecurity threats.
Throughout history, election scams have come in many forms, from ballot stuffing to voter intimidation. One of the most notorious examples is the 1960 Kennedy-Nixon U.S. presidential election, which was so close that both Republicans and Democrats accused the other side of stuffing ballot boxes. Nixon later claimed in his autobiography that widespread fraud had happened in Illinois, which Kennedy won by less than 10,000 votes.
In more recent history, the 2016 U.S. presidential election highlighted a new dimension of electoral interference: cyber manipulation and disinformation. Russian operatives used social media to spread divisive content and hacked into the email accounts of political figures to release sensitive information. This year, Iranian hackers successfully breached the Trump campaign and targeted the Harris campaign as well.
Hacking is not limited to U.S. elections. In the 2017 French presidential election, hackers targeted the campaign of Emmanuel Macron, leaking internal documents and emails. While the impact of this breach was mitigated by the swift response of the Macron campaign and French authorities, it highlighted the vulnerability of political campaigns to cyberattacks and the importance of rapid countermeasures.
In response to these emerging threats, cybersecurity measures have evolved substantially. In the wake of the 2016 election interference, there was a heightened awareness of the vulnerabilities in electoral systems. This led to the development and implementation of more robust cybersecurity protocols aimed at protecting the integrity of elections.
As technology continues to advance, so do the tactics used by malicious actors. The current landscape of election cybersecurity threats includes:
To effectively address these threats, it is essential for both voters and election officials to be informed and proactive. Voters should be educated about the signs of misinformation and the importance of verifying information from credible sources. Election officials should stay informed about the latest cybersecurity practices and potential threats and adhere to best practices for cybersecurity, including regular updates, strong access controls, and encryption. Transparent communication with the public about the steps being taken to secure elections can build trust and counteract disinformation efforts.
Understanding past election scams and current cybersecurity threats is vital for protecting the integrity of democratic processes. By learning from historical incidents and staying vigilant against emerging threats, we can strengthen our electoral systems and ensure that future elections are fair, transparent, and secure. Through ongoing advancements in technology and policy, we can address the challenges of today and safeguard the future of democracy.
The post Past Election Scams: Lessons Learned and Current Threats appeared first on McAfee Blog.
In a recent special hosted by Oprah Winfrey titled “AI and the Future of Us”, some of the biggest names in technology and law enforcement discussed artificial intelligence (AI) and its wide-ranging effects on society. The conversation included insights from OpenAI CEO Sam Altman, tech influencer Marques Brownlee, and FBI Director Christopher Wray. These experts explored both the promises and potential pitfalls of this rapidly advancing technology. As AI continues to shape our world, it’s crucial to understand its complexities—especially for those unfamiliar with the nuances of AI technology.One of the most significant concerns raised in the special was the rise of AI-generated content, specifically deepfakes, and how they are being weaponized for disinformation. Deepfakes, alongside other generative AI advancements, are progressing at a pace that outstrips our capacity to manage them effectively, posing new challenges to the public.
A deepfake is a highly realistic piece of synthetic media, often video or audio, that uses AI to swap faces or voices to create fake, yet believable, content. Brownlee demonstrated how rapidly this technology is evolving by comparing two pieces of AI-generated footage. The newer sample, powered by OpenAI’s Sora, was far more convincing than its predecessor from just months earlier. While seasoned observers might spot the odd flaw, most people could easily mistake these fakes for real footage, especially as the technology improves.
A demonstration by tech expert Marques Brownlee revealed how AI-generated content has reached unprecedented levels of realism, making it difficult to distinguish between what’s real and what’s fake. This development raises serious concerns about misinformation, particularly in the context of deepfake technology, where AI can create highly realistic, yet entirely fabricated, videos and audio.
The ability of AI to generate convincingly fake content isn’t just a novelty—it’s a threat, particularly when used for malicious purposes. FBI Director Christopher Wray highlighted a chilling example of his introduction to deepfake technology. At an internal meeting, his team presented a fabricated video of him speaking words he never said. It was a stark reminder of how AI could be used to manipulate public opinion, create false narratives, and tarnish reputations. McAfee created Deepfake Detector as a defense against malicious and misleading deepfakes. McAfee Threat Labs data have found 3 seconds of your voice is all scammers and cybercriminals need to create a deepfake.
Wray discussed the increasing use of deepfakes in *sextortion*—a disturbing crime where predators manipulate images of children and teens using AI to blackmail them into sending explicit content. The misuse of AI doesn’t end there, though. In a world where misinformation and disinformation are rampant, deepfakes have become a powerful tool for deception, influencing everything from personal relationships to politics.
The upcoming U.S. presidential election is one area where deepfakes could have particularly dire consequences. Wray pointed out that foreign adversaries are already using AI to interfere with American democracy. Posing as ordinary citizens, these bad actors use fake social media accounts to spread misleading AI-generated content, adding to the chaos of political discourse. In fact, AI-generated images of high-profile figures like former President Donald Trump and Vice President Kamala Harris have already misled millions of people.
Bill Gates emphasized that AI’s progression is moving faster than many anticipated, even for experts in the field. This rapid evolution could lead to major societal shifts sooner than expected, presenting both exciting opportunities and significant challenges. Sam Altman of OpenAI echoed these concerns, stressing that the world is only beginning to see the full scope of AI’s potential impact on the economy and everyday life.
One of the more controversial points discussed was AI’s potential to displace jobs. Gates predicted that in the future, the workweek might shrink as automation takes over many tasks, suggesting a shift to a three-day workweek. While automation may replace many roles, Gates argued that human-centric professions—those requiring creativity and interpersonal skills—will remain in demand. This highlights the growing need for skills that machines can’t replicate.
Christopher Wray, Director of the FBI, warned of how AI is being weaponized by criminals. From manipulating innocent images into explicit content to using AI for extortion, the technology is being leveraged to amplify illegal activities. Wray illustrated how AI has made it easier for less experienced criminals to engage in more sophisticated crimes, particularly in targeting vulnerable populations like teenagers.
The overarching message from the discussion was clear: to mitigate the risks posed by AI, close collaboration between governments and technology companies is crucial. Altman stressed the importance of implementing safety measures, likening the regulation of AI to that of airplanes and pharmaceuticals. Gates echoed the call for responsible development, emphasizing that regulatory frameworks must evolve alongside the technology.
AI is advancing rapidly, changing the way we live, work, and communicate. For those unfamiliar with the intricacies of generative AI, the recent discussion on AI and the Future of Us” provided a comprehensive look at both the opportunities and dangers AI presents. From job market disruptions to the rise of deepfakes and disinformation, it’s clear that AI will continue to shape our world in unpredictable ways. By acknowledging both its promise and its peril, we can better prepare ourselves for the future of AI.
Despite the concerns raised, the conversation was not without optimism. AI holds immense potential to revolutionize sectors like healthcare and education. However, the discussion made it clear that thoughtful regulation and public awareness are necessary to ensure AI serves society positively and ethically. By balancing innovation with caution, there’s hope that AI can be harnessed to benefit everyone.
The post Unmasking AI and the Future of Us: Five Takeaways from the Oprah TV Special appeared first on McAfee Blog.
All day long, it’s almost always within arm’s reach. Your smartphone. And we rely on it plenty. That makes securing your phone so important. Good thing that some of the best tips for making your phone safer are also some of the easiest.
Here’s a quick rundown:
1. Lock your phone.
Locking your phone is one of the most basic smartphone security measures you can take. Trouble is, few of us do it. Our recent global research showed that only 56% of adults said that they protect their smartphone with a password, passcode, or other form of lock.[i] In effect, an unlocked phone is an open book to anyone who finds or steals a phone.
Setting up a lock screen is easy. It’s a simple feature found on iOS and Android devices. iPhones and Androids have an auto-lock feature that locks your phone after a certain period of inactivity. Keep this time on the low end, one minute or less, to help prevent unauthorized access.
We suggest using a six-digit PIN or passcode rather than using a gesture to unlock your phone. They’re more complex and secure. Researchers proved as much with a little “shoulder surfing” test. They looked at how well one group of subjects could unlock a phone after observing the way another group of subjects unlocked it.[ii]
2. Turn on “Find My Phone.”
Another powerful tool you have at your disposal is the Find My Phone feature made possible thanks to GPS technology. The “find my” feature can help you pinpoint your phone if your lost or stolen phone has an active data or Wi-Fi connection and has its GPS location services enabled. Even if the phone gets powered down or loses connection, it can guide you to its last known location.
Setting up this feature is easy. Apple offers a comprehensive web page on how to enable and use their “Find My” feature for phones (and other devices too). Android users can get a step-by-step walkthrough on Google’s Android support page as well.
3. Learn how to remotely track, lock or erase your phone.
In the event of your phone getting lost or stolen, a combination of device tracking, device locking, and remote erasing can help protect your phone and the data on it.
Different device manufacturers have different ways of going about it. But the result is the same — you can prevent others from using your phone, and even erase it if you’re truly worried that it’s in the wrong hands or gone for good. Apple provides iOS users with a step-by-step guide, and Google offers up a guide for Android users as well.
4. Back up your stuff in the cloud.
Thanks to cloud storage, you might be able to recover your photos, files, apps, notes, contact info, and more if your phone is lost or stolen. Android owners can learn how to set up cloud backup with Google Drive here, and iPhone users can learn the same for iCloud here.
5. Update your phone’s operating system and apps.
Keep your phone’s operating system up to date. Updates can fix vulnerabilities that hackers rely on to pull off their malware-based attacks — it’s another tried-and-true method of keeping yourself safer and your phone running great too.
The same goes for the apps on your phone. Ideally, set them up to update automatically so that you don’t have to take extra time to do it yourself. Also, look for opportunities to delete old apps and any data linked with them. Fewer apps on your phone means fewer vulnerabilities. And less data in fewer places can reduce your exposure to data breaches.
6. Stick with official app stores.
Legitimate app stores like Google Play and Apple’s App Store have measures in place that help ensure that apps are safe and secure. And for the malicious apps that sneak past these processes, Google and Apple are quick to remove them once discovered, making their stores that much safer. Meanwhile, third-party app stores might not have these measures in place. Further, they might be a front for hackers looking to spread mobile malware through malicious apps.
7. Go with a strong app recommendation.
Yet better than combing through user reviews yourself is getting a recommendation from a trusted source, like a well-known publication or from app store editors themselves. In this case, much of the vetting work has been done for you by an established reviewer. A quick online search like “best fitness apps” or “best apps for travelers” should turn up articles from legitimate sites that can suggest good options and describe them in detail before you download.
That’s not to say that you should overlook user reviews. Certainly, legitimate reviews can be a big help. Look closely at the listing, though. Check out the developer’s track record. Have they published several other apps with many downloads and good reviews? A legit app typically has quite a few reviews, whereas malicious apps may have only a handful of (phony) five-star reviews. Lastly, look for typos and poor grammar in both the app description and screenshots. They could be a sign that a hacker slapped the app together and quickly deployed it.
8. Keep an eye on app permissions.
Another way hackers weasel their way into your device is by getting permissions to access things like your location, contacts, and photos — and they’ll use sketchy apps to do it. So check and see what permissions the app is requesting. If it’s asking for way more than you bargained for, like a simple game wanting access to your camera or microphone, it might be a scam.
Delete the app and find a legitimate one that doesn’t ask for invasive permissions. If you’re curious about permissions for apps that are already on your phone, iPhone users can learn how to allow or revoke app permission here, and Android can do the same here.
9. Spot scam texts and their bad links.
Scam texts seem like an unfortunate fact of life. Scammers can blast thousands of phones with texts that contain links to phishing sites and to others that host malware. Our Text Scam Detector puts a stop to scams before you click — detecting any suspicious links and sending you an alert. And if you accidentally tap that bad link, it can still block the site for you.
10. Protect your smartphone with security software.
With all that we do on our phones, it’s important to get security software installed on them, just like we install it on our computers and laptops. Whether you go with comprehensive online protection software that secures all your devices or pick up an app in Google Play or Apple’s App Store, you’ll have malware, web, and device security that’ll help you stay safe on your phone.
[i] https://www.mcafee.com/content/dam/consumer/en-us/docs/reports/rp-connected-family-study-2022-global.pdf
[ii] https://arxiv.org/abs/1709.04959
The post 10 Quick Tips for Mobile Security appeared first on McAfee Blog.
With less than 60 days left until Election Day, the digital landscape has become a battleground not just for votes but for your personal security. With political ads, fake voter registration sites, and disinformation campaigns cropping up everywhere, it’s essential to stay vigilant against common election scams and election manipulation schemes. Here’s how you can navigate this crucial time safely.
Before diving into specific scams, it’s important to differentiate between misinformation and disinformation. Misinformation refers to false or misleading information shared without malicious intent, often due to ignorance or misunderstanding. Disinformation, on the other hand, is deliberately false or misleading information spread with the intent to deceive, manipulate, or sway public opinion.
Knowing the difference is crucial because it influences how you approach and verify the information you encounter. Disinformation campaigns are often more sophisticated and can be more challenging to detect, making it essential to keep a healthy dose of skepticism while navigating this election season.
One prevalent scam during election season is fake voter registration websites. These sites may look official but are designed to steal your personal information. They often appear as pop-ups or ads on social media and search engines.
To protect yourself:
When you’re excited about a political candidate, it’s natural to want to support their campaign by sending them a donation. Scammers prey on that excitement by creating fake donation websites to try to take money from unsuspecting individuals. TikTok banned requests for political donations on their platform because of the prevalence of these types of scams.
To avoid sending money to scammers:
Political ads are ubiquitous during election season, with political ad spending projected to be $10.2 billion in 2024. But not all political ads are created equal. Misleading or false ads can be crafted to manipulate voters by presenting distorted facts or outright lies.
To discern the truth:
Social media is a double-edged sword during elections. While it offers a platform for legitimate discourse, it’s also a breeding ground for disinformation. Social media amplifies both credible information and disinformation due to its algorithms prioritizing engagement over accuracy, making sensational or misleading content more likely to be seen and shared. The anonymity and ease of content creation on these platforms enable the rapid spread of false narratives, which can be difficult to counteract amidst the sheer volume of information circulating.
You might encounter false content designed to manipulate voter perceptions. To navigate this:
Advances in artificial intelligence (AI) have led to easily created realistic deepfakes—manipulated videos or images that can spread false narratives. Earlier this year, a fake robocall using AI voice-cloning technologies tried to influence voters in the New Hampshire primary.
Our mission is to help you navigate these challenges effectively. For decades, McAfee has stood as a reliable source of information and guidance. This election season, we are helping to discern what is real versus what is fake through our new Deepfake Detector, the world’s first automatic and AI-powered deepfake detector. Trained on close to 200,000 samples and counting, Deepfake Detector can identify and alert consumers within seconds of AI-altered audio being detected in videos.
To detect deepfakes on your own:
By understanding the types of scams and misinformation that proliferate during election season and implementing these practical tips, you can confidently and securely engage in the democratic process. Protecting your personal information and making informed decisions is not just about securing your vote—it’s about safeguarding the integrity of your digital presence and ensuring that your voice is heard clearly and accurately.
The post How to Avoid Common Election Scams appeared first on McAfee Blog.
This content is password protected. To view it please enter your password below:
The post Protected: AI Enters the Mix as Online Job Scams Continue to Rise appeared first on McAfee Blog.
As technology rapidly advances, the boundaries of what’s possible in personal computing are continuously expanding. One of the most exciting innovations on the horizon is the concept of the AI PC, which stands for Artificial Intelligence Personal Computer. AI PCs accounted for 14% of all personal computers shipped in the second quarter of 2024, with demand expected to continue to grow.
These intelligent machines are set to transform the way we interact with our computers, offering unprecedented performance and personalization. Let’s delve into what an AI PC is, explore the benefits it offers consumers, and understand how it is reshaping the future of computing.
An AI PC is a computing device that integrates artificial intelligence capabilities directly into its hardware and software. Unlike traditional PCs, which rely on external software or cloud services for AI functionalities, AI PCs have built-in AI processors or coprocessors that enable them to perform intelligent tasks locally.
These machines leverage advanced AI algorithms to enhance various aspects of computing, from performance and efficiency to user experience and security. They have a neural processing unit (NPU), “a type of processor designed to handle the mathematical computations specific to machine learning algorithms.” NPU speed is now measured by “trillions of operations per second” (TOPS).
By embedding AI capabilities into the core of the PC, these devices can offer a more responsive, personalized, and secure computing environment. Here’s how they are transforming personal computing:
One of the standout features of AI PCs is their ability to automate and optimize tasks intelligently. AI PCs can learn from user behavior and system performance to streamline processes and improve efficiency. For example, AI can manage system resources dynamically, prioritizing tasks based on current needs and usage patterns. This means that applications requiring high performance, such as gaming or video editing, can run more smoothly without manual intervention.
AI algorithms can also predict and pre-load applications and files that users are likely to access next, reducing load times and improving overall responsiveness. This level of automation and optimization ensures that users experience a seamless and efficient computing environment.
Data-intensive applications, such as those used for machine learning, scientific research, and complex simulations, benefit greatly from the power of AI PCs. These machines are equipped with specialized AI processors designed to handle large volumes of data quickly and efficiently. By offloading specific tasks to these AI processors, the main CPU is freed up to handle other operations, resulting in faster processing speeds and reduced latency.
For professionals and researchers working with big data or computationally heavy applications, AI PCs can drastically cut down processing times and enhance productivity. The integration of AI ensures that these applications can perform complex calculations and analyses with greater accuracy and speed.
AI PCs excel in delivering personalized user experiences by learning and adapting to individual preferences and behaviors. Through continuous learning, AI systems can customize the operating environment based on how users interact with their PCs. This can include adjusting system settings, recommending software or files, and even optimizing user interfaces to align with personal habits and preferences.
For example, an AI PC might analyze your work patterns and suggest tools or shortcuts that enhance productivity. It can also personalize your entertainment experience by recommending media content based on your viewing history and preferences. This level of personalization creates a more intuitive and enjoyable user experience.
Cybersecurity has become a constant underlying threat in the digital age. Last year, 880,418 Americans reported cybercrime to the FBI’s Internet Crime Complaint Center, which was a 10% increase from 2022.
AI PCs are addressing this issue with advanced threat detection and mitigation capabilities. AI-driven security systems can analyze patterns and behaviors to identify potential threats such as malware, phishing attempts, or unauthorized access. AI-driven security systems use machine learning algorithms to detect threats in real-time. This proactive approach enhances the protection of sensitive data and ensures a safer computing environment.
AI PCs are not just about high-performance computing and security; they also excel in assisting with everyday personal tasks. For instance, AI-powered virtual assistants integrated into the PC can help manage schedules, set reminders, and perform routine tasks such as composing emails or creating documents.
These virtual assistants learn from user interactions to offer more accurate and contextually relevant assistance. They can also automate repetitive tasks, such as file organization or data entry, saving users time and effort. By handling mundane activities, AI PCs allow consumers to focus on more complex and creative tasks.
The integration of AI into personal computing is a glimpse into the future of technology. As AI PCs become more advanced, we can expect even greater enhancements in performance, efficiency, and user experience. These devices are not just about adding new features; they represent a fundamental shift in how we interact with technology, making computing more intuitive, personalized, and secure.
As we move forward, keeping an eye on these advancements will be crucial in harnessing their full potential and embracing the next era of personal computing. The future of AI PCs is here, and it’s poised to redefine how we interact with our digital world.
The post What is an AI PC? appeared first on McAfee Blog.
Tom Hanks, one of the most recognizable faces in the world, warns that scammers have swiped his likeness in malicious AI deepfakes.
As reported by NBC News, Actor Tom Hanks issued an announcement to his followers saying his name, likeness, and voice have shown up in deepfaked ads that promote “miracle cures” without his consent. The actor posted on Instagram:
In the ever-evolving landscape of digital advertising, a new challenge has emerged that blurs the lines between reality and artificial fabrication: AI-generated content using celebrity likenesses.
Tom Hanks isn’t the only victim. Earlier in 2024, we saw a malicious AI deepfake of Taylor Swift front a phishing scam with a free cookware offer. In 2023, the deepfaked likeness of Kelly Clarkson pushed weight loss gummies. And, just a few weeks ago, malicious deepfakes of Prince William endorsed a bogus investment platform. We’ve also seen deepfakes of noteworthy researchers hawking miracle cures as well, which we’ll soon cover in another blog post.
Without question, we live in a time where scammers can turn practically anyone into a deepfake. The AI tools used to create them have only gotten better, more accessible, and easier to use. Compounding that concern is just how convincing these bogus endorsements look and sound.
Malicious deepfakes affect more than the celebrities they mimic. They affect everyone who goes online. As we’ve seen with Tom Hanks, while deepfakes can potentially tarnish his reputation, they can also harm the general public. By pushing disinformation and frauds, deepfakes open the door to health risks, identity theft, and in an election year, voter suppression — as we saw with the Joe Biden AI voice clone robocalls in Vermont.
Celebrities like Scarlett Johansson have begun to fight back legally against the unauthorized use of their likenesses. However, the legal framework in the U.S. remains largely unprepared for the challenges posed by AI-generated content. Yet we’re seeing some progress, at least on a state level in the U.S.
Tennessee recently issued a piece of legislation that says state residents have a property right to their own likeness and voice. In effect, Tennesseans can take legal action if another person or group creates deepfakes in their likeness. Illinois and South Carolina have similar legislation under consideration.
Those represent just a handful of 151 state-level bills that have been introduced or passed through July of this year — all covering AI deepfakes and deceptive media online.[i] Likewise, we’ll take a closer look at how legislation is catching up with AI in an upcoming blog.
As we’re quick to point out in our blogs, not all AI deepfakes are bad. AI deepfake tools have plenty of positive uses, such as dubbing and subtitling movies, creating training and “how-to” videos, and even creating harmless and humorous parody videos — all well within the scope of the law.
The problem is with malicious deepfakes, like the ones Tom Hanks warned us about. Yet how can you spot them?
Technology has kept pace, as it has with our newly released Deepfake Detector. It alerts you in seconds if it spots AI-manipulated content. Right in your browser. It works like this:
Deepfake Detector monitors audio being played through your browser while you browse. If it determines what you’re watching or listening to contains AI-generated audio, it alerts you right away.
McAfee doesn’t store any of this audio or browsing history. What you watch is yours, and you get to keep that private.
It works in the background while you browse. So, if a deepfake Tom Hanks or Taylor Swift video crops up in your feed, you’ll know with a high degree of confidence that it’s a fake. You can easily snooze notifications or turn off scanning right from your dashboard.
Deepfake Detector shows how much is real and how much is fake. With a browser extension, Deepfake Detector shows what portion of audio was deepfaked, and at what point in the video that content cropped up. Think of it working like a lie detector in the movies. As the video plays, peaks of red lines and troughs of gray lines show you what’s likely a fake and what’s likely real.
As AI-detection technology continues to advance, the responsibility also falls on us, collectively, to keep an eye out for fakes. Especially the glut of malicious deepfakes we now face.
The key to navigating this new era of AI is awareness. Indeed, tools will help us spot deepfakes. Yet we can count on ourselves to spot them too.
First off, we need to realize just how easy it is to create a deepfake. Keeping that in mind keeps us on guard. Next, when we see that celebrity gushing about a miracle cure or another promoting a screaming great deal, we know to stop and think before we act.
From there, we have plenty of excellent and reputable fact-checking resources that can help us get to the truth. Snopes, Reuters, Politifact, the Associated Press, and FactCheck.org all offer great ways to find out if what we’re seeing and hearing is true, false, or somewhere in between.
And with this kind of awareness in mind, we’ve launched the McAfee Smart AI Hub. We see the rise of malicious deepfakes as a major concern. It’s a security concern. An identity theft concern. A health concern. An election concern. And a family concern as well. We created the hub with these in mind and established it as a place where you can learn about the latest AI threats. Additionally, it’s a place where you can join the fight against malicious deepfakes by turning in the ones you find online.
While the advent of AI brings remarkable benefits, it also introduces complex challenges. As we move forward, balancing innovation with ethical considerations and consumer protection will be paramount. Without a doubt, we’ll continue to follow it all closely here in our blogs.
As for the Tom Hanks deepfakes, if something seems too good to be true, like miracle advice, it probably is. Stay curious, stay cautious.
[i] https://www.brennancenter.org/our-work/research-reports/states-take-lead-regulating-ai-elections-within-limits
The post Tom Hanks Warns Fans: The Dark Side of AI Scams appeared first on McAfee Blog.
Have you ever come across a website that just didn’t look quite right? Perhaps the company logo looked slightly misshapen, or the font seemed off-brand. Odds are, you landed on a phony version of a legitimate corporation’s website—a tried and true tactic relied on by many cyber criminals.
A fake login page is essentially a knock-off of a real login page used to trick people into entering their login credentials, which hackers can later use to break into online accounts. These websites mirror legitimate pages by using company logos, fonts, formatting, and overall templates. Depending on the attention to detail put in by the hackers behind the imposter website, it can be nearly impossible to distinguish from the real thing. Consequentially, fake login pages can be highly effective in their end goal: credential theft.
How do these pages get in front of a consumer in the first place? Typically, scammers will target unsuspecting recipients with phishing emails spoofing a trusted brand. These emails may state that the user needs to reset their password or entice them with a deal that sounds too good to be true. If the consumer clicks on the link in the email, they will be directed to the fake login page and asked to enter their username and password. Once they submit their information, cybercriminals can use the consumer’s data to conduct credential-stuffing attacks and hack their online profiles. This could lead to credit card fraud, data extraction, wire transfers, identity theft, and more.
If you Google “fake login pages,” you will quickly find countless guides on how to create fake websites in seconds. Ethical concerns aside, this demonstrates just how common vector-spoofed websites are for cyberattacks. While it has been easier to distinguish between real and fake login pages in the past, criminals are constantly updating their techniques to be more sophisticated, therefore making it more difficult for consumers to recognize their fraudulent schemes.
One reason why fake login pages are so effective is due to inattentional blindness, or failure to notice something that is completely visible because of a lack of attention. One of the most famous studies on inattentional blindness is the “invisible gorilla test.” In this study, participants watched a video of people dressed in black and white shirts passing basketballs. Participants were asked to count the number of times the team in white passed the ball:
Because participants were intently focused on counting the number of times the players in white passed the ball, more than 50% failed to notice the person in the gorilla costume walking through the game. If this is the first time you’ve seen this video, it’s likely that you didn’t notice the gorilla, the curtain changing color from red to gold, or the player in black leaving the game. Similarly, if you come across a well-forged login page and aren’t actively looking for signs of fraud, you could inherently miss a cybercriminal’s “invisible gorilla.” That’s why it’s crucial for even those with phishing training to practice caution when they come across a website asking them to take action or enter personal details.
The most important defense against steering clear of fake login pages is knowing how to recognize them. Follow these tips to help you decipher between a legitimate and a fake website:
Most fake login pages are circulated via phishing messages. If you receive a suspicious message that asks for personal details, there are a few ways to determine if it was sent by a phisher aiming to steal your identity. Phishers often send messages with a tone of urgency, and they try to inspire extreme emotions such as excitement or fear. If an unsolicited email urges you to “act fast!” slow down and evaluate the situation.
Oftentimes, hackers will use a URL for their spoofed website that is just one character off from the legitimate site, such as using “www.rbcr0yalbank.com” versus “www.rbcroyalbank.com.” Before clicking on any website from an email asking you to act, hover over the link with your cursor. This will allow you to preview the URL and identify any suspicious misspellings or grammatical errors before navigating to a potentially dangerous website.
HTTPS, or Hypertext Transfer Protocol Secure, is a protocol that encrypts your interaction with a website. Typically, websites that begin with HTTPS and feature a padlock in the top left corner are considered safer. However, cybercriminals have more recently developed malware toolkits that leverage HTTPS to hide malware from detection by various security defenses. If the website is secured with HTTPS, ensure that this isn’t the only way you’re analyzing the page for online safety.
Multi-factor authentication requires that users confirm a collection of things to verify their identity—usually something they have, and a factor unique to their physical being—such as a retina or fingerprint scan. This can prevent a cybercriminal from using credential-stuffing tactics (where they will use email and password combinations to hack into online profiles) to access your network or account if your login details were ever exposed during a data breach.
An identity theft alert service warns you about suspicious activity surrounding your personal information, allowing you to jump to action before irreparable damage is done. McAfee+ not only keeps your devices safe from viruses but gives you the added peace of mind that your identity is secure, as well.
The post How to Spot Fake Login Pages appeared first on McAfee Blog.
Scary movies are great. Scary mobile threats, not so much.
Ghosts, killer clowns, and the creatures can stir up all sorts of heebie-jeebies. The fun kind. Yet mobile threats like spyware, living dead apps, and botnets can conjure up all kinds of trouble.
Let’s get a rundown on the top mobile threats — then look at how you can banish them from your phone.
“I Know What You Did Because of Spyware”
Spyware is a type of malware that lurks in the shadows of your trusted device, collecting information around your browsing habits, personal information and more. Your private information is then sent to third parties, without your knowledge. Spooky stuff.
“Dawn of the Dead Apps”
Think haunted graveyards only exist in horror movies? Think again! Old apps lying dormant on your phones are like app graveyards, Many of these older apps may no longer be supported by Google or Apple stores. Lying there un-updated, these apps might harbor vulnerabilities. And that can infect your device with malware or leak your data to a third party.
“Bone Chilling Botnets”
Think “Invasion of the Body Snatchers,” but on your mobile device. What is a botnet you ask? When malware infiltrates a mobile device (like through a sketchy app) the device becomes a “bot.” This bot becomes one in an army of thousands of infected internet-connected devices. From there, they spread viruses, generate spam, and commit sorts of cybercrime. Most mobile device users aren’t even aware that their gadgets are compromised, which is why protecting your device before an attack is so important.
“Malicious Click or Treat”
Clicking links and mobile devices go together like Frankenstein and his bride. Which is why ad and click fraud through mobile devices is becoming more prevalent for cybercriminals. Whether through a phishing campaign or malicious apps, hackers can gain access to your device and your private information. Always remember to click with caution.
“IoT Follows”
The Internet of Things (IoT) has quickly become a staple in our everyday lives, and hackers are always ready to target easy prey. Most IoT devices connect to mobile devices, so if a hacker can gain access to your smartphone, they can infiltrate your connected devices as well. Or vice versa.
1) Avoid third-party app stores. Unlike Google Play and Apple’s App Store, which have measures in place to review and vet apps to help ensure that they are safe and secure, third-party sites may very well not. Further, some third-party sites may intentionally host malicious apps as part of a broader scam.
Granted, hackers have found ways to work around Google and Apple’s review process, yet the chances of downloading a safe app from them are far greater than anywhere else. Further, both Google and Apple are quick to remove malicious apps once discovered, making their stores that much safer.
2) Review with a critical eye. As with so many attacks, hackers rely on people clicking links or tapping “download” without a second thought. Before you download, take time to do some quick research. That may uncover some signs that the app is malicious. Check out the developer—have they published several other apps with many downloads and good reviews? A legit app typically has quite a few reviews, whereas malicious apps may have only a handful of (phony) five-star reviews.
Lastly, look for typos and poor grammar in both the app description and screenshots. They could be a sign that a hacker slapped the app together and quickly deployed it.
3) Go with a strong recommendation. Yet better than combing through user reviews yourself is getting a recommendation from a trusted source, like a well-known publication or from app store editors themselves. In this case, much of the vetting work has been done for you by an established reviewer. A quick online search like “best fitness apps” or “best apps for travelers” should turn up articles from legitimate sites that can suggest good options and describe them in detail before you download.
4) Keep an eye on app permissions. Another way hackers weasel their way into your device is by getting permission to access things like your location, contacts, and photos—and they’ll use sketchy apps to do it. (Consider the long-running free flashlight app scams mentioned above that requested up to more than 70 different permissions, such as the right to record audio, and video, and access contacts.
So check and see what permissions the app is requesting. If it’s asking for way more than you bargained for, like a simple game wanting access to your camera or microphone, it may be a scam. Delete the app and find a legitimate one that doesn’t ask for invasive permissions like that. If you’re curious about permissions for apps that are already on your phone, iPhone users can learn how to allow or revoke app permission here, and Android can do the same here.
5) Get scam protection. Plenty of scams find your phone by way of sketchy links sent in texts, messages, and emails. Our Text Scam Detector can block them before they do you any harm. And if you tap that link by mistake, Scam Protection still blocks it.
6) Protect your smartphone with security software. With all that we do on our phones, it’s important to get security software installed on them, just like we install it on our computers and laptops. Whether you go with comprehensive security software that protects all of your devices or pick up an app in Google Play or Apple’s App Store, you’ll have malware, web, and device security that’ll help you stay safe on your phone.
The post The Top 5 Scariest Mobile Threats appeared first on McAfee Blog.
Mobile banking is highly secure — when you take a few straightforward steps, it becomes even safer.
And those steps only take minutes, leaving you and your finances far more secure than before.
Use strong passwords.
Start here. Strong and unique passwords for each of your accounts form your first line of defense. However, one thing that can be a headache is the number of passwords we have to juggle — a number that seems like it’s growing every day. To help with that, you should strongly consider using a password manager. A good choice generates strong, unique passwords for each of your accounts and stores them securely for you.
If you want to set up your own passwords, check out this article on how you can make them strong and unique.
Use two-factor authentication to protect your accounts.
Two-factor authentication is practically a banking standard nowadays. What exactly is two-factor authentication? It’s an extra layer of defense for your accounts. With two-factor authentication, you also receive a special one-time-use code when logging in. That code might be sent to you via email or to your phone by text. In some cases, you can also receive that code by a call to your phone. In all, this makes it much tougher for a hacker to hijack your account.
Quick note — never share your unique code with anyone. If someone asks you for it at any time, it’s a scam.
Keep an eye out for phishing attacks.
Scammers use phishing attacks to steal personal info through emails, texts, and even social media messages. In the case of banking, they look to phish (“fish”) personal and financial info out of you by posing as your bank. They typically make their message sound urgent, like your account shows some unusual activity.
When you get these messages, always check the sender. Is the address or phone number one that your bank uses? And note that scammers often “spoof” addresses and phone numbers — making them look legit even though they’re fake. If you’re ever unsure, don’t reply. Contact your bank directly to see if your account indeed has an issue. Also, ignore such messages on social media. Banks don’t use social media messages to contact their account holders.
Yet better, you can use our Text Scam Detector to detect the sketchy links scammers use in their attacks. AI technology automatically detects scams by scanning URLs in your text messages. If you accidentally tap? Don’t worry, it can block risky sites if you tap on a suspicious link in texts, emails, social media, and more.
Be skeptical about calls as well. Fraudsters use the phone too.
It might seem a little traditional, yet criminals still like to use phone calls. In fact, they rely on the fact that many still see the phone as a trusted line of communication. This is known as “vishing,” which is short for “voice phishing.” The aim is the same as it is with phishing. The fraudster is looking to lure you into a bogus financial transaction or attempting to steal info, whether that’s financial, personal, or both.
The same advice applies here. End the call and then dial your bank directly to follow up.
Steer clear of financial transactions on public Wi-Fi in cafes, hotels, and elsewhere.
There’s a good reason not to use public Wi-Fi: it’s not private. They’re public networks, and that means they’re unsecured and shared by everyone who’s using it. With that, determined hackers can read any data passing through them like an open book. And that includes your accounts and passwords.
Instead of public Wi-Fi, use your smartphone’s data connection, which is far more secure. Yet better, consider connecting with a VPN. Short for a “virtual private network,” a VPN helps you stay safer with bank-grade encryption and private browsing. Think of it as a secure tunnel for your data, which keeps unwanted eyes from snooping. It’s a particularly excellent option if you find yourself needing to use public Wi-Fi, as a VPN effectively makes a public network connection private.
Some basic digital hygiene goes a long way toward protecting you even more. It’ll protect your banking and finances and all the things you do online as well.
Update your software.
That includes the operating system of your computers, smartphones, and tablets, along with the apps that are on them. Many updates include security upgrades and fixes that make it tougher for hackers to launch an attack.
Lock up.
Your computers, smartphones, and tablets have a way of locking them with a PIN, a password, your fingerprint, or your face. Take advantage of that protection, which is particularly important if your device is lost or stolen.
Use security software.
Protecting your devices with comprehensive online protection software fends off the latest malware, spyware, and ransomware attacks. Online protection like our McAfee+ plans further protects your privacy and identity in several ways:
The post How to Safely Bank Online appeared first on McAfee Blog.
Your smart home hums right along. It sets your alarm, opens your garage door, pops up recipes on your refrigerator screen, turns up your lighting, and even spins selections as your in-house DJ. That’s to name just a few of the things it can do. Yet with all these connected conveniences, can smart homes get hacked?
The short answer is, unfortunately, yes. Yet you have plenty of ways you can prevent it from happening.
Smart homes and the Internet of Things (IoT) devices that populate them often offer prime targets for hackers. The reason? Many IoT smart home devices have poor security features in place. And because a home network is only as strong as its weakest point, smart home devices offer a ready means of entry. With that access to the network, a hacker has access to all the other devices on it…computers, tablets, smartphones, baby monitors, and alarm systems. Everything.
Recent research sheds light on what’s at stake. Cybersecurity teams at the Florida Institute of Technology found that companion apps for several big brand smart devices had security flaws. Of the 20 apps linked to connected doorbells, locks, security systems, televisions, and cameras they studied, 16 had “critical cryptographic flaws” that might allow attackers to intercept and modify their traffic. These flaws might lead to the theft of login credentials and spying, the compromise of the connected device, or the compromise of other devices and data on the network.[i]
Over the years, our research teams at McAfee Labs have uncovered similar security vulnerabilities in other IoT devices like smart coffee makers and smart wall plugs.
Let’s imagine a smart lightbulb with poor security measures. As part of your home network, a motivated hacker might target it, compromise it, and gain access to the other devices on your network. In that way, a lightbulb might lead to your laptop — and all the files and data on it.
In all, hackers have many reasons why they might break into your smart home.
You can take several steps to make your current smart home safer. Some of them involve protecting your devices, while others focus on protecting your home network.
Aside from protecting your devices, there’s protecting yourself. Comprehensive online protection software will protect your privacy and identity as well. Depending on your location and the plan you select, ours includes up to $2 million in identity theft coverage, plus features that clean up old and risky online accounts. Further features remove your personal info from the sketchiest of online data brokers and help you monitor all your transactions in one place — including retirement and investment accounts. It’s comprehensive protection for a reason.
Check out our Smart Home Security Guide. It offers further details on device protection and privacy advice for smart devices and smart speakers too. It’s free, and part of the McAfee Safety Series that covers topics ranging from online shopping and cyberbullying to identity protection and ransomware prevention.
[i] https://news.fit.edu/academics-research/apps-for-popular-smart-home-devices-contain-security-flaws-new-research-finds/
[ii] https://www.zdnet.com/article/hacker-leaks-passwords-for-more-than-500000-servers-routers-and-iot-devices/
[iii] https://docs.fcc.gov/public/attachments/DOC-401201A1.pdf
The post Is Your Smart Home Vulnerable to a Hack Attack? appeared first on McAfee Blog.
A safer internet isn’t a nice thing to have. It’s a necessity because we rely on it so heavily. And there’s plenty we can do to make it happen.
A safer internet might seem like it’s a bit out of our hands as individuals. The truth is that each of us plays a major role in making it so. As members, contributors, and participants who hop on the internet daily, our actions can make the internet a safer place.
So, specifically, what can we do? Take a few moments to ponder the questions that follow. Using them can help frame your thinking about internet safety and how you can make yourself, and others, safer.
Device safety is relatively straightforward provided you take the steps to ensure it. You can protect your things with comprehensive online protection like our McAfee+ plans, you can update your devices and apps, and you can use strong, unique passwords with the help of a password manager.
Put another way, internet safety is another way to keep your house in shape. Just as you mow your lawn, swap out the batteries in your smoke alarm, or change the filters in your heating system, much goes the same for the way you should look after computers, tablets, phones, and connected devices in your home. They need your regular care and maintenance as well. Again, good security software can handle so much of this automatically or with relatively easy effort on your part.
If you’re wondering where to start with looking after the security of your devices, check out our article on how to become an IT pro in your home. It makes the process easy by breaking down the basics into steps that build your confidence along the way.
This includes all kinds of topics. The range covers identity theft, protecting your personal info, privacy, cyberbullying, screen time, when to get a smartphone for your child, and learning how to spot scams online. Just to name a few. And if you visit our blogs from time to time, you see that we cover those and other topics in detail. It offers a solid resource any time you have questions.
Certainly, you have tools that can give you a big hand with those concerns. That includes virtual private networks (VPNs) that encrypt your personal info, built-in browser advisors that help you search and surf safely, plus scam protection that lets you know when sketchy links pop up in emails and messages.
However, internet safety goes beyond devices. It’s a mindset. As with driving a car, so much of our online safety relies on our behaviors and good judgment. For example, one piece of research found that ninety-one percent of all cyberattacks start with phishing emails.i
As Tomas Holt, professor of criminal justice at Michigan State University, states, “An individual’s characteristics are critical in studying how cybercrime perseveres, particularly the person’s impulsiveness and the activities that they engage in while online that have the greatest impact on their risk.”
Put another way, scammers bank on an itchy clicker-finger — where a quick click opens the door for an attack. Educating your family about the risks out there, such as phishing attacks and sketchy links that crop up in search goes a long way to keep everyone out of trouble. In combination with online protection software like ours covers the rest of the way.
A big part of a safer internet is us. Specifically, how we treat each other — and how we project ourselves to friends, family, and the wider internet. With so much of our communication happening online through the written word or posted pictures, all of it creates a climate around each of us. It can take on an uplifting air or mire you in a cloud of negativity. What’s more, it’s largely out there for all to see. Especially on social media.
Take time to pause and reflect on your climate. A good place to start is with basic etiquette. Verywell Family put together an article on internet etiquette for kids, yet when you give it a close read, you’ll see that it provides good advice for everyone.ii
In summary, their advice focuses on five key points:
Of course, the flip side to all of this is what to do when someone targets you with their bad behavior. Such as when an online troll who hurls hurtful or malicious comments your way. That’s a topic in itself. Check out our article on internet trolls and how to handle them. Once again, the advice there is great for everyone in the family.
We’ve shared quite a bit of info in this article and loaded it up with plenty of helpful links too. Don’t feel like you have to take care of everything in one sitting. See what you have in place and make notes about where you’d like to make improvements. Then, start working down the list. A few minutes each week dedicated to your security can greatly increase your security, safety, and savvy.
[i] https://www.darkreading.com/endpoint/91–of-cyberattacks-start-with-a-phishing-email/d/d-id/1327704
[ii] https://www.verywellfamily.com/things-to-teach-your-kids-about-digital-etiquette-460548
The post Internet Safety Begins with All of Us appeared first on McAfee Blog.
Reports filed with the U.S. Federal Trade Commission (FTC) put the risks in perspective — scammers squarely target older adults. In 2023, adults aged 60 and up filed over one-third of all fraud reports. Their reported losses? Close to $2 billion.
While scammers target all age groups, older adults offer them a particular advantage. Technology and everyday internet use came along later in their lives. They didn’t grow up with it like the rest of us did, making them less familiar with technology and more susceptible to attack. Moreover, their lifetime savings, home ownership, and retirement accounts make them attractive targets.
That’s much the case with our grandparents today. It’s little wonder hackers, scammers, and thieves go after them.
Figures courtesy of the FTC
However, your grandparents have a big advantage working in their favor. You.
Your knowledge, your expertise, and your overall comfort level with technology and the internet can help them steer clear of fraud. Have a chat about staying safe online. Or have a few chats over time. The advice you pass up can make all the difference.
Here are a few ways you can start:
As the year rolls on, so do the scams. Every scam has its season, from tax scams early in the year to shopping scams during the holidays. Current events play in too. In the wake of natural disasters, phony relief scams make the rounds on the internet. Encourage your grandparents to keep an eye on the news for the latest online scams so they have a better chance of recognizing fraudulent activity. Or better yet, give them a call when you get word of a new data breach or scam.
The secret to beating cybercriminals at their own game is to think like one. Encourage your grandparents to consider what can make them targets. Perhaps they have large retirement funds. Maybe their online bank account is secured with a password that they use for multiple online accounts. Have them think about how they’ve made it easier for a crook to take advantage of them. From there, they can tighten up their security as needed. A tool like our Protection Score can do this for them. It stops weak points and offers solutions for shoring them up.
Each account should get its own strong, unique password. Which is a lot of work, given all the accounts we keep. A password manager can help. It creates and securely stores strong, unique passwords for every account. (No more sticky notes with passwords on the monitor.)
Also, help them set up two-factor authentication on their accounts that offer it. It provides an extra layer of security, as it requires multiple forms of verification, such as a fingerprint scan or facial recognition. This, with strong, unique passwords, makes accounts terrifically tough to crack.
Hackers, scammers, and thieves all use phishing attacks to rope in victims. And today, they look increasingly convincing thanks to AI tools. And as we’ve covered here on our blocks, scammers can easily clone voices — even faces—on calls and video chats. Plenty more phishing attacks come by text, email, and phone calls. This is where your grandparents need to get savvy.
If they receive an email that appears to be from a business or even a family member, but they are asking them for their Social Security Number, passwords, or money, stop and think. Don’t click on anything or take any direct action from the message. Instead, go straight to the organization’s website and verify that the message is legitimate with customer service. If the message claims to be from a family member asking for financial help, contact them directly to ensure it’s not a scammer in disguise. In all, make sure they show great caution any time a seemingly “urgent” email, message, or call comes their way. Urgency is often a sign of a scam.
Today’s online protection goes far beyond antivirus. It protects people. Their devices, their identity, and their privacy.
Comprehensive online protection like our McAfee+ plans keep them safe from hackers, scammers, and thieves in several ways. Consider this short list of what comprehensive online protection like ours can do for your grandparents:
Scam Protection
Is that email, text, or message packing a scam link? Our scam protection lets your grandparents know before they click that link. It uses AI to sniff out bad links. And if they click or tap on one, no worries. It blocks links to malicious sites.
Web protection
Like scam protection, our web protection sniffs out sketchy links while they browse. So say they stumble across a great-looking offer in a bed of search results. If it’s a link to a scam site, they’ll spot it. Also like scam protection, it blocks the site if they accidentally hit the link.
Transaction Monitoring
This helps them nip fraud in the bud. Based on the settings they provide, transaction monitoring keeps an eye out for unusual activity on credit and debit cards. That same monitoring can extend to retirement, investment, and loan accounts as well. It can further notify them if someone tries to change the contact info on their bank accounts or take out a short-term loan in their name.
Credit Monitoring
This is an important thing to do in today’s password- and digital-driven world. Credit monitoring uncovers any inconsistencies or outright instances of fraud in credit reports. Then it helps put your grandparents on the path to setting them straight. It further keeps an eye on their credit reports overall by providing you with notifications if anything changes in their history or score.
Personal Data Cleanup
This provides your grandparents with another powerful tool for protecting their privacy. Personal Data Cleanup removes their personal info from some of the sketchiest data broker sites out there. And they’ll sell those lines and lines of info about them to anyone. Hackers and spammers included. Personal Data Cleanup scans data broker sites and shows which ones are selling their personal info. From there, it provides guidance for removing your data from those sites. Further, when part of our McAfee+ Advanced and Ultimate, it sends requests to remove their data automatically.
Identity Theft Coverage & Restoration
Say the unfortunate happens to your grandparents and they fall victim to identity theft. Our coverage and restoration plan provides up to $2 million in lawyer fees and reimbursement for lawyer fees and stolen funds. Further, a licensed expert can help them repair their identity and credit. In all, this saves them money and their time if theft happens.
The post How to Talk to Your Grandparents About Staying Safe Online appeared first on McAfee Blog.
Phishing attacks have all kinds of lures. And many are so tried and true that it makes them easy to spot.
The target of a phishing attack is you. More specifically, your personal info and your money. Whether a scammer reaches out by email, with a text, or through a direct message, that’s what they’re after. And with a link, they whisk you off to a sketchy site designed to take them from you.
Just how much phishing is going on? To date, we’ve identified more than half a billion malicious sites out there. A number that grows daily. Because these attacks often succeed. One big reason why — they play on people’s emotions.
Phishing attacks always involve a form of “social engineering,” which is an academic way of saying that scammers use manipulation in their attacks. Commonly, scammers pretend to be a legitimate person or business.
You can get a better idea of how this works by learning about some of the most popular scams circulating today:
The CEO Scam
This scam appears as an email from a leader in your organization, asking for highly sensitive info like company accounts, employee salaries, and Social Security numbers. The hackers “spoof”, or fake, the boss’ email address so it looks like a legitimate internal company email. That’s what makes this scam so convincing — the lure is that you want to do your job and please your boss. But keep this scam in mind if you receive an email asking for confidential or highly sensitive info. Ask the apparent sender directly whether the request is real before acting.
The Urgent Email Attachment
Phishing emails that try to trick you into downloading a dangerous attachment that can infect your computer and steal your private info have been around for a long time. This is because they work. You’ve probably received emails asking you to download attachments confirming a package delivery, trip itinerary, or prize. They might urge you to “respond immediately!” The lure here is offering you something you want and invoking a sense of urgency to get you to click.
The “Lucky” Text or Email
How fortunate! You’ve won a free gift, an exclusive service, or a great deal on a trip to Las Vegas. Just remember, whatever “limited time offer” you’re being sold, it’s probably a phishing scam designed to get you to give up your credit card number or identity info. The lure here is something free or exciting at what appears to be little or no cost to you.
The Romance Scam
This one can happen completely online, over the phone, or in person after contact is established. But the romance scam always starts with someone supposedly looking for love. The scammer often puts a phony ad online or poses as a friend-of-a-friend on social media and contacts you directly. But what starts as the promise of love or partnership, often leads to requests for money or pricey gifts. The scammer will sometimes spin a hardship story, saying they need to borrow money to come visit you or pay their phone bill so they can stay in touch. The lure here is simple — love and acceptance.
While you can’t outright stop phishing attacks from making their way to your computer or phone, you can do several things to keep yourself from falling for them. Further, you can do other things that might make it more difficult for scammers to reach you.
The content and the tone of the message can tell you quite a lot. Threatening messages or ones that play on fear are often phishing attacks, such as angry messages from a so-called tax agent looking to collect back taxes. Other messages will lean heavily on urgency, like a phony overdue payment notice. And during the holidays, watch out for loud, overexcited messages about deep discounts on hard-to-find items. Instead of linking you to a proper e-commerce site, they might link you to a scam shopping site that does nothing but steal your money and the account info you used to pay them. In all, phishing attacks indeed smell fishy. Slow down and review that message with a critical eye. It might tip you off to a scam.
Some phishing attacks can look rather convincing. So much so that you’ll want to follow up on them, like if your bank reports irregular activity on your account or a bill appears to be past due. In these cases, don’t click on the link in the message. Go straight to the website of the business or organization in question and access your account from there. Likewise, if you have questions, you can always reach out to their customer service number or web page.
When scammers contact you via social media, that can be a tell-tale sign of a scam. Consider, would an income tax collector contact you over social media? The answer there is no. For example, in the U.S. the Internal Revenue Service (IRS) makes it clear that they will never contact taxpayers via social media. (Let alone send angry, threatening messages.) In all, legitimate businesses and organizations don’t use social media as a channel for official communications. They’ve accepted ways they will, and will not, contact you. If you have any doubts about a communication you received, contact the business or organization in question directly. Follow up with one of their customer service representatives.
Some phishing attacks involve attachments packed with malware, like ransomware, viruses, and keyloggers. If you receive a message with such an attachment, delete it. Even if you receive an email with an attachment from someone you know, follow up with that person. Particularly if you weren’t expecting an attachment from them. Scammers often hijack or spoof email accounts of everyday people to spread malware.
On computers and laptops, you can hover your cursor over links without clicking on them to see the web address. Take a close look at the addresses the message is using. If it’s an email, look at the email address. Maybe the address doesn’t match the company or organization at all. Or maybe it looks like it almost does, yet it adds a few letters or words to the name. This marks yet another sign that you might have a phishing attack on your hands. Scammers also use the common tactic of a link shortener, which creates links that almost look like strings of indecipherable text. These shortened links mask the true address, which might indeed be a link to a scam site. Delete the message. If possible, report it. Many social media platforms and messaging apps have built-in controls for reporting suspicious accounts and messages.
On social media and messaging platforms, stick to following, friending, and messaging people who you really know. As for those people who contact you out of the blue, be suspicious. Sad to say, they’re often scammers canvassing these platforms for victims. Better yet, where you can, set your profile to private, which makes it more difficult for scammers to select and stalk you for an attack.
How’d that scammer get your phone number or email address anyway? Chances are, they pulled that info off a data broker site. Data brokers buy, collect, and sell detailed personal info, which they compile from several public and private sources, such as local, state, and federal records, plus third parties like supermarket shopper’s cards and mobile apps that share and sell user data. Moreover, they’ll sell it to anyone who pays for it, including people who’ll use that info for scams. You can help reduce those scam texts and calls by removing your info from those sites. Our Personal Data Cleanup scans some of the riskiest data broker sites and shows you which ones are selling your personal info.
Online protection software can protect you in several ways. First, it can offer web protection features that can identify malicious links and downloads, which can help prevent clicking them. Further, features like our web protection can steer you away from dangerous websites and block malware and phishing sites if you accidentally click on a malicious link. Additionally, our Scam Protection feature warns you of sketchy links in emails, texts, and messages. And overall, strong virus and malware protection can further block any attacks on your devices. Be sure to protect your smartphones in addition to your computers and laptops as well, particularly given all the sensitive things we do on them, like banking, shopping, and booking rides and travel.
The post How to Spot Phishing Lures appeared first on McAfee Blog.
Tapping your phone at the cash register makes for a smooth trip to the store. Far smoother than fumbling for your card at the checkout or dealing with a bunch of change. That’s the beauty of the digital wallet on your phone. And with that convenience comes something plenty important — keeping that digital wallet secure.
All the personal info, photos, and banking apps we already have on our phones already make them plenty valuable. A digital wallet makes them that much more valuable.
A few steps can keep your phone and digital wallet more secure. Further, other steps can protect your cards and identity if that phone gets lost or stolen.
Let’s start with a look at how digital wallets work.
For starters, digital wallets work much like a physical wallet. Through service apps like Apple Pay, Google Pay, Samsung Pay, PayPal, and others, you can store various payment types. That includes debit cards, credit cards, gift cards, and bank accounts.
The transaction is highly secure in general. When you use your digital wallet to make a purchase, the app creates a random ID for the transaction. It uses that ID rather than your actual account number to keep things secure. Encryption technology keeps things safer still by scrambling info during the process.
A digital wallet is safe, as long as you guard your smartphone just as closely as you would your physical wallet.
Here’s why you should secure your digital wallet and three tips to help you do so.
Fewer people use a lock screen than you might think. A finding from our global research showed that only 56% of adults said that they protect their smartphone with a password or passcode.[i] The problem with going unlocked is that if the phone gets lost or stolen, you’ve handed over a large part of your digital life to a thief. Setting up a lock screen is easy. It’s a simple feature found on iOS and Android devices.
Always protect your digital wallet with a lock, whether a unique passcode, fingerprint scan, or facial ID. This is the best and easiest way to deter cybercriminals. If you use a numerical code, make it different from the passcode on your phone. Also, make sure the numbers are random. Birthdays, anniversaries, house addresses, and the last digits of your phone number are all popular combinations and are crackable codes to a resourceful criminal.
Another way to secure your digital wallet is to make sure you always download the latest software updates. Developers are constantly finding and patching security holes, so the most up-to-date software is often the most secure. Turn on automatic updates to ensure you never miss a new release.
Before you swap your plastic cards for digital payment methods, ensure you research the digital banking app before downloading. Also, ensure that any app you download is through the official Apple or Android store or the financial institution’s official website. Then, check out how many downloads and reviews the app has. That’s one way you can make sure you’re downloading an official app and not an imposter. While most of the apps on official stores are legitimate, it’s always smart to check for typos, blurry logos, and unprofessional app descriptions.
So what happens if your phone ends up getting lost or stolen? A combination of device tracking, device locking, and remote erasing can help protect your phone and the data on it. Different device manufacturers have different ways of going about it, but the result is the same — you can prevent others from using your phone. You can even erase it if you’re truly worried that it’s in the wrong hands or if it’s gone for good. Apple provides iOS users with a step-by-step guide, and Google offers up a guide for Android users as well.
No doubt about it. Our phones get more and more valuable as the years go by. With an increasing amount of our financial lives coursing through them, protecting our phones becomes that much more important.
Comprehensive online protection like our McAfee+ plans can protect your phone. And it can protect something else. You. Namely, your privacy and your identity. Here’s a quick rundown: It can …
Protection like this is worth looking into, particularly as our phones become yet more valuable still thanks to digital wallets and payment apps like them.
[i] https://www.mcafee.com/content/dam/consumer/en-us/docs/reports/rp-connected-family-study-2022-global.pdf
The post How to Secure Your Digital Wallet appeared first on McAfee Blog.
In today’s digital age, the line between reality and digital fabrication is increasingly blurred, thanks to the rise of deepfake technology. Deepfakes, sophisticated audio manipulations, are becoming a growing concern as they become more realistic and harder to detect. The impact of a deepfake scam can be life-altering, with victims reporting losses ranging from $250 to over half a million dollars. And while not all AI content is created with malicious intent, the ability to know if a video is real or fake helps consumers make smart and well-informed decisions.
“Knowledge is power, and this has never been more true than in the AI-driven world we’re living in today,” said Roma Majumder, Senior Vice President of Product at McAfee. “No more wondering, is this Warren Buffet investment scheme legitimate, does Taylor Swift really want to give away cookware to fans, or did a politician actually say these words? The answers are provided to you automatically and within seconds with McAfee Deepfake Detector.”
“At McAfee, we’re inspired by the transformative potential of AI and are committed to helping shape a future where AI is used for good. Teaming up with Lenovo boosts our ability to deliver the most effective, automated, AI-powered deepfake detection, offering people a powerful digital guardian on their PCs. Together, we’re able to harness AI in new and revolutionary ways, empowering individuals with the most advanced deepfake detection so they can navigate the evolving online world safely and confidently.”
Recognizing the urgency of this issue, McAfee and Lenovo have come together to empower consumers with privacy-focused, cutting-edge technology designed to identify these deceptive creations and tackle consumer concerns around identifying deepfake scams and misinformation.
“The collaboration between Lenovo and McAfee combines the unique expertise of two global leaders to deliver innovative solutions that offers consumers more trust in the content they view online,” said Igor Bergman, Vice President of Lenovo Cloud and Software, Intelligent Devices Group. “Data shows that nearly two-thirds of people (64%) are more concerned about deepfakes now than they were a year ago. Lenovo’s expertise as an end-to-end technology solutions leader and McAfee’s experience in AI-powered online protection perfectly complement each other, optimizing hardware and software capabilities for the benefit of the consumer.”
In today’s digital landscape, where social media and viral content dominate, distinguishing between what’s real and what’s fabricated online is becoming increasingly challenging. Deepfakes, a term that combines ‘deep learning’ and ‘fake’, are hyper-realistic videos or images created using artificial intelligence to deceive viewers.
Imagine seeing a video of your favorite celebrity in a film they never acted in, or a politician delivering a speech they never actually gave. This is the realm of deepfakes. By utilizing AI, creators can manipulate faces, alter voices, and choreograph actions that never occurred. While some deepfakes are created for entertainment, like humorous videos of talking pets, others serve more sinister purposes. They can be tools for spreading false information, influencing political views, or damaging reputations.
Here are a few ways harmful deepfakes can impact us:
By staying informed and scrutinizing media before sharing, you can improve your ability to spot fakes and reduce the risk of falling victim to these sophisticated scams.
With McAfee Deepfake Detector now available exclusively on select Lenovo AI PCs, consumers who opt in are alerted within seconds if AI-altered audio is detected in videos, without relying on laborious manual video uploads. Trained on close to 200,000 samples and counting and leveraging the power of select Lenovo AI PCs equipped with an NPU, McAfee’s AI detection models perform the entire identification process – known as inference – directly on the PC, maximizing on-device processing to keep private user data off the cloud. McAfee does not collect or record a user’s audio in any way, and the user is always in control and can turn audio detection on or off as desired.
By leveraging the NPU and performing analysis on-device, McAfee provides comprehensive privacy and boosts processing speed when compared to cloud-based usage and improves battery life. These advancements significantly enhance the consumer experience, allowing people to make informed decisions about the content they view and protecting them against cybercrooks manipulating video audio without compromising the speed of their PC. This ensures consumers can use their PC as usual – whether they’re gaming, browsing, or watching videos – while McAfee Deepfake Detector works quietly in the background, protecting people against deceptions and alerting them to potential scams without compromising performance.
The McAfee Smart AI Hub at McAfee.ai is the online, go-to destination for the latest information and educational content related to AI and cybersecurity, with a focus on deepfakes and AI-driven scams. The Hub also empowers consumers to join the fight against scams by submitting suspicious videos for analysis by McAfee’s advanced AI-powered deepfake detection technology. Insights and trends identified through this analysis will be used to further educate the public, enriching societal understanding and awareness of deepfakes and other artificially generated content, and enhancing everyone’s ability to navigate and stay safe in a digital world increasingly shaped by artificial intelligence.
McAfee Deepfake Detector is available for English language detection in select new Lenovo AI PCs, ordered on Lenovo.com and select local retailers beginning August 21, 2024, in the US, UK, and Australia.
Lenovo AI PC customers receive a free 30-day trial of McAfee Deepfake Detector with US pricing starting at $9.99 for the first year.
The post Introducing World’s First Automatic and AI-powered Deepfake Detector appeared first on McAfee Blog.
How do you recognize phishing emails and texts? Even as many of the scammers behind them have sophisticated their attacks, you can still pick out telltale signs.
Common to them all, every phishing is a cybercrime that aims to steal your sensitive info. Personal info. Financial info. Other attacks go right for your wallet by selling bogus goods or pushing phony charities.
You’ll find scammers posing as major corporations, friends, business associates, and more. They might try to trick you into providing info like website logins, credit and debit card numbers, and even precious personal info like your Social Security Number.
Phishing scammers often undo their own plans by making simple mistakes that are easy to spot once you know how to recognize them. Check for the following signs of phishing when you open an email or check a text:
It’s poorly written.
Even the biggest companies sometimes make minor errors in their communications. Phishing messages often contain grammatical errors, spelling mistakes, and other blatant errors that major corporations wouldn’t make. If you see glaring grammatical errors in an email or text that asks for your personal info, you might be the target of a phishing scam.
The logo doesn’t look right.
Phishing scammers often steal the logos of the businesses they impersonate. However, they don’t always use them correctly. The logo in a phishing email or text might have the wrong aspect ratio or low resolution. If you have to squint to make out the logo in a message, the chances are that it’s phishing.
The URL doesn’t match.
Phishing always centers around links that you’re supposed to click or tap. Here are a few ways to check whether a link someone sent you is legitimate:
You can also spot a phishing attack when you know what some of the most popular scams are:
The CEO Scam
This scam appears as an email from a leader in your organization, asking for highly sensitive info like company accounts, employee salaries, and Social Security numbers. The hackers “spoof”, or fake, the boss’ email address so it looks like a legitimate internal company email. That’s what makes this scam so convincing — the lure is that you want to do your job and please your boss. But keep this scam in mind if you receive an email asking for confidential or highly sensitive info. Ask the apparent sender directly whether the request is real before acting.
The Urgent Email Attachment
Phishing emails that try to trick you into downloading a dangerous attachment that can infect your computer and steal your private info have been around for a long time. This is because they work. You’ve probably received emails asking you to download attachments confirming a package delivery, trip itinerary, or prize. They might urge you to “respond immediately!” The lure here is offering you something you want and invoking a sense of urgency to get you to click.
The “Lucky” Text or Email
How fortunate! You’ve won a free gift, an exclusive service, or a great deal on a trip to Las Vegas. Just remember, whatever “limited time offer” you’re being sold, it’s probably a phishing scam designed to get you to give up your credit card number or identity info. The lure here is something free or exciting at what appears to be little or no cost to you.
The Romance Scam
This one can happen completely online, over the phone, or in person after contact is established. But the romance scam always starts with someone supposedly looking for love. The scammer often puts a phony ad online or poses as a friend-of-a-friend on social media and contacts you directly. But what starts as the promise of love or partnership, often leads to requests for money or pricey gifts. The scammer will sometimes spin a hardship story, saying they need to borrow money to come visit you or pay their phone bill so they can stay in touch. The lure here is simple — love and acceptance.
Account Suspended Scam
Some phishing emails appear to notify you that your bank temporarily suspended your account due to unusual activity. If you receive an account suspension email from a bank that you haven’t opened an account with, delete it immediately, and don’t look back. Suspended account phishing emails from banks you do business with, however, are harder to spot. Use the methods we listed above to check the email’s integrity, and if all else fails, contact your bank directly instead of opening any links within the email you received.
While you can’t outright stop phishing attacks from making their way to your computer or phone, you can do several things to keep yourself from falling for them. Further, you can do other things that might make it more difficult for scammers to reach you.
The content and the tone of the message can tell you quite a lot. Threatening messages or ones that play on fear are often phishing attacks, such as angry messages from a so-called tax agent looking to collect back taxes. Other messages will lean heavily on urgency, like a phony overdue payment notice. And during the holidays, watch out for loud, overexcited messages about deep discounts on hard-to-find items. Instead of linking you off to a proper e-commerce site, they might link you to a scam shopping site that does nothing but steal your money and the account info you used to pay them. In all, phishing attacks indeed smell fishy. Slow down and review that message with a critical eye. It might tip you off to a scam.
Some phishing attacks can look rather convincing. So much so that you’ll want to follow up on them, like if your bank reports irregular activity on your account or a bill appears to be past due. In these cases, don’t click on the link in the message. Go straight to the website of the business or organization in question and access your account from there. Likewise, if you have questions, you can always reach out to their customer service number or web page.
Some phishing attacks occur in social media messengers. When you get direct messages, consider the source. Consider, would an income tax collector contact you over social media? The answer there is no. For example, in the U.S. the Internal Revenue Service (IRS) makes it clear that they will never contact taxpayers via social media. (Let alone send angry, threatening messages.) In all, legitimate businesses and organizations don’t use social media as a channel for official communications. They’ve accepted ways they will, and will not, contact you. If you have any doubts about a communication you received, contact the business or organization in question directly. Follow up with one of their customer service representatives.
Some phishing attacks involve attachments packed with malware, like ransomware, viruses, and keyloggers. If you receive a message with such an attachment, delete it. Even if you receive an email with an attachment from someone you know, follow up with that person. Particularly if you weren’t expecting an attachment from them. Scammers often hijack or spoof email accounts of everyday people to spread malware.
How’d that scammer get your phone number or email address anyway? Chances are, they pulled that info off a data broker site. Data brokers buy, collect, and sell detailed personal info, which they compile from several public and private sources, such as local, state, and federal records, plus third parties like supermarket shopper’s cards and mobile apps that share and sell user data. Moreover, they’ll sell it to anyone who pays for it, including people who’ll use that info for scams. You can help reduce those scam texts and calls by removing your info from those sites. Our Personal Data Cleanup scans some of the riskiest data broker sites and shows you which ones are selling your personal info.
Online protection software can protect you in several ways. First, it can offer web protection features that can identify malicious links and downloads, which can help prevent clicking them. Further, features like our web protection can steer you away from dangerous websites and block malware and phishing sites if you accidentally click on a malicious link. Additionally, our Scam Protection feature warns you of sketchy links in emails, texts, and messages. And overall, strong virus and malware protection can further block any attacks on your devices. Be sure to protect your smartphones in addition to your computers and laptops as well, particularly given all the sensitive things we do on them, like banking, shopping, and booking rides and travel.
The post How to Recognize a Phishing Email appeared first on McAfee Blog.
If you want to protect your identity, finances, and privacy online, you have a pretty powerful tool at hand. It’s online protection software. Today’s protection is built to get that job done.
For starters, online protection has evolved tremendously over recent years, making it more comprehensive than ever. It goes far beyond antivirus. And it protects more than your devices. It protects you. Your identity. Your finances. Your privacy.
Given how much of daily life has shifted to our computers and phones, like our finances and shopping, there’s a strong case for getting comprehensive online protection in place.
Granted, we’re an online protection company. And of course, we hope you’ll give our protection like McAfee+ a close look. With that, a quick rundown of what it can do for you and your identity, finances, and privacy helps. In all, it shows just how comprehensive this protection gets.
You can keep tabs on your identity.
This form of protection starts with Identity Monitoring. It checks the dark web for your personal info, including email, government IDs, credit card and bank account numbers, and more. If any of it shows up on the dark web, it sends you an alert with guidance that can help protect you from identity theft.
Should the unexpected happen, our Identity Theft Coverage & Restoration can get you on the path to recovery. It offers up to $2 million in coverage for legal fees, travel, and funds lost because of identity theft. Further, a licensed recovery pro can do the work for you, taking the necessary steps to repair your identity and credit.
Another way identity thieves get what they want is through scam texts, emails, and messages. You can keep clear of their shady links with our new AI-powered Scam Protection. It automatically detects links that can send you to scam sites and other destinations that steal personal info. If you accidentally click? Don’t worry, we can block risky sites if you click on a suspicious link in texts, emails, social media, and more.
You can monitor your financial big picture all in one place.
As you conduct so many of your finances online, it only makes sense that you can keep tabs on them just as easily. Features like our Credit Monitoring keep an eye on changes to your credit score, report, and accounts with timely notifications and guidance so you can take action to tackle identity theft.
And if you spot something out of the ordinary, our Security Freeze can quickly stop unauthorized access. It freezes credit card, bank, and utility accounts and prevents thieves from opening new ones in your name.
Rounding things out, you also have transaction monitoring features. They track transactions on credit cards and bank accounts — shooting you a notice if unusual activity occurs. They also track retirement accounts, investments, and loans for questionable transactions. Finally, further features can help prevent a bank account takeover and keep others from taking out short-term payday loans in your name.
You can lock down your privacy.
Several features get the job done. Our Social Privacy Manager helps you adjust more than 100 privacy settings across your social media accounts in only a few clicks. This way, your personal info is only visible to the people you want to share it with.
Another big intrusion on your privacy comes at the hands of online data brokers. They drive a multi-billion-dollar industry by collecting, batching, and selling people’s personal info. To anyone. That includes hackers, spammers, and scammers who use it to their own ends. Yet you can get your info removed from some of the worst offenders out there. Personal Data Cleanup scans data broker sites and shows you which ones are selling your personal info and helps you remove it.
Another great tool for protecting your privacy comes in the form of a VPN. As a “virtual private network,” it encrypts your activity. Think of a VPN as a private tunnel for your internet traffic. It hides your search habits and history from those who might use that info to build a profile of you — whether to serve up targeted ads or to steal personal info for identity theft. In all, a VPN gives you one of the most secure ways you can go online.
The post How to Protect Your Identity, Finances, and Security Online appeared first on McAfee Blog.
News of a major data breach that could affect nearly three billion records comes to light from a somewhat unusual source — a class-action complaint filed in Florida.
Even as details come to light, we advise people to act as if this is indeed a large and significant breach.
First, the details. The filed complaint concerns National Public Data (NPD), a company that provides background checks. Per their website, “[NPD obtains] information from various public record databases, court records, state and national databases, and other repositories nationwide.”
The complaint alleges that NPD was hit by a data breach in or around April 2024. [i] The complaint filed in the U.S. District Court further alleges:
Typically, companies self-report these breaches, thanks to regulations and legislation that require them to report them in a timely manner. That way, initial word of breaches reaches customers through emails, news reports, and sometimes through notifications to certain state attorney generals.
In this case, it appears that no notices were sent to potential victims. Further, we were unable to find any filings with state attorney generals.
As to how the primary plaintiff discovered the breach, he “received a notification from his identity theft protection service provider notifying him that his [personal info] was compromised as a direct result of the ‘nationalpublicdata.com’ breach …” (And you can certainly add online protection software to the list of ways you can find out about a data breach before a company notifies you.)
Further, in June, The Register reported that a hacker group by the name of USDoD claimed it hacked the records of nearly 3 billion people and put them up for sale on the dark web.[ii] The price tag, U.S. $3.5 million. The group further claimed that the records include U.S., Canadian, and British citizens.
From an online protection standpoint, this alleged breach could contain highly sensitive info that, if true, would put three billion people at risk of identity theft. The mere possibility of breached Social Security numbers alone makes it something worth acting on.
This breach shows the risks and frustrations that we, as consumers, face in the wake of such attacks. It often takes months before we receive any kind of notification. And of course, that gap gives hackers plenty of time to do their damage. They might use stolen info to commit identity crimes, or they might sell it to others who’ll do the same. Either way, we’re often in the dark until we get hit with a case of identity theft ourselves.
Indeed, word of an attack that affects you might take some time to reach you. With that, a mix of measures offer the strongest protection from data breaches.
To fully cover yourself, we suggest the following:
Check your credit, consider a security freeze, and get ID theft protection.
With your personal info potentially on the dark web, strongly consider taking preventive measures now. Checking your credit and getting identity theft protection can help keep you safer in the aftermath of a breach. Further, a security freeze can help prevent identity theft if you spot any unusual activity. You can get all three in place with our McAfee+ Advanced or Ultimate plans. Features include:
Monitor your identity and transactions.
Breaches and leaks can lead to exposure, particularly on dark web marketplaces where personal info gets bought and sold. Our Identity Monitoring can help notify you quickly if that happens. It keeps tabs on everything from email addresses to IDs and phone numbers for signs of breaches. If spotted, it offers advice that can help secure your accounts before they’re used for identity theft.
Also in our McAfee+ plans, you’ll find several types of transaction monitoring that can spot unusual activity. These features track transactions on credit cards and bank accounts — along with retirement accounts, investments, and loans for questionable transactions. Finally, further features can help prevent a bank account takeover and keep others from taking out short-term payday loans in your name.
Keep an eye out for phishing attacks.
With some personal info in hand, bad actors might seek out more. They might follow up a breach with rounds of phishing attacks that direct you to bogus sites designed to steal your personal info — either by tricking you into providing it or by stealing it without your knowledge. So look out for phishing attacks, particularly after breaches.
If you are contacted by a company, make certain the communication is legitimate. Bad actors might pose as them to steal personal info. Don’t click or tap on links sent in emails, texts, or messages. Instead, go straight to the appropriate website or contact them by phone directly.
For even more security, you can use our new Text Scam Detector. It puts a stop to scams before you click by detecting any suspicious links and sending you an alert. And if you accidentally tap a bad link, it blocks the sketchy sites they can take you to.
Update your passwords and use two-factor authentication.
Changing your password is a strong preventative measure. Strong and unique passwords are best, which means never reusing your passwords across different sites and platforms. Using a password manager helps you keep on top of it all, while also storing your passwords securely.
While a strong and unique password is a good first line of defense, enabling two-factor authentication acrohttps://www.mcafee.com/blogs/consumer/strong-password-ideas-to-keep-your-information-safe/?hilite=%27password%27ss your accounts helps your cause by providing an added layer of security. It’s increasingly common to see nowadays, where banks and all manner of online services will only allow access to your accounts after you’ve provided a one-time passcode sent to your email or smartphone.
Remove your personal info from data broker sites.
According to the filed complaint, National Public Data “scrapes” personal info from non-public sources. Further, the home page of the website mentions that it gathers info “from various public record databases, court records, state and national databases, and other repositories nationwide.” While we can’t confirm this ourselves, we can cautiously call out that these sources might include data broker sites.
While any damage here has already been done, we recommend removing your personal info from these data broker sites. This can prevent further exposure in the event of future breaches elsewhere. Our Personal Data Cleanup can do this work for you. It scans data broker sites and shows you which ones sell your personal info. From there, it shows how you can remove your data. And our McAfee+ Advanced and Ultimate plans come with full-service Personal Data Cleanup, which sends requests to remove your data automatically.
[i] https://www.bloomberglaw.com/public/desktop/document/HofmannvJericoPicturesIncDocketNo024cv61383SDFlaAug012024CourtDoc?doc_id=X6S27DVM6H69DSQO6MTRAQRIVBS
[ii] https://www.theregister.com/2024/06/03/usdod_data_dump/
The post Data Breach Exposes 3 Billion Personal Information Records appeared first on McAfee Blog.
With a buzz, your phone lets you know you got a text. You take a peek. It’s from the U.S. Postal Service with a message about your package. Or is it? You might be looking at a smishing scam.
“Smishing” takes its form from two terms: SMS messaging and phishing. Effectively, smishing is a phishing attack on your phone. Scammers love these attacks year-round, and particularly so during holiday shopping rushes. The fact remains that we ship plenty of packages plenty often, and scammers use that to their advantage.
Smishing attacks try to slip into the other legitimate messages you get about shipments. The idea is that you might have a couple on the way and might mistake the smishing attack for a proper message. Scammers make them look and sound legit, posing as the U.S. Postal Service or other carriers like UPS, DHL, and FedEx.
Let’s dive into the details of this scheme and what you can do to protect yourself from SMS phishing.
To pull off these attacks, scammers send out text messages from random numbers saying that a delivery has an urgent transit issue. When a victim taps on the link in the text, it takes them to a form page that asks them to fill in their personal and financial info to “verify their purchase delivery.” With the form completed, the scammer can then exploit that info for financial gain.
However, scammers also use this phishing scheme to infect people’s devices with malware. For example, some users received links claiming to provide access to a supposed postal shipment. Instead, they were led to a domain that did nothing but infect their browser or phone with malware. Regardless of what route the hacker takes, these scams leave the user in a situation that compromises their smartphone and personal data.
While delivery alerts are a convenient way to track packages, it’s important to familiarize yourself with the signs of smishing scams. Doing so will help you safeguard your online security without sacrificing the convenience of your smartphone. To do just that, take these straightforward steps.
Go directly to the source.
Be skeptical of text messages from companies with peculiar requests or info that seems too good to be true. Be even more skeptical if the link looks different from what you’d expect from that sender — like a shortened link or a kit-bashed name like “fed-ex-delivery dot-com.” Instead of clicking on a link within the text, it’s best to go straight to the organization’s website to check on your delivery status or contact customer service.
Enable the feature on your mobile device that blocks certain texts.
Many spammers send texts from an internet service to hide their identities. You can combat this by using the feature on your mobile device that blocks texts sent from the internet or unknown users. For example, you can disable all potential spam messages from the Messages app on an Android device. Head to “Settings,” tap on “Spam protection,” and then enable it. On iPhones, head to “Settings” > “Messages” and flip the switch next to “Filter Unknown Senders.”
One caveat, though. This can block legitimate messages just as easily. Say you’re getting your car serviced. If you don’t have the shop’s number stored on your phone, their updates on your repair progress will get blocked as well.
Block smishing texts with AI.
Our new AI-powered Text Scam Detector puts up a great defense. It automatically detects scams by scanning URLs in your text messages. If you accidentally tap? Don’t worry, it can block risky sites if you tap on a suspicious link in texts, emails, social media, and more.
Protect your privacy and identity all around.
While McAfee+ plans include Scam Protection, our plans offer strong protection for your identity, privacy, and finances. All the things those smishers are after. It includes credit and identity monitoring, social privacy management, and a VPN, plus several transaction monitoring features. Together, they spot scams and give you the tools to stop them dead in their tracks.
And if the unfortunate happens, our Identity Theft Coverage & Restoration can get you on the path to recovery. It offers up to $2 million in coverage for legal fees, travel, and funds lost because of identity theft. Further, a licensed recovery pro can do the work for you, taking the necessary steps to repair your identity and credit.
The post How Not to Fall for Smishing Scams appeared first on McAfee Blog.
For millions of people, it’s not a workday without it — video conferencing. And plenty of business gets done that way, which has made conferencing a target for hackers. That then begs the important question, how secure is video conferencing?
The answer is pretty secure if you’re using a reputable service. Yet you can take further steps to keep hackers and party crashers out of your meetings.
Hackers and party crashers are likely motivated by one of two things: financial gain or mischief.
Given that some meetings involve confidential or sensitive info, someone might have financial motivation to join in, spy on, or record the meeting. Recently, we saw the lengths at least one AI company went to when it spied on a competitor’s video conference call.[i]
And of course, some bad actors want to cause a disruption. As we saw in recent years, they’ll barge right into a meeting and create a ruckus with rude speech and other antics.
Falling somewhere in between, some hackers might try to intrude on a meeting and slip a malware-laden attachment into chat.[ii] For one, that can lead to a major disruption. And in a business context, financial disruption as well.
How do they pull it off? The typical avenues of attack apply. They might use stolen or hijacked accounts. The meeting was inadvertently set to “public,” allowing anyone with a link to join. Otherwise, they might compromise a victim’s device to piggyback their way in.
Use a service with end-to-end encryption.
Put simply, end-to-end encryption provides a solid defense against prying eyes. With it in place, this form of encryption makes it particularly difficult for hackers to tap into the call and the data shared within it. Secure video conferencing should use 256-bit AES GCM encryption for audio and video, and for sharing of screens, whiteboard apps, and the like. On a related note, read the service’s privacy policy and ensure that its privacy, security, and data measures fit your needs.
Make your meetings private and protect them with a password.
Keep the uninvited out. First, setting your meeting to private (invitees only) will help keep things secure. Some apps also provide a notification to the meeting organizer when an invite gets forwarded. Use that feature if it’s available. Also, a password provides another hurdle for a hacker or bad actor to clear. Use a fresh one for each meeting.
Use the waiting room.
Many services put attendees into a waiting room before they enter the meeting proper. Use this feature to control who comes in and out.
Block users from taking control of the screen.
Welcome or unwelcome, you can keep guests from taking over the screen. Select the option to block everyone except the host (you) from screen sharing.
Turn on automatic updates on your conferencing app.
By turning on automatic updates, you’ll get the latest security patches and enhancements for your video conferencing tool as soon as they become available.
Get wise to phishing scams.
Some interlopers make it into meetings by impersonating others. Just as bad actors use phishing emails and texts to steal personal financial info, they’ll use them to steal company credentials as well. Our Phishing Scam Protection Guide can show you how to steer clear of these attacks.
Use online protection software.
Comprehensive online protection software like ours can make for safer calls in several ways. For one, it protects you against malware attacks, such as if a bad actor tries to slip a sketchy download into your meeting. Further, it includes a password manager that creates and stores strong, unique passwords securely. This can help increase the security of your video conferencing account.
This is a new one. AI deepfake technology continues to evolve, we find ourselves at the point where scammers can create AI imposters in real time.
We’ve seen them use this technology in romance scams, where scammers take on entirely new looks and voices on video calls. And we’ve seen at least one group of scammers bilk a company out of $25 million with deepfaked executives on a call.[iii]
Strange as it might sound, this kind of deepfake technology is possible today. And realizing that fact is the first step toward prevention. Next, that calls for extra scrutiny.
Any time-sensitive info or sums of money are involved, get confirmation of the request. Place a phone call to the person after receiving the request to ensure it’s indeed legitimate. Better yet, meet the individual in person if possible. In all, contact them outside the email, message, or call that initially made the request to ensure you’re not dealing with an imposter.
With the right provider and right steps in place, video calls can be quite secure. Use a solution that offers end-to-end encryption, keep your app updated for the latest security measures, and lock down the app’s security settings. Also, recognize that AI has changed the way we look at just about everything online — including people on the other side of the screen. As we’ve seen, AI imposters on calls now fall into the realm of possibility. A costly one at that.
[i] https://www.nytimes.com/2023/08/07/technology/ai-start-ups-competition.html
[ii] https://www.pcmag.com/news/hackers-circulate-malware-by-breaking-into-microsoft-teams-meetings
[iii] https://www.cnn.com/2024/02/04/asia/deepfake-cfo-scam-hong-kong-intl-hnk/index.html
The post How Secure is Video Conferencing? appeared first on McAfee Blog.
FreshRSS 