It usually starts with a small, uneasy moment. 

A password reset email you don’t remember requesting. A login alert that doesn’t make sense. Strange comments showing up under your username that you swear you didn’t write. 

Sometimes you don’t notice at all…until someone messages you asking why you’re suddenly promoting crypto giveaways, posting spam links, or commenting across random subreddits. 

A hacked Reddit account isn’t just embarrassing. It can be a real security risk. Attackers often use compromised accounts to spread scams, steal personal information, or take advantage of your reputation in online communities. 

This guide walks you through exactly what to do if your Reddit account has been compromised: how to spot the warning signs, how to regain control, and what security steps to take so it doesn’t happen again. 

Signs Your Reddit Account May Be Compromised 

Reddit account takeovers don’t always look dramatic at first. The earliest warning signs often feel subtle. 

Watch for these red flags: 

Password or email changes you didn’t make: You may receive an email from Reddit saying your password or email address was updated. 

Posts, comments, votes, or chat messages you don’t recognize: Hackers often use your account to upvote scam content or spam communities. 

Authorized apps you don’t remember approving: Some attackers compromise accounts through unsafe third-party apps or browser extensions. 

Unusual login activity or unfamiliar IP history: Reddit allows you to review recent account activity, which may show logins from locations you’ve never visited. 

Sudden account lock or forced reset notice: In some cases, Reddit may lock your account or prompt a password reset as a security precaution. 

If any of these are happening, assume your Reddit account is compromised and start recovery steps immediately. 

What to Change Immediately If Your Reddit Account Was Hacked 

If your Reddit account was hacked, assume your login details may have been stolen. 

That means simply getting back into your account isn’t enough, you also need to update the passwords and settings attackers could still use. 

Here’s what to change right away: 

• Change your Reddit password 
• Change the password for the email account connected to Reddit 
• Update any other accounts that share the same password 
• Remove suspicious authorized apps 
• Log out of all active sessions/devices 
• Turn on two-factor authentication (2FA) 
• Update your recovery options (email, phone, backup codes) 

If you think the hack started from malware or a phishing link, it’s also smart to update passwords for other sensitive accounts, like banking, payment apps, or your Apple/Google account. Using a password manager like McAfee’s can help you create strong, unique passwords for every account, and store them securely in one place. 

Step-by-Step: How to Recover a Hacked Reddit Account 

Step	What to Do	Why It Matters
1. Reset your password immediately	Use Reddit’s password reset flow and create a strong new password.	This is the fastest way to cut off unauthorized access. Resetting your password can also log you out across devices.
2. Check your inbox for Reddit security emails	Look for emails saying your password or email address was changed. Follow any “this wasn’t me” instructions if available.	If a hacker changed your account details, Reddit’s security email may be your best chance to reverse it quickly.
3. Review account activity and active sessions	Check where your account is logged in and log out of unfamiliar sessions/devices.	Hackers often stay logged in even after making changes, especially if you don’t remove active sessions.
4. Remove suspicious authorized apps	Review connected apps and revoke access for anything you don’t recognize or no longer use.	Some account takeovers happen through unsafe third-party apps, not password guessing.
5. Scan your device for malware	Run a trusted security scan to check for spyware, password-stealing malware, or malicious browser extensions. McAfee offers a free antivirus scan service.	If your device is compromised, attackers can steal your new password(s) immediately.
6. Secure the email account tied to Reddit	Change your email password and enable 2FA. Check recovery settings to make sure they’re yours.	If your email is compromised, the attacker can keep resetting your Reddit account and locking you out.
7. Contact Reddit support if you’re still locked out	Submit a request and choose: Security problems → I think my account has been hacked. Include your username and details.	Reddit may be able to help restore access or reverse changes if self-recovery doesn’t work.

 

Watch for Phishing “Reddit Support” Scams 

One of the most common ways accounts get compromised is through phishing. 

Scammers impersonate: 

• Reddit moderators 
• Reddit admin messages 
• Security alerts 
• Fake “copyright violation” notices 

They try to trick you into clicking a link and logging in on a fake site. 

If you receive a suspicious message, don’t click. 

Instead, open Reddit directly in your browser or app and check your account settings from there. 

Final Tips: Recovering From a Reddit Hack 

A hacked Reddit account can feel strangely personal, because your profile reflects your interests, communities, and identity online. 

The most important steps are: 

• Act quickly 
• Secure your email account first 
• Reset your password and log out of all sessions 
• Remove suspicious authorized apps 
• Enable two-factor authentication (2FA) 
• Scan your device for malware 

And if you’re still locked out or something doesn’t look right, follow Reddit’s official recovery guidance and contact Reddit support directly. 

Reddit may be able to confirm suspicious activity, restore access, or help reverse account changes. 

Frequently Asked Questions 

Q: How do I know if my Reddit account was hacked? A: Common signs include password or email changes you didn’t request, unfamiliar authorized apps, unusual IP history, and posts/comments/votes you don’t remember making. If any of these appear, treat your account as compromised.

Q: Will resetting my Reddit password log out the hacker?     A: In many cases, yes. Reddit notes that resetting your password can log you out across devices, which is one of the fastest ways to cut off unauthorized access.

Q: What if my Reddit email address was changed?   A: Check your email inbox for a message from Reddit. Reddit may provide instructions to reverse the change, but you’ll typically need to input the original email address associated with the account.

Q: What should I do if I can’t get my account back?   A: Submit a support request and select: Security problems → I think my account has been hacked. Include your username and explain what suspicious activity you noticed. Reddit also suggests checking r/help for additional guidance.

Q: Should I remove authorized apps after a hack?   A: Yes. Reddit specifically warns that unsafe authorized apps can lead to account compromise. Remove anything you don’t recognize or no longer use.

Q: What’s the biggest mistake people make after a Reddit hack?   A: Only changing their Reddit password. If your email account or device is compromised, attackers can regain access quickly. You should secure your email, scan your device, and update reused passwords.

 

The post Reddit Hacked? How to Regain Access and What to Change Immediately appeared first on McAfee Blog.

It usually starts with a small, uneasy moment. A notification you don’t recognize. A login code you didn’t request. A friend texting to ask why you just posted something… weird. 

If you’re staring at your phone wondering whether your TikTok account was hacked, you’re not alone, and you’re not being paranoid.  

Account takeovers often don’t look dramatic at first. They show up as subtle changes: a password that suddenly doesn’t work, a new device logged in overnight, or settings you swear you never touched. 

This guide walks you through exactly what to do if your TikTok account has been compromised: how to spot the warning signs, how to recover access if you’re locked out, and how to lock down active sessions so it doesn’t happen again.  

Signs Your TikTok Account May Be Compromised 

When someone else gets into your account, things usually start behaving in ways that don’t feel like you. Pay attention to changes like these: 

Profile or settings changes you didn’t make
Your display name, bio, password, linked email, phone number, or privacy settings look different, even though you never touched them. 

Content or activity you don’t recognize
Videos you didn’t post. Comments or DMs you didn’t send. New follows or likes that don’t match how you use the app. 

Login alerts that come out of nowhere
Notifications about a new device, verification codes you didn’t request, or emails confirming changes you didn’t initiate. 

Other warning signs include being locked out of your usual login method, missing recovery options, or friends telling you your account is sending strange messages. 

How to Regain Access to Your TikTok Account 

Speed matters here. The longer someone has access, the more they can change, or use your account to scam others. 

If you can still log in 

Secure the account immediately. 

1. Change your password: Use the “Forgot password?” option if needed and choose a strong, unique password you haven’t used anywhere else. 
2. Check your account details: Confirm the email address and phone number are yours. Remove anything you don’t recognize. 
3. Look for unfamiliar devices or sessions: You’ll deal with this more thoroughly below, but flag anything that looks off. 

If you’re locked out 

Start TikTok’s recovery process right away. 

1. On the login screen, tap “Report a problem” or visit the Help Center. 
2. Be ready to prove ownership. That usually includes: 
3. Your username 
4. A previous email or phone number linked to the account 
5. Devices you’ve used to log in before 
6. Screenshots of changes, if you have them 

TikTok uses this information to verify that the account is yours and roll back unauthorized changes. 

Secure your email and phone, too 

This step is critical and often overlooked. 

• Change the password on the email account linked to TikTok.  If someone controls your email, they can keep resetting your social accounts. 
• Confirm your phone number is correct and remove any unfamiliar contact info. 

Once you regain access, clean up anything the attacker touched, delete suspicious posts, undo profile changes, and revoke access for any apps you don’t recognize. 

Figure 1: How to remove TikTok logins from other devices. 

Lock Down Sessions and Strengthen Your TikTok Security 

Getting back in is only half the job. The next step is making sure whoever got in can’t come back. 

Turn on two-step verification 

In Settings & Privacy, enable two-factor verification (2FA) and choose your preferred method. An authenticator app offers the strongest protection, but SMS or email is still far better than nothing. 

Review active sessions and devices 

Head to Security and look for Manage devices or Active sessions. 

• Remove any devices you don’t recognize. 
• If available, use “Log out of all devices” to force everyone, including an attacker, out at once. 

Revoke third-party app access 

Check which apps or tools are connected to your TikTok account and remove anything you don’t use or trust. 

Use a strong, unique password 

• Aim for 12+ characters with a mix of letters, numbers, and symbols. 
• Never reuse passwords from other sites. 
• A reputable password manager like McAfee’s can help generate and store secure passwords. 

Keep your app and phone updated 

Updates often include security fixes. Running outdated software makes it easier for attackers to exploit known issues. 

Be cautious with links and messages 

Unexpected DMs, “copyright warnings,” fake verification notices, or links asking you to log in again are common hacker tactics. When in doubt, don’t click, open the app directly instead. 

 

Figure 2: Where in “Security & permissions” to find security updates and 2FA. 

How to Report an Impersonation Account on TikTok 

Discovering a fake account that’s using your name, photos, or videos can feel like a second violation on top of having your account hacked.  

Luckily, TikTok has a way to flag these imposters, both from inside the app and, in some regions, through an official web form. 

1. Open the impostor’s profile: Head to the account that’s pretending to be you. 
2. Tap the share icon: On mobile, this is usually the arrow at  the top of the profile. 
3. Select “Report”: Choose the option to report the account. 
4. Choose “Report account” → “Pretending to Be Someone”: That’s TikTok’s way of flagging impersonation specifically. 
5. Indicate who is being impersonated: Select Me if it’s your identity, or Celebrity/Another person if it’s someone else. Then submit.  

Figure 3: A screenshot showing where in TikTok you report fake profiles. 

If you’re in the U.S. and the fake profile is doing real damage, for example, scamming your followers or using official business assets, TikTok also offers a dedicated impersonation report form online: 

• Choose whether you’re reporting or appealing an impersonation. 
• Enter your email and country. 
• Upload valid ID or other proof that you’re who you say you are. 
• Confirm the statements and submit the form.  

For accounts outside the U.S., the public Help Center form lets you select Report a potential violation → Account violation → Impersonation and walk through similar steps.

 

Frequently Asked Questions 

Q: How do I lock down sessions on TikTok? A: Go to Settings & Privacy → Security, then open Manage devices or Active sessions. Remove unfamiliar devices, log out of all sessions if possible, change your password, and enable two-step verification.

Q: Can I recover my account if the email and phone number were changed? A: Yes. Start an account recovery request through TikTok support and provide proof of ownership, including previous contact details and device information.

Q: What if I keep getting verification codes I didn’t request? A: That’s a sign someone is trying to get in. Change your password immediately, enable two-step verification, and review active sessions. If it continues, contact TikTok support

Q: Should I warn my followers? A: If your account posted or messaged others without your permission, yes. Let people know your account was compromised so they don’t engage with scam links or requests.

 

The post Was My TikTok Hacked? How to Get Back Into Your Account and Lock Down Sessions appeared first on McAfee Blog.

Key Takeaways

• App spyware often disguises itself as everyday apps (e.g., flashlight, wallpaper, gaming), then embed malicious code to secretly access your camera, mic, contacts, location, and more.
• Excessive permission requests are a red flag, legitimate apps request only what they need. Apps asking for unrelated permissions (e.g., a game accessing contacts or microphone) are likely invasive.
• Learn how to spot and remove invasive apps quickly in your permission settings.
• Deleting beats restricting. Even disabled permissions may not stop an invasive app from collecting data. Full removal is the safest option.
• Use preventive habits to safeguard your privacy.

Some crooks and shady characters will invade your privacy simply by asking for your permission to snoop—through app spyware you install on your phone.

Invasive apps look like legitimate apps, yet they have an ulterior motive. They use a phone’s permission settings to spy on its user by accessing the phone’s camera, microphone, and more.

At the heart of any smartphone app you’ll find permissions, which allow apps to use certain features of your phone. A messaging app might ask for access to your camera and microphone to send video and voice messages. It might ask for permission to access your photos if you want to send pictures. Likewise, a navigation or rideshare app will ask for permission to access your phone’s location services.

In short, permissions make apps work. And broadly speaking, most apps out there are legitimate. Yet what about a game that asks for permissions to access your contact list? Or a flashlight app that wants to use your microphone? How about a run-of-the-mill wallpaper app that wants to know your location? These are all examples of invasive apps. And the creators behind them want your personal information and to invade your privacy as well.

Luckily, app spyware is easy to spot and remove.

Invasive apps and mobile spyware

Both invasive apps and mobile spyware snoop on you and your phone, yet invasive apps work differently than mobile spyware. Invasive apps use a phone’s built-in functionality to spy and gather information on you. Spyware is malware that can maliciously steal information by working secretly in the background. This can make an invasive app much easier to spot because it asks for broad permissions—permissions it doesn’t need to work.

Invasive apps might ask for permission to:

• Use your camera.
• Access your microphone.
• Track your location.
• Access and modify your contacts.
• Read your calendar.

Requests for permissions such as these aren’t a sign of an invasive app in and of themselves. Some apps require them to work. The telltale sign of an invasive app is when the app asks for permissions it doesn’t need. Think like the flashlight app that wants access to your microphone.

The tricky bit with invasive apps is that many people quickly click through the user agreements and permission screens when they get a new app. Sometimes without reading carefully. That can particularly be the case with children grabbing a new app. However, it’s never too late to spot an invasive app. And remove it.

How to Spot and Remove Invasive Apps to Prevent Mobile Spyware

With a quick trip to your phone’s settings, you can spot and remove invasive apps.

How to Check and Control App Permissions on iOS

1. Go to Settings > Privacy & Security.
2. Tap Safety Check. Here you can see which apps use the permissions you granted them and make changes to those permissions as needed.

You can also run an App Privacy Report, which records data and sensor access on an app-by-app level.

1. Go to Settings > Privacy & Security.
2. Tap App Privacy Report. You can adjust your permissions from there as well.

How to Check and Control App Permissions on Android

1. On your device, open the Settings app.
2. Tap Apps. Tap the app you want to change. If you can’t find it, tap See all apps.
3. Select your app.
4. Tap Permissions. If you allowed or denied any permissions for the app, you’ll find them here.
5. To change the permission setting, tap it, then select Allow or Don’t allow. For location, camera, and microphone permissions, you might be able to select:

• • All the time: For location only. The app can use the permission at any time, even when you’re not using the app.
  • Allow only while using the app: The app can use the permission only when you’re using that app.
  • Ask every time: Every time you open the app, it’ll ask to use the permission. It can use the permission until you’re done with the app.
  • Don’t allow: The app can’t use the permission, even when you’re using the app.

Invasive app? You might just want to delete it.

Rather than pare back permissions on an invasive app, your best and safest bet is to delete the app altogether. Even with excessive permissions turned off, the app might collect other information and send it to the company who developed it. Further, they might share it with others. In short, an invasive app is a bad app all around. Get rid of it and go with something legitimate.

More ways to keep app spyware off your phone

1. Update your phone’s operating system.

Along with installing security software, keeping your phone’s operating system up to date can greatly improve your security. Updates can fix vulnerabilities that hackers rely on to pull off their malware-based attacks. It’s another tried-and-true method of keeping yourself safe—and for keeping your phone running great too.

2. Avoid third-party app stores.

Google Play and Apple’s App Store have measures in place to review and vet apps to help ensure that they are safe and secure. Third-party sites might very well not, and they might intentionally host malicious apps as part of a front. Further, Google and Apple are quick to remove malicious apps from their stores when discovered, making shopping there safer still.

3. Review apps carefully.

Check out the developer—have they published several other apps with many downloads and good reviews? A legit app typically has quite a few reviews, whereas malicious apps might have only a handful of (phony) five-star reviews. Lastly, look for typos and poor grammar in both the app description and screenshots. They might be a sign that a hacker slapped the app together and quickly deployed it.

4. Go with a strong recommendation.

Yet better than combing through user reviews yourself is getting a recommendation from a trusted source, like a well-known publication or from app store editors themselves. In this case, much of the vetting work has been done for you by an established reviewer. A quick online search like “best fitness apps” or “best apps for travelers” should turn up articles from legitimate sites that can suggest good options and describe them in detail before you download.

5. Protect your phone.

Comprehensive online protection software can secure your phone in the same ways that it secures your laptops and computers. Installing it can protect your privacy, keep you safe from attacks on public Wi-Fi, and automatically block unsafe websites and links, just to name a few things it can do.

Be stingy with your apps and their permissions

Permissions make for powerful apps that can help you hail a ride, get a pizza delivered to your door, and map your afternoon run. In the wrong hands, they can also snoop on your activities. If an app ever feels like it’s asking for too many permissions to do its job, you might have an invasive app on your hands. Yet the trick is that some invasive apps still slip through and end up on our phones. Quickly accepting terms and permissions is one reason. For extra protection, consider running a quick app audit. Check the apps and permissions on your phone as noted above and delete any suspicious apps.

Be stingy when it comes to giving your permission. Roll back the permissions so that the app works with the bare minimum of permissions. Set location services so that they’re only used when the app is in use. With social and messaging apps, select which photos you allow them to share rather than giving the app blanket access to your entire photo library.

And lastly, if an app seems like it’s asking for too much, it probably is. Avoid it altogether.

The post Mobile Spyware: How Hackers Hijack Phones Through App Spyware appeared first on McAfee Blog.

It’s important to know that not all websites are safe to visit. In fact, some sites may contain malicious software (malware) that can harm your computer or steal your personal contact information or credit card numbers.

Phishing is another common type of web-based attack where scammers try to trick you into giving them your personal information, and you can be susceptible to this if you visit a suspicious site.

Identity theft is a serious problem, so it’s important to protect yourself when browsing the web. Online security threats can be a big issue for internet users, especially when visiting new websites or following site links.

So how can you tell if you’re visiting a safe website or an unsafe website? You can use a few different methods. This page discusses key things to look for in a website so you can stay safe online.

Key signs a website is safe

When you’re visiting a website, a few key indicators can help determine whether the site is safe. This section explores how to check the URL for two specific signs of a secure website.

Check for ”Https:” in the website URL

“Https” in a website URL indicates that the website is safe to visit. The “s” stands for “secure,” and it means that the website uses SSL (Secure Sockets Layer) encryption to protect your information. A verified SSL certificate tells your browser that the website is secure. This is especially important when shopping online or entering personal information into a website.

When you see “https” in a URL, the site is using a protocol that encrypts information before it’s sent from your computer to the website’s server. This helps prevent anyone from intercepting and reading your sensitive information as it’s transmitted.

There is a lock icon near your browser’s URL field

The padlock icon near your browser’s URL field is another indicator that a webpage is safe to visit. This icon usually appears in the address bar and means the site uses SSL encryption. Security tools and icon and warning appearances depend on the web browser.

Let’s explore the cybersecurity tools on the three major web browsers:

• Safari. In the Safari browser on a Mac, you can simply look for the lock icon next to the website’s URL in the address bar. The lock icon will be either locked or unlocked, depending on whether the site uses SSL encryption. If it’s an unsafe website, Safari generates a red-text warning in the address bar saying “Not Secure” or “Website Not Secure” when trying to enter information in fields meant for personal data or credit card numbers. Safari may also generate an on-page security warning stating, “Your connection is not private” or “Your connection is not secure.”
• Google Chrome. In Google Chrome, you’ll see a gray lock icon (it was green in previous Chrome versions) on the left of the URL when you’re on a site with a verified SSL certificate. Chrome has additional indicator icons, such as a lowercase “i” with a circle around it. Click this icon to read pertinent information on the site’s cybersecurity. Google Safe Browsing uses security tools to alert you when visiting an unsafe website. A red caution symbol may appear to the left of the URL saying “Not secure.” You may also see an on-page security message saying the site is unsafe due to phishing or malware.
• Firefox. Like Chrome, Mozilla’s Firefox browser will tag all sites without encryption with a distinctive marker. A padlock with a warning triangle indicates that the website is only partially encrypted and may not prevent cybercriminals from eavesdropping. A padlock with a red strike over it indicates an unsafe website. If you click on a field on the website, it’ll prompt you with a text warning stating, “This connection is not secure.”

Look for website trust seals

When you’re browsing the web, it’s important to be able to trust the websites you’re visiting. One way to determine if a website is trustworthy is to look for trust seals. Trust seals are logos or badges that indicate a website is safe and secure. They usually appear on the homepage or checkout page of a website.

There are many types of trust seals, but some of the most common include the Better Business Bureau (BBB) seal, VeriSign secure seal, and the McAfee secure seal. These seals indicate that a third-party organization has verified the website as safe and secure.

While trust seals can help determine whether a website is trustworthy, it’s important to remember that they are not foolproof. Website owners can create a fake trust seal, so it’s always important to do your own research to ensure a website is safe before entering personal information.

In-depth ways to check a website’s safety and security

Overall, the ”https” and the locked padlock icon are good signs that your personal data will be safe when you enter it on a website. But you can ensure a website’s security is up to par in other ways. This section will explore five in-depth methods for checking website safety.

Use McAfee WebAdvisor

McAfee WebAdvisor is a free toolbar that helps keep you safe online. It works with your existing antivirus software to provide an extra layer of protection against online threats. WebAdvisor also blocks unsafe websites and lets you know if a site is known for phishing or other malicious activity. In addition, it can help you avoid online scams and prevent you from accidentally downloading malware. Overall, McAfee WebAdvisor is a useful tool that can help you stay safe while browsing the web.

Check for a privacy policy

Another way to determine if a website is safe to visit is to check for a privacy policy. A privacy policy is a document that outlines how a website collects and uses personal information. It should also state how the site protects your data from being accessed or shared by scammers, hackers, or other unauthorized individuals.

If a website doesn’t have a privacy policy, that’s a red flag that you shouldn’t enter any personal information on the site. Even if a website does have a privacy policy, it’s important to read it carefully so you understand how the site uses your personal data.

Check third-party reviews

It’s important to do some preliminary research before visiting a new website, especially if you’re shopping online or entering personal data like your address, credit card, or phone number. One way to determine if a website is safe and trustworthy is to check third-party reviews. Several websites provide reviews of other websites, so you should be able to find several reviews for any given site.

Trustpilot is one example of a website that provides reviews of other websites.Look for common themes when reading reviews. If most of the reviews mention that a website is safe and easy to use, it’s likely that the site is indeed safe to visit. However, if a lot of negative reviews mention problems with viruses or malware, you might want to avoid the site.

Look over the website design

You can also analyze the website design when deciding whether a website is safe to visit. Look for spelling errors, grammatical mistakes, and anything that appears off. If a website looks like it was made in a hurry or doesn’t seem to be well-designed, that’s usually a red flag that the site might not be safe.

Be especially careful of websites that have a lot of pop-ups. These sites are often spammy or contain malware. Don’t download anything from a website unless you’re absolutely sure it’s safe. These malicious websites rarely show up on the top of search engine results, so consider using a search engine to find what you’re looking for rather than a link that redirects you to an unknown website.

Download McAfee WebAdvisor for free and stay safe while browsing

If you’re unsure whether a website is safe to visit, download McAfee WebAdvisor for free. McAfee WebAdvisor is a program that helps protect you from online threats, such as malware and viruses. It also blocks pop-ups and other intrusive ads so you can browse the web without worry. Plus, it’s completely free to download and use.

Download McAfee WebAdvisor now and stay safe while browsing the web.

The post How to Check If a Website Is Safe: Simple Tips for Secure Browsing appeared first on McAfee Blog.

Parents are waking up to this new online threat to their kids: ‘The Blue Whale Challenge’ which in extreme steps leads children to commit suicide. Fingers are flying fast on WhatsApp, Facebook and Twitter sharing ‘facts’ about the challenge, tips about mentoring kids, and opinions of experts that are adding to the confusion.

“What is the Blue Whale Challenge?”, “Is it a game or an app?”, “Where is it available?”,  “How can I know if my child is playing it?” These and similar questions are now circulating, understandably, as concerned parents are trying their best to get a grip on the issue.

The Facts First:

Alternate names: A Blue Whale/ A Quiet House/ A Silent House/ A Sea of Whales/ Wake Me Up at 4:20 am.

The background: The Blue Whale Challenge was developed by a Russian who is currently behind bars. The game had an app but now it has been removed. HOWEVER, if anyone has backed up data and saved the app, it may still be there on their devices. It may also be shared in unregulated groups.

The game: The game consists of a series of dares, and every time the player completes a challenge, a new one is assigned to him/her. This happens over a period of 50 days (According to some reports, this includes carving a Blue Whale on the hand). The last one is supposed to be one that is potentially life-threatening. Not only that, the participant has to livestream or share the suicide on Facebook.

The modus operandi: How does the moderator get the participants to accept and complete challenges? Simply by goading them on; shaming them or belittling them if they show hesitation. They already have the phone numbers and email addresses of the participants, so it’s easy for the moderator to contact the participants. The participants are also threatened not to keep records of any mails or messages or else their family member’s personal information would be hacked and made public.

Origin: There are contradictory reports about existence of an app and now it’s been removed from online stores. Social media and forums are recognized means which have helped proliferate the same.

What Can Parents Do?

This is not a case of malware or virus attacks. It is more related to human psychology and banks on the child’s naiveté, lack of self-esteem and acceptance to a group. Such games have existed and continue to exist and bans won’t prevent their creation. Just like there are fun challenges like the ice bucket challenge and the pink whale challenge, there are also potentially harmful ones that include taking selfies in front of running trains and other dangerous acts. Children by nature are adventurous and dares, no matter how small or big, could satisfy this need for excitement.

1. Open Conversation: Like in the real world where you guide your child, likewise your child needs guidance in the online world too which can only be given by you until they attain maturity. Have regular and informal conversation so they share without the fear of being reprimanded. Encourage questions, address their curiosity and guide them in a friendly manner rather than leaving up to them to figure things on their own Also, its recommended to impart knowledge to break free from peer pressure and not be negative online. A strong, confident child will be able to make better decisions and this is the skill as parents you can teach your children.
2. Stranger Danger: According to McAfee’s ‘Connected Family’ study in 2017, 49% of Indian parents are concerned about their child potentially interacting with a social predator or cybercriminal online. Education and open conversations within families are critical as kids are curious and give trust easily. Highlight incidents about how strangers try to earn trust falsely for their own agenda which can extend from cybercrime to physical theft when you are not home. Insist that they should avoid entering into any form of communication, sharing or confiding with strangers including calling, emailing, texting or meeting people they don’t know well in person.
3. Balance: Set daily internet time when they can surf online and do school work. Also, make the rule -Absolutely NO devices go to bed with your child. If you notice your child is online more often than usual you should investigate.
4. Monitor: Even if you are not a tech-savvy person, there is nothing like a parent’s concern to keep children on the right path. It’s suggested you use the parental control features available in reputed security software which makes it easy and simple to help keep your children safe online.
5. Do your part: Discuss with your child about how to identify such online dangers and report it if they encounter any. It’s our duty to keep the ecosystem safe for everyone as we would expect from our neighbor.

Monitoring your child’s online experience until they get a sense of judgement is something I have always advocated for, and is now more important than ever. Do your part and help make the internet a safer place for everyone.

Final Thoughts

The Blue Whale Challenge is a grim reminder that not all online threats come in the form of a virus or malicious download. Sometimes, the real danger lies in manipulation, peer pressure, and psychological coercion. As parents, you cannot control every corner of the internet, but you can teach your children effective ways to navigate it.

Your role in your child’s life is more powerful than any app or algorithm. Open conversations, emotional support, clear digital boundaries, and active involvement in your child’s online activities constitute the strongest defense. When children feel heard, valued, and confident, they are far less likely to fall prey to harmful online challenges or strangers seeking to exploit them.

Parental guidance should also be supported by practical safeguards. Just as you lock your doors at night, your child’s digital world deserves protection too. Using trusted parental control tools can help you monitor their online activity, manage screen time, filter inappropriate content, and receive alerts about potential risks without invading your child’s sense of independence.

With the McAfee+ Family Plan, you are empowered with comprehensive parental controls, identity monitoring, and multi-device protection to help you support, guide, and protect your child as they grow in a connected world.

The post Blue Whale Challenge: What Parents Need to Know! appeared first on McAfee Blog.