There are new available articles, click to refresh the page.

Cisco Duo Unveils First Production Deployment of Foundation AI

By: Yaron Singer — December 16^th 2025 at 13:00

Today marks a major milestone in the evolution of Cisco security. Cisco Identity Intelligence is now the first Cisco product to deliver a customer facing capability powered entirely by a Cisco built… Read more on Cisco Blogs

Security – Cisco Blog

Key Challenges that Impede Segmentation Progress

By: Aamer Akhter — December 16^th 2025 at 13:00

The 2025 Cisco Segmentation Report shows that complexity, visibility, and context remain the main challenges for successful segmentation implementations.

WIRED

AI Toys for Kids Talk About Sex, Drugs, and Chinese Propaganda

By: Lily Hay Newman， Matt Burgess — December 13^th 2025 at 11:30

Plus: Travelers to the US may have to hand over five years of social media history, South Korean CEOs are resigning due to cyberattacks, and more.

WeLiveSecurity

Black Hat Europe 2025: Was that device designed to be on the internet at all?

— December 12^th 2025 at 15:22

Behind the polished exterior of many modern buildings sit outdated systems with vulnerabilities waiting to be found

Security – Cisco Blog

A Newbie’s Perspective: From Curiosity to Confidence, My SOC Story

By: Jessica (Bair) Oppenheimer — December 12^th 2025 at 22:32

A new analyst shares their Cisco Live SOC experience, covering quick onboarding, using Cisco XDR and Endace for incident investigation, and building confidence in threat response.

Security – Cisco Blog

Have You Seen My Domain Controller?

By: Duane Waddle — December 12^th 2025 at 16:09

Windows clients expose Active Directory DNS queries on public Wi-Fi, risking OSINT and credential leaks. Learn from Cisco Live SOC observations how to protect clients with VPNs .

Security – Cisco Blog

Splunk in Action: From SPL to PCAP

By: Brendan Kuang — December 12^th 2025 at 13:57

Learn how Cisco Live SOC uses Splunk SPL and Endace PCAP to investigate exposed HTTP authentication and Kerberos activity, securing sensitive data on public Wi-Fi networks.

Security – Cisco Blog

Cisco Live Melbourne 2025 SOC

By: Jessica (Bair) Oppenheimer — December 12^th 2025 at 13:00

Cisco Security and Splunk protected Cisco Live Melbourne 2025 in the Security Operations Centre. Learn about the latest innovations for the SOC of the Future.

Security – Cisco Blog

Cisco Live Melbourne Case Study: Cisco Live TMC Experience and DDoS

By: Hanna Jabbour — December 12^th 2025 at 13:00

Explore a Cisco TME's experience in the Cisco Live SOC, detailing efficient onboarding, incident escalation, and a real-world DDoS attack investigation and response.

McAfee Blogs

This Week in Scams: Petco Breach Warning, and Watch Out for Fake Federal Calls

By: McAfee — December 12^th 2025 at 18:03

Pets, poisoned AI search results, and a phone call that sounds like it’s coming straight from the federal government, this week’s scams don’t have much in common except one thing: they’re getting harder to spot.

In today’s edition of This Week in Scams, we’re breaking down the biggest security lapses and the tactics scammers used to exploit them, and what you can do to stay ahead of the latest threats.

Two data security lapses discovered at Petco in one week put pet parents at risk

If you’re a Petco customer, you’ll want to know about not one but two data security lapses in the past week.

First, as reported by TechCrunch on Monday, Petco followed Texas data privacy laws by filing a data breach with the attorney general’s office. In that filing, Petco reported that the affected data included names, Social Security numbers, and driver’s license numbers. Further info including account numbers, credit and debit card numbers, and dates of birth were also mentioned in the filing.

Also according to Techcrunch, the company filed similar notices in California and Massachusetts.

To date, Petco has not made a comment about the size of the breach and the number of people affected.

Different states have different policies for reporting data breaches. In some cases, that helps us put a figure to the size of the breach, as some states require companies to disclose the total number of people caught up in the breach. That’s not the case here, so the full scope of the attack remains in question, at least for right now.

As of Thursday, we know Petco reported that 329 Texans were affected along with seven Massachusetts residents, per the respective reports filed. California’s report does not contain the number of Californians affected, yet laws in that state require businesses to report breaches that affect 500 or more people, so at least 500 people were affected there.

Below you can see the form letter Petco sent to affected Californians in accordance with California’s data privacy laws:

Copy of the form letter posted on the California Attorney General’s Website

In it, you can see that Petco discovered that “a setting within one of our software applications … inadvertently allowed certain files to become accessible online.” Further, Petco said that it “immediately took steps to correct the issue and to remove the files from further online access,” and that it “corrected” the setting and implemented unspecified “additional security measures.”

So while no foul play appears to have been behind the breach, it’s still no less risky and concerning for Petco’s customers. We’ll cover what you can do about that in a moment after we cover yet another data issue at Petco through its Vetco clinics.

Also within the same timeframe, yet more research and reporting from Techcrunch uncovered a second security lapse that exposed personal info online. From their article:

“TechCrunch identified a vulnerability in how Vetco’s website generates copies of PDF documents for its customers.

“Vetco’s customer portal, located at petpass.com, allows customers to log in and obtain veterinary records and other documents relating to their pet’s care. But TechCrunch found that the PDF generating page on Vetco’s website was public and not protected with a password.

“As such, it was possible for anyone on the internet to access sensitive customer files directly from Vetco’s servers by modifying the web address to input a customer’s unique identification number. Vetco customer numbers are sequential, which means one could access other customers’ data simply by changing a customer number by one or two digits.”

What to do if you think you had info stolen in the Petco breach

With the size and reach of the Petco breach still unknown, and the impact of the Vetco security lapse also unknown, we advise caution for all Petco customers. At minimum, monitor transactions and keep an eye on your credit report for any suspicious activity. And it’s always a good time to update a weak password.

For those who received a notification, we advise the following:

Check your credit, consider a security freeze, and get ID theft protection. You can get all three working for you with McAfee+ Advanced or McAfee+ Ultimate.

Monitor transactions across your accounts, also available in McAfee+ Advanced and Ultimate.

Keep an eye out for phishing attacks. Use our Scam Detector to spot any follow-on attacks.

Update your passwords. Strong and unique passwords are best. Our password manager can help you create and store them securely.

And use two-factor authentication on all your accounts. Enabling two-factor authentication provides an added layer of security.

What to do if your Social Security number was breached.

If you think your Social Security number was caught up in the breach, act quickly.

First, contact one of the three credit bureaus (Equifax, Experian, or TransUnion) and place a fraud alert on your credit report.
That will cover all three bureaus and make it harder for someone to open new accounts in your name. You can also quickly freeze your credit altogether with McAfee+ Ultimate.
Also notify the Social Security Administration (SSA) along with the Internal Revenue Service (IRS), and file a police report immediately if you believe your number is being misused.

The call center number that connects you to … scammers?

You might want to be careful when searching for customer service numbers while in AI mode. Or with an AI search engine. It could connect you to a scammer.

From The Times comes reports of scammers manipulating the AI in platforms like Google and Perplexity so that their search results return scam numbers instead of a proper customer service numbers for, say, British Airways.

How do they manipulate those results? By spamming the internet with false info that gets picked up and then amplified by AI.

“[S]cammers have started seeding fake call center numbers on the web so the AI is tricked into thinking it is genuine …

“Criminals have set up YouTube channels with videos claiming to help with customer support, which are packed with airline brand names and scam numbers designed to be scraped and reused by the AI.

“Bot-generated reviews on Yelp or video descriptions on YouTube are filled with fraudulent numbers as are airline and travel web forums.”

And with these tactics, scammers could poison the results for just about any organization, business, or brand. Not just airlines. Per The Times, “The scammers have also hijacked government sites, university domains, and even fitness sites to place scam numbers, which fools the AI into thinking they are genuine.”

This reveals a current limitation with many AI platforms. Largely they can’t distinguish when people deliberately feed them bad info, as seen in the case here.

Yet even as this attack is new, our advice remains the same: any time you want to ring up a customer service line, get the number directly from the company’s official website. Not from AI search and not by clicking a paid search result that shows up first (scammers can poison them too).

Is that a call from an FTC “agent?” If so, it’s a scam.

Are you under investigation for money laundering? Of course not. But this scam wants you to think so—and to pay up.

On Tuesday, the Federal Trade Commission (FTC) issued a consumer alert warning that people are reporting getting unexpected calls from someone saying they’re “FTC agent” John Krebs. Apparently “Agent Krebs” is telling people that they’re under investigation for money laundering—and that a deposit to a Bitcoin ATM can resolve the matter.

Of course, it’s a scam.

For starters, the FTC doesn’t have “agents.” And the idea of clearing one’s name in an investigation with a Bitcoin payment is a sure-fire sign of a scam. Lastly, any time someone asks for payment with Bitcoin or other payment methods that are near-impossible to recover (think wire transfers and gift cards), those are big red flags.

Apart from hanging up and holding on to your money, the FTC offers the following guidance, which holds true for any scam call:

Never transfer or send money to anyone in response to an unexpected call or message, no matter who they say they are.
Know that the FTC won’t ask for money. In fact, no government agency will ever tell you to deposit money at a cryptocurrency ATM, buy gift cards and share the numbers, or send money over a payment app like Zelle, Cash App, or Venmo.
Don’t trust your caller ID. A call might look like it’s coming from the government or a business, but scammers often fake caller ID.

And we close things out a quick roundup …

As always, here’s a quick list of a few stories that caught our eye this week:

AI tools transform Christmas shopping as people turn to chatbots

National cybercrime network operating for 14 years dismantled in Indonesia

Why is AI becoming the go-to support for our children’s mental health?

We’ll see you next Friday with a special edition to close out 2025 … This Year in Scams.

The post This Week in Scams: Petco Breach Warning, and Watch Out for Fake Federal Calls appeared first on McAfee Blog.

WeLiveSecurity

Black Hat Europe 2025: Reputation matters – even in the ransomware economy

— December 11^th 2025 at 16:04

Being seen as reliable is good for ‘business’ and ransomware groups care about 'brand reputation' just as much as their victims

WeLiveSecurity

Locks, SOCs and a cat in a box: What Schrödinger can teach us about cybersecurity

— December 11^th 2025 at 10:00

If you don’t look inside your environment, you can’t know its true state – and attackers count on that

WIRED

Warnings Mount in Congress Over Expanded US Wiretap Powers

By: Dell Cameron — December 11^th 2025 at 22:15

Experts tell US lawmakers that a crucial spy program’s safeguards are failing, allowing intel agencies deeper, unconstrained access to Americans’ data.

WIRED

Doxers Posing as Cops Are Tricking Big Tech Firms Into Sharing People’s Private Data

By: David Gilbert — December 11^th 2025 at 18:54

A spoofed email address and an easily faked document is all it takes for major tech companies to hand over your most personal information.

McAfee Blogs

Think That Party Invite Is Real? Fake E-Vite Scams Are the New Phishing Trap

By: Brooke Seipel — December 11^th 2025 at 17:00

It looks harmless enough.

A digital party invitation lands in your inbox or phone. You click to see the details. Then it asks you to log in or create an account before revealing the event.

That’s where the scam begins.

Fake e-vite phishing scams are on the rise, and they take advantage of something simple: social trust. You’re far more likely to click an invitation than a generic “account alert” or “delivery notice.”

And that’s exactly why scammers are using them.

In fact, here’s a screenshot of a fake phishing email I recently got this holiday season:

Screenshot of a Phishing Email sent this holiday season

When you click the “open invitation” link, it immediately asks you to sign in or create an account with your personal information. That’s the step where scammers steal your private data.

What Is a Fake E-Vite Scam?

A fake e-vite scam is a phishing attack that pretends to be a real invitation from platforms like Paperless Post or other digital invitation services.

The goal is to trick you into:

Entering your email and password
Creating a fake account on a malicious site
Clicking links that lead to credential-stealing pages
Downloading malware disguised as an invitation

Once scammers have your login information, they can:

Take over your email
Reset passwords on other accounts
Send scams to your contacts
Launch identity theft attempts

How These Fake Invitation Scams Usually Work

Here’s the most common flow:

You receive a digital invitation that looks normal
The message prompts you to “view the invitation”
You’re redirected to a login or signup page
You enter your email, password, or personal info
The invitation never appears
Your credentials have now been stolen

Because this starts with something familiar and social, many people don’t realize it’s phishing until accounts are already compromised. Plus, scammers then use your email and name to trick friends and family into trusting more fake e-vites from your account.

How to Tell If a Paperless Post Invite Is Real

Paperless Post has publicly acknowledged these scams and shared what legitimate messages actually look like.

Legitimate Paperless Post Emails Will Never:

Include .EXE attachments
Include .PDF attachments
Include any attachments other than image files

Official Paperless Post Email Domains:

Legitimate invitations and account messages only come from:

Official support emails only come from:

If the sender does not match one of these exactly, it’s a scam.

Paperless Post also notes that verified emails may display a blue checkmark in supported inboxes to confirm authenticity.

The Biggest Red Flags of a Fake E-Vite

If you see any of the following, do not click:

You’re forced to log in to “see” who invited you
The sender email doesn’t match the official domains above
The invitation creates urgency
You’re asked for payment to view the event
The message feels generic instead of personal
The site address looks slightly off

Why These Scams Are So Effective Right Now

Modern phishing attacks don’t rely on sloppy design anymore. Many now use:

Polished branding
Clean layouts
Familiar platforms
Friendly language
Social pressure

Invitation phishing is especially powerful because:

It triggers curiosity
It feels harmless
It mimics real social behavior
It doesn’t start with fear or threats
By the time the scam turns risky, your guard is already down.

What To Do If You Clicked a Fake E-Vite

If you entered any information into a suspicious invitation page:

Immediately change your email password
Change any other account that reused that password
Enable two-factor authentication
Check for unknown login activity
Warn contacts if your email may have been compromised
Run a security scan on your device

The faster you act, the more damage you can prevent.

The post Think That Party Invite Is Real? Fake E-Vite Scams Are the New Phishing Trap appeared first on McAfee Blog.

Security – Cisco Blog

The Segmentation Cycle: A Practical Approach to Network Security

By: Mark Stephens — December 11^th 2025 at 13:00

The segmentation journey starts with visibility, goes through identity context, policy and enforcement, ultimately returning to enhanced visibility.

WeLiveSecurity

Seeking symmetry during ATT&CK® season: How to harness today’s diverse analyst and tester landscape to paint a security masterpiece

— December 10^th 2025 at 15:03

Interpreting the vast cybersecurity vendor landscape through the lens of industry analysts and testing authorities can immensely enhance your cyber-resilience.

McAfee Blogs

How to Stay Safe on Your New AI Browser

By: McAfee — December 10^th 2025 at 18:58

AI-powered browsers give you much more than a window to the web. They represent an entirely new way to experience the internet, with an AI “agent” working by your side.

We’re entering an age where you can delegate all kinds of tasks to a browser, and with that comes a few things you’ll want to keep in mind when using AI browsers like ChatGPT’s Atlas, Perplexity’s Comet, and others.

What are agentic AI browsers?

So, what’s the allure of this new breed of browser? The answer is that it’s highly helpful, and plenty more.

By design, these “agentic” AI browsers actively assist you with the things you do online. They can automate tasks and interpret your intentions when you make a request. Further, they can work proactively by anticipating things you might need or by offering suggestions.

In a way, an AI browser works like a personal assistant. It can summarize the pages in several open tabs, conduct research on just about any topic you ask it to, or even track down the lowest airfare to Paris in the month of May. Want it to order ink for your printer and some batteries for your remote? It can do that too. And that’s just to name a few possibilities.

As you can see, referring to the AI in these browsers as “agentic” fits. It truly works like an agent on your behalf, a capability that promises to get more powerful over time.

Is it safe to use an AI browser?

But as with any new technology, early adopters should balance excitement with awareness, especially when it comes to privacy and security. You might have seen some recent headlines that shared word of security concerns with these browsers.

The reported exploits vary, as does the harm they can potentially inflict. That ranges from stealing personal info, gaining access to Gmail and Google Drive files, installing malware, and injecting the AI’s “memory” with malicious instructions, which can follow from session to session and device to device, wherever a user logs in.

Our own research has shown that some of these attacks are now tougher to pull off than they were initially, particularly as the AI browser companies continue to put guardrails in place. If anything, this reinforces a long-standing truth about online security, it’s a cat-and-mouse game. Tech companies put protections in place, bad actors discover an exploit, companies put further protections in place, new exploits crop up, and so on. It’s much the same in the rapidly evolving space of AI browsers. The technology might be new, but the game certainly isn’t.

While these reports don’t mean AI browsers are necessarily unsafe to use, they do underscore how fast this space is evolving…and why caution is smart as the tech matures.

How To Use an AI Browser Safely

It’s still early days for AI-powered browsers and understanding the security and privacy implications of their use. With that, we strongly recommend the following to help reduce your risk:

Don’t let an AI browser do what you wouldn’t let a stranger do. Handle things like your banking, finances, and health on your own. And the same certainly goes for all the info tied to those aspects of your life.

Pay attention to confirmations. As of today, agentic browsers still require some level of confirmation from the user to perform key actions (like processing a payment, sending an email, or updating a calendar entry). Pay close attention to them, so you can prevent your browser from doing something you don’t want it to do.

Use the “logged out” mode, if possible. As of this writing, at least one AI browser, Atlas, gives you the option to use the agent in the logged-out mode.ⁱ This limits its access to sensitive data and the risk of it taking actions on your behalf with your credentials.

If possible, disable “model learning.” By turning it off, you reduce the amount of personal info stored and processed by the AI provider for AI training purposes, which can minimize security and privacy risks.

Set privacy controls to the strictest options available. Further, understand what privacy policies the AI developer has in place. For example, some AI providers have policies that allow people to review your interactions with the AI as part of its training. These policies vary from company to company, and they tend to undergo changes. Keeping regular tabs on the privacy policy of the AI browser you use makes for a privacy-smart move.

Keep yourself informed. The capabilities, features, and privacy policies of AI-powered browsers continue to evolve rapidly. Set up news alerts about the AI browser you use and see if any issues get reported and, if so, how the AI developer has responded. Do routine searches pairing the name of the AI browser with “privacy.”

How McAfee Can Help

McAfee’s award-winning protection helps you browse safer, whether you’re testing out new AI tools or just surfing the web.

McAfee offers comprehensive privacy services, including personal info scans and removal plus a secure VPN.

Plus, protections like McAfee’s Scam Detector automatically alert you to suspicious texts, emails, and videos before harm can happen—helping you manage your online presence confidently and safeguard your digital life for the long term. Likewise, Web Protection can help you steer you clear of suspicious websites that might take advantage of AI browsers.

The post How to Stay Safe on Your New AI Browser appeared first on McAfee Blog.

WIRED

2 Men Linked to China’s Salt Typhoon Hacker Group Likely Trained in a Cisco ‘Academy’

By: Andy Greenberg — December 10^th 2025 at 17:00

The names of two partial owners of firms linked to the Salt Typhoon hacker group also appeared in records for a Cisco training program—years before the group targeted Cisco’s devices in a spy campaign.

WIRED

A Complete Guide to the Jeffrey Epstein Document Dumps

By: Maddy Varner — December 10^th 2025 at 15:26

New records about the infamous sex offender are released seemingly every week. Here’s a quick rundown of who’s releasing the Epstein documents, what they contain—and what they’re releasing next.

WeLiveSecurity

The big catch: How whaling attacks target top executives

— December 9^th 2025 at 10:00

Is your organization’s senior leadership vulnerable to a cyber-harpooning? Learn how to keep them safe.

McAfee Blogs

What Is Internet Security?

By: McAfee — November 15^th 2025 at 19:34

Internet security refers to tactics that protect your online activities from a variety of cyberthreats such as malware, phishing attacks, scams, and even unauthorized access by hackers. In this article, we will highlight the importance of internet security in safeguarding your digital network and outline what you can do to have a comprehensive online security system in place.

Internet security: Your online shield

Internet usage has become central to our daily life. In 2024 alone, DataReportal reported that around 5.56 billion—that’s 67.9%—of the world’s population were connected to the internet. This was 136 million more than the year before, resulting in the creation of approximately 402.7 million terabytes of data each day. With this wealth of information, it is no wonder that cybercriminals are scrambling to make billions of dollars off the internet.

Globally, the average cost of data breaches rose by 10% between 2023 and 2024, totaling an estimated $4.88 million. This staggering amount included not only the loss in business revenues but also recovery costs and regulatory fines. For this reason, it has become important to implement internet security to protect our online personal data, activities, and devices from cyberthreats and unauthorized access.

While internet security is sometimes confused with, it’s important to point out their subtle distinctions. Internet security focuses on protecting your activities and data as they travel across the web, while cybersecurity is focused on protecting digital assets such as systems, networks, and data from cyberthreats. These two concepts work together to create your complete digital protection environment.

The importance of internet security

Internet security threats come in a variety of forms, complexities, and detectability. Some of the common threats we face today include:

Malware: Malicious software is an umbrella term that refers to any program that exploits system vulnerabilities to damage a computer system or network and steal sensitive information from users. Examples of malware include viruses, Trojans, ransomware, spyware, and worms.
Phishing: Phishing is a social engineering scam that involves stealing a user’s sensitive data by deceiving them into opening an email or an instant message and clicking a malicious link or attachment. The data that cybercriminals target can range from login credentials to credit card numbers. You may unknowingly provide access codes to fake tech support or transfer money to scammers posing as family members in emergency situations. Phishing attacks are often used for identity theft purposes.
Spam: Spam is a term that describes unwanted email messages sent in bulk to your email inbox. This tactic is generally used to promote goods and services that users aren’t interested in. Spam email can also contain links to malicious websites that automatically install harmful programs that help hackers gain access to your data.
Botnets: This contraction of “robot network” refers to a network of computers that have been infected with malware. The computers are then prompted to perform automated tasks without permission such as sending spam and carrying out denial-of-service (DDoS) attacks.
Wi-Fi threats: Hackers exploit unprotected public connections and breach data security to obtain sensitive information such as login credentials, emails, and browsing activity. Your personal information could be stolen when you check email, shop online, or access your bank accounts on public networks.
Ransomware: This malicious software locks your files and demands payment for their release. You could lose precious family photos, important documents, or access to your devices until you pay, with no guarantee you’ll get your files back. The FBI reported nearly $12.5 billion in ransomware losses in 2024.
Credential stuffing: Cybercriminals use automated tools to test stolen username and password combinations across multiple sites, hoping you’ve reused the same login credentials. This can give hackers access to your online banking, shopping accounts, and social media profiles.
Account takeovers: When criminals gain control of your online accounts through stolen passwords or security vulnerabilities, they can lock you out while using your accounts for fraudulent activities such as draining your bank account, making unauthorized purchases, or damaging your reputation on social media. In the U.S. alone, about 77 million Americans experienced account takeover fraud in 2024.
Browser hijacking: This occurs when unwanted software changes your browser settings, redirecting you to malicious websites, flooding you with unwanted ads and pop-ups, then stealing your information or installing more malware on your device. A recent investigation revealed that at least 16 malicious extensions in Chrome alone have affected over 3.2 million users.

While internet security threats may seem overwhelming at first glance, solutions are available to safeguard your computer or mobile devices. Below is a detailed look at some security measures.

Network security basics

Your home network serves as the foundation of your digital life, connecting all your devices and enabling your online activities. Having a strong network security foundation with multiple layers of protection will keep your connections and data safe from cyber threats.

Secure the router

Your router serves as the gateway between your home devices and the internet, making it a critical security component. Start by changing your router’s default administrator username and password immediately after setup. These factory defaults are widely known and easily exploited by attackers. Choose a strong, unique password that combines letters, numbers, and symbols to prevent unauthorized access to your router’s settings.

Encrypt your Wi-Fi

Enable WPA3 encryption on your wireless network, as it provides the strongest protection for your Wi-Fi connections. If your router doesn’t support WPA3, use WPA2 as a minimum standard. These protocols scramble your data as it travels between devices and your router, making it unreadable to anyone attempting to intercept your communications.

Fortify network names and passwords

Create a unique network name or service set identifier (SSID) that doesn’t reveal your router manufacturer or model number, and pair it with a complex Wi-Fi password at least 12 characters long with a mix of uppercase and lowercase letters, numbers, and special characters. Avoid using personal information such as your address or name in either your network name or password, as this information can help attackers guess your password.

Update firmware

Regularly update your router’s firmware to patch security vulnerabilities and improve performance. Check your router manufacturer’s website quarterly for updates if automatic updates aren’t available, as outdated firmware often contains known security flaws that cybercriminals actively exploit.

Set up guest networks

Separate the guest network for visitors and smart home devices to protect your primary network where you store sensitive data. If a guest’s device is compromised or if a smart device has security vulnerabilities, the threat can’t easily spread to your main computers and phones. Configure your guest network with a strong password and consider time limits for access.

Isolate devices and segment the network

Enable access point isolation, also called client isolation, on your wireless network to prevent potentially compromised devices from attacking other devices on the same network. If you are an advanced user, consider creating separate virtual networks (VLANs) for different device types, such as keeping work computers on a different network segment than entertainment devices.

Activate the firewall

Modern routers include built-in firewalls that monitor suspicious activity in incoming and outgoing network traffic, and block potentially harmful connections and unnecessary ports and services.

Install an antivirus

Antivirus programs are engineered to prevent, detect, and remove viruses and other types of malicious software. Antivirus software can run automatic scans on specific files or directories to make sure no malicious activity is present, and no network or data breach has occurred.

McAfee’s antivirus software comes with key security capabilities such as malware detection, quarantine, and removal, as well as options for scanning files and applications, and an advanced firewall for home network security.

Use multi-factor authentication when possible

Multi-factor authentication is an authentication method that requires at least two pieces of evidence before granting access to a website. Using this method adds another layer of security to your applications and reduces the likelihood of a data breach.

Choose a safe web browser

Web browsers vary widely in terms of the security features, with some offering just the basics and others providing a more complete range of features. Ideally, you should opt for a browser that offers the following security features:

Private session browsing
Pop-up blocking
Privacy features
Anti-phishing filter
Automatic blocking of reported malicious sites
Cross-site script filtering

When properly implemented, these steps help ensure that your internet connection remains private, your data stays secure, and unauthorized users can’t access your network resources. Regular maintenance of these security settings, combined with staying informed about emerging threats, gives you the foundation for safe and confident internet use.

Internet mobile security

These days, smartphones and tablets hold more personal information than ever before—from banking details and photos to work emails and location data. While this convenience makes life easier, it also creates new opportunities for cybercriminals to target your mobile devices. As you secure your network and desktop or laptop devices, so should you treat your mobile devices with the same care. Here are some straightforward security practices that you can implement to significantly reduce your exposure to mobile threats:

Keep your operating system and apps updated: Software updates often include critical security patches that fix vulnerabilities criminals could exploit. Enable automatic updates for your device’s operating system and apps if possible, or check regularly for available updates in your device settings.
Download apps only from official stores: Stick to official app stores like Google Play Store or Apple App Store, which employ security measures to screen for malicious apps. Before downloading, read app reviews, check the developer’s reputation, and review what permissions the app requests.
Manage app permissions carefully: Regularly review and adjust app permissions in your device settings, limiting access to sensitive data like your camera, microphone, contacts, and location, unless absolutely necessary for the app’s core functionality.
Stay alert to SMS and messaging scams: Text message scams are increasingly becoming sophisticated, often impersonating legitimate companies or services. Never click links in unexpected text messages, and verify requests for personal information by contacting the company directly through official channels.
Use secure mobile browsers and settings: Configure your mobile browser with privacy and security settings that protect your data. Enable features such as pop-up blocking, disable location sharing unless needed, and consider using private browsing modes.
Activate device locks and biometric security: Use screen locks with PINs, passwords, patterns, or biometric authentication such as fingerprints or face recognition. Set your device to lock automatically after a short period of inactivity, and avoid using easily guessable codes like “1234” or your birthday.
Encrypt devices and backups: Turn on your device’s built-in encryption and create secure, encrypted backups of your important data to protect your information even if your smartphone is lost or stolen.
Set up remote lock and wipe capabilities: Enable remote tracking, lock, and wipe features on your devices. Services like Find My iPhone or Google’s Find My Device allow you to locate, lock, or remotely erase your entire device if it’s lost or stolen.
Exercise caution on public Wi-Fi networks: Avoid accessing sensitive accounts or conducting financial transactions on public networks, and consider using your phone’s mobile hotspot feature instead when you need internet access.

FAQs about internet security

Here are answers to the most common questions about protecting yourself online.

What does internet security cover?

Internet security protects you from a wide range of online threats including viruses, malware, phishing attacks, identity theft, and data breaches. It also covers your devices, personal information, online accounts, and network connections to help you browse, shop, and communicate safely online.

How is internet security different from antivirus software?

While antivirus software focuses specifically on detecting and removing malicious programs, internet security provides comprehensive protection that includes antivirus plus additional features such as firewalls, web protection, email security, identity monitoring, and safe browsing tools.

Do Macs and smartphones need internet security protection?

Yes, all devices that connect to the internet can be targeted by cybercriminals. Mobile devices and Macs face increasing security threats including malicious apps, phishing attempts, and network attacks, making protection essential regardless of your device type.

How can I stay safe on public Wi-Fi?

Avoid accessing sensitive accounts or making purchases on public Wi-Fi networks. When you must use public Wi-Fi, stick to encrypted websites with the “https” in the URL, avoid automatic connections, and consider using a VPN for added protection.

How can you keep children safe online?

As children grow older, their internet use becomes more extensive. To keep them safe online, educate them about the risks of web browsing and about best practices to avoid online threats like not sharing passwords. Explain which information should be shared and which should be kept private. Instruct them to never click on links from unknown sources. Set up parental controls on certain websites to filter inappropriate content and keep a child-friendly interface.

What are the signs that my account has been compromised?

Watch for unexpected password reset emails, unfamiliar login notifications, unusual account activity, friends receiving spam from your accounts, or unauthorized charges on your financial statements. If you notice any of these signs, change your passwords immediately and contact the relevant service providers.

How often should I update my software and devices?

Enable automatic updates whenever possible and install security patches as soon as they become available. Regular updates fix security vulnerabilities that criminals actively exploit, so staying current is one of your best defenses against cyber threats.

Final thoughts

As more cyberthreats emerge and expand both in scope and sophistication, it’s essential that you protect your internet activities. Effective protection doesn’t have to be complicated. Taking steps to install antivirus software, create strong and unique passwords, enable your firewall, and use multi-factor authentication will help build a strong defense against online threats.

Start implementing these internet security measures today and enjoy the confidence that comes with knowing you’re protected online.

For added security, consider using an all-in-one antivirus solution like McAfee+ to safeguard your devices from online threats. Let McAfee handle your security while you focus on enjoying the internet.

The post What Is Internet Security? appeared first on McAfee Blog.

McAfee Blogs

This Week in Scams: Phony AI Ads, Apple Account Takeover Attempts, and a PlayStation Scam

By: McAfee — December 5^th 2025 at 17:26

For this week in scams, we have fake AI-generated shopping images that could spoil your holidays, scammers use an Apple Support ticket in a takeover attempt, and a PlayStation scam partly powered by AI.

Let’s start with those fake ads, because holiday shopping is in full swing.

Keep a sharp eye out for fake AI shopping ads that sell knockoff goods

Turns out that three-quarters of people (74%) can’t correctly identify a fake AI-generated social media ad featuring popular holiday gifts—which could leave them open to online shopping scams.

That finding, and several others, comes by way of research from Santander, a financial services company in the UK.

Here’s a quick rundown of what else they found:

Less than one in 10 (8%) people feel “very confident” in their ability to spot an AI-generated ad on social media.
More than half (56%) fear that they or a family member could get scammed as a result.
About two-thirds (63%) said that they won’t purchase anything from social media platforms because they’re not sure what’s real and what’s fake.

From the study … could you tell these ads are both fake?

Fake ads, like this, have been popping up across social.

In all, cheap and readily available AI tools make spinning up fake ads quick and easy work. The same goes for launching websites where those “goods” can get sold. In the past, we’ve seen scammers take two different approaches when they use social media ads and websites to lure in their victims:

Phishing sites

During the holidays, scammers pump out ads that offer seemingly outstanding deals on hot items. Of course, the offer and the site where it’s “sold” is fake. Victims hand over their personal info and credit card number, never to see the items they thought they’d purchased. On top of the money a victim loses, the scammer also has their card info and can run up its tab or sell it to others on the dark web.

Knock-off sites

In this case, the scammer indeed sells and delivers something. But you don’t get what you paid for. The item looks, feels, fits, or works entirely differently than what was advertised. In this way, people wind up with a cheaply made item cobbled together with inferior materials. Worse yet, these scams potentially prop up sweatshops, child labor, and other illegal operations in the process. Nothing about these sites and the things they sell on them are genuine.

So, fake AI shopping ads are out there. What should you look out for? Here’s a quick list:

First off, any offer that sounds too good to be true and heavy discounts on hard-to-find or popular items are major signs of a scam—and have been for years running now.
See if the image looks a little too polished or even cartoony in some cases. As for people in AI ads, they can look airbrushed and have skin tones that seemingly give off an odd glow.
Look up reviews of the company. Trustpilot and the Better Business Bureau offer great resources for that. Even simple a search using “CompanyName scam” can give you an idea if it’s a scam or not.
And lastly, the combination of our Scam Detector and Web Protection can help sniff out a scam for you.

The Apple Support scam that came from … Apple? (Not really. We’ll explain.)

“I almost lost everything—my photos, my email, my entire digital life.”

So opens a recent Medium post from Eric Moret recounting how he almost handed over his Apple Account to a scammer armed with a real Apple Support ticket to make this elaborate phishing attack look legit.

Over the course of nearly 30 minutes, a scammer calmly and professionally walked Moret through a phony account takeover attempt.

It started with two-factor authentication notifications that claimed someone was trying to access his iCloud account. Three minutes later, he got a call from an Atlanta-based number. The caller said they were with Apple Support. “Your account is under attack. We’re opening a ticket to help you. Someone will contact you shortly.”

Seconds later came another call from the same number, which is where the scam fully kicked in. The person also said they were from Apple Support and that they’d opened a case on Moret’s behalf. Sure enough, when directed, Moret opened his email and saw a legitimate case number from a legitimate Apple address.

The caller then told him to reset his password, which he did. Moret received a text with a link to a site where he could, apparently, close his case.

Note that at no time did the scammers ask him for his two-factor authentication code throughout this process, which is always the sign of a scam. However, the scammers had another way to get it.

The link took him to a site called “appeal-apple dot com,” which was in fact a scam site. However, the page looked official to him, and he entered a six-digit code “confirmation code” sent by text to finish the process.

That “confirmation code” was actually a fresh two-factor authentication code. With that finally in hand, the scammers signed in. Moret received a notice that a new device had logged into his account. Moret quickly reset his password again, which kicked them out and stopped the attack.

So, what went wrong here? Let’s break down three key moments in this account takeover scam:

The unsolicited phone calls. That’s an immediate sign to hang up and call an official support number to confirm the “issue” yourself.
The fake website. A site with a URL like “appeal-apple dot com” is a scam site, even if it looks “official.” Scammers can create them easily today.
The code heist. Scammers trick people into handing over their authorization code by calling it something else, like a “confirmation code.”

So, how can you protect yourself from account takeover scams? Let’s break that down too.

Know that Apple Support won’t call you or open a case on your behalf.
Also know that anyone can create an Apple Support ticket for anyone else, without verification. If you didn’t create it yourself, it’s a strong sign of a scam.
If you have concerns, call Apple yourself at 1-800-275-2273 or contact them through their Apple Support App, available here on Apple’s support page.
Only interact with Apple through sites and emails with the proper “apple dot com” address. Watch out for altered addresses like the “appeal-apple dot com” used here.
Never, ever share your authentication code in any way … verbally, in an email, in a text, or a website. Any request for it from anyone is a scam.
You can see the devices signed into your account any time. Go to Settings, tap your Name, and scroll to see all devices linked to your Apple ID.
Get protection that blocks links to scam sites, like our Scam Detectorand Web Protection.

The FCC takes aim at the Wal-Mart PlayStation 5 Robocall Scam

Maybe you didn’t get a scam call from “Emma” or “Carl” at Wal-Mart, but plenty of people did. Around eight million in all. Now the Federal Communications Commission’s (FCC) Enforcement Bureau wants to put a stop to them.

“Emma” and “Carl” are in fact a couple of AI voices fronting a scam framed around the bogus purchase of a PlayStation. It’s garnered its share of complaints, so much that the FCC has stepped in. It alleges that SK Teleco, a voice service provider, provisioned at least some of these calls, and that it must immediately stop.

According to the FCC, the call plays out like this:

“A preauthorized purchase of PlayStation 5 special edition with Pulse 3D headset is being ordered from your Walmart account for an amount of 919 dollars 45 cents. To cancel your order or to connect with one of our customer support representatives, please press ‘1.’ Thank you.”

Pressing “1” connects you to a live operator who asks for personal identifiable such as Social Security numbers to cancel the “purchase.”

If you were wondering, it’s unlawful to place calls to cellphones containing artificial or prerecorded voice messages absent an emergency purpose or prior express consent. According to the FCC’s press release, SK Teleco didn’t respond to a request to investigate the calls. The FCC further alleges that it’s unlikely the company has any such consent.

Per the FCC, “If SK Teleco fails to take swift action to prevent scam calls, the FCC will require all other providers to no longer accept call traffic from SK Teleco.”

We’ll see how this plays out, yet it’s a good reminder to report scam calls. When it comes to any kind of scam, law enforcement and federal agencies act on complaints.

Get a scam call? Who’s here you can report it to:

The Federal Trade Commission (FTC): Report fraud, especially if you lost money, at ReportFraud.ftc.gov.
The Federal Communications Commission (FCC): Report unwanted calls, texts, and caller ID spoofing at DoNotCall.gov.
Your State Attorney General: You can find yours through https://www.naag.org/find-my-ag/.

And we close things out a quick roundup …

Here’s a quick list of a few stories that caught our eye this week:

Scammers pose as law enforcement, threaten jail time if you don’t pay (with audio)

Deepfake of North Carolina lawmaker used in award-winning Brazilian Whirlpool video

What happens when you kick millions of teens off social media? Australia’s about to find out

We’ll see you next Friday with more updates, scam news, and ways you can stay safer out there.

The post This Week in Scams: Phony AI Ads, Apple Account Takeover Attempts, and a PlayStation Scam appeared first on McAfee Blog.

WIRED

The US Won't Sanction China for Salt Typhoon Hacking

By: Andy Greenberg — December 6^th 2025 at 11:30

Plus: Officials warn of a disturbingly stealthy Chinese malware specimen, a CISA nomination stalls, and more.

WIRED

Huge Trove of Nude Images Leaked by AI Image Generator Startup’s Exposed Database

By: Matt Burgess — December 5^th 2025 at 11:00

An AI image generator startup’s database was left accessible to the open internet, revealing more than 1 million images and videos, including photos of real people who had been “nudified.”

WeLiveSecurity

Phishing, privileges and passwords: Why identity is critical to improving cybersecurity posture

— December 4^th 2025 at 10:00

Identity is effectively the new network boundary. It must be protected at all costs.

WIRED

‘Signalgate’ Inspector General Report Wants Just One Change to Avoid a Repeat Debacle

By: Lily Hay Newman — December 5^th 2025 at 00:02

The United States Inspector General report reviewing Secretary of Defense Pete Hegseth’s text messaging mess recommends a single change to keep classified material secure.

WIRED

Cloudflare Has Blocked 416 Billion AI Bot Requests Since July 1

By: Lily Hay Newman — December 4^th 2025 at 22:04

Cloudflare CEO Matthew Prince claims the internet infrastructure company’s efforts to block AI crawlers are already seeing big results.

WIRED

FBI Says DC Pipe Bomb Suspect Brian Cole Kept Buying Bomb Parts After January 6

By: Dell Cameron， David Gilbert — December 4^th 2025 at 19:42

The 30-year-old Virginia resident evaded capture for years after authorities discovered pipe bombs planted near buildings in Washington, DC, the day before the January 6, 2021, Capitol attack.

WIRED

A New Anonymous Phone Carrier Lets You Sign Up With Nothing but a Zip Code

By: Andy Greenberg — December 4^th 2025 at 17:00

Privacy stalwart Nicholas Merrill spent a decade fighting an FBI surveillance order. Now he wants to sell you phone service—without knowing almost anything about you.

McAfee Blogs

Ways to Tell if a Website Is Fake

By: McAfee — November 4^th 2025 at 16:40

Ways to Tell if a Website Is Fake

Unfortunately in today’s world, scammers are coming at us from all angles to trick us to get us to part with our hard-earned money. We all need to be vigilant in protecting ourselves online. If you aren’t paying attention, even if you know what to look for, they can get you. There are numerous ways to detect fake sites or emails, phishing, and other scams.

Before we delve into the signs of fake websites, we will first take a closer look at the common types of scam that use websites, what happens when you accidentally access a fake website, and what you can do in case you unknowingly purchased items from it.

What are fake or scam websites?

Fake or scam websites are fraudulent sites that look legitimate while secretly attempting to steal your personal information, money, or account access.

These deceptive platforms masquerade as trustworthy businesses or organizations, sending urgent messages such as popular shopping websites offering fantastic limited-time deals, banking websites requesting immediate account verification, government portals claiming you owe taxes or are eligible for refunds, and shipping companies asking for delivery fees.

The urgency aims to trick you into logging in and sharing sensitive details—credit card numbers, Social Security information, login credentials, and personal data. Once you submit your data, the scammers will steal your identity, drain your accounts, or sell your details to other criminals on the dark web.

These scam websites have become increasingly prevalent because they’re relatively inexpensive to create and can reach millions of potential victims quickly through email and text campaigns, social media ads, and search engine manipulation.

Cybersecurity researchers and consumer protection agencies discover these fraudulent sites through various methods, including monitoring suspicious domain registrations, analyzing reported phishing attempts, and tracking unusual web traffic patterns. According to the FBI’s Internet Crime Complaint Center, losses from cyber-enabled fraud amounted to $13.7 billion, with fake websites representing a significant portion of these losses.

Consequences of visiting a fake website

Visiting a fake website, accidentally or intentionally, can expose you to several serious security risks that can impact your digital life and financial well-being:

Credential theft: Scammers can capture your login information through fake login pages that look identical to legitimate sites. Once they have your username and password, they can access your real accounts and steal personal information or money.
Credit card fraud: When you enter your bank or credit card details on fraudulent shopping or fake service portals, scammers can use your payment information for unauthorized purchases or sell these to other criminals on the dark web.
Malware infection: Malicious downloads, infected ads, or drive-by downloads may happen automatically when you visit certain fake sites. These, in turn, can steal personal files, monitor your activity, or give criminals remote access to your device.
Identity theft: Fake sites can collect personal information like Social Security numbers, addresses, or birthdates through fraudulent forms or surveys.
Account takeovers: Criminals can use stolen credentials to access your email, banking, or social media accounts, potentially locking you out and using your accounts for further scams.

Common types of scam websites

Scammers use different tricks to make fake websites look real, but most of them fall into familiar patterns. Knowing the main types of scam sites helps you recognize danger faster. This section lists the most common categories of scam websites, how they work, and the red flags that give them away before they can steal your information or money.

Fake shopping stores: These fraudulent e-commerce sites steal your money and personal information without delivering products. They offer unrealistic discounts (70%+ off), have no customer service contact information, or accept payments only through wire transfers or gift cards. These sites often use stolen product images and fake customer reviews to appear legitimate.
Phishing login pages: These sites mimic legitimate services such as banks, email providers, or social media platforms to harvest your credentials. Their URLs that don’t match the official domain, such as “bankofamerica-security.com” instead of “bankofamerica.com” Their urgent messages claim your account will be suspended unless you log in immediately.
Tech support scam sites: These fake websites claim to detect computer problems and offer remote assistance for a fee. They begin with a pop-up ad with a loud alarm to warn you about viruses, provide you with phone numbers to call “immediately,” or request remote desktop access from unsolicited contacts.
Investment and crypto sites: These sites guarantee incredible returns on cryptocurrency or investment opportunities, feature fake celebrity endorsements, or pressure you to invest quickly before a “limited-time opportunity” expires.
Giveaway and lottery pages: You receive notifications with a link to a page that claims you’ve won prizes In contests you never entered, but require upfront fees or personal information to receive them. They will request bank account details to “process your winnings” or upfront processing fees.
Shipping and parcel update portals: These usually come in the form of tracking pages that mimic delivery services such as USPS, UPS, or FedEx to steal personal information or payment details. The pages ask for immediate payment to release and deliver the packages, or for login credentials to accounts you don’t have with that carrier.
Malware download pages: These ill-intentioned sites offer “free” but uncertified software, games, or media files that contain harmful code to infect your device once you click on the prominent “Download” button.
Advance fee and loan scams: These sites guarantee approved loans or financial services regardless of your credit score. But first you will have to post an upfront payment or processing fees before any actual assistance is rendered.

Understanding these common scam types helps you recognize fake sites before they can steal your information or money. When in doubt, verify legitimacy by visiting official websites directly through bookmarks or search engines rather than clicking suspicious links.

For the latest warnings and protection guidance, check resources from the Federal Trade Commission and the FBI’s Internet Crime Complaint Center.

Recognize a fake site

You can protect yourself by learning to recognize the warning signs of fake sites. By understanding what these scams look like and how they operate, you’ll be better equipped to shop, bank, and browse online with confidence. Remember, legitimate companies will never pressure you to provide sensitive information through unsolicited emails or urgent pop-up messages.

Mismatched domain name and brand: The website URL doesn’t match the company name they claim to represent, like “amazoon-deals.com” instead of “amazon.com.” Scammers use similar-looking domains to trick you into thinking you’re on a legitimate site.
Spelling mistakes and poor grammar: Legitimate businesses invest in professionally created content to ensure clean and error-free writing or graphics. If you are on a site with multiple typos, awkward phrasing, or grammatical errors, these indicate that it was hastily created and not thoroughly reviewed like authentic websites.
Missing or invalid security certificate: The site lacks “https://” in the URL or shows security warnings in your browser. Without proper encryption, any information you enter can be intercepted by criminals.
Fantastic deals: Look out for prices that are dramatically low—like designer items at 90% off or electronics at impossibly low costs. Scammers use unrealistic bargains to lure victims into providing payment information.
High-pressure countdown timers: The site displays urgent messages such as “Only 2 left!” or countdown clocks with limited-time offers that reset when you refresh the page. These fake urgency tactics push you to make hasty decisions without proper research.
No physical address, contact information, legitimate business details: The site provides only an email address or contact form. In the same vein, any email address they provide may look strange like northbank@hotmail.com. Any legitimate business will not be using a public email account such as Hotmail, Gmail, or Yahoo.
Missing or vague return policy: Legitimate businesses want satisfied customers and provide clear policies for returns and exchanges. Scams, however, cannot provide clear refund policies, return instructions, or customer service information.
Stolen or low-quality images: Scammers often steal images from legitimate sites without permission, making their product photos look pixelated, watermarked, or inconsistent in style and quality.
Fake or generic reviews: Authentic reviews include specific details and a mix of ratings and comments. On fake websites, however, customer reviews are overly positive with generic language, posted on the same dates, or contain similar phrasing patterns.
Limited payment options: Legitimate businesses offer secure payment options with buyer protection. Fake websites, however, only accept wire transfers, cryptocurrency, gift cards, or other non-reversible or untraceable payment methods.
Recently registered domain: The website was created very recently—often just days or weeks ago, whereas established businesses typically have older, stable web presences.
Fake password: If you’re at a fake site and type in a phony password, the fake site is likely to accept it.

Recognize phishing, SMiShing, and other fake communications

Most scams usually start out from social engineering tactics such as phishing, smishing, and fake social media messages with suspicious links, before leading you to a fake website.

From these communications, the scammers impersonate legitimate organizations before finally executing their malevolent intentions. To avoid being tricked, it is essential to recognize the warning signs wherever you encounter them.

Email phishing red flags

Fake emails are among the most common phishing attempts you’ll encounter. If you see any of these signs in an unsolicited email, it is best not to engage:

One way to recognize a phishing email is by its opening greeting. A legitimate email from your real bank or business will address you by name rather than a generic greeting like “Valued Customer” or something similar.
In the main message, watch for urgent language like “Act now!” or “Your account will be suspended immediately.” Legitimate organizations rarely create artificial urgency around routine account matters. Also pay attention to the sender’s email address. Authentic companies use official domains, not generic email services like Gmail or Yahoo for business communications.
Be suspicious of emails requesting your credentials, Social Security number, or other sensitive information. Banks and reputable companies will never ask for passwords or personal details via email.
Look closely at logos and formatting. Spoofed emails often contain low-resolution images, spelling errors, or slightly altered company logos that don’t match the authentic versions.

SMS and text message scams

Smishing messages bear the same signs as phishing emails and have become increasingly sophisticated. These fake messages often appear to come from delivery services, banks, or government agencies. Common tactics include fake package delivery notifications, urgent banking alerts, or messages claiming you’ve won prizes or need to verify account information.

Legitimate organizations typically don’t include clickable links in unsolicited text messages, especially for account-related actions. When in doubt, don’t click the link—instead, open your banking app directly or visit the official website by typing the URL manually.

Social media phishing

Social media platforms give scammers new opportunities to create convincing fake profiles and pages. They might impersonate customer service accounts, create fake giveaways, or send direct messages requesting personal information. These fake sites often use profile pictures and branding that closely resemble legitimate companies.

Unusual sender behavior is another indicator of a scam across all platforms. This includes messages from contacts you haven’t heard from in years, communications from brands you don’t typically interact with, or requests that seem out of character for the supposed sender.

Examples of fake or scam websites

Scammers have become increasingly cunning in creating fake websites that closely mimic legitimate businesses and services. Here are some real-life examples of how cybercriminals use fake websites to victimize consumers:

USPS-themed scams and websites

Scammers exploit your trust in the United States Postal Service (USPS), designing sophisticated fake websites to steal your personal information, payment details, or money. They know you’re expecting a package or need to resolve a delivery issue, making you more likely to enter sensitive information without carefully verifying the site’s authenticity.

USPS-themed smishing attacks arrive as text messages stating your package is delayed, undeliverable, or requires immediate action. Common phrases include “Pay $1.99 to reschedule delivery” or “Your package is held – click here to release.”

Common URL tricks in USPS scams

Scammers use various URL manipulation techniques to make their fake sites appear official. Watch for these red flags:

Misspelled domains: Sites like “uspps.com,” “uspo.com,” or “us-ps.com” instead of the official “usps.com”
Extra characters: URLs containing hyphens, numbers, or additional words like “usps-tracking.com” or “usps2024.com”
Different extensions: Domains ending in .net, .org, .info, or country codes instead of .com
Subdomain tricks: URLs like “usps.fake-site.com” where “usps” appears as a subdomain rather than the main domain
HTTPS absence: Legitimate USPS pages use secure HTTPS connections, while some fake sites may only use HTTP

Verify through official USPS channels

Always verify package information and delivery issues through official USPS channels before taking any action on suspicious websites or messages:

Official USPS website: Report the incident directly to usps.com by typing the URL into your browser rather than clicking links from emails or texts. Use the tracking tool on the homepage to check your package status with the official tracking number.
Official USPS mobile app: The USPS mobile app, available from official app stores, provides secure access to tracking, scheduling, and delivery management. Verify that you are downloading from USPS by checking the publisher name and official branding.
USPS customer service: If you receive conflicting information or suspect a scam, call USPS customer service at 1-800-ASK-USPS (1-800-275-8777) to verify delivery issues or payment requests.
Your local post office: When you need definitive verification, speak with postal workers at your local USPS location who can access your package information directly in their systems.

Where and how to report fake USPS websites

Reporting fake USPS websites helps protect others from falling victim to these scams and assists law enforcement in tracking down perpetrators.

Report to USPS: Forward suspicious emails to the United States Postal Inspection Service and report fake websites through the USPS website’s fraud reporting section. The postal inspection service investigates mail fraud and online scams targeting postal customers.
File with the Federal Trade Commission: Report the fraudulent website at ReportFraud.ftc.gov, providing details about the fake site’s URL, any money lost, and screenshots of the fraudulent pages.
Contact the Federal Bureau of Investigation: Submit reports through the FBI’s Internet Crime Complaint Center, especially if you provided personal information or lost money to the scam.
Alert your state attorney general: Many state attorneys general offices track consumer fraud and can investigate scams targeting residents in their jurisdiction.

Remember that legitimate USPS services are free for standard delivery confirmation and tracking. Any website demanding payment for basic package tracking or delivery should be treated as suspicious and verified through official USPS channels before providing any personal or financial information.

Tech support pop-up ads scams

According to the Federal Trade Commission, tech support scams cost Americans nearly $1.5 billion in 2024. These types of social engineering attacks are increasingly becoming sophisticated, making it more important than ever to verify security alerts through official channels.

Sadly, many scammers are misusing the McAfee name to create fake tech support pop-up scams and trick you into believing your computer is infected or your protection has expired and hoping you’ll act without thinking.

These pop-ups typically appear while you’re browsing and claim your computer is severely infected with viruses, malware, or other threats. They use official-looking McAfee logos, colors, and messaging to appear legitimate to get you to call a fake support number, download malicious software, or pay for unnecessary services.

Red flags of fake McAfee pop-up

Learning to detect fake sites and pop-ups protects you from scam. Be on the lookout for these warning signs:

Offering phone numbers to call immediately: Legitimate McAfee software never displays pop-ups demanding you call a phone number right away for virus removal.
Requests for remote access: Authentic McAfee alerts won’t ask you for permission to remotely control your computer to “fix” issues.
Immediate payment demands: Real McAfee pop-ups don’t require instant payment to resolve security threats.
Countdown timers: Fake alerts often include urgent timers claiming your computer will be “locked” or “damaged” if you don’t act immediately.
Poor grammar and spelling: Many fraudulent pop-ups contain obvious spelling and grammatical errors.
Browser-based alerts: Genuine McAfee software notifications appear from the actual installed program, not through your web browser.

Properly close a McAfee-themed pop-up ad

If you see a suspicious pop-up claiming to be from McAfee, here’s exactly what you should do:

Close the tab immediately: Don’t click anywhere on the pop-up, not even the “X” button, as this might trigger malware downloads.
Use keyboard shortcuts: Press Ctrl+Alt+Delete or Command+Option+Escape (Mac) to force-close your browser safely.
Don’t call any phone numbers: Never call support numbers displayed on the pop-ups, as these connect you directly to scammers.
Avoid downloading software: Don’t download any “cleaning” or “security” tools offered through pop-ups.
Clear your browser cache: After closing the pop-up, clear your browser’s cache and cookies to remove any tracking elements.

Verify your actual McAfee protection status

To check if your McAfee protection is genuinely active and up-to-date:

Open your installed McAfee software directly: Click on the McAfee icon in your system tray or search for McAfee in your start menu.
Visit the official McAfee website: Go directly to mcafee.com by typing it into your address bar.
Log into your McAfee account: Check your subscription status through your official McAfee online account.
Use the McAfee mobile app: Download the official McAfee Mobile Security app to monitor your protection remotely.

Remember, legitimate McAfee software updates and notifications come through the installed program itself, not through random browser pop-ups. Your actual McAfee protection works quietly in the background without bombarding you with alarming messages.

Crush fake tech support pop-ups

Stay protected by trusting your installed McAfee software and always verifying security alerts through official McAfee channels such as your installed McAfee dashboard or the official website.

Close your browser safely. If you see a fake McAfee pop-up claiming your computer is infected, don’t click anything on the pop-up. Instead, close your browser completely using Alt+F4 (Windows) or Command+Q (Mac). If the pop-up does not close, open Task Manager (Ctrl+Shift+Esc) and end the browser process. This prevents any malicious scripts from running and stops the scammers from accessing your system.
Clear browser permissions. Fake security pop-ups often trick you into allowing notifications that can bombard you with more scam alerts. Go to your browser settings and revoke notification permissions for suspicious sites. In Chrome, go to Settings > Privacy and Security > Site Settings > Notifications, then remove any unfamiliar or suspicious websites from the allowed list.
Remove suspicious browser extensions. Malicious extensions can generate fake McAfee alerts and redirect you to scam websites. Check your browser extensions by going to the extensions menu and removing any you don’t recognize or didn’t intentionally install.
Reset your browser settings. If fake pop-ups persist, reset your browser to its default settings to remove unwanted changes made by malicious websites or extensions, while preserving your bookmarks and saved passwords. In most browsers, you can find the reset option under Advanced Settings.
Run a complete security scan. Use your legitimate antivirus software to perform a full system scan. If you don’t have security software, download a reputable program from the official vendor’s website only, such as McAfee Total Protection, to detect and remove any malware that might be generating the fake pop-ups.
Update your operating system and browser. Ensure your device has the latest security and web browser updates installed, which often include patches for vulnerabilities that scammers exploit. Enable automatic updates to stay protected against future threats.
Review and adjust notification settings. Configure your browser to block pop-ups and block sites from sending you notifications. You could be tempted to allow some sites to send you alerts, but we suggest erring on the side of caution and just block all notifications.

Steps to take if you visited or purchased from a fake site

Be prepared and know how to respond quickly when something doesn’t feel right. If you suspect you’ve encountered a fake website, trust your instincts and take these protective steps immediately.

Disconnect immediately: Close your browser by using Alt+F4 (Windows), Ctrl + W (Chrome), or Command+Q (Mac) on your keyboard.
Run a comprehensive security scan: If you suspect a virus or malware, disconnect from the internet to prevent data transmission. Conduct a full scan using your antivirus software to detect and remove any potential threats that may have been downloaded.
Contact your credit card issuer: Call the number on the back of your card and report the fraudulent charges for which you can receive zero liability protection. Card companies allow up to 60 days for charge disputes under federal law and can refund payments made to the fake store. Consider requesting a temporary freeze on your account while the investigation proceeds.
Cancel your credit card: Request a replacement card with a new number to give you a fresh start. Your card issuer can expedite the request if needed, often within 24-48 hours.
Document everything thoroughly: Save all emails, receipts, order confirmations, and screenshots of the fake website before it potentially disappears. This documentation will be crucial for your chargeback and insurance claims, and any legal proceedings.
Update passwords on other accounts: Scammers often test stolen credentials across multiple platforms, so if you reused the same password on the fake site that you use elsewhere, change those passwords immediately. Enable two-factor authentication on important accounts like email, banking, and social media.
Stay alert for follow-up scams: Scammers may attempt to contact you via phone, email, or text claiming to “resolve” your situation through fake shipping notifications, additional payments to “release” your package, or “refunds” on your money in exchange for personal information.
Monitor your credit and financial accounts. Keep a close eye on your bank and credit card statements for several months and place a fraud alert on your credit reports through one of the three major credit bureaus—TransUnion, Equifax, and Experian. Consider a credit freeze for maximum protection.
Check for legitimate alternatives. If you were trying to purchase a specific product, research authorized retailers or the manufacturer’s official website. Verify business credentials, secure payment options, and return policies before making new purchases.

Report a scam website, email, or text message

Federal Trade Commission: Report fraudulent websites to the FTC, which investigates consumer complaints and uses this data to identify patterns of fraud and take enforcement action against scammers.
FBI’s Internet Crime Complaint Center: Submit detailed reports to the ICc3 for suspected internet crimes. IC3 serves as a central hub for reporting cybercrime and coordinates with law enforcement agencies nationwide.
State Attorney General: If the fake store claimed to be located in your state, consider reporting to your state attorney general’s office, as these have dedicated fraud reporting systems and can take action against businesses operating within state boundaries. Find your state’s reporting portal through the National Association of Attorneys General website.
Domain registrar, hosting provider, social media: Look up the website’s registration details using a WHOIS tool, then report abuse to both the domain registrar and web hosting company. Most providers have dedicated abuse reporting emails and will investigate violations of their terms of service. If the fake page is on social media, you can report it to the platform to protect other consumers.
Search engines: Report fraudulent sites to Google through their spam report form and to Microsoft Bing via their webmaster tools to prevent the fake sites from appearing in search results.
The impersonated brand: If scammers are impersonating a legitimate company, report directly to that company’s fraud department or customer service. Most brands have dedicated channels for reporting fake websites and will work to shut them down.
Share your experience to protect others: Leave reviews on scam-reporting websites such as the Better Business Bureau’s Scam Tracker or post about your experience on social media to warn friends and family. Your experience can help others avoid the same trap and contribute to the broader fight against online fraud.
Essential evidence to gather:

- Full website URL and any redirected addresses
- Screenshots of the fraudulent pages, including fake logos or branding
- Transaction details, if you made a purchase (receipts, confirmation emails, payment information)
- Email communications from the scammers
- Date and time when you first encountered the site
- Any personal information you may have provided

Additional reporting resources: The CISA maintains an updated list of reporting resources while the Anti-Phishing Working Group investigates cases of the fake sites that appear to be collecting personal information fraudulently. For text message scams, forward the message to 7726 (SPAM).

Final thoughts

Recognizing fake sites and emails becomes easier with practice. The key is to trust your instincts—if something feels suspicious or too good to be true, take a moment to verify through official channels. With the simple verification techniques covered in this guide, you can confidently navigate the digital world and spot fake sites and emails before they cause harm.

Your best defense is to make these quick security checks a regular habit—verify URLs, look for secure connections, and trust your instincts when something feels off. Go directly to the source or bookmark your most-used services and always navigate to them. Enable two-factor authentication on important accounts, and remember that legitimate companies will never ask for sensitive information via email. Maintaining healthy skepticism about unsolicited communications will protect not only your personal information but also help create a safer online environment for everyone.

For the latest information on fake websites and scams and to report them, visit the Federal Trade Commission’s scam alerts or the FBI’s Internet Crime Complaint Center.

The post Ways to Tell if a Website Is Fake appeared first on McAfee Blog.

Security – Cisco Blog

Segmentation Remains a Foundational Security Concept

By: Aamer Akhter — December 4^th 2025 at 13:00

The 2025 Cisco Segmentation Report shows that the concept’s adaptability makes it a foundational cornerstone for modern enterprise security strategies.

WIRED

The Louisiana Department of Wildlife and Fisheries Is Detaining People for ICE

By: Caroline Haskins — December 4^th 2025 at 11:30

Louisiana’s hunting and wildlife authority is one of more than 1,000 state and local agencies that have partnered with US immigration authorities this year alone.

Security – Cisco Blog

GovWare 2025 Security Operations Centre

By: Jessica (Bair) Oppenheimer — December 3^rd 2025 at 06:03

Cisco Security and Splunk secured the GovWare 2025 network in the Security Operations Centre. Learn about the latest innovations for the SOC of the Future.

Security – Cisco Blog

From Detection to Deep Dive: Splunk Attack Analyzer and Endace for GovWare 2025 Security

By: Allison Gallo — December 2^nd 2025 at 08:00

At GovWare 2025, the team leveraged Splunk Attack Analyzer's API to connect to Endace.

Security – Cisco Blog

Unmasking Attacks With Cisco XDR at the GovWare SOC

By: Robin Wei — December 2^nd 2025 at 08:00

During GovWare, Cisco XDR detected 39 incidents. The SOC team conducted analysis and response actions, and reported critical incidents to the GovWare NOC.

Security – Cisco Blog

Splunk SOAR in Action at the GovWare: Zero-Touch Clear Text Password Response

By: Allison Gallo — December 2^nd 2025 at 08:00

At GovWare 2025, the SOC team combined ES with Splunk SOAR to fully automate and track the incident response process.

Security – Cisco Blog

GovWare Captive Portal: (Splash Page)

By: Ryan Maclennan — December 2^nd 2025 at 08:00

Cisco provided a splash page for GovWare 2025, a click-through captive portal. Learn how the team did it.

WIRED

Russia Wants This Mega Missile to Intimidate the West, but It Keeps Crashing

By: Stephen Clark， Ars Technica — December 3^rd 2025 at 00:00

One of Vladimir Putin’s favorite sabers to rattle seems to have lost its edge.

WIRED

Your Data Might Determine How Much You Pay for Eggs

By: Maddy Varner — December 2^nd 2025 at 19:10

A newly enacted New York law requires retailers to say whether your data influences the price of basic goods like a dozen eggs or toilet paper, but not how.

McAfee Blogs

McAfee Named ADVANCED+ in Real-World Protection — What That Means for You

By: Brooke Seipel — December 1^st 2025 at 20:54

When it comes to online safety, independent testing matters. And in the latest AV-Comparatives Real-World Protection Test, McAfee earned the highest possible rating, ADVANCED+, with a 99.5% protection rate. It’s the kind of recognition that helps shoppers understand which tools truly hold up in real-life conditions, not just in controlled lab environments.

For anyone navigating today’s mix of emails, downloads, suspicious links, and AI-driven scams, independent results like these are a clear signal: strong protection still makes a real difference.

What Is the AV-Comparatives Real-World Protection Test?

The Real-World Protection Test is an independent evaluation run by AV-Comparatives, a trusted third-party security testing lab. The test measures how well antivirus and online protection tools block real threats that people encounter every day, including dangerous URLs, malicious downloads, phishing pages, and harmful files attempting to run on a device.

This type of testing is widely cited by major tech publications and review sites because it reflects actual user behavior rather than controlled lab simulations.

Why This Recognition Matters

According to AV-Comparatives, their Real-World Protection Test is designed to measure how security products perform in situations people face every day: clicking a link, opening a file, visiting a site for the first time.

It’s one of the most widely cited sources in tech journalism and consumer product reviews, and it often shapes how online shoppers evaluate cybersecurity tools.

Here’s why tests like these are used in tech reviews, buying guides, and search engine rankings:

They compare multiple brands under the same conditions
They use real-world threats, not theoretical malware
They measure false positives, which impact everyday usability
They influence third-party reviews and product roundups
They help shoppers choose trustworthy protection without guesswork

McAfee has earned an ADVANCED+ rating in all tests since June 2022, demonstrating our consistency and reliability in the moments that matter most: when a threat appears disguised as something routine.

About the AV-Comparatives Real-World Protection Test

The latest evaluation included 19 consumer security products, each tested across the full attack chain, from the moment a malicious URL is accessed to the instant a dangerous file tries to execute.

Unlike benchmark tests that focus on one part of the process, this assessment mirrors real user behavior. AV-Comparatives notes that the methodology is meant to be “as realistic as possible,” and the results often reveal meaningful differences in both protection and false positives.

With this round of testing, McAfee maintains its cycle of highest ratings in every Real-World Protection Test, while several well-known competitors were downgraded due to high false-positive counts.

What This Means for Everyday Users

A high protection score matters most when you’re simply going about your day — shopping, banking, downloading a file, or clicking a link you think is safe. Independent recognition signals three core things:

1. Trustworthy Protection

Strong results indicate that advanced threats, misleading links, and malicious downloads are blocked before they can cause harm.

2. Fewer False Alarms

With only four false positives out of nearly 500 samples, McAfee flagged less than 1% of clean files incorrectly. For context: the industry average in this test was 10 false positives, and one competitor even misidentified 75, meaning it labeled nearly 16% of harmless activity as a threat.

The takeaway is simple: strong protection shouldn’t get in your way, and these results show it doesn’t.

3. Innovation That Keeps Pace With Scammers

Criminals now use AI to make fake emails, websites, and support messages look real. Testing that mirrors those real-world conditions helps consumers see which tools stay ahead of that curve.

A Note on McAfee Protection Tools

McAfee’s threat protection, the same technology validated in this test, is built into McAfee+ Premium, McAfee+ Advanced, McAfee+ Ultimate, McAfee Total Protection, and McAfee LiveSafe.

McAfee’s built-in Scam Detector, included in all core plans, automatically detects scams across text, email, and video, blocks dangerous links, and identifies deepfakes—stopping harm before it happens.

The post McAfee Named ADVANCED+ in Real-World Protection — What That Means for You appeared first on McAfee Blog.

WIRED

Flock Uses Overseas Gig Workers to Build Its Surveillance AI

By: Joseph Cox — December 1^st 2025 at 14:00

An accidental leak revealed that Flock, which has cameras in thousands of US communities, is using workers in the Philippines to review and classify footage.

WIRED

The WIRED Guide to Digital Opsec for Teens

By: JP Aumasson， Lily Hay Newman — November 29^th 2025 at 12:00

Practicing good “operations security” is essential to staying safe online. Here's a complete guide for teenagers (and anyone else) who wants to button up their digital lives.

WIRED

Poems Can Trick AI Into Helping You Make a Nuclear Weapon

By: Matthew Gault — November 28^th 2025 at 10:00

It turns out all the guardrails in the world won’t protect a chatbot from meter and rhyme.

WIRED

The Destruction of a Notorious Myanmar Scam Compound Appears to Have Been ‘Performative’

By: Matt Burgess — November 26^th 2025 at 16:33

Myanmar’s military has been blowing up parts of the KK Park scam compound. Experts say the actions are likely for show.

WIRED

ICE Offers Up to $280 Million to Immigrant-Tracking ‘Bounty Hunter’ Firms

By: Dell Cameron — November 25^th 2025 at 19:54

Immigration and Customs Enforcement lifted a $180 million cap on a proposed immigrant-tracking program while guaranteeing multimillion-dollar payouts for private surveillance firms.

McAfee Blogs

The Most Impersonated Brands in Holiday Shopping, Ranked

By: Brooke Seipel — November 24^th 2025 at 14:45

Scammers aren’t worried about ending up on the naughty list. If anything, they’re doubling down in 2025.

This year, scammers are impersonating major brands with startling accuracy, from fake delivery updates to cloned checkout pages.

Our McAfee Labs researchers analyzed real scam texts, emails, and URLs from October through early November, along with consumer survey data, to identify the patterns shaping this season’s fraud.

Here’s what shoppers need to know, what’s trending upward, and how to spot the fakes before they reach your cart.

What Is a Holiday Brand-Impersonation Scam?

A brand-impersonation scam is when criminals copy a real brand, like a retailer, tech company, bank, or delivery service, to make fake emails, texts, ads, or websites that look legitimate.

Their goal is to trick shoppers into clicking, entering account details, or making a payment.

McAfee Labs’ brand impersonation analysis shows criminals focusing on the items people shop for most — tech gifts, luxury goods, and high-demand drops.

Fake versions of these brands typically include:

Copied product photos
Familiar layouts
Holiday sale graphics
Support pages designed to capture logins

An example of a phishing attempt this holiday season. THIS IS A FAKE PHISHING EMAIL!

Which Brands Are Being Faked the Most This Holiday Season?

Top 5 most impersonated luxury brands

Coach
Dior
Ralph Lauren
Rolex
Gucci

Top 5 most impersonated mainstream consumer brands

Apple
Nintendo
Samsung
Disney
Steam

Other Key Research Takeaways US:

Email scams are exploding, up ~50% in retail and ~85% in tech as the holidays approach.
Fake storefronts are rising, with technology URL scams up nearly 50% and consumer URL scams up ~5%.
Trusted brands are the most impersonated, including Amazon, Microsoft, Apple, Walmart, and Costco.
96% plan to shop online
91% see ads from unfamiliar retailers
37% may buy from brands they don’t recognize
AI is reshaping scams, with 46% of Americans encountering fake celebrity or influencer endorsements.

Other Key Research Takeaways UK:

97% plan to shop online
86% see ads from unfamiliar retailers
30% may buy from brands they don’t recognize
AI is reshaping scams, with 42% of Americans encountering fake celebrity or influencer endorsements.

How to Stay Safe While Brands Are Being Faked This Season

Scammers are getting better at copying the brands you trust, but avoiding the fakes gets much easier when you slow down, verify what you see, and use tools that check links and messages before you click.

Here’s what actually helps during a season when realistic-looking scams are everywhere:

1. Go straight to the source

If you get a message about an order, refund, delivery issue, or account lockout, don’t click the link.

Go directly to the retailer’s app or type the URL manually.

This single habit eliminates most holiday scams.

This may look exactly like the Netflix login page... but it's not. This scam landing page is meant to steal your username and password. — This may look exactly like the Netflix login page… but it’s not. This scam landing page is meant to steal your username and password.

2. Inspect the sender, not the graphics

Scammers can recreate logos, colors, and templates perfectly.

What they can’t easily mimic:

A legitimate domain
A verified phone number
A support email that matches the company’s format

If the sender looks off, the message is off.

3. Let security tools check the link for you

McAfee’s online protection adds a critical layer of holiday safety, especially when scammers imitate retailers with near-perfect accuracy.

Key protections include:

Web Protection
Blocks malicious or suspicious websites before they load — including fake checkout pages, login portals, and support sites.

Scam Detector
Built into all core McAfee plans. It flags scam texts, emails, and even deepfake-style video promotions, letting you know a link or message is unsafe before you interact with it.

Password Manager
Creates and stores strong, unique passwords so a stolen login from one retailer doesn’t unlock your whole digital life.

Identity & Financial Monitoring
Transaction Monitoring and Credit Monitoring can alert you to unusual activity — a crucial safety net when stolen logins, card numbers, or personal details circulate quickly during the holidays.

These tools help counter the exact tactics scammers rely on: cloned websites, fake brand emails, and phishing links disguised as legitimate retailers.

This shows a SMishing text from a fake Amazon. Companies won't text you like this. — This shows a SMishing text from a fake Amazon. Companies won’t text you like this.

4. Turn on two-factor authentication everywhere you shop

Even if a scammer gets your password, they can’t get in without your one-time code.

5. Treat urgency as a red flag

Legitimate companies don’t ask you to “act in minutes,” pay fees to “unlock” an account, or claim you must stay on the line.

Pressure is a tactic — not customer service.

6. Keep an eye on your accounts

Check your banking and shopping accounts weekly.

Small unauthorized charges often appear before large ones.

The post The Most Impersonated Brands in Holiday Shopping, Ranked appeared first on McAfee Blog.

WeLiveSecurity

MDR is the answer – now, what’s the question?

— November 24^th 2025 at 10:00

Why your business needs the best-of-breed combination of technology and human expertise

WIRED

Amazon Is Using Specialized AI Agents for Deep Bug Hunting

By: Lily Hay Newman — November 24^th 2025 at 14:00

Born out of an internal hackathon, Amazon’s Autonomous Threat Analysis system uses a variety of specialized AI agents to detect weaknesses and propose fixes to the company’s platforms.

Security – Cisco Blog

A Glimpse Into Cisco Mobile Infrastructure Security Developments

By: Oussama Naffati — November 24^th 2025 at 13:00

See how Cisco is helping mobile operators improve visibility, protect traffic at high speed, and keep security consistent from core to edge.

McAfee Blogs

This Week in Scams: DoorDash Breach and Fake Flight Cancellation Texts

By: McAfee — November 21^st 2025 at 19:23

Leading off our news on scams this week, a heads-up for DoorDash users, merchants, and Dashers too. A data breach of an undisclosed size may have impacted you.

Per an email sent by the company to “affected DoorDash users where required,” a third party gained access to data that may have included a mix of the following:

First and last name
Physical address
Phone number
Email address

You might have got the email too. And even if you didn’t, anyone who’s used DoorDash should take note.

As to the potential scope of the breach, DoorDash made no comment in its email or a post on their help site. Of note, though, is that one of the help lines cited in their post mentions a French-language number—implying that the breach might affect Canadian users as well. Any reach beyond the U.S. and Canada remains unclear.

Per the company’s Q2 financial report this year, “hundreds of thousands of merchants, tens of millions of consumers, and millions of Dashers across over 30 countries every month.” Stats published elsewhere put the user base at more than 40 million people, which includes some 600,000 merchants.

The company underscored that no “sensitive” info like Social Security Numbers (and potentially Canadian Social Insurance Numbers) were involved in the breach. This marks the third notable breach by the well-known delivery service, with incidents in 2019 and 2022

Image of DoorDash email about data breach.

What to do if you think you got caught up in the DoorDash breach

While the types of info involved here appear to be limited, any time there’s a breach, we suggest the following:

Protect your credit and identity. Checking your credit and getting identity theft protection can help keep you safer in the aftermath of a breach. Further, a security freeze can help prevent identity theft if you spot any unusual activity. You can get all three in place with our McAfee+ Advanced or Ultimate plans.

Keep an eye out for phishing attacks. With some personal info in hand, bad actors might seek out more. They might follow up a breach with rounds of phishing attacks that direct you to bogus sites designed to steal your personal info. As with any text or email you get from a company, make sure it’s legitimate before clicking or tapping on any links. Instead, go straight to the appropriate website or contact them by phone directly. Also, protections like our Scam Detector and Web Protection can alert you to scams and sketchy links before they take you somewhere you don’t want to go.

Update your passwords and use two-factor authentication. Changing your password is a strong preventive measure. Strong and unique passwords are best, which means never reusing your passwords across different sites and platforms. Using a password manager helps you stay on top of it all while also storing your passwords securely.

Attention travelers: Now boarding, a rise in flight cancellation scams

Even as the FAA lifted recent flight restrictions on Monday morning, scammers are still taking advantage of lingering uncertainty, and upcoming holiday travel, with a spate of flight cancellation scams.

How the scam works

Fake cancellation texts

The first comes via a text message saying that your flight has been cancelled and you must call or rebook quickly to avoid losing your seat—usually in 30 minutes. It’s a typical scammer trick, where they hook you with a combination of bad news and urgency. Of course, the phone number and the site don’t connect you with your airline. They connect you to a scammer, who walks away with your money and your card info to potentially rip you off again.

Fake airline sites in search results

The second uses paid search results. We’ve talked about this trick in our blogs before. Because paid search results appear ahead of organic results, scammers spin up bogus sites that mirror legitimate ones and promote them in paid search. In this way, they can look like a certain well-known airline and appear in search before the real airline’s listing. With that, people often mistakenly click the first link they see. From there, the scam plays out just as above as the scammer comes away with your money and card info.

How to avoid flight cancellation scams

Q: How can I confirm whether my flight is really canceled?
A: Check directly in your airline’s official app or website. Never click links in texts or emails.

Q: How can I spot a fake airline search result?
A: Look for “Ad”/“Sponsored,” confirm the URL, and check that the site uses HTTPS, not HTTP.

Q: Is there a tool that flags fake booking sites?
A: Scam-spotting tools like Scam Detector and Web Protection can identify sketchy links before you click.

In search, first isn’t always best.

Look closely to see if your top results are tagged with “Sponsored” or “Ad” in some way, realizing it might be in fine print. Further, look at the web address. Does it start with “https” (the “s” means secure), because many scam sites simply use an unsecured “http” site. Also, does the link look right? For example, if you’re searching for “Generic Airlines,” is the link the expected “genericairlines dot-com” or something else? Scammers often try to spoof it in some way by adding to the name or by creating a subdomain like this: “genericairlines.rebookyourflight dot-com.”

Get a scam detector to spot bogus links for you.

Even with these tips and tools, spotting bogus links with the naked eye can get tricky. Some look “close enough” to a legitimate link that you might overlook it. Yet a combination of features in our McAfee+ plans can help do that work for you. Our Scam Detector helps you stay safer with advanced scam detection technology built to spot and stop scams across text messages, emails, and videos. Likewise, our Web Protection will alert you if a link might take you to a sketchy site. It’ll also block those sites if you accidentally tap or click on a bad link.

Scammers Hijack a Trusted Mass Texting Provider

You’ve probably seen plenty of messages sent by short code numbers. They’re the five- or six-digit codes used to send texts instead of by a phone number. For example, your cable company might use one to send a text for resetting a streaming password, the same goes for your pharmacy to let you know a prescription is ready or your state’s DoT to issue a winter travel alert, and so on.

According to NBC News, scammers sent hundreds of thousands of texts using codes used by the state of New York, a charity, and a political organizing group. The article also cites an email sent to messaging providers by the U.S. Short Code Registry, an industry nonprofit that maintains those codes in the U.S. In the email, the registry said attempted attacks on messaging providers are on the rise.

What this means for the rest of us is that just about any text from an unknown number, and now short codes, might contain malicious links and content. It’s one more reason to arm yourself with the one-two punch of our Scam Detector and Web Protection.

What are short codes?
Short codes are 5–6 digit numbers used by pharmacies, utilities, banks, and government agencies to send official alerts.

Why this attack is unusual
Scammers didn’t spoof short codes—they gained access to real ones used by:

The State of New York
A charity
A political organizing group

Why this matters
Even texts from legitimate short-code numbers can no longer be trusted at face value.

What to do now

Treat any unexpected text—even from a short code—as suspicious.
Don’t tap links.
Verify by going directly to the official website or app.

Quick Scam Roundup

Consumers warned over AI chatbots giving inaccurate financial advice

Our advice: Always verify recommendations with trusted financial sources

Why our own clicks are often cybercrime’s greatest allies

Our advice: Many attacks rely on rushed or emotional decisions, slow down before clicking

TikTok malware scam uses fake software activation guides to steal data

Our advice: Download software only from official sources

We’ll be back after the Thanksgiving weekend with more updates, scam news, and ways to stay cyber safe.

The post This Week in Scams: DoorDash Breach and Fake Flight Cancellation Texts appeared first on McAfee Blog.

WIRED

US Border Patrol Is Spying on Millions of American Drivers

By: Dell Cameron， Andrew Couts — November 22^nd 2025 at 11:30

Plus: The SEC lets SolarWinds off the hook, Microsoft stops a historic DDoS attack, and FBI documents reveal the agency spied on an immigration activist Signal group in New York City.

WIRED

This Hacker Conference Installed a Literal Antivirus Monitoring System

By: Violet Blue — November 21^st 2025 at 11:00

At New Zealand's Kawaiicon cybersecurity convention, organizers hacked together a way for attendees to track CO2 levels throughout the venue—even before they arrived.

WIRED

4 People Indicted in Alleged Conspiracy to Smuggle Supercomputers and Nvidia Chips to China

By: Paresh Dave — November 20^th 2025 at 22:26

A federal prosecutor alleged that one defendant boasted that his father “had engaged in similar business for the Chinese Communist Party.”

McAfee Blogs

How to Follow McAfee on Google News in One Simple Step

By: McAfee — November 20^th 2025 at 18:21

Want McAfee’s latest scam alerts, cybersecurity tips, and safety updates to show up automatically in your Google News feed? You can follow McAfee directly on Google News with a single tap.

Google News now gives every official publisher a dedicated page — and McAfee has one. Once you follow us, our newest articles will appear in your Following tab and throughout your personalized news feed whenever they’re relevant to you.

Here’s how to do it in seconds.

Follow McAfee on Google News

Step 1: Go to our official Google News page

Tap or click this link:

McAfee Official Google News Source Page

This opens McAfee’s verified publisher page inside Google News.

Image shows McAfee's Google News source page. — Image shows McAfee’s Google News source page.

Step 2: Tap the “Follow” button

You’ll see a star icon at the top of the page.

Tap Follow and you’re done.

That’s it — McAfee is now part of your personalized news feed.

What happens after you follow McAfee

When you tap the star:

McAfee appears under Following → Sources in Google News
Our stories show up more often when you search for cybersecurity topics
You’ll see McAfee alerts, safety tips, and threat updates sooner
Google prioritizes McAfee when we publish on topics you care about (AI scams, malware, identity theft, etc.)

No settings menus. No advanced search. Just one tap.

How to Unfollow or Manage Your Sources

If you ever want to update your feed:

Open Google News
Go to Following → Sources
Tap the star again to unfollow
Or rearrange which sources matter most to you

Image shows how to find your preferred sources in Google News

FAQs

Do I need the Google News app?

No. Following works in both browsers and the app.

Will this make McAfee show up first for every search?

Not automatically — but Google does prioritize publishers you follow when the content is relevant.

Can I follow McAfee on multiple devices?

Yes. It’s tied to your Google account, not your phone or laptop.

Is the follow button safe?

Absolutely. This is Google’s built-in publisher follow system.

Stay Updated, Stay Safer

Cyber threats move fast — following McAfee on Google News makes it easier to stay ahead of scams, breaches, and emerging AI risks.

The post How to Follow McAfee on Google News in One Simple Step appeared first on McAfee Blog.

McAfee Blogs

Ghost Tapping: What It Is, How It Works, and How to Stay Safe

By: McAfee — November 19^th 2025 at 21:40

Contactless payments make everyday purchases fast and easy. Yet with that convenience comes a risk: ghost tapping.

In crowded spaces or rushed moments, a scammer could trigger a small tap-to-pay charge or push through a higher amount without your clear consent. Understanding what ghost tapping is, how it happens, and what to do next helps you keep your money and identity secure.

What Is Ghost Tapping?

Ghost tapping is a form of contactless fraud where someone attempts to initiate a tap-to-pay transaction without your approval.

Tap-to-pay cards and mobile wallets on phones use a technology called “near-field communication,” or NFC. That lets them communicate with things like a point-of-sale device for payment at a very close range. It’s generally quite safe, particularly because of the “near” part. You have to get very close to make the connection.

Even so, proximity and distraction can be exploited. Attackers may try to skim limited details from RFID (Radio Frequency Identification technology) cards or NFC cards, or nudge you into approving a payment you didn’t intend. If you’ve ever wondered what ghost tapping is, think of it as an opportunistic, in-person scam that abuses the tap-to-pay moment rather than a remote hack.

How Ghost Tapping Happens

Most schemes rely on getting close and catching you off guard. A criminal might carry a portable reader, press into a pocket or bag, and attempt a low-value charge. Others set up tampered terminals, rushing you so you don’t check the amount.

Consider These Two Scenarios:

You’re at a busy farmer’s market. A scammer with a phone equipped with a point-of-sale app stumbles into you and gets close enough to your card to trigger a transaction. It’s almost like a modern-day pickpocket move, where the bump distracts the victim from the theft as it happens.

In another case, you might come across a phony vendor. Maybe someone’s selling cheap hats outside a football game or someone’s going around your neighborhood selling candy, supposedly to support a charity. In scenarios like these, you tap to pay with your phone just as you’d expect… but with one exception: the “vendor” jacks up the purchase price. They hurry you through the transaction, so quickly that you don’t review the screen before you confirm payment.

We’ve also seen reports of people getting Apple Pay scammed by impostor merchants who exploit quick taps and small screens. While mobile wallets add strong safeguards, poor visibility and social pressure can still lead to losses.

The Better Business Bureau on Ghost Tapping:

A report posted on the Scam Tracker at the Better Business Bureau (BBB) shows how the phony vendor version of this scam allegedly played out:

“An individual is going door to door in [location redacted] claiming to be selling chocolate on behalf of [redacted] to support special needs students. He says that he can only accept tap-to-pay to get people to pay with a card. He then charges large amounts to the card without the cardholder being able to see the amount. He got my mother for $537… Another victim for $1100… He changes neighborhoods frequently to avoid getting caught.”

Signs of Ghost Tapping and Common Myths

Early ghost detecting starts with vigilance. Watch for unfamiliar small charges, especially after crowded events, and alerts tied to contactless transactions. If you see odd activity tied to RFID cards or NFC cards, act quickly.

Common myths persist. Attackers can’t drain accounts from far away, clone full cards via a tap, or bypass wallet protections easily. Most successful cases hinge on proximity, distraction, and human error. Meanwhile, Apple Pay scam stories often involve rushed taps and unverified totals.

Effective ghost detecting focuses on timely alerts, careful review, and immediate response.

How to Protect Yourself from Ghost Tapping Scams

The BBB, which recently broke the story of these scams, offers several pieces of advice. We have some advice we can add as well.

From the BBB…

Store your cards securely. An RFID-blocking wallet or sleeve can help stop wireless skimming.
Always confirm payment details. Before tapping your card or phone, check the merchant’s name and amount on the terminal screen.
Set up transaction alerts. Many banks allow real-time notifications for every charge.
Keep an eye on your accounts. Daily checks help you spot fraud faster.
Limit tap-to-pay use in high-risk areas. Consider swiping or inserting your card instead.

From us at McAfee…

Monitor your identity and your credit.

The problem with many card scams is that they can lead to further identity theft and fraud, which you only find out about once the damage is done. Actively monitoring your identity and credit goes beyond single transaction alerts from your bank and can spot an emerging problem before it becomes an even bigger one. You can take care of both easily with timely notifications from our credit monitoring and identity monitoring features, all as part of our McAfee+ plans.

When you’re out and about, consider what you’re carrying—and where you carry it.

The physical safety of your phone and cards counts as well. While ghost tapping scams are new, old-school physical pickpocketing attempts persist. When it comes to devices and things like debit cards, credit cards, and even cash, keep what you bring with you to the bare minimum when you go out. This can cut your losses if the unfortunate happens. If you have a credit card and ID holder attached to the back of your phone, you may want to remove your cards from it. That way, if your phone gets snatched, those important cards don’t get snatched as well.

When in doubt, shop with a credit card.

In the U.S., credit cards offer you additional protection that debit cards don’t. That’s thanks to the Fair Credit Billing Act (FCBA). It limits your liability to $50 for fraudulent charges on a credit card if you report the loss to your issuer within 60 days.

The post Ghost Tapping: What It Is, How It Works, and How to Stay Safe appeared first on McAfee Blog.

WIRED

With the Rise of AI, Cisco Sounds an Urgent Alarm About the Risks of Aging Tech

By: Lily Hay Newman — November 20^th 2025 at 10:00

Generative AI is making it even easier for attackers to exploit old and often forgotten network equipment. Replacing it takes investment, but Cisco is making the case that it’s worth it.

WIRED

WIRED Roundup: DHS’s Privacy Breach, AI Romantic Affairs, and Google Sues Text Scammers

By: Zoë Schiffer， Brian Barrett — November 19^th 2025 at 22:09

In this episode of Uncanny Valley, we discuss our scoop about how the Department of Homeland Security illegally collected Chicago residents’ data for months, as well as the news of the week.

WIRED

Vaping Is ‘Everywhere’ in Schools—Sparking a Bathroom Surveillance Boom

By: Mark Keierleber — November 19^th 2025 at 10:00

Schools in the US are installing vape-detection tech in bathrooms to thwart student nicotine and cannabis use. A new investigation reveals the impact of using spying to solve a problem.

McAfee Blogs

Venmo 101: Making Safer Payments with the App

By: McAfee — November 18^th 2025 at 17:00

As the holiday season ramps up, so do group dinners, shared travel costs, gift exchanges, and all the little moments where someone says, “Just Venmo me.”

With more people sending and splitting money this time of year, scammers know it’s prime time to target payment apps. Here’s how to keep your Venmo transactions safe during one of the busiest — and riskiest — payment seasons.

What kind of scams are on Venmo?

Venmo scams come in all shapes, and many of them look like variations of email phishing and text scams. The scammers behind them will pose as Venmo customer service reps who ask for your login credentials. Other scammers offer bogus cash prizes and pyramid schemes that lure in victims with the promise of quick cash. Some scammers will use the app itself to impersonate friends and family to steal money.

Venmo has a dedicated web page on the topic of scams, and lists the following as the top Venmo scams out there:

· Fake Prize or Cash Reward

· Call from Venmo

· Call from Tech Support

· Fake Payment Confirmation

· Pre-payment for Goods and Services

· Stranger Posing as a Friend

· Payments from Strangers

· Offers to Make Money Fast

· Paper Check Scam

· Romance Scam

Venmo has thorough instructions to combat these scams and breaks them down in detail on its site. They also provide preventative tips and steps to take if you unfortunately fall victim to one of these scams. Broadly speaking, though, avoiding Venmo scams breaks down into a few straightforward steps.

How to avoid getting scammed on Venmo

1) Never share private details.

Scammers often pose as customer service reps to pump info out of their victims. They’ll ask for things like bank account info, debit card or credit card numbers, or even passwords and authentication codes sent to your phone. Never share this info. Legitimate reps from legitimate companies like Venmo won’t request it.

2) Know when Venmo might ask for your Social Security number.

In the U.S., Venmo is regulated by the Treasury Department. As such, Venmo might require your SSN in certain circumstances. Venmo details the cases where they might need your SSN for reporting, here on their website. Note that this is an exception to what we say about sharing SSNs and tax ID numbers. As a payment app, Venmo might have legitimate reasons to request it. However, don’t send this info by email or text (any email or text that asks you to do that is a scam). Instead, always use the mobile app by going to Settings –> Identity Verification.

3) Keep an eye out for scam emails and texts.

Venmo always sends communications through its official “venmo.com” domain name. If you receive an email that claims to be from Venmo but that doesn’t use “venmo.com,” it’s a scam. Never click or tap on links in emails or texts supposedly sent by Venmo.

4) Be suspicious of the messages you get. Imposters are afoot.

Another broad category of scams includes people who aren’t who they say they are. In the case of Venmo, scammers will create imposter accounts that look like they might be a friend or family member but aren’t. If you receive an unexpected and likely urgent-sounding request for payment, contact that person outside the app. See if it’s really them.

5) When sending money, keep an eye open for alerts from the app.

Just recently, Venmo added a new feature, dynamic alerts, which helps protect people when sending money via the “Friends and Family” option. It pops up an alert if the app detects a potentially fraudulent transaction and includes info that describes the level of risk involved. In the cases of highly risky payments, Venmo might decline the transaction altogether. This adds another level of protection to Friends and Family payments, which are non-refundable in cases of fraud. Further, this underscores another important point about using Venmo: only pay people you absolutely know and trust.

More ways to stay safe on Venmo

Keep your transactions private. Venmo has a social component that can display a transaction between two people and allow others to comment on it. Payment amounts are always secret. Yet you have control over who sees what by adjusting your privacy settings:

Public – Everyone on the internet can see and comment on the transaction.
Friends – Only your Venmo friends and the other participant’s friends can see and comment on the transaction. (Note that the friends of the other participant might be strangers to you, so “friends and friends of friends” is more accurate here.)
Private – Here, only the participants can view and comment on the transaction.

This brings up the question, what if the participants in the transaction have different privacy settings? Venmo uses the most restrictive one. So, if you’re paying someone who has their privacy set to “Public” and you have yours set to “Private,” the transaction will indeed be private.

We suggest going private with your account. The less financial information you share, the better. You can set your transactions to private by heading into the Settings of the Venmo app, tapping on Privacy, and then selecting Private.

In short, just because something is designed to be social doesn’t mean it should become a treasure trove of personal data about your spending habits.

Add extra layers of security. Take extra precautions that make it difficult for others to access your Venmo app.

First off, lock your phone. Whether with a PIN or other form of protection, locking your phone prevents access to everything you keep on it, which is important in the case of loss or theft. Our own research found that only 58% of adults take the vital step of locking their phones. If you fall into the 42% of people who don’t, strongly consider changing that.
Within the Venmo app, you can also enable Face ID and a PIN (on iOS) or a PIN and biometric unlock (Android). These add a further layer of security by asking for identification each time you open the app. That way, even if someone gets access to your phone, they’ll still have to leap through that security hurdle to access your Venmo app.
Use a strong, unique password for your account. That’s a password with at least 13 characters using a mix of cases, numbers, and symbols that you don’t use anywhere else. You can also have a password manager do that work for you across all your accounts.

Keep your online finances even more secure with the right tools

Online protection software like ours offers several additional layers of security when it comes to your safety and finances online.

For starters, it includes Web Protection and Scam Detector that can block malicious and questionable links that might lead you down the road to malware or a phishing scam, such as a phony Venmo link designed to steal your login credentials. It also includes a password manager that creates and stores strong, unique passwords for each of your accounts.

Moreover, it further protects you by locking down your identity online. Transaction Monitoring and Credit Monitoring help you spot any questionable financial activity quickly. And if identity theft unfortunately happens to you, up to $2 million in ID theft coverage & restoration can help you recover quickly.

The post Venmo 101: Making Safer Payments with the App appeared first on McAfee Blog.