Login
Ever take a look at an ATM and feel like something’s off? You might have come across an ATM skimmer.
It works like this… A crook tampers with an ATM by attaching a physical device that skims card info as cards people grab or deposit money. From there, a keypad overlay or tiny pinhole camera captures your PIN as people tap it in. And with that info, the crook has everything they need to create several counterfeit cards.
Of course, that thief has to transfer that info. In some cases, the thief creeps back, removes the skimming device, downloads your data, and burns it to a blank ATM card. More sophisticated skimmers are connected, so thieves can download stolen info from the skimmer and then use that info to buy stuff online. Either way, a skimmer can take a big chunk out of your bank account.
However, you have ways of spotting these sketchy ATMs. And yet, there are more ways to protect your finances if you fall victim to a carefully concealed skimmer.
Spotting a hacked ATM can get a bit tricky, yet you can look for a few signs. Generally speaking, ATMs are sturdy by design. If a card reader or keypad wiggles at all or the keypad feels too spongy or sticks when you tap the buttons, you might be looking at a hacked ATM. Also keep an eye out for extra pieces of plastic stuck to the ATM, which can be places where a crook has concealed a camera. Often, they’ll disguise cameras in brochure holders and overhead lights.
Another clue of a hacked ATM — scanners and other components that don’t match the color and style of the machine. In all, anything that looks tacked on or out of place gives you a good reason to use another ATM.
To protect yourself further, follow these tips:
Be choosy.
While out and about, consider using ATMs installed at a bank. These are watched more closely than ATMs in public places, which makes them harder to tamper with.
Cover the keypad when entering your PIN.
Thieves need your card number and your PIN to access your account with a copycat card. By covering the keypad, you prevent cameras and onlookers from seeing your PIN.
Check your bank and credit card statements often.
If your card does get skimmed, acting quickly counts. Thieves can quickly rack up purchases and out a chunk of your account. Banks typically watch for fraud and will contact you about unusual activity.
Better yet, you can keep a closer eye on your accounts yourself. Our McAfee+ plans offer several types of account and transaction monitoring. Together, they can alert to strange transactions across bank, credit, retirement, and other accounts. They can also alert you if any of your info at the bank gets changed, which helps prevent account takeovers.
The post What is ATM Skimming? appeared first on McAfee Blog.
I think I could count on my hand the people I know who have NOT had their email hacked. Maybe they found a four-leaf clover when they were kids!
Email hacking is one of the very unfortunate downsides of living in our connected, digital world. And it usually occurs as a result of a data breach – a situation that even the savviest tech experts find themselves in.
In simple terms, a data breach happens when personal information is accessed, disclosed without permission, or lost. Companies, organisations, and government departments of any size can be affected. Data stolen can include customer login details (email addresses and passwords), credit card numbers, identifying IDs of customers e.g. driver’s license numbers and/or passport numbers, confidential customer information, company strategy, or even matters of national security.
Data breaches have made headlines, particularly over the last few years. When the Optus and Medibank data breaches hit the news in 2022 affecting almost 10 million Aussies a piece, we were all shaken. But then when Aussie finance company Latitude, was affected in 2023 with a whopping 14 million people from both Australia and New Zealand affected, it almost felt inevitable that by now, most of us would have been impacted.
But these were the data breaches that grabbed our attention. The reality is that data breaches have been happening for years. In fact, the largest data breach in Australian history actually happened in May 2019 to the online design site Canva which affected 137 million users globally including many Aussies.
So, in short – it can happen to anyone, and the chances are you may have already been affected.
The sole objective of a hacker is to get their hands on your data. And any information that you share in your email account can be very valuable to them. But why do they want your data, you ask? It’s simple really – so they can cash in! Some will keep the juicy stuff for themselves – passwords or logins to government departments or large companies they may want to ’target’ with the aim of extracting valuable data and/or funds. But the more sophisticated ones will sell your details including name, telephone, email address, and credit card details, and cash in on the Dark Web. They often do this in batches. Some experts believe they can get as much as AU$250 for a full set of details including credit cards. So, you can see why they’d be interested in you!
The other reason why hackers will be interested in your email address and password is that many of us re-use these login details across our other online accounts too. So, once they’ve got their hands on your email credentials then they may be able to access your online banking and investment accounts – the possibilities are endless if you are using the same login credentials everywhere. So, you can see why I harp on about using a unique password for every online account!
There is a plethora of statistics on just how big this issue is – all of them concerning.
According to the Australian Institute of Criminology, there were over 16,000 reports of identity theft in 2022.
The Department of Home Affairs and Stay Smart Australia reports that cybercrime costs Australian businesses $29 billion a year with the average business spending around $275,000 to remedy a data breach
And although there has been a slight reduction in Aussies falling for phishing scams in recent years (down from 2.7% in 2020/1 to 2.5% in 2022/3), more Australians are falling victim to card fraud scams with a total of $2.2 billion lost in 2023.
But regardless of which statistic you choose to focus on, we have a big issue on our hands!
If you find yourself a victim of email hacking there are a few very important steps you need to take and the key is to take them FAST!!
This is the very first thing you must do to ensure the hacker can’t get back into your account. It is essential that your new password is complex and totally unrelated to previous passwords. Always use at least 8-10 characters with a variety of upper and lower case and throw in some symbols and numbers. I really like the idea of a crazy, nonsensical sentence – easier to remember and harder to crack! But, better still, get yourself a password manager that will create a password that no human would be capable of creating.
If you find the hacker has locked you out of your account by changing your password, you will need to reset the password by clicking on the ‘Forgot My Password’ link.
This is time-consuming but essential. Ensure you change any other accounts that use the same username and password as your compromised email. Hackers love the fact that many people still use the same logins for multiple accounts, so it is guaranteed they will try your info in other email applications and sites such as PayPal, Amazon, Netflix – you name it!
Once the dust has settled, please review your password strategy for all your online accounts. A best practice is to ensure every online account has its own unique and complex password.
A big part of the hacker’s strategy is to ‘get their claws’ into your address book with the aim of hooking others as well. Send a message to all your email contacts as soon as possible so they know to avoid opening any emails (most likely loaded with malware) that have come from you.
Yes, multi-factor authentication (or 2-factor authentication) adds another step to your login but it also adds another layer of protection. Enabling this will mean that in addition to your password, you will need a special one-time use code to log in. This can be sent to your mobile phone or alternatively, it may be generated via an authenticator app. So worthwhile!
It is not uncommon for hackers to modify your email settings so that a copy of every email you receive is automatically forwarded to them. Not only can they monitor your logins for other sites, but they’ll keep a watchful eye over any particularly juicy personal information. So, check your mail forwarding settings to ensure no unexpected email addresses have been added.
Don’t forget to check your email signature to ensure nothing spammy has been added. Also, ensure your ‘reply to’ email address is actually yours! Hackers have been known to create an email address here that looks similar to yours – when someone replies, it goes straight to their account, not yours!
This is essential also. If you find anything, please ensure it is addressed, and then change your email password again. And if you don’t have it – please invest. Comprehensive security software will provide you with a digital shield for your online life. McAfee+ lets you protect all your devices – including your smartphone – from viruses and malware. It also contains a password manager to help you remember and generate unique passwords for all your accounts.
If you have been hacked several times and your email provider isn’t mitigating the amount of spam you are receiving, then consider starting afresh but don’t delete your email address. Many experts warn against deleting email accounts as most email providers will recycle your old email address. This could mean a hacker could spam every site they can find with a ‘forgot my password’ request and try to impersonate you – identity theft!
Your email is an important part of your online identity so being vigilant and addressing any fallout from hacking is essential for your digital reputation. And even though it may feel that ‘getting hacked’ is inevitable, you can definitely reduce your risk by installing some good quality security software on all your devices. Comprehensive security software such as McAfee+ will alert you when visiting risky websites, warn you when a download looks ‘dodgy’, and will block annoying and dangerous emails with anti-spam technology.
It makes sense really – if you don’t receive the ‘dodgy’ phishing email – you can’t click on it! Smart!
And finally, don’t forget that hackers love social media – particularly those of us who overshare on it. So, before you post details of your adorable new kitten, remember it may just provide the perfect clue for a hacker trying to guess your email password!
Till next time
Alex
The post What to Do If Your Email Is Hacked appeared first on McAfee Blog.
It’s that time of year again – tax season! Whether you’ve already filed in the hopes of an early refund or have yet to start the process, one thing is for sure: cybercriminals will certainly use tax season as a means to get victims to give up their personal and financial information. This time of year is advantageous for malicious actors since the IRS and tax preparers are some of the few people who actually need your personal data. As a result, consumers are targeted with various scams impersonating trusted sources like the IRS or DIY tax software companies. Fortunately, every year the IRS outlines the most prevalent tax scams, such as voice phishing, email phishing, and fake tax software scams. Let’s explore the details of these threats.
So, how do cybercriminals use voice phishing to impersonate the IRS? Voice phishing, a form of criminal phone fraud, uses social engineering tactics to gain access to victims’ personal and financial information. For tax scams, criminals will make unsolicited calls posing as the IRS and leave voicemails requesting an immediate callback. The crooks will then demand that the victim pay a phony tax bill in the form of a wire transfer, prepaid debit card or gift card. In one case outlined by Forbes, victims received emails in their inbox that allegedly contained voicemails from the IRS. The emails didn’t actually contain any voicemails but instead directed victims to a suspicious SharePoint URL. Last year, a number of SharePoint phishing scams occurred as an attempt to steal Office 365 credentials, so it’s not surprising that cybercriminals are using this technique to access taxpayers’ personal data now as well.
In addition to voice phishing schemes, malicious actors are also using email to try and get consumers to give up their personal and financial information. This year alone, almost 400 IRS phishing URLs have been reported. In a typical email phishing scheme, scammers try to obtain personal tax information like usernames and passwords by using spoofed email addresses and stolen logos. In many cases, the emails contain suspicious hyperlinks that redirect users to a fake site or PDF attachments that may download malware or viruses. If a victim clicks on these malicious links or attachments, they can seriously endanger their tax data by giving identity thieves the opportunity to steal their refund. What’s more, cybercriminals are also using subject lines like “IRS Important Notice” and “IRS Taxpayer Notice” and demanding payment or threatening to seize the victim’s tax refund.
Cybercriminals are even going so far as to impersonate trusted brands like TurboTax for their scams. In this case, DIY tax preparers who search for TurboTax software on Google are shown ads for pirated versions of TurboTax. The victims will pay a fee for the software via PayPal, only to have their computer infected with malware after downloading the software. You may be wondering, how do victims happen upon this malicious software through a simple Google search? Unfortunately, scammers have been paying to have their spoofed sites show up in search results, increasing the chances that an innocent taxpayer will fall victim to their scheme.
Money is a prime motivator for many consumers, and malicious actors are fully prepared to exploit this. Many people are concerned about how much they might owe or are predicting how much they’ll get back on their tax refund, and scammers play to both of these emotions. So, as hundreds of taxpayers are waiting for a potential tax return, it’s important that they navigate tax season wisely. Check out the following tips to avoid being spoofed by cybercriminals and identity thieves:
File before cybercriminals do it for you. The easiest defense you can take against tax season schemes is to get your hands on your W-2 and file as soon as possible. The more prompt you are to file, the less likely your data will be raked in by a cybercriminal.
Keep an eye on your credit and your identity. Keeping tabs on your credit report and knowing if your personal information has been compromised in some way can help prevent tax fraud. Together, they can let you know if someone has stolen your identity or if you have personal info on the dark web that could lead to identity theft.
Watch out for spoofed websites. Scammers have extremely sophisticated tools that help disguise phony web addresses for DIY tax software, such as stolen company logos and site designs. To avoid falling for this, go directly to the source. Type the address of a website directly into the address bar of your browser instead of following a link from an email or internet search. If you receive any suspicious links in your email, investigating the domain is usually a good way to tell if the source is legitimate or not.
Protect yourself from scam messages. Scammers also send links to scam sites via texts, social media messages, and email. Text Scam Detector can help you spot if the message you got is a fake. It uses AI technology that automatically detects links to scam URLs. If you accidentally click, don’t worry, it can block risky sites if you do.
Clean up your personal info online. Crooks and scammers have to find you before they can contact you. After all, they need to get your phone number or email from somewhere. Sometimes, that’s from “people finder” and online data brokers that gather and sell personal info to any buyer. Including crooks. McAfee Personal Data Cleanup can remove your personal info from the data broker sites scammers use to contact their victims.
Consider an identity theft protection solution. If for some reason your personal data does become compromised, be sure to use an identity theft solution such as McAfee Identity Theft Protection, which allows users to take a proactive approach to protect their identities with personal and financial monitoring and recovery tools to help keep their identities personal and secured.
The post How to Steer Clear of Tax Season Scams appeared first on McAfee Blog.
What’s the difference between identity fraud and identity theft? Well, it’s subtle, so much so that it’s easy to use them nearly interchangeably. While both can take a bite out of your wallet, they are different—and knowing the differences can help you understand what’s at stake.
Let’s start with an overview and a few examples of each.
So there’s that subtle difference we mentioned. Identity fraud involves the misuse of an existing account. Identity theft means the theft of your personal information, which is then used to impersonate you in some way, such as opening new accounts in your name.
Above and beyond those definitions and examples, a couple of real-life examples put the differences in perspective as well.
As for identity fraud, individual cases of fraud don’t always make the headlines, but that’s not to say you won’t hear about it in a couple of different ways.
The first way may be news stories about data breaches, where hackers gain things like names, emails, and payment information from companies or organizations. That info can then end up in the hands of a fraudster, who then accesses those accounts to drain funds or make purchases.
On a smaller scale, you may know someone who has had to get a new credit or debit card because theirs was compromised, perhaps by a breach or by mistakenly making a payment through an insecure website or by visiting a phony login page as part of a phishing attack. These can lead to fraud as well.
It usually starts with someone saying anything from, “That’s strange …” to “Oh, no!” There’ll be a strange charge on your credit card bill, a piece of mail from a bill collector, or a statement from an account you never opened—just to name a few things.
With that, I have a few recent blogs that help you spot all kinds of identity crime, along with advice to help keep it from happening to you in the first place:
While there are differences between identity fraud and identity theft, they do share a couple of things in common: you can take steps to prevent them, and you can take steps to limit their impact should you find yourself faced with one or the other.
The articles called out above will give you the details, yet staying safe begins with vigilance. Check on your accounts and credit reports regularly and really scrutinize what’s happening in them. Consider covering yourself with an identity monitoring solution — and act on anything that looks strange or outright fishy by reporting it to the company or institution in question.
The post How To Tell The Difference Between Identity Fraud and Identity Theft? appeared first on McAfee Blog.
Did you just get word that your personal information may have been caught up in a data breach? If so, you can take steps to protect yourself from harm should your info get into the hands of a scammer or thief.
How does that information get collected in the first place? We share personal information with companies for multiple reasons simply by going about our day—to pay for takeout at our favorite restaurant, to check into a hotel, or to collect rewards at the local coffee shop. Of course, we use our credit and debit cards too, sometimes as part of an online account that tracks our purchase history.
In other words, we leave trails of data practically wherever we go these days, and that data is of high value to hackers. Thus, all those breaches we read about.
Whether it’s a major breach that exposes millions of records or one of many other smaller-scale breaches like the thousands that have struck healthcare providers, each one serves as a reminder that data breaches happen regularly and that we could find ourselves affected. Depending on the breach and the kind of information you’ve shared with the business or organization in question, information stolen in a breach could include:
What do crooks do with that data? Several things. Apart from using it themselves, they may sell that data to other criminals. Either way, this can lead to illicit use of credit and debit cards, draining of bank accounts, claiming tax refunds or medical expenses in the names of the victims, or, in extreme cases, assuming the identity of others altogether.
In all, data is a kind of currency in of itself because it has the potential to unlock several aspects of victim’s life, each with its own monetary value. It’s no wonder that big breaches like these have made the news over the years, with some of the notables including:
As mentioned, these are big breaches with big companies that we likely more than recognize. Yet smaller and mid-sized businesses are targets as well, with some 43% of data breaches involving companies of that size. Likewise, restaurants and retailers have seen their Point-of-Sale (POS) terminals compromised, right on down to neighborhood restaurants.
When a company experiences a data breach, customers need to realize that this could impact their online safety. If your favorite coffee shop’s customer database gets leaked, there’s a chance that your personal or financial information was exposed. However, this doesn’t mean that your online safety is doomed. If you think you were affected by a breach, you can take several steps to protect yourself from the potential side effects.
One of the most effective ways to determine whether someone is fraudulently using one or more of your accounts is to check your statements. If you see any charges that you did not make, report them to your bank or credit card company immediately. They have processes in place to handle fraud. While you’re with them, see if they offer alerts for strange purchases, transactions, or withdrawals.
Our credit monitoring service can help you keep an eye on this. It monitors changes to your credit score, report, and accounts with timely notifications and guidance so you can take action to tackle identity theft.
Breached and stolen information often ends up in dark web marketplaces where hackers, scammers, and thieves purchase it to commit yet more crime. Once it was difficult to know if your information was caught up in such marketplaces, yet now an identity monitoring service can do the detective work for you.
Our service monitors the dark web for your personal info, including email, government IDs, credit card and bank account info, and more. This can help keep your personal info safe with early alerts that show you if your data is found on the dark web, an average of 10 months ahead of similar services. From there, you’ll get guidance that you can act on, which can help protect your info and accounts from theft.
If you suspect that your data might have been compromised, place a fraud alert on your credit. This not only ensures that any new or recent requests undergo scrutiny, but also allows you to have extra copies of your credit report so you can check for suspicious activity. You can place one fraud alert with any of the three major credit reporting agencies (Equifax, Experian, TransUnion) and they will notify the other two. A fraud alert typically lasts for a year, although there are options for extending it as well.
Freezing your credit will make it highly difficult for criminals to take out loans or open new accounts in your name, as a freeze halts all requests to pull your credit—even legitimate ones. In this way, it’s a far stronger measure than placing a fraud alert. Note that if you plan to take out a loan, open a new credit card, or other activity that will prompt a credit report, you’ll need to take extra steps to see that through while the freeze is in place. (The organization you’re working with can assist with the specifics.) Unlike the fraud alert, you’ll need to contact each major credit reporting agency to put one in place. Also, a freeze lasts as long as you have it in place. You’ll have to remove it yourself, again with each agency.
You can centrally manage this process with our security freeze service, which stops companies from looking at your credit profile, and thus halts the application process for loans, credit cards, utilities, new bank accounts, and more. A security freeze won’t affect your credit score.
Ensure that your passwords are strong and unique. Many people utilize the same password or variations of it across all their accounts. Therefore, be sure to diversify your passcodes to ensure hackers cannot obtain access to all your accounts at once, should one password be compromised. You can also employ a password manager to keep track of your credentials, such as the one you’ll find in comprehensive online protection software.
If the unfortunate happens to you, an identity theft coverage & restoration service can help you get back on your feet. Ours offers $1 million in coverage for lawyer fees, travel expenses, and stolen funds reimbursement. It further provides support from a licensed recovery expert who can take the needed steps to repair your identity and credit. In all, it helps you recover the costs of identity theft along with the time and money it takes to recover from it.
You can take this step any time, even if you haven’t been caught up in a data breach. The fact is that data broker companies collect and sell thousands of pieces of information on millions and millions of people worldwide, part of a global economy estimated at $200 billion U.S. dollars a year. And they’ll sell it to anyone—from advertisers for their campaigns, to scammers who will use it for spammy emails, texts, and calls, and to thieves who use that information for identity theft.
Yet you can clean it up. Our personal data cleanup service can scan some of the riskiest data broker sites and show you which ones are selling your personal info. It also provides guidance on how you can remove your data from those sites and, with select products, even manage the removal for you.
Comprehensive online protection software will offer you the tools and services listed above, along with further features that can protect you online. That includes a VPN to keep your time online more private from online data collection while protecting it from thieves who’re out to steal credit card and account information. It also includes web browsing protection that can warn you of sketchy websites and malicious downloads that look to steal your information. In all, it’s thorough protection for your devices, privacy, and identity. And in a time of data breaches, that kind of protection has become essential.
The post How to Protect Yourself From Identity Theft After a Data Breach appeared first on McAfee Blog.
As with any major holiday or special occasion, Valentine’s Day is unfortunately not immune to scammers looking for an opportunity to exploit unsuspecting individuals. Their deceitful acts can break hearts and bank accounts. In this article, we spotlight some common Valentine’s Day scams, offer tips on how to protect yourself and navigate this romantic day with confidence and caution.
Valentine’s Day is a time when love is in the air. It’s a time to express your feelings for that special someone in your life, or perhaps even embark on a new romantic journey. But while you’re busy planning that perfect dinner or choosing the ideal gift, there’s an unromantic side to the day that you should be aware of – the potential for scams.
Scammers, always looking for new ways to trick people into parting with their money, use the heightened emotions of Valentine’s Day to their advantage. They prey on the unwary, the love-struck, and even the lonely – anyone who might let their guard down in the quest for love or the pursuit of the perfect gift. And in our increasingly digital world, these unscrupulous individuals have more ways than ever to reach potential victims.
→ Dig Deeper: AI Goes Dating: McAfee Study Shows 1 in 3 Men Plan to Use Artificial Intelligence to Write Love Letters this Valentine’s Day
Knowledge is power, as the saying goes, and that’s certainly true when it comes to protecting yourself from scams. By understanding the types of scams that are common around Valentine’s Day, you can be better prepared to spot them – and avoid falling victim.
One of the most common Valentine’s Day scams is the romance scam. Scammers, often posing as potential love interests on dating websites or social media, manipulate victims into believing they are in a romantic relationship. Once they have gained their victim’s trust, they ask for money – perhaps to pay for a flight so they can meet in person, or because of a sudden personal crisis. These scams can be emotionally devastating, and they can also result in significant financial loss.
→ Dig Deeper: Fraudulent Adult Dating Services Turn 10 Years Old, Still Evolving
Another popular scam around Valentine’s Day involves online shopping. With many people seeking the perfect gift for their loved ones, scammers set up fake websites that appear to sell everything from jewelry to concert tickets. After making a purchase, the unsuspecting victim either receives a counterfeit product or, in some cases, nothing at all. Additionally, these sites may be designed to steal credit card information or other personal data.
Phishing scams are also common. In these scams, victims receive emails that appear to be from a legitimate company – perhaps a florist or a candy company – asking them to confirm their account information or to click on a link. The goal is to steal sensitive information, such as credit card numbers or login credentials.
While the existence of these scams is unquestionably concerning, the good news is that there are steps you can take to protect yourself. Valentine’s Day should be a celebration of love, not a source of stress and worry.
One of the most important is to be aware that these scams exist and to be cautious when interacting with unfamiliar people or websites. If something seems too good to be true, it probably is.
When shopping online, make sure the website you are using is secure, and consider using a credit card, which offers greater protection against fraud compared to other forms of payment. Be wary of emails from unknown sources, especially those that ask for personal information or urge you to click on a link.
For shopping scams, it’s recommended to do research on any unfamiliar online retailer before making a purchase. Look for reviews or complaints about the retailer on independent consumer websites. If the website is offering items at a price that seems too good to be true, it likely is. Also, consider the website’s URL. A URL that begins with ‘https://’ indicates that the website encrypts user information, making it safer to input sensitive information than on websites with ‘http://’ URLs.
Forewarned is forearmed, and having advanced strategies to detect and avoid scams is also a strong line of defense. When it comes to online dating, be sure to thoroughly vet any potential romantic interests. This involves doing a reverse image search of profile photos, which can quickly reveal if a picture has been stolen from another online source. Additionally, be aware of red flags such as overly-flattering messages or requests to move the conversation to a private email or messaging app.
McAfee Pro Tip: If you’re considering using one of these for a bit of dating beyond a dating app or simply to stay connected with family and friends, the key advice is to do your homework. Look into their security measures and privacy policies, especially because some have faced security issues recently. For more information, take a look at this article on video conferencing to ensure you can keep hackers and uninvited guests away when you’re chatting.
If you come across a scam or fall victim to one, it’s crucial to report it to the appropriate authorities. This helps law enforcement track down scammers and alert others to the scam. In the U.S., you can report scams to the Federal Trade Commission through their website. If the scam involves a financial transaction, also report it to your bank or credit card company. They may be able to help recover your funds or prevent further losses.
Additionally, take steps to protect yourself after falling victim to a scam. This could involve changing passwords, monitoring your financial accounts for unusual activity, or even freezing your credit. It can also be beneficial to alert your friends and family to the scam, both to protect them and to gain their support and assistance in dealing with the aftermath of the scam.
→ Dig Deeper: How To Report An Online Scam
The unfortunate reality is that scammers are ever-present and always looking for new ways to exploit unsuspecting victims. However, by being informed, cautious, and proactive, you can significantly decrease your chances of falling victim to a Valentine’s Day scam. Whether you’re looking for love or shopping for the perfect gift, remember to always prioritize your safety and security.
And if you do encounter a scam, take comfort in knowing that you’re not alone and there are resources available to help. McAfee’s blogs and reports are just some of them. By reporting scams to the authorities, you’re doing your part to help stop scammers in their tracks and protect others from falling victim. Remember, Valentine’s Day is a day for celebrating love, not for worrying about scammers. Stay safe, stay informed, and don’t let a scammer ruin your Valentine’s Day.
Remember to always stay vigilant. Protect your heart and your bank account, and make sure your Valentine’s Day is filled with love and happiness, not regret and frustration. Don’t let scammers break your heart or your bank account – on Valentine’s Day or on any other day.
The post Valentine’s Alert: Don’t Let Scammers Break Your Heart or Your Bank Account appeared first on McAfee Blog.
While the majority of us look forward to Black Friday and Cyber Monday for the best deals, there’s another group that’s also eagerly anticipating these dates – cybercriminals. As the number of online shoppers increases, so do the opportunities for cybercriminals to steal personal and financial information. In this article, we will take a closer look at how these cybercriminals operate, and how you can protect yourself from becoming a victim.
With the advent of technology, more and more consumers are shifting towards online shopping. The COVID-19 pandemic has also forced a lot of people to favor this method of purchasing due to health and safety concerns. However, this shift has also opened up a new avenue for cybercriminals who are now focusing their efforts on gathering personal information from these online transactions. In this part of the article, we delve into how these criminals take advantage of Black Friday online sales to access and steal personal data.
The first step in understanding how to protect ourselves is to understand how cybercriminals operate. Black Friday and Cyber Monday provide the perfect opportunity for these criminals as the surge in online traffic can make their malicious activities less noticeable. They exploit the sense of urgency and excitement around these sales, using various tactics to deceive shoppers and gain access to their personal information.
One of the most common methods used by cybercriminals is phishing. It is a form of fraud where cybercriminals impersonate a legitimate organization in an attempt to steal sensitive data. During the Black Friday sale period, these criminals will send out emails or texts that appear to be from renowned retailers offering fantastic deals. However, these emails and texts are embedded with malicious links that when clicked, lead the shopper to a fake website designed to steal their personal and financial information. The shopper, lured by the enticing deal, unsuspectingly enters their details, giving the cybercriminals exactly what they want.
Another common tactic used by cybercriminals is the use of malware and ransomware. Malware is a type of software that is designed to cause damage to a computer, server, or computer network, while Ransomware is a type of malware that threatens to publish the victim’s data or perpetually block access to it unless a ransom is paid. During Black Friday, cybercriminals increase the distribution of such malicious software. Unsuspecting shoppers may download these onto their devices when they click on links or open attachments in emails offering Black Friday deals.
Once the malware or ransomware is downloaded onto the device, the cybercriminals can steal personal information, lock the device, or even use it to conduct other illegal activities. This type of attack is particularly dangerous as it not only compromises personal and financial information, but can also leave the victim with a non-functional device, adding insult to injury. The aftermath of such an attack could be extensive and costly, especially if valuable data is lost or if the ransom is paid to regain access to the device.
→ Dig Deeper: Online Shopping – How To Avoid The Bad So You Can Enjoy The Good!
Card skimming involves the illegal copying of information from the magnetic stripe of a credit or debit card. It is a serious problem in the brick-and-mortar retail sector, however, a new form of this crime has emerged and is becoming a major threat to online shoppers – E-skimming. E-skimming is a method used by cybercriminals to steal credit card information from online shoppers in real-time.
During the Black Friday period, the criminals may compromise a retailer’s website, typically by injecting malicious code into the site’s checkout process. When the shopper enters their credit card information, the criminals capture it. The information is then either used directly to make fraudulent purchases or sold on the dark web. This method is particularly challenging for retailers to combat as it can be difficult to detect, the e-skimming code may lay dormant until the checkout process is initiated, making it even harder to identify.
Now that we understand the methods used by cybercriminals, let’s explore how to protect our personal and financial information during this high-risk period. Cybersecurity should be everyone’s top priority and there are several measures you can take to ensure you don’t fall victim to these cyber-attacks.
Firstly, be skeptical of emails, texts, or advertisements offering too-good-to-be-true deals. Always double-check the source before clicking any links. It’s safer to directly navigate to the retailer’s website via your browser rather than clicking the link in an email or ad. If you receive an email from a retailer, cross-verify it by visiting their official website or contacting them directly. Avoid clicking on links from unknown or suspicious sources.
→ Dig Deeper: Invisible Adware: Unveiling Ad Fraud Targeting Android Users
Secondly, ensure your devices are equipped with up-to-date antivirus and anti-malware software. These tools can detect and block malicious activities, providing a layer of security. Regularly update your software and operating system to patch any vulnerabilities that cybercriminals might exploit. When shopping online, make sure the website’s URL begins with ‘https’, indicating it is secure and encrypted. Furthermore, regularly monitor your bank and credit card statements for any unauthorized transactions.
McAfee Pro Tip: Have you ever encountered a suspicious charge on your credit card and felt uncertain about the next steps to take? Protect yourself with McAfee’s credit monitoring service! Our tool can help you keep an eye on any unusual credit activity to detect potential signs of identity theft.
Finally, consider using a credit card instead of a debit card for online purchases. Credit cards often have better fraud protection and it’s easier to dispute fraudulent charges. Be mindful of where and how you’re sharing your personal information. Avoid making transactions over public WiFi as these networks can be easily compromised. Instead, use your mobile data or a trustworthy, private WiFi network.
While consumers can take steps to protect themselves, retailers also play a crucial role in ensuring the security of their customers’ data. They need to be proactive in implementing robust security measures and constantly monitoring for any suspicious activities. Regular audits and penetration testing can help identify potential vulnerabilities and fix them before they can be exploited.
Businesses should educate their employees on cybersecurity best practices and how to identify phishing attempts. Regular training can help prevent accidental breaches as well as deliberate insider threats. Employing secure payment systems and encryption are other steps retailers can take to safeguard customer data.
Multi-factor authentication can add an additional layer of security, making it harder for cybercriminals to gain access. Retailers should also have a response plan in place in case of a data breach, to minimize damage and swiftly communicate to affected customers.
Black Friday and Cyber Monday present lucrative opportunities for cybercriminals intent on stealing personal and financial information. However, understanding their tactics and taking proactive measures can significantly reduce the risk of falling victim to these attacks. From phishing and malware to E-skimming, the threats are diverse and evolving, but with caution and cybersecurity measures in place, both consumers and retailers can enjoy the benefits of these sales events safely.
Remember, if a deal seems too good to be true, it probably is. Be vigilant, keep your software updated, and prioritize safe shopping practices. Retailers, on the other hand, need to constantly monitor and update their security systems, educate their employees, and most importantly, ensure transparency with their customers. Together, we can make online shopping safer, not just during Black Friday, but throughout the year.
The post How Cybercriminals Are Shopping for Personal Data This Black Friday appeared first on McAfee Blog.
In today’s digital era, pickpocketing has taken a new form. Gone are the days when thieves would physically steal your wallet. Instead, they are using sophisticated techniques to steal your personal information and drain your bank accounts without you even realizing it. This article aims to shed light on digital pickpocketing, its impacts on your digital assets, and measures to prevent it.
Digital pickpocketing, also known as electronic pickpocketing or e-pickpocketing, refers to the use of digital tools and technologies to steal someone’s personal information without their knowledge or consent. The information stolen usually includes credit card numbers, passwords, and other sensitive details that can be used for fraudulent activities.
→Dig Deeper: Russian Hackers Steal 1.2 Billion Passwords
It’s important to note that digital pickpocketing doesn’t only happen on the internet. With the advancement of technology, pickpockets can now steal your credit card information just by standing close to you, thanks to a method called Radio Frequency Identification (RFID) skimming. This makes digital pickpocketing a pervasive threat that needs urgent attention.
Before we delve into ways to prevent digital pickpocketing, it’s crucial to understand how it happens. There are numerous ways somebody can fall victim, and being informed about these methods is the first line of defense.
The most common form of digital pickpocketing is done via malicious software programs called malware. These programs find their way onto your computer or smartphone through email attachments, infected websites, or unsecured Wi-Fi networks. Once installed, they work quietly in the background, collecting your personal data and sending it off to the thief.
Another method is phishing, where fraudsters impersonate a trustworthy entity such as a bank or a website you frequent, tricking you into providing your personal information. The communication usually appears as an urgent call-to-action, prompting you to click on a link or download an attachment, which ultimately leads to your information being stolen.
RFID skimming, on the other hand, involves the use of a portable device that scans and records data from RFID-enabled cards when they come into its proximity. This method doesn’t require internet access or any form of physical contact, making it a more stealthy approach to digital pickpocketing.
The consequences of digital pickpocketing stretch far beyond financial loss. The theft of your personal information can lead to numerous problems, including identity theft, damaged credit score, and emotional distress.
Identity theft can be particularly damaging. Once a fraudster has enough of your personal information, they can potentially open new bank accounts, take out loans, or even commit crimes in your name. Not only could this lead to a huge financial mess, but it could also get you into legal trouble.
Furthermore, if credit card information is stolen and used fraudulently, it can significantly damage your credit score. A low credit score can make it more difficult to get loans, secure housing, or even find employment. The process of repairing your credit can be long and arduous, causing unnecessary stress and inconvenience.
Preventing digital pickpocketing is possible with the right precautions. Protecting your personal information demands a proactive approach. Here are some tips and steps to help prevent digital pickpocketing:
Digital pickpocketing poses a serious threat in this digital age. However, with the right information and measures, you can protect your personal information and avoid falling victim. Remember, prevention is always better than cure.
If you’ve fallen victim to digital pickpocketing, swift action is key. The first step is to contact your bank or credit card company and inform them about the theft. Most companies have policies in place to protect their customers, and they can help prevent further damage by blocking your card or changing your account details.
Next, file a report with your local law enforcement, and consider contacting a credit reporting agency to place a fraud alert on your credit file. This can make it harder for a thief to open more accounts in your name. It’s also important to change your passwords and consider enrolling in an identity protection service, which can monitor your credit and personal information for any suspicious activity.
While technology has given rise to digital pickpocketing, it also offers solutions to combat it. Many apps and services now feature advanced security measures such as biometric authentication, encryption, and machine learning algorithms to detect and prevent fraudulent activities.
→ Dig Deeper: Banks are Using Biometric Measures to Protect Against Fraud
Financial institutions and tech companies are continually improving their security systems, implementing advanced firewalls, intrusion detection systems, and secure networks to protect customer data. While these technologies can’t guarantee absolute safety, they significantly reduce the risk of digital pickpocketing and help create a safer digital environment.
From a legal perspective, governments and regulatory bodies worldwide are tightening regulations on data privacy and security. Laws like the European Union’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) have strict guidelines and penalties for data breaches, encouraging businesses to prioritize data protection.
While these laws are a step in the right direction, it’s crucial for individuals to stay informed about their rights and the protective measures they can take. After all, the fight against digital pickpocketing is a collective effort that requires the participation of consumers, businesses, and regulators alike.
Ultimately, digital pickpocketing is a modern-day problem that requires a modern-day solution. By understanding the threats and implementing protective measures, we can protect ourselves from these digital thieves. It’s also reassuring to know that as technology advances, so do the methods to combat such digital crimes, and regulatory measures are continually being updated to provide better security in the digital era.
Remember, the key to combating digital pickpocketing lies in awareness, vigilance, and proactive protection. Stay informed and secure with McAfee, and let’s make the digital world a safer place for everyone.
The post Pickpocketing – Digital Style appeared first on McAfee Blog.
When you wind up with mobile spyware, you may wind up with a stalker on your phone.
In its most malicious forms, mobile spyware can steal information like text messages and photos, capture passwords as you tap them in, secretly turn on your microphone or camera for recording, and track your movements using GPS.
Figuratively speaking, it’s like going about your day with a stalker peering over your shoulder.
If that doesn’t sound creepy enough, it can get worse. More than just providing attackers with a live feed of your activity, spyware can record and archive your actions. From there, it can “phone home,” meaning it sends stolen information back to cybercriminals so they can hoard it for later use.
That stolen information can lead to identity fraud and theft, such as when a cybercriminal raids your existing bank accounts, sets up entirely new lines of credit in your name, or impersonates you in several other ways. In darker scenarios, stolen photos, files, and information can lead to blackmail and harassment.
Without question, a case of mobile spyware can get serious quite quickly. Yet, it is highly preventable when you know how it can end up on your phone—and the steps you can take to keep that from happening.
Malicious apps. They account for much of mobile spyware today.
Whether they’re downloaded from a third-party app store or even from Google Play or Apple’s App Store, the ruse remains the same: a malicious app poses as legitimate app. These apps may present themselves as games, wallpapers, productivity apps, exercise apps, utility apps, and even security apps. Instead, they’re loaded with spyware.
Google Play does its part to keep its virtual shelves free of malware-laden apps with a thorough submission process as reported by Google and through its App Defense Alliance that shares intelligence across a network of partners, of which we’re a proud member. Further, users also have the option of running Play Protect to check apps for safety before they’re downloaded.
Apple’s App Store has its own rigorous submission process for submitting apps. Likewise, Apple deletes hundreds of thousands of malicious apps from its store each year.
Yet, bad actors find ways to sneak malware into the store. Sometimes they upload an app that’s initially innocent and then push malware to users as part of an update. Other times, they’ll embed malicious code such that it only triggers once it’s run in certain countries. They will also encrypt malicious code in the app that they submit, which can make it difficult for reviewers to sniff out.
Unique to Android phones, Android gives people the option to download apps from third-party app stores. These stores may or may not have a thorough app submission process in place. As a result, they can be far less secure than Google Play. Moreover, some third-party app stores are fronts for organized cybercrime gangs, built specifically to distribute malware, making third-party download that much riskier.
Someone can install it directly.
In this case, a bad actor needs physical access to your phone. If they know the passcode or if the phone is unlocked, they can tamper with the phone’s settings and install the spyware themselves. This requires access, time, and effort, yet some bad actors certainly take this approach.
Surprisingly, we’ve also seen cases where malware comes pre-installed on phones. A recent case estimated that some 9 million smartphones had spyware installed in them somewhere along the supply chain. Reportedly, the spyware could steal personal information from the phone or possibly take it over entirely for a short stretch of time.
You can spot signs of tampering on an Android phone by heading to Settings and searching for “Install Unknown Apps.” If you see any sources that you didn’t set to the “On” position or a third-party website you don’t recognize, it indicates that apps from outside official app stores could have been installed in the device. Such apps are generally riskier than apps from official sources like Google Play. While not an outright indication of spyware, you should set those to “Off.”
On an iPhone, directly installing spyware takes a bit more effort. Typically, it requires “jailbreaking” the phone. This process tampers with the operating system and removes software restrictions so the iPhone can access third-party app stores and download unapproved apps. Both are highly risky activities and the reason why Apple’s iOS enforces such restrictions in the first place.
Put plainly, “jailbreaking” is not safe.
In the hands of bad actors, they can install an app called “Cydia” on a jailbroken iPhone. Cydia is an unapproved app store that offers potentially dangerous modifications and apps. If you spot Cydia on your iPhone, it’s certain sign of tampering.
Not long ago, you could often see or even feel if your smartphone was infected with spyware. It could run hot, like it was left out on blanket at the beach, because the spyware ate up computing cycles while it ran in the background. It could drain batteries or lead to sluggish performance. That’s not always the case anymore. Spyware has become leaner and more efficient in recent years, so cybercriminals can better mask their attacks.
Some signs that are better indicators of spyware include:
Whether through your phone’s data connection or through a Wi-Fi connection, unexpected increases in usage could be a sign that your phone is communicating with a third party.
A phone infected with spyware may communicate your activity to a third party, rather than to the legitimate login. The legitimate site or service never receives the first login attempt, forcing you to log in again.
This may be a sign that a cybercriminal already hacked your password, logged in under your name, and then changed the password to one of their own. (Note that this could also be a sign of a compromised or stolen password and not necessarily a sign of spyware.)
Some types of spyware can gain administration-level privileges to your phone and drop its defenses, leaving you yet more vulnerable.
Above we mentioned how cybercriminals use spyware to gain login credentials to banks and credit cards, and even steal personal items like files and photos. If you spot any unusual activity or find yourself threatened with demands, it’s possible that spyware could be a possible cause among others.
Along with installing security software, keeping your phone’s operating system up to date can greatly improve your security. Updates can fix vulnerabilities that hackers rely on to pull off their malware-based attacks. It’s another tried and true method of keeping yourself safe—and for keeping your phone running great too.
As mentioned above, Google Play has measures in place to review and vet apps to help ensure that they are safe and secure. Third-party sites may very well not, and they may intentionally host malicious apps as part of a front. Further, Google is quick to remove malicious apps from their store once discovered, making shopping there safer still.
Check out the developer—have they published several other apps with many downloads and good reviews? A legit app typically has quite a few reviews, whereas malicious apps may have only a handful of (phony) five-star reviews. Lastly, look for typos and poor grammar in both the app description and screenshots. They could be a sign that a hacker slapped the app together and quickly deployed it.
Yet better than combing through user reviews yourself is getting a recommendation from a trusted source, like a well-known publication or from app store editors themselves. In this case, much of the vetting work has been done for you by an established reviewer. A quick online search like “best fitness apps” or “best apps for travelers” should turn up articles from legitimate sites that can suggest good options and describe them in detail before you download.
Another way hackers weasel their way into your device is by getting permissions to access things like your location, contacts, and photos—and they’ll use malicious apps to do it. If an app asks for way more than you bargained for, like a simple puzzle game that requests access to your camera or microphone, it might be a scam. On Android, recent spyware usually requests REQUEST_IGNORE_BATTERY_OPTIMIZATIONS permission to execute the malicious behavior in the background. If you see behaviors like these, delete the app.
Remove old, unused, and underused applications that could be future vectors of attacks.
Along this line, we’ve seen where mobile applications change ownership (whether they get sold or others take over its operations), and the new owners don’t have the same standard operating procedures as the founders.
As mentioned above, some bad actors will install spyware on phones themselves. However, this requires access, time, and effort to pull off. Locking your phone and always keeping it close can help prevent bad actors from infecting your phone this way.
Comprehensive online protection software can secure your phone in the same ways that it secures your laptops and computers. Installing it can protect your privacy, keep you safe from attacks on public Wi-Fi, and automatically block unsafe websites and links, just to name a few things it can do.
The post Mobile Spyware—How You Can Keep Stalkers Off Your Phone appeared first on McAfee Blog.
Authored by Lakshya Mathur and Sriram P
McAfee Intelligence observed a huge spike in extortion email frauds over the past month. The intent of these fraudulent activities is to intimidate individuals into paying a specified amount of money as a ransom.
Figure 1 shows the number of blackmail emails received over a month recently.
Figure 1 – Stats for 20 February 2023 – 23rd March 2023
In this blog, we’ll delve into frauds that are becoming increasingly common in the digital age. We’ll first define what these frauds are and provide examples to help readers better understand the nature of these frauds. Additionally, we’ll explore how these frauds are on the rise, highlighting the reasons behind this trend and the impact it has on individuals.
Finally, we’ll provide practical advice to help consumers protect themselves from these types of attacks. This will include a discussion of some of the most effective measures individuals can take to safeguard their personal and financial information from fraudsters.
Extortion emails are a type of scam where cybercriminals send threatening messages to individuals or organizations—demanding payment in exchange for not releasing sensitive or embarrassing information. These emails typically claim that the sender has compromising information, such as private photos or personal data, and threaten to share it with the recipient’s friends, family, or the public unless a payment is made. The payment is usually asked in the form of cryptocurrency, such as Bitcoin in the recent spam, which is difficult to trace and can be transferred quickly and anonymously. The goal of these emails is to scare the recipient into paying the demanded amount, even though there might not be any compromising information to release.
Scammers use different scareware sentiments like bad internet browsing habits, hacking for Wi-Fi, and hacking of networks because of hardware vulnerabilities. We’ll now examine various illustrations of extortion emails and analyze scammers’ strategies to intimidate victims into providing payment. By presenting various real-life examples, we can demonstrate how scammers use scareware tactics to manipulate and intimidate their victims into complying with their demands. By instilling fear, the scammers hope to provoke a sense of urgency in the victim, increasing the likelihood that they will pay the demanded ransom.
Figure 2 – Extortion fraud Example 1
Figure 2 is an illustration of a typical extortion email that scammers use to exploit their victims. In this instance, the scammer is claiming to have gained unauthorized access to the victim’s account through a security vulnerability in a Cisco router. The scammer is then threatening to expose embarrassing information about the victim unless a payment of $1,340 is made.
The payment is demanded through a Bitcoin wallet address that the scammer has provided. In this example, the scammer has obfuscated the Bitcoin wallet address by adding spaces between the characters, which is a tactic used to make it harder to track the payment. Now, let us examine another instance of extortion emails.
Figure 3 – Extortion fraud example 2
Figure 3 is another example of an extortion email that scammers use to trick and manipulate their victims. In this case, the attacker is claiming to have gained unauthorized access to the victim’s accounts and has deployed trojans and viruses on the victim’s system. The scammer is also blackmailing the victim by alleging that they have explicit adult content about the victim and the victim’s web browsing history. The purpose of this is to instill fear and provoke a sense of urgency in the victim.
Like the previous example, the scammer has provided a Bitcoin wallet address for the victim to make a ransom payment of $950. Additionally, the attacker has explained that the virus they’ve deployed is undetectable by antivirus software because they’ve used drivers that update the virus every few hours.
Cryptocurrency tools are the most common way these scammers ask for a ransom. They use this tactic because it is difficult to trace and can be sent quickly and anonymously to other platforms. We noticed that scammers were demanding ransom payments through Bitcoin wallets. So, we tried to gather statistics on the number of unique Bitcoin wallets we came across in the past month.
Figure 4 – Unique Bitcoin Stats for 20th February 2023 – 23rd March 2023
We checked these Bitcoin addresses to see what their transactions activities are and their reputation on the blockchain and Bitcoin abuse database. Below are some snapshots of the transaction of these addresses.
Figure 5 – Bitcoin received, and abuse report count for Bitcoin address
As illustrated in Figure 5, it is clear that the Bitcoin addresses mentioned in these extortion emails have numerous abuse reports against them. Additionally, some ransom payments have been received through these addresses. Our intelligence also collected weekly trends on how much money they had within them.
Figure 6 – Total Amount received (US Dollars) in that week
Figure 6 shows that the amount of money received in these Bitcoin addresses is increasing weekly. This implies that scammers are successfully extorting money from more consumers.
If you receive extortion emails, follow the steps outlined below.
Despite advancements in technology, extortion frauds continue to increase as seen in this blog. However, the best defense against such scams is to remain calm, and informed, and to make others aware of such frauds. By following the steps mentioned above, such as not responding to or paying any ransom demands, keeping your system and software updated, using strong passwords, and being wary of unusual emails or links, you can protect yourself from falling victim to these frauds. It is important to stay vigilant and to report any questionable activity to the appropriate authorities. By taking these precautions, you can help prevent yourself and others from becoming victims of extortion fraud.
The post Extortion Fraud is Still on the Rise appeared first on McAfee Blog.
FreshRSS