Can you believe your ears? Increasingly, the answer is no. Here’s what’s at stake for your business, and how to beat the deepfakers.

Like any other marketplace, the social commerce platform has its share of red flags. It pays to know what to look for so you can shop or sell without headaches.

It’s time to file your tax return. And cybercriminals are lurking to make an already stressful period even more edgy.

The mobile marketplace app has a growing number of users, but not all of them are genuine. Watch out for these common scams.

Here’s how the most common scams targeting Apple Pay users work and what you can do to stay one step ahead

Have you ever received a package you never ordered? It could be a warning sign that your data has been compromised, with more fraud to follow.

The malware landscape is growing more complex and costly by the minute, as indicated by the rising number of cyberattacks that grow each year. According to the Federal Bureau of Investigation, in 2024, approximately $1.4 million in losses were reported due to malware. Meanwhile, complaints of ransomware, a type of malware that locks your files until a ransom is paid to release them, rose by 9% from the year prior, with losses totaling nearly $12.5 million. 

With the continued growth of e-commerce, online banking, and artificial intelligence, we can count on even more new cyber threats for all kinds of devices—be it Android, iPhone, PC, or Mac. No device under your family’s roof is immune to cyberattacks. As we speak, one or more of your devices may have already been infected. But would you know it?

In this blog, we’ll dive into the types of viruses and malware that infiltrate devices and their indications, the ways you can remove them, and tips to protect your phones moving forward.

What is malware? 

Malware is malicious software designed to harm your device, steal your personal information, or disrupt your digital life. On mobile devices, malware can take many forms—from apps that secretly collect your data to programs that bombard you with unwanted ads or even lock your device for ransom.

No mobile device is impervious to cyber threats

Mobile devices, including smartphones and tablets, can be infected with malware and other digital threats, even when their operating systems have built-in security features. How does this happen? Your phone can catch viruses and malware in several ways:

• Malicious apps from unofficial sources. This is the most common way your device could be infected by malware or viruses. Downloading unofficial apps from unvetted third-party websites or app stores significantly increases your device’s risk of being infected with malware that steals your personal information or damages your device.

• Phishing links. Cybercriminals send deceptive text messages, emails, or social media direct messages that have malicious links. When you tap on these links, they can automatically download malware to your device or redirect you to fake websites that capture your login credentials.
• Drive-by downloads. This happens when you visit compromised websites that automatically install malware onto your device without your consent or knowledge. Similarly, malicious advertisements on legitimate websites can contain embedded code that infects your device even when just viewed. 
• Unsecured Wi-Fi networks. Through public Wi-Fi, cybercriminals can create fake networks, monitor traffic on legitimate ones, intercept data, or push malicious content to your device.
• Outdated operating systems and apps. When you delay or disregard system or software updates, you weaken your security and leave it vulnerable to hackers. Enable automatic updates whenever possible, and regularly check for system and app updates manually, as these include security patches.

Signs of malware or a virus

Malware doesn’t always announce itself with a big flashing sign. On the contrary, it slips quietly into your devices and starts causing trouble behind the scenes. Before long, you will see noticeable changes in its behavior. Here are five key signs of malware or a virus to watch for and catch the problem early, before the damage spreads:

1. Your device is hot to the touch. When you accidentally download malware, your device’s internal components work harder to support the malware or virus that has been embedded. This may cause your device to feel hot to the touch or even overheat.
2. Everything feels off. A digital virus can impact every area of a device’s performance, such as causing websites to load more slowly, apps to crash, or your battery to drain more quickly. Overall performance will be sluggish no matter how many times you reboot or delete large files.
3. More random pop-ups and unfamiliar apps. You may notice an increase in random pop-ups. And if you take a closer look at your app library, you may even see apps you never downloaded.
4. Fraudulent links sent from your accounts. It’s common for malware to gain access to your phone and then send messages to your contacts to spread the malware. This can happen via email, text, and even social media accounts. You could even see unexpected charges in your phone bill for premium services.
5. You have unauthorized charges. If you notice unauthorized charges on your credit card or bank statement, a malicious app or malware may have accessed your personal information to make fraudulent purchases or subscriptions. 
6. Browser redirects or changed search settings. Your web searches redirect to unfamiliar sites, or your default search engine changes without your input. Search malware may have hijacked your browser to generate ad revenue or expose you to harmful websites that can compromise your browsing privacy.
7. Unknown accessibility services running. Your phone’s accessibility settings show services you didn’t enable. These could have generic names or be disguised as system apps to monitor your activity, capture passwords, and control your device.
8. Excessive data usage spikes. A dramatic increase in your monthly data consumption while your device usage habits are the same often indicates malware is transmitting your personal information, downloading additional malicious content, or participating in botnet activities using your cellular data.

Viruses and malware that infect mobile devices 

As our phones and tablets become extensions of our daily lives, cybercriminals have developed sophisticated malware explicitly designed to infiltrate them, such as:

• Adware. This is unwanted software that displays intrusive pop-up ads on your device, invading your privacy by tracking your browsing habits and significantly slowing down your device.
• Spyware and Stalkerware. These types of malware secretly monitor your activities, including messages, calls, and location data, risking your personal safety and privacy and potentially enabling harassment or abuse.
• Banking Trojans. These target your financial information by mimicking legitimate banking apps or intercepting login credentials, then access your bank accounts, steal your money, or make payments using your accounts.
• Ransomware. Here, the malware encrypts and locks your personal files, then demands payment before restoring your access to your own data. Whether or not you pay, you could lose important photos, documents, and files.
• SMS Trojans. These apps send premium-rate text messages or make unauthorized calls without your knowledge, racking up unexpected charges on your phone bill that can accumulate quickly. 
• Fleeceware. These apps appear legitimate but charge excessive subscription fees after a short trial period, often making cancellation difficult. The frustrating thing is that you face ongoing financial charges for apps that provide no value.
• Rogue configuration profiles. Unauthorized settings will be installed on your device, enabling cybercriminals to gain access and monitor your activities.

Find the proof of a virus or malware

Sometimes the warning signs are obvious, but at other times, malware operates quietly in the background, stealing data or draining resources without drawing attention. Find out for sure if your device has a virus or malware by following these steps:

1. Check battery usage statistics. To check this on Android, navigate to Settings > Battery to see which apps are consuming the most power. On iPhone, check Settings > Battery > Battery Usage by App. Look for unfamiliar apps that use excessive power or apps you rarely use that appear at the top of the list.
2. Inspect your data usage. Review your data consumption on Android by going to Settings > Network & Internet > Data Usage. For iPhone, head to Settings > Cellular. Look for apps that use more data than expected or unfamiliar apps that consume significant amounts.
3. Look for apps you didn’t download. Review your app list regularly for unfamiliar applications by going to Android’s Settings > Apps, or check your app drawer. On iPhone, swipe through your home screens and check your App Library. Remove apps you didn’t install, especially those with generic names or no clear purpose.
4. Review app permissions. Malware sometimes modifies app permissions to access your personal information. On Android, go to Settings > Privacy > Permission Manager to seeAdmin Apps to view which apps have access to your camera, microphone, location, and contacts. On iPhone, check Settings > Privacy & Security. Revoke permissions for apps that don’t need them.
5. Look deeper into security warnings. Both Android and iOS will alert you to potential security threats. Don’t ignore notifications about potentially harmful apps, suspicious activity, or unknown device logins. Take these alerts seriously and investigate immediately.
6. Run comprehensive scans with reputable security tools. Use trusted antivirus software to perform full system scans on your mobile devices. Many device manufacturers also provide built-in security scanning features, such as Windows Defender on PCs or Google Play Protect on Android devices.
7. Review account security alerts and login activity. Major platforms provide account activity logs showing recent logins and locations. Check your email, social media, and banking accounts for alerts about suspicious login attempts or password changes you didn’t initiate.

Here are more specific measures to ascertain the presence of a virus or malware, based on your mobile device’s operating system:

Android phones and tablets

1. Test your device in Safe Mode. Restart your Android device. As it boots up, tap and hold “Power off” until you see “Reboot to safe mode.” In this mode, only pre-installed apps will run. If your device performs normally here but has issues in regular mode, a downloaded app is likely the culprit.
2. Review device admin and accessibility services. Go to Settings > Security > Device admin apps to see which apps have administrative privileges. Remove any unfamiliar apps immediately. Also, check Settings > Accessibility for services you haven’t enabled and prevent malware from controlling your device.
3. Run a Google Play Protect scan. Open Google Play Store, tap your profile picture, then select “Play Protect.” Tap the gear icon and ensure that “Scan apps with Play Protect” is enabled. Then, run a manual scan to check for harmful apps.

iPhone or iPad

1. Check for unexpected configuration profiles. Go to Settings > General > VPN & Device Management (or Profiles & Device Management). If you see vaguely named profiles that you didn’t install, they could be the culprit. Legitimate profiles from your workplace, school, and services will have clear, recognizable names.
2. Look for unknown enterprise certificates. Navigate to Settings > General > About > Certificate Trust Settings. Any certificates you don’t recognize, particularly those enabled for full trust, warrant investigation.
3. Review installed apps and web clips. Check your home screen and App Library for applications you didn’t download. Also, examine Settings > Screen Time > See All Activity to identify apps that consume unusual amounts of time or data. Web clips—website shortcuts that mimic apps—from unknown sources could indicate a compromise.
4. Examine Safari settings changes. Open Settings > Safari and verify your search engine hasn’t been changed. Also, under Settings > Safari > Extensions, check if new content blockers or extensions have been installed. Unexpected changes to your default search engine or new extensions could redirect your browsing activity and compromise your privacy.
5. Watch for account compromise indicators. Be alert for unexpected password reset emails, new device logins, or changes to your Apple ID settings that you didn’t make. Check Settings > [Your Name] > Sign-In & Security for any unrecognized devices or suspicious activity.

Action plan to remove viruses from your mobile device 

If you discover malicious apps and profiles in your phone, a clear, step-by-step action plan will help you remove them and restore your device to a secure state. Here’s how to tackle mobile malware confidently and get your device back to normal:

1. Isolate your device immediately. Turn on airplane mode to stop malware from communicating with external servers while you clean your phone. You can still access your device’s settings and installed apps in airplane mode.
2. Remove suspicious apps and configuration profiles. On Android, go to Settings > Apps and look for unfamiliar applications, especially those requesting excessive permissions. On iPhone, check Settings > General > VPN & Device Management for unknown configuration profiles. Uninstall any apps you didn’t download from official stores and remove suspicious profiles immediately. Pay attention to apps that appeared recently or have names similar to legitimate apps.
3. Clear your cache. Open your browser settings and clear all browsing data, including history, cookies, cached files, and saved passwords to remove potentially malicious scripts and tracking elements. On Android Chrome, go to Settings > Privacy and Security > Clear browsing data. On iPhone Safari, go to Settings > Safari > Clear History and Website Data. 
4. Revoke risky app permissions. Revoke unnecessary permissions for all apps, especially those that access your camera, microphone, location, or contacts. On Android, go to Settings > Apps > App Permissions. On iPhone, check Settings > Privacy & Security. Take note, particularly for recently installed or suspicious applications.
5. Update your operating system and all apps. Install all available system updates through Settings > System Update (Android) or Settings > General > Software Update (iPhone). Download apps only through the Google Play Store or Apple App Store.
6. Run a comprehensive security scan. Use a reputable mobile security app to scan your device thoroughly for malware, potentially unwanted programs, and security vulnerabilities. To know if you have McAfee on your phone, search “McAfee” in your device settings.
7. Restore from a clean backup if necessary. If the infection persists or causes significant damage, consider restoring your device from a backup that was created before the infection occurred. Both Android and iPhone offer cloud backup services via Google Drive/iCloud that let you restore your data while starting fresh. Ensure the backup version isn’t infected by checking when symptoms first appeared versus when the backup was created.
8. Escalate to professionals if issues persist. Contact cybersecurity professionals or your device manufacturer if your browser continues to redirect to suspicious websites or if you see evidence of credential or financial theft.

Best digital habits to safeguard your family devices

With a few smart habits and simple tools, you can create a safer digital environment for your family members. Here are some practical ways to safeguard family devices and keep threats at bay.

• Stay on top of updates. Aside from installing comprehensive security software, be sure to update your device’s security features to have the latest protection from specific attacks.
• Use strong, unique passwords. Every family device should have a strong password and a unique username. This means changing your factory settings immediately and getting your family on a schedule to change passwords.
• Enable two-factor authentication (2FA). Double the security to your important accounts by requiring a second form of verification. 2FA significantly reduces the likelihood of unauthorized access, even if your password is stolen.
• Know your apps. Avoid third-party apps and download apps only from trusted sources. Research the app’s safeguards and read reviews before installing. A best practice is to stick to apps from the officially verified app stores.
• Don’t click that link. Slow down and note your digital surroundings. Does that link or attachment look dubious? Malware and viruses are usually loaded onto your devices through unsolicited emails and text messages, or via trusted social media circles.
• Lock settings and limit app permissions. A great way to block malware is to make all accounts private and limit app permissions. Instead of keeping an app’s permissions “always-on,” change the setting so it asks permission every time. Decline an app’s request to access your contacts or connect to other apps in your digital ecosystem.
• Clear browsing history. Go through your history and data to check for suspicious links. Clear browsing history regularly by going to your browser, clicking on the three dots in the upper right corner, and clicking “delete browsing data.”

• Avoid public Wi-Fi or use a secure VPN. Public networks are often unsecured and can expose your data to cybercriminals. If you must connect while in public, consider using a virtual private network or your mobile data hotspot instead.

Final thoughts

While the threat of malware and viruses continues to evolve, you now have the knowledge and tools to stay digitally protected. The signs we’ve discussed—from unexpected device behavior to suspicious pop-ups—serve as warnings, helping you catch problems before they escalate into major security incidents.

Your best defense combines proactive security measures and vigilant behavior. Applying simple, solid digital habits such as updating software, using strong passwords, and staying alert to suspicious activity will thwart the vast majority of common threats. By incorporating these practices into your routine, along with the right online security tools, you are building a robust defense that works around the clock.

The post 5 Signs Your Device May be Infected with Malware or a Virus appeared first on McAfee Blog.

How a fast-growing scam is tricking WhatsApp users into revealing their most sensitive financial and other data

Families that combine open communication with effective behavioral and technical safeguards can cut the risk dramatically

Can you tell the difference between legitimate marketing and deepfake scam ads? It’s not always as easy as you may think.

Some schemes might sound unbelievable, but they’re easier to fall for than you think. Here’s how to avoid getting played by gamified job scams.

Cybercriminals impersonate the trusted e-signature brand and send fake Docusign notifications to trick people into giving away their personal or corporate data

There are plenty of phish in the sea. 

Millions of bogus phishing emails land in millions of inboxes each day with one purpose in mind—to rip off the recipient. Whether they’re out to crack your bank account, steal personal information, or both, you can learn how to spot phishing emails and keep yourself safe. 

And some of today’s phishing emails are indeed getting tougher to spot.  

They seem like they come from companies you know and trust, like your bank, your credit card company, or services like Netflix, PayPal, and Amazon. And some of them look convincing. The writing and the layout are crisp, and the overall presentation looks professional. Yet still, there’s still something off about them.  

And there’s certainly something wrong with that email. It was written by a scammer. Phishing emails employ a bait-and-hook tactic, where an urgent or enticing message is the bait and malware or a link to a phony login page is the hook.  

Once the hook gets set, several things might happen. That phony login page may steal account and personal information. Or that malware might install keylogging software that steals information, viruses that open a back door through which data can get hijacked, or ransomware that holds a device and its data hostage until a fee is paid. 

Again, you can sidestep these attacks if you know how to spot them. There are signs. 

Let’s look at how prolific these attacks are, pick apart a few examples, and then break down the things you should look for. 

Phishing attack statistics—the millions of attempts made each year. 

In the U.S. alone, more than 300,000 victims reported a phishing attack to the FBI in 2022. Phishing attacks topped the list of reported complaints, roughly six times greater than the second top offender, personal data breaches. The actual figure is undoubtedly higher, given that not all attacks get reported. 

Looking at phishing attacks worldwide, one study suggests that more than 255 million phishing attempts were made in the second half of 2022 alone. That marks a 61% increase over the previous year. Another study concluded that 1 in every 99 mails sent contained a phishing attack.  

Yet scammers won’t always cast such a wide net. Statistics point to a rise in targeted spear phishing, where the attacker goes after a specific person. They will often target people at businesses who have the authority to transfer funds or make payments. Other targets include people who have access to sensitive information like passwords, proprietary data, and account information. 

As such, the price of these attacks can get costly. In 2022, the FBI received 21,832 complaints from businesses that said they fell victim to a spear phishing attack. The adjusted losses were over $2.7 billion—an average cost of $123,671 per attack. 

So while exacting phishing attack statistics remain somewhat elusive, there’s no question that phishing attacks are prolific. And costly. 

What does a phishing attack look like? 

Nearly every phishing attack sends an urgent message. One designed to get you to act. 

Some examples … 

• “You’ve won our cash prize drawing! Send us your banking information so we can deposit your winnings!” 

• “You owe back taxes. Send payment immediately using this link or we will refer your case to law enforcement.” 
• “We spotted what might be unusual activity on your credit card. Follow this link to confirm your account information.” 
• “There was an unauthorized attempt to access your streaming account. Click here to verify your identity.” 
• “Your package was undeliverable. Click the attached document to provide delivery instructions.” 

When set within a nice design and paired some official-looking logos, it’s easy to see why plenty of people click the link or attachment that comes with messages like these. 

And that’s the tricky thing with phishing attacks. Scammers have leveled up their game in recent years. Their phishing emails can look convincing. Not long ago, you could point to misspellings, lousy grammar, poor design, and logos that looked stretched or that used the wrong colors. Poorly executed phishing attacks like that still make their way into the world. However, it’s increasingly common to see far more sophisticated attacks today. Attacks that appear like a genuine message or notice. 

Case in point: 

Say you got an email that said your PayPal account had an issue. Would you type your account information here if you found yourself on this page? If so, you would have handed over your information to a scammer. 

We took the screenshot above as part of following a phishing attack to its end—without entering any legitimate info, of course. In fact, we entered a garbage email address and password, and it still let us in. That’s because the scammers were after other information, as you’ll soon see. 

As we dug into the site more deeply, it looked pretty spot on. The design mirrored PayPal’s style, and the footer links appeared official enough. Yet then we looked more closely. 

Note the subtle errors, like “card informations” and “Configuration of my activity.” While companies make grammatical errors on occasion, spotting them in an interface should hoist a big red flag. Plus, the site asks for credit card information very early in the process. All suspicious. 

Here’s where the attackers really got bold.  

They ask for bank “informations,” which not only includes routing and account numbers, but they ask for the account password too. As said, bold. And entirely bogus. 

Taken all together, the subtle errors and the bald-faced grab for exacting account information clearly mark this as a scam. 

Let’s take a few steps back, though. Who sent the phishing email that directed us to this malicious site? None other than “paypal at inc dot-com.” 

Clearly, that’s a phony email. And typical of a phishing attack where an attacker shoehorns a familiar name into an unassociated email address, in this case “inc dot-com.” Attackers may also gin up phony addresses that mimic official addresses, like “paypalcustsv dot-com.” Anything to trick you.  

Likewise, the malicious site that the phishing email sent us to used a spoofed address as well. It had no official association with PayPal at all—which is proof positive of a phishing attack. 

Note that companies only send emails from their official domain names, just as their sites only use their official domain names. Several companies and organizations will list those official domains on their websites to help curb phishing attacks.  

For example, PayPal has a page that clearly states how it will and will not contact you. At McAfee, we have an entire page dedicated to preventing phishing attacks, which also lists the official email addresses we use. 

Other examples of phishing attacks 

Not every scammer is so sophisticated, at least in the way that they design their phishing emails. We can point to a few phishing emails that posed as legitimate communication from McAfee as examples. 

There’s a lot going on in this first email example. The scammers try to mimic the McAfee brand, yet don’t pull it off. Still, they do several things to try to act convincing. 

Note the use of photography and the box shot of our software, paired with a prominent “act now” headline. It’s not the style of photography we use. Not that people would generally know this. However, some might have a passing thought like, “Huh. That doesn’t really look like what McAfee usually sends me.” 

Beyond that, there are a few capitalization errors, some misplaced punctuation, and the “order now” and “60% off” icons look rather slapped on. Also note the little dash of fear it throws in with a mention of “There are (42) viruses on your computer …” 

Taken all together, someone can readily spot that this is a scam with a closer look. 

This next ad falls into the less sophisticated category. It’s practically all text and goes heavy on the red ink. Once again, it hosts plenty of capitalization errors, with a few gaffes in grammar as well. In all, it doesn’t read smoothly. Nor is it easy on the eye, as a proper email about your account should be. 

What sets this example apart is the “advertisement” disclaimer below, which tries to lend the attack some legitimacy. Also note the phony “unsubscribe” link, plus the (scratched out) mailing address and phone, which all try to do the same. 

This last example doesn’t get our font right, and the trademark symbol is awkwardly placed. The usual grammar and capitalization errors crop up again, yet this piece of phishing takes a slightly different approach. 

The scammers placed a little timer at the bottom of the email. That adds a degree of scarcity. They want you to think that you have about half an hour before you are unable to register for protection. That’s bogus, of course. 

Seeing any recurring themes? There are a few for sure. With these examples in mind, get into the details—how you can spot phishing attacks and how you can avoid them altogether. 

How to spot and prevent phishing attacks. 

Just as we saw, some phishing attacks indeed appear fishy from the start. Yet sometimes it takes a bit of time and a particularly critical eye to spot. 

And that’s what scammers count on. They hope that you’re moving quickly or otherwise a little preoccupied when you’re going through your email or messages. Distracted enough so that you might not pause to think, is this message really legit? 

One of the best ways to beat scammers is to take a moment to scrutinize that message while keeping the following in mind … 

They play on your emotions. 

Fear. That’s a big one. Maybe it’s an angry-sounding email from a government agency saying that you owe back taxes. Or maybe it’s another from a family member asking for money because there’s an emergency. Either way, scammers will lean heavily on fear as a motivator. 

If you receive such a message, think twice. Consider if it’s genuine. For instance, consider that tax email example. In the U.S., the Internal Revenue Service (IRS) has specific guidelines as to how and when they will contact you. As a rule, they will likely contact you via physical mail delivered by the U.S. Postal Service. (They won’t call or apply pressure tactics—only scammers do that.) Likewise, other nations will have similar standards as well. 

They ask you to act—NOW. 

Scammers also love urgency. Phishing attacks begin by stirring up your emotions and getting you to act quickly. Scammers might use threats or overly excitable language to create that sense of urgency, both of which are clear signs of a potential scam. 

Granted, legitimate businesses and organizations might reach out to notify you of a late payment or possible illicit activity on one of your accounts. Yet they’ll take a far more professional and even-handed tone than a scammer would. For example, it’s highly unlikely that your local electric utility will angrily shut off your service if you don’t pay your past due bill immediately. 

They want you to pay a certain way. 

Gift cards, cryptocurrency, money orders—these forms of payment are another sign that you might be looking at a phishing attack. Scammers prefer these methods of payment because they’re difficult to trace. Additionally, consumers have little or no way to recover lost funds from these payment methods. 

Legitimate businesses and organizations won’t ask for payments in those forms. If you get a message asking for payment in one of those forms, you can bet it’s a scam. 

They use mismatched addresses. 

Here’s another way you can spot a phishing attack. Take a close look at the addresses the message is using. If it’s an email, look at the email address. Maybe the address doesn’t match the company or organization at all. Or maybe it does somewhat, yet it adds a few letters or words to the name. This marks yet another sign that you might have a phishing attack on your hands. 

Likewise, if the message contains a web link, closely examine that as well. If the name looks at all unfamiliar or altered from the way you’ve seen it before, that might also mean you’re looking at a phishing attempt. 

Protect yourself from phishing attacks 

1. Go directly to the source. Some phishing attacks can look convincing. So much so that you’ll want to follow up on them, like if your bank reports irregular activity on your account or a bill appears to be past due. In these cases, don’t click on the link in the message. Go straight to the website of the business or organization in question and access your account from there. Likewise, if you have questions, you can always reach out to their customer service number or web page.  
2. Follow up with the sender. Keep an eye out for emails that might be a spear phishing attack. If an email that looks like it came from a family member, friend, or business associate, follow up with them to see if they sent it. Particularly if asks for money, contains a questionable attachment or link, or simply doesn’t sound quite like them. Text, phone, or check in with them in person. Don’t follow up by replying to the email, as it may have been compromised.   
3. Don’t download attachments. Some phishing attacks send attachments packed with malware like the ransomware, viruses, and keyloggers we mentioned earlier. Scammers may pass them off as an invoice, a report, or even an offer for coupons. If you receive a message with such an attachment, delete it. And most certainly don’t open it. Even if you receive an email with an attachment from someone you know, follow up with that person. Particularly if you weren’t expecting an attachment from them. Scammers will often hijack or spoof email accounts of everyday people to spread malware.  
4. Hover over links to verify the URL. On computers and laptops, you can hover your cursor over links without clicking on them to see the web address. If the URL looks suspicious in any of the ways we mentioned just above, delete the message, and don’t ever click. 

Protect yourself from email attacks even further 

Online protection software can protect you from phishing attacks in several ways. 

For starters, it offers web protection that warns you when links lead to malicious websites, such as the ones used in phishing attacks. In the same way, online protection software can warn you about malicious downloads and email attachments so that you don’t end up with malware on your device. And, if the unfortunate does happen, antivirus can block and remove malware. 

Online protection software like ours can also address the root of the problem. Scammers must get your email address from somewhere. Often, they get it from online data brokers, sites that gather and sell personal information to any buyer—scammers included.  

Data brokers source this information from public records and third parties alike that they sell in bulk, providing scammers with massive mailing lists that can target thousands of potential victims. You can remove your personal info from some of the riskiest data broker sites with our Personal Data Cleanup, which can lower your exposure to scammers by keeping your email address out of their hands. 

In all, phishing emails have telltale signs, some more difficult to see than others. Yet you can spot them when you know what to look for and take the time to look for them. With these attacks so prevalent and on the rise, looking at your email with a critical eye is a must today. 

 

 

The post How to Spot Phishing Emails and Scams appeared first on McAfee Blog.

Online scams are evolving faster than ever, with cybercriminals using AI, deepfake technology, and social engineering to trick unsuspecting users.

In the past year, Americans have been targeted by an average of 14 scam messages per day, and deepfake scams have surged 1,740% in North America, according to McAfee’s State of the Scamiverse report. 

These scams go beyond simple phishing emails—scammers now impersonate trusted companies, friends, and even loved ones, making it critical to recognize the warning signs before falling victim.

Here’s how you can spot an online scam and protect yourself: 

  

5 tips to help you recognize an online scam

Scams are scary, but you can prevent yourself from falling for one by knowing what to look for. Here are a few tell-tale signs that you’re dealing with a scammer.  

They say you’ve won a huge prize

If you get a message that you’ve won a big sum of cash in a sweepstakes you don’t remember entering, it’s a scam. Scammers may tell you that all you need to do to claim your prize is send them a small fee or give them your banking information.  

When you enter a real sweepstakes or lottery, it’s generally up to you to contact the organizer to claim your prize. Sweepstakes aren’t likely to chase you down to give you money.  

They want you to pay in a certain way

Scammers will often ask you to pay them using gift cards, money orders, cryptocurrency (like Bitcoin), or through a particular money transfer service. Scammers need payments in forms that don’t give consumers protection.  

Gift card payments, for example, are typically not reversible and hard to trace. Legitimate organizations will rarely, if ever, ask you to pay using a specific method, especially gift cards.  

When you have to make online payments, it’s a good idea to use a secure service like PayPal. Secure payment systems can have features to keep you safe, like end-to-end encryption.  

They say it’s an emergency

Scammers may try to make you panic by saying you owe money to a government agency and you need to pay them immediately to avoid being arrested. Or the criminal might try to tug at your heartstrings by pretending to be a family member in danger who needs money.  

Criminals want you to pay them or give them your information quickly — before you have a chance to think about it. If someone tries to tell you to pay them immediately in a text message, phone call, or email, they’re likely a scammer.  

They say they’re from a government organization or company

Many scammers pretend to be part of government organizations like the Internal Revenue Service (IRS). They’ll claim you owe them money. Criminals can even use technology to make their phone numbers appear legitimate on your caller ID.  

If someone claiming to be part of a government organization contacts you, go to that organization’s official site and find an official support number or email. Contact them to verify the information in the initial message.  

Scammers may also pretend to be businesses, like your utility company. They’ll likely say something to scare you, like your gas will be turned off if you don’t pay them right away. 

The email is littered with grammatical errors

Most legitimate organizations will thoroughly proofread any copy or information they send to consumers. Professional emails are well-written, clear, and error-free. On the other hand, scam emails will likely be full of grammar, spelling, and punctuation errors.  

It might surprise you to know that scammers write sloppy emails on purpose. The idea is that if the reader is attentive enough to spot the grammatical mistakes, they likely won’t fall for the scam.  

8 most common online scams to watch out for

There are certain scams that criminals try repeatedly because they’ve worked on so many people. Here are a few of the most common scams you should watch out for.  

Phishing scams

A phishing scam can be a phone or email scam. The criminal sends a message in which they pretend to represent an organization you know. It directs you to a fraud website that collects your sensitive information, like your passwords, Social Security number (SSN), and bank account data. Once the scammer has your personal information, they can use it for personal gain.  

Phishing emails may try anything to get you to click on their fake link. They might claim to be your bank and ask you to log into your account to verify some suspicious activity. Or they could pretend to be a sweepstakes and say you need to fill out a form to claim a large reward.  

During the coronavirus pandemic, new phishing scams have emerged, with scammers claiming to be part of various charities and nonprofits. Sites like Charity Navigator can help you discern real groups from fake ones.  

Travel insurance scams

These scams also became much more prominent during the pandemic. Let’s say you’re preparing to fly to Paris with your family. A scammer sends you a message offering you an insurance policy on any travel plans you might be making. They’ll claim the policy will compensate you if your travel plans fall through for any reason without any extra charges.  

You think it might be a good idea to purchase this type of insurance. Right before leaving for your trip, you have to cancel your plans. You go to collect your insurance money only to realize the insurance company doesn’t exist.  

Real travel insurance from a licensed business generally won’t cover foreseeable events (like travel advisories, government turmoil, or pandemics) unless you buy a Cancel for Any Reason (CFAR) addendum for your policy.  

Grandparent scams

Grandparent scams prey on your instinct to protect your family. The scammer will call or send an email pretending to be a family member in some sort of emergency who needs you to wire them money. The scammer may beg you to act right away and avoid sharing their situation with any other family members. 

For example, the scammer might call and say they’re your grandchild who’s been arrested in Mexico and needs money to pay bail. They’ll say they’re in danger and need you to send funds now to save them.  

If you get a call or an email from an alleged family member requesting money, take the time to make sure they’re actually who they say they are. Never wire transfer money right away or over the phone. Ask them a question that only the family member would know and verify their story with the rest of your family.  

Advance fee scam

You get an email from a prince. They’ve recently inherited a huge fortune from a member of their royal family. Now, the prince needs to keep their money in an American bank account to keep it safe. If you let them store their money in your bank account, you’ll be handsomely rewarded. You just need to send them a small fee to get the money.  

There are several versions of this scam, but the prince iteration is a pretty common one. If you get these types of emails, don’t respond or give out your financial information.  

Tech support scams

Your online experience is rudely interrupted when a pop-up appears telling you there’s a huge virus on your computer. You need to “act fast” and contact the support phone number on the screen. If you don’t, all of your important data will be erased.  

When you call the number, a fake tech support worker asks you for remote access to your device to “fix” the problem. If you give the scammer access to your device, they may steal your personal and financial information or install malware. Worse yet, they’ll probably charge you for it.  

These scams can be pretty elaborate. A scam pop-up may even appear to be from a reputable software company. If you see this type of pop-up, don’t respond to it. Instead, try restarting or turning off your device. If the device doesn’t start back up, search for the support number for the device manufacturer and contact them directly.  

Formjacking and retail scams

Scammers will often pose as popular e-commerce companies by creating fake websites. The fake webpages might offer huge deals on social media. They’ll also likely have a URL close to the real business’s URL but slightly different. 

Sometimes, a criminal is skilled enough to hack the website of a large online retailer. When a scammer infiltrates a retailer’s website, they can redirect where the links on that site lead. This is called formjacking.  

For example, you might go to an e-commerce store to buy a jacket. You find the jacket and put it in your online shopping cart. You click “check out,” and you’re taken to a form that collects your credit card information. What you don’t know is that the checkout form is fake. Your credit card number is going directly to the scammers.  

Whenever you’re redirected from a website to make a payment or enter in information, always check the URL. If the form is legitimate, it will have the same URL as the site you were on. A fake form will have a URL that’s close to but not exactly the same as the original site. 

Scareware scams (fake antivirus)

These scams are similar to tech support scams. However, instead of urging you to speak directly with a fake tech support person, their goal is to get you to download a fake antivirus software product (scareware).  

You’ll see a pop-up that says your computer has a virus, malware, or some other problem. The only way to get rid of the problem is to install the security software the pop-up links to. You think you’re downloading antivirus software that will save your computer.  

What you’re actually downloading is malicious software. There are several types of malware. The program might be ransomware that locks up your information until you pay the scammers or spyware that tracks your online activity.  

To avoid this scam, never download antivirus software from a pop-up. You’ll be much better off visiting the website of a reputable company, like McAfee, to download antivirus software.  

Credit repair scams

Dealing with credit card debt can be extremely stressful. Scammers know this and try to capitalize off it. They’ll send emails posing as credit experts and tell you they can help you fix your credit or relieve some of your debt. They might even claim they can hide harmful details on your credit report. 

All you have to do is pay a small fee. Of course, after you pay the fee, the “credit expert” disappears without helping you out with your credit at all. Generally, legitimate debt settlement firms won’t charge you upfront. If a credit relief company charges you a fee upfront, that’s a red flag.  

Before you enter into an agreement with any credit service, check out their reputation. Do an online search on the company to see what you can find. If there’s nothing about the credit repair company online, it’s probably fake.  

What can you do if you get scammed online?

Admitting that you’ve fallen for an online scam can be embarrassing. But reporting a scammer can help stop them from taking advantage of anyone else. If you’ve been the victim of an online scam, try contacting your local police department and filing a report with the Federal Trade Commission (FTC).  

Several other law enforcement organizations handle different types of fraud. Here are a few examples of institutions that can help you report scams.  

• The National Center for Disaster Fraud (NCDS) handles fake scams involving natural disasters and other national crises.  
• The Internet Crime Complaint Center (IC3) handles scams involving malware, fake websites, and fraudulent emails. 
• You can report international scams through econsumer.gov. 
• You can report Social Security scams through the Office of the Inspector General website.  
• You can report scammers who pretend to be the IRS through the Treasury Inspector General for Tax Administration website.  
• You can report tax-related identity fraud to the IRS. 

Discover how McAfee can keep you and your info safe online

Fraudsters shouldn’t stop you from enjoying your time online. Just by learning to spot an online scam, you can greatly strengthen your immunity to cybercrimes.  

For an even greater internet experience, you’ll want the right tools to protect yourself online. McAfee+ can help you confidently surf the web by providing all-in-one protection for your personal info and privacy. This includes identity protection — which comes with 24/7 monitoring of your email addresses and bank accounts — and antivirus software to help safeguard your internet connection.  

Get the peace of mind that comes with McAfee having your back. 

The post How to Recognize an Online Scammer appeared first on McAfee Blog.

It’s the month of top seeds, big upsets, and Cinderella runs by the underdogs. With March Madness basketball cranking up, a fair share of online betting will be sure to follow—along with online betting scams. 

Since a U.S. Supreme Court ruling in 2018, individual states can determine their own laws for sports betting. Soon after, states leaped at the opportunity to legalize it in some form or other. Today, nearly 40 states and the District of Columbia have “live and legal” sports betting, meaning that people can bet on single-game sports through a retail or online sportsbook or a combination of the two in their state. 

And it has made billions of dollars for the government.

If you’re a sports fan, this news has probably been hard to miss. Or at least the outcome of it all has been hard to miss. Commercials and signage in and around games promote several major online betting platforms. Ads have naturally made their way online too, complete with all kinds of promo offers to encourage people to get in on the action. However, that’s also opened the door for scammers who’re looking to take advantage of people looking to make a bet online, according to the Better Business Bureau (BBB). Often through shady or outright phony betting sites. 

Let’s take a look at the online sports betting landscape, some of the scams that are cropping up, and some things you can do to make a safer bet this March or any time.  

Can I bet on sports in my state, and how? 

Among the 30 states that have “live and legal” sports betting, 19 offer online betting, a number that will likely grow given various state legislation that’s either been introduced or will be introduced soon. 

If you’re curious about what’s available in your state, this interactive map shows the status of sports betting on a state-by-state level. Further, clicking on an individual state on the map will give you yet more specifics, such as the names of retail sportsbooks and online betting services that are legal in the state. For anyone looking to place a bet, this is a good place to start. It’s also helpful for people who are looking to get into online sports betting for the first time, as this is the sort of homework that the BBB advises people to do before placing a sports bet online. In their words, you can consider these sportsbooks to be “white-labeled” by your state’s gaming commission.

 

However, the BBB stresses that people should be aware that the terms and conditions associated with online sports betting will vary from service to service, as will the promotions that they offer. The BBB accordingly advises people to closely read these terms, conditions and offers. For one, “Gambling companies can restrict a user’s activity,” meaning that they can freeze accounts and the funds associated with them based on their terms and conditions. Also, the BBB cautions people about those promo offers that are often heavily advertised, “[L]ike any sales pitch, these can be deceptive. Be sure to read the fine print carefully.” 

Scammers and online betting 

Where do scammers enter the mix? The BBB points to the rise of consumer complaints around bogus betting sites: 

“You place a bet, and, at first, everything seems normal. But as soon as you try to cash out your winnings, you find you can’t withdraw a cent. Scammers will make up various excuses. For example, they may claim technical issues or insist on additional identity verification. In other cases, they may require you to deposit even more money before you can withdraw your winnings. Whatever you do, you’ll never be able to get your money off the site. And any personal information you shared is now in the hands of scam artists.” 

If there’s a good reason you should stick to the “white labeled” sites that are approved by your state’s gaming commission, this is it. Take a pass on any online ads that promote betting sites, particularly if they roll out big and almost too-good-to-be-true offers. These may lead you to shady or bogus sites. Instead, visit the ones that are approved in your state by typing in their address directly into your browser. 

Ready to place your bet? Keep these things in mind. 

In addition to what we mentioned above, there are several other things you can do to make your betting safer. 

1) Check the rep of the service.

In addition to choosing a state-approved option, check out the organization’s BBB listing at BBB.org. Here you can get a snapshot of customer ratings, complaints registered against the organization, and the organization’s response to the complaints, along with its BBB rating, if it has one. Doing a little reading here can be enlightening, giving you a sense of what issues arise and how the organization has historically addressed them. For example, you may see a common complaint and how it’s commonly resolved. You may also see where the organization has simply chosen not to respond, all of which can shape your decision whether to bet with them or not. 

2) Use a secure payment method other than your debit card.

Credit cards are a good way to go. One reason why is the Fair Credit Billing Act, which offers protection against fraudulent charges on credit cards by giving you the right to dispute charges over $50 for goods and services that were never delivered or otherwise billed incorrectly. Your credit card companies may have their own policies that improve upon the Fair Credit Billing Act as well. Debit cards don’t get the same protection under the Act. 

3) Get online protection.

Comprehensive online protection software will defend you against the latest virus, malware, spyware, and ransomware attacks plus further protect your privacy and identity. In addition to this, it can also provide strong password protection by generating and automatically storing complex passwords to keep your credentials safer from hackers and crooks who may try to force their way into your accounts. And, specific to betting sites, online protection can help prevent you from clicking links to known or suspected malicious sites. 

Make the safe(r) bet 

With online betting cropping up in more and more states for more and more people, awareness of how it works and how scammers have set up their presence within it becomes increasingly important. Research is key, such as knowing who the state-approved sportsbooks and services are, what types of betting are allowed, and where. By sticking to these white-label offerings and reading the fine print in terms, conditions, and promo offers, people can make online betting safer and more enjoyable. 

Editor’s Note: If gambling is a problem for you or someone you know, you can seek assistance from a qualified service or professional. Several states have their own helplines, and nationally you can reach out to resources like http://www.gamblersanonymous.org/ or https://www.ncpgambling.org/help-treatment/. 

The post How to Protect Yourself from March Madness Scams appeared first on McAfee Blog.