John C. isn’t the person you picture getting scammed. 

He’s 36. He’s tech-savvy. He’s a mechanical engineer leading a team at a national energy lab in Denver. And he told us his story for one reason: “Scammers will target anyone.” 

It began with a phone call from someone claiming to be the IRS. They said John had underpaid his taxes and needed to resolve it quickly. The caller sounded polished and convincing, so convincing that John didn’t stop to question it. 

“I thought maybe they sent back too much money [in my refund], and they needed it back,” he said. “I was just so busy and overwhelmed that I never really stopped to think about the situation.” 

A follow-up email arrived with IRS logos, clean formatting, and a big payment button. John was trying to move fast between classes as he finished up his PhD, and he wanted to correct the situation as quickly as possible. 

“I was like, let me just hurry up and do this, get it over with.” 

He clicked. He paid. But later, when he checked his statement, he saw the charge didn’t look like an IRS payment at all. In fact, it was an international charge. The whole thing was a scam. 

John said the scammer on the phone had appealed to his emotions and been incredibly convincing.  

“It was absolutely masterful,” John said. “I would give him an Oscar for it. 

And new McAfee research shows John isn’t alone, with nearly 1 in 4 (23%) US adults surveyed revealing they’ve lost money to a tax scam.  

Key findings from McAfee’s 2026 Tax Season Survey 

Here’s what our January 2026 survey of 3,008 U.S. adults found: 

The big picture: lots of worry, not enough confidence 

• 82% of Americans say they’re concerned about tax fraud this season. 
• 67% say they’re seeing the same or more tax scam messages than last year. 
• 40% say tax scam messages are more sophisticated than last year. 
• 84% are concerned about AI making tax scams more realistic. 
• Only 29% say they’re very confident they could spot a deepfake tax scam. 

How often scams are reaching people 

• 34% say they’ve been contacted by someone claiming to be the IRS or another tax authority (phone, text, or email). 
• 38% say they’ve been asked to click a link or send payment related to a “tax issue.” 
• Common asks include SSNs (15%), birth dates (11%), addresses (10%), “you owe back taxes” pressure (9%), and banking details (8%). 

Who is getting hit hardest 

• Nearly 1 in 4 Americans (23%) say they’ve fallen for a tax scam. 
• Young adults report the highest exposure: 42% of 18–24-year-olds say they’ve fallen for at least one tax scam. 
• 11% of Americans report tax-related identity theft, rising to 17% among ages 25–34. 

The money is real 

• Among people who say they’ve fallen for a tax scam, the average loss is $1,020. 
• Separately, nearly 1 in 5 Americans say they’ve lost money to a tax scam. 

Tax filing is increasingly digital (and that changes the risk) 

• 55% say they file taxes online (software or IRS Free File). 
• 75% say they receive refunds or pay taxes electronically (direct deposit, cards, apps, EFTPS, etc.). 
• 30% say they plan to use an AI tool (like ChatGPT) to help prepare taxes, especially younger adults. This is highly dangerous, even with platform security protections. For example, if an AI tool were compromised in a data breach, user messages with personal tax information (like social security numbers, home address, and more) could be made public.  

Tax Scams Now Hit Year-Round, McAfee Labs Finds 

In addition to our consumer survey findings, McAfee Labs analyzed malicious URLs, apps, texts, and emails in the months leading up to filing season. 

The major takeaway: tax scams don’t wait for April. 

Scam activity began climbing as early as November and has again continued building steadily into 2026. 

Between September 1, 2025, and February 19, 2026, McAfee Labs identified 1,468 malicious or suspicious tax-themed unique domains, an average of 43 new fake tax websites every day. 

In early November 2025 alone, the average number of new tax-themed malicious domains nearly doubled in just over a week. After a brief dip in late December, activity resumed climbing into February, a pattern we expect to intensify as the April filing deadline approaches. 

 

Fake IRS Websites Are A Major Threat 

Scammers are rapidly creating lookalike IRS domains that mimic official government URLs.  

They use small changes, extra letters, added words, subtle misspellings, to trick taxpayers into believing they’re on a legitimate IRS site. 

Examples include domains that insert additional text around “irs.gov” or add misleading subdomains designed to pass a quick glance. 

These fake portals are used to: 

• Steal login credentials 
• Harvest Social Security numbers and tax IDs 
• Capture payment details 
• Charge bogus “processing fees” 

In some cases, these sites don’t just steal, they overcharge. 

McAfee Labs observed scam services offering to file for an EIN (Employer Identification Number), something the IRS provides for free, and charging as much as $319 for it. 

Example of a scam website we found charging for an EIN. 

The official IRS website explicitly warns: you never have to pay a fee to obtain an EIN. 

Other scam sites misuse legitimate policy terms, like the “Fresh Start Initiative,” to harvest personal data and enroll victims in aggressive robocall and marketing campaigns. 

Tax scams don’t always steal outright. Sometimes they monetize confusion. 

How a Typical Tax Scam Unfolds 

Most tax scams aren’t one single message. They’re a sequence, designed to make you panic, click, and comply. 

Below is the common playbook, plus the red flags that show up repeatedly. 

*Note: Scammers may swap the details like AI voice, fake IRS videos, cloned websites, or impersonating tax software, but the pattern stays familiar. 

Step	What happens	Red flags you’ll see at this step	Red flags that are true every time	What to do instead
1) The hook	You get a call, text, or email claiming there’s a tax issue (refund problem, underpayment, verification needed).	Message arrives out of nowhere, often during busy hours; “final notice” language; spoofed caller ID.	Unexpected contact + urgency.	Don’t engage. Pause. Go directly to IRS.gov or your tax provider’s official site (type it in).
2) The authority move	They lean hard on being “the IRS” or “state tax authority,” sometimes with personal details.	They sound polished; may use AI voice cloning; may cite a “case number.” Fake or meaningless case numbers are very common.	They want you to trust the title, not verify the source.	Ask for written notice and time. Real tax issues can be verified through official channels.
3) The link	They send a link to a “secure portal” or “refund page.”	Lookalike website, subtle misspellings, weird domain, shortened link, email button that says “Pay Now.”	They’re trying to pull you off official channels.	Never click the link. Navigate to the real site yourself. If unsure, delete it.
4) The data grab	The site (or “agent”) asks for SSN, banking info, login credentials, or details from a prior return.	Requests that are broader than needed; “verify identity” prompts; form fields that feel too invasive.	They want sensitive info fast.	Stop. Don’t type anything. If you already did, assume it’s compromised and act quickly (see next section).
5) The payment push	They demand payment to “avoid penalties,” “release your refund,” or “resolve a mistake.”	Gift cards, crypto, wire transfers, payment apps; pressure to pay today; threats.	Urgency + unusual payment method.	The IRS does not demand immediate payment via text/social, and doesn’t require gift cards or crypto. Verify independently.
6) The escalation	If you hesitate, they intensify: threats, “law enforcement,” or AI video/audio that “proves” it’s real.	Deepfake IRS video, intimidating language, “you’ll be arrested,” “your license will be revoked.”	Fear is the product.	Hang up. Save evidence. Talk to a trusted person. Contact official support through verified numbers.
7) The aftermath	You realize it was a scam—often after noticing a strange charge or login activity.	Charges from odd merchants; new accounts; IRS account alerts; failed tax filing due to “duplicate return.”	Shame keeps people quiet—scammers count on that.	Report it and protect your identity right away. You’re not alone, and it’s not your fault.

Key point: A message can look “official” and still be fake. AI is making scam language smoother and scams more believable. The safest habit is simple: slow down, and verify using official sources you navigate to yourself. 

What to do if you’ve been involved in a tax scam 

First: take a breath. Scams are designed to trick you, especially when you’re overwhelmed, rushed, or just trying to fix a problem quickly. 

John said it plainly: “Don’t be embarrassed. It does happen. It’s common… they will target anyone.” 

And he’s right. The most important thing is what you do next. 

1) Stop the bleeding: cut off contact 

• Stop replying 
• Don’t click anything else 
• Don’t send more information or money 

2) Capture proof (before it disappears) 

Take screenshots and save: 

• Phone numbers, email addresses, usernames 
• The message content 
• Links (don’t click them, just copy) 
• Payment receipts and transaction IDs 

3) Lock down your accounts (especially email) 

If a scammer gets into your email, they can reset passwords for everything else. 

Do this today: 

• Change your email password first, then banking/tax accounts 
• Turn on two-factor authentication (2FA) 
• If you reused passwords anywhere, change those too 

Important: If you clicked a suspicious link, downloaded a file, or gave someone remote access to your computer, make sure you use a different, trusted device (like your phone or another computer) to change passwords. Why? If a scammer installed malware or has access to your computer, they may be able to see all of your brand-new passwords as you’re making them. 

Tip: A password manager like McAfee’s can help you create strong, unique passwords quickly, without having to memorize them all. 

4) Check for identity theft signals 

Tax scams often turn into identity theft. Watch for: 

• IRS notices about a return you didn’t file 
• Trouble e-filing because a return was already submitted 
• Alerts about a new IRS online account you didn’t create 

If you suspect tax-related identity theft: 

• Consider filing an IRS identity theft report (commonly done with IRS Form 14039, Identity Theft Affidavit). 
• Create or log into your IRS account periodically to review account activity (John now does this every few months). 

McAfee’s Identity Monitoring can help restore your sense of security and privacy online.  

5) Report it (even if you feel weird about it) 

Reporting helps you and helps stop the next person from getting hit. 

Common reporting options include: 

• FTC report: Report scams and identity theft at the FTC’s reporting site. 
• IRS phishing email: If you received a scam email posing as the IRS, you can forward it to phishing@irs.gov. 
• Your bank or card provider: If you paid, contact them immediately. Even if recovery isn’t guaranteed, speed matters. 

6) Clean up your digital footprint 

Scammers don’t just use what you give them. They also use what they can look up. 

Removing your personal details from risky data broker sites can reduce how easily scammers can target you again. Tools like Personal Data Cleanup can help you identify where your information is exposed and guide removal. 

7) Add protection for the next attempt 

Tax season scams often come in waves, especially if scammers think your info is “good.” 

Helpful layers include: 

• Web protection to warn you about risky links and lookalike sites before you enter info – get our free WebAdvisor download here 
• Scam detection that can flag suspicious messages 
• Identity monitoring to alert you if key personal info shows up in risky places 
• Run a free antivirus scan to check your device for malware or unwanted programs (especially if you clicked a link or downloaded anything) 

The key takeaway 

Tax season creates the perfect storm: time pressure, sensitive data, and a lot of official-looking communication. 

Our research shows most people are worried, and for good reason. Scammers are getting more convincing, and AI is raising the bar on what “real” looks and sounds like. 

“Tell your friends, tell your family,” John said. “Everyone I know at some point has heard this story, and it might just prevent someone from losing… thousands of dollars.” 

If you remember just three things this season, make them these: 

1. Pause before you click. 
2. Verify through official channels you navigate to yourself. 
3. If something happens, act quickly, and don’t blame yourself. 

The post Tax Scams Hit Nearly 1 in 4 Adults. Spot the Red Flags appeared first on McAfee Blog.

This week in scams, we’re looking at three very different stories with the same underlying theme: trust is being exploited at scale. 

A massive government contractor data breach has quietly grown to affect more than 25 million people. Meanwhile, a viral AI-generated image of Mary-Kate and Ashley Olsen posing in a fake luxury campaign is spreading across social media, fooling some users and alarming others. 

And in a new threat report, OpenAI detailed how its own tools are being misused for dating scams, impersonation, and influence operations. 

Let’s break it down. 

The Conduent Data Breach Now Impacts 25+ Million People 

The fallout from a ransomware attack on Conduent, one of the largest government contractors in the U.S., continues to expand. 

According to reporting from TechCrunch, updated state-level breach notifications now indicate that more than 25 million people across the U.S. have had personal data exposed. 

Conduent provides services tied to state benefit programs, including food assistance, unemployment systems, and other government payment processing operations. The company has said its services reach over 100 million people. 

Data reportedly exposed in the breach includes: 

• Names 
• Dates of birth 
• Addresses 
• Social Security numbers 
• Health insurance and medical information 

TechCrunch noted that the majority of affected individuals appear to be in Oregon and Texas, based on state breach disclosures. Other states have also reported an impact. 

The attack has been described as one of the largest government-contractor-related data breaches in recent memory. 

Why this matters: When companies that process government benefits are hit, the exposed data often includes highly sensitive identity information. Social Security numbers combined with medical or insurance details can significantly increase the risk of identity theft and fraud. 

How to Protect Yourself After a Major Data Breach 

If you believe your data may have been exposed: 

• Monitor your credit reports for unfamiliar activity 
• Consider placing a free credit freeze 
• Be wary of phishing emails or texts referencing benefits or account verification 
• Never share personal information in response to unexpected outreach 

Breaches like this often lead to secondary scams months later. The breach itself is only phase one. Phishing campaigns usually follow. 

That Viral Olsen Twins “Louis Vuitton” Image? It’s AI. 

A supposed luxury campaign featuring Mary-Kate and Ashley Olsen began circulating widely on X and Facebook this week, racking up millions of views. 

The images show the twins styled in what appears to be a high-end fashion shoot, drawing numerous comments over their styling. But social media users quickly pointed out visual irregularities and inconsistencies commonly associated with AI-generated imagery. 

A screenshot of one of the AI images making thr rounds across social media.

While this doesn’t fall into our typical “scam” roundup, the normalization of AI-generated visuals that look close enough to real to confuse people are a growing issue that can lead to real confusion and distrust. 

We have entered a phase where: 

• Fake ads look legitimate 
• Public figures appear in campaigns they never participated in 
• Synthetic images spread faster than corrections 

Today it’s a fashion ad. Tomorrow it could be a fake political endorsement, financial announcement, or emergency alert. 

The takeaway: If you see a surprising campaign or announcement, verify it through official brand websites or verified accounts before assuming it’s real. 

OpenAI Details How ChatGPT Is Being Misused

In a newly released threat report, OpenAI outlined several ways its tools have been abused by bad actors. 

According to Reuters’ reporting: 

A cluster of accounts used ChatGPT to run a dating scam targeting Indonesian men, allegedly defrauding hundreds of victims per month. 

Some accounts used the tool to generate promotional copy and ads for a fake dating platform that pressured users into completing costly “tasks.”

Other accounts posed as law firms, impersonating real attorneys and U.S. law enforcement to target fraud victims.

OpenAI also banned accounts linked to activity believed to be part of influence operations, including efforts targeting Japanese political figures. 

OpenAI stated that the activity was detected and accounts were removed. 

Why this matters: AI tools themselves are not inherently scams. But they dramatically lower the cost and increase the scale of fraud operations. Writing persuasive emails, generating fake legal letters, building scam ads… these now require fewer technical skills than ever before. 

The technology doesn’t create the criminal intent. It just accelerates it. 

McAfee’s Safety Tips This Week 

1. Assume viral images could be AI-generated until verified 
2. Verify unexpected announcements through official websites 
3. Treat post-breach emails as suspicious by default 
4. Be skeptical of online “consultation” invites that promise payment 
5. Never send money to someone you’ve only met online 

We’ll Be Back Next Week 

From ransomware breaches to AI-generated impersonations, the pattern is clear: scammers are scaling trust manipulation with technology. 

Stay skeptical. Verify before you click. And we’ll be back next week with another breakdown of what’s making headlines, and what it actually means for your security. 

For more reading on AI deepfakes and breaches: 

Taylor Swift Tops List of Most Deepfaked Celebs

What to Do If You’re Caught Up in a Data Breach

Everything You Need to Know to Keep Your Passwords Secure

The post This Week in Scams: Conduent Data Breach and AI Olsen Twins appeared first on McAfee Blog.

Start using a new app and you’ll often be asked to grant it permissions. But blindly accepting them could expose you to serious privacy and security risks.

X (formerly Twitter) hacks tend to hit fast. 

One minute you’re scrolling like normal. The next, your account is posting crypto promotions, sending spam DMs, or following hundreds of random accounts you’ve never heard of. Sometimes you don’t even notice until a friend asks why you’re suddenly “giving away” gift cards. 

If you use X for work, your personal brand, or your business, a takeover can do real damage quickly. And in many cases, the hacker isn’t just trying to cause chaos, they’re trying to use your account to scam your followers while you still look trustworthy. 

This guide walks you through exactly what to do if your X account has been hacked: how to spot the warning signs, how to regain access, and what to change immediately so it doesn’t happen again. 

If you’re still locked out after trying these steps, X also offers an official support form for hacked or compromised accounts. 

Signs Your X Account May Be Compromised 

X account takeovers don’t always start with a full lockout. Often, the first signs are strange activity you didn’t authorize. 

Watch for these red flags: 

Unexpected posts: Tweets you didn’t write, especially spam, crypto links, or promotions. 

Unusual DMs: Messages sent from your account that you don’t remember sending. 

Account behavior changes: Random follows, unfollows, blocks, or profile changes you didn’t approve. 

Security notifications: Alerts from X that your account may be compromised. 

Account info changed: Notifications that your email, phone number, or password was updated without your permission. 

Password suddenly stops working: You’re prompted to reset your password even though you didn’t request it. 

If any of these are happening, assume your account is compromised and start recovery steps immediately. 

What to Change Immediately If Your X Account Was Hacked 

If your X account was hacked, assume your login details may have been stolen. 

That means simply getting back into your account isn’t enough, you also need to update the passwords and settings attackers could still use. 

Here’s what to change right away: 

• Change your X password 
• Change the password for the email account connected to X 
• Turn on two-factor authentication (2FA) 
• Confirm your email address and phone number are correct 
• Revoke access for any suspicious third-party apps 
• Review X Pro / Teams access (if you use it) and remove unfamiliar users 
• Update any other accounts that share the same password 
• Delete unauthorized posts and DMs (once you regain control) 

If you suspect the hack started through malware or phishing, it’s also smart to update passwords for other sensitive accounts tied to your identity, like banking apps, payment apps, or your Apple/Google account. 

Using a password manager like McAfee’s can help you create strong, unique passwords for every account, and store them securely in one place. 

Step-by-Step: How to Recover a Hacked X Account 

X offers different recovery options depending on whether you can still log in. 

Step	What to Do	Why It Matters
1. Change your password immediately (if you can still log in)	Go into your X account settings and update your password to something strong and unique.	This is the fastest way to cut off unauthorized access.
2. Reset your password if you’re locked out	Use the “Forgot password” option on the login screen to start account recovery.	This can help you regain access even if the hacker changed your password.
3. Secure your email account	Change your email password and enable 2FA. Make sure only you can access it.	If your email is compromised, the hacker can keep resetting your X account.
4. Reverse suspicious email changes if possible	If you receive an email about an account email change, check for an option to undo it.	This may allow you to regain control before the hacker fully locks you out.
5. Revoke third-party app access	While logged in, review connected apps and remove anything you don’t recognize.	Some takeovers happen through malicious apps, not direct password guessing.
6. Revoke mobile app sessions if needed	If suspicious activity continues, revoke access for X mobile apps from your settings so they’re forced to re-authenticate.	X notes that password changes may not automatically log out mobile sessions.
7. Update your password anywhere it’s saved	If you use trusted apps or services that store your X password, update it there too.	Repeated failed login attempts can temporarily lock your account.
8. Turn on 2FA	Enable two-factor authentication as soon as you regain control.	This adds a strong layer of protection even if your password gets stolen again.
9. Contact X support if you still can’t regain access	Submit X’s hacked/compromised account request form. Include your username and the last date you had access.	If self-recovery fails, support may be able to help restore access.

If you’re still unable to log in after attempting recovery, visit X’s official hacked account support form for next steps. 

Watch for Phishing “X Support” Scams 

One of the most common ways X accounts get hacked is through phishing. 

Scammers impersonate: 

• X support 
• “verified account” teams 
• copyright warnings 
• fake sponsorship offers 
• fake security alerts claiming your account will be suspended 

They try to pressure you into clicking a link and logging in on a fake page designed to steal your password. 

If you receive a suspicious email or DM, don’t click. 

Instead, open X directly in the app or browser and check your account settings from there. 

Final Tips: Recovering From an X Hack 

A hacked X account can spread scams quickly, especially if the attacker uses your account to message followers directly. 

The most important steps are: 

• Act quickly 
• Change your password immediately 
• Secure the email account connected to X 
• Revoke suspicious third-party app access 
• Review X Pro / Teams access if applicable 
• Enable two-factor authentication (2FA) 
• Delete unauthorized posts once you regain control 
• Scan your device for malware 

McAfee offers a free antivirus scan that can help you detect malware or suspicious programs that may have compromised your account in the first place. 

And if you’re still locked out or something doesn’t look right, use X’s official support request form to report the account as hacked or compromised. 

Frequently Asked Questions 

Q: How do I know if my X account was hacked? A: Common signs include posts or DMs you didn’t send, unusual follows/unfollows, account changes you didn’t authorize, security alerts from X, or a password that suddenly stops working.

Q: If I change my password, will the hacker be logged out? A: Changing your password is critical, but some mobile sessions may remain active. X recommends revoking app access in your settings if suspicious activity continues.

Q: What should I do if my email address was changed? A: Check your inbox for an email from X about the change. In some cases, you may be able to reverse it using the security link. If you can’t, start account recovery immediately and submit a support request if needed.

Q: Should I remove third-party apps after a hack? A: Yes. X notes that malicious or untrusted third-party apps can compromise your account. Remove anything you don’t recognize or no longer use.

Q: What if I still can’t log in after resetting my password? A: Submit a hacked account support request through X’s official form. Be sure to include your username and the last date you had access.

Q: What’s the biggest mistake people make after their X account gets hacked? A: Only changing their password. If the attacker still has access through connected apps, a compromised email account, or saved sessions, they can regain control quickly.

 

The post X (Twitter) Account Hacked: What to Do Right Now appeared first on McAfee Blog.

Instagram hacks don’t always start with a dramatic “you’ve been locked out” moment. 

More often, it starts with something small: your followers asking why you just sent them a weird link. Your account suddenly following hundreds of random profiles. A post you didn’t write showing up in your feed. Or an email from Instagram saying your login details were changed. 

By the time you realize what’s happening, scammers may already be using your account to impersonate you, message your followers, or promote fake giveaways and crypto scams through your profile. 

This guide walks you through exactly what to do if your Instagram account has been hacked: how to spot the warning signs, how to regain access, and what to change immediately so it doesn’t happen again. 

And if you’re still having trouble at any stage, be sure to visit Instagram’s official recovery tools for additional support. 

Signs Your Instagram Account May Be Compromised 

Instagram account takeovers don’t always look obvious at first. In many cases, the first signs are subtle changes you didn’t make. 

Watch for these red flags: 

Password or email changes you didn’t request: You may receive an email saying your account information was updated. 

Suspicious login alerts: Notifications about a login attempt, new device, or verification code you didn’t request. 

Posts, Stories, or Reels you didn’t publish: Scammers often post crypto promotions, fake giveaways, or sketchy links. 

DMs you didn’t send: A common tactic is using your account to message your followers with phishing links. 

Your account starts following random accounts: Hackers may use compromised accounts to inflate scam pages or bot networks. 

Your profile info has been edited: Name, bio, profile photo, or website links changed without your permission. 

If any of these are happening, assume your account is compromised and start recovery steps immediately. 

What to Change Immediately If Your Instagram Account Was Hacked 

If your Instagram account was hacked, assume your login details may have been stolen. 

That means simply getting back into your account isn’t enough, you also need to update the passwords and settings attackers could still use. 

Here’s what to change right away: 

• Change your Instagram password 
• Change the password for the email account connected to Instagram 
• Turn on two-factor authentication (2FA) 
• Log out of all active sessions/devices 
• Remove suspicious third-party apps connected to your account 
• Confirm your phone number and email address are correct 
• Check Accounts Center and remove linked accounts you don’t recognize 
• Update any other accounts that share the same password 

If you suspect the hack started through malware or a phishing link, it’s also smart to update passwords for other sensitive accounts tied to your identity, like banking apps, payment apps, or your Apple/Google account. 

Using a password manager like McAfee’s can help you create strong, unique passwords for every account, and store them securely in one place. 

Step-by-Step: How to Recover a Hacked Instagram Account 

Instagram provides several recovery options depending on what information you still have access to (email, phone number, username, or trusted device). 

Step	What to Do	Why It Matters
1. Visit Instagram’s hacked account recovery page	Use Instagram’s official hacked account recovery flow in your browser or app.	This is often the fastest way to secure your account and start recovery.
2. Check your email for security messages from Instagram	Look for messages about password changes or email changes. If Instagram gives you a link to undo the change, use it immediately.	If a hacker changed your email address, this may be your quickest chance to reverse it.
3. Request a login link	Use “Forgot password?” to request a login link sent to your email or phone number.	This can restore access even if your password was changed.
4. Request a security code or additional support	If login links aren’t working, follow Instagram’s prompts to request further help. Use an email address only you can access.	If the attacker changed your contact info, you may need additional verification steps.
5. Complete identity verification if prompted	Instagram may ask you to verify your identity, including submitting a video selfie if your account contains photos of you.	This helps Instagram confirm you’re the real account owner.
6. Change your password immediately after regaining access	Reset your password to something strong and unique.	This cuts off access and helps prevent repeat takeovers.
7. Remove suspicious linked accounts and apps	Check Accounts Center and remove anything unfamiliar. Revoke access for any third-party apps you don’t trust.	Hackers may leave behind access routes to get back in later.
8. Turn on 2FA and login alerts	Enable two-factor authentication and set alerts for new logins.	This makes it much harder for attackers to regain access.

If you’re still unable to recover your account, visit Instagram’s official support and recovery tools for additional help. 

Watch for Phishing “Instagram Support” Scams 

One of the most common ways Instagram accounts get hacked is through phishing. 

Scammers impersonate: 

• Instagram support 
• verification teams 
• copyright violation notices 
• “your account will be deleted” warnings 
• fake giveaway collaborations 

Their goal is to pressure you into clicking a link and entering your password on a fake login page. 

If you receive a suspicious email or DM, don’t click. 

Instead, open Instagram directly in the app and check your security settings from there. 

If you think you entered your login info into a suspicious link, change your password immediately and secure your account right away. 

Final Tips: Recovering From an Instagram Hack 

A hacked Instagram account is stressful for a reason: it doesn’t just affect your profile. It affects your followers, your reputation, and your private messages. 

The most important steps are: 

• Act quickly 
• Check your email for Instagram security alerts 
• Use Instagram’s official hacked account recovery tools 
• Change your password immediately 
• Log out of all active sessions 
• Remove suspicious apps and linked accounts 
• Enable two-factor authentication (2FA) 
• Scan your device for malware 

McAfee offers a free antivirus scan that can help you detect malware or suspicious programs that may have compromised your account in the first place. 

And if you’re still locked out or something doesn’t look right, follow Instagram’s official recovery guidance and contact Instagram support directly. 

Frequently Asked Questions 

Q: How do I know if my Instagram account was hacked? A: Common signs include password or email changes you didn’t request, suspicious login alerts, DMs you didn’t send, posts you didn’t publish, or unexpected changes to your profile details.

Q: What if my Instagram email address was changed? A: Check your inbox for an email from Instagram about the change. In some cases, Instagram may provide a security link that lets you reverse it. If you can’t undo the change, start the hacked account recovery process as soon as possible.

Q: What if I can’t log in at all? A: Use Instagram’s official hacked account recovery tools. Depending on your situation, Instagram may offer login links, security codes, or identity verification options to help you regain access.

Q: Should I remove third-party apps after a hack? A: Yes. Some account takeovers happen because an unsafe app was given access. Remove anything you don’t recognize or no longer use.

Q: What’s the biggest mistake people make after getting hacked? A: Only changing their Instagram password. If the attacker still has access through your email account, linked accounts, or suspicious third-party apps, they can regain control quickly.

Q: Can Instagram ask me to verify my identity? A: Yes. In some cases, Instagram may ask you to confirm ownership through verification steps. This can include submitting additional information or completing a video selfie process.

 

The post My Instagram Has Been Hacked – What Do I Do Now? appeared first on McAfee Blog.

It usually starts with a small, uneasy moment. 

A password reset email you don’t remember requesting. A login alert that doesn’t make sense. Strange comments showing up under your username that you swear you didn’t write. 

Sometimes you don’t notice at all…until someone messages you asking why you’re suddenly promoting crypto giveaways, posting spam links, or commenting across random subreddits. 

A hacked Reddit account isn’t just embarrassing. It can be a real security risk. Attackers often use compromised accounts to spread scams, steal personal information, or take advantage of your reputation in online communities. 

This guide walks you through exactly what to do if your Reddit account has been compromised: how to spot the warning signs, how to regain control, and what security steps to take so it doesn’t happen again. 

Signs Your Reddit Account May Be Compromised 

Reddit account takeovers don’t always look dramatic at first. The earliest warning signs often feel subtle. 

Watch for these red flags: 

Password or email changes you didn’t make: You may receive an email from Reddit saying your password or email address was updated. 

Posts, comments, votes, or chat messages you don’t recognize: Hackers often use your account to upvote scam content or spam communities. 

Authorized apps you don’t remember approving: Some attackers compromise accounts through unsafe third-party apps or browser extensions. 

Unusual login activity or unfamiliar IP history: Reddit allows you to review recent account activity, which may show logins from locations you’ve never visited. 

Sudden account lock or forced reset notice: In some cases, Reddit may lock your account or prompt a password reset as a security precaution. 

If any of these are happening, assume your Reddit account is compromised and start recovery steps immediately. 

What to Change Immediately If Your Reddit Account Was Hacked 

If your Reddit account was hacked, assume your login details may have been stolen. 

That means simply getting back into your account isn’t enough, you also need to update the passwords and settings attackers could still use. 

Here’s what to change right away: 

• Change your Reddit password 
• Change the password for the email account connected to Reddit 
• Update any other accounts that share the same password 
• Remove suspicious authorized apps 
• Log out of all active sessions/devices 
• Turn on two-factor authentication (2FA) 
• Update your recovery options (email, phone, backup codes) 

If you think the hack started from malware or a phishing link, it’s also smart to update passwords for other sensitive accounts, like banking, payment apps, or your Apple/Google account. Using a password manager like McAfee’s can help you create strong, unique passwords for every account, and store them securely in one place. 

Step-by-Step: How to Recover a Hacked Reddit Account 

Step	What to Do	Why It Matters
1. Reset your password immediately	Use Reddit’s password reset flow and create a strong new password.	This is the fastest way to cut off unauthorized access. Resetting your password can also log you out across devices.
2. Check your inbox for Reddit security emails	Look for emails saying your password or email address was changed. Follow any “this wasn’t me” instructions if available.	If a hacker changed your account details, Reddit’s security email may be your best chance to reverse it quickly.
3. Review account activity and active sessions	Check where your account is logged in and log out of unfamiliar sessions/devices.	Hackers often stay logged in even after making changes, especially if you don’t remove active sessions.
4. Remove suspicious authorized apps	Review connected apps and revoke access for anything you don’t recognize or no longer use.	Some account takeovers happen through unsafe third-party apps, not password guessing.
5. Scan your device for malware	Run a trusted security scan to check for spyware, password-stealing malware, or malicious browser extensions. McAfee offers a free antivirus scan service.	If your device is compromised, attackers can steal your new password(s) immediately.
6. Secure the email account tied to Reddit	Change your email password and enable 2FA. Check recovery settings to make sure they’re yours.	If your email is compromised, the attacker can keep resetting your Reddit account and locking you out.
7. Contact Reddit support if you’re still locked out	Submit a request and choose: Security problems → I think my account has been hacked. Include your username and details.	Reddit may be able to help restore access or reverse changes if self-recovery doesn’t work.

 

Watch for Phishing “Reddit Support” Scams 

One of the most common ways accounts get compromised is through phishing. 

Scammers impersonate: 

• Reddit moderators 
• Reddit admin messages 
• Security alerts 
• Fake “copyright violation” notices 

They try to trick you into clicking a link and logging in on a fake site. 

If you receive a suspicious message, don’t click. 

Instead, open Reddit directly in your browser or app and check your account settings from there. 

Final Tips: Recovering From a Reddit Hack 

A hacked Reddit account can feel strangely personal, because your profile reflects your interests, communities, and identity online. 

The most important steps are: 

• Act quickly 
• Secure your email account first 
• Reset your password and log out of all sessions 
• Remove suspicious authorized apps 
• Enable two-factor authentication (2FA) 
• Scan your device for malware 

And if you’re still locked out or something doesn’t look right, follow Reddit’s official recovery guidance and contact Reddit support directly. 

Reddit may be able to confirm suspicious activity, restore access, or help reverse account changes. 

Frequently Asked Questions 

Q: How do I know if my Reddit account was hacked? A: Common signs include password or email changes you didn’t request, unfamiliar authorized apps, unusual IP history, and posts/comments/votes you don’t remember making. If any of these appear, treat your account as compromised.

Q: Will resetting my Reddit password log out the hacker?     A: In many cases, yes. Reddit notes that resetting your password can log you out across devices, which is one of the fastest ways to cut off unauthorized access.

Q: What if my Reddit email address was changed?   A: Check your email inbox for a message from Reddit. Reddit may provide instructions to reverse the change, but you’ll typically need to input the original email address associated with the account.

Q: What should I do if I can’t get my account back?   A: Submit a support request and select: Security problems → I think my account has been hacked. Include your username and explain what suspicious activity you noticed. Reddit also suggests checking r/help for additional guidance.

Q: Should I remove authorized apps after a hack?   A: Yes. Reddit specifically warns that unsafe authorized apps can lead to account compromise. Remove anything you don’t recognize or no longer use.

Q: What’s the biggest mistake people make after a Reddit hack?   A: Only changing their Reddit password. If your email account or device is compromised, attackers can regain access quickly. You should secure your email, scan your device, and update reused passwords.

 

The post Reddit Hacked? How to Regain Access and What to Change Immediately appeared first on McAfee Blog.

It’s Friday the 13th, but you have nothing to fear online if you’re scam-savvy and well protected.

Every week, we round up the biggest scam and cybersecurity stories of the moment so you can recognize red flags, protect your accounts, and avoid the most common traps scammers are using. 

This week in scams, we’re talking Valentine’s Day, deepfake deception, and online privacy.

Let’s jump in:

New McAfee Research Shows Romance Scams Spiking 

Valentine’s Day is supposed to be peak season for connection. But for scammers, it’s peak season for something else: emotional leverage. 

New McAfee research shows romance scams are not rare edge cases, they’re becoming a common part of the online dating experience. In fact, 1 in 7 American adults (15%) say they’ve lost money to an online dating or romance scam. Even more alarming: of the people who lost money, only 1 in 4 (24%) were able to recover all of it. 

And many scams start exactly the way real relationships do. 

One McAfee interviewee, Jules, a healthcare professional in her 40s, joined a dating app hoping to meet someone as a busy working single mom. She met “Andy,” who seemed local, charming, and emotionally invested. He didn’t rush into money. He built trust. He mirrored her life. He made her feel safe. 

Then he introduced a “crypto opportunity” that looked legitimate. The app showed gains. She even withdrew small amounts at first. But weeks later, her account froze, and she was told she needed to pay a $25,000 “tax payment” to unlock it. 

She paid. Then the account froze again. 

By the time Jules realized the truth, she had lost more than $80,000, including $25,000 borrowed from her elderly mother. 

This is the new shape of romance scams: slow, believable, and psychologically engineered. McAfee Labs also reports that romance-related scam activity spikes during peak dating season, including fake profiles, cloned apps, and AI-driven spam behavior. 

Key red flags to watch for 

• They move fast emotionally (“I’ve never felt this way before”) 
• They push you off-platform quickly (WhatsApp, Telegram, Signal) 
• Their story sounds polished but hard to verify (military, oil rig, entrepreneur) 
• They introduce “investment advice” or crypto opportunities 
• They ask for payment apps, gift cards, wire transfers, QR payments, or “fees” 
• They claim your money is “frozen” unless you pay one more time 

How romance scams typically unfold 

While scams can take many forms, most follow a familiar pattern. Understanding the progression can help people recognize risk earlier. 

Stage	The Red Flags / How it Unfolds	What the scammer wants	What to do instead
1) The hook	A friendly DM, a “wrong number” text, a dating match, a comment reply, a follow request	A response. Any response.	Don’t move fast. Keep the convo on-platform. Don’t give out your number.
2) Love bombing	Daily messages, fast intimacy, mirroring your interests, “I’ve never felt this way”	Trust and routine	Slow it down. Ask for a real-time video call and a specific, verifiable detail.
3) Private channels	“Let’s talk on WhatsApp/Telegram/Signal.” “Don’t tell anyone yet.”	Control and privacy	If someone pushes you off-platform quickly, treat it as a red flag.
4) Building credibility	A “job” story (military, oil rig, entrepreneur), polished photos, voice notes, even AI-assisted video	Believability	Verify independently. Reverse image search photos. Watch for inconsistencies.
5) A financial request	A “small” emergency, a plane ticket, a crypto opportunity, “help me unlock my account,” gift cards, payment app request	Money or financial access	Never send money to someone you haven’t met. Never share financial info or account details.
6) Escalation	“I need a verification code.” “Can you receive money for me?” “Open an account.” “Co-sign.”	Identity theft, account takeover, new credit	Never share MFA codes. Don’t open accounts for anyone. Lock credit if you’ve shared info.
7) Ghosting	Ghosting, deleted accounts, new persona, rinse-and-repeat	Exit before consequences hit them	Preserve evidence, report, and secure your accounts immediately.

Key point: the scariest scams may never send you a sketchy link. They may only send convincing words, and the pressure to act. 

Deepfake Fraud Is Going “Industrial” 

Deepfake scams used to sound like something only elite hackers could pull off. Not anymore. 

Reporting from The Guardian highlights a new analysis from AI experts suggesting deepfake fraud has gone “industrial,” meaning it’s now cheap, scalable, and increasingly accessible to non-experts. Researchers tied to the AI Incident Database described a landscape where impersonation scams are becoming one of the most common types of AI-driven incidents reported month after month. 

Instead of crude phishing emails, scammers can now use AI tools to generate: 

• Realistic fake videos of public figures 
• Fake doctors promoting products 
• Fake journalists endorsing scams 
• Realistic job applicants and “candidates” who aren’t real people at all 

One example described in the reporting involved an AI security CEO who posted a job listing and quickly received a referral for a candidate who looked perfect on paper. The resume was strong. The emails were polished. The interview was scheduled. 

But when the video call began, the candidate’s image loaded slowly, and the background looked artificial. The face was blurred around the edges. The person glitched slightly as they spoke. A deepfake detection firm later confirmed: the interviewee was AI-generated. 

The most unsettling part? Even the target didn’t know what the scammer was after…. a salary? access to internal systems? company secrets? 

This is what makes deepfake scams uniquely dangerous: they’re not always about stealing money immediately. They’re often about getting trust, access, and leverage first. 

Key red flags of deepfake impersonation scams 

• Video or audio glitches (especially around facial edges) 
• Backgrounds that look “too smooth” or artificial 
• Delays before video loads or odd syncing between voice and mouth movement 
• Overly polished speech with little natural hesitation 
• Pressure to move fast, hire fast, or approve payments quickly 

This is also why deepfake fraud is so effective: it exploits the assumption that “seeing is believing.” In 2026, that assumption is no longer safe. 

This is also backed up by McAfee’s previous research. In 2025, McAfee Labs conducted a study of 17 different deepfake-creation tools and found that for just $5 and with just 10 minutes of setup time, scammers can create powerful, realistic-looking deepfake video and audio scams.

 

Google “Results About You” Update Shows How Personal Data Fuels Scams 

Not every scam story this week is about criminals. This update is about fighting scammers, as shared by Google. 

Google announced this week that it has expanded its “Results about you” tool, which helps people monitor and remove sensitive personal information from Search results. Previously, the tool focused on personal contact details like phone numbers, email addresses, and home addresses. 

Now, users can also request the removal of Search results that include highly sensitive information like: 

• Passport numbers 
• Driver’s license numbers 
• Social security numbers 

Google is also making it easier to request removal of non-consensual explicit images, allowing users to submit multiple images at once rather than reporting them individually. 

This matters because personal data is often the fuel behind the scams we’ve been tracking all year, including romance scams. 

Removing sensitive data from search results doesn’t erase it from the internet completely but it can reduce how easily scammers can weaponize it. To take your online privacy to the next level, consider McAfee’s Personal Data Cleanup, which will help remove your personal information across the web.  

What this tool helps protect against 

• Identity theft attempts 
• Impersonation scams 
• Doxxing threats 
• Fake “verification” schemes 
• Social engineering and targeted romance scams 

The scam lesson here is simple: the less information scammers can find, the harder it is for them to tailor the con. 

McAfee’s Safety Tips for This Week 

This week’s scam pattern is all about emotional manipulation + AI credibility + personal data exposure. The best defense is slowing down and verifying before you trust. 

Here are the smartest moves to make right now: 

• Don’t confuse emotional intensity with authenticity. Love bombing is a tactic, not a love language. 
• Never send money to someone you haven’t met in real life, no matter how convincing their story is. 
• Treat “crypto investing tips” from strangers as an immediate red flag. 
• Don’t move off-platform quickly. If someone insists on WhatsApp, Telegram, or Signal early on, assume they’re trying to isolate you. 
• Never share verification codes or screenshots of financial apps, even if they claim it’s “just for confirmation.” 
• Reverse image search profile photos and look for inconsistencies in background details, timelines, or personal stories. 
• If a video call feels off, trust your instincts. Deepfakes often look almost real, but “almost” is the danger zone. 
• Reduce your digital footprint. The more personal info available online, the easier it is for scammers to tailor believable impersonations. 
• Use tools like McAfee Scam Detector to help flag risky messages across text, email, and social platforms. 
• If you suspect a romance scam, stop engaging immediately, document everything, and report it. The sooner you act, the more damage you can prevent. 

We’ll be back next week with another roundup of the scams making headlines, and what you can do to stay ahead of them. 

The post This Week in Scams: How Jules Lost $80K in a Romance Scam appeared first on McAfee Blog.

It usually starts with a small, uneasy moment. 

A login alert you don’t remember triggering. A password that suddenly doesn’t work. A friend asking why you just posted something… bizarre. 

Sometimes it’s even worse: you open your Facebook Page and realize you’re no longer an admin. 

Facebook account takeovers often don’t look dramatic at first. They start quietly: a new device login, a recovery email you didn’t add, or a Page role you never approved. But once someone has access, they can lock you out fast, post scams to your followers, and even run unauthorized ads. 

This guide walks you through exactly what to do if your Facebook account or Page has been compromised: how to spot the warning signs, how to recover access if you’re locked out, how to remove rogue admins, and how to lock down your account so it doesn’t happen again. 

Signs Your Facebook Account May Be Compromised 

Facebook hacks often start quietly. The first signs usually look like small changes you don’t remember making. 

Watch for these red flags: 

• Login alerts you didn’t trigger: Notifications about new devices, unfamiliar locations, or verification codes you didn’t request. 
• Posts or messages you didn’t send: Spam posts, strange DMs, or comments that don’t sound like you. 
• Account details changed: Your password, email address, phone number, or two-factor authentication settings were updated without you. 
• Page or Business access changes: New admins added, your role downgraded, unknown partners connected, or ad accounts you don’t recognize. 
• Unexpected ad spend or billing activity: Ads running that you didn’t create, new payment methods, or charges you can’t explain. 

If any of these are happening, assume your account is compromised and start recovery steps immediately. 

Step-by-Step: How to Regain Control of a Hacked Facebook Page 

Step	What to Do	Where to Go
1. Secure your personal Facebook account first	Log out of all sessions, change your password, and enable two-factor authentication (2FA). If your profile is compromised, your Page will stay vulnerable.	Settings → Password and security
2. Check whether you still have Page access	Go to your Page and see if you can access settings. If you still have partial access, move fast—attackers often remove legitimate admins quickly.	Your Facebook Page → Settings
3. Review Page roles / Page access	Look for unfamiliar admins or anyone with “Full control.” Remove them immediately if you still have permission.	Page Settings → Page access / Page roles
4. Check Meta Business Suite permissions	Hackers may add themselves through Business Manager instead of Page roles. Review who has access to the business and Page assets.	Meta Business Suite → Settings → Business settings → People
5. Remove suspicious partners	If an unknown Business Manager or partner account is connected, remove it. Rogue partners can retain access even after passwords are changed.	Business settings → Partners
6. Audit Ad Accounts and active campaigns	Check if unauthorized ads are running. Pause campaigns immediately and remove unfamiliar users tied to ad access.	Business settings → Ad accounts
7. Review payment methods for fraud	Look for unfamiliar credit cards or PayPal accounts. If charges occurred, contact your payment provider immediately.	Business settings → Payments / Billing
8. Start a Page admin dispute if you lost access	If all admins were removed or your role was downgraded, submit a Page admin dispute through Meta’s Business Help tools and begin the recovery process.	Meta Business Help Center → Page admin dispute / compromised Page support
9. Gather proof of ownership	Prepare evidence like business documentation, domain verification, screenshots of prior Page access, and ad account billing history. The more proof you provide, the faster recovery usually moves.	Business documents + screenshots + domain records
10. Lock down Page security after recovery	Remove rogue admins, reduce admin permissions, require 2FA for everyone, and limit who can manage ads. Treat this like a full security reset.	Page Settings + Meta Business Suite

What to Do After You Regain Control of Your Page 

Once you’re back in, don’t stop there. 

Attackers often return if they still have access through third-party permissions or compromised admin accounts. 

Immediately: 

• Remove rogue admins 
• Remove unknown partners 
• Reset Page access roles 
• Review ad accounts and billing 
• Turn on 2FA for everyone with Page access 
• Reduce admin permissions wherever possible 

A good rule: most people don’t need Admin access. 

Use Editor, Advertiser, or Moderator roles unless someone truly needs full control. 

Lock Down Facebook Security So It Doesn’t Happen Again 

Getting back into your account is only half the job. The real goal is making sure the hacker can’t come back. 

Turn on login alerts 

Facebook can notify you every time a new device logs in. 

Go to: Settings → Password and security → Alerts about unrecognized logins 

Turn them on for email and notifications. 

Use stronger passwords everywhere 

Hackers often gain access through reused passwords from older data breaches. 

If you’ve used the same password across platforms, change it immediately. 

A reputable password manager like McAfee’s can help generate and store secure passwords so you don’t have to rely on memory. 

Revoke third-party app access 

Even if you removed suspicious apps earlier, do a full audit again after recovery. 

Go to: Settings → Apps and websites 

Remove anything you don’t actively use. 

Keep your phone and Facebook app updated 

Security updates matter. 

Running outdated apps makes it easier for attackers to exploit known vulnerabilities. 

Watch out for phishing “Meta Support” scams 

Many Facebook hacks don’t happen through technical hacking, they happen through social engineering. 

Common scams include: 

• Fake copyright violation notices 
• Fake Meta verification warnings 
• Messages claiming your Page will be deleted 
• “Support” DMs asking you to click a link and confirm login 

If you ever get one of these messages, don’t click. 

Open Facebook directly, go to Settings, and check your account status from inside the platform. 

Quick Recovery Table: What to Do If Your Facebook Account or Page Is Hacked 

Situation	What to Do (Step-by-Step)	Where to Go in Facebook
You see a suspicious login alert	1) Log out of all sessions 2) Change your password immediately 3) Turn on two-factor authentication (2FA)	Settings → Password and security → Where you’re logged in
Your password suddenly doesn’t work	1) Tap Forgot password? 2) Follow recovery prompts 3) Use identity verification if needed	Facebook login screen → Forgot password?
You’re still logged in, but things look “off”	1) Remove unfamiliar devices 2) Check your email/phone info 3) Remove suspicious connected apps	Settings → Accounts Center Settings → Apps and websites
Your email or phone number was changed	1) Check your email for Facebook security alerts 2) Click “This wasn’t me” if available 3) Start recovery and select No longer have access?	Email inbox + recovery flow
Your Facebook Page has a new admin you didn’t add	1) Secure your personal account first 2) Remove the unfamiliar admin immediately 3) Review Page roles for other changes	Page Settings → Page access / Page roles
You lost admin access to your Page	1) Secure your Facebook profile first 2) Check Meta Business Suite permissions 3) Start a Page admin dispute with Meta	Meta Business Suite → Business settings
Unauthorized ads are running	1) Pause all campaigns immediately 2) Remove unfamiliar users/partners 3) Check payment methods for fraud	Business Manager → Ad accounts Business settings → Payments
You want to prevent this from happening again	1) Enable 2FA 2) Use a unique password 3) Turn on login alerts 4) Remove unnecessary admins	Settings → Password and security

 

Final Tips: Recovering From a Facebook Hack 

A Facebook hack is stressful for a reason: it doesn’t just affect your account. It can affect your reputation, your Page, your followers, and even your finances if ads are involved. 

The most important steps are: 

• Act quickly 
• Secure your email before finishing recovery 
• Log out all sessions and reset your password 
• Remove rogue admins and unknown partners 
• Lock down Business Manager permissions 
• Enable 2FA for every admin who touches your Page 

Once you take control back, reduce access to only the people who truly need it, and keep a close eye on logins and billing activity. 

With the right steps, you can recover a hacked Facebook account, remove unauthorized admins, and rebuild trust with your audience. 

And most importantly: you can make sure it doesn’t happen again. 

Finally, you can always reach out directly and seek support via Facebook’s help center and official contact channels if you still need help. 

Frequently Asked Questions 

Q: How do I log out of all devices on Facebook?  A: Go to Settings → Password and security → Where you’re logged in, then select Log out of all sessions. After that, change your password and enable 2FA.

Q: What if my email and phone number were changed?  A: Start account recovery through Forgot password? and look for the option No longer have access to these? If you still have access to your original email inbox, check for Facebook security emails and use the “This wasn’t me” link to reverse changes.

Q: How do I remove an admin from a Facebook Page?  A: If you still have Page access, go to Page Settings → Page access / Page roles and remove the person. If you no longer have admin access, you may need to start a Page admin dispute through Meta Business Help Center.

Q: What if someone is running ads from my Page?  A: Go to Meta Business Suite → Business settings → Ad accounts and pause campaigns immediately. Remove unfamiliar users or partners and check billing settings for unauthorized charges.

Q: Are authenticator apps safer than SMS codes?  A: Yes. Authenticator apps (and hardware security keys) are generally stronger than SMS because they’re harder to intercept through SIM-swapping or text message compromise.

Q: Should I warn my followers?  A: If your Page or profile posted spam, sent DMs, or promoted suspicious links, yes. A short post warning followers not to click links or respond to messages can prevent others from getting scammed.

 

The post Facebook Hacked? How to Recover Your Account and Remove Rogue Page Admins  appeared first on McAfee Blog.

It usually starts with a small, uneasy moment. A notification you don’t recognize. A login code you didn’t request. A friend texting to ask why you just posted something… weird. 

If you’re staring at your phone wondering whether your TikTok account was hacked, you’re not alone, and you’re not being paranoid.  

Account takeovers often don’t look dramatic at first. They show up as subtle changes: a password that suddenly doesn’t work, a new device logged in overnight, or settings you swear you never touched. 

This guide walks you through exactly what to do if your TikTok account has been compromised: how to spot the warning signs, how to recover access if you’re locked out, and how to lock down active sessions so it doesn’t happen again.  

Signs Your TikTok Account May Be Compromised 

When someone else gets into your account, things usually start behaving in ways that don’t feel like you. Pay attention to changes like these: 

Profile or settings changes you didn’t make
Your display name, bio, password, linked email, phone number, or privacy settings look different, even though you never touched them. 

Content or activity you don’t recognize
Videos you didn’t post. Comments or DMs you didn’t send. New follows or likes that don’t match how you use the app. 

Login alerts that come out of nowhere
Notifications about a new device, verification codes you didn’t request, or emails confirming changes you didn’t initiate. 

Other warning signs include being locked out of your usual login method, missing recovery options, or friends telling you your account is sending strange messages. 

How to Regain Access to Your TikTok Account 

Speed matters here. The longer someone has access, the more they can change, or use your account to scam others. 

If you can still log in 

Secure the account immediately. 

1. Change your password: Use the “Forgot password?” option if needed and choose a strong, unique password you haven’t used anywhere else. 
2. Check your account details: Confirm the email address and phone number are yours. Remove anything you don’t recognize. 
3. Look for unfamiliar devices or sessions: You’ll deal with this more thoroughly below, but flag anything that looks off. 

If you’re locked out 

Start TikTok’s recovery process right away. 

1. On the login screen, tap “Report a problem” or visit the Help Center. 
2. Be ready to prove ownership. That usually includes: 
3. Your username 
4. A previous email or phone number linked to the account 
5. Devices you’ve used to log in before 
6. Screenshots of changes, if you have them 

TikTok uses this information to verify that the account is yours and roll back unauthorized changes. 

Secure your email and phone, too 

This step is critical and often overlooked. 

• Change the password on the email account linked to TikTok.  If someone controls your email, they can keep resetting your social accounts. 
• Confirm your phone number is correct and remove any unfamiliar contact info. 

Once you regain access, clean up anything the attacker touched, delete suspicious posts, undo profile changes, and revoke access for any apps you don’t recognize. 

Figure 1: How to remove TikTok logins from other devices. 

Lock Down Sessions and Strengthen Your TikTok Security 

Getting back in is only half the job. The next step is making sure whoever got in can’t come back. 

Turn on two-step verification 

In Settings & Privacy, enable two-factor verification (2FA) and choose your preferred method. An authenticator app offers the strongest protection, but SMS or email is still far better than nothing. 

Review active sessions and devices 

Head to Security and look for Manage devices or Active sessions. 

• Remove any devices you don’t recognize. 
• If available, use “Log out of all devices” to force everyone, including an attacker, out at once. 

Revoke third-party app access 

Check which apps or tools are connected to your TikTok account and remove anything you don’t use or trust. 

Use a strong, unique password 

• Aim for 12+ characters with a mix of letters, numbers, and symbols. 
• Never reuse passwords from other sites. 
• A reputable password manager like McAfee’s can help generate and store secure passwords. 

Keep your app and phone updated 

Updates often include security fixes. Running outdated software makes it easier for attackers to exploit known issues. 

Be cautious with links and messages 

Unexpected DMs, “copyright warnings,” fake verification notices, or links asking you to log in again are common hacker tactics. When in doubt, don’t click, open the app directly instead. 

 

Figure 2: Where in “Security & permissions” to find security updates and 2FA. 

How to Report an Impersonation Account on TikTok 

Discovering a fake account that’s using your name, photos, or videos can feel like a second violation on top of having your account hacked.  

Luckily, TikTok has a way to flag these imposters, both from inside the app and, in some regions, through an official web form. 

1. Open the impostor’s profile: Head to the account that’s pretending to be you. 
2. Tap the share icon: On mobile, this is usually the arrow at  the top of the profile. 
3. Select “Report”: Choose the option to report the account. 
4. Choose “Report account” → “Pretending to Be Someone”: That’s TikTok’s way of flagging impersonation specifically. 
5. Indicate who is being impersonated: Select Me if it’s your identity, or Celebrity/Another person if it’s someone else. Then submit.  

Figure 3: A screenshot showing where in TikTok you report fake profiles. 

If you’re in the U.S. and the fake profile is doing real damage, for example, scamming your followers or using official business assets, TikTok also offers a dedicated impersonation report form online: 

• Choose whether you’re reporting or appealing an impersonation. 
• Enter your email and country. 
• Upload valid ID or other proof that you’re who you say you are. 
• Confirm the statements and submit the form.  

For accounts outside the U.S., the public Help Center form lets you select Report a potential violation → Account violation → Impersonation and walk through similar steps.

 

Frequently Asked Questions 

Q: How do I lock down sessions on TikTok? A: Go to Settings & Privacy → Security, then open Manage devices or Active sessions. Remove unfamiliar devices, log out of all sessions if possible, change your password, and enable two-step verification.

Q: Can I recover my account if the email and phone number were changed? A: Yes. Start an account recovery request through TikTok support and provide proof of ownership, including previous contact details and device information.

Q: What if I keep getting verification codes I didn’t request? A: That’s a sign someone is trying to get in. Change your password immediately, enable two-step verification, and review active sessions. If it continues, contact TikTok support

Q: Should I warn my followers? A: If your account posted or messaged others without your permission, yes. Let people know your account was compromised so they don’t engage with scam links or requests.

 

The post Was My TikTok Hacked? How to Get Back Into Your Account and Lock Down Sessions appeared first on McAfee Blog.

You block a caller, feel a moment of relief, and then the phone rings again. If you’re wondering why you still get spam calls even after blocking numbers, you’re not alone.  

Spammers evolve quickly. They rotate phone numbers, spoof caller IDs, and use automated dialers to bypass basic defences, which is why many people see blocked calls still coming through and ask, can blocked numbers call you?

In this guide, we’ll explain what’s happening behind the scenes, share proven steps for how to stop getting spam calls, and help you protect your privacy and finances with confidence. 

What Counts as a Spam Call? 

Spam calls are unsolicited calls that aim to sell, deceive, or defraud. They include aggressive sales pitches, fake giveaways, tech support scams, and impersonations of banks or government agencies. Some are placed by people, while many are robocalls that play prerecorded messages at scale. Legality often hinges on consent and compliance with regulations, but harmful calls tend to ignore the rules. 

The typical scam call red flags: 1) Urgent or threatening language. 2) Pressure to pay right now. 3) Requests for sensitive details like Social Security numbers, bank information, or one-time passcodes.

Robocalls drive much of the volume today. They’re inexpensive, fast, and highly automated. While appointment reminders or pharmacy updates can be helpful and legitimate, scam robocalls promote fake debt collection, prize schemes, or malicious tech support. Their scale is precisely why blocked calls still coming through remains a persistent frustration. 

Inbox of spam calls feel familiar?

Why Blocking Numbers Doesn’t Stop Spam 

Blocking prevents repeat calls from the same caller ID. Spammers know this and adapt. They rotate through vast pools of numbers, so each attempt looks new. You block one, and the next call arrives from a different number. It’s a cat-and-mouse game that leads many to ask, can blocked numbers call you or why is a blocked number still calling? 

Caller ID spoofing amplifies the problem. Spoofing lets scammers display any number they want, including matching your area code or appearing as a trusted organisation. This undermines caller ID and weakens number-based blocking. Some spoofed calls even show familiar names, increasing the chance you’ll answer. 

Behind the scenes, spam operations acquire and discard numbers rapidly through VoIP services and disposable lines. Large campaigns can cycle through thousands of numbers daily, which makes manual blocking a limited defense. That’s why you still get spam calls even after blocking numbers and why many people wonder how to stop getting spam calls for good. 

Layered Measures to Reduce Spam Calls 

A stronger strategy combines smarter tools with practical policies that work together. Here’s how we approach it: 

Use call-protection apps: Choose reputable apps that leverage threat intelligence, crowdsourced reports, and machine learning. These tools detect patterns, silence high-risk calls, and warn you before you answer. Many provide enhanced caller ID and category-based filtering to cut down the noise. 

Register with the National Do Not Call Registry: Add your number at donotcall.gov to reduce lawful telemarketing. It won’t stop illegal spam calls, but it trims legitimate sales outreach and supports enforcement when violators call. 

Use your mobile carrier’s protections: Most phone carriers offer built-in features that help identify and block spam calls, often at no extra cost. When these tools are turned on, your phone may label suspicious calls as “Scam Likely,” warn you before you answer, or automatically block known spam numbers. Some carriers can also verify when a call is coming from a real business, which makes it harder for scammers to fake caller IDs and pretend to be someone they’re not. 

Used together, these layers reduce the chance that a blocked number still calling will get through and provide practical answers for how to stop getting spam calls without missing important calls. 

Best Practices for Handling Incoming Calls 

Build habits that make suspicious calls easier to spot and manage: 

Spot potential spam: Be cautious with unknown numbers, urgent demands, and offers that sound too good to be true. Don’t share personal information, one-time passcodes, or payment details. If someone claims to be from your bank, healthcare provider, or a government agency, hang up and call back using a verified number from their official website. 

Report spam quickly: File complaints with the Federal Trade Commission (FTC) at reportfraud.ftc.gov and the Federal Communications Commission (FCC) at consumercomplaints.fcc.gov. Include caller ID, time, message content, and any request for data or payment. Many call-protection apps and carriers support in-app reporting, which improves filters for everyone. 

Use call screening: Turn on features like Silence Unknown Callers on iOS or Filter Spam Calls on Android. Enable voicemail transcription and consider Do Not Disturb with exceptions for contacts and verified callers. Use screening assistants where available to prompt unknown callers to state their purpose. This reduces interruptions and blocks automated spam. 

Stay Safe from Social Engineering 

Phone scams often rely on social engineering. Recognising common tactics helps you pause and protect yourself. 

Spot voice phishing: Be wary of claims that your account is locked, a payment is overdue, or an immediate verification code is needed. Legitimate organisations do not ask for full Social Security numbers, passwords, or 2FA codes over the phone. If you’re concerned, contact the company through a trusted channel. 

Protect personal information: Keep sensitive data private. Don’t share account numbers, PINs, passwords, or security codes in response to an incoming call. Use strong, unique passwords and enable multi-factor authentication. If you receive a verification code you didn’t request, secure your account right away. 

If you responded to a spam call: If you disclosed financial details or made a payment, contact your bank or card issuer immediately. Change passwords, enable account alerts, and review recent activity. Report the incident to the FTC and local law enforcement if needed. Consider a credit freeze with the major credit bureaus. If a device may be compromised, run a trusted security app to scan and remove suspicious software. 

Quick Comparison of Anti-Spam Call Options 

Option	What It Does	Pros	Limitations
Manual Number Blocking	Blocks repeat calls from a specific caller ID	Built into phones; easy to use	Spammers rotate and spoof numbers; limited reach
Call-Protection Apps	Uses threat intelligence, AI, and community reports	Detects patterns; warns before you answer; auto-blocks known spam	May filter legitimate calls; requires setup and permissions
Carrier Protections	Network-level filtering and caller authentication (STIR/SHAKEN)	Flags spoofed calls early; verified caller indicators	Effectiveness varies by carrier and plan
Do Not Call Registry	Limits lawful telemarketing to registered numbers	Reduces legitimate sales calls; supports reporting	Does not stop illegal or scam calls
Built-In Call Screening	Silences unknown callers and transcribes voicemail	Minimises interruptions; helps you review safely	May miss important calls from new contacts

If you’re asking why you still get spam calls even after blocking numbers or seeing a blocked number still calling, this table shows how layered options work together to reduce risks. 

Go Beyond Blocking: Remove Your Number From the Dark Web and Data Broker Lists 

Blocking spam callers treats the symptom, not the source. One reason spam keeps coming is that your phone number may already be circulating in data broker databases or dark web marketplaces after a breach, app signup, or form fill. Once your number is out there, it gets resold, bundled, and targeted repeatedly. 

McAfee Data Cleanup tackles that upstream problem. It helps find where your personal data, including your phone number, appears online and works to remove it from risky sources. Fewer listings mean fewer lists for spammers to buy and fewer campaigns aimed at your number. 

How your number ends up being targeted 

Data brokers: Many sites legally collect and resell contact details. Spammers buy access and blast calls at scale. 

Breaches and leaks: Stolen databases often end up on underground forums, where numbers are traded and reused. 

Public profiles and apps: Old accounts, giveaways, and permissions can expose your number without you realising. 

What Data Cleanup adds to your defense 

Finds exposures: Scans for your number across broker sites and known risk areas. 

Removes listings: Submits opt-out and removal requests on your behalf, reducing where your data lives online. 

Keeps watch: Monitors for reappearance so your number doesn’t quietly get relisted later. 

Think of this as turning down the tap, not just mopping the floor. When fewer databases have your number, spam operations have fewer ways to reach you. 

If you’re serious about how to stop getting spam calls, add data cleanup to your toolkit. Reducing your digital footprint won’t eliminate every bad call overnight, but over time, it lowers exposure, cuts repeat targeting, and helps reclaim your phone from constant interruptions. 

Blocking Isn’t Protection. Layering Is. 

If spam calls feel endless, it’s because blocking numbers was never designed to stop modern scam operations. Today’s callers rotate numbers, spoof trusted IDs, and pull your phone number from massive data ecosystems that don’t disappear when you tap “Block.” 

The real fix is layered protection. Call filtering and carrier tools help stop suspicious calls at the door. Screening features reduce interruptions. And addressing the source, by limiting where your number exists online, cuts down the number of campaigns that ever reach you in the first place. 

No single tool will end spam calls overnight. But when you combine smart call protections, cautious habits, and proactive data cleanup, the volume drops, the risks shrink, and your phone becomes a lot quieter. 

If you’ve been asking why you still get spam calls even after blocking numbers, this is the answer. Blocking is reactive. Protection works best when it’s proactive. 

FAQs 

Q: Why do spam calls look like they’re from my area code?  A: Scammers use caller ID spoofing to display local-looking numbers, increasing the chances you’ll answer. Spoofing can mimic legitimate numbers, so don’t rely on caller ID alone. If you’re seeing a blocked number still calling with a local prefix, turn on carrier protections and call screening.

Q: Do call-blocking apps really help?  A: Yes. Quality apps combine real-time threat intelligence with community reports and machine learning to spot patterns and flag risky calls. While no tool catches everything, they significantly reduce spam calls and help address why you still get spam calls even after blocking numbers.

Q: Will the Do Not Call Registry stop all spam calls?  A: No. It reduces lawful telemarketing but does not stop illegal or scam calls. Registering still helps cut legitimate outreach and supports enforcement against violators, which is an important step in how to stop getting spam calls.

Q: What should I do after receiving a suspicious call?  A: Don’t share information. Hang up, verify the caller using a trusted number, and report the incident to the FTC or FCC. If you clicked a link or provided details, secure your accounts and contact your bank or service provider right away.

Q: Can my mobile carrier block spoofed calls?  A: Carriers support caller authentication through STIR/SHAKEN, which helps identify and flag spoofed calls. Turn on your carrier’s spam protection features and screening options to reduce the chances of blocked calls still coming through.

 

The post Why You Still Get Spam Calls Even After Blocking Numbers appeared first on McAfee Blog.

This week in scams, attackers are leaning hard on familiar brands, everyday tools, and routine behavior to trigger fast, unthinking reactions. From fake Netflix billing alerts to malicious browser extensions and QR code phishing tied to foreign espionage, the common thread is trust being weaponized at exactly the right moment. 

Every week, this roundup breaks down the scam and cybersecurity stories making news and explains how they actually work, so readers can better recognize risk and avoid being manipulated. 

Let’s get into it. 

Netflix Billing Emails Are Back… And Still Catching People Off Guard 

The big picture: Subscription phishing is resurging, with scammers impersonating Netflix and using fake billing failures to push victims into handing over payment details. 

What happened: Multiple Netflix impersonation emails circulated again this month, warning recipients that a payment failed and urging them to “update payment” to avoid service interruption. The messages closely mirror Netflix’s real branding and include polished formatting, official-looking language, and even PDF attachments designed to feel like legitimate billing notices. 

What makes these scams effective is timing. Victims often receive them while actively reviewing subscriptions, updating payment methods, or considering canceling services. That context lowers skepticism just enough for a quick click before slowing down to verify. 

McAfee’s Scam Detector flagged the messages (which one of our own employees received this week) as phishing, confirming they were designed to steal payment information rather than resolve a real billing issue. 

Red flags to watch for: 

• Unexpected billing problems paired with urgent calls to act 
• Payment requests delivered by email instead of inside the app 
• Attachments or buttons asking you to “fix” account issues 
• Sender addresses that don’t match official Netflix domains 

How this scam works: This is classic brand impersonation phishing. Scammers don’t need to hack Netflix itself. They rely on people recognizing the logo, trusting the message, and reacting emotionally to the idea of losing access. The attachment and clean design help bypass instinctive spam filters in the brain, even when technical filters catch it later. 

Netflix has warned customers about these scams and offers advice on its site if you encounter one.

What to do instead: If you get a billing alert, don’t click. Open the Netflix app or manually type the site address to check your account. If there’s no issue there, the email wasn’t real. 

Fake Ad Blocker Crashes Browsers to Push “Fix It” Malware 

The big picture: Attackers are exploiting browser crashes themselves as a social engineering tool, turning technical disruption into a pathway for malware installation. 

What happened: Researchers reported a malvertising campaign promoting a fake ad-blocking browser extension called “NexShield,” which falsely claimed to be created by the developer of a well-known, legitimate ad blocker. Once installed, the extension intentionally overwhelmed the browser, causing freezes, crashes, and system instability. 

After restart, victims were shown fake security warnings instructing them to “fix” the problem by running commands on their own computer. Following those instructions triggered the download of a remote access tool capable of spying, executing commands, and installing additional malware. The reporting was first detailed by Bleeping Computer, with technical analysis from security researchers. 

Red flags to watch for: 

• Browser extensions promising performance boosts or “ultimate” protection 
• Crashes immediately after installing a new extension 
• Pop-ups instructing you to run commands manually 
• “Security fixes” that require copying and pasting code 

How this scam works: This is a variant of ClickFix attacks. Instead of faking a problem, attackers cause a real one, then position themselves as the solution. The crash creates urgency and confusion, making people more likely to follow instructions they’d normally question. It turns frustration into compliance. 

FBI Warns QR Code Phishing Is Being Used for Cyber Espionage 

The big picture: QR codes are being used as stealth phishing tools, with highly targeted attacks tied to foreign intelligence operations. 

What happened: The Federal Bureau of Investigation issued a warning about QR code phishing, or “quishing,” campaigns linked to a North Korean government-backed hacking group. According to reporting by Fox News, attackers sent emails containing QR codes that redirected victims to fake login pages or malware-hosting sites. 

In some cases, simply visiting the site allowed attackers to collect device data, location details, and system information, even if no credentials were entered. These campaigns are highly targeted, often aimed at professionals in policy, research, and technology sectors. 

Red flags to watch for: 

• QR codes sent by email or messaging apps 
• QR codes leading to login pages for work tools or cloud services 
• Messages that feel personalized but unexpected 
• Requests to scan instead of click 

How this scam works: QR codes hide the destination URL, removing the visual cues people rely on to judge safety. Because scanning feels faster and more “passive” than clicking a link, people often skip verification entirely. That moment of trust is what attackers exploit. 

Read our ultimate guide to “quishing” and how to spot and avoid QR code scams here. 

McAfee’s Safety Tips for This Week 

• Verify inside official apps. Billing or security issues should be confirmed directly in the app or website you normally use, not through email links or QR codes. 
• Treat extensions like software installs. Only install browser extensions from trusted publishers you already know, and remove anything that causes instability. 
• Slow down with QR codes. If a QR code leads to a login page or download, close it and navigate manually instead. 
• Watch for urgency + familiarity. Scammers increasingly rely on brands, tools, and behaviors you already trust to short-circuit caution. 

McAfee will be back next week with another roundup of the scams making headlines and the practical steps you can take to stay safer online. 

The post This Week in Scams: Netflix Phishing and QR Code Espionage appeared first on McAfee Blog.

Microsoft users across the U.S. experienced widespread disruptions Thursday after a technical failure prevented people from sending or receiving email through Outlook, a core service within Microsoft 365. 

The outage occurred during U.S. business hours and quickly affected schools, government offices, and companies that rely on Outlook for daily operations. Microsoft confirmed the issue publicly and said it was working to restore service. There is no indication the disruption was caused by a cyberattack, according to company statements.

Still, McAfee warns in these situations to be wary of phishing attempts as scammers latch onto these outages to take advantage of innocent users. 

“Outages like this create uncertainty, and scammers move fast to take advantage of it,” said Steve Grobman, McAfee’s Chief Technology Officer. “When people can’t get into email or the tools they use every day, it’s easy to assume something is wrong with your account — and that’s exactly the moment attackers look for.”

“Fake alerts start circulating that look like they’re coming from the real company, with logos and urgent language telling you to reset a password or verify your information,” Grobman added. “Some push fake support numbers or messages claiming they can restore access. If you’re impacted, slow down, go straight to the official source for updates, and don’t share passwords, verification codes, or payment details in response to an unexpected message.”

“Tools that can spot suspicious links and fake login pages help reduce risk — especially when people are trying to get back online quickly,” Grobman said.

Here, we break down what happened and why outages are prime time for scammers.

What happened to Microsoft Outlook? 

A Microsoft infrastructure failure disrupted email delivery. 

Microsoft said the outage was caused by a portion of its North American service infrastructure that was failing to properly handle traffic. Users attempting to send or receive email encountered a “451 4.3.2 temporary server issue” error message.

Microsoft also warned that related services, including OneDrive search and SharePoint Online, could experience slowdowns or intermittent failures during the incident.

When did the Microsoft outage happen? 

The disruption unfolded over several hours on Thursday afternoon (ET). 

Based on timelines reported by CNBC and live coverage from Tom’s Guide, the outage progressed as follows: 

Around 2:00 p.m. ET: User reports spike across Microsoft services, especially Outlook, according to Down Detector data cited by Tom’s Guide.

2:37 p.m. ET: Microsoft confirms it is investigating an Outlook email issue, per CNBC.

3:17 p.m. ET: Microsoft says it identified misrouted traffic tied to infrastructure problems in North America, CNBC reports.

4:14 p.m. ET: The company announces affected infrastructure has been restored and traffic is being redirected to recover service.

Tom’s Guide reported that while outage reports declined after Microsoft’s fix, some users continued to experience intermittent access issues as systems rebalanced. 

Was this a hack or cyberattack? 

No. Microsoft says the outage was caused by technical infrastructure issues. 

According to CNBC, Microsoft has not indicated that the outage was the result of hacking, ransomware, or any external attack. Instead, the company attributed the disruption to internal infrastructure handling errors, similar to a previous Outlook outage last July that lasted more than 21 hours. 

A message sent by Microsoft about the server issue.

Why outages  cause widespread disruption 

Modern work depends on shared cloud infrastructure. 

That sudden loss of access often leaves users unsure whether: 

• Their account has been compromised 
• Their data is at risk 
• They need to take immediate action 

That uncertainty is exactly what scammers look for. 

How scammers exploit big tech outages

They impersonate the company and trick users into signing in again. 

After major outages involving Microsoft, Google, or Amazon Web Services, security researchers, including McAfee, have observed scam campaigns emerge within hours. 

These scams typically work by: 

Impersonating Microsoft using logos, branding, and language copied from real outage notices 

Sending fake “service restoration” emails or texts claiming users must re-authenticate 

Linking to realistic login pages designed to steal Microsoft usernames and passwords 

Posing as IT support or Microsoft support and directing users to fake phone numbers 

Once credentials are stolen, attackers can access email accounts, reset passwords on other services, or launch further phishing attacks from a trusted address. 

How to stay safe during a Microsoft outage 

Outages are confusing. Scammers rely on urgency and familiarity. 

To reduce risk: 

• Do not click links in emails or texts about outages or “account recovery.” 
• Go directly to official sources, such as Microsoft’s status page or verified social accounts. 
• Never re-enter your password through links sent during an outage. 
• Ignore urgent fixes that ask for downloads, payments, or credentials. 

If you already clicked or entered information: 

• Change your Microsoft password immediately 
• Update passwords anywhere you reused it 
• Turn on or refresh two-factor authentication 
• Review recent account activity 
• Run a trusted security scan to remove malicious software (check out our free trial) 

How McAfee can help 

Using advanced artificial intelligence, McAfee’s built-in Scam Detector automatically detects scams across text, email, and video, blocks dangerous links, and identifies deepfakes, helping stop harm before it happens. 

McAfee’s identity protection tools also monitor for signs your personal information may be exposed and guide you through recovery if scammers gain access. 

FAQ 

Q: Is Microsoft Outlook still down? A: Microsoft said Thursday afternoon that it had restored affected infrastructure and was redirecting traffic to recover service, according to CNBC. Some users may still experience intermittent issues.

Q: Was the Microsoft outage caused by hackers? A: No. Microsoft has not reported any cyberattack or data breach related to the outage, per CNBC.

Q: Can scammers really use outages to steal accounts? A: Yes. During major outages, scammers often impersonate companies like Microsoft and trick users into signing in again on fake websites.

Q: Should I reset my password after an outage? A: Only if you clicked a suspicious link or entered your credentials somewhere outside Microsoft’s official site. Otherwise, resetting passwords isn’t necessary.

 

The post Today’s Microsoft Outage Explained and Why it Triggers a Scam Playbook appeared first on McAfee Blog.

You thought you were scanning a menu. 

Or paying for parking. Or checking a package notice taped to your door. A quick scan, a familiar logo, a page that loads instantly on your phone. 

Nothing about it felt risky. 

That’s exactly why QR code scams are spreading so quickly. 

QR codes have become part of everyday life. They’re on restaurant tables, public signs, emails, mailers, and payment screens. We’re taught to treat them as shortcuts—faster than typing a URL, easier than downloading an app, safer than clicking a link. 

Scammers know that. 

Instead of asking you to click something suspicious, they ask you to scan something ordinary. Once you do, you can be routed to fake login pages, payment requests, or malicious sites designed to steal your information before you realize anything is wrong. 

This tactic has a name: quishing.

And as QR codes continue to replace links in the real world, understanding how quishing works is essential to staying safe online. 

What Is Quishing? 

Quishing is a form of phishing that uses QR codes instead of clickable links to trick people into visiting malicious websites or giving up sensitive information. 

The term combines QR and phishing, and it reflects a simple but dangerous shift in scam tactics: instead of asking you to click, scammers ask you to scan. 

Once scanned, a fake QR code can lead to: 

• Credential-harvesting login pages 
• Payment requests or fake invoices 
• Malware downloads 
• Fake customer support portals 
• Subscription traps 

Because QR codes don’t show a visible URL before you scan, they remove one of the most important scam warning signs people rely on. 

Common QR Code Scams to Watch Out For

While quishing attacks vary, most fall into a few predictable patterns.

1. Fake parking and payment QR codes

Scammers place stickers over legitimate parking meter QR codes. When scanned, victims are taken to fake payment pages that steal card details.

Red flag: A QR code that asks for full payment details without redirecting to a known parking or city service.

---

2. Restaurant menu swaps

Fraudsters replace real menu QR codes with fake ones that redirect to phishing pages or malicious downloads.

Red flag: A menu page that asks you to “sign in,” download an app, or confirm personal details.

---

3. Delivery and package alerts

Flyers or door tags claim you missed a delivery and instruct you to scan a QR code to reschedule.

Red flag: Vague delivery details and pressure to act quickly.

---

4. Fake account security warnings

QR codes claim your bank, streaming service, or email account needs verification.

Red flag: Any QR code that demands immediate action for “security reasons.”

---

5. Subscription traps and fake offers

Some QR codes promise discounts, refunds, or rewards but quietly enroll users in recurring charges.

Red flag: Fine print that’s hard to find, or missing entirely.

---

What Makes Quishing Especially Dangerous

QR scams succeed not because people are careless, but because they exploit trust and routine.

Unlike traditional phishing emails, quishing:

• Happens offline and online at the same time
• Often appears in trusted physical locations
• Feels faster and more “legit”
• Bypasses visual link inspection

Once a victim lands on a fake site, the damage can escalate quickly, from stolen credentials to drained accounts to identity theft.

---

How to Spot a Fake QR Code Before You Scan

You don’t need to avoid QR codes entirely, but you do need to slow down.

Check the physical context

Is the QR code taped on, scratched, or layered over another code? That’s a common tactic.

Look for branding inconsistencies

Misspellings, generic logos, or mismatched colors are red flags.

Preview the link

Most phone cameras now show the URL before opening it. Take a second to read it.

Be skeptical of urgency

Any QR code that pressures you to act immediately deserves extra scrutiny.

---

How to Protect Yourself From QR Scams

Step 1: Treat QR codes like links

A QR code is a shortcut to a website. Apply the same caution you would to any link.

Step 2: Avoid entering sensitive information

Legitimate services rarely ask for passwords, payment info, or personal details via QR codes.

Step 3: Use mobile security tools

Security software can help detect malicious sites and block risky downloads before damage is done.

Step 4: When in doubt, go direct

Instead of scanning, manually visit the official website or app you trust.

---

What to Do If You Scanned a Suspicious QR Code

If you think you interacted with a malicious QR code:

• Stop engaging with the site immediately
• Do not enter additional information
• Monitor your financial accounts for unusual activity
• Change passwords if credentials were entered
• Run a security scan on your device, check out our free trial
• Report the incident to the business or location involved

Early action can limit long-term fallout.

---

Frequently Asked Questions

What is quishing in simple terms?
Quishing is phishing that uses QR codes to trick people into visiting fake or malicious websites.

Are QR codes inherently unsafe?
No, but they can be exploited. The risk comes from where they lead, not the code itself.

Can scanning a QR code install malware?
In some cases, yes, especially if it prompts a download or redirects to a malicious site.

Are QR scams increasing?
Yes. As QR codes become more common, scammers are increasingly using them to bypass traditional defenses.

The post What Is Quishing? How QR Code Scams Work and How to Avoid Them appeared first on McAfee Blog.

Key Takeaways

• App spyware often disguises itself as everyday apps (e.g., flashlight, wallpaper, gaming), then embed malicious code to secretly access your camera, mic, contacts, location, and more.
• Excessive permission requests are a red flag, legitimate apps request only what they need. Apps asking for unrelated permissions (e.g., a game accessing contacts or microphone) are likely invasive.
• Learn how to spot and remove invasive apps quickly in your permission settings.
• Deleting beats restricting. Even disabled permissions may not stop an invasive app from collecting data. Full removal is the safest option.
• Use preventive habits to safeguard your privacy.

Some crooks and shady characters will invade your privacy simply by asking for your permission to snoop—through app spyware you install on your phone.

Invasive apps look like legitimate apps, yet they have an ulterior motive. They use a phone’s permission settings to spy on its user by accessing the phone’s camera, microphone, and more.

At the heart of any smartphone app you’ll find permissions, which allow apps to use certain features of your phone. A messaging app might ask for access to your camera and microphone to send video and voice messages. It might ask for permission to access your photos if you want to send pictures. Likewise, a navigation or rideshare app will ask for permission to access your phone’s location services.

In short, permissions make apps work. And broadly speaking, most apps out there are legitimate. Yet what about a game that asks for permissions to access your contact list? Or a flashlight app that wants to use your microphone? How about a run-of-the-mill wallpaper app that wants to know your location? These are all examples of invasive apps. And the creators behind them want your personal information and to invade your privacy as well.

Luckily, app spyware is easy to spot and remove.

Invasive apps and mobile spyware

Both invasive apps and mobile spyware snoop on you and your phone, yet invasive apps work differently than mobile spyware. Invasive apps use a phone’s built-in functionality to spy and gather information on you. Spyware is malware that can maliciously steal information by working secretly in the background. This can make an invasive app much easier to spot because it asks for broad permissions—permissions it doesn’t need to work.

Invasive apps might ask for permission to:

• Use your camera.
• Access your microphone.
• Track your location.
• Access and modify your contacts.
• Read your calendar.

Requests for permissions such as these aren’t a sign of an invasive app in and of themselves. Some apps require them to work. The telltale sign of an invasive app is when the app asks for permissions it doesn’t need. Think like the flashlight app that wants access to your microphone.

The tricky bit with invasive apps is that many people quickly click through the user agreements and permission screens when they get a new app. Sometimes without reading carefully. That can particularly be the case with children grabbing a new app. However, it’s never too late to spot an invasive app. And remove it.

How to Spot and Remove Invasive Apps to Prevent Mobile Spyware

With a quick trip to your phone’s settings, you can spot and remove invasive apps.

How to Check and Control App Permissions on iOS

1. Go to Settings > Privacy & Security.
2. Tap Safety Check. Here you can see which apps use the permissions you granted them and make changes to those permissions as needed.

You can also run an App Privacy Report, which records data and sensor access on an app-by-app level.

1. Go to Settings > Privacy & Security.
2. Tap App Privacy Report. You can adjust your permissions from there as well.

How to Check and Control App Permissions on Android

1. On your device, open the Settings app.
2. Tap Apps. Tap the app you want to change. If you can’t find it, tap See all apps.
3. Select your app.
4. Tap Permissions. If you allowed or denied any permissions for the app, you’ll find them here.
5. To change the permission setting, tap it, then select Allow or Don’t allow. For location, camera, and microphone permissions, you might be able to select:

• • All the time: For location only. The app can use the permission at any time, even when you’re not using the app.
  • Allow only while using the app: The app can use the permission only when you’re using that app.
  • Ask every time: Every time you open the app, it’ll ask to use the permission. It can use the permission until you’re done with the app.
  • Don’t allow: The app can’t use the permission, even when you’re using the app.

Invasive app? You might just want to delete it.

Rather than pare back permissions on an invasive app, your best and safest bet is to delete the app altogether. Even with excessive permissions turned off, the app might collect other information and send it to the company who developed it. Further, they might share it with others. In short, an invasive app is a bad app all around. Get rid of it and go with something legitimate.

More ways to keep app spyware off your phone

1. Update your phone’s operating system.

Along with installing security software, keeping your phone’s operating system up to date can greatly improve your security. Updates can fix vulnerabilities that hackers rely on to pull off their malware-based attacks. It’s another tried-and-true method of keeping yourself safe—and for keeping your phone running great too.

2. Avoid third-party app stores.

Google Play and Apple’s App Store have measures in place to review and vet apps to help ensure that they are safe and secure. Third-party sites might very well not, and they might intentionally host malicious apps as part of a front. Further, Google and Apple are quick to remove malicious apps from their stores when discovered, making shopping there safer still.

3. Review apps carefully.

Check out the developer—have they published several other apps with many downloads and good reviews? A legit app typically has quite a few reviews, whereas malicious apps might have only a handful of (phony) five-star reviews. Lastly, look for typos and poor grammar in both the app description and screenshots. They might be a sign that a hacker slapped the app together and quickly deployed it.

4. Go with a strong recommendation.

Yet better than combing through user reviews yourself is getting a recommendation from a trusted source, like a well-known publication or from app store editors themselves. In this case, much of the vetting work has been done for you by an established reviewer. A quick online search like “best fitness apps” or “best apps for travelers” should turn up articles from legitimate sites that can suggest good options and describe them in detail before you download.

5. Protect your phone.

Comprehensive online protection software can secure your phone in the same ways that it secures your laptops and computers. Installing it can protect your privacy, keep you safe from attacks on public Wi-Fi, and automatically block unsafe websites and links, just to name a few things it can do.

Be stingy with your apps and their permissions

Permissions make for powerful apps that can help you hail a ride, get a pizza delivered to your door, and map your afternoon run. In the wrong hands, they can also snoop on your activities. If an app ever feels like it’s asking for too many permissions to do its job, you might have an invasive app on your hands. Yet the trick is that some invasive apps still slip through and end up on our phones. Quickly accepting terms and permissions is one reason. For extra protection, consider running a quick app audit. Check the apps and permissions on your phone as noted above and delete any suspicious apps.

Be stingy when it comes to giving your permission. Roll back the permissions so that the app works with the bare minimum of permissions. Set location services so that they’re only used when the app is in use. With social and messaging apps, select which photos you allow them to share rather than giving the app blanket access to your entire photo library.

And lastly, if an app seems like it’s asking for too much, it probably is. Avoid it altogether.

The post Mobile Spyware: How Hackers Hijack Phones Through App Spyware appeared first on McAfee Blog.

It’s the screen you never want to see.

Something is seriously wrong with your phone. Or is it? You might not have a broken phone at all. Instead, you might have a hacked phone.

What you see above is a form of scareware, an attack that frightens you into thinking your device is broken or infected with a virus. What the hacker wants you to do next is panic. They want you to tap on a bogus link that says it’ll run a security check, remove a virus, or otherwise fix your phone before the problem gets worse.

Of course, tapping that link takes you to a malware or phishing site, where the hacker takes the next step and installs an even nastier form of malware on your phone. In other cases, they steal your personal info under the guise of a virus removal service. (And yes, sometimes they pose as McAfee when they pull that move. In fact,

Note that in this example above, the hacker behind the phony broken screen is arguably going for a user who’s perhaps less tech savvy. After all, the message atop the “broken” screen appears clear as day. Still, in the heat of the moment, it can be convincing enough.

How does scareware get on phones?

Scareware typically finds its way onto phones through misleading ads, fake security alerts, or hacked websites. In other cases, downloading apps from places other than an official app store can lead to scareware (and other forms of malware too).

As for malware on phones, you’ll find different risk levels between Android and iOS phones. While neither platform is completely immune to threats, Android phones are reportedly more susceptible to viruses than iPhones due to differences in their app downloading policies. On Android phones, you can install apps from third-party sources outside the official Google Play Store, which increases the risk of downloading malicious software.

In contrast, Apple restricts app installations to its official App Store, making it harder for malware to get on iOS devices. (That’s if you haven’t taken steps to jailbreak your iPhone, which removes the software restrictions imposed by Apple on its iOS operating system. We absolutely don’t recommend jailbreaking because it may void warranties and make it easier for malware, including scareware, to end up on your phone.)

If you think you’ve wound up with a case of scareware, stay calm. The first thing the hacker wants you to do is panic and click that link. Let’s go over the steps you can take.

How to remove malware from your Android phone

If you don’t already have mobile security and antivirus for your phone, your best bet is to get the latest virus removal guidance from Android, which you can find on this help page.

Moving forward, you can get protection that helps you detect and steer clear of potential threats as you use your phone. You can pick up McAfee Security: Antivirus VPN in the Google Play store, which also includes our Scam Detector and Identity Monitoring. You can also get it as part of your McAfee+

How to remove malware from your iPhone

Step 1: Restart your phone

Hold down the iPhone power button until you see slide to power off on your screen. Slide it, wait for the phone to power down, and then press the power button to restart your iPhone.

Step 2: Download updates 

Having the latest version of iOS on your phone ensures you have the best protection in place. Open the Settings app.  Look for Software Update in the General tab. Select Software Update. Tap Download and Install to the latest iPhone update.

Step 3: Delete suspicious apps 

Press a suspicious app icon on your screen and wait for the Remove App to pop up. Remove it and repeat that as needed for any other suspicious apps.

More steps you can take …

If those steps don’t take care of the issue, there are two stronger steps you can take. The first involves restoring your phone from a backup as described by Apple here.

The most aggressive step you can take is to reset your phone entirely. You can return it to the original factory settings (with the option to keep your content) by following the steps in this help article from Apple.

How to avoid malware on your phone

Clearly these attacks play on fear that one of the most important devices in your life has a problem—your phone.

1. Protect your phone.

Comprehensive online protection software can secure your phone in the same ways that it secures your laptops and computers. Installing it can protect your privacy, keep you safe from attacks on public Wi-Fi, automatically block unsafe websites and links, and detect scams, just to name a few things it can do.

2. Update your phone’s operating system.

Along with installing security software, keeping your phone’s operating system up to date can greatly improve your security. Updates can fix vulnerabilities that hackers rely on to pull off their malware-based attacks. It’s another tried-and-true method of keeping yourself safe—and for keeping your phone running great too.

3. Avoid third-party app stores.

Google Play and Apple’s App Store have measures in place to review and vet apps to help ensure that they are safe and secure. Third-party sites might very well not, and they might intentionally host malicious apps as part of a front. Further, Google and Apple are quick to remove malicious apps from their stores when discovered, making shopping there safer still.

The post Black or Scrambled Phone Screen? Here’s How to Spot a Hacked vs Broken Phone appeared first on McAfee Blog.

They came by phone, by text, by email, and they even weaseled their way into people’s love lives—an entire host of scams that we covered here in our blogs throughout the year.

Today, we look back, picking five noteworthy scams that firmly established new trends, along with one in particular that gives us a hint at the face of scams to come.

Let’s start it off with one scam that pinged plenty of phones over the spring and summer: those toll road texts.

1 – The Texts That Jammed Everyone’s Phones: The Toll Road Scam

It was the hot new scam of 2025 that increased by 900% in one year: the toll road scam.

There’s a good chance you got a few of these this year,scam texts that say you have an unpaid tab for tolls and that you need to pay right away. And as always, they come with a handy link where you can pay up and avoid that threat of a “late fee.”

2 – Romancing the Bot: AI Chatbots and Images Finagle Their Way Into Romance Scams

It started with a DM. And a few months later, it cost her $1,200.

Earlier this year, we brought you the story of 25-year-old computer programmer Maggie K. who fell for a romance scam on Instagram. Her story played out like so many. When she and her online boyfriend finally agreed to meet in person, he claimed he missed his flight and needed money to rebook. Desperate to finally see him, she sent the money and never heard from him again.

But here’s the twist—he wasn’t real in the first place.

When she reported the scam to police, they determined his images were all made with AI. In Maggie’s words, “That was the scariest part—I had trusted someone who never even existed.”

Maggie isn’t alone. Our own research earlier this year revealed that more than half (52%) of people have been scammed out of money or pressured to send money or gifts by someone they met online.

Moreover, we found that scammers have fueled those figures with the use of AI. Of people we surveyed, more than 1 in 4 (26%) said they—or someone they know—have been approached by an AI chatbot posing as a real person on a dating app or social media.

We expect this trend will only continue, as AI tools make it easier and more efficient to pull off romance scams on an increasingly larger scale.

Even so, the guidelines for avoiding romance scams remain the same:

• Never send money to someone you’ve never met in person.
• Things move too fast, too soon—like when the other person starts talking about love almost right away.
• They say they live far away and can’t meet in person because they live abroad, all part of a scammers story that they’re there for charity or military service.
• Look out for stories of urgent financial need, such as sudden emergencies or requests for help with travel expenses to meet you.
• Also watch out for people who ask for payment in gift cards, crypto, wire transfers, or other forms of payment that are tough to recover. That’s a sign of a scam.

3 – Paying to Get Paid: The New Job Scam That Raked in Millions

The job offer sounds simple enough … go online, review products, like videos, or do otherwise simple tasks and get paid doing it—until it’s time to get paid.

It’s a new breed of job scam that took root this spring, one where victims found themselves “paying to get paid.”

The FTC dubbed these scams as “gamified job scams” or “task scams.” Given the way these scams work, the naming fits.

It starts with a text or direct message from a “recruiter” offering work with the promise of making good money by “liking” or “rating” sets of videos or product images in an app, all with the vague purpose of “product optimization.” With each click, you earn a “commission” and see your “earnings” rack up in the app. You might even get a payout, somewhere between $5 and $20, just to earn your trust.

Then comes the hook.

Like a video game, the scammer sweetens the deal by saying the next batch of work can “level up” your earnings. But if you want to claim your “earnings” and book more work, you need to pay up. So you make the deposit, complete the task set, and when you try to get your pay the scammer and your money are gone. It was all fake.

This scam and others like it fall right in line with McAfee data that uncovered a spike in job-related scams of 1,000% between May and July,which undoubtedly built on 2024’s record-setting job scam losses of $501 million.

Whatever form they take, here’s how you can avoid job scams:

Step one—ignore job offers over text and social media

A proper recruiter will reach out to you by email or via a job networking site. Moreover, per the FTC, any job that pays you to “like” or “rate” content is against the law. That alone says it’s a scam.

Step two—look up the company

In the case of job offers in general, look up the company. Check out their background and see if it matches up with the job they’re pitching. In the U.S., The Better Business Bureau (BBB) offers a list of businesses you can search.

Step three—never pay to start a job.

Any case where you’re asked to pay to up front, with any form of payment, refuse, whether that’s for “training,” “equipment,” or more work. It’s a sign of a scam.

4 – Seeing is Believing is Out the Window: The Al Roker Deepfake Scam

Prince Harry, Taylor Swift, and now the Today show’s Al Roker, too, they’ve all found themselves as the AI-generated spokesperson for deepfake scams.

In the past, a deepfake Prince Harry pushed bogus investments, while another deepfake of Taylor Swift hawked a phony cookware deal. Then, this spring, a deepfake of Al Roker used his image and voice to promote a bogus hypertension cure—claiming, falsely, that he had suffered “a couple of heart attacks.”

 

The fabricated clip appeared on Facebook, which appeared convincing enough to fool plenty of people, including some of Roker’s own friends. “I’ve had some celebrity friends call because their parents got taken in by it,” said Roker.

While Meta quickly removed the video from Facebook after being contacted by TODAY, the damage was done. The incident highlights a growing concern in the digital age: how easy it is to create—and believe—convincing deepfakes.

Roker put it plainly, “We used to say, ‘Seeing is believing.’ Well, that’s kind of out the window now.”

In all, this stands as a good reminder to be skeptical of celebrity endorsements on social media. If public figure fronts an apparent deal for an investment, cookware, or a hypertension “cure” in your feed, think twice. And better yet, let our Scam Detector help you spot what’s real and what’s fake out there.

5 – September 2025: The First Agentic AI Attack Spotted in The Wild

And to close things out, a look at some recent news, which also serves as a look ahead.

Last September, researchers spotted something unseen before:a cyberattack almost entirely run by agentic AI.

What is Agentic AI?

Definition: Artificial intelligence systems that can independently plan, make decisions, and work toward specific goals with minimal human intervention; in this way, it executes complex tasks by adapting to new info and situations on its own.

Reported by AI researcher Anthropic, a Chinese state-sponsored group allegedly used the company’s Claude Code agent to automate most of an espionage campaign across nearly thirty organizations. Attackers allegedly bypassed guardrails that typically prevent such malicious use with jailbreaking techniques, which broke down their attacks into small, seemingly innocent tasks. That way, Claude orchestrated a large-scale attack it wouldn’t otherwise execute.

Once operational, the agent performed reconnaissance, wrote exploit code, harvested credentials, identified high-value databases, created backdoors, and generated documentation of the intrusion. By Anthropic’s estimate, they completed 80–90% of the work without any human involvement.

According to Anthropic: “At the peak of its attack, the AI made thousands of requests, often multiple per second—an attack speed that would have been, for human hackers, simply impossible to match.”

We knew this moment was coming, and now the time has arrived: what once took weeks of human effort to execute a coordinated attack now boils down to minutes as agentic AI does the work on someone’s behalf.

In 2026, we can expect to see more attacks led by agentic AI, along with AI-led scams as well, which raises an important question that Anthropic answers head-on:

If AI models can be misused for cyberattacks at this scale, why continue to develop and release them? The answer is that the very abilities that allow Claude to be used in these attacks also make it crucial for cyber defense. When sophisticated cyberattacks inevitably occur, our goal is for Claude—into which we’ve built strong safeguards—to assist cybersecurity professionals to detect, disrupt, and prepare for future versions of the attack.

That gets to the heart of security online: it’s an ever-evolving game. As new technologies arise, those who protect and those who harm one-up each other in a cycle of innovation and exploits. As we’re on the side of innovation here, you can be sure we’ll continue to roll out protections that keep you safer out there. Even as AI changes the game, our commitment remains the same.

Happy Holidays!

We’re taking a little holiday break here and we’ll be back with our weekly roundups again in 2026. Looking forward to catching up with you then and helping you stay safer in the new year.

The post This Year in Scams: A 2025 Retrospective, and a Look Ahead at 2026 appeared first on McAfee Blog.

If you’re in the market for insurance right now, keep an eye out for scammers in the mix. They’re out in full force once again this open enrollment season.

As people across the U.S. sign up for, renew, or change their health insurance plans, scammers want to cash in as people rush to get their coverage set. And scammers have several factors working in their favor.

For starters, many people find the insurance marketplace confusing, frustrating, and even intimidating, all feelings that scammers can take advantage of. Moreover, concerns about getting the right level of coverage at an affordable price also play into the hands of scammers.

Amidst all this uncertainty and time pressure, health insurance scams crop up online. Whether under the guise of helping people navigate the complex landscape or by offering seemingly low-cost quotes, scammers prey on insurance seekers by stealing their personal information, Social Security numbers, and money.

According to the FBI, health insurance scams cost families millions each year. In some cases, the costs are up front. People pay for fraudulent insurance and have their personal info stolen. And for many, the follow-on costs are far worse, where victims go in for emergency care and find that their treatment isn’t covered—leaving them with a hefty bill.

Like so many of the scams we cover here in our blogs, you can spot health insurance scams relatively quickly once you get to know their ins and outs.

What Kind Of Health Insurance Scams Are Out There Right Now?

Here’s how some of those scams can play out.

The Phishing Strategy

Some are “one and done scams” where the scammer promises a policy or service and then disappears after stealing money and personal info—much like an online shopping scam. It’s a quick and dirty hit where scammers quickly get what they want by reaching victims the usual ways, such as through texts, emails, paid search results, and social media. In the end, victims end up on a phishing site where they think they’re locking in a good deal but handing over their info to scammers instead.

The Long Con

Other scams play a long con game, milking victims for thousands and thousands of dollars over time. The following complaint lodged by one victim in Washington state provides a typical example:

A man purchased a plan to cover himself, his wife, and his two children, only to learn there was no coverage. He was sold a second policy, with the same result, and offered a refund if he purchased a third policy. When he filed a complaint, his family still had no coverage, and he was seeking a refund for more than $20,000 and reimbursement for $55,000 in treatments and prescriptions he’d paid out of pocket.

Scams like these are known as ghost broker scams where scammers pose as insurance brokers who take insurance premiums and pocket the money, leaving victims thinking they have coverage when they don’t. In some cases, scammers initially apply for a genuine policy with a legitimate carrier, only to cancel it later, while still taking premiums from the victim as their “broker.” Many victims only find out that they got scammed when they attempt to file a claim.

The “Fake” Cancellation Scam

Another type of scam comes in the form of policy cancellation scams. These work like any number of other account-based scams, where a scammer pretends to be a customer service rep at a bank, utility, or credit card company. In the insurance version of it, scammers email, text, or call with some bad news—the person’s policy is about to get cancelled. Yet not to worry, the victim can keep the policy active they hand over some personal and financial info. It’s just one more way that scammers use urgency and fear to steal to commit identity theft and fraud.

What Are The Signs Of A Health Insurance Scam?

As said, health insurance scams become relatively easy to spot once you know the tricks that scammers use. The Federal Trade Commission (FTC) offers up its list of the ones they typically use the most:

1)Someone says they’re from the government and need money or your personal info.Government agencies don’t call people out of the blue to ask them for money or personal info. No one from the government will ask you to verify your Social Security, bank account, or credit card number, and they won’t ask you to wire money or pay by gift card or cryptocurrency.

If you have a question about Health Insurance Marketplace®, contact the government directly at: HealthCare.gov or 1-800-318-2596

2) Someone tries to sell you a medical discount plan. Legitimate medical discount plans differ from health insurance. They supplement it. In that way, they don’t pay for any of your medical expenses. Rather, they’re membership programs where you pay a recurring fee for access to a network of providers who offer their services at pre-negotiated, reduced rates. The FTC strongly advises thorough research before participating in one, as some take people’s money and offer very little in return. Call your caregiver and see if they really participate in the program and in what way. And always review the details of any medical discount plan in writing before you sign up.

3) Someone wants your sensitive personal info in exchange for a price quote. The Affordable Care Act’s (ACA’s) official government site is HealthCare.gov. It lets you compare prices on health insurance plans, check your eligibility for healthcare subsidies, and begin enrollment. But HealthCare.gov will only ask for your monthly income and your age to give you a price quote. Never enter personal financial info like your Social Security number, bank account, or credit card number to get a quote for health insurance.

4) Someone wants money to help you navigate the Health Insurance Marketplace. The people who offer legitimate help with the Health Insurance Marketplace (sometimes called Navigators or Assisters) are not allowed to charge you and won’t ask you for personal or financial info. If they ask for money, it’s a scam. Go to HealthCare.govand click “Find Local Help” to learn more.

How to Avoid Health Insurance Scams

1)For health insurance, visit a trusted source like HealthCare.gov or your state marketplace. Doing so helps guarantee that you’ll get the kind of fully compliant coverage you want.

2) Make sure the insurance covers you in your state. Not every insurer is licensed to operate in your state. Double-check that the one you’re dealing with is. A good place to start is to visit the site for your state’s insurance commission. It should have resources that let you look up the insurance companies, agents, and brokers in your state.

3) For any insurance, research the company offering it. Run a search with the company name and add “scam” or “fraud” to it. See if any relevant news or complaints show up. And if the plan you’re being offered sounds too good to be true, it probably is.

4) Watch out for high-pressure sales. Don’t pay anything up front and be cautious if a company is forcing you to make quick decisions.

5) Guard your personal info. Never share your personal info, account details, or Social Security number over text or email. Make sure you’re really working with a legitimate company and that you submit any info through a secure submissions process.

6) Block bad links to phishing sites. Many insurance scams rely on phishing sites to steal personal info. A  combination of our Web Protection and Scam Detector can steer you clear of them. They’ll alert you if a link might take you to one. It’ll also block those sites if you accidentally tap or click on a bad link.

7) Monitor your identity and credit. In some health insurance scams, your personal info winds up in wrong hands, which can lead to identity fraud and theft. And the problem is that you only find out once the damage is done. Actively monitoring your identity and credit can spot a problem before it becomes an even bigger one. You can take care of both easily with our identity monitoring and credit monitoring.

Additionally, our identity theft coverage can help if the unexpected happens with up to $2 million in identity theft coverage and identity restoration support if determined you’re a victim of identity theft.​

You’ll find these protections and more in McAfee+.

The post How To Spot Health Insurance Scams This Open Enrollment Season appeared first on McAfee Blog.

Imagine a day where you didn’t have to juggle passwords.

No more sticky notes. No more notebooks with dozens of passwords scribbled in, crossed out, and scribbled in again. No more forgetting and resetting. No more typing them in all the time.

And even better, imagine secure accounts, likely even more secure than you could keep them on your own.

That’s the power of a password manager in your life.

A password manager does the work of creating strong, unique passwords for each and every one of your accounts. And considering the hundred or so accounts you have, that’s something that would take plenty of time if you did all that work on your own.

In all, a password manager can turn the pain of juggling passwords into a real comfort.

What’s a bad password?

Before we get into how a password manager can make your life easier while making your accounts more secure, let’s look at what makes up a bad password. Here are a few examples:

Obvious passwords: Password-cracking programs start by entering a list of common (and arguably lazy) passwords. These may include the simple “password” or “1234567”. Others include common keyboard paths like “qwerty.” Even longer keyboard paths like “qwertyuiop” are well known to hackers and their tools as well. 

Dictionary words: Hacking tools also look for common dictionary words strung together, which helps them crack longer passwords in chunks. The same goes for passwords that contain the name of the app or service in them. These are “no brainer” words found in passwords that make passwords even easier to crack.

Repeated passwords: You may think you have such an unbreakable password that you want to use it for all your accounts. However, this means that if hackers compromise one of your accounts, all your other accounts are vulnerable. This is a favorite tactic of hackers. They’ll target less secure accounts and services and then attempt to re-use those credentials on more secure services like online bank and credit card companies. 

Personal information passwords: Passwords that include your birthday, dog’s name, or nickname leave you open to attack. While they’re easy for you to remember, they’re also easy for a hacker to discover—such as with a quick trip to your social media profile, particularly if it is not set to private.

If any of the above sounds familiar, you’ll want to replace any of your bad passwords with strong ones.

What’s a good password?

We can point to three things that make up a strong password, which makes it difficult to hack.

Your password is:

Long: A longer password is potentially a stronger password when it comes to a “brute force” attack, where a hacker uses an automated trial-and-error system to break it. For example, an eight-character password using uppercase and lowercase letters, numbers, and symbols can get hacked in minutes. Kick it up to 16 characters and it becomes incredibly more difficult to break—provided it doesn’t rely on common words or phrases. McAfee can help you generate a strong password, for stronger security with our random password generator.

Complex: To increase the security of your password, it should have a combination of uppercase letters, lowercase letters, symbols, and numbers like mentioned above.

Unique: Every one of your accounts should have its own password.

Now, apply this to the hundred or so accounts you keep and creating strong passwords for all of them really does call for a lot of work.

Should I use a password manager?

Given its ease of use and the big security boost it gives you and all your accounts, the answer is yes.

A password manager does the work of creating strong, unique passwords for your accounts. These will take the form of a string of random numbers, letters, and characters. They won’t be memorable, but the manager does the memorizing for you. You only need to remember a single password to access the tools of your manager.

A strong password manager also stores your passwords securely. Our password manager protects your passwords by scrambling them with AES-256, one of the strongest encryption algorithms available. Only you can decrypt and access your info with the factors you choose. Additionally, our password manager uses multi-factor authentication (MFA), so you’ll be verified by at least two factors before being signed in.

Aside from the comfort of convenience a password manager can give you, it gives you another level of assurance—extra protection in an age of data breaches, because you’ll have unique passwords where one compromise won’t lead to others.

And whether or not you go with a password manager to create those strong and unique passwords, make sure you use MFA on every account that offers it. MFA offers another layer of protection by adding another factor into the login process, such as something you own like a text to your phone or notification to an authentication app. That way if a hacker has your password, they’ll still be locked out of your account because they lack that MFA code.

One more smart move: delete your old accounts

In some cases, you really don’t need some of your old accounts and the passwords that come along with them. Maybe they’re old and unused. Or maybe they were for a one-time purchase at an online store you won’t visit again. Deleting these accounts is a smart move because they’re yet more places where your personal info is stored—and subject to a data breach.

Our Online Account Cleanup can help, which you can find in all our McAfee+ plans. It scans for accounts in your name, gives you a full list, and shows you which types of accounts might be riskier than others. From there you can decide which ones you want to delete, along with the personal info linked to them. In our McAfee+ Ultimate plans, you get full-service Online Account Cleanup, which sends the data deletion requests for you.

Between this and a password manager, you’ll have one less thing to juggle—your passwords, and one less thing to worry about—if they’re secure from hackers.

The post Why “Strong Passwords” Aren’t Enough Anymore—and What to Do Instead appeared first on McAfee Blog.

Pets, poisoned AI search results, and a phone call that sounds like it’s coming straight from the federal government, this week’s scams don’t have much in common except one thing: they’re getting harder to spot.

In today’s edition of This Week in Scams, we’re breaking down the biggest security lapses and the tactics scammers used to exploit them, and what you can do to stay ahead of the latest threats.

Two data security lapses discovered at Petco in one week put pet parents at risk

If you’re a Petco customer, you’ll want to know about not one but two data security lapses in the past week.

First, as reported by TechCrunch on Monday, Petco followed Texas data privacy laws by filing a data breach with the attorney general’s office. In that filing, Petco reported that the affected data included names, Social Security numbers, and driver’s license numbers. Further info including account numbers, credit and debit card numbers, and dates of birth were also mentioned in the filing.

Also according to Techcrunch, the company filed similar notices in California and Massachusetts.

To date, Petco has not made a comment about the size of the breach and the number of people affected.

Different states have different policies for reporting data breaches. In some cases, that helps us put a figure to the size of the breach, as some states require companies to disclose the total number of people caught up in the breach. That’s not the case here, so the full scope of the attack remains in question, at least for right now.

As of Thursday, we know Petco reported that 329 Texans were affected along with seven Massachusetts residents, per the respective reports filed. California’s report does not contain the number of Californians affected, yet laws in that state require businesses to report breaches that affect 500 or more people, so at least 500 people were affected there.

Below you can see the form letter Petco sent to affected Californians in accordance with California’s data privacy laws:

 

In it, you can see that Petco discovered that “a setting within one of our software applications … inadvertently allowed certain files to become accessible online.” Further, Petco said that it “immediately took steps to correct the issue and to remove the files from further online access,” and that it “corrected” the setting and implemented unspecified “additional security measures.”

So while no foul play appears to have been behind the breach, it’s still no less risky and concerning for Petco’s customers. We’ll cover what you can do about that in a moment after we cover yet another data issue at Petco through its Vetco clinics.

Also within the same timeframe, yet more research and reporting from Techcrunch uncovered a second security lapse that exposed personal info online. From their article:

“TechCrunch identified a vulnerability in how Vetco’s website generates copies of PDF documents for its customers.

“Vetco’s customer portal, located at petpass.com, allows customers to log in and obtain veterinary records and other documents relating to their pet’s care. But TechCrunch found that the PDF generating page on Vetco’s website was public and not protected with a password.

“As such, it was possible for anyone on the internet to access sensitive customer files directly from Vetco’s servers by modifying the web address to input a customer’s unique identification number. Vetco customer numbers are sequential, which means one could access other customers’ data simply by changing a customer number by one or two digits.”

What to do if you think you had info stolen in the Petco breach

With the size and reach of the Petco breach still unknown, and the impact of the Vetco security lapse also unknown, we advise caution for all Petco customers. At minimum, monitor transactions and keep an eye on your credit report for any suspicious activity. And it’s always a good time to update a weak password.

For those who received a notification, we advise the following:

Check your credit, consider a security freeze, and get ID theft protection. You can get all three working for you with McAfee+ Advanced or McAfee+ Ultimate.

Monitor transactions across your accounts, also available in McAfee+ Advanced and Ultimate.

Keep an eye out for phishing attacks. Use our Scam Detector to spot any follow-on attacks.

Update your passwords. Strong and unique passwords are best. Our password manager can help you create and store them securely.

And use two-factor authentication on all your accounts. Enabling two-factor authentication provides an added layer of security.

 

What to do if your Social Security number was breached.

If you think your Social Security number was caught up in the breach, act quickly.

1. First, contact one of the three credit bureaus (Equifax, Experian, or TransUnion) and place a fraud alert on your credit report.
2. That will cover all three bureaus and make it harder for someone to open new accounts in your name. You can also quickly freeze your credit altogether with McAfee+ Ultimate.
3. Also notify the Social Security Administration (SSA) along with the Internal Revenue Service (IRS), and file a police report immediately if you believe your number is being misused.

The call center number that connects you to … scammers?

You might want to be careful when searching for customer service numbers while in AI mode. Or with an AI search engine. It could connect you to a scammer.

From The Times comes reports of scammers manipulating the AI in platforms like Google and Perplexity so that their search results return scam numbers instead of a proper customer service numbers for, say, British Airways.

How do they manipulate those results? By spamming the internet with false info that gets picked up and then amplified by AI.

“[S]cammers have started seeding fake call center numbers on the web so the AI is tricked into thinking it is genuine …

“Criminals have set up YouTube channels with videos claiming to help with customer support, which are packed with airline brand names and scam numbers designed to be scraped and reused by the AI.

“Bot-generated reviews on Yelp or video descriptions on YouTube are filled with fraudulent numbers as are airline and travel web forums.”

And with these tactics, scammers could poison the results for just about any organization, business, or brand. Not just airlines. Per The Times, “The scammers have also hijacked government sites, university domains, and even fitness sites to place scam numbers, which fools the AI into thinking they are genuine.”

This reveals a current limitation with many AI platforms. Largely they can’t distinguish when people deliberately feed them bad info, as seen in the case here.

Yet even as this attack is new, our advice remains the same: any time you want to ring up a customer service line, get the number directly from the company’s official website. Not from AI search and not by clicking a paid search result that shows up first (scammers can poison them too).

Is that a call from an FTC “agent?” If so, it’s a scam.

Are you under investigation for money laundering? Of course not. But this scam wants you to think so—and to pay up.

On Tuesday, the Federal Trade Commission (FTC) issued a consumer alert warning that people are reporting getting unexpected calls from someone saying they’re “FTC agent” John Krebs. Apparently “Agent Krebs” is telling people that they’re under investigation for money laundering—and that a deposit to a Bitcoin ATM can resolve the matter.

Of course, it’s a scam.

For starters, the FTC doesn’t have “agents.” And the idea of clearing one’s name in an investigation with a Bitcoin payment is a sure-fire sign of a scam. Lastly, any time someone asks for payment with Bitcoin or other payment methods that are near-impossible to recover (think wire transfers and gift cards), those are big red flags.

Apart from hanging up and holding on to your money, the FTC offers the following guidance, which holds true for any scam call:

• Never transfer or send money to anyone in response to an unexpected call or message, no matter who they say they are.
• Know that the FTC won’t ask for money. In fact, no government agency will ever tell you to deposit money at a cryptocurrency ATM, buy gift cards and share the numbers, or send money over a payment app like Zelle, Cash App, or Venmo.
• Don’t trust your caller ID. A call might look like it’s coming from the government or a business, but scammers often fake caller ID.

And we close things out a quick roundup …

As always, here’s a quick list of a few stories that caught our eye this week:

AI tools transform Christmas shopping as people turn to chatbots

National cybercrime network operating for 14 years dismantled in Indonesia

Why is AI becoming the go-to support for our children’s mental health?

We’ll see you next Friday with a special edition to close out 2025 … This Year in Scams.

The post This Week in Scams: Petco Breach Warning, and Watch Out for Fake Federal Calls appeared first on McAfee Blog.

It looks harmless enough.

A digital party invitation lands in your inbox or phone. You click to see the details. Then it asks you to log in or create an account before revealing the event. 

That’s where the scam begins. 

Fake e-vite phishing scams are on the rise, and they take advantage of something simple: social trust. You’re far more likely to click an invitation than a generic “account alert” or “delivery notice.” 

And that’s exactly why scammers are using them. 

In fact, here’s a screenshot of a fake phishing email I recently got this holiday season:

When you click the “open invitation” link, it immediately asks you to sign in or create an account with your personal information. That’s the step where scammers steal your private data. 

What Is a Fake E-Vite Scam? 

A fake e-vite scam is a phishing attack that pretends to be a real invitation from platforms like Paperless Post or other digital invitation services. 

The goal is to trick you into: 

• Entering your email and password 
• Creating a fake account on a malicious site 
• Clicking links that lead to credential-stealing pages 
• Downloading malware disguised as an invitation 

Once scammers have your login information, they can: 

• Take over your email 
• Reset passwords on other accounts 
• Send scams to your contacts 
• Launch identity theft attempts 

How These Fake Invitation Scams Usually Work 

Here’s the most common flow: 

1. You receive a digital invitation that looks normal 
2. The message prompts you to “view the invitation” 
3. You’re redirected to a login or signup page 
4. You enter your email, password, or personal info 
5. The invitation never appears 
6. Your credentials have now been stolen 

Because this starts with something familiar and social, many people don’t realize it’s phishing until accounts are already compromised. Plus, scammers then use your email and name to trick friends and family into trusting more fake e-vites from your account.

How to Tell If a Paperless Post Invite Is Real 

Paperless Post has publicly acknowledged these scams and shared what legitimate messages actually look like. 

Legitimate Paperless Post Emails Will Never: 

• Include .EXE attachments 
• Include .PDF attachments 
• Include any attachments other than image files 

Official Paperless Post Email Domains: 

Legitimate invitations and account messages only come from: 

• paperless@email.paperlesspost.com 
• paperlesspost@paperlesspost.com 
• paperlesspost@accounts.paperlesspost.com 

Official support emails only come from: 

• help@paperlesspost.com 
• pds@paperlesspost.com 
• security@paperlesspost.com 
• privacy@paperlesspost.com 
• agent@paperlesspost.com 
• optout@paperlesspost.com 

If the sender does not match one of these exactly, it’s a scam. 

Paperless Post also notes that verified emails may display a blue checkmark in supported inboxes to confirm authenticity.  

The Biggest Red Flags of a Fake E-Vite 

If you see any of the following, do not click: 

• You’re forced to log in to “see” who invited you 
• The sender email doesn’t match the official domains above 
• The invitation creates urgency 
• You’re asked for payment to view the event 
• The message feels generic instead of personal 
• The site address looks slightly off 

Why These Scams Are So Effective Right Now 

Modern phishing attacks don’t rely on sloppy design anymore. Many now use: 

• Polished branding 
• Clean layouts 
• Familiar platforms 
• Friendly language 
• Social pressure 

Invitation phishing is especially powerful because: 

• It triggers curiosity 
• It feels harmless 
• It mimics real social behavior 
• It doesn’t start with fear or threats 
• By the time the scam turns risky, your guard is already down. 

What To Do If You Clicked a Fake E-Vite 

If you entered any information into a suspicious invitation page: 

1. Immediately change your email password 
2. Change any other account that reused that password 
3. Enable two-factor authentication 
4. Check for unknown login activity 
5. Warn contacts if your email may have been compromised 
6. Run a security scan on your device 

The faster you act, the more damage you can prevent. 

The post Think That Party Invite Is Real? Fake E-Vite Scams Are the New Phishing Trap appeared first on McAfee Blog.