It’s the screen you never want to see.

Something is seriously wrong with your phone. Or is it? You might not have a broken phone at all. Instead, you might have a hacked phone.

What you see above is a form of scareware, an attack that frightens you into thinking your device is broken or infected with a virus. What the hacker wants you to do next is panic. They want you to tap on a bogus link that says it’ll run a security check, remove a virus, or otherwise fix your phone before the problem gets worse.

Of course, tapping that link takes you to a malware or phishing site, where the hacker takes the next step and installs an even nastier form of malware on your phone. In other cases, they steal your personal info under the guise of a virus removal service. (And yes, sometimes they pose as McAfee when they pull that move. In fact,

Note that in this example above, the hacker behind the phony broken screen is arguably going for a user who’s perhaps less tech savvy. After all, the message atop the “broken” screen appears clear as day. Still, in the heat of the moment, it can be convincing enough.

How does scareware get on phones?

Scareware typically finds its way onto phones through misleading ads, fake security alerts, or hacked websites. In other cases, downloading apps from places other than an official app store can lead to scareware (and other forms of malware too).

As for malware on phones, you’ll find different risk levels between Android and iOS phones. While neither platform is completely immune to threats, Android phones are reportedly more susceptible to viruses than iPhones due to differences in their app downloading policies. On Android phones, you can install apps from third-party sources outside the official Google Play Store, which increases the risk of downloading malicious software.

In contrast, Apple restricts app installations to its official App Store, making it harder for malware to get on iOS devices. (That’s if you haven’t taken steps to jailbreak your iPhone, which removes the software restrictions imposed by Apple on its iOS operating system. We absolutely don’t recommend jailbreaking because it may void warranties and make it easier for malware, including scareware, to end up on your phone.)

If you think you’ve wound up with a case of scareware, stay calm. The first thing the hacker wants you to do is panic and click that link. Let’s go over the steps you can take.

How to remove malware from your Android phone

If you don’t already have mobile security and antivirus for your phone, your best bet is to get the latest virus removal guidance from Android, which you can find on this help page.

Moving forward, you can get protection that helps you detect and steer clear of potential threats as you use your phone. You can pick up McAfee Security: Antivirus VPN in the Google Play store, which also includes our Scam Detector and Identity Monitoring. You can also get it as part of your McAfee+

How to remove malware from your iPhone

Step 1: Restart your phone

Hold down the iPhone power button until you see slide to power off on your screen. Slide it, wait for the phone to power down, and then press the power button to restart your iPhone.

Step 2: Download updates 

Having the latest version of iOS on your phone ensures you have the best protection in place. Open the Settings app.  Look for Software Update in the General tab. Select Software Update. Tap Download and Install to the latest iPhone update.

Step 3: Delete suspicious apps 

Press a suspicious app icon on your screen and wait for the Remove App to pop up. Remove it and repeat that as needed for any other suspicious apps.

More steps you can take …

If those steps don’t take care of the issue, there are two stronger steps you can take. The first involves restoring your phone from a backup as described by Apple here.

The most aggressive step you can take is to reset your phone entirely. You can return it to the original factory settings (with the option to keep your content) by following the steps in this help article from Apple.

How to avoid malware on your phone

Clearly these attacks play on fear that one of the most important devices in your life has a problem—your phone.

1. Protect your phone.

Comprehensive online protection software can secure your phone in the same ways that it secures your laptops and computers. Installing it can protect your privacy, keep you safe from attacks on public Wi-Fi, automatically block unsafe websites and links, and detect scams, just to name a few things it can do.

2. Update your phone’s operating system.

Along with installing security software, keeping your phone’s operating system up to date can greatly improve your security. Updates can fix vulnerabilities that hackers rely on to pull off their malware-based attacks. It’s another tried-and-true method of keeping yourself safe—and for keeping your phone running great too.

3. Avoid third-party app stores.

Google Play and Apple’s App Store have measures in place to review and vet apps to help ensure that they are safe and secure. Third-party sites might very well not, and they might intentionally host malicious apps as part of a front. Further, Google and Apple are quick to remove malicious apps from their stores when discovered, making shopping there safer still.

The post Black or Scrambled Phone Screen? Here’s How to Spot a Hacked vs Broken Phone appeared first on McAfee Blog.

They came by phone, by text, by email, and they even weaseled their way into people’s love lives—an entire host of scams that we covered here in our blogs throughout the year.

Today, we look back, picking five noteworthy scams that firmly established new trends, along with one in particular that gives us a hint at the face of scams to come.

Let’s start it off with one scam that pinged plenty of phones over the spring and summer: those toll road texts.

1 – The Texts That Jammed Everyone’s Phones: The Toll Road Scam

It was the hot new scam of 2025 that increased by 900% in one year: the toll road scam.

There’s a good chance you got a few of these this year,scam texts that say you have an unpaid tab for tolls and that you need to pay right away. And as always, they come with a handy link where you can pay up and avoid that threat of a “late fee.”

2 – Romancing the Bot: AI Chatbots and Images Finagle Their Way Into Romance Scams

It started with a DM. And a few months later, it cost her $1,200.

Earlier this year, we brought you the story of 25-year-old computer programmer Maggie K. who fell for a romance scam on Instagram. Her story played out like so many. When she and her online boyfriend finally agreed to meet in person, he claimed he missed his flight and needed money to rebook. Desperate to finally see him, she sent the money and never heard from him again.

But here’s the twist—he wasn’t real in the first place.

When she reported the scam to police, they determined his images were all made with AI. In Maggie’s words, “That was the scariest part—I had trusted someone who never even existed.”

Maggie isn’t alone. Our own research earlier this year revealed that more than half (52%) of people have been scammed out of money or pressured to send money or gifts by someone they met online.

Moreover, we found that scammers have fueled those figures with the use of AI. Of people we surveyed, more than 1 in 4 (26%) said they—or someone they know—have been approached by an AI chatbot posing as a real person on a dating app or social media.

We expect this trend will only continue, as AI tools make it easier and more efficient to pull off romance scams on an increasingly larger scale.

Even so, the guidelines for avoiding romance scams remain the same:

• Never send money to someone you’ve never met in person.
• Things move too fast, too soon—like when the other person starts talking about love almost right away.
• They say they live far away and can’t meet in person because they live abroad, all part of a scammers story that they’re there for charity or military service.
• Look out for stories of urgent financial need, such as sudden emergencies or requests for help with travel expenses to meet you.
• Also watch out for people who ask for payment in gift cards, crypto, wire transfers, or other forms of payment that are tough to recover. That’s a sign of a scam.

3 – Paying to Get Paid: The New Job Scam That Raked in Millions

The job offer sounds simple enough … go online, review products, like videos, or do otherwise simple tasks and get paid doing it—until it’s time to get paid.

It’s a new breed of job scam that took root this spring, one where victims found themselves “paying to get paid.”

The FTC dubbed these scams as “gamified job scams” or “task scams.” Given the way these scams work, the naming fits.

It starts with a text or direct message from a “recruiter” offering work with the promise of making good money by “liking” or “rating” sets of videos or product images in an app, all with the vague purpose of “product optimization.” With each click, you earn a “commission” and see your “earnings” rack up in the app. You might even get a payout, somewhere between $5 and $20, just to earn your trust.

Then comes the hook.

Like a video game, the scammer sweetens the deal by saying the next batch of work can “level up” your earnings. But if you want to claim your “earnings” and book more work, you need to pay up. So you make the deposit, complete the task set, and when you try to get your pay the scammer and your money are gone. It was all fake.

This scam and others like it fall right in line with McAfee data that uncovered a spike in job-related scams of 1,000% between May and July,which undoubtedly built on 2024’s record-setting job scam losses of $501 million.

Whatever form they take, here’s how you can avoid job scams:

Step one—ignore job offers over text and social media

A proper recruiter will reach out to you by email or via a job networking site. Moreover, per the FTC, any job that pays you to “like” or “rate” content is against the law. That alone says it’s a scam.

Step two—look up the company

In the case of job offers in general, look up the company. Check out their background and see if it matches up with the job they’re pitching. In the U.S., The Better Business Bureau (BBB) offers a list of businesses you can search.

Step three—never pay to start a job.

Any case where you’re asked to pay to up front, with any form of payment, refuse, whether that’s for “training,” “equipment,” or more work. It’s a sign of a scam.

4 – Seeing is Believing is Out the Window: The Al Roker Deepfake Scam

Prince Harry, Taylor Swift, and now the Today show’s Al Roker, too, they’ve all found themselves as the AI-generated spokesperson for deepfake scams.

In the past, a deepfake Prince Harry pushed bogus investments, while another deepfake of Taylor Swift hawked a phony cookware deal. Then, this spring, a deepfake of Al Roker used his image and voice to promote a bogus hypertension cure—claiming, falsely, that he had suffered “a couple of heart attacks.”

 

The fabricated clip appeared on Facebook, which appeared convincing enough to fool plenty of people, including some of Roker’s own friends. “I’ve had some celebrity friends call because their parents got taken in by it,” said Roker.

While Meta quickly removed the video from Facebook after being contacted by TODAY, the damage was done. The incident highlights a growing concern in the digital age: how easy it is to create—and believe—convincing deepfakes.

Roker put it plainly, “We used to say, ‘Seeing is believing.’ Well, that’s kind of out the window now.”

In all, this stands as a good reminder to be skeptical of celebrity endorsements on social media. If public figure fronts an apparent deal for an investment, cookware, or a hypertension “cure” in your feed, think twice. And better yet, let our Scam Detector help you spot what’s real and what’s fake out there.

5 – September 2025: The First Agentic AI Attack Spotted in The Wild

And to close things out, a look at some recent news, which also serves as a look ahead.

Last September, researchers spotted something unseen before:a cyberattack almost entirely run by agentic AI.

What is Agentic AI?

Definition: Artificial intelligence systems that can independently plan, make decisions, and work toward specific goals with minimal human intervention; in this way, it executes complex tasks by adapting to new info and situations on its own.

Reported by AI researcher Anthropic, a Chinese state-sponsored group allegedly used the company’s Claude Code agent to automate most of an espionage campaign across nearly thirty organizations. Attackers allegedly bypassed guardrails that typically prevent such malicious use with jailbreaking techniques, which broke down their attacks into small, seemingly innocent tasks. That way, Claude orchestrated a large-scale attack it wouldn’t otherwise execute.

Once operational, the agent performed reconnaissance, wrote exploit code, harvested credentials, identified high-value databases, created backdoors, and generated documentation of the intrusion. By Anthropic’s estimate, they completed 80–90% of the work without any human involvement.

According to Anthropic: “At the peak of its attack, the AI made thousands of requests, often multiple per second—an attack speed that would have been, for human hackers, simply impossible to match.”

We knew this moment was coming, and now the time has arrived: what once took weeks of human effort to execute a coordinated attack now boils down to minutes as agentic AI does the work on someone’s behalf.

In 2026, we can expect to see more attacks led by agentic AI, along with AI-led scams as well, which raises an important question that Anthropic answers head-on:

If AI models can be misused for cyberattacks at this scale, why continue to develop and release them? The answer is that the very abilities that allow Claude to be used in these attacks also make it crucial for cyber defense. When sophisticated cyberattacks inevitably occur, our goal is for Claude—into which we’ve built strong safeguards—to assist cybersecurity professionals to detect, disrupt, and prepare for future versions of the attack.

That gets to the heart of security online: it’s an ever-evolving game. As new technologies arise, those who protect and those who harm one-up each other in a cycle of innovation and exploits. As we’re on the side of innovation here, you can be sure we’ll continue to roll out protections that keep you safer out there. Even as AI changes the game, our commitment remains the same.

Happy Holidays!

We’re taking a little holiday break here and we’ll be back with our weekly roundups again in 2026. Looking forward to catching up with you then and helping you stay safer in the new year.

The post This Year in Scams: A 2025 Retrospective, and a Look Ahead at 2026 appeared first on McAfee Blog.

If you’re in the market for insurance right now, keep an eye out for scammers in the mix. They’re out in full force once again this open enrollment season.

As people across the U.S. sign up for, renew, or change their health insurance plans, scammers want to cash in as people rush to get their coverage set. And scammers have several factors working in their favor.

For starters, many people find the insurance marketplace confusing, frustrating, and even intimidating, all feelings that scammers can take advantage of. Moreover, concerns about getting the right level of coverage at an affordable price also play into the hands of scammers.

Amidst all this uncertainty and time pressure, health insurance scams crop up online. Whether under the guise of helping people navigate the complex landscape or by offering seemingly low-cost quotes, scammers prey on insurance seekers by stealing their personal information, Social Security numbers, and money.

According to the FBI, health insurance scams cost families millions each year. In some cases, the costs are up front. People pay for fraudulent insurance and have their personal info stolen. And for many, the follow-on costs are far worse, where victims go in for emergency care and find that their treatment isn’t covered—leaving them with a hefty bill.

Like so many of the scams we cover here in our blogs, you can spot health insurance scams relatively quickly once you get to know their ins and outs.

What Kind Of Health Insurance Scams Are Out There Right Now?

Here’s how some of those scams can play out.

The Phishing Strategy

Some are “one and done scams” where the scammer promises a policy or service and then disappears after stealing money and personal info—much like an online shopping scam. It’s a quick and dirty hit where scammers quickly get what they want by reaching victims the usual ways, such as through texts, emails, paid search results, and social media. In the end, victims end up on a phishing site where they think they’re locking in a good deal but handing over their info to scammers instead.

The Long Con

Other scams play a long con game, milking victims for thousands and thousands of dollars over time. The following complaint lodged by one victim in Washington state provides a typical example:

A man purchased a plan to cover himself, his wife, and his two children, only to learn there was no coverage. He was sold a second policy, with the same result, and offered a refund if he purchased a third policy. When he filed a complaint, his family still had no coverage, and he was seeking a refund for more than $20,000 and reimbursement for $55,000 in treatments and prescriptions he’d paid out of pocket.

Scams like these are known as ghost broker scams where scammers pose as insurance brokers who take insurance premiums and pocket the money, leaving victims thinking they have coverage when they don’t. In some cases, scammers initially apply for a genuine policy with a legitimate carrier, only to cancel it later, while still taking premiums from the victim as their “broker.” Many victims only find out that they got scammed when they attempt to file a claim.

The “Fake” Cancellation Scam

Another type of scam comes in the form of policy cancellation scams. These work like any number of other account-based scams, where a scammer pretends to be a customer service rep at a bank, utility, or credit card company. In the insurance version of it, scammers email, text, or call with some bad news—the person’s policy is about to get cancelled. Yet not to worry, the victim can keep the policy active they hand over some personal and financial info. It’s just one more way that scammers use urgency and fear to steal to commit identity theft and fraud.

What Are The Signs Of A Health Insurance Scam?

As said, health insurance scams become relatively easy to spot once you know the tricks that scammers use. The Federal Trade Commission (FTC) offers up its list of the ones they typically use the most:

1)Someone says they’re from the government and need money or your personal info.Government agencies don’t call people out of the blue to ask them for money or personal info. No one from the government will ask you to verify your Social Security, bank account, or credit card number, and they won’t ask you to wire money or pay by gift card or cryptocurrency.

If you have a question about Health Insurance Marketplace®, contact the government directly at: HealthCare.gov or 1-800-318-2596

2) Someone tries to sell you a medical discount plan. Legitimate medical discount plans differ from health insurance. They supplement it. In that way, they don’t pay for any of your medical expenses. Rather, they’re membership programs where you pay a recurring fee for access to a network of providers who offer their services at pre-negotiated, reduced rates. The FTC strongly advises thorough research before participating in one, as some take people’s money and offer very little in return. Call your caregiver and see if they really participate in the program and in what way. And always review the details of any medical discount plan in writing before you sign up.

3) Someone wants your sensitive personal info in exchange for a price quote. The Affordable Care Act’s (ACA’s) official government site is HealthCare.gov. It lets you compare prices on health insurance plans, check your eligibility for healthcare subsidies, and begin enrollment. But HealthCare.gov will only ask for your monthly income and your age to give you a price quote. Never enter personal financial info like your Social Security number, bank account, or credit card number to get a quote for health insurance.

4) Someone wants money to help you navigate the Health Insurance Marketplace. The people who offer legitimate help with the Health Insurance Marketplace (sometimes called Navigators or Assisters) are not allowed to charge you and won’t ask you for personal or financial info. If they ask for money, it’s a scam. Go to HealthCare.govand click “Find Local Help” to learn more.

How to Avoid Health Insurance Scams

1)For health insurance, visit a trusted source like HealthCare.gov or your state marketplace. Doing so helps guarantee that you’ll get the kind of fully compliant coverage you want.

2) Make sure the insurance covers you in your state. Not every insurer is licensed to operate in your state. Double-check that the one you’re dealing with is. A good place to start is to visit the site for your state’s insurance commission. It should have resources that let you look up the insurance companies, agents, and brokers in your state.

3) For any insurance, research the company offering it. Run a search with the company name and add “scam” or “fraud” to it. See if any relevant news or complaints show up. And if the plan you’re being offered sounds too good to be true, it probably is.

4) Watch out for high-pressure sales. Don’t pay anything up front and be cautious if a company is forcing you to make quick decisions.

5) Guard your personal info. Never share your personal info, account details, or Social Security number over text or email. Make sure you’re really working with a legitimate company and that you submit any info through a secure submissions process.

6) Block bad links to phishing sites. Many insurance scams rely on phishing sites to steal personal info. A  combination of our Web Protection and Scam Detector can steer you clear of them. They’ll alert you if a link might take you to one. It’ll also block those sites if you accidentally tap or click on a bad link.

7) Monitor your identity and credit. In some health insurance scams, your personal info winds up in wrong hands, which can lead to identity fraud and theft. And the problem is that you only find out once the damage is done. Actively monitoring your identity and credit can spot a problem before it becomes an even bigger one. You can take care of both easily with our identity monitoring and credit monitoring.

Additionally, our identity theft coverage can help if the unexpected happens with up to $2 million in identity theft coverage and identity restoration support if determined you’re a victim of identity theft.​

You’ll find these protections and more in McAfee+.

The post How To Spot Health Insurance Scams This Open Enrollment Season appeared first on McAfee Blog.

Imagine a day where you didn’t have to juggle passwords.

No more sticky notes. No more notebooks with dozens of passwords scribbled in, crossed out, and scribbled in again. No more forgetting and resetting. No more typing them in all the time.

And even better, imagine secure accounts, likely even more secure than you could keep them on your own.

That’s the power of a password manager in your life.

A password manager does the work of creating strong, unique passwords for each and every one of your accounts. And considering the hundred or so accounts you have, that’s something that would take plenty of time if you did all that work on your own.

In all, a password manager can turn the pain of juggling passwords into a real comfort.

What’s a bad password?

Before we get into how a password manager can make your life easier while making your accounts more secure, let’s look at what makes up a bad password. Here are a few examples:

Obvious passwords: Password-cracking programs start by entering a list of common (and arguably lazy) passwords. These may include the simple “password” or “1234567”. Others include common keyboard paths like “qwerty.” Even longer keyboard paths like “qwertyuiop” are well known to hackers and their tools as well. 

Dictionary words: Hacking tools also look for common dictionary words strung together, which helps them crack longer passwords in chunks. The same goes for passwords that contain the name of the app or service in them. These are “no brainer” words found in passwords that make passwords even easier to crack.

Repeated passwords: You may think you have such an unbreakable password that you want to use it for all your accounts. However, this means that if hackers compromise one of your accounts, all your other accounts are vulnerable. This is a favorite tactic of hackers. They’ll target less secure accounts and services and then attempt to re-use those credentials on more secure services like online bank and credit card companies. 

Personal information passwords: Passwords that include your birthday, dog’s name, or nickname leave you open to attack. While they’re easy for you to remember, they’re also easy for a hacker to discover—such as with a quick trip to your social media profile, particularly if it is not set to private.

If any of the above sounds familiar, you’ll want to replace any of your bad passwords with strong ones.

What’s a good password?

We can point to three things that make up a strong password, which makes it difficult to hack.

Your password is:

Long: A longer password is potentially a stronger password when it comes to a “brute force” attack, where a hacker uses an automated trial-and-error system to break it. For example, an eight-character password using uppercase and lowercase letters, numbers, and symbols can get hacked in minutes. Kick it up to 16 characters and it becomes incredibly more difficult to break—provided it doesn’t rely on common words or phrases. McAfee can help you generate a strong password, for stronger security with our random password generator.

Complex: To increase the security of your password, it should have a combination of uppercase letters, lowercase letters, symbols, and numbers like mentioned above.

Unique: Every one of your accounts should have its own password.

Now, apply this to the hundred or so accounts you keep and creating strong passwords for all of them really does call for a lot of work.

Should I use a password manager?

Given its ease of use and the big security boost it gives you and all your accounts, the answer is yes.

A password manager does the work of creating strong, unique passwords for your accounts. These will take the form of a string of random numbers, letters, and characters. They won’t be memorable, but the manager does the memorizing for you. You only need to remember a single password to access the tools of your manager.

A strong password manager also stores your passwords securely. Our password manager protects your passwords by scrambling them with AES-256, one of the strongest encryption algorithms available. Only you can decrypt and access your info with the factors you choose. Additionally, our password manager uses multi-factor authentication (MFA), so you’ll be verified by at least two factors before being signed in.

Aside from the comfort of convenience a password manager can give you, it gives you another level of assurance—extra protection in an age of data breaches, because you’ll have unique passwords where one compromise won’t lead to others.

And whether or not you go with a password manager to create those strong and unique passwords, make sure you use MFA on every account that offers it. MFA offers another layer of protection by adding another factor into the login process, such as something you own like a text to your phone or notification to an authentication app. That way if a hacker has your password, they’ll still be locked out of your account because they lack that MFA code.

One more smart move: delete your old accounts

In some cases, you really don’t need some of your old accounts and the passwords that come along with them. Maybe they’re old and unused. Or maybe they were for a one-time purchase at an online store you won’t visit again. Deleting these accounts is a smart move because they’re yet more places where your personal info is stored—and subject to a data breach.

Our Online Account Cleanup can help, which you can find in all our McAfee+ plans. It scans for accounts in your name, gives you a full list, and shows you which types of accounts might be riskier than others. From there you can decide which ones you want to delete, along with the personal info linked to them. In our McAfee+ Ultimate plans, you get full-service Online Account Cleanup, which sends the data deletion requests for you.

Between this and a password manager, you’ll have one less thing to juggle—your passwords, and one less thing to worry about—if they’re secure from hackers.

The post Why “Strong Passwords” Aren’t Enough Anymore—and What to Do Instead appeared first on McAfee Blog.

Pets, poisoned AI search results, and a phone call that sounds like it’s coming straight from the federal government, this week’s scams don’t have much in common except one thing: they’re getting harder to spot.

In today’s edition of This Week in Scams, we’re breaking down the biggest security lapses and the tactics scammers used to exploit them, and what you can do to stay ahead of the latest threats.

Two data security lapses discovered at Petco in one week put pet parents at risk

If you’re a Petco customer, you’ll want to know about not one but two data security lapses in the past week.

First, as reported by TechCrunch on Monday, Petco followed Texas data privacy laws by filing a data breach with the attorney general’s office. In that filing, Petco reported that the affected data included names, Social Security numbers, and driver’s license numbers. Further info including account numbers, credit and debit card numbers, and dates of birth were also mentioned in the filing.

Also according to Techcrunch, the company filed similar notices in California and Massachusetts.

To date, Petco has not made a comment about the size of the breach and the number of people affected.

Different states have different policies for reporting data breaches. In some cases, that helps us put a figure to the size of the breach, as some states require companies to disclose the total number of people caught up in the breach. That’s not the case here, so the full scope of the attack remains in question, at least for right now.

As of Thursday, we know Petco reported that 329 Texans were affected along with seven Massachusetts residents, per the respective reports filed. California’s report does not contain the number of Californians affected, yet laws in that state require businesses to report breaches that affect 500 or more people, so at least 500 people were affected there.

Below you can see the form letter Petco sent to affected Californians in accordance with California’s data privacy laws:

 

In it, you can see that Petco discovered that “a setting within one of our software applications … inadvertently allowed certain files to become accessible online.” Further, Petco said that it “immediately took steps to correct the issue and to remove the files from further online access,” and that it “corrected” the setting and implemented unspecified “additional security measures.”

So while no foul play appears to have been behind the breach, it’s still no less risky and concerning for Petco’s customers. We’ll cover what you can do about that in a moment after we cover yet another data issue at Petco through its Vetco clinics.

Also within the same timeframe, yet more research and reporting from Techcrunch uncovered a second security lapse that exposed personal info online. From their article:

“TechCrunch identified a vulnerability in how Vetco’s website generates copies of PDF documents for its customers.

“Vetco’s customer portal, located at petpass.com, allows customers to log in and obtain veterinary records and other documents relating to their pet’s care. But TechCrunch found that the PDF generating page on Vetco’s website was public and not protected with a password.

“As such, it was possible for anyone on the internet to access sensitive customer files directly from Vetco’s servers by modifying the web address to input a customer’s unique identification number. Vetco customer numbers are sequential, which means one could access other customers’ data simply by changing a customer number by one or two digits.”

What to do if you think you had info stolen in the Petco breach

With the size and reach of the Petco breach still unknown, and the impact of the Vetco security lapse also unknown, we advise caution for all Petco customers. At minimum, monitor transactions and keep an eye on your credit report for any suspicious activity. And it’s always a good time to update a weak password.

For those who received a notification, we advise the following:

Check your credit, consider a security freeze, and get ID theft protection. You can get all three working for you with McAfee+ Advanced or McAfee+ Ultimate.

Monitor transactions across your accounts, also available in McAfee+ Advanced and Ultimate.

Keep an eye out for phishing attacks. Use our Scam Detector to spot any follow-on attacks.

Update your passwords. Strong and unique passwords are best. Our password manager can help you create and store them securely.

And use two-factor authentication on all your accounts. Enabling two-factor authentication provides an added layer of security.

 

What to do if your Social Security number was breached.

If you think your Social Security number was caught up in the breach, act quickly.

1. First, contact one of the three credit bureaus (Equifax, Experian, or TransUnion) and place a fraud alert on your credit report.
2. That will cover all three bureaus and make it harder for someone to open new accounts in your name. You can also quickly freeze your credit altogether with McAfee+ Ultimate.
3. Also notify the Social Security Administration (SSA) along with the Internal Revenue Service (IRS), and file a police report immediately if you believe your number is being misused.

The call center number that connects you to … scammers?

You might want to be careful when searching for customer service numbers while in AI mode. Or with an AI search engine. It could connect you to a scammer.

From The Times comes reports of scammers manipulating the AI in platforms like Google and Perplexity so that their search results return scam numbers instead of a proper customer service numbers for, say, British Airways.

How do they manipulate those results? By spamming the internet with false info that gets picked up and then amplified by AI.

“[S]cammers have started seeding fake call center numbers on the web so the AI is tricked into thinking it is genuine …

“Criminals have set up YouTube channels with videos claiming to help with customer support, which are packed with airline brand names and scam numbers designed to be scraped and reused by the AI.

“Bot-generated reviews on Yelp or video descriptions on YouTube are filled with fraudulent numbers as are airline and travel web forums.”

And with these tactics, scammers could poison the results for just about any organization, business, or brand. Not just airlines. Per The Times, “The scammers have also hijacked government sites, university domains, and even fitness sites to place scam numbers, which fools the AI into thinking they are genuine.”

This reveals a current limitation with many AI platforms. Largely they can’t distinguish when people deliberately feed them bad info, as seen in the case here.

Yet even as this attack is new, our advice remains the same: any time you want to ring up a customer service line, get the number directly from the company’s official website. Not from AI search and not by clicking a paid search result that shows up first (scammers can poison them too).

Is that a call from an FTC “agent?” If so, it’s a scam.

Are you under investigation for money laundering? Of course not. But this scam wants you to think so—and to pay up.

On Tuesday, the Federal Trade Commission (FTC) issued a consumer alert warning that people are reporting getting unexpected calls from someone saying they’re “FTC agent” John Krebs. Apparently “Agent Krebs” is telling people that they’re under investigation for money laundering—and that a deposit to a Bitcoin ATM can resolve the matter.

Of course, it’s a scam.

For starters, the FTC doesn’t have “agents.” And the idea of clearing one’s name in an investigation with a Bitcoin payment is a sure-fire sign of a scam. Lastly, any time someone asks for payment with Bitcoin or other payment methods that are near-impossible to recover (think wire transfers and gift cards), those are big red flags.

Apart from hanging up and holding on to your money, the FTC offers the following guidance, which holds true for any scam call:

• Never transfer or send money to anyone in response to an unexpected call or message, no matter who they say they are.
• Know that the FTC won’t ask for money. In fact, no government agency will ever tell you to deposit money at a cryptocurrency ATM, buy gift cards and share the numbers, or send money over a payment app like Zelle, Cash App, or Venmo.
• Don’t trust your caller ID. A call might look like it’s coming from the government or a business, but scammers often fake caller ID.

And we close things out a quick roundup …

As always, here’s a quick list of a few stories that caught our eye this week:

AI tools transform Christmas shopping as people turn to chatbots

National cybercrime network operating for 14 years dismantled in Indonesia

Why is AI becoming the go-to support for our children’s mental health?

We’ll see you next Friday with a special edition to close out 2025 … This Year in Scams.

The post This Week in Scams: Petco Breach Warning, and Watch Out for Fake Federal Calls appeared first on McAfee Blog.

AI-powered browsers give you much more than a window to the web. They represent an entirely new way to experience the internet, with an AI “agent” working by your side.

We’re entering an age where you can delegate all kinds of tasks to a browser, and with that comes a few things you’ll want to keep in mind when using AI browsers like ChatGPT’s Atlas, Perplexity’s Comet, and others.

What are agentic AI browsers?

So, what’s the allure of this new breed of browser? The answer is that it’s highly helpful, and plenty more.

By design, these “agentic” AI browsers actively assist you with the things you do online. They can automate tasks and interpret your intentions when you make a request. Further, they can work proactively by anticipating things you might need or by offering suggestions.

In a way, an AI browser works like a personal assistant. It can summarize the pages in several open tabs, conduct research on just about any topic you ask it to, or even track down the lowest airfare to Paris in the month of May. Want it to order ink for your printer and some batteries for your remote? It can do that too. And that’s just to name a few possibilities.

As you can see, referring to the AI in these browsers as “agentic” fits. It truly works like an agent on your behalf, a capability that promises to get more powerful over time.

Is it safe to use an AI browser?

But as with any new technology, early adopters should balance excitement with awareness, especially when it comes to privacy and security. You might have seen some recent headlines that shared word of security concerns with these browsers.

The reported exploits vary, as does the harm they can potentially inflict. That ranges from stealing personal info, gaining access to Gmail and Google Drive files, installing malware, and injecting the AI’s “memory” with malicious instructions, which can follow from session to session and device to device, wherever a user logs in.

Our own research has shown that some of these attacks are now tougher to pull off than they were initially, particularly as the AI browser companies continue to put guardrails in place. If anything, this reinforces a long-standing truth about online security, it’s a cat-and-mouse game. Tech companies put protections in place, bad actors discover an exploit, companies put further protections in place, new exploits crop up, and so on. It’s much the same in the rapidly evolving space of AI browsers. The technology might be new, but the game certainly isn’t.

While these reports don’t mean AI browsers are necessarily unsafe to use, they do underscore how fast this space is evolving…and why caution is smart as the tech matures.

How To Use an AI Browser Safely

It’s still early days for AI-powered browsers and understanding the security and privacy implications of their use. With that, we strongly recommend the following to help reduce your risk:

Don’t let an AI browser do what you wouldn’t let a stranger do. Handle things like your banking, finances, and health on your own. And the same certainly goes for all the info tied to those aspects of your life.

Pay attention to confirmations. As of today, agentic browsers still require some level of confirmation from the user to perform key actions (like processing a payment, sending an email, or updating a calendar entry). Pay close attention to them, so you can prevent your browser from doing something you don’t want it to do.

Use the “logged out” mode, if possible. As of this writing, at least one AI browser, Atlas, gives you the option to use the agent in the logged-out mode.ⁱ This limits its access to sensitive data and the risk of it taking actions on your behalf with your credentials.

If possible, disable “model learning.” By turning it off, you reduce the amount of personal info stored and processed by the AI provider for AI training purposes, which can minimize security and privacy risks.

Set privacy controls to the strictest options available. Further, understand what privacy policies the AI developer has in place. For example, some AI providers have policies that allow people to review your interactions with the AI as part of its training. These policies vary from company to company, and they tend to undergo changes. Keeping regular tabs on the privacy policy of the AI browser you use makes for a privacy-smart move.

Keep yourself informed. The capabilities, features, and privacy policies of AI-powered browsers continue to evolve rapidly. Set up news alerts about the AI browser you use and see if any issues get reported and, if so, how the AI developer has responded. Do routine searches pairing the name of the AI browser with “privacy.”

How McAfee Can Help

McAfee’s award-winning protection helps you browse safer, whether you’re testing out new AI tools or just surfing the web.

McAfee offers comprehensive privacy services, including personal info scans and removal plus a secure VPN.

Plus, protections like McAfee’s Scam Detector automatically alert you to suspicious texts, emails, and videos before harm can happen—helping you manage your online presence confidently and safeguard your digital life for the long term. Likewise, Web Protection can help you steer you clear of suspicious websites that might take advantage of AI browsers.

The post How to Stay Safe on Your New AI Browser appeared first on McAfee Blog.

It’s an increasingly common surprise: a package shows up at your door with your name and your address…but you never ordered it.  

These unsolicited deliveries may seem harmless, but they’re often tied to a scheme called a brushing scam. These scams occur year-round but tend to pick up around the holidays or peak shopping seasons, when shipping volume spikes and it’s easier for suspicious packages to blend in. 

Below is everything you need to know: how brushing scams work, what they mean for your personal information, and the exact steps to take if one shows up at your doorstep. 

 Takeaways 

• A brushing scam is when a seller sends you an item you didn’t order so they can post a fake “verified purchase” review under your name. 
• These scams usually involve low-value items like cheap jewelry, seeds, or trinkets. 
• Unexpected packages can signal that your personal data was exposed in a breach or has been purchased illegally. 
• You don’t have to return the item, but you should report it, update your passwords, and check for suspicious activity. 
• These scams increase during busy shipping periods, including holidays. 

What Is a Brushing Scam? 

A brushing scam is when sellers send you unsolicited items so they can post fake reviews using your name, boosting their product’s ranking and credibility without your consent. 

How Brushing Scams Work 

A typical brushing scam looks like this: 

1. A scammer creates or uses a seller account on a marketplace like Amazon or AliExpress. 
2. They obtain your name and address, often through a breach, data leak, or illegal database. 
3. They “order” their own product but send it to you at no cost. 
4. Once shipping confirms delivery, they post a fake verified review under your identity to boost their seller rating. 
5. The product gains more visibility, which drives more sales. 

In one sentence: Your delivery confirmation becomes their proof that a real customer received the item—even though you never ordered it. 

Why It’s Called “Brushing” 

The term comes from e-commerce, where sellers would “brush up” their sales by generating fake orders and reviews. Today, brushing scams are a global issue affecting major online marketplaces. 

Common Items Sent in Brushing Scams 

• Costume jewelry 
• Small electronics or keychain gadgets 
• Random home goods 
• Seeds (often unmarked) 
• Low-cost accessories 

If the item feels random or unusually cheap, it fits the profile. 

Are Brushing Scams Dangerous? 

Personal Data Exposure

The biggest red flag is that someone had your name and address, and possibly more. Brushing scams often follow data breaches or third-party leaks. 

Account Risk

Some platforms may temporarily flag or freeze your account if someone posts fake reviews under your name. 

Misleading Products

Fake reviews inflate trust and push low-quality items higher in search results. That misleads other shoppers and props up fraudulent sellers.

Potential Safety Hazards

Some unsolicited items—cosmetics, supplements, electronics, or seeds—may be unsafe, expired, counterfeit, or banned. 

What To Do If You Receive an Unordered Package 

1. Don’t use or consume the item, especially cosmetics, food, or electronics. 
2. Check your marketplace account (Amazon, AliExpress, etc.) to confirm there’s no unauthorized order. 
3. Report the brushing scam using the platform’s built-in reporting tools. 
4. Update your passwords for your shopping account and linked email. 
5. Enable two-factor authentication (2FA) for added security. 
6. Monitor bank/credit card activity for unusual charges. 
7. If the package came via USPS, you can mark it “Return to sender” without cost. 

How to Report a Brushing Scam on Amazon 

1. Log into your Amazon account. 
2. Go to the Report Unsolicited Package section. 
3. Add your tracking number and package details. 
4. Amazon may take up to 10 days to investigate. 

Should You Return the Package? 

Generally: No.

You are not legally required to return or pay for an unsolicited package. But reporting it helps platforms investigate fraudulent sellers. 

How To Protect Yourself From Brushing Scams

Secure Your Accounts

• Update passwords and use unique credentials.
• Turn on two-factor authentication.
• Use security software like McAfee+ to protect your privacy and personal data

Report Every Unsolicited Package

This helps platforms identify abusive sellers.

Verify Reviews Before Buying

Genuine reviews mention specific details; fake ones are vague, repetitive, or overly positive.

Stick to Well-Reviewed, Long-Standing Sellers

Avoid newly created storefronts with few verified reviews.

Quick FAQ 

Why am I receiving random packages from overseas?
It’s often part of a brushing scam where sellers need a “delivered” status to post fake reviews.

Is a brushing scam identity theft?
Not exactly, but it does mean someone had access to your personal data, which increases your overall risk.

Should I throw the item away?
You can safely discard most brushing-scam items, but avoid using them and report the incident first.

Should I worry if I get seeds or soil?
Yes—never plant or dispose of unknown seeds improperly. Report them to the USDA or your state agriculture office.

Final Thoughts

Brushing scams may seem like a harmless freebie, but they’re a sign that your personal information was exposed and could potentially be misused.

Stay cautious, secure your accounts, report any unsolicited packages, and trust only reputable sellers. With simple steps, you can protect your identity, and avoid being pulled into a scammer’s fake review scheme.

The post Brushing Scams: What They Are and How to Stay Safe From Unsolicited Packages appeared first on McAfee Blog.

For this week in scams, we have fake AI-generated shopping images that could spoil your holidays, scammers use an Apple Support ticket in a takeover attempt, and a PlayStation scam partly powered by AI.

Let’s start with those fake ads, because holiday shopping is in full swing.

Keep a sharp eye out for fake AI shopping ads that sell knockoff goods

Turns out that three-quarters of people (74%) can’t correctly identify a fake AI-generated social media ad featuring popular holiday gifts—which could leave them open to online shopping scams.

That finding, and several others, comes by way of research from Santander, a financial services company in the UK.

Here’s a quick rundown of what else they found:

• Less than one in 10 (8%) people feel “very confident” in their ability to spot an AI-generated ad on social media.
• More than half (56%) fear that they or a family member could get scammed as a result.
• About two-thirds (63%) said that they won’t purchase anything from social media platforms because they’re not sure what’s real and what’s fake.

From the study … could you tell these ads are both fake?

 

 

 

 

In all, cheap and readily available AI tools make spinning up fake ads quick and easy work. The same goes for launching websites where those “goods” can get sold. In the past, we’ve seen scammers take two different approaches when they use social media ads and websites to lure in their victims:

Phishing sites

During the holidays, scammers pump out ads that offer seemingly outstanding deals on hot items. Of course, the offer and the site where it’s “sold” is fake. Victims hand over their personal info and credit card number, never to see the items they thought they’d purchased. On top of the money a victim loses, the scammer also has their card info and can run up its tab or sell it to others on the dark web.

Knock-off sites

In this case, the scammer indeed sells and delivers something. But you don’t get what you paid for. The item looks, feels, fits, or works entirely differently than what was advertised. In this way, people wind up with a cheaply made item cobbled together with inferior materials. Worse yet, these scams potentially prop up sweatshops, child labor, and other illegal operations in the process. Nothing about these sites and the things they sell on them are genuine.

So, fake AI shopping ads are out there. What should you look out for? Here’s a quick list:

• First off, any offer that sounds too good to be true and heavy discounts on hard-to-find or popular items are major signs of a scam—and have been for years running now.
• See if the image looks a little too polished or even cartoony in some cases. As for people in AI ads, they can look airbrushed and have skin tones that seemingly give off an odd glow.
• Look up reviews of the company. Trustpilot and the Better Business Bureau offer great resources for that. Even simple a search using “CompanyName scam” can give you an idea if it’s a scam or not.
• And lastly, the combination of our Scam Detector and Web Protection can help sniff out a scam for you.

The Apple Support scam that came from … Apple? (Not really. We’ll explain.)

“I almost lost everything—my photos, my email, my entire digital life.”

So opens a recent Medium post from Eric Moret recounting how he almost handed over his Apple Account to a scammer armed with a real Apple Support ticket to make this elaborate phishing attack look legit.

Over the course of nearly 30 minutes, a scammer calmly and professionally walked Moret through a phony account takeover attempt.

It started with two-factor authentication notifications that claimed someone was trying to access his iCloud account. Three minutes later, he got a call from an Atlanta-based number. The caller said they were with Apple Support. “Your account is under attack. We’re opening a ticket to help you. Someone will contact you shortly.”

Seconds later came another call from the same number, which is where the scam fully kicked in. The person also said they were from Apple Support and that they’d opened a case on Moret’s behalf. Sure enough, when directed, Moret opened his email and saw a legitimate case number from a legitimate Apple address.

The caller then told him to reset his password, which he did. Moret received a text with a link to a site where he could, apparently, close his case.

Note that at no time did the scammers ask him for his two-factor authentication code throughout this process, which is always the sign of a scam. However, the scammers had another way to get it.

The link took him to a site called “appeal-apple dot com,” which was in fact a scam site. However, the page looked official to him, and he entered a six-digit code “confirmation code” sent by text to finish the process.

That “confirmation code” was actually a fresh two-factor authentication code. With that finally in hand, the scammers signed in. Moret received a notice that a new device had logged into his account. Moret quickly reset his password again, which kicked them out and stopped the attack.

So, what went wrong here? Let’s break down three key moments in this account takeover scam:

• The unsolicited phone calls. That’s an immediate sign to hang up and call an official support number to confirm the “issue” yourself.
• The fake website. A site with a URL like “appeal-apple dot com” is a scam site, even if it looks “official.” Scammers can create them easily today.
• The code heist. Scammers trick people into handing over their authorization code by calling it something else, like a “confirmation code.”

So, how can you protect yourself from account takeover scams? Let’s break that down too.

• Know that Apple Support won’t call you or open a case on your behalf.
• Also know that anyone can create an Apple Support ticket for anyone else, without verification. If you didn’t create it yourself, it’s a strong sign of a scam.
• If you have concerns, call Apple yourself at 1-800-275-2273 or contact them through their Apple Support App, available here on Apple’s support page.
• Only interact with Apple through sites and emails with the proper “apple dot com” address. Watch out for altered addresses like the “appeal-apple dot com” used here.
• Never, ever share your authentication code in any way … verbally, in an email, in a text, or a website. Any request for it from anyone is a scam.
• You can see the devices signed into your account any time. Go to Settings, tap your Name, and scroll to see all devices linked to your Apple ID.
• Get protection that blocks links to scam sites, like our Scam Detectorand Web Protection.

The FCC takes aim at the Wal-Mart PlayStation 5 Robocall Scam

Maybe you didn’t get a scam call from “Emma” or “Carl” at Wal-Mart, but plenty of people did. Around eight million in all. Now the Federal Communications Commission’s (FCC) Enforcement Bureau wants to put a stop to them.

“Emma” and “Carl” are in fact a couple of AI voices fronting a scam framed around the bogus purchase of a PlayStation. It’s garnered its share of complaints, so much that the FCC has stepped in. It alleges that SK Teleco, a voice service provider, provisioned at least some of these calls, and that it must immediately stop.

According to the FCC, the call plays out like this:

“A preauthorized purchase of PlayStation 5 special edition with Pulse 3D headset is being ordered from your Walmart account for an amount of 919 dollars 45 cents. To cancel your order or to connect with one of our customer support representatives, please press ‘1.’ Thank you.”

Pressing “1” connects you to a live operator who asks for personal identifiable such as Social Security numbers to cancel the “purchase.”

If you were wondering, it’s unlawful to place calls to cellphones containing artificial or prerecorded voice messages absent an emergency purpose or prior express consent. According to the FCC’s press release, SK Teleco didn’t respond to a request to investigate the calls. The FCC further alleges that it’s unlikely the company has any such consent.

Per the FCC, “If SK Teleco fails to take swift action to prevent scam calls, the FCC will require all other providers to no longer accept call traffic from SK Teleco.”

We’ll see how this plays out, yet it’s a good reminder to report scam calls. When it comes to any kind of scam, law enforcement and federal agencies act on complaints.

Get a scam call? Who’s here you can report it to:

• The Federal Trade Commission (FTC): Report fraud, especially if you lost money, at ReportFraud.ftc.gov.
• The Federal Communications Commission (FCC): Report unwanted calls, texts, and caller ID spoofing at DoNotCall.gov.
• Your State Attorney General: You can find yours through https://www.naag.org/find-my-ag/.

And we close things out a quick roundup …

Here’s a quick list of a few stories that caught our eye this week:

Scammers pose as law enforcement, threaten jail time if you don’t pay (with audio)

Deepfake of North Carolina lawmaker used in award-winning Brazilian Whirlpool video

What happens when you kick millions of teens off social media? Australia’s about to find out

We’ll see you next Friday with more updates, scam news, and ways you can stay safer out there.

The post This Week in Scams: Phony AI Ads, Apple Account Takeover Attempts, and a PlayStation Scam appeared first on McAfee Blog.

The holidays are the season of giving; unfortunately, it’s also the season when scammers try to cash in on the spirit of generosity

If you’re seeing a heartfelt charity ad on social media, a touching email, or a surprise text asking you to donate, it’s worth pausing for a moment. Is it genuine charity—or a scam built to tug at your heartstrings?

The good news: staying safe doesn’t mean stopping your generosity. With a few quick checks, you can give confidently and protect yourself.

What is charity fraud?

Charity fraud is when scammers pose as legitimate nonprofits—or misuse the name of a real charity—to trick people into donating money or giving away personal information.

In some cases, the organization is completely fake. In others, it’s a real charity that uses donations in misleading or unethical ways, passing very little money to the actual cause.

Type 1: Fully fake charities

The first type involves flat-out fraud, where the organization is a front for a scam, through and through. Any money you give goes straight into the scammer’s pocket. As does your personal and payment info, which can lead to further fraud.

Type 2: Low impact “charities”

These are real, registered charities. But They keep the majority of donations for overhead instead of helping the cause.

This second type often involves questionable practices by the organization. According to the Better Business Bureau, reputable organizations keep 35% or less of their funds for operations.

Meanwhile, some less-than-reputable organizations keep up to 95% of funds, leaving only 5% for advancing the cause they advocate. (For a closer look at some examples, the independent watchdog group Charity Watch published a blog highlighting some of the worst charities they audited in 2024.)

Common to both, they’ll indeed play on your emotions, and they’ll urge you to donate now. As it is with so many scams and shady deals on the internet, you’ll find a sense of urgency central to their message.

How to spot a charity scam

1. Look for a dot-org domain

For starters, reputable charities often have dot-org as their domain extension—versus dot-com or any one of the hundreds of permutations available today.

2. Research the organization

Charities leave a paper trail, one that can get audited. And fake ones won’t leave a trail at all. With a quick look at some reputable online resources, you can quickly find out if the charity you want to support is legit.

In the U.S., the Federal Trade Commission (FTC) has a site full of resources so that you can make your donation truly count. Resources like Charity Watch and Charity Navigator, along with the BBB’s Wise Giving Alliance can also help you identify the best charities. You can also look up a charity’s Form 990 tax return online.

3. Take your time

This goes hand-in-hand with the above. If you feel like you’re getting rushed to donate, it could be a sign of a scam. Step back and indeed do your research with a few clicks to the resources listed above.

4. Pay with a credit card

This protects you in two ways. If you fall victim to a scam, you can contest the charges with your credit card company. And if a scammer tries to use your card again for other purchases, you can contest those too. Also, in the U.S., credit cards offer you additional protection that debit cards don’t. That’s thanks to the Fair Credit Billing Act (FCBA). It limits your liability to $50 for fraudulent charges on a credit card if you report the loss to your issuer within 60 days.

5. Avoid sketchy payment methods

The following is a sure-fire red flag: requests for payment in cash, gift cards, cryptocurrency, or wire transfers. Don’t ever use these forms of payment for charities, let alone anything else online.

6. Donate directly

Better yet, donate directly. Rather than respond to calls, ads, emails or texts, donate on your terms. After you give your possible donation some time and thought, you can go directly to the website of a charitable organization that you’ve researched.

And here’s how McAfee can help you stay safer still.

Get a scam detector. You can combine your healthy skepticism and awareness with the right technology, like our Scam Detector and Web Protection.

Both will alert you if a link you received might take you to a sketchy site. It’ll also block those sites if you accidentally tap or click on a bad link.

Clean up your personal info online. Scams over email, phone, and text all require the same thing: your contact info.

In many cases, scammers get it from data broker sites. Data brokers buy, collect, and sell detailed personal info, which they compile from several public and private sources, such as local, state, and federal records, plus third parties like supermarket shopper’s cards and mobile apps that share and sell user data.

Moreover, they’ll sell it to anyone who pays for it, including people who’ll use that info for scams. You can help reduce those scam texts and calls by removing your info from those sites. Our Personal Data Cleanup scans some of the riskiest data broker sites and shows you which ones are selling your personal info.

Monitor your identity and credit. The problem with many scams is that you only find out about it once the damage is done, like when a scammer uses your phished card number to make additional purchases in your name.

Actively monitoring your identity and credit can spot a problem before it becomes an even bigger one. You can take care of both easily with our credit monitoring and identity monitoring.

Additionally, our identity theft coverage can help if the unexpected happens with up to $2 million in identity theft coverage and identity restoration support if determined you’re a victim of identity theft.​

You’ll find these protections, and plenty more, in McAfee+.

A safe way to support the fight against cybercrime

If you want to give back and help protect people from online fraud, McAfee has partnered with Fight Cyber Crime, a legitimate U.S. nonprofit dedicated to helping victims of online scams.

You might remember them from our Scam Stories partnership earlier this year, sharing real stories from real scam victims to raise awareness about threats facing us every day on and offline.

Why we recommend them

• They provide free support and recovery guidance to scam victims.
• They raise nationwide awareness about cybercrime.
• They’re a vetted, established organization doing real work in online safety.

How you can help

Visit their site to learn more or make a donation: https://fightcybercrime.org/about/donate/

Supporting validated charities like Fight Cyber Crime is one way to make a real impact this holiday season—without putting yourself at risk.

The post How to Spot Charity Scams and Donate Safely this Giving Season appeared first on McAfee Blog.

Leading off our news on scams this week, a heads-up for DoorDash users, merchants, and Dashers too. A data breach of an undisclosed size may have impacted you.

Per an email sent by the company to “affected DoorDash users where required,” a third party gained access to data that may have included a mix of the following:

• First and last name
• Physical address
• Phone number
• Email address

You might have got the email too. And even if you didn’t, anyone who’s used DoorDash should take note.

As to the potential scope of the breach, DoorDash made no comment in its email or a post on their help site. Of note, though, is that one of the help lines cited in their post mentions a French-language number—implying that the breach might affect Canadian users as well. Any reach beyond the U.S. and Canada remains unclear.

Per the company’s Q2 financial report this year, “hundreds of thousands of merchants, tens of millions of consumers, and millions of Dashers across over 30 countries every month.” Stats published elsewhere put the user base at more than 40 million people, which includes some 600,000 merchants.

The company underscored that no “sensitive” info like Social Security Numbers (and potentially Canadian Social Insurance Numbers) were involved in the breach. This marks the third notable breach by the well-known delivery service, with incidents in 2019 and 2022

What to do if you think you got caught up in the DoorDash breach

While the types of info involved here appear to be limited, any time there’s a breach, we suggest the following:

Protect your credit and identity. Checking your credit and getting identity theft protection can help keep you safer in the aftermath of a breach. Further, a security freeze can help prevent identity theft if you spot any unusual activity. You can get all three in place with our McAfee+ Advanced or Ultimate plans.

Keep an eye out for phishing attacks. With some personal info in hand, bad actors might seek out more. They might follow up a breach with rounds of phishing attacks that direct you to bogus sites designed to steal your personal info. As with any text or email you get from a company, make sure it’s legitimate before clicking or tapping on any links. Instead, go straight to the appropriate website or contact them by phone directly. Also, protections like our Scam Detector and Web Protection can alert you to scams and sketchy links before they take you somewhere you don’t want to go.

Update your passwords and use two-factor authentication. Changing your password is a strong preventive measure. Strong and unique passwords are best, which means never reusing your passwords across different sites and platforms. Using a password manager helps you stay on top of it all while also storing your passwords securely.

Attention travelers: Now boarding, a rise in flight cancellation scams

Even as the FAA lifted recent flight restrictions on Monday morning, scammers are still taking advantage of lingering uncertainty, and upcoming holiday travel, with a spate of flight cancellation scams.

How the scam works

Fake cancellation texts

The first comes via a text message saying that your flight has been cancelled and you must call or rebook quickly to avoid losing your seat—usually in 30 minutes. It’s a typical scammer trick, where they hook you with a combination of bad news and urgency. Of course, the phone number and the site don’t connect you with your airline. They connect you to a scammer, who walks away with your money and your card info to potentially rip you off again.

Fake airline sites in search results

The second uses paid search results. We’ve talked about this trick in our blogs before. Because paid search results appear ahead of organic results, scammers spin up bogus sites that mirror legitimate ones and promote them in paid search. In this way, they can look like a certain well-known airline and appear in search before the real airline’s listing. With that, people often mistakenly click the first link they see. From there, the scam plays out just as above as the scammer comes away with your money and card info.

How to avoid flight cancellation scams

Q: How can I confirm whether my flight is really canceled?
A: Check directly in your airline’s official app or website. Never click links in texts or emails.

Q: How can I spot a fake airline search result?
A: Look for “Ad”/“Sponsored,” confirm the URL, and check that the site uses HTTPS, not HTTP.

Q: Is there a tool that flags fake booking sites?
A: Scam-spotting tools like Scam Detector and Web Protection can identify sketchy links before you click.

In search, first isn’t always best.

Look closely to see if your top results are tagged with “Sponsored” or “Ad” in some way, realizing it might be in fine print. Further, look at the web address. Does it start with “https” (the “s” means secure), because many scam sites simply use an unsecured “http” site. Also, does the link look right? For example, if you’re searching for “Generic Airlines,” is the link the expected “genericairlines dot-com” or something else? Scammers often try to spoof it in some way by adding to the name or by creating a subdomain like this: “genericairlines.rebookyourflight dot-com.”

Get a scam detector to spot bogus links for you.

Even with these tips and tools, spotting bogus links with the naked eye can get tricky. Some look “close enough” to a legitimate link that you might overlook it. Yet a combination of features in our McAfee+ plans can help do that work for you.  Our Scam Detector helps you stay safer with advanced scam detection technology built to spot and stop scams across text messages, emails, and videos. Likewise, our Web Protection will alert you if a link might take you to a sketchy site. It’ll also block those sites if you accidentally tap or click on a bad link.

Scammers Hijack a Trusted Mass Texting Provider

You’ve probably seen plenty of messages sent by short code numbers. They’re the five- or six-digit codes used to send texts instead of by a phone number. For example, your cable company might use one to send a text for resetting a streaming password, the same goes for your pharmacy to let you know a prescription is ready or your state’s DoT to issue a winter travel alert, and so on.

According to NBC News, scammers sent hundreds of thousands of texts using codes used by the state of New York, a charity, and a political organizing group. The article also cites an email sent to messaging providers by the U.S. Short Code Registry, an industry nonprofit that maintains those codes in the U.S. In the email, the registry said attempted attacks on messaging providers are on the rise.

What this means for the rest of us is that just about any text from an unknown number, and now short codes, might contain malicious links and content. It’s one more reason to arm yourself with the one-two punch of our Scam Detector and Web Protection.

What are short codes?
Short codes are 5–6 digit numbers used by pharmacies, utilities, banks, and government agencies to send official alerts.

Why this attack is unusual
Scammers didn’t spoof short codes—they gained access to real ones used by:

• The State of New York
• A charity
• A political organizing group

Why this matters
Even texts from legitimate short-code numbers can no longer be trusted at face value.

What to do now

• Treat any unexpected text—even from a short code—as suspicious.
• Don’t tap links.
• Verify by going directly to the official website or app.

Quick Scam Roundup

Consumers warned over AI chatbots giving inaccurate financial advice 

• Our advice: Always verify recommendations with trusted financial sources

Why our own clicks are often cybercrime’s greatest allies

• Our advice: Many attacks rely on rushed or emotional decisions, slow down before clicking

TikTok malware scam uses fake software activation guides to steal data

• Our advice: Download software only from official sources

 

We’ll be back after the Thanksgiving weekend with more updates, scam news, and ways to stay cyber safe.

The post This Week in Scams: DoorDash Breach and Fake Flight Cancellation Texts appeared first on McAfee Blog.

Browser extensions have become essential parts of how we browse, bank, work, and shop online. From password managers to ad blockers, these tools can significantly improve your digital life when chosen wisely. Chief among these are browser plug-ins, which extend its functionality. Almost all popular browsers support these extensions, unfortunately, making them one of the most commonly used malware attack vectors.

In this guide, you will learn about the advantages and security risks of browser extensions, the role that permissions play in ensuring your privacy when using these extensions, and some best practices when using them.

Browser extensions and their malicious counterparts

Browser extensions are small software programs that enhance your web browser by adding new functionality or modifying existing ones. Think of them as helpful extra tools that can block ads, manage passwords, check prices while shopping, or customize how websites look and behave. Legitimate extensions make your browsing experience more efficient and enjoyable.

Cybercriminals, however, have taken advantage of their popularity by creating malicious versions disguised as useful tools that secretly operate with harmful intentions. Some of these malicious browser extensions access and modify web pages, monitor your browsing activity, and interact with websites on your behalf.

While legitimate extensions request only the minimum permissions necessary for their stated purpose, malicious extensions often request more permissions than they need to access your browsing data and history.

Core tactics of malicious browser extensions

Malicious browser extensions typically operate through specific methods that can significantly impact your daily online activities, from casual browsing to important financial transactions, including:

• Permission abuse occurs when an extension requests far more access than it needs to operate. For example, a weather extension that claims to show local forecasts might request permission to track the websites you visit, allowing it to monitor everything you do online and capture sensitive information such as passwords and credit card numbers without your knowledge.
• Ad injection is where malicious extensions insert unwanted advertisements into web pages you’re viewing, appearing as pop-ups, banner ads, or even replacing legitimate advertisements with malicious ones. These injected ads disrupt your browsing experience, can lead to scam websites, or attempt to trick you into downloading additional malware.
• Data theft is one of the most serious threats posed by malicious extensions. These programs can silently capture everything you type, including usernames, passwords, credit card information, and personal details, exposing your personal information to cybercriminals. When you log into your online banking or online shopping account, the malicious extension might record your login credentials and account information.
• Traffic redirection involves redirecting your legitimate web traffic to scam websites designed to steal your information or trick you into making fraudulent purchases. This is particularly dangerous when you’re trying to access your bank’s website or other financial services, but are redirected to a convincing fake site that could capture your login credentials.
• Drive-by downloads can be triggered by these ill-intentioned browser extensions when you visit specific websites, click on seemingly innocent links or files, or even during routine browsing activities. The links and files are disguised as legitimate software updates, media files, or useful applications that, in fact, could infect your device with ransomware, keyloggers, or other types of malware.
• Cryptocurrency mining extensions secretly use your computer’s processing power to mine cryptocurrency for the extension creator, running resource-intensive calculations in the background without your knowledge or consent. This unauthorized mining activity causes your device to run more slowly, drain your laptop battery faster, consume more electricity, generate excess heat, and potentially shorten your hardware’s lifespan.

The impact of malicious browser extensions

If not caught, malicious extensions can disrupt your daily life and compromise your personal security.

Malicious extensions violate your privacy when they monitor your online behavior and track the websites you view, build a profile of your habits and preferences, and even obtain your home address and other personal details. These details can be used for identity theft, social engineering attacks, or sold to data brokers, ultimately compromising your privacy and potentially affecting your real-world safety and financial security.

When it comes to online shopping, some malicious extensions could pressure you into hasty purchase decisions, intercept your checkout process, and capture your payment information. Once cybercriminals have your shopping account credentials, they can impersonate you to make unauthorized purchases.

Similar incidents could happen with your banking and financial accounts. Malicious browser extensions can steal your login credentials, account numbers, transaction details, and eventually your money. Some cybercriminals have gone as far as opening new accounts and applying for loans using your stolen information.

The most insidious aspect of malicious browser extensions is their ability to operate silently in the background while maintaining the appearance of legitimate functionality. A malicious extension might continue providing its advertised service—such as weather updates or price comparisons—while simultaneously conducting harmful activities, making them effective at avoiding detection.

On top of the higher electricity bills, degraded device performance and browsing experience, and wasted network bandwidth, malicious extensions violate your values by turning your device into an unwitting money-making tool for cybercriminals while you bear the operational costs. Furthermore, malicious extensions could potentially expose you to additional malware or scams, and involve you in fraudulent advertising schemes.

Their impact extends beyond your own device and could affect your entire household. On the shared networks and devices, malicious extensions can spread and compromise other users.

Guidelines to stay safe with browser extensions

Chrome extensions can absolutely be safe to use when you approach them with the right knowledge and precautions. The vast majority of extensions on the official Chrome Web Store undergo Google’s review process and are built by legitimate, reputable developers who aim to enhance your browsing experience and follow security best practices.

Additionally, the Chrome Web Store’s rating system and user reviews provide valuable insights into an extension’s reliability and performance. When you stick to well-established extensions with thousands of positive reviews and regular updates, you’re generally in safe territory.

However, the extension ecosystem does present a few security challenges. The primary risks come from two main areas: permission abuse and post-installation behavior changes. When you install an extension, you give it permission to access various aspects of your browsing data and your device. Some extensions may request more permissions than they actually need, creating potential privacy and security vulnerabilities. Even more concerning, some extensions start with benign functionality but later receive updates that introduce malicious features or get sold to malicious actors who update them with data-harvesting capabilities, turning a once-safe extension into a potential threat.

To help you navigate these challenges safely, here’s a practical risk assessment framework you can use before installing any Chrome extension. This systematic approach takes just a few minutes but can save you from potential headaches down the road.

Step 1: Evaluate the source’s reputation

Start by examining who created the extension. Look for extensions developed by well-known companies or developers with established track records. Check the developer’s website and other extensions they’ve created. Extensions from companies like Google, Microsoft, or other recognized tech firms generally carry lower risk profiles. For individual developers, look for those who maintain a professional online presence and have created multiple successful extensions.

Step 2: Analyze user reviews and ratings

Don’t just glance at the overall star rating. Read the actual reviews, look for patterns in user feedback, and pay special attention to recent comments that might indicate changes in the extension’s behavior. Be wary of extensions with suspiciously perfect ratings or reviews that seem artificially generated. Legitimate extensions typically have a mix of ratings with detailed, specific feedback from real users.

Step 3: Examine permission requests carefully

This is perhaps the most critical step in your assessment. When you click “Add to Chrome,” pay close attention to the permission dialog that appears. Question if the requested permissions make sense for the tool’s functionality and be particularly cautious of extensions requesting broad permissions such as “Read and change all your data on the websites you visit.”

Step 4: Check installation numbers and update history

Extensions with millions of users and regular updates are generally safer bets than those with just a few hundred installations. However, don’t let high installation numbers alone convince you. Look for extensions that receive regular updates, which indicates active maintenance and ongoing security attention from developers.

Step 5: Research recent security issues

Before installing, do a quick web search for the extension name with terms like “security,” “malware,” or “removed.” This will reveal any recent security incidents or concerns that other users have reported. Security researchers and tech blogs often publish warnings about problematic extensions, information that can be invaluable in your decision-making process.

Ongoing browser security

The security landscape changes constantly, and extensions that are safe today might develop problems in the future. This is why ongoing vigilance is just as important as your initial assessment.

• Install only as needed: Adopt a minimalist approach to installing extensions, as every browser extension you add increases your attack surface. Only install those you absolutely need.
• Regularly audit your installed extensions: Set a reminder to review your extensions every few months, removing any that you no longer use or that haven’t been updated recently. This reduces your attack surface and helps keep your browser running efficiently.
• Be wary of unrealistic benefits: When adding new browser extensions, be cautious of those that promise fantastic functions such as dramatically increasing internet speed or providing access to premium content for free. Extensions that require you to create accounts with suspicious email verification processes or that ask for payment information outside of Google’s official channels should also raise red flags.
• Be cautious of duplicate functions: Be suspicious if the extension is replicating functionality already built into Chrome, as these often exist primarily to harvest user data. Extensions with generic names, poor grammar in their descriptions, or unprofessional-looking icons and screenshots indicate lower development standards and potentially higher security risks.
• Install only from official stores: While not perfect, official browser stores offer significantly more security oversight than third-party sources or direct installation methods. Their layers of security screening include automated malware detection, manual code reviews for popular extensions, continuous monitoring for suspicious behavior, review systems, and developer verification processes.
• Enable automatic updates and smart monitoring: Browser updates often include enhanced extension security and additional protection mechanisms that help detect and prevent malicious extension behavior. In addition, implement a monitoring system to identify extensions that update unusually frequently or at suspicious times, such as during periods you’re less likely to notice behavioral changes.
• Deploy comprehensive protections: Integrate your browser extension security with broader security measures that can monitor extension behavior and detect suspicious activities such as unauthorized data access, unexpected network connections, or attempts to modify system files. These tools use behavioral analysis and machine learning to identify malicious patterns that might not be apparent through manual observation.
• Secure your shopping and banking accounts: Your financial transactions and shopping activities represent high-value targets that need specialized protections. Consider using a dedicated browser for financial activities to isolate your transactions or temporarily disable extensions not related to security or privacy. Enable multi-factor authentication to prevent unauthorized access even if a malicious extension captures your primary login credentials.
• Create a positive security routine: Establish straightforward security routines that include the measures listed above to ensure that your shopping, banking, and general browsing activities remain secure while still allowing you to benefit from the enhanced functionality that well-designed extensions provide.

Thankfully, Google continues to improve its security measures for the Chrome Web Store by implementing stricter review processes for extensions and enhancing its ability to detect and remove malicious extensions after they’ve been published. For additional protection, enable Chrome’s Enhanced Safe Browsing, under the browser’s Privacy and Security section.

Malicious browser extensions also pose similar threats across all major browser ecosystems, with attackers targeting the same vulnerabilities: excessive permissions, post-installation payload updates, and social engineering tactics.

Safari’s extension model, while more restrictive, still allows extensions to access browsing data and modify web content when you grant permissions. Microsoft Edge, built on Chromium, shares Chrome’s extension architecture and therefore inherits many of the same security challenges, though Microsoft has implemented additional screening measures for their Edge Add-ons store. Regardless of which browser you use, the fundamental protection strategies remain consistent.

Action plan if you’ve installed a malicious extension

If you suspect you’ve installed a malicious browser extension by mistake, speed matters in the race to protect your accounts. Follow this clear, step-by-step guide to remove the extension, secure your accounts, and check for any signs of compromise.

1. Immediately disconnect sensitive accounts: Sign out of all banking, shopping, and financial accounts you’ve accessed recently. Malicious extensions can capture session tokens and credentials in real-time, making immediate disconnection critical to prevent unauthorized access.
2. Remove the malicious extension completely: Open your browser settings and navigate to the Extensions or Add-ons section. Locate the suspicious extension and click “Remove” or “Uninstall.” Don’t just disable it. Check for related extensions that may have been installed simultaneously, as malicious extensions often come in bundles.
3. Clear all cookies and site data: Go to your browser’s privacy settings and clear all stored cookies, cached data, and site data to remove persistent tracking mechanisms or stored credentials the malicious extension may have accessed or modified. Pay special attention to clearing data from the past 30 days or since you first noticed suspicious activity.
4. Change all your passwords immediately: Start with your most sensitive accounts—banking, email, and work credentials—followed by all other accounts. Use strong, unique passwords that will make it difficult for the malicious extensions to attempt to access your accounts again. As mentioned earlier, enable multi-factor authentication.
5. Run a comprehensive security scan: Use reputable security software such as McAfee+ to perform full system scans on all devices where you’ve accessed sensitive accounts. Because malicious extensions can download additional malware or leave traces, it is best to schedule follow-up scans over the next few days to catch any delayed payloads.
6. Review all account activity thoroughly: Many malicious extensions operate silently for weeks before executing their primary payload. So keep monitoring your login history, transaction records, and changes in account settings across all your accounts, and look for any unauthorized transactions.
7. Set up account alerts: Set up automated account alerts for all transactions and closely monitor your bank and credit card statements for the next 60-90 days. Place fraud alerts with major credit bureaus if you suspect identity information may have been compromised.

Final thoughts

Browser extensions offer great functionality and convenience, but could introduce cybersecurity risks. With the right combination of smart browsing habits, regular security audits, and comprehensive protection tools, and staying informed, you can safely explore the web, manage your finances online, and shop without worry.

Make it a habit to question your intent to install a new extension, and download only from official browser stores. Review your installed extensions monthly—determine if each one still serves your needs. These practices, combined with keeping your browser and operating system updated, and employing trusted security software, reinforce your defense against evolving online threats. Remember to research any new browser extensions thoroughly before installation, checking developer credentials and reading recent user reviews to identify which browser extensions to avoid.

The post Learn to Identify and Avoid Malicious Browser Extensions appeared first on McAfee Blog.

Want McAfee’s latest scam alerts, cybersecurity tips, and safety updates to show up automatically in your Google News feed? You can follow McAfee directly on Google News with a single tap.

Google News now gives every official publisher a dedicated page — and McAfee has one. Once you follow us, our newest articles will appear in your Following tab and throughout your personalized news feed whenever they’re relevant to you.

Here’s how to do it in seconds.

Follow McAfee on Google News

Step 1: Go to our official Google News page

Tap or click this link:

McAfee Official Google News Source Page

This opens McAfee’s verified publisher page inside Google News.

Step 2: Tap the “Follow” button

You’ll see a star icon at the top of the page.

Tap Follow and you’re done.

That’s it — McAfee is now part of your personalized news feed.

What happens after you follow McAfee

When you tap the star:

• McAfee appears under Following → Sources in Google News
• Our stories show up more often when you search for cybersecurity topics
• You’ll see McAfee alerts, safety tips, and threat updates sooner
• Google prioritizes McAfee when we publish on topics you care about (AI scams, malware, identity theft, etc.)

No settings menus. No advanced search. Just one tap.

How to Unfollow or Manage Your Sources

If you ever want to update your feed:

1. Open Google News

2. Go to Following → Sources

3. Tap the star again to unfollow

4. Or rearrange which sources matter most to you

 

---

FAQs

Do I need the Google News app?

No. Following works in both browsers and the app.

Will this make McAfee show up first for every search?

Not automatically — but Google does prioritize publishers you follow when the content is relevant.

Can I follow McAfee on multiple devices?

Yes. It’s tied to your Google account, not your phone or laptop.

Is the follow button safe?

Absolutely. This is Google’s built-in publisher follow system.

Stay Updated, Stay Safer

Cyber threats move fast — following McAfee on Google News makes it easier to stay ahead of scams, breaches, and emerging AI risks.

The post How to Follow McAfee on Google News in One Simple Step appeared first on McAfee Blog.

Because Android uses an open source operating system, it usually gets a bad rap for being vulnerable to data loss and compromised apps as a result of malware, insecure app coding, unprotected cloud storage, outdated software, sideloading from untrusted sources, and even specific website vulnerabilities. Suffice it to say that any of these risks can be destructive and costly.

While Google addresses specific vulnerabilities, cyberthreats continue to evolve as criminals become more scheming or desperate. For these reasons, it is still best to exercise caution to protect the data on your device. In this article, we will share vital tips on how you can secure your device.

Essential tips for Android security

Determining if you’re vulnerable isn’t always easy. There are, however, some measures you can take to protect your device.

Keep your Android OS and security patches updated

Your first line of defense against Android vulnerability threats is maintaining current software. Android security patches fix security weaknesses that cybercriminals actively take advantage of to access your personal data, install malware, or take control of your device. When you delay updates, you leave known security gaps open for attackers to exploit.

To enable automatic updates, navigate to Settings > System > System update > Advanced settings, then toggle on “Automatic system updates.” For Google Pixel devices, security updates typically arrive monthly, while other manufacturers may have varying schedules.

On top of this, set your Google Play Store to auto-update apps by opening the Play Store, tapping your profile picture, going to Settings > Network preferences > Auto-update apps, and selecting “Over any network” if you have unlimited data or “Over Wi-Fi only” to preserve your data plan.

Install apps only from Google Play Store and verify developer permissions

One of the most effective Android phone security best practices is restricting app installations to the Google Play Store. Sideloading apps from unknown sources significantly increases your risk of installing malware, spyware, or apps with hidden malicious functionality.

Before installing any app, examine the permissions it requests. Apps asking for excessive permissions should raise your suspicions. Navigate to Settings > Apps > Special app access > Install unknown apps and ensure all toggles are disabled.

In addition, choose apps with consistent positive ratings and active developer responses to user concerns. Google’s Play Console policies provide guidelines for safe app development, but your vigilance remains essential.

Enable Google Play Protect and Safe Browsing in Chrome

Google Play Protect scans over 125 billion apps daily for malware and policy violations. While not perfect, this automated screening catches the majority of malicious apps before they reach your device, and even detects them after installation. In contrast, apps outside this ecosystem lack this protection layer.

Activate Play Protect by opening Google Play Store, tapping your profile picture, selecting “Play Protect,” and ensuring both “Scan apps with Play Protect” and “Improve harmful app detection” are enabled. This service runs automatic security scans and can remove or disable harmful apps even after you’ve installed them.

For comprehensive, real-time protection against phishing sites, malware downloads, and suspicious web content, enable safe browsing Android features in Chrome. Open Chrome, tap the three dots menu, go to Settings > Privacy and security > Safe Browsing, and select “Enhanced protection.” This setting checks URLs against Google’s constantly updated database of dangerous sites.

Use strong screen lock, biometric authentication, and 2FA

Modern Android devices offer multiple authentication methods, and using them strategically provides layered security for your most sensitive information. Set up a strong screen lock by going to Settings > Security > Screen lock and choosing either a complex PIN with at least 6 digits, a pattern with at least 6 points, or a password that combines letters, numbers, and symbols.

Enable biometric authentication, whether fingerprint and/or facial recognition, as an additional layer, but always maintain a strong backup PIN or password since biometrics can be circumvented.

For critical applications containing sensitive data such as banking apps, password managers, email clients, and social media, enable two-factor authentication (2FA) where possible for extra security.

Enable automatic cloud backups and device encryption

Android’s built-in backup and encryption features provide essential protection against data loss from device theft, hardware failure, malware attacks, or accidental deletion, forming a crucial part of your Android incident response strategy.

Enable automatic backups of your app data, call history, and device settings by navigating to Settings > System > Backup, then toggle on “Back up to Google Drive.” You can set the frequency to daily. For photos and videos, enable Google Photos backup with high-quality or original quality settings based on your storage plan.
Device encryption can be activated through Settings > Security > Encryption & credentials > Encrypt phone. Modern Android devices (Android 6.0+) typically have encryption enabled by default, but you will need to verify this setting. Google’s Android backup service documentation provides detailed information on what data is protected and how to manage your backup settings effectively.

Set up Google account recovery options

Your Google account serves as the master key to most Android functionality, so having an account recovery system can be invaluable to restore access to your device when local authentication methods fail. To ensure your recovery information is current, visit Security settings on your account profile, add a secondary email address that you can access independently, but avoid using another Gmail account as your backup. Include a mobile phone number for SMS verification, and consider adding multiple phone numbers if you frequently travel or change devices.

Google also provides one-time-use back-up codes that can restore account access when other methods fail. Download these codes and store them securely offline. Consider using a password manager like Google’s built-in option or a reputable third-party solution. Never store recovery codes in easily accessible digital formats like unencrypted text files or photos on the same device.

Configure Find My Device for remote management

Google’s Find My Device service provides powerful remote management capabilities that can prevent permanent data loss during Android vulnerability situations or lockout scenarios. This service allows you to locate, lock, or completely erase your device remotely.

To enable this feature, navigate to Find My Device through Settings > Security > Find My Device. Ensure that your location services remain active for this feature to function properly.

Take note that when you decide to remotely erase your data from your device, this feature completely wipes all local data but preserves the information you backed up to Google’s cloud services. Only use this option when you’re certain your back-up systems are current.

Implement comprehensive backup strategies

Android offers multiple backup solutions that transform potential data disasters into minor inconveniences. To store your photos, videos, SMS messages, and call logs, you can go to Settings > System > Backup and choose the frequency that matches your usage patterns, daily backups for heavy users, weekly for lighter usage.

For sensitive information that you would like to access even when offline, you might want to consider periodic local backups by connecting your device to a computer monthly and copying important files manually. Test your systems regularly by attempting to restore a small amount of data to ensure your backups work when needed and identify any gaps in your protection strategy.

Mobile incident response for Android

A mobile security incident can escalate from a nuisance to real damage in minutes, especially if an attacker can access your accounts, intercept messages, or install persistent apps. Speed matters when you respond, especially when prioritizing the high-impact steps that will stop the bleeding, regain control, and protect your data before you move on to cleanup and recovery. The actions below follow that order, so you can respond calmly and effectively even under stress.

1. Disconnect from untrusted networks immediately: Turn off Wi-Fi and mobile data instantly to prevent unauthorized access to your accounts or further data theft. Switch to airplane mode if you suspect active malware communication. Once disconnected, you can assess the situation and secure your device and accounts.
2. Use Find My Device to secure your device remotely: From a trusted computer or another device, go to Google’s Find My Device and lock your smartphone with a new passcode, display a message with contact information, or completely erase the device if necessary.
3. Change critical account passwords and enable MFA: From a trusted device, immediately update your passwords for critical accounts linked to your phone such as email, banking, social media, and other services containing personal or financial information. Add authentication methods where available and document which passwords were changed to avoid confusion later.
4. Review and remove suspicious apps and permissions: Check your device’s app installation history by going to Google Play Store > Menu > My apps & games > Installed and remove any you don’t recognize or trust. Next, review app permissions by going to Settings > Apps & notifications > Permission manager and revoke unnecessary permissions for location services, camera, microphone, contacts, messages, and administrative privileges.
5. Update your operating system: Ensure your device is running the latest version of its operating system by going to Settings > System > System update and enable automatic updates. Also update your installed apps by downloading new versions on your device’s app store. If your device is older and no longer receives security updates, consider upgrading to a supported model.
6. Restore from a known-good backup: Consider restoring your device to a trusted version, before the security incident occurred. A word of caution: this will remove any data created after the backup date, so weigh the security benefits against potential data loss.
7. File appropriate reports with relevant authorities: Document the incident and report it to appropriate authorities. If you suspect SIM swapping or carrier-related fraud, contact your mobile carrier immediately. Report identity theft to the Federal Trade Commission and Internet Crime Complaint Center. For incidents involving financial accounts, contact your bank, credit card company, and the major credit bureaus.
8. Monitor accounts and set up security alerts: Continue monitoring your accounts to detect any lingering effects of the security incident and prevent future compromises. Enable account activity notifications for all critical services, consider using a credit monitoring service, and review your credit reports regularly for unauthorized accounts or inquiries. Set up Google Alerts for your name and other personal information to catch potential identity theft attempts.
9. Get a mobile security solution: As Android devices become increasingly central to our lives, protecting them with a comprehensive mobile security solution has become essential. A robust mobile security app works continuously to identify and neutralize threats before they can compromise your device or steal your data.

Key capabilities of a reliable mobile security solution

When evaluating mobile security solutions for your Android device, focus on apps that offer comprehensive protection across multiple threat vectors. The most effective solutions combine several key capabilities into a single, user-friendly platform that doesn’t slow down your device or drain your battery.

• Web protection and safe browsing: Safe browsing protection has become increasingly important as cybercriminals focus on phishing attacks and malicious websites that exploit smartphone vulnerabilities. Your mobile security solution should work seamlessly with your preferred browser, whether that’s Chrome, Firefox, or another popular option.
• Wi-Fi security and network protection: Your security app should be able to monitor and check for signs of compromise and malicious hotspots, and alert you to networks attempting to intercept your data. It should also have virtual private network capabilities, encrypting your internet traffic even when connected to potentially unsafe networks to ensure that even if your connection is intercepted, your actual data remains unreadable to attackers.
• Identity monitoring and privacy protection: A trusted security solution will include robust identity monitoring features that detect signs of unauthorized use of your personal information. Comprehensive identity monitoring encompasses credit monitoring and surveillance of the dark web, social media platforms, and data broker sites.

Final thoughts

Your Android device holds your most precious digital memories, important work files, and personal information, making it a prime target for cybercriminals who continue to exploit new vulnerabilities. While threats like remote factory resets and malicious web attacks can disrupt your daily digital routine, you do have the power to protect yourself against them by keeping your OS and security patches current, enabling Google Play Protect and built-in safe browsing features, maintaining regular backups of your essential data, and considering a comprehensive mobile security solution that provides real-time protection. For additional steps to safeguard your Android mobile life, visit McAfee’s security best practices.

The post Guard Your Android Phones Against Loss of Data and Infected Apps appeared first on McAfee Blog.

Contactless payments make everyday purchases fast and easy. Yet with that convenience comes a risk: ghost tapping.

In crowded spaces or rushed moments, a scammer could trigger a small tap-to-pay charge or push through a higher amount without your clear consent. Understanding what ghost tapping is, how it happens, and what to do next helps you keep your money and identity secure.

What Is Ghost Tapping?

Ghost tapping is a form of contactless fraud where someone attempts to initiate a tap-to-pay transaction without your approval.

Tap-to-pay cards and mobile wallets on phones use a technology called “near-field communication,” or NFC. That lets them communicate with things like a point-of-sale device for payment at a very close range. It’s generally quite safe, particularly because of the “near” part. You have to get very close to make the connection.

Even so, proximity and distraction can be exploited. Attackers may try to skim limited details from RFID (Radio Frequency Identification technology) cards or NFC cards, or nudge you into approving a payment you didn’t intend. If you’ve ever wondered what ghost tapping is, think of it as an opportunistic, in-person scam that abuses the tap-to-pay moment rather than a remote hack.

How Ghost Tapping Happens

Most schemes rely on getting close and catching you off guard. A criminal might carry a portable reader, press into a pocket or bag, and attempt a low-value charge. Others set up tampered terminals, rushing you so you don’t check the amount.

Consider These Two Scenarios:

You’re at a busy farmer’s market. A scammer with a phone equipped with a point-of-sale app stumbles into you and gets close enough to your card to trigger a transaction. It’s almost like a modern-day pickpocket move, where the bump distracts the victim from the theft as it happens.

In another case, you might come across a phony vendor. Maybe someone’s selling cheap hats outside a football game or someone’s going around your neighborhood selling candy, supposedly to support a charity. In scenarios like these, you tap to pay with your phone just as you’d expect… but with one exception: the “vendor” jacks up the purchase price. They hurry you through the transaction, so quickly that you don’t review the screen before you confirm payment.

We’ve also seen reports of people getting Apple Pay scammed by impostor merchants who exploit quick taps and small screens. While mobile wallets add strong safeguards, poor visibility and social pressure can still lead to losses.

The Better Business Bureau on Ghost Tapping:

A report posted on the Scam Tracker at the Better Business Bureau (BBB) shows how the phony vendor version of this scam allegedly played out:

“An individual is going door to door in [location redacted] claiming to be selling chocolate on behalf of [redacted] to support special needs students. He says that he can only accept tap-to-pay to get people to pay with a card. He then charges large amounts to the card without the cardholder being able to see the amount. He got my mother for $537… Another victim for $1100… He changes neighborhoods frequently to avoid getting caught.”

Signs of Ghost Tapping and Common Myths

Early ghost detecting starts with vigilance. Watch for unfamiliar small charges, especially after crowded events, and alerts tied to contactless transactions. If you see odd activity tied to RFID cards or NFC cards, act quickly.

Common myths persist. Attackers can’t drain accounts from far away, clone full cards via a tap, or bypass wallet protections easily. Most successful cases hinge on proximity, distraction, and human error. Meanwhile, Apple Pay scam stories often involve rushed taps and unverified totals.

Effective ghost detecting focuses on timely alerts, careful review, and immediate response.

How to Protect Yourself from Ghost Tapping Scams

The BBB, which recently broke the story of these scams, offers several pieces of advice. We have some advice we can add as well.

From the BBB…

• Store your cards securely. An RFID-blocking wallet or sleeve can help stop wireless skimming.
• Always confirm payment details. Before tapping your card or phone, check the merchant’s name and amount on the terminal screen.
• Set up transaction alerts. Many banks allow real-time notifications for every charge.
• Keep an eye on your accounts. Daily checks help you spot fraud faster.
• Limit tap-to-pay use in high-risk areas. Consider swiping or inserting your card instead.

From us at McAfee…

Monitor your identity and your credit.

The problem with many card scams is that they can lead to further identity theft and fraud, which you only find out about once the damage is done. Actively monitoring your identity and credit goes beyond single transaction alerts from your bank and can spot an emerging problem before it becomes an even bigger one. You can take care of both easily with timely notifications from our credit monitoring and identity monitoring features, all as part of our McAfee+ plans.

When you’re out and about, consider what you’re carrying—and where you carry it.

The physical safety of your phone and cards counts as well. While ghost tapping scams are new, old-school physical pickpocketing attempts persist. When it comes to devices and things like debit cards, credit cards, and even cash, keep what you bring with you to the bare minimum when you go out. This can cut your losses if the unfortunate happens. If you have a credit card and ID holder attached to the back of your phone, you may want to remove your cards from it. That way, if your phone gets snatched, those important cards don’t get snatched as well.

When in doubt, shop with a credit card.

In the U.S., credit cards offer you additional protection that debit cards don’t. That’s thanks to the Fair Credit Billing Act (FCBA). It limits your liability to $50 for fraudulent charges on a credit card if you report the loss to your issuer within 60 days.

The post Ghost Tapping: What It Is, How It Works, and How to Stay Safe appeared first on McAfee Blog.

The practice of locking our possessions is relevant in every aspect of our modern lives. We physically lock our houses, cars, bikes, hotel rooms, computers, and even our luggage when we go to the airport. There are lockers at gyms, schools, amusement parks, and sometimes even at the workplace.

Digitally, we lock our phones with passcodes and protect them from malware with a security solution. Why, then, don’t we lock the individual apps that house some of our most personal and sensitive data?

From photos to emails to credit card numbers, our mobile apps hold invaluable data that is often left unprotected, especially given that some of the most commonly used apps on the Android platform such as Facebook, LinkedIn and Gmail don’t necessarily require a log in each time they’re launched.

Without an added layer of security, those apps are leaving room for nosy family members, jealous significant others, prankster friends, and worst of all thieves to hack into your social media or email accounts at the drop of a hat. In this article, we will discuss what an app lock is, everyday scenarios you may need it, and how to set it up on your smartphone.

Your apps hold details of your life

Your mobile phone is more than just a gadget. It’s your wallet, camera, diary, and connection to the world. You likely keep photos, messages, social media, payment apps, and even confidential work files on it. To protect these bits of personal information, we use PINs, patterns, or biometrics to lock our devices, but once the phone is open, every app is fair game.

I f someone were able to go beyond your phone’s lock screen and gain access to the information in your phone, how much of your life could they see? A friend could scroll through your photos. Your child could open your shopping app and make purchases. Or a thief could get into your banking and social media accounts in seconds.

One way to avoid this from happening is by applying an app lock, a digital padlock that adds an authentication step such as a password, pattern, or biometric before an application can be launched.

Device locks aren’t enough

In your home, a locked front door keeps strangers out. But what happens if you unwittingly leave the front door unlocked and someone walks in? Without interior locks, your bedroom, office, and safe are now accessible to anyone.

This same concept applies to your device with unprotected apps. Once unlocked, apps like Gmail, Facebook, or mobile banking don’t always require you to log in every time. It’s convenient, until it’s not.

An app lock serves as an indoor lock, protecting your sensitive data even after an unauthorized person has accessed it, and maintaining privacy boundaries.

When you or another person attempts to open an app on your device, the system first triggers an authentication screen. After verifying your PIN, fingerprint, or face, the app will open, ensuring that your personal information stays off-limits to people who do not know your authentication step. In Android, app locks work seamlessly in the background without slowing performance.

This layered defense mirrors the cybersecurity approach used on enterprise systems, but scaled down for consumers. Each layer handles different threats, so if one fails, the others still protect you:

• Your phone’s screen lock guards the device.
• Your antivirus protects against malware.
• Your app lock safeguards the personal data inside.

Everyday scenarios where app locks matter

• Family and shared devices: If you are a parent, you might lend your phone to your child for a game. Within minutes, they’ve opened your email app or shopping account. With app lock, you can hand over your device without worrying they’ll see or purchase something they shouldn’t.
• Friends and social moments: You’re showing photos to a friend, and they accidentally swipe into your text or social media messages. An app lock keeps your private conversations private, no explanations needed.
• Traveling and public use: Whether you’re going through airport security or connecting to public Wi-Fi, app locks ensure that even an unlocked device doesn’t expose your sensitive apps if your phone is stolen or misplaced.
• Work and personal boundaries: Many professionals use personal phones for work. App locks separate business and personal data, securing email, document-sharing apps, and collaboration tools from family members or friends who borrow your device.

The risks of unprotected apps

Leaving apps unprotected can do more than just embarrass you. Here are some examples of how unprotected apps could lead to lasting harm:

• Email access lets intruders reset passwords for your other accounts and eventually lock you out. This applies not only to your personal email, but also to your corporate email account if you have a work profile on your phone.
• Social media enables hackers to impersonate you, violate your privacy or that of the people around you, or post malicious content that could damage your reputation and personal relationships.
• Banking and finance apps provide direct access to your money and accounts. Aside from the financial loss, cybercriminals who gain access to your accounts could apply for loans in your name or commit financial fraud in your name.
• Photo galleries reveal personal images, family details, or screenshots containing sensitive data.

Even just one unauthorized session could cascade into identity theft or financial fraud. That’s why security experts recommend app-level protection as part of a layered, reinforced mobile defense strategy.

Your guide to setting up your app locks on Android

While many Android phones include some app-locking capabilities, dedicated mobile security apps provide more robust options and better protection. Here’s how to set up app locks effectively:

1. Choose a strong authentication method

Use a 6-digit or longer PIN, complex pattern, or biometric such as fingerprint or face unlock. Avoid using the same PIN as your main device.

2. Select which apps to protect

Choose the priority mobile apps that you want to protect. Start with your most sensitive apps, such as:

• Banking and finance
• Email and messaging
• Cloud storage
• Photo gallery
• Shopping apps with saved payment info

3. Adjust lock timers for convenience

Set timeouts based on app sensitivity:

• Banking and shopping: Lock these immediately after you finish using them. This gives prying eyes zero chances to intercept your information.
• Messaging: You can be more lenient here. Allow for a 30- to 60-second delay in case you have additional thoughts to communicate.
• Work apps: For continuity, you can permit short delays in locking work apps during business hours. But once you leave work, you can set up the app locks to immediately activate.

4. Manage notifications and privacy

Hide notification content for locked apps. This keeps private messages or bank alerts from showing up on your lock screen.

The advantage of dedicated app locks

Most Android manufacturers now offer convenient, built-in app locking features. However, they are limited, often lacking biometric integration, cloud backup, or smart settings.

Dedicated solutions go further, providing:

• Seamless biometric access
• Anti-tampering protection
• Stealth mode to hide locked apps from view
• Remote access controls if your phone is lost or stolen
• Integrated alerts for suspicious log-in attempts

With an app lock, your mischievous friends will never be able to post embarrassing status updates on your Facebook profile, and your jealous partner won’t be able to snoop through your photos or emails. For parents, you can keep your kids locked out of the apps that would allow them to access inappropriate content without having to watch their every move.

Most importantly, app locks protect you from thieves and strangers in case of a stolen or lost device.

Final thoughts

Your phone carries more than just apps. It holds the details of your daily life. From private conversations and family photos to financial information and work data, much of what matters most to you lives behind those app icons. While a device lock is an important first step, it isn’t always enough on its own.

App locks give you greater control over your privacy by protecting individual apps, even when your phone is already unlocked. They help prevent accidental access, discourage snooping, and reduce the risk of serious harm if your device is lost or stolen. Most importantly, they allow you to use and share your phone, without worrying about who might see what they shouldn’t.

By adding app-level protection to your mobile security routine, you’re taking a simple but meaningful step toward safeguarding your personal information.

The post App Locks Can Improve the Security of Your Mobile Phones appeared first on McAfee Blog.

As the holiday season ramps up, so do group dinners, shared travel costs, gift exchanges, and all the little moments where someone says, “Just Venmo me.”

With more people sending and splitting money this time of year, scammers know it’s prime time to target payment apps. Here’s how to keep your Venmo transactions safe during one of the busiest — and riskiest — payment seasons.

What kind of scams are on Venmo?

Venmo scams come in all shapes, and many of them look like variations of email phishing and text scams. The scammers behind them will pose as Venmo customer service reps who ask for your login credentials. Other scammers offer bogus cash prizes and pyramid schemes that lure in victims with the promise of quick cash. Some scammers will use the app itself to impersonate friends and family to steal money.

Venmo has a dedicated web page on the topic of scams, and lists the following as the top Venmo scams out there:

·       Fake Prize or Cash Reward ·       Call from Venmo ·       Call from Tech Support ·       Fake Payment Confirmation ·       Pre-payment for Goods and Services

·       Stranger Posing as a Friend ·       Payments from Strangers ·       Offers to Make Money Fast ·       Paper Check Scam ·       Romance Scam

 

Venmo has thorough instructions to combat these scams and breaks them down in detail on its site. They also provide preventative tips and steps to take if you unfortunately fall victim to one of these scams. Broadly speaking, though, avoiding Venmo scams breaks down into a few straightforward steps.

How to avoid getting scammed on Venmo

1) Never share private details.

Scammers often pose as customer service reps to pump info out of their victims. They’ll ask for things like bank account info, debit card or credit card numbers, or even passwords and authentication codes sent to your phone. Never share this info. Legitimate reps from legitimate companies like Venmo won’t request it.

2) Know when Venmo might ask for your Social Security number.

In the U.S., Venmo is regulated by the Treasury Department. As such, Venmo might require your SSN in certain circumstances. Venmo details the cases where they might need your SSN for reporting, here on their website. Note that this is an exception to what we say about sharing SSNs and tax ID numbers. As a payment app, Venmo might have legitimate reasons to request it. However, don’t send this info by email or text (any email or text that asks you to do that is a scam). Instead, always use the mobile app by going to Settings  –> Identity Verification.

3) Keep an eye out for scam emails and texts.

Venmo always sends communications through its official “venmo.com” domain name. If you receive an email that claims to be from Venmo but that doesn’t use “venmo.com,” it’s a scam. Never click or tap on links in emails or texts supposedly sent by Venmo.

4) Be suspicious of the messages you get. Imposters are afoot.

Another broad category of scams includes people who aren’t who they say they are. In the case of Venmo, scammers will create imposter accounts that look like they might be a friend or family member but aren’t. If you receive an unexpected and likely urgent-sounding request for payment, contact that person outside the app. See if it’s really them.

5) When sending money, keep an eye open for alerts from the app.

Just recently, Venmo added a new feature, dynamic alerts, which helps protect people when sending money via the “Friends and Family” option. It pops up an alert if the app detects a potentially fraudulent transaction and includes info that describes the level of risk involved. In the cases of highly risky payments, Venmo might decline the transaction altogether. This adds another level of protection to Friends and Family payments, which are non-refundable in cases of fraud. Further, this underscores another important point about using Venmo: only pay people you absolutely know and trust.

More ways to stay safe on Venmo

Keep your transactions private. Venmo has a social component that can display a transaction between two people and allow others to comment on it. Payment amounts are always secret. Yet you have control over who sees what by adjusting your privacy settings:

• Public – Everyone on the internet can see and comment on the transaction.
• Friends – Only your Venmo friends and the other participant’s friends can see and comment on the transaction. (Note that the friends of the other participant might be strangers to you, so “friends and friends of friends” is more accurate here.)
• Private – Here, only the participants can view and comment on the transaction.

This brings up the question, what if the participants in the transaction have different privacy settings? Venmo uses the most restrictive one. So, if you’re paying someone who has their privacy set to “Public” and you have yours set to “Private,” the transaction will indeed be private.

We suggest going private with your account. The less financial information you share, the better. You can set your transactions to private by heading into the Settings of the Venmo app, tapping on Privacy, and then selecting Private.

In short, just because something is designed to be social doesn’t mean it should become a treasure trove of personal data about your spending habits.

Add extra layers of security. Take extra precautions that make it difficult for others to access your Venmo app.

• First off, lock your phone. Whether with a PIN or other form of protection, locking your phone prevents access to everything you keep on it, which is important in the case of loss or theft. Our own research found that only 58% of adults take the vital step of locking their phones. If you fall into the 42% of people who don’t, strongly consider changing that.
• Within the Venmo app, you can also enable Face ID and a PIN (on iOS) or a PIN and biometric unlock (Android). These add a further layer of security by asking for identification each time you open the app. That way, even if someone gets access to your phone, they’ll still have to leap through that security hurdle to access your Venmo app.
• Use a strong, unique password for your account. That’s a password with at least 13 characters using a mix of cases, numbers, and symbols that you don’t use anywhere else. You can also have a password manager do that work for you across all your accounts.

Keep your online finances even more secure with the right tools

Online protection software like ours offers several additional layers of security when it comes to your safety and finances online.

For starters, it includes Web Protection and Scam Detector that can block malicious and questionable links that might lead you down the road to malware or a phishing scam, such as a phony Venmo link designed to steal your login credentials. It also includes a password manager that creates and stores strong, unique passwords for each of your accounts.

Moreover, it further protects you by locking down your identity online. Transaction Monitoring and Credit Monitoring help you spot any questionable financial activity quickly. And if identity theft unfortunately happens to you, up to $2 million in ID theft coverage & restoration can help you recover quickly.

The post Venmo 101: Making Safer Payments with the App appeared first on McAfee Blog.

It’s no longer possible to deny that your life in the physical world and your digital life are one and the same. Coming to terms with this reality will help you make better decisions in many aspects of your life.

The same identity you use at work, at home, and with friends also exists in apps, inboxes, accounts, devices, and databases, whether you actively post online or prefer to stay quiet. Every purchase, login, location ping, and message leaves a trail. And that trail shapes what people, companies, and scammers can learn about you, how they can reach you, and what they might try to take.

That’s why digital security isn’t just an IT or a “tech person” problem. It’s a daily life skill. When you understand how your digital life works, what information you’re sharing, where it’s stored, and how it can be misused, you make better decisions. This guide is designed to help you build that awareness and translate it into practical habits: protecting your data, securing your accounts, and staying in control of your privacy in a world that’s always connected.

The essence of digital security

Being digitally secure doesn’t mean hiding from the internet or using complicated tools you don’t understand. It means having intentional control over your digital life to reduce risks while still being able to live, work, and communicate online safely. A digitally secure person focuses on four interconnected areas:

Personal information

Your personal data is the foundation of your digital identity. Protecting it includes limiting how much data you share, understanding where it’s stored, and reducing how easily it can be collected, sold, or stolen. At its heart, personal information falls into two critical categories that require different levels of protection:

• Personally identifiable information (PII):This represents the core data that defines you, such as your name, contact details, financial data, health information, location history, Social Security number, driver’s license number, passport information, home address, and online behavior. Financial data such as bank account numbers, credit card details, and tax identification numbers also fall into this category. Medical information, including health insurance numbers and medical records, represents some of your most sensitive PII that requires the highest level of protection.
• Sensitive personal data:While not always directly identifying you, this type of information can be used to build a comprehensive profile of your life and activities. This includes your phone number, email address, employment details, educational background, and family information. Your online activities, browsing history, location data, and social media posts also constitute sensitive personal data that can reveal patterns about your behavior, preferences, and daily routines.

Digital accounts

Account security ensures that only you can access them. Strong, unique passwords, multi-factor authentication, and secure recovery options prevent criminals from hijacking your email, banking, cloud storage, social media, and other online accounts, often the gateway to everything else in your digital life.

Privacy

Privacy control means setting boundaries and deciding who can see what about you, and under what circumstances. This includes managing social media visibility, app permissions, browser tracking, and third-party access to your data.

Digital security is an ongoing effort as threats evolve, platforms change their policies, and new technologies introduce new risks. Staying digitally secure requires periodic check-ins, learning to recognize scams and manipulation, and adjusting your habits as the digital landscape changes.

Common exposure points in daily digital life

Your personal information faces exposure risks through multiple channels during routine digital activities, often without your explicit knowledge.

• Public Wi-Fi networks: When you connect to unsecured networks in coffee shops, airports, hotels, or retail locations, your internet traffic can be intercepted by cybercriminals using the same network. This puts your login credentials, banking information, and communications at risk, even on networks that appear secure.
• Data brokers: These companies gather data, often without your explicit knowledge, from public records, social media platforms, online purchases, and other digital activities to create your profile. They then sell this information to marketers, employers, and other interested parties.
• Social media: When you overshare details about your location, vacation plans, family members, workplace, or daily routines, you provide cybercriminals with valuable information for identity theft and social engineering attacks. Regular platform policy changes can reset your previously private information or expose you to data breaches.
• Third-party applications: Mobile apps, browser extensions, and online services frequently collect more data than necessary for their stated functionality, creating additional privacy risks for you. You could be granting these apps permission to access your personal data, contacts, location, camera, and other device functions without fully understanding how your data will be used, stored, or shared.
• Web trackers: These small pieces of code embedded in websites follow your browsing behavior, monitoring which sites you visit, how long you stay, what you click on, and even where you move your mouse cursor. Advertising networks use this information to build a profile of your interests and online habits to serve you targeted ads.

Core pillars of digital security

Implementing comprehensive personal data protection requires a systematic approach that addresses the common exposure points. These practical steps provide layers of security that work together to minimize your exposure to identity theft and fraud.

Minimize data sharing across platforms

Start by conducting a thorough audit of your online accounts and subscriptions to identify where you have unnecessarily shared more data than needed. Remove or minimize details that aren’t essential for the service to function. Moving forward, provide only the minimum required information to new accounts and avoid linking them across different platforms unless necessary.

Be particularly cautious with loyalty programs, surveys, and promotional offers that ask for extensive personal information, as they may share it with third parties. Read privacy policies carefully, focusing on sections that describe data sharing, retention periods, and your rights regarding your personal information.

If possible, consider using separate email addresses for different accounts to limit cross-platform tracking and reduce the impact if one account is compromised. Create dedicated email addresses for shopping, social media, newsletters, and important accounts like banking and healthcare.

Adjust account privacy settings

Privacy protection requires regular attention to your account settings across all platforms and services you use. Social media platforms frequently update their privacy policies and settings, often defaulting to less private configurations that allow them to collect and share your data. For this reason, it is a good idea to review your privacy settings at least quarterly. Limit who can see your posts, contact information, and friend lists. Disable location tracking, facial recognition, and advertising customization features that rely on your personal data. Turn off automatic photo tagging and prevent search engines from indexing your profile.

On Google accounts, visit your Activity Controls and disable Web & App Activity, Location History, and YouTube History to stop this data from being saved. You can even opt out of ad personalization entirely if desired by adjusting Google Ad Settings. If you are more tech savvy, Google Takeout allows you to export and review what data Google has collected about you.

For Apple ID accounts, you can navigate to System Preferences on Mac or Settings on iOS devices to disable location-based Apple ads, limit app tracking, and review which apps have access to your contacts, photos, and other personal data.

Meanwhile, Amazon accounts store extensive purchase history, voice recordings from Alexa devices, and browsing behavior. Review your privacy settings to limit data sharing with third parties, delete voice recordings, and manage your advertising preferences.

Limit app permissions

Regularly audit the permissions you’ve granted to installed applications. Many apps request far more permissions to your location, contacts, camera, and microphone even though they don’t need them. Cancel these unnecessary permissions, and be particularly cautious about granting access to sensitive data.

Use strong passwords and multi-factor authentication

Create passwords that actually protect you; they should be long and complex enough that even sophisticated attacks can’t easily break them. Combine uppercase letters, lowercase letters, numbers, and special characters to make it harder for attackers to crack.

Aside from passwords, enable multi-factor authentication (MFA) on your most critical accounts: banking and financial services, email, cloud storage, social media, work, and healthcare. Use authenticator apps such as Google Authenticator, Microsoft Authenticator, or Authy rather than SMS-based authentication when possible, as text messages can be intercepted through SIM swapping attacks. When setting up MFA, ensure you save backup codes in a secure location and register multiple devices when possible to keep you from being locked out of your accounts if your primary authentication device is lost, stolen, or damaged.

Alternatively, many services now offer passkeys which use cryptographic keys stored on your device, providing stronger security than passwords while being more convenient to use. Consider adopting passkeys for accounts that support them, particularly for your most sensitive accounts.

Enable device encryption and automatic backups

Device encryption protects your personal information if your smartphone, tablet, or laptop is lost, stolen, or accessed without authorization. Modern devices typically offer built-in encryption options that are easy to enable and don’t noticeably impact performance.

You can implement automatic backup systems such as secure cloud storage services, and ensure backup data is protected. iOS users can utilize encrypted iCloud backups, while Android users should enable Google backup with encryption. Regularly test your backup systems to ensure they’re working correctly and that you can successfully restore your data when needed.

Request data deletion and opt out from data brokers

Identify major data brokers that likely have your information and look for their privacy policy or opt-out procedures, which often involves submitting a request with your personal information and waiting for confirmation that your data has been removed.

In addition, review your subscriptions and memberships to identify services you no longer use. Request account deletion rather than simply closing accounts, as many companies retain data from closed accounts. When requesting deletion, ask specifically for all personal data to be removed from their systems, including backups and archives.

Keep records of your opt-out and deletion requests, and follow up if you don’t receive confirmation within the stated timeframe. In the United States, key data broker companies include Acxiom, LexisNexis, Experian, Equifax, TransUnion, Whitepages, Spokeo, BeenVerified, and PeopleFinder. Visit each company’s website.

Use only trusted, secure networks

Connect only to trusted, secure networks to reduce the risk of your data being intercepted by attackers lurking behind unsecured or fake Wi-Fi connections. Avoid logging into sensitive accounts on public networks in coffee shops, airports, or hotels, and use encrypted connections such as HTTPS or a virtual private network to hide your IP address and block third parties from monitoring your online activities.

Rather than using a free VPN service that often collects and sells your data to generate revenue, it is better to choose a premium, reputable VPN service that doesn’t log your browsing activities and offers servers in multiple locations.

Ongoing monitoring and maintenance habits

Cyber threats evolve constantly, privacy policies change, and new services collect different types of personal information, making personal data protection an ongoing process rather than a one-time task. Here are measures to help regularly maintain your personal data protection:

• Quarterly reviews: Set up a quarterly review process to examine your privacy settings across all platforms and services. Create a calendar reminder to check your social media privacy settings, review app permissions on your devices, and audit your online accounts for unused services that should be deleted.
• Credit monitoring: Monitor your financial accounts regularly for unauthorized activity and consider using credit monitoring services to alert you to potential identity theft.
• Breach alerts: Stay informed about data breaches in the services you use by signing up for breach notification services. If a breach occurs, this will allow you to take immediate action to change passwords, monitor affected accounts, and consider additional security measures for compromised services.
• Device updates: Enable automatic security and software updates on your devices, as these updates include important privacy and security improvements that protect you from newly discovered vulnerabilities.
• Education and awareness: Stay informed about new privacy risks, learn about emerging protective technologies, and share knowledge with family members and friends who may benefit from improved personal data protection practices.

By implementing these systematic approaches and maintaining regular attention to your privacy settings and data sharing practices, you significantly reduce your risk of identity theft and fraud while maintaining greater control over your digital presence and personal information.

Final thoughts

You don’t need to dramatically overhaul your entire digital security in one day, but you can start making meaningful improvements right now. Taking action today, even small steps, builds the foundation for stronger personal data protection and peace of mind in your digital life. Choose one critical account, update its password, enable multi-factor authentication, and you’ll already be significantly more secure than you were this morning. Your future self will thank you for taking these proactive steps to protect what matters most to you.

Every step you take toward better privacy protection strengthens your overall digital security and reduces your risk of becoming a victim of scams, identity theft, or unwanted surveillance. You’ve already taken the first step by learning about digital security risks and solutions. Now it’s time to put that knowledge into action with practical steps that fit seamlessly into your digital routine.

The post What Does It Take To Be Digitally Secure? appeared first on McAfee Blog.

Every four years, scores of American people flood churches, schools, homes, and auditoriums to cast their ballots for the future of American leadership. But amid the highs and lows of election night, there is an ongoing conversation about how the votes are being counted.

As results slowly roll in, voters struggle with long lines and faulty machinery in key battleground states, prompting debates on the efficiency of the U.S. voting process. In an age where American Idol results can be instantaneously transmitted over a mobile device, why are we still feeding paper ballots into machines that look like props from ‘90s movies?

On the one hand, countries like Canada, Norway and Australia have already experienced success with their adoption of online voting systems, and proponents say going digital will boost voter turnout and Election Day efficiency. On the other, naysayers cite hacking, malware, and other security threats as deal-breakers that could threaten the backbone of American democracy.

So what are the facts behind this debate? Below, we’ve outlined key arguments for and against online, email, and electronic voting systems, to help users at home move beyond the pre-election campaign hype.

Electronic voting: Better or worse than paper ballots?

Since there have been elections, there have been people tampering with votes. Given this, experts are justifiably concerned with any technology that could introduce new points of access to the data stored during an election. Nevertheless, a handful of states now use electronic voting machines exclusively—Delaware, Georgia, Louisiana, New Jersey and South Carolina—and even notorious battleground states Ohio and Florida have made the move toward paperless votes.

The concern is that when there is no physical ballot, it becomes next to impossible to determine if there has been tampering—especially in the case of a close election. The contested 2000 Bush-Gore race comes to mind as an example of the stark importance of reliable election machinery. In 2012, Pennsylvania voting machines were taken out of service after being captured on video changing votes from one candidate to another.

Still, most of these machines now supply a paper trail to guard against tampering, and a vast majority undergo frequent, mandatory testing. The machines are also not connected to the Internet and are segregated from any network-connected devices. In terms of physical security, the machines themselves are secured with locks and tamper-evident seals, and they’re heavily protected when transported to and from polling places.

Hacking the vote: It’s easier than you think

While electronic voting promises efficiency and convenience, the reality is that these systems face significant vulnerabilities that make them easy targets for hacking.

Attackers don’t need to hack every voting machine individually. They only need to target the broader voting ecosystem through several key attack vectors. For one, supply chain risks represent one of the most concerning threats, where malicious components or software can be introduced during manufacturing or updates. Misconfigured systems and outdated firmware create entry points that cybercriminals actively seek out, while exposed network ports can provide side-channel access to supposedly isolated voting infrastructure.

Beyond direct machine tampering, sophisticated attacks focus on ballot definition files—the digital templates that determine how votes are recorded and counted. Manipulating these files can alter election outcomes without voters realizing it. Similarly, result reporting systems that transmit vote tallies from polling locations to central counting facilities present attractive targets for those seeking to disrupt electoral processes.

Recent security research demonstrates these vulnerabilities aren’t theoretical. In 2003, cybersecurity researchers at Johns Hopkins University documented significant security gaps in widely used electronic voting systems during controlled testing environments, revealing that basic network intrusion techniques could compromise vote tallies without detection. Meanwhile, a 2022 audit conducted by election security experts in Georgia identified configuration errors in electronic polling systems that could have allowed unauthorized access to voter data and ballot information.

Perhaps more concerning is how disinformation campaigns around unofficial election results can amplify doubts about electoral integrity, regardless of actual system security. These campaigns often spread false information about electronic voting fraud or online voting hack attempts, creating confusion that undermines public trust in legitimate election outcomes.

It’s crucial to understand that the primary impact of these vulnerabilities often isn’t direct vote manipulation—it’s the erosion of voter confidence in our democratic processes. When people doubt that their votes count accurately, it weakens the foundation of democratic participation.

Privacy & security concerns in online voting

Will our presidential elections ever go the way of American Idol? Despite advances in technology, the vast majority of Americans must vote in person or via mail-in ballot. At present, only very limited electronic voting options exist, primarily for specific voter groups and circumstances, such as:

• Military and overseas voters: The Uniformed and Overseas Citizens Absentee Voting Act (UOCAVA) allows military personnel and overseas citizens to return marked ballots electronically in some states. However, this typically involves downloading a ballot, marking it, and returning it via secure email or portal—not full online voting.
• Voters with disabilities: These accommodations vary by state. Some states offer electronic ballot marking tools or accessible voting systems for voters with disabilities. These systems often allow electronic marking but require printing ballots for submission, maintaining a paper trail for verification.
• Citizens displaced by natural disasters: During an election cycle when many New Jersey residents were affected by Hurricane Sandy, officials established email as an alternative voting method. But as Election Day loomed, the system was soon blamed for a slew of issues.

Vulnerabilities in online voting systems

Understanding the vulnerabilities that plague electronic voting systems isn’t about creating fear, but about building stronger defenses. Below, we have listed some of the potential attack vectors to help you make informed decisions about digital democracy.

The email software

In email voting, unencrypted emails pose a serious security risk because they can be easily intercepted, spoofed, or altered in transit. When a ballot is sent without encryption, it travels across networks in plain text, allowing cybercriminals to access and modify its contents before it reaches election officials. Attackers also might impersonate legitimate voters by sending forged emails or inject malware into attachments that appear to be ballots.

The device

Computers used to send or receive the emails can be compromised to change or block a voter’s choices. When you cast your ballot online, malware can intercept your vote before it even leaves your device. In addition, the receiving computer will need to open attachments sent by unknown users to tally the votes, one of the most common causes of malware infections.

Credential theft

Phishing attacks specifically target voting credentials, often through fake election websites or deceptive emails. Multi-factor authentication and government-issued digital certificates provide essential barriers. In 2023, the National Institute of Standards and Technology released its Digital Identity Guidelines that recommended biometric verification combined with secure tokens for high-stakes digital transactions like voting.

Man-in-the-middle attacks

Your vote travels across networks where attackers might intercept or modify it. To thwart these attacks and ensure your ballot remains tamper-proof during transmission, end-to-end encryption with cryptographic signatures can be integrated into online voting systems. Advanced protocols such as homomorphic encryption allow vote counting without exposing individual choices.

Server-side vulnerabilities

Voting servers face constant attack attempts. Independent security audits, isolated network environments, and blockchain-based verification systems can help maintain integrity. Regular penetration testing, as recommended in the Election Assistance Commission’s 2023 Voluntary Voting System Guidelines, identifies weaknesses before they’re exploited.

Distributed denial of service

DDoS attacks can overwhelm voting portals during critical periods. Distributed server architecture, traffic filtering, and backup submission methods could ensure continuous access, while cloud-based solutions provide scalable protection against volume-based attacks.

Ballot secrecy

Online systems must balance verification with privacy. Protocols such as zero-knowledge proof could allow voters to confirm that their ballot was counted without revealing their choices. Anonymous credential systems separate voter identity from vote content.

Auditability challenges

Digital voting requires verifiable paper trails or cryptographic receipts. This can be addressed with voter-verified paper audit trails (VVPAT) and risk-limiting audits that provide the transparency necessary for public confidence.

Cyber threats to voting abound long before Election Day

In this digital age, threats to the voting process start well before election day. Cybercriminals take advantage of the campaign fever when citizens turn to technology for updates on the election process or news about running candidates.

Amid all this, your role as a voter includes staying informed about these protections and choosing secure voting methods when available or legitimate information sources. Democracy thrives when citizens understand both the possibilities and precautions of digital participation.

• Fake voter registration websites: Scammers create convincing look-alike sites that mimic official election portals to steal your personal information. These sites often appear in search results with urgent messaging about registration deadlines, but they’re designed to harvest your data for identity theft or voter suppression purposes.
• Phishing texts and emails about “polling changes”: You might receive official-looking messages claiming your polling location has changed, voting has been extended, or you need to “confirm” your registration via text or email. These communications often create false urgency to trick you into clicking malicious links or sharing sensitive information.
• Impersonation of election officials: Scammers pose as election workers, poll supervisors, or government officials via phone calls, texts, or door-to-door visits. They may claim there are problems with your registration, then request personal information to “verify” your eligibility.
• Malinformation hotlines: Fraudulent phone lines spread false information about voting procedures, dates, or requirements. These services intentionally provide incorrect details to discourage voting or cause confusion about the electoral process.
• Political donation fraud: Fake political organizations and candidates set up fraudulent donation sites that look legitimate but funnel your money and financial information directly to scammers. These sites often use names similar to real campaigns or causes to deceive donors.

Your role in protecting election integrity

Every voter plays a role in ensuring elections remain fair, secure, and transparent. By following proper voting procedures, verifying information through official sources, and reporting suspicious activity, you help strengthen trust in the system. Small actions can make a big difference in protecting the integrity of every vote.

• Plan your preferred voting method: Before Election Day arrives, take time to plan how you’ll cast your ballot—whether it’s in person at your local polling place, by mail, or through accessible voting options available in your state. If you’re an overseas military or citizen, research your state’s UOCAVA procedures. Knowing this could help you avoid last-minute issues that might force you to bypass safe voting practices.
• Confirm your voter registration status at your official state portal: This quick step ensures that your information—such as your name, address, and polling location—is accurate and up to date, and helps you avoid surprises like being listed under the wrong district or finding out you’re not registered at all.
• Verify your polling location through official channels: This ensures you’re voting at legitimate facilities with properly managed systems. When available, choose paper backup options or locations that use voter-verified paper audit trails, which provide physical evidence of your vote that can’t be altered digitally.
• Keep your personal devices secure during election periods: You can do this by updating software, using strong passwords, and being cautious about election-related apps, websites, or messages that aren’t from official government sources.
• Stay alert for potential vulnerabilities: As a voter or observer, you can: verify polling place seals are intact, confirm machines display zero totals before voting begins, observe that poll workers follow proper procedures, and report any irregularities to election officials immediately.

Key tips to verify legitimate communication during election season

Practicing good cybersecurity hygiene helps safeguard not only your information but also the integrity of democratic participation. Here are some key guidelines to stay secure online and protect your vote.

• Official election information only comes from verified .gov websites: Scammers often create legitimate-looking websites to trick voters into sharing personal data or clicking malicious links. When searching for election details, always rely on official .gov domains. These are verified and maintained by state and local election authorities, offering information that is accurate, secure, and up to date.
• Contact your state or local election office directly using official phone numbers: For voting-related questions, contact your state or local election office directly using details listed on verified .gov websites to ensure you receive accurate local information. Do not rely on social media, emails, or unofficial websites, as scammers often use these fake hotlines to collect personal data or sow disinformation.
• Deal only with verified election officials: Imposters may pose as officials through phone calls, emails, or even in person to collect your personal data or influence your vote. To confirm legitimacy, check any communication from an official .gov email address or website, verified government phone line, or your local election office.
• Verify “urgent” voting information through multiple official sources: During election season, scammers often spread “urgent” messages or “breaking news” to sow panic or confusion—such as changes in polling hours or locations—to suppress voter turnout. Always verify updates through official sources, such as your state’s .gov election website, local election office, or trusted news outlets.
• Update all your devices with the latest security patches: Before researching candidates, browsing election information, or logging into voter portals, make sure all your devices are running the latest versions. Security patches fix vulnerabilities that hackers can exploit to install malware or steal personal data.
• Use strong, unique passwords for voter-related accounts or portals. When creating strong, unique passwords for each election-related site you use, especially government or voter registration portals, use a mix of letters, numbers, and symbols, and avoid personal details like birthdays or pet names. Password managers can help you generate and store complex passwords, reducing the risk of credential theft.
• Enable two-factor authentication (2FA) wherever possible. Enabling 2FA on your email and voter-related accounts significantly strengthens your defense against unauthorized access. Even if hackers obtain your password, they won’t be able to log in without this additional confirmation.
• Report suspected election-related scams to your local officials and relevant authorities: If you encounter a suspicious website, message, or phone call related to voting—report it to your state or local election office, the Cybersecurity and Infrastructure Security Agency or the Federal Trade Commission. Authorities track malicious activity and protect other voters from falling victim to similar schemes.

These multi-layered protections work together to maintain election integrity, though gaps can emerge when procedures aren’t consistently followed or when oversight is insufficient.

Final thoughts

While online voting systems can’t be written off, ongoing cybersecurity challenges don’t bode well for the immediate future of these platforms.

While technology has transformed nearly every aspect of modern life—from shopping to banking, and working—applying that convenience to the voting booth still presents challenges. Security, transparency, and public trust remain at the core of any democratic process, and rushing toward online or paperless voting without upholding these principles could be harmful.

Progress is steadily being made, however, with advances in encryption and digital identity frameworks. With careful design, rigorous testing, and strong oversight, technology can enhance the safeguards that underpin election integrity.

For now, the most effective way to protect democracy is through awareness and participation. Stay informed about your state’s voting systems, verify election information only through official sources, and remain alert to misinformation and scams. Each responsible voter plays a part in strengthening the integrity of elections.

The post Hack the Vote: Pros and Cons of Electronic Voting appeared first on McAfee Blog.

Some years ago, a highly infectious computer worm called W32/Autorun was discovered to be infecting Windows computers. Unlike a virus, a worm such as W32/Autorun doesn’t steal anything from your computer. Instead, it spreads rapidly and opens as many security holes as possible to allow hackers to install a different form of malware that will eventually steal information, money, or both.

While this worm is less widespread today, it continues to infect older Windows operating systems that are not regularly updated. This guide will take a closer look at how the worm spreads and outline preventive measures to avoid infection.

Older Windows versions at risk

Autorun worms primarily affect older Windows systems such as Windows XP, Vista, and early versions of Windows 7, which had AutoRun enabled by default. Microsoft recognized this security vulnerability and significantly restricted AutoRun capabilities in newer Windows versions, but millions of older systems remain at risk if they haven’t been properly updated or configured.

When an autorun worm infects your system, it can compromise both your files and privacy in several ways by stealing personal documents, capturing passwords and banking information, or installing additional malware that monitors your online activities. Some variants encrypt your files for ransom, while others turn your computer into part of a botnet used for spam or cyberattacks. The infection can also spread to family members, friends, or colleagues when you share USB drives or connect to shared networks.

While this worm is less common today due to security updates in newer Windows operating systems, the concept of autorun malware is still relevant, often evolving into new forms that spread via malicious downloads, USB drives, or network shares. These forms use clever file drops and social engineering, with detection still relying on robust antivirus and user caution.

Key ways W32/Autorun bypasses your computer’s defenses

W32/Autorun is effective because it exploits everyday behaviors and outdated system features. Instead of forcing its way into your computer, it relies on built-in Windows functionality and simple tricks to get users to let it in, slip past basic defenses, and infect systems.

Easy way in via Windows AutoRun

An autorun worm spreads, as its name suggests, automatically through removable storage devices such as USB drives, external hard drives, and network shares. It takes advantage of Windows’ AutoRun and AutoPlay features to secretly execute itself when you connect the removable device to your computer that has AutoRun. A dialog box then pops up asking if you want to automatically run whatever is on the device. When you unsuspectingly click “run,” you’ve authorized the W32/Autorun worm. Once active, the worm copies itself to other connected drives and network locations, rapidly spreading to any system. While this feature was not included in Windows 8 for security reasons just like this, it still exists on many older machines that haven’t been updated in a while.

Fake folders lure victims in

Even if you don’t have Windows AutoRun enabled in your device, W32/Autorun disguises itself as interesting imposter files and folders with names like “porn” and “sexy” in infected flash drives or shared internet connections to trick you into downloading the worm. Once you click on the malicious file, it executes AutoRun and infects your computer.

The worm can also change your computer’s settings to allow it to run every time you boot up. Some variants even disable Windows updates to prevent the system from downloading security patches and ensure the worm can do its job of infecting every device your computer comes into contact with, opening the door for any virus a hacker wants to install at your expense.

Symptoms of a W32/Autorun worm infection

A W32/Autorun worm infection works quietly in the background, spreading to connected devices and weakening your system’s defenses without triggering immediate alarms. However, there are subtle signs that indicate the infection. Recognizing these early symptoms can help you take action to block the worm’s activities before it causes irreparable damage to your device and network:

• Slow performance: Your computer or internet connection may slow down due to the high processing usage that the worm requires as it actively searches for drives to infect.
• Presence of unfamiliar files/folders: The worm creates copies of itself and configuration files on infected drives, sometimes disguised with random names or enticing names such as “porn” or “sexy”.
• System instability: Your computer may begin freezing, crashing, or restarting unexpectedly as the worm runs multiple background processes while consuming system resources and interfering with normal operating functions.
• Modified settings: You might notice unexpected changes to your desktop, folder views, or system preferences without your input. These modifications are often made to hide malicious files or make it easier for the worm to run automatically.
• Loss of access to some features: Tools like Task Manager, Registry Editor, or Folder Options may suddenly become inaccessible. The worm disables these features to prevent you from stopping its processes or removing it manually.
• Disabled antivirus software or Windows updates: Your security software may stop working properly, or Windows updates may be turned off without explanation. This enables the worm to block security patches and scans that could remove it.
• Unusual network activity: You may notice unexplained internet traffic even when you’re not actively using your device. The worm could be contacting remote servers to report successful infections or download additional malicious components.
• Diminished storage space: Available disk space may shrink rapidly with no clear reason. This happens because the worm repeatedly copies itself across your system and connected drives.

Consequences of the W32/Autorun worm

The impact of the W32/Autorun worm can vary depending on the specific variant, ranging from minor annoyances to severe system compromise:

• System damage and further infection: The W32/Autorun worm acts as an entry point for attackers to silently install more dangerous malware, including data-stealing Trojans or destructive viruses.
• Data loss and corruption: Some variants can delete important files or corrupt stored data, making documents, photos, or applications unusable or permanently unreadable, even after the worm is removed.
• Disruption of operations: Because the worm consumes large amounts of processing power and memory in the background, it can slow down your device’s performance and stall programs to make daily computing tasks difficult.
• Unauthorized access and information theft: Certain W32/Autorun variants are capable of monitoring your online activity, including logging keystrokes, capturing login credentials, and stealing financial details or personal data.
• Aesthetic changes: Less destructive versions of the worm may focus on annoying changes such as altered desktop backgrounds, browser settings, or system appearance.

How to Prevent a W32/Autorun Infection

Preventing a W32/Autorun infection is largely about closing the simple security gaps the worm relies on to spread. By taking these steps, you can significantly reduce the chances of this worm gaining access to your computer.

1. Disable AutoRun

If your computer is still prompting you to automatically run applications each time you insert a CD, connect to a new network, or plug in a flash drive, update your computer as soon as possible. Visit the Microsoft website to learn how to disable AutoRun for your specific version of Windows.

2. Beware of shared removable devices

Remember that this worm is highly infectious. If you share a flash drive with a friend whose computer is infected, that flash drive will carry the worm to your computer. If you do need to share a device, make sure AutoRun is disabled before you plug it in, and check that your security protection has the capability to scan new drives to prevent you from clicking on infected files.

3. Use reliable antivirus

While the first two tips focus on prevention, a reliable security solution will not only prevent a W32/Autorun infection, but also remove it from your computer. Solutions like McAfee+ will catch the W32/Autorun worm bug and other similar malware, protecting you from accidentally spreading it to friends and family.

Final thoughts

Autorun worms represent a persistent threat that combines old vulnerabilities with modern attack techniques. Newer security measures may have reduced their impact, but these worms continue to target systems with outdated configurations through the continued use of removable media. This is why keeping systems updated and being cautious with external devices are important habits to apply.

In addition, you can protect yourself with proper security practices: disable AutoRun on older systems, keep your antivirus software updated, scan external devices before accessing their contents, and avoid connecting unknown USB drives to your computer.

The post Crush that Worm before It Creeps into Your Computer appeared first on McAfee Blog.

Hackers are not created equal, nor do they have the same purpose. Some hackers are paid to scrutinize security systems, find loopholes, fix weaknesses, and ultimately protect organizations and people. Others exploit those same gaps for profit, power, or disruption. What separates hackers isn’t just skill level or tactics; it’s intent. 

The purpose behind an attack changes everything about how hackers shape their tactics and how the hacking process unfolds: who is targeted, which methods and tools are used, how patient the attacker is, and the kind of damage they want to cause.

The primary motivations behind these cyberattacks fall into several categories, from financial gain to recognition, and sometimes even coercion. Each driver creates different risk scenarios for your digital life, from your home banking sessions to your workplace communications. Understanding a hacker’s motivations will enable you to better protect yourself and recognize potential threats in both your personal and professional life. 

In this article, we’ll look at the main types of hackers you might encounter, the core motivations and mindset that drive these cyberattacks, and finally, how you can protect yourself against these attacks.

Good and bad hackers

From its beginnings as an intellectual exploration in universities, hacking was driven by curiosity, learning, and the thrill of solving complex problems. Today, it has become industrialized with organized criminal groups and state-sponsored actors entering the scene. 

Modern hacking has seen the emergence of advanced persistent threats and nation-state campaigns targeting critical infrastructure and combining traditional techniques with artificial intelligence. To better understand the types of hackers, here is a window into what they do and why:

White hat hackers

These are the good guys, typically computer security experts who specialize in penetration testing and other methodologies to ensure that a company’s information systems are secure. These IT security professionals rely on a constantly evolving arsenal of technology to battle hackers.

Black hat hackers

These are the bad guys, who are typically referred to as just plain hackers. The term is often used specifically for hackers who break into networks or computers, or create computer viruses. Unfortunately, black hat hackers continue to technologically outpace white hats, often finding the path of least resistance, whether due to human error or laziness, or with a new type of attack. Hacking purists often use the term “crackers” to refer to black hat hackers, whose motivation is generally to get paid.

Script kiddies

This is a derogatory term for black hat hackers who use borrowed programs to attack networks and deface websites in an attempt to make names for themselves. Script kiddies, sometimes called script kitties, might be beginners, but don’t be fooled by their newbie status. With the right tools and right targets, they can wreak as much havoc as a seasoned hacker.

Hacktivists

Some hacker activists are motivated by politics or religion, while others aim to expose wrongdoing or exact revenge. Activists typically target government agencies, public services, and organizations involved in controversial issues related to defense, elections, wars, finance, or social movements. They also attack high-profile individuals, such as executives, public figures, journalists, and activists.

State-sponsored hackers

State-sponsored hackers have limitless time and funding to target civilians, corporations, other governments, or even prominent citizens connected to a larger objective. Their motivations are driven by their government’s strategic goals: gathering intelligence, stealing sensitive research or intellectual property, influencing public perception, or disrupting critical infrastructure. Because they are playing a long game, state-sponsored hackers are stealthy and persistent, quietly embedding themselves in systems, mapping networks, and waiting for the right moment to act.

Spy hackers

Corporations hire hackers to infiltrate their competitors and steal trade secrets, including product designs, source code, pricing plans, customer lists, legal documents, and merger or acquisition strategies. They may hack from the outside or gain employment in order to act as a mole, impersonating recruiters, partners, or vendors to get insiders to share access. They also take advantage of weak internal controls, such as excessive permissions, unsecured file-sharing links, or poor offboarding practices. Spy hackers may use similar tactics as hacktivists or state-sponsored espionage on a smaller scale: stealthy entry, careful privilege escalation, and long-term persistence to avoid triggering alarms. The stolen data is often not leaked publicly but delivered directly to the client and used behind the scenes.

Cyber terrorists

These hackers, generally motivated by religious or political beliefs, attempt to create terror, chaos, and real-world harm by disrupting critical infrastructures such as power grids, water systems, transportation networks, hospitals, emergency services, and government operations. They combine cyber operations with propaganda campaigns and physical attacks on the systems people rely on to live safely to create turmoil far beyond the screen. 

Understand hackers’ motivations

Cybercriminals aren’t just faceless entities; they’re driven by specific goals that shape their tactics and targets. Understanding their motivations empowers you to recognize potential threats and better protect yourself, your family, and colleagues.

Financial gain

Money remains the most common motivator. These profit-driven attacks directly impact your personal finances through methods such as ransomware, credit card fraud, and identity theft. In your home, financially motivated hackers target your banking apps, shopping accounts, and personal devices to steal payment information or hold your data hostage. In the workplace, they focus on payroll systems, customer databases, and business banking credentials.

Ideological motivations

Ideologically driven hackers, called hacktivists, pursue political or social causes through cyber means. These attacks can disrupt services that you rely on daily, from public utilities to private organizations that provide essential services or take public stances on divisive issues. Your best defense involves staying informed about potential disruptions and maintaining backup communication methods for essential services.

Curiosity and learning

Many hackers begin their journey with genuine curiosity about how systems work. They might probe your home network, test website security, or experiment with app vulnerabilities, not necessarily for malicious purposes, but their activities can still expose your data or disrupt services. In professional environments, these individuals might target systems or databases simply to see if they can gain access.

Recognition and reputation building

Some hackers seek fame, respect within hacker communities, or professional advancement rather than immediate financial benefit. They often target high-profile individuals, popular websites, or well-known companies to maximize the visibility for their exploits. If you have a significant social media following, your accounts could become targets for these attacks. They might also focus on defacing company or government websites, or leaking non-sensitive but embarrassing information.

State and corporate intelligence

Nation-state and corporate espionage are some of the most sophisticated threats in cyberspace, making it a top national security concern for both government and private sector. These operations compromise daily services and infrastructure such as internet service providers, email platforms, or cloud storage services to gather intelligence such as intellectual property, customer lists, or strategic planning documents. 

Coercion and extortion

Some hackers use cyber capabilities to intimidate or coerce victims into specific actions. In the FBI’s Internet Crime Complaint Center report for 2024, extortion was the 2nd top cybercrime by number of complaints, demonstrating the growing prevalence of coercion-based attacks. Coercion might involve compromising personal photos, social media accounts, or private communications to demand payment or behavioral changes. Workplace coercion could target executives with embarrassing information or threaten to leak sensitive business data unless demands are met. 

The intersection of motivations

Many real-world attacks combine multiple motivations—a financially driven criminal might also seek recognition within hacker communities, or an ideological hacker might generate revenue through ransomware. The contrast between ethical hacker motivations and malicious ones often lies in the permission, legality, and intent. Understanding why people become hackers helps you recognize that not all hacking activity is inherently malicious, although all unauthorized access ultimately poses risks to your security and privacy.

The psychology behind cyberattacks

Understanding the psychology behind cyberattacks gives you a powerful advantage in protecting yourself. When you know what drives hackers, you can better spot their tactics and stay one step ahead.

High reward, low risk

Many hackers operate with the goal of achieving high reward for perceived low risk. This risk-reward imbalance motivates attackers because they can potentially access valuable personal or financial information while remaining physically distant from their victims. This means hackers often target easy opportunities, such as when you click on suspicious links or download questionable attachments, to gain access with minimal effort. For instance, a hacker would rather send 10,000 phishing emails hoping for a few bites than attempt one complex, risky attack.

Exploiting normal human responses 

Hackers exploit well-known psychological shortcuts your brain takes. They understand that you’re more likely to trust familiar-looking emails, act quickly under pressure, or follow authority figures without question. These aren’t weaknesses, these are normal human responses that attackers deliberately manipulate. For example, urgent messages claiming your account will be closed create an artificial time pressure, making you more likely to click without thinking.

The power of group dynamics

Many successful cyberattacks leverage the human tendency to follow what others are doing. Hackers create fake social media profiles, forge customer reviews, or impersonate colleagues to make their requests seem legitimate and widely accepted. In ransomware attacks targeting businesses, criminals often research company hierarchies and communication styles to make their demands appear to come from trusted sources within the organization. 

The gamification of cybercrime

Modern hacking has elements that make it feel like a game to perpetrators. Some online forums award points for successful attacks, creating competition and recognition among criminals. This helps explain why some hackers target individuals rather than large corporations, as every successful phishing attempt becomes a score, and why attacks continue to evolve. 

Common hacking methods

Hackers don’t all use the same tricks, but most successful attacks rely on a familiar toolkit of methods that exploit common technical gaps and human habits. Recognizing these common techniques will help you avoid danger earlier on.

• Phishing and smishing. These attacks trick you into revealing sensitive information through fraudulent emails or text messages, respectively known as phishing and smishing. Modern attackers increasingly use AI-generated content and sophisticated social engineering techniques that make these messages appear more legitimate than ever before. 
• Credential stuffing. Cybercriminals use automated tools to test stolen username and password combinations across multiple websites, exploiting the fact that many people reuse passwords. This attack method has become more efficient with attackers leveraging large-scale data breaches and improved automation tools.
• Multi-factor authentication (MFA) fatigue. Attackers repeatedly send multi-factor authentication requests until overwhelmed, frustrated, and confused users approve one. This technique has gained prominence as more organizations adopt MFA, with attackers finding ways to exploit user behavior around security notifications. 
• Malvertising. Malicious advertisements on legitimate websites can install malware or redirect you to harmful sites without requiring any clicks. Recent trends show attackers using sophisticated techniques to bypass ad network security filters. 
• Remote desktop attacks. Hackers exploit weak or default passwords on remote desktop services to gain unauthorized access to systems, particularly targeting businesses with remote work setups. The rise of hybrid work environments since 2023 has made this attack vector increasingly attractive to cybercriminals. Disable remote desktop services when not needed and use VPNs with strong authentication for legitimate remote access.
• USB baiting. Attackers leave infected USB devices in public places, hoping curious individuals will plug them into their computers, automatically installing malware. Modern USB attacks can execute within seconds of being connected, making them particularly dangerous in today’s fast-paced work environment.

• Unsecured Wi-Fi networks. Unsecured public Wi-Fi and home networks create opportunities for hackers to gain access to your devices or intercept your sensitive information, such as passwords, emails, and banking details. Sometimes, cybercriminals create fake Wi-Fi hotspots with legitimate-sounding names to trick users into connecting.
• Unsafe downloads. Hackers disguise malicious software as legitimate programs, games, documents, or updates to trick users into installing them. These malicious downloads may come from infected email attachments, fake or pirated software, or even compromised websites. Once installed, the malware can steal your information, lock your files for ransom, or give hackers access to your computer.

• Tech support scams. Tech support scams rely on social engineering rather than technical exploits, where scammers typically contact you by phone and insist your computer has been infected or compromised. They create urgency and fear to convince you to install remote access software that gives them complete control of your computer. Once they have access, they can steal personal information, install malware, or hold your files hostage.

• Outdated software. Running outdated software creates security vulnerabilities that hackers actively leverage. When software developers discover security vulnerabilities, they release patches to fix these problems. If you don’t install these updates promptly, your system remains vulnerable to attacks. Hackers maintain databases of unpatched systems and use automated tools to find and exploit them.

Defensive tips to protect yourself from hack attacks

Your strongest defense against hacking combines technical safeguards, security awareness, and some consistent habits that shut down the most common paths attackers use. Here’s how to put those defenses in place and make your digital life a much harder target.

• Install comprehensive security software. The Cybersecurity and Infrastructure Security Agency recommends a layered security approach to prevent multiple types of threats simultaneously. Choose a reputable security suite that offers real-time protection, anti-malware scanning, and web browsing safety features. 
• Enable MFA everywhere. Add an extra security layer to all your important accounts: email, banking, social media, and work platforms. Only approve MFA requests that you initiated yourself, and report any unexpected authentication prompts to your IT team or service provider immediately.
• Use a password manager. Create complex, unique passwords using a trusted password manager for every account you own. The National Institute of Standards and Technology recommends passwords that are at least 12 characters long and completely unique across all your accounts to prevent credential stuffing attacks.
• Keep all software updated. Enable automatic updates for your operating system, apps, and security software, as many successful cyberattacks exploit known weaknesses that could have been prevented with timely updates.
• Secure your internet connections. Avoid using public Wi-Fi for sensitive activities, and use a reputable VPN when you must connect to untrusted networks. Unsecured public networks make it easy for attackers to intercept your data and credentials.
• Implement the 3-2-1 backup strategy. Regular, tested backups are your best defense against ransomware and data loss incidents. Keep three copies of important data—on your device, on an external drive, and in secure cloud storage. 
• Develop scam-spotting skills. Scammers continuously adapt their tactics to current events, so staying informed about the latest schemes and learning to recognize phishing emails, suspicious links, and social engineering tactics will help you stay one step ahead.
• Practice good digital hygiene. Regularly review your account permissions, remove unused apps, and monitor your financial statements for unauthorized activity to lessen your exposure to identity theft and privacy breaches.

• Monitor your accounts regularly. Check bank statements, credit reports, and account activity monthly. Set up account alerts for unusual activity when available.
• Limit personal information sharing. Only provide the necessary information to companies or service providers to reduce your digital footprint. In addition, review privacy settings and avoid oversharing on social media as scammers and hackers regularly prowl these platforms. 

Final thoughts

Now that you understand hackers’ motivations and psychological drivers, you can flip the script and turn it to your advantage. Instead of being the target, become the informed defender who recognizes manipulation tactics and responds thoughtfully rather than reactively. This knowledge empowers you to spot potential threats earlier, choose stronger protective measures, and navigate the digital world with greater confidence.

When someone pressures you to act immediately, that’s your cue to slow down and verify the request. Question familiar-looking messages, even if they look official. Check the sender’s address and contact the company through official channels. Trust your instincts and investigate before acting. Stay curious and keep learning from reputable cybersecurity resources that publish current research and threat intelligence. Share these tips with your family members and friends, especially those who might be less technologically savvy. 

McAfee+ includes proactive identity surveillance to monitor subscribers’ credit and personal information, as well as access to live fraud resolution agents who can help subscribers work through the process of resolving identity theft issues.

The post 7 Types of Hacker Motivations appeared first on McAfee Blog.