Scam messages are getting smarter and faster. 

According to McAfee’s 2026 State of the Scamiverse report, Americans now spend 114 hours a year trying to figure out what’s real and what’s fake online. That’s nearly three full workweeks lost to second-guessing messages, alerts, and links. 

And when scams do succeed, they move quickly. The typical scam unfolds in about 38 minutes, leaving little room for hesitation. 

That creates a gap: People want to check before they act, but the tools haven’t always met them in that moment. 

ChatGPT + McAfee is designed to close that gap, bringing scam detection directly to a platform people are already using to ask questions and make decisions. 

And it’s available to anyone. You don’t have to be a McAfee subscriber. 

This isn’t just detection. It’s guidance in the exact moment you’re deciding what to do.  

Instead of guessing, you can paste a message or drop in a screenshot and get a clear explanation of what’s risky, and what to do next, powered by McAfee’s threat intelligence. 

What You Can Do with ChatGPT + McAfee 

With this integration, checking something suspicious becomes as simple as asking a question. 

Paste a message. Drop in a link. Upload a screenshot. 

McAfee analyzes it and explains what’s going on clearly and in context. 

Here’s how it works: 

Feature	What it does	How it protects you
Link safety check	Paste a suspicious URL and get a reputational analysis based on McAfee threat intelligence	Scam links are often designed to look legitimate. A quick check helps avoid phishing and malware
Message analysis	Submit texts, emails, or social messages for evaluation	Many scams now rely on urgency and tone. Analysis helps surface subtle red flags
Screenshot uploads	Upload screenshots of messages, emails, or posts for review	Scams don’t always come as clean text. This makes it easier to check what you’re actually seeing
Clear explanations	Get a breakdown of why something is flagged as risky or safe	Not just a warning—an explanation that helps you recognize patterns next time
Guided next steps	Receive recommendations on what to do next	Helps prevent escalation, especially in moments of uncertainty

It’s a quick, accessible way to get answers in the moment. But it’s just one part of a broader system designed to protect you more comprehensively. 

Add the app to your ChatGPT account here. 

Built on McAfee’s Threat Intelligence 

Behind the scenes, ChatGPT + McAfee is powered by the same intelligence that fuels McAfee’s broader scam protection ecosystem. 

When you submit something for review: 

• Links are checked against known threat signals  
• Messages are analyzed for scam patterns and language cues  
• Results are translated into clear, human-readable explanations  

The goal isn’t just to flag risk. It’s to help you understand it. 

A New Way to Stay Ahead of Scams 

Scams aren’t slowing down. If anything, they’re becoming more convincing, more personalized, and harder to detect. 

That’s where ChatGPT + McAfee comes in. But this is only one part of a much bigger system designed to protect you before, during, and after a scam attempt. 

With McAfee+ Advanced, multiple layers work together so you’re not left figuring it out after the damage is done: 

• Identity Monitoring alerts you if your personal info shows up where it should not, so you can act fast  
• Personal Data Cleanup helps remove your information from sites selling it. 
• Scam Detector flags suspicious texts, emails, links, QR codes, and even deepfake videos before you engage  
• Safe Browsing helps block risky sites, even if you do accidentally click  
• Device Security helps detect malicious apps or downloads  
• Secure VPN keeps your data private, especially on public Wi-Fi    

The ChatGPT experience gives you a fast, intuitive way to check something in the moment. 

McAfee+ Advanced makes sure you’re protected across everything else.

The post Now Available: Use ChatGPT with McAfee to Spot Scams Faster appeared first on McAfee Blog.

Companies like Lovable, Base44, Replit, and Netlify use AI to let anyone build a web app in seconds—and in thousands of cases, spill highly sensitive data onto the public internet.

To stop children from bypassing its age checks, Meta is revamping its age-verification tools with an AI system that analyzes images and videos for “visual cues,” such as height and bone structure.

It's not just you. Scammers, hackers, and other cybercriminals are complaining about “AI shit” flooding platforms where they discuss cyberattacks and other illegal activity.

Using a 1930s trade law, Homeland Security targeted the man—who hasn’t entered the US in more than a decade—following posts on X condemning the killings of Renee Good and Alex Pretti.

Plus: The NSA tests Anthropic’s Mythos Preview to find vulnerabilities, a Finnish teen is charged over the Scattered Spider hacking spree, and more.

The exploit, dubbed CopyFail and tracked as CVE-2026-31431, allows hackers to take over PCs and data center servers. The Linux vulnerabilities have been patched—but many machines remain at risk.

You’re scrolling through Facebook or TikTok and see it. 

A flash sale from a brand you recognize. A limited-time investment opportunity. A job posting that promises quick money. 

The ad has comments. The account looks polished. Maybe someone you follow even liked it. 

So you click. 

From there, things move fast. You’re pushed to act quickly, enter your information, or send payment before the “deal” disappears. And just like that, the money is gone or your account is compromised. 

This isn’t an edge case anymore. According to new FTC data, nearly 30% of people who reported losing money to a scam in 2025 said it started on social media, with total losses hitting $2.1 billion. 

That’s why McAfee+ Advanced includes comprehensive protection designed to help you spot and stop scams at every step, including McAfee’s Scam Detector, which flags suspicious links and messages and explains why they may be risky, along with identity and privacy tools that help protect your information if a scam slips through. 

How Social Media Ad Scams Work 

A social media ad scam is when scammers use paid ads, fake profiles, or hijacked accounts on platforms like Facebook, Instagram, or TikTok to promote fake products, services, or investment opportunities in order to steal money or personal information. 

Step	What happens	What to do	How McAfee helps
1	You see an ad, post, or DM promoting a deal, job, or investment	Don’t engage immediately, even if it looks legitimate	Scam Detector flags suspicious links and messages before you interact
2	The ad links to a website or moves you into DMs	Avoid clicking unfamiliar links or continuing off-platform	Safe Browsing helps block risky or newly created websites
3	You’re pressured to act quickly or “secure your spot”	Slow down and verify the company independently	Scam Detector explains urgency tactics and why they’re risky
4	You’re asked to pay, share login info, or download something	Never send money or credentials based on a social media interaction	Identity Monitoring helps protect your personal data if exposed
5	The product never arrives, the investment disappears, or your account is compromised	Report the scam and secure your accounts immediately	Personal Data Cleanup and monitoring help reduce ongoing exposure

Red Flags To Watch For 

• Deals that feel unusually cheap or urgent  
• Ads linking to unfamiliar or slightly misspelled websites  
• Requests to move conversations off-platform quickly  
• Payment requests via apps, crypto, or wire transfer  
• Accounts with limited history or inconsistent engagement  

And that is the first part of This Week in Scams! This Friday we’re taking a different format to talk about this new FTC data and all that it reveals.  

Let’s keep digging in: 

FTC Report: Social Media Scams Are Now The Most Costly Fraud Channel 

New data from the FTC shows just how dominant social media has become in the scam landscape. 

• Social media scams drove $2.1 billion in reported losses in 2025  
• Losses have increased eightfold since 2020  
• Investment scams alone accounted for $1.1 billion of those losses 

Where Scams Are Happening And What’s Changing 

Category	What to know
Most common scams	Shopping scams lead, with over 40% of victims reporting purchases from social media ads that never arrived
Most costly scams	Investment scams drive the biggest losses, often starting with ads or group chats showing fake success
What’s changing	Scammers are using platform tools like ads, targeting, and profile data to reach people more precisely than ever

How Scams Play Out Across Platforms 

Platform	How scams typically start	What to watch for
Facebook	Ads, Marketplace listings, hacked accounts	Fake stores, duplicate listings, urgent purchase pressure
Instagram	Sponsored posts, influencer impersonation	“Limited drop” scams, fake brand collaborations
TikTok	Ads, stolen videos/profiles, comment links, bio links,	“Get rich quick” schemes, external link funnels, reselling via TikTok
WhatsApp	Group chats, investment communities	Fake testimonials, coordinated pressure to invest

 How McAfee Protects You from Scams and Cyber Threats 

McAfee+ Advanced gives you multiple layers working together so you are not left figuring it out after the damage is done:   

• Identity Monitoring alerts you if your personal info shows up where it should not, so you can act fast  
• Personal Data Cleanup helps remove your information from data broker sites, making you harder to target in the first place  
• Scam Detector flags suspicious texts, emails, links, and even deepfake videos before you engage  
• Safe Browsing helps block risky sites if you do click  
• Device Security helps detect malicious apps or downloads  
• Secure VPN keeps your data private, especially on public Wi-Fi    

McAfee Safety Tips This Week 

Our advice based on this week’s scams and schemes: 

• Treat social media ads like any other unknown source, not a trusted recommendation  
• Pause before clicking, especially when urgency is involved  
• Verify brands by going directly to their official website  
• Avoid sending money or personal information through social media  
• Use tools like Scam Detector to check suspicious links before engaging  

And we’ll be back next week with more scams making headlines.

The post Ad Impersonation Scams and Record-Breaking Social Media Fraud Losses: This Week in Scams appeared first on McAfee Blog.

OpenAI is rolling out Advanced Account Security for people concerned that their ChatGPT or Codex accounts could be potential targets of phishing attacks.

The war in Iran has drawn attention to arrests in the United Arab Emirates over online content, but the legal framework behind that enforcement has existed for years.

AI agents may soon be buying your stuff for you. The FIDO Alliance has teamed up with Google and Mastercard to try to ensure that shopping in the near future isn't a complete disaster.

A 31-year-old engineer and self-described indie game developer is suspected of firing shots at the annual event attended by President Donald Trump, high-profile media figures, and US government officials.

Plus: Spy firms tap into a global telecom weakness to track targets, 500,000 UK health records go up for sale on Alibaba, Apple patches a revealing notification bug, and more.

A new scam making the rounds takes a familiar delivery trick and upgrades it with hyper‑realistic messaging and a QR code that looks safe to scan. 

But don’t be fooled. 

It’s the same delivery scam playbook scammers have relied on for years, just repackaged with better design and more convincing details. 

You get a message with a notice that looks something like this, a real message received by our team and tested against McAfee’s Scam Detector. 

 

That added layer of realism is what makes this version more dangerous. But it doesn’t hold up under scrutiny. McAfee’s Scam Detector flagged both the suspicious language and the QR code in this message before any interaction. 

If you receive something like this, pause. Do not scan the code. 

You can also protect yourself with McAfee’s Scam Detector, which flags suspicious links and messages, including delivery scams and QR‑based attacks, and explains why they may be risky. 

What is the USPS QR Code Scam and How Does it Work? 

The USPS QR code scam is a phishing attempt where scammers impersonate postal services and use QR codes instead of clickable links to direct victims to malicious websites. 

Once scanned, the QR code can lead to a fake USPS page that asks for payment, login credentials, or personal information. 

How the scam works 

Step	What happens	The red flags	What to do	How McAfee helps
1	You receive a text about a delivery issue or missed package	Urgency, you’re not tracking a package	Be skeptical of unsolicited delivery messages	Scam Detector flags suspicious messages
2	The message includes a QR code instead of a link	QR codes instead of official tracking links  is a red flag	Do not scan QR codes from unknown sources	QR scanning protection warns before opening risky destinations
3	You scan the code and land on a fake USPS page	Generic or slightly off branding on the webpage	Do not enter any information	Safe Browsing blocks known malicious sites
4	The page asks for payment or personal details	Requests for small “redelivery” or “processing” fees  are not normal	Exit immediately and do not submit anything	Scam Detector explains why the page is risky, and Identity Monitoring supports you when if your info gets out.

What To Do If You Get This Message 

• Do not scan the QR code  
• Go directly to the official USPS website to check tracking  
• Delete the message  
• Report it as spam  
• Monitor your accounts if you interacted with it  

And that, my friends, is scam number one in this week’s This Week in Scams. 

Let’s get into what else is on our radar. 

A Major Health Data Breach Exposes 500,000 Records 

A massive health data incident is raising new concerns about how sensitive information is handled and shared. 

According to reporting from the Associated Press, data tied to 500,000 participants in a major U.K. health research project was found listed for sale online. The dataset included biological and health-related information, though it did not contain direct identifiers like names or contact details. 

Access to the data had been granted to research institutions, but that access has since been revoked. Authorities say no purchases were made, and the listing has been removed. 

Still, the situation highlights a growing reality: once data is accessed or shared, control over it becomes harder to guarantee. 

What This Breach Says About Data Privacy 

Scams are no longer isolated events. They are layered. 

A data breach does not just stay a breach. It becomes fuel for future scams. Exposed information can be used to make phishing messages more convincing, personalize attacks, and build trust with targets. 

That is why detection alone is not enough anymore. Protection has to account for both incoming threats and what happens when data is already out there. 

How McAfee Protects You In A World of Scams and Data Breaches  

McAfee+ Advanced gives you multiple layers working together so you are not left figuring it out after the damage is done:  

• Identity Monitoring alerts you if your personal info shows up where it should not, so you can act fast 
• Personal Data Cleanup helps remove your information from data broker sites, making you harder to target in the first place 
• Scam Detector flags suspicious texts, emails, links, and even deepfake videos before you engage 
• Safe Browsing helps block risky sites if you do click 
• Device Security helps detect malicious apps or downloads 
• Secure VPN keeps your data private, especially on public Wi-Fi   

McAfee Safety Tips This Week  

As always, we have some best practices and safety tips for navigating life online:  

• Pause before clicking, especially when a message creates urgency   
• Go directly to websites or apps instead of using email links   
• Be skeptical of routine account alerts that push immediate action   
• Double-check sender addresses and URLs closely   
• Use tools like McAfee’s Scam Detector to flag suspicious links and messages before interacting   
• Turn on identity monitoring so you’re alerted if your data is exposed  

And we’ll be back next week with more scams making headlines.

The post Fake USPS QR Code Text Scams and a Major Health Data Breach: This Week in Scams appeared first on McAfee Blog.

A US surveillance program that lets the FBI view Americans’ communications without a warrant is up for renewal. A new bill aims to address mounting lawmaker concerns—with smoke and mirrors.

Researchers have finally cracked Fast16, mysterious code capable of silently tampering with calculation and simulation software. It was created in 2005—and likely deployed by the US or an ally.

One group of hackers used AI for everything from vibe coding their malware to creating fake company websites—and stole as much as $12 million in three months.

The Firefox team doesn’t think emerging AI capabilities will upend cybersecurity long term, but they warn that software developers are likely in for a rocky transition.

A lawsuit from the Consumer Federation of America accuses Meta of misleading consumers about its efforts to combat scams advertisements on its platforms.

Co-Authored by Luiz Parente 

Your data might be safe today. But that doesn’t mean it’s safe forever. 

A growing number of sophisticated actors are collecting encrypted data now, with the goal of decrypting it later, when more powerful technology becomes available. 

This strategy is known as Harvest Now, Decrypt Later (HNDL). And it’s not a future problem. It’s already happening, according to research from our McAfee VPN team. 

For everyday people, that means private messages, financial records, and sensitive documents could be exposed years from now if protections don’t evolve today. 

That’s why security teams, including McAfee’s VPN engineers, are already working on ways to strengthen encryption for both today and what comes next. 

What “Harvest Now, Decrypt Later” Means 

At its core, HNDL is simple: Attackers collect encrypted data now, store it, and wait until they have the tools to unlock it later. 

Even though today’s encryption is incredibly strong, the strategy doesn’t rely on breaking it today. It relies on patience.  

A Simple Way to Think About It 

You put valuable belongings and documents in a safe at home that’s locked and secured. This works at preventing crimes of opportunity. But let’s say there’s a thief who steals the entire safe, knowing they have tools they can use later to access what’s inside. They wait, and once the tools are available, they break into your safe and access everything inside. 

That’s one way to think of HNDL. The safe is the encryption. The quantum computing is the tool they can use later.  

But in real life, you’d probably notice if your safe is gone. In the case of HNDL, if you’re not monitoring your data, you may not even notice encrypted information has been stolen to be decrypted.  

Key Terms Explained 

Term	What it means
Encryption	Scrambling data so others can’t read it
Quantum computing	A new type of computing that can break some encryption
HNDL	A strategy to collect encrypted data now and decrypt it later

Why This Matters Right Now 

This isn’t about whether your data is valuable today. It’s about whether it might be valuable later. 

Data with a long shelf life is especially at risk, including: 

• Financial records  
• Medical information  
• Private messages  
• Legal or identity documents  

Even something that feels low-stakes today could become sensitive in the future. 

And because the collection phase is already happening, the risk isn’t hypothetical. It’s already in motion. 

How This Affects VPNs (and what doesn’t change) 

VPNs remain one of the most effective ways to protect your data today. That hasn’t changed. 

But HNDL introduces a new layer of complexity. 

• What’s still strong: The encryption that protects your data in transit remains highly resilient.  
• Where the risk is: The “handshake” process (how a secure connection is established) is more vulnerable to future quantum attacks.  

In simple terms: Your data is well protected today, but parts of how that protection is set up may need to evolve for the future. 

What Quantum Computing Changes 

Traditional computers process information in a linear way. 

Quantum computers work differently. They can solve certain types of problems much faster, including the kinds of mathematical challenges that protect today’s encryption. 

That’s why attackers are willing to wait. 

Once quantum computing reaches a certain level, it could unlock data that was previously considered secure. 

What McAfee’s VPN Team is Working On 

McAfee’s VPN team is already preparing for this shift. 

• Evaluating quantum-safe encryption approaches  
• Exploring hybrid models that protect both now and long-term  
• Building toward a more resilient VPN experience  

This work builds on a broader privacy-by-design approach, where systems are designed to minimize risk from the start, not react after the fact. 

Because with HNDL, waiting isn’t an option. 

What You Can Do Now 

You don’t need to wait for quantum computing to take steps today. 

• Use a trusted VPN to encrypt your connection  
• Be mindful of long-term sensitive data you share online  
• Avoid unsecured public Wi-Fi when possible  
• Keep your apps and devices updated  

These steps help protect your data now while the industry builds toward future-ready security. 

How McAfee Helps Protect You 

McAfee+ Advanced gives you multiple layers working together so you are not left figuring it out after the damage is done:  

• Identity Monitoring alerts you if your personal info shows up where it should not, so you can act fast 
• Personal Data Cleanup helps remove your information from data broker sites, making you harder to target in the first place 
• Scam Detector flags suspicious texts, emails, links, and even deepfake videos before you engage 
• Safe Browsing helps block risky sites if you do click 
• Device Security helps detect malicious apps or downloads 
• Secure VPN keeps your data private, especially on public Wi-Fi   

Frequently Asked Questions (FAQs) 

FAQ

Q: Is my data safe right now?   A: In most cases, yes—today’s encryption is extremely strong and is designed to protect your data from current threats. If you’re using trusted security tools like a VPN, safe browsing protections, and device security, your data is actively protected while it’s in transit and in use. However, no system is risk-free. Data exposed through phishing, weak passwords, breaches, or unsecured networks may still be vulnerable. And with “Harvest Now, Decrypt Later,” even properly encrypted data could be collected today and targeted for decryption in the future.

Q: What is quantum-safe encryption?  A: Quantum-safe (or post-quantum) encryption refers to new types of cryptography designed to remain secure even against future quantum computers. Today’s encryption relies on math problems that are extremely difficult for classical computers to solve, but quantum computers could eventually solve some of them much faster. Quantum-safe approaches use different mathematical foundations that are believed to resist those capabilities. In practice, many companies are moving toward hybrid encryption, combining today’s proven methods with newer quantum-resistant techniques to protect data both now and long-term.

Q: Should I still use a VPN?  A: Yes. A VPN remains one of the most effective ways to protect your data today, especially on public or unsecured networks. It encrypts your internet traffic and helps prevent interception by hackers, internet providers, or other third parties. While VPN protocols are evolving to address future quantum risks, they still provide strong, essential protection against today’s threats.

Q: When will this become a real threat?  A: The risk unfolds in two phases. The collection phase is already happening today, where sophisticated actors gather encrypted data and store it. The decryption phase depends on when quantum computing advances far enough to break certain types of encryption, which could take years but is actively progressing. This means data with a long lifespan, such as financial records, personal communications, and sensitive documents, is most at risk because it only needs to remain valuable until those capabilities exist.

The post Why Hackers Are Collecting Data They Can’t Read Yet. And How to Stay Safe appeared first on McAfee Blog.