For many families around the world, the digital spaces where children learn and play have also become venues for relentless harassment. According to a 2025 survey of nearly 3,500 U.S. teens by the Cyberbullying Research Center, about 58% have been cyberbullied at least once, a significant jump from 34% in 2016.

Experts warn that this issue is now a constant crisis and impacting the well-being of children and teens.

In this guide, we will clarify exactly what counts as cyberbullying. We will explore how new platforms and artificial intelligence are reshaping the landscape. Most importantly, we will provide you with practical steps to protect your family. Together, we can take actionable steps to keep our digital lives safe and positive.

What Is Cyberbullying?

Cyberbullying is not a vague term for online drama. It has specific characteristics that separate it from a simple disagreement between friends. Similar to bullying, cyberbullying has standard elements of unwanted aggressive behavior, an observed or perceived power imbalance, and behavior that is repeated or likely to be repeated.

Common cyberbullying behaviors include name-calling, severe insults, rumor spreading, direct threats, impersonation through fake accounts, intentional exclusion from group chats, non-consensual sharing of private photos, and doxxing, publishing someone’s private information like their home address or phone number without consent. We also frequently see pile-on attacks, where dozens or hundreds of users flood a person’s comments section with hate statements.

The Cyberbullying Research Center notes that in recent national surveys, about 26.5% of U.S. students reported being cyberbullied in the last 30 days, underscoring the ongoing nature of online harassment as a daily reality for many.

Why Cyberbullying is Different (and More Harmful)

While the core intent to harm is the same as traditional bullying, cyberbullying operates differently:

• Platform: Bullying takes place in the physical world, while cyberbullying occurs in digital spaces such as text messages, direct messages, social media platforms, group chats, online gaming environments, email, and photo-sharing applications.
• Anonymity: Another major difference is anonymity. Cyberbullies often hide behind fake profiles or anonymous accounts, making it difficult to know who is launching the attacks.
• Constancy: A significant difference with cyberbullying is the constant nature of the internet. Online harassment can follow teens home and continue late into the night via phones and apps.
• Audience and permanence: A hurtful comment made in a school hallway is heard by a few people and eventually fades, while a similar post online can spread to thousands of people in minutes. It can be screen-captured and may resurface years later. Once it is out there, it is incredibly difficult to remove.

Despite these differences, there is a strong overlap in how bullying and cyberbullying impact individuals. Many youths who are bullied online are also bullied at school, and experience anxiety or depression.

Types and Examples of Cyberbullying

Cyberbullying takes many forms, from classic harassment tactics to emerging AI-powered threats. The most frequently reported forms of cyberbullying include being excluded from group chats, mean or hurtful comments posted online, public embarrassment or humiliation, and rumors spread online, according to the Cyberbullying Research Center’s 2025 survey. Understanding these methods helps you recognize and stop them.

Common Cyberbullying Methods

• Harassment: Sending repeated offensive messages through texts, direct messages, or comments, or intentionally leaving someone out of group chats and online activities where they can see what they’re missing.
• Flaming: An online fight conducted through angry, vulgar exchanges via emails, messages, social media, or chat rooms. Unlike harassment, flaming is often a heated back-and-forth exchange rather than one-sided attacks.
• Impersonation and Fake Accounts: Creating fake profiles or hacking into someone’s account to post damaging content as if the victim wrote it themselves, destroying reputations quickly
• Outing and Doxing: Sharing private photos, messages, or personal information (like addresses or phone numbers) publicly without consent to embarrass, humiliate, or intimidate
• Cyberstalking: Persistent online monitoring accompanied by threatening messages that make someone fear for their safety, which is a federal crime. Examples include tracking someone’s location through social media check-ins, obsessively monitoring their online activity, or sending relentless, threatening messages.

Where Cyberbullying Occurs Most

To protect our kids, we need to know where the risks are highest. Recent analyses find that cyberbullying mainly happens on social media platforms, including YouTube, TikTok, and Facebook, as well as in messaging apps and online games, where teens commonly interact.

If you are a parent, take an inventory of the apps your child uses most frequently and ask them to show you how the messaging and commenting features work. Familiarizing yourself with these digital environments will help them navigate these platforms safely.

Emerging AI-Driven Threats

Artificial intelligence (AI) has fundamentally changed the internet, and has, unfortunately, introduced alarming new tactics:

• Deepfake Images and Videos: AI-generated content can be misused to create highly realistic images or videos called deepfakes. Entirely fake videos can be created showing a student doing or saying something they never did, which complicates evidence gathering. These are then shared in group chats or posted publicly to spread false narratives and destroy reputations.
• Voice Cloning: Students are using AI to mimic classmates’ voices, generating audio that makes someone sound like they said something offensive or embarrassing, with no easy way to prove it wasn’t real. About 11% of U.S. high schoolers have experienced this.
• AI-Generated Harassment: AI chatbots are being used to generate spam, threats, and hate speech at scale, flooding a victim’s inbox or comment sections across platforms.
• Body-Shaming with AI Filters: AI-altered images and filters are being weaponized to body-shame and humiliate targets, often shared widely before victims can respond.

AI Can Also Be a Safety Tool

However, platforms have also begun using AI as a safety tool to detect hate speech, harassment, and predatory behavior in real time. Newer safety reports show that AI-driven comment filtering and think-before-you-post nudges successfully reduce toxic comments and repeat harassment on major platforms.

How Common Is Cyberbullying Today?

The statistics show that cyberbullying is a widespread issue requiring immediate attention. In a 2024 study, the World Health Organization revealed that 15% of surveyed adolescents have experienced cyberbullying.

In the U.S., the Centers for Disease Control and Prevention (CDC) Youth Risk Behavior Survey reports that 16% of high school students were electronically bullied in the previous 12 months, about 38.3% of whom were girls compared to 29.9% of boys.

Another study showed that about 53.9% of teens aged 13 to 17 reported being cyberbullied. These statistics demonstrate that cyberbullying is a mainstream experience, making digital safety education relevant to almost every family.

The Most Affected Groups

Aside from gender, identity plays a key role in who is targeted for cyberbullying. Gender minorities reported much higher rates of harassment at 47.1% compared with their heterosexual peers at 30%, as did students with developmental disabilities.

How Cyberbullying Affects Mental Health

There is evidence that online harassment causes profound psychological harm. A CDC report links frequent social media use with higher rates of both in-person and cyberbullying, as well as constant sadness, hopelessness, and suicidal thinking among teens.

This is supported by the 2025 announcement from mental health experts highlighting the connection between cyberbullying and increased anxiety, depression, and trauma-like symptoms. Even though incidents seem minor, parents and teens must acknowledge that emotional reactions to cyberbullying are valid and serious. Early support and intervention can significantly reduce long-term harm.

Platform Safety Updates for Teens

Social media companies are facing intense pressure to protect younger users, leading to significant updates. In 2025, Meta tightened default messaging and commenting settings for teens, automatically assigning the strictest safety options to teen accounts to filter inappropriate interactions from unknown users.

In addition, the company’s Instagram and Facebook platforms now provide more information about users contacting teens, showing details such as the age of the account and providing a way to block and report abusive users.

Help your child utilize these settings by ensuring their accounts are set to private to restrict direct messages from strangers. Enable each platform’s built-in AI comment filtering to hide offensive words automatically.

Signs Your Child May Be Cyberbullied

As a parent, one of your most powerful tools is simply paying attention. Cyberbullying often leaves visible traces in your child’s behavior, emotions, and device habits, if you know what to look for. The good news is that early recognition means early intervention, and that can make all the difference.

Behavioral Changes to Watch For

• Sudden withdrawal from social activities or friends
• Reluctance to go to school or participate in usual activities
• Anxiety or nervousness when using devices or checking messages
• Changes in sleep patterns or appetite

Emotional Warning Signs

• Increased sadness, anxiety, or irritability, especially after being online
• Low self-esteem or negative self-talk (“nobody likes me,” “I’m stupid”)
• Reluctance to discuss online activities or what’s happening at school

Device and Online Behavior

• Extreme changes in screen time, either excessive checking or complete avoidance
• Suddenly deleting social media accounts without explanation
• Being secretive about online activity or quickly hiding screens
• Receiving unusual volumes of messages or calls, especially at odd hours

If you notice several of these signs together, it’s time for a conversation. The key is approaching with empathy and making it clear they won’t be punished for opening up.

How to Prevent Cyberbullying: Guidance for Families

Knowing the impact of cyberbullying is only half the battle. The most important step is being proactive to protect your family. Here is how you can build a resilient defense against online harassment and empower your children.

Build Open Communication and Digital Citizenship Skills

The foundation of digital safety is trust. Encourage regular, judgment-free check-ins on your child’s online activities. Ask them what they are doing, seeing, and feeling related to the ongoing online issues. Assure them you will not confiscate their phone when they report a problem.

In addition, teach your kids to recognize cyberbullying and to support their peers who are being targeted. Underscore the importance of not joining in on the comment pile-ons, and let them know that it is perfectly acceptable to block, mute, or simply leave harmful digital spaces. Research suggests that strong parent-teen communication can buffer some negative effects of social media use and encourage teens to ask for help sooner.

Enable Safety Settings

Every major platform has tools designed to stop harassment. Teach your child to use keyword filters to automatically hide comments that contain specific insults, slurs, and other forms of hate speech. Help them set their accounts to private to restrict direct messages from strangers, and enable each platform’s built-in AI comment-filtering features.

How to Report Cyberbullying

Alongside safety features, teach them to block and report harassers on the platform. You can end cyberbullying quickly if you know how to use platforms’ tools effectively.

1. Document Everything First

Before blocking, deleting, or reporting anything, save evidence. Create a digital safety plan and agree with your family that if anyone receives a threatening or highly abusive message, they should document the incident with screenshots before blocking, deleting, or responding to it. These screenshots will serve as important pieces of evidence if the school or platforms need to take action.

2. Use Platform Reporting Tools

Most importantly, teach your child to block and report harassers on the platform. Here’s how on major platforms:

Instagram, Facebook, and Threads:

1. Tap the three dots on the post or message
2. Select “Report” and choose the violation type (bullying or harassment)
3. Follow prompts to block the account
4. Use “Restrict” to limit interactions without full blocking

TikTok:

1. Long-press the comment or video
2. Select “Report” and choose “Bullying and harassment”
3. Block the account from their profile page

Snapchat:

1. Press and hold on the message or username
2. Tap “Report” and select the issue
3. Block the user to prevent further contact

YouTube:

1. Click the three dots next to the comment or video
2. Select “Report” and choose “Cyberbullying or harassment”

Gaming Platforms (Xbox, PlayStation, Discord, and Roblox)

1. Use in-game or platform reporting options, typically found in user profiles or chat menus
2. Many platforms now offer real-time abuse detection that automatically flags harassment

Text Messages:

1. Block the number through your phone settings
2. Report spam to your carrier (forward to 7726/SPAM for most U.S. carriers)
3. Save screenshots before blocking

3. Escalate for More Help

Sometimes, platform tools are not enough. You need to know when to escalate the situation to the appropriate authorities. Follow the steps below when you see signs of ongoing harassment, physical threats, identity-based or other forms of hate, the sharing of private images, as well as changes in your child’s mood, sleep patterns, or school attendance.

1. Save all evidence, including screenshots, URLs, usernames, and timestamps.
2. Contact school officials, such as a counselor or principal, and provide them with specific documentation.
3. Seek professional mental health support to address your child’s distress.
4. Contact local law enforcement immediately if there are threats of physical harm or illegal content involved.

How Technology Can Help Prevent Cyberbullying

While technology is the medium for cyberbullying, it is also a tool for prevention and protection. Using the right software can give parents peace of mind and help teens navigate the web.

Device-Level Protection and Parental Controls

Cyberbullying is frequently accompanied by other digital threats, such as sending malicious links, stealing passwords, or tricking victims into downloading scam apps. This is where robust security software becomes essential to help block phishing links and compromised websites.

Additionally, parental control tools allow you to manage screen time, filter inappropriate web content, and monitor or limit certain types of app usage for age-appropriate scenarios. These tools help protect younger children from platforms they are not emotionally ready to handle.

Digital Well-Being Tools that Signal Distress

Modern security solutions offer digital well-being tools that track app usage and highlight sudden changes in behavior, such as late-night device use, massive spikes in messaging, or the sudden downloading of new, unfamiliar apps. These changes can be early warning signs of distress or harassment.

It is crucial to use these tools transparently by introducing them to your teens as conversation starters rather than secret surveillance. Saying that you noticed they were on their phone very late last night and asking if everything is okay builds trust. Spying breaks it.

Legal Grounds to Deal with Cyberbullying

Cyberbullying is not just a behavioral issue. It intersects heavily with school policies, community safety, and the law. Understanding this context will help your family deal with severe harassment.

Laws and School Responsibilities

Globally, many countries are adopting frameworks to protect digital citizens against cyberbullying. In the United States, all 50 states have anti-bullying laws, most of which now explicitly include electronic or cyberbullying in their definitions and guidance. These include laws and district policies that allow schools to address online behavior that creates a hostile environment or substantially disrupts a student’s learning. This means that even if the harassment happens on a weekend via a smartphone, the school has the authority and the responsibility to intervene if it impacts the victim’s ability to feel safe in the classroom.

Cyberbullying as a Crime

Certain cruel online behaviors may cross the line into criminal activity and to be considered crimes. For instance, credible threats of violence, stalking, extortion, hate-motivated harassment, and the non-consensual sharing of intimate images may violate criminal laws.

If a situation escalates to this level, it is time for legal and law enforcement to intervene. When this happens, families should document all evidence and consider contacting law enforcement or civil rights agencies.

Look up your local school district’s specific cyberbullying policies and legal obligations, and find out who to contact. This will save you valuable time if you need to report an incident.

Final Thoughts

Cyberbullying is intentional, repeated online harm, and a serious issue that leverages the constant nature of the internet to follow young children, teens, and certain groups into their homes and bedrooms.

While social media platforms, school policies, and laws are steadily improving, families still hold the most powerful tools. You can significantly reduce the harm to your children caused by online harassment by initiating open and non-judgmental conversations, utilizing built-in device protections and app privacy settings, partnering with your local schools, and seeking mental health support when needed.

Talk with your kids this week about their online experiences. Sit down together and review the safety and privacy settings on their favorite apps. Finally, consider using a trusted security partner such as McAfee+ as part of a broader, proactive digital safety plan.

A McAfee+ family plan helps protect your household’s devices from the malware and malicious links that often accompany harassment or sextortion attempts and sets healthy boundaries around apps, web content, and screen time. Furthermore, it provides educational resources on digital citizenship and safe social media use beyond basic antivirus software.

When you work with trusted tools, you can help keep the internet a place of connection and creativity.

The post Cyberbullying Prevention: How to Protect Kids & Teens Online appeared first on McAfee Blog.

Unfortunately, scammers today are coming at us from all angles, trying to trick us into giving up our hard-earned money. We all need to be vigilant in protecting ourselves online. If you aren’t paying attention, even if you know what to look for, they can still catch you off guard. There are numerous ways to detect fake sites, phishing, and other scams, including emails.

Before we delve into the signs of fake websites, we will first take a closer look at the common types of scams that use websites, what happens when you accidentally access a fake website, and what you can do in case you unknowingly purchased items from it.

What are fake or scam websites?

Fake or scam websites are fraudulent sites that look legitimate while secretly attempting to steal your personal information, money, or account access.

These deceptive platforms masquerade as trustworthy businesses or organizations, sending urgent messages that appear to be from popular shopping websites offering fantastic limited-time deals, banking websites requesting immediate account verification, government portals claiming you owe taxes or are eligible for refunds, and shipping companies asking for delivery fees.

The urgency aims to trick you into logging in and sharing sensitive information, such as credit card numbers, Social Security details, login credentials, and personal data. Once you submit your data, the scammers will steal your identity, drain your accounts, or sell your details to other criminals on the dark web.

These scam websites have become increasingly prevalent because they’re relatively inexpensive to create and can reach millions of potential victims quickly through email and text campaigns, social media ads, and search engine manipulation.

Cybersecurity researchers and consumer protection agencies discover these fraudulent sites through various methods, including monitoring suspicious domain registrations, analyzing reported phishing attempts, and tracking unusual web traffic patterns. According to the FBI’s Internet Crime Complaint Center, losses from cyber-enabled fraud totaled $13.7 billion, with fake websites accounting for a significant portion of these losses.

Consequences of visiting a fake website

Visiting a fake website, accidentally or intentionally, can expose you to several serious security risks that can impact your digital life and financial well-being:

• Credential theft: Scammers can capture your login information through fake login pages that look identical to legitimate sites. Once they have your username and password, they can access your real accounts and steal personal information or money.
• Credit card fraud: When you enter your bank or credit card details on fraudulent shopping or fake service portals, scammers can use your payment information for unauthorized purchases or sell these to other criminals on the dark web.
• Malware infection: Malicious downloads, infected ads, or drive-by downloads may happen automatically when you visit certain fake sites. These, in turn, can steal personal files, monitor your activity, or give criminals remote access to your device.
• Identity theft: Fake sites can collect personal information, such as Social Security numbers, addresses, or birthdates, through fraudulent forms or surveys.
• Account takeovers: Criminals can use stolen credentials to access your email, banking, or social media accounts, potentially locking you out and using your accounts for further scams.

Common types of scam websites

Scammers employ various tactics to create fake websites that appear authentic, but most of these techniques follow familiar patterns. Knowing the main types of scam sites helps you recognize danger faster. This section lists the most common categories of scam websites, explains how they operate, and identifies the red flags that alert you before they can steal your information or money.

• Fake shopping stores: These fraudulent e-commerce sites steal your money and personal information without delivering products. They offer unrealistic discounts (70%+ off), have no customer service contact information, or accept payments only through wire transfers or gift cards. These sites often use stolen product images and fake customer reviews to appear legitimate.
• Phishing login pages: These sites mimic legitimate services such as banks, email providers, or social media platforms to harvest your credentials. Their URLs that don’t match the official domain, such as “bankofamerica-security.com” instead of “bankofamerica.com.” Their urgent messages claim your account will be suspended unless you log in immediately.
• Tech support scam sites: These fake websites claim to detect computer problems and offer remote assistance for a fee. They begin with a pop-up ad with a loud alarm to warn you about viruses, providing phone numbers to call “immediately” or requesting remote desktop access from unsolicited contacts.
• Investment and crypto sites: These sites guarantee incredible returns on cryptocurrency or investment opportunities, feature fake celebrity endorsements, or pressure you to invest quickly before a “limited-time opportunity” expires.
• Giveaway and lottery pages: You receive notifications with a link to a page that claims you’ve won prizes In contests you never entered, but require upfront fees or personal information to receive them. They will request bank account details to “process your winnings” or upfront processing fees.
• Shipping and parcel update portals: These typically appear as tracking pages that mimic delivery services, such as USPS, UPS, or FedEx, to steal personal information or payment details. The pages ask for immediate payment to release and deliver the packages, or for login credentials to accounts you don’t have with that carrier.
• Malware download pages: These ill-intentioned sites offer “free” but uncertified software, games, or media files that contain harmful code to infect your device once you click on the prominent “Download” button.
• Advance fee and loan scams: These sites claim to guarantee approved loans or financial services, regardless of your credit score. But first, you will have to post an upfront payment or processing fees before any actual assistance is rendered.

Understanding these common scam types helps you recognize fake sites before they can steal your information or money. When in doubt, verify legitimacy by visiting official websites directly through bookmarks or search engines rather than clicking suspicious links.

For the latest warnings and protection guidance, check resources from the Federal Trade Commission and the FBI’s Internet Crime Complaint Center.

Recognize a fake site

You can protect yourself by learning to recognize the warning signs of fake sites. By understanding what these scams look like and how they operate, you’ll be better equipped to shop, bank, and browse online with confidence. Remember, legitimate companies will never pressure you to provide sensitive information through unsolicited emails or urgent pop-up messages.

1. Mismatched domain name and brand: The website URL doesn’t match the company name they claim to represent, like “amazoon-deals.com” instead of “amazon.com.” Scammers use similar-looking domains to trick you into thinking you’re on a legitimate site.
2. Spelling mistakes and poor grammar: Legitimate businesses invest in professionally created content to ensure clean and error-free writing or graphics. If you are on a site with multiple typos, awkward phrasing, or grammatical errors, this indicates that it was hastily created and not thoroughly reviewed, unlike authentic websites.
3. Missing or invalid security certificate: The site lacks the “https://” prefix in the URL or displays security warnings in your browser. Without proper encryption, any information you enter can be intercepted by criminals.
4. Fantastic deals: Look out for prices that are dramatically low—like designer items at 90% off or electronics at impossibly low costs. Scammers use unrealistic bargains to lure victims into providing payment information.
5. High-pressure countdown timers: The site displays urgent messages such as “Only 2 left!” or countdown clocks with limited-time offers that reset when you refresh the page. These fake urgency tactics push you to make hasty decisions without proper research.
6. No physical address, contact information, or legitimate business details: The site provides only an email address or contact form. In the same vein, any email address they provide may look strange, like northbank@hotmail.com. Any legitimate business will not use a public email account, such as Hotmail, Gmail, or Yahoo.
7. Missing or vague return policy: Legitimate businesses want satisfied customers and provide clear policies for returns and exchanges. Scams, however, often fail to provide clear refund policies, return instructions, or customer service information.
8. Stolen or low-quality images: Scammers often steal images from legitimate sites without permission, making their product photos look pixelated, watermarked, or inconsistent in style and quality.
9. Fake or generic reviews: Authentic reviews include specific details and a mix of ratings and comments. On fake websites, however, customer reviews are often overly positive, using generic language, posted on the same dates, or containing similar phrasing patterns.
10. Limited payment options: Legitimate businesses offer secure payment options with buyer protection. Fake websites, however, only accept wire transfers, cryptocurrency, gift cards, or other non-reversible or untraceable payment methods.
11. Recently registered domain: The website was created very recently—often just days or weeks ago, whereas established businesses typically have older, stable web presences.
12. Fake password: If you’re at a fake site and type in a phony password, the fake site is likely to accept it.

Recognize phishing, SMiShing, and other fake communications

Most scams typically start with social engineering tactics, such as phishing, smishing, and fake social media messages containing suspicious links, before directing you to a fake website.

From these communications, the scammers impersonate legitimate organizations before finally executing their malevolent intentions. To avoid being tricked, it is essential to recognize the warning signs wherever you encounter them.

Email phishing red flags

Fake emails are among the most common phishing attempts you’ll encounter. If you see any of these signs in an unsolicited email, it is best not to engage:

• One way to recognize a phishing email is by its opening greeting. A legitimate email from your real bank or business will address you by name rather than a generic greeting like “Valued Customer” or something similar.
• In the main message, look for urgent language, such as “Act now!” or “Your account will be suspended immediately.” Legitimate organizations rarely create artificial urgency around routine account matters. Also, pay attention to the sender’s email address. Authentic companies use official domains, not generic email services like Gmail or Yahoo for business communications.
• Be suspicious of emails requesting your credentials, Social Security number, or other sensitive information. Banks and reputable companies will never ask for passwords or personal details via email.
• Look closely at logos and formatting. Spoofed emails often contain low-resolution images, spelling errors, or slightly altered company logos that don’t match the authentic versions.

SMS and text message scams

Smishing messages bear the same signs as phishing emails and have become increasingly sophisticated. These fake messages often appear to come from delivery services, banks, or government agencies. Common tactics include fake package delivery notifications, urgent banking alerts, or messages claiming you’ve won prizes or need to verify account information.

Legitimate organizations typically don’t include clickable links in unsolicited text messages, especially for account-related actions. When in doubt, don’t click the link—instead, open your banking app directly or visit the official website by typing the URL manually.

Social media phishing

Social media platforms give scammers new opportunities to create convincing fake profiles and pages. They might impersonate customer service accounts, create fake giveaways, or send direct messages requesting personal information. These fake sites often use profile pictures and branding that closely resemble legitimate companies.

Unusual sender behavior is another indicator of a scam across all platforms. This includes messages from contacts you haven’t heard from in years, communications from brands you don’t typically interact with, or requests that seem out of character for the supposed sender.

Examples of fake or scam websites

Scammers have become increasingly cunning in creating fake websites that closely mimic legitimate businesses and services. Here are some real-life examples of how cybercriminals use fake websites to victimize consumers:

USPS-themed scams and websites

Scammers exploit your trust in the United States Postal Service (USPS), designing sophisticated fake websites to steal your personal information, payment details, or money. They know you’re expecting a package or need to resolve a delivery issue, making you more likely to enter sensitive information without carefully verifying the site’s authenticity.

USPS-themed smishing attacks arrive as text messages stating your package is delayed, undeliverable, or requires immediate action. Common phrases include “Pay $1.99 to reschedule delivery” or “Your package is held – click here to release.”

Common URL tricks in USPS scams

Scammers use various URL manipulation techniques to make their fake sites appear official. Watch for these red flags:

• Misspelled domains: Sites like “uspps.com,” “uspo.com,” or “us-ps.com” instead of the official “usps.com”
• Extra characters: URLs containing hyphens, numbers, or additional words like “usps-tracking.com” or “usps2024.com”
• Different extensions: Domains ending in .net, .org, .info, or country codes instead of .com
• Subdomain tricks: URLs like “usps.fake-site.com” where “usps” appears as a subdomain rather than the main domain
• HTTPS absence: Legitimate USPS pages use secure HTTPS connections, while some fake sites may only use HTTP

Verify through official USPS channels

Always verify package information and delivery issues through official USPS channels before taking any action on suspicious websites or messages:

• Official USPS website: Report the incident directly to usps.com by typing the URL into your browser rather than clicking links from emails or texts. Use the tracking tool on the homepage to check your package status with the official tracking number.
• Official USPS mobile app: The USPS mobile app, available from official app stores, provides secure access to tracking, scheduling, and delivery management. Verify that you are downloading from USPS by checking the publisher name and official branding.
• USPS Customer Service: If you receive conflicting information or suspect a scam, call USPS Customer Service at 1-800-ASK-USPS (1-800-275-8777) to verify delivery issues or payment requests.
• Your local post office: When you need definitive verification, speak with postal workers at your local USPS location who can access your package information directly in their systems.

Where and how to report fake USPS websites

Reporting fake USPS websites helps protect others from falling victim to these scams and assists law enforcement in tracking down perpetrators.

• Report to USPS: Forward suspicious emails to the United States Postal Inspection Service and report fake websites through the USPS website’s fraud reporting section. The Postal Inspection Service investigates mail fraud and online scams targeting postal customers.
• File with the Federal Trade Commission: Report the fraudulent website at ReportFraud.ftc.gov, providing details about the fake site’s URL, any money lost, and screenshots of the fraudulent pages.
• Contact the Federal Bureau of Investigation: Submit reports through the FBI’s Internet Crime Complaint Center, especially if you provided personal information or lost money to the scam.
• Alert your state attorney general: Many state attorneys general’s offices track consumer fraud and can investigate scams targeting residents in their jurisdiction.

Remember that legitimate USPS services are free for standard delivery confirmation and tracking. Any website demanding payment for basic package tracking or delivery should be treated as suspicious and verified through official USPS channels before providing any personal or financial information.

Tech support pop-up ads scams

According to the Federal Trade Commission, tech support scams cost Americans nearly $1.5 billion in 2024. These types of social engineering attacks are increasingly becoming sophisticated, making it more important than ever to verify security alerts through official channels.

Sadly, many scammers are misusing the McAfee name to create fake tech support pop-up scams and trick you into believing your computer is infected or your protection has expired, and hoping you’ll act without thinking.

These pop-ups typically appear while you’re browsing and claim your computer is severely infected with viruses, malware, or other threats. They use official-looking McAfee logos, colors, and messaging to appear legitimate to get you to call a fake support number, download malicious software, or pay for unnecessary services.

Red flags of fake McAfee pop-up

Learning to detect fake sites and pop-ups protects you from scams. Be on the lookout for these warning signs:

• Offering phone numbers to call immediately: Legitimate McAfee software never displays pop-ups demanding you call a phone number right away for virus removal.
• Requests for remote access: Authentic McAfee alerts won’t ask you for permission to control your computer to “fix” issues remotely.
• Immediate payment demands: Real McAfee pop-ups don’t require instant payment to resolve security threats.
• Countdown timers: Fake alerts often include urgent timers claiming your computer will be “locked” or “damaged” if you don’t act immediately.
• Poor grammar and spelling: Many fraudulent pop-ups contain obvious spelling and grammatical errors.
• Browser-based alerts: Genuine McAfee software notifications appear from the actual installed program, not through your web browser.

Properly close a McAfee-themed pop-up ad

If you see a suspicious pop-up claiming to be from McAfee, here’s exactly what you should do:

1. Close the tab immediately: Don’t click anywhere on the pop-up, not even the “X” button, as this might trigger malware downloads.
2. Use keyboard shortcuts: Press Ctrl+Alt+Delete or Command+Option+Escape (Mac) to force-close your browser safely.
3. Don’t call any phone numbers: Never call support numbers displayed on the pop-ups, as these connect you directly to scammers.
4. Avoid downloading software: Don’t download any “cleaning” or “security” tools offered through pop-ups.
5. Clear your browser cache: After closing the pop-up, clear your browser’s cache and cookies to remove any tracking elements.

Verify your actual McAfee protection status

To check if your McAfee protection is genuinely active and up-to-date:

• Open your installed McAfee software directly: Click on the McAfee icon in your system tray or search for McAfee in your start menu.
• Visit the official McAfee website: Go directly to mcafee.com by typing it into your address bar.
• Log in to your McAfee account: Check your subscription status through your official McAfee online account.
• Use the McAfee mobile app: Download the official McAfee Mobile Security app to monitor your protection remotely.

Remember, legitimate McAfee software updates and notifications come through the installed program itself, not through random browser pop-ups. Your actual McAfee protection works quietly in the background without bombarding you with alarming messages.

Crush fake tech support pop-ups

Stay protected by trusting your installed McAfee software and always verifying security alerts through official McAfee channels, such as your installed McAfee dashboard or the official website.

1. Close your browser safely. If you see a fake McAfee pop-up claiming your computer is infected, don’t click anything on the pop-up. Instead, close your browser completely using Alt+F4 (Windows) or Command+Q (Mac). If the pop-up does not close, open Task Manager (Ctrl+Shift+Esc) and end the browser process. This prevents any malicious scripts from running and stops the scammers from accessing your system.
2. Clear browser permissions. Fake security pop-ups often trick you into allowing notifications that can bombard you with more scam alerts. Go to your browser settings and revoke notification permissions for suspicious sites. In Chrome, go to Settings > Privacy and Security > Site Settings > Notifications, then remove any unfamiliar or suspicious websites from the list of allowed sites.
3. Remove suspicious browser extensions. Malicious extensions can generate fake McAfee alerts and redirect you to scam websites. Check your browser extensions by going to the extensions menu and removing any that you don’t recognize or that you didn’t intentionally install.
4. Reset your browser settings. If fake pop-ups persist, reset your browser to its default settings to remove unwanted changes made by malicious websites or extensions, while preserving your bookmarks and saved passwords. In most browsers, you can find the reset option under Advanced Settings.
5. Run a complete security scan. Use your legitimate antivirus software to perform a full system scan. If you don’t have security software, download a reputable program from the official vendor’s website only, such as McAfee Total Protection, to detect and remove any malware that might be generating the fake pop-ups.
6. Update your operating system and browser. Ensure your device has the latest security and web browser updates installed, which often include patches for vulnerabilities that scammers exploit. Enable automatic updates to stay protected against future threats.
7. Review and adjust notification settings. Configure your browser to block pop-ups and block sites from sending you notifications. You could be tempted to allow some sites to send you alerts, but we suggest erring on the side of caution and just block all notifications.

Steps to take if you visited or purchased from a fake site

Be prepared and know how to respond quickly when something doesn’t feel right. If you suspect you’ve encountered a fake website, trust your instincts and take these protective steps immediately.

1. Disconnect immediately: Close your browser by using Alt+F4 (Windows), Ctrl + W (Chrome), or Command+Q (Mac) on your keyboard.
2. Run a comprehensive security scan: If you suspect a virus or malware, disconnect from the internet to prevent data transmission. Conduct a full scan using your antivirus software to detect and remove any potential threats that may have been downloaded.
3. Contact your credit card issuer: Call the number on the back of your card and report the fraudulent charges for which you can receive zero liability protection. Card companies allow up to 60 days for charge disputes under federal law and can refund payments made to the fake store. Consider requesting a temporary freeze on your account while the investigation proceeds.
4. Cancel your credit card: Request a replacement card with a new number to give you a fresh start. Your card issuer can expedite the request if needed, often within 24-48 hours.
5. Document everything thoroughly: Save all emails, receipts, order confirmations, and screenshots of the fake website before it potentially disappears. This documentation will be crucial for your chargeback and insurance claims, and any legal proceedings.
6. Update passwords on other accounts: Scammers often test stolen credentials across multiple platforms, so if you reused the same password on the fake site that you use elsewhere, change those passwords immediately. Enable two-factor authentication on important accounts like email, banking, and social media.
7. Stay alert for follow-up scams: Scammers may attempt to contact you via phone, email, or text claiming to “resolve” your situation through fake shipping notifications, additional payments to “release” your package, or “refunds” on your money in exchange for personal information.
8. Monitor your credit and financial accounts. Keep a close eye on your bank and credit card statements for several months and place a fraud alert on your credit reports through one of the three major credit bureaus—TransUnion, Equifax, and Experian. Consider a credit freeze for maximum protection.
9. Check for legitimate alternatives. If you were trying to purchase a specific product, research authorized retailers or the manufacturer’s official website. Verify business credentials, secure payment options, and return policies before making new purchases.

Report a scam website, email, or text message

• Federal Trade Commission: Report fraudulent websites to the FTC, which investigates consumer complaints and uses this data to identify patterns of fraud and take enforcement action against scammers.
• FBI’s Internet Crime Complaint Center: Submit detailed reports to the IC3 for suspected internet crimes. IC3 serves as a central hub for reporting cybercrime and coordinates with law enforcement agencies nationwide.
• State Attorney General: If the fake store claimed to be located in your state, consider reporting to your state attorney general’s office, as these have dedicated fraud reporting systems and can take action against businesses operating within state boundaries. Find your state’s reporting portal through the National Association of Attorneys General website.
• Domain registrar, hosting provider, social media: Look up the website’s registration details using a WHOIS tool, then report abuse to both the domain registrar and web hosting company. Most providers have dedicated abuse reporting emails and will investigate violations of their terms of service. If the fake page is on social media, you can report it to the platform to protect other consumers.
• Search engines: Report fraudulent sites to Google through their spam report form and to Microsoft Bing via their webmaster tools to prevent the fake sites from appearing in search results.
• The impersonated brand: If scammers are impersonating a legitimate company, report directly to that company’s fraud department or customer service. Most brands have dedicated channels for reporting fake websites and will work to shut them down.
• Share your experience to protect others: Leave reviews on scam-reporting websites such as the Better Business Bureau’s Scam Tracker or post about your experience on social media to warn friends and family. Your experience can help others avoid the same trap and contribute to the broader fight against online fraud.
• Essential evidence to gather:
  • Full website URL and any redirected addresses
  • Screenshots of the fraudulent pages, including fake logos or branding
  • Transaction details, if you made a purchase (receipts, confirmation emails, payment information)
  • Email communications from the scammers
  • Date and time when you first encountered the site
  • Any personal information you may have provided

• Additional reporting resources: The CISA maintains an updated list of reporting resources, while the Anti-Phishing Working Group investigates cases of fake sites that appear to be collecting personal information fraudulently. For text message scams, forward the message to 7726 (SPAM).

Final thoughts

Recognizing fake sites and emails becomes easier with practice. The key is to trust your instincts—if something feels suspicious or too good to be true, take a moment to verify through official channels. With the simple verification techniques covered in this guide, you can confidently navigate the digital world and spot fake sites and emails before they cause harm.

Your best defense is to make these quick security checks a regular habit—verify URLs, look for secure connections, and trust your instincts when something feels off. Go directly to the source or bookmark your most frequently used services and always navigate to them. Enable two-factor authentication on important accounts, and remember that legitimate companies will never ask for sensitive information via email. Maintaining healthy skepticism about unsolicited communications will protect not only your personal information but also help create a safer online environment for everyone.

For the latest information on fake websites and scams and to report them, visit the Federal Trade Commission’s scam alerts or the FBI’s Internet Crime Complaint Center.

The post Ways to Tell if a Website Is Fake appeared first on McAfee Blog.

I think I could count on one hand the people I know who have NOT had their email hacked. Maybe they found a four-leaf clover when they were kids! Email hacking is one of the very unfortunate downsides of living in our connected, digital world. And it usually occurs as a result of a data breach – a situation that even the savviest tech experts find themselves in.

What is a data breach?

In simple terms, a data breach happens when personal information is accessed, disclosed without permission, or lost. Companies, organisations, and government departments of any size can be affected. Data stolen can include customer login details (email addresses and passwords), credit card numbers, identifying IDs of customers e.g. driver’s license numbers and/or passport numbers, confidential customer information, company strategy, or even matters of national security.

Data breaches have made headlines, particularly over the last few years. When the Optus and Medibank data breaches hit the news in 2022 affecting almost 10 million Aussies apiece, we were all shaken. But then when Aussie finance company Latitude was affected in 2023 with a whopping 14 million people from both Australia and New Zealand, it almost felt inevitable that by now, most of us would have been impacted.

The reality is that data breaches have been happening for years. In fact, the largest data breach in Australian history happened in 2019 to the online design site Canva which affected 139 million users globally. In short, it can happen to anyone, and the chances are you may have already been affected.

Your email is more valuable than you think

The sole objective of a hacker is to get their hands on your data. Any information that you share in your email account can be very valuable to them. Why do they want your data, you ask? It’s simple really – so they can cash in!

Some will keep the juicy stuff for themselves – passwords or logins to government departments or large companies they may want to ’target’ with the aim of extracting valuable data and/or funds. The more sophisticated ones will sell your details including name, telephone, email address, and credit card details to cash in on the dark web. They often do this in batches. Some experts believe they can get as much as AU$250 for a full set of details including credit cards. So, you can see why they’d be interested in you.

The other reason why hackers will be interested in your email address and password is that many of us re-use our login details across our other online accounts. Once they’ve got their hands on your email credentials, they may be able to access your online banking and investment accounts, if you use the same credentials everywhere. So, you can see why I harp on about using a unique password for every online account!

How big is the problem?

There is a plethora of statistics on just how big this issue is – all of them concerning. According to the Australian Institute of Criminology, of all the country’s cybercrime reports in 2024, about 21.9% involved identity theft and misuse. The Australian Bureau of Statistics adds that the identity theft victimisation rate has steadily increased from 0.8% to 1.2% from 2021 to 2024, respectively.

Meanwhile, The Australian Government revealed that at least one cybercrime is reported every 6 minutes, with business email compromise alone costing the national economy up to $84 million in losses. Regardless of which statistic you choose to focus on, we have a big issue on our hands.

How does an email account get hacked?

Hackers use a range of techniques—some highly sophisticated, others deceptively simple—to gain access. It is important to know how these attacks happen so you can stay ahead and prevent them.

• Phishing scams: These are deceptive emails that trick you into entering your login details on a fake website that looks legitimate.
• Data breaches: If a website where you used your email and password gets breached, criminals can use those leaked credentials to try and access your email account.
• Weak or reused passwords: Using simple, easy-to-guess passwords or the same password across multiple sites makes it easy for hackers to gain access.
• Malware: Malicious software like keyloggers can be installed on your computer without your knowledge, capturing everything you type, including passwords.
• Unsecure Wi-Fi networks: Using public Wi-Fi without a VPN can expose your data to criminals monitoring the network.

From email hack to identity theft

Yes, absolutely. An email account is often the central hub of your digital life. Once a cybercriminal controls it, they can initiate password resets for your other online accounts, including banking, shopping, and social media. They can intercept sensitive information sent to you, such as financial statements or medical records.

With enough information gathered from your emails, they can commit identity theft, apply for credit in your name, or access other sensitive services. If you suspect your email was hacked, it’s crucial to monitor your financial statements and consider placing a fraud alert with credit bureaus.

Signs that your email has been hacked

• You can no longer log in. The most obvious sign of an email hack is when your password suddenly stops working. Cybercriminals often change the password immediately to lock you out.
• Friends receive strange messages from you. If your contacts report receiving spam or phishing emails from your address that you didn’t send, it’s a major red flag that someone else has control of your account.
• Unusual activity in your folders. Check your “Sent” folder for messages you don’t recognize. Hackers might also set up forwarding rules to send copies of your incoming emails to their own address, so check your settings for any unfamiliar forwarding addresses.
• Password reset emails you didn’t request. Receiving unexpected password reset emails for other services (like your bank or social media) is a sign that a hacker is using your email to try and take over your other online accounts.
• Security alerts from your provider. Pay attention to notifications about new sign-ins from unfamiliar devices, locations, or IP addresses. These are often the first warnings that your account has been compromised.

Steps to email recovery

If you find yourself a victim of email hacking, these are a few very important steps you need to take. Fast.

Change your password

Using a separate, clean device, this is the very first thing you must do to ensure the hacker can’t get back into your account. It is essential that your new password is complex and totally unrelated to previous passwords. Always use random words and characters, a passphrase with a variety of upper and lower cases, and throw in some symbols and numbers.

I really like the idea of a crazy, nonsensical sentence – easier to remember and harder to crack! But, better still, get yourself a password manager that will create a password that no human would be capable of creating. If you find the hacker has locked you out of your account by changing your password, you will need to reset the password by clicking on the ‘Forgot My Password’ link.

Update other accounts that use the same password

This is time-consuming, but essential. Ensure you change any other accounts that use the same username and password as your compromised email. Hackers love the fact that many people use the same logins for multiple accounts, so it is guaranteed they will try your info in other email applications and sites such as PayPal, Amazon, Netflix – you name it!

Once the dust has settled, review your password strategy for all your online accounts. A best practice is to ensure every online account has its own unique and complex password.

Sign out of all devices

Most email services have a security feature that lets you remotely log out of all active sessions. Once you’ve changed your password, signing out from your email account also signs out the hacker and forces them to log-in with the new password, which fortunately they do not know. These, combined with two- or multi-factor authentication, will help you to regain control of your account and prevent further compromise.

Inform your email contacts

A big part of the hacker’s strategy is to get their claws into your address book to hook others as well. Send a message to all your email contacts as soon as possible so they know to avoid opening any emails—most likely loaded with malware—that have come from you.

Commit to multi-factor authentication

Two-factor or multi-factor authentication may seem like an additional, inconvenient step to your login, but it also adds another layer of protection. Enabling this means you will need a special one-time-use code to log in, aside from your password. This is sent to your mobile phone or generated via an authenticator app. So worthwhile!

Check your email settings

It is common for hackers to modify your email settings so that a copy of every email you receive is automatically forwarded to them. Not only can they monitor your logins to other sites; they can also keep a watchful eye on any particularly juicy personal information. So, check your mail forwarding settings to ensure no unexpected email addresses have been added.

Also, ensure your ‘reply to’ email address is actually yours. Hackers have been known to create an email address that looks similar to yours, so that when someone replies, it will go straight to their account, not yours.

Don’t forget to check your email signature to ensure nothing spammy has been added, as well as your recovery phone number and alternate email address. Hackers also change these to maintain control. Update them to your own secure details.

Scan your computer for malware and viruses

Regularly scanning your devices for unwanted invaders is essential. If you find anything, please ensure it is addressed, and then change your email password again. If you don’t have antivirus software, please invest in it.

Comprehensive security software will provide you with a digital shield for your online life, protecting all your devices – including your smartphone – from viruses and malware. Some services also include a password manager to help you generate and store unique passwords for all your accounts.

Consider creating a new email address

If you have been hacked several times and your email provider isn’t mitigating the amount of spam you are receiving, consider starting afresh. Do not, however, delete your old email address because email providers are known to recycle old email addresses. This means a hacker could spam every site they can find with a ‘forgot my password’ request and try to impersonate you and steal your identity.

Your email is an important part of your online identity so being vigilant and addressing any fallout from hacking is essential for your digital reputation. Even though it may feel that getting hacked is inevitable, you can definitely reduce your risk by installing some good-quality security software on all your devices.

Trusted and reliable comprehensive security software will alert you when visiting risky websites, warn you when a download looks dodgy, and block annoying and dangerous emails with anti-spam technology. It makes sense really – if you don’t receive the dodgy phishing email – you can’t click on it. Smart!

Finally, don’t forget that hackers love social media – particularly those of us who overshare on it. So, before you post details of your adorable new kitten, remember it may just provide the perfect clue for a hacker trying to guess your email password!

Report the incident

Reporting an email hack is a crucial step to create a necessary paper trail for disputes with banks or credit agencies. When reporting, gather evidence such as screenshots of suspicious activity, unrecognized login locations and times, and any phishing emails you received. This information can be vital for the investigation.

• Your email provider: Use their official support or recovery channels immediately. They can help you investigate and regain control of your account. Do not use links from suspicious emails claiming to be from support.
• Financial institutions: If you’ve disclosed sensitive financial information or use the email for banking, contact your bank and credit card companies immediately. Alert them to potential fraud and monitor your statements.
• Friends, family, and contacts: Send a message to your contacts warning them that your account was compromised. Advise them not to open suspicious messages or click on links sent from your address during that time.
• Your employer: If it’s a work email, or if your personal email is used for work purposes, notify your IT department immediately. They need to take steps to protect company data and systems.
• Relevant authorities: For financial loss or identity theft, you can report the incident to authorities like the FBI’s Internet Crime Complaint Center or Action Fraud in the UK. This creates an official record and aids in wider law enforcement efforts.

Check if online accounts linked to your email were compromised

• Prioritize critical accounts: Immediately check your online banking, financial, and government-related accounts. Review recent activity for any unauthorized transactions or changes.
• Review social media and shopping sites: Check your social media for posts or messages you didn’t send. Review your online shopping accounts like Amazon for any purchases or address changes you don’t recognize.
• Enable alerts: Turn on login and transaction alerts for your sensitive accounts. This will give you real-time notifications of any suspicious activity in the future.

Should you delete your hacked email account?

Generally, no. Deleting the account can cause more problems than it solves. Many online services are linked to that email, and deleting it means you lose the ability to receive password reset links and security notifications for those accounts.

More importantly, some email providers recycle deleted addresses, meaning a hacker could potentially re-register your old email address and use it to impersonate you and take over your linked accounts.

The better course of action is to regain control, thoroughly secure the account with a new password and multi-factor authentication, and clean up any damage. Only consider migrating to a new email address after you have fully secured the old one.

Future-proof your email after reclaiming control

• Run a full security scan: Before doing anything else, run a comprehensive scan with a trusted antivirus program on all your devices to ensure no malware or keyloggers remain.
• Double-check security settings: Confirm that your recovery email and phone number are correct and that multi-factor authentication is enabled, preferably using an authenticator app rather than SMS.
• Review account permissions: Check which third-party apps and websites have access to your email account. Revoke access for any service you don’t recognize or no longer use.
• Set periodic reminders: Make it a habit to review your account’s security logs and settings every few months to catch any potential issues early.

• Learn to spot phishing: Be skeptical of unsolicited emails asking for personal information or creating a sense of urgency. Check the sender’s address and hover over links before clicking.
• Keep software updated:Regularly update your operating system, web browser, and security software to protect against the latest vulnerabilities.
• Secure your devices: Use comprehensive security software like McAfee+ on all your devices—computers, tablets, and smartphones—to protect against malware, viruses, and risky websites.

Provider-specific email recovery

Each email provider has a specific, structured process for account recovery. It is vital to only use the official recovery pages provided by the service and be wary of scam websites or third-party services that claim they can recover your account for a fee. Below are the official steps of the major providers that you can follow.

Gmail

1. Go to Google’s official Account Recovery page.
2. Enter your email address and follow the on-screen prompts. You will be asked questions to confirm your identity, such as previous passwords or details from your recovery phone number or email.
3. Once you regain access, you will be prompted to create a new password.
4. Immediately visit the Google Security Checkup to review recent activity, remove unfamiliar devices, check third-party app access, and enable 2-step verification.

Yahoo email

1. Navigate to the Yahoo Sign-in Helper page.
2. Enter your email address or recovery phone number and click “Continue.”
3. Follow the instructions to receive a verification code or account key to prove your identity.
4. Once verified, create a new, strong password.
5. After regaining access, go to your Account Security page to review recent activity, check recovery information, and turn on 2-step verification.

Outlook or Hotmail

1. Go to the official Microsoft account recovery page.
2. You’ll need to provide your email, phone, or Skype name, and verify your identity using the security information linked to your account.
3. If you cannot access your recovery methods, you will be directed to an account recovery form where you must provide as much information as possible to prove ownership.
4. After resetting your password, visit your Microsoft account security dashboard to review sign-in activity, check connected devices, and enable two-step verification.

Final thoughts

Your email account is the master key to your digital kingdom, and protecting it is more critical than ever since many of your other accounts are connected with your email. Realizing “my email has been hacked” is a stressful experience, but taking swift and correct action can significantly limit the damage.

By following the recovery steps and adopting strong, ongoing security habits like using a password manager and enabling multi-factor authentication, you can turn a potential crisis into a lesson in digital resilience. Stay vigilant, stay proactive, and keep your digital front door securely locked.

To add another wall of defense, consider investing in a trusted and reliable comprehensive security software like McAfee+. Our solution will help you dodge hacking attempts by alerting you when visiting risky websites, or downloading questionable apps, and blocking malicious emails with anti-spam technology.

The post What to Do If Your Email Is Hacked appeared first on McAfee Blog.