Login
Welcome to the first edition of This Week in Scams, a new weekly series from McAfee breaking down the latest fraud trends, headlines, and real-time threats we’re detecting across the digital landscape.
This week, we’re spotlighting the FBI’s shocking new cybercrime report, the rise of AI-generated deepfakes, and a sophisticated Gmail impersonation scam flagged by Google. We’re also seeing a surge in location-specific toll scams and fake delivery alerts—a reminder that staying ahead of scammers starts with knowing how they operate.
Let’s dive in.
$16.6 Billion Lost to Online Scams in 2024
The FBI’s latest Internet Crime Report is here—and the numbers are staggering. Americans lost $16.6 billion to online scams last year, up from $12.5 billion in 2023. Older adults and crypto investors were hit especially hard, but the agency warns the real total is likely much higher, since many victims never report the crime.
Read more
AI-Powered Deepfake Scams Get More Convincing
Deepfake-enabled fraud has already caused more than $200 million in financial losses in just the first quarter of 2025.
McAfee researchers estimate the average American sees three deepfakes per day, many of which are designed to mimic real people, services, or news stories. Whether it’s fake crypto pitches, job offers, or social media stunts—seeing is no longer believing.
Read more
Google Warns Users of Sophisticated Email Scam
Google is alerting Gmail users to a new type of phishing email that looks like it comes from Google itself. These messages often appear in legitimate email threads and pass all typical security checks, but lead victims to a cloned Google login page designed to steal credentials. The scam highlights how attackers are evolving to outsmart traditional filters.
Read more
McAfee Researchers have observed a recent surge in the following scam types:
Fake Delivery Notifications: Scammers impersonate delivery services like USPS, UPS, and FedEx, sending fake tracking links that install malware or steal payment info
Invoice Scams: Fraudulent messages that claim you owe money for a product or service, often accompanied by a fake invoice PDF or request for payment via phone
Cloud Storage Spoofs: Emails that pretend to be from Google Drive, Dropbox, or OneDrive, prompting you to “log in” to view shared files. The links lead to phishing sites designed to capture your credentials.
Toll Text Scams: Personalized smishing messages that claim you owe a toll and link to fake payment sites. These messages often use location data—like your area code or recent city visits—to appear legitimate. McAfee Labs saw toll scam texts spike nearly 4x between January and February.
This week, Steve Grobman, executive vice president and chief technology officer at McAfee, said the toll scam is effective because it hits all the correct social points for a consumer.
These scams often rely on urgency and familiarity—pretending to be something you trust or expect—to get you to act quickly without double-checking.
Thanks for reading—See you next week with more scam alerts, insights, and protection tips from the McAfee team.
The post This Week in Scams: $16.6 Billion Lost, Deepfakes Rise, and Google Email Scams Emerge appeared first on McAfee Blog.
Job scams are on the rise. And asking the right questions can help steer you clear of them.
That rise in job scams is steep, according to the U.S. Federal Trade Commission (FTC). Recent data shows that reported losses have grown five times over between 2020 and 2024. In 2024 alone, reported losses hit half a billion dollars, with unreported losses undoubtedly pushing actual losses yet higher.
Last week, we covered how “pay to get paid” scams account for a big chunk of online job scams. Here, we’ll cover a couple more that we’ve seen circulating on social media and via texts—and how some pointed questions can help you avoid them.
Some job scammers pose as recruiters from job agencies who reach potential victims the same way legitimate agencies do—by email, text, and networking sites. Sometimes this leaves people with their guard down because it’s not unheard of at all to get contacted this way, “out of the blue” so to speak.
Yet one of the quickest ways to spot a scammer is when the “recruiter” asks to pay a fee for the matchmaking, particularly if they ask for it up front. Legitimate headhunters, temp agencies, and staffing agencies typically get paid by the company or business that ultimately does the hiring. Job candidates don’t pay a thing.
Another form of scam occurs during the “onboarding” process of the job. The scammer happily welcomes the victim to the company and then informs them that they’ll need to take some online training and perhaps buy a computer or other office equipment. Of course, the scammer asks the victim to pay for all of it—leaving the victim out of hundreds of dollars and the scammer with their payment info.
One way you can spot a job scam is to press for answers. Asking pointed questions about a company and the job it’s offering, just as you would in any real interview, can reveal gaps in a scammer’s story. In effect, scammers are putting on an acting job, and some don’t thoroughly prepare for their role. They don’t think through the details, hoping that victims will be happy enough about a job prospect to ask too many questions.
If the hiring process moves quicker than expected or details about a job seem light, it’s indeed time to ask questions. Here are a few you can keep handy when you start to wonder if you have a scam on your hands …
This is a great place to start. Legitimate employers write up job listings that they post on their website and job sites. In those descriptions, the work and everything it entails gets spelled out to the letter. A real employer should be able to provide you with a job description or at least cover it clearly over the course of a conversation.
This one can trip up a scammer quickly. A scammer might avoid giving a physical address. Likewise, they might offer up a fake one. Either a non-answer or a lie can readily call out a scam by following up the question with a web search for a physical address. (Resources like the Better Business Bureau can also help you research a company and its track record.)
Asking about co-workers, bosses, reporting structures and the like can also help sniff out a scam. Real employers, once again, will have ready answers here. They might even start dropping names and details about people’s tenure and background. Meanwhile, this is one more place where scammers might tip their hand because they haven’t made up those details.
This question alone can offer a telltale sign. Many job scams move through the hiring process at relative breakneck speed—skipping past the usual interview loops and callbacks that many legitimate jobs have. Scammers want to turn over their victims quickly, so they’ll make the “hiring process” quick as well. If it feels like you’re blazing through the steps, it could be a scam.
Every business has a story, even if it’s still in its startup days. Anyone in a recruiting or hiring position will have a good handle on this question, as they will on any follow-up questions about the company’s mission or goals. Again, vagueness in response to these kinds of questions could be a sign of a scam.
Whether it’s through social media sites like Facebook, Instagram, and the like, scammers often reach out through direct messages. Recruiters stick to legitimate business networking sites like LinkedIn. Companies maintain established accounts on recruiting platforms that people know and trust, so view any contact outside of them as suspicious.
Scammers use the “hiring process” to trick people into providing their personal info with malicious links. Web protection, included in our plans, can steer you clear of them. Likewise, our Scam Detector scans URLs in your text messages and alerts you if they’re sketchy. If you accidentally click a bad link, both web and text scam protection will block a risky site.
Many scammers get your contact info from data broker sites. McAfee’s Personal Data Cleanup scans some of the riskiest data broker sites, shows you which ones are selling your personal info, and, depending on your plan, can help you remove it. Our Social Privacy Manager lowers your public profile lower still. It helps you adjust more than 100 privacy settings across your social media accounts in just a few clicks, so your personal info is only visible to the people you want to share it with.
The post Interviewing for a Job? Spot a Scam with These Questions appeared first on McAfee Blog.
As Tax Day looms and last-minute taxpayers feel the pressure, a surge of IRS scams is on the rise.
Research by our McAfee Labs team projects a fresh wave of sophisticated tax scams as the stress of peak filing season sets in, with bogus text messages leading the way.
Nearly half of taxpayers complete their taxes between mid-March and April 15, which gives scammers ample opportunity to cash in as people rush their filings with the IRS.
Based on our data from 2024, here’s what we can expect in the coming days:
In addition to posing as the IRS, scammers will pose as tax prep and tax software companies as well. Just as in years past, taxpayers can further expect scams built around quick refunds and easy filing solutions that are actually fronts for scams. Yet whatever guise scammers put on, their aim remains the same. They want to dupe taxpayers out of their personal and financial info.
Tax season is high season for scammers because so much personal info gets gathered and shared online. With that, many taxpayers have their guard down. They expect to see messages, ads, and so forth about their taxes, which can make them more willing to share some of their most personal info. That’s where scammers step in. They want to:
Looking at this list, you can see what makes tax scams so damaging. Many of them target our most precious of personal info—our Social Security Numbers (SSNs).
A stolen SSN opens the door to some of the most painful forms of identity theft, like imposter fraud, insurance fraud, employment fraud, and more. These follow-on attacks can cause great harm to a victim’s finances and reputation in ways that can take months, or even years, to repair.
In effect, tax scams deliver a one-two punch.
It begins by baiting the victim with a phony message from a scammer posing as the IRS, a tax prep business, or a tax software company. That might come by email, a direct message on social media, or even in paid search results.
Largely, scammers bait victims with texts. Mobile attacks indeed dominate the preferred contact method, just as we called out. Here, scammers often use link shorteners to disguise fraudulent links. (You’ve likely seen plenty of link shorteners like bit.ly and goo.gl. They make it easier to share long addresses, but the flipside is that there’s no quick way to tell where they really take you.)
In some cases, scammers attempt to trick taxpayers by weaving “irs.gov” into the web address. Below you can see one example, where the domain isn’t “irs.gov.” It’s actually “entes-tax[dot]com,” which leads to a scam site.
Scam texts that weave “irs.gov” into a malicious link
As for the text itself, scammers send urgent-sounding messages about tax returns like, “Your refund is on hold, contact the IRS immediately.” Other scammers use fear, leveling threats like jail time for non-payment. In other cases, scammers threaten to revoke things like driver’s licenses and business licenses, or even immigration status. According to the IRS, these are common signs of a scam. The IRS never uses threats or tactics like these to resolve tax issues.
The second punch comes by clicking the link in these messages, which leads to IRS copycat scam sites. And they can look convincing. The most sophisticated of them mirror the look and feel of the official IRS website and use URLs that look “close enough” to an IRS URL, which can trick anyone who doesn’t examine them closely.
Example of a fake IRS claim website
And that’s where the damage gets done. Under the false pretense of receiving a refund or making a payment, the scammers collect that precious personal info we talked about, which can cause short- and long-term fallout for victims.
The same approach works for scammers who pose as tax prep services and tax software companies. The texts and websites look different, yet they’re still part of a scheme for collecting the same types of personal and financial info.
Clever as these scams are, you can avoid them. The first step is awareness. By reading this article and sharing it with others, you spread the word about these scams and just how rampant they are.
From there, you can take several more steps that can keep you far safer during tax time:
The post Your Phone Is the #1 Target in a New Wave of IRS Scams, McAfee Finds appeared first on McAfee Blog.
Al Roker never had a heart attack. He doesn’t have hypertension. But if you watched a recent deepfake video of him that spread across Facebook, you might think otherwise.
In a recent segment on NBC’s TODAY, Roker revealed that a fake AI-generated video was using his image and voice to promote a bogus hypertension cure—claiming, falsely, that he had suffered “a couple of heart attacks.”
“A friend of mine sent me a link and said, ‘Is this real?'” Roker told investigative correspondent Vicky Nguyen. “And I clicked on it, and all of a sudden, I see and hear myself talking about having a couple of heart attacks. I don’t have hypertension!”
The fabricated clip looked and sounded convincing enough to fool friends and family—including some of Roker’s celebrity peers. “It looks like me! I mean, I can tell that it’s not me, but to the casual viewer, Al Roker’s touting this hypertension cure… I’ve had some celebrity friends call because their parents got taken in by it.”
While Meta quickly removed the video from Facebook after being contacted by TODAY, the damage was done. The incident highlights a growing concern in the digital age: how easy it is to create—and believe—convincing deepfakes.
“We used to say, ‘Seeing is believing.’ Well, that’s kind of out the window now,” Roker said.
Al Roker isn’t the first public figure to be targeted by deepfake scams. Taylor Swift was recently featured in an AI-generated video promoting fake bakeware sales. Tom Hanks has spoken out about a fake dental plan ad that used his image without permission. Oprah, Brad Pitt, and others have faced similar exploitation.
These scams don’t just confuse viewers—they can defraud them. Criminals use the trust people place in familiar faces to promote fake products, lure them into shady investments, or steal their personal information.
“It’s frightening,” Roker told his co-anchors Craig Melvin and Dylan Dreyer. Craig added: “What’s scary is that if this is where the technology is now, then five years from now…”
Nguyen demonstrated just how simple it is to create a fake using free online tools, and brought in BrandShield CEO Yoav Keren to underscore the point: “I think this is becoming one of the biggest problems worldwide online,” Keren said. “I don’t think that the average consumer understands…and you’re starting to see more of these videos out there.”
According to McAfee’s State of the Scamiverse report, the average American sees 2.6 deepfake videos per day, with Gen Z seeing up to 3.5 daily. These scams are designed to be believable—because the technology makes it possible to copy someone’s voice, mannerisms, and expressions with frightening accuracy.
And it doesn’t just affect celebrities:
While the technology behind deepfakes is advancing, there are still ways to spot—and stop—them:
And most importantly, be skeptical of celebrity endorsements on social media. If it seems out of character or too good to be true, it probably is.
McAfee’s Deepfake Detector, powered by AMD’s Neural Processing Unit (NPU) in the new Ryzen
AI 300 Series processors, identifies manipulated audio and video in real time—giving users a critical edge in spotting fakes.
This technology runs locally on your device for faster, private detection—and peace of mind.
Al Roker’s experience shows just how personal—and persuasive—deepfake scams have become. They blur the line between truth and fiction, targeting your trust in the people you admire.
With McAfee, you can fight back.
The post ‘Seeing is Believing is Out the Window’: What to Learn From the Al Roker AI Deepfake Scam appeared first on McAfee Blog.
We’re thrilled to share that McAfee has earned two prestigious AV-TEST Awards: Best Advanced Protection and Best Performance for Consumer Users.
“We are honored to receive both the Best Advanced Protection and the Best PC Performance awards,” said McAfee’s Chief Technology Officer, Steve Grobman. “AV-TEST is a renowned institute with an excellent reputation for independent analysis and quality assurance, and this recognition reinforces our leadership in online protection. As our digital world continues to evolve, so do the tactics of cybercriminals. With McAfee’s AI-powered threat protection, we can stay one step ahead and keep our customers safe from scams without compromising PC performance.”
These awards recognize our commitment to delivering powerful protection from malware, data stealers, and other threats—without slowing down your devices. Throughout 2024, McAfee consistently excelled in AV-TEST’s rigorous evaluations, standing out for both threat detection and system efficiency.
As the only vendor to top both categories in 2024, McAfee is proud to provide trusted protection that enhances—not hinders—your PC’s performance.
McAfee Total Protection isn’t just antivirus software—it’s an all-in-one digital safety solution designed to keep your identity, devices, and privacy protected across unlimited devices. Here’s a breakdown of what’s inside:
With McAfee Total Protection, you get real-time defense powered by artificial intelligence to block viruses, malware, and phishing scams before they can reach you. It works across all your compatible devices—Windows, macOS, iOS, and Android—so you’re covered wherever you go.
Our Secure VPN uses bank-grade encryption to shield your personal info and browsing activity, especially on public Wi-Fi.
Keep your online accounts secure with our built-in password manager, which stores, generates, and auto-fills strong passwords across devices. That means one less thing to remember—and a lot more peace of mind.
Protect yourself and your loved ones with the award-winning solution that topped both protection and performance rankings in 2024. Start your free trial of McAfee Total Protection today.
The post McAfee Wins AV-TEST Awards for Best Advanced Protection and Best Performance appeared first on McAfee Blog.
Cybercriminals are getting smarter. They’re now using a development toolkit called .NET MAUI to create fake apps that look and feel like the real thing—banking apps, dating apps, and even social media. But instead of helping you, these apps secretly steal your private info.
We break down the full research from McAfee Labs here:
.NET MAUI is a tool used by developers to build apps that work on many devices—like phones, tablets, and computers—all from one set of code.
That’s great for app creators. But now, hackers are using it too. While McAfee is able to detect this malware, the decision to build with .NET MAUI helps hide their dangerous code from most antivirus software. Think of it like a thief wearing an invisibility cloak—unless you’re really looking, you won’t see them.
Hackers are creating apps that look like they’re from real companies. For example, one fake app pretended to be IndusInd Bank, asking users to enter sensitive information like:
Once you hit submit, that info goes straight to the hacker’s server.
Figure 1. Fake IndusInd Bank app’s screen requesting user information
Normal Android apps have code in a format security tools can scan. These fake apps hide their code in binary files so it can’t be easily detected. That lets them stay on your phone longer—stealing quietly in the background.
In another case, hackers made an app that pretended to be a social media platform. This one targeted Chinese-speaking users and was even trickier than the fake bank app.
Here’s what it did:
And instead of using regular internet traffic, it sent stolen data through secret encrypted channels—so even if someone intercepted it, they couldn’t read it.
Figure 2. Various fake apps using the same technique
These apps aren’t in the Google Play Store. Instead, hackers are sharing them on:
So if someone sends you a link to a cool new app that’s not from the Play Store—be extra careful.
Here are a few easy ways to stay safe:
Hackers are getting creative, but you can stay one step ahead. These new .NET MAUI-based threats are sneaky—but they’re not unstoppable.
With smart habits and the right tools, you can keep your phone and your personal info safe. Want real-time protection on your phone? Download McAfee+ and get ahead of the latest threats.
The post New Android Malware Sneaks Past Security by Pretending to Be Real Apps appeared first on McAfee Blog.
The collapse of genetic testing giant 23andMe has raised serious privacy concerns for millions of people who shared their DNA with the company. Once valued at $6 billion, the company has filed for bankruptcy and is now selling off assets—including, potentially, your genetic data.
If you’ve ever used 23andMe to explore your ancestry or health traits, now is the time to take action.
Here’s what’s going on, what it means for your data, how to delete your account, and steps you can take to better protect your online privacy going forward.
23andMe, once a pioneer in at-home genetic testing, has fallen into financial distress after a series of challenges, including a massive data breach in 2023 that exposed personal information of nearly 7 million users, according to TechCrunch. The company’s value plummeted by more than 99%, leading to mass board resignations and a March 2024 bankruptcy filing.
Now, as 23andMe prepares to sell off its assets under court supervision, its massive database of customer DNA—reportedly from more than 15 million users—is on the table. Despite the company’s assurances that its privacy policy remains in effect, experts and privacy advocates warn that your sensitive genetic data could end up in the hands of third parties, including pharmaceutical companies or even law enforcement agencies.
If you used 23andMe, yes.
Genetic data is some of the most personal information you can share. It can reveal details about your ancestry, health risks, and even family secrets. With 23andMe not covered by HIPAA (the federal health privacy law), your DNA data isn’t protected the way medical records at a doctor’s office would be, The Harvard Gazette reports.
Although 23andMe claims it won’t share individual-level data without consent, it does reserve the right to sell or transfer personal information as part of a bankruptcy or acquisition. That means your data could be bought by another company—one with different privacy practices or intentions.
California residents, in particular, have the legal right to delete their data under the Genetic Information Privacy Act (GIPA) and the California Consumer Privacy Act (CCPA).
If you’re ready to take action, here’s how to delete your genetic data and revoke research permissions through your 23andMe account:
Your DNA isn’t the only personal data at risk. From email addresses and home addresses to phone numbers and even shopping habits, data brokers are collecting and selling your information online—often without your knowledge or consent.
That’s why it’s critical to take control of your digital footprint. All McAfee+ plans provide the ability to scan the web for details of your personal information. McAfee’s Online Account Cleanup scans for accounts you no longer use and helps you delete them, along with your personal info. McAfee’s Personal Data Cleanup, takes this a step further, by scanning data broker sites for your personal information, and requesting the removal of you details from those sites.
Combined, these tools can give you back control over your privacy. All our McAfee+ plans include scans to find your accounts and direct you on how to remove your data.
Bottom Line: If you’ve ever used 23andMe, your genetic data could be at risk of being transferred or sold. Take action now by deleting your account and revoking permissions. And to keep the rest of your personal data protected, use tools like McAfee+ to keep your personal data safe online.
The post How to Delete Your Data from 23andMe and Protect Your Privacy appeared first on McAfee Blog.
Online scams are evolving faster than ever, with cybercriminals using AI, deepfake technology, and social engineering to trick unsuspecting users.
In the past year, Americans have been targeted by an average of 14 scam messages per day, and deepfake scams have surged 1,740% in North America, according to McAfee’s State of the Scamiverse report.
These scams go beyond simple phishing emails—scammers now impersonate trusted companies, friends, and even loved ones, making it critical to recognize the warning signs before falling victim.
Here’s how you can spot an online scam and protect yourself:
Scams are scary, but you can prevent yourself from falling for one by knowing what to look for. Here are a few tell-tale signs that you’re dealing with a scammer.
If you get a message that you’ve won a big sum of cash in a sweepstakes you don’t remember entering, it’s a scam. Scammers may tell you that all you need to do to claim your prize is send them a small fee or give them your banking information.
When you enter a real sweepstakes or lottery, it’s generally up to you to contact the organizer to claim your prize. Sweepstakes aren’t likely to chase you down to give you money.
Scammers will often ask you to pay them using gift cards, money orders, cryptocurrency (like Bitcoin), or through a particular money transfer service. Scammers need payments in forms that don’t give consumers protection.
Gift card payments, for example, are typically not reversible and hard to trace. Legitimate organizations will rarely, if ever, ask you to pay using a specific method, especially gift cards.
When you have to make online payments, it’s a good idea to use a secure service like PayPal. Secure payment systems can have features to keep you safe, like end-to-end encryption.
Scammers may try to make you panic by saying you owe money to a government agency and you need to pay them immediately to avoid being arrested. Or the criminal might try to tug at your heartstrings by pretending to be a family member in danger who needs money.
Criminals want you to pay them or give them your information quickly — before you have a chance to think about it. If someone tries to tell you to pay them immediately in a text message, phone call, or email, they’re likely a scammer.
Many scammers pretend to be part of government organizations like the Internal Revenue Service (IRS). They’ll claim you owe them money. Criminals can even use technology to make their phone numbers appear legitimate on your caller ID.
If someone claiming to be part of a government organization contacts you, go to that organization’s official site and find an official support number or email. Contact them to verify the information in the initial message.
Scammers may also pretend to be businesses, like your utility company. They’ll likely say something to scare you, like your gas will be turned off if you don’t pay them right away.
Most legitimate organizations will thoroughly proofread any copy or information they send to consumers. Professional emails are well-written, clear, and error-free. On the other hand, scam emails will likely be full of grammar, spelling, and punctuation errors.
It might surprise you to know that scammers write sloppy emails on purpose. The idea is that if the reader is attentive enough to spot the grammatical mistakes, they likely won’t fall for the scam.
There are certain scams that criminals try repeatedly because they’ve worked on so many people. Here are a few of the most common scams you should watch out for.
A phishing scam can be a phone or email scam. The criminal sends a message in which they pretend to represent an organization you know. It directs you to a fraud website that collects your sensitive information, like your passwords, Social Security number (SSN), and bank account data. Once the scammer has your personal information, they can use it for personal gain.
Phishing emails may try anything to get you to click on their fake link. They might claim to be your bank and ask you to log into your account to verify some suspicious activity. Or they could pretend to be a sweepstakes and say you need to fill out a form to claim a large reward.
During the coronavirus pandemic, new phishing scams have emerged, with scammers claiming to be part of various charities and nonprofits. Sites like Charity Navigator can help you discern real groups from fake ones.
These scams also became much more prominent during the pandemic. Let’s say you’re preparing to fly to Paris with your family. A scammer sends you a message offering you an insurance policy on any travel plans you might be making. They’ll claim the policy will compensate you if your travel plans fall through for any reason without any extra charges.
You think it might be a good idea to purchase this type of insurance. Right before leaving for your trip, you have to cancel your plans. You go to collect your insurance money only to realize the insurance company doesn’t exist.
Real travel insurance from a licensed business generally won’t cover foreseeable events (like travel advisories, government turmoil, or pandemics) unless you buy a Cancel for Any Reason (CFAR) addendum for your policy.
Grandparent scams prey on your instinct to protect your family. The scammer will call or send an email pretending to be a family member in some sort of emergency who needs you to wire them money. The scammer may beg you to act right away and avoid sharing their situation with any other family members.
For example, the scammer might call and say they’re your grandchild who’s been arrested in Mexico and needs money to pay bail. They’ll say they’re in danger and need you to send funds now to save them.
If you get a call or an email from an alleged family member requesting money, take the time to make sure they’re actually who they say they are. Never wire transfer money right away or over the phone. Ask them a question that only the family member would know and verify their story with the rest of your family.
You get an email from a prince. They’ve recently inherited a huge fortune from a member of their royal family. Now, the prince needs to keep their money in an American bank account to keep it safe. If you let them store their money in your bank account, you’ll be handsomely rewarded. You just need to send them a small fee to get the money.
There are several versions of this scam, but the prince iteration is a pretty common one. If you get these types of emails, don’t respond or give out your financial information.
Your online experience is rudely interrupted when a pop-up appears telling you there’s a huge virus on your computer. You need to “act fast” and contact the support phone number on the screen. If you don’t, all of your important data will be erased.
When you call the number, a fake tech support worker asks you for remote access to your device to “fix” the problem. If you give the scammer access to your device, they may steal your personal and financial information or install malware. Worse yet, they’ll probably charge you for it.
These scams can be pretty elaborate. A scam pop-up may even appear to be from a reputable software company. If you see this type of pop-up, don’t respond to it. Instead, try restarting or turning off your device. If the device doesn’t start back up, search for the support number for the device manufacturer and contact them directly.
Scammers will often pose as popular e-commerce companies by creating fake websites. The fake webpages might offer huge deals on social media. They’ll also likely have a URL close to the real business’s URL but slightly different.
Sometimes, a criminal is skilled enough to hack the website of a large online retailer. When a scammer infiltrates a retailer’s website, they can redirect where the links on that site lead. This is called formjacking.
For example, you might go to an e-commerce store to buy a jacket. You find the jacket and put it in your online shopping cart. You click “check out,” and you’re taken to a form that collects your credit card information. What you don’t know is that the checkout form is fake. Your credit card number is going directly to the scammers.
Whenever you’re redirected from a website to make a payment or enter in information, always check the URL. If the form is legitimate, it will have the same URL as the site you were on. A fake form will have a URL that’s close to but not exactly the same as the original site.
These scams are similar to tech support scams. However, instead of urging you to speak directly with a fake tech support person, their goal is to get you to download a fake antivirus software product (scareware).
You’ll see a pop-up that says your computer has a virus, malware, or some other problem. The only way to get rid of the problem is to install the security software the pop-up links to. You think you’re downloading antivirus software that will save your computer.
What you’re actually downloading is malicious software. There are several types of malware. The program might be ransomware that locks up your information until you pay the scammers or spyware that tracks your online activity.
To avoid this scam, never download antivirus software from a pop-up. You’ll be much better off visiting the website of a reputable company, like McAfee, to download antivirus software.
Dealing with credit card debt can be extremely stressful. Scammers know this and try to capitalize off it. They’ll send emails posing as credit experts and tell you they can help you fix your credit or relieve some of your debt. They might even claim they can hide harmful details on your credit report.
All you have to do is pay a small fee. Of course, after you pay the fee, the “credit expert” disappears without helping you out with your credit at all. Generally, legitimate debt settlement firms won’t charge you upfront. If a credit relief company charges you a fee upfront, that’s a red flag.
Before you enter into an agreement with any credit service, check out their reputation. Do an online search on the company to see what you can find. If there’s nothing about the credit repair company online, it’s probably fake.
Admitting that you’ve fallen for an online scam can be embarrassing. But reporting a scammer can help stop them from taking advantage of anyone else. If you’ve been the victim of an online scam, try contacting your local police department and filing a report with the Federal Trade Commission (FTC).
Several other law enforcement organizations handle different types of fraud. Here are a few examples of institutions that can help you report scams.
Fraudsters shouldn’t stop you from enjoying your time online. Just by learning to spot an online scam, you can greatly strengthen your immunity to cybercrimes.
For an even greater internet experience, you’ll want the right tools to protect yourself online. McAfee+ can help you confidently surf the web by providing all-in-one protection for your personal info and privacy. This includes identity protection — which comes with 24/7 monitoring of your email addresses and bank accounts — and antivirus software to help safeguard your internet connection.
Get the peace of mind that comes with McAfee having your back.
The post How to Recognize an Online Scammer appeared first on McAfee Blog.
In a digital landscape hungry for the next big thing in Artificial Intelligence, a new contender called DeepSeek recently burst onto the scene and has quickly gained traction for its advanced language models.
Positioned as a low-cost alternative to industry giants like OpenAI and Meta, DeepSeek has drawn attention for its rapid growth, affordability, and potential to reshape the AI landscape.
Unfortunately, a recent investigation by McAfee Labs found that the same hype is now fueling a barrage of malware attacks disguised as DeepSeek software and updates.
Here’s a breakdown of those research findings:
It starts with a user searching online to find DeepSeek to use for themselves. Innocent enough. The problem comes from malicious results that promise access to DeepSeek, but actually steal data and infect computers.
McAfee Labs’ blog post pulls back the curtain on three main deception methods:
1. Fake “DeepSeek” Installers
2. Unrelated Third-Party Software Installs
3. Fake Captcha Pages
McAfee’s experts underscore the importance of careful online habits and shares best practices to keep threats at bay:
FreshRSS Windows + R and paste something you can’t see in full, don’t do it.
McAfee Labs’ findings reveal just how adaptable—and opportunistic—cybercriminals can be when fresh digital gold rushes emerge. By following basic security practices and staying skeptical about anything that seems too good to be true, you can explore new AI frontiers without handing over the keys to your device.
When in doubt, stop, do your due diligence, and only download from verified sources. Your curiosity about the latest tech trends shouldn’t come at the cost of your personal data or system security.
The post Bogus ‘DeepSeek’ AI Installers Are Infecting Devices with Malware, Research Finds appeared first on McAfee Blog.
Tax season is already stressful for many Americans, and to make matters worse, it’s also a golden opportunity for scammers.
According to a new 2025 tax season survey conducted by McAfee, nearly half (48%) of people say they, or someone they know, has received a message via email, social media, phone call, or text message falsely claiming to be from the IRS or an official state tax authority.
And when these deceptive messages and other manipulative AI practices work, research reveals it costs — a lot.
Gen Z adults (18-24) surveyed by McAfee reported experiencing the most scams, with nearly 40% saying they or someone they know has been scammed.
While young adults face high rates of attempted fraud, older adults (65-74) are still at greater risk of large financial losses. Among men in that age group who lost money in such a scam, 40% reported losing between $751 and $1,000, and half of the women lost between $2,501 and $5,000.
Meanwhile, the steepest losses overall were reported by those aged 45-54, with 10% saying they lost more than $10,000.
Criminals have long relied on phishing emails and fraudulent calls to obtain personal information—especially during tax season. Today, AI is raising the stakes.
Deepfake audio lets scammers sound exactly like IRS agents, and AI-generated phishing emails perfectly replicate official communications from reputable tax preparation services.
In fact, more than half (55%) of Americans say they’ve noticed scam attempts becoming more realistic than in previous years, and 87% worry AI is making them even harder to detect.
Here’s how a typical tax scam might play out: It often starts with an urgent text or email claiming your refund was rejected—or that you owe back taxes and must pay immediately. These messages can look and sound incredibly convincing, prompting recipients to click a malicious link or call a fake helpline.
Once scammers have your attention, they’ll ask for personal or financial information—like your Social Security number, bank details, or a credit card—to “fix” the supposed problem. Of course, it’s all a ploy to steal your identity or your cash.
McAfee highlights several tactics that have emerged in these AI-driven scams:
Tax scams show no signs of slowing down in 2025. Whether you’re part of Gen Z, a senior, or somewhere in between, it pays to stay vigilant.
By recognizing the signs of a scam, safeguarding your personal information, and taking proactive steps, you can help ensure your refund ends up where it belongs: in your pocket.
The post Financial Losses from Tax Scams Top $1,000 on Average—and Gen Z is a Growing Target appeared first on McAfee Blog.
The internet is brimming with content designed to entertain, inform—and sometimes deceive. The latest tool in a cybercriminal’s arsenal? Deepfakes. From fabricated celebrity endorsements to fraudulent job interviews, AI-generated deepfake scams are growing at an alarming rate. As deepfake technology becomes more advanced, it’s harder than ever to discern real from fake—until it’s too late.
According to McAfee’s latest “State of the Scamiverse” report, deepfake scams have become an everyday reality. The average American now encounters 2.6 deepfake videos daily, with younger adults (18-24) seeing even more – about 3.5 per day. And for less than the cost of a latte and in under 10 minutes, scammers today can create shockingly convincing deepfake videos of anyone: your mom, your boss, or even your child.
At McAfee, we’re committed to helping users navigate this evolving threat landscape with cutting-edge protection tools. Understanding how deepfake scams work and how to safeguard yourself is the first step in staying ahead of cybercriminals.
Deepfake scams exploit the power of AI to create hyper-realistic audio, video, and images that can impersonate anyone—from politicians to CEOs, from family members to Hollywood stars. These fake videos and voices have been used to:
Our research shows that people encounter nearly three deepfakes a day online and that the number is growing, making the urgency to combat these scams greater than ever.
Figure 1: AN AI-Generated image of the Pope went viral online.
Deepfake scams typically follow a predictable pattern:
While deepfake technology is becoming increasingly sophisticated, there are still ways to identify AI-generated deception:
To stay one step ahead of cybercriminals, consider these safety measures:
Deepfake scams are not just a futuristic concern—they are a real and present danger. Cybercriminals will continue refining their tactics, but with the right awareness and security tools, you can outsmart them.
McAfee remains at the forefront of AI-driven security solutions, ensuring you have the protection you need in an increasingly deceptive digital world.
Stay one step ahead of deepfake threats. Download McAfee+ today and take control of your online security.
The post Data Shows You’ll Encounter A Deepfake Today—Here’s How To Recognize It appeared first on McAfee Blog.
Typos. Too-good-to-be-true offers. Urgent warnings.
Scammers are getting smarter—and more convincing. New research from the Federal Trade Commission (FTC) reveals that Americans lost a staggering $12.5 billion to fraud in 2024, a 25% increase from the previous year. The median reported loss was $497, with imposter scams alone accounting for nearly $3 billion in losses.
Fraud isn’t just increasing—it’s hitting certain areas harder than others. Florida, Georgia, and Delaware ranked as the top three states with the highest per-capita fraud reports, while California led in total reports with over 500,000 cases.
And where are these scams happening? Scammers are reaching victims through phone calls, text messages, and social media, with social media emerging as one of the most lucrative platforms for fraud—70% of fraud reports linked to social media resulted in financial losses.
With scammers using increasingly sophisticated tactics, knowing how to spot red flags in emails and links is more critical than ever.
Here’s how to protect yourself from the latest phishing threats.
Simple Steps to Check a Link Before Clicking
How to Protect Yourself from Phishing Attacks
Preventative Measures
What to Do if You Clicked a Suspicious Link
Phishing attacks are becoming more deceptive, but staying informed and cautious can protect you. Always verify links and emails before clicking, and use trusted cybersecurity tools like McAfee+ to keep your accounts and data safe.
Stay vigilant—don’t let scammers catch you off guard!
The post Avoid Being Scammed: How to Identify Fake Emails and Suspicious Links appeared first on McAfee Blog.
Cryptocurrency offers exciting opportunities—but it’s also a favorite playground for scammers.
With the rapid rise of deepfake technology and deceptive AI-driven schemes, even seasoned investors can fall victim to fraud. According to McAfee’s State of the Scamiverse report, deepfake scams are on the rise, with the average American now encountering 2.6 deepfake videos daily. And younger adults (18-24) see even more – about 3.5 per day.
From fake investment opportunities to phishing attempts, bad actors are more sophisticated than ever.
The recent wave of Trump-themed meme coins—more than 700 copycats attempting to mimic the real thing—highlights just how rampant crypto scams have become. If even the president’s cryptocurrency isn’t safe from impersonators, how can everyday investors protect themselves?
By knowing the red flags, you can safeguard your money and personal data from crypto scammers.
Scammers often lure victims with guaranteed returns or impossibly high profits. If an investment promises “risk-free” earnings or sounds like a financial miracle, run the other way—legitimate investments always carry some level of risk.
Example: A Ponzi scheme disguised as a crypto investment fund may claim to offer “10% daily profits” or “instant payouts.” In reality, they use new investors’ money to pay early participants—until the scam collapses.
Fraudsters frequently impersonate public figures—from Elon Musk to Donald Trump—to promote fake coins or crypto investments. The explosion of Trump-themed meme coins shows how easily scammers exploit famous names. Even if a project appears linked to a well-known figure, verify through official channels.
Example: A deepfake video featuring a celebrity “endorsing” a new crypto token. McAfee’s research found that nearly 3 deepfake videos per day are encountered by the average American, many of them tied to scams.
Scammers often set up fraudulent crypto exchanges or wallet apps that look legitimate but are designed to steal your money. They might advertise low fees, special bonuses, or exclusive access to new coins.
How to Protect Yourself:
Always use well-established exchanges with a proven track record.
Look for HTTPS encryption and verify the URL carefully.
Research if the platform is licensed and regulated.
Scammers thrive on urgency. They’ll push you to act immediately before you have time to think critically. Whether it’s a limited-time pre-sale or a “secret investment opportunity,” don’t let fear of missing out (FOMO) cloud your judgment.
Example: “Only 10 spots left! Invest now before prices skyrocket!”—Classic scam tactics designed to trigger impulsive decisions.
No legitimate crypto project will ever ask for:
Example: A fake customer support email pretending to be from Coinbase, asking you to confirm your wallet password—this is a phishing attempt!
Do Your Research: Always Google the project’s name + “scam” before investing.
Check Regulatory Status: See if the platform is licensed (DFPI, SEC, or other regulators).
Verify Official Websites & Socials: Scammers create lookalike websites with small typos—double-check URLs!
Use Cold Storage: Store your assets in a hardware wallet to protect against hacks.
Use tools like McAfee+: To monitor for potential scams and get warnings for potential deepfakes and other scam red flags.
Crypto offers incredible potential—but with great opportunity comes risk. Scammers are always evolving, using deepfake videos, phishing, and fraudulent investment schemes to trick even the savviest investors. By staying informed and following basic security practices, you can avoid getting caught in the next big crypto scam.
The post How to Spot a Crypto Scam: The Top Red Flags to Watch For appeared first on McAfee Blog.
McAfee has been named the top brand in the Antivirus and Security Software category in TIME and Statista’s 2024 World’s Best Brands list, ranking above all major industry competitors.
The list, which surveyed over 22,000 U.S. consumers, ranks brands based on trust, awareness, and customer satisfaction across 66 industries.
TIME’s World’s Best Brands of 2024 rankings highlight consumer preferences across industries, from tech to retail. The inclusion of cybersecurity in the list speaks to a broader trend: digital safety is no longer just a concern for businesses and IT professionals—it’s a household necessity.
Recent data supports this shift. A global McAfee study found that 59% of people have fallen victim to an online scam or know someone who has, with 87% of those affected losing money—an average loss of $1,366 USD. As the financial and personal stakes of online security continue to rise, consumers are looking for trusted brands that offer comprehensive, easy-to-use protection.
For those looking to strengthen their digital defenses, McAfee+ provides award-winning security that protects against malware, scams, and online fraud—allowing consumers to browse, shop, and connect with confidence.
The post McAfee Named #1 Antivirus and Security Software Brand in TIME’s 2024 World’s Best Brands appeared first on McAfee Blog.
The rise of AI-driven cyber threats has introduced a new level of sophistication to phishing scams, particularly those targeting Gmail users.
Criminals are using artificial intelligence to create eerily realistic impersonations of Google support representatives, Forbes recently reported. These scams don’t just rely on misleading emails; they also include convincing phone calls that appear to come from legitimate sources.
If you receive a call claiming to be from Google support, just hang up—this could be an AI-driven scam designed to trick you into handing over your Gmail credentials.
Here’s everything you need to know about the scam and how to protect yourself:
Hackers have devised a multi-step approach to trick users into handing over their Gmail credentials. Here’s how the scam unfolds:
The attack often begins with a phone call from what appears to be an official Google support number. The caller, using AI-generated voice technology, convincingly mimics a real Google representative. Their tone is professional, and the caller ID may even display “Google Support,” making it difficult to immediately recognize the scam.
Once engaged, the scammer informs the victim that suspicious activity has been detected on their Gmail account. They may claim that an unauthorized login attempt has occurred, or that their account is at risk of being locked. The goal is to create a sense of urgency, pressuring the victim to act quickly without thinking critically.
To appear credible, the scammer sends an email that looks almost identical to a real Google security notification. The email may include official-looking branding and a request to verify the user’s identity by entering a code. The email is designed to look so authentic that even tech-savvy individuals can be fooled.
If the victim enters the verification code, they inadvertently grant the attacker full access to their Gmail account. Since the scammer now controls the two-factor authentication process, they can lock the real user out, change passwords, and exploit the account for further attacks, including identity theft, financial fraud, or spreading phishing emails to others.
This scam is particularly dangerous because it combines multiple layers of deception, making it difficult to spot. Unlike standard phishing emails that may contain poor grammar or suspicious links, AI-enhanced scams:
To protect yourself from AI-powered scams, follow these essential security measures:
1. Be Skeptical of Unsolicited Calls from “Google”
Google does not randomly call users about security issues. If you receive such a call, hang up immediately and report the incident through Google’s official support channels.
2. Verify Security Alerts Directly in Your Account
If you receive a message stating that your account has been compromised, do not click any links or follow instructions from the email. Instead, go directly to your Google account’s security settings and review recent activity.
3. Never Share Verification Codes
Google will never ask you to provide a security code over the phone. If someone requests this information, it is a scam.
4. Enable Strong Authentication Methods
5. Regularly Monitor Your Account Activity
Check the “Security” section of your Google account to review login activity. If you see any unrecognized sign-ins, take immediate action by changing your password and logging out of all devices.
6. Use a Password Manager
A password manager helps create and store strong, unique passwords for each of your accounts. This ensures that even if one password is compromised, other accounts remain secure.
If you believe your account has been compromised, take these steps immediately:
As AI technology advances, cybercriminals will continue to find new ways to exploit users. By staying informed and implementing strong security practices, you can reduce the risk of falling victim to these sophisticated scams.
At McAfee, we are dedicated to helping you protect your digital identity. Stay proactive, stay secure, and always verify before you trust.
For more cybersecurity insights and protection tools, check out McAfee+.
The post How to Make Sure Your Gmail Account is Protected in Light of Recent AI Scams appeared first on McAfee Blog.
Video games are a favorite pastime for millions of kids and teenagers worldwide, offering exciting challenges, epic battles, and opportunities to connect with friends online. But what happens when the search for an edge in these games—like cheats or special hacks—leads to something far more dangerous?
McAfee Labs has uncovered a growing threat aimed at gamers, especially kids, who unknowingly download malware disguised as game hacks, software cracks, and cryptocurrency tools.
Here’s what you need to know about this sneaky scam and how to stay safe:
Popular games like Minecraft, Roblox, Fortnite, Apex Legends, and Call of Duty are among those targeted by these scams. Gamers searching for cheats to gain an advantage—like seeing through walls, speeding up characters, or unlocking premium items—are being lured to malicious links. These links often appear on GitHub, a platform where developers share and collaborate on code, or in YouTube videos claiming to offer step-by-step instructions.
GitHub is typically trusted by programmers and tech enthusiasts, but cybercriminals exploit this trust by uploading malware that masquerades as game hacks. By naming their repositories after popular games or tools, scammers trick users into downloading malware instead of the promised cheat software.
The process starts when someone searches online for free cheats or cracked software—like tools to unlock premium features of Spotify or Adobe—and stumbles upon a GitHub repository or a YouTube video. These repositories often look convincing, with professional descriptions, screenshots, and even licenses designed to appear legitimate.
Figure 1: Attack Vector
Once users follow the instructions, they’re often asked to disable their antivirus software or Windows Defender. The reasoning provided is that antivirus programs will mistakenly identify the hack or crack as dangerous. In reality, this step clears the way for malware to infect their device.
What Happens After the Malware is Downloaded?
Instead of receiving a functional cheat, victims unknowingly install a dangerous program known as Lumma Stealer or similar malware variants. This software quietly:
Each week, new repositories and malware variants appear as older ones are detected and removed. This cycle makes it difficult for platforms like GitHub to completely eliminate the threat.
Kids and teens are prime targets because they often lack experience in identifying online scams. The promise of features like “Aimbots” (to improve shooting accuracy) or “Anti-Ban” systems (to avoid getting caught by game administrators) makes these fake downloads even more tempting. Scammers exploit this curiosity and eagerness, making it easier to trick young gamers into infecting their devices.
Figure 2: YouTube Video containing malicious URL in description.
McAfee Labs offers these tips to avoid falling victim to these scams:
The takeaway? Scammers will go to great lengths to exploit the interests and habits of gamers. And unfortunately, this isn’t the first time we’ve seen such malware attacks targeting gamers. By educating yourself and your family about these threats, you can play smarter and stay safer online. Always remember: no cheat or crack is worth compromising your security.
Read the full report from McAfee Labs outlining our research and findings on this malware risk. Learn more about how you can protect yourself with McAfee+.
The post Scam Alert: Fake Minecraft, Roblox Hacks on YouTube Hide Malware, Target Kids appeared first on McAfee Blog.
The artificial intelligence arms race has a new disruptor—DeepSeek, a Chinese AI startup that has quickly gained traction for its advanced language models.
Positioned as a low-cost alternative to industry giants like OpenAI and Meta, DeepSeek has drawn attention for its rapid growth, affordability, and potential to reshape the AI landscape.
But as the buzz around its capabilities grows, so do concerns about data privacy, cybersecurity, and the implications of feeding personal information into AI tools with uncertain oversight.
DeepSeek’s AI models, including its latest version, DeepSeek-V3, claim to rival the most sophisticated AI systems developed in the U.S.—but at a fraction of the cost.
According to reports, training its latest model required just $6 million in computing power, compared to the billions spent by its American counterparts. This affordability has allowed DeepSeek to climb the ranks, with its AI assistant even surpassing ChatGPT as the top free app on Apple’s U.S. App Store.
What makes DeepSeek’s rise even more surprising is how abruptly it entered the AI race. The company originally launched as a hedge fund before pivoting to artificial intelligence—an unusual shift that has fueled speculation about how it managed to develop such advanced models so quickly. Unlike other AI startups that spent years in research and development, DeepSeek seemed to emerge overnight with capabilities on par with OpenAI and Meta.
However, DeepSeek’s meteoric rise has sparked skepticism. Some analysts and AI experts question whether its success is truly due to breakthrough efficiency or if it has leveraged external resources—potentially including restricted U.S. AI technology. OpenAI has even accused DeepSeek of improperly using its proprietary tech, a claim that, if proven, could have major legal and ethical ramifications.
One of the biggest concerns surrounding DeepSeek isn’t just how it handles user data—it’s that it reportedly failed to secure it altogether.
According to The Register, security researchers at Wiz discovered that DeepSeek left a database completely exposed, with no password protection, allowing public access to millions of chat logs, API keys, backend data, and operational details.
This means that conversations with DeepSeek’s chatbot, including potentially sensitive information, were openly available to anyone on the internet. Worse still, the exposure reportedly could have allowed attackers to escalate privileges and gain deeper access into DeepSeek’s infrastructure. While the issue has since been fixed, the incident highlights a glaring oversight: even the most advanced AI models are only as trustworthy as the security behind them.
Here’s why caution is warranted:
DeepSeek specifically states in its terms of service that it collects, stores, and has permission to share just about all the data you provide while using the service.
Figure 1. Screenshot of DeepSeek Privacy Policy shared on LinkedIn
It specifically notes collecting your profile information, credit card details, and any files or data shared in chats. What’s more, that data isn’t stored in the United States, which has strict data privacy regulations. DeepSeek is a Chinese company with limited required protections for U.S. consumers and their personal data.
If you’re using AI tools—whether it’s ChatGPT, DeepSeek, or any other chatbot—it’s crucial to take steps to protect your information:
As AI chatbots like DeepSeek gain popularity, safeguarding your personal data is more critical than ever. With McAfee’s advanced security solutions, including identity protection and AI-powered threat detection, you can browse, chat, and interact online with greater confidence—because in the age of AI, privacy is power.
The post Explaining DeepSeek: The AI Disruptor That’s Raising Red Flags for Privacy and Security appeared first on McAfee Blog.
Identity theft is a growing concern, and Data Privacy Week serves as an important reminder to safeguard your personal information. In today’s digital age, scammers have more tools than ever to steal your identity, often with just a few key details—like your Social Security number, bank account information, or home address.
Unfortunately, identity theft claims have surged in recent years, jumping from approximately 650,000 in 2019 to over a million in 2023, according to the Federal Trade Commission (FTC). This trend underscores the urgent need for stronger personal data protection habits.
So, how do scammers pull it off, and how can you protect yourself from becoming a victim?
How Do Scammers Steal Your Identity?
Scammers are resourceful, and there are multiple ways they can access your personal information. The theft can happen both in the physical and digital realms.
When scammers steal your identity, they often leave behind a trail of unusual activity that you can detect. Here are some common signs that could indicate identity theft:
If you suspect that your identity has been stolen, time is of the essence. Here’s what you need to do:
While you can’t completely eliminate the risk of identity theft, there are several steps you can take to protect yourself:
Identity theft can be a stressful and overwhelming experience, but by acting quickly and taking proactive steps to protect your personal information, you can minimize the damage and reclaim your identity.
The post How Scammers Steal Your Identity and What You Can Do About It appeared first on McAfee Blog.
Romance scams have surged in sophistication, preying on emotions and exploiting the trust of victims in the digital age.
The latest case involving a French woman who believed she was romantically involved with actor Brad Pitt is a stark reminder of the vulnerabilities we face online. But this incident, unfortunately, does not stand alone. Scammers continue to exploit celebrity fame to defraud unsuspecting victims, using deepfakes and other manipulative tactics. Recent examples include:
The most recent Brad Pitt impersonation scam follows a straightforward but insidious pattern of manipulation. Here’s how the scam unfolded step by step:
The Initial Contact: Anne, a French interior decorator, downloaded Instagram during a family ski trip. Shortly after, she was approached by a scammer pretending to be Brad Pitt’s mother, who claimed her son needed someone like Anne in his life.
Building Trust: The scammer, posing as Pitt, used AI-generated photos and emotionally charged messages to gain Anne’s trust. The fake Brad Pitt “knew how to talk to women,” according to Anne, creating a sense of intimacy and connection.
Figure 1. These fake images were used in a fake Brad Pitt romance scam.
The Financial Request: The scammer fabricated a crisis, claiming Pitt needed $1 million for a kidney treatment but couldn’t access his funds due to his ongoing divorce from Angelina Jolie. Playing on Anne’s empathy, the fraudster requested financial help.
The Emotional Manipulation: At the time, Anne was going through her own divorce and had recently received a settlement. Believing she was aiding someone in need, she transferred $850,000 to the scammer.
The Scam Unravels: The hoax came to light after Pitt publicly debuted his relationship with Ines de Ramon at the Venice Film Festival. This contradiction exposed the deception and ended the scam.
Brad Pitt recently spoke out, according to Variety, condemning the scammers for taking “advantage of the strong bond between fans and celebrities.”
Romance scammers often exploit online dating platforms, social media, and fan communities to identify potential victims. Being aware of the warning signs can help you identify and avoid romance scams:
Unrealistic Claims: If someone’s story seems too good to be true, it likely is. For example, a Hollywood star personally reaching out on a fan site is improbable. Celebrities rarely engage in direct, personal communication with fans, especially through unofficial platforms like fan sites, due to time constraints, security concerns, and the sheer volume of fan interactions.
Urgent Requests for Money: Scammers often fabricate crises requiring immediate financial assistance.
Reluctance to Meet in Person: Excuses to avoid face-to-face meetings or video calls can signal deception.
Inconsistencies in Their Story: Contradictory details or vague answers are common red flags.
Pressure to Keep the Relationship Secret: Scammers may isolate victims by discouraging them from discussing the relationship with friends or family.
While the tactics of romance scammers can be sophisticated, there are steps you can take to safeguard your heart and your finances:
Verify Identities: Use reverse image searches to check if profile pictures are stolen. Research their claims and background.
Be Cautious with Personal Information: Avoid sharing sensitive details, such as financial information or passwords.
Avoid Sending Money: Never transfer funds to someone you haven’t met in person, regardless of their story.
Keep Conversations Public: Use the messaging platform of the dating site or social media app rather than moving to private communication.
Watch Out For in AI: Artificial intelligence (AI) has made it much easier for scammers to create deepfake audio and video to create even more realistic romance scams. McAfee’s Ultimate Guide to AI Deepfakes can help you learn how to spot and protect yourself from deepfakes.
Trust Your Instincts: If something feels off, listen to your intuition, which can pick up on subtle inconsistencies or red flags that your conscious mind may overlook, acting as an early warning system.
Figure 2. An AI-generated image that circulated widely showed the Pope wearing a designer coat.
If you believe you are being targeted by a romance scam, take the following steps:
Cease Communication: Stop interacting with the individual immediately.
Report the Incident: Notify the dating platform or social media site, and report the scam to your local authorities or organizations like the FTC.
Protect Your Accounts: Change passwords and monitor your financial accounts for suspicious activity.
Seek Support: Talk to trusted friends or family members about the situation.
Raising awareness about romance scams is essential in preventing others from falling victim. Share information about common tactics and red flags with your loved ones, particularly those who may be more vulnerable, such as elderly family members or friends navigating online dating for the first time.
While the promise of romance can be enticing, it’s crucial to approach online relationships with caution and awareness.
By recognizing red flags, protecting your personal information, and reporting suspicious activity, you can safeguard yourself and others from the emotional and financial devastation of romance scams.
The post Breaking Down the Brad Pitt Scam: How it Happened and What We Can Learn appeared first on McAfee Blog.
Inauguration Day has come and gone, and the peaceful transfer of power couldn’t have happened without the intricate systems that ensure the integrity of the electoral process—specifically, cybersecurity.
Behind the scenes, a vast network of digital defenses worked to protect elections from disinformation, cyberattacks, and manipulation, all of which pose increasing threats in today’s digital age. From securing ballots to combating deepfakes, these measures play a critical role in upholding trust in democracy and making days like Inauguration Day possible.
In the digital age, elections face unprecedented threats designed to undermine public trust and disrupt democratic processes. Among the most common challenges are:
These threats highlight the urgent need for robust cybersecurity measures to protect the democratic process.
To counter these threats, governments and organizations have implemented advanced strategies and technologies:
These measures are critical in securing the journey from Election Day to Inauguration Day, building public confidence in the democratic process.
As you consume news about the inauguration and the new administration, it’s more important than ever to be vigilant about fake news. Fake news crops up in plenty of places on social media. And it has for some time now. In years past, it took the form of misleading posts, image captions, quotes, and the sharing of outright false information in graphs and charts. Now with the advent of AI, we see fake news taken to new levels of deception:
It’s critical to be wary of disinformation, intentionally misleading information manipulated to create a flat-out lie, as well as misinformation, which may include social posts that unknowingly get facts wrong.
To combat misinformation and AI deepfakes, it’s key to:
Deepfakes don’t just spread false information—they often lead users to phishing sites or malware. With tools like McAfee+, you can navigate the digital landscape with confidence.
The post From Election Day to Inauguration: How Cybersecurity Safeguards Democracy appeared first on McAfee Blog.
