FreshRSS

🔒
❌ Secure Planet Training Courses Updated For 2019 - Click Here
☷
△ 🔃
There are new available articles, click to refresh the page.
Before yesterdayYour RSS feeds

How to Follow McAfee on Google News in One Simple Step

By: McAfee

Want McAfee’s latest scam alerts, cybersecurity tips, and safety updates to show up automatically in your Google News feed? You can follow McAfee directly on Google News with a single tap.

Google News now gives every official publisher a dedicated page — and McAfee has one. Once you follow us, our newest articles will appear in your Following tab and throughout your personalized news feed whenever they’re relevant to you.

Here’s how to do it in seconds.

Follow McAfee on Google News

Step 1: Go to our official Google News page

Tap or click this link:

McAfee Official Google News Source Page

This opens McAfee’s verified publisher page inside Google News.

Image shows McAfee's Google News source page.
Image shows McAfee’s Google News source page.

Step 2: Tap the ⭐ “Follow” button

You’ll see a star icon at the top of the page.

Tap Follow and you’re done.

That’s it — McAfee is now part of your personalized news feed.

What happens after you follow McAfee

When you tap the star:

  • McAfee appears under Following → Sources in Google News
  • Our stories show up more often when you search for cybersecurity topics
  • You’ll see McAfee alerts, safety tips, and threat updates sooner
  • Google prioritizes McAfee when we publish on topics you care about (AI scams, malware, identity theft, etc.)

No settings menus. No advanced search. Just one tap.

How to Unfollow or Manage Your Sources

If you ever want to update your feed:

  1. Open Google News

  2. Go to Following → Sources

  3. Tap the star again to unfollow

  4. Or rearrange which sources matter most to you

 

Image shows how to find your preferred sources in Google News

FAQs

Do I need the Google News app?

No. Following works in both browsers and the app.

Will this make McAfee show up first for every search?

Not automatically — but Google does prioritize publishers you follow when the content is relevant.

Can I follow McAfee on multiple devices?

Yes. It’s tied to your Google account, not your phone or laptop.

Is the follow button safe?

Absolutely. This is Google’s built-in publisher follow system.

Stay Updated, Stay Safer

Cyber threats move fast — following McAfee on Google News makes it easier to stay ahead of scams, breaches, and emerging AI risks.

The post How to Follow McAfee on Google News in One Simple Step appeared first on McAfee Blog.

Ghost Tapping: What It Is, How It Works, and How to Stay Safe

By: McAfee

Contactless payments make everyday purchases fast and easy. Yet with that convenience comes a risk: ghost tapping.

In crowded spaces or rushed moments, a scammer could trigger a small tap-to-pay charge or push through a higher amount without your clear consent. Understanding what ghost tapping is, how it happens, and what to do next helps you keep your money and identity secure.

What Is Ghost Tapping?

Ghost tapping is a form of contactless fraud where someone attempts to initiate a tap-to-pay transaction without your approval.

Tap-to-pay cards and mobile wallets on phones use a technology called “near-field communication,” or NFC. That lets them communicate with things like a point-of-sale device for payment at a very close range. It’s generally quite safe, particularly because of the “near” part. You have to get very close to make the connection.

Even so, proximity and distraction can be exploited. Attackers may try to skim limited details from RFID (Radio Frequency Identification technology) cards or NFC cards, or nudge you into approving a payment you didn’t intend. If you’ve ever wondered what ghost tapping is, think of it as an opportunistic, in-person scam that abuses the tap-to-pay moment rather than a remote hack.

How Ghost Tapping Happens

Most schemes rely on getting close and catching you off guard. A criminal might carry a portable reader, press into a pocket or bag, and attempt a low-value charge. Others set up tampered terminals, rushing you so you don’t check the amount.

Consider These Two Scenarios:

You’re at a busy farmer’s market. A scammer with a phone equipped with a point-of-sale app stumbles into you and gets close enough to your card to trigger a transaction. It’s almost like a modern-day pickpocket move, where the bump distracts the victim from the theft as it happens.

In another case, you might come across a phony vendor. Maybe someone’s selling cheap hats outside a football game or someone’s going around your neighborhood selling candy, supposedly to support a charity. In scenarios like these, you tap to pay with your phone just as you’d expect… but with one exception: the “vendor” jacks up the purchase price. They hurry you through the transaction, so quickly that you don’t review the screen before you confirm payment.

We’ve also seen reports of people getting Apple Pay scammed by impostor merchants who exploit quick taps and small screens. While mobile wallets add strong safeguards, poor visibility and social pressure can still lead to losses.

The Better Business Bureau on Ghost Tapping:

A report posted on the Scam Tracker at the Better Business Bureau (BBB) shows how the phony vendor version of this scam allegedly played out:

“An individual is going door to door in [location redacted] claiming to be selling chocolate on behalf of [redacted] to support special needs students. He says that he can only accept tap-to-pay to get people to pay with a card. He then charges large amounts to the card without the cardholder being able to see the amount. He got my mother for $537… Another victim for $1100… He changes neighborhoods frequently to avoid getting caught.”

Signs of Ghost Tapping and Common Myths

Early ghost detecting starts with vigilance. Watch for unfamiliar small charges, especially after crowded events, and alerts tied to contactless transactions. If you see odd activity tied to RFID cards or NFC cards, act quickly.

Common myths persist. Attackers can’t drain accounts from far away, clone full cards via a tap, or bypass wallet protections easily. Most successful cases hinge on proximity, distraction, and human error. Meanwhile, Apple Pay scam stories often involve rushed taps and unverified totals.

Effective ghost detecting focuses on timely alerts, careful review, and immediate response.

How to Protect Yourself from Ghost Tapping Scams

The BBB, which recently broke the story of these scams, offers several pieces of advice. We have some advice we can add as well.

From the BBB…

  • Store your cards securely. An RFID-blocking wallet or sleeve can help stop wireless skimming.
  • Always confirm payment details. Before tapping your card or phone, check the merchant’s name and amount on the terminal screen.
  • Set up transaction alerts. Many banks allow real-time notifications for every charge.
  • Keep an eye on your accounts. Daily checks help you spot fraud faster.
  • Limit tap-to-pay use in high-risk areas. Consider swiping or inserting your card instead.

From us at McAfee…

Monitor your identity and your credit.

The problem with many card scams is that they can lead to further identity theft and fraud, which you only find out about once the damage is done. Actively monitoring your identity and credit goes beyond single transaction alerts from your bank and can spot an emerging problem before it becomes an even bigger one. You can take care of both easily with timely notifications from our credit monitoring and identity monitoring features, all as part of our McAfee+ plans.

When you’re out and about, consider what you’re carrying—and where you carry it.

The physical safety of your phone and cards counts as well. While ghost tapping scams are new, old-school physical pickpocketing attempts persist. When it comes to devices and things like debit cards, credit cards, and even cash, keep what you bring with you to the bare minimum when you go out. This can cut your losses if the unfortunate happens. If you have a credit card and ID holder attached to the back of your phone, you may want to remove your cards from it. That way, if your phone gets snatched, those important cards don’t get snatched as well.

When in doubt, shop with a credit card.

In the U.S., credit cards offer you additional protection that debit cards don’t. That’s thanks to the Fair Credit Billing Act (FCBA). It limits your liability to $50 for fraudulent charges on a credit card if you report the loss to your issuer within 60 days.

The post Ghost Tapping: What It Is, How It Works, and How to Stay Safe appeared first on McAfee Blog.

Venmo 101: Making Safer Payments with the App

By: McAfee

As the holiday season ramps up, so do group dinners, shared travel costs, gift exchanges, and all the little moments where someone says, “Just Venmo me.”

With more people sending and splitting money this time of year, scammers know it’s prime time to target payment apps. Here’s how to keep your Venmo transactions safe during one of the busiest — and riskiest — payment seasons.

What kind of scams are on Venmo?

Venmo scams come in all shapes, and many of them look like variations of email phishing and text scams. The scammers behind them will pose as Venmo customer service reps who ask for your login credentials. Other scammers offer bogus cash prizes and pyramid schemes that lure in victims with the promise of quick cash. Some scammers will use the app itself to impersonate friends and family to steal money.

Venmo has a dedicated web page on the topic of scams, and lists the following as the top Venmo scams out there:

·       Fake Prize or Cash Reward

·       Call from Venmo

·       Call from Tech Support

·       Fake Payment Confirmation

·       Pre-payment for Goods and Services

 ·       Stranger Posing as a Friend

·       Payments from Strangers

·       Offers to Make Money Fast

·       Paper Check Scam

·       Romance Scam

 

Venmo has thorough instructions to combat these scams and breaks them down in detail on its site. They also provide preventative tips and steps to take if you unfortunately fall victim to one of these scams. Broadly speaking, though, avoiding Venmo scams breaks down into a few straightforward steps.

How to avoid getting scammed on Venmo

1) Never share private details.

Scammers often pose as customer service reps to pump info out of their victims. They’ll ask for things like bank account info, debit card or credit card numbers, or even passwords and authentication codes sent to your phone. Never share this info. Legitimate reps from legitimate companies like Venmo won’t request it.

2) Know when Venmo might ask for your Social Security number.

In the U.S., Venmo is regulated by the Treasury Department. As such, Venmo might require your SSN in certain circumstances. Venmo details the cases where they might need your SSN for reporting, here on their website. Note that this is an exception to what we say about sharing SSNs and tax ID numbers. As a payment app, Venmo might have legitimate reasons to request it. However, don’t send this info by email or text (any email or text that asks you to do that is a scam). Instead, always use the mobile app by going to Settings  –> Identity Verification.

3) Keep an eye out for scam emails and texts.

Venmo always sends communications through its official “venmo.com” domain name. If you receive an email that claims to be from Venmo but that doesn’t use “venmo.com,” it’s a scam. Never click or tap on links in emails or texts supposedly sent by Venmo.

4) Be suspicious of the messages you get. Imposters are afoot.

Another broad category of scams includes people who aren’t who they say they are. In the case of Venmo, scammers will create imposter accounts that look like they might be a friend or family member but aren’t. If you receive an unexpected and likely urgent-sounding request for payment, contact that person outside the app. See if it’s really them.

5) When sending money, keep an eye open for alerts from the app.

Just recently, Venmo added a new feature, dynamic alerts, which helps protect people when sending money via the “Friends and Family” option. It pops up an alert if the app detects a potentially fraudulent transaction and includes info that describes the level of risk involved. In the cases of highly risky payments, Venmo might decline the transaction altogether. This adds another level of protection to Friends and Family payments, which are non-refundable in cases of fraud. Further, this underscores another important point about using Venmo: only pay people you absolutely know and trust.

More ways to stay safe on Venmo

Keep your transactions private. Venmo has a social component that can display a transaction between two people and allow others to comment on it. Payment amounts are always secret. Yet you have control over who sees what by adjusting your privacy settings:

  • Public – Everyone on the internet can see and comment on the transaction.
  • Friends – Only your Venmo friends and the other participant’s friends can see and comment on the transaction. (Note that the friends of the other participant might be strangers to you, so “friends and friends of friends” is more accurate here.)
  • Private – Here, only the participants can view and comment on the transaction.

This brings up the question, what if the participants in the transaction have different privacy settings? Venmo uses the most restrictive one. So, if you’re paying someone who has their privacy set to “Public” and you have yours set to “Private,” the transaction will indeed be private.

We suggest going private with your account. The less financial information you share, the better. You can set your transactions to private by heading into the Settings of the Venmo app, tapping on Privacy, and then selecting Private.

In short, just because something is designed to be social doesn’t mean it should become a treasure trove of personal data about your spending habits.

Add extra layers of security. Take extra precautions that make it difficult for others to access your Venmo app.

  • First off, lock your phone. Whether with a PIN or other form of protection, locking your phone prevents access to everything you keep on it, which is important in the case of loss or theft. Our own research found that only 58% of adults take the vital step of locking their phones. If you fall into the 42% of people who don’t, strongly consider changing that.
  • Within the Venmo app, you can also enable Face ID and a PIN (on iOS) or a PIN and biometric unlock (Android). These add a further layer of security by asking for identification each time you open the app. That way, even if someone gets access to your phone, they’ll still have to leap through that security hurdle to access your Venmo app.
  • Use a strong, unique password for your account. That’s a password with at least 13 characters using a mix of cases, numbers, and symbols that you don’t use anywhere else. You can also have a password manager do that work for you across all your accounts.

Keep your online finances even more secure with the right tools

Online protection software like ours offers several additional layers of security when it comes to your safety and finances online.

For starters, it includes Web Protection and Scam Detector that can block malicious and questionable links that might lead you down the road to malware or a phishing scam, such as a phony Venmo link designed to steal your login credentials. It also includes a password manager that creates and stores strong, unique passwords for each of your accounts.

Moreover, it further protects you by locking down your identity online. Transaction Monitoring and Credit Monitoring help you spot any questionable financial activity quickly. And if identity theft unfortunately happens to you, up to $2 million in ID theft coverage & restoration can help you recover quickly.

The post Venmo 101: Making Safer Payments with the App appeared first on McAfee Blog.

How to Remove Your Personal Information From the Internet

By: Jasdev Dhaliwal

Chances are, you have more personal information posted online than you think.

In 2024, the U.S. Federal Trade Commission (FTC) reported that 1.1 million identity theft complaints were filed, where $12.5 billion was lost to identity theft and fraud overall—a 25% increase over the year prior.

What fuels all this theft and fraud? Easy access to personal information.

Here’s one way you can reduce your chances of identity theft: remove your personal information from the internet.

Scammers and thieves can get a hold of your personal information in several ways, such as information leaked in data breaches, phishing attacks that lure you into handing it over, malware that steals it from your devices, or by purchasing your information on dark web marketplaces, just to name a few.

However, scammers and thieves have other resources and connections to help them commit theft and fraud—data broker sites, places where personal information is posted online for practically anyone to see. This makes removing your info from these sites so important, from both an identity and privacy standpoint.

Data brokers: Collectors and aggregators of your information

Data broker sites are massive repositories of personal information that also buy information from other data brokers. As a result, some data brokers have thousands of pieces of data on billions of individuals worldwide.

What kind of data could they have on you? A broker may know how much you paid for your home, your education level, where you’ve lived over the years, who you’ve lived with, your driving record, and possibly your political leanings. A broker could even know your favorite flavor of ice cream and your preferred over-the-counter allergy medicine thanks to information from loyalty cards. They may also have health-related information from fitness apps. The amount of personal information can run that broadly, and that deeply.

With information at this level of detail, it’s no wonder that data brokers rake in an estimated $200 billion worldwide every year.

Sources of your information

Your personal information reaches the internet through six main methods, most of which are initiated by activities you perform every day. Understanding these channels can help you make more informed choices about your digital footprint.

Digitized public records

When you buy a home, register to vote, get married, or start a business, government agencies create public records that contain your personal details. These records, once stored in filing cabinets, are now digitized, accessible online, and searchable by anyone with an internet connection.

Social media sharing and privacy gaps

Every photo you post, location you tag, and profile detail you share contributes to your digital presence. Even with privacy settings enabled, social media platforms collect extensive data about your behavior, relationships, and preferences. You may not realize it, but every time you share details with your network, you are training algorithms that analyze and categorize your information.

Data breaches

You create accounts with retailers, healthcare providers, employers, and service companies, trusting them to protect your information. However, when hackers breach these systems, your personal information often ends up for sale on dark web marketplaces, where data brokers can purchase it. The Identity Theft Research Center Annual Data Breach Report revealed that 2024 saw the second-highest number of data compromises in the U.S. since the organization began recording incidents in 2005.

Apps and ad trackers

When you browse, shop, or use apps, your online behavior is recorded by tracking pixels, cookies, and software development kits. The data collected—such as your location, device usage, and interests—is packaged and sold to data brokers who combine it with other sources to build a profile of you.

Loyalty programs

Grocery store cards, coffee shop apps, and airline miles programs offer discounts in exchange for detailed purchasing information. Every transaction gets recorded, analyzed, and often shared with third-party data brokers, who then create detailed lifestyle profiles that are sold to marketing companies.

Data broker aggregators

Data brokers act as the hubs that collect information from the various sources to create comprehensive profiles that may include over 5,000 data points per person. Seemingly separate pieces of information become a detailed digital dossier that reveals intimate details about your life, relationships, health, and financial situation.

The users of your information

Legally, your aggregated information from data brokers is used by advertisers to create targeted ad campaigns. In addition, law enforcement, journalists, and employers may use data brokers because the time-consuming pre-work of assembling your data has largely been done.

Currently, the U.S. has no federal laws that regulate data brokers or require them to remove personal information if requested. Only a few states, such as Nevada, Vermont, and California, have legislation that protects consumers. In the European Union, the General Data Protection Regulation (GDPR) has stricter rules about what information can be collected and what can be done with it.

On the darker side, scammers and thieves use personal information for identity theft and fraud. With enough information, they can create a high-fidelity profile of their victims to open new accounts in their name. For this reason, cleaning up your personal information online makes a great deal of sense.

Types of personal details to remove online

Understanding which data types pose the greatest threat can help you prioritize your removal efforts. Here are the high-risk personal details you should target first, ranked by their potential for harm.

Highest priority: Identity theft goldmines

  • Social Security Number (SSN) with full name and address: This combination provides everything criminals need for identity theft, leading to fraudulent credit accounts, tax refund theft, and employment fraud that may take years to resolve, according to the FTC.
  • Financial account information: Bank account numbers, credit card details, and investment account information enable direct financial theft. Even partial account numbers can be valuable when combined with other personal details from data breaches.
  • Driver’s license and government-issued ID information: These serve as primary identity verification for many services and can be used to bypass security measures at financial institutions and government agencies.

High priority: Personal identifiers

  • Full name combined with home address: This pairing makes you vulnerable to targeted scams and physical threats, while enabling criminals to gather additional information about your household and family members.
  • Date of birth: Often used as a security verification method, your DOB combined with other identifiers can unlock accounts and enable age-related targeting for scams.
  • Phone numbers: This information enables SIM swapping, where criminals take control of your phone number to bypass two-factor authentication and access your accounts.

Medium-high priority: Digital and health data

  • Email addresses: Your primary email serves as the master key to password resets across multiple accounts, while secondary emails can reveal personal interests and connections that criminals exploit in social engineering.
  • Medical and health app data: This is highly sensitive information that can be used for insurance discrimination, employment issues, or targeted health-related scams.
  • Location data and photos with metadata: Reveals your daily patterns, workplace, home address, and frequented locations. Photos with embedded GPS coordinates can expose your exact whereabouts and enable stalking or burglary.

Medium priority: Account access points

  • Usernames and account handles: These help criminals map your digital footprint across platforms to discover your personal interests, connections, and even potential security questions answers. They also enable account impersonation and social engineering against your contacts.

When prioritizing your personal information removal efforts, focus on combinations of data rather than individual pieces. For example, your name alone poses minimal risk, but your name combined with your address, phone number, and date of birth creates a comprehensive profile that criminals can exploit. Tools such as McAfee Personal Data Cleanup can help you identify and remove these high-risk combinations from data broker sites systematically.

Step-by-step guide to finding your personal data online

  1. Targeted search queries: Search for your full name in quotes (“John Smith”), then combine it with your city, phone number, or email address. Try variations like “John Smith” + “123 Main Street” or “John Smith” + “555-0123”. Don’t forget to search for old usernames, maiden names, or nicknames you’ve used online. Aside from Google, you can also check Bing, DuckDuckGo, and people search engines.
  2. Major data broker and people search sites: Search for yourself in common data aggregators: Whitepages, Spokeo, BeenVerified, Intelius, PeopleFinder, and Radaris. Take screenshots of what you find as documentation. To make this process manageable, McAfee Personal Data Cleanup scans some of the riskiest data broker sites and shows you which ones are selling your personal info.
  3. Social media platforms and old accounts: Review your Facebook, Instagram, LinkedIn, Twitter, and other platforms for publicly visible personal details. Check old accounts—dating sites, forums, gaming platforms, or professional networks. Look for biographical information, location data, contact details, photos, and even comment sections where you may have shared details.
  4. Breach and dark web monitoring tools: Have I Been Pwned and other identity monitoring services can help you scan the dark web and discover if your email addresses or phone numbers appear in data breaches.
  5. Ongoing monitoring alerts: Create weekly Google Alerts for your and your family member’s full name, address combinations, and phone number. Some specialized monitoring services can track once your information appears on new data broker sites or gets updated on existing ones.
  6. Document everything in a tracker: Create a spreadsheet or document to systematically track your findings. Include the website name and URL, the specific data shown, contact information for removal requests, date of your opt-out request, and follow-up dates. Many sites require multiple follow-ups, so having this organized record is essential for successful removal.

This process takes time and persistence, but services such as McAfee Personal Data Cleanup can continuously monitor for new exposures and manage opt-out requests on your behalf. The key is to first understand the full scope of your online presence before beginning the removal process.

Remove your personal information from the internet

Let’s review some ways you can remove your personal information from data brokers and other sources on the internet.

Request to remove data from data broker sites

Once you have found the sites that have your information, the next step is to request to have it removed. You can do this yourself or employ services such as McAfee’s Personal Data Cleanup, which can help manage the removal for you depending on your subscription. ​It also monitors those sites, so if your info gets posted again, you can request its removal again.

Limit the data Google collects

You can request to remove your name from Google search to limit your information from turning up in searches. You can also turn on “Auto Delete” in your privacy settings to ensure your data is deleted regularly. Occasionally deleting your cookies or browsing in incognito mode prevents websites from tracking you. If Google denies your initial request, you can appeal using the same tool, providing more context, documentation, or legal grounds for removal. Google’s troubleshooter tool may explain why your request was denied—either legitimate public interest or newsworthiness—and how to improve your appeal.

It’s important to know that the original content remains on the source website. You’ll still need to contact website owners directly to have your actual content removed. Additionally, the information may still appear in other search engines.

Delete old social media accounts

If you have old, inactive accounts that have gone by the wayside such as Myspace or Tumblr, you may want to deactivate or delete them entirely. For social media platforms that you use regularly, such as Facebook and Instagram, consider adjusting your privacy settings to keep your personal information to the bare minimum.

Remove personal info from websites and blogs

If you’ve ever published articles, written blogs, or created any content online, it is a good time to consider taking them down if they no longer serve a purpose. If you were mentioned or tagged by other people, it is worth requesting them to take down posts with sensitive information.

Delete unused apps and restrict permissions in those you use

Another way to tidy up your digital footprint is to delete phone apps you no longer use as hackers are able to track personal information on these and sell it. As a rule, share as little information with apps as possible using your phone’s settings.

Remove your info from other search engines

  • Bing: Submit removal requests through Bing’s Content Removal tool for specific personal information like addresses, phone numbers, or sensitive data. Note that Bing primarily crawls and caches content from other websites, so removing the original source content first will prevent re-indexing.
  • Yahoo: Yahoo Search results are powered by Bing, so use the same Bing Content Removal process. For Yahoo-specific services, contact their support team to request removal of cached pages and personal information from search results.
  • DuckDuckGo and other privacy-focused engines: These search engines don’t store personal data or create profiles, but pull results from multiple sources. We suggest that you focus on removing content from the original source websites, then request the search engines to update their cache to prevent your information from reappearing in future crawls.

Escalate if needed

After sending your removal request, give the search engine or source website 7 to 10 business days to respond initially, then follow up weekly if needed. If a website owner doesn’t respond within 30 days or refuses your request, you have several escalation options:

  • Contact the hosting provider: Web hosts often have policies against sites that violate privacy laws
  • File complaints: Report to your state attorney general’s office or the Federal Trade Commission
  • Seek legal guidance: For persistent cases involving sensitive information, consult with a privacy attorney

For comprehensive guidance on website takedown procedures and your legal rights, visit the FTC’s privacy and security guidance for the most current information on consumer data protection. Direct website contact can be time-consuming, but it’s often effective for removing information from smaller sites that don’t appear on major data broker opt-out lists. Stay persistent, document everything, and remember that you have legal rights to protect your privacy online.

Remove your information from browsers

After you’ve cleaned up your data from websites and social platforms, your web browsers may still save personal information such as your browsing history, cookies, autofill data, saved passwords, and even payment methods. Clearing this information and adjusting your privacy settings helps prevent tracking, reduces targeted ads, and limits how much personal data websites can collect about you.

  • Clear your cache: Clearing your browsing data is usually done by going to Settings and looking for the Privacy and Security section, depending on the specific browser. This is applicable in Google Chrome, Safari, Firefox, Microsoft Edge, as well as mobile phone operating systems such as Android and iOS.
  • Disable autofill: Autofill gives you the convenience of not having to type your information every time you accomplish a form. That convenience has a risk, though—autofill saves addresses, phone numbers, and even payment methods. To prevent websites from automatically populating forms with your sensitive data, disable the autofill settings independently. For better security, consider using a dedicated password manager instead of browser-based password storage.
  • Set up automatic privacy protection: Set up your browsers to automatically clear cookies, cache, and site data when you close them. This ensures your browsing sessions don’t leave permanent traces of your personal information on your device.
  • Use privacy-focused search engines: Evaluate the possibility of using privacy-focused search engines like DuckDuckGo as your default. These proactive steps significantly reduce how much personal information browsers collect and store about your online activities.

Get your address off the internet

When your home address is publicly available, it can expose you to risks like identity theft, stalking, or targeted scams. Taking steps to remove or mask your address across data broker sites, public records, and even old social media profiles helps protect your privacy, reduce unwanted contact, and keep your personal life more secure.

  1. Opt out of major data broker sites: The biggest address exposers are Whitepages, Spokeo, and BeenVerified. Visit their opt-out pages and submit removal requests using your full name and current address. Most sites require email verification and process removals within 7-14 business days.
  2. Contact public records offices about address redaction: Many county and state databases allow address redaction for safety reasons. File requests with your local clerk’s office, voter registration office, and property records department. Complete removal isn’t always possible, but some jurisdictions offer partial address masking.
  3. Enable WHOIS privacy protection on domain registrations: If you own any websites or domains, request your domain registrar to add privacy protection services to replace your personal address with the registrar’s information.
  4. Review old forum and social media profiles: Check your profiles on forums, professional networks, and social platforms where you may have shared your address years ago. Delete or edit posts containing location details, and update bio sections to remove specific address information.
  5. Verify removal progress: Every month, do a search of your name and address variations on different search engines. You also can set up Google Alerts to monitor and alert you when new listings appear. Most data broker removals need to be renewed every 6-12 months as information gets re-aggregated.

The cost to delete your information from the internet

The cost to remove your personal information from the internet varies, depending on whether you do it yourself or use a professional service. Read the guide below to help you make an informed decision:

DIY approach

Removing your information on your own primarily requires time investment. Expect to spend 20 to 40 hours looking for your information online and submitting removal requests. In terms of financial costs, most data brokers may not charge for opting out, but other expenses could include certified mail fees for formal removal requests—about $3-$8 per letter—and possibly notarization fees for legal documents. In total, this effort can be substantial when dealing with dozens of sites.

Professional removal services

Depending on which paid removal and monitoring service you employ, basic plans typically range from $8 to $25 monthly while annual plans, which often provide better value, range from $100 to $600. Premium services that monitor hundreds of data broker sites and provide ongoing removal can cost $1,200-$2,400 annually.

The difference in pricing is driven by several factors. This includes the number of data broker sites to be monitored, which could cover more than 200 sites, and the scope of removal requests which may include basic personal information or comprehensive family protection. The monitoring frequency and additional features such as dark web monitoring, credit protection, and identity restoration support and insurance coverage typically command higher prices.

The value of continuous monitoring

The upfront cost may seem significant, but continuous monitoring provides essential value. A McAfee survey revealed that 95% of consumers’ personal information ends up on data broker sites without their consent. It is possible that after the successful removal of your information, it may reappear on data broker sites without ongoing monitoring. This makes continuous protection far more cost-effective than repeated one-time cleanups.

Services such as McAfee Personal Data Cleanup can prove invaluable, as it handles the initial removal process, as well as ongoing monitoring to catch when your information resurfaces, saving you time and effort while offering long-term privacy protection.

Aside from the services above, comprehensive protection software can help safeguard your privacy and minimize your exposure to cybercrime with these offerings such as:

  • An unlimited virtual private network to make your personal information much more difficult to collect and track
  • Identity monitoring that tracks and alerts you if your specific personal information is found on the dark web
  • Identity theft coverage and restoration helps you pay for legal fees and travel expenses, and further assistance from a licensed recovery pro to repair your identity and credit
  • Other features such as safe browsing to help you avoid dangerous links, bad downloads, malicious websites, and more online threats when you’re online

So while it may seem like all this rampant collecting and selling of personal information is out of your hands, there’s plenty you can do to take control. With the steps outlined above and strong online protection software at your back, you can keep your personal information more private and secure.

Essential steps if your information is found on the dark web

Unlike legitimate data broker sites, the dark web operates outside legal boundaries where takedown requests don’t apply. Rather than trying to remove information that’s already circulating, you can take immediate steps to reduce the potential harm and focus on preventing future exposure. A more effective approach is to treat data breaches as ongoing security issues rather than one-time events.

Both the FTC and Cybersecurity and Infrastructure Security Agency have released guidelines on proactive controls and continuous monitoring. Here are key steps of those recommendations:

  1. Change your passwords immediately and enable multi-factor authentication. Start with your most critical accounts—banking, email, and any services linked to financial information. Create unique, strong passwords for each account and enable MFA where possible for an extra layer of protection.
  2. Monitor your financial accounts and credit reports closely. Check your bank statements, credit card accounts, and investment accounts for any unauthorized activity. Request your free annual credit reports from all three major bureaus and carefully review them for accounts you didn’t open or activities you don’t recognize.
  3. Place fraud alerts or credit freezes. Contact Equifax, Experian, and TransUnion to place fraud alerts, which require creditors to verify your identity before approving new accounts. Better yet, consider a credit freeze to block access to your credit report entirely until you lift it.
  4. Replace compromised identification documents if necessary. If your Social Security number, driver’s license, or passport information was exposed, contact the appropriate agencies to report the breach and request new documents. IdentityTheft.gov provides step-by-step guidance for replacing compromised documents.
  5. Set up ongoing identity monitoring and protection. Consider using identity monitoring services that scan the dark web and alert you to new exposures of your personal information.
  6. Document everything and report the incident. Keep detailed records of any suspicious activities you discover and all steps you’ve taken. File a report with the FTC and police, especially if you’ve experienced financial losses. This documentation will be crucial for disputing fraudulent charges or accounts.

Legal and practical roadblocks

As you go about removing your information for the internet, it is important to set realistic expectations. Several factors may limit how completely you can remove personal data from internet sources:

  • The United States lacks comprehensive federal privacy laws requiring companies to delete personal information upon request.
  • Public records, court documents, and news articles often have legal protections that prevent removal.
  • International websites may not comply with U.S. deletion requests.
  • Cached copies could remain on search engines and archival sites for years.
  • Data brokers frequently repopulate their databases from new sources even after opt-outs.

While some states like California have stronger consumer privacy rights, most data removal still depends on voluntary compliance from companies.

Final thoughts

Removing your personal information from the internet takes effort, but it’s one of the most effective ways to protect yourself from identity theft and privacy violations. The steps outlined above provide you with a clear roadmap to systematically reduce your online exposure, from opting out of data brokers to tightening your social media privacy settings.

This isn’t a one-time task but an ongoing process that requires regular attention, as new data appears online constantly. Rather than attempting to complete digital erasure, focus on reducing your exposure to the most harmful uses of your personal information. Services like McAfee Personal Data Cleanup can help automate the most time-consuming parts of this process, monitoring high-risk data broker sites and managing removal requests for you.

The post How to Remove Your Personal Information From the Internet appeared first on McAfee Blog.

Best Ways to Check for a Trojan on Your PC

By: McAfee

Trojan horse malware was recently in the news after researchers discovered that an email contained an innocent-looking .pdf file attachment. CSO Online magazine reported that when the attachment was clicked, a permission request popped up and the email recipient clicked “allow,” initiating the document download and save, and executing the malware.

Trojans continue to be one of the most widespread cyberthreats globally, accounting for 58% of all malware as reported by Dataprot.net, as criminals adapt their methods to bypass advancing security measures. But all is not lost. In this guide, we will take a closer look at how you can detect Trojans on your computer, and share ways to detect and remove them.

What is a Trojan?

A Trojan, often called a Trojan horse, is a type of malicious software that disguises itself as a legitimate program to deceive you into installing it on your device. Its name is taken from the story of Odysseus who hid his Greek soldiers inside a wooden gift horse to infiltrate the city of Troy.

While the term “Trojan virus” is commonly used, a Trojan is not technically a virus. Both are types of malware, but they behave differently. A virus is a piece of code that attaches itself to other programs and, when run, replicates itself to spread to other files and systems. A Trojan, however, is a standalone program that cannot self-replicate. It relies entirely on tricking the user into downloading and executing it.

From their beginnings in the 1980s as simple social engineering tricks with limited technical sophistication, modern Trojans have dramatically transformed to become multi-stage campaigns that use legitimate-looking emails, fake software updates, and compromised websites to deliver malware that can remain undetected for months. Recently, Trojan attacks have exploited the supply chain to target software vendors directly, allowing criminals to distribute the malware through channels that consumers trust.

The dangers that Trojans bring

The dangers of a Trojan are extensive, ranging from direct financial loss to a complete invasion of your privacy. Once a Trojan enters your PC, cybercriminals can steal sensitive credentials for your banking and credit card accounts, leading directly to theft. They can also access and exfiltrate personal files, photos, and documents, creating a serious privacy exposure.

Beyond theft, an attacker can use this access to take complete control of your device. They might install other types of malware like ransomware or spyware, use your computer as part of a botnet to attack others, or simply monitor your every keystroke. This total loss of device control and privacy is one of the biggest dangers. However, these risks are manageable if caught early. This demonstrates the importance of layered protection with real-time monitoring and community intelligence. As cybercrime attack methods evolve, your security needs to adapt, too.

Methods of spreading Trojans

  • Phishing emails: These legitimate-looking emails contain malicious attachments or links that, when opened, install the Trojan. To avoid getting infected, never open attachments from unsolicited sources.
  • Cracked software: Websites offering free versions of paid software often bundle Trojans with the download. That “free” software could cost you everything. View such offers with a healthy dose of skepticism. Always use legitimate, official software.
  • Fake updates: Pop-ups pretending to be legitimate updates for software like Adobe Flash Player can trick you. If you wish to update your software, it is best to go directly to the official website.
  • Malvertising: Malicious ads on legitimate websites can redirect you to pages that automatically download malware. When these online ads pop-up, be cautious about clicking them.

The Trojan invasion process

A Trojan infection follows a stealthy, multi-stage process. The delivery stage begins with a lure, where social engineering tactics, such as a convincing email or a free software offer, trick you into downloading and opening a malicious file. In the execution stage, you run the seemingly harmless program and unknowingly trigger the Trojan’s installation. The malware then often embeds itself into your system’s startup processes to ensure it persistently runs every time you turn on your PC. From there, it connects to a remote command-and-control server operated by the attacker, awaiting instructions for its malicious actions, such as stealing your credentials or monitoring your activity.

Types of Trojan malware

Trojans come in different forms, each with their own process of attack. Here are some of them:

  • Backdoor Trojans: These create a hidden backdoor, bypassing normal authentication measures. These backdoors often remain hidden for long periods, allowing attackers to steal files, or install additional malware without your knowledge.
  • Keylogger Trojans: Once installed, these Trojans remotely control your PC persistently, recording your keyboard strokes to capture passwords, accessing your files, and taking screen captures.
  • Banker Trojans: As the name suggests, these Trojans are designed to steal your login credentials for online banking, payment systems, and credit card accounts. They work by hijacking browser sessions, injecting fake login pages, or capturing keystrokes to steal your credentials and manipulate your transactions.
  • Downloader Trojans: These Trojans act as delivery mechanisms for other malware. One type—downloaders—connect to remote servers to fetch additional malicious payloads after initial infection. Another type known as droppers carry other malware within their code and deploy it directly upon execution.
  • DDoS Trojans: They turn infected computers into zombie-like “bots” that participate in Distributed Denial-of-Service attacks that overwhelm and crash websites, servers, and online services, causing outages or financial damage.
  • Scareware or fake antivirus Trojans: This type of malware mimics legitimate security software, showing fake virus alerts to scare you into paying for a “premium” but useless version or further compromise the device.

Real-life Trojan attacks

  • Banking credential theft: The Zeus Trojan family spread through fake banking emails with links to infected websites. Once installed, it secretly captured online banking passwords and credit card details as users typed them. This led to millions of dollars in stolen funds and compromised accounts worldwide, forcing banks to implement stronger authentication measures.
  • Corporate data exfiltration: Emotet initially appeared as urgent invoice attachments and shipping notifications in business emails. After infection, it silently collected email contacts, login credentials, and sensitive documents from corporate networks. Companies faced significant data breaches, regulatory fines, and damaged customer trust as their confidential information was sold on criminal marketplaces.
  • Botnet recruitment: The Mirai Trojan targeted smart home devices by exploiting default login credentials on routers and security cameras. Infected devices became part of massive botnets used to launch devastating attacks that temporarily shut down major websites and services, while users were oblivious that their gadgets were being used for cyberattacks.
  • Multi-stage attacks: TrickBot masqueraded as software updates and legitimate business documents. Aside from stealing banking information, it installed ransomware that encrypted entire networks. Organizations faced operational shutdowns, hefty ransom demands, and costly recovery efforts that sometimes took months to complete.

By understanding the signs of a Trojan virus presence on your computer and using comprehensive security software, you dramatically reduce the danger and protect your digital life.

Signs of Trojan presence on your PC

A Trojan attack isn’t just a single event; it’s the entire process a cybercriminal uses to trick you into running malicious software. Recognizing the early warning signs is key. Here are some of the most common cues that can help you know if you have a Trojan virus attack in progress.

  • Slower than usual computer performance: Trojans tend to install additional malware that consumes computer processing units and memory resources. This can significantly slow your computer down and cause your operating system to become unstable and sluggish.
  • Unauthorized apps appear: A common symptom of Trojan infection is the sudden appearance of apps you don’t recall downloading or installing. If you notice an unfamiliar app from an unverified developer in your Windows Task Manager, there’s a good chance that it is malicious software installed by a Trojan.
  • Operating system crashes and freezes: Trojans can overwhelm your system and cause recurring crashes and freezes. An example of this is the Blue Screen of Death, a Windows error screen that means the system can no longer operate due to hardware failure or the termination of an important process.
  • Frequent browser redirects: A Trojan can manipulate your browser or modify domain name system settings to redirect the user to malicious websites. Frequent redirects are a red flag, so you should scan your computer the moment you notice an uptick in these redirect patterns.
  • Aggressive popups: If you’re noticing more pop-up ads than usual, especially those claiming your web browser or a media player is out of date, there’s a strong possibility that a Trojan has installed a malicious adware program on your PC. These fake alerts trick you into installing the Trojan instead of a real update.
  • Disabled security and other software. Trojans can interfere with applications and prevent them from running. A common mid-attack behavior is the Trojan deactivating your browser, apps such as word processing and spreadsheet software, or your antivirus or firewall, it’s a major red flag.
  • Unexpected password requests: The Trojan may display a fake system prompt asking you to re-enter your computer password or credentials for an online account, which it then captures.
  • Constant, unexplained network activity: Your computer’s internet connection may seem unusually busy even when you’re not using it. This could be the Trojan communicating with a remote server.

Recognizing these signs early allows you to act quickly. If something feels off, trusting your instinct and running a scan can help you find and contain a threat before it does significant harm.

4 best ways to check for a Trojan on your PC

If you’re noticing any of the symptoms above, it’s time to investigate further using automated tools and manual checks. A layered approach is the best way to find and confirm a Trojan infection. To get started, follow the steps below:

1. Scan your PC

The first step is to scan your PC using an antivirus software. Plenty of scan options are available on the market offering real-time protection from all types of malicious software threats, including viruses, rootkits, spyware, adware, ransomware, and Trojans. Some even feature on-demand and scheduled scanning of files and apps, advanced firewall for home network security, and compatibility with Windows, macOS, Android, and iOS devices.

2. Search for Trojans while in safe mode

The next step is to search for Trojans while your computer is in safe mode. In this phase, your device will run only the basic programs needed for Microsoft Windows operation, making it easy to spot any unfamiliar or suspicious programs. Here’s how to do it:

  1. Type “MSCONFIG.” in the search bar from the Start menu.
  2. Click on the “Boot” tab in the System Configuration box.
  3. Tick “Safe Mode” and click “Apply,” then “OK.”
  4. After the system restarts, re-open the configuration box.
  5. Click on “Startup.”
  6. Examine the list and see if there are any suspicious files.
  7. Disable any you deem suspicious.

3. Check processes in Windows Task Manager

Another effective way to detect if Trojans are in your system is to check the processes running in Windows Task Manager. This will allow you to see if there are any unfamiliar and unauthorized malicious programs or suspicious activity.

To go to the Task manager, press Ctrl+Alt+Del and click on the “Processes” tab. Review the list of active applications and disable the apps without verified publishers or ones you don’t remember downloading and installing.

4. Scan with Windows security

You can also scan your PC using built-in Windows virus and threat protection tools. Microsoft Defender (called Windows Defender Security Center in older versions of Windows 10) can perform virus scans and detect various types of malware. These are the parts to note:

Windows’ built-in security, known as Microsoft Defender, is a capable tool that can detect and remove many common Trojans. For basic protection, it provides a solid first line of defense and is far better than having no security at all. It handles known threats well and is constantly updated by Microsoft.

However, a dedicated security suite offers more comprehensive, layered protection. This goes beyond simple malware removal to include advanced features like a robust firewall, real-time phishing protection that blocks malicious websites before they load, identity safeguards, and a VPN for secure browsing. These layers work together to stop threats *before* they can infect your PC, which is always better than removing them after the fact.

Think of it as the difference between a standard lock on your door and a full home security system. For everyday, low-risk browsing, the built-in tool may be enough. But for anyone who banks, shops, or shares personal information online, the added protection of a full security suite provides essential peace of mind against a wider range of threats.

Remember to check your network

Most Trojans communicate with a remote command-and-control server to receive instructions or send stolen data through your internet connection. By monitoring your network activity, you can spot these hidden connections early. Unusual outbound traffic, unfamiliar IP addresses, or constant background data transfers are all red flags that something malicious might be operating behind the scenes.

  • Monitor active connections: Use the Resource Monitor tool in Windows (resmon.exe) to see which applications are using your network. Look for any unfamiliar processes making outbound connections.
  • Verify DNS and proxy settings: In your Windows network settings, check that your DNS server and proxy settings haven’t been changed. Trojans often alter these to redirect your traffic through malicious servers.
  • Firewall logs: Firewall logs can show repeated attempts by a specific program to connect to the internet, which is a strong indicator of a Trojan trying to communicate with its operator.

Choose the best Trojan scanner & removal tool

If you’re in the market for a tool that scans and removes Trojans, you have the option of free or premium tools. Whichever you choose, the key is to act quickly but carefully before the Trojan can cause any lasting damage.

Free tools are a great step

A free scan is the perfect first step to determine if you have a Trojan virus on your system. These no-cost tools provide an immediate way to detect potential threats and give you peace of mind about your PC’s security status.

Free Trojan scanners work by examining your system files, running processes, and common hiding spots where malware typically lurks. They check for known Trojan signatures, suspicious file behaviors, and registry modifications that indicate a possible infection. While they may not catch every advanced threat, they’re excellent for identifying common Trojans and giving you a clear starting point.

Simple steps to run your free scan

  1. Choose your scanner: Download a reputable free scanning tool from a trusted security provider’s official website. Ensure your scanner has the latest threat definitions for maximum effectiveness.
  2. Close other programs: Restart your PC in Safe Mode and close any unnecessary applications to improve scan performance and accuracy.
  3. Run a full system scan: Make sure you select the free tool’s comprehensive scan option to check all files, not just a quick scan.
  4. Review the results: Carefully examine any detected threats, noting their names and file locations. When threats are found, most free scanners will categorize them by risk level and provide recommended actions.
  5. Take action on findings: Quarantine or delete identified threats as recommended by the scanner. High-risk items should be immediately quarantined or deleted, while suspicious files may need further analysis. Be careful as some legitimate files can occasionally trigger false positives.
  6. Restart and rescan: Reboot your PC and run another scan to confirm that the Trojan or any threat was completely removed.

Free scanning tools give you valuable insight into your system’s health and serve as an excellent diagnostic tool to check Trojan presence. However, they typically offer detection and removal only, without the real-time protection needed to prevent future infections.

Comprehensive scanning with McAfee antivirus

For comprehensive security that stops threats before they can infect your system, consider upgrading to a complete security solution that provides continuous monitoring and advanced threat protection. Modern antivirus suites like McAfee Total Protection are expertly designed to detect and block Trojans. They use a layered security model that includes signature detection to identify known malware, behavioral analysis to spot suspicious activities characteristic of a Trojan, and artificial intelligence to protect against the very latest threats. Real-time protection actively scans files as you access them, while scheduled and manual scans allow you to thoroughly check your entire system for any hidden malware.

McAfee software is especially effective when it comes to scanning for Trojans and other types of malware and removing them before they can cause any damage to your computer system. With real-time, on-demand, and scheduled scanning of files and applications at your disposal, we’ll help you detect and eliminate any emerging threat in a timely manner.

Remove the Trojan from any platform

In any computer platform—Windows or macOS—the process of scanning and removing a Trojan with McAfee software is similar and absolutely achievable. These steps will help you regain control of your device:

  1. Disconnect your PC: Unplug your ethernet cable or turn off Wi-Fi to stop the Trojan from communicating online.
  2. Reboot in Safe Mode: Restart your computer in Safe Mode to prevent most malware from loading.
  3. Run a full antivirus scan: Use a trusted tool like McAfee to run a complete scan and quarantine or delete any threats it finds.
  4. For Mac: Run a full system scan with trusted security software designed for this device.
  5. Reset your browsers: Return your web browsers to their default settings to remove any malicious or unfamiliar extensions or changes. Update macOS to the latest version to patch security vulnerabilities.
  6. Reboot and rescan: Restart your PC normally and run another full scan to confirm the Trojan is completely gone.
  7. Change all your passwords: Once your computer is clean, immediately change passwords for your email, banking, and other important accounts.

Once you’ve completed the removal process, strengthen your defenses by enabling automatic updates, using reputable security software, and being cautious about downloads and email attachments. Regular system scans and keeping your software current are your best protection against future infections. With these steps, you can confidently clean your devices and prevent repeat attacks.

Quick tips to prevent a Trojan virus invasion

  • Keep software updated: Enable automatic updates for your operating system, web browser, and applications to patch security vulnerabilities.
  • Scrutinize emails: Do not open attachments or click links from unknown or suspicious senders. Verify requests for information.
  • Use strong, unique passwords: Employ a password manager to create and store complex passwords for each of your online accounts.
  • Enable a firewall: Ensure your network firewall is active to monitor and control incoming and outgoing network traffic.
  • Backup data regularly: Keep regular backups of your important files so you can restore them in case of a ransomware attack or data corruption.
  • Avoid risky downloads: Only download applications from official websites and trusted app stores.
  • Enable multi-factor authentication (MFA): Add this extra security layer to your important online accounts.
  • Use real-time protection: Ensure a comprehensive security suite like McAfee is always running to detect threats instantly.

FAQs about Trojans

What is a Trojan horse?

A Trojan is malware that disguises itself as a legitimate file or program. Once you run it, it can perform malicious actions such as stealing data or giving an attacker remote control of your PC.

How does a Trojan spread?

Trojans don’t spread on their own. They rely on you to download and run them. This often happens through phishing emails with fake attachments, malicious ads, or downloads of cracked software.

Can Macs and phones get infected by Trojans?

Yes. While less common than on Windows PCs, Trojans exist for all major operating systems, including macOS, Android, and iOS. It’s crucial to only install apps from official app stores to stay safe.

What is the quickest way to check for a Trojan?

The fastest and most reliable method to check for a Trojan in your computer is to run a full system scan with a trusted antivirus program. This will check all files and running processes for known threats.

How long does it take to remove a Trojan?

Removal time can vary. A good antivirus scan might find and remove it in under an hour. However, some complex Trojans may require more steps, like booting into Safe Mode, which can take longer.

What should I do immediately after removing a Trojan?

Once your system is clean, the first thing you should do is change the passwords for all your important accounts, especially email, banking, and social media, as the Trojan may have stolen them.

Final thoughts

Wondering if your computer has been infected by a Trojan can be worrying, but it’s a manageable issue with the right approach. By understanding the signs of a Trojan virus and using the detection methods outlined, you can take back control of your device’s security. To prevent getting infected by a Trojan, proactive measures such as safe online habits and the layered defense of a trusted security suite like McAfee are your best defenses. Stay vigilant and keep your software updated, so you can confidently navigate the digital world.

The post Best Ways to Check for a Trojan on Your PC appeared first on McAfee Blog.

How Agentic AI Will Be Weaponized for Social Engineering Attacks

By: Amy Bunn

We’re standing at the threshold of a new era in cybersecurity threats. While most consumers are still getting familiar with ChatGPT and basic AI chatbots, cybercriminals are already moving to the next frontier: Agentic AI. Unlike the AI tools you may have tried that simply respond to your questions, these new systems can think, plan, and act independently, making them the perfect digital accomplices for sophisticated scammers. The next evolution of cybercrime is here, and it’s learning to think for itself.

The threat is already here and growing rapidly. According to McAfee’s latest State of the Scamiverse report, the average American sees more than 14 scams every day, including an average of 3 deepfake videos. Even more concerning, detected deepfakes surged tenfold globally in the past year, with North America alone experiencing a 1,740% increase.

At McAfee, we’re seeing early warning signs of this shift, and we believe every consumer needs to understand what’s coming. The good news? By learning about these emerging threats now, you can protect yourself before they become widespread.

A Real-World Example: How Anthropic’s Claude AI Was Used for Espionage

A new case disclosed by Anthropic, first reported by Axios, marks a turning point: a Chinese state-sponsored group used the company’s Claude Code agent to automate the majority of an espionage campaign across nearly thirty organizations. Attackers allegedly bypassed guardrails through jailbreaking techniques, fed the model fragmented tasks, and convinced it that it was conducting defensive security tests. Once operational, the agent performed reconnaissance, wrote exploit code, harvested credentials, identified high-value databases, created backdoors, and generated documentation of the intrusion. In all, they completed 80–90% of the work without any human involvement.

This is the first publicly documented case of an AI agent running a large-scale intrusion with minimal human direction. It validates our core warning: agentic AI dramatically lowers the barrier to sophisticated attacks and turns what was once weeks of human labor into minutes of autonomous execution. While this case targeted major companies and government entities, the same capabilities can, and likely will, be adapted for consumer-focused scams, identity theft, and social engineering campaigns.

Understanding AI: From Simple Tools to Autonomous Agents

Before we dive into the threats, let’s break down what we’re actually talking about when we discuss AI and its evolution:

Traditional AI: The Helper

The AI most people know today works like a very sophisticated search engine or writing assistant. You ask it a question, it gives you an answer. You request help with a task, it provides suggestions. Think of ChatGPT, Google’s Gemini, or the AI features on your smartphone. They’re reactive tools that respond to your input but don’t take independent action.

Generative AI: The Creator

Generative AI, which powers many current scams, can create content like emails, images, or even fake videos (deepfakes). This technology has already made scams more convincing by cloning real human voices and eliminating telltale signs like poor grammar and obvious language errors.

The impact is already visible in the data. McAfee Labs found that for just $5 and 10 minutes of setup time, scammers can create powerful, realistic-looking deepfake video and audio scams using readily available tools. What once required experts weeks to produce can now be achieved for less than the cost of a latte—and in less time than it takes to drink it.

Agentic AI: The Independent Actor

Agentic AI represents a fundamental leap forward. These systems can think, make decisions, learn from mistakes, and work together to solve tough problems, just like a team of human experts. Unlike previous AI that waits for your commands, agentic AI can set its own goals, make plans to achieve them, and adapt when circumstances change

Key Characteristics of Agentic AI:

  • Autonomous operation: Works without constant human guidance from a cybercriminal
  • Goal-oriented behavior: Actively pursues specific objectives without requiring regular input.
  • Adaptive learning: Improves performance based on experience through previous attempts.
  • Multi-step planning: Can execute complex, long-term strategies based on the requirements of the criminal.
  • Environmental awareness: Understands and responds to changing conditions online.

Gartner predicts that by 2028, a third of our interactions with AI will shift from simply typing commands to fully engaging with autonomous agents that can act on their own goals and intentions. Unfortunately, cybercriminals won’t be far behind in exploiting these capabilities.

The Scammer’s Apprentice: How Agentic AI Becomes the Perfect Criminal Assistant

Think of agentic AI as giving scammers their own team of tireless, intelligent apprentices that never sleep, never make mistakes, and get better at their job every day. Here’s how this digital apprenticeship makes scams exponentially more dangerous.

Traditional scammers spend hours manually researching targets, scrolling through social media profiles, and piecing together personal information. Agentic AI recon agents operate persistently and autonomously, self-prompting questions like “What data do I need to identify a weak point in this organization?” and then collecting it from social media, breach data, exposed APIs and cloud misconfigurations.

What The Scammer’s Apprentice Can Do

  • Continuous surveillance: Monitors your social media posts, job changes, and online activity 24/7.
  • Pattern recognition: Identifies your routines, interests, and vulnerabilities from scattered digital breadcrumbs.
  • Relationship mapping: Understands your connections, colleagues, and family relationships.
  • Behavioral analysis: Learns from your communication style, preferred platforms, and response patterns.

Unlike traditional phishing that uses static messages, agentic AI can dynamically update or alter their approach based on a recipient’s response, location, holidays, events, or the target’s interests, marking a significant shift from static attacks to highly adaptive and real-time social engineering threats.

An agentic AI scammer targeting you might start with a LinkedIn message about a job opportunity. If you don’t respond, it switches to an email about a package delivery. If that fails, it tries a text message about suspicious account activity. Each attempt uses lessons learned from your previous reactions, becoming more convincing with every interaction.

AI-generated phishing emails achieve a 54% click-through rate compared to just 12% for their human-crafted counterparts. With agentic AI, scammers can create messages that don’t just look professional, they sound exactly like the people and organizations you trust.

The technology is already sophisticated enough to fool even cautious consumers. As McAfee’s latest research shows, social media users shared over 500,000 deepfakes in 2023 alone. The tools have become so accessible that scammers can now create convincing real-time avatars for video calls, allowing them to impersonate anyone from your boss to your bank representative during live conversations.

Advanced Impersonation Capabilities:

  • Voice cloning: Create phone calls that sound exactly like your boss, family member, senator, or bank representative
  • Writing style mimicry: Craft emails that perfectly match your company’s communication style.
  • Visual deepfakes: Generate fake video calls for “face-to-face” verification.
  • Context awareness: Reference specific projects, recent conversations, or personal details

Perhaps most concerning is agentic AI’s ability to learn and improve. As the AI interacts with more victims over time, it gathers data on what types of messages or approaches work best for certain demographics, adapting itself and refining future campaigns to make each subsequent attack more powerful, convincing, and effective. This means that every failed scam attempt makes the AI smarter for its next victim. Understanding how agentic AI will transform specific types of scams helps us prepare for what’s coming. Here are the most concerning developments:

Multi-Stage Campaign Orchestration

Agentic AI can potentially orchestrate complex multi-stage social engineering attacks, leveraging data from one interaction to drive the next one. Instead of simple one-and-done phishing emails, expect sophisticated campaigns that unfold over weeks or months.

Automated Spear Phishing at Scale

Traditional spear phishing required manual research and customization for each target. In the new world order, malicious AI agents will autonomously harvest data from social media profiles, craft phishing messages, and tailor them to individual targets without human intervention. This means cybercriminals can now launch thousands of highly personalized attacks simultaneously, each one crafted specifically for its intended victim.

Real-Time Adaptive Attacks

When a target hesitates or questions an initial approach, agents adjust their tactics immediately based on the response. This continuous refinement makes each interaction more convincing than the last, wearing down even skeptical targets through persistence and learning. Traditional red flags like “This seems suspicious” or “Let me verify this” no longer end the attack, they just trigger the AI to try a different approach.

Cross-Platform Coordination

These autonomous systems now independently launch coordinated phishing campaigns across multiple channels simultaneously, operating with an efficiency human attackers cannot match. An agentic AI scammer might contact you via email, text message, phone call, and social media—all as part of a coordinated campaign designed to overwhelm your defenses.

How to Protect Yourself in the Age of Agentic AI Scams

The rise of agentic AI scams requires a fundamental shift in how we think about cybersecurity. Traditional advice like “watch for poor grammar” no longer applies. Here’s what you need to know to protect yourself:

  • The Golden Rule: Never act on urgent requests without independent verification, no matter how convincing they seem.
  • Use different communication channels: If someone emails you, call them back using a number you look up independently
  • Verify through trusted contacts: When your “boss” asks for something unusual, confirm with colleagues or HR
  • Check official websites: Go directly to company websites rather than clicking links in messages
  • Trust your instincts: If something feels off, it probably is—even if you can’t identify exactly why

Understanding a New Era of Red Flags

Since agentic AI eliminates traditional warning signs, focus on these behavioral red flags:

High-Priority Warning Signs:

Emotional urgency: Messages designed to make you panic, feel guilty, or act without thinking

Requests for unusual actions: Being asked to do something outside normal procedures

Isolation tactics: Instructions not to tell anyone else or to handle something “confidentially”

Multiple contact attempts: Being contacted through several channels about the same issue

Perfect personalization: Messages that seem to know too much about your specific situation

How McAfee Fights AI with AI: Your Defense Against Agentic Threats

At McAfee, we understand that fighting AI-powered attacks requires AI-powered defenses. Our security solutions are designed to detect and stop sophisticated scams before they reach you. McAfee’s Scam Detector provides lightning-fast alerts, automatically spotting scams and blocking risky links even if you click them, with all-in-one protection that keeps you safer across text, email, and video. Our AI analyzes incoming messages using advanced pattern recognition that can identify AI-generated content, even when it’s grammatically perfect and highly personalized.

Scam Detector keeps you safer across text, email, and video, providing comprehensive coverage against multi-channel agentic AI campaigns. Beyond analyzing message content, our system evaluates sender behavior patterns, communication timing, and request characteristics that may indicate AI-generated scams. Just as agentic AI attacks learn and evolve, our detection systems continuously improve their ability to identify new threat patterns.

Protecting yourself from agentic AI scams requires combining smart technology with informed human judgment. Security experts believe it’s highly likely that bad actors have already begun weaponizing agentic AI, and the sooner organizations and individuals can build up defenses, train awareness, and invest in stronger security controls, the better they will be equipped to outpace AI-powered adversaries.

We’re entering an era of AI versus AI, where the speed and sophistication of both attacks and defenses will continue to escalate. According to IBM’s 2025 Threat Intelligence Index, threat actors are pursuing bigger, broader campaigns than in the past, partly due to adopting generative AI tools that help them carry out more attacks in less time.

Hope in Human + AI Collaboration

While the threat landscape is evolving rapidly, the combination of human intelligence and AI-powered security tools gives us powerful advantages. Humans excel at recognizing context, understanding emotional manipulation, and making nuanced judgments that AI still struggles with. When combined with AI’s ability to process vast amounts of data and detect subtle patterns, this creates a formidable defense.

Staying Human in an AI World

The rise of agentic AI represents both a significant threat and an opportunity. While cybercriminals will certainly exploit these technologies to create more sophisticated scams, we’re not defenseless. By understanding how these systems work, recognizing the new threat landscape, and combining human wisdom with AI-powered protection tools like McAfee‘s Scam Detector, we can stay ahead of the threats.

The key insight is that while AI can mimic human communication and behavior with unprecedented accuracy, it still relies on exploiting fundamental human psychology—our desire to help, our fear of consequences, and our tendency to trust. By developing better awareness of these psychological vulnerabilities and implementing verification protocols that don’t depend on technological red flags, we can maintain our security even as the threats become more sophisticated.

Remember: in the age of agentic AI, the most important security tool you have is still your human judgment. Trust your instincts, verify before you act, and never let urgency override prudence, no matter how convincing the request might seem.

The post How Agentic AI Will Be Weaponized for Social Engineering Attacks appeared first on McAfee Blog.

How Do Hackers Hack Phones and How Can I Prevent It?

By: Jasdev Dhaliwal

How do hackers hack phones? In several ways. But also, there are several ways you can prevent it from happening to you. The thing is that our phones are like little treasure chests. They’re loaded with plenty of personal data, and we use them to shop, bank, and take care of other personal and financial matters—all of which are of high value to identity thieves. However, you can protect yourself and your phone by knowing what to look out for and by taking a few simple steps. Let’s break it down by first understanding what phone hacking is, taking a look at some common attacks, and learning how you can prevent it.

What is phone hacking?

Phone hacking refers to any method where an unauthorized third party gains access to your smartphone and its data. This isn’t just one single technique; it covers a wide range of cybercrimes. A phone hack can happen through software vulnerabilities, like the spyware campaigns throughout the years that could monitor calls and messages. It can also occur over unsecured networks, such as a hacker intercepting your data on public Wi-Fi. Sometimes, it’s as simple as physical access, where someone installs tracking software on an unattended device. 

Types of smartphone hacks and attacks

Hackers have multiple avenues of attacking your phone. Among these common methods are using malicious apps disguised as legitimate software, exploiting the vulnerabilities of unsecure public Wi-Fi networks, or deploying sophisticated zero-click exploits that require no interaction from you at all. The most common method, however, remains social engineering, where they trick you into giving them access. Let’s further explore these common hacking techniques below.

Hacking software

Whether hackers sneak it onto your phone by physically accessing your phone or by tricking you into installing it via a phony app, a sketchy website, or a phishing attack, hacking software can create problems for you in a couple of ways:

  • Keylogging: In the hands of a hacker, keylogging works like a stalker by snooping information as you type, tap, and even talk on your phone.
  • Trojans: Trojans are malware disguised in your phone to extract important data, such as credit card account details or personal information.

Some possible signs of hacking software on your phone include:

  • A battery that drains way too quickly.
  • Your phone runs a little sluggish or gets hot.
  • Apps quit suddenly or your phone shuts off and turns back on.
  • You see unrecognized data, text, or other charges on your bill.

In all, hacking software can eat up system resources, create conflicts with other apps, and use your data or internet connection to pass your personal information into the hands of hackers.

Phishing attacks

This classic form of attack has been leveled at our computers for years. Phishing is where hackers impersonate a company or trusted individual to get access to your accounts or personal info or both. These attacks take many forms such as emails, texts, instant messages, and so forth, some of which can look really legitimate. Common to them are links to bogus sites that attempt to trick you into handing over personal info or that install malware to wreak havoc on your device or likewise steal information. Learning to spot a phishing attack is one way to keep yourself from falling victim to one.

Bluetooth hacking

Professional hackers can use dedicated technologies that search for vulnerable mobile devices with an open Bluetooth connection. Hackers can pull off these attacks when they are within range of your phone, up to 30 feet away, usually in a populated area. When hackers make a Bluetooth connection to your phone, they might access your data and info, yet that data and info must be downloaded while the phone is within range. This is a more sophisticated attack given the effort and technology involved.

SIM card swapping

In August of 2019, then CEO of Twitter had his phone hacked by SIM card swapping scam. In this type of scam, a hacker contacts your phone provider, pretends to be you, then asks for a replacement SIM card. Once the provider sends the new SIM to the hacker, the old SIM card is deactivated, and your phone number will be effectively stolen. This enables the hacker to take control of your phone calls, messages, among others. The task of impersonating someone else seems difficult, yet it happened to the CEO of a major tech company, underscoring the importance of protecting your personal info and identity online to prevent hackers from pulling off this and other crimes.

Vishing or voice phishing

While a phone call itself cannot typically install malware on your device, it is a primary tool for social engineering, known as vishing or voice phishing. A hacker might call, impersonating your bank or tech support company, and trick you into revealing sensitive information like passwords or financial details. They might also try to convince you to install a malicious app. Another common tactic is the “one-ring” scam, where they hang up hoping you’ll call back a premium-rate number. To stay safe, be wary of unsolicited calls, never provide personal data, block suspicious numbers, and check that your call forwarding isn’t enabled.

Low-power mode hacks

Generally, a phone that is powered off is a difficult target for remote hackers. However, modern smartphones aren’t always truly off. Features like Apple’s Find My network can operate in a low-power mode, keeping certain radios active. Furthermore, if a device has been previously compromised with sophisticated firmware-level malware, it could activate upon startup. The more common risk involves data that was already stolen before the phone was turned off or if the device is physically stolen. While it’s an uncommon scenario, the only sure way to take a device offline and completely sever all power is by removing the battery, where possible.

Camera hacks

Hacking a phone’s camera is referred to as camfecting, usually done through malware or spyware hidden within a rogue application. Once installed, these apps can gain unauthorized permission to access your camera and record video or capture images without your knowledge. Occasionally, vulnerabilities in a phone’s operating system (OS) have been discovered that could allow for this, though these are rare and usually patched quickly. Protect yourself by regularly reviewing app permissions in your phone’s settings—for both iOS and Android—and revoking camera access for any app that doesn’t absolutely need it. Always keep your OS and apps updated to the latest versions.

Android vs. iPhone: Which is harder to hack?

This is a long-standing debate with no simple answer. iPhones are generally considered more secure due to Apple’s walled garden approach: a closed ecosystem, a strict vetting process for the App Store, and timely security updates for all supported devices. Android’s open-source nature offers more flexibility but also creates a more fragmented ecosystem, where security updates can be delayed depending on the device manufacturer. However, both platforms use powerful security features like application sandboxing. 

The most important factor is not the brand but your behavior. A user who practices good digital hygiene—using strong passwords, avoiding suspicious links, and vetting apps—is well-protected on any platform.

Signs your phone has been hacked

Detecting a phone hack early can save you from significant trouble. Watch for key red flags: your battery draining much faster than usual, unexpected spikes in your mobile data usage, a persistently hot device even when idle, or a sudden barrage of pop-up ads. You might also notice apps you don’t remember installing or find that your phone is running unusually slow. To check, go into your settings to review your battery and data usage reports for any strange activity. The most effective step you can take is to install a comprehensive security app, like McAfee® Mobile Security, to run an immediate scan and detect any threats.

How to remove a hacker from your phone

Discovering that your phone has been hacked can be alarming, but acting quickly can help you regain control and protect your personal information. Here are the urgent steps to take so you can remove the hacker, secure your accounts, and prevent future intrusions.

  1. Disconnect immediately: Turn on Airplane Mode to cut off the hacker’s connection to your device via Wi-Fi and cellular data.
  2. Run an antivirus scan: Use a reputable mobile security app to scan your phone, and identify and remove malicious software.
  3. Review and remove apps: Manually check your installed applications. Delete any you don’t recognize or that look suspicious. While you’re there, review app permissions and revoke access for any apps that seem overly intrusive.
  4. Change your passwords: Using a separate, secure device, change the passwords for your critical accounts immediately—especially for your email, banking, and social media.
  5. Perform a factory reset: For persistent infections, a factory reset is the most effective solution. This will wipe all data from your phone, so ensure you have a clean backup—the time before you suspected a hack—to restore from.
  6. Monitor your accounts: After securing your device, keep a close eye on your financial and online accounts for any unauthorized activity.

10 tips to prevent your phone from being hacked

While there are several ways a hacker can get into your phone and steal personal and critical information, here are a few tips to keep that from happening:

  1. Use comprehensive security software. We’ve gotten into the good habit of using this on our desktop and laptop computers. Our phones? Not so much. Installing security software on your smartphone gives you a first line of defense against attacks, plus additional security features.
  2. Update your phone OS and its apps. Keeping your operating system current is the primary way to protect your phone. Updates fix vulnerabilities that cybercriminals rely on to pull off their malware-based attacks. Additionally, those updates can help keep your phone and apps running smoothly while introducing new, helpful features.
  3. Stay safe on the go with a VPN. One way that crooks hack their way into your phone is via public Wi-Fi at airports, hotels, and even libraries. This means your activities are exposed to others on the network—your bank details, password, all of it. To make a public network private and protect your data, use a virtual private network.
  4. Use a password manager. Strong, unique passwords offer another primary line of defense, but juggling dozens of passwords can be a task, thus the temptation to use and reuse simpler passwords. Hackers love this because one password can be the key to several accounts. Instead, try a password manager that can create those passwords for you and safely store them as well. Comprehensive security software will include one.
  5. Avoid public charging stations. Charging your device at a public station seems so convenient. However, some hackers have been known to juice jack by installing malware into the charging station, while stealing your passwords and personal info. Instead, bring a portable power pack that you can charge ahead of time. They’re pretty inexpensive and easy to find.
  6. Keep your eyes on your phone. Many hacks happen simply because a phone falls into the wrong hands. This is a good case for password or PIN protecting your phone, as well as turning on device tracking to locate your phone or wipe it clean remotely if you need to. Apple and Google provide their users with a step-by-step guide for remotely wiping devices.
  7. Encrypt your phone. Encrypting your cell phone can save you from being hacked and can protect your calls, messages, and critical information. To check if your iPhone is encrypted, go into Touch ID & Passcode, scroll to the bottom, and see if data protection is enabled. Typically, this is automatic if you have a passcode enabled. Android users have automatic encryption depending on the type of phone.
  8. Lock your SIM card. Just as you can lock your phone, you can also lock the SIM card that is used to identify you, the owner, and to connect you to your cellular network. Locking it keeps your phone from being used on any other network than yours. If you own an iPhone, you can lock it by following these simple directions. For other platforms, check out the manufacturer’s website.
  9. Turn off your Wi-Fi and Bluetooth when not in use. Think of it as closing an open door. As many hacks rely on both Wi-Fi and Bluetooth to be performed, switching off both can protect your privacy in many situations. You can easily turn off both from your settings by simply pulling down the menu on your home screen.
  10. Steer clear of unvetted third-party app stores. Google Play and Apple’s App Store have measures in place to review and vet apps, and ensure that they are safe and secure. Third-party sites may not have that process and might intentionally host malicious apps. While some cybercriminals have found ways to circumvent Google and Apple’s review process, downloading a safe app from them is far greater than anywhere else.

Final thoughts

Your smartphone is central to your life, so protecting it is essential. Ultimately, your proactive security habits are your strongest defense against mobile hacking. Make a habit of keeping your operating system and apps updated, be cautious about the links you click and the networks you join, and use a comprehensive security solution like McAfee® Mobile Security.

By staying vigilant and informed, you can enjoy all the benefits of your mobile device with confidence and peace of mind. Stay tuned to McAfee for the latest on how to protect your digital world from emerging threats.

The post How Do Hackers Hack Phones and How Can I Prevent It? appeared first on McAfee Blog.

A Guide to Remove Malware From Your iPhone

By: McAfee

Malicious software, also called malware, refers to any program or code engineered to harm or exploit computer systems, networks and devices. It affects your phone’s functionality, especially if you jailbreak your device—that is, opening your iOS to additional features, apps, and themes. 

The risks associated with a malware infection can range from poor device performance to stolen data. Cybercriminals typically use it to extract data—from financial data and healthcare records to emails and passwords—that they can leverage over victims for financial gain. 

Thanks to their closed ecosystem, built-in security features, and strict policies on third-party apps, Apple devices tend to be generally resilient against malware infections. It’s important to note, however, that they’re not completely without vulnerabilities.

Read on to learn how you can detect malware on your iPhone and how to remove these infections so you can get back to enjoying your digital activities.

What is iPhone malware?

While traditional self-replicating viruses are rare on iPhones, malware is a genuine threat for Apple devices. Malware typically enters through links in deceptive texts or emails or through downloaded, unvetted apps rather than system-wide infection. These are some types of malware that could infect your iPhone:

  • Adware: Once embedded into your phone, adware collects your personal data and learns browsing habits to determine what kinds of ads can be targeted to you. It then bombards your screen with pop-up ads.
  • Ransomware: This type of malware encrypts your files or locks you out of your computer, making the data inaccessible. The attackers then demand a ransom before releasing your encrypted files or systems.
  • Spyware: This malicious software sits on your device, tracks your online activities, then sends it to a central server controlled by third-party internet service providers, hackers, and scammers, who then exploit this information to their advantage.
  • Trojans: Disguised as a real, operational program, this type of malware steals passwords, PINs, credit card data, and other private information.

Understanding Apple’s built-in security layers

To keep you safe against malware and other threats, Apple engineers the iPhone with multiple security layers, including:

  • Secure Enclave: This hardware feature is a dedicated secure subsystem in Apple devices that protects your most sensitive data, such as Face ID or Touch ID information in a separate, fortified processor. 
  • Sandboxing: This process serves as a digital wall around each app, preventing it from meddling with other apps or accessing your core iOS system files. A downloaded app is first isolated or sandboxed to prevent it from accessing data in your iPhone or modifying the operating system. 
  • App Store review: Apple also enforces a process to strictly vet apps for malicious code, and it delivers rapid security patches via regular iOS updates to fix vulnerabilities quickly. 

Together, these features create a highly secure environment for iPhones. However, this robust shield does not eliminate all risks, as threats can still bypass these defenses through phishing scams or by tricking a user into installing a malicious configuration profile.

6 signs of malware on your iPhone and quick actions

If your iPhone is exhibiting these odd activities listed below, a manual scan is your first point of order. These quick actions are free to do as they are already integrated into your device.

  • Sudden battery drain: Your battery dies much faster than it should because malware is secretly running in the background. It could mean malware is running in the background and consuming a significant amount of power. To make sure that no such apps are installed on your phone, head over to Settings > Battery and select a period of your choice. Uninstall any unfamiliar apps that stand out.
  • Unexpected data spikes: You notice a sudden jump in your data usage, which could mean malware is sending information from your phone to a hacker’s server. Keep an eye on it if you suspect malware is in your system. To do so, go to Settings > Mobile Data and check if your data usage is higher than usual.
  • Constant pop-ups: Occasionally running into pop-up ads is inevitable when browsing the internet. However, your phone might be infected with adware if you’re getting them with alarming frequency. Never click the pop-ups. Instead, go to Settings > Safari and tap Clear History and Website Data. This can remove adware and reset your browser.
  • Overheating device: Your iPhone feels unusually hot, even when idle, as malicious software can cause the processor to work overtime. Restart your phone to terminate any hidden processes causing the issue.
  • Mysterious apps appear: You discover apps on your iPhone that you are certain you never downloaded. Take some time to swipe through all of your apps and closely inspect or uninstall any that you don’t recognize or remember downloading. 
  • Sluggish performance: Your phone becomes slow, apps crash unexpectedly, or the entire system freezes for no reason. A simple restart can often clear up performance issues and improve responsiveness.

The disadvantage of doing a manual scan is that it requires effort. In addition, it does not detect sophisticated malware, and only identifies symptoms rather than root causes.

Scan your iPhone for malware

If your iPhone persistently exhibits any of the red flags above despite your quick actions, you may have to investigate using a third-party security app to find the threats that manual checks don’t catch. 

Compared with manual or built-in scans, third-party solutions like McAfee Mobile Security offer automated, comprehensive malware scans by detecting a wider range of threats before they enter your digital space. While available at a premium, third-party security suites offer great value as they include full-scale protection that includes a safe browsing feature to protect your digital life and a virtual private network (VPN) for a more secure internet connection. 

How to remove malware from your iPhone

If the scan confirms the presence of malware on your iPhone, don’t worry. There’s still time to protect yourself and your data. Below is an action plan you can follow to remove malware from your device.

Update your iOS, if applicable

In many cases, hackers exploit outdated versions of iOS to launch malware attacks. If you don’t have the latest version of your operating system, it’s a good idea to update your iOS immediately to close this potential vulnerability. To do this, go to Settings > General > Software Update and follow the instructions to update your iPhone.

Restart your device

It might sound simple, but restarting your device can fix certain issues. The system will restart on its own when updating the iOS. If you already have the latest version, restart your iPhone now.

Clear your iPhone browsing history and data

If updating the iOS and restarting your device didn’t fix the issue, try clearing your phone’s browsing history and data. If you’re using Safari, go to Settings > Clear History and Website Data > Clear History and Data. Keep in mind that the process is similar for Google Chrome and most other popular web browsers.

Remove any suspicious apps

Malicious software, such as spyware and ransomware, often end up on phones by masquerading as legitimate apps. To err on the side of caution, delete any apps that you don’t remember downloading or installing.

Restore your iPhone

The option to restore to a previous backup is one of the most valuable features found on the iPhone and iPad. This allows you to restore your device to an iCloud backup version that was made before the malware infection. Go to Settings > General > Transfer or Reset iPhone > Erase All Content and Settings > Restore from iCloud Backup.

Factory reset your iPhone

A factory reset should be your last resort when other removal methods have failed, as it is a complete data wipe. That means it will erase all content and settings, including any malicious apps, profiles, or files, returning the software to its original, out-of-the-box state. That’s why it’s crucial to back up your essential data such as photos and contacts first. Also, remember to restore to an iCloud backup version *before* the malware infection to avoid reintroducing the infection. For the highest level of security, set the iPhone up as new and manually redownload trusted apps from the App Store. When you are ready to reset, go to Settings > General > Transfer or Reset iPhone > Erase All Content and Settings > Set Up as New iPhone.

How to detect spyware on your iPhone

Spyware is designed to be sneaky, but it leaves subtle traces. Pay attention to your iPhone’s behavior, such as the camera or microphone unexpectedly activating as indicated by a green or orange dot in the status bar, sudden battery drain, or your device overheating for no reason. Another major red flag is a spike in data usage when you aren’t actively using your phone.

For a deeper look, do this 5-minute check to see which apps have accessed your data, camera, and microphone. Look for any activity that seems suspicious or that you don’t recall authorizing. 

5-minute spyware check:

  • Scan for unknown apps: Scroll through your home screens and App Library for any apps you didn’t install.
  • Review the App Privacy Report: Check for recent sensor or network activity from apps that shouldn’t be active. Go to Settings > Privacy & Security > App Privacy Report
  • Check for unusual profiles: Go to Settings > General > VPN & Device Management. Remove any profiles you don’t recognize.
  • Look at battery usage: In Settings > Battery, look for unfamiliar apps consuming significant power.

Removing spyware from your iPhone

If you suspect your iPhone has been compromised, it’s important to act quickly. Here’s a step-by-step process to remove it, restore your privacy, and prevent future threats.

  1. Backup your essential data: Before making any changes, back up your photos, contacts, and other important files. Ensure you back up to a trusted location like iCloud or your computer.
  2. Update to the latest iOS: Apple frequently releases security patches. Go to Settings > General > Software Update and install any available updates to close vulnerabilities that spyware might exploit.
  3. Delete suspicious apps and profiles: Remove any apps you don’t recognize. Additionally, go to Settings > General > VPN & Device Management and delete any configuration profiles that you did not install yourself.
  4. Change your passwords: Once your device is clean, immediately change the passwords for your critical accounts, including your Apple ID, email, and banking apps.
  5. Enable two-factor authentication (2FA): For an added layer of security, enable 2FA on all important accounts, to make it much harder for anyone to gain unauthorized access, even if they have your password.
  6. Run a mobile security scan: The most reliable way to detect spyware is with a trusted mobile security app that can perform a comprehensive system scan to help flag any remaining malicious files or settings.
  7. When to escalate: If you suspect you are a victim of stalking or that your device was compromised for illegal activities, contact Apple Support for assistance and consider reporting the incident to law enforcement.

Don’t engage with fake virus pop-up scams

A common tactic used by scammers is the fake virus pop-up. These alarming messages appear while you are browsing, often using logos from Apple or other trusted companies, and claim your iPhone is infected. Their goal is to create panic, urging you to click a link, download a fake app, or call a fraudulent support number. Never interact with these pop-ups. Here’s a quick response plan when dealing with fake virus pop-up ads: 

  • The correct action is to close the Safari tab or the entire browser immediately. 
  • To be safe, clear your browsing data by going to Settings > Safari > Clear History and Website Data. This action removes any lingering scripts from the malicious page. 
  • You can also report phishing pages to help protect others.

Never enter personal information, passwords, or payment details on a page that appears from a pop-up ad.

Avoid malware from the start

The best way to protect your iOS device is to avoid malware in the first place. Follow these security measures to safeguard your device:

  • If you receive unexpected or unsolicited emails or texts, think before you tap the suspicious links to avoid phishing traps.
  • Stick only with apps from the Apple App store. Avoid installing apps from unvetted third-party stores.
  • Protect your device’s built-in defenses by avoiding the temptation to jailbreak your iPhone as this will remove most Apple security features.
  • Enable automatic updates of iOS and iTunes to stay in line with Apple’s security updates and bug fixes.
  • Back up your iPhone data regularly to iCloud or a computer so you can always restore it.
  • Avoid engaging with suspicious text messages on iMessage, as hackers use them to spread phishing scams.
  • Enable two-factor authentication on your Apple ID for a powerful extra layer of security.
  • Routinely review your app permissions to ensure they only have access to necessary data.
  • Install a trusted security app, such as McAfee Mobile Security, for proactive scanning and web protection.

FAQs about iPhone malware

Can my iPhone get a virus from opening an email?
Simply opening an email is very unlikely to infect your iPhone. However, clicking a malicious link or downloading an attachment from a phishing email can lead you to a harmful website or trick you into compromising your information. It’s the action you take, not opening the email itself, that creates the risk.

How do I know if a virus warning is real or fake?
Any pop-up in your browser that claims your iPhone has a virus is fake. Apple does not send notifications like this. These are scare tactics designed to trick you into clicking a link or calling a fake support number. The safest response is to close the browser tab and clear your browsing data.

Does my iPhone really need antivirus software?

It’s a misconception that iPhones are immune to all viruses. While Apple’s built-in security provides a strong defense, it doesn’t offer complete protection. Cybercriminals are increasingly using phishing, smishing, AI voice cloning, deepfake videos and other social engineering methods to target iPhone users. A comprehensive security app provides layered protection beyond the iOS integrated security. Think of it as adding a professional security guard to already-strong walls.

What is the best way to check my iPhone for a virus or malware for free?
You can perform manual checks for free by looking for suspicious apps, checking for unusual battery drain and data usage, and reviewing your App Privacy Report. While helpful for spotting obvious issues, these manual checks aren’t foolproof. A dedicated security app offers a more reliable and thorough analysis.

Can an iPhone get malware without jailbreaking it?
Yes. While jailbreaking significantly increases the risk, malware can still infect a non-jailbroken iPhone. This typically happens through sophisticated phishing attacks, installing malicious configuration profiles from untrusted sources, or, in very rare cases, by exploiting an unknown vulnerability in iOS, known as a “zero-day” attack.

Is an iPhone malware scan truly necessary?
Given the value of the personal data on our phones, a regular malware scan provides significant peace of mind. A reputable security app can identify vulnerabilities you might miss, such as outdated software or risky system settings, helping you maintain a strong security posture.

Final thoughts on iPhone malware protection

Keeping your iPhone secure from malware is an achievable goal that puts you in control of your digital safety. By combining smart habits with powerful security tools, you can confidently protect your personal information from emerging threats. 

McAfee is committed to empowering you with the resources and protection needed to navigate the online world safely. McAfee Mobile Security provides full protection against various types of malware targeting the Apple ecosystem. With safe browsing features, a secure VPN, and antivirus software, McAfee Security for iOS delivers protection against emerging threats, so you can continue to use your iPhone with peace of mind. Download the McAfee Mobile Security app today and get all-in-one protection.

The post A Guide to Remove Malware From Your iPhone appeared first on McAfee Blog.

Fortnite Impersonation Scams: A No-Nonsense Parent Guide

By: Jasdev Dhaliwal

Even years after its release, Fortnite still stands as the online “battle royale” game of choice, with millions of younger gamers packing its servers every month—along with fair share of scammers who want to target them both in and out of the game. What makes Fortnite such a proverbial hunting ground for scammers? The answer lies in an in-game economy—one fueled with its own virtual currency that’s backed by real dollars. As to how all that plays out, that calls for a closer look at the game. Fortnite’s in-game currency, V-Bucks, has become a prime target for cybercriminals. One of the most prevalent threats is the so-called “free V-Bucks generator” scam—a fraudulent scheme that promises players free or discounted V-Bucks in exchange for completing online forms, providing account credentials, or downloading software. These offers are entirely illegitimate. No third-party service can generate V-Bucks, and engaging with such sites puts users at significant risk of credential theft, malware infection, and financial fraud.

What is Fortnite?

Fortnite is player-versus-player game where up to 100 players fight as individuals, duos, or squads of up to four, battle on a cartoon-like island where the playable area increasingly shrinks as the game goes on. Along the way, players gain weapons and items that by rummaging through “loot boxes” or through bundles of loot left behind by eliminated players. Fortnite has several game modes, yet the most popular is the “battle royale” mode described here, where the last player, or team, left standing wins.

Is Fortnite free to play?

On the surface, Fortnite is free to play. However, money quickly enters the picture with Fortnite’s in-game currency known as V-Bucks. Players pay real money to purchase different amounts of V-Bucks through the Fortnite Item Shop or through official Fortnite V-Bucks gift cards available in stores and online.

Players use V-Bucks for all kinds of in-game purchases, notably outfits and game avatars known commonly as “skins” based on pop-culture icons like Marvel superheroes and popular singers, along with other game weapons and items. Further, players use V-Bucks to purchase “Battle Passes” that give them access to further in-game purchases and rewards. Finally, players can also purchase “Loot Llamas,” which are bundles of items, skins, and weapons as well (which players can also acquire these through gameplay to some degree).

And that’s where scammers enter the picture. Because wherever money changes hands online, scammers are sure to crop up. And with Fortnite in particular, players are more than willing to pay for V-Bucks, which can turn unwary kids into targets.

What are Fortnite scams, and what do they look like?

In all, players love spending V-Bucks because it lets them create custom avatars loaded with unique items. This makes up a big part of the game’s appeal above and beyond the gameplay itself, to the point where players sporting rarer skins and items take on the air of status symbols.

Bad actors out there do their best to capitalize on this mix of customization, status, and money with several types of scams designed to lure in young gamers. Put plainly, the game’s economy gives scammers a powerful emotional hook they can set—the drive to stand out on the battlefield is high.

Three of the most common Fortnite scams include:

Phishing scams

Just like shopping scams, fake ticket scams, and the like, these scams lure children into clicking links to phishing sites that promise in-game rewards, items, and discounted V-Bucks—but steal credit and debit card info. Young gamers might come across these links in search, yet YouTube has been rife with links to Fortnite scams as well. An examination of domains such as 750ge.com and ggfn.us reveals the use of established phishing methodologies coupled with malware delivery systems. These sites leverage Fortnite’s widespread appeal to attract users seeking free premium content, employing social engineering techniques that mirror those seen in Roblox-related scams and other forms of online fraud.

Social engineering scams

Scammers pose as friendly gamers and build up trust over time, only to betray that trust by asking children to share personal info, passwords, or credit card numbers for “discounted” V-Bucks or items. Some also get children to download malware, promising that the (harmful) app “generates” V-Bucks or gives them “upgrades” of some kind.

Account takeovers and ransoms

Also under the guise of providing items, upgrades, or V-Bucks, scammers persuade children into handing over their login info. This can give them access to personal and financial info contained in the Epic Games Launcher. Further, because some players have spent a great deal of time and money on their account, some scammers hold hijacked accounts for ransom—demanding payment for the return of the account. As it is with any kind of ransomware or ransom attack online, payment is no guarantee that the scammer will return the account.

How to Secure Your Epic Games Account

When it comes to protecting your Fortnite and Epic purchases, a few disciplined habits go a long way. Follow the guidance below to significantly reduce account-takeover risk and streamline recovery if something goes wrong.

Use Unique Passwords

Use a password that you don’t use anywhere else. Credential-stuffing attacks rely on recycled passwords from other breaches; a unique, long passphrase (ideally 14+ characters) blocks that common tactic. Consider a reputable password manager to generate and store complex credentials safely.

Enable Two-Factor Authentication (2FA)

Turn on 2FA so a one-time code is required at sign-in, stopping most unauthorized logins even if a password leaks. Epic supports email, SMS, and authenticator-app methods—use an app whenever possible for stronger protection. Note: 2FA is required for certain programs (e.g., tournaments, Support-A-Creator) and is strongly recommended for all players.

Secure and Verify your Email Address

Your email is the recovery backbone for your Epic account. Use an email you’ll keep long-term, enable that mailbox’s own 2FA, and verify the address within Epic. A verified, secured email makes account recovery faster and helps Player Support confirm ownership if there’s suspicious activity.

Link Your Social Accounts for Extra Security

Linking trusted single-sign-on options (e.g., Google) can simplify logins without creating yet another password—provided those social accounts are themselves protected with unique passwords and 2FA. Treat your SSO accounts as keys: if they’re well-secured, they reduce friction without sacrificing safety.

Keep Your Devices Secure

Good account security starts with healthy devices. Keep operating systems and browsers up to date, use reputable antivirus/anti-malware, and avoid installing unknown software or extensions. A compromised device can capture keystrokes and tokens regardless of how strong your password is.

Don’t Buy or Share Accounts

Buying, selling, or sharing accounts violates policy and exposes you to scams, chargebacks, and permanent loss of access. If someone else knows your password—or if ownership is disputed—support may not be able to help. Keep your credentials private and your account strictly personal.

Don’t Trust Suspicious Offers

Ignore sites and messages promising free or discounted V-Bucks, skins, or creator perks. These are common phishing and malware lures that mimic Epic branding to steal credentials or install harmful software. Only transact through official Epic channels and in-game menus.

If You Suspect Compromise

If you can still log in: immediately reset your email password, then your Epic password, and enable 2FA. Review recent logins and unlink unknown devices. If you can’t log in: work through Epic’s recovery steps starting with your email account and Epic password reset. Have purchase details handy to verify ownership.

What are the parental controls for Fortnite?

With many Fortnite scams, scammers need a way to speak with your child, ideally in the game itself. Fortunately, Fortnite has several parental controls that make it far more difficult for scammers to approach them and that give you further control over payments made through the platform.

Here are a few of the things you can manage from Fortnite’s parental controls:

Social permissions

This lets you manage your child’s online social interactions across Epic’s experiences and games by setting permissions for friend requests, voice and text chat, and mature language filtering.

Purchasing settings

Here you can set permissions to help prevent unauthorized payments while using Epic Games payment services.

Age-rating restrictions

You can manage which experiences your child can access in Fortnite, and which games your child can access in the Epic Games Store based on age ratings.

Time limit controls & time reports

Set time limits and view the total time your child spends in Fortnite and Unreal Editor for Fortnite (UEFN) each week. Choose if you want to receive email reports for your child’s time spent in Fortnite and UEFN.

Should I trust a website that’s offering free V-Bucks?

As Epic Games states, avoid trusting any offers for Epic Games products—such as free titles or V-Bucks that come from external or unverified sites, as they are likely scams. Legitimate promotions are only shared through the Epic Games Store, the official Epic Games website, or their verified social media channels, so if you don’t see it there, it’s not real.

Additionally, for parents of younger players …

Fortnite offers what Epic Games calls “Cabined Accounts,” a safer space that disables voice and text chat, while also disabling the ability to pay for items with real money. (In the U.S., Cabined Accounts are for children under 13 years old. Elsewhere, under that country’s age of digital consent.) Players with Cabined Accounts can still play titles from Epic Games like Fortnite, Rocket League or Fall Guys, but won’t be able to access certain features such as voice chat until their parent or guardian provides consent.

 

Source: Epic Games

What other parental controls can you set to keep your kids safe on Fortnite?

Be aware, though. The parental controls listed above only apply to games on the Epic Games platform. That means your child may still be able to access voice chat using the chat system built into the gaming console or device they’re playing on. So you’ll want to check out the parental controls on their console or device as well, which we’ve listed below:

PlayStation

PlayStation® 5 parental controls and PlayStation® 4 parental controls

Xbox

Xbox parental controls

Nintendo Switch

Nintendo Switch™ parental controls

Windows

Windows parental controls

iOS

iOS parental controls

Google Play

Google Play parental controls

More ways you can protect your kids from Fortnite and online game scams

Make sure your kids know that virtual money is often real money.

Whether it’s Fortnite V-Bucks or many of the other virtual currencies used in online games, many are tied back to real dollars. It costs real money to buy them. Ultimately, the same goes for the in-game purchases they make. Younger gamers don’t always make this connection, which is how we get the occasional headline story about a grade-school child who racks up a multi-thousand-dollar credit card bill. Have a sit-down with your child and help them understand this connection between “virtual” money and “real” money. And with that, you can have a follow-on chat about an allowance for online game purchases (which you can often set using a game’s parental controls). Do note, Epic Games does not offer legitimate V-Bucks generators outside their official platforms. Any site claiming otherwise is operating a fraud scheme that poses significant security risks to users.

Set the parental controls for the games they play.

We’ve outlined what Fortnite offers by way of parental controls, as well as the parental controls offered on several top gaming platforms. Once more, note that you’ll want to set parental controls on the any of the games your children play that include online chat or purchases. Granted, the controls vary from game to game, but a quick web search will let you know what your options are. In some cases, as with Fortnite, gaming companies have entire websites dedicated to parental controls and overall child safety.

Help your kids know the difference between “friends” in games and friends in real life.

As we outlined above, many scammers try to trick young gamers into thinking they’re a friend—when in fact any kind of “friendship” is part of a scam. Make sure you let them know it’s always okay to speak with you or another trusted adult if a “friend” asks them for personal info or anything that has to do with money. The same goes for asking them to chat on other apps outside the game, such as Whatsapp, or to meet up in person. Understandably, the answer to questions like these is always “no.” Note that some games and platforms let you report accounts for behavior like this. Use those tools as needed.

Use a credit card to pay for online games.

In the U.S., the Fair Credit Billing Act allows you to dispute charges. Additionally, some credit cards offer their own anti-fraud protections that can help you dispute a billing. Further, if your credit card offers online account alerts for when a purchase is made, set that up so you can track what your children are spending online. Lastly, use credit monitoring to track any unusual purchases. Credit monitoring like ours provides timely notifications and guidance so you can take action to tackle identity theft.

Get a scam detector working for you.

Phony sites, emails, texts, and on and on and on—scammers put them all into play. Yet a combination of features in our McAfee+ plans can help you and your children spot them.

McAfee’s Scam Detector helps you stay safer with advanced scam detection technology built to spot and stop scams across text messages, emails, and videos. Likewise, our Web Protection will alert you if a link might take you to a sketchy site. It’ll also block those sites if you accidentally tap or click on a bad link.

 

 

The post Fortnite Impersonation Scams: A No-Nonsense Parent Guide appeared first on McAfee Blog.

What to Know About Traveling to China for Business

By: Mitch Moxley
Recent developments and an escalating trade war have made travel to cities like Beijing challenging but by no means impossible.

How to Shop Safely During Amazon Prime Day

By: Jasdev Dhaliwal

As Amazon Prime Day approaches (July 8-11, 2025), millions of shoppers are gearing up for what promises to be one of the biggest online shopping events of the year. But while you’re hunting for deals, cybercriminals may be hunting for you. A recent devastating case from Montana serves as a stark reminder that not all “Amazon” calls are what they seem.

The $1 Million Nightmare: How It All Began

In April 2025, an elderly Missoula woman received what seemed like a routine customer service call. The caller claimed to be from Amazon’s fraud department and asked if she had recently purchased computer equipment. When she said no, the caller’s tone shifted to concern; they claimed her identity had been stolen, and immediate action was needed.

What followed was a masterfully orchestrated scam that would ultimately cost the woman nearly $1 million. The fake Amazon representative transferred her to what appeared to be the “Social Security Department,” where another scammer told her that her personal information had been linked to a money laundering investigation. To “protect” her funds, she was then connected to someone claiming to be a U.S. Marshal.

The supposed federal agent convinced her that the money in her bank accounts needed to be “legalized” to keep it safe from the criminals who had stolen her identity. Over multiple visits to her home, the woman handed over cash and gold to people she believed were federal agents protecting her life savings. Instead, she was systematically robbed.

The scam only unraveled when law enforcement, working with the victim, set up a sting operation. When 29-year-old Zabi Ullah Mohammed arrived for what he thought would be another pickup, police were waiting. They found nearly $70,000 in cash in his vehicle, along with airline tickets and rental car documents – evidence of a sophisticated, multi-state operation.

When Tariff Pressure Meets Scam Opportunity

This Montana case isn’t an isolated incident, it’s part of a growing trend that peaks during major shopping events like Prime Day. What makes this year particularly concerning is the economic backdrop driving consumer behavior.

With recently implemented tariffs now in effect, including 25% on certain goods from Canada and Mexico and additional levies on Chinese products, American households are feeling unprecedented financial pressure. Recent polling shows 73% of Americans expect significant price increases in the coming months, while economists project tariffs could cost the average household nearly $1,200 annually.

This economic anxiety is creating a perfect storm for scammers, as our research shows that 46% of shoppers plan to shop more during Prime Day specifically hoping to save money in light of tariff-related price hikes. Older consumers are particularly motivated by these concerns, with 68% of shoppers aged 65+ citing tariff worries as a key driver for increased online shopping – making them prime targets for sophisticated scams promising exclusive deals and savings.

“As inflation and tariffs push more people to hunt for deals, scammers are using generative AI to craft scams that are more polished, personal, and persuasive,” said Abhishek Karnik, Head of Threat Research at McAfee. “From retailer impersonations to hyper-realistic delivery scams, these threats are getting harder to spot. The good news is that the tools to fight back are getting smarter too. The best way to stay safe is to pause before you click, trust your instincts, and use AI-powered protection like McAfee’s Scam Detector to stay one step ahead.”

 

Figure 1. Examples of Amazon tariff and job scams

 

Figure 2. An example of a fake Amazon sign-in page.

 

 

Figure 3. Examples of Amazon phishing scams

 

The Scale of the Problem is Staggering

  • 81% of Americans plan to shop online during Prime Day 2025, creating a massive target pool for scammers
  • 15% of people have already fallen victim to online scams during Prime Day or similar major retail events.
  • Among scam victims, a shocking 84% lost money, with nearly 1 in 4 losing over $500.
  • While 89% of people report taking steps to stay safe, nearly two-thirds (65%) admit they’re not fully confident in their ability to spot a scam. That uncertainty is exactly what scammers are counting on. Designed to blend in with the shopping rush, today’s threats pressure people to click before they think.

The AI Threat is Real

  • 56% of Americans are more concerned about AI-generated scams this year than last year, particularly during major shopping events like Prime Day.
  • 36% of people have encountered deepfake scams involving fake celebrity endorsements during major sale events.
  • Among those who encountered deepfake scams, 71% reported that they or someone they know lost money.

The Vulnerability Factor

Older adults are particularly at risk, with 68% of shoppers aged 65+ saying tariff-related concerns motivate them to shop more online, potentially making them targets for scams promising “deals.” Heavy shoppers face the highest risk, with 23% reporting being scammed during major sale events – more than double the rate of light shoppers. More than one-third (35%) of scam victims don’t tell anyone about being defrauded. The main reasons for staying silent include embarrassment (27%), not wanting to appear gullible (24%), and shame (9%).

The Youth Risk Factor

Younger shoppers are far more likely to take risks on unfamiliar brands — especially on social media. Nearly a quarter of 18–34-year-olds say they’re willing to buy from unknown retailers if the deal looks good, with 22% of 18–24s and 21% of 25–34-year-olds ready to click “buy now” on offers from unknown brands. In stark contrast, older adults (65+) show extreme caution, with only 1% willing to engage with unfamiliar advertisements.

Social Shopping Platforms: Convenience Meets Danger

That openness comes with a serious trade-off. Platforms like TikTok Shop and Instagram Shopping are fast becoming hotspots for scam exposure. Nearly 1 in 3 young shoppers say they’ve encountered deepfake videos of influencers promoting deals or products that turned out to be scams during past sale events, and of those, a staggering 71% say either they or someone they know lost money. With 29% of shoppers browsing TikTok Shop and 10% using Instagram Shopping, these social platforms have become both a go-to destination for deals and a growing cybersecurity risk. The seamless integration of shopping and social content makes it easier than ever for scammers to blend fraudulent offers with legitimate content, creating a perfect storm of vulnerability.

How to Protect Yourself This Prime Day

The good news? These scams are preventable if you know what to watch for and take the right precautions. Here’s your defense playbook:

Verify Before You Trust

  • Amazon will never call you about suspicious account activity or unauthorized purchases
  • Always log into your Amazon account directly through amazon.com to check for real issues
  • Use Amazon’s Message Center – all legitimate communications from Amazon appear there
  • Never give personal information, passwords, or payment details over the phone

Watch for Red Flags

  • Urgent language demanding immediate action (“Your account will be closed in 24 hours!”)
  • Requests for payment via gift cards, wire transfers, or cash
  • Claims that you need to “verify” or “legalize” your money
  • Transfers to “government agencies” during the same call
  • Pressure to keep the call secret or not hang up

How to Protect Your Shopping Experience

  • Enable two-factor authentication on your Amazon account
  • Use strong, unique passwords or passkeys for your shopping accounts
  • Only shop on secure websites (look for “https://” and the padlock icon)
  • Monitor your bank and credit card statements regularly
  • Never click links in suspicious emails – go directly to the retailer’s website instead.
  • Use reputable online protection, such as McAfee’s Scam Detector to keep you safer from online shopping scams
  • Trust your gut – if it feels too urgent or too good to be true, it probably is

While 89% of people plan to take specific safety steps during Prime Day, the sophistication of modern scams means we all need to stay vigilant. The Montana woman’s story shows how even intelligent, cautious people can fall victim to well-orchestrated psychological manipulation.

This Prime Day, remember that the best deal is the one that doesn’t cost you your life savings. Legitimate retailers will never pressure you to act immediately or ask you to pay with untraceable methods. When in doubt, hang up, take a breath, and verify independently. Your skepticism might just save your bank account, and your peace of mind.

Key Takeaway: Amazon, and most other retailers, will not ask you to provide sensitive information over the phone or request payment via gift cards, wire transfers, or cash. When shopping this Prime Day, if something seems suspicious, it probably is. Trust your instincts and verify independently.

The post How to Shop Safely During Amazon Prime Day appeared first on McAfee Blog.

How Criminals Are Using AI to Clone Travel Agents and Steal Your Money

By: Jasdev Dhaliwal

Your dream vacation could become a nightmare if you fall for these sophisticated AI-powered scams. The travel industry is experiencing an unprecedented surge in AI-powered fraud. What started as simple fake booking websites has evolved into something far more sinister: criminals are now using artificial intelligence to clone the voices and identities of trusted travel agents, creating convincing impersonations that can fool even the most cautious travelers. 

Recent data paints a sobering picture. Booking.com reports a staggering 500 to 900 percent increase in travel scams over the past 18 months, largely driven by AI technology. McAfee research reveals that 30 percent of adults have either fallen victim to online travel scams or know someone who has while trying to save money on travel. 

The New Face of Travel Fraud: AI Voice Cloning

Gone are the days when scammers relied solely on poorly written emails with obvious typos. Today’s travel fraudsters are weaponizing AI voice cloning technology that requires as little as three seconds of audio to create a convincing replica of someone’s voice. Here’s how these sophisticated scams typically unfold: 

The Setup: Criminals research legitimate travel agents, tour operators, or booking specialists through social media, company websites, and online videos. They harvest voice samples from promotional videos, webinars, or even customer service recordings. 

The Clone: Using readily available AI tools—some costing as little as $5 to $10 per month—scammers create voice clones that perfectly mimic speech patterns, accents, and even emotional nuances of real travel professionals. 

The Hook: Armed with these cloned voices, criminals make convincing phone calls to potential victims, often claiming to represent established travel agencies or offering “exclusive” deals that create urgency to book immediately. 

Red Flags: How to Spot AI-Cloned Travel Agents 

While AI voice cloning technology has become incredibly sophisticated, there are still warning signs you can watch for: 

Listen for inconsistencies: Pay attention to unusual word choices, stilted language, or responses that seem rehearsed or robotic. AI-generated voices may struggle with emotional range or natural conversation flow. 

Verify through multiple channels: If someone claiming to be a travel agent unexpectedly contacts you, hang up and call the agency directly using a number you find independently—never redial the number that called you. 

Be wary of pressure tactics: Legitimate travel agents won’t pressure you to book immediately or demand payment through untraceable methods like wire transfers, cryptocurrency, or gift cards. 

Check for licensing and credentials: Ask for specific licensing information and verify it independently. Real travel agents are typically registered with industry organizations and local business bureaus. 

Beyond Voice Cloning: The Full Arsenal of AI Travel Scams

Voice cloning is just one weapon in the modern scammer’s arsenal. Criminals are also using AI to: 

Create convincing fake websites: AI tools can quickly generate professional-looking travel booking sites that mirror legitimate companies, complete with stolen branding and customer reviews. 

Generate fake reviews: AI-written testimonials can flood fake listings with glowing five-star reviews that seem authentic but are entirely fabricated. 

Produce deepfake videos: Some sophisticated scams now include video calls featuring AI-generated faces that can interact in real-time, making the deception even more convincing. 

Automate phishing campaigns: AI helps criminals create personalized emails and messages that target specific individuals based on their travel history and preferences. 

The Financial Impact: Why These Scams Are So Devastating

The financial consequences of AI-powered travel scams can be catastrophic. VPNRanks predicts that travel scam losses could reach $13 billion globally by 2025, with an average loss of nearly $1,000 per victim. Even more concerning, business travelers face a 65 percent higher risk of falling victim compared to leisure travelers. 

The sophistication of these scams means that even cybersecurity-savvy individuals can be caught off guard. In one notable case, a finance worker in Hong Kong was tricked by an AI-powered deepfake video call into transferring over $25 million to criminals who had used publicly available footage to impersonate multiple senior executives. 

How McAfee Protects You from AI-Powered Travel Scams

At McAfee, we understand that the same AI technology enabling these scams can also be our best defense against them. Our comprehensive McAfee+ protection suite includes several key features specifically designed to combat these emerging threats: 

McAfee Scam Detector: Our AI technology powers advanced scam detection that can identify suspicious patterns and behaviors. This includes recognizing potentially fraudulent communications before they reach you on text messages, email and even deepfake protection. 

Identity Monitoring and Alerts: Our comprehensive identity monitoring watches for signs that your personal information may have been compromised—a critical early warning system since scammers often research their targets extensively before launching attacks. 

Safe Browsing Protection: When you’re researching travel options online, our web advisor protection features block access to known malicious sites and warn you about suspicious domains in real-time. 

Personal Data Cleanup: We help remove your personal information from data broker sites that scammers often use to research potential victims, reducing your exposure to targeted attacks. 

Your Defense Strategy: Staying Safe in the Age of AI Scams

Protection against AI-powered travel scams requires a multi-layered approach combining technology, awareness, and smart practices: 

Verify independently: Always confirm travel arrangements through official channels. If someone calls claiming to represent a travel company, hang up and call the company directly using contact information from their official website. 

Be skeptical of urgency: Legitimate travel deals don’t require immediate action. Take time to research and verify any offer, especially if it involves upfront payments or personal information. 

Use secure payment methods: Avoid wire transfers, cryptocurrency, or gift cards for travel payments. Use credit cards that offer fraud protection and dispute resolution. 

Limit social media exposure: Be cautious about posting travel plans, photos, or videos that could provide scammers with material to clone your voice or research your activities. 

Trust your instincts: If something feels off about a conversation or offer, don’t ignore that feeling. It’s better to miss out on a potentially legitimate deal than fall victim to a sophisticated scam. 

The Road Ahead: Preparing for Future Threats

As AI technology continues to evolve, we can expect travel scams to become even more sophisticated. Future threats may include real-time deepfake video calls, AI-generated virtual travel agents with full conversational abilities, and hyper-personalized scams based on extensive data analysis. 

The key to staying protected is maintaining vigilance while leveraging advanced security tools. McAfee’s AI-powered protection evolves continuously to stay ahead of emerging threats, providing you with the most current defense against the latest scamming techniques. 

Your dream vacation should remain exactly that—a dream come true, not a financial nightmare. By staying informed about these threats and using comprehensive protection like McAfee’s identity and scam protection services, you can travel with confidence, knowing you’re protected against even the most sophisticated AI-powered fraud attempts. 

Remember: in our digital age, the best travel companion isn’t just a good guidebook—it’s robust cybersecurity protection that travels with you wherever you go.  

Ready to protect yourself from AI-powered scams? Learn how McAfee+ and its comprehensive identity theft protection and AI-powered scam detection is designed to keep you safe while traveling and beyond. 

The post How Criminals Are Using AI to Clone Travel Agents and Steal Your Money appeared first on McAfee Blog.

How To Do A Virus Scan

By: McAfee

New online threats emerge every day, putting our personal information, money and devices at risk. In its 2024 Internet Crime Report, the Federal Bureau of Investigation reports that 859,532 complaints of suspected internet crime—including ransomware, viruses and malware, data breaches, denials of service, and other forms of cyberattack—resulted in losses of over $16 billion—a 33% increase from 2023.

That’s why it is essential to stay ahead of these threats. One way to combat these is by conducting virus scans using proven software tools that constantly monitor and check your devices while safeguarding your sensitive information. In this article, we’ll go through everything you need to know to run a scan effectively to keep your computers, phones and tablets in tip-top shape.

What does a virus scan do?

Whether you think you might have a virus on your computer or devices or just want to keep them running smoothly, it’s easy to do a virus scan.

Each antivirus program works a little differently, but in general the software will look for known malware with specific characteristics, as well as their variants that have a similar code base. Some antivirus software even checks for suspicious behavior. If the software comes across a dangerous program or piece of code, the antivirus software removes it. In some cases, a dangerous program can be replaced with a clean one from the manufacturer.

Unmistakeable signs of a virus in your device

Before doing a virus scan, it is useful to know the telltale signs of viral presence in your device. Is your device acting sluggish or having a hard time booting up? Have you noticed missing files or a lack of storage space? Have you noticed emails or messages sent from your account that you did not write? Perhaps you’ve noticed changes to your browser homepage or settings? Maybe you’re seeing unexpected pop-up windows, or experiencing crashes and other program errors. These are just some signs that your device may have a virus, but don’t get too worried yet because many of these issues can be resolved with a virus scan.

Are free virus scanner tools safe and sufficient?

Free virus scanner tools, both in web-based and downloadable formats, offer a convenient way to perform a one-time check for malware. They are most useful when you need a second opinion or are asking yourself, “do I have a virus?” after noticing something suspect.

However, it’s critical to be cautious. For one, cybercriminals often create fake “free” virus checker tools that are actually malware in disguise. If you opt for free scanning tools, it is best to lean on highly reputable cybersecurity brands. On your app store or browser, navigate to a proven online scanning tool with good reviews or a website whose URL starts with “https” to confirm you are in a secure location.

Secondly, free tools are frequently quite basic and perform only the minimum required service. If you choose to go this path, look for free trial versions that offer access to the full suite of premium features, including real-time protection, a firewall, and a VPN. This will give you a glimpse of a solution’s comprehensive, multi-layered security capability before you commit to a subscription.

Cloud-based virus solutions

If safeguarding all your computers and mobile devices individually sounds overwhelming, you can opt for comprehensive security products that protect computers, smartphones and tablets from a central, cloud-based hub, making virus prevention a breeze. Many of these modern antivirus solutions are powered by both local and cloud-based technologies to reduce the strain on your computer’s resources.

Online virus scan: A step-by-step guide

This guide will walk you through the simple steps to safely scan your computer using reliable online tools, helping you detect potential threats, and protect your personal data.

1. Choose a trusted provider

When selecting the right antivirus software, look beyond a basic virus scan and consider these key features:

  • Real-time protection. This is paramount, as it actively blocks threats before they can execute.
  • An effective solution must also have a minimal performance impact so it doesn’t slow down your device.
  • Look for a program with an intuitive interface that makes it easy to schedule scans and manage settings.
  • The best protection goes beyond a simple virus detector. It should include features such as a firewall, a secure VPN for safe browsing, and identity protection.
  • Look for reliable brands with positive reviews and clear privacy policies, and that provide a powerful virus scanner and proactive protection for both Android and iOS devices.

2. Initiate the scan

The process of checking for viruses depends on the device type and its operating system. Generally, however, the virus scanner will display a “Scan” button to start the process of checking your system’s files and apps.

Here are more specific tips to help you scan your computers, phones and tablets:

On a Windows computer

If you use Windows 11, go into “Settings” and drill down to the “Privacy & Security > Windows Security > Virus & Threat Protection” tab, which will indicate if there are actions needed. This hands-off function is Microsoft’s own basic antivirus solution called Windows Defender. Built directly into the operating system and enabled by default, this solution provides a baseline of protection at no extra cost for casual Windows users. However, Microsoft is the first to admit that it lags behind specialized paid products in detecting the very latest zero-day threats.

On a Mac computer

Mac computers don’t have a built-in antivirus program, so you will have to download security software to do a virus scan. As mentioned, free antivirus applications are available online, but we recommend investing in trusted software that is proven to protect you from cyberthreats.

If you decide to invest in more robust antivirus software, running a scan is usually straightforward and intuitive. For more detailed instructions, we suggest searching the software’s help menu or going online and following their step-by-step instructions.

On smartphones and tablets

Smartphones and tablets are powerful devices that you likely use for nearly every online operation in your daily life from banking, emailing, messaging, connecting, and storing personal information. This opens your mobile device to getting infected through malicious apps, especially those downloaded from unofficial stores, phishing links sent via text or email, or by connecting to compromised wi-fi networks.

Regular virus scans with a mobile security software are crucial for protecting your devices. Be aware, however, that Android and IOS operating systems merit distinct solutions.

Antivirus products for Android devices abound due to this system’s open-source foundation. However, due to Apple’s strong security model, which includes app sandboxing, traditional viruses are rare on iPhones and iPads. However, these devices are not immune to all threats. You can still fall victim to phishing scams, insecure Wi-Fi networks, and malicious configuration profiles. Signs of a compromise can include unusual calendar events, frequent browser redirects, or unexpected pop-ups.

Apple devices, however, closed platform doesn’t easily accommodate third-party applications, especially unvetted ones. You will most likely find robust and verified antivirus scanning tools on Apple’s official app store.

Scanning files and attachments safely

Before you open any downloaded file or email attachment, it’s wise to check it for threats. To perform a targeted virus scan on a single file, simply right-click the file in Windows Explorer or macOS Finder and select the “Scan” option from the context menu to run the integrated virus checker on a suspicious item.

For an added layer of security, especially involving files from unknown sources, you can use a web-based file-checking service that scans for malware. These websites let you upload a file, which is then analyzed by multiple antivirus engines. Many security-conscious email clients also automatically scan incoming attachments, but a manual scan provides crucial, final-line defense before execution.

3. Review scan results and take action

Once the scan is complete, the tool will display a report of any threats it found, including the name of the malware and the location of the infected file. If your antivirus software alerts you to a threat, don’t panic—it means the program is doing its job.

The first and most critical step is to follow the software’s instructions. It might direct you to quarantine the malicious file to isolate the file in a secure vault where it can no longer cause harm. You can then review the details of the threat provided by your virus scanner and choose to delete the file permanently, which is usually the safest option.

After the threat is handled, ensure your antivirus software and operating system are fully updated. Finally, run a new, full system virus scan to confirm that all traces of the infection have been eliminated. Regularly backing up your important data to an external drive or cloud service can also be a lifesaver in the event of a serious infection.

4. Schedule an automatic scan for continuous protection

The most effective way to maintain your device’s security is to automate your defenses. A quality antivirus suite allows you to easily schedule a regular virus scan so you’re always protected without having to do it manually. A daily quick scan is a great habit for any user; it’s fast and checks the most vulnerable parts of your system. Most antivirus products regularly scan your computer or device in the background, so a manual scan is only needed if you notice something dubious, like crashes or excessive pop-ups. You can also set regular scans on your schedule, but a weekly full scan is ideal.

Final thoughts

These days, it is essential to stay ahead of the wide variety of continuously evolving cyberthreats. Your first line of defense against these threats is to regularly conduct a virus scan. You can choose among the many free yet limited-time products or comprehensive, cloud-based solutions.

While many free versions legitimately perform their intended function, it’s critical to be cautious as these are more often baseline solutions while some are malware in disguise. They also lack the continuous, real-time protection necessary to block threats proactively.

A better option is to invest in verified, trustworthy, and all-in-one antivirus products like McAfee+ that, aside from its accurate virus scanning tool, also offers a firewall, a virtual private network, and identity protection. For complete peace of mind, upgrading to a paid solution like McAfee Total Protection is essential for proactively safeguarding your devices and data in real-time, 24/7.

The post How To Do A Virus Scan appeared first on McAfee Blog.

7 Signs Your Phone Has a Virus and What You Can Do

By: McAfee

We use our smartphones for everything under the sun, from work-related communication to online shopping, banking transactions, and social media. For this reason, our phones store a lot of personal data, including contacts, account details, and bank account logins

High online usage also makes your devices vulnerable to viruses, a type of malware that replicate themselves and spread throughout the entire system. They can affect your phone’s performance or, worse, compromise your sensitive information so that hackers can benefit monetarily.

In this article, we will give you a rundown of viruses that can infect your phone and how you can identify and eliminate them. We will also provide some tips for protecting your phone from viruses in the first place.

iOS vs Android

iPhones and Android devices run on different operating systems, hence differences in how they resist viruses and how these affect each system.

While iOS hacks can still happen, Apple’s operating system is reputed to be highly resistant from viruses because of its design. By restricting interactions between apps, Apple’s operating system limits the movement of a virus across the device. However, if you jailbreak your iPhone or iPad to unlock other capabilities or install third-party apps, then the security restrictions set by Apple’s OS won’t work. This exposes your iPhone and you to vulnerabilities that cybercriminals can exploit. 

Android phones, while also designed with cybersecurity in mind, rely on open-source code, making them an easier target for hackers. Additionally, giving users the capability to install third-party apps from alternative app stores such as the Amazon or Samsung Galaxy app stores makes Android devices open to viruses. 

Types of phone viruses

Cybercriminals today are sophisticated and can launch a variety of cyberattacks on your smartphone. Some viruses that can infect your phone include: 

  • Malware: Malware encompasses programs that steal your information or take control of your device without your permission.
  • Adware: These are ads that can access information on your device if you click on them.
  • Ransomware: These prevent you from accessing your phone again unless you pay a ransom to the hacker. The hacker may also use your personal data such as pictures as blackmail.
  • Spyware: This tracks your browsing activity, then steals your data or affects your phone’s performance.
  • Trojan: Aptly named, this type of virus hides inside an app to take control of or affect your phone and data.

Common ways phones get infected

Ultimately, contracting a virus on your phone or computer comes down to your browsing and downloading habits. These are the most common ways it could happen:

  • Clicking on links or attachments from unverified sources, and mostly distributed through emails and text messages
  • Clicking on seemingly innocent ads that take you to an unsecured webpage or download mobile malware to your device
  • Visiting questionable websites, often ignoring security warnings
  • Downloading malicious apps from unverified sources, usually outside the Apple App Store or Google Play Store
  • Connecting to an unsecured internet connection like public wi-fi

7 signs your phone has a virus

Now that you know how your phone could be infected by a virus, look out for these seven signs that occur when malicious software is present:

1. You see random pop-up ads or new apps

Most pop-up ads don’t carry viruses but are only used as marketing tools. However, if you find yourself closing pop-up ads more often than usual, it might indicate a virus on your phone. These ads might be coming from apps in your library that you didn’t install. In this case, uninstall them immediately as they tend to carry malware that’s activated when the app is opened or used.

2. Your device feels physically hot

When you accidentally download apps that contain malware, your device has to work harder to continue functioning. Since your phone isn’t built to support malware, there is a good chance it will overheat.

3. Random messages are sent to your contacts

If your contacts receive unsolicited scam emails or messages on social media from your account, especially those containing suspicious links, a virus may have accessed your contact list. It’s best to let all the recipients know that your phone has been hacked so that they don’t download any malware themselves or forward those links to anybody else.

4. The device responds slowly

An unusually slow-performing device is a hint of suspicious activity on your phone. The device may be slowing down because it is working harder to support the downloaded virus. Alternatively, unfamiliar apps might be taking up storage space and running background tasks, causing your phone to run slower.

5. You find fraudulent charges on your accounts

Are you finding credit card transactions in your banking statements that you don’t recognize? It could be an unfamiliar app or malware making purchases through your account without your knowledge.

6. The phone uses excess data

A sudden rise in your data usage or phone bill can be suspicious. A virus might be running background processes or using your internet connection to transfer data out of your device for malicious purposes.

7. Your battery drains quickly

An unusually quick battery drain may also cause concern. Your phone will be trying to meet the energy requirements of the virus, so this problem is likely to persist for as long as the virus is on the device.

How to Detect and Remove a Virus on Your Phone

You may have an inkling that a virus resides in your phone, but the only way to be sure is to check. An easy way to do this is by downloading a trustworthy antivirus app that will prevent suspicious apps from attaching themselves to your phone and secures any public connections you might be using.

Another way to check your phone is to follow these step-by-step processes, depending on the type of phone you use:

Check your iPhone for malware

  1. Check battery usage: Go to Settings > Battery. Scroll down to see the battery usage by app. If you see an app you don’t recognize or an app with unusually high usage, it could be a sign of malicious activity.
  2. Review app list and storage: Carefully examine all the apps installed on your phone. If you find an app that you don’t remember downloading, it could be malware. Uninstall it immediately. Also, check Settings > General > iPhone Storage for any strange or unexpected data usage by apps.
  3. Monitor data consumption: Navigate to Settings > Cellular. Review the data usage for each app. A virus on your phone can consume large amounts of data by running in the background and communicating with a hacker’s server.
  4. Look for jailbreak evidence: If you didn’t jailbreak your phone but see apps like Cydia or Sileo, it’s a major red flag. Someone with physical access to your phone may have jailbroken it to install spyware or other malware.
  5. Run an iOS security app: For peace of mind and a thorough check, use a reputable security application to help you scan for system threats, secure your wi-fi connection, and help identify risks that are not immediately obvious.

Run a malware scan on an Android device

  1. Utilize Google Play Protect: This Android’s built-in malware protection is your first line of defense to know if your phone has a virus. Open the Google Play Store app, tap on your profile icon, and select Play Protect. Tap “Scan” to check your apps for harmful behavior.
  2. Boot into safe mode: If your phone is lagging or crashing, restarting in Safe Mode can help. Press and hold the power button, then tap and hold the “Power off” option until the “Reboot to safe mode” prompt appears. In Safe Mode, all third-party apps are disabled. If the issues disappear, a recently installed app is likely the culprit. You can then uninstall suspicious apps one by one.
  3. Review app permissions: Go to Settings > Apps and check the permissions for each app. Is a simple game asking for access to your contacts and microphone? That’s a red flag. Revoke any permissions that seem unnecessary for an app’s function. This helps prevent spyware from collecting your data.
  4. Install a trusted antivirus app: For the most comprehensive protection, install a top-rated security app like McAfee Mobile Security. Running a full scan will detect and help you quarantine or remove malicious files and apps that built-in tools might miss, providing a clear path on how to clean your phone from a virus.

How to remove a virus from your device

Once you have determined that a virus is present on your iPhone or Android device, there are several things you can do. 

  • Download antivirus software or a mobile security app to help you locate existing viruses and malware. By identifying the exact problem, you know what to get rid of and how to protect your device in the future. 
  • Do a thorough sweep of your app library to make sure that whatever apps are on your phone were downloaded by you. Delete any apps that aren’t familiar.
  • To protect your information, delete any sensitive text messages and clear history regularly from your mobile browsers. Empty the cache in your browsers and apps.
  • In some instances, you may need to reboot your smartphone to its original factory settings. This can lead to data loss, so be sure to back up important documents to the cloud.
  • Create strong passwords for all your accounts after cleaning up your phone, and protect them using a password manager. This tool uses the most robust encryption algorithms so only you have access to your information.

7 tips to protect your phone from viruses

Caring for your phone is a vital practice to protect your information. Follow these tips to stay safe online and help reduce the risk of your phone getting a virus. 

  • Only download apps only from a trusted source, i.e., the app store or other verified stores. Before installing, read the app reviews and understand how the app intends to use your data.
  • Set up strong, unique passwords for your accounts instead of reusing the same or similar passwords. This prevents a domino effect in case one of the accounts is compromised.
  • Think twice before you click on a link. If a link looks suspicious, trust your gut! Avoid clicking on it until you have more information about its trustworthiness. These links can be found across messaging services and are often part of phishing scams. 
  • Clear your cache periodically. Scan your browsing history to get rid of any links that seem suspicious. 
  • Avoid saving login information on your browsers and log out when you’re not using a particular browser. Although this is a convenience trade-off, it’s harder for malware to access accounts you’re not logged into during the attack.
  • Update your operating system and apps frequently. Regular updates build upon previous security features. Sometimes, these updates contain security patches created in response to specific threats in prior versions. 
  • Don’t give an app all the permissions it asks for. Instead, you can choose to give it access to certain data only when required. Minimizing an application’s access to your information keeps you safer.
  • Avoid using unsecure internet connections such as public wi-fi. If it is unavoidable, it is ideal to have a secure virtual private network that encrypts your data to make unsecured networks safe to use.

Final Thoughts

You have come to heavily rely on your smartphones for many online activities and storage of much of your personal data, including contacts, account details, and bank account logins. This puts your devices at high risk of being infected by viruses that impact not just your phone’s performance but also of being compromised by cybercriminals.

To help you protect your device and personal information, the award-winning McAfee Mobile Security solution regularly scans for threats transmitted through suspicious links in text messages, emails or downloads, and blocks them in real time. McAfee Mobile Security is a reputable security application that filters risky emails and phishing attempts so your inbox stays secure, while providing a secure virtual private network. It is also capable of spotting deepfake videos so you can stay ahead of misinformation. With McAfee, you can rest easy knowing your mobile phone is protected from the latest cyberthreats.

The post 7 Signs Your Phone Has a Virus and What You Can Do appeared first on McAfee Blog.

Love, Lies, and Long Flights: How to Avoid Romance Scams While Traveling This Summer 

By: Jasdev Dhaliwal

Ah, summer. The season of sun-soaked beaches, bucket list adventures, and Instagram-worthy Aperol Spritzes. For many, it’s also a time of new connections—whether it’s a whirlwind vacation romance, a flirtatious chat over sangria, or that handsome stranger who slides into your DMs while you’re posting travel pics. 

But while your heart may be on holiday, romance scammers are very much on the job. 

Every summer, there’s a spike in cybercrime that preys on people’s heightened emotions, loneliness, and lowered guard while traveling. Romance scams aren’t just the stuff of Netflix documentaries or embarrassing Reddit threads—they’re a multi-billion dollar business. In fact, in the U.S. alone, consumers reported losing $1.3 billion to romance scams in 2023, according to the FTC. And those are just the ones who reported it. 

Whether you’re vacationing in Ibiza or just swiping Tinder in Tuscany, here’s what you need to know to keep your love life and your bank account scam-free this summer. 

Why Summer Travel Is Peak Romance Scam Season

Let’s break down the perfect storm: 

  1. You’re relaxed, open, and more trusting. 
  2. You’re sharing your location and travel plans publicly. 
  3. You’re looking for connection—romantic or otherwise. 
  4. And you may be unfamiliar with local customs or risks. 

Scammers love this combo. It gives them everything they need to make you feel special, disarmed, and emotionally invested—before making their move. 

And don’t think these scams are limited to dating apps. They happen on Facebook, Instagram, TikTok, WhatsApp, Airbnb experiences, and yes, even LinkedIn. Love (and deception) finds a way. 

Classic Romance Scam Red Flags (Even While Abroad)

No matter where you are in the world, these red flags are global. If your new summer fling is showing any of these signs, take a step back before you step deeper in: 

They move too fast.
They say they love you after two days. They want to video call all the time. They talk about marriage before you’ve even exchanged last names. Classic sign of love bombing. 

They avoid meeting in person or always have a reason to cancel.
Even if you’re in the same city, they’ll say they’re stuck at customs, quarantining, or detained by border patrol (yes, really). This isn’t just shady—it’s scripted. 

They need money—urgently.
Hospital bill. Stolen passport. Emergency flight. Sick relative. Whatever it is, it’s always an emergency and always comes with a request for money, gift cards, or cryptocurrency. 

They ask you to keep the relationship private.
“Let’s keep this just between us.” Translation? “Please don’t tell your smarter friends who would spot me a mile away.” 

They want to take the chat off-platform.
If someone you met on a dating app pushes you onto WhatsApp, Telegram, or a private email chain quickly, it’s a red flag. 

How to Spot Travel Triggered Romance Scams

Summer brings out some unique variations on the classic romance scam, here are a number of the common types of travel romance scams. 

The “Travel Buddy” Scam
You meet someone on a travel app or forum who wants to join your trip. They seem cool—until they ghost you after you book everything in their name. Or worse, they show up and mooch off you the entire time. 

The “Local Lover” Scam
A charming local sweeps you off your feet. They say they want to visit you in your home country, but need help with a visa fee, plane ticket, or travel insurance. 

The “Digital Dater” Abroad
You’re on vacation and your dating app blows up with matches. Coincidence? Hardly. Scammers geo-fence popular tourist zones because they know travelers are emotionally available and often disconnected from their usual guardrails. 

The “Crypto Casanova”
You match with someone on a dating app who subtly mentions they’ve made loads of money on crypto. Soon, they offer to help you invest. Spoiler alert: the platform they send you to is fake. Your money is gone, and so are they. 

McAfee’s Top Ten Tips to Protect Your Heart and Wallet While Traveling

You don’t have to be a digital hermit on your holiday. But you do need a bit of cyber street smarts. Here’s how to travel (and flirt) safely: 

  1. Keep Your Personal Info Private

No sharing your hotel, flight info, or travel itinerary with someone you just met online. And definitely don’t post your boarding pass or hotel room number on socials. 

  1. Don’t Send Money—Ever.

Not for flights, food, phone credit, visas, crypto, or “emergencies.” If someone asks for money, it’s a scam. Every. Single. Time. 

  1. Reverse Image Search Their Photos

If someone seems too good to be true, screenshot their profile pics and run a reverse image search. If they’re stolen from a model or influencer, you’ll know quickly. 

  1. Use Dating Apps with Built-In Safety Features

Stick with apps that offer verified profiles, video chat, and in-app messaging. The more friction between you and scammers, the better. 

  1. Trust Your Gut but Also Your Brain

If something feels off, it probably is. Don’t let the vacation buzz cloud your common sense. 

  1. Watch for Time Zone Gaps

If someone claims to be in Paris but always replies at 3 a.m. Paris time? Red flag. 

  1. Stay Sober, Stay Sharp

A few too many cocktails and you’re more likely to miss signs of manipulation or send info you shouldn’t. Scammers love an intoxicated target. 

  1. Tell a Friend

Let someone back home know who you’re talking to. Share screenshots if necessary. Having a second pair of eyes can save you. 

  1. Be Cautious About Wi-Fi

Don’t send sensitive messages, share banking info, or access dating apps over public Wi-Fi. Use a VPN like McAfee Secure VPN if you must connect while on the go. 

  1. Know When to Walk Away

Romantic attention can feel flattering—especially if you’re traveling solo. But don’t confuse flattery with trust. If someone’s pushing boundaries, bail. 

What to Do If You Think You’re Being Scammed

If your gut’s screaming “scam,” don’t ignore it. Cut contact immediately. Don’t argue, don’t explain. Just block and move on. 

Report them to the platform.
Whether it’s a dating app or social media site, reporting helps stop them from targeting others. 

Tell your bank if you sent money.
They may be able to freeze a transaction or help with fraud recovery. 

Talk to someone.
Shame is what scammers count on. Speak up. You are not alone, and you are not stupid. 

Final Thoughts: Love Doesn’t Ask for Your Bank Details

Look, summer romance can be amazing. I’m not here to kill the vibe. But don’t confuse intensity for intimacy, especially when someone is operating behind a screen. If you’re lucky, your summer fling ends with a postcard and a good story. If you’re not careful, it could end with an empty bank account, a broken heart, and a bruised ego. 

Be bold. Be open. But above all be smart. McAfee’s Scam Detector, can help in the fight against scammers. Our scam detector catches suspicious text messages so you can reply with confidence.  We’ll filter out risky emails and phishing attempts so your inbox stays secure. With our leading, cutting-edge protection, we’ll spots deepfake videos so you can stay ahead of misinformation. Love doesn’t need to be transactional. And real connections don’t pressure, isolate, or guilt-trip. This summer, protect your heart like your passport: with care, vigilance, and just the right amount of suspicion. 

 

The post Love, Lies, and Long Flights: How to Avoid Romance Scams While Traveling This Summer  appeared first on McAfee Blog.

How to Protect Your Crypto After the Coinbase Breach

By: Jasdev Dhaliwal

In a significant security incident, Coinbase, a leading cryptocurrency trading platform, recently disclosed a data breach impacting nearly 70,000 users. This breach, attributed to “insider wrongdoing,” exposed sensitive personal information. This post details how the breach occurred, what data was compromised, and, most importantly, provides crucial steps you can take to protect yourself from potential follow-on attacks and identity theft.

This comprehensive guide will delve into the specifics of this breach: how the “insider wrongdoing” facilitated the attack, precisely what information was exposed, and the immediate, actionable steps you can take to safeguard your digital assets and personal identity in the wake of this incident.

What Happened in the Coinbase Breach?

According to a filing with the Office of the Maine Attorney General, which mandates public disclosure for such incidents, a total of 69,461 individuals were affected by this breach. The incident itself occurred on December 26, 2024, though the first signs of the compromise were only detected on May 11, 2025. This timeline is not uncommon for data breaches, as it can often take months for criminal activity to be fully uncovered.

Coinbase’s official statement details the progression of the breach:

Criminals targeted our customer support agents overseas. They used cash offers to convince a small group of insiders to copy data in our customer support tools for less than 1% of Coinbase monthly transacting users. Their aim was to gather a customer list they could contact while pretending to be Coinbase—tricking people into handing over their crypto. They then tried to extort Coinbase for $20 million to cover this up.

In a firm stance against such criminal activity, Coinbase has publicly refused to pay the ransom. Instead, the company has established a substantial $20 million reward fund, offering it for information that leads to the arrest and conviction of the attackers responsible.

What Information Was Stolen in the Coinbase Data Breach?

The attackers gained access to a range of sensitive user data. According to Coinbase, the compromised information includes:

Personal Identifiers: Names, physical addresses, phone numbers, and email addresses.
• Financial Data (Masked): Masked Social Security numbers (last 4 digits only) and masked bank account numbers, along with some bank account identifiers.
Identity Documents: Images of government-issued IDs (e.g., driver’s licenses, passports).
Account Activity: Snapshots of account balances and transaction history.
Limited Corporate Data: Documents, training materials, and communications accessible to support agents.

Crucially, Coinbase has confirmed that the attackers did not gain access to the following critical elements:

• Login credentials or two-factor authentication (2FA) codes.
• Private keys associated with user wallets.
• Any direct ability to move or access customer funds.
• Access to “Coinbase Prime” accounts.
• Access to any Coinbase or Coinbase customer hot or cold wallets.

What is Coinbase Doing About the Breach of Customer Information?

To summarize the company’s own words, they’re “protecting their customers and standing up to extortionists” by taking several steps. Highlights of their response include:

• Affected Account Holder Notifications: Email notifications were dispatched to all affected account holders on May 15, 2025. Furthermore, “flagged accounts now require additional ID checks on large withdrawals and include mandatory scam-awareness prompts.”
• Enhanced Defenses: The company is significantly increasing its investment in insider-threat detection and automated response systems. They are also “simulating similar security threats to find failure points in any internal system.”
• Securing Support Operations: Coinbase plans to open a new support hub within the U.S. and implement “stronger security controls and monitoring across all locations.”

Additionally, Coinbase is actively collaborating with law enforcement agencies and intends to pursue criminal charges against the insiders involved, who were reportedly terminated immediately upon discovery of their involvement.

What Will Scammers Do With the Stolen Coinbase Information?

For one, the people holding the stolen data apparently attempted to extort the company—a ransom that the company says it will not pay, as covered above. With that, there’s the possibility the people involved might turn to other buyers or release the info on the dark web, whether for sale or for free.
As with any breach, expect follow-on scams in the wake of this breach, as a potential wave of scammers might pose as Coinbase employees. Some might use the stolen info to make the scam sound more credible, some might not. Regardless, this attack calls for extra vigilance on the part of Coinbase users and crypto holders in general.
Coinbase offered specific guidance for its users, which we’ll add to—all so Coinbase users and crypto traders in general can stay safer.

Coinbase suggests:

Turn on withdrawal allow listing —Only permit transfers to wallets that you are confident you fully control and where the seed phrase is secure and was not provided to you or shared with anyone.
Enable strong two-factor authentication —Hardware keys are best.
Hang up on imposters —Coinbase will never ask for your password, 2FA codes, or to move funds to a “safe” wallet.
Lock first, ask later —If something feels off, lock your account in-app and email security@coinbase.com.

McAfee’s Essential Safeguards

Beyond Coinbase’s advice, McAfee offers robust solutions to further protect yourself:

Protect yourself from scammers

McAfee Scam Detector: Our advanced Scam Detector technology is designed to identify and block scams across text messages, emails, and videos. This is particularly crucial after a breach, as scammers might send bogus “account alerts” with links to phishing sites. Scam Detector automatically detects these threats and blocks risky links, even if you accidentally click them.

Reduce Your Digital Footprint: Limit the amount of personal information available to scammers. The more details they have about you, the more credible their phishing attempts can appear.

McAfee Personal Data Cleanup: Many scammers gather information from data broker sites. Our Personal Data Cleanup service scans the riskiest data broker sites, identifies where your personal information is being sold, and, depending on your McAfee+ plan, can help you remove it.

McAfee Social Privacy Manager: Social media platforms are notorious for being a source of personal information for scammers. McAfee Social Privacy Manager allows you to adjust over 100 privacy settings across your social media accounts in just a few clicks, significantly enhancing your online privacy.

These features are all included in our comprehensive McAfee+ plans.

How to Protect Yourself from Identity Theft

Follow-on attacks after data breaches often involve identity theft. With pieces of personal info that they can puzzle together, thieves then try to open new accounts, lines of credit, and so forth in someone else’s name. Protection like the following, also included in our McAfee+ plans, can keep you safer.

Transaction Monitoring and Credit Monitoring help you spot any questionable financial activity quickly. Meanwhile, Security Freeze can prevent unauthorized access to existing credit card, bank, and utility accounts or from new ones being opened in your name.

And if identity theft unfortunately happens to you, up to $2 million in ID theft coverage & restoration can help you recover quickly.

Additionally, Identity Monitoring scans the dark web for your personal info, including email, government IDs, credit card and bank account numbers, and more. It helps keep your personal info safe, with early alerts if your data is found on the dark web, an average of 10 months ahead of similar services.

The Coinbase data breach serves as a stark reminder of the persistent threats in the digital world. While Coinbase is taking steps to address the breach, proactive personal security measures are paramount. By implementing the recommendations from both Coinbase and McAfee, you can significantly reduce your risk of falling victim to scams and identity theft. Stay vigilant, secure your accounts, and protect your digital life.

The post How to Protect Your Crypto After the Coinbase Breach appeared first on McAfee Blog.

How to Delete Your Data from 23andMe and Protect Your Privacy

By: Jasdev Dhaliwal

The collapse of genetic testing giant 23andMe has raised serious privacy concerns for millions of people who shared their DNA with the company. Once valued at $6 billion, the company has filed for bankruptcy and is now selling off assets—including, potentially, your genetic data. 

If you’ve ever used 23andMe to explore your ancestry or health traits, now is the time to take action.  

Here’s what’s going on, what it means for your data, how to delete your account, and steps you can take to better protect your online privacy going forward. 

What’s Going On at 23andMe? 

23andMe, once a pioneer in at-home genetic testing, has fallen into financial distress after a series of challenges, including a massive data breach in 2023 that exposed personal information of nearly 7 million users, according to TechCrunch. The company’s value plummeted by more than 99%, leading to mass board resignations and a March 2024 bankruptcy filing. 

Now, as 23andMe prepares to sell off its assets under court supervision, its massive database of customer DNA—reportedly from more than 15 million users—is on the table. Despite the company’s assurances that its privacy policy remains in effect, experts and privacy advocates warn that your sensitive genetic data could end up in the hands of third parties, including pharmaceutical companies or even law enforcement agencies. 

Is My Privacy at Risk? 

If you used 23andMe, yes.  

Genetic data is some of the most personal information you can share. It can reveal details about your ancestry, health risks, and even family secrets. With 23andMe not covered by HIPAA (the federal health privacy law), your DNA data isn’t protected the way medical records at a doctor’s office would be, The Harvard Gazette reports. 

Although 23andMe claims it won’t share individual-level data without consent, it does reserve the right to sell or transfer personal information as part of a bankruptcy or acquisition. That means your data could be bought by another company—one with different privacy practices or intentions. 

California residents, in particular, have the legal right to delete their data under the Genetic Information Privacy Act (GIPA) and the California Consumer Privacy Act (CCPA).  

How to Delete Your 23andMe Data 

If you’re ready to take action, here’s how to delete your genetic data and revoke research permissions through your 23andMe account: 

To Delete Your Account and Genetic Data: 

  1. Log in to your 23andMe account. 
  2. Go to Settings. 
  3. Scroll down to 23andMe Data and click View. 
  4. (Optional) Download your data if you want to keep a copy. 
  5. Scroll to the Delete Data section. 
  6. Click Permanently Delete Data. 
  7. Confirm via the email link you’ll receive. 

To Destroy Your Saliva Sample: 

  1. Go to Settings. 
  2. Navigate to Preferences. 
  3. Select the option to destroy your stored biological sample. 

To Revoke Research Consent: 

  1. Go to Settings. 
  2. Navigate to Research and Product Consents. 
  3. Withdraw your consent for data sharing. 

McAfee’s Tips for Protecting Your Online Privacy 

Your DNA isn’t the only personal data at risk. From email addresses and home addresses to phone numbers and even shopping habits, data brokers are collecting and selling your information online—often without your knowledge or consent. 

That’s why it’s critical to take control of your digital footprint. All McAfee+ plans provide the ability to scan the web for details of your personal information. McAfee’s Online Account Cleanup scans for accounts you no longer use and helps you delete them, along with your personal info. McAfee’s Personal Data Cleanup, takes this a step further, by scanning data broker sites for your personal information, and requesting the removal of you details from those sites. 

Combined, these tools can give you back control over your privacy. All our McAfee+ plans include scans to find your accounts and direct you on how to remove your data.  

Bottom Line: If you’ve ever used 23andMe, your genetic data could be at risk of being transferred or sold. Take action now by deleting your account and revoking permissions. And to keep the rest of your personal data protected, use tools like McAfee+ to keep your personal data safe online. 

 

The post How to Delete Your Data from 23andMe and Protect Your Privacy appeared first on McAfee Blog.

How to Recognize an Online Scammer

By: Jasdev Dhaliwal

Online scams are evolving faster than ever, with cybercriminals using AI, deepfake technology, and social engineering to trick unsuspecting users.

In the past year, Americans have been targeted by an average of 14 scam messages per day, and deepfake scams have surged 1,740% in North America, according to McAfee’s State of the Scamiverse report. 

These scams go beyond simple phishing emails—scammers now impersonate trusted companies, friends, and even loved ones, making it critical to recognize the warning signs before falling victim.

Here’s how you can spot an online scam and protect yourself: 

  

5 tips to help you recognize an online scam

Scams are scary, but you can prevent yourself from falling for one by knowing what to look for. Here are a few tell-tale signs that you’re dealing with a scammer.  

They say you’ve won a huge prize

If you get a message that you’ve won a big sum of cash in a sweepstakes you don’t remember entering, it’s a scam. Scammers may tell you that all you need to do to claim your prize is send them a small fee or give them your banking information.  

When you enter a real sweepstakes or lottery, it’s generally up to you to contact the organizer to claim your prize. Sweepstakes aren’t likely to chase you down to give you money.  

They want you to pay in a certain way

Scammers will often ask you to pay them using gift cards, money orders, cryptocurrency (like Bitcoin), or through a particular money transfer service. Scammers need payments in forms that don’t give consumers protection.  

Gift card payments, for example, are typically not reversible and hard to trace. Legitimate organizations will rarely, if ever, ask you to pay using a specific method, especially gift cards 

When you have to make online payments, it’s a good idea to use a secure service like PayPal. Secure payment systems can have features to keep you safe, like end-to-end encryption.  

They say it’s an emergency

Scammers may try to make you panic by saying you owe money to a government agency and you need to pay them immediately to avoid being arrested. Or the criminal might try to tug at your heartstrings by pretending to be a family member in danger who needs money.  

Criminals want you to pay them or give them your information quickly — before you have a chance to think about it. If someone tries to tell you to pay them immediately in a text message, phone call, or email, they’re likely a scammer 

They say they’re from a government organization or company

Many scammers pretend to be part of government organizations like the Internal Revenue Service (IRS). They’ll claim you owe them money. Criminals can even use technology to make their phone numbers appear legitimate on your caller ID.  

If someone claiming to be part of a government organization contacts you, go to that organization’s official site and find an official support number or email. Contact them to verify the information in the initial message.  

Scammers may also pretend to be businesses, like your utility company. They’ll likely say something to scare you, like your gas will be turned off if you don’t pay them right away. 

The email is littered with grammatical errors

Most legitimate organizations will thoroughly proofread any copy or information they send to consumers. Professional emails are well-written, clear, and error-free. On the other hand, scam emails will likely be full of grammar, spelling, and punctuation errors.  

It might surprise you to know that scammers write sloppy emails on purpose. The idea is that if the reader is attentive enough to spot the grammatical mistakes, they likely won’t fall for the scam 

8 most common online scams to watch out for

There are certain scams that criminals try repeatedly because they’ve worked on so many people. Here are a few of the most common scams you should watch out for.  

Phishing scams

A phishing scam can be a phone or email scam. The criminal sends a message in which they pretend to represent an organization you know. It directs you to a fraud website that collects your sensitive information, like your passwords, Social Security number (SSN), and bank account data. Once the scammer has your personal information, they can use it for personal gain.  

Phishing emails may try anything to get you to click on their fake link. They might claim to be your bank and ask you to log into your account to verify some suspicious activity. Or they could pretend to be a sweepstakes and say you need to fill out a form to claim a large reward.  

During the coronavirus pandemic, new phishing scams have emerged, with scammers claiming to be part of various charities and nonprofits. Sites like Charity Navigator can help you discern real groups from fake ones.  

Travel insurance scams

These scams also became much more prominent during the pandemic. Let’s say you’re preparing to fly to Paris with your family. A scammer sends you a message offering you an insurance policy on any travel plans you might be making. They’ll claim the policy will compensate you if your travel plans fall through for any reason without any extra charges.  

You think it might be a good idea to purchase this type of insurance. Right before leaving for your trip, you have to cancel your plans. You go to collect your insurance money only to realize the insurance company doesn’t exist.  

Real travel insurance from a licensed business generally won’t cover foreseeable events (like travel advisories, government turmoil, or pandemics) unless you buy a Cancel for Any Reason (CFAR) addendum for your policy.  

Grandparent scams

Grandparent scams prey on your instinct to protect your family. The scammer will call or send an email pretending to be a family member in some sort of emergency who needs you to wire them money. The scammer may beg you to act right away and avoid sharing their situation with any other family members. 

For example, the scammer might call and say they’re your grandchild who’s been arrested in Mexico and needs money to pay bail. They’ll say they’re in danger and need you to send funds now to save them.  

If you get a call or an email from an alleged family member requesting money, take the time to make sure they’re actually who they say they are. Never wire transfer money right away or over the phone. Ask them a question that only the family member would know and verify their story with the rest of your family.  

Advance fee scam

You get an email from a prince. They’ve recently inherited a huge fortune from a member of their royal family. Now, the prince needs to keep their money in an American bank account to keep it safe. If you let them store their money in your bank account, you’ll be handsomely rewarded. You just need to send them a small fee to get the money.  

There are several versions of this scam, but the prince iteration is a pretty common one. If you get these types of emails, don’t respond or give out your financial information.  

Tech support scams

Your online experience is rudely interrupted when a pop-up appears telling you there’s a huge virus on your computer. You need to “act fast” and contact the support phone number on the screen. If you don’t, all of your important data will be erased.  

When you call the number, a fake tech support worker asks you for remote access to your device to “fix” the problem. If you give the scammer access to your device, they may steal your personal and financial information or install malware. Worse yet, they’ll probably charge you for it.  

These scams can be pretty elaborate. A scam pop-up may even appear to be from a reputable software company. If you see this type of pop-up, don’t respond to it. Instead, try restarting or turning off your device. If the device doesn’t start back up, search for the support number for the device manufacturer and contact them directly.  

Formjacking and retail scams

Scammers will often pose as popular e-commerce companies by creating fake websites. The fake webpages might offer huge deals on social media. They’ll also likely have a URL close to the real business’s URL but slightly different. 

Sometimes, a criminal is skilled enough to hack the website of a large online retailer. When a scammer infiltrates a retailer’s website, they can redirect where the links on that site lead. This is called formjacking.  

For example, you might go to an e-commerce store to buy a jacket. You find the jacket and put it in your online shopping cart. You click “check out,” and you’re taken to a form that collects your credit card information. What you don’t know is that the checkout form is fake. Your credit card number is going directly to the scammers 

Whenever you’re redirected from a website to make a payment or enter in information, always check the URL. If the form is legitimate, it will have the same URL as the site you were on. A fake form will have a URL that’s close to but not exactly the same as the original site. 

Scareware scams (fake antivirus)

These scams are similar to tech support scams. However, instead of urging you to speak directly with a fake tech support person, their goal is to get you to download a fake antivirus software product (scareware).  

You’ll see a pop-up that says your computer has a virus, malware, or some other problem. The only way to get rid of the problem is to install the security software the pop-up links to. You think you’re downloading antivirus software that will save your computer.  

What you’re actually downloading is malicious software. There are several types of malware. The program might be ransomware that locks up your information until you pay the scammers or spyware that tracks your online activity.  

To avoid this scam, never download antivirus software from a pop-up. You’ll be much better off visiting the website of a reputable company, like McAfee, to download antivirus software 

Credit repair scams

Dealing with credit card debt can be extremely stressful. Scammers know this and try to capitalize off it. They’ll send emails posing as credit experts and tell you they can help you fix your credit or relieve some of your debt. They might even claim they can hide harmful details on your credit report. 

All you have to do is pay a small fee. Of course, after you pay the fee, the “credit expert” disappears without helping you out with your credit at all. Generally, legitimate debt settlement firms won’t charge you upfront. If a credit relief company charges you a fee upfront, that’s a red flag.  

Before you enter into an agreement with any credit service, check out their reputation. Do an online search on the company to see what you can find. If there’s nothing about the credit repair company online, it’s probably fake.  

What can you do if you get scammed online?

Admitting that you’ve fallen for an online scam can be embarrassing. But reporting a scammer can help stop them from taking advantage of anyone else. If you’ve been the victim of an online scam, try contacting your local police department and filing a report with the Federal Trade Commission (FTC).  

Several other law enforcement organizations handle different types of fraud. Here are a few examples of institutions that can help you report scams 

Discover how McAfee can keep you and your info safe online

Fraudsters shouldn’t stop you from enjoying your time online. Just by learning to spot an online scam, you can greatly strengthen your immunity to cybercrimes 

For an even greater internet experience, you’ll want the right tools to protect yourself online. McAfee+ can help you confidently surf the web by providing all-in-one protection for your personal info and privacy. This includes identity protection — which comes with 24/7 monitoring of your email addresses and bank accounts — and antivirus software to help safeguard your internet connection.  

Get the peace of mind that comes with McAfee having your back. 

The post How to Recognize an Online Scammer appeared first on McAfee Blog.

How to Protect Yourself from March Madness Scams

By: McAfee

It’s the month of top seeds, big upsets, and Cinderella runs by the underdogs. With March Madness basketball cranking up, a fair share of online betting will be sure to follow—along with online betting scams. 

Since a U.S. Supreme Court ruling in 2018, individual states can determine their own laws for sports betting. Soon after, states leaped at the opportunity to legalize it in some form or other. Today, nearly 40 states and the District of Columbia have “live and legal” sports betting, meaning that people can bet on single-game sports through a retail or online sportsbook or a combination of the two in their state. 

And it has made billions of dollars for the government.

If you’re a sports fan, this news has probably been hard to miss. Or at least the outcome of it all has been hard to miss. Commercials and signage in and around games promote several major online betting platforms. Ads have naturally made their way online too, complete with all kinds of promo offers to encourage people to get in on the action. However, that’s also opened the door for scammers who’re looking to take advantage of people looking to make a bet online, according to the Better Business Bureau (BBB). Often through shady or outright phony betting sites. 

Let’s take a look at the online sports betting landscape, some of the scams that are cropping up, and some things you can do to make a safer bet this March or any time.  

Can I bet on sports in my state, and how? 

Among the 30 states that have “live and legal” sports betting, 19 offer online betting, a number that will likely grow given various state legislation that’s either been introduced or will be introduced soon. 

If you’re curious about what’s available in your state, this interactive map shows the status of sports betting on a state-by-state level. Further, clicking on an individual state on the map will give you yet more specifics, such as the names of retail sportsbooks and online betting services that are legal in the state. For anyone looking to place a bet, this is a good place to start. It’s also helpful for people who are looking to get into online sports betting for the first time, as this is the sort of homework that the BBB advises people to do before placing a sports bet online. In their words, you can consider these sportsbooks to be “white-labeled” by your state’s gaming commission.

 

However, the BBB stresses that people should be aware that the terms and conditions associated with online sports betting will vary from service to service, as will the promotions that they offer. The BBB accordingly advises people to closely read these terms, conditions and offers. For one, “Gambling companies can restrict a user’s activity,” meaning that they can freeze accounts and the funds associated with them based on their terms and conditions. Also, the BBB cautions people about those promo offers that are often heavily advertised, “[L]ike any sales pitch, these can be deceptive. Be sure to read the fine print carefully.” 

Scammers and online betting 

Where do scammers enter the mix? The BBB points to the rise of consumer complaints around bogus betting sites: 

“You place a bet, and, at first, everything seems normal. But as soon as you try to cash out your winnings, you find you can’t withdraw a cent. Scammers will make up various excuses. For example, they may claim technical issues or insist on additional identity verification. In other cases, they may require you to deposit even more money before you can withdraw your winnings. Whatever you do, you’ll never be able to get your money off the site. And any personal information you shared is now in the hands of scam artists.” 

If there’s a good reason you should stick to the “white labeled” sites that are approved by your state’s gaming commission, this is it. Take a pass on any online ads that promote betting sites, particularly if they roll out big and almost too-good-to-be-true offers. These may lead you to shady or bogus sites. Instead, visit the ones that are approved in your state by typing in their address directly into your browser. 

Ready to place your bet? Keep these things in mind. 

In addition to what we mentioned above, there are several other things you can do to make your betting safer. 

1) Check the rep of the service.

In addition to choosing a state-approved option, check out the organization’s BBB listing at BBB.org. Here you can get a snapshot of customer ratings, complaints registered against the organization, and the organization’s response to the complaints, along with its BBB rating, if it has one. Doing a little reading here can be enlightening, giving you a sense of what issues arise and how the organization has historically addressed them. For example, you may see a common complaint and how it’s commonly resolved. You may also see where the organization has simply chosen not to respond, all of which can shape your decision whether to bet with them or not. 

2) Use a secure payment method other than your debit card.

Credit cards are a good way to go. One reason why is the Fair Credit Billing Act, which offers protection against fraudulent charges on credit cards by giving you the right to dispute charges over $50 for goods and services that were never delivered or otherwise billed incorrectly. Your credit card companies may have their own policies that improve upon the Fair Credit Billing Act as well. Debit cards don’t get the same protection under the Act. 

3) Get online protection.

Comprehensive online protection software will defend you against the latest virus, malware, spyware, and ransomware attacks plus further protect your privacy and identity. In addition to this, it can also provide strong password protection by generating and automatically storing complex passwords to keep your credentials safer from hackers and crooks who may try to force their way into your accounts. And, specific to betting sites, online protection can help prevent you from clicking links to known or suspected malicious sites. 

Make the safe(r) bet 

With online betting cropping up in more and more states for more and more people, awareness of how it works and how scammers have set up their presence within it becomes increasingly important. Research is key, such as knowing who the state-approved sportsbooks and services are, what types of betting are allowed, and where. By sticking to these white-label offerings and reading the fine print in terms, conditions, and promo offers, people can make online betting safer and more enjoyable. 

Editor’s Note: If gambling is a problem for you or someone you know, you can seek assistance from a qualified service or professional. Several states have their own helplines, and nationally you can reach out to resources like http://www.gamblersanonymous.org/ or https://www.ncpgambling.org/help-treatment/

The post How to Protect Yourself from March Madness Scams appeared first on McAfee Blog.

How to Spot a Crypto Scam: The Top Red Flags to Watch For

By: Jasdev Dhaliwal

Cryptocurrency offers exciting opportunities—but it’s also a favorite playground for scammers.  

With the rapid rise of deepfake technology and deceptive AI-driven schemes, even seasoned investors can fall victim to fraud. According to McAfee’s State of the Scamiverse report, deepfake scams are on the rise, with the average American now encountering 2.6 deepfake videos daily. And younger adults (18-24) see even more – about 3.5 per day. 

From fake investment opportunities to phishing attempts, bad actors are more sophisticated than ever.  

The recent wave of Trump-themed meme coins—more than 700 copycats attempting to mimic the real thing—highlights just how rampant crypto scams have become. If even the president’s cryptocurrency isn’t safe from impersonators, how can everyday investors protect themselves? 

By knowing the red flags, you can safeguard your money and personal data from crypto scammers. 

Five Red Flags That Signal a Crypto Scam 

1) Too-Good-To-Be-True Promises

Scammers often lure victims with guaranteed returns or impossibly high profits. If an investment promises “risk-free” earnings or sounds like a financial miracle, run the other way—legitimate investments always carry some level of risk. 

Example: A Ponzi scheme disguised as a crypto investment fund may claim to offer “10% daily profits” or “instant payouts.” In reality, they use new investors’ money to pay early participants—until the scam collapses.

2) Celebrity Endorsements That Don’t Add Up

Fraudsters frequently impersonate public figures—from Elon Musk to Donald Trump—to promote fake coins or crypto investments. The explosion of Trump-themed meme coins shows how easily scammers exploit famous names. Even if a project appears linked to a well-known figure, verify through official channels. 

Example: A deepfake video featuring a celebrity “endorsing” a new crypto token. McAfee’s research found that nearly 3 deepfake videos per day are encountered by the average American, many of them tied to scams. 

3) Fake Exchanges & Wallets

Scammers often set up fraudulent crypto exchanges or wallet apps that look legitimate but are designed to steal your money. They might advertise low fees, special bonuses, or exclusive access to new coins. 

How to Protect Yourself: 

✔ Always use well-established exchanges with a proven track record. 

✔ Look for HTTPS encryption and verify the URL carefully. 

✔ Research if the platform is licensed and regulated.

4) Pressure to Act Fast

Scammers thrive on urgency. They’ll push you to act immediately before you have time to think critically. Whether it’s a limited-time pre-sale or a “secret investment opportunity,” don’t let fear of missing out (FOMO) cloud your judgment. 

Example: “Only 10 spots left! Invest now before prices skyrocket!”—Classic scam tactics designed to trigger impulsive decisions.

5) Requests for Upfront Payments or Private Keys

No legitimate crypto project will ever ask for: 

  • Your private keys or wallet seed phrase. 
  • An upfront fee before you can “withdraw” funds. 
  • Payment via gift cards or wire transfers. 

Example: A fake customer support email pretending to be from Coinbase, asking you to confirm your wallet password—this is a phishing attempt! 

How to Stay Safe from Crypto Scams 

✅Do Your Research: Always Google the project’s name + “scam” before investing. 

✅Check Regulatory Status: See if the platform is licensed (DFPI, SEC, or other regulators). 

✅Verify Official Websites & Socials: Scammers create lookalike websites with small typos—double-check URLs! 

✅Use Cold Storage: Store your assets in a hardware wallet to protect against hacks. 

✅Use tools like McAfee+To monitor for potential scams and get warnings for potential deepfakes and other scam red flags. 

Crypto offers incredible potential—but with great opportunity comes risk. Scammers are always evolving, using deepfake videos, phishing, and fraudulent investment schemes to trick even the savviest investors. By staying informed and following basic security practices, you can avoid getting caught in the next big crypto scam.

The post How to Spot a Crypto Scam: The Top Red Flags to Watch For appeared first on McAfee Blog.

How Data Brokers Sell Your Identity

By: Jasdev Dhaliwal

Data Privacy Week is here, and there’s no better time to shine a spotlight on one of the biggest players in the personal information economy: data brokers. These entities collect, buy, and sell hundreds—sometimes thousands—of data points on individuals like you. But how do they manage to gather so much information, and for what purpose? From your browsing habits and purchase history to your location data and even more intimate details, these digital middlemen piece together surprisingly comprehensive profiles. The real question is: where are they getting it all, and why is your personal data so valuable to them? Let’s unravel the mystery behind the data broker industry.

What are data brokers?

Data brokers aggregate user info from various sources on the internet. They collect, collate, package, and sometimes even analyze this data to create a holistic and coherent version of you online. This data then gets put up for sale to nearly anyone who’ll buy it. That can include marketers, private investigators, tech companies, and sometimes law enforcement as well. They’ll also sell to spammers and scammers. (Those bad actors need to get your contact info from somewhere — data brokers are one way to get that and more.)

And that list of potential buyers goes on, which includes but isn’t limited to:

  • Tech platforms
  • Banks
  • Insurance companies
  • Political consultancies
  • Marketing firms
  • Retailers
  • Crime-fighting bureaus
  • Investigation bureaus
  • Video streaming service providers
  • Any other businesses involved in sales

These companies and social media platforms use your data to better understand target demographics and the content with which they interact. While the practice isn’t unethical in and of itself (personalizing user experiences and creating more convenient UIs are usually cited as the primary reasons for it), it does make your data vulnerable to malicious attacks targeted toward big-tech servers.

How do data brokers get your information?

Most of your online activities are related. Devices like your phone, laptop, tablets, and even fitness watches are linked to each other. Moreover, you might use one email ID for various accounts and subscriptions. This online interconnectedness makes it easier for data brokers to create a cohesive user profile.

Mobile phone apps are the most common way for data brokerage firms to collect your data. You might have countless apps for various purposes, such as financial transactions, health and fitness, or social media.

A number of these apps usually fall under the umbrella of the same or subsidiary family of apps, all of which work toward collecting and supplying data to big tech platforms. Programs like Google’s AdSense make it easier for developers to monetize their apps in exchange for the user information they collect.

Data brokers also collect data points like your home address, full name, phone number, and date of birth. They have automated scraping tools to quickly collect relevant information from public records (think sales of real estate, marriages, divorces, voter registration, and so on).

Lastly, data brokers can gather data from other third parties that track your cookies or even place trackers or cookies on your browsers. Cookies are small data files that track your online activities when visiting different websites. They track your IP address and browsing history, which third parties can exploit. Cookies are also the reason you see personalized ads and products.

How data brokers sell your identity

Data brokers collate your private information into one package and sell it to “people search” websites. As mentioned above, practically anyone can access these websites and purchase extensive consumer data, for groups of people and individuals alike.

Next, marketing and sales firms are some of data brokers’ biggest clients. These companies purchase massive data sets from data brokers to research your data profile. They have advanced algorithms to segregate users into various consumer groups and target you specifically. Their predictive algorithms can suggest personalized ads and products to generate higher lead generation and conversation percentages for their clients.

Are data brokers legal?

We tend to accept the terms and conditions that various apps ask us to accept without thinking twice or reading the fine print. You probably cannot proceed without letting the app track certain data or giving your personal information. To a certain extent, we trade some of our privacy for convenience. This becomes public information, and apps and data brokers collect, track, and use our data however they please while still complying with the law.

There is no comprehensive privacy law in the U.S. on a federal level. This allows data brokers to collect personal information and condense it into marketing insights. While not all methods of gathering private data are legal, it is difficult to track the activities of data brokers online (especially on the dark web). As technology advances, there are also easier ways to harvest and exploit data.

As of March 2024, 15 states in the U.S. have data privacy laws in place. That includes California, Virginia, Connecticut, Colorado, Utah, Iowa, Indiana, Tennessee, Oregon, Montana, Texas, Delaware, Florida, New Jersey, and New Hampshire.[i] The laws vary by state, yet generally, they grant rights to individuals around the collection, use, and disclosure of their personal data by businesses.

However, these laws make exceptions for certain types of data and certain types of collectors. In short, these laws aren’t absolute.

Can you remove yourself from data broker websites?

Some data brokers let you remove your information from their websites. There are also extensive guides available online that list the method by which you can opt-out of some of the biggest data brokering firms. For example, a guide by Griffin Boyce, the systems administrator at Harvard University’s Berkman Klein Center for Internet and Society, provides detailed information on how to opt-out of a long list of data broker companies.

Yet the list of data brokers is long. Cleaning up your personal data online can quickly eat up your time, as it requires you to reach out to multiple data brokers and opt-out.

Rather than removing yourself one by one from the host of data broker sites out there, you have a solid option: our Personal Data Cleanup.

Personal Data Cleanup scans data broker sites and shows you which ones are selling your personal info. It also provides guidance on how you can remove your data from those sites. And if you want to save time on manually removing that info, you have options. Our McAfee+ Advanced and Ultimate plans come with full-service Personal Data Cleanup, which sends requests to remove your data automatically.

If the thought of your personal info getting bought and sold in such a public way bothers you, our Personal Data Cleanup can put you back in charge of it.

[i] https://pro.bloomberglaw.com/insights/privacy/state-privacy-legislation-tracker/

 

The post How Data Brokers Sell Your Identity appeared first on McAfee Blog.

What Personal Data Do Companies Track?

By: Jasdev Dhaliwal

Private tech companies gather tremendous amounts of user data. These companies can afford to let you use social media platforms free of charge because it’s paid for by your data, attention, and time.

Big tech derives most of its profits by selling your attention to advertisers — a well-known business model. Various documentaries (like Netflix’s “The Social Dilemma”) have tried to get to the bottom of the complex algorithms that big tech companies employ to mine and analyze user data for the benefit of third-party advertisers.

What info can companies collect?

Tech companies benefit from personal info by being able to provide personalized ads. When you click “yes” at the end of a terms and conditions agreement found on some web pages, you might be allowing the companies to collect the following data:

  • Personal data. This includes identity-related info like your name, gender, Social Security number, and device-related info like IP address, web browser cookies, and device IDs. Personal data is usually collected to classify users into different demographics based on certain parameters. This helps advertisers analyze what sections of the audience interact with their ads and what they can do to cater to their target audience.
  • Usage data. Your interactions with a business’s website, text messages, emails, paid ads, and other online activities are recorded to build an accurate consumer profile. This consumer profile is used to determine and predict what kind of content (including ads) you’re more likely to interact with and for how long.
  • Behavioral data. Purchase histories, repeated actions, time spent, movement, and navigation on the platform, and other types of qualitative data are covered under behavioral data. This helps platforms determine your “favorite” purchases or interactions so they can suggest other similar content/products.
  • Attitudinal data. Companies measure brand and customer experiences using data on consumer satisfaction, product desirability, and purchase decisions. Marketing agencies use this data for direct consumer research and creative analysis.

For someone unfamiliar with privacy issues, it is important to understand the extent of big tech’s tracking and data collection. After these companies collect data, all this info can be supplied to third-party businesses or used to improve user experience.

The problem with this is that big tech has blurred the line between collecting customer data and violating user privacy in some cases. While tracking what content you interact with can be justified under the garb of personalizing the content you see, big tech platforms have been known to go too far. Prominent social networks like Facebook and LinkedIn have faced legal trouble for accessing personal user data like private messages and saved photos.

How do companies use the info you provide?

The info you provide helps build an accurate character profile and turns it into knowledge that gives actionable insights to businesses. Private data usage can be classified into three cases: selling it to data brokers, using it to improve marketing, or enhancing customer experience.

To sell your info to data brokers

Along with big data, another industry has seen rapid growth: data brokers. Data brokers buy, analyze, and package your data. Companies that collect large amounts of data on their users stand to profit from this service. Selling data to brokers is an important revenue stream for big tech companies.

Advertisers and businesses benefit from increased info on their consumers, creating a high demand for your info. The problem here is that companies like Facebook and Alphabet (Google’s parent company) have been known to mine massive amounts of user data for the sake of their advertisers.

To personalize marketing efforts

Marketing can be highly personalized thanks to the availability of large amounts of consumer data. Tracking your response to marketing campaigns can help businesses alter or improve certain aspects of their campaign to drive better results.

The problem is that most AI-based algorithms are incapable of assessing when they should stop collecting or using your info. After a point, users run the risk of being constantly subjected to intrusive ads and other unconsented marketing campaigns that pop up frequently.

To cater to the customer experience

Analyzing consumer behavior through reviews, feedback, and recommendations can help improve customer experience. Businesses have access to various facets of data that can be analyzed to show them how to meet consumer demands. This might help improve any part of a consumer’s interaction with the company, from designing special offers and discounts to improving customer relationships.

For most social media platforms, the goal is to curate a personalized feed that appeals to users and allows them to spend more time on the app. When left unmonitored, the powerful algorithms behind these social media platforms can repeatedly subject you to the same kind of content from different creators.

Which companies track the most info?

Here are the big tech companies that collect and mine the most user data.

  • Google is the most avid big tech data miner currently on the internet because the search engine deals almost exclusively with user data. Google tracks and analyzes everything from your Gmail and calling history (for VoLTE calls) to your Chrome browsing preferences through third-party cookies.
  • Meta’s Facebook collects phone numbers, personal messages, public comments, and metadata from all your photos and videos. Facebook primarily uses this data to fuel its demographic-based targeted ad mechanisms.
  • Amazon has recently admitted to storing many user data points, including phone numbers, credit card info, usernames, passwords, and even Social Security numbers. Amazon also stores info about your search terms and previously bought products.
  • X (Twitter).Platforms like X employ a “family of apps” technique to gather sensitive user data. While these platforms openly collect and mine user data themselves, they also collect info from app networks that include several other third-party apps. These apps choose to partner with tech giants for better profits.
  • While much better than its competitors, Apple still mines a lot of user data. While Apple’s systems allow users to control their privacy settings, Apple gives all its users’ info to Apple’s iOS-based advertisement channels. The iPhone App Store is another place where user data is exclusively used to create customized user experiences.
  • Microsoft primarily collects device-related data like system configurations, system capabilities, IP addresses, and port numbers. It also harvests your regular search and query data to customize your search options and make for a better user experience.

Discover how McAfee can help protect your identity online. 

Users need a comprehensive data privacy solution to tackle the rampant, large-scale data mining carried out by big tech platforms. While targeted advertisements and easily found items are beneficial, many of these companies collect and mine user data through several channels simultaneously, exploiting them in several ways.

It’s important to ensure your personal info is protected. Protection solutions like McAfee’s Personal Data Cleanup feature can help. It scours the web for traces of your personal info and helps remove it for your online privacy.

McAfee+ provides antivirus software for all your digital devices and a secure VPN connection to avoid exposure to malicious third parties while browsing the internet. Our Identity Monitoring and personal data removal solutions further remove gaps in your devices’ security systems.

With our data protection and custom guidance (complete with a protection score for each platform and tips to keep you safer), you can be sure that your internet identity is protected.

The post What Personal Data Do Companies Track? appeared first on McAfee Blog.

How to Protect Yourself from a Brushing Scam

By: Jasdev Dhaliwal

Brushing scams are a type of online fraud where sellers send unsolicited packages to individuals, even though they never made an order. These deceptive tactics are often used on popular e-commerce platforms such as Amazon and AliExpress. The goal of scammers is to artificially inflate product rankings and create fake reviews, ultimately boosting their sales and visibility. Read on to understand how brushing scams work and what steps you can take to stay safe.

What Is a Brushing Scam?

A brushing scam is a fraudulent practice in which sellers send packages to people without their knowledge or consent. These items are typically cheap and low-quality, such as inexpensive jewelry or random gadgets, and are sent to fake addresses or addresses obtained illegally. Once the item is delivered, the fraudster writes a fake review praising the product, which helps the seller’s rating rise.

Why Is It Called a “Brushing” Scam?

The term “brushing” originates from Chinese e-commerce, where the act of “brushing up” sales numbers involves creating fake orders and sending goods to random individuals. This practice boosts a product’s perceived popularity, tricking other buyers into thinking the product is highly rated, thus increasing its sales.

How Do Brushing Scams Work?

Here’s how a brushing scam typically unfolds:

  • The scammer creates a fake account on an e-commerce platform.
  • They place an order for their own product using an address they’ve obtained illegitimately.
  • A cheap product, such as a low-quality ring or fake electronic device, is sent to the recipient.
  • Once the package arrives, the scammer posts a glowing review under their fake account to make the product appear more legitimate.

These scammers often send products like costume jewelry, seeds, or inexpensive gadgets to inflate their reviews and rankings. If you find an unsolicited package at your door, there’s a high chance it’s part of a brushing scam.

The Risks of Brushing Scams

Personal Data Exposure:

Receiving unsolicited parcels may indicate that your personal information has been compromised. Scammers typically access names and addresses through data breaches or purchase this information from illegal sources. In some cases, they may possess additional sensitive details, opening the door to identity theft.

Account Suspension:

If a fraudster uses your name to write fake reviews, your e-commerce account could be flagged or suspended by the platform while the issue is investigated.

Misleading Consumers:

Fake reviews can mislead you into purchasing low-quality products, especially when inflated ratings and positive comments are posted en masse.

Safety Hazards:

Some items involved in brushing scams, such as cosmetics, could be harmful. Other items, like flower seeds, may pose biosecurity risks or introduce invasive species to your local ecosystem.

Reporting a Brushing Scam

If you’ve received an unexpected package and suspect it’s part of a brushing scam, report it to the online marketplace involved. Platforms typically provide a form for users to submit reports on fraudulent packages. Here’s how to handle it:

  • Log into your account and locate the report section.
  • If the package is not a gift, and the platform has no record of it, it’s likely part of a scam.
  • Fill out the form and submit the details about the package.

You can also report the incident to your local consumer protection agency or, in the case of U.S. residents, to the Federal Trade Commission (FTC).

How to Handle an Amazon Brushing Scam

If the scam occurs on Amazon, follow these steps:

  • Log into your Amazon account.
  • Navigate to the “Report Unsolicited Package” section.
  • Provide the relevant details, such as tracking number and a description of the package.
  • Amazon will investigate, and it may take up to 10 days to receive an update.

It’s important not to consume or use the product, especially if its quality is questionable or if it’s an item like cosmetics or food. Update your passwords for Amazon and any linked accounts and monitor your financial statements for suspicious activity.

Protecting Yourself from Brushing Scams

Here are some steps to prevent falling victim to brushing scams:

  • Secure Your Accounts:
    Update your passwords regularly and enable two-factor authentication for added security.
  • Report Unsolicited Packages:
    If you receive a package you didn’t order, immediately report it to the platform where it came from.
  • Verify Seller Reviews:
    Before buying from a new seller, scrutinize their reviews. Genuine reviews often contain specific details about the product or shipping process, while fake reviews tend to be more generic.
  • Stick to Reputable Sellers:
    Always buy from trusted sellers with long-standing accounts. Inspect their product images carefully to avoid fake or misleading listings.

Why Am I Receiving Unordered Packages from China?

If you receive unexpected items from China or other overseas locations, it could be a sign of a brushing scam, especially if the items appear low-quality or irrelevant.

What Should I Do If I Get an Unknown Package from USPS?

If you receive a package you didn’t order via USPS:

  • Contact USPS immediately.
  • If unopened, mark the package “Return to sender” for free return.
  • If you also receive a phishing email, report it as well.

Brushing scams are a growing concern, but by staying vigilant and taking appropriate steps, you can protect your personal information and avoid falling prey to these deceptive tactics. Always report suspicious packages and reviews, and be cautious when interacting with unfamiliar sellers.

 

The post How to Protect Yourself from a Brushing Scam appeared first on McAfee Blog.

How to Protect Your Data While On-the-Go

By: Jasdev Dhaliwal

Winter travel is filled with excitement—whether you’re heading to a snow-covered ski resort, visiting family for the holidays, or enjoying a cozy retreat in a picturesque town. According to Tripadvisor’s Winter Travel Index, 57% of Americans are gearing up for winter travel this year, with a staggering 96% planning to travel as much or more than they did last winter. Yet, with this seasonal joy comes a hidden danger: public Wi-Fi. Airports, hotels, coffee shops, and even ski lodges offer free Wi-Fi, making it easy to stay connected while on the go. But while these networks are convenient, they can also be risky.

Public Wi-Fi networks are notorious for their lack of security. Unlike your home network, which is likely password-protected and encrypted, many public networks are open and vulnerable to cyberattacks. Hackers can intercept your data, monitor your online activity, and even steal sensitive information like passwords, credit card numbers, and personal identification. 

Common threats include Man-in-the-Middle attacks, where hackers intercept data exchanged between your device and the Wi-Fi network, and rogue hotspots, where cybercriminals set up fake Wi-Fi networks with names that mimic legitimate ones, tricking users into connecting. 

Despite these risks, many travelers still connect to public Wi-Fi without taking the necessary precautions. But with a few simple steps, you can significantly reduce your exposure while traveling this winter.

1. Use a Virtual Private Network (VPN): Your Best Defense

The most effective way to protect your data on public Wi-Fi is by using a Virtual Private Network (VPN). A VPN encrypts your internet connection, making it virtually impossible for hackers to intercept your data. It creates a secure tunnel between your device and the internet, ensuring that your online activity remains private.

By encrypting your data, a VPN ensures that any information transmitted over the network is unreadable to anyone attempting to intercept it, such as hackers or cybercriminals. It also masks your IP address, adding a layer of anonymity that makes it difficult for snoopers to trace your online movements or identify your location. 

2. Avoid Sensitive Transactions on Public Wi-Fi

Even with a VPN, it’s wise to avoid performing sensitive transactions on public Wi-Fi networks. For activities like online banking, shopping with credit cards, or accessing sensitive work documents, it’s best to reserve those tasks for secure, private networks. Taking a few extra precautions can further reduce your risk of data theft. 

Safer Alternatives:

  • Use Mobile Data: When possible, switch to your mobile data connection for sensitive transactions. Cellular networks are generally more secure than public Wi-Fi. 
  • Wait Until You’re Home: If the transaction isn’t urgent, wait until you can connect to a trusted, secure network. 
  • Use Secure Apps: If you must access sensitive accounts, use their official mobile apps instead of a web browser. Apps often have built-in security features that browsers lack.

3. Spot Suspicious Wi-Fi Networks

Not all Wi-Fi networks are created equal. Some are outright traps set by hackers to lure unsuspecting users. Always verify the official network name with a staff member before connecting, especially in places like airports, hotels, or cafes. Knowing how to identify suspicious networks can save you from connecting to a rogue hotspot.

Red Flags to Watch For: 

  • Unsecured Networks: If a network doesn’t require a password, it’s a potential risk. 
  • Strange Network Names: Be wary of networks with names that are misspelled or mimic legitimate ones (e.g., “Airport_FreeWiFi” instead of “Airport Free Wi-Fi”). 
  • Unusual Login Pages: If a Wi-Fi network asks for excessive personal information to connect, it could be a scam.

4. Keep Your Devices Secure

Protecting your data on public Wi-Fi isn’t just about the network—it’s also about securing your devices. Cybercriminals can exploit vulnerabilities in your smartphone, tablet, or laptop to gain access to your personal information. 

Device Security Tips: 

  • Update Your Software: Keep your operating system, apps, and security software up to date to patch any vulnerabilities. 
  • Use Antivirus Software: Install reliable antivirus software to detect and block malware or suspicious activity. 
  • Enable Firewall Protection: A firewall acts as a gatekeeper for your internet connection by filtering and analyzing incoming data. As the first line of defense, they block unauthorized access and prevent malicious programs from infiltrating your network. 
  • Turn Off Automatic Wi-Fi Connections: Disable the feature that automatically connects your device to open Wi-Fi networks. 
  • Clear Your Browser Cache: Delete cookies and browsing history to remove any stored login credentials. 

Stay Safe and Enjoy Your Winter Travels 

Public Wi-Fi can be a lifesaver when you’re traveling, but it doesn’t have to be a risk. By following these simple tips—using a VPN, avoiding sensitive transactions, and securing your devices—you can enjoy your winter adventures without compromising your personal data. So, whether you’re sipping hot cocoa in a ski lodge or waiting for a flight home, stay connected, stay secure, and make the most of your winter travels. 

The post How to Protect Your Data While On-the-Go appeared first on McAfee Blog.

Winter Travel Wi-Fi Safety: How to Protect Your Data While On-the-Go

By: Jasdev Dhaliwal

Winter Travel Wi-Fi Safety: How to Protect Your Data While On-the-Go

 

Winter travel is filled with excitement—whether you’re heading to a snow-covered ski resort, visiting family for the holidays, or enjoying a cozy retreat in a picturesque town. According to Tripadvisor’s Winter Travel Index, 57% of Americans are gearing up for winter travel this year, with a staggering 96% planning to travel as much or more than they did last winter. Yet, with this seasonal joy comes a hidden danger: public Wi-Fi. Airports, hotels, coffee shops, and even ski lodges offer free Wi-Fi, making it easy to stay connected while on the go. But while these networks are convenient, they can also be risky.

Public Wi-Fi networks are notorious for their lack of security. Unlike your home network, which is likely password-protected and encrypted, many public networks are open and vulnerable to cyberattacks. Hackers can intercept your data, monitor your online activity, and even steal sensitive information like passwords, credit card numbers, and personal identification.

Common threats include Man-in-the-Middle attacks, where hackers intercept data exchanged between your device and the Wi-Fi network, and rogue hotspots, where cybercriminals set up fake Wi-Fi networks with names that mimic legitimate ones, tricking users into connecting.

Despite these risks, many travelers still connect to public Wi-Fi without taking the necessary precautions. But with a few simple steps, you can significantly reduce your exposure while traveling this winter.


1. Use a Virtual Private Network (VPN): Your Best Defense

 

The most effective way to protect your data on public Wi-Fi is by using a Virtual Private Network (VPN). A VPN encrypts your internet connection, making it virtually impossible for hackers to intercept your data. It creates a secure tunnel between your device and the internet, ensuring that your online activity remains private.

By encrypting your data, a VPN ensures that any information transmitted over the network is unreadable to anyone attempting to intercept it, such as hackers or cybercriminals. It also masks your IP address, adding a layer of anonymity that makes it difficult for snoopers to trace your online movements or identify your location.


2. Avoid Sensitive Transactions on Public Wi-Fi

 

Even with a VPN, it’s wise to avoid performing sensitive transactions on public Wi-Fi networks. For activities like online banking, shopping with credit cards, or accessing sensitive work documents, it’s best to reserve those tasks for secure, private networks. Taking a few extra precautions can further reduce your risk of data theft.

Safer Alternatives:

  • Use Mobile Data: When possible, switch to your mobile data connection for sensitive transactions. Cellular networks are generally more secure than public Wi-Fi.
  • Wait Until You’re Home: If the transaction isn’t urgent, wait until you can connect to a trusted, secure network.
  • Use Secure Apps: If you must access sensitive accounts, use their official mobile apps instead of a web browser. Apps often have built-in security features that browsers lack.

 

3. Spot Suspicious Wi-Fi Networks

 

Not all Wi-Fi networks are created equal. Some are outright traps set by hackers to lure unsuspecting users. Always verify the official network name with a staff member before connecting, especially in places like airports, hotels, or cafes. Knowing how to identify suspicious networks can save you from connecting to a rogue hotspot.

 

Red Flags to Watch For:

  • Unsecured Networks: If a network doesn’t require a password, it’s a potential risk.
  • Strange Network Names: Be wary of networks with names that are misspelled or mimic legitimate ones (e.g., “Airport_FreeWiFi” instead of “Airport Free Wi-Fi”).
  • Unusual Login Pages: If a Wi-Fi network asks for excessive personal information to connect, it could be a scam.

 


4. Keep Your Devices Secure

Protecting your data on public Wi-Fi isn’t just about the network—it’s also about securing your devices. Cybercriminals can exploit vulnerabilities in your smartphone, tablet, or laptop to gain access to your personal information.

 

Device Security Tips:

  • Update Your Software: Keep your operating system, apps, and security software up to date to patch any vulnerabilities.
  • Use Antivirus Software: Install reliable antivirus software to detect and block malware or suspicious activity.
  • Enable Firewall Protection: A firewall acts as a gatekeeper for your internet connection by filtering and analyzing incoming data. As the first line of defense, they block unauthorized access and prevent malicious programs from infiltrating your network.
  • Turn Off Automatic Wi-Fi Connections: Disable the feature that automatically connects your device to open Wi-Fi networks.
  • Clear Your Browser Cache: Delete cookies and browsing history to remove any stored login credentials.

 

Stay Safe and Enjoy Your Winter Travels

Public Wi-Fi can be a lifesaver when you’re traveling, but it doesn’t have to be a risk. By following these simple tips—using a VPN, avoiding sensitive transactions, and securing your devices—you can enjoy your winter adventures without compromising your personal data. So, whether you’re sipping hot cocoa in a ski lodge or waiting for a flight home, stay connected, stay secure, and make the most of your winter travels.

The post Winter Travel Wi-Fi Safety: How to Protect Your Data While On-the-Go appeared first on McAfee Blog.

This Holiday Season, Watch Out for These Cyber-Grinch Tricks Used to Scam Holiday Shoppers

By: Charles McFarland

McAfee threat researchers have identified several consumer brands and product categories most frequently used by cybercriminals to trick consumers into clicking on malicious links in the first weeks of this holiday shopping season. As holiday excitement peaks and shoppers hunt for the perfect gifts and amazing deals, scammers are taking advantage of the buzz. The National Retail Federation projects holiday spending will reach between $979.5 and $989 billion this year, and cybercriminals are capitalizing by creating scams that mimic the trusted brands and categories consumers trust. From October 1 to November 12, 2024, McAfee safeguarded its customers from 624,346 malicious or suspicious URLs tied to popular consumer brand names – a clear indication that bad actors are exploiting trusted brand names to deceive holiday shoppers. 

McAfee’s threat research also reveals a 33.82% spike in malicious URLs targeting consumers with these brands’ names in the run-up to Black Friday and Cyber Monday. This rise in fraudulent activity aligns with holiday shopping patterns during a time when consumers may be more susceptible to clicking on offers from well-known brands like Apple, Yeezy, and Louis Vuitton, especially when deals seem too good to be true – pointing to the need for consumers to stay vigilant, especially with offers that seem unusually generous or come from unverified sources.  

McAfee threat researchers have identified a surge in counterfeit sites and phishing scams that use popular luxury brands and tech products to lure consumers into “deals” on fake e-commerce sites designed to appear as official brand pages. While footwear and handbags were identified as the top two product categories exploited by cybercrooks during this festive time, the list of most exploited brands extends beyond those borders: 

Top Product Categories and Brands Targeted by Holiday Hustlers 

  • Product categories: Handbags and footwear were the two most common product categories for bad actors. Yeezy (shoes) and Louis Vuitton (luxury handbags) were the most common brands that trick consumers into engaging with malicious/suspicious sites. 
  • Footwear: Adidas, especially the Yeezy line, was a top target, with counterfeit sites posing as official Adidas or Yeezy outlets. 
  • Luxury goods and handbags: Louis Vuitton emerged as a frequent target, particularly its handbag line. Cybercrooks frequently set up fake sites advertising high-demand luxury items like Louis Vuitton bags and apparel. 
  • Watches: Rolex was one of the most frequently counterfeited brands, with fraudulent sites openly selling counterfeit versions of the brand’s coveted watches. 
  • Technology: Scammers frequently used the Apple brand to trick consumers, including fake customer service websites and stores selling counterfeit Apple items alongside unrelated brands. 

By mimicking trusted brands like these, offering unbelievable deals, or posing as legitimate customer service channels, cybercrooks create convincing traps designed to steal personal information or money. Here are some of the most common tactics scammers are using this holiday season: 

Unwrapping Cybercriminals’ Holiday Shopping Scam Tactics 

  • Fake e-commerce sites: Scammers often set up fake shopping websites mimicking official brand sites. These sites use URLs similar to those of the real brand and offer too-good-to-be-true deals to attract bargain hunters. 
  • Phishing sites with customer service bait: Particularly with tech brands like Apple, some scam sites impersonate official customer service channels to lure customers into revealing personal information. 
  • Knockoff and counterfeit products: Some scam sites advertise counterfeit items as if they are real; there is often no indication that they are not legitimate products. This tactic was common for scammers leveraging the Rolex and Louis Vuitton brands, which appeal to consumers seeking luxury goods. 

 With holiday shopping in full swing, it’s essential for consumers to stay one step ahead of scammers. By understanding the tactics cybercriminals use and taking a few precautionary measures, shoppers can protect themselves from falling victim to fraud. Here are some practical tips for safe shopping this season: 

Smart Shopping Tips to Outsmart Holiday Scammers 

  • Stay alert, particularly during shopping scam season: The increase in malicious URLs during October and November is a strong indicator that scammers capitalize on holiday shopping behaviors. Consumers should be especially vigilant during this period and continue to exercise caution throughout the holiday shopping season. 
  • Wear a skeptic’s hat: To stay safe, consumers should verify URLs, look for signs of secure websites (like https://), and be wary of any sites offering discounts that seem too good to be true. 
  • Exercise additional caution: Adidas, Yeezy, Louis Vuitton, Apple, and Rolex are brand names frequently used by cybercrooks looking to scam consumers, so sticking with trusted sources is particularly important when shopping for these items online. 

Research Methodology 

McAfee’s threat research team analyzed malicious or suspicious URLs that McAfee’s web reputation technology identified as targeting customers, by using a list of key company and product brand names—based on insights from a Potter Clarkson report on frequently faked brands—to query the URLs. This methodology captures instances where users either clicked on or were directed to dangerous sites mimicking trusted brands. Additionally, the team queried anonymized user activity from October 1st through November 12th. 

Examples: 

The image below is a screenshot of a fake / malicious / scam site: Yeezy is a popular product brand formerly from Adidas found in multiple Malicious/Suspicious URLs. Often, they present themselves as official Yeezy and/or Adidas shopping sites. 

 

The image below is a screenshot of a fake / malicious / scam site: The Apple brand was a popular target for scammers. Many sites were either knock offs, scams, or in this case, a fake customer service page designed to lure users into a scam. 

 

The image below is a screenshot of a fake / malicious / scam site: This particular (fake) Apple sales site used Apple within its URL and name to appear more official. Oddly, this site also sells Samsung Android phones. 

The image below is a screenshot of a fake / malicious / scam site: This site, now taken down, is a scam site purporting to sell Nike shoes. 

The image below is a screenshot of a fake / malicious / scam site: Louis Vuitton is a popular brand for counterfeit and scams. Particularly their handbags. Here is one site that was entirely focused on Louis Vuitton Handbags. 

The image below is a screenshot of a fake / malicious / scam site: This site presents itself as the official Louis Vuitton site selling handbags and clothes. 

 

The image below is a screenshot of a fake / malicious / scam site: This site uses too-good-to-be-true deals on branded items including this Louis Vuitton Bomber jacket. 

The image below is a screenshot of a fake / malicious / scam site: Rolex is a popular watch brand for counterfeits and scams. This site acknowledges it sells counterfeits and makes no effort to indicate this on the product.  

 

The post This Holiday Season, Watch Out for These Cyber-Grinch Tricks Used to Scam Holiday Shoppers appeared first on McAfee Blog.

How to Protect Your Social Media Passwords with Multi-factor Verification

By: Jasdev Dhaliwal

Two-step verification, two-factor authentication, multi-factor authentication…whatever your social media platform calls it, it’s an excellent way to protect your accounts.

There’s a good chance you’re already using multi-factor verification with your other accounts — for your bank, your finances, your credit card, and any number of things. The way it requires an extra one-time code in addition to your login and password makes life far tougher for hackers.

It’s increasingly common to see nowadays, where all manner of online services only allow access to your accounts after you’ve provided a one-time passcode sent to your email or smartphone. That’s where two-step verification comes in. You get sent a code as part of your usual login process (usually a six-digit number), and then you enter that along with your username and password.

Some online services also offer the option to use an authenticator app, which sends the code to a secure app rather than via email or your smartphone. Authenticator apps work much in the same way, yet they offer three unique features:

  • They keep the authentication code local to your device, rather than sending it unencrypted over email or text.
  • This makes it more secure than email- and text-based authentication because they can be intercepted.
  • It can also provide codes for multiple accounts, not just your social media account.

Google, Microsoft, and others offer authenticator apps if you want to go that route. You can get a good list of options by checking out the “editor’s picks” at your app store or in trusted tech publications.

Whichever form of authentication you use, always keep that secure code to yourself. It’s yours and yours alone. Anyone who asks for that code, say someone masquerading as a customer service rep, is trying to scam you. With that code, and your username/password combo, they can get into your account.

Before we talk about multi-factor verification, let’s talk about passwords

Passwords and two-step verification work hand-in-hand to keep you safer. Yet not any old password will do. You’ll want a strong, unique password. Here’s how that breaks down:

  • Strong: A combination of at least 12 uppercase letters, lowercase letters, symbols, and numbers. Hacking tools look for word and number patterns. By mixing the types of characters, you break the pattern and keep your account safe.
  • Unique: Every one of your accounts should have its own password. Yes, all. And if that sounds like a lot of work, a password manager can do the work for you. It creates strong, unique passwords and stores them securely.

Now, with strong passwords in place, you can get to setting up multi-factor verification on your social media accounts.

Multi-factor authentication for Facebook

  1. Click on your profile picture in the top right, then click  Settings and Privacy.
  2. Click Settings.
  3. Click Accounts Center, then click Password and Security.
  4. Click Two-factor authentication, then click on the account that you’d like to update.
  5. Choose the security method you want to add and follow the on-screen instructions.

When you set up two-factor authentication on Facebook, you’ll be asked to choose one of three security methods:

  • Tapping your security key on a compatible device.
  • Login codes from a third-party authentication app.
  • Text message (SMS) codes from your mobile phone.

And here’s a link to the company’s full walkthrough: https://www.facebook.com/help/148233965247823

Multi-factor authentication for Instagram

  1. Click More in the bottom left, then click Settings.
  2. Click See more in Accounts Center, then click Password and Security.
  3. Click Two-factor authentication, then select an account.
  4. Choose the security method you want to add and follow the on-screen instructions.

When you set up two-factor authentication on Instagram, you’ll be asked to choose one of three security methods: an authentication app, text message, or WhatsApp.

And here’s a link to the company’s full walkthrough: https://help.instagram.com/566810106808145

Multi-factor authentication for WhatsApp

  1. Open WhatsApp Settings.
  2. Tap Account > Two-step verification > Turn on or Set up PIN.
  3. Enter a six-digit PIN of your choice and confirm it.
  4. Provide an email address you can access or tap Skip if you don’t want to add an email address. (Adding an email address lets you reset two-step verification as needed, which further protects your account.
  5. Tap Next.
  6. Confirm the email address and tap Save or Done.

And here’s a link to the company’s full walkthrough: https://faq.whatsapp.com/1920866721452534

Multi-factor authentication for YouTube (and other Google accounts)

  1. Open your Google Account.
  2. In the navigation panel, select Security.
  3. Under “How you sign in to Google,” select 2-Step VerificationGet started.
  4. Follow the on-screen steps.

And here’s a link to the company’s full walkthrough: https://support.google.com/accounts/answer/185839?hl=en&co=GENIE.Platform%3DDesktop

Multi-factor authentication for TikTok

1. TapProfileat the bottom of the screen.
2. Tap the Menu button at the top.
3. Tap Settings and Privacy, then Security.
4. Tap 2-step verification and choose at least two verification methods: SMS (text), email, and authenticator app.
5. Tap Turn on to confirm.

And here’s a link to the company’s full walkthrough: https://support.tiktok.com/en/account-and-privacy/personalized-ads-and-data/how-your-phone-number-is-used-on-tiktok

The post How to Protect Your Social Media Passwords with Multi-factor Verification appeared first on McAfee Blog.

How AI Deepfakes and Scams Are Changing the Way We Shop Online

By: Jasdev Dhaliwal

As 89% of Americans plan to shop online during this holiday shopping season, many say they’re more concerned about being scammed online than they were last year. One big reason why—AI deepfakes.  

Our 2024 Global Holiday Shopping Scams Study uncovered that 70% of American shoppers say AI-driven scams are changing the way they shop online. 

In all, they think scam emails and messages will be more believable than ever and that it’ll be harder to tell what’s a real message from a retailer or delivery service. With that in mind, 58% of people say they’ll be more alert than ever to when it comes to fake messages. Another 11% said they’ll do less online shopping because of how AI is helping cybercriminals. 

Overall, people say their confidence in spotting online scams is low, particularly when it comes to scams featuring AI-created content. Only 59% of Americans feel confident they can identify deepfakes or AI-generated content. 

The effectiveness of deepfake shopping scams has been shown already, 1 in 5 Americans (21%) said they unknowingly paid for fake products endorsed by deepfake celebrities. For Gen Z and Millennials, that number leaps yet higher, with 1 in 3 people aged 18-34 falling victim to a deepfake scam. Meanwhile, older Americans have avoided these scams, with only 5% of shoppers aged 55 and up saying that they’ve fallen victim to one. 

Additionally, 1 in 5 Americans (20%) say they or someone they know has fallen victim to a deepfake shopping scam, celebrity-based or otherwise. 70% of those people lost money to the deepfake holiday scam. Of those who lost money: 

  • More than 1 of 4 (27%) lost more than $500. 
  • More than 1 in 10 (11%) lost more than $1,000. 

The Top Holiday Shopping Trends We Spotted This Year

Across our research, three big findings stood out. The volume of scam messages is only increasing, chasing deals could lead to scams, and shopping on social media has risks of its own.

Scam messages continue to rise  

64% of Americans say they receive most of their scam messages via email, 20% encounter them primarily via text, and 16% find them on social media. These messages fall into several categories: 

  • 59% of people reported fake missed delivery or delivery problem notifications. 
  • Nearly half (44%) said they received alerts about a purchase they didn’t make. 
  • Reports of fake messages about credit card or account issues were also high, at 37%. 
  • 35% reported seeing phony Amazon security alerts or notifications. 

Chasing deals can be costly  

As the holiday season warms up, 84% of Americans say they’re on the hunt for the best holiday deals. But the rush for discounts could put them at risk. Scammers notoriously underprice hot items to lure in victims. 

  • 38% of Americans say they’d jump on a great deal as soon as they see it.  
  • Nearly 1 in 5 are willing to buy from unfamiliar retailers if the price is right. 
  • 64% of Americans say they are likely to make a purchase from a new retailer they find through social media for holiday shopping, if the deal is good.  

Social shoppers face new kinds of risks 

More than 100 million Americans shop on social media.i While social shopping offers convenience, it also exposes people to new risks, especially as scammers use these platforms to reach victims. We found that shoppers are increasingly turning to social channels, often in significant ways.  

  • 90% of Americans say they sometimes see ads from brands they’ve never heard of on social media—which may be legitimate companies or fronts for a scam. 
  • 83% of Gen Z consumers say their shopping starts on social media, making it the first stop for holiday deals.  
  • Overall, 12% of Americans say they plan to use TikTok Shopping, 7% plan to use Instagram Shopping, and 5% plan to use Pinterest. 

Protecting yourself from scams while shopping for the holidays  

Stick with known, legitimate retailers online 

This is a great one to start with. Directly typing in the correct address for online stores and retailers is a prime way to avoid scammers online. In the case of retailers that you don’t know much about, the U.S. Better Business Bureau (BBB) asks shoppers to do their research and make sure that retailer has a good reputation. The BBB makes that easier with a listing of retailers you can search simply by typing in their name. 

Pay with a credit card instead of your debit card  

In the U.S., the Fair Credit Billing Act offers the public protection against fraudulent charges on credit cards. Citizens can dispute charges of over $50 for goods and services that were never delivered or otherwise billed incorrectly. (Note that many credit card companies have their own policies that improve upon the Fair Credit Billing Act as well.) However, debit cards don’t get the same protection under the Act. Avoid using a debit card while shopping online and use your credit card instead.  

Go unlisted. 

Scammers have to get your contact info from somewhere. Often, they get it from online data brokers and other “people finder” sites. These sites collect and sell massive amounts of personal info to any buyer. You can remove that info from some of the riskiest data brokers with our Personal Data Cleanup service. It can help you remove that info, and with select products it can even manage the removal for you. Likewise, set your social media accounts to “friends and family” only so that your profile info doesn’t show up in search results. 

Think before you click. 

Phishing emails, texts, and sites lure people into clicking links that might lead to malware or handing over their personal info. And they look more believable than ever. If you receive an email or text message asking you to click on a link, it’s best to avoid interacting with the message altogether. Even if it’s a great-sounding deal or indicates it’ll provide useful info such as a parcel delivery update. Always go direct to the source and interact with reputable companies.  

Use AI to beat AI. 

Yet better, you can use the combo of our Scam Protection and Web Protection found in our McAfee+ plans. Powered by our AI technology, they detect sketchy links and keep you from clicking on them by mistake. 

Remember that if it seems too good to be true, it probably is. 

Many scams are effective because the scammer creates a false sense of urgency or preys on a heightened emotional state. Pause before you rush to interact with any message that is threatening or urgent, especially if it is from an unknown or unlikely sender. The same very much applies for deals and sales online. Scammers will pop up bogus online ads and stores for sought-after gifts, of course with no intention of shipping you anything. Look out for offers that seem priced too low and hard-to-find items that are miraculously in stock at an online store you’ve never heard of. Stick with reputable retailers instead. 

 Survey methodology 

The survey, which focused on the topic of deepfakes, scam messages, and holiday shopping, was conducted online in November 2024. 7,128 adults, age 18+, In 7 countries (US, Australia, India, UK, France, Germany, Japan), participated in the study. 

The post How AI Deepfakes and Scams Are Changing the Way We Shop Online appeared first on McAfee Blog.

How To Protect Yourself from Black Friday and Cyber Monday AI Scams 

By: Brooke Seipel

It usually starts with something small.

You’re scrolling TikTok or Instagram, half-paying attention, when a Black Friday ad pops up. It looks like the brand you love—same logo, same photos, same “limited-time deal” language you’ve seen in real promos. The link takes you to a site that looks identical to the real one. The checkout page works. The confirmation email looks legit.

Then the payment clears, and the merchant name on your bank statement doesn’t match the store at all.

That moment, wait, what did I just buy from?, is becoming the defining holiday-shopping scam of 2025.

This year, fake ads and cloned storefronts aren’t sketchy one-offs or typo-filled red flags. They’re polished. They’re identical. And increasingly, they’re powered by AI.

McAfee’s 2025 holiday research found that nearly half of Americans (46%) have already encountered AI-altered or AI-generated scams while shopping. And with 96% of people planning to shop online, many doing so daily, scammers know this is peak opportunity.

Here’s how fraudsters are blending into the busiest shopping season of the year, what the data shows, and how to stay one step ahead.

Why Scammers Are So Effective Right Now

A perfect storm is happening:

People are shopping more often.
Nearly half of U.S. adults expect to shop online daily or multiple times per day during the holidays.

People are rushed.
From early Black Friday “price drop” alerts to Cyber Monday countdowns, shoppers don’t slow down to verify what they’re seeing.

AI makes scam content nearly flawless.
McAfee found technology email scams surging ~85%, retail email scams rising ~50%, and fraudulent URLs climbing across the board—from counterfeit Apple support pages to fake Costco refund portals.

Holiday deals are already rolling out—and so are the scams.

McAfee’s 2025 holiday research shows major spikes in email scams (~50% increase), technology scams (~85% increase), and fake storefronts that mimic trusted retailers. AI tools are making these scams faster, more realistic, and harder to spot.

It’s not that shoppers suddenly got careless.

It’s that scammers suddenly got good.

This shows a SMishing text from a fake Amazon. Companies won't text you like this.
This shows a SMishing text from a fake Amazon. Companies won’t text you like this.

The 2025 Scams Hitting Shoppers the Hardest

1. Fake Retail Sites & “Deal” Pages That Look Real

This is the big one, and it’s getting cleaner every year.

Scammers lift entire storefronts:

  • Logos
  • Product photos
  • Sale graphics
  • Checkout flows
  • Even fake customer service pages

The only giveaway? A URL that’s juuust slightly off—“target-sale.com” instead of “target.com,” or a link ending in “.shop” or “.store” rather than a brand’s normal domain.

Once you enter your payment info, it goes directly into a database that criminals resell or use to make purchases.

How to spot and avoid this scam: Skip the ad. Type the retailer’s name into your browser yourself. If it’s a real deal, you’ll find it on their actual site.

2. TikTok, Instagram & Social Video Scams

Short-form videos are now a prime scam vehicle.

Scammers steal influencer footage, use AI voice clones, or generate deepfake “promo” videos with celebrities offering huge holiday discounts. When someone clicks the link, it leads straight to a counterfeit store.

According to McAfee:

  • 46% have encountered fake influencer/celebrity endorsements
  • Younger shoppers (18–34) see them most
  • Many appear during holiday-sale cycles on TikTok Shop and Instagram Shopping
  • US – Holiday Shopping 2025 fact…

How to spot and avoid this scam: Check the creator’s account history. Real brands don’t drop one-off promo videos from accounts you’ve never seen before. Same as our initial advice, skip the ad entirely and go directly to the official brand website rather than clicking any links.

3. Delivery & Shipping Text Scams

The classic delivery scam is back, with McAfee researchers finding dozens of examples of fake messages attempting to scam holiday shoppers.

You’ll receive a text saying a package can’t be delivered or that a small fee is needed to confirm your address.

McAfee found that 43% of people have encountered fake delivery notifications, and many victims say they entered credit card information thinking they were resolving a legitimate issue.

How to spot and avoid this scam: UPS, USPS, and FedEx will never send a clickable payment link in a text. If you’re wondering about a specific delivery, go directly to the site you ordered it from, or your original receipt in your email to find your tracking information.

4. Account Verification & Gift Card Scams

These hit during the weeks leading up to the holidays.

Messages claim:

  • Your Amazon account is locked
  • Your Apple ID has “suspicious activity”
  • Your loyalty points are expiring
  • You must verify your payment information
  • You must pay a fee or gift card to resolve an issue

How to spot and avoid this scam:
No legitimate company will ever resolve account issues through gift cards or text-confirmation codes.

How AI Is Supercharging These Scams

Not long ago, scam emails had broken English and pixelated logos.

Now scammers use generative AI to:

  • Clone real brand websites
  • Rewrite perfect phishing emails
  • Fake customer service chatbots
  • Produce Hyper-real video ads
  • Replicate influencer voices
  • Generate thousands of unique scam texts instantly

And people are noticing.

57% of shoppers say they’re more concerned about AI scams this year than last.

Yet 38% believe they can spot scams—even though 22% have fallen for one.

Confidence ≠ protection.

Fake designer websites like this page for Gucci shirts are deceptive and look close to the real thing.
Fake designer websites like this page for Gucci shirts are deceptive and look close to the real thing.

What to Do if You Think You’ve Encountered a Scam

If something feels off—a message, a link, a charge on your bank statement—don’t panic. Most holiday scams rely on speed and confusion. Slowing down and taking a few simple steps can keep a bad situation from turning into real damage.

1. Stop engaging immediately

Close the tab, delete the message, and don’t click anything else.
Scammers often stack multiple pop-ups or redirects to pressure you into acting fast.

2. Don’t enter any additional information

If you started typing in a password or card number but didn’t hit “submit,” back out.
If you did enter details, move to the next steps right away.

3. Change your passwords (starting with the affected account)

Use a strong, unique password—especially for accounts tied to:

  • email
  • shopping apps
  • banking
  • cloud storage

A reused password is how one compromised login unlocks everything else. McAfee offers a password manager to help you make and store strong, unique passwords.

4. Check your bank or credit card for unexpected charges

Fraud usually starts small: $1–$5 “test” charges, odd merchant names, or tiny withdrawals.
If you see anything suspicious, contact your bank and request:

  • a card replacement
  • a fraud alert
  • a temporary account freeze, if necessary

5. Run a security scan on your device

Some fake sites drop malware or spyware quietly in the background.
A quick scan can detect:

  • malicious downloads
  • browser hijackers
  • unsafe extensions
  • keyloggers

McAfee offers a free antivirus trial that you can use to scan your device and check for compromises.

6. Report the scam

Reporting helps stop other shoppers from being targeted.
You can report scams to:

  • the retailer being impersonated
  • the platform where you saw the ad (TikTok, Instagram, Facebook)
  • your national fraud reporting center

7. Let technology help you clean up

McAfee can automatically detect whether the link, message, or site you interacted with is malicious—and alert you if your information may have been exposed.
Tools like:

can help contain an issue before it turns into identity theft.

We offer a free antivirus trial to help protect your devices.
We offer a free antivirus trial to help protect your devices.

Need a Gift for the Practical Person in Your Life? Consider Giving Them Scam Protection

There’s always someone on your holiday list who doesn’t want more stuff, they want something useful. The friend who loves a clean inbox. The sibling who’s constantly traveling. The parent who keeps forwarding you suspicious texts asking, “Is this real?”

For them, security might actually be the most thoughtful gift you can give this year.

Online safety tools aren’t flashy, but they are the thing people reach for the moment they click the wrong link, lose a password, or get a sketchy delivery text. And with scams more believable than ever, digital protection has quietly become a new “practical essential,” like a good VPN or a reliable password manager.

Gifting McAfee means giving someone:

Scam protection that works quietly in the background
Scam Detector flags dangerous messages, deepfake-style content, and fake shopping sites before they ever interact with them.

Identity & financial monitoring
A huge help for anyone who’s been burned by fraud in the past — or is tired of checking bank statements manually.

Password security that doesn’t require them to remember anything
Perfect for the person who uses the same password everywhere (and you know exactly who I mean).

Device protection for laptops, phones, and tablets
Which is especially relevant for people shopping, traveling, or working remotely through the holiday season.

It’s practical. It’s protective. And unlike most presents, it’s something they’ll use all year.

The post How To Protect Yourself from Black Friday and Cyber Monday AI Scams  appeared first on McAfee Blog.

How AI PCs Are Optimizing Productivity Tools for Students

By: Jasdev Dhaliwal

In today’s fast-paced educational environment, productivity is a key determinant of academic success. Enter AI PCs—computers enhanced with artificial intelligence (AI) capabilities—that are reshaping how students interact with productivity tools. AI PCs are designed with built-in AI capabilities that optimize performance and user experience by leveraging machine learning algorithms to enhance software applications. This makes routine tasks more efficient and allows for a more personalized user experience.

For students, this means AI tools are becoming not just supplementary resources but integral parts of their academic toolkit. A new report, “The Dawn of the AI Era: Teens, Parents, and the Adoption of Generative AI at Home and School,” found that seven in 10 teenagers say they have used at least one type of generative AI tool, with 40% report using generative AI for school assignments.

From advanced writing assistants to research enhancers, these AI-driven machines have the power to elevate the academic experience. This blog post will explore how AI PCs integrate with AI tools to boost productivity and offer actionable tips to maximize these features for academic success.

1. Instant Research Assistance

ChatGPT, an AI language model developed by OpenAI, serves as a powerful research assistant, capable of summarizing articles, generating topic ideas, and answering questions on a wide range of subjects. When integrated into an AI PC, ChatGPT can be accessed directly from the desktop or through dedicated applications, providing students with on-demand research support. Several other AI tools can also greatly benefit students in research and writing, such as Google Bard, Jasper, and Copy.ai.

McAfee Tip: Use an AI tool like ChatGPT to brainstorm ideas and outline essays or research papers. For instance, if you’re writing a paper on climate change, ChatGPT can help you outline key points, suggest relevant sources, and even provide a summary of complex scientific articles.

2. Enhanced Writing Capabilities

Beyond research, AI tools can assist with writing tasks by generating content, offering suggestions, and even helping with creative projects. Its ability to understand context and generate coherent text means that students can use it for drafting essays, creating reports, or even composing emails.

McAfee Tip: Check with your school policies to ensure you remain compliant with their rules around AI usage. For example, use the tool to generate insights and ideas, but cross-check and cite any specific sources or information included in your work to maintain academic integrity.

3. Real-Time Grammar and Style Checks

Grammarly, an AI-powered writing assistant, is renowned for its grammar and style-checking capabilities. On an AI PC, Grammarly is not just a browser extension but a deeply integrated tool that offers real-time feedback on spelling, punctuation, and stylistic errors. This seamless integration ensures that students can produce polished and professional documents with ease.

McAfee Tip: Use Grammarly’s advanced features, such as clarity and engagement suggestions, to help enhance the readability of your work. Before submitting any paper, run it through Grammarly’s plagiarism checker to ensure that all sources are properly cited and that your work is original.

4. Efficient Study Sessions

AI PCs can streamline study sessions by using tools to create comprehensive study guides, generate practice questions, and summarize textbook chapters. For example, AI PCs can integrate with note-taking apps, like Evernote and Microsoft OneNote, to organize lecture notes, create study guides, and sync information across devices. AI features can then assist in summarizing notes and organizing content for easier review.

McAfee Tip: Zotero and Mendeley can help students organize research papers, manage citations, and create bibliographies. Integration with Khan Academy and Coursera on AI PCs allows students to access and interact with educational content, complete with AI-driven recommendations for supplemental learning and practice.

5. Enhanced Collaboration

For group projects, AI tools can enhance collaboration by providing a platform for drafting and reviewing content together. AI PCs with integrated ChatGPT can help in brainstorming sessions, while Grammarly ensures that all written contributions are cohesive and professionally presented. Integration with tools like Natural Reader and Otter.ai to convert text to speech and vice versa can help with reviewing study materials and transcribing spoken content into written form.

McAfee Tip: Utilize shared documents with built-in Grammarly and ChatGPT features to collaborate on essays or research papers. This allows for real-time feedback and adjustments, leading to a more polished final product.

6. Ensure Authentic Sources

In the realm of online research and media consumption, discerning authentic content from manipulated material is increasingly important. This is where McAfee Deepfake Detector comes into play. Integrated into AI PCs, this tool provides real-time alerts when it detects AI-generated audio within videos. By utilizing advanced AI technology, Deepfake Detector helps students quickly identify whether a video’s audio has been manipulated, right from their browser without extra steps.

McAfee Tip: When engaging with online videos for research or study, use Deepfake Detector to ensure the content is authentic. This tool helps you avoid falling for misleading or false information, which is crucial for maintaining the integrity of your academic work.

Ultimately, AI PCs are revolutionizing students’ daily academic routines by integrating advanced AI tools into everyday life. AI-driven tools are offering unprecedented support in writing, research, and creative projects, making them invaluable assets in achieving academic and professional success. By leveraging these capabilities, students can enhance their productivity, produce high-quality work, and prepare for future challenges with confidence.

The post How AI PCs Are Optimizing Productivity Tools for Students appeared first on McAfee Blog.

How to Spot a Deepfake on Social Media

By: Jasdev Dhaliwal

Think you can spot a fake on social media? It’s getting tougher. Particularly as deepfake technology gets far better and far easier to use.

Here’s why that matters.

You might find yourself among the 50% of Americans who say they get their news on social media at least “sometimes.”[i] Plenty of deepfakes deliberately pose as legitimate news. You might also stumble across promos or deals on social media. Scammers create yet more deepfakes for phony giveaways and bogus investment opportunities.

In short, what you’re seeing might be a fake. And your odds of stumbling across a deepfake on social media are on the climb.

That means using social media today requires more scrutiny and skepticism, which are two of your best tools for spotting deepfakes.

The best way to spot deepfakes right now

Whether you’re staring down AI-generated text, photography, audio, or video, some straightforward steps can help you spot a fake. Even as AI tools create increasingly convincing deepfakes, a consistent truth applies — they’re lies. And you have ways of calling out a liar.

Slow down.

Malicious deepfakes share something in common. They play on emotions. And they play to biases as well. By stirring up excitement about a “guaranteed” investment or outrage at the apparent words of a politician or public figure, deepfakes cloud judgment. That’s by design. It makes deepfakes more difficult to spot because people want to believe them on some level.

With that, slow down. Especially if you see something that riles you up. This offers one of the best ways to spot a fake. From there, the next step is to validate what you’ve seen or heard.

 

 

Consider who did the posting.

Because what you’re seeing got posted on social media, you can see who posted the piece of content in question. If it’s a friend, did they repost it? Who was the original poster? Could it be a bot or a bogus account? How long has the account been active? What kind of other posts have popped up on it? If an organization posted it, look it up online. Does it seem reputable? This bit of detective work might not provide a definitive answer, but it can let you know if something seems fishy.

Seek another source.

Whether they aim to spread disinformation, commit fraud, or rile up emotions, malicious deepfakes try to pass themselves off as legitimate. Consider a video clip that looks like it got recorded at a press conference. The figure behind the podium says some outrageous things. Did that really happen? Consult other established and respected sources. If they’re not reporting on it, you’re likely dealing with a deepfake.

Moreover, they might report that what you’re looking at is a deepfake that’s making the rounds on the internet. Consider the Taylor Swift “Le Creuset scam” of early 2024. News outlets quickly revealed that the singer was not giving away free, high-end cookware.

A technique called SIFT can help root out a fake. It stands for: Stop, Investigate the source, Find better coverage, and Trace the media to the original context. With the SIFT method, you can indeed slow down and determine what’s real.

Have a professional fact-checker do the work for you.

De-bunking fake news takes time and effort. Often a bit of digging and research too. Professional fact-checkers at news and media organizations do this work daily. Posted for all to see, they provide a quick way to get your answers. Some fact-checking groups include:

What are typical signs of a deepfake?

This gets to the tricky bit. The AI tools for creating deepfakes continually improve. It’s getting tougher and yet tougher still to spot the signs of a deepfake. The advice we give here now might not broadly apply later. Still, bad actors still use older and less sophisticated tools. As such, they can leave signs.

How to spot AI-generated text.

Look for typos. If you spot some, a human likely did the writing. AI generally writes clean text when it comes to spelling and grammar.

Look for repetition. AI chatbots get trained on volumes and volumes of text. As such, they often latch onto pet terms and phrases that they learned as they were trained. Stylistically, AI chatbots often overlook that repetition.

Look for style (or lack thereof). Today’s chatbots are no Ernest Hemingway, Mark Twain, or Vladimir Nabokov. They lack style. The text they generate often feels canned and flat. Moreover, they tend to spit out statements, yet with little consideration for how they flow together.

How to spot deepfake photos.

Zoom in. A close look at deepfake photos often reveals inconsistencies and flat-out oddities. Consider this viral picture of the “Puffer Pope” that circulated recently. Several things point toward a bogus image.

Credit:CNN
Start with the hands in the image. The right hand isn’t fully formed. Many AI tools have a notoriously tough time with rendering fingers properly. Meanwhile, the left hand features some lighting and skin tones that look a bit unnatural. An even closer look shows that the crucifix worn by the Pope only has half a chain. Next, look at the face and the unusual shadows cast by the glasses he wears.

How to spot deepfake audio and video.

Keep an eye on the speaker. A close look at who’s doing the talking in a deepfake video can reveal if it’s a fake. Subtle things reveal themselves. Is the speaker blinking too much? Too little? At all? How about their speech. Does it sync up with their mouth perfectly? These might be signs of a deepfake.

Watch how the speaker moves. In the example of the Ukrainian presidential deepfake, it appears that only President Zelensky’s head moves. Just slightly. This is a sign of lower-grade video deepfake technology. It has difficulty tracking movement. Another possible sign is if the speaker never moves their hand across their face. Once again, that might indicate the work of lesser AI tools. In that case, they render the facial image on the hand.

Look at and listen to the context. If a speaker is in an open public space, does it sound like they’re speaking in that environment? For example, if they’re in a city park, can you hear birds? What about traffic noise? How about the murmurs of the crowd? If that’s missing, or it feels like ambient sounds are piped in like the laugh track in an old sitcom, you might have a deepfake on your hands.

How does the speaker sound? In the case of audio-only deepfakes, today’s AI tools work best when they’re fed smaller chunks of text to create speech. They don’t work as well with big blocks. This requires creators to stitch those chunks together. As a result, the cadence and flow might sound on the copy side. Also, you might not hear the speaker taking breaths, as normal speakers do.

Be skeptical. Always.

With AI tools improving so quickly, we can no longer take things at face value. Malicious deepfakes look to deceive, defraud, and disinform. And the people who create them hope you’ll consume their content in one, unthinking gulp. Scrutiny is key today. Fact-checking is a must, particularly as deepfakes look sharper and sharper as the technology evolves.

Plenty of deepfakes can lure you into sketchy corners of the internet. Places where malware and phishing sites take root. Consider using comprehensive online protection software with McAfee+ to keep safe. In addition to several features that protect your devices, privacy, and identity, they can warn you of unsafe sites too. While it might not sniff out AI content (yet), it offers strong protection against bad actors who might use fake news to steal your info or harm your data and devices.

[i] https://www.pewresearch.org/journalism/fact-sheet/social-media-and-news-fact-sheet

The post How to Spot a Deepfake on Social Media appeared first on McAfee Blog.

How to Delete Your Instagram Account

By: Jasdev Dhaliwal

Deleting vs. Deactivating: Key Differences

When considering leaving Instagram, you have two main options: deactivating or deleting your account. Understanding the distinctions is key to making the right choice for your privacy and digital presence. Deactivation is a temporary measure. Your profile, photos, comments, and likes are hidden from other users, including your followers, as if your account doesn’t exist. However, all your information is saved by Instagram, allowing you to reactivate your account at any time by simply logging back in. Your direct messages will still be visible to recipients. This option is ideal if you need a break or want to temporarily reduce your online visibility without losing your data or account history. If you are looking for how to deactivate Instagram account, this is a reversible step.

On the other hand, learning how to delete Instagram account permanently is a final step. Once you request deletion and a 30-day grace period passes (during which you can cancel by logging back in), your account and all associated data – photos, videos, followers, messages (from your end), and profile information – are permanently erased from Instagram’s main servers. While some data might remain in backups for a longer period for disaster recovery, you won’t be able to access it or recover your account. This is the choice if you want to permanently remove your footprint from the platform. Understanding how to delete Instagram is crucial if this is your goal.

Quick Comparison: Deactivating vs. Deleting Your Instagram Account

  • Visibility: Deactivation hides your profile; Deletion permanently removes it after a grace period.
  • Data (Photos, Profile, etc.): Deactivation preserves data (hidden); Deletion permanently erases data.
  • Messages: Deactivation keeps sent messages visible to recipients; Deletion removes your access, but recipients may still see past messages, often attributed to an “Instagram User”.
  • Follower Visibility: Deactivation makes your profile invisible to followers; Deletion removes you from their lists and your content from their view.
  • Permanence: Deactivation is temporary; Deletion is permanent.
  • Recovery Options: Deactivated accounts can be reactivated by logging in; Deleted accounts cannot be recovered after 30 days.
  • Data Retention by Instagram (Post-Action): Deactivation means Instagram retains all data for reactivation. Deletion means data is removed from active systems (usually within 90 days), though backups may exist longer.

Should You Deactivate or Delete? Factors to Consider

  • Mental Health Breaks: If you’re feeling overwhelmed by social media and need a pause for your mental well-being, deactivation is an excellent choice. It allows you to step away without the finality of deletion, and you can return when you feel ready.
  • Job Search Privacy: When actively job hunting, you might want to limit what potential employers can see. Deactivating your account temporarily hides your profile. Alternatively, making your account private is also an option.
  • Serious Security Concerns or Harassment: If you’re facing persistent harassment, bullying, or believe your account security has been severely compromised, permanently deleting your Instagram account might be a necessary step for your safety and peace of mind. In less severe cases, blocking users and reporting content coupled with deactivation might suffice.
  • Long-Term Digital Footprint Reduction: If your goal is to minimize your online presence and permanently remove your data from Instagram, then opting to delete Instagram account is the appropriate action. This is a long-term decision aimed at reducing your overall digital footprint.
  • Quick Self-Assessment Questions:
    • Do you foresee wanting to use your current Instagram profile, with its photos and connections, in the future? If yes, consider deactivation.
    • Is your primary concern about data privacy and wanting Meta to remove your information? If yes, and you’re sure you don’t want to return, consider permanent deletion.
    • Are you simply looking for a temporary escape from notifications and social pressures? If yes, deactivation is likely sufficient.
  • Recommendation Based on Goals: If you need a temporary pause, want to hide your profile for a while, or think you might return, learning how to deactivate Instagram account is your best approach. If your objective is to permanently sever ties and remove your data, then understanding how to delete Instagram account permanently is the path to take.

How to Temporarily Disable Your Instagram Account

  1. Via Mobile App (iOS or Android):
    1. Open the Instagram app and navigate to your profile page.
    2. Tap the menu icon (three horizontal lines) located in the top-right corner.
    3. Select Settings and privacy from the menu.
    4. Tap on Accounts Center, which is usually the first option.
    5. Under the “Account settings” section, tap on Personal details.
    6. Choose Account ownership and control.
    7. Tap on Deactivation or deletion.
    8. Select the Instagram account you wish to deactivate if multiple accounts are listed.
    9. Ensure Deactivate account is selected and tap Continue.
    10. You will be prompted to enter your Instagram password for verification. Enter it and tap Continue.
    11. Instagram will ask for a reason for deactivation. Choose one from the list and tap Continue.
    12. Finally, confirm your decision by tapping Deactivate Account.
  2. Via Web Browser (Desktop or Mobile):
    1. Navigate to Instagram.com in your preferred web browser and log in to your account.
    2. Click on More (represented by three horizontal lines) in the bottom-left menu.
    3. Select Settings from the menu that appears.
    4. You should be directed to the Accounts Center. If not, click on it.
    5. Under “Account settings,” click Personal details.
    6. Click Account ownership and control.
    7. Choose Deactivation or deletion.
    8. Select your account, ensure Deactivate account is chosen, and click Continue.
    9. Enter your password when prompted and click Continue.
    10. Provide a reason for deactivating and then confirm the deactivation.
  3. Time Limits for Reactivation: There is no specific time limit imposed by Instagram for how long an account can remain deactivated. You can reactivate it whenever you choose by simply logging back into your account with your username and password.
  4. Data Visibility During Deactivation: When your Instagram account is deactivated, your profile, photos, videos, Stories, comments, and likes will be hidden from all other users, including your followers. It will essentially appear as though your account does not exist. However, your information is not deleted from Instagram’s servers. Messages you have previously sent to other users may still be visible to them.

Backing Up Your Photos and Data Before You Leave

Before you take the irreversible step to delete your Instagram account, it is highly recommended to back up your data. This ensures that you retain a copy of your photos, videos, messages, and other information you’ve shared on the platform. Once an Instagram account is deleted, this data cannot be recovered. Instagram provides a built-in tool, often referred to as Meta’s “Download Your Information” feature, which allows you to request a complete copy of your data. This includes content types such as your photos (including feed posts, Stories, and Reels you’ve archived or posted), videos, comments you’ve made, your profile information, and direct messages (DMs). While some users might have manually saved individual photos or videos to their devices over time, using Instagram’s official download tool is the most comprehensive method to secure a full archive. This is a vital step before you learn how to delete Instagram and commit to removing your presence.

Request and Download a Copy of Your Instagram Data

  1. Requesting Your Data (iOS and Android Devices):
    1. Open the Instagram app on your mobile device and navigate to your profile by tapping your profile picture in the bottom-right corner.
    2. Tap the menu icon (three horizontal lines) in the top-right corner of your profile page.
    3. From the menu, select Your activity.
    4. Scroll down to the bottom of the “Your activity” screen and tap on Download your information.
    5. Tap Request a download. If you have multiple accounts linked through Accounts Center, select your Instagram profile.
    6. You’ll have the option to request a Complete copy of your data or to Select types of information if you only need specific data.
    7. Configure your file options: choose a format (HTML is generally easier for viewing, while JSON is better for transferring data to another service), select media quality (e.g., high, medium, low), and specify a date range if you don’t want all your data.
    8. Ensure your email address is correct, as this is where the download link will be sent. Tap Submit request.
  2. Requesting Your Data (Desktop/Web Browser):
    1. Open your web browser, go to Instagram.com, and log in to your account.
    2. Click on the More option (represented by three horizontal lines) found in the menu on the bottom-left side of the page.
    3. From the popup menu, select Your activity.
    4. Click on Download your information.
    5. Click the Request a download button. You’ll then follow similar prompts as on the mobile app: select the profile (if applicable), choose between a complete copy or specific types of information, and set your file options (format, media quality, date range). Submit the request.
  3. Email Delivery Times, File Formats: Instagram (Meta) states that it may take up to 14 days to collect your information and prepare it for download, though for many users, this process is much faster, often completed within a few hours or even minutes, especially for accounts with less data. You will receive an email at the address associated with your account containing a link to download your data. This link is typically valid for only a few days for security reasons, so download it promptly. The data is usually delivered as a ZIP file. Inside, you’ll find your information structured in folders, commonly in HTML format (for easy viewing in a browser) or JSON format (a structured data format useful for developers or data transfer).
  4. How to Interpret the Archive Once Received: After downloading and unzipping the file, if you selected the HTML format, look for an `index.html` file. Opening this file in a web browser will provide a navigable interface to browse your data, such as posts, messages, profile information, and more. Photos and videos will typically be in separate folders, often organized by date, in their original formats (e.g., JPG for photos, MP4 for videos). If you chose JSON, the files will contain raw data that can be parsed programmatically.

Troubleshooting: Why Can’t I Delete My Instagram Account?

  • Forgotten Password: To confirm your identity and proceed with account deletion, Instagram requires your current password. If you’ve forgotten it, use the “Forgot password?” option on the login page to reset it before attempting to delete your Instagram account again.
  • Two-Factor Authentication (2FA) Loops: If you have 2FA enabled but are experiencing issues receiving security codes, or if your backup codes are not working, this can prevent you from completing the deletion process. Try to resolve the 2FA issue first, which might involve checking your SMS, authentication app, or using recovery codes. Refer to Instagram’s Help Center for 2FA troubleshooting.
  • Active Advertisements or Boosted Posts: If your Instagram account is managing active ad campaigns or has recently boosted posts, you might need to stop these activities or wait for them to conclude before the system allows deletion. Check your settings in Meta Ads Manager.
  • Linked Business Pages or Third-Party Applications: Connections to Facebook Business Pages, or certain third-party app integrations, might sometimes interfere with the instagram delete account process. Review your linked accounts and app permissions, and consider unlinking them if necessary. Ensure your Instagram account isn’t the sole admin for a critical business asset.
  • Using an Incorrect Deletion Path: Ensure you are navigating through the correct menu options, typically via Accounts Center > Personal Details > Account Ownership and Control > Deactivation or Deletion, and specifically selecting “Delete account” rather than “Deactivate account.” The steps for how to delete instagram can sometimes change slightly with app updates.
  • Temporary System Glitches: Occasionally, the inability to delete might be due to temporary glitches or server-side issues on Instagram’s end. In such cases, waiting for a few hours and trying again, or attempting the process using a different device or web browser, can sometimes resolve the problem.
  • If you’ve tried these steps and still can’t delete your account, the most reliable source for assistance is Meta’s Instagram Help Center, which provides detailed guidance and solutions for common account issues.

How Long Does the Deletion Process Take?

When you initiate the request for how to delete Instagram account permanently, the removal isn’t immediate. Instagram implements a 30-day grace period starting from the moment you confirm your deletion request. During this 30-day window, your account, along with all your information like photos, videos, and profile details, becomes invisible to other users on the platform. However, it’s not yet fully deleted. If you change your mind and log back into your account any time within these 30 days, the deletion request is automatically cancelled, and your account will be reinstated. If you do not log in during this period, your account will be permanently deleted after the 30 days conclude. Following this, Instagram states that the complete deletion of your data from their backend systems and servers can take up to an additional 90 days. Therefore, the entire process from request to potential full backend deletion can span up to 120 days. It’s also important to note that even after the 90-day backend deletion window, copies of some of your content may remain in backup storage that Instagram uses for disaster recovery, software errors, or other data loss events, though this data is generally not accessible. Cached copies of your profile might also briefly appear in search engine results until their indexes are updated.

What Happens After You Delete Your Account?

After you successfully delete your Instagram account and the 30-day grace period has passed, your presence on the platform is permanently erased. This means your profile, all your photos, videos, comments, likes, and followers will be irretrievably removed. You will no longer be able to log in or reactivate that specific account. Your username might become available for others to use in the future, although Instagram may have policies that prevent immediate reuse. Any Direct Messages (DMs) you sent will typically remain visible to the recipients; however, they will usually be attributed to a generic “Instagram User” or a similar placeholder, without any link back to your deleted profile or your profile picture. Tags of your former account on other users’ photos will persist, but they will become inactive text rather than a clickable link to a profile. If you had embedded Instagram posts on external websites or blogs, these embeds will likely stop displaying your content or show an error message. Any third-party applications or services that were connected to your Instagram account will lose their access and will no longer function with that account. While Instagram aims to delete your data, they note in their policy that copies of some information (like log records) may remain in their database but are disassociated from personal identifiers. Furthermore, advertisers and Meta may retain aggregated, anonymized engagement metrics (e.g., if you clicked on an ad), but this data would not be linked to your specific, now-deleted, account.

Can You Recover or Reactivate a Deleted or Disabled Account?

Understanding whether you can recover an Instagram account depends heavily on whether it was disabled (deactivated) or permanently deleted. If you chose to deactivate your Instagram account, this is a temporary measure. You can reactivate a disabled account at any time simply by logging back in with your username and password. Upon reactivation, your profile, photos, comments, and likes will be restored as they were. However, if you followed the steps for how to delete Instagram account permanently, the situation is different. After you request deletion, Meta provides a 30-day window during which your account is hidden but not yet permanently erased. If you log back into your account within these 30 days, the deletion request is cancelled, and your account is recovered. If this 30-day period lapses without you logging in, your account and all associated data are permanently deleted and cannot be recovered by you or by Instagram support. There is no way to get it back after this point. While you might be able to create a new account, you generally cannot reuse the same username immediately, as Instagram may hold it for a period or it could be claimed by someone else. If you attempt recovery after the 30-day window for a permanently deleted account, it will fail.

Will Your Followers Know If You Leave Instagram?

Instagram does not send out a direct notification to your followers informing them that you have decided to delete your Instagram account or even if you’ve chosen to deactivate your Instagram account. However, your followers will notice your absence in different ways depending on your action. If you deactivate your account, your profile, along with all your posts, comments, and likes, becomes completely invisible on the platform. If a follower searches for your username, they won’t find your account. It will appear as if you’ve vanished or your account never existed, until you decide to reactivate it by logging back in. If you proceed to delete Instagram account permanently, after the 30-day grace period, your profile and all its content are permanently removed. For your followers, this means they will no longer see your account in their follower lists or following lists. Any past comments or likes you made on their posts might disappear or become attributed to a generic “Instagram User.” Essentially, your digital presence on Instagram ceases to exist. If you wish to leave quietly without drawing attention, both deactivation and deletion achieve this in terms of formal notifications. However, a sudden disappearance will likely be noticed by those who regularly interact with you or check your profile. You may choose to inform close friends or followers personally before you Instagram delete account if you want to manage their expectations.

Make Your Account Private as an Alternative to Deleting

  1. Switching to a Private Profile on Mobile (iOS & Android):
    1. Open the Instagram app and go to your profile by tapping your profile picture.
    2. Tap the menu icon (three horizontal lines) in the top-right corner.
    3. Select Settings and privacy from the menu.
    4. Scroll down to the “Who can see your content” section and tap on Account privacy.
    5. Toggle the Private account switch to the on position. You may need to confirm your choice.
  2. Switching to a Private Profile on Web Browser:
    1. Go to Instagram.com and log in to your account.
    2. Click on More (three horizontal lines) in the menu on the bottom-left side of the screen.
    3. Select Settings from the pop-up menu.
    4. In the left navigation bar, click on Settings and privacy (or it may directly show “Account privacy” options).
    5. Under “Who can see your content,” find the Account privacy section and check the box next to Private Account.
  3. Privacy Trade-offs and Benefits: Making your account private means only your approved followers can see your posts, Stories, Reels, and list of followers/following. People who want to follow you must send a request, which you can approve or deny. This significantly increases your control over who views your content. Your bio and profile picture remain public. This doesn’t remove your data from Instagram’s servers like deletion would, but it limits public access to your shared content.
  4. How It Limits Data Sharing: While Instagram still collects your data as per its privacy policy, a private account restricts other users from easily accessing, sharing, or misusing your content. Your posts won’t appear in public hashtag searches or on the Explore page for non-followers.
  5. Why It May Be a Middle-Ground Solution: If your primary concern is controlling your audience and enhancing privacy without permanently leaving the platform or losing your content and connections, setting your account to private is an excellent alternative to deactivation or deletion. It offers a significant degree of control over your content’s visibility, making it a good middle-ground solution if you’re not ready to fully delete your Instagram account.

The post How to Delete Your Instagram Account appeared first on McAfee Blog.

How to Delete Your Facebook Account

By: Jasdev Dhaliwal

Thinking about deleting your Facebook account? We can show you how.

Before we get to that, you might be interested to find what kind of data Facebook collects about you — and how long Facebook keeps your account data, even after you delete it.

What does Facebook know about you?

For that answer, we turn to Facebook’s privacy policy page.[i] As you might imagine, the list of what they collect is long—long enough that you’ll want to read it for yourself. Yet, broadly, Facebook provides the following summary as part of its June 2024 Privacy Policy.

Per Facebook, they collect:

  • The information you give us when you sign up for our Products and create a profile, like your email address or phone number.
  • What you do on our Products. This includes what you click on or like, your posts, photos, and messages you send. If you use end-to-end encrypted messaging, we can’t read those messages unless users report them to us for review.
  • Who your friends or followers are, and what they do on our Products.
  • Information from the phone, computer, or tablet you use our Products on, like what kind it is and what version of our app you’re using.
  • Information from partners about things you do both on and off of our Products. This could include other websites you visit, apps you use, or online games you play.

The last bullet is an important one. Facebook very likely knows about things you do even when you’re not using Facebook.

How do they know about that? Increasingly, that comes through a technology called “server-side tracking.” It’s a form of ad and behavior tracking where a company’s servers communicate directly with each other. In this case, that’s a company’s servers and Facebook’s servers. It can track custom events like page visits, purchases, and the like. This way, companies can track the performance of their Facebook campaigns. It’s like using tracking cookies, with one important difference — it bypasses the user’s device. (Cookies rely on data stored on your device.) The process is invisible to the user.

How extensive is its use? A recent study by Consumer Reports of more than 700 Facebook users found that the average user was tracked by more than 2,200 companies partly using this technology.[ii] Consumer Reports was quick to state that their findings don’t reflect a representative sample because participants were volunteers, and the results weren’t adjusted for demographics. Yet it is telling that across these 700-plus Facebook users, roughly 7,000 different companies shared their data with Facebook.

Everyone has their own appetite for privacy, and we’ve all known for some time that with using a “free” social media platform comes a price — privacy to some extent or other. The more you know how much a platform knows about you, the better decision you can make about participating in it.

How long does Facebook keep your data?

As for how long they keep all that data and info they collect, the answer varies. Per Facebook,

  • Your information, including financial transaction data related to purchases or money transfers made on our Products, may be preserved and accessed for a longer time period if it’s related to any of the following:
  • A legal request or obligation, including obligations of Meta Companies or to comply with applicable law.
  • A governmental investigation.
  • An investigation of possible violations of our terms or policies.
  • To prevent harm.
  • For safety, security, and integrity purposes.
  • To protect ourselves, including our rights, property, or products.
  • If it’s needed in relation to a legal claim, complaint, litigation, or regulatory proceedings.
  • In some cases, we may preserve your information based on the above reasons even after you request deletion of your account or some of your content. We may also preserve information from accounts that have been disabled and content that has been removed for violations of our terms and policies.

In short, deleting your Facebook account is no guarantee that your data will immediately get deleted along with it. Per the list above, Facebook’s Privacy Policy allows the platform to keep your data for an indeterminate amount of time.

Now, onto the steps for deleting your Facebook account.

How to delete your Facebook account

Before you permanently delete your account, keep a few things in mind. Per Facebook:

  • You won’t be able to reactivate your account.
  • Your profile, photos, posts, videos, and everything else you’ve added will be permanently deleted. You won’t be able to retrieve anything you’ve added.
  • You’ll no longer be able to use Facebook Messenger.
  • You won’t be able to use Facebook Login for other apps you may have signed up for with your Facebook account, like Spotify or Pinterest. You may need to contact the apps and websites to recover those accounts.
  • Some information, like messages you sent to friends, may still be visible to them after you delete your account. Copies of messages you have sent are stored in your friends’ inboxes.

Note that Facebook provides a 30-day grace period once you delete your account. If you want to hop back onto the platform, you can simply reactivate your account during that period. All your info, data, and posts will be there. After those 30 days, you’ll no longer have access to them.

As for the steps, that varies. If you’re deleting Facebook from a computer:

  1. Click your profile picture in the top right of Facebook.
  2. Select Settings & privacy, then click Settings.
  3. If Accounts Center is at the top left of your Settings menu, you can delete your account through Accounts Center. If Accounts Center is at the bottom left of your Settings menu, you can delete your account through your Facebook Settings.

If you’re deleting Facebook from an iOS device:

  1. From your main profile, tap  in the bottom right of Facebook.
  2. Scroll down and tap Settings & privacy
  3. If Accounts Center is at the top of your Settings & privacy menu, you can delete your account through Accounts Center. If Accounts Center is at the bottom of your Settings & privacy menu, you can delete your account through your Facebook Settings.

And from an Android device:

  1. Tap  in the top right of Facebook.
  2. Scroll down and tap Settings & privacy
  3. If Accounts Center is at the top of your Settings & privacy menu, you can delete your account through Accounts Center. If Accounts Center is at the bottom of your Settings & privacy menu, you can delete your account through your Facebook Settings.

We suggest one more step in addition to the ones above.

Remove your info from the data broker sites that sell it.

Here’s why you might want to do that … Given the way social media companies share info with third parties, there’s a chance your personal info might have made it onto one or several data broker sites. These sites buy and sell extensive lists of personal to anyone, which ranges anywhere from advertisers to spammers and scammers. 

If the thought of your personal info being bought and sold puts you off, there’s something you can do about it. Our Personal Data Cleanup service can scan some of the riskiest data broker sites and show you which ones are selling your personal info. It also provides guidance on how you can remove your data from those sites, and with select products, it can even manage the removal for you. ​

[i] https://www.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0

[ii] https://www.consumerreports.org/electronics/privacy/each-facebook-user-is-monitored-by-thousands-of-companies-a5824207467/

 

The post How to Delete Your Facebook Account appeared first on McAfee Blog.

How to Delete Your TikTok Account

By: Jasdev Dhaliwal

Thinking about deleting your TikTok account? We can show you how.

Before we get to that, you might be interested to find what kind of data TikTok collects about you — and how long TikTok keeps your account data, even after you delete it.

What does TikTok know about you?

For that, we turn to TikTok’s privacy policy page.[i] TikTok collects data just like practically any other social media platform, and the list of what they collect runs long. You can see a full list in their privacy policy, yet here are a few things you might want to know about. Per TikTok:

  • User-generated content, including comments, photographs, live streams, audio recordings, videos, text, hashtags, and virtual item videos that you choose to create with or upload to the Platform (“User Content”) and the associated metadata, such as when, where, and by whom the content was created. Even if you are not a user, information about you may appear in User Content created or published by users on the Platform.
  • Messages, which include information you provide when you compose, send, or receive messages through the Platform’s messaging functionalities. They include messages you send through our chat functionality when communicating with sellers who sell goods to you, and your use of virtual assistants when purchasing items through the Platform. That information includes the content of the message and information about the message, such as when it was sent, received, or read, and message participants.
  • Purchase information, including payment card numbers or other third-party payment information (such as PayPal) where required for the purpose of payment, and billing and shipping address. We also collect information that is required for extended warranty purposes and your transaction and purchase history on or through the Platform.
  • TikTok may also collect or receive information about you from organizations, businesses, people, and others, including, for example, publicly available sources, government authorities, professional organizations, and charity groups.
  • Advertisers, measurement, and other partners share information with us about you and the actions you have taken outside of the Platform, such as your activities on other websites and apps or in stores, including the products or services you purchased, online or in person. These partners also share information with us, such as mobile identifiers for advertising, hashed email addresses and phone numbers, and cookie identifiers, which we use to help match you and your actions outside of the Platform with your TikTok account.

So, TikTok knows the content you create, the content you appear in, and the messages you send (and the specific contents of those messages) — and potentially payment info and the people in your phone contacts. Additionally, it collects info on you from other sources and on any purchases you might have made through the platform.

What other data does TikTok collect?

The list continues. Once again, you can visit their privacy policy page for more details, yet here’s a partial rundown of other data they collect about you automatically. Per TikTok:

  • Location Data. We collect information about your approximate location, including location information based on your SIM card and/or IP address. In addition, we collect location information (such as tourist attractions, shops, or other points of interest) if you choose to add the location information to your User Content. Current versions of the app do not collect precise or approximate GPS information from U.S. users.
  • Image and Audio Information. We may collect information about the videos, images, and audio that are a part of your User Content, such as identifying the objects and scenery that appear, the existence and location within an image of face and body features and attributes, the nature of the audio, and the text of the words spoken in your User Content.
  • Metadata. When you upload or create User Content, you automatically upload certain metadata that is connected to the User Content. Metadata describes other data and provides information about your User Content that will not always be evident to the viewer. For example, in connection with your User Content, the metadata can describe how, when, where, and by whom the piece of User Content was created, collected, or modified and how that content is formatted. It also includes information, such as your account name, which enables other users to trace back the User Content to your user account.

How long does TikTok keep your data?

As for how long they keep all that data and info they collect, the answer is unclear. Per TikTok,

“We retain information for as long as necessary to provide the Platform and for the other purposes set out in this Privacy Policy. We also retain information when necessary to comply with contractual and legal obligations, when we have a legitimate business interest to do so (such as improving and developing the Platform and enhancing its safety, security, and stability), and for the exercise or defense of legal claims.” [ii]

The key phrases here are “as long as necessary” and “when necessary.” TikTok doesn’t set a specific period in its policy. In fact, TikTok goes on to say that the periods vary based on “different criteria, such as the type of information and the purposes for which we use the information.”

Now, onto the steps for deleting your TikTok account.

How to delete your TikTok account

  1. In the TikTok app, tap Profile at the bottom.
  2. Tap the Menu ☰ button at the top.
  3. Tap Settings and Privacy.
  4. Tap Account, then tap Deactivate or delete account, and follow the instructions to delete your account.
  5. Note that at this point you have the option to download your data (like your video posts), because you won’t have access to them once you delete your account. Make sure you download your data before you select Delete.

Note that TikTok provides a 30-day grace period once you delete your account. If you want to hop back onto the platform, you can simply reactivate your account during that period. All your info, data, and posts will be there. After those 30 days, you’ll no longer have access to them.

We suggest one more step in addition to the ones above.

  1. Remove your info from the data broker sites that sell it.

Here’s why you might want to do that … Given the way social media companies share info with third parties, there’s a chance your personal info might have made it onto one or several data broker sites. These sites buy and sell extensive lists of personal to anyone, which ranges anywhere from advertisers to spammers and scammers. 

If the thought of your personal info being bought and sold puts you off, there’s something you can do about it. Our Personal Data Cleanup service can scan some of the riskiest data broker sites and show you which ones are selling your personal info. It also provides guidance on how you can remove your data from those sites, and with select products, it can even manage the removal for you. ​

[i] https://www.tiktok.com/legal/page/row/privacy-policy/en

[ii] https://www.tiktok.com/legal/page/row/privacy-policy/en

 

 

 

The post How to Delete Your TikTok Account appeared first on McAfee Blog.

How to Reset Your Gmail Password After Being Hacked

By: Jasdev Dhaliwal

If you think your Gmail account’s been hacked, you’ll want to act. And act quickly.

The fact is that your email has all manner of personal info in there. Receipts, tax correspondence, medical info, and so on. With a hacked account, that info might get deleted, shared, or used against you for identity theft.

Luckily, Google has mechanisms in place to restore a hacked Gmail account. We’ll walk through the steps here — and a few others that can keep you secure in the long term after you have your account back.

What are signs that your Gmail account got hacked?

Several things can tip you off, including:

  • Discovering sent messages that you didn’t send.
  • Changes to the labels or filters that help organize your mail.
  • Updates to your security settings.
  • You can’t log into your account with your password.
  • Your account has been deleted entirely.

With varying degrees of certainty, those are some signs that your account has been hacked.

Also, many people have a Google Account linked with their Gmail password and login. Beyond email, that might include files in Google Drive, photos, a YouTube account, and other features that contain personal info. In those cases, that only increases the potential harm of a hacked account.

Additionally, services like Google Pay and Google Play complicate matters more in the event of a hacked account because they contain financial info.

If you see any unusual changes in those apps or services, that might be a sign of a hacked account as well.

What to do if you can’t access your Gmail account

If you think someone else has changed your password or deleted your account, head to Google’s account recovery page. It’ll take you through a multi-step process to restore your account.

With that, you’ll want to do some quick prep. First, do your best to begin the recovery process with a device that you typically use to access your account. Also, if possible, do it in a location where you typically access your account. This provides Google with identifiers that you are who you say you are.

After that, gather up your Gmail account passwords, old and current. The recovery page will ask for them, along with other questions. Do your best to answer each question the very best you can. There’s no penalty for a wrong answer and the more info you can provide, the better.

If you can access your Gmail account, but you think someone else is using it

If you can log into your account, yet worry it’s been hacked, take these steps:

  • Go to your Google Account login page at: https://myaccount.google.com/
  • In the menu, select Security -> Recent security events.
  • Look for any suspicious activity and mark the events “Yes” or “No” if you did or didn’t do them yourself.
  • Next, select Security -> Manage devices.
  • If you find a device that you don’t recognize: Select “Don’t recognize a device?” Then, follow the steps on the screen to help secure your account.
  • Lastly, select Security -> Your devices -> Manage all devices.
  • Select any unfamiliar device and then sign it out.

Next, run a virus scan on your device. Your password might have gotten compromised in one of several ways, including malware. This can remove any malware that might be spying on your device (and your passwords).

At this point, create a new password that’s strong and unique. Use at least 14 characters using a mix of upper- and lowercase letters, symbols, and numbers. Or have a password manager do that work for you.

And finally, set two-factor verification on your account if you aren’t already using it. This makes your account far tougher to hack, as two-factor verification requires a unique code to log in. One that only you receive. And just like with your password, never share your unique code. Anyone asking for it is a scammer.

Looking ahead: Ways you can prevent your Gmail account from getting hacked

By taking the steps we just covered, you’ve done two important things that can protect you moving forward. One is setting up a strong, unique password. The second is using two-factor verification.

The next thing is to get comprehensive online protection in place. Protection like you’ll find in our McAfee+ plans offers several features that can keep you and your accounts safe.

Once again, your password got compromised one way or another. It could have been spyware on your device. It could have been a phishing attack. It could have been a data breach. The list goes on. However, we refer to it as comprehensive online protection because it’s exactly that. In addition to antivirus, our McAfee+ plans have dozens of features that can protect your devices, identity, and privacy.

For example:

  • It has the password manager we mentioned above, which can protect all your accounts online with strong, unique passwords.
  • Our multi-award-winning antivirus detects and removes malware that tries to steal your personal info.
  • It also has protections against phishing attacks and against websites that try to steal passwords and personal info — like our Text Scam Detector and Web Protection.
  • Our McAfee+ plans also have identity monitoring, so if your accounts or personal info crop up on the dark web, you’ll get notified.
  • And our plans also include Online Account Cleanup. It scans for accounts you no longer use and helps you delete them, along with your personal info, so you’re less exposed to data breaches.

Recovering from a hacked Gmail account

The important thing is this: if you think your Gmail account got hacked, act quickly. You might have much more than just your email linked to that account. Files, photos, and finances might be tied to it as well.

Even if something looks just slightly off, act as if your account got hacked. Log in, change your password, establish two-step verification if you haven’t, and take the other steps mentioned above. Above and beyond your email and all the personal info packed in there, your account can give a hacker access to plenty more.

The post How to Reset Your Gmail Password After Being Hacked appeared first on McAfee Blog.

What Are the 6 Types of Identity Theft

By: Jasdev Dhaliwal

You crack open your credit card statement and something seems … off. Maybe it’s a couple of small online purchases that make you think, “Hmm, that’s strange.” Or maybe a statement shows up in your mailbox — one for a card that you don’t own at all. That calls for a huge “What the heck???” Sure enough, you’re looking at cases of identity fraud and theft.

And there’s a difference between identity fraud and identity theft. It’s subtle. And because of that, they often get used interchangeably. Each one can really sting but in different ways.

Identity fraud is…

  • When someone steals your personal info to tap into an account you already have.
  • Examples:
    • A crook gets hold of your debit card info from a data breach and buys a video game console with it.
    • You fall victim to a phishing attack while buying concert tickets. The crooks bundle up your credit card info with the info from thousands of other victims. Then they sell it on the dark web.

Identity theft is…

  • When someone uses your personal info to open new accounts in your name — or impersonates you in other ways.
  • Examples:
    • A crook uses your personal info to open a new line of credit at a furniture store under your name and buys a couple of massaging recliners with it.
    • A criminal uses your Social Security Number (SSN) to create a driver’s license with their likeness but with your name and personal info.

So, put simply, identity fraud involves stealing from an existing account. Identity theft means that someone used your personal info to impersonate you in some way, such as opening new accounts in your name.

Top forms of identity theft and fraud

Each year, the U.S. Federal Trade Commission (FTC) publishes a data book that collects consumer reports of fraud, identity theft, and other similar crimes. Using the most recent data from the FTC, we can plot what the top forms of identity theft and fraud look like.

Credit cards

By far the top form of identity theft and fraud. As mentioned in the examples above, these can include crooks who string out several small purchases over time. All in the hope that the cardholder will overlook it. It can also include a one-whopper of a purchase for a big-ticket item. Here, the crook knows the card will likely get canceled quickly afterward. It’s a one-and-done deal.

Loans and leases

Second, we have loans and leases. This can range from student loans, personal loans, and auto loans, and to real estate rentals as well. Common across them all is someone impersonating you to take them out or tap into their funds in some way.

Bank accounts

Here, the creation of totally new accounts leads the way in this category. As we described above, that’s a form of identity theft. Yet identity fraud accounts for a noticeable chuck, which includes account takeovers. In these cases, crooks siphon off funds via debit cards, Electronic Funds Transfer (ETF), and other forms of withdrawal and transfer.

ID and government benefits

This covers cases where crooks use stolen personal info to get IDs. That includes driver’s licenses, passports, and other government documentation. Further, this category also encompasses the theft of government-issued benefits ranging from medical assistance to veteran’s pay.

Tax returns

While all forms of identity theft and fraud can pack a punch, this type hits particularly hard because it involves your SSN. Around tax time, scammers with access to SSNs will file bogus returns, all with the aim of claiming the refund for themselves.

Utilities

Largely, this involves people buying cell phones and opening new mobile accounts along with them. Yet it also includes people opening other utilities in other people’s names. Indeed, crooks will scam their way into getting free electricity, water, gas, and yes…cable TV.

Other important forms of identity theft and fraud to keep in mind

Although these forms don’t top the list in terms of reports, they still bear mentioning. They’re serious enough, and they can go undetected for some time before their victims find out.

Medical identity theft

In this form, an imposter receives care, medications, or medical devices in someone else’s name. They might pass off phony documentation to the care provider involved, the insurance company that pays for the care, or a combination of the two. A few things can happen as a result. It can impact the care you can get and the benefits you can use. In extreme cases, the thief’s health info can get mixed in with yours and impact your care. Medical identity theft is a good reason to closely review all the medical and insurance statements you get.

Child identity theft

Imagine your child about to rent a first apartment. The property management company runs a credit check, only to find a horrendous credit rating. But how? An identity thief has been using your child’s identity for years now. After all, what parent thinks, “I really should run a credit report on my kindergartener.” And that’s fair. However, signing up your child for identity is a sound move. It can help spot if your child’s identity got stolen.

Steps to take if you suspect that you’re the victim of identity theft

1) Notify the companies and institutions involved and consider a credit freeze.

Whether you spot a curious charge on your bank statement or you discover what looks like a fraudulent account in your credit monitoring service, let the bank or business involved know you suspect fraud. With a visit to their website, you can track down the appropriate number to call and get the investigation process started.

In the meantime, consider putting a security freeze in place. A security freeze service prevents others from opening new credit, bank, and utility accounts in your name.​ It won’t hit your credit score, and you can unfreeze it when needed. You’ll find this feature in our McAfee+ plans as well.

2) File a police report.

Some businesses will require you to file a local police report to acquire a case number to complete your claim. Beyond that, filing a report is still a good idea. Identity theft is still theft, and reporting it provides an official record of it.

Should your case of identity theft lead to someone impersonating you or committing a crime in your name, filing a police report right away can help you clear your name down the road. Likewise, save any evidence you have, such as statements or documents associated with the theft. They can help you clean up your record as well.

3) Contact the Federal Trade Commission (FTC).

The FTC’s identity theft website is a fantastic resource should you find yourself in need. Above and beyond simply reporting the theft, the FTC can provide you with a step-by-step recovery plan—and even walk you through the process if you create an account with them. Additionally, reporting theft to the FTC can prove helpful if debtors come knocking to collect on any bogus charges in your name. You can provide them with a copy of your FTC report and ask them to stop.

4) Contact the IRS, if needed.

If you receive a notice from the IRS that someone used your identity to file a tax return in your name, follow the information provided by the IRS in the notice. From there, you can file an identity theft affidavit with the IRS. If the notice mentions that you were paid by an employer you don’t know, contact that employer as well and let them know of possible fraud — namely that someone has stolen your identity and that you don’t truly work for them.

Also, be aware that the IRS has specific guidelines as to how and when they will contact you. As a rule, they will most likely contact you via physical mail delivered by the U.S. Postal Service. (They won’t call, nor will they call and apply harassing pressure tactics — only scammers do that.) Identity-based tax scams are a topic all of their own, and for more on it, you can check out this article on tax scams and how to avoid them.

5) Continue to monitor your credit report, invoices, and statements.

Another downside of identity theft is that it can mark the start of a long, drawn-out affair. One instance of theft can possibly lead to another, so even what may appear to be an isolated bad charge on your credit card calls for keeping an eye on your identity. Many of the tools you would use up to this point still apply, such as checking up on your credit reports, maintaining fraud alerts as needed, in addition to reviewing your accounts closely.

Several features in our McAfee+ plans can do this work, and quite a bit more, for you:

  • Credit Monitoring helps you keep an eye on changes to your credit score, report, and accounts with timely notifications. Spot something unusual? It offers guidance so you can tackle identity theft.
  • Identity Monitoring checks the dark web for your personal info, including email, government IDs, credit card and bank account numbers, and more. If any of it shows up on the dark web, it sends you an alert with guidance that can help protect you from identity theft.
  • Our online protection software also offers several transaction monitoring features. They track transactions on credit cards and bank accounts — shooting you a notice if unusual activity occurs. They also track retirement accounts, investments, and loans for questionable transactions. Finally, further features can help prevent a bank account takeover and keep others from taking out short-term payday loans in your name.
  • And finally, should the unexpected happen, our Identity Theft Coverage & Restoration can get you on the path to recovery. It offers up to $2 million in coverage for legal fees, travel, and funds lost because of identity theft. Further, a licensed recovery pro can do the work for you, taking the necessary steps to repair your identity and credit.

The post What Are the 6 Types of Identity Theft appeared first on McAfee Blog.

10 Quick Tips for Mobile Security

By: Jasdev Dhaliwal

All day long, it’s almost always within arm’s reach. Your smartphone. And we rely on it plenty. That makes securing your phone so important. Good thing that some of the best tips for making your phone safer are also some of the easiest.

Here’s a quick rundown:

Ten quick tips for mobile security

1. Lock your phone.

Locking your phone is one of the most basic smartphone security measures you can take. Trouble is, few of us do it. Our recent global research showed that only 56% of adults said that they protect their smartphone with a password, passcode, or other form of lock.[i] In effect, an unlocked phone is an open book to anyone who finds or steals a phone.

Setting up a lock screen is easy. It’s a simple feature found on iOS and Android devices. iPhones and Androids have an auto-lock feature that locks your phone after a certain period of inactivity. Keep this time on the low end, one minute or less, to help prevent unauthorized access.

We suggest using a six-digit PIN or passcode rather than using a gesture to unlock your phone. They’re more complex and secure. Researchers proved as much with a little “shoulder surfing” test. They looked at how well one group of subjects could unlock a phone after observing the way another group of subjects unlocked it.[ii]

2. Turn on “Find My Phone.”

Another powerful tool you have at your disposal is the Find My Phone feature made possible thanks to GPS technology. The “find my” feature can help you pinpoint your phone if your lost or stolen phone has an active data or Wi-Fi connection and has its GPS location services enabled. Even if the phone gets powered down or loses connection, it can guide you to its last known location.

Setting up this feature is easy. Apple offers a comprehensive web page on how to enable and use their “Find My” feature for phones (and other devices too). Android users can get a step-by-step walkthrough on Google’s Android support page as well.

3. Learn how to remotely track, lock or erase your phone.

In the event of your phone getting lost or stolen, a combination of device tracking, device locking, and remote erasing can help protect your phone and the data on it.

Different device manufacturers have different ways of going about it. But the result is the same — you can prevent others from using your phone, and even erase it if you’re truly worried that it’s in the wrong hands or gone for good. Apple provides iOS users with a step-by-step guide, and Google offers up a guide for Android users as well.

4. Back up your stuff in the cloud.

Thanks to cloud storage, you might be able to recover your photos, files, apps, notes, contact info, and more if your phone is lost or stolen. Android owners can learn how to set up cloud backup with Google Drive here, and iPhone users can learn the same for iCloud here.

5. Update your phone’s operating system and apps.

Keep your phone’s operating system up to date. Updates can fix vulnerabilities that hackers rely on to pull off their malware-based attacks — it’s another tried-and-true method of keeping yourself safer and your phone running great too.

The same goes for the apps on your phone. Ideally, set them up to update automatically so that you don’t have to take extra time to do it yourself. Also, look for opportunities to delete old apps and any data linked with them. Fewer apps on your phone means fewer vulnerabilities. And less data in fewer places can reduce your exposure to data breaches.

6. Stick with official app stores.

Legitimate app stores like Google Play and Apple’s App Store have measures in place that help ensure that apps are safe and secure. And for the malicious apps that sneak past these processes, Google and Apple are quick to remove them once discovered, making their stores that much safer. Meanwhile, third-party app stores might not have these measures in place. Further, they might be a front for hackers looking to spread mobile malware through malicious apps.

7. Go with a strong app recommendation.

Yet better than combing through user reviews yourself is getting a recommendation from a trusted source, like a well-known publication or from app store editors themselves. In this case, much of the vetting work has been done for you by an established reviewer. A quick online search like “best fitness apps” or “best apps for travelers” should turn up articles from legitimate sites that can suggest good options and describe them in detail before you download.

That’s not to say that you should overlook user reviews. Certainly, legitimate reviews can be a big help. Look closely at the listing, though. Check out the developer’s track record. Have they published several other apps with many downloads and good reviews? A legit app typically has quite a few reviews, whereas malicious apps may have only a handful of (phony) five-star reviews. Lastly, look for typos and poor grammar in both the app description and screenshots. They could be a sign that a hacker slapped the app together and quickly deployed it.

8. Keep an eye on app permissions.

Another way hackers weasel their way into your device is by getting permissions to access things like your location, contacts, and photos — and they’ll use sketchy apps to do it. So check and see what permissions the app is requesting. If it’s asking for way more than you bargained for, like a simple game wanting access to your camera or microphone, it might be a scam.

Delete the app and find a legitimate one that doesn’t ask for invasive permissions. If you’re curious about permissions for apps that are already on your phone, iPhone users can learn how to allow or revoke app permission here, and Android can do the same here.

9. Spot scam texts and their bad links.

Scam texts seem like an unfortunate fact of life. Scammers can blast thousands of phones with texts that contain links to phishing sites and to others that host malware. Our Text Scam Detector puts a stop to scams before you click — detecting any suspicious links and sending you an alert. And if you accidentally tap that bad link, it can still block the site for you.

10. Protect your smartphone with security software.

With all that we do on our phones, it’s important to get security software installed on them, just like we install it on our computers and laptops. Whether you go with comprehensive online protection software that secures all your devices or pick up an app in Google Play or Apple’s App Store, you’ll have malware, web, and device security that’ll help you stay safe on your phone.

[i] https://www.mcafee.com/content/dam/consumer/en-us/docs/reports/rp-connected-family-study-2022-global.pdf

[ii] https://arxiv.org/abs/1709.04959

 

The post 10 Quick Tips for Mobile Security appeared first on McAfee Blog.

How to Spot Fake Login Pages 

By: Jasdev Dhaliwal

Have you ever come across a website that just didn’t look quite right? Perhaps the company logo looked slightly misshapen, or the font seemed off-brand. Odds are, you landed on a phony version of a legitimate corporation’s website—a tried and true tactic relied on by many cyber criminals.  

Fake Login Pages Explained  

A fake login page is essentially a knock-off of a real login page used to trick people into entering their login credentials, which hackers can later use to break into online accounts. These websites mirror legitimate pages by using company logos, fonts, formatting, and overall templates. Depending on the attention to detail put in by the hackers behind the imposter website, it can be nearly impossible to distinguish from the real thing. Consequentially, fake login pages can be highly effective in their end goal: credential theft.  

How do these pages get in front of a consumer in the first place? Typically, scammers will target unsuspecting recipients with phishing emails spoofing a trusted brand. These emails may state that the user needs to reset their password or entice them with a deal that sounds too good to be true. If the consumer clicks on the link in the email, they will be directed to the fake login page and asked to enter their username and password. Once they submit their information, cybercriminals can use the consumer’s data to conduct credential-stuffing attacks and hack their online profiles. This could lead to credit card fraud, data extraction, wire transfers, identity theft, and more. 

Why Fake Login Pages Are Effective  

If you Google “fake login pages,” you will quickly find countless guides on how to create fake websites in seconds. Ethical concerns aside, this demonstrates just how common vector-spoofed websites are for cyberattacks. While it has been easier to distinguish between real and fake login pages in the past, criminals are constantly updating their techniques to be more sophisticated, therefore making it more difficult for consumers to recognize their fraudulent schemes.  

One reason why fake login pages are so effective is due to inattentional blindness, or failure to notice something that is completely visible because of a lack of attention. One of the most famous studies on inattentional blindness is the “invisible gorilla test.” In this study, participants watched a video of people dressed in black and white shirts passing basketballs. Participants were asked to count the number of times the team in white passed the ball: 

Because participants were intently focused on counting the number of times the players in white passed the ball, more than 50% failed to notice the person in the gorilla costume walking through the game. If this is the first time you’ve seen this video, it’s likely that you didn’t notice the gorilla, the curtain changing color from red to gold, or the player in black leaving the game. Similarly, if you come across a well-forged login page and aren’t actively looking for signs of fraud, you could inherently miss a cybercriminal’s “invisible gorilla.” That’s why it’s crucial for even those with phishing training to practice caution when they come across a website asking them to take action or enter personal details.  

How to Steer Clear of Fake Login Pages  

The most important defense against steering clear of fake login pages is knowing how to recognize them. Follow these tips to help you decipher between a legitimate and a fake website:  

1. Don’t fall for phishing  

Most fake login pages are circulated via phishing messages. If you receive a suspicious message that asks for personal details, there are a few ways to determine if it was sent by a phisher aiming to steal your identity. Phishers often send messages with a tone of urgency, and they try to inspire extreme emotions such as excitement or fear. If an unsolicited email urges you to “act fast!” slow down and evaluate the situation. 

2. Look for misspellings or grammatical errors  

Oftentimes, hackers will use a URL for their spoofed website that is just one character off from the legitimate site, such as using “www.rbcr0yalbank.com” versus “www.rbcroyalbank.com.” Before clicking on any website from an email asking you to act, hover over the link with your cursor. This will allow you to preview the URL and identify any suspicious misspellings or grammatical errors before navigating to a potentially dangerous website. 

3. Ensure the website is secured with HTTPS 

HTTPS, or Hypertext Transfer Protocol Secure, is a protocol that encrypts your interaction with a website. Typically, websites that begin with HTTPS and feature a padlock in the top left corner are considered safer. However, cybercriminals have more recently developed malware toolkits that leverage HTTPS to hide malware from detection by various security defenses. If the website is secured with HTTPS, ensure that this isn’t the only way you’re analyzing the page for online safety.  

4. Enable multi-factor authentication 

Multi-factor authentication requires that users confirm a collection of things to verify their identity—usually something they have, and a factor unique to their physical being—such as a retina or fingerprint scan. This can prevent a cybercriminal from using credential-stuffing tactics (where they will use email and password combinations to hack into online profiles) to access your network or account if your login details were ever exposed during a data breach.  

5. Sign up for an identity theft alert service 

An identity theft alert service warns you about suspicious activity surrounding your personal information, allowing you to jump to action before irreparable damage is done. McAfee+ not only keeps your devices safe from viruses but gives you the added peace of mind that your identity is secure, as well.  

The post How to Spot Fake Login Pages  appeared first on McAfee Blog.

How to Talk to Your Grandparents About Staying Safe Online

By: Jasdev Dhaliwal

Reports filed with the U.S. Federal Trade Commission (FTC) put the risks in perspective — scammers squarely target older adults. In 2023, adults aged 60 and up filed over one-third of all fraud reports. Their reported losses? Close to $2 billion.

While scammers target all age groups, older adults offer them a particular advantage. Technology and everyday internet use came along later in their lives. They didn’t grow up with it like the rest of us did, making them less familiar with technology and more susceptible to attack. Moreover, their lifetime savings, home ownership, and retirement accounts make them attractive targets.

That’s much the case with our grandparents today. It’s little wonder hackers, scammers, and thieves go after them.

Figures courtesy of the FTC

However, your grandparents have a big advantage working in their favor. You.

A chat with your grandparents can keep them safer online

Your knowledge, your expertise, and your overall comfort level with technology and the internet can help them steer clear of fraud. Have a chat about staying safe online. Or have a few chats over time. The advice you pass up can make all the difference.

Here are a few ways you can start:

  1. Talk about the latest online scams.  

As the year rolls on, so do the scams. Every scam has its season, from tax scams early in the year to shopping scams during the holidays. Current events play in too. In the wake of natural disasters, phony relief scams make the rounds on the internet. Encourage your grandparents to keep an eye on the news for the latest online scams so they have a better chance of recognizing fraudulent activity. Or better yet, give them a call when you get word of a new data breach or scam.

  1. Show them how to think like a cybercriminal. 

The secret to beating cybercriminals at their own game is to think like one. Encourage your grandparents to consider what can make them targets. Perhaps they have large retirement funds. Maybe their online bank account is secured with a password that they use for multiple online accounts. Have them think about how they’ve made it easier for a crook to take advantage of them. From there, they can tighten up their security as needed. A tool like our Protection Score can do this for them. It stops weak points and offers solutions for shoring them up.

  1. Strengthen their passwords. 

Each account should get its own strong, unique password. Which is a lot of work, given all the accounts we keep. A password manager can help. It creates and securely stores strong, unique passwords for every account. (No more sticky notes with passwords on the monitor.)

Also, help them set up two-factor authentication on their accounts that offer it. It provides an extra layer of security, as it requires multiple forms of verification, such as a fingerprint scan or facial recognition. This, with strong, unique passwords, makes accounts terrifically tough to crack.

  1. Show them how to spot phishing scams.

Hackers, scammers, and thieves all use phishing attacks to rope in victims. And today, they look increasingly convincing thanks to AI tools. And as we’ve covered here on our blocks, scammers can easily clone voices  —  even faces—on calls and video chats. Plenty more phishing attacks come by text, email, and phone calls. This is where your grandparents need to get savvy.

If they receive an email that appears to be from a business or even a family member, but they are asking them for their Social Security Number, passwords, or money, stop and think. Don’t click on anything or take any direct action from the message. Instead, go straight to the organization’s website and verify that the message is legitimate with customer service. If the message claims to be from a family member asking for financial help, contact them directly to ensure it’s not a scammer in disguise. In all, make sure they show great caution any time a seemingly “urgent” email, message, or call comes their way. Urgency is often a sign of a scam.

  1. Set them up with comprehensive online protection.

Today’s online protection goes far beyond antivirus. It protects people. Their devices, their identity, and their privacy.

Comprehensive online protection like our McAfee+ plans keep them safe from hackers, scammers, and thieves in several ways. Consider this short list of what comprehensive online protection like ours can do for your grandparents:

Scam Protection

Is that email, text, or message packing a scam link? Our scam protection lets your grandparents know before they click that link. It uses AI to sniff out bad links. And if they click or tap on one, no worries. It blocks links to malicious sites.

Web protection

Like scam protection, our web protection sniffs out sketchy links while they browse. So say they stumble across a great-looking offer in a bed of search results. If it’s a link to a scam site, they’ll spot it. Also like scam protection, it blocks the site if they accidentally hit the link.

Transaction Monitoring

This helps them nip fraud in the bud. Based on the settings they provide, transaction monitoring keeps an eye out for unusual activity on credit and debit cards. That same monitoring can extend to retirement, investment, and loan accounts as well. It can further notify them if someone tries to change the contact info on their bank accounts or take out a short-term loan in their name.

Credit Monitoring

This is an important thing to do in today’s password- and digital-driven world. Credit monitoring uncovers any inconsistencies or outright instances of fraud in credit reports. Then it helps put your grandparents on the path to setting them straight. It further keeps an eye on their credit reports overall by providing you with notifications if anything changes in their history or score.

Personal Data Cleanup

This provides your grandparents with another powerful tool for protecting their privacy. Personal Data Cleanup removes their personal info from some of the sketchiest data broker sites out there. And they’ll sell those lines and lines of info about them to anyone. Hackers and spammers included. Personal Data Cleanup scans data broker sites and shows which ones are selling their personal info. From there, it provides guidance for removing your data from those sites. Further, when part of our McAfee+ Advanced and Ultimate, it sends requests to remove their data automatically.

Identity Theft Coverage & Restoration

Say the unfortunate happens to your grandparents and they fall victim to identity theft. Our coverage and restoration plan provides up to $2 million in lawyer fees and reimbursement for lawyer fees and stolen funds. Further, a licensed expert can help them repair their identity and credit. In all, this saves them money and their time if theft happens.

The post How to Talk to Your Grandparents About Staying Safe Online appeared first on McAfee Blog.

How to Spot Phishing Lures

By: Jasdev Dhaliwal

Phishing attacks have all kinds of lures. And many are so tried and true that it makes them easy to spot.

The target of a phishing attack is you. More specifically, your personal info and your money. Whether a scammer reaches out by email, with a text, or through a direct message, that’s what they’re after. And with a link, they whisk you off to a sketchy site designed to take them from you.

Just how much phishing is going on? To date, we’ve identified more than half a billion malicious sites out there. A number that grows daily. Because these attacks often succeed. One big reason why — they play on people’s emotions.

Phishing attacks always involve a form of “social engineering,” which is an academic way of saying that scammers use manipulation in their attacks. Commonly, scammers pretend to be a legitimate person or business.

You can get a better idea of how this works by learning about some of the most popular scams circulating today:

The CEO Scam

This scam appears as an email from a leader in your organization, asking for highly sensitive info like company accounts, employee salaries, and Social Security numbers. The hackers “spoof”, or fake, the boss’ email address so it looks like a legitimate internal company email. That’s what makes this scam so convincing — the lure is that you want to do your job and please your boss. But keep this scam in mind if you receive an email asking for confidential or highly sensitive info. Ask the apparent sender directly whether the request is real before acting.

The Urgent Email Attachment

Phishing emails that try to trick you into downloading a dangerous attachment that can infect your computer and steal your private info have been around for a long time. This is because they work. You’ve probably received emails asking you to download attachments confirming a package delivery, trip itinerary, or prize. They might urge you to “respond immediately!” The lure here is offering you something you want and invoking a sense of urgency to get you to click.

The “Lucky” Text or Email

How fortunate! You’ve won a free gift, an exclusive service, or a great deal on a trip to Las Vegas. Just remember, whatever “limited time offer” you’re being sold, it’s probably a phishing scam designed to get you to give up your credit card number or identity info. The lure here is something free or exciting at what appears to be little or no cost to you.

The Romance Scam

This one can happen completely online, over the phone, or in person after contact is established. But the romance scam always starts with someone supposedly looking for love. The scammer often puts a phony ad online or poses as a friend-of-a-friend on social media and contacts you directly. But what starts as the promise of love or partnership, often leads to requests for money or pricey gifts. The scammer will sometimes spin a hardship story, saying they need to borrow money to come visit you or pay their phone bill so they can stay in touch. The lure here is simple — love and acceptance.

How to avoid phishing attacks

While you can’t outright stop phishing attacks from making their way to your computer or phone, you can do several things to keep yourself from falling for them. Further, you can do other things that might make it more difficult for scammers to reach you.

  • Pause and think about the message for a minute.

The content and the tone of the message can tell you quite a lot. Threatening messages or ones that play on fear are often phishing attacks, such as angry messages from a so-called tax agent looking to collect back taxes. Other messages will lean heavily on urgency, like a phony overdue payment notice. And during the holidays, watch out for loud, overexcited messages about deep discounts on hard-to-find items. Instead of linking you to a proper e-commerce site, they might link you to a scam shopping site that does nothing but steal your money and the account info you used to pay them. In all, phishing attacks indeed smell fishy. Slow down and review that message with a critical eye. It might tip you off to a scam.

  • Deal directly with the company or organization in question.

Some phishing attacks can look rather convincing. So much so that you’ll want to follow up on them, like if your bank reports irregular activity on your account or a bill appears to be past due. In these cases, don’t click on the link in the message. Go straight to the website of the business or organization in question and access your account from there. Likewise, if you have questions, you can always reach out to their customer service number or web page.

  • Consider the source.

When scammers contact you via social media, that can be a tell-tale sign of a scam. Consider, would an income tax collector contact you over social media? The answer there is no. For example, in the U.S. the Internal Revenue Service (IRS) makes it clear that they will never contact taxpayers via social media. (Let alone send angry, threatening messages.) In all, legitimate businesses and organizations don’t use social media as a channel for official communications. They’ve accepted ways they will, and will not, contact you. If you have any doubts about a communication you received, contact the business or organization in question directly. Follow up with one of their customer service representatives.

  • Don’t download attachments. And most certainly don’t open them.

Some phishing attacks involve attachments packed with malware, like ransomware, viruses, and keyloggers. If you receive a message with such an attachment, delete it. Even if you receive an email with an attachment from someone you know, follow up with that person. Particularly if you weren’t expecting an attachment from them. Scammers often hijack or spoof email accounts of everyday people to spread malware.

  • Hover over links to verify the URL.

On computers and laptops, you can hover your cursor over links without clicking on them to see the web address. Take a close look at the addresses the message is using. If it’s an email, look at the email address. Maybe the address doesn’t match the company or organization at all. Or maybe it looks like it almost does, yet it adds a few letters or words to the name. This marks yet another sign that you might have a phishing attack on your hands. Scammers also use the common tactic of a link shortener, which creates links that almost look like strings of indecipherable text. These shortened links mask the true address, which might indeed be a link to a scam site. Delete the message. If possible, report it. Many social media platforms and messaging apps have built-in controls for reporting suspicious accounts and messages.

  • Go with who you know.

On social media and messaging platforms, stick to following, friending, and messaging people who you really know. As for those people who contact you out of the blue, be suspicious. Sad to say, they’re often scammers canvassing these platforms for victims. Better yet, where you can, set your profile to private, which makes it more difficult for scammers to select and stalk you for an attack.

  • Remove your personal info from sketchy data broker sites.

How’d that scammer get your phone number or email address anyway? Chances are, they pulled that info off a data broker site. Data brokers buy, collect, and sell detailed personal info, which they compile from several public and private sources, such as local, state, and federal records, plus third parties like supermarket shopper’s cards and mobile apps that share and sell user data. Moreover, they’ll sell it to anyone who pays for it, including people who’ll use that info for scams. You can help reduce those scam texts and calls by removing your info from those sites. Our Personal Data Cleanup scans some of the riskiest data broker sites and shows you which ones are selling your personal info.

  • Use online protection software.

Online protection software can protect you in several ways. First, it can offer web protection features that can identify malicious links and downloads, which can help prevent clicking them. Further, features like our web protection can steer you away from dangerous websites and block malware and phishing sites if you accidentally click on a malicious link. Additionally, our Scam Protection feature warns you of sketchy links in emails, texts, and messages. And overall, strong virus and malware protection can further block any attacks on your devices. Be sure to protect your smartphones in addition to your computers and laptops as well, particularly given all the sensitive things we do on them, like banking, shopping, and booking rides and travel.

The post How to Spot Phishing Lures appeared first on McAfee Blog.

How to Secure Your Digital Wallet

By: Jasdev Dhaliwal

Tapping your phone at the cash register makes for a smooth trip to the store. Far smoother than fumbling for your card at the checkout or dealing with a bunch of change. That’s the beauty of the digital wallet on your phone. And with that convenience comes something plenty important — keeping that digital wallet secure.

All the personal info, photos, and banking apps we already have on our phones already make them plenty valuable. A digital wallet makes them that much more valuable.

A few steps can keep your phone and digital wallet more secure. Further, other steps can protect your cards and identity if that phone gets lost or stolen.

Let’s start with a look at how digital wallets work.

What is a digital wallet?

For starters, digital wallets work much like a physical wallet. Through service apps like Apple Pay, Google Pay, Samsung Pay, PayPal, and others, you can store various payment types. That includes debit cards, credit cards, gift cards, and bank accounts.

The transaction is highly secure in general. When you use your digital wallet to make a purchase, the app creates a random ID for the transaction. It uses that ID rather than your actual account number to keep things secure. Encryption technology keeps things safer still by scrambling info during the process.

A digital wallet is safe, as long as you guard your smartphone just as closely as you would your physical wallet.

Here’s why you should secure your digital wallet and three tips to help you do so.

Tips to protect your digital wallet

  1. Use a lock screen on your phone.

Fewer people use a lock screen than you might think. A finding from our global research showed that only 56% of adults said that they protect their smartphone with a password or passcode.[i] The problem with going unlocked is that if the phone gets lost or stolen, you’ve handed over a large part of your digital life to a thief. Setting up a lock screen is easy. It’s a simple feature found on iOS and Android devices.

  1. Set a unique passcode for your wallet.

Always protect your digital wallet with a lock, whether a unique passcode, fingerprint scan, or facial ID. This is the best and easiest way to deter cybercriminals. If you use a numerical code, make it different from the passcode on your phone. Also, make sure the numbers are random. Birthdays, anniversaries, house addresses, and the last digits of your phone number are all popular combinations and are crackable codes to a resourceful criminal.

  1. Update your apps and operating system regularly.

Another way to secure your digital wallet is to make sure you always download the latest software updates. Developers are constantly finding and patching security holes, so the most up-to-date software is often the most secure. Turn on automatic updates to ensure you never miss a new release.

  1. Download digital wallet apps directly from official websites 

Before you swap your plastic cards for digital payment methods, ensure you research the digital banking app before downloading. Also, ensure that any app you download is through the official Apple or Android store or the financial institution’s official website. Then, check out how many downloads and reviews the app has. That’s one way you can make sure you’re downloading an official app and not an imposter. While most of the apps on official stores are legitimate, it’s always smart to check for typos, blurry logos, and unprofessional app descriptions.

  1. Learn how to remotely lock or erase a smartphone.

So what happens if your phone ends up getting lost or stolen? A combination of device tracking, device locking, and remote erasing can help protect your phone and the data on it. Different device manufacturers have different ways of going about it, but the result is the same — you can prevent others from using your phone. You can even erase it if you’re truly worried that it’s in the wrong hands or if it’s gone for good. Apple provides iOS users with a step-by-step guide, and Google offers up a guide for Android users as well.

Protection for your phone all around

No doubt about it. Our phones get more and more valuable as the years go by. With an increasing amount of our financial lives coursing through them, protecting our phones becomes that much more important.

Comprehensive online protection like our McAfee+ plans can protect your phone. And it can protect something else. You. Namely, your privacy and your identity. Here’s a quick rundown: It can …

  • Block sketchy links in texts, emails, and messages.
  • Block yet more sketchy links in search, while surfing, and on social media.
  • Protect your identity in the ways mentioned above by keeping tabs on your credit and accounts.
  • Protect your privacy by removing your personal info from shady data broker sites.
  • Make you more private still by locking down your privacy settings on social media.
  • Help you restore your credit and identity with $2 million in identity theft coverage.
  • Also help you cancel and replace lost or stolen cards, like IDs, credit cards, and debit cards.

Protection like this is worth looking into, particularly as our phones become yet more valuable still thanks to digital wallets and payment apps like them.

[i] https://www.mcafee.com/content/dam/consumer/en-us/docs/reports/rp-connected-family-study-2022-global.pdf

 

The post How to Secure Your Digital Wallet appeared first on McAfee Blog.

How to Recognize a Phishing Email

By: Jasdev Dhaliwal

How do you recognize phishing emails and texts? Even as many of the scammers behind them have sophisticated their attacks, you can still pick out telltale signs.

Common to them all, every phishing is a cybercrime that aims to steal your sensitive info. Personal info. Financial info. Other attacks go right for your wallet by selling bogus goods or pushing phony charities.

You’ll find scammers posing as major corporations, friends, business associates, and more. They might try to trick you into providing info like website logins, credit and debit card numbers, and even precious personal info like your Social Security Number.

How do you spot a phishing message?

Phishing scammers often undo their own plans by making simple mistakes that are easy to spot once you know how to recognize them. Check for the following signs of phishing when you open an email or check a text:

It’s poorly written.

Even the biggest companies sometimes make minor errors in their communications. Phishing messages often contain grammatical errors, spelling mistakes, and other blatant errors that major corporations wouldn’t make. If you see glaring grammatical errors in an email or text that asks for your personal info, you might be the target of a phishing scam.

The logo doesn’t look right.

Phishing scammers often steal the logos of the businesses they impersonate. However, they don’t always use them correctly. The logo in a phishing email or text might have the wrong aspect ratio or low resolution. If you have to squint to make out the logo in a message, the chances are that it’s phishing.

The URL doesn’t match.

Phishing always centers around links that you’re supposed to click or tap. Here are a few ways to check whether a link someone sent you is legitimate:

  • On computers and laptops, you can hover your cursor over links without clicking on them to see the web address. On mobile devices, you can carefully check the address by holding down the link (not tapping it).
  • Take a close look at the addresses the message is using. If it’s an email, look at the email address. Often, phishing URLs contain misspellings. Maybe the address doesn’t match the company or organization at all. Or maybe it looks like it almost does, yet it adds a few letters or words to the name. This marks yet another sign that you might have a phishing attack on your hands.
  • Scammers also use the common tactic of a link shortener, which creates links that almost look like strings of indecipherable text. These shortened links mask the true address, which might indeed be a link to a scam site. Delete the message. If possible, report it. Many social media platforms and messaging apps have built-in controls for reporting suspicious accounts and messages.

What kind of phishing scams are there?

You can also spot a phishing attack when you know what some of the most popular scams are:

The CEO Scam

This scam appears as an email from a leader in your organization, asking for highly sensitive info like company accounts, employee salaries, and Social Security numbers. The hackers “spoof”, or fake, the boss’ email address so it looks like a legitimate internal company email. That’s what makes this scam so convincing — the lure is that you want to do your job and please your boss. But keep this scam in mind if you receive an email asking for confidential or highly sensitive info. Ask the apparent sender directly whether the request is real before acting.

The Urgent Email Attachment

Phishing emails that try to trick you into downloading a dangerous attachment that can infect your computer and steal your private info have been around for a long time. This is because they work. You’ve probably received emails asking you to download attachments confirming a package delivery, trip itinerary, or prize. They might urge you to “respond immediately!” The lure here is offering you something you want and invoking a sense of urgency to get you to click.

The “Lucky” Text or Email

How fortunate! You’ve won a free gift, an exclusive service, or a great deal on a trip to Las Vegas. Just remember, whatever “limited time offer” you’re being sold, it’s probably a phishing scam designed to get you to give up your credit card number or identity info. The lure here is something free or exciting at what appears to be little or no cost to you.

The Romance Scam

This one can happen completely online, over the phone, or in person after contact is established. But the romance scam always starts with someone supposedly looking for love. The scammer often puts a phony ad online or poses as a friend-of-a-friend on social media and contacts you directly. But what starts as the promise of love or partnership, often leads to requests for money or pricey gifts. The scammer will sometimes spin a hardship story, saying they need to borrow money to come visit you or pay their phone bill so they can stay in touch. The lure here is simple — love and acceptance.

Account Suspended Scam

Some phishing emails appear to notify you that your bank temporarily suspended your account due to unusual activity. If you receive an account suspension email from a bank that you haven’t opened an account with, delete it immediately, and don’t look back. Suspended account phishing emails from banks you do business with, however, are harder to spot. Use the methods we listed above to check the email’s integrity, and if all else fails, contact your bank directly instead of opening any links within the email you received.

How to avoid phishing attacks

While you can’t outright stop phishing attacks from making their way to your computer or phone, you can do several things to keep yourself from falling for them. Further, you can do other things that might make it more difficult for scammers to reach you.

  • Pause and think about the message for a minute.

The content and the tone of the message can tell you quite a lot. Threatening messages or ones that play on fear are often phishing attacks, such as angry messages from a so-called tax agent looking to collect back taxes. Other messages will lean heavily on urgency, like a phony overdue payment notice. And during the holidays, watch out for loud, overexcited messages about deep discounts on hard-to-find items. Instead of linking you off to a proper e-commerce site, they might link you to a scam shopping site that does nothing but steal your money and the account info you used to pay them. In all, phishing attacks indeed smell fishy. Slow down and review that message with a critical eye. It might tip you off to a scam.

  • Deal directly with the company or organization in question.

Some phishing attacks can look rather convincing. So much so that you’ll want to follow up on them, like if your bank reports irregular activity on your account or a bill appears to be past due. In these cases, don’t click on the link in the message. Go straight to the website of the business or organization in question and access your account from there. Likewise, if you have questions, you can always reach out to their customer service number or web page.

  • Consider the source.

Some phishing attacks occur in social media messengers. When you get direct messages, consider the source. Consider, would an income tax collector contact you over social media? The answer there is no. For example, in the U.S. the Internal Revenue Service (IRS) makes it clear that they will never contact taxpayers via social media. (Let alone send angry, threatening messages.) In all, legitimate businesses and organizations don’t use social media as a channel for official communications. They’ve accepted ways they will, and will not, contact you. If you have any doubts about a communication you received, contact the business or organization in question directly. Follow up with one of their customer service representatives.

  • Don’t download attachments. And most certainly don’t open them.

Some phishing attacks involve attachments packed with malware, like ransomware, viruses, and keyloggers. If you receive a message with such an attachment, delete it. Even if you receive an email with an attachment from someone you know, follow up with that person. Particularly if you weren’t expecting an attachment from them. Scammers often hijack or spoof email accounts of everyday people to spread malware.

  • Remove your personal info from sketchy data broker sites.

How’d that scammer get your phone number or email address anyway? Chances are, they pulled that info off a data broker site. Data brokers buy, collect, and sell detailed personal info, which they compile from several public and private sources, such as local, state, and federal records, plus third parties like supermarket shopper’s cards and mobile apps that share and sell user data. Moreover, they’ll sell it to anyone who pays for it, including people who’ll use that info for scams. You can help reduce those scam texts and calls by removing your info from those sites. Our Personal Data Cleanup scans some of the riskiest data broker sites and shows you which ones are selling your personal info.

  • Use online protection software.

Online protection software can protect you in several ways. First, it can offer web protection features that can identify malicious links and downloads, which can help prevent clicking them. Further, features like our web protection can steer you away from dangerous websites and block malware and phishing sites if you accidentally click on a malicious link. Additionally, our Scam Protection feature warns you of sketchy links in emails, texts, and messages. And overall, strong virus and malware protection can further block any attacks on your devices. Be sure to protect your smartphones in addition to your computers and laptops as well, particularly given all the sensitive things we do on them, like banking, shopping, and booking rides and travel.

The post How to Recognize a Phishing Email appeared first on McAfee Blog.

How to Protect Your Personal Info

By: Amy Bunn

Whether it tags along via a smartphone, laptop, tablet, or wearable, it seems like the internet follows us wherever we go nowadays. Yet there’s something else that follows us around as well — a growing body of personal info that we create while banking, shopping, and simply browsing the internet. And no doubt about it, our info is terrifically valuable.

What makes it so valuable? It’s no exaggeration to say that your personal info is the key to your digital life, along with your financial and civic life as well. Aside from using it to create accounts and logins, it’s further tied to everything from your bank accounts and credit cards to your driver’s license and your tax refund.

Needless to say, your personal info is something that needs protecting, so let’s check out several ways you can do just that.

What is personal info?

What is personal info? It’s info about you that others can use to identify you either directly or indirectly. Thus, that info could identify you on its own. Or it could identify you when it’s linked to other identifiers, like the ones linked with the devices, apps, tools, and protocols you use.

A prime example of direct personal info is your tax ID number because it’s unique and directly tied to your name. Further instances include your facial image to unlock your smartphone, your medical records, your finances, and your phone number because each of these can be easily linked back to you.

Then there are those indirect pieces of personal info that act as helpers. While they might not identify you on their own, a few of them can when they’re added together. These helpers include things like internet protocol addresses, the unique device ID of your smartphone, or other identifiers such as radio frequency identification tags.

You can also find pieces of your personal info in the accounts you use, like your Google to Apple IDs, which can be linked to your name, your email address, and the apps you have. You’ll also find it in the apps you use. For example, there’s personal info in the app you use to map your walks and runs, because the combination of your smartphone’s unique device ID and GPS tracking can be used in conjunction with other info to identify who you are. Not to mention where you typically like to do your 5k hill days. The same goes for messenger apps, which can collect how you interact with others, how often you use the app, and your location info based on your IP address, GPS info, or both.

In all, there’s a cloud of personal info that follows us around as we go about our day online. Some wisps of that cloud are more personally identifying than others. Yet gather enough of it, and your personal info can create a high-resolution snapshot of you — who you are, what you’re doing, when you’re doing it, and even where you’re doing it, too — particularly if it gets into the wrong hands.

Remember Pig-Pen, the character straight from the old funny pages of Charles Schultz’s Charlie Brown? He’s hard to forget with that ever-present cloud of dust following him around. Charlie Brown once said, “He may be carrying the soil that trod upon by Solomon or Nebuchadnezzar or Genghis Khan!” It’s the same with us and our personal info, except the cloud surrounding us, isn’t the dust of kings and conquerors. They’re motes of info that are of tremendously high value to crooks and bad actors — whether for purposes of identity theft or invasion of privacy.

Protecting your personal info protects your identity and privacy

With all the personal info we create and share on the internet, that calls for protecting it. Otherwise, our personal info could fall into the hands of a hacker or identity thief and end up getting abused, in potentially painful and costly ways.

Here are several things you can do to help ensure that what’s private stays that way:

1) Use a complete security platform that can also protect your privacy.

Square One is to protect your devices with comprehensive online protection software. This defends you against the latest virus, malware, spyware, and ransomware attacks plus further protects your privacy and identity. Also, it can provide strong password protection by generating and automatically storing complex passwords to keep your credentials safer from hackers and crooks who might try to force their way into your accounts.

Further, security software can also include a firewall that blocks unwanted traffic from entering your home network, such as an attacker poking around for network vulnerabilities so that they can “break in” to your computer and steal info.

2) Use a VPN.

Also known as a virtual private network, a VPN helps protect your vital personal info and other data with bank-grade encryption. The VPN encrypts your internet connection to keep your online activity private on any network, even public networks. Using a public network without a VPN can increase your risk because others on the network can potentially spy on your browsing and activity.

If you’re new to the notion of using a VPN, check out this article on VPNs and how to choose one so that you can get the best protection and privacy possible. (Our McAfee+ plans offer a VPN as part of your subscription.)

3) Keep a close grip on your Social Security Number.

In the U.S., the Social Security Number (SSN) is one of the most prized pieces of personal info as it unlocks the door to employment, finances, and much more. First up, keep a close grip on it. Literally. Store your card in a secure location. Not your purse or wallet.

Certain businesses and medical practices might ask you for your SSN for billing purposes and the like. You don’t have to provide it (although some businesses could refuse service if you don’t), and you can always ask if they will accept some alternative form of info. However, there are a handful of instances where an SSN is a requirement. These include:

  • Employment or contracting with a business.
  • Group health insurance.
  • Financial and real estate transactions.
  • Applying for credit cards, car loans, and so forth.

Be aware that hackers often get a hold of SSNs because the organization holding that info gets hacked or compromised itself. Minimizing how often you provide your SSN can offer an extra degree of protection.

4) Protect your files.

Protecting your files with encryption is a core concept in data and info security, and thus it’s a powerful way to protect your personal info. It involves transforming data or info into code that requires a digital key to access it in its original, unencrypted format. For example, McAfee+ includes File Lock, which is our file encryption feature that lets you lock important files in secure digital vaults on your device.

Additionally, you can also delete sensitive files with an application such as McAfee Shredder, which securely deletes files so that thieves can’t access them. (Quick fact: deleting files in your trash doesn’t delete them in the truest sense. They’re still there until they’re “shredded” or otherwise overwritten such that they can’t be restored.)

5) Steer clear of those internet “quizzes.”

Which Marvel Universe superhero are you? Does it really matter? After all, such quizzes and social media posts are often grifting pieces of your personal info in a seemingly playful way. While you’re not giving up your SSN, you might be giving up things like your birthday, your pet’s name, your first car…things that people often use to compose their passwords or use as answers to common security questions on banking and financial sites. The one way to pass this kind of quiz is not to take it!

6) Be on the lookout for phishing attacks.

A far more direct form of separating you from your personal info is phishing attacks. Posing as emails from known or trusted brands, financial institutions, or even a friend or family member, a scammer’s attack will try to trick you into sharing important info like your logins, account numbers, credit card numbers, and so on under the guise of providing customer service.

How do you spot such emails? Well, it’s getting a little tougher nowadays because scammers are getting more sophisticated and can make their phishing emails look increasingly legitimate. Even more so with AI tools. However, there are several ways you can spot a phishing email and phony websites. Moreover, our McAfee Scam Protection can do it for you.

7) Keep mum in your social media profile.

You can take two steps to help protect your personal info from being at risk via social media. One, think twice about what you share in that post or photo — like the location of your child’s school or the license plate on your car. Two, set your profile to private so that only friends can see it. Social media platforms like Facebook, Instagram, and others give you the option of making your profile and posts visible to friends only. Choosing this setting keeps the broader internet from seeing what you’re doing, saying, and posting, which can help protect your privacy and gives a scammer less info to exploit. Using our Social Privacy Manager can make that even easier. With only a few clicks, it can adjust more than 100 privacy settings across their social media accounts — making them more private as a result.

8) Look for HTTPS when you browse.

The “S” stands for secure. Any time you’re shopping, banking, or sharing any kind of personal info, look for “https” at the start of the web address. Some browsers also indicate HTTPS by showing a small “lock” icon. Doing otherwise on plain HTTP sites exposes your personal info for anyone who cares to monitor that site for unsecured connections.

9) Lock your devices.

By locking your devices, you protect yourself that much better from personal info and data theft in the event your device is lost, stolen, or even left unattended for a short stretch. Use your password, PIN, facial recognition, thumbprint ID, what have you. Just lock your stuff. In the case of your smartphones, read up on how you can locate your phone or even wipe it remotely if you need to. Apple provides iOS users with a step-by-step guide for remotely wiping devices, and Google offers up a guide for Android users as well.

10) Keep tabs on your credit — and your personal info.

Theft of your personal info can lead to credit cards and other accounts being opened falsely in your name. What’s more, it can take some time before you even become aware of it, such as when your credit score takes a hit or a bill collector comes calling. By checking your credit, you can fix any issues that come up, as companies typically have a clear-cut process for contesting any fraud. You can get a free credit report in the U.S. via the Federal Trade Commission (FTC) and likewise, other nations like the UK have similar free offerings as well.

Consider identity theft protection as well. A strong identity theft protection package pairs well with keeping track of your credit and offers cyber monitoring that scans the dark web to detect for misuse of your personal info. With our identity protection service, we help relieve the burden of identity theft if the unfortunate happens to you with $2M coverage for lawyer fees, travel expenses, lost wages, and more.

The post How to Protect Your Personal Info appeared first on McAfee Blog.

How to Protect Your Identity, Finances, and Security Online

By: Jasdev Dhaliwal

If you want to protect your identity, finances, and privacy online, you have a pretty powerful tool at hand. It’s online protection software. Today’s protection is built to get that job done.

For starters, online protection has evolved tremendously over recent years, making it more comprehensive than ever. It goes far beyond antivirus. And it protects more than your devices. It protects you. Your identity. Your finances. Your privacy.

Given how much of daily life has shifted to our computers and phones, like our finances and shopping, there’s a strong case for getting comprehensive online protection in place.

Granted, we’re an online protection company. And of course, we hope you’ll give our protection like McAfee+ a close look. With that, a quick rundown of what it can do for you and your identity, finances, and privacy helps. In all, it shows just how comprehensive this protection gets.

You can keep tabs on your identity.

This form of protection starts with Identity Monitoring. It checks the dark web for your personal info, including email, government IDs, credit card and bank account numbers, and more. If any of it shows up on the dark web, it sends you an alert with guidance that can help protect you from identity theft.

Should the unexpected happen, our Identity Theft Coverage & Restoration can get you on the path to recovery. It offers up to $2 million in coverage for legal fees, travel, and funds lost because of identity theft. Further, a licensed recovery pro can do the work for you, taking the necessary steps to repair your identity and credit.

Another way identity thieves get what they want is through scam texts, emails, and messages. You can keep clear of their shady links with our new AI-powered Scam Protection. It automatically detects links that can send you to scam sites and other destinations that steal personal info. If you accidentally click? Don’t worry, we can block risky sites if you click on a suspicious link in texts, emails, social media, and more.

You can monitor your financial big picture all in one place.

As you conduct so many of your finances online, it only makes sense that you can keep tabs on them just as easily. Features like our Credit Monitoring keep an eye on changes to your credit score, report, and accounts with timely notifications and guidance so you can take action to tackle identity theft.

And if you spot something out of the ordinary, our Security Freeze can quickly stop unauthorized access. It freezes credit card, bank, and utility accounts and prevents thieves from opening new ones in your name.

Rounding things out, you also have transaction monitoring features. They track transactions on credit cards and bank accounts — shooting you a notice if unusual activity occurs. They also track retirement accounts, investments, and loans for questionable transactions. Finally, further features can help prevent a bank account takeover and keep others from taking out short-term payday loans in your name.

You can lock down your privacy.

Several features get the job done. Our Social Privacy Manager helps you adjust more than 100 privacy settings across your social media accounts in only a few clicks. This way, your personal info is only visible to the people you want to share it with.

Another big intrusion on your privacy comes at the hands of online data brokers. They drive a multi-billion-dollar industry by collecting, batching, and selling people’s personal info. To anyone. That includes hackers, spammers, and scammers who use it to their own ends. Yet you can get your info removed from some of the worst offenders out there. Personal Data Cleanup scans data broker sites and shows you which ones are selling your personal info and helps you remove it.

Another great tool for protecting your privacy comes in the form of a VPN. As a “virtual private network,” it encrypts your activity. Think of a VPN as a private tunnel for your internet traffic. It hides your search habits and history from those who might use that info to build a profile of you — whether to serve up targeted ads or to steal personal info for identity theft. In all, a VPN gives you one of the most secure ways you can go online.

The post How to Protect Your Identity, Finances, and Security Online appeared first on McAfee Blog.

How Not to Fall for Smishing Scams

By: Jasdev Dhaliwal

With a buzz, your phone lets you know you got a text. You take a peek. It’s from the U.S. Postal Service with a message about your package. Or is it? You might be looking at a smishing scam.

“Smishing” takes its form from two terms: SMS messaging and phishing. Effectively, smishing is a phishing attack on your phone. Scammers love these attacks year-round, and particularly so during holiday shopping rushes. The fact remains that we ship plenty of packages plenty often, and scammers use that to their advantage.

Smishing attacks try to slip into the other legitimate messages you get about shipments. The idea is that you might have a couple on the way and might mistake the smishing attack for a proper message. Scammers make them look and sound legit, posing as the U.S. Postal Service or other carriers like UPS, DHL, and FedEx.

New data from McAfee’s State of the Scamiverse 2025 report reveals that text and email scams are on the rise worldwide. The average American is targeted by more than 14 scams every day, including an average of 3 deepfake videos. This surge in scam activity shows that scammers are increasingly relying on mobile attacks, as 76% of all tax scam activity in 2024 targeted mobile users via text, often using URL shorteners to disguise fraudulent links. 

Special delivery: suspicious text messages

To pull off these attacks, scammers send out text messages from random numbers saying that a delivery has an urgent transit issue. When a victim taps on the link in the text, it takes them to a form page that asks them to fill in their personal and financial info to “verify their purchase delivery.” With the form completed, the scammer can then exploit that info for financial gain.

However, scammers also use this phishing scheme to infect people’s devices with malware. For example, some users received links claiming to provide access to a supposed postal shipment. Instead, they were led to a domain that did nothing but infect their browser or phone with malware. Regardless of what route the hacker takes, these scams leave the user in a situation that compromises their smartphone and personal data.

You don’t have to fall for delivery scams

While delivery alerts are a convenient way to track packages, it’s important to familiarize yourself with the signs of smishing scams. Doing so will help you safeguard your online security without sacrificing the convenience of your smartphone. To do just that, take these straightforward steps.

Go directly to the source.

Be skeptical of text messages from companies with peculiar requests or info that seems too good to be true. Be even more skeptical if the link looks different from what you’d expect from that sender — like a shortened link or a kit-bashed name like “fed-ex-delivery dot-com.” Instead of clicking on a link within the text, it’s best to go straight to the organization’s website to check on your delivery status or contact customer service.

Enable the feature on your mobile device that blocks certain texts.

Many spammers send texts from an internet service to hide their identities. You can combat this by using the feature on your mobile device that blocks texts sent from the internet or unknown users. For example, you can disable all potential spam messages from the Messages app on an Android device. Head to “Settings,” tap on “Spam protection,” and then enable it. On iPhones, head to “Settings” > “Messages” and flip the switch next to “Filter Unknown Senders.”

One caveat, though. This can block legitimate messages just as easily. Say you’re getting your car serviced. If you don’t have the shop’s number stored on your phone, their updates on your repair progress will get blocked as well.

Use mobile device protection.  

Our McAfee Mobile Security  puts up a great defense. Devices can be attacked by malware and other forms of malicious software. Our mobile security app offers peace of mind by protecting your identity, privacy, and device. 

Protect your privacy and identity all around.

McAfee+ plans offer strong protection for your identity, privacy, and finances. All the things those smishers are after. It includes credit and identity monitoring, social privacy management, and a VPN, plus several transaction monitoring features. Together, they spot scams and give you the tools to stop them dead in their tracks. 

And if the unfortunate happens, our Identity Theft Coverage & Restoration can get you on the path to recovery. It offers up to $2 million in coverage for legal fees, travel, and funds lost because of identity theft. Further, a licensed recovery pro can do the work for you, taking the necessary steps to repair your identity and credit. 

The post How Not to Fall for Smishing Scams appeared first on McAfee Blog.

How to Stay Safe while Working from Home

By: Jasdev Dhaliwal

Working from home has established itself as a norm. As of 2023, 35% of employed adults in the U.S. work from home all the time. Another 41% work from home at least part of the time.[i]

While working from home offers benefits to employees and employers alike, the uptick in personal devices connecting to an organization can pose security risks. That includes malware attacks, identity theft, and ransomware, not to mention out-and-out data theft.

With so many people knocking out their workdays at home, the question remains — how can everyone do it safely? Five quick tips and tools can help.

Tips to protect both personal and company data

Use a VPN.

Plenty of the things we work on are confidential. Or at least best kept within the company. A virtual private network (VPN) can help. It creates a secure tunnel of communication that shields the data traveling in it. This way, it makes it exceedingly difficult for a hacker to tap into it and see anything but encrypted data. It offers a primary way that businesses can keep their data and info private. Many organizations provide one to remote employees, yet you can also get a strong, unlimited VPN from us as part of our McAfee+ plans.

Protect yourself from phishing emails.

How do you spot phishing emails? Well, it’s getting a little tougher nowadays because scammers are getting more sophisticated. They make those phishing emails designed to steal info look increasingly legitimate. Even more so with AI tools. However, there are several ways you can spot phishing emails and phony websites. Moreover, our McAfee Scam Protection can do it for you.

Get strong, unique passwords in place.

Passwords provide an excellent line of defense. Specifically, strong, unique passwords across each of your accounts. That might sound like a tall task given the umpteen accounts we have nowadays, yet a password manager can do all that work for you. It creates and securely stores strong, unique passwords for you. A password manager comes included as part of our McAfee+ plans.

Use two-factor authentication.

Two-factor authentication is a more secure way to access work applications. In addition to a password/username combo, it asks for verification of who you are via a device that you own. Like a mobile phone, typically with a PIN sent by text or call. In this way, it uses two factors to confirm an identity. So, if your password gets compromised, it still won’t work for a hacker. They’ll still need the PIN that was sent to you. Of course, never share that PIN with anyone. Anyone who asks for it is a scammer who’s trying to crack your account.

Protect yourself all around.

Consider getting online protection software for all your devices. Today’s protection goes far, far beyond antivirus. It includes features that make your professional (and personal) life safer, with scam protection and web protection that steer you clear of sketchy sites and links. It further offers a full host of features that safeguard your identity, like credit monitoring, identity monitoring, and $2 million in identity theft coverage. Other features help keep you more private on social media and remove your personal info from data broker sites. We call it comprehensive online protection for good reason. It protects you, not just your devices.

[i] https://www.pewresearch.org/short-reads/2023/03/30/about-a-third-of-us-workers-who-can-work-from-home-do-so-all-the-time/

 

The post How to Stay Safe while Working from Home appeared first on McAfee Blog.

What is ATM Skimming?

By: Jasdev Dhaliwal

Ever take a look at an ATM and feel like something’s off? You might have come across an ATM skimmer.

It works like this… A crook tampers with an ATM by attaching a physical device that skims card info as cards people grab or deposit money. From there, a keypad overlay or tiny pinhole camera captures your PIN as people tap it in. And with that info, the crook has everything they need to create several counterfeit cards.

Of course, that thief has to transfer that info. In some cases, the thief creeps back, removes the skimming device, downloads your data, and burns it to a blank ATM card. More sophisticated skimmers are connected, so thieves can download stolen info from the skimmer and then use that info to buy stuff online. Either way, a skimmer can take a big chunk out of your bank account.

However, you have ways of spotting these sketchy ATMs. And yet, there are more ways to protect your finances if you fall victim to a carefully concealed skimmer.

How to spot a hacked ATM

Spotting a hacked ATM can get a bit tricky, yet you can look for a few signs. Generally speaking, ATMs are sturdy by design. If a card reader or keypad wiggles at all or the keypad feels too spongy or sticks when you tap the buttons, you might be looking at a hacked ATM. Also keep an eye out for extra pieces of plastic stuck to the ATM, which can be places where a crook has concealed a camera. Often, they’ll disguise cameras in brochure holders and overhead lights.

Another clue of a hacked ATM — scanners and other components that don’t match the color and style of the machine. In all, anything that looks tacked on or out of place gives you a good reason to use another ATM.

To protect yourself further, follow these tips:

Be choosy.

While out and about, consider using ATMs installed at a bank. These are watched more closely than ATMs in public places, which makes them harder to tamper with.

Cover the keypad when entering your PIN.

Thieves need your card number and your PIN to access your account with a copycat card. By covering the keypad, you prevent cameras and onlookers from seeing your PIN.

Check your bank and credit card statements often.

If your card does get skimmed, acting quickly counts. Thieves can quickly rack up purchases and out a chunk of your account. Banks typically watch for fraud and will contact you about unusual activity.

Better yet, you can keep a closer eye on your accounts yourself. Our McAfee+ plans offer several types of account and transaction monitoring. Together, they can alert to strange transactions across bank, credit, retirement, and other accounts. They can also alert you if any of your info at the bank gets changed, which helps prevent account takeovers.

The post What is ATM Skimming? appeared first on McAfee Blog.

Are Mobile Devices Less Secure than PCs?

By: Jasdev Dhaliwal

Are smartphones less secure than PCs? The answer to that is, they’re different. They face different security threats. Yet they certainly share one thing in common — they both need protection.

So, what makes a smartphone unique when it comes to security? And how do you go about protecting it? We’ll cover both here.

Apps, spam texts, and other smartphone vulnerabilities

Several facts of life about smartphones set them apart when it comes to keeping your devices safer. A quick rundown looks like this:

First off, people keep lots of apps on their phones. Old ones, new ones, ones they practically forgot they had. The security issue that comes into play there is that any app on a phone is subject to vulnerabilities.

A vulnerability in just one of the dozens of apps on a phone can lead to problems. The adage of “the weakest link” applies here. The phone is only as secure as its least secure app. And that goes for the phone’s operating system as well.

Additionally, app permissions can also introduce risks. Apps often request access to different parts of your phone to work — such as when a messenger app asks for access to contacts and photos. In the case of malicious apps, they’ll ask for far more permissions than they need. A classic example involves the old “flashlight apps” that invasively asked for a wide swath of permissions. That gave the hackers all kinds of info on users, including things like location info. Today, the practice of malicious, permission-thirsty apps continues with wallpaper apps, utility apps, games, and more.

As for other malicious apps, sometimes people download them without knowing. This often happens when shopping in third-party app stores, yet it can happen in legit app stores as well — despite rigorous review processes from Apple and Google. Sometimes, hackers sneak them through the review process for approval. These apps might include spyware, ransomware, and other forms of malware.

Many people put their smartphones to personal and professional use.[i] That might mean the phone has access to corporate apps, networks, and data. If the phone gets compromised, those corporate assets might get compromised too. And it can work in the other direction. A corporate compromise might affect an employee’s smartphone.

More and more, our phones are our wallets. Digital wallets and payment apps have certainly gained popularity. They speed up checkout and make splitting meals with friends easy. That makes the prospect of a lost or stolen phone all the more serious. An unsecured phone in the hands of another is like forking over your wallet.

Lastly, spam texts. Unique to phones are the sketchy links that crop up in texting and messaging apps. These often lead to scam sites and other sites that spread malware.

With a good sense of what makes securing your smartphone unique, let’s look at several steps you can take to protect it.

How to protect your smartphone

  1. Update your phone’s apps and operating system

Keeping your phone’s apps and operating system up to date can greatly improve your security. Updates can fix vulnerabilities that hackers rely on to pull off their malware-based attacks. it’s another tried and true method of keeping yourself safer — and for keeping your phone running great too.

  1. Lock your phone

With all that you keep and conduct on your phone, a lock is a must. Whether you have a PIN, passcode, or facial recognition available, put it into play. The same goes for things like your payment, banking, and financial apps. Ensure you have them locked too.

  1. Avoid third-party app stores

As mentioned above, app stores have measures in place to review and vet apps that help ensure they’re safe and secure. Third-party sites might very well not, and they might intentionally host malicious apps as part of a front. Further, legitimate app stores are quick to remove malicious apps from their stores once discovered, making shopping there safer still.

  1. Review apps carefully

Check out the developer — have they published several other apps with many downloads and good reviews? A legit app typically has many reviews. In contrast, malicious apps might have only a handful of (phony) five-star reviews. Lastly, look for typos and poor grammar in both the app description and screenshots. They could be a sign that a hacker slapped the app together and quickly deployed it.

  1. Go with a strong recommendation.

Yet better than combing through user reviews yourself is getting a recommendation from a trusted source, like a well-known publication or app store editors themselves. In this case, much of the vetting work has been done for you by an established reviewer. A quick online search like “best fitness apps” or “best apps for travelers” should turn up articles from legitimate sites that can suggest good options and describe them in detail before you download.

  1. Keep an eye on app permissions

Another way hackers weasel their way into your device is by getting permissions to access things like your location, contacts, and photos — and they’ll use malicious apps to do it. If an app asks for way more than you bargained for, like a simple puzzle game that asks for access to your camera or microphone, it might be a scam. Delete the app.

  1. Learn how to remotely lock or erase your smartphone

So what happens if your phone ends up getting lost or stolen? A combination of device tracking, device locking, and remote erasing can help protect your phone and the data on it. Different device manufacturers have different ways of going about it, but the result is the same — you can prevent others from using your phone. You can even erase it if you’re truly worried that it’s gone for good. Apple provides iOS users with a step-by-step guide, and Google offers a guide for Android users as well.

  1. Protect your phone and block sketchy links

Comprehensive online protection software can secure your phone in the same ways that it secures your laptops and computers. Installing it can protect your privacy, and keep you safe from attacks on public Wi-Fi, just to name a few things it can do. Ours also includes Text Scam Detector that blocks sketchy links in texts, messages, and email before they do you any harm. And if you tap that link by mistake, Text Scam Detector still blocks it.

[i] https://www.statista.com/statistics/1147490/share-adults-use-personal-smartphone-business-activities-by-country/

 

The post Are Mobile Devices Less Secure than PCs? appeared first on McAfee Blog.

How To Tell If Your Smartphone Has Been Hacked

By: Jasdev Dhaliwal

Smartphone hacking is the unauthorized access to and control over a mobile device or its communications. This goes beyond a simple malware infection; it’s a targeted breach aimed at stealing your personal data, spying on your activities, or using your device for malicious purposes. Unlike general viruses that may just slow down your device, a hack can lead to severe real-world consequences. This article aims to increase your awareness about hacking methods, how to prevent it or determine if your phone has been infiltrated, and how to protect your phone moving forward.

Why cybercriminals target smartphones

Your smartphone is a goldmine of personal information, making it a high-value target for cybercriminals whose motivations are typically centered on financial gain and identity theft. Hackers seek banking credentials, credit card numbers, and access to payment apps for direct financial theft. Meanwhile, stealing your personal information—like emails, contacts, and passwords—allows them to commit identity fraud or sell on dark-web markets.

Beyond money, attackers may use your phone for surveillance, secretly activating your camera or microphone to spy on you. In other cases, they may hijack your device’s resources to include it in a botnet for larger attacks or hold your files hostage with ransomware. Understanding these threats is the first step in knowing how to protect yourself from them, so it’s vital to learn the methods hackers use to get into your phone.

Hackers exploit iOS and Android differently

While both iOS and Android are secure, their core philosophies create different opportunities for hackers. Android’s open-source nature allows for greater customization, including the ability to “sideload” third-party apps from outside the official Google Play Store. Unvetted apps with malicious code are a primary vector for malware.

In contrast, Apple’s iOS’s closed ecosystem makes it much harder to install unauthorized software. For this reason, many attacks targeting iPhones rely on social engineering, sophisticated zero-day exploits that target unknown vulnerabilities, or jailbroken devices, which strips away Apple’s built-in protections.

To protect your device, tailor your defense to its ecosystem. The best practice for Android users is to stick to the Google Play Store and ensure Google Play Protect is active, as it continuously scans your apps for harmful behavior. iPhone users concerned about targeted attacks should activate Lockdown Mode, an extreme feature that limits functionality to reduce the potential attack surface. Regardless of your platform, keeping your operating system updated is the single most important step you can take to stay secure.

Common attack vectors

Wondering how your phone gets compromised? Hackers use several common pathways.

Jailbreaking or rooting

A hacker might install spyware after you jailbreak or root your smartphone to bypass the security of their respective stores. Jailbreaking or rooting gives smartphone users more control over their devices, such as removing pre-installed apps and installing third-party apps from unvetted sources. However, this action removes barriers that keep viruses and malware from entering the smartphone’s system and spreading to apps, files, devices and other networks. And because Apple and Google don’t review the apps in those sources, this allows the hacker to post a bad app with relative ease.

Sneaking a malicious app update

Apple has a strict review policy before apps are approved for posting in the App Store. Meanwhile, Google started applying AI-powered threat detection, stronger privacy policies, supercharged developer tools, industry-wide alliances, and other methods in its app reviews. Bad actors, however, could still sneak malware into the stores by uploading infected app versions during updates. Other times, they’ll embed malicious code that triggers only in certain countries or encrypt malicious code into the app they submit, making it difficult for reviewers to sniff out.

Remote hacking

Cybercriminals have several sophisticated methods to hack smartphones remotely. One common technique is phishing, where you might receive a text or email with a malicious link that, when clicked, installs spyware on your device. Another remote hacking vector is through unsecured public Wi-Fi networks, where hackers can intercept your data. Spyware can also be delivered via SMS payloads that require no user interaction.

Text messages

Smishing (SMS phishing) is a common and effective way for hackers to attack your phone, where they send an urgent text with a malicious link, like a fake delivery notification or a bank alert, to trick you into clicking without thinking. Once you click, the link can lead to a fake website designed to steal your login credentials or directly download malware onto your device. Attackers also use MMS messages to send malicious files, like images or videos, which in some rare “zero-click” exploits, can infect your phone without you even opening the message.

To protect yourself, treat all unexpected links in text messages with suspicion. Never click on a link from an unknown sender. A key preventive step is to go into your messaging app’s settings and disable the automatic download of MMS files. This prevents malicious media from loading onto your device automatically. Always verify urgent requests by contacting the company or person directly through a trusted channel, not by using the contact information provided in the suspicious text.

Malicious websites

In this method, hackers use techniques like drive-by downloads, which silently installs malware onto your device the moment a page loads—no click required. Malvertising is where malicious code is hidden in online ads that, if served on a site you visit, can trigger a spyware or ransomware download. These attacks are most effective against devices with outdated web browsers, as they target known security holes that have since been patched. Fake “update required” pop-ups are designed to scare you into installing malicious software disguised as a critical browser update. To protect yourself, always keep your mobile browser and operating system fully updated. Use your browser’s built-in safe-browsing features, and be cautious about granting permissions or clicking links on unfamiliar websites.

SIM-swap and phone cloning

These two sophisticated attacks can give a hacker complete control over your phone number. In a SIM-swap attack, a criminal tricks your mobile carrier into transferring your phone number to a SIM card they control. In phone cloning, they copy the identifying information from your phone to another, making a functional duplicate. In either case, the attacker can then intercept your calls, texts, and two-factor authentication codes.

Proactive defense includes setting up a unique PIN or password on your account for an extra layer of security. Switch to an eSIM if possible, as eSIMs are not as easily swapped as physical cards. If you suspect an attack, immediately report the issue to your carrier and check your financial and email accounts for unauthorized activity. You can also use the dial codes, like *#62#, to see if your calls are being forwarded to an unknown number.

Compromised phone camera

Malicious apps and spyware can secretly access your camera and microphone, potentially livestreaming audio and video to an attacker without your knowledge. Key warning signs include the camera indicator light turning on unexpectedly, significant and unexplained battery drain, or finding unfamiliar photos and videos in your gallery. To protect yourself, regularly audit the apps installed on your phone. Go into your device’s settings to review which apps have permission to access your camera and revoke access for any that don’t need it.

Other methods

Network-based attacks occur over unsecured public Wi-Fi where attackers can intercept your data. Finally, unsecure cloud backups can be a weak point, as a compromised password for your Apple or Google account could give a hacker access to all the data you’ve stored. Knowing these attack vectors is the first step toward understanding how to know if your phone is hacked.

Signs your smartphone has been hacked

Because we spend so much time on our phones, it’s fairly easy to tell when something isn’t working right. Sometimes those issues are symptoms of an infection. Possible signs that your device has been hacked include:

  • Performance issues: A slower device, webpages taking way too long to load, or a battery that never keeps a charge can be attributed to your device reaching its retirement. However, these things might also signal that malware has compromised your phone.
  • Your phone feels hot: Malware running in the background of your device might burn extra computing power, causing your phone to feel overheated.
  • Mysterious calls, texts, or apps: If apps you haven’t downloaded suddenly appear on your screen, or if outgoing calls you didn’t make pop up on your phone bill, these are definite red flags that your device has been hacked.
  • Changes or pop-ups crowd your screen: If you are getting an influx of spammy ads or your app organization is suddenly out of order, or your home screen has been reorganized, there is a big possibility that your phone has been hacked.
  • Unexpected battery drain: Your phone’s battery dies much faster than usual because malware is constantly running in the background.
  • Sudden data spikes: You notice a sharp, unexplained increase in your mobile data usage as spyware sends your information to a hacker.
  • Unexplained charges: You find subscriptions or premium service charges on your phone bill or to your account that you never authorized.
  • Background noise on calls: You hear clicks, static, or distant voices during phone conversations, which could indicate a call-monitoring app is active.
  • Sudden loss of mobile service on your phone, notifications of account changes you didn’t make, or being locked out of your online accounts.

Confirm a breach with built-in diagnostics

If these symptoms are present, use the following tools to verify whether your device has been compromised:

  1. For Android, run Google Play Protect: This is your first line of defense on an Android device. Open the Google Play Store app, tap your profile icon in the top right, and select Play Protect. Tap “Scan” to check your installed apps for harmful behavior. Play Protect runs automatically but a manual scan can help confirm if your phone is hacked.
  2. For iOS, use Apple’s Safety Check: To check if your iPhone has been hacked, go to Settings > Privacy & Security > Safety Check. This tool helps you review and revoke the access you’ve granted to people, apps, and devices, which is a common way iPhones are compromised.
  3. Install a reputable antivirus scanner: For a deeper analysis, install a trusted mobile security app like McAfee to detect a wider range of malware, spyware, and risky settings. Run a full system scan.
  4. Interpret the results: If the scan detects a threat, it will typically be labeled with a name and a risk level. The security app will also give you an option to remove or uninstall the malware. If you receive a warning but no option to remove, boot your phone into safe mode and manually uninstall the suspicious app.

Hack attack! Your next steps

The results of the scan are in: your smartphone has clearly been hacked. There is no time to lose. To start the process of blocking the hacker or removing the malware, follow these essential first steps:

  1. Remove apps you didn’t install and restart. Check your apps folder for anything unfamiliar and remove them. From there, disconnect from the Internet and restart your phone to halt any malicious activity.
  2. If issues persist, reset. If you still have issues, restoring your phone to its factory settings is an option, provided you have backed up photos, contacts, and other vital info in the cloud. A quick online search can show how relatively straightforward it is to wipe and restore your model of phone.
  3. Flash the stock firmware. As a last resort for technical users, reinstalling the official operating system will almost certainly remove the hack.
  4. Change critical passwords: Using a different, trusted device, immediately change the passwords for your most important accounts—email, banking, and social media.
  5. Check your accounts and credit. Some online security solutions like McAfee+ are capable of Identity Monitoring, which alerts you if your info winds up on the dark web, while Credit Monitoring alerts you of unauthorized activity in your accounts.
  6. Get expert help. Our Identity Theft Coverage & Restoration service offers $2 million that covers required travel, losses, and legal fees associated with identity theft. It also offers the services of a licensed recovery professional who can repair your credit and your identity after a hack attack.
  7. Notify financial institutions: Contact your bank and credit card companies to alert them to the potential breach. Monitor your statements closely for any fraudulent charges.
  8. Report the incident: Inform your mobile carrier about the breach and consider filing a report with the appropriate authorities, such as local law enforcement and the FBI’s Internet Crime Complaint Center.

Seek professional help

Persistent problems with your smartphone after a factory reset, may indicate a sophisticated, low-level hack. If you are the victim of significant financial fraud or identity theft, or if the hack involves sensitive legal or corporate data, it is crucial to stop using your smartphone and get assistance. In these cases, continued use could tamper with evidence.

After reporting the hacking incident to your mobile carrier, and authorities, you may need a certified digital forensic analyst for deep analysis, especially in corporate or legal cases. Before you call, gather key information: the make and model of your phone, the date you first noticed issues, a list of suspicious apps or messages, and any known fraudulent activity on your accounts.

Dial codes to detect hidden hacks

Certain dial codes, also known as Unstructured Supplementary Service Data (USSD) or Man-Machine Interface (MMI) codes, can help you check for signs of suspicious activity or hidden configurations. These codes can reveal call forwarding, SIM tracking, or conditional redirects that may indicate a compromise:

  • Dial *#21#: This code shows you the status of call forwarding. If calls, messages, or other data are being diverted without your knowledge, this is one of the key signs your phone is hacked. The results should all say “Not Forwarded.”
  • Dial *#62#: Use this code to find out where calls are being forwarded when your phone is unreachable (e.g., turned off or out of service area). It should typically go to your carrier’s voicemail number, so check if the number shown is unfamiliar.
  • Dial ##002#: This universal code disables all call forwarding. If you suspect your calls are being diverted, dialing this code will reset it. Note that availability and functionality of these codes can vary by carrier and country.

Tips to block hackers from your phone

You can take simple, effective steps to protect yourself and your device from hackers. Here are some practical tips, from the basic to the more layered steps, to help you block hackers from accessing your phone.

Basic best practices

To avoid the hassle of having a hacked phone in the first place, here are some fundamental measures you can do as part of your routine:

  • Update your phone and its apps. Promptly updating your phone and apps is a primary way to keep your device safer. Updates often fix bugs and vulnerabilities that hackers rely on to download malware for their attacks.
  • Avoid third-party apps from unvetted stores. Apple’s App Store and Google Play have protections in place, unlike third-party sites which sometimes purposely host malicious apps. Avoiding these sites altogether can block hackers from your device.
  • Don’t use a jailbroken or rooted phone. Jailbreaking or rooting a phone introduces all kinds of security issues. Your best bet as an everyday internet user is to rely on the built-in security features of iOS and Android.

Layered protection beyond the basics

Beyond the foundational advice, fortifying your smartphone requires a layered defense. We suggest the following actions you can apply:

  • Install a reputable mobile security app: A trusted provider like McAfee can scan for malware and alert you to risky websites.
  • Enable two-factor authentication: Use this feature on all critical accounts, such as your email, banking, and social media apps. This adds a crucial second layer of verification that protects you even if your password is stolen.
  • Disable connective services: Minimize your attack surface by disabling wireless radios like Bluetooth, near field communication (NFC), and location tracking when not in use.
  • Leverage hardware security: Rely on built-in hardware features like Apple’s Secure Enclave or Android’s Titan M chip, which protect your biometric data and encryption keys.
  • Review app permissions regularly: Make it a monthly habit to check which apps have access to your camera, microphone, location, and contacts, revoking permissions from any that seem unnecessary.
  • Adopt a zero-trust mindset: Never automatically trust links or attachments in emails and messages, even if they appear to be from someone you know. Use a VPN on public Wi-Fi to encrypt your connection and protect your data from eavesdroppers. In addition, ensure your device’s storage is always encrypted for a strong baseline of protection.
  • Take full advantage of built-in safety features: Apple offers Lockdown Mode for high-risk users, while Google has Play Protect which continuously scans your apps for harmful behavior.
  • Avoid using public USB charging stations: These can be used for juice jacking, where hackers steal data from or install malware on your device. It’s best to bring a portable battery pack, especially during travel or long days out.

One-tap checklist: Security settings you can enable today

Securing your device doesn’t have to be complicated or time-consuming. In fact, many powerful protections are just a tap away. This quick checklist offers quick and simple security settings you can enable with minimal effort.

  1. Turn on automatic updates: Go to Settings > General > Software Update on iOS or Settings > System > System Update on Android to enable automatic updates and ensure you always have the latest security patches.
  2. Enable biometric lock: Set up Face ID or Touch ID (iOS) or Fingerprint Unlock (Android) for a fast, secure way to protect your device from unauthorized physical access.
  3. Activate “Find My” feature: Turn on Apple’s “Find My iPhone” or Android’s “Find My Device” to allow you to locate, lock, or remotely erase your phone if it’s lost or stolen.

FAQs about phone hacking

Does dialing *#21# show if I’m hacked?

This code shows if your calls and messages are being forwarded, which can be a sign of a hack, but it doesn’t detect other types of malware or spyware.

Can iPhones get viruses?

While less common due to Apple’s strong security structure, iPhones can still be compromised, especially through malicious apps from outside the App Store or sophisticated phishing attacks.

Will a factory reset remove spyware?

In most cases, yes. A factory reset erases all data and apps on your device, including most forms of malware and spyware, returning it to its original state.

Can my phone be hacked while powered off?

A phone that is truly powered off cannot be hacked remotely. When the device is off, its wireless radios (cellular, Wi-Fi, Bluetooth) are inactive, and the operating system is not running, cutting off any connection for an attacker to exploit. In Airplane Mode, only the radios are disabled, but leaves the OS running.

The myth of a phone being hacked while off often stems from two things: advanced, targeted attacks that fake a shutdown to compromise firmware, or physical attacks like a “cold boot” where a forensics expert with physical access can extract data from the RAM shortly after shutdown. To mitigate these extremely rare risks, always ensure your phone is fully encrypted, a default setting on modern iPhones and Androids, to make data unreadable even if accessed physically.

For everyday security, shutting off your phone is a good first step to sever any potential malicious connection.

Does my iPhone need antivirus?

If your iPhone is not jailbroken, you don’t need antivirus. But your phone should still get extra protection to deal with other cyberthreats such as scammy text messages, phishing and AI-driven attempts. Comprehensive online protection software like McAfee keeps you and your phone safer. It can:

  • Block sketchy links in texts, emails, messages, as well as suspicious links during searches, while surfing, and on social media.
  • Protect your identity by keeping tabs on your credit and accounts.

Those are only some of the many McAfee capabilities that protect you and your phone.

Final thoughts

Recognizing the signs your phone is hacked is the critical first step, but swift and correct action is what truly protects you.

You can usually determine your smartphone has been hacked by observing any unusual behavior patterns, such as unexplained battery drain, data usage spikes, a blitz of ad pop-ups, unexplained charges on your banking accounts, and even mysterious calls, texts, or apps. Another way to confirm a breach is by running built-in diagnostics such as security scans and security keys. If any of the odd behaviors listed above sound familiar, don’t wait. Take immediate action and implement a layered defense.

In the first place, you can significantly reduce your risk of being hacked through regular software updates, careful app management, and smart browsing habits. Another important component is installing a complete privacy, identity and device solution like McAfee that provides comprehensive protection.

Don’t wait until you suspect a breach; adopt these protective strategies today to keep your digital life private and secure.

The post How To Tell If Your Smartphone Has Been Hacked appeared first on McAfee Blog.

Does Windows 10 or 11 Need Antivirus Software?

By: Jasdev Dhaliwal

If your PC runs on Windows 10, you’re in very good company. The Microsoft operating system is the most widely used OS in the world.

However, the rollout to Windows 11 began in 2021, with Windows 10’s support lifecycle ending on October 14, 2025. After this date, Microsoft will stop providing free security updates, technical support, or software updates for Windows 10. If you are a Windows 10 user, this means you will need to upgrade to the newer OS or purchase extended security updates to continue using the old OS securely.

Unfortunately, its success as a widely used operating system makes Windows attractive to hackers. If malicious software could make a home in Windows, a lot of targets would ask how best to protect your Windows 10 or 11 device. Should you just use Windows Security — Microsoft’s free version of antivirus software — or buy additional protection?

Read on to learn what Microsoft Security covers and how additional virus protection can secure all of your connected devices.

Windows 10 antivirus software

Windows Defender is a free antivirus tool that’s built into the Windows operating system. Initially released as an anti-spyware program for Windows XP and Windows Server 2003, it became a full antivirus program with Windows 8 in 2012.

Today, Windows Defender antivirus is part of the Windows Security suite, which offers a comprehensive solution that includes Windows Firewall and Smart App Control for real-time protection against threats. While it’s considered one of the best free antivirus software programs, Windows Defender doesn’t have any extra features that might come with paid security software. If you’re just looking for good antivirus software, it can get the job done.

Check that Windows Defender is on

If you’re not using third-party antivirus protection, you’ll want to make sure that your Windows Defender antivirus coverage is working on your computer. Here’s how to check:

  1. Go to the control panel and click System and Security.
  2. Click Windows Defender Firewall.
  3. A window will open showing if the firewall is on.
  4. If you need to turn on Windows Defender, use the settings in the menu.
  5. Close all browser windows and restart your computer.

To make sure your Windows Security is running, follow these steps:

  1. Click CTRL+Alt+Del and select Task Manager.
  2. Look at the tabs and click Services.
  3. Scroll down to Windows Defender and see if it is classified as “running.”

Windows Defender capabilities and limitations

Windows Defender is a convenient and cost-effective way to protect your Microsoft device from viruses. With features like real-time protection, firewall integration, and cloud-based threat detection, it provides a solid baseline of security for your computer. This overview explores what Windows Defender does well and where it falls short:

Key features

  • Real-time protection: Monitors your system continuously for threats and blocks them before they can cause harm
  • Cloud-delivered protection: Utilizes cloud intelligence for near-instant detection and blocking of new and emerging threats
  • Firewall: Allows you to control network traffic in and out of your device
  • Ransomware protection: Prevents unauthorized applications from modifying important files. This feature, however, needs to be enabled manually
  • Security intelligence updates: Receives regular updates to its malware definitions to stay protected against the latest threats

Limitations

While Windows Defender has vastly improved, it still has some limitations compared to other comprehensive security and antivirus suites.

  • Phishing protection: Phishing detection is not as strong as some third-party solutions, according to PCMag tests.
  • Web protection: SmartScreen works only in Microsoft Edge, potentially leaving users of other browsers more vulnerable.
  • Performance impact: Sometimes impacts system performance, particularly during scans
  • Ransomware protection: Not enabled by default and might not be as robust as dedicated anti-ransomware tools
  • Limited features: Lacks advanced features found in many paid security products that integrate capabilities, such as VPNs, password managers, dark web monitoring, and dedicated webcam protection.

Activate Windows Defender antivirus features

  1. Open Windows Security: Click the Start menu, type “Windows Security,” and select the app from the results. This is your central hub for PC protection.
  2. Run a scan: In Windows Security, go to “Virus & threat protection” and run a “Quick scan” to check common areas for threats. For a more thorough check, click “Scan options” and select “Full scan,” which examines every file and running programs on your hard disk.
  3. Manage real-time protection: Under “Virus & threat protection settings,” ensure that “Real-time protection” is on to actively scan for malware and prevent infections.
  4. Schedule a scan: Type “Task Scheduler” in the Start menu, then navigate to Task Scheduler Library > Microsoft > Windows > Windows Defender. Customize the “Windows Defender Scheduled Scan” properties to run at a convenient time.
  5. Update virus definitions: Under “Virus & threat protection,” find “Virus & threat protection updates.” Click “Check for updates” to ensure Defender has the latest information to identify new threats. Windows typically does this automatically, but a manual check is always a good idea.

More hostile threats call for more extensive protection

While Windows Security and Windows Defender offer robust baseline malware protection, modern digital threats go far beyond simple viruses. To stay truly safe, you need to look at the bigger picture of online security. This is where a comprehensive security suite offers significant advantages over a standalone antivirus tool.

Here’s a quick comparison between the built-in Windows Defender and what a full-featured security suite offers:

Feature Windows Defender Comprehensive Suites
Antivirus & malware protection Yes (strong baseline) Yes (advanced)
Firewall Yes Yes (advanced, customizable)
Secure VPN No Yes
Identity monitoring No Yes
Cross-device protection (Mac, Android, iOS) No Yes
Password manager Limited (browser-based) Yes (secure, cross-device)
Web protection Yes (Edge browser) Yes (all browsers)

Staying protected with Windows 11

Cybercriminals constantly develop new malware, sophisticated phishing scams, elaborate ruses and zero-day exploits that target your behavior—like tricking you into clicking a malicious link, downloading a compromised file, or giving your personal information such as your bank and credit card numbers. Some scams even target your devices with risky apps or links on social media.

As thousands of new threat variants are discovered daily, having dedicated and up-to-date virus protection for Windows 11 is essential for comprehensive security. Ultimately, you don’t need to disable Windows Defender’s firewall, but adding a comprehensive security suite provides crucial layers of protection against phishing, identity theft, and unsecured Wi-Fi that are essential for staying safe online today. Having another antivirus program can make sure you have real-time protection and access to the latest security features. Better to be safe than sorry!

Better security with Windows 11

From Windows 10, the upgraded Windows 11 introduces significant security enhancements, thanks to a more robust security architecture that applies stricter hardware requirements. Mandatory features such as Trusted Platform Module (TPM) 2.0, Virtualization-Based Security (VBS), and Secure Boot create a much stronger “secure-by-default” defense against attacks that target the boot process and system integrity.

However, this enhanced baseline security does not eliminate the need for more diligent protection. The vast majority of cyberattacks target the user, not the hardware. Cybercriminals still employ phishing emails, malicious downloads, and insecure websites to compromise your device, regardless of the operating system’s strength. While it’s true that Windows 11 has made great strides in security, the threat landscape has evolved even faster. Installing a multi-layered security solution remains a critical tool for proactively protecting your personal data and online activities.

Augmenting with a free antivirus

In Windows 11, you can augment the built-in Windows Defender with a free antivirus option, but it’s important to understand the trade-offs. Free antivirus solutions typically offer only basic malware protection and lack crucial features that are standard in paid suites, such as a secure VPN, identity monitoring services, advanced phishing protection, a password manager, and dedicated customer support. Some free software may also collect and sell your browsing data to third parties to generate revenue.

While free is tempting, investing in a paid suite with total protection provides peace of mind, knowing that all aspects of your digital life—from your device security to your personal identity and online privacy—are actively protected by an integrated, powerful solution.

Best practices for security on Windows

Using Microsoft’s built-in antivirus software can protect your Windows devices from viruses and malware. Follow these basic Windows Defender management steps:

  • Accessing settings: You can access the Windows Security app (where Defender is managed) through the Start menu > Settings > Update & Security > Windows Security > Virus & threat protection.
  • Running scans: Quick, Full, and Custom scans can be initiated through the Windows Security app.
  • Checking for updates: Security intelligence updates can be checked for and downloaded manually within the Windows Security app.

Quick tips to stay more secure on Windows

  • Always keep your Windows operating system and all applications updated.
  • Trust your instincts and think twice before clicking on suspicious links or email attachments.
  • Use a password manager to create and store strong, unique passwords for every account.
  • Protect your privacy on public Wi-Fi by always using a trusted VPN.
  • Go beyond basic antivirus with a solution that also protects your identity and privacy.

Keeping your 3rd-party antivirus with Windows 11

In most cases, you can retain your third-party antivirus when you move to Windows 11. Reputable antivirus providers ensure their software is fully compatible with new operating system releases. Before you upgrade to Windows 11, ensure your antivirus software is updated to the latest version. Your subscription should carry over to the new OS seamlessly.

The benefit of using a cross-platform security suite is that your license and protection extend beyond a single OS version. Whether you’re on Windows 10, Windows 11, a Mac, or a mobile device, your protection remains active and managed from a single account, avoiding the hassle of finding new software or purchasing new licenses every time you upgrade or change devices.

Essential antivirus features

Windows Defender provides a solid starting point of security for your computer, but it is good to reinforce that capability with a comprehensive solution. Antivirus protection programs available in the market today aren’t all created equal. When looking for the best antivirus software for your needs, here are some things to consider for your devices running on Windows 11.

  • Compatibility across multiple operating systems: If you own a Windows personal computer, an iPhone, and a tablet that runs on Chrome, it helps to have an antivirus app that works across multiple operating systems. Many trusted premium protection services are compatible with Windows, Mac, iOS, and Android devices, allowing you to enjoy all your devices without losing protection.
  • Protection against a variety of online threats: For greater cybersecurity, a reliable antivirus software should defend against a variety of online threats like viruses, spyware, and ransomware. Make sure your chosen antivirus software can alert you when it recognizes a risky link, website, or file.
  • Easy to use: Functionality is another thing to consider, especially if you want to easily manage multiple devices. Opt for a suite that allows you to connect and manage all of your desktop and mobile devices from one single dashboard.
  • Real-time and scheduled scanning: To keep your devices free from online threats, good antivirus software should be able to scan your files for threats 24/7, providing protection with real-time, on-demand scanning of files and applications.

McAfee’s capabilities for total protection

Today’s cybercriminals are relentlessly creating new threats every day to steal your identity, money, and personal data. Thinking of antivirus as just for viruses is outdated; modern security suites are about total digital wellness. McAfee+ was developed with an understanding of how cybercriminals operate. Our all-in-one protection includes:

  • Virtual Private Network (VPN): A VPN is one of the biggest benefits of using a complete, third-party antivirus protection. When you use public Wi-Fi, it’s possible for a hacker to see your data. A VPN encrypts your data to protect it from prying eyes. It also conceals your device’s IP address and geolocation.
  • Identity monitoring: Get 24/7 monitoring of your email addresses and bank accounts with up to $1 million in ID theft coverage. With early detection, an easy setup, and extensive monitoring (keeping tabs on up to 60 unique types of personal information), you can continue to live your best life online.
  • Protection score: We’ll look at the health of your online protection and give you a protection score. We’ll also recommend how to address weak spots and improve your security.
  • PC optimization: To speed up your online activities, McAfee PC Optimizer automatically blocks auto-play on pop-up videos to give you more bandwidth and save battery power. It also disposes of temporary files and cookies to free up disk space.
  • Password manager: One good way to keep your data secure is to use strong passwords that are unique for each account. Our password manager generates complex passwords, stores them, and lets you access shared passwords on your mobile devices.

Safe digital habits to regularly observe

  • Enable automatic updates: Ensure both Windows and your applications are set to update automatically. This is your first line of defense against exploits that target software vulnerabilities.
  • Use a standard user account: For daily tasks, use a standard user account instead of an administrator account to limit the potential damage during a malware attack.
  • Implement secure backups: Regularly back up your important files to an external drive or a secure cloud service to ensure you can recover your data in case of a ransomware attack.
  • Activate multi-factor authentication (MFA): Enable MFA on all your important online accounts (email, banking, social media) for a powerful layer of security beyond just a password.
  • Install comprehensive security software: Use a reputable, all-in-one security suite that provides an antivirus, firewall, VPN, and identity protection to cover all your security needs.

Final thoughts

Whether you’re using Windows 10 or the latest Windows 11, the built-in Microsoft Defender provides a good starting point for your device’s security. However, an antivirus is just one layer of security. To be truly protected from the full spectrum of today’s online threats, you need a more comprehensive approach. Adding a trusted security suite gains you layers of protection for your identity, privacy, and data that go far beyond basic antivirus defense.

When you install a third-party antivirus like McAfee Total Protection, it seamlessly takes over as the primary real-time protection provider, while Windows Defender can remain available for periodic scans, ensuring there are no conflicts. To check your security status, simply navigate to Windows Security > Virus & threat protection to see which provider is active.

For complete peace of mind, comprehensive solutions like McAfee Total Protection add critical features like a VPN for online privacy, identity monitoring, and protection for all your devices, not just your Windows personal computer.

The post Does Windows 10 or 11 Need Antivirus Software? appeared first on McAfee Blog.

My email has been hacked! What should I do next?

By: Jasdev Dhaliwal

If you find that your email has been hacked, your immediate reaction is probably wondering what you should do next. Take a deep breath before jumping into action. In this guide, we will take a look at the signs of a hacked email account, the steps to take to reclaim your email, and some proactive guidelines you can follow to keep it from getting hacked in the first place.

Hackers’ motivation for targeting your email

Hackers target your email accounts because they are treasure troves of information, containing years of correspondence with friends and family. Not to mention more emails from banks, online retailers, doctors, contractors, business contacts, and more. In all, your email packs a high volume of personal info in one place, making it a top prize for hackers.

Once a cybercriminal is in, they can cause personal chaos or obtain financial gain. Using the information they extract from your emails, they can scan your messages for sensitive information like bank account details, and commit identity theft. They can also take over your online accounts by using the forgot password feature, locking you out of your own social media, shopping, and financial profiles. Another common tactic is to send phishing emails to everyone in your contact list, exploiting your reputation to spread malware or scams. 

If you think, “my email has been hacked, how do I fix it?” understand that because many people reuse passwords, a single compromised email can give criminals the key to unlock numerous other services. This is precisely why a comprehensive service for identity theft monitoring is so crucial; it acts as a vigilant watchdog, alerting you to suspicious activity across your accounts so you can act fast.

Signs your email account is hacked

You can’t log into your email account

You go to check your email and find that your username and password combination has been rejected. You try again, knowing you’re using the right password, and still no luck. There’s a chance that a hacker has gotten hold of your log-in credentials, logged in, then changed the password, locking you out and gaining control of your account.

One of your contacts asks, “Did you really send this email?” 

Hackers compromise email accounts to spread malware on a large scale by blasting emails to everyone on your hacked contact list. If any one of your contacts opens that email attachment, that in turn shoots malware-riddled emails to dozens or hundreds of others. Some of those emails won’t sound or read like you at all, that your contacts might ask if this email really came from you. This is a good reason to never open attachments you weren’t expecting. If you get a strange email from a friend or business contact, let them know through another channel. You could be helping them flag their compromised email account.

Email hacking methods

  • Phishing scams: Deceptive emails, texts, or messages trick you into revealing your login credentials on a legitimate-looking but fake website. These are designed to steal your password directly.
  • Data breaches: Your email and password are often stolen from a less secure company you have an account with. Cybercriminals then test those stolen credentials on high-value targets like email services.
  • Weak or reused passwords: Using simple, easy-to-guess passwords like “password123” or using the same password for multiple online accounts makes it easy for hackers to gain access once one account is breached.
  • Credential stuffing: This is an automated attack where bots take massive lists of stolen usernames and passwords from data breaches and “stuff” them into login forms across the web, looking for accounts that reuse passwords.
  • Malware infections: Malicious software, such as keyloggers or spyware, can infect your computer and secretly record your keystrokes, capturing your email password and other sensitive information as you type it.

Recover your email & strengthen your defenses

Your email is often the key to your digital life, so regaining control quickly is crucial. Below are the basic steps you can take to recover your email account safely and reinforce your defenses to prevent future takeovers.

Use your email provider’s recovery service

Many email providers have web pages dedicated to recovering your account in the event of a lost or stolen password. For example, Google provides this email recovery page for Gmail users and their other services. This is a good reason to keep your security questions and alternate contact info current with your provider, as this is the primary way to regain control of your account.

Change your password

Make it a strong, unique password and don’t reuse a password from another account. Next, update the passwords for other accounts if you use the same or similar passwords for them. Hackers count on people using simpler, less unique passwords across their accounts, or reusing passwords in general. A password manager that’s included with comprehensive online protection software can do that work for you.

Enable two-factor authentication

Several email services support two-factor authentication, which requires a PIN to log in aside from a username and password. If your service offers it, use it. This provides one of the strongest defenses against a hacked email account, and online accounts in general.

Check your other accounts

If someone has access to your email and all the messages in it, they might have what they need to conduct further attacks. Check your other accounts across banking, finances, social media, and other services you use and keep an eye out for any unusual activity. If these accounts offer two-factor authentication, use it on them as well.

Reach out to your email contacts

As quickly as you can, send a message to all your email contacts and let them know that your email was compromised. As well, let them know that you’ve reset your password so that your account is secure again. Instruct them not to open any emails or attachments from you during the time your account was compromised. This protects them from potential phishing scams and preserves your reputation.

Alert your email provider and authorities to the incident

Once you have re-secured your email account, you will need to report the incident to your email provider. This enables them to minimize the damage to you, investigate the attack, and protect others from suffering the same fate. Here are the steps you need to take:

  1. Contact your email provider: Go directly to your provider’s official support or account recovery page. Do not use links from suspicious emails. Report the unauthorized access to help them investigate.
  2. Reset security credentials: After regaining access, immediately review and reset your security questions and update your recovery phone number and alternate email address. This prevents the hacker from using them to get back in.
  3. File an official report: In the U.S., file a report with the Federal Trade Commission (FTC) at IdentityTheft.gov. This creates an official record of the incident and provides a personalized recovery plan.
  4. Activate restoration services: If you suspect your personal information has been stolen, professional help is invaluable. McAfee’s Restoration Experts can guide you through the complex process of securing your identity, disputing fraudulent activity, and restoring your name.

Long-term email protection strategies

Protecting it requires more than quick fixes; it calls for consistent, long-term security practices. Here’s a quick guide that outlines key strategies to keep your email secure for the long haul.

  • Set up smart email filters: Create rules within your email settings to automatically move suspicious-looking emails to your spam or trash folder. This reduces the chance you’ll accidentally click on a malicious link in a phishing attempt.
  • Leverage comprehensive protection: Use an all-in-one security solution like McAfee+, which combines identity monitoring, privacy protection, and powerful antivirus software to safeguard your data and devices from multiple angles.
  • Conduct regular account audits: At least once every few months, take a few minutes to review your account’s security settings, check connected third-party apps, and remove access for any services you no longer use or recognize. Also check for unauthorized changes to your signature or email filters.
  • Run a full scan. Make sure you use a reputable and comprehensive antivirus program that protects computers, smartphones and tablets from malware.
  • Monitor your credit reports: Regularly checking your credit report is a key way to spot a problem such as unauthorized accounts or financial inquiries immediately, before it becomes a bigger problem. In the U.S., you can check yours weekly at AnnualCreditReport.com.

Final thoughts

Your email account is one of the several pieces that make up the big picture of your online identity. Other important pieces include your online banking accounts, online shopping accounts, and so on. Without a doubt, these are matters you need to keep tabs on. Check your credit report for any signs of strange activity, or even if you don’t suspect a problem. Your credit report is a powerful tool for spotting identity theft. In many cases, it’s free to do so. 

With McAfee+, you can check yours any time you like as part of our identity and credit monitoring service. McAfee+ is engineered with powerful capabilities such as real-time protection against viruses, hackers, and risky links. It also automatically alerts you from scams attempts in texts, emails, and videos, to keep you a step ahead of financial fraud and misinformation across all your devices. In case of identity theft, McAfee+ also offers identity theft coverage and restoration services of up to $2 million to help you cover legal and other fees in case you need assistance in the wake of an attack or breach. 

Taking a step like this can help keep your email account safer from attacks, along with your other accounts.

The post My email has been hacked! What should I do next? appeared first on McAfee Blog.

Sharing Isn’t Always Caring: Tips to Help Protect Your Online Privacy

By: Jasdev Dhaliwal

When it comes to protecting your privacy, take a close look at your social media use—because sharing can quickly turn into oversharing.

The term “oversharing” carries several different definitions. Yet in our case here, oversharing means saying more than one should to more people than they should. Consider the audience you have across your social media profiles. Perhaps you have dozens, if not hundreds of friends and followers. All with various degrees of closeness and familiarity. Who among them can you absolutely trust with the information you share?

And you might be sharing more than you think. Posts have a way of saying more than one thing, like:

“This is the pool at the rental home I’m staying at this week. Amazing!” Which also tells everyone, “My home is empty for the next few days.”

“I can’t start my workday without a visit to my favorite coffee shop.” Which also says, “If you ever want to track me down in person, you can find me at this location practically any weekday morning.”

One can quickly point to other examples of oversharing. Unintentional oversharing at that.

A first-day-of-school picture can tell practical strangers which elementary school your children attend, say if the picture includes the school’s reader board in it. A snapshot of you joking around with a co-worker might reveal a glimpse of company information. Maybe because of what’s written on the whiteboard behind the two of you. And in one extreme example, there’s the case of an assault on a pop star. Her attacker tracked her down through her selfie, determining her location through the reflection in her eyes.

The list goes on.

That’s not to say “don’t post.” More accurately, it’s “consider what you’re posting and who gets to see it.” You have control over what you post, and to some degree, who gets to see those posts. That combination is key to your privacy—and the privacy of others too.

Three simple steps for protecting your privacy on social media

1) Be more selective with your settings: Social media platforms like Facebook, Instagram, and others give you the option of making your profile and posts visible to friends only. Choosing this setting keeps the broader internet from seeing what you’re doing, saying, and posting—not to mention your relationships and likes. Taking a “friends only” approach to your social media profiles can help protect your privacy because that gives a possible scammer or stalker much less material to work with. Yet further, some platforms allow you to create sub-groups of friends and followers. With a quick review of your network, you can create a sub-group of your most trusted friends and restrict your posts to them as needed.

2) Say “no” to strangers bearing friend requests: Be critical of the invitations you receive. Out-and-out strangers might be more than just a stranger. They might be a fake account designed to gather information on users for purposes of fraud. There are plenty of fake accounts too. In fact, in Q1 of 2023 alone, Facebook took action on 426 million fake accounts. Reject such requests.

3) Consider what you post: Think about posting those vacation pictures after you get back so people don’t know you’re away when you’re away. Also, consider if your post pinpoints where you are or where you go regularly. Do you want people in your broader network to know that? Closely review the pics you take and see if there’s any revealing information in the background. If so, you can crop it out (think notes on a whiteboard, reflections in a window, or revealing location info). Further, ask anyone you want to include in their post for their permission. In all, consider their privacy too.

Further ways to make yourself more private online

While we’re on the topic, you can take a few other steps that can make you more private online. In addition to your social media usage, other steps can help keep more of your private and personal information with you—where it belongs:

  • Skip the online quizzes: Which superhero are you? “What’s your spooky Halloween name?” or “What’s your professional wrestler name?” You’ve probably seen quizzes like these crop up in your feed sometimes. Shadily, these quizzes might ask for the name of the street you grew up on, your birthdate, your favorite song, and maybe the name of a beloved first pet. Of course, these are pieces of personal information, sometimes the answer to commonly used security questions by banks and other financial institutions. (Like, what was the model of your first car?) With this info in hand, a hacker could attempt to gain access to your accounts. Needless to say, skip the quizzes.
  • Clean up your personal data trail: When was the last time you Googled yourself? The results might reveal all kinds of things, like your estimated income, the names and ages of your children, what you paid for your home, and, sometimes, your purchasing habits. Who’s collecting and posting this information about you? Online data brokers gather information from all manner of public records. Beyond that, they’ll also gather information from app developers, loyalty cards, and other companies that track your web browsing. Data brokers will sell this info to anyone. Advertisers, background checkers, telemarketers, and scammers too. Data brokers don’t discriminate. Yet you can clean up that information with a Personal Data Cleanup like ours. It scans some of the riskiest data broker sites for your personal info and helps manage the removal for you. ​
  • Spend time online more privately with a VPN: A VPN creates an encrypted “tunnel” that shields your activity from cybercriminals so what you do online remains anonymous.​ It helps make you anonymous to advertisers and other trackers too. By encrypting your web traffic requests, a VPN can hide your search habits and history from those who might use that info as part of building a profile of you—whether that’s for targeted ads or data collection that they might sell to brokers for profit. Comprehensive online protection software like ours includes one.

More privacy partly comes down to you

Granted, “social” is arguably the opposite of “private.” Using social media involves sharing, by its very definition. Yet any oversharing can lead to privacy issues.

Maybe you want close friends to know what’s going on, but what about that so-so acquaintance deep in your friends list? How well do you really know them? And to what extent do you want them to know exacting details about where you are, where your kids go to school, and so on? Those are questions you ultimately must answer, and ultimately have some control over depending on what you share on social media.

Also important to consider is this: if you post anything on the internet, consider it front-page news. Even with social media privacy settings in place, there’s no guarantee that someone won’t copy your posts or pics and pass them along to others.

The flipside to the topic of social media and privacy is the platform you’re using. It’s no secret that social media companies gather hosts of personal information about their users in exchange for free use of their platforms. Certainly, that’s a topic unto itself. We cover what social media companies know about you in this article here—along with a few steps that can help you limit what they know as well.

When it comes to your privacy and social media, it depends largely on how you use it. How you use various privacy and audience settings offers one way to manage it. The other is you and the information you put out there for others to see.

The post Sharing Isn’t Always Caring: Tips to Help Protect Your Online Privacy appeared first on McAfee Blog.

How to Protect Yourself from Vishing

By: Jasdev Dhaliwal

“Vishing” occurs when criminals cold-call victims and attempt to persuade them to divulge personal information over the phone. These scammers are generally after credit card numbers and personal identifying information, which can then be used to commit financial theft. Vishing can occur both on your landline phone or via your cell phone.

The term is a combination of “voice,” and “phishing,” which is the use of spoofed emails to trick targets into clicking malicious links. Rather than email, vishing generally relies on automated phone calls that instruct targets to provide account numbers. Techniques scammers use to get your phone numbers include:

  • Data Breaches: Scammers often obtain phone numbers from data breaches where personal information is exposed and sold on the dark web.
  • Public Records: Phone numbers can be found in public records, such as court documents, voter registration lists, and property records, which are often accessible online.
  • Social Media: Many people share their contact information on social media profiles or posts, making it easy for scammers to collect phone numbers.
  • Online Surveys and Contests: Scammers create fake online surveys or contests that require participants to enter their phone numbers, which are then harvested for vishing.
  • Dumpster Diving: Physical documents thrown away without shredding, such as old phone bills or bank statements, can provide scammers with phone numbers. Once a visher has the list, he can program the numbers into his system for a more targeted attack.
  • Wardialing: A visher uses an automated system to target specific area codes with a phone call involving local or regional banks or credit unions. When someone answers the phone a generic or targeted recording begins, requesting that the listener enter a bank account, credit, or debit card number and PIN.

Once vishers have phone numbers, they employ various strategies to deceive their targets and obtain valuable personal information:

  • VoIP: Voice over Internet Protocol (VoIP) facilitates vishing by enabling vishers to easily spoof caller IDs, use automated dialing systems, and leverage AI-powered voice manipulation, all while operating from virtually anywhere with an internet connection. This combination of technologies makes it easier for scammers to appear legitimate and efficiently target numerous victims.
  • Caller ID Spoofing: Caller ID spoofing works by manipulating the caller ID information that appears on the recipient’s phone, making it seem as though the call is coming from a trusted or local source. Scammers use specialized software or VoIP services to alter the displayed number, which can mimic the number of a reputable institution, such as a bank or government agency.
  • Social Engineering: In live calls, vishers use social engineering techniques to build trust and manipulate the target into divulging personal information. They might pose as customer service representatives, tech support agents, or officials from financial institutions to convince you to hand over personal information.
  • Voice Manipulation Technology: Advanced AI-powered voice manipulation tools can mimic the voices of known individuals or create convincing synthetic voices, adding credibility to the call.
  • Urgency and Threats: Vishers often create a sense of urgency or fear, claiming immediate action is required to prevent serious consequences, such as account closure, legal action, or financial loss.

To protect yourself from vishing scams, you should:

  • Educate Yourself: Knowledge is the key to defending yourself from vishing. The more you understand it, the better off you’ll be, so read up on vishing incidents. As this crime becomes more sophisticated, you’ll want to stay up to date.
  • Use Call Blocking Tools: Utilize call blocking and caller ID spoofing detection tools offered by your phone service provider or third-party apps to filter out potential scam calls.
  • Be Skeptical of Caller ID: With phone spoofing, caller ID is no longer trustworthy. Since caller ID can be tampered with, don’t let it offer a false sense of security.
  • Do Not Share Personal Information: Never provide personal information, such as Social Security numbers, credit card details, or passwords, to unsolicited callers.
  • End the Call: If you receive a phone call from a person or a recording requesting personal information, hang up. If the call purports to be coming from a trusted organization, call that entity directly to confirm their request.
  • Report Suspicious Activity: Call your bank and report any fraud attempts immediately, noting what was said, what information was requested, and, if possible, the phone number or area code of the caller. Also report any suspicious calls to relevant authorities, such as the Federal Trade Commission (FTC), to help prevent others from falling victim to the same scams.

Staying vigilant and informed is your best defense against vishing scams. By verifying caller identities, being skeptical of unsolicited requests for personal information, and using call-blocking tools, you can significantly reduce your risk of falling victim to these deceptive practices. Additionally, investing in identity theft protection services can provide an extra layer of security. These services monitor your personal information for suspicious activity and offer assistance in recovering from identity theft, giving you peace of mind in an increasingly digital world. Remember, proactive measures and awareness are key to safeguarding your personal information against vishing threats.

The post How to Protect Yourself from Vishing appeared first on McAfee Blog.

How to Safely Connect to Public Wi-Fi While Traveling

By: Jasdev Dhaliwal

As the summer sun beckons us to explore new destinations, many of us rely on public Wi-Fi to stay connected while on the go. Whether checking emails, browsing social media, or planning our next adventure, access to Wi-Fi has become an essential part of our travel experiences. However, amidst the convenience lies a lurking threat to our cybersecurity. Public Wi-Fi networks are typically unencrypted, meaning data transmitted over these networks can be intercepted by hackers.  

A study found that 40% of respondents have had their information compromised while using public Wi-Fi. In one notorious incident, a hacker accessed a journalist’s confidential work emails through in-flight Wi-Fi and then confronted him at baggage claim to reveal the breach. Often, individuals remain unaware of such compromises until well after the fact.  

Since public Wi-Fi networks are often unsecure and used by many people, they are prime targets for cybercriminals looking to steal personal information such as passwords, credit card numbers, and other sensitive data. But fear not! With the right precautions, you can enjoy your summer travels while keeping your data safe and secure.  

1. Understanding the Risks: Before delving into the world of public Wi-Fi, it’s crucial to understand the risks involved. Public networks, such as those found in cafes, airports, and hotels, are often unencrypted, meaning that cybercriminals can intercept data transmitted over these networks. This puts your sensitive information, including passwords, credit card details, and private messages, at risk of being compromised. 

2. Utilize a Virtual Private Network: One of the most effective ways to safeguard your data while using public Wi-Fi is by using a Virtual Private Network (VPN). A VPN encrypts your internet connection, creating a secure tunnel between your device and the internet. This encryption prevents hackers from intercepting your data, ensuring your online activities remain private and secure. Invest in a reputable VPN service and install it on your devices before embarking on your summer adventures for added protection. Check out our step-by-step tutorial if it’s your first time setting up a VPN.  

3. Keep Software Updated: Another essential aspect of cybersecurity is keeping your devices and software up-to-date. Updates often include security patches that address vulnerabilities and protect against emerging threats. Before setting off on your summer travels, install any available updates for your operating system, web browser, and security software. This simple step can significantly reduce the risk of falling victim to cyberattacks while connected to public Wi-Fi networks. 

4. Enable Multi-Factor Authentication: Adding an extra layer of security to your online accounts can help prevent unauthorized access, even if your passwords are compromised. Multi-factor authentication (MFA) requires you to provide two or more forms of verification before accessing your accounts, such as a password, a fingerprint scan, or a one-time code sent to your mobile device. Enable MFA on your email, social media, and banking accounts before your travels to enhance your cybersecurity defenses. 

5. Exercise Caution: Avoid accessing sensitive information while connected to public Wi-Fi. Refrain from logging into banking or shopping accounts and accessing confidential work documents while connected to unsecured networks. Instead, save these tasks for when you’re connected to a trusted network or using your mobile data. 

6. Practice Good Password Hygiene: While connected to public Wi-Fi, it’s crucial to use strong, unique passwords for all your accounts. Avoid using easily guessable passwords or reusing the same password across multiple accounts, as this increases the risk of unauthorized access to your sensitive information. Consider using a reputable password manager to generate and store complex passwords securely.  

7. Consider a Personal Hotspot: Using a personal hotspot instead of public Wi-Fi networks can often be a safer choice. Many mobile devices allow you to create a secure Wi-Fi network using your cellular data connection. Check your phone provider’s data plan beforehand to ensure this option doesn’t incur additional data charges. 

Connecting to public Wi-Fi safely during your summer travels requires awareness and preparation. By taking steps like utilizing a VPN, keeping your software updated, and enabling MFA, you can enjoy the convenience of staying connected while protecting your personal information from cyber threats.  

To further safeguard your digital devices, explore McAfee’s array of software solutions to discover the perfect fit for your security requirements. With the right cybersecurity tools, it’s easy to surf the web securely while exploring new destinations during your summer adventures.

The post How to Safely Connect to Public Wi-Fi While Traveling appeared first on McAfee Blog.

How to Get Kids Focused on Their Online Privacy

By: Toni Birdsong

Kids engage online far differently than adults. Between group chats, social apps, and keeping up with digital trends, their interests, and attention spans constantly shift, which means online privacy concerns get sidelined. Here are a few ways to move online privacy center stage.

Helpful Tips to Help Kids Protect Their Privacy

1. Make Privacy Fun and Relatable

Few things will put kids to sleep faster than talking with parents about online stuff like privacy. So, flip the script. Talk about the things they love online—shopping, TikTok, and group chats. Why? Because all that daily fun could come to a screeching halt should a bad actor get a hold of your child’s data. Establishing strong digital habits allows your child to protect what they enjoy including their Venmo account, video games, and midnight chatting. Doing simple things such as maximizing privacy settings on social networks, limiting their social circles to known friends, and refraining from oversharing, can dramatically improve digital privacy.

2. Strong Relationship = Online Safety

We say it often: The best way to keep your kids safe online is by nurturing a strong relationship with them. A healthy parent-child connection is at the heart of raising kids who can make good choices online. Connect with your child daily. Talk about what’s important to them. Listen. Ask them to show you their favorite apps. Soon, you’ll discover details about their online life and gain the trust you need to discuss difficult topics down the road.

3. Layer Up Your Protection

According to the latest Data Breach Investigations Report (DBIR), which examined the state of cybersecurity in 2023, some 68% of global breaches, regardless of whether they included a third party or not, involved a non-malicious human action, such as a person making an error or becoming a victim of a social engineering attack. For that reason, consider putting an extra layer of protection between your family and cyberspace. A few ways to do that:

4. Build Your Digital Offense

A good digital offense is the best way to guard yourself and your family against those out to misuse your data. Offensive tactics and habits include using strong passwords, maximizing privacy settings on social networks, using a VPN, and boosting security on the many IoT devices throughout your home.

5. Deep Clean Your Digital House

Get in the habit of deep cleaning your technology and bring your kids into the routine. Here’s how:

  • Together, remove unused apps from all devices
  • Add Multi-Factor Authentication to your account passwords
  • Update all device software
  • Wipe social profiles (including posts) clean of personal or family information such as full names, school names, birthdates, ages, addresses, phone numbers, emails, or location patterns. Do it together and even throw in a few rewards.

Level Up Family Cybersecurity

It’s hard to slow down and get serious about online privacy if you’ve never experienced a breach or online theft of some kind. However, chances are, the dark side of online living will impact your family before long. Ready to go deeper? Dig into these cybersecurity tips for every age and stage.

The post How to Get Kids Focused on Their Online Privacy appeared first on McAfee Blog.

How to Safeguard Your Digital Assets While Backpacking on a Budget

By: Jasdev Dhaliwal

Traveling on a budget while backpacking allows individuals to immerse themselves fully in local cultures, explore off-the-beaten-path destinations, and forge genuine connections with fellow travelers, all while minimizing expenses. However, amidst the thrill of exploring new places, it’s crucial to safeguard your digital assets and personal information. Experiencing multiple scams on a single trip, as this twenty-one-year-old woman did in Chile and Bolivia, is rare. However, her cautionary tale highlights the importance of careful preparation when traveling, particularly in unfamiliar destinations.

Common types of travel scams

Being informed about different scam risks is critical to ensuring a safe journey. Beyond the dangers inherent in unencrypted public Wi-Fi, cybercriminals also deploy Wi-Fi network spoofing, setting up fake networks in tourist hotspots to intercept travelers’ data. ATM skimming is another prevalent threat, especially in popular tourist areas, where criminals install devices to steal card information from unsuspecting users.

Accommodation scams on online booking platforms have also become more common, leaving travelers stranded without a place to stay after falling victim to fake listings or fraudulent hosts. One individual wired $3,100 to a cybercriminal after receiving a scam email, purportedly from Booking.com, offering a 20% accommodation discount for paying the host directly via wire transfer.

How to stay safe against scams while traveling

Given these risks, backpackers should take proactive measures to safeguard their devices and data. Here are some practical tips and strategies to ensure your cybersecurity while backpacking on a budget:

  1. Prioritize Device Security: Ensure your devices are adequately secured before embarking on your adventure. Update your operating systems, apps, and antivirus software to the latest versions to patch any known vulnerabilities. Set up strong, unique passwords for each device and account and enable multi-factor authentication for an extra layer of security.
  2. Use a Virtual Private Network (VPN): When connecting to public Wi-Fi networks, such as those found in hostels or cafes, use a VPN to encrypt your internet traffic. This prevents hackers from intercepting your data and protects your online privacy. McAfee Security’s VPN feature is equipped with an auto-sensing capability designed to identify instances when the device is connected to a Wi-Fi network with insufficient security measures. Upon detecting such networks, McAfee Security automatically activates the VPN to ensure enhanced online protection.
  3. Beware of Phishing Scams: Cybercriminals often target travelers as they may be in a rush or preoccupied with their trip, making them more susceptible to phishing tactics that exploit urgency or curiosity. Be cautious of unsolicited emails, messages, or pop-up ads asking for personal or financial information. Avoid clicking on suspicious links, and never provide sensitive data unless you’re certain of the recipient’s authenticity.
  4. Avoid accommodation scams: Verify the legitimacy of accommodation listings by thoroughly researching the property and host. Review previous guests’ reviews and check for any red flags, such as suspiciously low prices or limited contact information. Always book accommodations directly through reputable booking platforms rather than responding to unsolicited emails or offers. Avoid making payments via wire transfer or other unsecured methods and use the platform’s secure payment system instead. Lastly, trust your instincts and be wary of any requests for unusual payment methods or offers that seem too good to be true.
  5. Exercise Caution on Social Media: Be mindful of what you share on social media platforms while traveling. Avoid disclosing sensitive information such as your exact location or travel itinerary, as this could make you a target for cybercriminals or opportunistic thieves. Adjust your privacy settings to limit who can view your posts and consider posting updates after you’ve left a particular location. Social Privacy Manager can help adjust more than 100 privacy settings across your social media accounts in just a few clicks.
  6. Stay Vigilant Against Social Engineering: Social engineering involves cybercriminals using tactics to trick people into sharing sensitive information for nefarious purposes. Social media scams have emerged, with scammers impersonating travel influencers to deceive travelers into fraudulent schemes like fake giveaways. Whether it’s a friendly stranger offering assistance or an online promise of unbelievable deals, remain cautious and avoid sharing personal or financial information with unfamiliar individuals.

While backpacking offers incredible opportunities for adventure and exploration, it’s essential to prioritize cybersecurity to safeguard your digital assets and personal information. By following these practical tips and strategies, you can enjoy your travels with peace of mind, knowing you’ve taken steps to protect yourself against cyber threats.

The post How to Safeguard Your Digital Assets While Backpacking on a Budget appeared first on McAfee Blog.

How to Keep Your Kids Safe Online

By: Alex Merton-McCann

I often joke about how I wish I could wrap up my kids in cotton wool to protect them from all the challenges of the real world. When they were little, I would have loved to protect them from some of the trickier kids in the playground. But as they got older, it was all about the internet and of course, alcohol, drugs and fast cars!

Unfortunately, I don’t have solutions for all of the above parenting challenges but with over 12 years of experience as Cybermum, I know a thing or two about keeping kids safe online.

Online Safety – Whose Responsibility Is It?

The CEOs of the world’s largest social media platforms were recently summoned to a Senate Judicial Committee hearing in Washington. The Kids Online Safety Act (KOSA) is still being heavily debated and representatives from Meta, Discord, TikTok, Snap and X, the company formerly known as Twitter, were invited to participate in the hearing. Designed to regulate social media and better protect children, the proposed bill has a lot of support but there is still a way to go before it takes its final shape and potentially becomes law.

In my opinion, there’s no question that governments worldwide need to play a bigger, more vocal role in this arena and insist on better protections for all social media users, particularly our kids. In 2019, Australia passed its own Online Safety Act and the UK did the same in 2023 with its Online Safety Law. And while these are all very important steps forward, I honestly believe that the role families play in teaching their kids about online safety is even more important.

Digital Parenting Can Be Overwhelming

I totally understand that teaching kids about online safety can just feel like another task on a never-ending to-do list. I’ve been there! But think of it like this. Haven’t you been talking to your kids about sun safety and road safety along the way? You know, dropping in little reminders and tips as you drop them at school or pick them up from a play date? Well, this is how you need to think about online safety. Focus on breaking it down into little chunks so it doesn’t feel hard.

Now that we have our mindset sorted, let me share my top tips for helping your kids stay safe while they are online.

  1. Start Early and Talk Often

As soon as your kids can pick up a device, your conversations about online safety need to start. Yes, I know it might seem ridiculous, but it is THE best way to help ‘mould and shape’ your offspring’s mind in a cyber-safe way. If your 2-year-old likes to play games on your iPad, it could be as simple as:

  • ‘remember mummy or daddy choose the game’
  • ‘mummy/daddy enters the passcode’
  • ‘let’s keep your name private online.’ To help with this, why not create an online nickname for them?

And when your kids get older, weave in more age-appropriate messages, such as:

  • ‘Online friends aren’t real friends’
  • ‘If you wouldn’t do it in person then don’t do it online’
  • ‘Think before you post’

Spending time online with your child from an early age is another great way of helping them understand the difference between good and bad content. And modelling good digital citizenship while you are online with your kids will help ‘mould and shape’ their understanding of how to interact safely and positively.

  1. Set Clear Rules and Expectations

I’m a big fan of ensuring kids have clarity on boundaries and expectations, particularly when it comes to all things online. Your easiest fix here? A family technology agreement. I love a family technology agreement because it can be tailored to your kids, their ages and maturity levels. Check out my previous blog post on how to develop one for your family here. One final piece of advice here – don’t start introducing tech contracts during a family blow up. Please wait till everyone is calm otherwise I can assure you, you’ll encounter resistance from some family members!

  1. Ensure Your Kids Have The Basics Covered

There are a few key fundamental basics that I think every child needs to know to keep themselves safe online. Here are my top 5:

  • Never share passwords – no exceptions
  • One password for every online account
  • Privacy settings are always to be set to the highest level on all social media platforms
  • Use Wi-Fi carefully – never share sensitive information or undertake banking
  • Turn on 2-factor authentication wherever possible (or multi-factor authentication)

I would also include these basics in your family technology contract.

  1. Develop Critical Thinkers

As your kids get older, it becomes harder to monitor their every move online. Yes, you can create bookmarks with ‘approved’ sites and install parental controls however it is inevitable that there will be an opportunity for unsupervised internet usage. But if you have helped your kids develop critical thinking skills then it is far more likely that they will be able to navigate the internet is a safe and responsible way.

Where to start? Always encourage a healthy scepticism and encourage them to not accept that everything they read online is true. When it is age-appropriate, help them to identify reliable sources, spot less reliable websites, and question the underlying purpose of the information that has been shared.

  1. Understand Your Child’s Online World

Taking some time to understand how your child spends their time online is the best way of truly understanding the risks and challenges they face. And when you understand the risks they face, you can help them prepare for them. So, join ALL the social media platforms your kids are on, play their games and download their messaging apps. Not only will you develop a better understanding of how to manage the privacy settings on each of the platforms, but the often very specific language used and the online culture can often form a big part of your child’s life. And the best part – if they know you understand their world, you will develop a little ‘tech cred’ which means that they will be more likely to come to you with any issues or problems that may face online. Awesome!

  1. Invest in Parental Controls

A set of good-quality parental controls can be a wonderful addition to any digital parenting toolkit. Many will allow you to filter the content your child sees, block certain websites, and even track your child’s browsing history and location. But please remember, no parental controls will ever replace an invested parent! Check out McAfee’s website for more information.

Now, I know that might feel like a lot but please don’t stress. Simply chunk it down and give yourself a new task every week such as joining a new social media platform or playing your child’s favourite online game. The most important thing to remember is to keep talking to your kids. Why not start the conversation by asking them for advice or, sharing something you saw online? Remember, your goal here is to get yourself some tech cred! Good luck!!

Alex xx

The post How to Keep Your Kids Safe Online appeared first on McAfee Blog.

How To Protect Your Family’s Smartphones While on Vacation

By: Amy Bunn

Summer is synonymous with vacations, a time when families pack their bags, grab their sunscreen, and embark on exciting adventures. In the digital age, smartphones have become an indispensable part of our lives, serving as cameras, maps, entertainment hubs, and communication tools. While these devices enhance our travel experiences, they also become prime targets for theft or damage while we’re away from home. From keeping us connected with family and friends, assisting in navigation, capturing moments, to even helping us with language translation – it is a device of many conveniences. However, when you bring your smartphone while vacationing, like any other valuable item, it becomes a target for theft and damage. Not to mention the potential for high roaming charges.

Don’t let the fear of losing or damaging your valuable devices dampen your vacation spirit! By taking some simple precautions and implementing effective strategies, you can ensure that your family’s smartphones remain safe and secure throughout your travels. In this blog post, we’ll share essential tips and tricks for safeguarding your devices, so you can focus on creating unforgettable memories without any tech-related worries. This article will provide you with tips on how to protect your family’s smartphones while on vacation. We will cover strategies like enabling security settings, backing up data, checking for travel insurance policies, and utilizing helpful apps. Ensuring the safety of your devices will make your vacation more enjoyable and worry-free.

Smartphone Safety During Vacation

Traveling without smartphones seems almost impossible. However, having them on vacation puts them at risk. In tourist hotspots, where distractions are many, it is easy to lose or have your device stolen. Moreover, using public Wi-Fi networks can expose your smartphone to cyber attacks.

Dig Deeper: The Risks of Public Wi-Fi and How to Close the Security Gap

Therefore, it is vital to be proactive in securing both your smartphones and the data they contain. Not only will it save you from the high costs of replacing a lost or damaged phone, but it also prevents potential misuse of personal and financial information. Implementing even just a few of these safety measures can help ensure your family’s smartphones are well-protected during your vacation. So let’s dive into the practical steps you can take.

Step 1: How To Protect Your Smartphone

  1. Invest in Protective Gear: Equipping each device with a sturdy case and screen protector can significantly reduce the risk of damage due to accidental drops or impacts.
  2. Protect Your Devices: Whether you protect yours through a mobile security app or as part of the multi-device coverage that comes with your comprehensive security software, mobile protection can alert you of threats and unsecured networks while also adding in the protection of a VPN. 
  3. Regularly Backup Data: Back up photos, contacts, and other essential data to cloud storage or a computer. This ensures that precious memories and information are not lost in case of theft or damage.
  4. Enable Tracking Features: Activate “Find My Phone” or similar features on each device. These tools can help locate a lost or stolen device and even remotely erase its data if necessary.
  5. Exercise Caution with Public Wi-Fi: Public Wi-Fi networks can be vulnerable to hackers. Avoid using them for sensitive activities like online banking. If necessary, utilize a Virtual Private Network (VPN) for added security.
  6. Establish Phone Usage Guidelines: Discuss responsible phone use with children, setting clear expectations and limitations. Encourage them to unplug and fully engage in the vacation experience.
  7. Designate a Secure Storage Location: Establish a designated area in your hotel room or vacation rental for storing phones when not in use. This prevents misplacement and reduces the risk of theft.
  8. Maintain a Low Profile: Avoid openly displaying expensive devices, particularly in crowded areas or unfamiliar surroundings. Discreetness can deter potential thieves.
  9. Consider Insurance Coverage: Depending on your existing insurance policies, you may have coverage for mobile devices. Alternatively, explore dedicated device insurance for added protection.
  10. Prioritize Family Time: Remember, the primary purpose of vacation is to connect with loved ones and create lasting memories. Encourage everyone to put down their phones and fully immerse themselves in the experience.

Step 2: Protecting Your Smartphone Physically

The first layer of protection for your phone should be a physical one. It starts with investing in a good quality, durable phone case. A waterproof case is always a good idea, especially if you’re planning on vacationing near the beach or a pool. A screen protector can also keep your screen from shattering or getting scratched. Remember, you’re more likely to drop your phone while on vacation as you juggle through maps, travel apps, and numerous photo opportunities.

Another aspect of physical protection is to be mindful of where you store your phone. Avoid leaving it in plain sight or unattended, which could invite potential thieves. Instead, carry it in a secure, zipped pocket or bag. If you’re staying at a hotel, consider using the safe to store your phone when not in use. Most importantly, be aware of your surroundings and keep your phone safely tucked away in crowded places.

McAfee Pro Tip: Activating the correct features can determine whether your personal data is lost permanently or if your device can swiftly recover. Install McAfee Mobile Security and learn more tips on what to do if your phone gets stolen on this blog.

Step 3: Data Protection and Privacy

Safeguarding your phone is not just about protecting the physical device—your personal and sensitive data deserves protection too. Before you leave for your vacation, make sure that your phone is password-protected. Optimally, use a complex password, fingerprint, or face recognition feature instead of a simple four-digit PIN. This singular step can deter any prying eyes from accessing your information if your phone is lost or stolen.

Ensure your phone’s software is up to date. Regular updates not only enhance the device’s performance but also incorporate vital security patches, fortifying its defenses against potential threats like malware. By staying vigilant and keeping your phone’s software current, you contribute to a more secure environment, minimizing the risk of unauthorized eyes accessing your valuable information in the event of a loss or theft.

Step 4: Backup Your Data

Backing up your smartphone’s data before leaving for vacation can save you from a lot of stress. In case of loss, theft, or damage, having a backup ensures that you won’t lose your cherished photos, contacts, and other essential data. Most smartphones allow you to back up your data to the cloud. Make sure to do this over a safe, secure network and not on public Wi-Fi.

For Android users, Google provides an automatic backup service for things like app data, call history, and settings. You can check if this feature is enabled on your phone by going to the Google Drive App and checking in the Backups section. For iPhone users, iCloud Backup can help save most of your data and settings. To enable it, go to Settings, tap on your name, then tap iCloud and scroll down to tap iCloud Backup.

Step 5: Understand and Manage Roaming Charges

Without proper management, staying connected while abroad can result in expensive roaming charges. Before you leave, check with your mobile provider to understand the costs associated with using your phone abroad. Some providers offer international plans that you can temporarily switch to for your vacation. If your provider’s charges are too high, consider purchasing a local SIM card once you arrive at your destination or use an international data package.

Another way to avoid roaming charges is by using Wi-Fi. Most hotels, cafes, and many public spaces have free Wi-Fi available. However, again, public Wi-Fi is not always safe. So, avoid accessing sensitive information such as bank accounts, and before traveling, download maps and essential content before traveling to reduce the need for constant data usage. This is especially helpful for navigation apps. To protect your data in such situations, it’s advisable to use a Virtual Private Network (VPN).

Step 6: Utilize Helpful Apps

Several apps can help protect your phone and its data during your vacation. Most smartphone operating systems offer a “Find My Phone” feature that can locate, lock, or erase your device if it is lost or stolen. Make sure this feature is enabled before you leave.

Again, antivirus apps can provide an extra layer of protection against virus and malware threats. Password manager apps can help you create and store complex, unique passwords for your accounts to enhance security.

VPN apps can protect your data from being intercepted when using public Wi-Fi networks. There are also apps that monitor your data usage and can alert you if you’re near your limit to avoid unexpected charges. Research and install these apps prior to your vacation for added security and peace of mind.

Final Thoughts

Your family’s smartphones are essential travel companions that deserve as much protection as any other valuable item during your vacation. By physically safeguarding the device, securing your data, backing up regularly, understanding roaming charges, and utilizing productive apps, you can enjoy a worry-free vacation. Remember, in the event of a mishap, having travel insurance can provide an extra layer of financial protection. So, before setting off, review your policy and check if it covers lost or stolen devices. In the end, preparation is key, so take the time to implement these safety measures and enjoy your vacation with peace of mind.

Above and beyond security settings and software, there’s you. Get in the habit of talking with your child for a sense of what they’re doing online. As a mom, I like to ask them about their favorite games, share some funny TikTok clips or cute photos with them, and generally make it a point to be a part of their digital lives. It’s great, because it gives you peace of mind knowing what types of things they are doing or interactions they are having online. 

For those of you hitting the road in the coming weeks, enjoy your travels, wherever they take you! 

The post How To Protect Your Family’s Smartphones While on Vacation appeared first on McAfee Blog.

How Free VPNs Come With a Price

By: Jasdev Dhaliwal

The number of people who use VPNs (virtual private networks) continues to mushroom. Recent research shows that 46% of American adults now use a VPN — 23% of which use it for strictly personal purposes.[i] Within that mix, 43% said they use a free VPN service. Yet “free” VPNs often come with a price. Typically at the expense of your privacy.

A personal VPN establishes a secure tunnel over the internet, offering you both privacy and freedom from IP-based tracking. It protects your identity and financial info by encrypting, or scrambling, the data that flows through the tunnel. Moreover, it can mask your true location, making it appear as though you are connecting from somewhere else.

Sometimes a VPN is included in more robust security software, as it is in our McAfee+ plans. It’s also, but often it is a standalone tool, that is offered for a monthly subscription rate or for free. While it might be tempting to go for a free option, there are some serious considerations that you should take to heart.

Free VPNs – risky business

Because free VPNs don’t charge a subscription, many make revenue indirectly through advertising. This means that users get bombarded with ads. And they get exposed to tracking by the provider. In fact, one study of 283 free VPN providers found that 72% included trackers.[ii] The irony is worth pointing out. Many people use VPNs to shroud their browsing from advertisers and other data collectors. Meanwhile, free VPNs often lead to that exact kind of exposure.

But beyond the frustration of ads, slowness, and upgrade prompts is the fact that some free VPN tools include malware that can put your sensitive info at risk. The same study found that 38% of the free VPN applications in the Google Play Store were found to have malware, such as keyloggers, and some even stole data from devices.

Also concerning is how these free providers handle your data. In one worrying case, security researchers uncovered seven VPN providers that gathered user logs despite pledges not to.[iii]

Clearly, many so-called “free” VPNs aren’t free at all.

Privacy worth paying for – paid VPN benefits

VPNs are critical tools for enhancing our privacy and shouldn’t be an avenue opening the door to new risks. That’s why your best bet is to look for a paid VPN with the following features:

Unlimited bandwidth — You want your network connection to stay secure no matter how much time you spend online.

Speedy performance — We all know how frustrating a sluggish internet connection can be when you are trying to get things done. Whether connecting for productivity, education, or entertainment, we’re all dependent on bandwidth. That’s why it’s important to choose a high-speed VPN that enhances your privacy, without sacrificing the quality of your connection.

Multiple device protection — These days many of us toggle between mobile devices, laptops, and computers, so they should all be able to connect securely.

Less battery drain — Some free mobile VPNs zap your battery life, making users less likely to stay protected. You shouldn’t have to choose between your battery life and safeguarding your privacy.

Ease of use — For technology to really work, it has to be convenient. After all, these technologies should power your connected life, not serve as a hindrance.

Fortunately, we don’t have to sacrifice convenience, or pay high prices, for a VPN that can offer a high level of privacy and protection. A comprehensive security suite like McAfee+ includes our standalone VPN with auto-renewal and takes the worry out of connecting, so you can focus on what’s important to you and your family, and enjoy quality time together.

[i] https://www.security.org/resources/vpn-consumer-report-annual/

[ii] https://www.icir.org/vern/papers/vpn-apps-imc16.pdf

[iii] https://www.pcmag.com/news/7-vpn-services-found-recording-user-logs-despite-no-log-pledge

 

The post How Free VPNs Come With a Price appeared first on McAfee Blog.

How To Prevent Your Emails From Being Hacked

By: Alex Merton-McCann

My mother recently turned 80, so of course a large celebration was in order. With 100 plus guests, entertainment, and catering to organise, the best way for me to keep everyone updated (and share tasks) was to use Google Docs. Gee, it worked well. My updates could immediately be seen by everyone, the family could access it from all the devices, and it was free to use! No wonder Google has a monopoly on drive and document sharing.

But here’s the thing – hackers know just how much both individuals and businesses have embraced Google products. So, it makes complete sense that they use reputable companies such as Google to devise phishing emails that are designed to extract our personal information. In fact, the Google Docs phishing scam was widely regarded as one of the most successful personal data extraction scams to date. They know that billions of people worldwide use Google so an invitation to click a link and view a document does not seem like an unreasonable email to receive. But it caused so much grief for so many people.

It’s All About Phishing

Emails designed to trick you into sharing your personal information are a scammer’s bread and butter. This is essentially what phishing is. It is by far the most successful tool they use to get their hands on your personal data and access your email.

‘But why do they want my email logins?’ – I hear you ask. Well, email accounts are what every scammer dreams of – they are a treasure trove of personally identifiable material that they can either steal or exploit. They could also use your email to launch a wide range of malicious activities from spamming and spoofing to spear phishing. Complicated terms, I know but in essence these are different types of phishing strategies. So, you can see why they are keen!!

But successful phishing emails usually share a few criteria which is important to know. Firstly, the email looks like it has been sent from a legitimate company e.g. Microsoft, Amex, or Google. Secondly, the email has a strong ‘call to action’ e.g. ‘your password has been changed, if this is not the case, please click here’. And thirdly, the email does not seem too out of place or random from the potential victim’s perspective.

What To Do To Prevent Your Email Being Hacked?

Despite the fact that scammers are savvy tricksters, there are steps you can take to maximise the chances your email remains locked away from their prying eyes. Here’s what I suggest:

  1. Don’t Fall Victim to a Phishing Scam

Never respond to an unexpected email or website that asks you for personal information or your login details no matter how professional it looks. If you have any doubts, always contact the company directly to verify.

  1. Protect Yourself!

Make sure you have super-duper internet security software that includes all the bells and whistles. Not only does internet security software McAfee+ include protection for daily browsing but it also has a password manager, a VPN, and a social privacy manager that will lock down your privacy settings on your social media accounts. A complete no-brainer!

  1. Say No to Public Wi-Fi and Public Computers

Avoid using public Wi-Fi to log into your email from public places. It takes very little effort for a hacker to position themselves between you and the connection point. So, it’s entirely possible for them to be in receipt of all your private information and logins which clearly you don’t want. If you really need to use it, invest in a Virtual Private Network (VPN) which will ensure everything you share via Wi-Fi will be encrypted. Your McAfee+ subscription includes a VPN.

Public computers should also be avoided even just to ‘check your email’. Not only is there a greater chance of spyware on untrusted computers but some of them sport key-logging programs which can both monitor and record the keys you strike on the keyboard – a great way of finding out your password!

  1. Passwords, Passwords, Passwords

Ensuring each of your online accounts has its own unique, strong, and complex password is one of the best ways of keeping hackers out of your life. I always suggest at least 10-12 characters with a combination of upper and lower case letters, symbols, and numbers. A crazy nonsensical sentence is a great option here but better still is a password manager that will remember and generate passwords that no human could! A password manager is also part of your McAfee+ online security pack.

What To Do If Your Email Is Hacked?

Even if you have taken all the necessary steps to protect your email from hackers, there is the chance that your email logins may be leaked in a data breach. A data breach happens when a company’s data is accessed by scammers and customers’ personal information is stolen. You may remember the Optus, Medibank and Latitude hacks of 2022/23?

If you have had your personal information stolen, please be assured that there are steps you can take to remedy this. The key is to act fast. Check out my recent blog post here for everything you need to know.

So, next time you’re organising a big gathering don’t hesitate to use Google Docs to plan or Microsoft Teams to host your planning meetings. While the thought of being hacked might make you want to withdraw, please don’t. Instead, cultivate a questioning mindset in both yourself and your kids, and always have a healthy amount of suspicion when going about your online life. You’ve got this!!

Till next time,
Stay safe!
Alex

The post How To Prevent Your Emails From Being Hacked appeared first on McAfee Blog.

❌