Login
What does a hacker want with your social media account? Plenty.
Hackers hijack social media accounts for several reasons. They’ll dupe the victim’s friends and followers with scams. They’ll flood feeds with misinformation. And they’ll steal all kinds of personal information—not to mention photos and chats in DMs. In all, a stolen social media account could lead to fraud, blackmail, and other crimes.
Yet you have a strong line of defense that can prevent it from happening to you: multi-factor authentication (MFA).
MFA goes by other names, such as two-factor authentication and two-step verification. Yet they all boost your account security in much the same way. They add an extra step or steps to the login process. Extra evidence to prove that you are, in fact, you. It’s in addition to the usual username/password combination, thus the “multi-factor” in multi-factor authentication.
Examples of MFA include:
With MFA, a hacker needs more than just your username and password to weasel their way into your account. They need that extra piece of evidence required by the login process, which is something only you should have.
This stands as a good reminder that you should never give out the information you use in your security questions—and to never share your one-time security codes with anyone. In fact, scammers cobble up all kinds of phishing scams to steal that information.
Major social media platforms offer MFA, although they might call it by other names. As you’ll see, several platforms call it “two-factor authentication.”
Given the way that interfaces and menus can vary and get updated over time, your best bet for setting up MFA on your social media accounts is to go right to the source. Social media platforms provide the latest step-by-step instructions in their help pages. A simple search for “multi-factor authentication” and the name of your social media platform should readily turn up results.
For quick reference, you can find the appropriate help pages for some of the most popular platforms here:
Another important reminder is to check the URL of the site you’re on to ensure it’s legitimate. Scammers set up all kinds of phony login and account pages to steal your info. Phishing scams like those are a topic all on their own. A great way you can learn to spot them is by giving our Phishing Scam Protection Guide a quick read. It’s part of our McAfee Safety Series, which covers a broad range of topics, from romance scams and digital privacy to online credit protection and ransomware.
In many ways, your social media account is an extension of yourself. It reflects your friendships, interests, likes, and conversations. Only you should have access to that. Putting MFA in place can help keep it that way.
More broadly, enabling MFA across every account that offers it is a smart security move as well. It places a major barrier in the way of would-be hackers who, somehow, in some way, have ended up with your username and password.
On the topic, ensure your social media accounts have strong, unique passwords in place. The one-two punch of strong, unique passwords and MFA will make hacking your account tougher still. Wondering what a strong, unique password looks like? Here’s a hint: a password with eight characters is less secure than you might think. With a quick read, you can create strong, unique passwords that are tough to crack.
Lastly, consider using comprehensive online protection software if you aren’t already. In addition to securing your devices from hacks and attacks, it can help protect your privacy and identity across your travels online—both on social media and off.
The post How to Protect Your Social Media Passwords from Hacks and Attacks appeared first on McAfee Blog.
If you’re a parent of a teen, there’s a good chance that Instagram is the culprit behind a good chunk of their screen time. However, woven into the stream of reels, stories, selfies, and Insta-worthy moments, are potential risks to your child’s privacy and safety.
According to a recent Pew Research Center report, 62 percent of teens use Instagram, making it the third most popular social media platform after YouTube and TikTok. Teens use the photo and video-sharing platform to share their creativity, connect with friends, and get updates on their favorite celebrities and influencers.
Instagram’s format makes it easy for kids (and adults!) to spend hours using filters and stickers, commenting, liking posts, and counting likes. But all this fun can take a turn if kids misuse the platform or fail to take the risks seriously.
Whether your child is new to Instagram or a seasoned IG user, consider pausing to talk about the many aspects of the platform.
Here are a few critical topics to help you kick off those conversations.
Acknowledging the impulsive behavior and maturity gaps unique to the teen years is essential. Do you feel like you are repeating yourself on these topics? That’s okay—it means you are doing it right. Repetition works. Advise them: Sharing too many personal details online can set them up for serious privacy risks, including identity theft, online scams, sextortion, or cyberbullying. Also, oversharing can negatively influence potential schools and employers who may disapprove of the content teens choose to share online.
Suggestion: Sit down together and review Instagram’s privacy settings to limit who can see your child’s content. Please encourage them to use strong passwords and two-factor authentication to secure accounts. Also, advise them to think twice before posting something and warn them about the risks of sharing intimate photos online (even with friends), as they can be easily shared or stolen. Now may be the time if you’ve never considered adding security software to protect your family devices. McAfee+ provides all-in-one privacy, identity, and device protection for families. It includes helpful features, including identity monitoring, password manager, unlimited VPN, file shredding, protection score, and parental controls. The software has updated features to include personal data cleanup and credit monitoring and reporting to protect kids from identity theft further.
This acronym stands for Fear of Missing Out. This word came from the subtle undercurrent of emotions that can bubble up when using social media. It’s common for kids to feel anxious or even become depressed because they think they are being excluded from the party. FOMO can lead them to spend too much time and money on social media, neglect their family or school responsibilities, or engage in risky behaviors to fit in with or impress others.
Suggestion: Help your child understand that it’s normal to sometimes have FOMO feelings. Please encourage them to focus on their strengths and to develop fulfilling hobbies and interests offline. To reduce FOMO, encourage your child to take breaks from social media. Also, install software to help you manage family screen time.
Akin to FOMO, comparing oneself to others is an ever-present reality among teens that is only amplified on Instagram. According to several reports, Instagram’s photo-driven culture and photo filters that enhance facial and body features can make teens feel worse about their bodies and increase the risk of eating disorders, depression, and risky behaviors. Girls, especially, can develop low self-esteem, comparing themselves to unrealistic or edited images of celebrities, influencers, or friends. Social comparison can also lead to the fixation on getting more likes, followers, or comments on their posts.
Suggestion: Create a safe space for your teen to discuss this topic with you. Help them understand the differences between Instagram life and real life. Help them be aware of how they feel while using Instagram. Encourage them to follow accounts that inspire and uplift them and unfollow accounts that spark feelings of comparison, jealousy, or inferiority.
Hurtful events that impact teens, such as gossip, rumor spreading, peer pressure, criticism, and conflict, can increase in online communities. If your child posts online, they can receive mean or sexual comments from people they know and strangers (trolls). Cyberbullying can surface in many ways online, making kids feel anxious, fearful, isolated, and worthless.
Suggestions: Keep up on how kids bully one another online and check in with your child daily about what’s happening in their life. Encourage them not to respond to bullies and to block and report the person instead. Also, if they are getting bullied, remind them to take and store screenshots. Such evidence can be helpful if they need to confide with a parent, teacher, or law enforcement.
Understanding how to discern true and false information online is becoming more complicated daily. In the McAfee 2023 Threat Predictions: Evolution and Exploitation, experts predict that AI tools will enable more realistic and efficient manipulation of images and videos, which could increase disinformation and harm the public’s mental health. Understanding online content is a great way to help your kids build their confidence and security on Instagram and other networks.
Suggestion: Encourage critical thinking and guide kids to use fact-checking tools before believing or sharing content that could be fake and using ethical AI frameworks. Remind them of their digital footprints and how the things they do online can have long-lasting consequences.
It’s important to remember that all social networks come with inherent dangers and that Instagram has taken a number of steps to reduce the potential risks associated with its community by improving its security features and safety rules for kids. Remember, nothing protects your child like a solid parent-child relationship. As a parent or caregiver, you play a critical role in educating your child about their digital well-being and privacy. Working together, as a family, your child will be equipped to enjoy the good stuff and avoid the sketchy side of the digital world.
The post Instagram Safety for Kids: Protecting Privacy and Avoiding Risks appeared first on McAfee Blog.
The domain name registrar Freenom, whose free domain names have long been a draw for spammers and phishers, has stopped allowing new domain name registrations. The move comes after the Dutch registrar was sued by Meta, which alleges the company ignores abuse complaints about phishing websites while monetizing traffic to those abusive domains.
Freenom’s website features a message saying it is not currently allowing new registrations.
Freenom is the domain name registry service provider for five so-called “country code top level domains” (ccTLDs), including .cf for the Central African Republic; .ga for Gabon; .gq for Equatorial Guinea; .ml for Mali; and .tk for Tokelau.
Freenom has always waived the registration fees for domains in these country-code domains, presumably as a way to encourage users to pay for related services, such as registering a .com or .net domain, for which Freenom does charge a fee.
On March 3, 2023, social media giant Meta sued Freenom in a Northern California court, alleging cybersquatting violations and trademark infringement. The lawsuit also seeks information about the identities of 20 different “John Does” — Freenom customers that Meta says have been particularly active in phishing attacks against Facebook, Instagram, and WhatsApp users.
The lawsuit points to a 2021 study (PDF) on the abuse of domains conducted by Interisle Consulting Group, which discovered that those ccTLDs operated by Freenom made up five of the Top Ten TLDs most abused by phishers.
“The five ccTLDs to which Freenom provides its services are the TLDs of choice for cybercriminals because Freenom provides free domain name registration services and shields its customers’ identity, even after being presented with evidence that the domain names are being used for illegal purposes,” the complaint charges. “Even after receiving notices of infringement or phishing by its customers, Freenom continues to license new infringing domain names to those same customers.”
Meta further alleges that “Freenom has repeatedly failed to take appropriate steps to investigate and respond appropriately to reports of abuse,” and that it monetizes the traffic from infringing domains by reselling them and by adding “parking pages” that redirect visitors to other commercial websites, websites with pornographic content, and websites used for malicious activity like phishing.
Freenom has not yet responded to requests for comment. But attempts to register a domain through the company’s website as of publication time generated an error message that reads:
“Because of technical issues the Freenom application for new registrations is temporarily out-of-order. Please accept our apologies for the inconvenience. We are working on a solution and hope to resume operations shortly. Thank you for your understanding.”
Image: Interisle Consulting Group, Phishing Landscape 2021, Sept. 2021.
Although Freenom is based in The Netherlands, some of its other sister companies named as defendants in the lawsuit are incorporated in the United States.
Meta initially filed this lawsuit in December 2022, but it asked the court to seal the case, which would have restricted public access to court documents in the dispute. That request was denied, and Meta amended and re-filed the lawsuit last week.
According to Meta, this isn’t just a case of another domain name registrar ignoring abuse complaints because it’s bad for business. The lawsuit alleges that the owners of Freenom “are part of a web of companies created to facilitate cybersquatting, all for the benefit of Freenom.”
“On information and belief, one or more of the ccTLD Service Providers, ID Shield, Yoursafe, Freedom Registry, Fintag, Cervesia, VTL, Joost Zuurbier Management Services B.V., and Doe Defendants were created to hide assets, ensure unlawful activity including cybersquatting and phishing goes undetected, and to further the goals of Freenom,” Meta charged.
It remains unclear why Freenom has stopped allowing domain registration. In June 2015, ICANN suspended Freenom’s ability to create new domain names or initiate inbound transfers of domain names for 90 days. According to Meta, the suspension was premised on ICANN’s determination that Freenom “has engaged in a pattern and practice of trafficking in or use of domain names identical or confusingly similar to a trademark or service mark of a third party in which the Registered Name Holder has no rights or legitimate interest.”
A spokesperson for ICANN said the organization has no insight as to why Freenom might have stopped registering domain names. But it said Freenom (d/b/a OpenTLD B.V.) also received formal enforcement notices from ICANN in 2017 and 2020 for violating different obligations.
A copy of the amended complaint against Freenom, et. al, is available here (PDF).
March 8, 6:11 p.m. ET: Updated story with response from ICANN. Corrected attribution of the domain abuse report.
FreshRSS 