Login
Job scams are on the rise. And asking the right questions can help steer you clear of them.
That rise in job scams is steep, according to the U.S. Federal Trade Commission (FTC). Recent data shows that reported losses have grown five times over between 2020 and 2024. In 2024 alone, reported losses hit half a billion dollars, with unreported losses undoubtedly pushing actual losses yet higher.
Last week, we covered how “pay to get paid” scams account for a big chunk of online job scams. Here, we’ll cover a couple more that we’ve seen circulating on social media and via texts—and how some pointed questions can help you avoid them.
Some job scammers pose as recruiters from job agencies who reach potential victims the same way legitimate agencies do—by email, text, and networking sites. Sometimes this leaves people with their guard down because it’s not unheard of at all to get contacted this way, “out of the blue” so to speak.
Yet one of the quickest ways to spot a scammer is when the “recruiter” asks to pay a fee for the matchmaking, particularly if they ask for it up front. Legitimate headhunters, temp agencies, and staffing agencies typically get paid by the company or business that ultimately does the hiring. Job candidates don’t pay a thing.
Another form of scam occurs during the “onboarding” process of the job. The scammer happily welcomes the victim to the company and then informs them that they’ll need to take some online training and perhaps buy a computer or other office equipment. Of course, the scammer asks the victim to pay for all of it—leaving the victim out of hundreds of dollars and the scammer with their payment info.
One way you can spot a job scam is to press for answers. Asking pointed questions about a company and the job it’s offering, just as you would in any real interview, can reveal gaps in a scammer’s story. In effect, scammers are putting on an acting job, and some don’t thoroughly prepare for their role. They don’t think through the details, hoping that victims will be happy enough about a job prospect to ask too many questions.
If the hiring process moves quicker than expected or details about a job seem light, it’s indeed time to ask questions. Here are a few you can keep handy when you start to wonder if you have a scam on your hands …
This is a great place to start. Legitimate employers write up job listings that they post on their website and job sites. In those descriptions, the work and everything it entails gets spelled out to the letter. A real employer should be able to provide you with a job description or at least cover it clearly over the course of a conversation.
This one can trip up a scammer quickly. A scammer might avoid giving a physical address. Likewise, they might offer up a fake one. Either a non-answer or a lie can readily call out a scam by following up the question with a web search for a physical address. (Resources like the Better Business Bureau can also help you research a company and its track record.)
Asking about co-workers, bosses, reporting structures and the like can also help sniff out a scam. Real employers, once again, will have ready answers here. They might even start dropping names and details about people’s tenure and background. Meanwhile, this is one more place where scammers might tip their hand because they haven’t made up those details.
This question alone can offer a telltale sign. Many job scams move through the hiring process at relative breakneck speed—skipping past the usual interview loops and callbacks that many legitimate jobs have. Scammers want to turn over their victims quickly, so they’ll make the “hiring process” quick as well. If it feels like you’re blazing through the steps, it could be a scam.
Every business has a story, even if it’s still in its startup days. Anyone in a recruiting or hiring position will have a good handle on this question, as they will on any follow-up questions about the company’s mission or goals. Again, vagueness in response to these kinds of questions could be a sign of a scam.
Whether it’s through social media sites like Facebook, Instagram, and the like, scammers often reach out through direct messages. Recruiters stick to legitimate business networking sites like LinkedIn. Companies maintain established accounts on recruiting platforms that people know and trust, so view any contact outside of them as suspicious.
Scammers use the “hiring process” to trick people into providing their personal info with malicious links. Web protection, included in our plans, can steer you clear of them. Likewise, our Scam Detector scans URLs in your text messages and alerts you if they’re sketchy. If you accidentally click a bad link, both web and text scam protection will block a risky site.
Many scammers get your contact info from data broker sites. McAfee’s Personal Data Cleanup scans some of the riskiest data broker sites, shows you which ones are selling your personal info, and, depending on your plan, can help you remove it. Our Social Privacy Manager lowers your public profile lower still. It helps you adjust more than 100 privacy settings across your social media accounts in just a few clicks, so your personal info is only visible to the people you want to share it with.
The post Interviewing for a Job? Spot a Scam with These Questions appeared first on McAfee Blog.
As Tax Day looms and last-minute taxpayers feel the pressure, a surge of IRS scams is on the rise.
Research by our McAfee Labs team projects a fresh wave of sophisticated tax scams as the stress of peak filing season sets in, with bogus text messages leading the way.
Nearly half of taxpayers complete their taxes between mid-March and April 15, which gives scammers ample opportunity to cash in as people rush their filings with the IRS.
Based on our data from 2024, here’s what we can expect in the coming days:
In addition to posing as the IRS, scammers will pose as tax prep and tax software companies as well. Just as in years past, taxpayers can further expect scams built around quick refunds and easy filing solutions that are actually fronts for scams. Yet whatever guise scammers put on, their aim remains the same. They want to dupe taxpayers out of their personal and financial info.
Tax season is high season for scammers because so much personal info gets gathered and shared online. With that, many taxpayers have their guard down. They expect to see messages, ads, and so forth about their taxes, which can make them more willing to share some of their most personal info. That’s where scammers step in. They want to:
Looking at this list, you can see what makes tax scams so damaging. Many of them target our most precious of personal info—our Social Security Numbers (SSNs).
A stolen SSN opens the door to some of the most painful forms of identity theft, like imposter fraud, insurance fraud, employment fraud, and more. These follow-on attacks can cause great harm to a victim’s finances and reputation in ways that can take months, or even years, to repair.
In effect, tax scams deliver a one-two punch.
It begins by baiting the victim with a phony message from a scammer posing as the IRS, a tax prep business, or a tax software company. That might come by email, a direct message on social media, or even in paid search results.
Largely, scammers bait victims with texts. Mobile attacks indeed dominate the preferred contact method, just as we called out. Here, scammers often use link shorteners to disguise fraudulent links. (You’ve likely seen plenty of link shorteners like bit.ly and goo.gl. They make it easier to share long addresses, but the flipside is that there’s no quick way to tell where they really take you.)
In some cases, scammers attempt to trick taxpayers by weaving “irs.gov” into the web address. Below you can see one example, where the domain isn’t “irs.gov.” It’s actually “entes-tax[dot]com,” which leads to a scam site.
Scam texts that weave “irs.gov” into a malicious link
As for the text itself, scammers send urgent-sounding messages about tax returns like, “Your refund is on hold, contact the IRS immediately.” Other scammers use fear, leveling threats like jail time for non-payment. In other cases, scammers threaten to revoke things like driver’s licenses and business licenses, or even immigration status. According to the IRS, these are common signs of a scam. The IRS never uses threats or tactics like these to resolve tax issues.
The second punch comes by clicking the link in these messages, which leads to IRS copycat scam sites. And they can look convincing. The most sophisticated of them mirror the look and feel of the official IRS website and use URLs that look “close enough” to an IRS URL, which can trick anyone who doesn’t examine them closely.
Example of a fake IRS claim website
And that’s where the damage gets done. Under the false pretense of receiving a refund or making a payment, the scammers collect that precious personal info we talked about, which can cause short- and long-term fallout for victims.
The same approach works for scammers who pose as tax prep services and tax software companies. The texts and websites look different, yet they’re still part of a scheme for collecting the same types of personal and financial info.
Clever as these scams are, you can avoid them. The first step is awareness. By reading this article and sharing it with others, you spread the word about these scams and just how rampant they are.
From there, you can take several more steps that can keep you far safer during tax time:
The post Your Phone Is the #1 Target in a New Wave of IRS Scams, McAfee Finds appeared first on McAfee Blog.
Al Roker never had a heart attack. He doesn’t have hypertension. But if you watched a recent deepfake video of him that spread across Facebook, you might think otherwise.
In a recent segment on NBC’s TODAY, Roker revealed that a fake AI-generated video was using his image and voice to promote a bogus hypertension cure—claiming, falsely, that he had suffered “a couple of heart attacks.”
“A friend of mine sent me a link and said, ‘Is this real?'” Roker told investigative correspondent Vicky Nguyen. “And I clicked on it, and all of a sudden, I see and hear myself talking about having a couple of heart attacks. I don’t have hypertension!”
The fabricated clip looked and sounded convincing enough to fool friends and family—including some of Roker’s celebrity peers. “It looks like me! I mean, I can tell that it’s not me, but to the casual viewer, Al Roker’s touting this hypertension cure… I’ve had some celebrity friends call because their parents got taken in by it.”
While Meta quickly removed the video from Facebook after being contacted by TODAY, the damage was done. The incident highlights a growing concern in the digital age: how easy it is to create—and believe—convincing deepfakes.
“We used to say, ‘Seeing is believing.’ Well, that’s kind of out the window now,” Roker said.
Al Roker isn’t the first public figure to be targeted by deepfake scams. Taylor Swift was recently featured in an AI-generated video promoting fake bakeware sales. Tom Hanks has spoken out about a fake dental plan ad that used his image without permission. Oprah, Brad Pitt, and others have faced similar exploitation.
These scams don’t just confuse viewers—they can defraud them. Criminals use the trust people place in familiar faces to promote fake products, lure them into shady investments, or steal their personal information.
“It’s frightening,” Roker told his co-anchors Craig Melvin and Dylan Dreyer. Craig added: “What’s scary is that if this is where the technology is now, then five years from now…”
Nguyen demonstrated just how simple it is to create a fake using free online tools, and brought in BrandShield CEO Yoav Keren to underscore the point: “I think this is becoming one of the biggest problems worldwide online,” Keren said. “I don’t think that the average consumer understands…and you’re starting to see more of these videos out there.”
According to McAfee’s State of the Scamiverse report, the average American sees 2.6 deepfake videos per day, with Gen Z seeing up to 3.5 daily. These scams are designed to be believable—because the technology makes it possible to copy someone’s voice, mannerisms, and expressions with frightening accuracy.
And it doesn’t just affect celebrities:
While the technology behind deepfakes is advancing, there are still ways to spot—and stop—them:
And most importantly, be skeptical of celebrity endorsements on social media. If it seems out of character or too good to be true, it probably is.
McAfee’s Deepfake Detector, powered by AMD’s Neural Processing Unit (NPU) in the new Ryzen AI 300 Series processors, identifies manipulated audio and video in real time—giving users a critical edge in spotting fakes.
This technology runs locally on your device for faster, private detection—and peace of mind.
Al Roker’s experience shows just how personal—and persuasive—deepfake scams have become. They blur the line between truth and fiction, targeting your trust in the people you admire.
With McAfee, you can fight back.
The post ‘Seeing is Believing is Out the Window’: What to Learn From the Al Roker AI Deepfake Scam appeared first on McAfee Blog.
The collapse of genetic testing giant 23andMe has raised serious privacy concerns for millions of people who shared their DNA with the company. Once valued at $6 billion, the company has filed for bankruptcy and is now selling off assets—including, potentially, your genetic data.
If you’ve ever used 23andMe to explore your ancestry or health traits, now is the time to take action.
Here’s what’s going on, what it means for your data, how to delete your account, and steps you can take to better protect your online privacy going forward.
23andMe, once a pioneer in at-home genetic testing, has fallen into financial distress after a series of challenges, including a massive data breach in 2023 that exposed personal information of nearly 7 million users, according to TechCrunch. The company’s value plummeted by more than 99%, leading to mass board resignations and a March 2024 bankruptcy filing.
Now, as 23andMe prepares to sell off its assets under court supervision, its massive database of customer DNA—reportedly from more than 15 million users—is on the table. Despite the company’s assurances that its privacy policy remains in effect, experts and privacy advocates warn that your sensitive genetic data could end up in the hands of third parties, including pharmaceutical companies or even law enforcement agencies.
If you used 23andMe, yes.
Genetic data is some of the most personal information you can share. It can reveal details about your ancestry, health risks, and even family secrets. With 23andMe not covered by HIPAA (the federal health privacy law), your DNA data isn’t protected the way medical records at a doctor’s office would be, The Harvard Gazette reports.
Although 23andMe claims it won’t share individual-level data without consent, it does reserve the right to sell or transfer personal information as part of a bankruptcy or acquisition. That means your data could be bought by another company—one with different privacy practices or intentions.
California residents, in particular, have the legal right to delete their data under the Genetic Information Privacy Act (GIPA) and the California Consumer Privacy Act (CCPA).
If you’re ready to take action, here’s how to delete your genetic data and revoke research permissions through your 23andMe account:
Your DNA isn’t the only personal data at risk. From email addresses and home addresses to phone numbers and even shopping habits, data brokers are collecting and selling your information online—often without your knowledge or consent.
That’s why it’s critical to take control of your digital footprint. All McAfee+ plans provide the ability to scan the web for details of your personal information. McAfee’s Online Account Cleanup scans for accounts you no longer use and helps you delete them, along with your personal info. McAfee’s Personal Data Cleanup, takes this a step further, by scanning data broker sites for your personal information, and requesting the removal of you details from those sites.
Combined, these tools can give you back control over your privacy. All our McAfee+ plans include scans to find your accounts and direct you on how to remove your data.
Bottom Line: If you’ve ever used 23andMe, your genetic data could be at risk of being transferred or sold. Take action now by deleting your account and revoking permissions. And to keep the rest of your personal data protected, use tools like McAfee+ to keep your personal data safe online.
The post How to Delete Your Data from 23andMe and Protect Your Privacy appeared first on McAfee Blog.
It started with a DM.
For five months, 25-year-old computer programmer Maggie K. exchanged daily messages with the man she met on Instagram, convinced she had found something real.
When it was finally time to meet in person, he never showed. Instead, he claimed he missed his flight and needed money to rebook. Desperate to finally see him, she sent the cash.
Then, silence. His accounts vanished. He hadn’t just ghosted her—he had never existed at all.
“I ignored my gut feeling… I sent him $1,200. Then he disappeared,” Maggie told McAfee, hoping that her story would educate others. “When I reported the scam, the police told me his images were AI-generated. He wasn’t even a real person. That was the scariest part – I had trusted someone who never even existed.”
These scams work because they prey on trust and emotions. And they aren’t just targeting the naïve; anyone, even tech professionals as Maggie’s case shows, can be fooled.
McAfee’s latest research reveals more than half (52%) of people have been scammed out of money or pressured to send money or gifts by someone they met online.
And romance scams aren’t just happening in dating apps anymore. Social media, messaging platforms and AI chatbots are fuelling an explosion of online romance fraud.
McAfee’s findings highlight a staggering rise in:
With 62% of people saying they’ve used dating apps, social media, or messaging platforms to connect with potential partners, scammers have a bigger pool of victims than ever before.
Younger users are the most active online daters, with 31% of 18-24-year-olds currently using online dating platforms. Tinder is the most popular dating app overall (46%), with its highest engagement among 18-24-year-olds (73%). Just over 40% of respondents said they use Instagram, 29% use Snapchat and 25% use TikTok to meet potential partners. But these platforms also present new risks, as fake apps designed to steal personal information lurk in app stores.
McAfee researchers found nearly 11,000 attempts to download fraudulent dating apps in recent months. The most impersonated?
Downloading a fake app could expose your login credentials, financial information or even install malware onto your device.
And once money is lost, its rarely recovered, as scammers use cryptocurrency, untraceable gift cards and offshore accounts to move stolen funds.
McAfee researchers urge anyone looking for love online to stay vigilant by following these critical safety measures:
1) Watch for “love bombing.” Scammers overwhelm victims with affection early on to gain trust.
2) Verify their identity. Use reverse image searches and insist on live video calls which AI-generated scammers avoid.
3) Never send money. No real partner will pressure you for financial help—especially when you’ve never met.
4) Be wary of celebrity DMs. If a famous figure suddenly messages you, it’s likely a scam.
5) Avoid suspicious links. McAfee blocked over 321,000 fraudulent dating sites—avoid clicking on unknown links or apps.
6) Use online protection tools. Tools like McAfee+ can detect and block suspicious messages, phishing attempts, and AI-generated fraud in real time. McAfee+ offers maximum identity, privacy, and device protection to detect and prevent fraudulent activity before it causes harm.
The post AI chatbots are becoming romance scammers—and 1 in 3 people admit they could fall for one appeared first on McAfee Blog.
Beyoncé has officially announced her Cowboy Carter world tour, and the excitement is through the roof! With her last tour selling out in record time, fans know they need to act fast to secure their tickets. Unfortunately, that urgency is exactly what scammers prey on.
In 2022 alone, Americans lost nearly $8.8 billion to fraud, and ticket scams are one of the most common ways scammers cash in on eager fans. But don’t worry—we’ve got you covered. Before you rush to buy tickets to Beyoncé’s latest tour, here’s how to spot and avoid ticket scams so you don’t get left outside the stadium with nothing but regret.
Ticket scams come in different forms, but the most common ones include:
Scammers know how to create a sense of urgency, often advertising tickets to sold-out events at too-good-to-be-true prices. If you’re desperate to see Beyoncé, it’s easy to get caught up in the rush—but staying cautious can save you from getting scammed.
The best way to avoid being scammed is to buy only from reputable sources like official ticketing platforms (Ticketmaster, Live Nation, AXS) or directly from the event’s website. However, if you’re looking elsewhere, be on the lookout for these red flags:
When an event sells out, scammers flood social media with offers. Platforms like Facebook Marketplace, Instagram, and Craigslist are filled with fake ticket sellers. If you didn’t get tickets during the official sale, be cautious about where you’re looking.
Pro Tip: Follow Beyoncé’s official social media pages and event organizers for updates. Sometimes, extra dates or official resale opportunities become available.
Scammers often advertise tickets below face value to lure in victims. While real fans sometimes sell their tickets at a discount, it’s a huge red flag if the price is way lower than expected.
Pro Tip: If you’re buying from an individual, check their profile carefully. Look for signs of a fake account, such as recently created pages or multiple listings in different cities.
Some scammers go the extra mile, creating entire websites that mimic real ticket platforms. These fake sites not only sell counterfeit tickets but may also steal your credit card information.
Pro Tip: Always type in the official ticketing site’s URL manually or search for it on Google. Avoid clicking links from unknown sources, and double-check that the site uses “HTTPS” and has no misspellings in the URL.
Even if you get a real ticket, that doesn’t mean it’s yours alone. Some scammers sell the same ticket to multiple people, leading to chaos when multiple buyers show up at the event.
Pro Tip: Only buy from platforms that offer verified resale tickets with guarantees, like StubHub, SeatGeek, or VividSeats.
Some scammers sell general admission tickets as if they were premium seats. You may think you’re getting front-row access, only to find out you overpaid for a standing-room ticket.
Pro Tip: Always confirm the seat location with the seller. Many venues have seating charts available online, so check before purchasing.
Scammers hack into Ticketmaster accounts and transfer tickets to themselves, effectively locking the rightful owner out of their seats. Victims often receive a flood of emails, including notifications of ticket transfers they never authorized. By the time they realize what’s happened, their tickets are gone, likely resold by the scammer.
Pro Tip: To prevent this, ensure your Ticketmaster account is secure by using a strong password, enabling two-factor authentication, and being wary of suspicious login attempts or phishing emails.
To make sure you don’t fall victim to a ticket scam, follow these golden rules:
Buy from official sources – Beyoncé’s official website, Ticketmaster, and AXS are your safest bets.
Use a credit card – If something goes wrong, you can dispute the charge.
Be wary of social media sellers – If you’re buying from a stranger, research their profile and history first.
Check the URL – Make sure you’re on the real ticketing website before purchasing.
Avoid high-pressure sales tactics – Scammers want you to act fast—don’t fall for it!
Beyond ticket scams, cybercriminals also use major events like Beyoncé’s tour to spread malware and phishing attacks. McAfee’s comprehensive online protection can help keep your devices and personal information safe by blocking malicious websites, preventing identity theft, and alerting you to potential fraud.
Beyoncé’s Cowboy Carter tour is one of the most anticipated events of the year, and everyone wants to be part of the experience. But scammers know this too, and they’re out in full force. By staying smart, sticking to verified ticket sources, and being wary of deals that seem too good to be true, you can avoid scams and secure your spot at one of the biggest concerts of 2025.
Stay safe, Beyhive—and get ready to enjoy the show!
The post Buying Tickets for Beyoncé’s Cowboy Carter Tour? Don’t Let Scammers Ruin Your Experience appeared first on McAfee Blog.
The rise of AI-driven cyber threats has introduced a new level of sophistication to phishing scams, particularly those targeting Gmail users.
Criminals are using artificial intelligence to create eerily realistic impersonations of Google support representatives, Forbes recently reported. These scams don’t just rely on misleading emails; they also include convincing phone calls that appear to come from legitimate sources.
If you receive a call claiming to be from Google support, just hang up—this could be an AI-driven scam designed to trick you into handing over your Gmail credentials.
Here’s everything you need to know about the scam and how to protect yourself:
Hackers have devised a multi-step approach to trick users into handing over their Gmail credentials. Here’s how the scam unfolds:
The attack often begins with a phone call from what appears to be an official Google support number. The caller, using AI-generated voice technology, convincingly mimics a real Google representative. Their tone is professional, and the caller ID may even display “Google Support,” making it difficult to immediately recognize the scam.
Once engaged, the scammer informs the victim that suspicious activity has been detected on their Gmail account. They may claim that an unauthorized login attempt has occurred, or that their account is at risk of being locked. The goal is to create a sense of urgency, pressuring the victim to act quickly without thinking critically.
To appear credible, the scammer sends an email that looks almost identical to a real Google security notification. The email may include official-looking branding and a request to verify the user’s identity by entering a code. The email is designed to look so authentic that even tech-savvy individuals can be fooled.
If the victim enters the verification code, they inadvertently grant the attacker full access to their Gmail account. Since the scammer now controls the two-factor authentication process, they can lock the real user out, change passwords, and exploit the account for further attacks, including identity theft, financial fraud, or spreading phishing emails to others.
This scam is particularly dangerous because it combines multiple layers of deception, making it difficult to spot. Unlike standard phishing emails that may contain poor grammar or suspicious links, AI-enhanced scams:
To protect yourself from AI-powered scams, follow these essential security measures:
1. Be Skeptical of Unsolicited Calls from “Google”
Google does not randomly call users about security issues. If you receive such a call, hang up immediately and report the incident through Google’s official support channels.
2. Verify Security Alerts Directly in Your Account
If you receive a message stating that your account has been compromised, do not click any links or follow instructions from the email. Instead, go directly to your Google account’s security settings and review recent activity.
3. Never Share Verification Codes
Google will never ask you to provide a security code over the phone. If someone requests this information, it is a scam.
4. Enable Strong Authentication Methods
5. Regularly Monitor Your Account Activity
Check the “Security” section of your Google account to review login activity. If you see any unrecognized sign-ins, take immediate action by changing your password and logging out of all devices.
6. Use a Password Manager
A password manager helps create and store strong, unique passwords for each of your accounts. This ensures that even if one password is compromised, other accounts remain secure.
If you believe your account has been compromised, take these steps immediately:
As AI technology advances, cybercriminals will continue to find new ways to exploit users. By staying informed and implementing strong security practices, you can reduce the risk of falling victim to these sophisticated scams.
At McAfee, we are dedicated to helping you protect your digital identity. Stay proactive, stay secure, and always verify before you trust.
For more cybersecurity insights and protection tools, check out McAfee+.
The post How to Make Sure Your Gmail Account is Protected in Light of Recent AI Scams appeared first on McAfee Blog.
The artificial intelligence arms race has a new disruptor—DeepSeek, a Chinese AI startup that has quickly gained traction for its advanced language models.
Positioned as a low-cost alternative to industry giants like OpenAI and Meta, DeepSeek has drawn attention for its rapid growth, affordability, and potential to reshape the AI landscape.
But as the buzz around its capabilities grows, so do concerns about data privacy, cybersecurity, and the implications of feeding personal information into AI tools with uncertain oversight.
DeepSeek’s AI models, including its latest version, DeepSeek-V3, claim to rival the most sophisticated AI systems developed in the U.S.—but at a fraction of the cost.
According to reports, training its latest model required just $6 million in computing power, compared to the billions spent by its American counterparts. This affordability has allowed DeepSeek to climb the ranks, with its AI assistant even surpassing ChatGPT as the top free app on Apple’s U.S. App Store.
What makes DeepSeek’s rise even more surprising is how abruptly it entered the AI race. The company originally launched as a hedge fund before pivoting to artificial intelligence—an unusual shift that has fueled speculation about how it managed to develop such advanced models so quickly. Unlike other AI startups that spent years in research and development, DeepSeek seemed to emerge overnight with capabilities on par with OpenAI and Meta.
However, DeepSeek’s meteoric rise has sparked skepticism. Some analysts and AI experts question whether its success is truly due to breakthrough efficiency or if it has leveraged external resources—potentially including restricted U.S. AI technology. OpenAI has even accused DeepSeek of improperly using its proprietary tech, a claim that, if proven, could have major legal and ethical ramifications.
One of the biggest concerns surrounding DeepSeek isn’t just how it handles user data—it’s that it reportedly failed to secure it altogether.
According to The Register, security researchers at Wiz discovered that DeepSeek left a database completely exposed, with no password protection, allowing public access to millions of chat logs, API keys, backend data, and operational details.
This means that conversations with DeepSeek’s chatbot, including potentially sensitive information, were openly available to anyone on the internet. Worse still, the exposure reportedly could have allowed attackers to escalate privileges and gain deeper access into DeepSeek’s infrastructure. While the issue has since been fixed, the incident highlights a glaring oversight: even the most advanced AI models are only as trustworthy as the security behind them.
Here’s why caution is warranted:
DeepSeek specifically states in its terms of service that it collects, stores, and has permission to share just about all the data you provide while using the service.
Figure 1. Screenshot of DeepSeek Privacy Policy shared on LinkedIn
It specifically notes collecting your profile information, credit card details, and any files or data shared in chats. What’s more, that data isn’t stored in the United States, which has strict data privacy regulations. DeepSeek is a Chinese company with limited required protections for U.S. consumers and their personal data.
If you’re using AI tools—whether it’s ChatGPT, DeepSeek, or any other chatbot—it’s crucial to take steps to protect your information:
As AI chatbots like DeepSeek gain popularity, safeguarding your personal data is more critical than ever. With McAfee’s advanced security solutions, including identity protection and AI-powered threat detection, you can browse, chat, and interact online with greater confidence—because in the age of AI, privacy is power.
The post Explaining DeepSeek: The AI Disruptor That’s Raising Red Flags for Privacy and Security appeared first on McAfee Blog.
Identity theft is a growing concern, and Data Privacy Week serves as an important reminder to safeguard your personal information. In today’s digital age, scammers have more tools than ever to steal your identity, often with just a few key details—like your Social Security number, bank account information, or home address.
Unfortunately, identity theft claims have surged in recent years, jumping from approximately 650,000 in 2019 to over a million in 2023, according to the Federal Trade Commission (FTC). This trend underscores the urgent need for stronger personal data protection habits.
So, how do scammers pull it off, and how can you protect yourself from becoming a victim?
How Do Scammers Steal Your Identity?
Scammers are resourceful, and there are multiple ways they can access your personal information. The theft can happen both in the physical and digital realms.
When scammers steal your identity, they often leave behind a trail of unusual activity that you can detect. Here are some common signs that could indicate identity theft:
If you suspect that your identity has been stolen, time is of the essence. Here’s what you need to do:
While you can’t completely eliminate the risk of identity theft, there are several steps you can take to protect yourself:
Identity theft can be a stressful and overwhelming experience, but by acting quickly and taking proactive steps to protect your personal information, you can minimize the damage and reclaim your identity.
The post How Scammers Steal Your Identity and What You Can Do About It appeared first on McAfee Blog.
We’re excited to announce the release of McAfee’s Personal Data Cleanup, a new feature that finds and removes your personal info from data brokers and people search sites. Now, you can feel more confident by removing personal info from data broker sites and keeping it from being collected, sold, and used to: advertise products to you, fill your email box with spam, and can even give criminals the info they need to steal your identity. Let’s look at why we’re offering McAfee Personal Data Cleanup, how it protects your privacy, and why it’s a great addition to the online protection we already offer.
There’s so much to enjoy when you live a connected life – free email, online stores that remember what you like, social media that connects you to friends and influencers. It’s a world of convenience, opportunity, and incredible content. It’s also a world where your data is constantly collected.
That’s right, companies are collecting your personal data. They’re called data brokers and they make money by selling information that specifically identifies you, like an email address. They sell this information to marketers looking to target you with ads. Criminals can also use it to build profiles in service of stealing your identity and accessing your accounts. This activity takes place behind the scenes and often without consumers’ knowledge. There are also data brokers known as people search sites that compile and sell info like home addresses, emails, phones, court records, employment info, and more. These websites give identity thieves, hackers, stalkers, and other malicious actors easy access to your info. Regardless of how your data is being used, it’s clear that these days a more connected life often comes at the cost of your privacy.
In a recent survey of McAfee customers, we found that 59% have become more protective of their personal data over the past six months. And it’s no wonder. Over the past two years, trends like telehealth, remote working, and increased usage of online shopping and financial services have meant that more of your time is being spent online. Unsurprisingly, more personal data is being made available in the process. This leads us to the most alarming finding of our survey – 95% of consumers whose personal information ends up on data broker sites had it collected without their consent.
We created Personal Data Cleanup to make it easy for you to take back your privacy online. McAfee’s Personal Data Cleanup regularly scans the riskiest data broker sites for info like your home address, date of birth, and names of relatives. After showing where we found your data, you can either remove it yourself or we will work on your behalf to remove it. Here’s how it works:
Ready to take back your personal info online? Personal Data Cleanup is available immediately with most of our online protection plans. If you have an eligible subscription, you can start using this new feature through McAfee Protection Center, or you can get McAfee online protection here.
The post Introducing Personal Data Cleanup appeared first on McAfee Blog.
FreshRSS 