FreshRSS

🔒
❌ Secure Planet Training Courses Updated For 2019 - Click Here
☷
△ 🔃
There are new available articles, click to refresh the page.
Today — January 1st 2026Your RSS feeds

New Year Reset: A Quick Guide to Improving Your Digital Hygiene in 2026

By: Brooke Seipel

Scams didn’t slow down in 2025—and all signs point to the problem getting worse in 2026.

While the final numbers aren’t in yet, reported losses are already on track to break records. Through just the first half of 2025, the Federal Trade Commission (FTC) cited nearly $6.5 billion in scam-related losses, putting the year on pace to surpass 2024’s total. And it’s not just isolated incidents: 73% of Americans say they’ve experienced at least one scam or online attack.

As scams become more convincing, often powered by AI and designed to blend into everyday digital life, basic “spot the red flag” advice isn’t enough anymore. Protecting yourself now means tightening up your digital hygiene: how you manage passwords, personal data, online accounts, and the everyday tools you rely on to stay safe.

The good news is that modern protection has evolved just as quickly as the threats. Many of the most effective safeguards can be set up quickly and then work in the background over time.

Below, we’ll walk through practical steps you can take to improve your digital hygiene for 2026, using protections included with McAfee+ to help reduce your exposure to scams, data misuse, and identity theft.

1) Replace every weak password, starting with your email. 

Think about your passwords and everything they give you access to … your finances, online shopping accounts, banking, and of course every important thing in your email account. 

Now are any of those passwords weak, re-used, or highly similar? Don’t worry if the answer to that is “yes.” You can switch them over to strong, unique passwords across all your accounts. Using a password manager like ours helps you create strong, unique while also storing them securely. Quickly. 

Q&A   Q: Should I use a password manager? 

A: Yes. It’s the easiest way to create strong, unique passwords for all your online accounts, which protects you from data breaches and hacks.  

 

So, what makes up a “strong and unique” password? 

It contains a mix of 16 uppercase and lowercase letters, numbers, and symbols while never reusing that password elsewhere. That makes the password incredibly tough to crack and protects your other accounts if that password gets caught up in a breach (it won’t work on any other account). 

Yes, creating strong and unique passwords for your dozens and dozens of accounts can be … demanding. But that’s where a password manager comes in. It does that work for you. 

2) Delete those old accounts and protect yourself from data breaches. 

Speaking of all the accounts you have, how many of them do you really need? And how many of them have you forgotten about altogether? It’s time to track them down and close them up. Why? Data breaches of various sizes hack into an estimated 3.5 million accounts on average each day, so the odds of an old account of yours getting compromised are better than you might think. But where do you even start? 

 

Q&A 

  Q: Should I delete my old accounts? 

A: Yes. When you delete old accounts, you reduce your digital footprint and lower the risk of exposure to data breaches, both of which help protect your personal info.  

 

Our Online Account Cleanup can track down those old accounts for you. It scans for accounts you no longer use and helps you delete the ones you choose, along with your personal info. In our McAfee+ Advanced and McAfee+ Ultimate plans, you get full-service Online Account Cleanup, which sends the data deletion requests for you. 

3) Keep spammers and scammers at bay by removing personal info from the internet. 

Data brokers sell all kinds of info that power all kinds of spam and scams. It’s one way spammers and scammers get contact info like emails and phone numbers, and it’s yet another way they get detailed info to target their ads and their attacks. 

For example, beyond your full name, home address, phone numbers, email addresses, and date of birth, many also have info about your family members, employment, and past purchases. Data brokers might gather and sell other info like religious and political leanings, health conditions, and employment history. Simply put, this detailed profile makes it easier for spammers and scammers to target you. 

 

Q&A 

 

  Q: Can people find my detailed personal info online?  

Yes, and some of the easiest places to find it are on data broker sites. They collect and analyze up to hundreds of bits of personal info, often without your knowledge or consent. Further, they’ll sell it to any buyer, including scammers. 

 

 

Where do they harvest this info? From public records, shopper loyalty programs, and even from app data—all kinds of sources. And that underscores the problem, some data brokers keep exhaustive amounts of data about people, all in one place.  

And they’ll sell it to anyone who pays for it. You can help reduce those scam texts and calls by removing your info from those sites. A service like our Personal Data Cleanup can do that work for you. It scans some of the riskiest data broker sites, shows you which ones are selling your personal info, and helps you remove it. 

4) Protect privacy with a VPN (it’s not just for travel anymore). 

One of the first things that comes to mind about VPNs is travel, a great way you can stay secure while using public Wi-Fi in airports and cafes. It works at home as well, giving you an extra layer of security when you bank, shop, or do anything that involves sensitive info. Yet it offers another big benefit. It helps make you more private, because it’s not just hackers who want to snoop on you online. 

 

Q&A Block 

 

  Q: What is a VPN? 

 A: A VPN, or Virtual Private Network, hides your IP address and encrypts your internet connection in a secure “tunnel” that shields your online activity from snoops, advertisers, and your Internet Service Provider (ISP). 

 

For example, some ISPs collect your browsing data. In the United States and many other countries, ISPs can legally monitor and record info about the websites you visit and the apps you use. They can use it for advertising and analytics purposes, and, in some cases, they may share it with third parties. 

When you use a VPN, it encrypts all the data leaving your device and routes it through a secure server. As a result, your ISP can only see that you are connected to a VPN server, and it can’t track which websites you visit or the data you send and receive. Without a doubt, going online with a VPN makes you safer and keeps you more private.  

5) As AI scams become the norm, get a scam detector working for you. 

We saw big spikes in several types of scams over the year, and naturally a spike in reported losses followed. One reason for the jump is that AI tools have made it even easier for scammers to create convincing texts, emails, and deepfake videos designed to rip people off.   

 

Q&A 

  Q: How bad are scams today? 

 A: According to a 2025 Pew Research Center survey, 73% of U.S. adults said they’ve experienced at least one online scam or attack, with 32% reporting an incident within the past year.iv  

 

They’re getting tougher to spot too. In the earlier days of AI-created content, you could often spot the telltale signs of a fake. That’s not always the case anymore, and scams are looking more and more sophisticated as AI tools evolve. 

But you have tools of your own. Our Scam Detector protects you across text, email, and video by spotting scams and detecting deepfake videos (like the one of a deepfaked Taylor Swift promoting a bogus cookware offer). You also have our Web Protection which detects links to scam sites and other sketchy corners of the internet while you browse. Both will alert you if a link might take you to a sketchy site. It’ll also block those sites if you accidentally tap or click on a bad link. 

6) And just in case, get the reassurance of identity theft protection. 

So, let’s say the unfortunate happens to you. You get scammed. Maybe it’s a few bucks, maybe it’s more. You’re faced with a couple issues. One, that money could be gone for good depending on how you paid the scammer. Two, also depending on the payment method, the scammer might have your financial info.   

 

Q&A Block 

 

  Q: What is the cost of identity theft? 

A: Based on reports to the FTC, the median loss was about $500 in 2024, with more than 10% of victims claiming they lost $10,000 or more. However, it levels an emotional cost as well. The time and stress involved in resolving identity theft can be significant. 

 

This is where something like our ID Theft & Restoration Coverage comes in. It gives you up to $2 million in identity theft coverage and identity restoration support if it’s determined you’re a victim of identity theft.​ Further, it puts a licensed recovery pro on the case to restore your credit and your identity, which takes that time-consuming burden off your shoulders. 

The post New Year Reset: A Quick Guide to Improving Your Digital Hygiene in 2026 appeared first on McAfee Blog.

Verify Secure Wireless Networks to Prevent Identity Theft

By: McAfee

The ability to connect wirelessly is indispensable in our lives today. Wireless internet is available in our homes, offices, cafes, restaurants, parks, hotels, airports, cars, and even airplanes. The mobility factor allows us to work anytime, anywhere, on numerous devices. “Being connected” is at an all-time high.

Wireless internet is amazing and convenient. Sadly, unsecured, unprotected wireless is everywhere. When a device connects to unprotected Wi-Fi, all the data stored on that device becomes accessible to a hacker using the proper sniffing tools.

It is, however, possible to protect your Wi-Fi from being hacked. In this article, we’ll walk you through some practical steps to stay protected when you connect, from recognizing dangerous networks to securing your home Wi-Fi. We’ll also show you what to do if you think you’ve been targeted.

What is a wireless network attack?

Wireless network attacks happen when cybercriminals target your Wi-Fi connection to steal your personal information. It it’s equivalent to digital eavesdropping, where attackers exploit weaknesses in your wireless connection to intercept all the information you send and receive online.

Criminals can intercept your login credentials as you type them, redirect you to legitimate-looking but fake websites, or even impersonate you online using stolen information. The goal is often wireless identity theft, that is, using your compromised data for financial fraud or other malicious purposes.

The risks of unprotected Wi-Fi are particularly high because many wireless networks lack proper security measures. When you connect to an unsecured network, your data travels in a way that skilled attackers can capture and decode. This puts your banking information, social media accounts, work credentials, and personal communications at risk.

Common wireless attacks include creating fake hotspots that mimic legitimate networks, known as evil twins, intercepting data on public Wi-Fi, and using specialized software to crack network passwords.

Wi-Fi security weaknesses that enable hacking

Cybercriminals usually circumvent wireless network security in several ways, including:

  • Outdated Wi-Fi encryption: Networks still using WEP or older WPA/WPA2 protocols without security updates create easy targets for wireless identity theft. For more stringent security, your router settings should indicate the more current WPA3 or the latest WPA2-AES encryption.
  • Weak default passwords: Many routers ship with simple default passwords like “admin” or “password123.” When you set up your home Wi-Fi router, make sure to change the router’s default network name and password to at least 12 characters that combine words, numbers, and symbols.
  • Default network names: Keeping your router’s default network name broadcasts your device model to potential attackers. Rename your network to something that doesn’t identify your router brand and model, nor your address or family name.
  • Rogue access points and evil twins: Cybercriminals can set up fake Wi-Fi networks that mimic legitimate ones to intercept your data and steal your identity.
  • Poorly configured guest networks: Guest networks without proper isolation can expose your main network and connected devices to hacking risks.
  • Outdated router firmware: Router manufacturers regularly release firmware updates to patch security vulnerabilities. Running outdated firmware leaves your network exposed to known threats.
  • Unsecured Internet of Things (IoT) devices: IoT home devices such as smart TVs, security cameras, voice assistants, and other smart appliances often have weak security settings and can serve as entry points for attackers seeking to compromise your network, especially if not isolated on a separate network.

What hackers can do after hacking your Wi-Fi

Once scammers gain access to your home or an unsecured public Wi-Fi network, they can launch several types of wireless attacks that directly put your personal information and financial security at risk.

Credential theft and account takeovers

One of the most common dangers is credential theft, where attackers intercept your login information as it travels over unsecured networks. When you check your email, log into social media, or access work accounts on a compromised Wi-Fi network, cybercriminals can capture your usernames and passwords. This wireless identity theft often leads to unauthorized access to your bank accounts, credit cards, and personal profiles.

Session hijacking and traffic sniffing

In session hijacking, attackers take over your current online activities on public Wi-Fi, then impersonate you on websites and services you’re logged into. This tactic is called the man-in-the-middle attack. They might apply for credit cards in your name, make purchases, or even commit crimes while pretending to be you. Through traffic sniffing, they can monitor all data flowing through the compromised networks, capturing everything from personal messages to financial information.

Traffic redirection to fake sites

Cybercriminals will also reroute your internet traffic to malicious websites that look similar to legitimate ones. You think you’re logging into your real bank website, but you’re actually entering your credentials into a scammer’s fake site. This technique, known as DNS poisoning, makes it nearly impossible to detect the deception until it’s too late.

Malware installation

The attackers will push malicious software directly onto your devices, enabling them to log every keystroke you make, steal stored passwords, access your files, and even quietly activate your camera or microphone without your knowledge.

Device surveillance

Hackers can monitor not only your device but all connected devices on your network. That means they can access your entire family’s browsing habits, private messages, stored photos and documents, and online activities, giving them detailed personal information for their identity theft schemes.

These attacks directly affect your daily activities, from online banking to e-commerce shopping to working from home. Even simple tasks, such as checking social media, can result in identity theft when conducted over compromised networks.

Actions to verify a secure wireless network

You don’t have to avoid public Wi-Fi entirely. By being aware of these risks and taking appropriate precautions, you can significantly reduce your exposure to wireless identity theft. The protective measures we’ll explore in the following sections will show you how to recognize dangerous networks, browse safely, and maintain your privacy even when using public connections.

  • Look for the missing lock icon: In your Wi-Fi settings, secure networks display a lock symbol next to the network name. Networks without this icon are open and unencrypted, making your data vulnerable to anyone within range.
  • Avoid generic or suspicious network names: Be wary of networks with names like “Free WiFi,” “Public,” “Guest,” or random combinations of letters and numbers. Legitimate businesses typically use their brand name in their network identifier.
  • Question misspelled business names: If you’re at a Starbucks cafe but see a network called “Starbuckz” or “Starbucks_Free,” it could be a fake network designed to steal your information. Always verify the correct network name with the staff.
  • Check for HTTPS on captive portals: When connecting to public Wi-Fi that requires you to accept terms or log in through a web page, ensure the login page URL starts with “https://” and shows a lock icon in your browser’s address bar.
  • Be cautious in unfamiliar locations: Networks appearing in unexpected places, such as “Coffee Shop WiFi” in a residential area or multiple networks with similar names in one location may indicate malicious hotspots.
  • Verify encryption type: Right-click the network in your Wi-Fi list and navigate to Properties > Security type. A secure network will use WPA2 or WPA3 encryption, while “Open” or “WEP” indicates weak or no protection.
  • Heed certificate warnings: If your device displays security certificate errors or warnings when connecting to public Wi-Fi, make sure to follow them. These alerts could indicate security risks or man-in-the-middle attacks.

Recognize and respond to a Wi-Fi hacking incident

If you suspect your Wi-Fi network has been compromised, don’t panic. Recognizing the warning signs early and taking decisive action can protect your identity and restore your network security.

The most common indicators of a compromised network include unexpected slowdowns in your internet speed, unfamiliar devices appearing on your network, and settings that have changed without your knowledge. You might also notice unusual data usage patterns, your router admin password no longer working, or being redirected to suspicious websites when browsing. When you detect these signs, take quick action.

Immediate steps to take

  1. Immediately disconnect affected devices: As soon as you suspect a compromise, disconnect all devices from your Wi-Fi network to prevent further unauthorized access and limit potential damage from identity theft attempts.
  2. Change your router admin password first: Access your router’s admin panel and immediately update the administrator password to something strong and unique to block attackers from regaining access to your network settings.
  3. Update your Wi-Fi network password. Create a new, complex Wi-Fi password using a combination of letters, numbers, and symbols. Use at least 12 characters for wireless networks.
  4. Install the latest firmware updates: Check your router manufacturer’s website for recent firmware updates that patch security vulnerabilities.
  5. Review and remove unknown devices. Use your router’s device management features to identify and remove any unauthorized devices from your network’s allowed devices list.
  6. Enable WPA3 security if available: Upgrade to WPA3 encryption if your router supports it for enhanced protection from the wireless exploits that commonly affect older security protocols.
  7. Perform a factory reset if necessary: If you cannot identify the source of the compromise or if multiple security indicators persist, reset your router to factory defaults and reconfigure it with strong security settings.

Ongoing safeguards against Wi-Fi hacking

  1. Change your router’s admin and Wi-Fi passwords regularly: Your router’s default credentials are often publicly available online, making them easy targets for wireless identity theft. Create strong, unique passwords for both your router’s admin panel and Wi-Fi network. Update them every 3-6 months and immediately if you suspect any unauthorized access.
  2. Disable WPS (Wi-Fi Protected Setup) on your router: WPS creates a convenient backdoor that hackers can exploit through brute-force attacks. Access your router’s admin panel and turn off WPS completely. This simple step closes a major vulnerability that wireless exploits often target.
  3. Set up a separate guest network for visitors and IoT devices: Isolating your main devices from guest access and smart home gadgets reduces the risks of unprotected Wi-Fi spreading throughout your network. Configure guest network access with time limits and bandwidth restrictions to maintain better control over your network security.
  4. Turn off SSID QR code sharing and disable automatic network sharing: Many modern devices offer convenient network sharing through QR codes or automatic syncing, but these features can inadvertently expose your credentials. Disable these options in your device settings and share Wi-Fi access manually when needed.
  5. Properly wipe devices before selling, donating, or disposing of them: Your old devices store Wi-Fi passwords and network configurations that could compromise your security long after disposal. Perform factory resets and use secure wiping tools to ensure all saved network credentials are completely removed from the device’s memory.
  6. Review and manage your cloud backup settings: Cloud services often sync Wi-Fi passwords and network settings across devices, which can create unexpected security risks. Check your iCloud, Google, or Microsoft account settings to control which network information gets backed up and shared between your devices.
  7. Keep your router firmware updated and monitor connected devices: Manufacturers regularly release security patches to address newly discovered vulnerabilities. Enable automatic firmware updates when possible, and regularly review your router’s connected devices list to spot any unauthorized access attempts that could lead to wireless identity theft.
  8. Monitor your network regularly: Set up ongoing monitoring through your router’s logging features or third-party network monitoring tools to detect future unauthorized access attempts and maintain awareness of your network’s security status.

If you must connect to public Wi-Fi

  • Use your cellular hotspot instead: Your phone’s mobile data connection is far more secure than any public Wi-Fi network. Enable hotspot mode and connect your laptop or tablet to avoid the risks of unprotected Wi-Fi entirely.
  • Enable HTTPS-only mode in your browser: In Chrome, go to Settings > Privacy and Security > Security and enable “Always use secure connections.” For Firefox, visit Settings > Privacy & Security and check “HTTPS-Only Mode.” This prevents wireless attacks that intercept unencrypted traffic.
  • Configure DNS encryption: Use secure DNS services like Cloudflare (1.1.1.1) or Quad9 (9.9.9.9) in your device settings. On Windows, go to Settings > Network & Internet > Advanced network settings > Change adapter options, then configure DNS servers in your connection properties.
  • Disable automatic Wi-Fi connections: On iOS, go to Settings > Wi-Fi and turn off “Auto-Join” for public networks. On Android, navigate to Settings > Network & internet > Wi-Fi > Wi-Fi preferences and disable “Connect to open networks.” This prevents automatic connecting to potentially dangerous networks.
  • Enable multi-factor authentication and use passkeys: Protect your accounts with MFA through apps like Google Authenticator or Microsoft Authenticator. When available, choose passkeys over passwords, which are more resistant to phishing and man-in-the-middle attacks.
  • Avoid sensitive tasks on public Wi-Fi: Never access banking, make financial transactions, or log into administrative accounts while connected to public networks. Save these activities for your secure home network or use your cellular data connection instead.
  • Forget networks after use: Always remove public Wi-Fi networks from your saved connections when you leave. On your device’s Wi-Fi settings, select the network and choose “Forget” or “Remove” to prevent automatic reconnection to potentially compromised networks.
  • Verify network authenticity: Before connecting, confirm the exact network name and password with venue staff. Attackers often create fake networks with similar names, such as “Free_WiFi” or “Hotel_Guest,” to capture your data.
  • Keep your device updated: Install security updates promptly on all devices. These patches often fix vulnerabilities that could be exploited on public networks, helping you stay protected.
  • Use a reputable VPN service: When you must use public Wi-Fi, connect through a trusted virtual private network to encrypt all your traffic and create a secure tunnel that protects your data even on compromised networks.

Final thoughts

To guard your network or device from hacking attempts, take action today by updating your router’s firmware and passwords, reviewing and removing unnecessary saved networks from your devices, and enabling multi-factor authentication on all your important accounts. These small, but consistent steps will deliver tangible benefits to your daily digital activities.

For better security, subscribe to an identity theft protection service such as McAfee+, which offers proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your accounts. All things considered, the investment in these security measures is minimal compared to the peace of mind they provide.

The post Verify Secure Wireless Networks to Prevent Identity Theft appeared first on McAfee Blog.

Yesterday — December 31st 2025Your RSS feeds

Hack the Vote: Pros and Cons of Electronic Voting

By: McAfee
vote wallpaper on laptop

Every four years, scores of American people flood churches, schools, homes, and auditoriums to cast their ballots for the future of American leadership. But amid the highs and lows of election night, there is an ongoing conversation about how the votes are being counted.

As results slowly roll in, voters struggle with long lines and faulty machinery in key battleground states, prompting debates on the efficiency of the U.S. voting process. In an age where American Idol results can be instantaneously transmitted over a mobile device, why are we still feeding paper ballots into machines that look like props from ‘90s movies?

On the one hand, countries like Canada, Norway and Australia have already experienced success with their adoption of online voting systems, and proponents say going digital will boost voter turnout and Election Day efficiency. On the other, naysayers cite hacking, malware, and other security threats as deal-breakers that could threaten the backbone of American democracy.

So what are the facts behind this debate? Below, we’ve outlined key arguments for and against online, email, and electronic voting systems, to help users at home move beyond the pre-election campaign hype.

Electronic voting: Better or worse than paper ballots?

Since there have been elections, there have been people tampering with votes. Given this, experts are justifiably concerned with any technology that could introduce new points of access to the data stored during an election. Nevertheless, a handful of states now use electronic voting machines exclusively—Delaware, Georgia, Louisiana, New Jersey and South Carolina—and even notorious battleground states Ohio and Florida have made the move toward paperless votes.

The concern is that when there is no physical ballot, it becomes next to impossible to determine if there has been tampering—especially in the case of a close election. The contested 2000 Bush-Gore race comes to mind as an example of the stark importance of reliable election machinery. In 2012, Pennsylvania voting machines were taken out of service after being captured on video changing votes from one candidate to another.

Still, most of these machines now supply a paper trail to guard against tampering, and a vast majority undergo frequent, mandatory testing. The machines are also not connected to the Internet and are segregated from any network-connected devices. In terms of physical security, the machines themselves are secured with locks and tamper-evident seals, and they’re heavily protected when transported to and from polling places.

Hacking the vote: It’s easier than you think

While electronic voting promises efficiency and convenience, the reality is that these systems face significant vulnerabilities that make them easy targets for hacking.

Attackers don’t need to hack every voting machine individually. They only need to target the broader voting ecosystem through several key attack vectors. For one, supply chain risks represent one of the most concerning threats, where malicious components or software can be introduced during manufacturing or updates. Misconfigured systems and outdated firmware create entry points that cybercriminals actively seek out, while exposed network ports can provide side-channel access to supposedly isolated voting infrastructure.

Beyond direct machine tampering, sophisticated attacks focus on ballot definition files—the digital templates that determine how votes are recorded and counted. Manipulating these files can alter election outcomes without voters realizing it. Similarly, result reporting systems that transmit vote tallies from polling locations to central counting facilities present attractive targets for those seeking to disrupt electoral processes.

Recent security research demonstrates these vulnerabilities aren’t theoretical. In 2003, cybersecurity researchers at Johns Hopkins University documented significant security gaps in widely used electronic voting systems during controlled testing environments, revealing that basic network intrusion techniques could compromise vote tallies without detection. Meanwhile, a 2022 audit conducted by election security experts in Georgia identified configuration errors in electronic polling systems that could have allowed unauthorized access to voter data and ballot information.

Perhaps more concerning is how disinformation campaigns around unofficial election results can amplify doubts about electoral integrity, regardless of actual system security. These campaigns often spread false information about electronic voting fraud or online voting hack attempts, creating confusion that undermines public trust in legitimate election outcomes.

It’s crucial to understand that the primary impact of these vulnerabilities often isn’t direct vote manipulation—it’s the erosion of voter confidence in our democratic processes. When people doubt that their votes count accurately, it weakens the foundation of democratic participation.

Privacy & security concerns in online voting

Will our presidential elections ever go the way of American Idol? Despite advances in technology, the vast majority of Americans must vote in person or via mail-in ballot. At present, only very limited electronic voting options exist, primarily for specific voter groups and circumstances, such as:

  • Military and overseas voters: The Uniformed and Overseas Citizens Absentee Voting Act (UOCAVA) allows military personnel and overseas citizens to return marked ballots electronically in some states. However, this typically involves downloading a ballot, marking it, and returning it via secure email or portal—not full online voting.
  • Voters with disabilities: These accommodations vary by state. Some states offer electronic ballot marking tools or accessible voting systems for voters with disabilities. These systems often allow electronic marking but require printing ballots for submission, maintaining a paper trail for verification.
  • Citizens displaced by natural disasters: During an election cycle when many New Jersey residents were affected by Hurricane Sandy, officials established email as an alternative voting method. But as Election Day loomed, the system was soon blamed for a slew of issues.

Vulnerabilities in online voting systems

Understanding the vulnerabilities that plague electronic voting systems isn’t about creating fear, but about building stronger defenses. Below, we have listed some of the potential attack vectors to help you make informed decisions about digital democracy.

The email software

In email voting, unencrypted emails pose a serious security risk because they can be easily intercepted, spoofed, or altered in transit. When a ballot is sent without encryption, it travels across networks in plain text, allowing cybercriminals to access and modify its contents before it reaches election officials. Attackers also might impersonate legitimate voters by sending forged emails or inject malware into attachments that appear to be ballots.

The device

Computers used to send or receive the emails can be compromised to change or block a voter’s choices. When you cast your ballot online, malware can intercept your vote before it even leaves your device. In addition, the receiving computer will need to open attachments sent by unknown users to tally the votes, one of the most common causes of malware infections.

Credential theft

Phishing attacks specifically target voting credentials, often through fake election websites or deceptive emails. Multi-factor authentication and government-issued digital certificates provide essential barriers. In 2023, the National Institute of Standards and Technology released its Digital Identity Guidelines that recommended biometric verification combined with secure tokens for high-stakes digital transactions like voting.

Man-in-the-middle attacks

Your vote travels across networks where attackers might intercept or modify it. To thwart these attacks and ensure your ballot remains tamper-proof during transmission, end-to-end encryption with cryptographic signatures can be integrated into online voting systems. Advanced protocols such as homomorphic encryption allow vote counting without exposing individual choices.

Server-side vulnerabilities

Voting servers face constant attack attempts. Independent security audits, isolated network environments, and blockchain-based verification systems can help maintain integrity. Regular penetration testing, as recommended in the Election Assistance Commission’s 2023 Voluntary Voting System Guidelines, identifies weaknesses before they’re exploited.

Distributed denial of service

DDoS attacks can overwhelm voting portals during critical periods. Distributed server architecture, traffic filtering, and backup submission methods could ensure continuous access, while cloud-based solutions provide scalable protection against volume-based attacks.

Ballot secrecy

Online systems must balance verification with privacy. Protocols such as zero-knowledge proof could allow voters to confirm that their ballot was counted without revealing their choices. Anonymous credential systems separate voter identity from vote content.

Auditability challenges

Digital voting requires verifiable paper trails or cryptographic receipts. This can be addressed with voter-verified paper audit trails (VVPAT) and risk-limiting audits that provide the transparency necessary for public confidence.

Cyber threats to voting abound long before Election Day

In this digital age, threats to the voting process start well before election day. Cybercriminals take advantage of the campaign fever when citizens turn to technology for updates on the election process or news about running candidates.

Amid all this, your role as a voter includes staying informed about these protections and choosing secure voting methods when available or legitimate information sources. Democracy thrives when citizens understand both the possibilities and precautions of digital participation.

  • Fake voter registration websites: Scammers create convincing look-alike sites that mimic official election portals to steal your personal information. These sites often appear in search results with urgent messaging about registration deadlines, but they’re designed to harvest your data for identity theft or voter suppression purposes.
  • Phishing texts and emails about “polling changes”: You might receive official-looking messages claiming your polling location has changed, voting has been extended, or you need to “confirm” your registration via text or email. These communications often create false urgency to trick you into clicking malicious links or sharing sensitive information.
  • Impersonation of election officials: Scammers pose as election workers, poll supervisors, or government officials via phone calls, texts, or door-to-door visits. They may claim there are problems with your registration, then request personal information to “verify” your eligibility.
  • Malinformation hotlines: Fraudulent phone lines spread false information about voting procedures, dates, or requirements. These services intentionally provide incorrect details to discourage voting or cause confusion about the electoral process.
  • Political donation fraud: Fake political organizations and candidates set up fraudulent donation sites that look legitimate but funnel your money and financial information directly to scammers. These sites often use names similar to real campaigns or causes to deceive donors.

Your role in protecting election integrity

Every voter plays a role in ensuring elections remain fair, secure, and transparent. By following proper voting procedures, verifying information through official sources, and reporting suspicious activity, you help strengthen trust in the system. Small actions can make a big difference in protecting the integrity of every vote.

  • Plan your preferred voting method: Before Election Day arrives, take time to plan how you’ll cast your ballot—whether it’s in person at your local polling place, by mail, or through accessible voting options available in your state. If you’re an overseas military or citizen, research your state’s UOCAVA procedures. Knowing this could help you avoid last-minute issues that might force you to bypass safe voting practices.
  • Confirm your voter registration status at your official state portal: This quick step ensures that your information—such as your name, address, and polling location—is accurate and up to date, and helps you avoid surprises like being listed under the wrong district or finding out you’re not registered at all.
  • Verify your polling location through official channels: This ensures you’re voting at legitimate facilities with properly managed systems. When available, choose paper backup options or locations that use voter-verified paper audit trails, which provide physical evidence of your vote that can’t be altered digitally.
  • Keep your personal devices secure during election periods: You can do this by updating software, using strong passwords, and being cautious about election-related apps, websites, or messages that aren’t from official government sources.
  • Stay alert for potential vulnerabilities: As a voter or observer, you can: verify polling place seals are intact, confirm machines display zero totals before voting begins, observe that poll workers follow proper procedures, and report any irregularities to election officials immediately.

Key tips to verify legitimate communication during election season

Practicing good cybersecurity hygiene helps safeguard not only your information but also the integrity of democratic participation. Here are some key guidelines to stay secure online and protect your vote.

  • Official election information only comes from verified .gov websites: Scammers often create legitimate-looking websites to trick voters into sharing personal data or clicking malicious links. When searching for election details, always rely on official .gov domains. These are verified and maintained by state and local election authorities, offering information that is accurate, secure, and up to date.
  • Contact your state or local election office directly using official phone numbers: For voting-related questions, contact your state or local election office directly using details listed on verified .gov websites to ensure you receive accurate local information. Do not rely on social media, emails, or unofficial websites, as scammers often use these fake hotlines to collect personal data or sow disinformation.
  • Deal only with verified election officials: Imposters may pose as officials through phone calls, emails, or even in person to collect your personal data or influence your vote. To confirm legitimacy, check any communication from an official .gov email address or website, verified government phone line, or your local election office.
  • Verify “urgent” voting information through multiple official sources: During election season, scammers often spread “urgent” messages or “breaking news” to sow panic or confusion—such as changes in polling hours or locations—to suppress voter turnout. Always verify updates through official sources, such as your state’s .gov election website, local election office, or trusted news outlets.
  • Update all your devices with the latest security patches: Before researching candidates, browsing election information, or logging into voter portals, make sure all your devices are running the latest versions. Security patches fix vulnerabilities that hackers can exploit to install malware or steal personal data.
  • Use strong, unique passwords for voter-related accounts or portals. When creating strong, unique passwords for each election-related site you use, especially government or voter registration portals, use a mix of letters, numbers, and symbols, and avoid personal details like birthdays or pet names. Password managers can help you generate and store complex passwords, reducing the risk of credential theft.
  • Enable two-factor authentication (2FA) wherever possible. Enabling 2FA on your email and voter-related accounts significantly strengthens your defense against unauthorized access. Even if hackers obtain your password, they won’t be able to log in without this additional confirmation.
  • Report suspected election-related scams to your local officials and relevant authorities: If you encounter a suspicious website, message, or phone call related to voting—report it to your state or local election office, the Cybersecurity and Infrastructure Security Agency or the Federal Trade Commission. Authorities track malicious activity and protect other voters from falling victim to similar schemes.

These multi-layered protections work together to maintain election integrity, though gaps can emerge when procedures aren’t consistently followed or when oversight is insufficient.

Final thoughts

While online voting systems can’t be written off, ongoing cybersecurity challenges don’t bode well for the immediate future of these platforms.

While technology has transformed nearly every aspect of modern life—from shopping to banking, and working—applying that convenience to the voting booth still presents challenges. Security, transparency, and public trust remain at the core of any democratic process, and rushing toward online or paperless voting without upholding these principles could be harmful.

Progress is steadily being made, however, with advances in encryption and digital identity frameworks. With careful design, rigorous testing, and strong oversight, technology can enhance the safeguards that underpin election integrity.

For now, the most effective way to protect democracy is through awareness and participation. Stay informed about your state’s voting systems, verify election information only through official sources, and remain alert to misinformation and scams. Each responsible voter plays a part in strengthening the integrity of elections.

The post Hack the Vote: Pros and Cons of Electronic Voting appeared first on McAfee Blog.

Crush that Worm before It Creeps into Your Computer

By: McAfee
virus check on screen

Some years ago, a highly infectious computer worm called W32/Autorun was discovered to be infecting Windows computers. Unlike a virus, a worm such as W32/Autorun doesn’t steal anything from your computer. Instead, it spreads rapidly and opens as many security holes as possible to allow hackers to install a different form of malware that will eventually steal information, money, or both.

While this worm is less widespread today, it continues to infect older Windows operating systems that are not regularly updated. This guide will take a closer look at how the worm spreads and outline preventive measures to avoid infection.

Older Windows versions at risk

Autorun worms primarily affect older Windows systems such as Windows XP, Vista, and early versions of Windows 7, which had AutoRun enabled by default. Microsoft recognized this security vulnerability and significantly restricted AutoRun capabilities in newer Windows versions, but millions of older systems remain at risk if they haven’t been properly updated or configured.

When an autorun worm infects your system, it can compromise both your files and privacy in several ways by stealing personal documents, capturing passwords and banking information, or installing additional malware that monitors your online activities. Some variants encrypt your files for ransom, while others turn your computer into part of a botnet used for spam or cyberattacks. The infection can also spread to family members, friends, or colleagues when you share USB drives or connect to shared networks.

While this worm is less common today due to security updates in newer Windows operating systems, the concept of autorun malware is still relevant, often evolving into new forms that spread via malicious downloads, USB drives, or network shares. These forms use clever file drops and social engineering, with detection still relying on robust antivirus and user caution.

Key ways W32/Autorun bypasses your computer’s defenses

W32/Autorun is effective because it exploits everyday behaviors and outdated system features. Instead of forcing its way into your computer, it relies on built-in Windows functionality and simple tricks to get users to let it in, slip past basic defenses, and infect systems.

Easy way in via Windows AutoRun

An autorun worm spreads, as its name suggests, automatically through removable storage devices such as USB drives, external hard drives, and network shares. It takes advantage of Windows’ AutoRun and AutoPlay features to secretly execute itself when you connect the removable device to your computer that has AutoRun. A dialog box then pops up asking if you want to automatically run whatever is on the device. When you unsuspectingly click “run,” you’ve authorized the W32/Autorun worm. Once active, the worm copies itself to other connected drives and network locations, rapidly spreading to any system. While this feature was not included in Windows 8 for security reasons just like this, it still exists on many older machines that haven’t been updated in a while.

Fake folders lure victims in

Even if you don’t have Windows AutoRun enabled in your device, W32/Autorun disguises itself as interesting imposter files and folders with names like “porn” and “sexy” in infected flash drives or shared internet connections to trick you into downloading the worm. Once you click on the malicious file, it executes AutoRun and infects your computer.

The worm can also change your computer’s settings to allow it to run every time you boot up. Some variants even disable Windows updates to prevent the system from downloading security patches and ensure the worm can do its job of infecting every device your computer comes into contact with, opening the door for any virus a hacker wants to install at your expense.

Symptoms of a W32/Autorun worm infection

A W32/Autorun worm infection works quietly in the background, spreading to connected devices and weakening your system’s defenses without triggering immediate alarms. However, there are subtle signs that indicate the infection. Recognizing these early symptoms can help you take action to block the worm’s activities before it causes irreparable damage to your device and network:

  • Slow performance: Your computer or internet connection may slow down due to the high processing usage that the worm requires as it actively searches for drives to infect.
  • Presence of unfamiliar files/folders: The worm creates copies of itself and configuration files on infected drives, sometimes disguised with random names or enticing names such as “porn” or “sexy”.
  • System instability: Your computer may begin freezing, crashing, or restarting unexpectedly as the worm runs multiple background processes while consuming system resources and interfering with normal operating functions.
  • Modified settings: You might notice unexpected changes to your desktop, folder views, or system preferences without your input. These modifications are often made to hide malicious files or make it easier for the worm to run automatically.
  • Loss of access to some features: Tools like Task Manager, Registry Editor, or Folder Options may suddenly become inaccessible. The worm disables these features to prevent you from stopping its processes or removing it manually.
  • Disabled antivirus software or Windows updates: Your security software may stop working properly, or Windows updates may be turned off without explanation. This enables the worm to block security patches and scans that could remove it.
  • Unusual network activity: You may notice unexplained internet traffic even when you’re not actively using your device. The worm could be contacting remote servers to report successful infections or download additional malicious components.
  • Diminished storage space: Available disk space may shrink rapidly with no clear reason. This happens because the worm repeatedly copies itself across your system and connected drives.

Consequences of the W32/Autorun worm

The impact of the W32/Autorun worm can vary depending on the specific variant, ranging from minor annoyances to severe system compromise:

  • System damage and further infection: The W32/Autorun worm acts as an entry point for attackers to silently install more dangerous malware, including data-stealing Trojans or destructive viruses.
  • Data loss and corruption: Some variants can delete important files or corrupt stored data, making documents, photos, or applications unusable or permanently unreadable, even after the worm is removed.
  • Disruption of operations: Because the worm consumes large amounts of processing power and memory in the background, it can slow down your device’s performance and stall programs to make daily computing tasks difficult.
  • Unauthorized access and information theft: Certain W32/Autorun variants are capable of monitoring your online activity, including logging keystrokes, capturing login credentials, and stealing financial details or personal data.
  • Aesthetic changes: Less destructive versions of the worm may focus on annoying changes such as altered desktop backgrounds, browser settings, or system appearance.

How to Prevent a W32/Autorun Infection

Preventing a W32/Autorun infection is largely about closing the simple security gaps the worm relies on to spread. By taking these steps, you can significantly reduce the chances of this worm gaining access to your computer.

1. Disable AutoRun

If your computer is still prompting you to automatically run applications each time you insert a CD, connect to a new network, or plug in a flash drive, update your computer as soon as possible. Visit the Microsoft website to learn how to disable AutoRun for your specific version of Windows.

2. Beware of shared removable devices

Remember that this worm is highly infectious. If you share a flash drive with a friend whose computer is infected, that flash drive will carry the worm to your computer. If you do need to share a device, make sure AutoRun is disabled before you plug it in, and check that your security protection has the capability to scan new drives to prevent you from clicking on infected files.

3. Use reliable antivirus

While the first two tips focus on prevention, a reliable security solution will not only prevent a W32/Autorun infection, but also remove it from your computer. Solutions like McAfee+ will catch the W32/Autorun worm bug and other similar malware, protecting you from accidentally spreading it to friends and family.

Final thoughts

Autorun worms represent a persistent threat that combines old vulnerabilities with modern attack techniques. Newer security measures may have reduced their impact, but these worms continue to target systems with outdated configurations through the continued use of removable media. This is why keeping systems updated and being cautious with external devices are important habits to apply.

In addition, you can protect yourself with proper security practices: disable AutoRun on older systems, keep your antivirus software updated, scan external devices before accessing their contents, and avoid connecting unknown USB drives to your computer.

The post Crush that Worm before It Creeps into Your Computer appeared first on McAfee Blog.

Helpful Tips for Safe Online Shopping

By: McAfee
Shopper using smartphone app

Thanksgiving—not before Halloween as we see things in stores and online now. It seems like the holiday season and decorations start earlier and earlier every year.

But one thing that hasn’t changed is that Black Friday is still a big shopping day. With the advent of online shopping has emerged Cyber Monday, another big sale day for online shoppers on the first Monday after Thanksgiving.

Although many of us may take advantage of these great deals that the holidays offer, we also need to be aware of the risks. Online shopping is a fun and convenient way to make purchases, locate hard-to-find items, and discover bargains, but we need to take steps to protect ourselves.

This guide looks at the methods and warning signs behind online shopping scams, shows you how to recognize fake shopping apps and websites, and shares tips for staying safe online.

Online shopping safety amid growing e-commerce concerns

Online shopping has become a cornerstone of American life. CapitalOne Shopping projects American online spending to reach $1.34 trillion in 2024 and exceed $2.5 trillion in 2030.

With such a massive sum at stake, cybercriminals are laser-focused on taking a share of it, posing financial risk to the 288 million Americans who shop online. As e-commerce grows, so does fraud. In 2024, e-commerce fraud was valued at $44.3 billion, a number seen to grow by 141% to $107 billion in 2029.

Be that as it may, there are many smart shopping habits you can apply to dramatically reduce your risk of becoming a victim of online shopping fraud and enjoy the convenience and benefits of online commerce.

Common online shopping scams

Online shopping scams are designed to look normal—at first glance—especially during busy sale seasons when we’re distracted by a million preparations, moving fast, and chasing deals. These are the very circumstances that fraudsters bank on to victimize you into taking the bait. Being aware of the common scam indicators will help you pause and think, recognize trouble early, and protect both your money and your personal information.

  • Non-delivery scams: You pay for items that never arrive, often from fake storefronts or fraudulent sellers who disappear with your money. The seller might have required you to pay through a wire transfer, cryptocurrency, or gift card, methods that are indisputable and untraceable. If you check the website, it may look new and have no customer reviews or suspiciously have only perfect 5-star ratings. It may also offer prices that are significantly below market value.
  • Counterfeit goods scams: You receive knock-off products instead of authentic brand-name items, particularly affecting electronics, cosmetics, and luxury goods. On closer inspection, you will notice spelling errors in brand names or product descriptions, the prices seem too good to be true for premium brands, and sellers have no proof of authenticity or authorized dealer status.
  • Bait-and-switch scams: Attractive deals lure you in, but you’re pressured to buy different, more expensive items or receive products that don’t match what was advertised. This type of scam is usually characterized by items that are always “out of stock,” but offer readily available, more expensive alternatives. The seller also applies high-pressure sales tactics or limited-time offers that prevent you from comparison shopping, while the product descriptions are vague or don’t match the images shown.
  • Refund and overpayment scams: In this scheme, scammers will pose as buyers who “accidentally” overpay you for items you’re selling, then request you to refund the difference before their original payment bounces. They will also use payment methods that can be reversed such as checks or money orders, then ask for a refund and suggest sending shipping companies to collect items before the payment clears.
  • Website and marketplace impersonations: Fake websites designed to look like legitimate popular brands can steal your payment information and personal data. Watch out for websites that have slightly misspelled URLs or don’t use secure HTTPS encryption as marked by the padlock icon in your browser, as well as missing or incomplete contact information, privacy policies, or terms of service.
  • Product return fraud: Scammers exploit return policies by selling you used, damaged, or counterfeit items while making returns and refunds difficult or impossible through fake or non-existent customer service. Their return policies are overly complicated, buried in fine print, or require original packaging that wasn’t provided. They will disappear from marketplaces immediately after the return period expires.

A guide to knowing if a shopping website is legit

Safe online shopping starts with recognizing the hallmarks of legitimate retailers. Before you enter any payment details, take a moment to verify that the website you’re shopping on is genuine. Scam stores can look polished and convincing, but they often leave behind subtle clues. Here are quick ways to check their authenticity:

  1. Verify the website URL: By typing the URL directly into your browser rather than clicking links from emails or ads, you will avoid typosquatting scams—fake websites with URLs that look almost identical to real retailers, except for slight misspellings. Look for clear return and shipping policies. Read the fine print to understand your rights if something goes wrong.
  2. Confirm physical address and customer service: Real businesses provide multiple ways to contact them, including a physical address, phone number, and email.
  3. Evaluate pricing for realism: The prices are too good to be true, especially for high-demand or hard-to-find items. Many legitimate retailers now offer price-matching policies, allowing you to get market-average or competitive prices.
  4. Check for verified customer reviews: Look for reviews on independent platforms like Google, Yelp, or Trustpilot rather than relying solely on testimonials on the retailer’s website. Cross-reference feedback across multiple platforms.
  5. Ensure secure payment options: Look for HTTPS in the URL and avoid sites that only accept wire transfers, gift cards, peer-to-peer payment apps, or cryptocurrency. For online purchases, check that the seller offers secure payment options with dispute protection, such as digital wallets and/or credit cards.
  6. Research domain age and registration: Use WHOIS lookup tools to check when the domain was registered. Fraudulent sites are usually newly created domains designed to disappear quickly after collecting payments. In addition, established retailers and official brand websites have invested heavily in solid security infrastructure and payment processing, customer protection programs, fraud prevention systems, and long-standing relationships with credit card companies that smaller or unknown sellers often lack.
  7. Check the Better Business Bureau: Search for the seller’s company on the Better Business Bureau to see their rating, complaint history, and accreditation status, and help you identify potential risks before making a purchase.
  8. Pay attention to browser safety warnings: Modern browsers like Chrome, Firefox, and Safari will warn you about potentially dangerous or untrustworthy sites. Google’s Safe Browsing technology blocks millions of unsafe sites daily, so don’t ignore these warnings when they appear. Some comprehensive security tools also include web protection that alert you against dangerous links and downloads, malicious websites, and more.
  9. Verify secure checkout processes: Legitimate sites use SSL (Secure Sockets Layer) encryption during checkout, which you can confirm by looking for “https://” and a lock icon in your browser’s address bar.

11 Tips for safe holiday shopping online

  • Be extra vigilant: Cybercriminals send millions of fake shopping emails that contain suspicious links, with the aim of exploiting your anxiety over catching that amazing deal or deliveries. For example, you might receive an unexpected “Amazon Prime renewal” email or a text from UPS, FedEx, or other carriers when you didn’t purchase anything online. These phishing emails and texts contain malicious links designed to steal your personal information or install malware on your devices. Don’t click the link. Verify delivery notifications through your account or the carrier’s official website or app, then delete the scam email or text immediately.
  • Stick with trusted sellers: When shopping on marketplaces, stick with your trusted online retailers and sellers with high ratings, extensive review histories, and “fulfilled by” programs where the main platform handles shipping and returns. Download retailer apps directly from official app stores rather than third-party sources, as these include enhanced security features and exclusive customer protections.
  • Check the site’s web address: Always type retailer URLs directly into your browser’s address bar or use your bookmarks. Once you arrive at a site, make sure it is the correct URL such as www.amazon.com and not www.amazan.com. Purchase directly from official brand websites or authorized retailers, and verify seller credentials through the brand’s official dealer locator when shopping on marketplaces.
  • Check that the site is secure: Some people cannot tell if a site is secure. Some things to look for on a secure site include:
    • A web address that starts with HTTPS instead of HTTP, indicating that encryption is used to protect your information.
    • A lock symbol beside the URL, proper SSL certificates, and several contact methods.
    • A security seal, such as the McAfee SECURE™ trustmark, indicating that the site has been scanned and verified as secure by a trusted third party. This security seal indicates that the site will help protect you from identity theft, credit card fraud, spam, and other malicious threats.
  • Pay with a credit card or digital wallet: Credit cards offer better protection against fraud than debit cards. You won’t be liable for fraudulent purchases, while cyberthieves won’t be able to drain your bank account if they get your account log-in credentials. Better yet, use a virtual credit card number or a digital wallet such as Apple Pay or Google Pay to prevent your actual card details from being stored on merchant sites. Also, avoid storing your credit card information on new or questionable sites to reduce your exposure if those sites experience security breaches.
  • Take note of shipping and return policies: Always review shipping timelines, return windows, and refund policies before completing your purchase. Not reading the fine print can leave you stuck with unwanted purchases or unexpected fees.
  • Validate social media sellers: Shopping directly through social media platforms or unknown sellers bypasses traditional consumer safeguards. Before you buy from a social media seller, verify their legitimacy, check for customer reviews outside the platform, and use payment methods that offer dispute resolution.
  • Keep communications on-platform: Never move conversations or payments outside the marketplace platform. Scammers often try to lure buyers to external communication channels or direct payment methods to circumvent buyer protections. Legitimate sellers understand that platform policies protect both parties and will keep all interactions within the official channels.
  • Do not use a public computer or Wi-Fi when shopping online: Strangers may be able to access your browsing history and even your login information on shared devices or over unsecured public Wi-Fi. To protect yourself, do all of your online shopping from your home computer or your personal mobile device.
  • Make sure you have a clean computer or mobile device: Make sure you have up-to-date security software on all your devices to safeguard your privacy, protect against identity theft, and defend against viruses and online threats.
  • Keep a paper trail: Take a screenshot of product listings and advertisements before purchasing. Keep a copy of your order number and receipt, and note which credit card you used. When you receive your credit card statement, review it to make sure that the charge on your card is correct, with no extra fees.

The FTC also recommends these additional tips so you can enjoy all the advantages that online shopping has to offer and prevent risking your personal information.

Immediate steps to take if you ordered from a fake online store

  1. Contact your credit card issuer immediately: Call the customer service number on the back of your card once you realize you’ve been scammed. Request a chargeback and explain that you received counterfeit goods, nothing at all, or that the merchant was fraudulent. You usually have 60 days from your statement date to dispute charges, but acting quickly improves your chances of a successful resolution.
  2. Freeze or replace your payment card: Contact your bank or card issuer to freeze your current card and request a new account to prevent more unauthorized charges. If you used a debit card, this step is especially critical since debit card fraud protections are more limited than credit cards.
  3. Change your passwords and enable two-factor authentication: If you created an account on the fake website, change your password immediately on your real account and any linked accounts such as email, banking, and social media. Enable two-factor authentication and think about using a password manager to generate and store unique passwords for each account.
  4. Report the fraudulent seller to the platform or hosting service: Protect other consumers by reporting the fake store. If the site appeared in search results or social media ads, report it to those platforms. You can also report fraudulent websites to their hosting companies to take down fraudulent sites once notified.
  5. File reports with federal and state authorities: Report the scam to the Federal Trade Commission (FTC) and the Internet Crime Complaint Center (IC3) to help authorities track scam trends and assist in investigations. Additionally, contact your state’s attorney general office, as many have consumer protection divisions that handle online fraud.
  6. Save and organize all evidence: Document everything related to your purchase in both digital and printed formats: screenshots of the website, confirmation emails, receipts, payment records, and any communication with the seller. Save copies of your credit card or bank statements showing the charge. These documents are essential for your chargeback dispute and law enforcement investigations.
  7. Monitor your credit report and identity closely: Keep a close eye on your bank and credit card statements, as well as credit reports from all three major bureaus—Experian, Equifax, and TransUnion—for suspicious activity, and place a fraud alert or credit freeze on your accounts if you’re concerned about identity theft.
  8. Follow up on your chargeback and dispute process: Stay in regular contact with your credit card company about your dispute and provide additional documents promptly if requested. Be patient and persistent as the investigation process could take up to 90 days.

Final thoughts

Online shopping should feel exciting, not a dangerous undertaking you have to brace for, especially during the season of giving. It can be, with a few simple steps—checking the URL, looking for HTTPS, verifying the seller, paying with a credit card or virtual number, and trusting your gut when something feels suspicious. These small habits will keep your money and your identity where they belong: with you.

For increased safety while shopping online, seek out the help of a trusted security solution such as McAfee+ that will alert you of risky links and compromised websites to prevent identity theft or malware infection.

If this guide helps you, pass it along to someone you care about. Scams don’t just target individuals—they cascade into families and friend groups. The more we normalize safe shopping habits and increase our vigilance, the harder it is for fraudsters to win. If you ever feel unsure mid-purchase, take a breath and double-check. A few extra seconds now can save you a lot of stress later. Stay safe, and happy shopping!

The post Helpful Tips for Safe Online Shopping appeared first on McAfee Blog.

Smart Ways to Keep Your Social Security Number from Being Cracked

By: McAfee

A determined cybercriminal can find ways to guess or predict an individual’s Social Security number, which puts us all at a greater risk for identity theft.

In 2009, researchers from Carnegie Mellon University revealed that a reliable method for predicting Social Security numbers was discovered using information from social networking sites, data brokers, voter registration lists, online white pages, and the publicly available Social Security Administration’s Death Master File.

Originally, the first three numbers on a Social Security card represented the state in which a person had initially applied for their card. Numbers started in the Northeast and moved westward. This meant that people born on the East Coast were assigned the lowest numbers and those born on the West Coast were assigned the highest numbers. Before 1986, people were rarely assigned a Social Security number until age 14 or so, since the numbers were used for income tracking purposes.

The Carnegie Mellon research

The Carnegie Mellon researchers were able to guess the first five digits of a Social Security number on their first attempt for 44% of people born after 1988. For those in less populated states, the researchers had a 90% success rate. In fewer than 1,000 attempts, the researchers could identify a complete Social Security number, “making SSNs akin to 3-digit financial PINs.” The researchers concluded, “Unless mitigating strategies are implemented, the predictability of SSNs exposes people born after 1988 to risks of identity theft on mass scales.”

To address this security gap, the Social Security Administration in 2011 changed the way SSNs are issued by randomizing number assignment to make predicting patterns more difficult. While this is certainly an accomplishment, the potential to predict Social Security numbers is the least of our problems. Social Security numbers can be found in unprotected file cabinets and databases in thousands of government offices, corporations, and educational institutions, exposing people to identity theft and other related risks. With the growing losses from all identity theft cases, protecting SSNs is a serious concern.

Your SSN: It’s more than a string of numbers

Your Social Security number might be only nine digits, but in the wrong hands it can act like a master key that unlocks far more. It can reveal details about your life, serving as a powerful linking tool for cybercriminals to access or verify your other personal details and build a fuller profile of your identity.

  • Credit and financial information: When combined with other identity elements like your name and address, your SSN can help criminals access your credit reports and financial accounts. Fortunately, legitimate financial institutions require multiple forms of verification beyond your SSN, including security questions, account numbers, and authentication codes sent to your registered devices.
  • Government benefits access: Your SSN serves as a key identifier for Social Security benefits, Medicare, unemployment claims, and tax refunds. Criminals may attempt to file fraudulent claims using your SSN, but the Social Security Administration has implemented stronger identity verification requiring additional documentation and in-person visits for many services.
  • Employment records: While your SSN identity theft risk includes employment fraud, most employers now use E-Verify and require physical documentation such as driver’s licenses and passports. Your SSN alone typically isn’t enough for someone to successfully impersonate you for employment, though it can be part of a broader identity theft scheme.
  • Medical records and insurance: Healthcare providers use SSNs to verify insurance coverage and access medical histories. Criminals have attempted medical identity theft, but most healthcare systems now require photo ID, insurance cards, and often biometric verification to access sensitive medical information and services.

Your stolen SSN could be on the dark web

Your Social Security number is one of your most private identifiers, but in today’s data economy it can quietly slip into criminal marketplaces on the dark web. Even if you’re careful with your information, you can’t control how organizations protect the data they collect from you. These exposures often result from data breaches, scams, or systems you had to trust — employers, hospitals, banks, schools, and even government agencies. When your SSN shows up there, it’s usually bundled with your other information—name, birthdate, address—making it far more valuable and dangerous than a random number on its own.

Being familiar with the common paths that take your SSN to the dark web will help you recognize and avoid the risks earlier, and act fast if your information is ever compromised.

  • Third-party data breaches: Your SSN could end up on the dark web when companies, healthcare providers, or government agencies you’ve shared it with experience security breaches. Recent high-profile incidents have exposed millions of records, including major credit reporting agencies and healthcare systems.
  • Device malware and info-stealing attacks: Cybercriminals use sophisticated malware that can capture data as you type, including Social Security numbers entered on tax forms, job applications, or financial websites. Banking trojans and keyloggers specifically target sensitive information for sale on illicit markets.
  • Phishing schemes and social engineering: Scammers impersonate trusted organizations like the IRS, your bank, or employers and create convincing fake websites, emails, or phone calls that trick you into “verifying” your SSN. They will claim your SSN has been “suspended” or “compromised,” threaten you with arrest or legal action, or request to verify your SSN for any reason. Pressure tactics and demands for immediate action are classic red flags.
  • Compromised data brokers: Data brokers legally collect and sell personal information, gathered from public records, social media, and other sources, creating comprehensive profiles that become valuable targets for cybercriminals. When their systems are breached, your SSN and other details can be exposed.
  • Social engineering of service providers: Criminals sometimes target employees at companies that handle your information, manipulating them to gain unauthorized access to customer records. Call center representatives, healthcare workers, or government employees may be tricked into providing access to systems containing SSNs.
  • Account takeovers: Account takeovers occur when criminals gain access to your existing accounts through stolen passwords, security question answers, or two-factor authentication bypasses. Once inside accounts at financial institutions, healthcare providers, or government services, they can view stored SSNs or use account access to request more information.
  • Mailbox theft: Physical mail theft remains a surprisingly effective way for criminals to guess or find documents containing your SSN. Tax documents, insurance statements, pre-approved credit offers, and government correspondence often contain complete or partial Social Security numbers that help criminals piece together your identity.
  • Public records: Public records databases, court filings, property records, and voter registration information sometimes contain complete or partial SSNs. While efforts have been made to remove SSNs from public records, older documents and some current filings may still expose this information.

The doors that open with your Social Security Number

Once criminals have your SSN, they can do a range of fraudulent activities that can compromise your relationships, health, career, financial standing, and even your freedom. A single SSN can fuel everything from credit and loan scams to tax fraud, medical identity theft, and even long-term schemes like synthetic identities. Here are some examples:

  • New account fraud: Criminals could use your SSN and other personal information to open credit cards, loans, or bank accounts in your name. This can destroy your credit score and leave you responsible for fraudulent debt that can take years to resolve.
  • Tax refund fraud: Scammers file fake tax returns using your SSN to claim your refund before you file your legitimate return. This leaves you dealing with IRS complications and delays in receiving your actual refund, often extending into the following tax year.
  • Medical identity theft: When someone uses your SSN to receive medical care, prescription drugs, or submit insurance claims, it can contaminate your medical records with incorrect information and exhaust your insurance benefits. This puts your health at risk and can result in thousands in fraudulent medical bills.
  • Government benefits fraud: Criminals apply for unemployment benefits, Social Security benefits, or other government assistance using your SSN. This complicates your own eligibility and creates tax complications when benefits are reported under your name.
  • Employment fraud: Someone may use your SSN for employment, which means their income gets reported to the IRS under your name, potentially affecting your tax liability and Social Security benefits calculation. You might receive unexpected tax documents or face complications with the IRS over unreported income you never earned.
  • SIM swap setup: Your SSN serves as a verification tool when criminals attempt to transfer your phone number to their device, giving them access to two-factor authentication codes and potentially your financial accounts. This can lead to rapid-fire account takeovers across multiple platforms.
  • Synthetic identity creation: Fraudsters combine your real SSN with fake names and addresses to create entirely new identities for long-term fraud schemes. These synthetic identities can build credit over time, making the fraud harder to detect and potentially more damaging when discovered.

Verify and block anyone using your Social Security Number

Social Security identity theft isn’t always obvious right away. In many cases, people don’t realize their SSN has been compromised until weeks or months later. If you want to know if SSN has been misused, there are clear warning signs and reliable ways to check. By reviewing a few key records, you can spot red flags early and shut down fraud before it snowballs into a long, expensive recovery process.

  1. Check your credit reports: Request your free annual credit reports from federally authorized sources. Look for accounts you didn’t open, credit inquiries you didn’t authorize, or addresses you’ve never lived at. You’re entitled to one free report from Experian, Equifax, or TransUnion every 12 months, so stagger them quarterly for ongoing monitoring.
  2. Set up fraud alerts and credit monitoring: Place a fraud alert with any of the three credit bureaus to require creditors to verify your identity before opening new accounts. Consider setting up account alerts with your bank and credit card companies as well to notify you of unusual activity. These notifications can catch SSN identity theft early before damage occurs.
  3. Review your Social Security Administration account: Create or log into your Social Security account to check your earnings history and benefit statements. Look for employment or earnings you don’t recognize, as criminals often use stolen SSNs for work authorization. Any discrepancies could indicate someone is using your SSN for employment fraud.
  4. Examine IRS documents and consider an IP PIN: Check your annual Social Security Statement for accuracy and review any IRS letters about duplicate tax filings or suspicious activity. If you suspect SSN details leaked, request an Identity Protection PIN (IP PIN) from the IRS or tax transcripts through the IRS Get Transcript portal.
  5. Monitor medical statements and insurance claims: Review your health insurance statements, Medicare summaries, and medical bills for services you didn’t receive or providers you’ve never visited. Medical identity theft using your SSN can result in incorrect information in your medical records and unexpected bills. Contact your insurance company immediately if you spot unfamiliar claims or treatments.
  6. Check for unemployment and government benefits fraud: Contact your state’s unemployment office to verify that no claims were filed in your name. Review any government benefit accounts you have as well for suspicious activity.
  7. Conduct a comprehensive identity audit: Search your name combined with personal details online to see if your information appears on data broker sites. Set up ongoing dark web monitoring through reputable services to alert you if your SSN appears in future breaches.

Your first steps to stop the fraudulent activity

If you discover that someone has been using your SSN, take these steps immediately:

  1. Freeze your credit: Contact all three major credit bureaus to place a free credit freeze on your accounts. This prevents anyone from opening new credit accounts in your name. Keep your PIN numbers safe as you’ll need them to temporarily lift the freeze when applying for credit.
  2. File an identity theft report: Report the SSN theft to the Federal Trade Commission. The FTC’s step-by-step, personalized guidance will help you navigate the recovery process and provide documentation for creditors and other institutions.
  3. Contact affected financial institutions: Notify your bank, credit card companies, and other financial institutions where you have accounts. Request new account numbers, cards, and fraud alerts to monitor for suspicious activity.
  4. Secure your Social Security Administration account: Create or secure your my Social Security account to prevent fraudsters from creating one in your name. Enable two-factor authentication and review your earnings record for any unauthorized employment. If someone is already using your SSN for work, contact the SSA immediately to report the misuse.
  5. Document everything: Keep detailed records of all communications, including dates, names of representatives, reference numbers, and actions taken. Create a file with copies of all reports, correspondence, and documentation. This paper trail will be invaluable if you need to dispute fraudulent accounts or prove your case to creditors and law enforcement.
  6. Stay vigilant and follow up: Monitor your credit reports, bank statements, and government benefits regularly for at least the next 12 months. The effects of SSN theft can surface months later, so ongoing monitoring is crucial for your long-term financial security.

Long-term, preventive measures to limit your exposure

Since your SSN can’t be easily changed and is still treated like a universal ID, the safest approach is to put up barriers that make it harder for criminals to use, even if they get it. Aside from the steps listed above, here are additional measures you can follow to protect your SSN from the start:

  • Minimize sharing your SSN: Only provide your SSN when absolutely required by law or for essential services such as banking, employment, or medical care.
  • Ask for alternatives: Many organizations request your Social Security number out of habit. Ask if you can use an alternative identifier like a driver’s license number.
  • Be cautious with Social Security number requests over phone or email: Legitimate organizations rarely ask for your full SSN via phone or email. When in doubt, hang up and call the organization directly using a number from their official website to verify the request.
  • Use strong, unique passwords: Since details leaked in data breaches can help criminals predict Social Security numbers and crack passwords, it is best to protect all your accounts with complex, unique credentials using a password manager.
  • Enable two-factor authentication: Add another security layer to your Social Security Administration, IRS, banking, and credit accounts by setting up two-factor or multi-factor authentication, which blocks 99% of automated attacks.
  • Keep your devices and software updated: Install security updates promptly on all devices. Malware often targets personal information including Social Security numbers, so staying current with patches protects your data from the latest threats.
  • Shred physical documents: Physical theft remains a common way criminals obtain Social Security numbers. So before throwing away tax returns, medical records, or financial statements, put them through a cross-cut shredder.
  • Monitor your credit reports and account statements: Check for unauthorized accounts or inquiries that could indicate SSN misuse. Request free credit reports and review bank and credit card statements monthly.
  • Consider additional protections: Consider enrolling in credit monitoring services and identity theft protection. These services can alert you to other types of SSN identity theft, such as employment fraud or medical identity theft.

FAQs about Social Security Numbers

When can organizations legally request my SSN?

Federal law requires SSN disclosure in specific situations. Organizations can legally require your SSN when no reasonable alternative exists and when they have a specific legal requirement or legitimate business need, such as:

  • Tax reporting is involved: Employers, financial institutions, and others who must file tax documents with the IRS
  • Credit checks are necessary: Lenders, landlords, and others performing background or credit verification
  • Government benefits: Social Security, Medicare, unemployment, and other federal or state programs
  • For legal compliance: Situations where federal or state law specifically mandates SSN collection

What notices are organizations required to present when requesting my Social Security number?

When an organization requests your SSN, they must provide what’s called a disclosure statement, as clarified under the updated Privacy Act of the Department of Justice’s Office of Privacy and Civil Liberties. Legitimate organizations requesting your SSN must tell you:

  • Whether providing your SSN is mandatory or voluntary
  • What legal authority permits them to request it
  • How they plan to use your SSN
  • What happens if you refuse to provide it

If an organization can’t provide clear answers to these questions, that’s a red flag. The FTC’s consumer guidance emphasizes that you have the right to understand why your SSN is needed before you provide it.

When can I decline to provide my SSN?

You can typically decline when it’s not a necessity, alternative identification exists, seems excessive, and there is no clear legal requirement. Common situations where you can often say no include gym memberships, retail purchases, job applications that don’t require credit checks, and various service sign-ups.

What are safer alternatives to SSN disclosure?

When you need to verify your identity but want to minimize SSN exposure, several alternatives can work depending on the situation:

  • Individual Taxpayer Identification Numbers
  • Driver’s license numbers
  • Partial SSN disclosure
  • Alternative methods such as bank statements, utility bills, or other documents

Final thoughts

While it’s concerning that Social Security numbers can be predicted or leaked through data breaches, you’re not powerless against SSN identity theft. The practical steps we’ve outlined put you firmly in control of your personal information security—from placing credit freezes and setting up IRS IP PINs to securing your Social Security Administration account with strong authentication. Take action today by implementing these protective measures to significantly reduce your risk.

For added security, consider a McAfee Identity Protection plan to experience proactive identity surveillance, lost wallet protection, and alerts when suspicious activity is detected on your financial accounts.

The post Smart Ways to Keep Your Social Security Number from Being Cracked appeared first on McAfee Blog.

Essential Tips to Avoid ATM Skimming

By: McAfee

With the rise in digital banking and online transactions, the number of automated teller machines (ATMs) declined worldwide to 2.95 million in 2025, according to finance and crypto resource site CoinLaw. Despite this decline, ATM fraud continues to victimize innocent consumers, with global losses estimated at $2.4 billion in 2025.

Among the ATM-related security issues, card skimming represented almost 60% of all reported global ATM fraud cases in 2025, CoinLaw reported. Other ATM-related security threats include malware (21%) and cryptocurrency ATM scams. AI-driven ATM fraud, while in its infancy (0.11%) in 2025, is gaining traction as cybercriminals develop new phishing techniques.

In this guide, we will delve into some of the security threats around ATMs, with a focus on skimming, and share tips on protecting your data and money in your bank account.

What is ATM skimming?

ATM skimming is a form of payment card fraud where criminals secretly install illegal devices on card readers, fuel pumps, or point-of-sale terminals, which then steal your debit or credit card information. These devices, called skimmers, capture the magnetic stripe data from your card while hidden cameras or fake PIN pads record your personal identification number. With both pieces of information, criminals can create counterfeit cards or make unauthorized online purchases using your account.

Skimming devices have become increasingly sophisticated and harder to detect. Traditional overlay skimmers sit on top of legitimate card readers, but newer “shimmer” devices are inserted more deeply into the card slot, making them virtually invisible to casual inspection. These devices can store data from hundreds of cards before criminals retrieve them, often using Bluetooth technology to wirelessly download stolen information without physically accessing the skimmer.

ATMs remain the most common target for skimming attacks, but criminals also target gas station fuel pumps, which often have weaker security systems and less frequent maintenance checks. Point-of-sale terminals at retail locations, restaurants, and other businesses also present opportunities for skimming, particularly when employees are involved in the scheme.

The threat persists for several interconnected reasons. Payment card fraud is quite a profitable business and can be scaled across states or countries. Technology gaps also contribute to the problem as many ATMs and payment terminals continue to use legacy magnetic stripe technology despite the introduction of more secure EMV chips in newer cards. Criminals also exploit legacy systems, especially if the ATM does not receive regular security updates.

Additionally, decommissioned ATMs can be freely gathered from junkyards or casually bought from online marketplaces, giving criminals the chance to collect personal data stored in the computer and study the discarded machine’s security features to improve their skimming techniques.

In some cases, used ATMs are purchased on eBay or Craigslist, then installed anywhere with ample foot traffic. These machines, which may be powered by car batteries or simply plugged into the nearest outlet, are programmed to read and copy credit card data.

Consequences of skimming

When your card information is compromised through skimming, the financial and personal consequences can be significant. Criminals may drain your account through ATM withdrawals or fraudulent purchases, potentially leaving you unable to access your own money. Since debit card transactions often clear immediately, unauthorized withdrawals can cause overdraft fees and bounced check charges before you even realize your account has been compromised.

Beyond the financial losses, ATM skimming can lead to identity theft, where the personal information captured becomes part of larger criminal databases used in other fraud schemes.

Consequently, your credit score and banking relationships may also suffer if fraudulent accounts are opened in your name or if you’re unable to resolve unauthorized charges quickly. While the law gives you limited liability for fraudulent transactions, the process of restoring your accounts can be time-consuming and stressful.

Types of ATM skimming devices and how to spot them

Criminals use a range of devices—some obvious, others nearly invisible—to steal card data and PINs right at the machine. Knowing the main types of skimmers, what they look like, and where they’re usually placed can help you recognize them and avoid a compromised ATM.

Overlay card readers

The most common type of skimming device, overlay card readers are fake attachments that criminals place directly over the legitimate card slot of an ATM. As you insert your card, it passes through the skimmer first, which captures your card’s magnetic stripe data before reaching the real card reader.

Deep-insert or shimmer devices

An evolution of skimming technology, shimmer devices are extremely thin circuit boards that criminals insert deep into the card slot, making them nearly impossible to detect through visual inspection alone. When you insert your card, you might notice increased resistance, unusual vibrations, or your card feeling momentarily stuck.

Pinhole cameras

Criminals use tiny cameras to capture your PIN as you enter it on the keypad. They are so small they can be hidden in seemingly innocent locations around the ATM. Look for a small camera attached to the top of the screen, hidden in a brochure holder, or even concealed in a fake security sign.

Fake PIN pads

These devices are placed over the legitimate ATM keypad to capture your PIN as you enter it. The keypad may feel spongier than usual, have a different texture, or seem thicker than normal. You might notice the numbers are printed differently, the buttons don’t press down as far as expected, or there’s a slight color difference between the keypad and the rest of the ATM. If the keypad feels loose, raised, or different from other ATMs you’ve used, don’t enter your PIN.

Bluetooth-enabled skimmers

Considered an advanced skimming technique, wireless Bluetooth-enabled skimmers can wirelessly transmit your stolen card and PIN data to criminals, eliminating the need for them to return to retrieve the device. You could detect them by checking your phone’s Bluetooth settings for unusual device names appearing in the area, though many criminals use generic names to avoid detection. If you see people loitering near ATMs with mobile devices, especially if they seem to be monitoring ATM users, this could indicate a Bluetooth skimming operation in progress.

Combination attacks

Criminals often combine multiple types of skimming devices to maximize their data capture. A typical combination attack might involve an overlay card reader paired with a pinhole camera, or a shimmer device combined with a fake PIN pad. This is why security experts recommend following all protective measures when you use an ATM.

Emerging technologies

Recent advances in skimming technologies include devices that can be inserted through existing openings in the ATM without requiring external attachments, and skimmers that use near-field communication (NFC) technology to capture contactless payment information.

Protective steps to take before inserting your ATM card

Choose bank-operated ATMs in well-lit areas

Your safest bet is to use ATMs inside bank branches or those clearly operated by major financial institutions. These locations have better security measures, such as surveillance cameras and regular checks that detect tampering. At outdoor ATMs, select machines in well-lit, high-traffic areas where criminal activity is less likely to occur unnoticed. Avoid ATMs in dimly lit, isolated locations where skimmers can be easily installed.

Examine the card slot

Before inserting your card, closely inspect the card insertion slot. Legitimate ATM card readers should have a uniform appearance with smooth edges and consistent coloring. Look for unusual attachments or devices that seem to have been added on top of the original reader. The card slot should align perfectly with the surrounding ATM fascia. Any gaps, misalignments, or signs that something has been glued or attached should raise immediate red flags. Trust your gut.

Perform the wiggle test

One of the most effective ways to detect fake card readers on ATMs is through tactile inspection. Gently grasp the card reader and try to wiggle it. A legitimate card reader should feel solid and permanently attached. If the reader or the housing feels loose, this is a strong indicator of a skimmer. If anything moves when it shouldn’t, do not use that ATM and report it to the bank immediately.

Inspect the keypad

Examine the keypad carefully for any signs of modification or overlay devices. Overlay keypads often appear slightly thicker or misaligned with the surrounding area. When pressing the buttons, each one should have consistent resistance and feel. Any button that sticks or seems higher than others could indicate tampering. Pay attention to the area around the keypad for adhesive residue or scratches. Legitimate ATM keypads have consistent button spacing, uniform coloring, and should feel solid when pressed.

Check the ATM’s fascia and bezel

The ATM’s outer casing and bezel should have a uniform appearance with no obvious modifications such as loose panels, extra pieces of plastic, or areas with different coloring or texture from the rest of the machine. Check for any unusual wiring, small cameras, or devices that appear out of place. The area around the screen should be examined for any tiny cameras or recording devices that capture PIN entry. All text, logos, and branding should appear professional and consistent with the bank’s standard ATM design.

Survey the surrounding area

Before using any ATM, check the area for any unusual objects that could house cameras or recording equipment, including fake brochure holders, unusual signage, or any items that seem out of place. Check for people loitering nearby who seem to be watching ATM users or vehicles parked unusually close to outdoor ATMs with passengers or drivers who appear to be monitoring ATM activity.

Scan for Bluetooth devices

Before using an ATM, check your smartphone’s Bluetooth settings to scan for nearby devices with suspicious names, such as those with generic or random characters, or names that don’t correspond to legitimate businesses in the area. An unusual concentration of unknown devices near an ATM could be a warning sign. This technique works best in areas where there typically shouldn’t be many Bluetooth devices, such as standalone ATMs.

ATM safety tips

Enable and use contactless withdrawal

Enable contactless withdrawals through your bank’s mobile app to authenticate and authorize QR code-based transactions and reduce your need to use an ATM. This technology uses tap-to-pay functionality or near-field communication (NFC) features, providing the same convenient access to your funds. Contact your bank to learn about contactless ATM options and how to activate these features on your accounts.

Verify ATM authenticity through official channels

Bank websites or mobile apps usually show the locations of their legitimate ATMs. If you’re unsure about an ATM’s authenticity, check these official resources to confirm the machine is listed as a legitimate location. This step can help you avoid both skimming devices and other fraudulent ATM operations entirely. Be particularly cautious of ATMs in unusual areas. When traveling, stick to ATMs inside recognizable financial institutions.

Shield your PIN entry

Even when ATMs appear legitimate, always protect your PIN entry from potential observation. Use your free hand, body, or a purse to cover the keypad while entering your PIN to guard against both hidden cameras and shoulder-surfing by nearby criminals. Consider changing your PIN regularly and never write it down. If you suspect your PIN may have been compromised, change it immediately through secure channels.

Monitor your account activity vigilantly

Implement robust account monitoring to detect and address any skimming-related fraud as quickly as possible. Set up real-time account alerts through your bank’s mobile app to receive immediate notifications of all transactions. Review your account statements regularly and report any unauthorized activity immediately. Consider setting daily withdrawal limits to match your usage patterns to minimize losses if your card information is compromised.

Report suspicious ATMs immediately

If you discover signs of tampering or suspicious activity at an ATM, report it immediately to the bank to protect other customers from becoming victims and to help law enforcement track down the criminals. Contact the bank’s customer service line using the phone number on the back of your card instead of the numbers displayed on the potentially compromised ATM. Document the ATM’s location, including the address and any identifying numbers or codes visible on the machine.

Stay informed about ATM fraud trends

Keep yourself updated on the latest ATM skimming techniques and prevention strategies through reliable sources. Consumer alerts offer updated advice on protecting yourself from these crimes, as do major card networks such as Visa and Mastercard. Following your bank’s security updates and fraud alerts helps you stay aware of new threats in your area and emerging criminal techniques that you should watch for during ATM transactions.

Avoid assistance from strangers

Be extremely cautious of anyone offering to help you with ATM troubles, even if they appear well-intentioned, especially if they suggest using their phone to call the bank or offer to show you how to complete your transaction. If you encounter problems with an ATM, cancel your transaction, retrieve your card, and contact your bank directly..

Use ATMs during daylight or banking business hours

Criminals usually install skimming devices when fewer people are around to witness their actions. Daytime transactions in high-traffic areas make it more likely for suspicious behavior to be noticed and reported. If you must use an ATM at night, choose one in a very well-lit area with good visibility, preferably near businesses that are still open with staff and customers present. Consider using indoor ATMs exclusively.

Keep your ATM receipts secure

Always take your ATM receipts and store them securely until you have verified the transaction on your statement. Don’t leave them at the machine or throw them away in nearby trash cans where criminals might retrieve them to gather information about your account; even partial account numbers and transaction details could be useful to identity thieves. You can shred the receipts once you’ve confirmed the transactions.

Understand your rights and protections

Familiarize yourself with your bank’s policies regarding ATM fraud and your rights under federal law. The Electronic Fund Transfer Act provides specific protections for consumers who experience unauthorized ATM transactions. These protections offer you up to 60 days to report unauthorized transactions to limit your liability, but reporting within two business days provides the strongest protection.

Plan your cash needs in advance

Reduce your ATM usage by planning your cash needs and making larger, less frequent withdrawals to reduce your overall exposure to potential skimming attempts. Consider getting cash back during purchases at grocery stores, pharmacies, and trusted retailers, rather than using unfamiliar ATMs, especially when traveling or in unfamiliar areas.

Be extra vigilant during the holiday season

ATM skimming attempts surge during peak shopping and travel periods when foot traffic increases at malls, airports, hotel lobbies, and other commercial or tourist locations. Increased cash withdrawals, crowded shopping areas, and travelers using unfamiliar ATMs create ideal conditions for skimming operations. In addition, criminals know that holiday shoppers are often distracted, rushed, and less vigilant about using ATMs. That’s why it’s important for you to be extra cautious. If you must use an ATM, take a breath and slow down to thoroughly inspect the machine and your surroundings before inserting your card.

Immediate steps to take if your card was skimmed

The guidance below walks you through exactly what to do in the moment and right after, so you can limit risk to yourself and prevent others from becoming victims, too.

  1. Contact your bank immediately. Call the number on the back of your card or use your bank’s mobile app to report unauthorized transactions. Most banks have 24/7 fraud hotlines that can freeze your account within minutes to prevent further unauthorized use.
  2. Dispute unauthorized charges promptly. Your liability protections depend on how quickly you report fraud. For credit cards, federal law limits your liability to $50 for unauthorized charges. For debit cards, report within two business days to limit liability to $50, or within 60 days to cap liability at $500. After 60 days, you could be responsible for all unauthorized transactions.
  3. Request a replacement card. Your bank will cancel your compromised card and issue a new one with different numbers. Most banks can expedite delivery within 1-2 business days, though some may charge a fee for rush delivery. Ask about temporary digital cards for immediate online use while waiting for your physical card.
  4. Inform your ID Theft protection provider. If you have an identity theft protection subscription, inform your service to activate proactive identity surveillance, monitor your credit and personal information, and seek support from fraud resolution agents who can work through the process of resolving the identity theft issues.
  5. Place a fraud alert on your credit reports. Contact one of the three major credit bureaus—Experian, Equifax, or TransUnion—to place a free fraud alert. This alert requires creditors to verify your identity before opening new accounts and automatically applies to all three bureaus for one year.
  6. Consider a credit freeze for enhanced protection. A credit freeze prevents new creditors from accessing your credit report and identity thieves from opening accounts in your name. You can freeze and unfreeze your credit for free with all three bureaus online, by phone, or by mail.
  7. Monitor your accounts closely. Review all bank and credit card statements for the next few months. Set up account alerts for transactions over a certain amount, and consider using your bank’s mobile app to check account activity daily during this period.
  8. File additional reports if identity theft occurs. If criminals used your card information for identity theft beyond just card fraud, file a report with the Federal Trade Commission and consider filing a police report. The FTC provides a personalized recovery plan and pre-filled forms for creditors.
  9. Update automatic payments. Replace your old card information with your new card details for any automatic payments, subscriptions, or saved payment methods with online retailers to avoid service interruptions.
  10. Keep detailed records. Document all communications with your bank, including dates, times, representative names, and reference numbers. Save copies of dispute forms and any correspondence related to the fraud investigation.

Final thoughts

Protecting yourself from ATM skimming requires ongoing attention, but you’re now equipped with the knowledge to use ATMs confidently and securely—perform a visual inspection, do the wiggle test, review the keypad, and be aware of your surroundings. Trust your instincts. If something feels wrong or looks suspicious about an ATM, find another location. Your intuition is a valuable tool in recognizing potentially compromised machines.

Share these ATM safety practices with your family members and friends to strengthen their security as well. Take a moment to revisit your bank’s fraud protection guidelines and ensure you understand their notification procedures for suspicious activity. Your financial institution can partner with you in preventing fraud, so don’t hesitate to reach out with questions about their latest security features.

For additional resources and the latest fraud prevention updates, visit the the McAfee blogs and guides and know the steps to take if you become a victim of card fraud.

The post Essential Tips to Avoid ATM Skimming appeared first on McAfee Blog.

Celebrate Data Privacy Day by Applying These Best Practices

By: McAfee

This is a critical time for our personal security, especially as it relates to privacy and personal information. A battle is being waged over our data, and there are several parties involved in this fight. My concern is securing the personal details that you prefer to keep private.

Criminal hackers and identity thieves want to use your name to open new accounts, which they can turn into cash. They may try to obtain credit cards, utility services, or mobile phones using your good credit. In other cases, these same thieves take over existing bank or credit card accounts and clean them out entirely. An average of more than ten million people a year are affected by identity theft.

Online, advertisers and marketers are using “supercookies” to glean information about you and your web browsing habits. They can then offer you products or services based on the profile they’ve developed. Almost every major website contains cookies, and they are changing the way advertising is created and targeted.

The Federal Trade Commission (FTC) is working on a way for you to opt out of this data collection, but if a change ever does take place, it will probably be futile. The advertising industry has already partnered with major media and major tech companies, and it’s unlikely that we’ll be able to turn back the clock.

Social media companies compete for your attention and your information because user data is valuable to advertisers and marketers. Whatever you post in your profile is broken down, cataloged, and disseminated. Your name, age, address, email, phone number, contacts, income status, job description, and other personal details are of use to anyone targeting your wallet.

But legitimate advertisers aren’t the only ones going after social networks. Criminal hackers and identity thieves are accessing your data, either through the public portion of these sites or by hacking through the back door. The bad guy is using your profile information to come up with an answer to your password reset question, or to trick you into opening your wallet or entering login credentials that might allow them to take over your existing accounts.

What is Data Privacy Day?

Amid all these developments, the National Cyber Security Alliance established Data Privacy Day, an annual awareness event observed every January 28th that encourages you to take control of your personal information and understand your privacy rights online. Originally launched in 2008, this important day coincides with the anniversary of the signing of Convention 108, the first legally binding international treaty dealing with privacy and data protection.

As a U.S. consumer, Data Privacy Day matters to you more than ever because your personal information has become incredibly valuable and, unfortunately, increasingly vulnerable. Every day, you share personal details through social media, shopping websites, mobile apps, and online services, often without realizing how this information is collected, used, or shared.

The observance of this day highlights several key risks that affect your daily digital life. Data misuse occurs when companies collect more information than necessary or use your personal details in ways you haven’t explicitly approved. Identity theft remains a significant threat, with criminals using stolen personal information to open fraudulent accounts, make unauthorized purchases, or even file fake tax returns. Additionally, data breaches continue to expose millions of Americans’ personal information each year, from social security numbers to financial details.

What makes Data Privacy Day empowering is its focus on actionable steps you can take immediately. Rather than feeling overwhelmed by privacy concerns, you can use this day as motivation to review and strengthen your digital privacy habits. The day is a reminder that privacy and data protection aren’t just technical concepts. They’re fundamental rights that help you maintain control over your digital life.

Data privacy core concepts

Before delving deeper into regulations and best practices, let’s take a look at the core concepts. The Federal Trade Commission defines data privacy as the reasonable expectation that your personal information will be handled appropriately by the organizations that collect it. It is your fundamental right to control how your personal information is collected, used, shared, and retained by the companies and services you interact with every day. At its heart, data privacy ensures that you have a say in what happens to details about your life, from your name and email address to your online shopping preferences, videos watched, social media usage, down to your browsing habits and location data.

Your data follows a path that starts with collection, when companies gather information directly from you, such as when you fill out a form, or indirectly through cookies and tracking pixels. The use phase refers to how organizations process your information, whether to improve their services, target advertisements, or analyze user behavior. Sharing involves passing your data to third parties, from business partners to data brokers. Retention determines how long your information stays in their systems, often well beyond your active relationship with the service.

Throughout this process, your information is governed by three principles of modern data privacy:

  • Consent means companies should ask for your permission before collecting and using your personal information, and this permission should be freely given, specific, and informed. You shouldn’t have to accept data collection just to use basic services.
  • Control gives you the power to access, correct, delete, or restrict the use of your personal data.
  • Transparency requires companies to clearly explain their data practices in plain language, not bury them in lengthy legal documents.

When Netflix asks if you want to share viewing data to improve recommendations, that’s consent in action. When Google lets you download your search history or delete location tracking, you’re exercising control. When Apple’s privacy labels show exactly what data an app collects, that’s transparency working for you.

Your data privacy rights

Under these newly instituted state privacy laws, you have several key rights that put you in control of your personal information:

  • Right to know: You can request information about what personal data companies collect about you, how it’s used, and who it is shared with.
  • Right to access: You can obtain copies of the personal information companies have collected about you.
  • Right to delete: You can request companies to delete your personal information, with certain exceptions.
  • Right to opt out: You can opt out of the sale or sharing of your personal data for targeted advertising.
  • Right to correct: You can request corrections to inaccurate personal information.
  • Right to non-discrimination: Companies cannot penalize you for exercising your privacy rights.

Data privacy and data protection

Data protection and data privacy are sometimes used interchangeably, but they serve different but complementary roles in keeping your personal information safe:

  • Data privacy is about your rights and choices in how your personal information gets collected, used, and shared. It’s less about technical security and more about giving you control over what happens with your data.
  • Data protection is about securing your information from threats such as hackers, breaches, and technical failures. It is the digital equivalent of a bank vault, using technical and organizational safeguards to keep your data safe from unauthorized access, theft, or loss.

Here are some everyday scenarios that show how these concepts work differently:

  • Your encrypted backup files represent data protection in action. Even if someone gains access to your backup drive without the proper key, encryption makes your photos, documents, and files unreadable. The technical safeguard protects your data from misuse.
  • Choosing who can see your location on social media is a privacy decision. When you decide what personal information to share and with whom, you are exercising control over your data.
  • Your password manager provides data protection by securely storing and encrypting your login credentials, making them nearly impossible for criminals to steal and use.
  • Declining to provide your phone number when signing up for a shopping account is a privacy choice. You’re limiting what personal information gets collected about you in the first place.

Data privacy laws

As a consumer, your data privacy rights translate into real, actionable benefits you can use today. However, the effectiveness of these protections often depends on enforcement and your own awareness of the tools available to you.

The U.S. privacy landscape

U.S. state privacy laws are increasingly giving you the right to know what personal information companies collect, the right to delete your data, and the right to opt out of having your information sold or shared.

America’s privacy framework is built on sector-specific federal regulations combined with increasingly robust state legislation. This approach means your rights and protections can vary significantly depending on where you live and what type of data is being collected.

At the federal level, key laws include the Health Insurance Portability and Accountability Act (HIPAA) for healthcare data, the Fair Credit Reporting Act (FCRA) for credit information, and the Children’s Online Privacy Protection Act (COPPA) for children under 13 years. While these provide important protections in specific areas, they leave significant gaps in comprehensive consumer data privacy protection.

To fill these gaps, California established crucial precedents through the California Consumer Privacy Act (CCPA) and its successor, the California Privacy Rights Act (CPRA). Other states are also now enacting comprehensive privacy laws, including Virginia’s Consumer Data Protection Act, Colorado Privacy Act, Connecticut’s Data Privacy Act, and Utah’s Consumer Privacy Act. Each provides residents with fundamental rights over their personal data while requiring businesses to implement stronger protection measures.

Extra care for highly sensitive personal data

Sensitive personal data represents the most valuable and vulnerable information about you—the details that, if compromised, could cause significant harm to your finances, safety, and peace of mind. Unlike basic contact information, sensitive data requires stronger legal protections and your extra vigilance because of its potential for misuse.

Health Information

Your health information deserves particular care because it reveals intimate details about your physical and mental well-being. HIPAA protections cover medical records, but health data collected by fitness apps, mental health platforms, or wellness websites may not receive the same legal safeguards.

Biometric data

Biometric data—your unique physical characteristics such as fingerprints, voice patterns, or facial features—can’t be changed if stolen, making this information particularly precious.

Children’s Information

Children’s data receives special attention under privacy laws because minors can’t meaningfully consent to data collection. The Children’s Online Privacy Protection Act requires explicit parental consent before companies can collect information from children under 13, while some state laws extend these protections to older teens.

GDPR for the global services

Meanwhile, global services such as Google, Facebook, or Netflix apply the Europe-established General Data Protection Regulation (GDPR) laws worldwide to maintain consistent data practices.

GDPR personal data includes obvious identifiers such as your name, email address, phone number, and Social Security number. But it also covers less obvious information such as IP addresses, device IDs, location data, and even your online shopping habits or social media activity. Essentially, if data points can be combined to create a profile of you, they qualify as personal data under GDPR standards. This broader definition gives you stronger control over your information and has influenced many U.S. companies to offer the same rights to all users, not just Europeans.

Whether a company follows GDPR, California’s privacy laws, or other frameworks, the core principle remains the same: you deserve transparency and control over your personal information.

How can you celebrate Data Privacy Day?

Your privacy rights are expanding, but exercising them effectively requires staying informed and taking proactive steps. As we celebrate Data Privacy Day, we recommend you participate by taking simple, practical steps to exercise your data privacy rights.

Review your privacy settings regularly

Start with the platforms and services you use most frequently. Look for privacy or data protection sections in your account settings and review what information is being collected and shared.

Submit data access requests

Many major companies now provide online forms or dedicated email addresses for privacy requests. Take advantage of these to understand what data they have about you. Popular platforms such as Google, Facebook, and Amazon have streamlined processes for data downloads.

Opt out of data sales

Look for “Do Not Sell My Personal Information” links on websites, typically found in footers or privacy policy pages. You can also use opt-out tools such as the Global Privacy Control browser setting that automatically signals your opt-out preferences.

Use data broker opt-out services

Many data brokers now offer opt-out mechanisms, though the process can be time-consuming. Consider using privacy services that handle multiple opt-out requests on your behalf.

Monitor your digital footprint

Regularly search for your name and personal information online. Set up Google Alerts for your name and key personal details to stay informed about new appearances of your information. In addition, monitor your credit reports for unauthorized changes, and use identity monitoring services that watch for your personal information appearing in data breaches or on the dark web.

Use reputable websites and tools

When sharing sensitive information online, verify that websites use https:// in the address bar and read privacy policies before providing personal details. Only use well-established, privacy-focused health, financial, and communication platforms with strong privacy and data protection track records.

Oversee your kids’ online activities

For children’s data, maintaining active oversight will help you stay ahead of potential problems in their online activities. Review the apps and websites they use, understand what information these platforms collect, and use parental controls to limit data sharing. Teach your children about privacy and the risks of sharing personal information online.

Everyday tips to maintain your privacy

Protecting your personal data doesn’t have to feel like a giant, technical project. Most privacy wins come from small, repeatable habits that you can do in minutes to shrink your digital footprint, and use the internet on your terms.

  • Limit what you share online: Review your social media privacy settings and share only what’s necessary to reduce your exposure to identity thieves and the potential for your data to be used against you.
  • Review your location permissions: For location data, regularly review and delete location history from your devices and disable location sharing for apps that don’t need it.
  • Crumble that cookie: You can turn cookies off in your browser settings. This step may prevent you from using certain websites, but it is a step toward privacy.
  • Stay private while browsing: Use a virtual private network from a reputable, reliable company to keep your online activities private, especially when using unsecured Wi-Fi in public places such as cafes, airports, and libraries.

Your personal information has value, so make sure you’re getting a fair return through services that respect your privacy.

FAQs about data privacy

What counts as personal data?
Personal data includes any information that can identify you directly or indirectly. This covers obvious details such as your name, email, and Social Security number, but also extends to IP addresses, device identifiers, location data, browsing history, and even inferences about your preferences or behavior.

How can I opt out of data sale and sharing?
On company websites, look for “Do Not Sell My Personal Information” or “Your Privacy Choices” links, usually found in the footer. You can also use the Global Privacy Control browser signal to automatically send opt-out requests. Services such as DeleteMe or manual removal requests can help you reclaim control of your information from data brokers and multiple platforms.

What should I do after a data breach?
First, change passwords for affected accounts and enable two-factor authentication. Next, monitor your credit reports and bank statements for unusual activity. If Social Security numbers or financial data were involved, place a credit freeze with all three major credit bureaus. Sign up for identity monitoring services if offered by the breached company. Be sure to document everything and report identity theft to the FTC if you notice fraudulent activity.

How do I spot dark consent patterns?
Watch for manipulative design tricks that push you toward sharing more data. Red flags include pre-checked boxes for marketing emails, making privacy-friendly options harder to find or understand, using confusing language that hides the intent, or making it much easier to accept all cookies than customize your preferences. Legitimate consent should be freely given, specific, informed, and easily withdrawn.

What rights do I have over my personal data?
Depending on your location, you may have the right to know what data companies collect about you, request copies of your data, correct inaccurate information, delete your data, and opt out of its sale or use for targeted advertising. Some laws also give you the right to data portability and protect you from discrimination for exercising these rights. Check if your state has comprehensive privacy laws or if you’re covered by GDPR.

What essential resources can I read to stay informed?

To stay current with your privacy rights and the evolving legal landscape, bookmark these authoritative resources:

Final thoughts

Data Privacy Day serves as an important annual reminder, but your commitment to privacy and data protection shouldn’t end when January 28th passes. The digital threats we face continue to evolve throughout the year, making ongoing vigilance essential to protect your personal details.

Small, consistent habits can make a profound difference in your digital security. By regularly updating your passwords, enabling multi-factor authentication, reviewing privacy settings on your accounts, and staying informed about emerging threats, you create layers of protection that work together to safeguard your information.

Invest in McAfee+ identity protection, which includes proactive identity surveillance to monitor subscribers’ credit and personal information, as well as access to live fraud resolution agents who help subscribers work through the process of resolving identity theft issues.

The post Celebrate Data Privacy Day by Applying These Best Practices appeared first on McAfee Blog.

Stop Fake Antivirus Popups on Your Mac

By: McAfee
antivirus app on laptop

I often hear Mac users say, “Oh, I don’t have to worry about viruses. I have a Mac!” Well, unfortunately, those days came to an end a long time ago. The mass market share of Apple owners tipped significantly in the early 1980s, so that criminal hackers took notice and created fake antivirus pop-ups specifically targeting Macs.

This scam has targeted PC users for years. Cyberscammers are placing links to fake antivirus software in online search results, advertising programs with names like “Mac Defender,” “Mac Security” or “Mac Protector,” and offering to safeguard your computer from online threats. But once you click on the link, malicious software is downloaded onto your machine.

In the background, the program may open up pop-up windows that ask you to upgrade the software for a fee to remove non-existent threats. If you agree to “upgrade,” the cybercrooks get your money, often $50, and you get nothing in return. Or, it may open up pornographic or other undesirable websites. If you fall for these scams, you could end up damaging your computer, losing money, and possibly having your personal information compromised.

In this blog, we’ll take a closer look at how you become a target for these fake antivirus pop-up ads, how to remove them from your device, and some tips to block them moving forward.

What is fake antivirus software?

Fake antivirus software is malicious software that tricks you into believing your Mac is infected with viruses or security threats when, in fact, it isn’t. These deceptive programs, also known as rogue antivirus or scareware, masquerade as legitimate security tools to manipulate you into taking actions that benefit cybercriminals.

On your Mac, fake antivirus pop-up ads typically appear as urgent browser warnings or system alerts claiming to have detected multiple threats on your computer. These fraudulent notifications often use official-looking logos, technical language, and alarming messages like “Your Mac is infected with 5 viruses” or “Immediate action required” to create a sense of urgency and panic.

These scams manipulate you by:

  • Requesting payment: They’ll prompt you to purchase their “premium” software to remove the fake threats, often charging $50-200 for worthless programs.
  • Providing fake phone numbers: The pop-up ads will display fake support numbers you can call for “immediate technical assistance.”
  • Requesting personal information: Once you call the number, the scammer on the other end of the line will request your credit card details, personal information, or remote access to your computer.
  • Encouraging malicious downloads: The ads will trick you into downloading actual malware disguised as security software.

Tactics scammers use to infect your device with fake antivirus pop-up ads

Fake antivirus popups are almost always the result of a sneaky delivery method designed to catch you off guard. Scammers rely on ads, compromised websites, misleading downloads, and social engineering tricks to get their scareware onto your Mac without you realizing what’s happening. Let’s take a look at the common ways these scams spread so you can avoid them.

  • Deceptive online advertisements: Fake antivirus software often appears through misleading ads that claim your Mac is infected or at risk. These ads can appear on legitimate websites and use urgent language, such as “Your Mac has 3 viruses!” to create a sense of panic.
  • Malvertising campaigns: Cybercriminals purchase legitimate advertising space and inject malicious code that automatically redirects you to fake antivirus download pages. This can happen even on reputable websites you trust.
  • Drive-by downloads: Simply visiting a compromised website can trigger automatic downloads of fake antivirus software without your knowledge. Your Mac may store these files in your Downloads folder, where they wait for you to accidentally open them.
  • Bundled software installers: Fake antivirus programs often hide in free applications from unofficial sources. During installation, you might unknowingly agree to install additional “security” software that’s actually malicious.
  • Pirated applications and media: Illegal downloads of software, movies, or music frequently contain fake antivirus programs as hidden payloads. These files install malware alongside the content you wanted.
  • Typosquatted domains: Scammers register URLs that are slightly altered or are misspellings of legitimate websites, such as Apple-support.com. These typosquatted links are sent via phishing emails that claim to have detected a virus on your Mac. If you click on the fake link, you could be infected with malware that displays alarming security warnings and promotes fake antivirus downloads.
  • Fake technical support pages: Scammers create convincing replicas of Apple Support or legitimate security company websites that promote fake antivirus solutions. These pages often include official-looking logos and professional language to appear trustworthy.
  • Browser notification abuse: Some websites request permission to send you notifications, then later spam you with fake virus alerts. Clicking on these notifications could download fake antivirus software that mimics macOS system alerts.
  • Malicious configuration profiles: Fake antivirus installers may request permission to download configuration profiles onto your device, granting them deep access to your Mac’s settings and network traffic. Once installed, these profiles will redirect your browser traffic through malicious servers and display fake security warnings.

Elements of a fake virus alert

Fake virus alerts use a mix of visual tricks and psychological pressure to push you into clicking, calling, or paying before you have time to think. This section breaks down the common elements scammers use in these alerts so you can recognize a fake warning instantly and ignore it.

  • Blaring alarm and full-screen browser takeover: If your browser suddenly goes full-screen with flashing red warnings and audio alarms, you’re looking at a scam designed to panic you into taking immediate action. Real Mac security notifications never lock your entire screen or play loud, startling sounds. Legitimate macOS alerts appear as small, quiet dialogs in the upper-right corner of your screen.
  • Urgent countdown timers: The high-pressure countdown clocks claiming your Mac will be “permanently damaged” in minutes are artificial psychological tactics that scammers use to pressure and prevent you from thinking clearly. Apple’s real security notifications give you time to review and respond thoughtfully
  • Spelling and grammar mistakes: Fake alerts often contain telltale errors such as “Your computer has been infected” or “Immediate action required.” Apple invests heavily in polished, professional communications to produce macOS security dialogs with error-free language that reflects the company’s attention to detail.
  • Requests for gift cards or cryptocurrency payments: Any request for unconventional payment methods is an immediate indicator of a scam. Apple will never ask you to purchase iTunes gift cards, Amazon cards, or Bitcoin to “clean” your Mac. Authentic Apple security software uses traditional payment methods through official app stores or verified websites.
  • Suspicious phone numbers for “tech support”: Scammers use phone numbers that connect you directly with fraudsters who will remotely access your Mac or extract personal information. Legitimate macOS alerts don’t include phone numbers to call for immediate help. Apple provides support through official channels, which are clearly marked on their website.
  • Generic or mismatched company logos: Fake alerts often use distorted Apple logos, outdated designs, or generic “security shield” graphics instead of authentic branding. Real macOS notifications maintain consistent visual elements that match your system’s appearance and Apple’s official style guidelines.
  • Misleading URLs: Scam pages often use suspicious addresses such as “apple-security-center.net” or “mac-virus-removal.com.” Authentic security alerts from macOS appear in System Settings or from apps you’ve knowingly installed from the official Apple App Store.
  • Persistent pop-up ads that won’t close: Fake virus warnings often spawn multiple windows, reappear after being closed, or make it difficult to exit. Authentic macOS security features respect your control and don’t bombard you with alerts.
  • Warnings that bypass System Settings: Fake alerts typically appear only as web pages or unauthorized pop-ups that don’t connect to your actual system security settings. Genuine Mac security notifications integrate with your system properly, appearing through official macOS notification systems or System Settings under Privacy & Security.
  • Claims “hundreds of viruses found” without scanning: Fake alerts instantly claim to have found dozens or hundreds of viruses without performing a legitimate scan. Real security scans, however, take time to complete and provide specific, verifiable results about actual threats.

Examples of fake antivirus software and pop-ups

  • Mac “Defender” variants: This notorious family of fake antivirus programs includes variants such as Mac Security, Mac Protector, and Mac Guard, appearing through deceptive search results or malicious websites. They display fake system scans that allegedly found threats on your Mac to trick you into paying $50-$99 for a useless antivirus tool. Once you enter payment information, cybercriminals will access your financial data and may continue charging your card for bogus services.
  • Generic “antivirus” popups: These fake alerts have generic names such as Antivirus 10, Mac Antivirus Pro, or Advanced Mac Cleaner. These ads pop up while you browse, often accompanied by loud alarms and urgent countdown timers, claiming your Mac is infected and demanding immediate action. The scam journey involves clicking the alert, downloading malicious software disguised as security tools, and potentially compromising both your system and personal information.

Verify that an antivirus alert is fake

If you’re not sure whether an antivirus warning is real or just scareware, a quick verification is the safest next step. There are steps you can take and settings on your macOS you can check without putting your Mac at further risk.

  1. Disconnect from the internet immediately: When you suspect a fake antivirus alert, the first step is to break the connection between your Mac and the internet to stop malicious processes from communicating with remote servers or downloading additional threats.
  2. Check the URL and certificate details: If the alert appeared in your web browser, examine the web address carefully. Legitimate security warnings from Apple or trusted vendors will come from official domains, not URLs with misspellings or random characters.
  3. Verify the app’s developer signature and source: To verify that the developer signatures are from recognized companies, open Finder, navigate to Applications, and locate the security software. Right-click the application and select “Get Info” to view the developer information. In macOS Ventura, Sonoma, and Sequoia, you can also go to Apple Menu > About This Mac > More Info > System Report > Applications to view information about the software.
  4. Review configuration profiles and login items: Navigate to Apple Menu > System Settings or System Preferences > Privacy & Security to find and remove any configuration profiles you didn’t install. Next, check Login Items & Extensions or Users & Groups > Login Items for suspicious applications set to launch automatically.
  5. Inspect LaunchAgents and LaunchDaemons folders: Fake antivirus software often installs persistent components in these system folders. Go to Finder > Go to Folder > ~/Library/LaunchAgents, /Library/LaunchAgents, and /Library/LaunchDaemons. Fake antivirus files typically have .plist extensions.
  6. Check browser extensions and notification permissions: Fake antivirus alerts often originate from malicious browser extensions or abusive notification permissions. Review your extensions and remove those you didn’t install or revoke permissions that might be generating fake security alerts.
  7. Run legitimate security scans from trusted sources: Use reputable security tools downloaded only from the Apple App Store or directly from the websites of legitimate vendors to scan your system. Apple’s built-in XProtect and Malware Removal Tool (MRT) run automatically, but you can also use the system’s First Aid feature in Disk Utility to check for file system issues.

Your action plan when a fake virus warning pops up

The moment a fake virus warning pops up, scammers are hoping you’ll react fast, click a button, call a number, or download their “fix.” However, the safest approach is the opposite: take a moment to think, don’t interact with the alert, close the browser, and clear any files it may have tried to leave behind. Here’s exactly what to do right away to stay safe.

  1. Stay calm and don’t interact with the alert: Resist the urge to click anywhere on the fake virus warning pop-up window, including any “X” buttons, “OK” buttons, or phone numbers. These elements are designed to trick you into downloading malware or connecting with scammers. Avoid touching your mouse or trackpad while the alert is displayed.
  2. Force-quit your browser immediately. Press Command + Option + Esc to open the Force Quit Applications window, select your browser (Safari, Chrome, Firefox, or Edge), and click “Force Quit.” If the pop-up has taken over your entire screen, try pressing Command+Q to quit the browser directly. This breaks the connection to the malicious website without triggering any hidden downloads.
  3. Clear your browser’s site data and disable notifications. When you restart your browser, immediately go to Preferences/Settings and clear your browsing data, cookies, and cache. Then navigate to the Notifications section and remove permissions for suspicious websites to block the fake antivirus from returning.
  4. Check and remove any malicious configuration profiles. Go to System Settings > Privacy & Security > Profiles or System Preferences > Profiles, and look for profiles you didn’t install, especially those with generic names or suspicious publishers. Select unknown profiles and click the minus (-) button to remove them.
  5. Restart your Mac to clear temporary threats: A simple reboot helps clear any temporary malicious processes that might be running in memory. After restarting, check your desktop and Downloads folder, move unfamiliar files to the Trash, and empty it completely.
  6. Update your macOS and browser to the latest versions: Go to System Settings > General > Software Update and install macOS updates. Update your browsers as well to protect against the latest fake antivirus tactics and browser exploits.
  7. Run a full security scan with trusted software: Use reputable security software to scan your entire system for lingering threats. Focus on applications that have been specifically designed for Mac and have current threat definitions.
  8. Monitor and validate financial statements: If you provided payment information to what you now suspect was fake antivirus software, immediately check your bank and credit card statements for unauthorized charges. Report these fraudulent charges to your financial institutions and place fraud alerts on your accounts over the next few weeks.
  9. Report the scam to protect others: Report the fake antivirus website to the Federal Trade Commission and to Google’s Safe Browsing if you encountered it through search results. You can also report it to your browser manufacturer. Your report helps security teams identify and block these threats more quickly, thereby protecting other Mac users from falling victim to the same scam.

Final thoughts

Your Mac experience should be enjoyable and secure. With the right awareness and tools, it absolutely can be, especially when you know what to look for and follow the right practices. By recognizing the warning signs of fake antivirus pop-ups, downloading software only from trusted sources, keeping your macOS and applications updated, and following the prevention tips outlined above, you can avoid falling victim to these fake antivirus scams.

Remember that legitimate security alerts from Apple come through System Preferences and official macOS notifications, not through alarming browser pop-ups demanding immediate payment or phone calls. Use reputable security tools from a trusted vendor such as McAfee that provides real-time protection and regular updates about emerging threats.

Share these tips with your family and friends, especially those who might be less tech-savvy and more vulnerable to these deceptive tactics. The more people understand how fake antivirus schemes operate, the safer our entire digital community is.

The post Stop Fake Antivirus Popups on Your Mac appeared first on McAfee Blog.

Before yesterdayYour RSS feeds

Does PC Cleaning Improve Performance?

By: Jasdev Dhaliwal

Is your personal computer (PC) feeling a bit sluggish? Giving it a good, old-fashioned cleaning can improve its performance, and it only takes minutes. If you’ve never cleaned your PC before, you have a few options to speed up the process.

In this guide, we explain why computers slow down over time, set expectations for what a cleaning routine can and can’t do, and share step-by-step instructions to help you clean your PC and restore optimal performance. 

PCs perform more slowly over time

For the most part, PCs don’t slow down on their own. It’s rarely one single problem. It’s how we accumulate apps, files, and services that slow your PC down as it ages. A few examples come to mind:

  • You create files: These personal files that you create take up increasing amounts of disk space. When your drive gets crowded, Windows has less room to perform its background tasks, so everything feels slower.
  • Temporary files add up: These are created constantly for updates, browsing, and app activity, and they don’t always clean up after themselves.
  • You collect unused apps: Old apps consume storage, and some keep running services even when you never open them.
  • Windows adds services: When Windows updates, it further accumulates background services and other processes that reduce performance.
  • Startup programs multiply: Many apps sneak into your startup list, which makes your computer boot slower and run “busy” right from the start.
  • Dust builds up inside the machine: Dust traps heat, and when your PC gets too warm, it automatically slows down to protect itself.

What PC cleaning can and can’t do for performance

Cleaning is definitely worth doing, but you should set realistic expectations for how much your PC’s performance can improve. Similar to decluttering your home, you are not rebuilding your house, but it will feel much easier to live in.

What PC cleaning can accomplish

PC cleaning addresses software-level performance bottlenecks. When you remove temporary files, clear browser caches, and delete unused applications, you’re freeing up valuable disk space and reducing the workload on your system. This directly impacts how quickly your computer can access and process information.

Startup optimization also delivers some of the most noticeable improvements. If your computer takes several minutes to boot because too many programs are launching automatically, trimming your startup list can cut boot times significantly. You’ll also notice improved responsiveness during everyday tasks when fewer background processes compete for system resources.

You will also notice faster web browsing when you clear accumulated browser data, quicker file searches when your system isn’t indexing thousands of temporary files, and smoother multitasking when background services aren’t consuming unnecessary memory. With proper system maintenance, you can restore 15-30% of lost performance on aging computers.

What PC cleaning cannot fix

Hardware limitations represent the biggest constraint on what cleaning can accomplish. If your processor struggles with modern software demands or your RAM is maxed out during normal use, no amount of cleaning will change these hardware realities. Cleaning your PC to make it faster depends largely on whether software bloat or hardware constraints are your primary bottleneck.

Gaming performance, video editing, and other intensive tasks rely heavily on central processing unit (CPU) and graphics processing unit (GPU) capabilities. While a clean system ensures these components aren’t fighting unnecessary background processes, cleaning won’t magically boost frame rates or rendering speeds beyond your hardware’s capabilities.

But first, back up your files

Any cleanup is safer when you know your important stuff is protected. You don’t have to do a complicated backup routine; just make sure the essentials are safe.

  • Check your cloud backups: If you use OneDrive, Google Drive, or iCloud, you may already be backed up without realizing it. Give those files a quick review. It only takes two minutes to confirm that your data is backed up in the cloud.
  • Consider an external backup: An external drive gives you a second copy of your files in case something goes wrong. It’s especially helpful for photos, work documents, or anything you’d hate to lose.

In newer versions of Windows, go to Settings > Update & Security > Backup to set up File History, or use Settings > Accounts > Sync your settings for cloud backup. This ensures you won’t lose important files.

Step by step: Clean up your computer

Now that you’ve ensured your important files are safe, you can start the cleanup process that makes a noticeable difference in PC performance. You don’t need advanced technical skills, and you don’t need to do everything at once.

Remove temporary files and unused apps

Go to Settings > System > Storage > Temporary files and review the categories. This will take you to a screen that gives you insight into what your drive space looks like and allow you to safely remove many of them with a few clicks, especially cache and old system leftovers. 

In Windows 10/11, go to Settings > Apps > Apps & features, then sort apps by size or installation date to identify large or forgotten programs. Click any app and select “Uninstall” to remove it. 

You can also use the built-in Disk Cleanup tool by typing “Disk Cleanup” in the Start menu search. Select categories such as “Temporary files,” “Recycle Bin,” and “System cache” to review the files and remove any that are not needed. If you’re unsure what a program does, research it online before removing it, as some applications may be essential for your system’s operation. For example, you might want to keep “Windows update log files,” in case you ever need to troubleshoot Windows.

Set Windows Storage Sense for automatic cleanup

Instead of performing a manual cleanup, you can use Windows Storage Sense to keep your system clean. Navigate to Settings > System > Storage > Storage Sense to configure this powerful feature. You can set it to automatically remove temporary files, empty your recycle bin, and clear your Downloads folder of files older than 30 days.

Removing old and unused apps benefits you in two ways. First, it frees up disk space. Second, outdated apps can contain security loopholes that hackers may exploit. Older apps might have gone without an update, which can lead to security loopholes that hackers can exploit. Remove the old app, and you remove the loophole.

Use Disk Cleanup

Disk Cleanup is an older Windows tool, but it’s still reliable. It can clear system files and cached data safely when used carefully. In Disk Cleanup, you can confidently delete Temporary files, Recycle Bin contents, System error memory dump files, and old Windows Update cleanup files. Temporary Internet Files and Downloaded Program Files are also safe to remove, as your browser will recreate what it needs.

To access this tool, search “Disk Cleanup” in the Start menu, and choose your main drive (usually C:) when prompted. Review the temporary file categories before removing them. Just read descriptions, and avoid deleting anything you might need for troubleshooting.

Manage large files effectively

Identify space-consuming files by looking for large video files, old software installers, or duplicate files that you no longer need. Move important large files to external storage or cloud services to free up local space while keeping them accessible.

Clear your browser cache and cookies

This one is a bit of a double-edged sword. Your cache and cookies make many web pages load faster. By storing images, preferences, and other info, cookies speed up load times. However, the data that cookies store can get bloated over time. If the disk space they use looks a little high to you, clean them out. You can do this in Windows by typing “Cookies” in your search bar or selecting “Delete browsing data” from your browser’s menu.

Note that this may remove any saved passwords stored in your browser. However, if you’re using a password manager, this isn’t a worry. The manager does the remembering for you.

Shut off startup apps

Windows runs several apps at startup, some of which you certainly need, such as antivirus software or online protection software. Other apps, however, might not be needed to run right away and just slow down startup.

To review your startup apps, type “Startup” in the Windows search bar or press Ctrl + Shift + Esc to open Task Manager. Click the Startup tab to see a list of apps and their impact on performance. Disable programs you don’t need immediately, but keep essential security software enabled. Focus on applications marked with “High” startup impact. 

Keep essential security software enabled at startup, and research unfamiliar programs before disabling them or just leave them alone.

Erase sensitive files from the recycle bin

You’d think that deleting files in the recycle bin erases them entirely. Not so. It only removes the “pointer” to those files, but the data remains on the drive. The only way to completely remove files is when something new overwrites them, which can take time.

To completely erase files with sensitive info, use a file shredder tool similar to that in McAfee+. Although this doesn’t necessarily improve performance, it helps prevent identity theft.

Update your operating system and drivers

Ensure optimal performance and security with the latest updates. Go to Settings > Update & Security > Windows Update and click “Check for updates.” For driver updates, visit Settings > Update & Security > Windows Update > View optional updates, or use Device Manager by right-clicking the Start button and selecting it. Updated drivers improve hardware compatibility and can resolve performance issues.

Run a comprehensive security scan

If your PC feels abnormally slow, malware may be the real cause. Complete your cleanup by scanning for malware and other threats that may be causing the slowdown. Some threats run quietly in the background, consuming system resources and compromising privacy.

  • Use built-in Windows Security or trusted tools: Start with a quick scan, and follow up with a deeper scan if anything looks suspicious. This can remove hidden processes that slow down your system.
  • Avoid random “free cleaners”: Many of them bundle adware or unwanted programs. Stick to well-known security vendors and official sources.

Deep clean with a PC Optimizer

For a deeper clean, consider PC cleaning software such as McAfee PC Optimizer, designed to detect and clear out unnecessary files, manage startup apps, and even clean the registry at the press of a button. These cleaners usually come with customizable settings to suit your preferences. You can set automatic clean-ups at regular intervals, thus saving time, and freeing you from the hassle of remembering to run the cleanup.

To choose reliable and safe PC cleaning software, read reviews and understand what each feature does. Always use a trusted, reputable security software and avoid downloading PC cleaners from unknown sources, as some may contain malware.

Special considerations for SSD drives

If your PC uses a solid-state drive (SSD), avoid traditional defragmentation as it can reduce the drive’s lifespan without providing performance benefits. Windows automatically runs TRIM commands to instruct your SSD to delete data blocks that are no longer used. 

You can manually enable TRIM by opening Command Prompt as an administrator and running “fsutil behavior set DisableDeleteNotify 0” to confirm it’s enabled. However, we do not recommend doing this. It’s best to let Windows handle optimization automatically. 

Windows registry: To clean or not to clean

The Windows registry is your computer’s central database, storing critical configuration settings for your operating system and installed programs. Registry cleaning is a misunderstood part of PC optimization. Many people think it’s essential, but modern Windows systems usually don’t benefit from it. In addition, today’s Windows versions manage registry complexity more effectively than older versions. 

Unlike clearing temporary files or uninstalling old apps, manual registry changes can have far-reaching consequences and serious issues if done incorrectly. A single incorrect change can prevent apps from opening or cause system instability. Unless you’re troubleshooting a specific issue, it’s safer to skip it.

A clean slate for you and your PC

Restart your computer after completing these steps to ensure all changes take effect properly. Regular maintenance every 3-6 months will help keep your PC running smoothly and securely.

Physically clean your computer

Another aspect of cleaning your PC to improve its performance entails physical cleanup, specifically dust removal. When dust builds up, your PC can’t cool itself properly, leading to slower speeds, louder fans, and random stuttering. Follow this quick guide:

  • Power down and disconnect everything: Turn off your computer entirely and unplug all cables before cleaning. This prevents electrical damage and keeps you safe during the cleaning process.
  • Discharge static electricity: Touch a grounded metal object or use an anti-static wrist strap before handling internal components. Static electricity can damage sensitive computer parts.
  • Use compressed air for dust removal: Blow out dust from vents, fans, and internal components using short bursts of compressed air. Hold the can upright and maintain a few inches of distance to avoid moisture buildup.
  • Support fan blades while cleaning: Gently hold fan blades in place when using compressed air to prevent them from spinning too fast, which can damage the motor or create electrical feedback.
  • Clean case vents and intake areas: Remove dust from all ventilation openings, especially intake fans and exhaust vents, which tend to accumulate dust.
  • Avoid liquids near electronics: Never use water, cleaning solutions, or damp cloths on internal components. If you must clean the exterior case, use slightly damp cloths only on plastic surfaces, avoiding all ports and openings.
  • Focus on heat-generating components: Pay special attention to the CPU cooler, graphics card fans, and power supply vents, as dust here directly impacts cooling performance.
  • Clean regularly for sustained performance: Dust-free systems run cooler and prevent thermal throttling, where your CPU or GPU reduces performance to avoid overheating. This keeps your computer running at optimal speed.
  • Know when to seek professional help: If you’re uncomfortable opening your computer case or notice excessive dust buildup in hard-to-reach areas, consider having a professional service perform a thorough cleaning.
  • Reassemble and test: Once you have completed the cleaning, reconnect all cables and secure the side panel. Power on your system and check that the CPU fan spins properly. Monitor temperatures during initial use to ensure adequate cooling.

Clean your PC to improve your game, somewhat

If you’re asking this question, you’re probably gaming — and yes, cleaning can help restore lost frames per second (FPS), but it won’t magically exceed your hardware’s capabilities. 

Dust buildup causes thermal throttling, which leads to frame drops and stuttering. Physical cleaning will reduce overheating, improve airflow, and help maintain stable frame rates.

Meanwhile, too many processes can consume CPU time and RAM, hindering your gaming experience. Trimming startup apps and closing unused background tools can improve gaming smoothness.

Remember, though, that cleaning won’t address your PC’s hardware limitations. If your GPU can’t handle your settings, no amount of cleanup will make it a high-end card. Cleaning keeps your current hardware running at its best.

Find the best PC cleaner

For most users, combining manual cleaning with reputable automated tools provides the best results. Quality PC optimizers can safely handle routine maintenance tasks, but it’s also important to choose trusted solutions that won’t cause more problems than they solve.

Make safe choices

The market offers both legitimate optimization software as well as potentially harmful programs that could compromise your system’s security and privacy. Red flags to watch for include solutions that:

  • Bundle adware or unwanted programs that install alongside the cleaner
  • Promise unrealistic performance gains through aggressive registry modifications
  • Exaggerate scan results, claiming thousands of “critical errors” to pressure you into purchasing
  • Request excessive system permissions beyond what’s needed for basic cleanup tasks
  • Lack of transparency about what files or settings will be modified

Choose trustworthy PC cleaning tools by:

  • Downloading only from official vendors and verified software repositories
  • Reading user reviews and expert evaluations from reputable technology publications
  • Verifying the software publisher’s reputation and track record in cybersecurity
  • Checking for clear privacy policies that explain data collection practices
  • Looking for tools that provide detailed cleanup reports before making changes
  • Considering integrated solutions that include PC optimization and protection capabilities for better compatibility and coordinated system management

    Consider hardware upgrades

    If you have done everything you can to clean your PC systemically and physically, and it is still running slow, it might be time to consider a hardware upgrade. Modern computers with sufficient RAM and processing power respond well to maintenance, while older systems may need hardware upgrades to see meaningful improvements. In this day and age, upgrading to 8GB or 16GB will likely deliver more dramatic performance improvements than any cleaning routine. 

    Similarly, switching from a traditional hard drive to an SSD provides speed boosts that far exceed what software optimization can do. For example, upgrading to an SSD can dramatically reduce boot times, while routine PC cleaning typically produces more modest improvements. The sweet spot for PC cleaning benefits occurs when you can balance adequate hardware and software accumulation

    Final thoughts

    Cleaning your PC is an essential part of maintaining its performance. While it might not drastically increase your PC’s speed, it contributes to overall efficiency, responsiveness, and longevity.

    The key to lasting results is establishing a consistent maintenance routine, whether it means weekly disk cleanups, monthly startup reviews, or quarterly deep cleans with trusted tools. Take note that it is best to approach PC cleaning carefully, deleting with discretion to avoid accidentally removing necessary files or applications. For those who aren’t comfortable doing it manually, reliable PC cleaning software like McAfee+ can simplify the process and save time.

    The post Does PC Cleaning Improve Performance? appeared first on McAfee Blog.

    How To Tell If Your Smart TV Spying on You

    By: McAfee

    From their original design as simple broadcast receivers, today’s televisions have evolved into powerful, internet-connected entertainment hubs. Combining traditional viewing with online capabilities, smart TVs provide instant access to streaming platforms, web browsing, voice assistants, and personalized recommendations. 

    As our TVs have grown smarter, however, they’ve also become gateways to new privacy and security challenges. In a chilling echo of George Orwell’s dystopian novel 1984, it’s possible that Big Brother, or in this case, Big Hacker, might be surveilling you through your own television.

    In 2013, evidence emerged that smart TVs can be just as vulnerable to hacking as home computers, following an investigation by security analysts Aaron Grattafiori and Josh Yavor at iSEC Partners. Working with smart TV manufacturers to address potential vulnerabilities, the analysts presented their findings at the Black Hat network security conference in Las Vegas. Their demonstration highlighted the concerning possibility of smart TVs not only physically surveilling you through the built-in camera but also prying deeper into your personal life by collecting data on your web searches, app usage, and preferences.

    Smart TV hacking entry points

    Smart TVs can be hacked in several ways, but the gateway that opens your smart TV to these attacks is the IP address, which links with internet-driven apps such as Facebook and YouTube, as well as video streaming services, microphones, and even internal cameras. Because smart TVs often run the same code as computers and smartphones, such as JavaScript or HTML5, they are also susceptible to malware and spyware attacks. These are some of the ways your device can be hacked:

    • Outdated firmware: When you don’t regularly update your TV’s software, you leave known security holes wide open for cybercriminals to enter. These updates often include security patches, but many users ignore update notifications.
    • Unsecure downloads or sideloads: When you download apps from unofficial sources or use older apps with poor security, you invite malware into your living room. Additionally, weak Wi-Fi settings at home create an opening for hackers to access not just your TV but your entire network.
    • Weak login habits: Using the may include background services you are unaware of, which allow criminals to access your smart TV once they’ve compromised your other accounts. Smart TVs could even have background services you might not know about, creating additional attack points.
    • Compromised physical connections: Infected HDMI devices or USB drives could introduce malware into your system. Once hackers gain access to your smart TV, they can use it to move through your home network and other connected devices.

    Spying beyond physical surveillance

    Once a hacker has compromised your smart TV, they can spy on you through several built-in technologies that collect data on your viewing habits, conversations, and online activities.

    • Automatic Content Recognition (ACR): This is a common spying method that analyzes audio or video snippets from your content. It then packages and sells this data to advertisers, who use it to create profiles of your entertainment preferences for customized advertising. 
    • Voice assistants and listening microphones: Many smart TVs include voice control features that activate when you say specific wake words. These microphones can capture private conversations, even when the TV is “off” and on standby mode. This data could be processed by third-party voice recognition services, creating potential eavesdropping risks.
    • Built-in or plug-in cameras: These enable video calling and gesture control features, but they also create opportunities for unauthorized surveillance and privacy vulnerabilities. Smart TVs with cameras could be accessed by hackers or malicious software.
    • App-level tracking and advertising IDs: Similar to smartphone apps, smart TV apps also collect data on your usage and preferences through unique advertising identifiers, which build comprehensive profiles for targeted marketing. Your Netflix viewing habits might influence ads you see on YouTube or other platforms.
    • Data sharing with third parties: TV manufacturers often share collected data with advertising networks, content providers, and data brokers to create extensive digital profiles. This information can include viewing schedules, app usage, voice recordings, and even household demographic insights.
    • Privacy settings: Most smart TVs offer settings to disable ACR, limit voice recording, and opt out of personalized advertising. Look for “Privacy,” “Viewing Data,” or “Interest-Based Advertising” options in your TV’s settings menu. However, these settings may reset after software updates.
    • Network behaviors: Your smart TV communicates with various servers, sending viewing data, software telemetry, and usage statistics even when you’re not actively using smart features. Router logs often show smart TVs making hundreds of network connections per day to advertising and analytics services.

    The key to managing these privacy risks is understanding what data your TV collects and taking control through privacy settings, network restrictions, and informed usage decisions. 

    Types of data that smart TVs collect

    • Viewing history, content preferences, and navigation patterns: Your smart TV tracks what shows, movies, and channels you watch, how long you view them, and when you pause or skip content. This data helps TV manufacturers and streaming app providers understand your entertainment preferences and suggest personalized content.
    • Device identifiers and technical data: Your TV collects unique device identifiers, IP addresses, Wi-Fi network information, and technical specifications. In turn, manufacturers use this data for device management, software updates, and to link your viewing activity across different sessions and devices.
    • Advertising IDs and marketing data: Smart TVs generate unique advertising identifiers that track your activity for targeted advertising. Third-party advertisers and data brokers use these IDs to build detailed profiles for marketing campaigns and to measure ad effectiveness across different platforms.
    • Voice recordings and search queries: Your voice commands or searches are recorded and processed by the manufacturer’s servers or third-party speech-recognition services to improve voice-recognition accuracy and deliver search results.
    • Geolocation and network information: Your smart TV can determine your approximate location through your IP address and Wi-Fi network details. This geographic data helps content providers offer region-specific programming and advertising.
    • Diagnostic and performance data: Smart TVs collect technical performance metrics, error logs, and usage statistics to help manufacturers and software partners identify issues, improve software performance, and develop new features. 

    Take control of your data

    Your smart TV data typically flows to multiple parties. It starts with the device manufacturer for product improvements, then to streaming app providers for content recommendations, on to advertising networks for targeted marketing, and analytics companies for usage insights. Recent regulatory guidance emphasizes that you should have clear visibility into these data-sharing relationships through your TV’s privacy policy.

    You can limit data collection by disabling Automatic Content Recognition (ACR) in your TV’s privacy settings, turning off personalized advertising, and regularly reviewing app permissions. Consumer protection agencies require smart TV manufacturers to provide opt-out mechanisms for advertising personalization and data sharing with third parties.

    Stop the spying

    Fortunately, you can significantly reduce your smart TV risks with some simple preventive measures:

    1. Check your TV’s privacy and ACR settings: Navigate to your smart TV’s settings menu and look for privacy, data collection, or “Automatic Content Recognition” (ACR) options, and disable or limit that function to prevent the tracking of your viewing behaviors and preferences. 
    2. Review consent prompts after software updates. When you see pop-ups asking for consent to new terms, take a moment to read what you’re agreeing to. You can often decline optional data sharing while keeping essential functionality. 
    3. Monitor your ad personalization settings: Look for advertising or marketing preferences in your settings menu, and opt out of personalized advertising to reduce the data collected about your viewing patterns.
    4. Audit app permissions and microphone access: Smart TV apps may request access to features such as your microphone, camera, or network information. Review which apps have these permissions. Voice assistants and video calling apps may need microphone access, but streaming apps typically don’t require these sensitive permissions.
    5. Monitor network activity: Check your router’s device list to see if your smart TV is unusually chatty with unknown servers. Many modern routers also offer parental controls or privacy features that can limit your TV’s internet access to only essential functions.
    6. Perform security audits on major platforms: Roku, Samsung Tizen, LG webOS, and Android TV each offer basic privacy controls in their main settings. Look for “Privacy,” “Ads,” “Data Collection,” or “Viewing Information” to take control regardless of your TV model.
    7. Check for physical indicators and hardware controls: Many newer smart TV models don’t include cameras, but if yours does, you’ll often find a physical privacy shutter or the ability to disable it in settings. For voice features, look for microphone mute buttons on your remote or TV itself.
    8. Stay updated: Ensure your apps are updated regularly to maintain the security of your TV and its apps. The digital world is full of bugs waiting for a chance to invade your device, so don’t let outdated apps provide them the perfect entry point. 
    9. Use social media sparingly: Social media sites are notorious hunting grounds for identity thieves. Restrict the use of these apps to your computer, smartphone, or tablet, and ensure they have comprehensive security protection to guard your devices, identity, and data.

    Standby versus fully off

    Most smart TVs don’t fully turn off when you press the power button; they enter standby mode to enable quick startup. In this state, certain components may remain active and continue collecting data. It might maintain network connectivity to receive software updates, keep microphones and voice assistants ready to respond to wake words, or continue ACR that tracks your viewing habits.

    To truly disconnect your TV from potential monitoring, you have several options:

    1. Look for a physical mute switch on your remote or TV for the microphone. This provides a hardware-level disconnect that software can’t override.
    2. You can unplug your TV entirely when not in use or connect it to a power strip that you can easily switch off to cut all power.
    3. For a more permanent solution, dive into your TV’s privacy settings to disable ACR tracking, turn off voice activation features, and restrict background data collection. 
    4. You can also disconnect your TV from Wi-Fi entirely if you primarily use external streaming devices, which gives you more control over what data gets shared.

    FAQs about Smart TVs

    Do all smart TVs have cameras?

    It depends on your specific smart TV model and its manufacturing date. Most modern smart TVs manufactured after 2022 do not include built-in cameras. Major manufacturers such as Samsung, LG, Sony, and TCL have largely moved away from integrating cameras directly into their television sets due to privacy concerns and limited consumer adoption. 

    Some premium models and older smart TVs from 2018-2021 may still feature built-in cameras designed typically used for:

    • Video calling: Apps such as Zoom or Google Meet allow you to make calls from your TV
    • Gesture control: Hand movements enable you to navigate menus and control functions 
    • Facial recognition: Based on who is watching, smart TVs can personalize content recommendations
    • Voice assistant integration: Some cameras work with microphones to enhance smart assistant features

    If your smart TV does have a camera, you still have control, as most smart TVs with cameras include physical privacy shutters, software controls to disable the camera, or the option to cover the lens. For external USB cameras, simply unplugging it ensures that no one can see you through the smart TV.

    How do I know if my smart TV has a camera?

    To determine if your smart TV has a camera, check the following:

    1. The physical TV: Check the top, bottom, and side edges of your TV screen for a small circular lens, typically about the size of a coin. Built-in cameras are typically small lenses located on the top bezel or may retract into the frame. 
    2. Quick detection test: In a dimly lit room, shine a flashlight across your TV’s bezel while looking for reflective surfaces. Camera lenses will reflect light differently than the surrounding plastic, appearing as small, glassy circles that catch and reflect the light beam.
    3. Camera shutter or privacy cover: TVs with built-in cameras often include a sliding privacy shutter or removable cover. Look for a small plastic piece that can slide over the camera lens area, or a hinged cover that flips up and down.
    4. User manual: Your manual will clearly list the camera functionality if it is present. You can also find detailed specs on the product packaging. Look for terms such as “built-in camera,” “video calling,” or “gesture control” in the feature list.
    5. Manufacturer’s website: Visit your TV manufacturer’s official support page and enter your exact model number. The detailed product specifications should confirm whether your model includes camera hardware.
    6. Camera-related settings: Go to your smart TV’s main settings menu and look for sections labeled “Camera,” “Privacy,” “Microphone,” or “Gesture Control.” If these options exist, your TV likely has camera capability. Many TV models from 2023 include dedicated privacy toggles that let you fully disable camera functions.

    If you discover your smart TV has a camera, you can take control of your privacy by disabling it in your TV’s settings, covering it with tape when not in use, or using any built-in privacy shutters.

    How can I disable or manage my smart TV camera?

    Aside from the precautions listed above, there are other ways you can disable your smart TV’s camera:

    • Privacy settings: Navigate to your smart TV’s Settings menu, then look for “Privacy,” “Security,” or “Camera” options. Most modern TVs group these controls together to limit the data your device collects and shares.
    • Specific apps: Review which apps have camera permissions by going to Settings > Apps > [App Name] > Permissions. Turn off camera access for apps that don’t need it, like streaming services or games. Video calling apps will need camera access to function properly.
    • Gesture and voice control: Disable motion-sensing and voice-recognition features in your TV’s accessibility or interaction settings, as these features often require the camera and microphone to be active.
    • System update resets: Smart TV updates can sometimes reset your privacy settings to defaults. After each update, take a few minutes to verify your camera and microphone settings remain off as you configured them.
    • Network-level protection: For tech-savvy users, consider setting up router-level controls to monitor or restrict your smart TV’s internet connections. Some routers allow you to block specific domains or limit device communication, adding another layer of control over what data your TV can share.
    • Automatic security updates: Keep your smart TV’s firmware up to date by enabling automatic updates. Manufacturers regularly release security patches that address vulnerabilities to protect you from potential threats.
    • Dedicated guest network: Consider connecting your smart TV to a separate Wi-Fi network from your main devices. This limits potential access to other connected devices in your home if your TV’s security is ever compromised.

    Final thoughts

    If the thought of your living room turning into a hacker’s surveillance paradise sends a chill down your spine, you’re not alone. Fortunately, you can take some protective measures that keep your smart TV safe.

    One of the best ways to protect yourself is to stay informed about the latest developments in smart TV security. Attend webinars, read articles, and follow experts in the field to stay current with the latest security threats and fixes. 

    Just as importantly, small but effective digital habits will also fortify your smart TV security: keep your TV’s firmware updated, stick to official app stores, secure your home Wi-Fi with strong encryption, use unique passwords for your devices, limit the use of social media and messaging apps on your TV, and be cautious about what you plug into your TV’s ports. 

    By following these recommendations, you can continue to relax in your living room and enjoy your digital entertainment experience without compromising your privacy and security.

    The post How To Tell If Your Smart TV Spying on You appeared first on McAfee Blog.

    This Year in Scams: A 2025 Retrospective, and a Look Ahead at 2026

    By: McAfee
    The Top Scams of 2025

    They came by phone, by text, by email, and they even weaseled their way into people’s love lives—an entire host of scams that we covered here in our blogs throughout the year.

    Today, we look back, picking five noteworthy scams that firmly established new trends, along with one in particular that gives us a hint at the face of scams to come.

    Let’s start it off with one scam that pinged plenty of phones over the spring and summer: those toll road texts.

    1 – The Texts That Jammed Everyone’s Phones: The Toll Road Scam

    It was the hot new scam of 2025 that increased by 900% in one year: the toll road scam.

    There’s a good chance you got a few of these this year,scam texts that say you have an unpaid tab for tolls and that you need to pay right away. And as always, they come with a handy link where you can pay up and avoid that threat of a “late fee.”

     

    Of course, links like those took people to phishing sites where people gave scammers their payment info, which led to fraudulent charges on their cards. In some instances, the scammers took it a step further by asking for driver’s license and Social Security numbers, key pieces of info for big-time identity theft.

    Who knows what the hot new text scam for 2026 will be, yet here are several ways you can stop text scams in their tracks, no matter what form they take:

    How Can I Stop Text Scams?

    Don’t click on any links in unexpected texts (or respond to them, either). Scammers want you to react quickly, but it’s best to stop and check it out.

    Check to see if the text is legit. Reach out to the company that apparently contacted you using a phone number or website you know is real—not the info from the text.

    Get our Scam Detector. It automatically detects scams by scanning URLs in your text messages. If you accidentally tap or click? Don’t worry, it blocks risky sites if you follow a suspicious link.

    2 – Romancing the Bot: AI Chatbots and Images Finagle Their Way Into Romance Scams

    It started with a DM. And a few months later, it cost her $1,200.

    Earlier this year, we brought you the story of 25-year-old computer programmer Maggie K. who fell for a romance scam on Instagram. Her story played out like so many. When she and her online boyfriend finally agreed to meet in person, he claimed he missed his flight and needed money to rebook. Desperate to finally see him, she sent the money and never heard from him again.

    But here’s the twist—he wasn’t real in the first place.

    When she reported the scam to police, they determined his images were all made with AI. In Maggie’s words, “That was the scariest part—I had trusted someone who never even existed.”

    Maggie isn’t alone. Our own research earlier this year revealed that more than half (52%) of people have been scammed out of money or pressured to send money or gifts by someone they met online.

    Moreover, we found that scammers have fueled those figures with the use of AI. Of people we surveyed, more than 1 in 4 (26%) said they—or someone they know—have been approached by an AI chatbot posing as a real person on a dating app or social media.

    We expect this trend will only continue, as AI tools make it easier and more efficient to pull off romance scams on an increasingly larger scale.

    Even so, the guidelines for avoiding romance scams remain the same:

    • Never send money to someone you’ve never met in person.
    • Things move too fast, too soon—like when the other person starts talking about love almost right away.
    • They say they live far away and can’t meet in person because they live abroad, all part of a scammers story that they’re there for charity or military service.
    • Look out for stories of urgent financial need, such as sudden emergencies or requests for help with travel expenses to meet you.
    • Also watch out for people who ask for payment in gift cards, crypto, wire transfers, or other forms of payment that are tough to recover. That’s a sign of a scam.

    3 – Paying to Get Paid: The New Job Scam That Raked in Millions

    The job offer sounds simple enough … go online, review products, like videos, or do otherwise simple tasks and get paid doing it—until it’s time to get paid.

    It’s a new breed of job scam that took root this spring, one where victims found themselves “paying to get paid.”

    The FTC dubbed these scams as “gamified job scams” or “task scams.” Given the way these scams work, the naming fits.

    It starts with a text or direct message from a “recruiter” offering work with the promise of making good money by “liking” or “rating” sets of videos or product images in an app, all with the vague purpose of “product optimization.” With each click, you earn a “commission” and see your “earnings” rack up in the app. You might even get a payout, somewhere between $5 and $20, just to earn your trust.

    Then comes the hook.

    Like a video game, the scammer sweetens the deal by saying the next batch of work can “level up” your earnings. But if you want to claim your “earnings” and book more work, you need to pay up. So you make the deposit, complete the task set, and when you try to get your pay the scammer and your money are gone. It was all fake.

    This scam and others like it fall right in line with McAfee data that uncovered a spike in job-related scams of 1,000% between May and July,which undoubtedly built on 2024’s record-setting job scam losses of $501 million.

    Whatever form they take, here’s how you can avoid job scams:

    Step one—ignore job offers over text and social media

    A proper recruiter will reach out to you by email or via a job networking site. Moreover, per the FTC, any job that pays you to “like” or “rate” content is against the law. That alone says it’s a scam.

    Step two—look up the company

    In the case of job offers in general, look up the company. Check out their background and see if it matches up with the job they’re pitching. In the U.S., The Better Business Bureau (BBB) offers a list of businesses you can search.

    Step three—never pay to start a job.

    Any case where you’re asked to pay to up front, with any form of payment, refuse, whether that’s for “training,” “equipment,” or more work. It’s a sign of a scam.

    4 – Seeing is Believing is Out the Window: The Al Roker Deepfake Scam

    Prince Harry, Taylor Swift, and now the Today show’s Al Roker, too, they’ve all found themselves as the AI-generated spokesperson for deepfake scams.

    In the past, a deepfake Prince Harry pushed bogus investments, while another deepfake of Taylor Swift hawked a phony cookware deal. Then, this spring, a deepfake of Al Roker used his image and voice to promote a bogus hypertension cure—claiming, falsely, that he had suffered “a couple of heart attacks.”

     

    The fabricated clip appeared on Facebook, which appeared convincing enough to fool plenty of people, including some of Roker’s own friends. “I’ve had some celebrity friends call because their parents got taken in by it,” said Roker.

    While Meta quickly removed the video from Facebook after being contacted by TODAY, the damage was done. The incident highlights a growing concern in the digital age: how easy it is to create—and believe—convincing deepfakes.

    Roker put it plainly, “We used to say, ‘Seeing is believing.’ Well, that’s kind of out the window now.”

    In all, this stands as a good reminder to be skeptical of celebrity endorsements on social media. If public figure fronts an apparent deal for an investment, cookware, or a hypertension “cure” in your feed, think twice. And better yet, let our Scam Detector help you spot what’s real and what’s fake out there.

    5 – September 2025: The First Agentic AI Attack Spotted in The Wild

    And to close things out, a look at some recent news, which also serves as a look ahead.

    Last September, researchers spotted something unseen before:a cyberattack almost entirely run by agentic AI.

    What is Agentic AI?

    Definition: Artificial intelligence systems that can independently plan, make decisions, and work toward specific goals with minimal human intervention; in this way, it executes complex tasks by adapting to new info and situations on its own.

    Reported by AI researcher Anthropic, a Chinese state-sponsored group allegedly used the company’s Claude Code agent to automate most of an espionage campaign across nearly thirty organizations. Attackers allegedly bypassed guardrails that typically prevent such malicious use with jailbreaking techniques, which broke down their attacks into small, seemingly innocent tasks. That way, Claude orchestrated a large-scale attack it wouldn’t otherwise execute.

    Once operational, the agent performed reconnaissance, wrote exploit code, harvested credentials, identified high-value databases, created backdoors, and generated documentation of the intrusion. By Anthropic’s estimate, they completed 80–90% of the work without any human involvement.

    According to Anthropic: “At the peak of its attack, the AI made thousands of requests, often multiple per second—an attack speed that would have been, for human hackers, simply impossible to match.”

    We knew this moment was coming, and now the time has arrived: what once took weeks of human effort to execute a coordinated attack now boils down to minutes as agentic AI does the work on someone’s behalf.

    In 2026, we can expect to see more attacks led by agentic AI, along with AI-led scams as well, which raises an important question that Anthropic answers head-on:

    If AI models can be misused for cyberattacks at this scale, why continue to develop and release them? The answer is that the very abilities that allow Claude to be used in these attacks also make it crucial for cyber defense. When sophisticated cyberattacks inevitably occur, our goal is for Claude—into which we’ve built strong safeguards—to assist cybersecurity professionals to detect, disrupt, and prepare for future versions of the attack.

    That gets to the heart of security online: it’s an ever-evolving game. As new technologies arise, those who protect and those who harm one-up each other in a cycle of innovation and exploits. As we’re on the side of innovation here, you can be sure we’ll continue to roll out protections that keep you safer out there. Even as AI changes the game, our commitment remains the same.

    Happy Holidays!

    We’re taking a little holiday break here and we’ll be back with our weekly roundups again in 2026. Looking forward to catching up with you then and helping you stay safer in the new year.

    The post This Year in Scams: A 2025 Retrospective, and a Look Ahead at 2026 appeared first on McAfee Blog.

    How To Spot Health Insurance Scams This Open Enrollment Season

    By: McAfee

    If you’re in the market for insurance right now, keep an eye out for scammers in the mix. They’re out in full force once again this open enrollment season.

    As people across the U.S. sign up for, renew, or change their health insurance plans, scammers want to cash in as people rush to get their coverage set. And scammers have several factors working in their favor.

    For starters, many people find the insurance marketplace confusing, frustrating, and even intimidating, all feelings that scammers can take advantage of. Moreover, concerns about getting the right level of coverage at an affordable price also play into the hands of scammers.

    Amidst all this uncertainty and time pressure, health insurance scams crop up online. Whether under the guise of helping people navigate the complex landscape or by offering seemingly low-cost quotes, scammers prey on insurance seekers by stealing their personal information, Social Security numbers, and money.

    According to the FBI, health insurance scams cost families millions each year. In some cases, the costs are up front. People pay for fraudulent insurance and have their personal info stolen. And for many, the follow-on costs are far worse, where victims go in for emergency care and find that their treatment isn’t covered—leaving them with a hefty bill.

    Like so many of the scams we cover here in our blogs, you can spot health insurance scams relatively quickly once you get to know their ins and outs.

    What Kind Of Health Insurance Scams Are Out There Right Now?

    Here’s how some of those scams can play out.

    The Phishing Strategy

    Some are “one and done scams” where the scammer promises a policy or service and then disappears after stealing money and personal info—much like an online shopping scam. It’s a quick and dirty hit where scammers quickly get what they want by reaching victims the usual ways, such as through texts, emails, paid search results, and social media. In the end, victims end up on a phishing site where they think they’re locking in a good deal but handing over their info to scammers instead.

    The Long Con

    Other scams play a long con game, milking victims for thousands and thousands of dollars over time. The following complaint lodged by one victim in Washington state provides a typical example:

    A man purchased a plan to cover himself, his wife, and his two children, only to learn there was no coverage. He was sold a second policy, with the same result, and offered a refund if he purchased a third policy. When he filed a complaint, his family still had no coverage, and he was seeking a refund for more than $20,000 and reimbursement for $55,000 in treatments and prescriptions he’d paid out of pocket.

    Scams like these are known as ghost broker scams where scammers pose as insurance brokers who take insurance premiums and pocket the money, leaving victims thinking they have coverage when they don’t. In some cases, scammers initially apply for a genuine policy with a legitimate carrier, only to cancel it later, while still taking premiums from the victim as their “broker.” Many victims only find out that they got scammed when they attempt to file a claim.

    The “Fake” Cancellation Scam

    Another type of scam comes in the form of policy cancellation scams. These work like any number of other account-based scams, where a scammer pretends to be a customer service rep at a bank, utility, or credit card company. In the insurance version of it, scammers email, text, or call with some bad news—the person’s policy is about to get cancelled. Yet not to worry, the victim can keep the policy active they hand over some personal and financial info. It’s just one more way that scammers use urgency and fear to steal to commit identity theft and fraud.

    What Are The Signs Of A Health Insurance Scam?

    As said, health insurance scams become relatively easy to spot once you know the tricks that scammers use. The Federal Trade Commission (FTC) offers up its list of the ones they typically use the most:

    1)Someone says they’re from the government and need money or your personal info.Government agencies don’t call people out of the blue to ask them for money or personal info. No one from the government will ask you to verify your Social Security, bank account, or credit card number, and they won’t ask you to wire money or pay by gift card or cryptocurrency.

    If you have a question about Health Insurance Marketplace®, contact the government directly at: HealthCare.gov or 1-800-318-2596

    2) Someone tries to sell you a medical discount plan. Legitimate medical discount plans differ from health insurance. They supplement it. In that way, they don’t pay for any of your medical expenses. Rather, they’re membership programs where you pay a recurring fee for access to a network of providers who offer their services at pre-negotiated, reduced rates. The FTC strongly advises thorough research before participating in one, as some take people’s money and offer very little in return. Call your caregiver and see if they really participate in the program and in what way. And always review the details of any medical discount plan in writing before you sign up.

    3) Someone wants your sensitive personal info in exchange for a price quote. The Affordable Care Act’s (ACA’s) official government site is HealthCare.gov. It lets you compare prices on health insurance plans, check your eligibility for healthcare subsidies, and begin enrollment. But HealthCare.gov will only ask for your monthly income and your age to give you a price quote. Never enter personal financial info like your Social Security number, bank account, or credit card number to get a quote for health insurance.

    4) Someone wants money to help you navigate the Health Insurance Marketplace. The people who offer legitimate help with the Health Insurance Marketplace (sometimes called Navigators or Assisters) are not allowed to charge you and won’t ask you for personal or financial info. If they ask for money, it’s a scam. Go to HealthCare.govand click “Find Local Help” to learn more.

    How to Avoid Health Insurance Scams

    1)For health insurance, visit a trusted source like HealthCare.gov or your state marketplace. Doing so helps guarantee that you’ll get the kind of fully compliant coverage you want.

    2) Make sure the insurance covers you in your state. Not every insurer is licensed to operate in your state. Double-check that the one you’re dealing with is. A good place to start is to visit the site for your state’s insurance commission. It should have resources that let you look up the insurance companies, agents, and brokers in your state.

    3) For any insurance, research the company offering it. Run a search with the company name and add “scam” or “fraud” to it. See if any relevant news or complaints show up. And if the plan you’re being offered sounds too good to be true, it probably is.

    4) Watch out for high-pressure sales. Don’t pay anything up front and be cautious if a company is forcing you to make quick decisions.

    5) Guard your personal info. Never share your personal info, account details, or Social Security number over text or email. Make sure you’re really working with a legitimate company and that you submit any info through a secure submissions process.

    6) Block bad links to phishing sites. Many insurance scams rely on phishing sites to steal personal info. A  combination of our Web Protection and Scam Detector can steer you clear of them. They’ll alert you if a link might take you to one. It’ll also block those sites if you accidentally tap or click on a bad link.

    7) Monitor your identity and credit. In some health insurance scams, your personal info winds up in wrong hands, which can lead to identity fraud and theft. And the problem is that you only find out once the damage is done. Actively monitoring your identity and credit can spot a problem before it becomes an even bigger one. You can take care of both easily with our identity monitoring and credit monitoring.

    Additionally, our identity theft coverage can help if the unexpected happens with up to $2 million in identity theft coverage and identity restoration support if determined you’re a victim of identity theft.​

    You’ll find these protections and more in McAfee+.

    The post How To Spot Health Insurance Scams This Open Enrollment Season appeared first on McAfee Blog.

    Why “Strong Passwords” Aren’t Enough Anymore—and What to Do Instead

    By: McAfee

    Imagine a day where you didn’t have to juggle passwords.

    No more sticky notes. No more notebooks with dozens of passwords scribbled in, crossed out, and scribbled in again. No more forgetting and resetting. No more typing them in all the time.

    And even better, imagine secure accounts, likely even more secure than you could keep them on your own.

    That’s the power of a password manager in your life.

    A password manager does the work of creating strong, unique passwords for each and every one of your accounts. And considering the hundred or so accounts you have, that’s something that would take plenty of time if you did all that work on your own.

    In all, a password manager can turn the pain of juggling passwords into a real comfort.

    What’s a bad password?

    Before we get into how a password manager can make your life easier while making your accounts more secure, let’s look at what makes up a bad password. Here are a few examples:

    Obvious passwords: Password-cracking programs start by entering a list of common (and arguably lazy) passwords. These may include the simple “password” or “1234567”. Others include common keyboard paths like “qwerty.” Even longer keyboard paths like “qwertyuiop” are well known to hackers and their tools as well. 

    Dictionary words: Hacking tools also look for common dictionary words strung together, which helps them crack longer passwords in chunks. The same goes for passwords that contain the name of the app or service in them. These are “no brainer” words found in passwords that make passwords even easier to crack.

    Repeated passwords: You may think you have such an unbreakable password that you want to use it for all your accounts. However, this means that if hackers compromise one of your accounts, all your other accounts are vulnerable. This is a favorite tactic of hackers. They’ll target less secure accounts and services and then attempt to re-use those credentials on more secure services like online bank and credit card companies. 

    Personal information passwords: Passwords that include your birthday, dog’s name, or nickname leave you open to attack. While they’re easy for you to remember, they’re also easy for a hacker to discover—such as with a quick trip to your social media profile, particularly if it is not set to private.

    If any of the above sounds familiar, you’ll want to replace any of your bad passwords with strong ones.

    What’s a good password?

    We can point to three things that make up a strong password, which makes it difficult to hack.

    Your password is:

    Long: A longer password is potentially a stronger password when it comes to a “brute force” attack, where a hacker uses an automated trial-and-error system to break it. For example, an eight-character password using uppercase and lowercase letters, numbers, and symbols can get hacked in minutes. Kick it up to 16 characters and it becomes incredibly more difficult to break—provided it doesn’t rely on common words or phrases. McAfee can help you generate a strong password, for stronger security with our random password generator.

    Complex: To increase the security of your password, it should have a combination of uppercase letters, lowercase letters, symbols, and numbers like mentioned above.

    Unique: Every one of your accounts should have its own password.

    Now, apply this to the hundred or so accounts you keep and creating strong passwords for all of them really does call for a lot of work.

    Should I use a password manager?

    Given its ease of use and the big security boost it gives you and all your accounts, the answer is yes.

    A password manager does the work of creating strong, unique passwords for your accounts. These will take the form of a string of random numbers, letters, and characters. They won’t be memorable, but the manager does the memorizing for you. You only need to remember a single password to access the tools of your manager.

    A strong password manager also stores your passwords securely. Our password manager protects your passwords by scrambling them with AES-256, one of the strongest encryption algorithms available. Only you can decrypt and access your info with the factors you choose. Additionally, our password manager uses multi-factor authentication (MFA), so you’ll be verified by at least two factors before being signed in.

    Aside from the comfort of convenience a password manager can give you, it gives you another level of assurance—extra protection in an age of data breaches, because you’ll have unique passwords where one compromise won’t lead to others.

    And whether or not you go with a password manager to create those strong and unique passwords, make sure you use MFA on every account that offers it. MFA offers another layer of protection by adding another factor into the login process, such as something you own like a text to your phone or notification to an authentication app. That way if a hacker has your password, they’ll still be locked out of your account because they lack that MFA code.

    One more smart move: delete your old accounts

    In some cases, you really don’t need some of your old accounts and the passwords that come along with them. Maybe they’re old and unused. Or maybe they were for a one-time purchase at an online store you won’t visit again. Deleting these accounts is a smart move because they’re yet more places where your personal info is stored—and subject to a data breach.

    Our Online Account Cleanup can help, which you can find in all our McAfee+ plans. It scans for accounts in your name, gives you a full list, and shows you which types of accounts might be riskier than others. From there you can decide which ones you want to delete, along with the personal info linked to them. In our McAfee+ Ultimate plans, you get full-service Online Account Cleanup, which sends the data deletion requests for you.

    Between this and a password manager, you’ll have one less thing to juggle—your passwords, and one less thing to worry about—if they’re secure from hackers.

    The post Why “Strong Passwords” Aren’t Enough Anymore—and What to Do Instead appeared first on McAfee Blog.

    This Week in Scams: Petco Breach Warning, and Watch Out for Fake Federal Calls

    By: McAfee
    A dog in a sweater on a walk.

    Pets, poisoned AI search results, and a phone call that sounds like it’s coming straight from the federal government, this week’s scams don’t have much in common except one thing: they’re getting harder to spot.

    In today’s edition of This Week in Scams, we’re breaking down the biggest security lapses and the tactics scammers used to exploit them, and what you can do to stay ahead of the latest threats.

    Two data security lapses discovered at Petco in one week put pet parents at risk

    If you’re a Petco customer, you’ll want to know about not one but two data security lapses in the past week.

    First, as reported by TechCrunch on Monday, Petco followed Texas data privacy laws by filing a data breach with the attorney general’s office. In that filing, Petco reported that the affected data included names, Social Security numbers, and driver’s license numbers. Further info including account numbers, credit and debit card numbers, and dates of birth were also mentioned in the filing.

    Also according to Techcrunch, the company filed similar notices in California and Massachusetts.

    To date, Petco has not made a comment about the size of the breach and the number of people affected.

    Different states have different policies for reporting data breaches. In some cases, that helps us put a figure to the size of the breach, as some states require companies to disclose the total number of people caught up in the breach. That’s not the case here, so the full scope of the attack remains in question, at least for right now.

    As of Thursday, we know Petco reported that 329 Texans were affected along with seven Massachusetts residents, per the respective reports filed. California’s report does not contain the number of Californians affected, yet laws in that state require businesses to report breaches that affect 500 or more people, so at least 500 people were affected there.

    Below you can see the form letter Petco sent to affected Californians in accordance with California’s data privacy laws:

    Copy of the form letter posted on the California Attorney General’s Website
    Copy of the form letter posted on the California Attorney General’s Website

     

    In it, you can see that Petco discovered that “a setting within one of our software applications … inadvertently allowed certain files to become accessible online.” Further, Petco said that it “immediately took steps to correct the issue and to remove the files from further online access,” and that it “corrected” the setting and implemented unspecified “additional security measures.”

    So while no foul play appears to have been behind the breach, it’s still no less risky and concerning for Petco’s customers. We’ll cover what you can do about that in a moment after we cover yet another data issue at Petco through its Vetco clinics.

    Also within the same timeframe, yet more research and reporting from Techcrunch uncovered a second security lapse that exposed personal info online. From their article:

    “TechCrunch identified a vulnerability in how Vetco’s website generates copies of PDF documents for its customers.

    “Vetco’s customer portal, located at petpass.com, allows customers to log in and obtain veterinary records and other documents relating to their pet’s care. But TechCrunch found that the PDF generating page on Vetco’s website was public and not protected with a password.

    “As such, it was possible for anyone on the internet to access sensitive customer files directly from Vetco’s servers by modifying the web address to input a customer’s unique identification number. Vetco customer numbers are sequential, which means one could access other customers’ data simply by changing a customer number by one or two digits.”

    What to do if you think you had info stolen in the Petco breach

    With the size and reach of the Petco breach still unknown, and the impact of the Vetco security lapse also unknown, we advise caution for all Petco customers. At minimum, monitor transactions and keep an eye on your credit report for any suspicious activity. And it’s always a good time to update a weak password.

    For those who received a notification, we advise the following:

    Check your credit, consider a security freeze, and get ID theft protection. You can get all three working for you with McAfee+ Advanced or McAfee+ Ultimate.

    Monitor transactions across your accounts, also available in McAfee+ Advanced and Ultimate.

    Keep an eye out for phishing attacks. Use our Scam Detector to spot any follow-on attacks.

    Update your passwords. Strong and unique passwords are best. Our password manager can help you create and store them securely.

    And use two-factor authentication on all your accounts. Enabling two-factor authentication provides an added layer of security.

    Image Credit: Federal Register
    Image Credit: Federal Register

     

    What to do if your Social Security number was breached.

    If you think your Social Security number was caught up in the breach, act quickly.

    1. First, contact one of the three credit bureaus (Equifax, Experian, or TransUnion) and place a fraud alert on your credit report.
    2. That will cover all three bureaus and make it harder for someone to open new accounts in your name. You can also quickly freeze your credit altogether with McAfee+ Ultimate.
    3. Also notify the Social Security Administration (SSA) along with the Internal Revenue Service (IRS), and file a police report immediately if you believe your number is being misused.

    The call center number that connects you to … scammers?

    You might want to be careful when searching for customer service numbers while in AI mode. Or with an AI search engine. It could connect you to a scammer.

    From The Times comes reports of scammers manipulating the AI in platforms like Google and Perplexity so that their search results return scam numbers instead of a proper customer service numbers for, say, British Airways.

    How do they manipulate those results? By spamming the internet with false info that gets picked up and then amplified by AI.

    “[S]cammers have started seeding fake call center numbers on the web so the AI is tricked into thinking it is genuine …

    “Criminals have set up YouTube channels with videos claiming to help with customer support, which are packed with airline brand names and scam numbers designed to be scraped and reused by the AI.

    “Bot-generated reviews on Yelp or video descriptions on YouTube are filled with fraudulent numbers as are airline and travel web forums.”

    And with these tactics, scammers could poison the results for just about any organization, business, or brand. Not just airlines. Per The Times, “The scammers have also hijacked government sites, university domains, and even fitness sites to place scam numbers, which fools the AI into thinking they are genuine.”

    This reveals a current limitation with many AI platforms. Largely they can’t distinguish when people deliberately feed them bad info, as seen in the case here.

    Yet even as this attack is new, our advice remains the same: any time you want to ring up a customer service line, get the number directly from the company’s official website. Not from AI search and not by clicking a paid search result that shows up first (scammers can poison them too).

    Is that a call from an FTC “agent?” If so, it’s a scam.

    Are you under investigation for money laundering? Of course not. But this scam wants you to think so—and to pay up.

    On Tuesday, the Federal Trade Commission (FTC) issued a consumer alert warning that people are reporting getting unexpected calls from someone saying they’re “FTC agent” John Krebs. Apparently “Agent Krebs” is telling people that they’re under investigation for money laundering—and that a deposit to a Bitcoin ATM can resolve the matter.

    Of course, it’s a scam.

    For starters, the FTC doesn’t have “agents.” And the idea of clearing one’s name in an investigation with a Bitcoin payment is a sure-fire sign of a scam. Lastly, any time someone asks for payment with Bitcoin or other payment methods that are near-impossible to recover (think wire transfers and gift cards), those are big red flags.

    Apart from hanging up and holding on to your money, the FTC offers the following guidance, which holds true for any scam call:

    • Never transfer or send money to anyone in response to an unexpected call or message, no matter who they say they are.
    • Know that the FTC won’t ask for money. In fact, no government agency will ever tell you to deposit money at a cryptocurrency ATM, buy gift cards and share the numbers, or send money over a payment app like Zelle, Cash App, or Venmo.
    • Don’t trust your caller ID. A call might look like it’s coming from the government or a business, but scammers often fake caller ID.

    And we close things out a quick roundup …

    As always, here’s a quick list of a few stories that caught our eye this week:

    AI tools transform Christmas shopping as people turn to chatbots

    National cybercrime network operating for 14 years dismantled in Indonesia

    Why is AI becoming the go-to support for our children’s mental health?

    We’ll see you next Friday with a special edition to close out 2025 … This Year in Scams.

    The post This Week in Scams: Petco Breach Warning, and Watch Out for Fake Federal Calls appeared first on McAfee Blog.

    Think That Party Invite Is Real? Fake E-Vite Scams Are the New Phishing Trap

    By: Brooke Seipel

    It looks harmless enough.

    A digital party invitation lands in your inbox or phone. You click to see the details. Then it asks you to log in or create an account before revealing the event. 

    That’s where the scam begins. 

    Fake e-vite phishing scams are on the rise, and they take advantage of something simple: social trust. You’re far more likely to click an invitation than a generic “account alert” or “delivery notice.” 

    And that’s exactly why scammers are using them. 

    In fact, here’s a screenshot of a fake phishing email I recently got this holiday season:

    Screenshot of a Phishing Email sent this holiday season
    Screenshot of a Phishing Email sent this holiday season

    When you click the “open invitation” link, it immediately asks you to sign in or create an account with your personal information. That’s the step where scammers steal your private data. 

    What Is a Fake E-Vite Scam? 

    A fake e-vite scam is a phishing attack that pretends to be a real invitation from platforms like Paperless Post or other digital invitation services. 

    The goal is to trick you into: 

    • Entering your email and password 
    • Creating a fake account on a malicious site 
    • Clicking links that lead to credential-stealing pages 
    • Downloading malware disguised as an invitation 

    Once scammers have your login information, they can: 

    • Take over your email 
    • Reset passwords on other accounts 
    • Send scams to your contacts 
    • Launch identity theft attempts 

    How These Fake Invitation Scams Usually Work 

    Here’s the most common flow: 

    1. You receive a digital invitation that looks normal 
    2. The message prompts you to “view the invitation” 
    3. You’re redirected to a login or signup page 
    4. You enter your email, password, or personal info 
    5. The invitation never appears 
    6. Your credentials have now been stolen 

    Because this starts with something familiar and social, many people don’t realize it’s phishing until accounts are already compromised. Plus, scammers then use your email and name to trick friends and family into trusting more fake e-vites from your account.

    How to Tell If a Paperless Post Invite Is Real 

    Paperless Post has publicly acknowledged these scams and shared what legitimate messages actually look like. 

    Legitimate Paperless Post Emails Will Never: 

    • Include .EXE attachments 
    • Include .PDF attachments 
    • Include any attachments other than image files 

    Official Paperless Post Email Domains: 

    Legitimate invitations and account messages only come from: 

    Official support emails only come from: 

    If the sender does not match one of these exactly, it’s a scam. 

    Paperless Post also notes that verified emails may display a blue checkmark in supported inboxes to confirm authenticity.  

    The Biggest Red Flags of a Fake E-Vite 

    If you see any of the following, do not click: 

    • You’re forced to log in to “see” who invited you 
    • The sender email doesn’t match the official domains above 
    • The invitation creates urgency 
    • You’re asked for payment to view the event 
    • The message feels generic instead of personal 
    • The site address looks slightly off 

    Why These Scams Are So Effective Right Now 

    Modern phishing attacks don’t rely on sloppy design anymore. Many now use: 

    • Polished branding 
    • Clean layouts 
    • Familiar platforms 
    • Friendly language 
    • Social pressure 

    Invitation phishing is especially powerful because: 

    • It triggers curiosity 
    • It feels harmless 
    • It mimics real social behavior 
    • It doesn’t start with fear or threats 
    • By the time the scam turns risky, your guard is already down. 

    What To Do If You Clicked a Fake E-Vite 

    If you entered any information into a suspicious invitation page: 

    1. Immediately change your email password 
    2. Change any other account that reused that password 
    3. Enable two-factor authentication 
    4. Check for unknown login activity 
    5. Warn contacts if your email may have been compromised 
    6. Run a security scan on your device 

    The faster you act, the more damage you can prevent. 

    The post Think That Party Invite Is Real? Fake E-Vite Scams Are the New Phishing Trap appeared first on McAfee Blog.

    How to Stay Safe on Your New AI Browser

    By: McAfee

    AI-powered browsers give you much more than a window to the web. They represent an entirely new way to experience the internet, with an AI “agent” working by your side.

    We’re entering an age where you can delegate all kinds of tasks to a browser, and with that comes a few things you’ll want to keep in mind when using AI browsers like ChatGPT’s Atlas, Perplexity’s Comet, and others.

    What are agentic AI browsers?

    So, what’s the allure of this new breed of browser? The answer is that it’s highly helpful, and plenty more.

    By design, these “agentic” AI browsers actively assist you with the things you do online. They can automate tasks and interpret your intentions when you make a request. Further, they can work proactively by anticipating things you might need or by offering suggestions.

    In a way, an AI browser works like a personal assistant. It can summarize the pages in several open tabs, conduct research on just about any topic you ask it to, or even track down the lowest airfare to Paris in the month of May. Want it to order ink for your printer and some batteries for your remote? It can do that too. And that’s just to name a few possibilities.

    As you can see, referring to the AI in these browsers as “agentic” fits. It truly works like an agent on your behalf, a capability that promises to get more powerful over time.

    Is it safe to use an AI browser?

    But as with any new technology, early adopters should balance excitement with awareness, especially when it comes to privacy and security. You might have seen some recent headlines that shared word of security concerns with these browsers.

    The reported exploits vary, as does the harm they can potentially inflict. That ranges from stealing personal info, gaining access to Gmail and Google Drive files, installing malware, and injecting the AI’s “memory” with malicious instructions, which can follow from session to session and device to device, wherever a user logs in.

    Our own research has shown that some of these attacks are now tougher to pull off than they were initially, particularly as the AI browser companies continue to put guardrails in place. If anything, this reinforces a long-standing truth about online security, it’s a cat-and-mouse game. Tech companies put protections in place, bad actors discover an exploit, companies put further protections in place, new exploits crop up, and so on. It’s much the same in the rapidly evolving space of AI browsers. The technology might be new, but the game certainly isn’t.

    While these reports don’t mean AI browsers are necessarily unsafe to use, they do underscore how fast this space is evolving…and why caution is smart as the tech matures.

    How To Use an AI Browser Safely

    It’s still early days for AI-powered browsers and understanding the security and privacy implications of their use. With that, we strongly recommend the following to help reduce your risk:

    Don’t let an AI browser do what you wouldn’t let a stranger do. Handle things like your banking, finances, and health on your own. And the same certainly goes for all the info tied to those aspects of your life.

    Pay attention to confirmations. As of today, agentic browsers still require some level of confirmation from the user to perform key actions (like processing a payment, sending an email, or updating a calendar entry). Pay close attention to them, so you can prevent your browser from doing something you don’t want it to do.

    Use the “logged out” mode, if possible. As of this writing, at least one AI browser, Atlas, gives you the option to use the agent in the logged-out mode.i This limits its access to sensitive data and the risk of it taking actions on your behalf with your credentials.

    If possible, disable “model learning.” By turning it off, you reduce the amount of personal info stored and processed by the AI provider for AI training purposes, which can minimize security and privacy risks.

    Set privacy controls to the strictest options available. Further, understand what privacy policies the AI developer has in place. For example, some AI providers have policies that allow people to review your interactions with the AI as part of its training. These policies vary from company to company, and they tend to undergo changes. Keeping regular tabs on the privacy policy of the AI browser you use makes for a privacy-smart move.

    Keep yourself informed. The capabilities, features, and privacy policies of AI-powered browsers continue to evolve rapidly. Set up news alerts about the AI browser you use and see if any issues get reported and, if so, how the AI developer has responded. Do routine searches pairing the name of the AI browser with “privacy.”

    How McAfee Can Help

    McAfee’s award-winning protection helps you browse safer, whether you’re testing out new AI tools or just surfing the web.

    McAfee offers comprehensive privacy services, including personal info scans and removal plus a secure VPN.

    Plus, protections like McAfee’s Scam Detector automatically alert you to suspicious texts, emails, and videos before harm can happen—helping you manage your online presence confidently and safeguard your digital life for the long term. Likewise, Web Protection can help you steer you clear of suspicious websites that might take advantage of AI browsers.

    The post How to Stay Safe on Your New AI Browser appeared first on McAfee Blog.

    This Week in Scams: Phony AI Ads, Apple Account Takeover Attempts, and a PlayStation Scam

    By: McAfee

    For this week in scams, we have fake AI-generated shopping images that could spoil your holidays, scammers use an Apple Support ticket in a takeover attempt, and a PlayStation scam partly powered by AI.

    Let’s start with those fake ads, because holiday shopping is in full swing.

    Keep a sharp eye out for fake AI shopping ads that sell knockoff goods

    Turns out that three-quarters of people (74%) can’t correctly identify a fake AI-generated social media ad featuring popular holiday gifts—which could leave them open to online shopping scams.

    That finding, and several others, comes by way of research from Santander, a financial services company in the UK.

    Here’s a quick rundown of what else they found:

    • Less than one in 10 (8%) people feel “very confident” in their ability to spot an AI-generated ad on social media.
    • More than half (56%) fear that they or a family member could get scammed as a result.
    • About two-thirds (63%) said that they won’t purchase anything from social media platforms because they’re not sure what’s real and what’s fake.

    From the study … could you tell these ads are both fake?

     

     

    Fake ads, like this, have been popping up across social.
    Fake ads, like this, have been popping up across social.

     

     

    Could you tell this ad is fake?
    Could you tell this ad is fake?

    In all, cheap and readily available AI tools make spinning up fake ads quick and easy work. The same goes for launching websites where those “goods” can get sold. In the past, we’ve seen scammers take two different approaches when they use social media ads and websites to lure in their victims:

    Phishing sites

    During the holidays, scammers pump out ads that offer seemingly outstanding deals on hot items. Of course, the offer and the site where it’s “sold” is fake. Victims hand over their personal info and credit card number, never to see the items they thought they’d purchased. On top of the money a victim loses, the scammer also has their card info and can run up its tab or sell it to others on the dark web.

    Knock-off sites

    In this case, the scammer indeed sells and delivers something. But you don’t get what you paid for. The item looks, feels, fits, or works entirely differently than what was advertised. In this way, people wind up with a cheaply made item cobbled together with inferior materials. Worse yet, these scams potentially prop up sweatshops, child labor, and other illegal operations in the process. Nothing about these sites and the things they sell on them are genuine.

    So, fake AI shopping ads are out there. What should you look out for? Here’s a quick list:

    • First off, any offer that sounds too good to be true and heavy discounts on hard-to-find or popular items are major signs of a scam—and have been for years running now.
    • See if the image looks a little too polished or even cartoony in some cases. As for people in AI ads, they can look airbrushed and have skin tones that seemingly give off an odd glow.
    • Look up reviews of the company. Trustpilot and the Better Business Bureau offer great resources for that. Even simple a search using “CompanyName scam” can give you an idea if it’s a scam or not.
    • And lastly, the combination of our Scam Detector and Web Protection can help sniff out a scam for you.

    The Apple Support scam that came from … Apple? (Not really. We’ll explain.)

    “I almost lost everything—my photos, my email, my entire digital life.”

    So opens a recent Medium post from Eric Moret recounting how he almost handed over his Apple Account to a scammer armed with a real Apple Support ticket to make this elaborate phishing attack look legit.

    Over the course of nearly 30 minutes, a scammer calmly and professionally walked Moret through a phony account takeover attempt.

    It started with two-factor authentication notifications that claimed someone was trying to access his iCloud account. Three minutes later, he got a call from an Atlanta-based number. The caller said they were with Apple Support. “Your account is under attack. We’re opening a ticket to help you. Someone will contact you shortly.”

    Seconds later came another call from the same number, which is where the scam fully kicked in. The person also said they were from Apple Support and that they’d opened a case on Moret’s behalf. Sure enough, when directed, Moret opened his email and saw a legitimate case number from a legitimate Apple address.

    The caller then told him to reset his password, which he did. Moret received a text with a link to a site where he could, apparently, close his case.

    Note that at no time did the scammers ask him for his two-factor authentication code throughout this process, which is always the sign of a scam. However, the scammers had another way to get it.

    The link took him to a site called “appeal-apple dot com,” which was in fact a scam site. However, the page looked official to him, and he entered a six-digit code “confirmation code” sent by text to finish the process.

    That “confirmation code” was actually a fresh two-factor authentication code. With that finally in hand, the scammers signed in. Moret received a notice that a new device had logged into his account. Moret quickly reset his password again, which kicked them out and stopped the attack.

    So, what went wrong here? Let’s break down three key moments in this account takeover scam:

    • The unsolicited phone calls. That’s an immediate sign to hang up and call an official support number to confirm the “issue” yourself.
    • The fake website. A site with a URL like “appeal-apple dot com” is a scam site, even if it looks “official.” Scammers can create them easily today.
    • The code heist. Scammers trick people into handing over their authorization code by calling it something else, like a “confirmation code.”

    So, how can you protect yourself from account takeover scams? Let’s break that down too.

    • Know that Apple Support won’t call you or open a case on your behalf.
    • Also know that anyone can create an Apple Support ticket for anyone else, without verification. If you didn’t create it yourself, it’s a strong sign of a scam.
    • If you have concerns, call Apple yourself at 1-800-275-2273 or contact them through their Apple Support App, available here on Apple’s support page.
    • Only interact with Apple through sites and emails with the proper “apple dot com” address. Watch out for altered addresses like the “appeal-apple dot com” used here.
    • Never, ever share your authentication code in any way … verbally, in an email, in a text, or a website. Any request for it from anyone is a scam.
    • You can see the devices signed into your account any time. Go to Settings, tap your Name, and scroll to see all devices linked to your Apple ID.
    • Get protection that blocks links to scam sites, like our Scam Detectorand Web Protection.

    The FCC takes aim at the Wal-Mart PlayStation 5 Robocall Scam

    Maybe you didn’t get a scam call from “Emma” or “Carl” at Wal-Mart, but plenty of people did. Around eight million in all. Now the Federal Communications Commission’s (FCC) Enforcement Bureau wants to put a stop to them.

    “Emma” and “Carl” are in fact a couple of AI voices fronting a scam framed around the bogus purchase of a PlayStation. It’s garnered its share of complaints, so much that the FCC has stepped in. It alleges that SK Teleco, a voice service provider, provisioned at least some of these calls, and that it must immediately stop.

    According to the FCC, the call plays out like this:

    “A preauthorized purchase of PlayStation 5 special edition with Pulse 3D headset is being ordered from your Walmart account for an amount of 919 dollars 45 cents. To cancel your order or to connect with one of our customer support representatives, please press ‘1.’ Thank you.”

    Pressing “1” connects you to a live operator who asks for personal identifiable such as Social Security numbers to cancel the “purchase.”

    If you were wondering, it’s unlawful to place calls to cellphones containing artificial or prerecorded voice messages absent an emergency purpose or prior express consent. According to the FCC’s press release, SK Teleco didn’t respond to a request to investigate the calls. The FCC further alleges that it’s unlikely the company has any such consent.

    Per the FCC, “If SK Teleco fails to take swift action to prevent scam calls, the FCC will require all other providers to no longer accept call traffic from SK Teleco.”

    We’ll see how this plays out, yet it’s a good reminder to report scam calls. When it comes to any kind of scam, law enforcement and federal agencies act on complaints.

    Get a scam call? Who’s here you can report it to:

    And we close things out a quick roundup …

    Here’s a quick list of a few stories that caught our eye this week:

    Scammers pose as law enforcement, threaten jail time if you don’t pay (with audio)

    Deepfake of North Carolina lawmaker used in award-winning Brazilian Whirlpool video

    What happens when you kick millions of teens off social media? Australia’s about to find out

    We’ll see you next Friday with more updates, scam news, and ways you can stay safer out there.

    The post This Week in Scams: Phony AI Ads, Apple Account Takeover Attempts, and a PlayStation Scam appeared first on McAfee Blog.

    How to Spot Charity Scams and Donate Safely this Giving Season

    By: McAfee

    The holidays are the season of giving; unfortunately, it’s also the season when scammers try to cash in on the spirit of generosity

    If you’re seeing a heartfelt charity ad on social media, a touching email, or a surprise text asking you to donate, it’s worth pausing for a moment. Is it genuine charity—or a scam built to tug at your heartstrings?

    The good news: staying safe doesn’t mean stopping your generosity. With a few quick checks, you can give confidently and protect yourself.

    What is charity fraud?

    Charity fraud is when scammers pose as legitimate nonprofits—or misuse the name of a real charity—to trick people into donating money or giving away personal information.

    In some cases, the organization is completely fake. In others, it’s a real charity that uses donations in misleading or unethical ways, passing very little money to the actual cause.

    Type 1: Fully fake charities

    The first type involves flat-out fraud, where the organization is a front for a scam, through and through. Any money you give goes straight into the scammer’s pocket. As does your personal and payment info, which can lead to further fraud.

    Type 2: Low impact “charities”

    These are real, registered charities. But They keep the majority of donations for overhead instead of helping the cause.

    This second type often involves questionable practices by the organization. According to the Better Business Bureau, reputable organizations keep 35% or less of their funds for operations.

    Meanwhile, some less-than-reputable organizations keep up to 95% of funds, leaving only 5% for advancing the cause they advocate. (For a closer look at some examples, the independent watchdog group Charity Watch published a blog highlighting some of the worst charities they audited in 2024.)

    Common to both, they’ll indeed play on your emotions, and they’ll urge you to donate now. As it is with so many scams and shady deals on the internet, you’ll find a sense of urgency central to their message.

    How to spot a charity scam

    1. Look for a dot-org domain

    For starters, reputable charities often have dot-org as their domain extension—versus dot-com or any one of the hundreds of permutations available today.

    2. Research the organization

    Charities leave a paper trail, one that can get audited. And fake ones won’t leave a trail at all. With a quick look at some reputable online resources, you can quickly find out if the charity you want to support is legit.

    In the U.S., the Federal Trade Commission (FTC) has a site full of resources so that you can make your donation truly count. Resources like Charity Watch and Charity Navigator, along with the BBB’s Wise Giving Alliance can also help you identify the best charities. You can also look up a charity’s Form 990 tax return online.

    3. Take your time

    This goes hand-in-hand with the above. If you feel like you’re getting rushed to donate, it could be a sign of a scam. Step back and indeed do your research with a few clicks to the resources listed above.

    4. Pay with a credit card

    This protects you in two ways. If you fall victim to a scam, you can contest the charges with your credit card company. And if a scammer tries to use your card again for other purchases, you can contest those too. Also, in the U.S., credit cards offer you additional protection that debit cards don’t. That’s thanks to the Fair Credit Billing Act (FCBA). It limits your liability to $50 for fraudulent charges on a credit card if you report the loss to your issuer within 60 days.

    5. Avoid sketchy payment methods

    The following is a sure-fire red flag: requests for payment in cash, gift cards, cryptocurrency, or wire transfers. Don’t ever use these forms of payment for charities, let alone anything else online.

    6. Donate directly

    Better yet, donate directly. Rather than respond to calls, ads, emails or texts, donate on your terms. After you give your possible donation some time and thought, you can go directly to the website of a charitable organization that you’ve researched.

    And here’s how McAfee can help you stay safer still.

    Get a scam detector. You can combine your healthy skepticism and awareness with the right technology, like our Scam Detector and Web Protection.

    Both will alert you if a link you received might take you to a sketchy site. It’ll also block those sites if you accidentally tap or click on a bad link.

    Clean up your personal info online. Scams over email, phone, and text all require the same thing: your contact info.

    In many cases, scammers get it from data broker sites. Data brokers buy, collect, and sell detailed personal info, which they compile from several public and private sources, such as local, state, and federal records, plus third parties like supermarket shopper’s cards and mobile apps that share and sell user data.

    Moreover, they’ll sell it to anyone who pays for it, including people who’ll use that info for scams. You can help reduce those scam texts and calls by removing your info from those sites. Our Personal Data Cleanup scans some of the riskiest data broker sites and shows you which ones are selling your personal info.

    Monitor your identity and credit. The problem with many scams is that you only find out about it once the damage is done, like when a scammer uses your phished card number to make additional purchases in your name.

    Actively monitoring your identity and credit can spot a problem before it becomes an even bigger one. You can take care of both easily with our credit monitoring and identity monitoring.

    Additionally, our identity theft coverage can help if the unexpected happens with up to $2 million in identity theft coverage and identity restoration support if determined you’re a victim of identity theft.​

    You’ll find these protections, and plenty more, in McAfee+.

    A safe way to support the fight against cybercrime

    If you want to give back and help protect people from online fraud, McAfee has partnered with Fight Cyber Crime, a legitimate U.S. nonprofit dedicated to helping victims of online scams.

    You might remember them from our Scam Stories partnership earlier this year, sharing real stories from real scam victims to raise awareness about threats facing us every day on and offline.

    Why we recommend them

    • They provide free support and recovery guidance to scam victims.
    • They raise nationwide awareness about cybercrime.
    • They’re a vetted, established organization doing real work in online safety.

    How you can help

    Visit their site to learn more or make a donation: https://fightcybercrime.org/about/donate/

    Supporting validated charities like Fight Cyber Crime is one way to make a real impact this holiday season—without putting yourself at risk.

    The post How to Spot Charity Scams and Donate Safely this Giving Season appeared first on McAfee Blog.

    Venmo 101: Making Safer Payments with the App

    By: McAfee

    As the holiday season ramps up, so do group dinners, shared travel costs, gift exchanges, and all the little moments where someone says, “Just Venmo me.”

    With more people sending and splitting money this time of year, scammers know it’s prime time to target payment apps. Here’s how to keep your Venmo transactions safe during one of the busiest — and riskiest — payment seasons.

    What kind of scams are on Venmo?

    Venmo scams come in all shapes, and many of them look like variations of email phishing and text scams. The scammers behind them will pose as Venmo customer service reps who ask for your login credentials. Other scammers offer bogus cash prizes and pyramid schemes that lure in victims with the promise of quick cash. Some scammers will use the app itself to impersonate friends and family to steal money.

    Venmo has a dedicated web page on the topic of scams, and lists the following as the top Venmo scams out there:

    ·       Fake Prize or Cash Reward

    ·       Call from Venmo

    ·       Call from Tech Support

    ·       Fake Payment Confirmation

    ·       Pre-payment for Goods and Services

    		 ·       Stranger Posing as a Friend

    ·       Payments from Strangers

    ·       Offers to Make Money Fast

    ·       Paper Check Scam

    ·       Romance Scam

     

    Venmo has thorough instructions to combat these scams and breaks them down in detail on its site. They also provide preventative tips and steps to take if you unfortunately fall victim to one of these scams. Broadly speaking, though, avoiding Venmo scams breaks down into a few straightforward steps.

    How to avoid getting scammed on Venmo

    1) Never share private details.

    Scammers often pose as customer service reps to pump info out of their victims. They’ll ask for things like bank account info, debit card or credit card numbers, or even passwords and authentication codes sent to your phone. Never share this info. Legitimate reps from legitimate companies like Venmo won’t request it.

    2) Know when Venmo might ask for your Social Security number.

    In the U.S., Venmo is regulated by the Treasury Department. As such, Venmo might require your SSN in certain circumstances. Venmo details the cases where they might need your SSN for reporting, here on their website. Note that this is an exception to what we say about sharing SSNs and tax ID numbers. As a payment app, Venmo might have legitimate reasons to request it. However, don’t send this info by email or text (any email or text that asks you to do that is a scam). Instead, always use the mobile app by going to Settings  –> Identity Verification.

    3) Keep an eye out for scam emails and texts.

    Venmo always sends communications through its official “venmo.com” domain name. If you receive an email that claims to be from Venmo but that doesn’t use “venmo.com,” it’s a scam. Never click or tap on links in emails or texts supposedly sent by Venmo.

    4) Be suspicious of the messages you get. Imposters are afoot.

    Another broad category of scams includes people who aren’t who they say they are. In the case of Venmo, scammers will create imposter accounts that look like they might be a friend or family member but aren’t. If you receive an unexpected and likely urgent-sounding request for payment, contact that person outside the app. See if it’s really them.

    5) When sending money, keep an eye open for alerts from the app.

    Just recently, Venmo added a new feature, dynamic alerts, which helps protect people when sending money via the “Friends and Family” option. It pops up an alert if the app detects a potentially fraudulent transaction and includes info that describes the level of risk involved. In the cases of highly risky payments, Venmo might decline the transaction altogether. This adds another level of protection to Friends and Family payments, which are non-refundable in cases of fraud. Further, this underscores another important point about using Venmo: only pay people you absolutely know and trust.

    More ways to stay safe on Venmo

    Keep your transactions private. Venmo has a social component that can display a transaction between two people and allow others to comment on it. Payment amounts are always secret. Yet you have control over who sees what by adjusting your privacy settings:

    • Public – Everyone on the internet can see and comment on the transaction.
    • Friends – Only your Venmo friends and the other participant’s friends can see and comment on the transaction. (Note that the friends of the other participant might be strangers to you, so “friends and friends of friends” is more accurate here.)
    • Private – Here, only the participants can view and comment on the transaction.

    This brings up the question, what if the participants in the transaction have different privacy settings? Venmo uses the most restrictive one. So, if you’re paying someone who has their privacy set to “Public” and you have yours set to “Private,” the transaction will indeed be private.

    We suggest going private with your account. The less financial information you share, the better. You can set your transactions to private by heading into the Settings of the Venmo app, tapping on Privacy, and then selecting Private.

    In short, just because something is designed to be social doesn’t mean it should become a treasure trove of personal data about your spending habits.

    Add extra layers of security. Take extra precautions that make it difficult for others to access your Venmo app.

    • First off, lock your phone. Whether with a PIN or other form of protection, locking your phone prevents access to everything you keep on it, which is important in the case of loss or theft. Our own research found that only 58% of adults take the vital step of locking their phones. If you fall into the 42% of people who don’t, strongly consider changing that.
    • Within the Venmo app, you can also enable Face ID and a PIN (on iOS) or a PIN and biometric unlock (Android). These add a further layer of security by asking for identification each time you open the app. That way, even if someone gets access to your phone, they’ll still have to leap through that security hurdle to access your Venmo app.
    • Use a strong, unique password for your account. That’s a password with at least 13 characters using a mix of cases, numbers, and symbols that you don’t use anywhere else. You can also have a password manager do that work for you across all your accounts.

    Keep your online finances even more secure with the right tools

    Online protection software like ours offers several additional layers of security when it comes to your safety and finances online.

    For starters, it includes Web Protection and Scam Detector that can block malicious and questionable links that might lead you down the road to malware or a phishing scam, such as a phony Venmo link designed to steal your login credentials. It also includes a password manager that creates and stores strong, unique passwords for each of your accounts.

    Moreover, it further protects you by locking down your identity online. Transaction Monitoring and Credit Monitoring help you spot any questionable financial activity quickly. And if identity theft unfortunately happens to you, up to $2 million in ID theft coverage & restoration can help you recover quickly.

    The post Venmo 101: Making Safer Payments with the App appeared first on McAfee Blog.

    This Week in Scams: New Alerts for iPhone and Android Users and a Major Google Crackdown

    By: McAfee

    Welcome back to another This Week in Scams.

    This week,  have attacks that take over Androids and iPhones, plus news that Google has gone on the offensive against phishing websites.

    First up, a heads-up for iPhone owners.

    The “We found your iPhone” scam

    In the hands of a scammer, “Find My” can quickly turn into “Scam Me.”

    Switzerland’s National Cyber Security Center (NCSC) shared word this week of a new scam that turns the otherwise helpful “Find My” iOS feature into an avenue of attack.

    Now, the thought of losing your phone, along with all the important and precious things you have on it, is enough to give you goosebumps. Luckily, the “Find My” can help you track it down and even post a personalized message on the lock screen to help with its return. And that’s where the scam kicks in.

    From the NCSC:

    When a device is marked as lost, the owner can display a message on the lock screen containing contact details, such as a phone number or email address. This can be very helpful if the finder is honest – but in dishonest hands, the same information can be used to launch a targeted phishing attack.

    With that, scammers send a targeted phishing text, as seen in the sample provided by the NCSC below …

    A smartphone screenshot showing a fraudulent text message claiming a lost iPhone 14 has been located and instructing the recipient to click a link. A large red diagonal stamp reading “Betrug / Fraud” overlays the message, indicating it is a scam.
    Source: NCSC, Switzerland

    What do the scammers want once you tap that link? They request your Apple ID and password, which effectively hands your phone over to them—along with everything on it and everything else that’s associated with your Apple ID.

    It’s a scam you can easily avoid. So even if you’re still stuck with a lost phone that’s likely in the hands of a scammer the point of consolation is that, without your ID, the phone is useless to them.

    Here’s what the NCSC suggests:

    Ignore such messages. The most important rule is Apple will never contact you by text message or email to inform you that a lost device has been found.

    Never click on links in unsolicited messages or enter your Apple ID credentials on a linked website.

    If you lose your device, act immediately. Enable Lost Mode straight away via the Find My app on another device or at iCloud.com/find. This will lock the device.

    Be careful about which contact details you show on your lost device’s lock screen. For example, use a dedicated email address created specifically for this purpose. Never remove the device from your Apple account, as this would disable the Activation Lock.

    Make sure your SIM card is protected with a PIN. This simple yet effective measure prevents criminals from gaining access to your phone number.

    Android phone takeover scam

    Now, a different attack aimed at Android owners …

    A story shared on Fox this week breaks down how a combination of paid search ads, remote access tools, and social engineering have led to hijacked Android phones.

    It starts with a search, where an Android owner looks up a bank, a tech support company, or what have you. Instead of getting a legitimate result, they get a link to a bogus site via paid search results that appear above organic search results. The link, and the page it takes them to, look quite convincing, given the ease with which scammers can spin up ads and sites today. (More on that next.)

    Once there, they call a support number and get connected to a phony agent. The agent convinces the victim to download an app that will help the “agent” solve their issue with their account or phone. In fact, the app is a remote access tool that gives control of the phone, and everything on it, to the scammer. That means they can steal passwords, send messages to friends, family, or anyone at all, and even go so far as to lock you out.

    Basically, this scam hands over one of your most precious possessions to a scammer.

    Here’s how you can avoid that:

    Skip paid search results for extra security. That’s particularly true when contacting your bank or other companies you’re doing business with. Look for their official website in the organic search results below paid ads. Better yet, contact places like your bank or credit card company by calling the number on the back of your card.

    Get a scam detector. A combination of our Scam Detector and Web Protection can call out sketchy links, like the bogus paid links here. They’ll even block malicious sites if you accidentally tap a bad link.

    Never download apps from third-party sites outside of the Google Play Store. Google has checks in place to spot malicious apps in its store.

    Lastly, never give anyone access to your phone. No bank rep needs it. So if someone on a call asks you to download an app like TeamViewer, AnyDesk, or AirDroid, it’s a scam. Hang up.

    Beyond that, you can protect yourself further by installing an app like our McAfee Security: Antivirus VPN. You can pick it up in the Google Play store, which also includes our Scam Detector and Identity Monitoring. You can also get it as part of your McAfee+ protection.

    Google takes aim at phishing scams with a lawsuit against an alleged criminal organization

    Just Wednesday, Google took a first step toward making the internet safer from bogus sites, per a story filed by National Public Radio.

    A lawsuit alleges that a China-based company called “Lighthouse” runs a “Phishing-as-a-Service” operation that outfits scammers with quick and easy tools and templates for creating convincing-looking websites. According to Google’s general counsel, these sites could “compromise between 12.7 and 115 million credit cards in the U.S. alone.

    The suit was filed in the U.S. District Court in the Southern District of New York, which, of course, has no jurisdiction over a China-based company. The aim, per Google’s counsel, is deterrence. From the article:

    “It allows us a legal basis on which to go to other platforms and services and ask for their assistance in taking down different components of this particular illegal infrastructure,” she said, without naming which platforms or services Google might focus on. “Even if we can’t get to the individuals, the idea is to deter the overall infrastructure in some cases.”

    We’ll keep an eye on this case as it progresses. And in the meantime, it’s a good reminder to get Scam Detector and Web Protection on all your devices so you don’t get hoodwinked by these increasingly convincing-looking scam sites.

    Again, scammers can roll them out so quickly and easily today.

    And now for a quick roundup …

    Here’s a quick list of a few stories that caught our eye this week:

    Alarmingly realistic deepfake threats now target banks in South Africa

    Nearly 80% of parents fear their kids will fall for an AI scam, but they aren’t sure how to talk about it

    Hyundai data breach exposes 2.7 million Social Security numbers

     

    And that’s it for this week! We’ll see you next Friday with more updates, scam news, and ways you can stay safer out there.

    The post This Week in Scams: New Alerts for iPhone and Android Users and a Major Google Crackdown appeared first on McAfee Blog.

    How to Remove Your Personal Information From the Internet

    By: Jasdev Dhaliwal

    Chances are, you have more personal information posted online than you think.

    In 2024, the U.S. Federal Trade Commission (FTC) reported that 1.1 million identity theft complaints were filed, where $12.5 billion was lost to identity theft and fraud overall—a 25% increase over the year prior.

    What fuels all this theft and fraud? Easy access to personal information.

    Here’s one way you can reduce your chances of identity theft: remove your personal information from the internet.

    Scammers and thieves can get a hold of your personal information in several ways, such as information leaked in data breaches, phishing attacks that lure you into handing it over, malware that steals it from your devices, or by purchasing your information on dark web marketplaces, just to name a few.

    However, scammers and thieves have other resources and connections to help them commit theft and fraud—data broker sites, places where personal information is posted online for practically anyone to see. This makes removing your info from these sites so important, from both an identity and privacy standpoint.

    What are data brokers?

    Data broker sites are massive repositories of personal information that also buy information from other data brokers. As a result, some data brokers have thousands of pieces of data on billions of individuals worldwide.

    What kind of data could they have on you? A broker may know how much you paid for your home, your education level, where you’ve lived over the years, who you’ve lived with, your driving record, and possibly your political leanings. A broker could even know your favorite flavor of ice cream and your preferred over-the-counter allergy medicine thanks to information from loyalty cards. They may also have health-related information from fitness apps. The amount of personal information can run that broadly, and that deeply.

    With information at this level of detail, it’s no wonder that data brokers rake in an estimated $200 billion worldwide every year.

    Sources of your information

    Your personal information reaches the internet through six primary methods, most of which are initiated by activities you perform on a daily basis. Understanding these channels can help you make more informed choices about your digital footprint.

    Digitized public records

    When you buy a home, register to vote, get married, or start a business, government agencies create public records that contain your personal details. These records, once stored in filing cabinets, are now digitized, accessible online, and searchable by anyone with an internet connection.

    Social media sharing and privacy gaps

    Every photo you post, location you tag, and profile detail you share contributes to your digital presence. Even with privacy settings enabled, social media platforms collect extensive data about your behavior, relationships, and preferences. You may not realize it, but every time you share details with your network, you are training algorithms that analyze and categorize your information.

    Data breaches

    You create accounts with retailers, healthcare providers, employers, and service companies, trusting them to protect your information. However, when hackers breach these systems, your personal information often ends up for sale on dark web marketplaces, where data brokers can purchase it. The Identity Theft Research Center Annual Data Breach Report revealed that 2024 saw the second-highest number of data compromises in the U.S. since the organization began recording incidents in 2005.

    Apps and ad trackers

    When you browse, shop, or use apps, your online behavior is recorded by tracking pixels, cookies, and software development kits. The data collected—such as your location, device usage, and interests—is packaged and sold to data brokers who combine it with other sources to build a profile of you.

    Loyalty programs

    Grocery store cards, coffee shop apps, and airline miles programs offer discounts in exchange for detailed purchasing information. Every transaction gets recorded, analyzed, and often shared with third-party data brokers, who then create detailed lifestyle profiles that are sold to marketing companies.

    Data broker aggregators

    Data brokers act as the hubs that collect information from various sources to create comprehensive profiles that may include over 5,000 data points per person. Seemingly separate pieces of information become a detailed digital dossier that reveals intimate details about your life, relationships, health, and financial situation.

    The users of your information

    Legally, your aggregated information from data brokers is used by advertisers to create targeted ad campaigns. In addition, law enforcement, journalists, and employers may use data brokers because the time-consuming pre-work of assembling your data has largely been done.

    Currently, the U.S. has no federal laws that regulate data brokers or require them to remove personal information if requested. Only a few states, such as Nevada, Vermont, and California, have legislation that protects consumers. In the European Union, the General Data Protection Regulation (GDPR) has stricter rules about what information can be collected and what can be done with it.

    On the darker side, scammers and thieves use personal information for identity theft and other forms of fraud. With enough information, they can create a high-fidelity profile of their victims to open new accounts in their name. For this reason, cleaning up your personal information online makes a great deal of sense.

    Types of personal details to remove online

    Understanding efforts to remove personal information, which data types pose the greatest threat, can help you prioritize your removal efforts. Here are the high-risk personal details you should target first, ranked by their potential for harm.

    Highest priority: Identity theft goldmines

    • Social Security Number (SSN) with full name and address: This combination provides everything criminals need for identity theft, leading to fraudulent credit accounts, tax refund theft, and employment fraud that may take years to resolve, according to the FTC.
    • Financial account information: Bank account numbers, credit card details, and investment account information enable direct financial theft. Even partial account numbers can be valuable when combined with other personal details from data breaches.
    • Driver’s license and government-issued ID information: These serve as primary identity verification for many services and can be used to bypass security measures at financial institutions and government agencies.

    High priority: Personal identifiers

    • Full name combined with home address: This pairing makes you vulnerable to targeted scams and physical threats, while enabling criminals to gather additional information about your household and family members.
    • Date of birth: Often used as a security verification method, your date of birth, combined with other identifiers, can unlock accounts and enable age-related targeting for scams.
    • Phone numbers: This information enables SIM swapping, where criminals take control of your phone number to bypass two-factor authentication and access your accounts.

    Medium-high priority: Digital and health data

    • Email addresses: Your primary email serves as the master key to password resets across multiple accounts. In contrast, secondary emails can reveal personal interests and connections that criminals exploit in social engineering.
    • Medical and health app data: This is highly sensitive information that can be used for insurance discrimination, employment issues, or targeted health-related scams.
    • Location data and photos with metadata: Reveals your daily patterns, workplace, home address, and frequented locations. Photos with embedded GPS coordinates can reveal your exact location and potentially enable stalking or burglary.

    Medium priority: Account access points

    • Usernames and account handles: These help criminals map your digital footprint across platforms to discover your personal interests, connections, and even potential security questions and answers. They also enable account impersonation and social engineering against your contacts.

    When prioritizing your personal information removal efforts, focus on combinations of data rather than individual pieces. For example, your name alone poses minimal risk, but when combined with your address, phone number, and date of birth, it creates a comprehensive profile that criminals can exploit. Tools such as McAfee Personal Data Cleanup can help you identify and systematically remove these high-risk combinations from data broker sites.

    Step-by-step guide to finding your personal data online

    1. Targeted search queries: Search for your full name in quotes (“John Smith”), then combine it with your city, phone number, or email address. Try variations like “John Smith” + “123 Main Street” or “John Smith” + “555-0123”. Don’t forget to search for old usernames, maiden names, or nicknames you’ve used online. Aside from Google, you can also check Bing, DuckDuckGo, and people search engines.
    2. Major data broker and people search sites: Search for yourself in common data aggregators: Whitepages, Spokeo, BeenVerified, Intelius, PeopleFinder, and Radaris. Take screenshots of what you find as documentation. To make this process manageable, McAfee Personal Data Cleanup scans some of the riskiest data broker sites and shows you which ones are selling your personal info.
    3. Social media platforms and old accounts: Review your Facebook, Instagram, LinkedIn, Twitter, and other platforms for publicly visible personal details. Check old accounts—dating sites, forums, gaming platforms, or professional networks. Look for biographical information, location data, contact details, photos, and even comment sections where you may have shared details.
    4. Breach and dark web monitoring tools: Have I Been Pwned and other identity monitoring services can help you scan the dark web and discover if your email addresses or phone numbers appear in data breaches.
    5. Ongoing monitoring alerts: Create weekly Google Alerts for your and your family members’ full names, address combinations, and phone numbers. Some specialized monitoring services can track once your information appears on new data broker sites or gets updated on existing ones.
    6. Document everything in a tracker: Create a spreadsheet or document to systematically track your findings. Include the website name and URL, the specific data shown, contact information for removal requests, date of your opt-out request, and follow-up dates. Many sites require multiple follow-ups, so having this organized record is essential for successful removal.

    This process takes time and persistence, but services such as McAfee Personal Data Cleanup can continuously monitor for new exposures and manage opt-out requests on your behalf. The key is to first understand the full scope of your online presence before beginning the removal process.

    Remove your personal information from the internet

    Let’s review some ways you can remove your personal information from data brokers and other sources on the internet.

    Request to remove data from data broker sites

    Once you have found the sites that have your information, the next step is to request that it be removed. You can do this yourself or employ services such as McAfee’s Personal Data Cleanup, which can help manage the removal for you depending on your subscription. ​It also monitors those sites, so if your info gets posted again, you can request its removal again.

    Limit the data Google collects

    You can request to remove your name from Google search to limit your information from turning up in searches. You can also enable “Auto Delete” in your privacy settings to ensure your data is regularly deleted. Occasionally, deleting your cookies or browsing in incognito mode prevents websites from tracking you. If Google denies your initial request, you can appeal using the same tool, providing more context, documentation, or legal grounds for removal. Google’s troubleshooter tool may explain why your request was denied—either legitimate public interest or newsworthiness—and how to improve your appeal.

    It’s important to know that the original content remains on the source website. You’ll still need to contact website owners directly to have your actual content removed. Additionally, the information may still appear in other search engines.

    Delete old social media accounts

    If you have old, inactive accounts that have become obsolete, such as Myspace or Tumblr, you may want to deactivate or delete them entirely. For social media platforms that you use regularly, such as Facebook and Instagram, consider adjusting your privacy settings to keep your personal information to the bare minimum.

    Remove personal info from websites and blogs

    If you’ve ever published articles, written blogs, or created any content online, it is a good time to consider taking them down if they no longer serve a purpose. If you were mentioned or tagged by other people, it is worth requesting them to take down posts with sensitive information.

    Delete unused apps and restrict permissions in those you use

    Another way to tidy up your digital footprint is to delete phone apps you no longer use, as hackers are able to track personal information on these and sell it. As a rule, share as little information with apps as possible using your phone’s settings.

    Remove your info from other search engines

    • Bing: Submit removal requests through Bing’s Content Removal tool for specific personal information like addresses, phone numbers, or sensitive data. Note that Bing primarily crawls and caches content from other websites, so removing the original source content first will prevent re-indexing.
    • Yahoo: Yahoo Search results are powered by Bing, so use the same Bing Content Removal process. For Yahoo-specific services, contact their support team to request the removal of cached pages and personal information from search results.
    • DuckDuckGo and other privacy-focused engines: These search engines don’t store personal data or create profiles, but pull results from multiple sources. We suggest that you focus on removing content from the original source websites, then request the search engines to update their cache to prevent your information from reappearing in future crawls.

    Escalate if needed

    After sending your removal request, give the search engine or source website 7 to 10 business days to respond initially, then follow up weekly if needed. If a website owner doesn’t respond within 30 days or refuses your request, you have several escalation options:

    • Contact the hosting provider: Web hosts often have policies against sites that violate privacy laws
    • File complaints: Report to your state attorney general’s office or the Federal Trade Commission
    • Seek legal guidance: For persistent cases involving sensitive information, consult with a privacy attorney

    For comprehensive guidance on website takedown procedures and your legal rights, visit the FTC’s privacy and security guidance for the most current information on consumer data protection. Direct website contact can be time-consuming, but it’s often effective for removing information from smaller sites that don’t appear on major data broker opt-out lists. Stay persistent, document everything, and remember that you have legal rights to protect your privacy online.

    Remove your information from browsers

    After you’ve cleaned up your data from websites and social platforms, your web browsers may still save personal information, such as your browsing history, cookies, autofill data, saved passwords, and even payment methods. Clearing this information and adjusting your privacy settings helps prevent tracking, reduces targeted ads, and limits the amount of personal data websites can collect about you.

    • Clear your cache: Clearing your browsing data is usually done by going to Settings and looking for the Privacy and Security section, depending on the specific browser. This is applicable in Google Chrome, Safari, Firefox, Microsoft Edge, as well as mobile phone operating systems such as Android and iOS.
    • Disable autofill: Autofill provides the convenience of not having to type your information every time you complete a form. That convenience has a risk, though, autofill saves addresses, phone numbers, and even payment methods. To prevent websites from automatically populating forms with your sensitive data, disable the autofill settings independently. For better security, consider using a dedicated password manager instead of browser-based password storage.
    • Set up automatic privacy protection: Set up your browsers to automatically clear cookies, cache, and site data when you close them. This ensures your browsing sessions don’t leave permanent traces of your personal information on your device.
    • Use privacy-focused search engines: Consider using privacy-focused search engines like DuckDuckGo as your default. These proactive steps significantly reduce the amount of personal information that browsers collect and store about your online activities.

    Get your address off the internet

    When your home address is publicly available, it can expose you to risks like identity theft, stalking, or targeted scams. Taking steps to remove or mask your address across data broker sites, public records, and even old social media profiles helps protect your privacy, reduce unwanted contact, and keep your personal life more secure.

    1. Opt out of major data broker sites: The biggest address exposers are Whitepages, Spokeo, and BeenVerified. Visit their opt-out pages and submit removal requests using your full name and current address. Most sites require email verification and process removals within 7-14 business days.
    2. Contact public records offices about address redaction: Many county and state databases allow address redaction for safety reasons. File requests with your local clerk’s office, voter registration office, and property records department. Complete removal isn’t always possible, but some jurisdictions offer partial address masking.
    3. Enable WHOIS privacy protection on domain registrations: If you own any websites or domains, request your domain registrar to add privacy protection services to replace your personal address with the registrar’s information.
    4. Review old forums and social media profiles: Check your profiles on forums, professional networks, and social platforms where you may have shared your address years ago. Delete or edit posts containing location details, and update bio sections to remove specific address information.
    5. Verify removal progress: Every month, do a search of your name and address variations on different search engines. You can also set up Google Alerts to monitor and alert you when new listings appear. Most data broker removals need to be renewed every 6-12 months as information gets re-aggregated.

    The cost to delete your information from the internet

    The cost to remove your personal information from the internet varies, depending on whether you do it yourself or use a professional service. Read the guide below to help you make an informed decision:

    DIY approach

    Removing your information on your own primarily requires time investment. Expect to spend 20 to 40 hours looking for your information online and submitting removal requests. In terms of financial costs, most data brokers may not charge for opting out; however, other expenses could include certified mail fees for formal removal requests, which range from $3 to $8 per letter, and possibly notarization fees for legal documents. In total, this effort can be substantial when dealing with dozens of sites.

    Professional removal services

    Depending on which paid removal and monitoring service you employ, basic plans typically range from $8 to $25 monthly, while annual plans, which often provide better value, range from $100 to $600. Premium services that monitor hundreds of data broker sites and provide ongoing removal can cost $1,200-$2,400 annually.

    The difference in pricing is driven by several factors. This includes the number of data broker sites to be monitored, which could cover more than 200 sites, and the scope of removal requests, which may include basic personal information or comprehensive family protection. The monitoring frequency and additional features, such as dark web monitoring, credit protection, identity restoration support, and insurance coverage, typically command higher prices.

    The value of continuous monitoring

    The upfront cost may seem significant, but continuous monitoring provides essential value. A McAfee survey revealed that 95% of consumers’ personal information ends up on data broker sites without their consent. It is possible that after the successful removal of your information, it may reappear on data broker sites without ongoing monitoring. This makes continuous protection far more cost-effective than repeated one-time cleanups.

    Services such as McAfee Personal Data Cleanup can prove invaluable, as it handles the initial removal process, as well as ongoing monitoring to catch when your information resurfaces, saving you time and effort while offering long-term privacy protection.

    Aside from the services above, comprehensive protection software can help safeguard your privacy and minimize your exposure to cybercrime with these offerings, such as:

    • An unlimited virtual private network to make your personal information much more difficult to collect and track
    • Identity monitoring that tracks and alerts you if your specific personal information is found on the dark web
    • Identity theft coverage and restoration helps you pay for legal fees and travel expenses, and further assistance from a licensed recovery pro to repair your identity and credit
    • Other features, such as safe browsing to help you avoid dangerous links, bad downloads, malicious websites, and more online threats when you’re online

    So while it may seem like all this rampant collecting and selling of personal information is out of your hands, there’s plenty you can do to take control. With the steps outlined above and strong online protection software in place, you can keep your personal information more private and secure.

    Essential steps if your information is found on the dark web

    Unlike legitimate data broker sites, the dark web operates outside legal boundaries where takedown requests don’t apply. Rather than trying to remove information that’s already circulating, you can take immediate steps to reduce the potential harm and focus on preventing future exposure. A more effective approach is to treat data breaches as ongoing security issues rather than one-time events.

    Both the FTC and Cybersecurity and Infrastructure Security Agency have released guidelines on proactive controls and continuous monitoring. Here are the key steps of those recommendations:

    1. Change your passwords immediately and enable multi-factor authentication. Start with your most critical accounts—banking, email, and any services linked to financial information. Create unique, strong passwords for each account and enable MFA where possible for an extra layer of protection.
    2. Monitor your financial accounts and credit reports closely. Check your bank statements, credit card accounts, and investment accounts for any unauthorized activity. Request your free annual credit reports from all three major bureaus and carefully review them for accounts you didn’t open or activities you don’t recognize.
    3. Place fraud alerts or credit freezes. Contact Equifax, Experian, and TransUnion to place fraud alerts, which require creditors to verify your identity before approving new accounts. Better yet, consider a credit freeze to block access to your credit report entirely until you lift it.
    4. Replace compromised identification documents if necessary. If your Social Security number, driver’s license, or passport information was exposed, contact the appropriate agencies to report the breach and request new documents. IdentityTheft.gov provides step-by-step guidance for replacing compromised documents.
    5. Set up ongoing identity monitoring and protection. Consider using identity monitoring services that scan the dark web and alert you to new exposures of your personal information.
    6. Document everything and report the incident. Keep detailed records of any suspicious activities you discover and all steps you’ve taken. File a report with the FTC and police, especially if you’ve experienced financial losses. This documentation will be crucial for disputing fraudulent charges or accounts.

    Legal and practical roadblocks

    As you go about removing your information from the internet, it is important to set realistic expectations. Several factors may limit how completely you can remove personal data from internet sources:

    • The United States lacks comprehensive federal privacy laws requiring companies to delete personal information upon request.
    • Public records, court documents, and news articles often have legal protections that prevent removal.
    • International websites may not comply with U.S. deletion requests.
    • Cached copies could remain on search engines and archival sites for years.
    • Data brokers frequently repopulate their databases from new sources even after opt-outs.

    While some states like California have stronger consumer privacy rights, most data removal still depends on voluntary compliance from companies.

    Final thoughts

    Removing your personal information from the internet takes effort, but it’s one of the most effective ways to protect yourself from identity theft and privacy violations. The steps outlined above provide you with a clear roadmap to systematically reduce your online exposure, from opting out of data brokers to tightening your social media privacy settings.

    This isn’t a one-time task but an ongoing process that requires regular attention, as new data appears online constantly. Rather than attempting to completely erase your digital presence, focus on reducing your exposure to the most harmful uses of your personal information. Services like McAfee Personal Data Cleanup can help automate the most time-consuming parts of this process, monitoring high-risk data broker sites and managing removal requests for you.

    The post How to Remove Your Personal Information From the Internet appeared first on McAfee Blog.

    Bitcoin Security: Mining Threats You Need to Know

    By: Jasdev Dhaliwal
    Working from home

    The value of Bitcoin has had its ups and downs since its inception in 2013, but its recent skyrocket in value has created renewed interest in this virtual currency. The rapid growth of this alternative currency has dominated headlines and ignited a cryptocurrency boom that has consumers everywhere wondering how to get a slice of the Bitcoin pie. For those who want to join the craze without trading traditional currencies like U.S. dollars (i.e., fiat currency), a process called Bitcoin mining is an entry point. However, Bitcoin mining poses a number of security risks that you need to know.

    What Is Bitcoin Mining?

    Mining for Bitcoin is like mining for gold—you put in the work and you get your reward. But instead of back-breaking labor, you earn the currency with your time and computer processing power. Miners, as they are called, essentially maintain and secure Bitcoin’s decentralized accounting system. Bitcoin transactions are recorded in a digital ledger called a blockchain. Bitcoin miners update the ledger by downloading a special piece of software that allows them to verify and collect new transactions. Then, they must solve a mathematical puzzle to secure access to add a block of transactions to the chain. In return, they earn Bitcoins, as well as a transaction fee.

    What Are Bitcoin Security Risks?

    As the digital currency has matured, Bitcoin mining has become more challenging. In the beginning, a Bitcoin user could mine on their home computer and earn a good amount of the digital currency, but these days the math problems have become so complicated that it requires a lot of expensive computing power. This is where the risks come in. Since miners need an increasing amount of computer power to earn Bitcoin, some have started compromising public Wi-Fi networks so they can access users’ devices.

    One example of this security breach happened at a coffee shop in Buenos Aires, which was infected with malware that caused a 10-second delay when logging in to the cafe’s Wi-Fi network. The malware authors used this time delay to access the users’ laptops for mining. In addition to public Wi-Fi networks, millions of websites are being compromised to access users’ devices for mining. When an attacker loads mining software onto devices without the owner’s permission, it’s called a cryptocurrency mining encounter or cryptojacking.

    It’s estimated that 50 out of every 100,000 devices have encountered a cryptocurrency miner. Cryptojacking is a widespread problem and can slow down your device; though, that’s not the worst that can happen. Utility costs are also likely to go through the roof. A device that is cryptojacked could have 100 percent of its resources used for mining, causing the device to overheat, essentially destroying it.

    What Are Some Bitcoin Privacy Tips?

    Now that you know a little about mining and the Bitcoin security risks associated with it, here are some tips to keep your devices safe as you monitor the cryptocurrency market:

    • Avoid public Wi-Fi networks: These networks often aren’t secured, opening your device and information up to a number of threats.
    • Use a VPN: If you’re away from your secure home or work network, consider using a virtual private network (VPN). A VPN is a piece of software that gives you a secure connection to the Internet, so that third parties cannot intercept or read your data. A product like McAfee+ can help safeguard your online privacy no matter where you go.
    • Secure your devices: New Bitcoin threats, security concerns, and malware are emerging all of the time. Protect your devices and information with comprehensive security software

    The post Bitcoin Security: Mining Threats You Need to Know appeared first on McAfee Blog.

    How Agentic AI Will Be Weaponized for Social Engineering Attacks

    By: Amy Bunn

    We’re standing at the threshold of a new era in cybersecurity threats. While most consumers are still getting familiar with ChatGPT and basic AI chatbots, cybercriminals are already moving to the next frontier: Agentic AI. Unlike the AI tools you may have tried that simply respond to your questions, these new systems can think, plan, and act independently, making them the perfect digital accomplices for sophisticated scammers. The next evolution of cybercrime is here, and it’s learning to think for itself.

    The threat is already here and growing rapidly. According to McAfee’s latest State of the Scamiverse report, the average American sees more than 14 scams every day, including an average of 3 deepfake videos. Even more concerning, detected deepfakes surged tenfold globally in the past year, with North America alone experiencing a 1,740% increase.

    At McAfee, we’re seeing early warning signs of this shift, and we believe every consumer needs to understand what’s coming. The good news? By learning about these emerging threats now, you can protect yourself before they become widespread.

    A Real-World Example: How Anthropic’s Claude AI Was Used for Espionage

    A new case disclosed by Anthropic, first reported by Axios, marks a turning point: a Chinese state-sponsored group used the company’s Claude Code agent to automate the majority of an espionage campaign across nearly thirty organizations. Attackers allegedly bypassed guardrails through jailbreaking techniques, fed the model fragmented tasks, and convinced it that it was conducting defensive security tests. Once operational, the agent performed reconnaissance, wrote exploit code, harvested credentials, identified high-value databases, created backdoors, and generated documentation of the intrusion. In all, they completed 80–90% of the work without any human involvement.

    This is the first publicly documented case of an AI agent running a large-scale intrusion with minimal human direction. It validates our core warning: agentic AI dramatically lowers the barrier to sophisticated attacks and turns what was once weeks of human labor into minutes of autonomous execution. While this case targeted major companies and government entities, the same capabilities can, and likely will, be adapted for consumer-focused scams, identity theft, and social engineering campaigns.

    Understanding AI: From Simple Tools to Autonomous Agents

    Before we dive into the threats, let’s break down what we’re actually talking about when we discuss AI and its evolution:

    Traditional AI: The Helper

    The AI most people know today works like a very sophisticated search engine or writing assistant. You ask it a question, it gives you an answer. You request help with a task, it provides suggestions. Think of ChatGPT, Google’s Gemini, or the AI features on your smartphone. They’re reactive tools that respond to your input but don’t take independent action.

    Generative AI: The Creator

    Generative AI, which powers many current scams, can create content like emails, images, or even fake videos (deepfakes). This technology has already made scams more convincing by cloning real human voices and eliminating telltale signs like poor grammar and obvious language errors.

    The impact is already visible in the data. McAfee Labs found that for just $5 and 10 minutes of setup time, scammers can create powerful, realistic-looking deepfake video and audio scams using readily available tools. What once required experts weeks to produce can now be achieved for less than the cost of a latte—and in less time than it takes to drink it.

    Agentic AI: The Independent Actor

    Agentic AI represents a fundamental leap forward. These systems can think, make decisions, learn from mistakes, and work together to solve tough problems, just like a team of human experts. Unlike previous AI that waits for your commands, agentic AI can set its own goals, make plans to achieve them, and adapt when circumstances change

    Key Characteristics of Agentic AI:

    • Autonomous operation: Works without constant human guidance from a cybercriminal
    • Goal-oriented behavior: Actively pursues specific objectives without requiring regular input.
    • Adaptive learning: Improves performance based on experience through previous attempts.
    • Multi-step planning: Can execute complex, long-term strategies based on the requirements of the criminal.
    • Environmental awareness: Understands and responds to changing conditions online.

    Gartner predicts that by 2028, a third of our interactions with AI will shift from simply typing commands to fully engaging with autonomous agents that can act on their own goals and intentions. Unfortunately, cybercriminals won’t be far behind in exploiting these capabilities.

    The Scammer’s Apprentice: How Agentic AI Becomes the Perfect Criminal Assistant

    Think of agentic AI as giving scammers their own team of tireless, intelligent apprentices that never sleep, never make mistakes, and get better at their job every day. Here’s how this digital apprenticeship makes scams exponentially more dangerous.

    Traditional scammers spend hours manually researching targets, scrolling through social media profiles, and piecing together personal information. Agentic AI recon agents operate persistently and autonomously, self-prompting questions like “What data do I need to identify a weak point in this organization?” and then collecting it from social media, breach data, exposed APIs and cloud misconfigurations.

    What The Scammer’s Apprentice Can Do

    • Continuous surveillance: Monitors your social media posts, job changes, and online activity 24/7.
    • Pattern recognition: Identifies your routines, interests, and vulnerabilities from scattered digital breadcrumbs.
    • Relationship mapping: Understands your connections, colleagues, and family relationships.
    • Behavioral analysis: Learns from your communication style, preferred platforms, and response patterns.

    Unlike traditional phishing that uses static messages, agentic AI can dynamically update or alter their approach based on a recipient’s response, location, holidays, events, or the target’s interests, marking a significant shift from static attacks to highly adaptive and real-time social engineering threats.

    An agentic AI scammer targeting you might start with a LinkedIn message about a job opportunity. If you don’t respond, it switches to an email about a package delivery. If that fails, it tries a text message about suspicious account activity. Each attempt uses lessons learned from your previous reactions, becoming more convincing with every interaction.

    AI-generated phishing emails achieve a 54% click-through rate compared to just 12% for their human-crafted counterparts. With agentic AI, scammers can create messages that don’t just look professional, they sound exactly like the people and organizations you trust.

    The technology is already sophisticated enough to fool even cautious consumers. As McAfee’s latest research shows, social media users shared over 500,000 deepfakes in 2023 alone. The tools have become so accessible that scammers can now create convincing real-time avatars for video calls, allowing them to impersonate anyone from your boss to your bank representative during live conversations.

    Advanced Impersonation Capabilities:

    • Voice cloning: Create phone calls that sound exactly like your boss, family member, senator, or bank representative
    • Writing style mimicry: Craft emails that perfectly match your company’s communication style.
    • Visual deepfakes: Generate fake video calls for “face-to-face” verification.
    • Context awareness: Reference specific projects, recent conversations, or personal details

    Perhaps most concerning is agentic AI’s ability to learn and improve. As the AI interacts with more victims over time, it gathers data on what types of messages or approaches work best for certain demographics, adapting itself and refining future campaigns to make each subsequent attack more powerful, convincing, and effective. This means that every failed scam attempt makes the AI smarter for its next victim. Understanding how agentic AI will transform specific types of scams helps us prepare for what’s coming. Here are the most concerning developments:

    Multi-Stage Campaign Orchestration

    Agentic AI can potentially orchestrate complex multi-stage social engineering attacks, leveraging data from one interaction to drive the next one. Instead of simple one-and-done phishing emails, expect sophisticated campaigns that unfold over weeks or months.

    Automated Spear Phishing at Scale

    Traditional spear phishing required manual research and customization for each target. In the new world order, malicious AI agents will autonomously harvest data from social media profiles, craft phishing messages, and tailor them to individual targets without human intervention. This means cybercriminals can now launch thousands of highly personalized attacks simultaneously, each one crafted specifically for its intended victim.

    Real-Time Adaptive Attacks

    When a target hesitates or questions an initial approach, agents adjust their tactics immediately based on the response. This continuous refinement makes each interaction more convincing than the last, wearing down even skeptical targets through persistence and learning. Traditional red flags like “This seems suspicious” or “Let me verify this” no longer end the attack, they just trigger the AI to try a different approach.

    Cross-Platform Coordination

    These autonomous systems now independently launch coordinated phishing campaigns across multiple channels simultaneously, operating with an efficiency human attackers cannot match. An agentic AI scammer might contact you via email, text message, phone call, and social media—all as part of a coordinated campaign designed to overwhelm your defenses.

    How to Protect Yourself in the Age of Agentic AI Scams

    The rise of agentic AI scams requires a fundamental shift in how we think about cybersecurity. Traditional advice like “watch for poor grammar” no longer applies. Here’s what you need to know to protect yourself:

    • The Golden Rule: Never act on urgent requests without independent verification, no matter how convincing they seem.
    • Use different communication channels: If someone emails you, call them back using a number you look up independently
    • Verify through trusted contacts: When your “boss” asks for something unusual, confirm with colleagues or HR
    • Check official websites: Go directly to company websites rather than clicking links in messages
    • Trust your instincts: If something feels off, it probably is—even if you can’t identify exactly why

    Understanding a New Era of Red Flags

    Since agentic AI eliminates traditional warning signs, focus on these behavioral red flags:

    High-Priority Warning Signs:

    Emotional urgency: Messages designed to make you panic, feel guilty, or act without thinking

    Requests for unusual actions: Being asked to do something outside normal procedures

    Isolation tactics: Instructions not to tell anyone else or to handle something “confidentially”

    Multiple contact attempts: Being contacted through several channels about the same issue

    Perfect personalization: Messages that seem to know too much about your specific situation

    How McAfee Fights AI with AI: Your Defense Against Agentic Threats

    At McAfee, we understand that fighting AI-powered attacks requires AI-powered defenses. Our security solutions are designed to detect and stop sophisticated scams before they reach you. McAfee’s Scam Detector provides lightning-fast alerts, automatically spotting scams and blocking risky links even if you click them, with all-in-one protection that keeps you safer across text, email, and video. Our AI analyzes incoming messages using advanced pattern recognition that can identify AI-generated content, even when it’s grammatically perfect and highly personalized.

    Scam Detector keeps you safer across text, email, and video, providing comprehensive coverage against multi-channel agentic AI campaigns. Beyond analyzing message content, our system evaluates sender behavior patterns, communication timing, and request characteristics that may indicate AI-generated scams. Just as agentic AI attacks learn and evolve, our detection systems continuously improve their ability to identify new threat patterns.

    Protecting yourself from agentic AI scams requires combining smart technology with informed human judgment. Security experts believe it’s highly likely that bad actors have already begun weaponizing agentic AI, and the sooner organizations and individuals can build up defenses, train awareness, and invest in stronger security controls, the better they will be equipped to outpace AI-powered adversaries.

    We’re entering an era of AI versus AI, where the speed and sophistication of both attacks and defenses will continue to escalate. According to IBM’s 2025 Threat Intelligence Index, threat actors are pursuing bigger, broader campaigns than in the past, partly due to adopting generative AI tools that help them carry out more attacks in less time.

    Hope in Human + AI Collaboration

    While the threat landscape is evolving rapidly, the combination of human intelligence and AI-powered security tools gives us powerful advantages. Humans excel at recognizing context, understanding emotional manipulation, and making nuanced judgments that AI still struggles with. When combined with AI’s ability to process vast amounts of data and detect subtle patterns, this creates a formidable defense.

    Staying Human in an AI World

    The rise of agentic AI represents both a significant threat and an opportunity. While cybercriminals will certainly exploit these technologies to create more sophisticated scams, we’re not defenseless. By understanding how these systems work, recognizing the new threat landscape, and combining human wisdom with AI-powered protection tools like McAfee‘s Scam Detector, we can stay ahead of the threats.

    The key insight is that while AI can mimic human communication and behavior with unprecedented accuracy, it still relies on exploiting fundamental human psychology—our desire to help, our fear of consequences, and our tendency to trust. By developing better awareness of these psychological vulnerabilities and implementing verification protocols that don’t depend on technological red flags, we can maintain our security even as the threats become more sophisticated.

    Remember: in the age of agentic AI, the most important security tool you have is still your human judgment. Trust your instincts, verify before you act, and never let urgency override prudence, no matter how convincing the request might seem.

    The post How Agentic AI Will Be Weaponized for Social Engineering Attacks appeared first on McAfee Blog.

    How to Scan for Viruses and Confirm Your Device Is Safe

    By: McAfee

    New online threats emerge every day, putting our personal information, money and devices at risk. In its 2024 Internet Crime Report, the Federal Bureau of Investigation reports that 859,532 complaints of suspected internet crime—including ransomware, viruses and malware, data breaches, denials of service, and other forms of cyberattack—resulted in losses of over $16 billion—a 33% increase from 2023.

    That’s why it is essential to stay ahead of these threats. One way to combat these is by conducting virus scans using proven software tools that constantly monitor and check your devices while safeguarding your sensitive information. In this article, we’ll go through everything you need to know to run a scan effectively to keep your computers, phones and tablets in tip-top shape.

    What does a virus scan do?

    Whether you think you might have a virus on your computer or devices or just want to keep them running smoothly, it’s easy to do a virus scan.

    Each antivirus program works a little differently, but in general the software will look for known malware with specific characteristics, as well as their variants that have a similar code base. Some antivirus software even checks for suspicious behavior. If the software comes across a dangerous program or piece of code, the antivirus software removes it. In some cases, a dangerous program can be replaced with a clean one from the manufacturer.

    Unmistakeable signs of a virus in your device

    Before doing a virus scan, it is useful to know the telltale signs of viral presence in your device. Is your device acting sluggish or having a hard time booting up? Have you noticed missing files or a lack of storage space? Have you noticed emails or messages sent from your account that you did not write? Perhaps you’ve noticed changes to your browser homepage or settings? Maybe you’re seeing unexpected pop-up windows, or experiencing crashes and other program errors. These are just some signs that your device may have a virus, but don’t get too worried yet because many of these issues can be resolved with a virus scan.

    Are free virus scanner tools safe and sufficient?

    Free virus scanner tools, both in web-based and downloadable formats, offer a convenient way to perform a one-time check for malware. They are most useful when you need a second opinion or are asking yourself, “do I have a virus?” after noticing something suspect.

    However, it’s critical to be cautious. For one, cybercriminals often create fake “free” virus checker tools that are actually malware in disguise. If you opt for free scanning tools, it is best to lean on highly reputable cybersecurity brands. On your app store or browser, navigate to a proven online scanning tool with good reviews or a website whose URL starts with “https” to confirm you are in a secure location.

    Secondly, free tools are frequently quite basic and perform only the minimum required service. If you choose to go this path, look for free trial versions that offer access to the full suite of premium features, including real-time protection, a firewall, and a VPN. This will give you a glimpse of a solution’s comprehensive, multi-layered security capability before you commit to a subscription.

    Cloud-based virus solutions

    If safeguarding all your computers and mobile devices individually sounds overwhelming, you can opt for comprehensive security products that protect computers, smartphones and tablets from a central, cloud-based hub, making virus prevention a breeze. Many of these modern antivirus solutions are powered by both local and cloud-based technologies to reduce the strain on your computer’s resources.

    Online virus scan: A step-by-step guide

    This guide will walk you through the simple steps to safely scan your computer using reliable online tools, helping you detect potential threats, and protect your personal data.

    1. Choose a trusted provider

    When selecting the right antivirus software, look beyond a basic virus scan and consider these key features:

    • Real-time protection. This is paramount, as it actively blocks threats before they can execute.
    • An effective solution must also have a minimal performance impact so it doesn’t slow down your device.
    • Look for a program with an intuitive interface that makes it easy to schedule scans and manage settings.
    • The best protection goes beyond a simple virus detector. It should include features such as a firewall, a secure VPN for safe browsing, and identity protection.
    • Look for reliable brands with positive reviews and clear privacy policies, and that provide a powerful virus scanner and proactive protection for both Android and iOS devices.

    2. Initiate the scan

    The process of checking for viruses depends on the device type and its operating system. Generally, however, the virus scanner will display a “Scan” button to start the process of checking your system’s files and apps.

    Here are more specific tips to help you scan your computers, phones and tablets:

    On a Windows computer

    If you use Windows 11, go into “Settings” and drill down to the “Privacy & Security > Windows Security > Virus & Threat Protection” tab, which will indicate if there are actions needed. This hands-off function is Microsoft’s own basic antivirus solution called Windows Defender. Built directly into the operating system and enabled by default, this solution provides a baseline of protection at no extra cost for casual Windows users. However, Microsoft is the first to admit that it lags behind specialized paid products in detecting the very latest zero-day threats.

    On a Mac computer

    Mac computers don’t have a built-in antivirus program, so you will have to download security software to do a virus scan. As mentioned, free antivirus applications are available online, but we recommend investing in trusted software that is proven to protect you from cyberthreats.

    If you decide to invest in more robust antivirus software, running a scan is usually straightforward and intuitive. For more detailed instructions, we suggest searching the software’s help menu or going online and following their step-by-step instructions.

    On smartphones and tablets

    Smartphones and tablets are powerful devices that you likely use for nearly every online operation in your daily life from banking, emailing, messaging, connecting, and storing personal information. This opens your mobile device to getting infected through malicious apps, especially those downloaded from unofficial stores, phishing links sent via text or email, or by connecting to compromised wi-fi networks.

    Regular virus scans with a mobile security software are crucial for protecting your devices. Be aware, however, that Android and IOS operating systems merit distinct solutions.

    Antivirus products for Android devices abound due to this system’s open-source foundation. However, due to Apple’s strong security model, which includes app sandboxing, traditional viruses are rare on iPhones and iPads. However, these devices are not immune to all threats. You can still fall victim to phishing scams, insecure Wi-Fi networks, and malicious configuration profiles. Signs of a compromise can include unusual calendar events, frequent browser redirects, or unexpected pop-ups.

    Apple devices, however, closed platform doesn’t easily accommodate third-party applications, especially unvetted ones. You will most likely find robust and verified antivirus scanning tools on Apple’s official app store.

    Scanning files and attachments safely

    Before you open any downloaded file or email attachment, it’s wise to check it for threats. To perform a targeted virus scan on a single file, simply right-click the file in Windows Explorer or macOS Finder and select the “Scan” option from the context menu to run the integrated virus checker on a suspicious item.

    For an added layer of security, especially involving files from unknown sources, you can use a web-based file-checking service that scans for malware. These websites let you upload a file, which is then analyzed by multiple antivirus engines. Many security-conscious email clients also automatically scan incoming attachments, but a manual scan provides crucial, final-line defense before execution.

    3. Review scan results and take action

    Once the scan is complete, the tool will display a report of any threats it found, including the name of the malware and the location of the infected file. If your antivirus software alerts you to a threat, don’t panic—it means the program is doing its job.

    The first and most critical step is to follow the software’s instructions. It might direct you to quarantine the malicious file to isolate the file in a secure vault where it can no longer cause harm. You can then review the details of the threat provided by your virus scanner and choose to delete the file permanently, which is usually the safest option.

    After the threat is handled, ensure your antivirus software and operating system are fully updated. Finally, run a new, full system virus scan to confirm that all traces of the infection have been eliminated. Regularly backing up your important data to an external drive or cloud service can also be a lifesaver in the event of a serious infection.

    4. Schedule an automatic scan for continuous protection

    The most effective way to maintain your device’s security is to automate your defenses. A quality antivirus suite allows you to easily schedule a regular virus scan so you’re always protected without having to do it manually. A daily quick scan is a great habit for any user; it’s fast and checks the most vulnerable parts of your system. Most antivirus products regularly scan your computer or device in the background, so a manual scan is only needed if you notice something dubious, like crashes or excessive pop-ups. You can also set regular scans on your schedule, but a weekly full scan is ideal.

    Final thoughts

    These days, it is essential to stay ahead of the wide variety of continuously evolving cyberthreats. Your first line of defense against these threats is to regularly conduct a virus scan. You can choose among the many free yet limited-time products or comprehensive, cloud-based solutions.

    While many free versions legitimately perform their intended function, it’s critical to be cautious as these are more often baseline solutions while some are malware in disguise. They also lack the continuous, real-time protection necessary to block threats proactively.

    A better option is to invest in verified, trustworthy, and all-in-one antivirus products like McAfee+ that, aside from its accurate virus scanning tool, also offers a firewall, a virtual private network, and identity protection. For complete peace of mind, upgrading to a paid solution like McAfee Total Protection is essential for proactively safeguarding your devices and data in real-time, 24/7.

    The post How to Scan for Viruses and Confirm Your Device Is Safe appeared first on McAfee Blog.

    Introducing Scam Stories: A McAfee Campaign to End Scam Stigma

    By: Brooke Seipel

    When Grey’s Anatomy actor Chris Carmack and musician Erin Slaver tried to order custom patio cushions from what seemed like a trustworthy small business, they thought they were making a simple home upgrade.  

    But after clicking and paying through a special link, the cushions never arrived. Delays turned into excuses, messages went unanswered, and the seller’s account eventually disappeared—along with their money. 

    It was a scam. And like so many others, they were left frustrated, embarrassed, and unsure of what to do next. 

    Now, Chris and Erin are sharing their story—not just to warn others, but to help launch Scam Stories, a McAfee-led movement to end the stigma around being scammed, remind people that it can happen to anyone, and help keep everyone safer online. 

    Real People, Real Stories 

    Scammers win when we stay silent. At McAfee, we believe speaking out about your experience is a brave way to support your community and help others stay safe from scams. 

    Built-in partnership with FightCybercrime.org, the Scam Stories movement invites people to share their scam experiences, end the stigma around being scammed, and build a more informed, supportive community. 

    And Chris and Erin aren’t the only ones speaking up. Our campaign features stories from everyday people who’ve been scammed—and are now helping others by sharing what happened. 

    These scams happened fast—and could happen to anyone. Each one involved tactics that McAfee Scam Detector is designed to catch:

    • Brittany, an elementary school teacher, lost Taylor Swift tickets after clicking a phishing email that looked like a ticket confirmation. Scam Detector could have flagged the email as suspicious and warned her before she engaged.
    • Cory, a wellness coach, tapped a convincing text that appeared to be from his mobile provider. Almost instantly, scammers hijacked his number and shut him out of his accounts. Scam Detector’s text scanning could have alerted him to the malicious link before he clicked.
    • Henry, a college student, was tricked by a fake concert ticket seller on social media. The message looked urgent and real—but Scam Detector could have flagged the text as suspicious due to common scam language and pressure for fast payment, before it reached him.
    • Bradley, a sleep-deprived new dad, received a threatening call from someone posing as the IRS. When they followed up with a phishing email, he panicked—and sent nearly $1,000. Scam Detector could have flagged the impersonation and helped him pause before acting. 

    These stories are powerful reminders that scam prevention starts with awareness. And when people share what happened, it helps others recognize red flags and feel less alone. 

    Why We Partnered With FightCybercrime.org 

    FightCybercrime.org is a nonprofit dedicated to helping people recognize, report, and recover from cybercrime. Their tools, educational materials, and survivor support network make them an ideal partner in our mission. 

    Together with FightCybercrime.org, we’ll be expanding online safety education —and helping more people recover from scams with real support.  

    As part of our collaboration, McAfee is donating $50,000 worth of protection products to individuals going through FightCybercrime.org’s recovery programs and to the staff and volunteers who support them every day. 

    Let’s End the Stigma, Together 

    At McAfee, we believe that scam protection isn’t just about tools—it’s about empowering people with knowledge and support. And that starts by ending the stigma. 

    Scam Stories is here to change the narrative—from shame to strength. With help from public figures like Chris and Erin, and brave individuals across the country, we’re turning painful moments into teachable ones—and helping everyone stay safer online. 

    How to Get Involved 

    McAfee is collecting scam stories and encouraging people to share their experiences on social media using #MyScamStory and #KeepItReal.  

    • Use #MyScamStory and #KeepItReal on social media 
    • Follow along as we amplify survivor voices and help others stay safer 

    Learn more and join the movement at www.mcafee.com/en-us/scam-stories

    No one should feel alone or ashamed after being scammed. And the more we talk about scams, the harder it is for scammers to succeed. 

    Scam Stories is here to change the narrative—from shame to strength.

    The post Introducing Scam Stories: A McAfee Campaign to End Scam Stigma appeared first on McAfee Blog.

    Cory’s Scam Story: A Fake Text Nearly Took His Identity

    By: Brooke Seipel

    Cory considers himself pretty cautious. But like millions of people juggling packed schedules, one click on a hectic day proved costly. 

    The message looked legit. It said it was from his phone provider. It claimed someone was trying to access his account and urged him to verify via a link. He tapped. And just like that, his phone went dark. 

    “I was in the middle of a busy day and clicked without thinking. My phone stopped working almost immediately.” 

    Cory’s Story 

    What Cory didn’t know was that the message wasn’t from his real cell company—it was from a scammer. The link gave them everything they needed to hijack his phone number. 

    In minutes, someone walked into a brick-and-mortar phone store, bought a new device, and ported Cory’s number to it. That gave them access to two-factor authentication codes, texts, and more. 

    “Suddenly I couldn’t call, text, or access anything that used my phone number. It was terrifying.” 

    As a life coach, Cory communicates with clients constantly—often by text. The idea that someone could impersonate him wasn’t just inconvenient. It was threatening. 

    “I’m a life coach—I talk to clients all day. The thought that someone could impersonate me or access those conversations was awful.” 

    He had to print out directions just to get to a Verizon store and spent nearly six hours recovering his phone number. Though he reset passwords in time to avoid deeper harm, billing issues lingered for months. 

    “It was one click. That’s all it took. I’ll never forget how fast it happened.” 

     How McAfee’s Scam Detector Could Have Helped Prevent the SIM Swap Scam 

    SIM swap scams—like the one Cory experienced—are rising. The scary part? They often start with a single click. That’s where McAfee’s Scam Detector can make all the difference. 

    If Cory had access to McAfee’s Scam Detector, here’s how it could have helped: 

    • Text Scam Detection: McAfee’s Scam Detector proactively scans incoming texts and flags ones that mimic trusted brands like Verizon. 
    • Quick Check: Unsure if a message is legit? Paste it into Scam Detector to get an instant analysis—so you can decide before you click. 
    • Link Protection: If Cory had tapped the scam link, McAfee’s Safe Browsing could have blocked access to the malicious site in real time. 

    Cory’s story is a powerful reminder: even careful people can get caught. The right protection gives you time to pause—and tools to act. 

    How to Avoid Phone Number Porting and SIM Swap Scams 

    To stay ahead of similar scams, here are four critical tips: 

    1. Never click links in texts from unknown numbers.

    Even if it looks like it’s from your phone carrier. Always verify through official apps or websites. 

    2. Turn on multi-factor authentication using an app—not just SMS.

    Scammers target phone numbers for a reason. Authenticator apps like Google Authenticator or Duo offer stronger security. 

    3. Use McAfee’s Scam Detector for real-time protection.

    Whether it’s a text, email, or link, McAfee can spot scam language and risky behavior before you’re compromised. 

    4. Report suspicious texts and lock down your account.

    Call your carrier immediately if your service cuts off suddenly or you see suspicious account changes. 

    One Click Isn’t the End—But It Can Be the Beginning 

    Cory’s quick click could have ended much worse. But what matters most is what happened after. He acted fast. He reset passwords. And now, he speaks out to help others recognize the signs. 

    “Slow down. Trust your gut. It’s okay to pause and double-check—even when you’re in a hurry.” 

    Scammers count on your rush. Slowing down—and having the right tools—can make all the difference. 

    If you’ve experienced a scam, your story can help others avoid the same fate. You’re not alone. 

    Visit our Scam Stories hub to read more scam stories or share your own. 

     

    The post Cory’s Scam Story: A Fake Text Nearly Took His Identity appeared first on McAfee Blog.

    Brittany’s Scam Story: Eras Tour Chaos

    By: Brooke Seipel

    Brittany C., a dedicated teacher, had been planning a special night for months. After saving up steadily, she landed four prized tickets to Taylor Swift’s Eras Tour for her and her closest friends. 

    But days before the show, she logged into her account—and the tickets were gone. 

    “I’d been saving for months. I was so excited—and then I logged in and the tickets were just… gone. It felt like someone reached through the screen and took that night away from me.” 

    Brittany’s Story 

    Like many of us, Brittany had received plenty of “your data was part of a breach” emails over the years. But she never expected what happened next. 

    A few days before the tickets disappeared, she had clicked on what she now realizes was a suspicious link. “I clicked one weird link. Nothing happened at the time, so I didn’t think twice,” she said. But that link was the scammer’s way in. 

    Using her reused password and without two-factor authentication on her account, the attacker was able to log in and transfer the tickets out—all without Brittany’s knowledge. 

    The emotional toll hit fast. “The stress was overwhelming,” she says. “Friends had made travel plans, taken time off. I felt like I’d let everyone down.” 

    After a long back and forth with the online ticket sales platform, Brittany managed to recover the tickets. But the damage was done. The experience reshaped how she thinks about online safety. 

    “You can be careful and still get caught. I’m only human—and that’s exactly what scammers count on.” 

     

    How McAfee’s Scam Detector Could Have Helped Prevent the Ticket Scam 

    Brittany’s experience is a textbook example of how a small slip can spiral into a high-stakes scam. McAfee’s Scam Detector is designed to catch those mistakes before they snowball. 

    If she had McAfee’s Scam Detector, here’s how it could have helped: 

    • Malicious Link Detection: McAfee’s Scam Detector automatically scans for scam links and warns users before they click—across text, email, and browser. 
    • Quick Check: If something feels off, users can paste in a suspicious link or message and get an instant scan to see if it’s fake or phishing. 
    • Proactive Alerts: On Android and email, Scam Detector flags dangerous messages before they’re opened. 

    With Scam Detector watching her back, Brittany could have known that the link was dangerous before clicking—and avoided the gut-wrenching scramble to reclaim her tickets. 

     

    How to Avoid Ticket Scams and Malicious Links Online 

    Here are four essential tips to help protect your digital accounts and event tickets: 

    1. Never reuse passwords.

    Use a password manager to create strong, unique passwords for each account—especially ticketing and banking platforms. 

    2. Always turn on two-factor authentication.

    It’s one of the easiest ways to block unauthorized logins—even if someone has your password. 

    3. Think before you click.

    If a message or link seems off, don’t open it. Use McAfee’s Quick Check to scan suspicious links before interacting. 

    4. Use scam detection software for extra protection.

    Tools like McAfee’s Scam Detector offer real-time alerts and background scanning to help prevent phishing, credential theft, and social engineering attacks. 

    Your Story Could Help Someone Else 

    Scams can happen to anyone—even people who do everything right. Brittany’s story is a reminder that vigilance matters, but so does visibility. 

    By telling your story, you’re helping others spot the signs of scams and take steps to protect themselves. 

    At McAfee, we believe there’s no shame in being scammed—only power in sharing.  

    Visit our scam stories hub to read more real scam stories or share your own to help end scam stigma. 

    The post Brittany’s Scam Story: Eras Tour Chaos appeared first on McAfee Blog.

    Henry’s Scam Story: The Social Media Con

    By: Brooke Seipel

    Henry A. had been trying for weeks to score a ticket to see Tyler, the Creator in Dallas. Even without a confirmed seat, he headed to the venue hoping for a miracle. And that’s when the message came in—someone nearby claimed to have extra tickets. 

    The seller said he was just outside too. The price? Reasonable enough. The tone? Casual and confident. All Henry had to do was send half the money to hold the tickets. 

    Minutes later, he sent the full $280. 

    “I was already in line—excited, hopeful, and just trying to get in. That made me an easy target.” 

    Henry’s Story 

    At first, the offer felt legitimate. The seller even said his girlfriend was wary of strangers, which seemed believable. But after Henry sent the full amount, the conversation took a turn. 

    “He said his girlfriend didn’t trust me, then suddenly wanted full payment. Then it was someone else offering more. That’s when I knew.” 

    The seller began stalling. Then came a screenshot—another buyer offering a higher price. He pressured Henry to pay more. When Henry refused, the seller blocked him. 

    Just like that, the tickets were gone. So was the money. And Henry and his friend never made it into the show. 

    “I sent $280 and got blocked. We never made it inside.” 

    It wasn’t just the lost money—it was the emotional rollercoaster. The disappointment. The feeling of being tricked right at the door. 

     

    How McAfee’s Scam Detector Could Have Helped Prevent the Ticket Scam 

    Scams like Henry’s are becoming more common—especially around live events. That’s why McAfee’s Scam Detector is built to flag shady behavior before it costs you. 

    If Henry had been using McAfee’s Scam Detector, here’s how it could’ve helped: 

    • Message Pattern Detection: The sudden change in payment terms, pressure to act quickly, and emotional manipulation could have been flagged using AI that detects suspicious language. 
    • Link and Account Scanning: If the seller sent a payment link or sketchy profile, Scam Detector’s Quick Check could’ve flagged it as risky on the spot. 

    “If I’d had something flagging the account or even the language in the messages, it might’ve stopped me in time.” 

     

    How to Avoid Ticket Scams on Social Media and Messaging Apps 

    Want to protect yourself from last-minute ticket scams? Follow these smart tips: 

    1. Don’t pay up front without protection.

    Always use secure payment methods that offer fraud protection—never cash apps or peer-to-peer services for strangers. 

    2. Use scam detection tools before sending money.

    Paste messages or links into McAfee’s Quick Check to analyze them for red flags. 

    3. Watch for changing terms or pressure tactics.

    If someone shifts the deal mid-conversation, it’s a red flag. Real sellers don’t change the price last minute or ask for more money after payment. 

    4. Trust your instincts—and the tech.

    Scammers rely on urgency and excitement. Having McAfee Scam Detector on your phone adds a digital gut check when your real one is clouded. 

    Share Your Story. Help Others Stay Safe. 

    Henry is already spreading the word on social media, warning other fans about concert scams. Now we’re helping amplify his voice—because awareness is one of the most powerful forms of protection. 

    “I’m already trying to warn others on social media. Concert scams are real—and they’re getting more common.” 

    Have a scam story of your own? Don’t keep it to yourself. By sharing what happened, you can help someone else avoid the same fate. 

    Visit our scam stories hub to read more or share your experience. Together, we can end scam stigma and stop scammers in their tracks. 

    The post Henry’s Scam Story: The Social Media Con appeared first on McAfee Blog.

    Bradley’s Scam Story: New Dad vs Fake IRS Call 

    By: Brooke Seipel

    Bradley K. was a brand-new dad, sleep-deprived and juggling life with a newborn, when he received a phone call that would change everything. The caller claimed to be from the IRS and said Bradley owed back taxes. If he didn’t pay immediately, they warned, he could be arrested. 

    Unfortunately, it was a tax scam—and one that cost him $800 and left him shaken for months. 

    The IRS Phone Scam That Took Advantage of a Vulnerable Moment 

    Like many Americans, Bradley had just filed his taxes. When the call came through, it seemed believable. The caller knew personal information, spoke with a local accent, and used aggressive tactics to demand fast action. 

    “I had just filed my taxes, so when they told me there was a problem, it didn’t seem completely far-fetched.” 

    Under pressure and running on little sleep, Bradley didn’t stop to verify. He didn’t call his dad—who also happened to be his accountant. Instead, he sent $800 and unknowingly gave scammers access to his bank account. 

    “I was running on barely any sleep with a newborn, and I wasn’t thinking as clearly as I normally would have.” 

    It wasn’t until days later that a friend told him the truth: the IRS never calls demanding immediate payment. By then, it was too late. The money was gone, and Bradley was left feeling embarrassed and anxious. 

    “Even now, almost a year later, I’m constantly on edge, making sure nothing else has been stolen.” 

     

    How McAfee Scam Detector Could Have Helped Prevent the Tax Scam 

    Bradley’s experience is exactly why we created McAfee’s Scam Detector—a smart, AI-powered tool that identifies scams across email, text, and even video. 

    If Bradley had received a scam follow-up message or email while using McAfee’s Scam Detector, the tool could have flagged it automatically—before he ever opened it. He could have also used the Quick Check feature to paste in the message or phone transcript and receive an instant scam analysis. 

    Key features that could have protected Bradley: 

    • Text & Email Scam Detection: Flags suspicious IRS-related messages and explains the red flags. 
    • Quick Check Manual Scan: Lets users upload screenshots or text to instantly check for scam tactics. 
    • AI-Powered Warnings: Detects urgent language, impersonation cues, and phishing patterns in real time. 
    • Customizable Sensitivity Settings: Lets users adjust scam detection levels based on their comfort zone. 

    Best of all? McAfee’s Scam Detector is included at no extra cost with McAfee core plans. 

    How to Avoid Tax Scams: 4 Smart Tips to Stay Safe 

    Here’s how to avoid tax scams like the one that targeted Bradley:

    1) Know the IRS will never call you to demand payment. 

    If someone says you owe money and threatens arrest, it’s a scam. The IRS contacts people by mail first. 

    2) Use McAfee’s Scam Detector for real-time protection. 

    Scan any suspicious email, text, or message using Quick Check before clicking or responding. 

     3) Always take a pause before acting. 

    Scammers rely on urgency. Take a breath, verify the claim independently, and talk to someone you trust. 

     4) Keep scam protection up to date. 

    Enable scam alerts across your devices to stay one step ahead. McAfee Scam Detector works across smartphones, laptops, and tablets. 

     

    Share Your Scam Story to Help End Scam Stigma 

    Bradley’s story is just one of thousands. But too often, people stay silent out of shame or embarrassment. That silence helps scammers win. 

    At McAfee, we believe in highlighting real scam stories—not to scare people but to empower them. These aren’t victims. They’re survivors. 

    Have a story of your own? You’re not alone—and your experience could help someone else. 

    Visit our Scam Stories Hub to share your story and help stop scams in their tracks. 

    The post Bradley’s Scam Story: New Dad vs Fake IRS Call  appeared first on McAfee Blog.

    Interviewing for a Job? Spot a Scam with These Questions

    By: Jasdev Dhaliwal

    Job scams are on the rise. And asking the right questions can help steer you clear of them. 

    That rise in job scams is steep, according to the U.S. Federal Trade Commission (FTC). Recent data shows that reported losses have grown five times over between 2020 and 2024. In 2024 alone, reported losses hit half a billion dollars, with unreported losses undoubtedly pushing actual losses yet higher. 

    Last week, we covered how “pay to get paid” scams account for a big chunk of online job scams. Here, we’ll cover a couple more that we’ve seen circulating on social media and via texts—and how some pointed questions can help you avoid them. 

    Two classic job scams to look out for 

    The headhunter scam 

    Some job scammers pose as recruiters from job agencies who reach potential victims the same way legitimate agencies do—by email, text, and networking sites. Sometimes this leaves people with their guard down because it’s not unheard of at all to get contacted this way, “out of the blue” so to speak.  

    Yet one of the quickest ways to spot a scammer is when the “recruiter” asks to pay a fee for the matchmaking, particularly if they ask for it up front. Legitimate headhunters, temp agencies, and staffing agencies typically get paid by the company or business that ultimately does the hiring. Job candidates don’t pay a thing.  

    Training and equipment fee scams 

    Another form of scam occurs during the “onboarding” process of the job. The scammer happily welcomes the victim to the company and then informs them that they’ll need to take some online training and perhaps buy a computer or other office equipment. Of course, the scammer asks the victim to pay for all of it—leaving the victim out of hundreds of dollars and the scammer with their payment info.  

    Spot job scams by asking the right questions 

    One way you can spot a job scam is to press for answers. Asking pointed questions about a company and the job it’s offering, just as you would in any real interview, can reveal gaps in a scammer’s story. In effect, scammers are putting on an acting job, and some don’t thoroughly prepare for their role. They don’t think through the details, hoping that victims will be happy enough about a job prospect to ask too many questions.  

    If the hiring process moves quicker than expected or details about a job seem light, it’s indeed time to ask questions. Here are a few you can keep handy when you start to wonder if you have a scam on your hands … 

    “What’s the full job description, and what are the day-to-day responsibilities?” 

    This is a great place to start. Legitimate employers write up job listings that they post on their website and job sites. In those descriptions, the work and everything it entails gets spelled out to the letter. A real employer should be able to provide you with a job description or at least cover it clearly over the course of a conversation.  

    “Where’s the company based and where does it have offices?”  

    This one can trip up a scammer quickly. A scammer might avoid giving a physical address. Likewise, they might offer up a fake one. Either a non-answer or a lie can readily call out a scam by following up the question with a web search for a physical address. (Resources like the Better Business Bureau can also help you research a company and its track record.) 

    “Who will I be working with, and who will I report to?” 

    Asking about co-workers, bosses, reporting structures and the like can also help sniff out a scam. Real employers, once again, will have ready answers here. They might even start dropping names and details about people’s tenure and background. Meanwhile, this is one more place where scammers might tip their hand because they haven’t made up those details. 

    “What are the next steps in the hiring process?” 

    This question alone can offer a telltale sign. Many job scams move through the hiring process at relative breakneck speed—skipping past the usual interview loops and callbacks that many legitimate jobs have. Scammers want to turn over their victims quickly, so they’ll make the “hiring process” quick as well. If it feels like you’re blazing through the steps, it could be a scam. 

    “Can you tell me about the company’s history?”  

    Every business has a story, even if it’s still in its startup days. Anyone in a recruiting or hiring position will have a good handle on this question, as they will on any follow-up questions about the company’s mission or goals. Again, vagueness in response to these kinds of questions could be a sign of a scam. 

    More ways you can avoid job scams 

    Watch out for job offers on social media.

    Whether it’s through social media sites like Facebook, Instagram, and the like, scammers often reach out through direct messages. Recruiters stick to legitimate business networking sites like LinkedIn. Companies maintain established accounts on recruiting platforms that people know and trust, so view any contact outside of them as suspicious. 

    Filter out scam links.

    Scammers use the “hiring process” to trick people into providing their personal info with malicious links. Web protection, included in our plans, can steer you clear of them. Likewise, our Scam Detector scans URLs in your text messages and alerts you if they’re sketchy. If you accidentally click a bad link, both web and text scam protection will block a risky site. 

    Lower your profile.

    Many scammers get your contact info from data broker sites. McAfee’s Personal Data Cleanup scans some of the riskiest data broker sites, shows you which ones are selling your personal info, and, depending on your plan, can help you remove it. Our Social Privacy Manager lowers your public profile lower still. It helps you adjust more than 100 privacy settings across your social media accounts in just a few clicks, so your personal info is only visible to the people you want to share it with. 

    The post Interviewing for a Job? Spot a Scam with These Questions appeared first on McAfee Blog.

    Your Phone Is the #1 Target in a New Wave of IRS Scams, McAfee Finds

    By: Jasdev Dhaliwal

    As Tax Day looms and last-minute taxpayers feel the pressure, a surge of IRS scams is on the rise.  

    Research by our McAfee Labs team projects a fresh wave of sophisticated tax scams as the stress of peak filing season sets in, with bogus text messages leading the way.  

    Nearly half of taxpayers complete their taxes between mid-March and April 15, which gives scammers ample opportunity to cash in as people rush their filings with the IRS.  

    Based on our data from 2024, here’s what we can expect in the coming days: 

    • We’ll see a surge in tax scams – The number of malicious tax scam URLs nearly quadrupled from February 1 (2.9% of activity) to February 28 (10.5%) last year, with the biggest spike at the end of the month.  
    • Mobile attacks will dominate – 76% of all tax scam activity in 2024 targeted mobile users via text, often using URL shorteners to disguise fraudulent links. 
    • Highly coordinated scam campaigns will roll out – A single campaign accounted for 17.3% of all tax-related blocked URLs in 2024, using fake IRS-style links (like, ”irs.gov.tax-helping[.]com”). 

    In addition to posing as the IRS, scammers will pose as tax prep and tax software companies as well. Just as in years past, taxpayers can further expect scams built around quick refunds and easy filing solutions that are actually fronts for scams. Yet whatever guise scammers put on, their aim remains the same. They want to dupe taxpayers out of their personal and financial info.  

    Common Tax Scams To Look Out For 

    Tax season is high season for scammers because so much personal info gets gathered and shared online. With that, many taxpayers have their guard down. They expect to see messages, ads, and so forth about their taxes, which can make them more willing to share some of their most personal info. That’s where scammers step in. They want to: 

    1. Steal account info – Scammers try to highjack account or financial info associated with credit cards and banks to steal funds and make purchases with a victim’s card.
    2. File false returns – Scammers also try to file false returns in a victim’s name and claim their refunds, which leaves the victim without their money and a fraud claim on their hands.
    3. Commit identity theft – Scammers use the info they steal to open new credit lines and accounts in a victim’s name. 
    4. Re-sell stolen info – Finally, scammers can also turn a profit on their victims by selling stolen info on dark web marketplaces. Instead of using it to commit identity theft
      themselves, they sell it to others who will.       

    Looking at this list, you can see what makes tax scams so damaging. Many of them target our most precious of personal info—our Social Security Numbers (SSNs).  

    A stolen SSN opens the door to some of the most painful forms of identity theft, like imposter fraud, insurance fraud, employment fraud, and more. These follow-on attacks can cause great harm to a victim’s finances and reputation in ways that can take months, or even years, to repair.   

    How Tax Scams Work

    In effect, tax scams deliver a one-two punch. 

    It begins by baiting the victim with a phony message from a scammer posing as the IRS, a tax prep business, or a tax software company. That might come by email, a direct message on social media, or even in paid search results. 

    Largely, scammers bait victims with texts. Mobile attacks indeed dominate the preferred contact method, just as we called out. Here, scammers often use link shorteners to disguise fraudulent links. (You’ve likely seen plenty of link shorteners like bit.ly and goo.gl. They make it easier to share long addresses, but the flipside is that there’s no quick way to tell where they really take you.) 

    In some cases, scammers attempt to trick taxpayers by weaving “irs.gov” into the web address. Below you can see one example, where the domain isn’t “irs.gov.” It’s actually “entes-tax[dot]com,” which leads to a scam site. 

    Scam texts that weave “irs.gov” into a malicious link 

    As for the text itself, scammers send urgent-sounding messages about tax returns like, “Your refund is on hold, contact the IRS immediately.” Other scammers use fear, leveling threats like jail time for non-payment. In other cases, scammers threaten to revoke things like driver’s licenses and business licenses, or even immigration status. According to the IRS, these are common signs of a scam. The IRS never uses threats or tactics like these to resolve tax issues. 

    The second punch comes by clicking the link in these messages, which leads to IRS copycat scam sites. And they can look convincing. The most sophisticated of them mirror the look and feel of the official IRS website and use URLs that look “close enough” to an IRS URL, which can trick anyone who doesn’t examine them closely. 

     

    Example of a fake IRS claim website 

    And that’s where the damage gets done. Under the false pretense of receiving a refund or making a payment, the scammers collect that precious personal info we talked about, which can cause short- and long-term fallout for victims. 

    The same approach works for scammers who pose as tax prep services and tax software companies. The texts and websites look different, yet they’re still part of a scheme for collecting the same types of personal and financial info.  

     

    How To Avoid Tax Scams

    Clever as these scams are, you can avoid them. The first step is awareness. By reading this article and sharing it with others, you spread the word about these scams and just how rampant they are. 

    From there, you can take several more steps that can keep you far safer during tax time: 

    • Be suspicious of emails and phone calls claiming to be from the IRS. The IRS typically contacts people by physical mail, not by email or text. (See their list of ways the IRS will contact you for more details.)
    • Never give out personal info on the phone. The IRS will never call to ask for personal info over the phone, and no government agency will ever ask you for money over the phone. Payments demanded in money orders, gift cards, and online payment platforms other than IRS.gov are an absolute red flag. 
    • Go straight to the source. Verify all websites and emails, even when it looks like they come from a trusted tax consultant or partner. Go straight to the source instead of clicking on links in emails or texts. 
    • Remove your personal info from sketchy data broker sites. Scams over email, phone, and text all require something—your contact info. In many cases, scammers get it from data broker sites. Data brokers buy, collect, and sell detailed personal info, which they compile from several public and private sources. Our Personal Data Cleanup scans some of the riskiest data broker sites and shows you which ones are selling your personal info. 
    • Lastly, file your taxes as quickly as possible. One way to keep a scammer from claiming your refund is to claim it first. In some cases, taxpayers only find out they’ve been scammed once they file a return—only to discover that it’s already been filed. 

    The post Your Phone Is the #1 Target in a New Wave of IRS Scams, McAfee Finds appeared first on McAfee Blog.

    ‘Seeing is Believing is Out the Window’: What to Learn From the Al Roker AI Deepfake Scam

    By: Jasdev Dhaliwal

    Al Roker never had a heart attack. He doesn’t have hypertension. But if you watched a recent deepfake video of him that spread across Facebook, you might think otherwise. 

    In a recent segment on NBC’s TODAY, Roker revealed that a fake AI-generated video was using his image and voice to promote a bogus hypertension cure—claiming, falsely, that he had suffered “a couple of heart attacks.” 

    “A friend of mine sent me a link and said, ‘Is this real?'” Roker told investigative correspondent Vicky Nguyen. “And I clicked on it, and all of a sudden, I see and hear myself talking about having a couple of heart attacks. I don’t have hypertension!” 

    The fabricated clip looked and sounded convincing enough to fool friends and family—including some of Roker’s celebrity peers. “It looks like me! I mean, I can tell that it’s not me, but to the casual viewer, Al Roker’s touting this hypertension cure… I’ve had some celebrity friends call because their parents got taken in by it.” 

    While Meta quickly removed the video from Facebook after being contacted by TODAY, the damage was done. The incident highlights a growing concern in the digital age: how easy it is to create—and believe—convincing deepfakes. 

    “We used to say, ‘Seeing is believing.’ Well, that’s kind of out the window now,” Roker said. 

    From Al Roker to Taylor Swift: A New Era of Scams 

    Al Roker isn’t the first public figure to be targeted by deepfake scams. Taylor Swift was recently featured in an AI-generated video promoting fake bakeware sales. Tom Hanks has spoken out about a fake dental plan ad that used his image without permission. Oprah, Brad Pitt, and others have faced similar exploitation. 

    These scams don’t just confuse viewers—they can defraud them. Criminals use the trust people place in familiar faces to promote fake products, lure them into shady investments, or steal their personal information. 

    “It’s frightening,” Roker told his co-anchors Craig Melvin and Dylan Dreyer. Craig added: “What’s scary is that if this is where the technology is now, then five years from now…” 

    Nguyen demonstrated just how simple it is to create a fake using free online tools, and brought in BrandShield CEO Yoav Keren to underscore the point: “I think this is becoming one of the biggest problems worldwide online,” Keren said. “I don’t think that the average consumer understands…and you’re starting to see more of these videos out there.” 

     Why Deepfakes Work—and Why They’re Dangerous 

    According to McAfee’s State of the Scamiverse report, the average American sees 2.6 deepfake videos per day, with Gen Z seeing up to 3.5 daily. These scams are designed to be believable—because the technology makes it possible to copy someone’s voice, mannerisms, and expressions with frightening accuracy. 

    And it doesn’t just affect celebrities: 

    • Scammers have faked CEOs to authorize fraudulent wire transfers. 
    • They’ve impersonated family members in crisis to steal money. 
    • They’ve conducted fake job interviews to harvest personal data. 

     How to Protect Yourself from Deepfake Scams 

    While the technology behind deepfakes is advancing, there are still ways to spot—and stop—them: 

    • Watch for odd facial expressions, stiff movements, or lips out of sync with speech. 
    • Listen for robotic audio, missing pauses, or unnatural pacing. 
    • Look for lighting that seems inconsistent or poorly rendered. 
    • Verify shocking claims through trusted sources—especially if they involve money or health advice. 

    And most importantly, be skeptical of celebrity endorsements on social media. If it seems out of character or too good to be true, it probably is. 

     How McAfee’s AI Tools Can Help 

    McAfee’s Deepfake Detector, powered by AMD’s Neural Processing Unit (NPU) in the new Ryzen™ AI 300 Series processors, identifies manipulated audio and video in real time—giving users a critical edge in spotting fakes. 

    This technology runs locally on your device for faster, private detection—and peace of mind. 

    Al Roker’s experience shows just how personal—and persuasive—deepfake scams have become. They blur the line between truth and fiction, targeting your trust in the people you admire. 

    With McAfee, you can fight back. 

    The post ‘Seeing is Believing is Out the Window’: What to Learn From the Al Roker AI Deepfake Scam appeared first on McAfee Blog.

    How to Delete Your Data from 23andMe and Protect Your Privacy

    By: Jasdev Dhaliwal

    The collapse of genetic testing giant 23andMe has raised serious privacy concerns for millions of people who shared their DNA with the company. Once valued at $6 billion, the company has filed for bankruptcy and is now selling off assets—including, potentially, your genetic data. 

    If you’ve ever used 23andMe to explore your ancestry or health traits, now is the time to take action.  

    Here’s what’s going on, what it means for your data, how to delete your account, and steps you can take to better protect your online privacy going forward. 

    What’s Going On at 23andMe? 

    23andMe, once a pioneer in at-home genetic testing, has fallen into financial distress after a series of challenges, including a massive data breach in 2023 that exposed personal information of nearly 7 million users, according to TechCrunch. The company’s value plummeted by more than 99%, leading to mass board resignations and a March 2024 bankruptcy filing. 

    Now, as 23andMe prepares to sell off its assets under court supervision, its massive database of customer DNA—reportedly from more than 15 million users—is on the table. Despite the company’s assurances that its privacy policy remains in effect, experts and privacy advocates warn that your sensitive genetic data could end up in the hands of third parties, including pharmaceutical companies or even law enforcement agencies. 

    Is My Privacy at Risk? 

    If you used 23andMe, yes.  

    Genetic data is some of the most personal information you can share. It can reveal details about your ancestry, health risks, and even family secrets. With 23andMe not covered by HIPAA (the federal health privacy law), your DNA data isn’t protected the way medical records at a doctor’s office would be, The Harvard Gazette reports. 

    Although 23andMe claims it won’t share individual-level data without consent, it does reserve the right to sell or transfer personal information as part of a bankruptcy or acquisition. That means your data could be bought by another company—one with different privacy practices or intentions. 

    California residents, in particular, have the legal right to delete their data under the Genetic Information Privacy Act (GIPA) and the California Consumer Privacy Act (CCPA).  

    How to Delete Your 23andMe Data 

    If you’re ready to take action, here’s how to delete your genetic data and revoke research permissions through your 23andMe account: 

    To Delete Your Account and Genetic Data: 

    1. Log in to your 23andMe account. 
    2. Go to Settings. 
    3. Scroll down to 23andMe Data and click View. 
    4. (Optional) Download your data if you want to keep a copy. 
    5. Scroll to the Delete Data section. 
    6. Click Permanently Delete Data. 
    7. Confirm via the email link you’ll receive. 

    To Destroy Your Saliva Sample: 

    1. Go to Settings. 
    2. Navigate to Preferences. 
    3. Select the option to destroy your stored biological sample. 

    To Revoke Research Consent: 

    1. Go to Settings. 
    2. Navigate to Research and Product Consents. 
    3. Withdraw your consent for data sharing. 

    McAfee’s Tips for Protecting Your Online Privacy 

    Your DNA isn’t the only personal data at risk. From email addresses and home addresses to phone numbers and even shopping habits, data brokers are collecting and selling your information online—often without your knowledge or consent. 

    That’s why it’s critical to take control of your digital footprint. All McAfee+ plans provide the ability to scan the web for details of your personal information. McAfee’s Online Account Cleanup scans for accounts you no longer use and helps you delete them, along with your personal info. McAfee’s Personal Data Cleanup, takes this a step further, by scanning data broker sites for your personal information, and requesting the removal of you details from those sites. 

    Combined, these tools can give you back control over your privacy. All our McAfee+ plans include scans to find your accounts and direct you on how to remove your data.  

    Bottom Line: If you’ve ever used 23andMe, your genetic data could be at risk of being transferred or sold. Take action now by deleting your account and revoking permissions. And to keep the rest of your personal data protected, use tools like McAfee+ to keep your personal data safe online. 

     

    The post How to Delete Your Data from 23andMe and Protect Your Privacy appeared first on McAfee Blog.

    AI chatbots are becoming romance scammers—and 1 in 3 people admit they could fall for one

    By: Jasdev Dhaliwal

    It started with a DM. 

    For five months, 25-year-old computer programmer Maggie K. exchanged daily messages with the man she met on Instagram, convinced she had found something real. 

    When it was finally time to meet in person, he never showed. Instead, he claimed he missed his flight and needed money to rebook. Desperate to finally see him, she sent the cash.  

    Then, silence. His accounts vanished. He hadn’t just ghosted her—he had never existed at all. 

    “I ignored my gut feeling… I sent him $1,200. Then he disappeared,” Maggie told McAfee, hoping that her story would educate others. “When I reported the scam, the police told me his images were AI-generated. He wasn’t even a real person. That was the scariest part – I had trusted someone who never even existed.”  

    How AI is making romance scams more sophisticated 

    These scams work because they prey on trust and emotions. And they aren’t just targeting the naïve; anyone, even tech professionals as Maggie’s case shows, can be fooled. 

    McAfee’s latest research reveals more than half (52%) of people have been scammed out of money or pressured to send money or gifts by someone they met online. 

    And romance scams aren’t just happening in dating apps anymore. Social media, messaging platforms and AI chatbots are fuelling an explosion of online romance fraud. 

    McAfee’s findings highlight a staggering rise in: 

    • AI-powered scams: More than 1 in 4 people (26%) say they—or someone they know—have been approached by an AI chatbot posing as a real person on a dating app or social media. 
    • Fake romance scam websites: In the seven weeks leading up to Valentine’s Day, McAfee blocked a staggering 321,509 fraudulent URLs designed to lure in victims. 

    The costs: your time, money, trust and personal data 

    With 62% of people saying they’ve used dating apps, social media, or messaging platforms to connect with potential partners, scammers have a bigger pool of victims than ever before. 

    Younger users are the most active online daters, with 31% of 18-24-year-olds currently using online dating platforms. Tinder is the most popular dating app overall (46%), with its highest engagement among 18-24-year-olds (73%). Just over 40% of respondents said they use Instagram, 29% use Snapchat and 25% use TikTok to meet potential partners. But these platforms also present new risks, as fake apps designed to steal personal information lurk in app stores. 

    McAfee researchers found nearly 11,000 attempts to download fraudulent dating apps in recent months. The most impersonated? 

    • Tinder (55%) 
    • OKCupid (29%) 
    • Badoo (7%) 
    • Hinge (7%) 
    • Bumble (2%) 

    Downloading a fake app could expose your login credentials, financial information or even install malware onto your device.  

    And once money is lost, its rarely recovered, as scammers use cryptocurrency, untraceable gift cards and offshore accounts to move stolen funds.  

    Recognizing romance scam red flags  

    McAfee researchers urge anyone looking for love online to stay vigilant by following these critical safety measures: 

    1) Watch for “love bombing.” Scammers overwhelm victims with affection early on to gain trust. 

    2) Verify their identity. Use reverse image searches and insist on live video calls which AI-generated scammers avoid. 

    3) Never send money. No real partner will pressure you for financial help—especially when you’ve never met. 

    4) Be wary of celebrity DMs. If a famous figure suddenly messages you, it’s likely a scam. 

    5) Avoid suspicious links. McAfee blocked over 321,000 fraudulent dating sites—avoid clicking on unknown links or apps.  

    6) Use online protection tools. Tools like McAfee+ can detect and block suspicious messages, phishing attempts, and AI-generated fraud in real time. McAfee+ offers maximum identity, privacy, and device protection to detect and prevent fraudulent activity before it causes harm. 

    The post AI chatbots are becoming romance scammers—and 1 in 3 people admit they could fall for one appeared first on McAfee Blog.

    Buying Tickets for Beyoncé’s Cowboy Carter Tour? Don’t Let Scammers Ruin Your Experience

    By: Jasdev Dhaliwal

    Beyoncé has officially announced her Cowboy Carter world tour, and the excitement is through the roof! With her last tour selling out in record time, fans know they need to act fast to secure their tickets. Unfortunately, that urgency is exactly what scammers prey on. 

    In 2022 alone, Americans lost nearly $8.8 billion to fraud, and ticket scams are one of the most common ways scammers cash in on eager fans. But don’t worry—we’ve got you covered. Before you rush to buy tickets to Beyoncé’s latest tour, here’s how to spot and avoid ticket scams so you don’t get left outside the stadium with nothing but regret. 

    How Ticket Scams Work 

    Ticket scams come in different forms, but the most common ones include: 

    • Selling fake tickets – The scammer takes your money and either provides a counterfeit ticket or nothing at all. 
    • Stealing payment information – Some fake ticket websites don’t just sell you bogus tickets—they steal your credit card details too. 
    • Reselling legitimate tickets multiple times – A scammer might have a real ticket but sells duplicates of it to multiple buyers, leaving some victims locked out of the event. 
    • Selling general admission tickets as premium or VIP seats – You think you’re getting an upgrade, but you end up overpaying for a basic ticket. 

    Scammers know how to create a sense of urgency, often advertising tickets to sold-out events at too-good-to-be-true prices. If you’re desperate to see Beyoncé, it’s easy to get caught up in the rush—but staying cautious can save you from getting scammed. 

    How to Spot a Ticket Scam 

    The best way to avoid being scammed is to buy only from reputable sources like official ticketing platforms (Ticketmaster, Live Nation, AXS) or directly from the event’s website. However, if you’re looking elsewhere, be on the lookout for these red flags: 

    • Deeply discounted tickets – If a deal looks too good to be true, it probably is. 
    • Sellers reaching out to you first – Scammers often message people on social media, offering “last-minute” or “hard-to-find” tickets. 
    • Payment methods with no protection – If the seller insists on Venmo, Cash App, cryptocurrency, or gift cards, walk away. Use a credit card for protection. 
    • Look-alike websites – Scammers create fake ticket sites that resemble legitimate ones. Always check the URL. 
    • Poor grammar and spelling – Many scam posts and messages contain awkward phrasing or mistakes. 
    • Sellers asking to DM or text you right away – Legitimate resellers typically operate through verified marketplaces, not private messages. 

    Common Ticket Scam Traps & How to Avoid Them 

    1. Fake “Sold-Out” Tickets on Social Media 

    When an event sells out, scammers flood social media with offers. Platforms like Facebook Marketplace, Instagram, and Craigslist are filled with fake ticket sellers. If you didn’t get tickets during the official sale, be cautious about where you’re looking. 

    Pro Tip: Follow Beyoncé’s official social media pages and event organizers for updates. Sometimes, extra dates or official resale opportunities become available. 

    2. Discounted Tickets That Seem Too Cheap 

    Scammers often advertise tickets below face value to lure in victims. While real fans sometimes sell their tickets at a discount, it’s a huge red flag if the price is way lower than expected. 

    Pro Tip: If you’re buying from an individual, check their profile carefully. Look for signs of a fake account, such as recently created pages or multiple listings in different cities. 

    3. Fake Ticket Websites 

    Some scammers go the extra mile, creating entire websites that mimic real ticket platforms. These fake sites not only sell counterfeit tickets but may also steal your credit card information. 

    Pro Tip: Always type in the official ticketing site’s URL manually or search for it on Google. Avoid clicking links from unknown sources, and double-check that the site uses “HTTPS” and has no misspellings in the URL. 

    4. Duplicate Ticket Scams 

    Even if you get a real ticket, that doesn’t mean it’s yours alone. Some scammers sell the same ticket to multiple people, leading to chaos when multiple buyers show up at the event. 

    Pro Tip: Only buy from platforms that offer verified resale tickets with guarantees, like StubHub, SeatGeek, or VividSeats. 

    5. Seat Scams 

    Some scammers sell general admission tickets as if they were premium seats. You may think you’re getting front-row access, only to find out you overpaid for a standing-room ticket. 

    Pro Tip: Always confirm the seat location with the seller. Many venues have seating charts available online, so check before purchasing. 

    6. Ticket Takeovers 

    Scammers hack into Ticketmaster accounts and transfer tickets to themselves, effectively locking the rightful owner out of their seats. Victims often receive a flood of emails, including notifications of ticket transfers they never authorized. By the time they realize what’s happened, their tickets are gone, likely resold by the scammer. 

    Pro Tip: To prevent this, ensure your Ticketmaster account is secure by using a strong password, enabling two-factor authentication, and being wary of suspicious login attempts or phishing emails. 

    How to Safely Buy Beyoncé Tickets 

    To make sure you don’t fall victim to a ticket scam, follow these golden rules:  

    ✅Buy from official sources – Beyoncé’s official website, Ticketmaster, and AXS are your safest bets.  

    ✅Use a credit card – If something goes wrong, you can dispute the charge. 

    ✅Be wary of social media sellers – If you’re buying from a stranger, research their profile and history first.  

    ✅Check the URL – Make sure you’re on the real ticketing website before purchasing.  

    ✅Avoid high-pressure sales tactics – Scammers want you to act fast—don’t fall for it! 

    Final Thoughts: Enjoy Cowboy Carter Without the Scams 

    Beyond ticket scams, cybercriminals also use major events like Beyoncé’s tour to spread malware and phishing attacks. McAfee’s comprehensive online protection can help keep your devices and personal information safe by blocking malicious websites, preventing identity theft, and alerting you to potential fraud.

    Beyoncé’s Cowboy Carter tour is one of the most anticipated events of the year, and everyone wants to be part of the experience. But scammers know this too, and they’re out in full force. By staying smart, sticking to verified ticket sources, and being wary of deals that seem too good to be true, you can avoid scams and secure your spot at one of the biggest concerts of 2025. 

    Stay safe, Beyhive—and get ready to enjoy the show! 

    The post Buying Tickets for Beyoncé’s Cowboy Carter Tour? Don’t Let Scammers Ruin Your Experience appeared first on McAfee Blog.

    How to Make Sure Your Gmail Account is Protected in Light of Recent AI Scams

    By: Jasdev Dhaliwal

    The rise of AI-driven cyber threats has introduced a new level of sophistication to phishing scams, particularly those targeting Gmail users.

    Criminals are using artificial intelligence to create eerily realistic impersonations of Google support representatives, Forbes recently reported. These scams don’t just rely on misleading emails; they also include convincing phone calls that appear to come from legitimate sources.

    If you receive a call claiming to be from Google support, just hang up—this could be an AI-driven scam designed to trick you into handing over your Gmail credentials.

    Here’s everything you need to know about the scam and how to protect yourself:

    Understanding the AI-Driven Gmail Scam

    Hackers have devised a multi-step approach to trick users into handing over their Gmail credentials. Here’s how the scam unfolds:

    Step 1: Impersonation Calls

    The attack often begins with a phone call from what appears to be an official Google support number. The caller, using AI-generated voice technology, convincingly mimics a real Google representative. Their tone is professional, and the caller ID may even display “Google Support,” making it difficult to immediately recognize the scam.

    Step 2: False Security Alerts

    Once engaged, the scammer informs the victim that suspicious activity has been detected on their Gmail account. They may claim that an unauthorized login attempt has occurred, or that their account is at risk of being locked. The goal is to create a sense of urgency, pressuring the victim to act quickly without thinking critically.

    Step 3: Fake Verification Process

    To appear credible, the scammer sends an email that looks almost identical to a real Google security notification. The email may include official-looking branding and a request to verify the user’s identity by entering a code. The email is designed to look so authentic that even tech-savvy individuals can be fooled.

    Step 4: Account Takeover

    If the victim enters the verification code, they inadvertently grant the attacker full access to their Gmail account. Since the scammer now controls the two-factor authentication process, they can lock the real user out, change passwords, and exploit the account for further attacks, including identity theft, financial fraud, or spreading phishing emails to others.

    Why This Scam Is More Effective Than Traditional Phishing

    This scam is particularly dangerous because it combines multiple layers of deception, making it difficult to spot. Unlike standard phishing emails that may contain poor grammar or suspicious links, AI-enhanced scams:

    • Use highly realistic voices that mimic human speech patterns.
    • Leverage caller ID spoofing to appear as an official Google number.
    • Exploit trust by impersonating a well-known tech company.
    • Bypass 2FA by deceiving users into providing authentication codes.

    Steps to Secure Your Gmail Account

    To protect yourself from AI-powered scams, follow these essential security measures:

    1. Be Skeptical of Unsolicited Calls from “Google”

    Google does not randomly call users about security issues. If you receive such a call, hang up immediately and report the incident through Google’s official support channels.

    2. Verify Security Alerts Directly in Your Account

    If you receive a message stating that your account has been compromised, do not click any links or follow instructions from the email. Instead, go directly to your Google account’s security settings and review recent activity.

    3. Never Share Verification Codes

    Google will never ask you to provide a security code over the phone. If someone requests this information, it is a scam.

    4. Enable Strong Authentication Methods

    • Turn on Two-Factor Authentication (2FA) to add an extra layer of security.
    • Consider using Google’s Advanced Protection Program, which requires a physical security key for verification.

    5. Regularly Monitor Your Account Activity

    Check the “Security” section of your Google account to review login activity. If you see any unrecognized sign-ins, take immediate action by changing your password and logging out of all devices.

    6. Use a Password Manager

    A password manager helps create and store strong, unique passwords for each of your accounts. This ensures that even if one password is compromised, other accounts remain secure.

    What to Do If You Suspect Your Gmail Has Been Hacked

    If you believe your account has been compromised, take these steps immediately:

    • Change your password to a strong, unique combination of characters.
    • Enable 2FA if you haven’t already.
    • Review recent account activity for suspicious logins.
    • Report the issue to Google through their Security Help Center.
    • Scan your device with McAfee+ or another reputable security tool to check for malware.

    Staying Ahead of AI-Enhanced Cyber Threats

    As AI technology advances, cybercriminals will continue to find new ways to exploit users. By staying informed and implementing strong security practices, you can reduce the risk of falling victim to these sophisticated scams.

    At McAfee, we are dedicated to helping you protect your digital identity. Stay proactive, stay secure, and always verify before you trust.

    For more cybersecurity insights and protection tools, check out McAfee+.

     

    The post How to Make Sure Your Gmail Account is Protected in Light of Recent AI Scams appeared first on McAfee Blog.

    Explaining DeepSeek: The AI Disruptor That’s Raising Red Flags for Privacy and Security

    By: Jasdev Dhaliwal

    The artificial intelligence arms race has a new disruptor—DeepSeek, a Chinese AI startup that has quickly gained traction for its advanced language models.  

    Positioned as a low-cost alternative to industry giants like OpenAI and Meta, DeepSeek has drawn attention for its rapid growth, affordability, and potential to reshape the AI landscape.  

    But as the buzz around its capabilities grows, so do concerns about data privacy, cybersecurity, and the implications of feeding personal information into AI tools with uncertain oversight. 

    What Is DeepSeek, and Why Is It Making Headlines? 

    DeepSeek’s AI models, including its latest version, DeepSeek-V3, claim to rival the most sophisticated AI systems developed in the U.S.—but at a fraction of the cost. 

    According to reports, training its latest model required just $6 million in computing power, compared to the billions spent by its American counterparts. This affordability has allowed DeepSeek to climb the ranks, with its AI assistant even surpassing ChatGPT as the top free app on Apple’s U.S. App Store. 

    What makes DeepSeek’s rise even more surprising is how abruptly it entered the AI race. The company originally launched as a hedge fund before pivoting to artificial intelligence—an unusual shift that has fueled speculation about how it managed to develop such advanced models so quickly. Unlike other AI startups that spent years in research and development, DeepSeek seemed to emerge overnight with capabilities on par with OpenAI and Meta. 

    However, DeepSeek’s meteoric rise has sparked skepticism. Some analysts and AI experts question whether its success is truly due to breakthrough efficiency or if it has leveraged external resources—potentially including restricted U.S. AI technology. OpenAI has even accused DeepSeek of improperly using its proprietary tech, a claim that, if proven, could have major legal and ethical ramifications. 

    Why Consumers Should Be Cautious 

    One of the biggest concerns surrounding DeepSeek isn’t just how it handles user data—it’s that it reportedly failed to secure it altogether.  

    According to The Register, security researchers at Wiz discovered that DeepSeek left a database completely exposed, with no password protection, allowing public access to millions of chat logs, API keys, backend data, and operational details.  

    This means that conversations with DeepSeek’s chatbot, including potentially sensitive information, were openly available to anyone on the internet. Worse still, the exposure reportedly could have allowed attackers to escalate privileges and gain deeper access into DeepSeek’s infrastructure. While the issue has since been fixed, the incident highlights a glaring oversight: even the most advanced AI models are only as trustworthy as the security behind them. 

    Here’s why caution is warranted: 

    1. Data Privacy Risks: AI chatbots process and store conversations, which may be used for further training, sold to third parties, or accessed by unauthorized entities. It remains unclear how DeepSeek handles user data or whether its security protocols align with global privacy standards. 
    1. Regulatory Uncertainty: Unlike U.S. companies that must comply with laws like the California Consumer Privacy Act (CCPA) and the European Union’s General Data Protection Regulation (GDPR), DeepSeek operates under different legal frameworks. This lack of regulatory clarity could mean weaker protections for user data. 
    1. Potential Cybersecurity Threats: History has shown that AI tools can be manipulated for malicious purposes, from deepfake scams to social engineering attacks. If DeepSeek’s security measures are not robust, it could become a target for cybercriminals looking to exploit vulnerabilities. 

    DeepSeek specifically states in its terms of service that it collects, stores, and has permission to share just about all the data you provide while using the service.  

     

    Figure 1. Screenshot of DeepSeek Privacy Policy shared on LinkedIn

    It specifically notes collecting your profile information, credit card details, and any files or data shared in chats. What’s more, that data isn’t stored in the United States, which has strict data privacy regulations. DeepSeek is a Chinese company with limited required protections for U.S. consumers and their personal data. 

    How to Stay Safe When Using AI Chatbots 

    If you’re using AI tools—whether it’s ChatGPT, DeepSeek, or any other chatbot—it’s crucial to take steps to protect your information: 

    • Avoid sharing personal or sensitive data. AI chatbots are not secure vaults—treat them like public forums. You wouldn’t post your social security number or passwords to Facebook, don’t share those details with chatbots either. 
    • Review privacy policies carefully. Before using a new AI model, check how your data is collected, stored, and used. Read privacy policies and consider what data is being saved. 
    • Use disposable or temporary email addresses. If a chatbot requires registration, consider using an alias to prevent your primary email from being linked to the service. 
    • Enable multi-factor authentication. If an AI platform offers account security features, enable them to add an extra layer of protection. 

    As AI chatbots like DeepSeek gain popularity, safeguarding your personal data is more critical than ever. With McAfee’s advanced security solutions, including identity protection and AI-powered threat detection, you can browse, chat, and interact online with greater confidence—because in the age of AI, privacy is power. 

     

    The post Explaining DeepSeek: The AI Disruptor That’s Raising Red Flags for Privacy and Security appeared first on McAfee Blog.

    How Scammers Steal Your Identity and What You Can Do About It

    By: Jasdev Dhaliwal

    Identity theft is a growing concern, and Data Privacy Week serves as an important reminder to safeguard your personal information. In today’s digital age, scammers have more tools than ever to steal your identity, often with just a few key details—like your Social Security number, bank account information, or home address.

    Unfortunately, identity theft claims have surged in recent years, jumping from approximately 650,000 in 2019 to over a million in 2023, according to the Federal Trade Commission (FTC). This trend underscores the urgent need for stronger personal data protection habits.

    So, how do scammers pull it off, and how can you protect yourself from becoming a victim?

    How Do Scammers Steal Your Identity? 

    Scammers are resourceful, and there are multiple ways they can access your personal information. The theft can happen both in the physical and digital realms. 

    • Identity Theft in the Physical World:
      • If you lose your wallet or debit card, that’s an immediate risk. But thieves also use other methods like rummaging through your trash or mail to access sensitive information. In rare cases, they may even file a change-of-address form in your name, redirecting your mail to a different address. 
    • Identity Theft in the Digital World
      • Data breaches: Hackers infiltrate businesses or government systems, stealing massive amounts of customer data. 
      • Phishing attacks: Fraudsters use deceptive emails, texts, or websites to trick you into entering sensitive information like passwords or credit card details. 
      • Malware: Scammers can infect your devices with malware that secretly harvests your data. 
      • Public Wi-Fi risks: Using unsecured Wi-Fi networks without a Virtual Private Network (VPN) makes it easier for hackers to intercept your online transactions. 

    Signs Your Identity May Have Been Stolen 

    When scammers steal your identity, they often leave behind a trail of unusual activity that you can detect. Here are some common signs that could indicate identity theft: 

    • Unexpected bills or new accounts: If you start receiving bills for accounts you didn’t open, or if you see unfamiliar charges on your bank statements, it’s time to investigate. 
    • Missing bills or statements: If your regular bills or account statements stop showing up, it could mean your address has been changed without your knowledge. 
    • Fraudulent accounts or transactions: Getting debt collection calls for accounts you never opened, or spotting unauthorized charges on your credit or bank statements, is a major red flag. 
    • Denial of credit: If you apply for a loan or a credit card and get denied for reasons you don’t understand, it could be due to fraudulent activity under your name. 
    • IRS notifications: If the IRS contacts you about tax returns filed in your name, it’s possible someone has stolen your Social Security number to claim your refund. 

    Steps to Take If You Suspect Identity Theft 

    If you suspect that your identity has been stolen, time is of the essence. Here’s what you need to do: 

    • Contact the companies involved: Immediately report any suspicious transactions to your bank, credit card company, or any business where fraud has occurred. They can help you initiate an investigation. 
    • File a police report: Identity theft is a crime, and it’s essential to report it to the authorities. Filing a police report can create an official record of the theft and help protect you if the thief commits other crimes under your name. 
    • Place a fraud alert or credit freeze: Contact one of the major credit bureaus (Experian, TransUnion, or Equifax) to place a fraud alert on your credit file. This makes it harder for thieves to open accounts in your name. You can also opt for a credit freeze, which prevents creditors from accessing your credit report altogether. 
    • Dispute any inaccuracies: Check your credit reports for any unfamiliar activity. Dispute any fraudulent accounts or charges with the relevant credit bureaus and businesses involved. 
    • Monitor your credit and accounts: Even after taking the above steps, it’s crucial to keep an eye on your credit report and bank statements. The longer you monitor, the sooner you’ll spot any other fraudulent activity. 

    How to Prevent Identity Theft 

    While you can’t completely eliminate the risk of identity theft, there are several steps you can take to protect yourself: 

    • Use strong passwords: Create unique passwords for each of your online accounts and enable two-factor authentication wherever possible.
    • Install security software: Use comprehensive security software to protect your devices from malware and hackers. McAfee+ offers enhanced protection against identity theft and provides real-time monitoring for any suspicious activity. McAfee+ Advanced and Ultimate plans also come with full-service Personal Data Cleanup, which sends requests to remove your data automatically.
    • Shred personal documents: Shred bills, tax documents, and any sensitive paperwork before disposing of them. Scammers still use physical methods like “dumpster diving” to gather personal information.
    • Be cautious online: Be mindful of the information you share on social media. Avoid posting sensitive details like your birth date or mother’s maiden name, which could be used to guess your security questions.
    • Regularly monitor your bank accounts: Regularly check your bank activity and credit report to ensure that no unauthorized activity has taken place. You’re entitled to a free credit report annually from the three major credit bureaus. 

    Identity theft can be a stressful and overwhelming experience, but by acting quickly and taking proactive steps to protect your personal information, you can minimize the damage and reclaim your identity. 

    The post How Scammers Steal Your Identity and What You Can Do About It appeared first on McAfee Blog.

    Introducing Personal Data Cleanup

    By: McAfee

    We’re excited to announce the release of McAfee’s Personal Data Cleanup, a new feature that finds and removes your personal info from data brokers and people search sites. Now, you can feel more confident by removing personal info from data broker sites and keeping it from being collected, sold, and used to: advertise products to you, fill your email box with spam, and can even give criminals the info they need to steal your identity. Let’s look at why we’re offering McAfee Personal Data Cleanup, how it protects your privacy, and why it’s a great addition to the online protection we already offer. 

    Does the cost of a connected life have to be your privacy?

    There’s so much to enjoy when you live a connected life – free email, online stores that remember what you like, social media that connects you to friends and influencers. It’s a world of convenience, opportunity, and incredible content. It’s also a world where your data is constantly collected.  

    “Wait. Did you say my data?” 

    That’s right, companies are collecting your personal data. They’re called data brokers and they make money by selling information that specifically identifies you, like an email address. They sell this information to marketers looking to target you with ads. Criminals can also use it to build profiles in service of stealing your identity and accessing your accounts. This activity takes place behind the scenes and often without consumers’ knowledge.  There are also data brokers known as people search sites that compile and sell info like home addresses, emails, phones, court records, employment info, and more. These websites give identity thieves, hackers, stalkers, and other malicious actors easy access to your info. Regardless of how your data is being used, it’s clear that these days a more connected life often comes at the cost of your privacy.  

    Consumers are clamoring for more privacy online 

    In a recent survey of McAfee customers, we found that 59% have become more protective of their personal data over the past six months. And it’s no wonder. Over the past two years, trends like telehealth, remote working, and increased usage of online shopping and financial services have meant that more of your time is being spent online. Unsurprisingly, more personal data is being made available in the process. This leads us to the most alarming finding of our survey – 95% of consumers whose personal information ends up on data broker sites had it collected without their consent.  

     

    Free to enjoy privacy online with McAfee’s Personal Data Cleanup 

    We created Personal Data Cleanup to make it easy for you to take back your privacy online. McAfee’s Personal Data Cleanup regularly scans the riskiest data broker sites for info like your home address, date of birth, and names of relatives. After showing where we found your data, you can either remove it yourself or we will work on your behalf to remove it. Here’s how it works: 

    • Set up 
      • Input your name, date of birth, and home address. 
    • Scan:  
      • We scan this against some of the riskiest data broker sites 
    • Review 
      • Within minutes, we’ll show you where we found your personal info, and what info the sites have. 
    • Remove 
      • You can manually go to each site and request that your data be removed OR upgrade to have McAfee manage the removal process on your behalf. 
    • Ongoing 
      • Your info can reappear as data brokers continually collect data. To ensure ongoing protection, Personal Data Cleanup enables regular scanning so it can be removed. 

    Start using McAfee’s Personal Data Cleanup right now 

    Ready to take back your personal info online? Personal Data Cleanup is available immediately with most of our online protection plans. If you have an eligible subscription, you can start using this new feature through McAfee Protection Center, or you can get McAfee online protection here.

    The post Introducing Personal Data Cleanup appeared first on McAfee Blog.

    Brushing Scams: What They Are and How to Stay Safe From Unsolicited Packages

    By: McAfee

    It’s an increasingly common surprise: a package shows up at your door with your name and your address…but you never ordered it.  

    These unsolicited deliveries may seem harmless, but they’re often tied to a scheme called a brushing scam. These scams occur year-round but tend to pick up around the holidays or peak shopping seasons, when shipping volume spikes and it’s easier for suspicious packages to blend in. 

    Below is everything you need to know: how brushing scams work, what they mean for your personal information, and the exact steps to take if one shows up at your doorstep. 

     Takeaways 

    • A brushing scam is when a seller sends you an item you didn’t order so they can post a fake “verified purchase” review under your name. 
    • These scams usually involve low-value items like cheap jewelry, seeds, or trinkets. 
    • Unexpected packages can signal that your personal data was exposed in a breach or has been purchased illegally. 
    • You don’t have to return the item, but you should report it, update your passwords, and check for suspicious activity. 
    • These scams increase during busy shipping periods, including holidays. 

    What Is a Brushing Scam? 

    A brushing scam is when sellers send you unsolicited items so they can post fake reviews using your name, boosting their product’s ranking and credibility without your consent. 

    How Brushing Scams Work 

    A typical brushing scam looks like this: 

    1. A scammer creates or uses a seller account on a marketplace like Amazon or AliExpress. 
    2. They obtain your name and address, often through a breach, data leak, or illegal database. 
    3. They “order” their own product but send it to you at no cost. 
    4. Once shipping confirms delivery, they post a fake verified review under your identity to boost their seller rating. 
    5. The product gains more visibility, which drives more sales. 

    In one sentence: Your delivery confirmation becomes their proof that a real customer received the item—even though you never ordered it. 

    Why It’s Called “Brushing” 

    The term comes from e-commerce, where sellers would “brush up” their sales by generating fake orders and reviews. Today, brushing scams are a global issue affecting major online marketplaces. 

    Common Items Sent in Brushing Scams 

    • Costume jewelry 
    • Small electronics or keychain gadgets 
    • Random home goods 
    • Seeds (often unmarked) 
    • Low-cost accessories 

    If the item feels random or unusually cheap, it fits the profile. 

    Are Brushing Scams Dangerous? 

    Personal Data Exposure

    The biggest red flag is that someone had your name and address, and possibly more. Brushing scams often follow data breaches or third-party leaks. 

    Account Risk

    Some platforms may temporarily flag or freeze your account if someone posts fake reviews under your name. 

    Misleading Products

    Fake reviews inflate trust and push low-quality items higher in search results. That misleads other shoppers and props up fraudulent sellers.

    Potential Safety Hazards

    Some unsolicited items—cosmetics, supplements, electronics, or seeds—may be unsafe, expired, counterfeit, or banned. 

    What To Do If You Receive an Unordered Package 

    1. Don’t use or consume the item, especially cosmetics, food, or electronics. 
    2. Check your marketplace account (Amazon, AliExpress, etc.) to confirm there’s no unauthorized order. 
    3. Report the brushing scam using the platform’s built-in reporting tools. 
    4. Update your passwords for your shopping account and linked email. 
    5. Enable two-factor authentication (2FA) for added security. 
    6. Monitor bank/credit card activity for unusual charges. 
    7. If the package came via USPS, you can mark it “Return to sender” without cost. 

    How to Report a Brushing Scam on Amazon 

    1. Log into your Amazon account. 
    2. Go to the Report Unsolicited Package section. 
    3. Add your tracking number and package details. 
    4. Amazon may take up to 10 days to investigate. 

    Should You Return the Package? 

    Generally: No.

    You are not legally required to return or pay for an unsolicited package. But reporting it helps platforms investigate fraudulent sellers. 

    How To Protect Yourself From Brushing Scams

    Secure Your Accounts

    Report Every Unsolicited Package

    This helps platforms identify abusive sellers.

    Verify Reviews Before Buying

    Genuine reviews mention specific details; fake ones are vague, repetitive, or overly positive.

    Stick to Well-Reviewed, Long-Standing Sellers

    Avoid newly created storefronts with few verified reviews.

    Quick FAQ 

    Why am I receiving random packages from overseas?
    It’s often part of a brushing scam where sellers need a “delivered” status to post fake reviews.

    Is a brushing scam identity theft?
    Not exactly, but it does mean someone had access to your personal data, which increases your overall risk.

    Should I throw the item away?
    You can safely discard most brushing-scam items, but avoid using them and report the incident first.

    Should I worry if I get seeds or soil?
    Yes—never plant or dispose of unknown seeds improperly. Report them to the USDA or your state agriculture office.

    Final Thoughts

    Brushing scams may seem like a harmless freebie, but they’re a sign that your personal information was exposed and could potentially be misused.

    Stay cautious, secure your accounts, report any unsolicited packages, and trust only reputable sellers. With simple steps, you can protect your identity, and avoid being pulled into a scammer’s fake review scheme.

    The post Brushing Scams: What They Are and How to Stay Safe From Unsolicited Packages appeared first on McAfee Blog.

    This Holiday Season, Watch Out for These Cyber-Grinch Tricks Used to Scam Holiday Shoppers

    By: Charles McFarland

    McAfee threat researchers have identified several consumer brands and product categories most frequently used by cybercriminals to trick consumers into clicking on malicious links in the first weeks of this holiday shopping season. As holiday excitement peaks and shoppers hunt for the perfect gifts and amazing deals, scammers are taking advantage of the buzz. The National Retail Federation projects holiday spending will reach between $979.5 and $989 billion this year, and cybercriminals are capitalizing by creating scams that mimic the trusted brands and categories consumers trust. From October 1 to November 12, 2024, McAfee safeguarded its customers from 624,346 malicious or suspicious URLs tied to popular consumer brand names – a clear indication that bad actors are exploiting trusted brand names to deceive holiday shoppers. 

    McAfee’s threat research also reveals a 33.82% spike in malicious URLs targeting consumers with these brands’ names in the run-up to Black Friday and Cyber Monday. This rise in fraudulent activity aligns with holiday shopping patterns during a time when consumers may be more susceptible to clicking on offers from well-known brands like Apple, Yeezy, and Louis Vuitton, especially when deals seem too good to be true – pointing to the need for consumers to stay vigilant, especially with offers that seem unusually generous or come from unverified sources.  

    McAfee threat researchers have identified a surge in counterfeit sites and phishing scams that use popular luxury brands and tech products to lure consumers into “deals” on fake e-commerce sites designed to appear as official brand pages. While footwear and handbags were identified as the top two product categories exploited by cybercrooks during this festive time, the list of most exploited brands extends beyond those borders: 

    Top Product Categories and Brands Targeted by Holiday Hustlers 

    • Product categories: Handbags and footwear were the two most common product categories for bad actors. Yeezy (shoes) and Louis Vuitton (luxury handbags) were the most common brands that trick consumers into engaging with malicious/suspicious sites. 
    • Footwear: Adidas, especially the Yeezy line, was a top target, with counterfeit sites posing as official Adidas or Yeezy outlets. 
    • Luxury goods and handbags: Louis Vuitton emerged as a frequent target, particularly its handbag line. Cybercrooks frequently set up fake sites advertising high-demand luxury items like Louis Vuitton bags and apparel. 
    • Watches: Rolex was one of the most frequently counterfeited brands, with fraudulent sites openly selling counterfeit versions of the brand’s coveted watches. 
    • Technology: Scammers frequently used the Apple brand to trick consumers, including fake customer service websites and stores selling counterfeit Apple items alongside unrelated brands. 

    By mimicking trusted brands like these, offering unbelievable deals, or posing as legitimate customer service channels, cybercrooks create convincing traps designed to steal personal information or money. Here are some of the most common tactics scammers are using this holiday season: 

    Unwrapping Cybercriminals’ Holiday Shopping Scam Tactics 

    • Fake e-commerce sites: Scammers often set up fake shopping websites mimicking official brand sites. These sites use URLs similar to those of the real brand and offer too-good-to-be-true deals to attract bargain hunters. 
    • Phishing sites with customer service bait: Particularly with tech brands like Apple, some scam sites impersonate official customer service channels to lure customers into revealing personal information. 
    • Knockoff and counterfeit products: Some scam sites advertise counterfeit items as if they are real; there is often no indication that they are not legitimate products. This tactic was common for scammers leveraging the Rolex and Louis Vuitton brands, which appeal to consumers seeking luxury goods. 

     With holiday shopping in full swing, it’s essential for consumers to stay one step ahead of scammers. By understanding the tactics cybercriminals use and taking a few precautionary measures, shoppers can protect themselves from falling victim to fraud. Here are some practical tips for safe shopping this season: 

    Smart Shopping Tips to Outsmart Holiday Scammers 

    • Stay alert, particularly during shopping scam season: The increase in malicious URLs during October and November is a strong indicator that scammers capitalize on holiday shopping behaviors. Consumers should be especially vigilant during this period and continue to exercise caution throughout the holiday shopping season. 
    • Wear a skeptic’s hat: To stay safe, consumers should verify URLs, look for signs of secure websites (like https://), and be wary of any sites offering discounts that seem too good to be true. 
    • Exercise additional caution: Adidas, Yeezy, Louis Vuitton, Apple, and Rolex are brand names frequently used by cybercrooks looking to scam consumers, so sticking with trusted sources is particularly important when shopping for these items online. 

    Research Methodology 

    McAfee’s threat research team analyzed malicious or suspicious URLs that McAfee’s web reputation technology identified as targeting customers, by using a list of key company and product brand names—based on insights from a Potter Clarkson report on frequently faked brands—to query the URLs. This methodology captures instances where users either clicked on or were directed to dangerous sites mimicking trusted brands. Additionally, the team queried anonymized user activity from October 1st through November 12th. 

    Examples: 

    The image below is a screenshot of a fake / malicious / scam site: Yeezy is a popular product brand formerly from Adidas found in multiple Malicious/Suspicious URLs. Often, they present themselves as official Yeezy and/or Adidas shopping sites. 

     

    The image below is a screenshot of a fake / malicious / scam site: The Apple brand was a popular target for scammers. Many sites were either knock offs, scams, or in this case, a fake customer service page designed to lure users into a scam. 

     

    The image below is a screenshot of a fake / malicious / scam site: This particular (fake) Apple sales site used Apple within its URL and name to appear more official. Oddly, this site also sells Samsung Android phones. 

    The image below is a screenshot of a fake / malicious / scam site: This site, now taken down, is a scam site purporting to sell Nike shoes. 

    The image below is a screenshot of a fake / malicious / scam site: Louis Vuitton is a popular brand for counterfeit and scams. Particularly their handbags. Here is one site that was entirely focused on Louis Vuitton Handbags. 

    The image below is a screenshot of a fake / malicious / scam site: This site presents itself as the official Louis Vuitton site selling handbags and clothes. 

     

    The image below is a screenshot of a fake / malicious / scam site: This site uses too-good-to-be-true deals on branded items including this Louis Vuitton Bomber jacket. 

    The image below is a screenshot of a fake / malicious / scam site: Rolex is a popular watch brand for counterfeits and scams. This site acknowledges it sells counterfeits and makes no effort to indicate this on the product.  

     

    The post This Holiday Season, Watch Out for These Cyber-Grinch Tricks Used to Scam Holiday Shoppers appeared first on McAfee Blog.

    What Is a Botnet?

    By: Jasdev Dhaliwal

    What is a botnet? And what does it have to do with a toaster?

    We’ll get to that. First, a definition:

    A botnet is a group of internet-connected devices that bad actors hijack with malware. Using remote controls, bad actors can harness the power of the network to perform several types of attacks. These include distributed denial-of-service (DDoS) attacks that shut down internet services, breaking into other networks to steal data, and sending massive volumes of spam.

    In a way, the metaphor of an “army of devices” leveling a cyberattack works well. With thousands or even millions of compromised devices working in concert, bad actors can do plenty of harm. As we’ll see in a moment, they’ve done their share already.

    Which brings us back to that toaster.

    The pop-up toaster as we know it first hit the shelves in 1926, under the brand name “Toastmaster.”[i] With a familiar springy *pop*, it has ejected toast just the way we like it for nearly a century. Given that its design was so simple and effective, it’s remained largely unchanged. Until now. Thanks to the internet and so-called “smart home” devices.

    Toasters, among other things, are all getting connected. And have been for a few years now, to the point where the number of connected Internet of Things (IoT) devices reaches well into the billions worldwide — which includes smart home devices.[ii]

    Businesses use IoT devices to track shipments and various aspects of their supply chain. Cities use them to manage traffic flow and monitor energy use. (Does your home have a smart electric meter?) And for people like us, we use them to play music on smart speakers, see who’s at the front door with smart doorbells, and order groceries from an LCD screen on our smart refrigerators — just to name a few ways we’ve welcomed smart home devices into our households.

    In the U.S. alone, smart home devices make up a $30-plus billion marketplace per year.[iii] However, it’s still a relatively young marketplace. And with that comes several security issues.

    IoT security issues and big-time botnet attacks 

    First and foremost, many of these devices still lack sophisticated security measures, which makes them easy pickings for cybercriminals. Why would a cybercriminal target that smart lightbulb in your living room reading lamp? Networks are only as secure as their least secure device. Thus, if a cybercriminal can compromise that smart lightbulb, it can potentially give them access to the entire home network it is on — along with all the other devices and data on it.

    More commonly, though, hackers target smart home devices for another reason. They conscript them into botnets. It’s a highly automated affair. Hackers use bots to add devices to their networks. They scan the internet in search of vulnerable devices and use brute-force password attacks to take control of them.

    At issue: many of these devices ship with factory usernames and passwords. Fed with that info, a hacker’s bot can have a relatively good success rate because people often leave the factory password unchanged. It’s an easy in.

    Results from one real-life test show just how active these hacker bots are:

    We created a fake smart home and set up a range of real consumer devices, from televisions to thermostats to smart security systems and even a smart kettle – and hooked it up to the internet.

    What happened next was a deluge of attempts by cybercriminals and other unknown actors to break into our devices, at one stage, reaching 14 hacking attempts every single hour.

    Put another way, that hourly rate added up to more than 12,000 unique scans and attack attempts a week.[iv] Imagine all that activity pinging your smart home devices.

    Now, with a botnet in place, hackers can wage the kinds of attacks we mentioned above, particularly DDoS attacks. DDoS attacks can shut down websites, disrupt service and even choke traffic across broad swathes of the internet.

    Remember the “Mirai” botnet attack of 2016, where hackers targeted a major provider of internet infrastructure?[v] It ended up crippling traffic in concentrated areas across the U.S., including the northeast, Great Lakes, south-central, and western regions. Millions of internet users were affected, people, businesses, and government workers alike.

    Another more recent set of headline-makers are the December 2023 and July 2024 attacks on Amazon Web Services (AWS).[vi],[vii] AWS provides cloud computing services to millions of businesses and organizations, large and small. Those customers saw slowdowns and disruptions for three days, which in turn slowed down and disrupted the people and services that wanted to connect with them.

    Also in July 2024, Microsoft likewise fell victim to a DDoS attack. It affected everything from Outlook email to Azure web services, and Microsoft Office to online games of Minecraft. They all got swept up in it.[viii]

    These attacks stand out as high-profile DDoS attacks, yet smaller botnet attacks abound, ones that don’t make headlines. They can disrupt the operations of websites, public infrastructure, and businesses, not to mention the well-being of people who rely on the internet.

    Botnet attacks: Security shortcomings in IoT and smart home devices 

    Earlier we mentioned the problem of unchanged factory usernames and passwords. These include everything from “admin123” to the product’s name. Easy to remember, and highly insecure. The practice is so common that they get posted in bulk on hacking websites, making it easy for cybercriminals to simply look up the type of device they want to attack.

    Complicating security yet further is the fact that some IoT and smart home device manufacturers introduce flaws in their design, protocols, and code that make them susceptible to attacks.[ix] The thought gets yet more unsettling when you consider that some of the flaws were found in things like smart door locks.

    The ease with which IoT devices can be compromised is a big problem. The solution, however, starts with manufacturers that develop IoT devices with security in mind. Everything in these devices will need to be deployed with the ability to accept security updates and embed strong security solutions from the get-go.

    Until industry standards get established to ensure such basic security, a portion of securing your IoT and smart home devices falls on us, as people and consumers.

    Steps for a more secure network and smart devices 

    As for security, you can take steps that can help keep you safer. Broadly speaking, they involve two things: protecting your devices and protecting the network they’re on. These security measures will look familiar, as they follow many of the same measures you can take to protect your computers, tablets, and phones.

    Grab online protection for your smartphone. 

    Many smart home devices use a smartphone as a sort of remote control, not to mention as a place for gathering, storing, and sharing data. So whether you’re an Android owner or iOS owner, use online protection software on your phone to help keep it safe from compromise and attack.

    Don’t use the default — Set a strong, unique password. 

    One issue with many IoT devices is that they often come with a default username and password. This could mean that your device and thousands of others just like it all share the same credentials, which makes it painfully easy for a hacker to gain access to them because those default usernames and passwords are often published online. When you purchase any IoT device, set a fresh password using a strong method of password creation, such as ours. Likewise, create an entirely new username for additional protection as well.

    Use multi-factor authentication. 

    Online banks, shops, and other services commonly offer multi-factor authentication to help protect your accounts — with the typical combination of your username, password, and a security code sent to another device you own (often a mobile phone). If your IoT device supports multi-factor authentication, consider using it there too. It throws a big barrier in the way of hackers who simply try and force their way into your device with a password/username combination.

    Secure your internet router too. 

    Another device that needs good password protection is your internet router. Make sure you use a strong and unique password as well to help prevent hackers from breaking into your home network. Also, consider changing the name of your home network so that it doesn’t personally identify you. Fun alternatives to using your name or address include everything from movie lines like “May the Wi-Fi be with you” to old sitcom references like “Central Perk.” Also check that your router is using an encryption method, like WPA2 or the newer WPA3, which keeps your signal secure.

    Upgrade to a newer internet router. 

    Older routers might have outdated security measures, which might make them more prone to attacks. If you’re renting yours from your internet provider, contact them for an upgrade. If you’re using your own, visit a reputable news or review site such as Consumer Reports for a list of the best routers that combine speed, capacity, and security.

    Update your apps and devices regularly. 

    In addition to fixing the odd bug or adding the occasional new feature, updates often fix security gaps. Out-of-date apps and devices might have flaws that hackers can exploit, so regular updating is a must from a security standpoint. If you can set your smart home apps and devices to receive automatic updates, that’s even better.

    Set up a guest network specifically for your IoT devices. 

    Just as you can offer your guests secure access that’s separate from your own devices, creating an additional network on your router allows you to keep your computers and smartphones separate from IoT devices. This way, if an IoT device is compromised, a hacker will still have difficulty accessing your other devices on your primary network, the one where you connect your computers and smartphones.

    Shop smart. 

    Read trusted reviews and look up the manufacturer’s track record online. Have their devices been compromised in the past? Do they provide regular updates for their devices to ensure ongoing security? What kind of security features do they offer? And privacy features too? Resources like Consumer Reports can provide extensive and unbiased information that can help you make a sound purchasing decision.

    Don’t let botnets burn your toast

    As more and more connected devices make their way into our homes, the need to ensure that they’re secure only increases. More devices mean more potential avenues of attack, and your home network is only as secure as the least secure device that’s on it.

    While standards put forward by industry groups such as UL and Matter have started to take root, a good portion of keeping IoT and smart home devices secure falls on us as consumers. Taking the steps above can help prevent your connected toaster from playing its part in a botnet army attack — and it can also protect your network and your home from getting hacked.

    It’s no surprise that IoT and smart home devices have raked in billions of dollars over the years. They introduce conveniences and little touches into our homes that make life more comfortable and enjoyable. However, they’re still connected devices. And like anything that’s connected, they must be protected.

    [i] https://www.hagley.org/librarynews/history-making-toast

    [ii] https://www.statista.com/statistics/1183457/iot-connected-devices-worldwide/

    [iii] https://www.statista.com/outlook/dmo/smart-home/united-states

    [iv] https://www.which.co.uk/news/article/how-the-smart-home-could-be-at-risk-from-hackers-akeR18s9eBHU

    [v] https://en.wikipedia.org/wiki/Mirai_(malware)

    [vi] https://www.darkreading.com/cloud-security/eight-hour-ddos-attack-struck-aws-customers

    [vii] https://www.forbes.com/sites/emilsayegh/2024/07/31/microsoft-and-aws-outages-a-wake-up-call-for-cloud-dependency/

    [viii] https://www.bbc.com/news/articles/c903e793w74o

    [ix] https://news.fit.edu/academics-research/apps-for-popular-smart-home-devices-contain-security-flaws-new-research-finds/

     

    The post What Is a Botnet? appeared first on McAfee Blog.

    How To Protect Yourself from Black Friday and Cyber Monday AI Scams 

    By: Amy Bunn

    It usually starts with something small.

    You’re scrolling TikTok or Instagram, half-paying attention, when a Black Friday ad pops up. It looks like the brand you love—same logo, same photos, same “limited-time deal” language you’ve seen in real promos. The link takes you to a site that looks identical to the real one. The checkout page works. The confirmation email looks legit.

    Then the payment clears, and the merchant name on your bank statement doesn’t match the store at all.

    That moment, wait, what did I just buy from?, is becoming the defining holiday-shopping scam of 2025.

    This year, fake ads and cloned storefronts aren’t sketchy one-offs or typo-filled red flags. They’re polished. They’re identical. And increasingly, they’re powered by AI.

    McAfee’s 2025 holiday research found that nearly half of Americans (46%) have already encountered AI-altered or AI-generated scams while shopping. And with 96% of people planning to shop online, many doing so daily, scammers know this is peak opportunity.

    Here’s how fraudsters are blending into the busiest shopping season of the year, what the data shows, and how to stay one step ahead.

    Why Scammers Are So Effective Right Now

    A perfect storm is happening:

    People are shopping more often.
    Nearly half of U.S. adults expect to shop online daily or multiple times per day during the holidays.

    People are rushed.
    From early Black Friday “price drop” alerts to Cyber Monday countdowns, shoppers don’t slow down to verify what they’re seeing.

    AI makes scam content nearly flawless.
    McAfee found technology email scams surging ~85%, retail email scams rising ~50%, and fraudulent URLs climbing across the board—from counterfeit Apple support pages to fake Costco refund portals.

    Holiday deals are already rolling out—and so are the scams.

    McAfee’s 2025 holiday research shows major spikes in email scams (~50% increase), technology scams (~85% increase), and fake storefronts that mimic trusted retailers. AI tools are making these scams faster, more realistic, and harder to spot.

    It’s not that shoppers suddenly got careless.

    It’s that scammers suddenly got good.

    This shows a SMishing text from a fake Amazon. Companies won't text you like this.
    This shows a SMishing text from a fake Amazon. Companies won’t text you like this.

    The 2025 Scams Hitting Shoppers the Hardest

    1. Fake Retail Sites & “Deal” Pages That Look Real

    This is the big one, and it’s getting cleaner every year.

    Scammers lift entire storefronts:

    • Logos
    • Product photos
    • Sale graphics
    • Checkout flows
    • Even fake customer service pages

    The only giveaway? A URL that’s juuust slightly off—“target-sale.com” instead of “target.com,” or a link ending in “.shop” or “.store” rather than a brand’s normal domain.

    Once you enter your payment info, it goes directly into a database that criminals resell or use to make purchases.

    How to spot and avoid this scam: Skip the ad. Type the retailer’s name into your browser yourself. If it’s a real deal, you’ll find it on their actual site.

    2. TikTok, Instagram & Social Video Scams

    Short-form videos are now a prime scam vehicle.

    Scammers steal influencer footage, use AI voice clones, or generate deepfake “promo” videos with celebrities offering huge holiday discounts. When someone clicks the link, it leads straight to a counterfeit store.

    According to McAfee:

    • 46% have encountered fake influencer/celebrity endorsements
    • Younger shoppers (18–34) see them most
    • Many appear during holiday-sale cycles on TikTok Shop and Instagram Shopping
    • US – Holiday Shopping 2025 fact…

    How to spot and avoid this scam: Check the creator’s account history. Real brands don’t drop one-off promo videos from accounts you’ve never seen before. Same as our initial advice, skip the ad entirely and go directly to the official brand website rather than clicking any links.

    3. Delivery & Shipping Text Scams

    The classic delivery scam is back, with McAfee researchers finding dozens of examples of fake messages attempting to scam holiday shoppers.

    You’ll receive a text saying a package can’t be delivered or that a small fee is needed to confirm your address.

    McAfee found that 43% of people have encountered fake delivery notifications, and many victims say they entered credit card information thinking they were resolving a legitimate issue.

    How to spot and avoid this scam: UPS, USPS, and FedEx will never send a clickable payment link in a text. If you’re wondering about a specific delivery, go directly to the site you ordered it from, or your original receipt in your email to find your tracking information.

    4. Account Verification & Gift Card Scams

    These hit during the weeks leading up to the holidays.

    Messages claim:

    • Your Amazon account is locked
    • Your Apple ID has “suspicious activity”
    • Your loyalty points are expiring
    • You must verify your payment information
    • You must pay a fee or gift card to resolve an issue

    How to spot and avoid this scam:
    No legitimate company will ever resolve account issues through gift cards or text-confirmation codes.

    How AI Is Supercharging These Scams

    Not long ago, scam emails had broken English and pixelated logos.

    Now scammers use generative AI to:

    • Clone real brand websites
    • Rewrite perfect phishing emails
    • Fake customer service chatbots
    • Produce Hyper-real video ads
    • Replicate influencer voices
    • Generate thousands of unique scam texts instantly

    And people are noticing.

    57% of shoppers say they’re more concerned about AI scams this year than last.

    Yet 38% believe they can spot scams—even though 22% have fallen for one.

    Confidence ≠ protection.

    Fake designer websites like this page for Gucci shirts are deceptive and look close to the real thing.
    Fake designer websites like this page for Gucci shirts are deceptive and look close to the real thing.

    What to Do if You Think You’ve Encountered a Scam

    If something feels off—a message, a link, a charge on your bank statement—don’t panic. Most holiday scams rely on speed and confusion. Slowing down and taking a few simple steps can keep a bad situation from turning into real damage.

    1. Stop engaging immediately

    Close the tab, delete the message, and don’t click anything else.
    Scammers often stack multiple pop-ups or redirects to pressure you into acting fast.

    2. Don’t enter any additional information

    If you started typing in a password or card number but didn’t hit “submit,” back out.
    If you did enter details, move to the next steps right away.

    3. Change your passwords (starting with the affected account)

    Use a strong, unique password—especially for accounts tied to:

    • email
    • shopping apps
    • banking
    • cloud storage

    A reused password is how one compromised login unlocks everything else. McAfee offers a password manager to help you make and store strong, unique passwords.

    4. Check your bank or credit card for unexpected charges

    Fraud usually starts small: $1–$5 “test” charges, odd merchant names, or tiny withdrawals.
    If you see anything suspicious, contact your bank and request:

    • a card replacement
    • a fraud alert
    • a temporary account freeze, if necessary

    5. Run a security scan on your device

    Some fake sites drop malware or spyware quietly in the background.
    A quick scan can detect:

    • malicious downloads
    • browser hijackers
    • unsafe extensions
    • keyloggers

    McAfee offers a free antivirus trial that you can use to scan your device and check for compromises.

    6. Report the scam

    Reporting helps stop other shoppers from being targeted.
    You can report scams to:

    • the retailer being impersonated
    • the platform where you saw the ad (TikTok, Instagram, Facebook)
    • your national fraud reporting center

    7. Let technology help you clean up

    McAfee can automatically detect whether the link, message, or site you interacted with is malicious—and alert you if your information may have been exposed.
    Tools like:

    can help contain an issue before it turns into identity theft.

    We offer a free antivirus trial to help protect your devices.
    We offer a free antivirus trial to help protect your devices.

    Need a Gift for the Practical Person in Your Life? Consider Giving Them Scam Protection

    There’s always someone on your holiday list who doesn’t want more stuff, they want something useful. The friend who loves a clean inbox. The sibling who’s constantly traveling. The parent who keeps forwarding you suspicious texts asking, “Is this real?”

    For them, security might actually be the most thoughtful gift you can give this year.

    Online safety tools aren’t flashy, but they are the thing people reach for the moment they click the wrong link, lose a password, or get a sketchy delivery text. And with scams more believable than ever, digital protection has quietly become a new “practical essential,” like a good VPN or a reliable password manager.

    Gifting McAfee means giving someone:

    Scam protection that works quietly in the background
    Scam Detector flags dangerous messages, deepfake-style content, and fake shopping sites before they ever interact with them.

    Identity & financial monitoring
    A huge help for anyone who’s been burned by fraud in the past — or is tired of checking bank statements manually.

    Password security that doesn’t require them to remember anything
    Perfect for the person who uses the same password everywhere (and you know exactly who I mean).

    Device protection for laptops, phones, and tablets
    Which is especially relevant for people shopping, traveling, or working remotely through the holiday season.

    It’s practical. It’s protective. And unlike most presents, it’s something they’ll use all year.

    The post How To Protect Yourself from Black Friday and Cyber Monday AI Scams  appeared first on McAfee Blog.

    What Are the 6 Types of Identity Theft

    By: Jasdev Dhaliwal

    You crack open your credit card statement and something seems … off. Maybe it’s a couple of small online purchases that make you think, “Hmm, that’s strange.” Or maybe a statement shows up in your mailbox — one for a card that you don’t own at all. That calls for a huge “What the heck???” Sure enough, you’re looking at cases of identity fraud and theft.

    And there’s a difference between identity fraud and identity theft. It’s subtle. And because of that, they often get used interchangeably. Each one can really sting but in different ways.

    Identity fraud is…

    • When someone steals your personal info to tap into an account you already have.
    • Examples:
      • A crook gets hold of your debit card info from a data breach and buys a video game console with it.
      • You fall victim to a phishing attack while buying concert tickets. The crooks bundle up your credit card info with the info from thousands of other victims. Then they sell it on the dark web.

    Identity theft is…

    • When someone uses your personal info to open new accounts in your name — or impersonates you in other ways.
    • Examples:
      • A crook uses your personal info to open a new line of credit at a furniture store under your name and buys a couple of massaging recliners with it.
      • A criminal uses your Social Security Number (SSN) to create a driver’s license with their likeness but with your name and personal info.

    So, put simply, identity fraud involves stealing from an existing account. Identity theft means that someone used your personal info to impersonate you in some way, such as opening new accounts in your name.

    Top forms of identity theft and fraud

    Each year, the U.S. Federal Trade Commission (FTC) publishes a data book that collects consumer reports of fraud, identity theft, and other similar crimes. Using the most recent data from the FTC, we can plot what the top forms of identity theft and fraud look like.

    Credit cards

    By far the top form of identity theft and fraud. As mentioned in the examples above, these can include crooks who string out several small purchases over time. All in the hope that the cardholder will overlook it. It can also include a one-whopper of a purchase for a big-ticket item. Here, the crook knows the card will likely get canceled quickly afterward. It’s a one-and-done deal.

    Loans and leases

    Second, we have loans and leases. This can range from student loans, personal loans, and auto loans, and to real estate rentals as well. Common across them all is someone impersonating you to take them out or tap into their funds in some way.

    Bank accounts

    Here, the creation of totally new accounts leads the way in this category. As we described above, that’s a form of identity theft. Yet identity fraud accounts for a noticeable chuck, which includes account takeovers. In these cases, crooks siphon off funds via debit cards, Electronic Funds Transfer (ETF), and other forms of withdrawal and transfer.

    ID and government benefits

    This covers cases where crooks use stolen personal info to get IDs. That includes driver’s licenses, passports, and other government documentation. Further, this category also encompasses the theft of government-issued benefits ranging from medical assistance to veteran’s pay.

    Tax returns

    While all forms of identity theft and fraud can pack a punch, this type hits particularly hard because it involves your SSN. Around tax time, scammers with access to SSNs will file bogus returns, all with the aim of claiming the refund for themselves.

    Utilities

    Largely, this involves people buying cell phones and opening new mobile accounts along with them. Yet it also includes people opening other utilities in other people’s names. Indeed, crooks will scam their way into getting free electricity, water, gas, and yes…cable TV.

    Other important forms of identity theft and fraud to keep in mind

    Although these forms don’t top the list in terms of reports, they still bear mentioning. They’re serious enough, and they can go undetected for some time before their victims find out.

    Medical identity theft

    In this form, an imposter receives care, medications, or medical devices in someone else’s name. They might pass off phony documentation to the care provider involved, the insurance company that pays for the care, or a combination of the two. A few things can happen as a result. It can impact the care you can get and the benefits you can use. In extreme cases, the thief’s health info can get mixed in with yours and impact your care. Medical identity theft is a good reason to closely review all the medical and insurance statements you get.

    Child identity theft

    Imagine your child about to rent a first apartment. The property management company runs a credit check, only to find a horrendous credit rating. But how? An identity thief has been using your child’s identity for years now. After all, what parent thinks, “I really should run a credit report on my kindergartener.” And that’s fair. However, signing up your child for identity is a sound move. It can help spot if your child’s identity got stolen.

    Steps to take if you suspect that you’re the victim of identity theft

    1) Notify the companies and institutions involved and consider a credit freeze.

    Whether you spot a curious charge on your bank statement or you discover what looks like a fraudulent account in your credit monitoring service, let the bank or business involved know you suspect fraud. With a visit to their website, you can track down the appropriate number to call and get the investigation process started.

    In the meantime, consider putting a security freeze in place. A security freeze service prevents others from opening new credit, bank, and utility accounts in your name.​ It won’t hit your credit score, and you can unfreeze it when needed. You’ll find this feature in our McAfee+ plans as well.

    2) File a police report.

    Some businesses will require you to file a local police report to acquire a case number to complete your claim. Beyond that, filing a report is still a good idea. Identity theft is still theft, and reporting it provides an official record of it.

    Should your case of identity theft lead to someone impersonating you or committing a crime in your name, filing a police report right away can help you clear your name down the road. Likewise, save any evidence you have, such as statements or documents associated with the theft. They can help you clean up your record as well.

    3) Contact the Federal Trade Commission (FTC).

    The FTC’s identity theft website is a fantastic resource should you find yourself in need. Above and beyond simply reporting the theft, the FTC can provide you with a step-by-step recovery plan—and even walk you through the process if you create an account with them. Additionally, reporting theft to the FTC can prove helpful if debtors come knocking to collect on any bogus charges in your name. You can provide them with a copy of your FTC report and ask them to stop.

    4) Contact the IRS, if needed.

    If you receive a notice from the IRS that someone used your identity to file a tax return in your name, follow the information provided by the IRS in the notice. From there, you can file an identity theft affidavit with the IRS. If the notice mentions that you were paid by an employer you don’t know, contact that employer as well and let them know of possible fraud — namely that someone has stolen your identity and that you don’t truly work for them.

    Also, be aware that the IRS has specific guidelines as to how and when they will contact you. As a rule, they will most likely contact you via physical mail delivered by the U.S. Postal Service. (They won’t call, nor will they call and apply harassing pressure tactics — only scammers do that.) Identity-based tax scams are a topic all of their own, and for more on it, you can check out this article on tax scams and how to avoid them.

    5) Continue to monitor your credit report, invoices, and statements.

    Another downside of identity theft is that it can mark the start of a long, drawn-out affair. One instance of theft can possibly lead to another, so even what may appear to be an isolated bad charge on your credit card calls for keeping an eye on your identity. Many of the tools you would use up to this point still apply, such as checking up on your credit reports, maintaining fraud alerts as needed, in addition to reviewing your accounts closely.

    Several features in our McAfee+ plans can do this work, and quite a bit more, for you:

    • Credit Monitoring helps you keep an eye on changes to your credit score, report, and accounts with timely notifications. Spot something unusual? It offers guidance so you can tackle identity theft.
    • Identity Monitoring checks the dark web for your personal info, including email, government IDs, credit card and bank account numbers, and more. If any of it shows up on the dark web, it sends you an alert with guidance that can help protect you from identity theft.
    • Our online protection software also offers several transaction monitoring features. They track transactions on credit cards and bank accounts — shooting you a notice if unusual activity occurs. They also track retirement accounts, investments, and loans for questionable transactions. Finally, further features can help prevent a bank account takeover and keep others from taking out short-term payday loans in your name.
    • And finally, should the unexpected happen, our Identity Theft Coverage & Restoration can get you on the path to recovery. It offers up to $2 million in coverage for legal fees, travel, and funds lost because of identity theft. Further, a licensed recovery pro can do the work for you, taking the necessary steps to repair your identity and credit.

    The post What Are the 6 Types of Identity Theft appeared first on McAfee Blog.

    How to Spot Fake Login Pages 

    By: Jasdev Dhaliwal

    Have you ever come across a website that just didn’t look quite right? Perhaps the company logo looked slightly misshapen, or the font seemed off-brand. Odds are, you landed on a phony version of a legitimate corporation’s website—a tried and true tactic relied on by many cyber criminals.  

    Fake Login Pages Explained  

    A fake login page is essentially a knock-off of a real login page used to trick people into entering their login credentials, which hackers can later use to break into online accounts. These websites mirror legitimate pages by using company logos, fonts, formatting, and overall templates. Depending on the attention to detail put in by the hackers behind the imposter website, it can be nearly impossible to distinguish from the real thing. Consequentially, fake login pages can be highly effective in their end goal: credential theft.  

    How do these pages get in front of a consumer in the first place? Typically, scammers will target unsuspecting recipients with phishing emails spoofing a trusted brand. These emails may state that the user needs to reset their password or entice them with a deal that sounds too good to be true. If the consumer clicks on the link in the email, they will be directed to the fake login page and asked to enter their username and password. Once they submit their information, cybercriminals can use the consumer’s data to conduct credential-stuffing attacks and hack their online profiles. This could lead to credit card fraud, data extraction, wire transfers, identity theft, and more. 

    Why Fake Login Pages Are Effective  

    If you Google “fake login pages,” you will quickly find countless guides on how to create fake websites in seconds. Ethical concerns aside, this demonstrates just how common vector-spoofed websites are for cyberattacks. While it has been easier to distinguish between real and fake login pages in the past, criminals are constantly updating their techniques to be more sophisticated, therefore making it more difficult for consumers to recognize their fraudulent schemes.  

    One reason why fake login pages are so effective is due to inattentional blindness, or failure to notice something that is completely visible because of a lack of attention. One of the most famous studies on inattentional blindness is the “invisible gorilla test.” In this study, participants watched a video of people dressed in black and white shirts passing basketballs. Participants were asked to count the number of times the team in white passed the ball: 

    Because participants were intently focused on counting the number of times the players in white passed the ball, more than 50% failed to notice the person in the gorilla costume walking through the game. If this is the first time you’ve seen this video, it’s likely that you didn’t notice the gorilla, the curtain changing color from red to gold, or the player in black leaving the game. Similarly, if you come across a well-forged login page and aren’t actively looking for signs of fraud, you could inherently miss a cybercriminal’s “invisible gorilla.” That’s why it’s crucial for even those with phishing training to practice caution when they come across a website asking them to take action or enter personal details.  

    How to Steer Clear of Fake Login Pages  

    The most important defense against steering clear of fake login pages is knowing how to recognize them. Follow these tips to help you decipher between a legitimate and a fake website:  

    1. Don’t fall for phishing  

    Most fake login pages are circulated via phishing messages. If you receive a suspicious message that asks for personal details, there are a few ways to determine if it was sent by a phisher aiming to steal your identity. Phishers often send messages with a tone of urgency, and they try to inspire extreme emotions such as excitement or fear. If an unsolicited email urges you to “act fast!” slow down and evaluate the situation. 

    2. Look for misspellings or grammatical errors  

    Oftentimes, hackers will use a URL for their spoofed website that is just one character off from the legitimate site, such as using “www.rbcr0yalbank.com” versus “www.rbcroyalbank.com.” Before clicking on any website from an email asking you to act, hover over the link with your cursor. This will allow you to preview the URL and identify any suspicious misspellings or grammatical errors before navigating to a potentially dangerous website. 

    3. Ensure the website is secured with HTTPS 

    HTTPS, or Hypertext Transfer Protocol Secure, is a protocol that encrypts your interaction with a website. Typically, websites that begin with HTTPS and feature a padlock in the top left corner are considered safer. However, cybercriminals have more recently developed malware toolkits that leverage HTTPS to hide malware from detection by various security defenses. If the website is secured with HTTPS, ensure that this isn’t the only way you’re analyzing the page for online safety.  

    4. Enable multi-factor authentication 

    Multi-factor authentication requires that users confirm a collection of things to verify their identity—usually something they have, and a factor unique to their physical being—such as a retina or fingerprint scan. This can prevent a cybercriminal from using credential-stuffing tactics (where they will use email and password combinations to hack into online profiles) to access your network or account if your login details were ever exposed during a data breach.  

    5. Sign up for an identity theft alert service 

    An identity theft alert service warns you about suspicious activity surrounding your personal information, allowing you to jump to action before irreparable damage is done. McAfee+ not only keeps your devices safe from viruses but gives you the added peace of mind that your identity is secure, as well.  

    The post How to Spot Fake Login Pages  appeared first on McAfee Blog.

    Is Your Smart Home Vulnerable to a Hack Attack?

    By: Jasdev Dhaliwal

    Your smart home hums right along. It sets your alarm, opens your garage door, pops up recipes on your refrigerator screen, turns up your lighting, and even spins selections as your in-house DJ. That’s to name just a few of the things it can do. Yet with all these connected conveniences, can smart homes get hacked?

    The short answer is, unfortunately, yes. Yet you have plenty of ways you can prevent it from happening.

    Why do hackers target smart homes?

    Smart homes and the Internet of Things (IoT) devices that populate them often offer prime targets for hackers. The reason? Many IoT smart home devices have poor security features in place. And because a home network is only as strong as its weakest point, smart home devices offer a ready means of entry. With that access to the network, a hacker has access to all the other devices on it…computers, tablets, smartphones, baby monitors, and alarm systems. Everything.

    Recent research sheds light on what’s at stake. Cybersecurity teams at the Florida Institute of Technology found that companion apps for several big brand smart devices had security flaws. Of the 20 apps linked to connected doorbells, locks, security systems, televisions, and cameras they studied, 16 had “critical cryptographic flaws” that might allow attackers to intercept and modify their traffic. These flaws might lead to the theft of login credentials and spying, the compromise of the connected device, or the compromise of other devices and data on the network.[i]

    Over the years, our research teams at McAfee Labs have uncovered similar security vulnerabilities in other IoT devices like smart coffee makers and smart wall plugs.

    Let’s imagine a smart lightbulb with poor security measures. As part of your home network, a motivated hacker might target it, compromise it, and gain access to the other devices on your network. In that way, a lightbulb might lead to your laptop — and all the files and data on it.

    In all, hackers have many reasons why they might break into your smart home.

    How you can protect your smart home devices

    You can take several steps to make your current smart home safer. Some of them involve protecting your devices, while others focus on protecting your home network.

    1. Update your devices. Some manufacturers keep devices current better than others, yet always check for updates. They often include security fixes and other measures to keep hackers out.
    2. Use strong, unique passwords. Every device of yours should have one, along with a unique username. In some cases, connected devices ship with default usernames and passwords, making them that much easier to hack.[ii]
    3. Use multi-factor authentication. Our banks, medical providers, and numerous other services use multi-factor authentication to keep hackers from hijacking accounts. If your smart home device supports two-factor authentication as part of the login procedure, put it to use and get that extra layer of security.
    4. Secure your internet router. Your router acts as the internet’s gateway into your home. From there, it works as a hub that connects all your devices — computers, tablets, and phones, plus your IoT devices as well. That means it’s vital to keep your router secure. The first thing to do is change the default password of your router if you haven’t done so already. Again, use a strong method of password creation. Also, change the name of your router. When you choose a new one, go with a name that doesn’t give away your address or identity. Something unique and even fun like “Pizza Lovers” or “The Internet Warehouse” are options that mask your identity and are memorable for you too.
    5. Keep your router current. Routers need updates too. Many internet service providers (ISPs) automatically push firmware updates to the routers they rent or sell to their customers. Check with yours to see. Likewise, router hardware becomes outdated over time. If you rent a router from your ISP, periodically check to see if they have new equipment available. If you own your router, check to see if it uses the latest security protocols. Currently, Wi-Fi Protected Access II (WPA2) is a strong and common form. Wi-Fi Protected Access II (WPA3) is newer, stronger, and is gaining traction in the marketplace.
    6. Set up a guest network specifically for your smart devices. Just as you can offer your human guests secure access that’s separate from your own devices, creating an additional network on your router allows you to keep your computers and smartphones separate from smart devices. This way, if a smart device is compromised, a hacker will still have difficulty accessing your other devices because they’re on a different network.
    7. In the U.S., look for the Cyber Trust Mark. In 2024, the Federal Communications Commission (FCC) adopted the rules and framework for a new cybersecurity certification program.[iii] The program is voluntary, yet many noteworthy brands have shown support for this new Cyber Trust Mark. The mark will show that the smart device in question uses cybersecurity best practices, which makes it less vulnerable to threats. In a way, you can liken it to the Energy Star certification for appliances — a certification that can help you make a smarter purchasing decision when it comes to outfitting your smart home.
    8. Protect your phone. You’ve probably seen that you can control a lot of your connected things with your smartphone. We use them to set the temperature, turn our lights on and off, and even see who’s at the front door. With that, it seems like we can add the label “universal remote control” to our smartphones — so protecting our phones has become yet more important. Whether you’re an Android or iOS device user, get security software installed on your phone so you can protect all the things it accesses and controls — in addition to you and the phone as well.

    And protect yourself too

    Aside from protecting your devices, there’s protecting yourself. Comprehensive online protection software will protect your privacy and identity as well. Depending on your location and the plan you select, ours includes up to $2 million in identity theft coverage, plus features that clean up old and risky online accounts. Further features remove your personal info from the sketchiest of online data brokers and help you monitor all your transactions in one place — including retirement and investment accounts. It’s comprehensive protection for a reason.

    Want more on setting up your smart home?

    Check out our Smart Home Security Guide. It offers further details on device protection and privacy advice for smart devices and smart speakers too. It’s free, and part of the McAfee Safety Series that covers topics ranging from online shopping and cyberbullying to identity protection and ransomware prevention.

    [i] https://news.fit.edu/academics-research/apps-for-popular-smart-home-devices-contain-security-flaws-new-research-finds/

    [ii] https://www.zdnet.com/article/hacker-leaks-passwords-for-more-than-500000-servers-routers-and-iot-devices/

    [iii] https://docs.fcc.gov/public/attachments/DOC-401201A1.pdf

     

    The post Is Your Smart Home Vulnerable to a Hack Attack? appeared first on McAfee Blog.

    How to Spot Phishing Lures

    By: Jasdev Dhaliwal

    Phishing attacks have all kinds of lures. And many are so tried and true that it makes them easy to spot.

    The target of a phishing attack is you. More specifically, your personal info and your money. Whether a scammer reaches out by email, with a text, or through a direct message, that’s what they’re after. And with a link, they whisk you off to a sketchy site designed to take them from you.

    Just how much phishing is going on? To date, we’ve identified more than half a billion malicious sites out there. A number that grows daily. Because these attacks often succeed. One big reason why — they play on people’s emotions.

    Phishing attacks always involve a form of “social engineering,” which is an academic way of saying that scammers use manipulation in their attacks. Commonly, scammers pretend to be a legitimate person or business.

    You can get a better idea of how this works by learning about some of the most popular scams circulating today:

    The CEO Scam

    This scam appears as an email from a leader in your organization, asking for highly sensitive info like company accounts, employee salaries, and Social Security numbers. The hackers “spoof”, or fake, the boss’ email address so it looks like a legitimate internal company email. That’s what makes this scam so convincing — the lure is that you want to do your job and please your boss. But keep this scam in mind if you receive an email asking for confidential or highly sensitive info. Ask the apparent sender directly whether the request is real before acting.

    The Urgent Email Attachment

    Phishing emails that try to trick you into downloading a dangerous attachment that can infect your computer and steal your private info have been around for a long time. This is because they work. You’ve probably received emails asking you to download attachments confirming a package delivery, trip itinerary, or prize. They might urge you to “respond immediately!” The lure here is offering you something you want and invoking a sense of urgency to get you to click.

    The “Lucky” Text or Email

    How fortunate! You’ve won a free gift, an exclusive service, or a great deal on a trip to Las Vegas. Just remember, whatever “limited time offer” you’re being sold, it’s probably a phishing scam designed to get you to give up your credit card number or identity info. The lure here is something free or exciting at what appears to be little or no cost to you.

    The Romance Scam

    This one can happen completely online, over the phone, or in person after contact is established. But the romance scam always starts with someone supposedly looking for love. The scammer often puts a phony ad online or poses as a friend-of-a-friend on social media and contacts you directly. But what starts as the promise of love or partnership, often leads to requests for money or pricey gifts. The scammer will sometimes spin a hardship story, saying they need to borrow money to come visit you or pay their phone bill so they can stay in touch. The lure here is simple — love and acceptance.

    How to avoid phishing attacks

    While you can’t outright stop phishing attacks from making their way to your computer or phone, you can do several things to keep yourself from falling for them. Further, you can do other things that might make it more difficult for scammers to reach you.

    • Pause and think about the message for a minute.

    The content and the tone of the message can tell you quite a lot. Threatening messages or ones that play on fear are often phishing attacks, such as angry messages from a so-called tax agent looking to collect back taxes. Other messages will lean heavily on urgency, like a phony overdue payment notice. And during the holidays, watch out for loud, overexcited messages about deep discounts on hard-to-find items. Instead of linking you to a proper e-commerce site, they might link you to a scam shopping site that does nothing but steal your money and the account info you used to pay them. In all, phishing attacks indeed smell fishy. Slow down and review that message with a critical eye. It might tip you off to a scam.

    • Deal directly with the company or organization in question.

    Some phishing attacks can look rather convincing. So much so that you’ll want to follow up on them, like if your bank reports irregular activity on your account or a bill appears to be past due. In these cases, don’t click on the link in the message. Go straight to the website of the business or organization in question and access your account from there. Likewise, if you have questions, you can always reach out to their customer service number or web page.

    • Consider the source.

    When scammers contact you via social media, that can be a tell-tale sign of a scam. Consider, would an income tax collector contact you over social media? The answer there is no. For example, in the U.S. the Internal Revenue Service (IRS) makes it clear that they will never contact taxpayers via social media. (Let alone send angry, threatening messages.) In all, legitimate businesses and organizations don’t use social media as a channel for official communications. They’ve accepted ways they will, and will not, contact you. If you have any doubts about a communication you received, contact the business or organization in question directly. Follow up with one of their customer service representatives.

    • Don’t download attachments. And most certainly don’t open them.

    Some phishing attacks involve attachments packed with malware, like ransomware, viruses, and keyloggers. If you receive a message with such an attachment, delete it. Even if you receive an email with an attachment from someone you know, follow up with that person. Particularly if you weren’t expecting an attachment from them. Scammers often hijack or spoof email accounts of everyday people to spread malware.

    • Hover over links to verify the URL.

    On computers and laptops, you can hover your cursor over links without clicking on them to see the web address. Take a close look at the addresses the message is using. If it’s an email, look at the email address. Maybe the address doesn’t match the company or organization at all. Or maybe it looks like it almost does, yet it adds a few letters or words to the name. This marks yet another sign that you might have a phishing attack on your hands. Scammers also use the common tactic of a link shortener, which creates links that almost look like strings of indecipherable text. These shortened links mask the true address, which might indeed be a link to a scam site. Delete the message. If possible, report it. Many social media platforms and messaging apps have built-in controls for reporting suspicious accounts and messages.

    • Go with who you know.

    On social media and messaging platforms, stick to following, friending, and messaging people who you really know. As for those people who contact you out of the blue, be suspicious. Sad to say, they’re often scammers canvassing these platforms for victims. Better yet, where you can, set your profile to private, which makes it more difficult for scammers to select and stalk you for an attack.

    • Remove your personal info from sketchy data broker sites.

    How’d that scammer get your phone number or email address anyway? Chances are, they pulled that info off a data broker site. Data brokers buy, collect, and sell detailed personal info, which they compile from several public and private sources, such as local, state, and federal records, plus third parties like supermarket shopper’s cards and mobile apps that share and sell user data. Moreover, they’ll sell it to anyone who pays for it, including people who’ll use that info for scams. You can help reduce those scam texts and calls by removing your info from those sites. Our Personal Data Cleanup scans some of the riskiest data broker sites and shows you which ones are selling your personal info.

    • Use online protection software.

    Online protection software can protect you in several ways. First, it can offer web protection features that can identify malicious links and downloads, which can help prevent clicking them. Further, features like our web protection can steer you away from dangerous websites and block malware and phishing sites if you accidentally click on a malicious link. Additionally, our Scam Protection feature warns you of sketchy links in emails, texts, and messages. And overall, strong virus and malware protection can further block any attacks on your devices. Be sure to protect your smartphones in addition to your computers and laptops as well, particularly given all the sensitive things we do on them, like banking, shopping, and booking rides and travel.

    The post How to Spot Phishing Lures appeared first on McAfee Blog.

    How to Protect Your Personal Info

    By: Amy Bunn

    Whether it tags along via a smartphone, laptop, tablet, or wearable, it seems like the internet follows us wherever we go nowadays. Yet there’s something else that follows us around as well — a growing body of personal info that we create while banking, shopping, and simply browsing the internet. And no doubt about it, our info is terrifically valuable.

    What makes it so valuable? It’s no exaggeration to say that your personal info is the key to your digital life, along with your financial and civic life as well. Aside from using it to create accounts and logins, it’s further tied to everything from your bank accounts and credit cards to your driver’s license and your tax refund.

    Needless to say, your personal info is something that needs protecting, so let’s check out several ways you can do just that.

    What is personal info?

    What is personal info? It’s info about you that others can use to identify you either directly or indirectly. Thus, that info could identify you on its own. Or it could identify you when it’s linked to other identifiers, like the ones linked with the devices, apps, tools, and protocols you use.

    A prime example of direct personal info is your tax ID number because it’s unique and directly tied to your name. Further instances include your facial image to unlock your smartphone, your medical records, your finances, and your phone number because each of these can be easily linked back to you.

    Then there are those indirect pieces of personal info that act as helpers. While they might not identify you on their own, a few of them can when they’re added together. These helpers include things like internet protocol addresses, the unique device ID of your smartphone, or other identifiers such as radio frequency identification tags.

    You can also find pieces of your personal info in the accounts you use, like your Google to Apple IDs, which can be linked to your name, your email address, and the apps you have. You’ll also find it in the apps you use. For example, there’s personal info in the app you use to map your walks and runs, because the combination of your smartphone’s unique device ID and GPS tracking can be used in conjunction with other info to identify who you are. Not to mention where you typically like to do your 5k hill days. The same goes for messenger apps, which can collect how you interact with others, how often you use the app, and your location info based on your IP address, GPS info, or both.

    In all, there’s a cloud of personal info that follows us around as we go about our day online. Some wisps of that cloud are more personally identifying than others. Yet gather enough of it, and your personal info can create a high-resolution snapshot of you — who you are, what you’re doing, when you’re doing it, and even where you’re doing it, too — particularly if it gets into the wrong hands.

    Remember Pig-Pen, the character straight from the old funny pages of Charles Schultz’s Charlie Brown? He’s hard to forget with that ever-present cloud of dust following him around. Charlie Brown once said, “He may be carrying the soil that trod upon by Solomon or Nebuchadnezzar or Genghis Khan!” It’s the same with us and our personal info, except the cloud surrounding us, isn’t the dust of kings and conquerors. They’re motes of info that are of tremendously high value to crooks and bad actors — whether for purposes of identity theft or invasion of privacy.

    Protecting your personal info protects your identity and privacy

    With all the personal info we create and share on the internet, that calls for protecting it. Otherwise, our personal info could fall into the hands of a hacker or identity thief and end up getting abused, in potentially painful and costly ways.

    Here are several things you can do to help ensure that what’s private stays that way:

    1) Use a complete security platform that can also protect your privacy.

    Square One is to protect your devices with comprehensive online protection software. This defends you against the latest virus, malware, spyware, and ransomware attacks plus further protects your privacy and identity. Also, it can provide strong password protection by generating and automatically storing complex passwords to keep your credentials safer from hackers and crooks who might try to force their way into your accounts.

    Further, security software can also include a firewall that blocks unwanted traffic from entering your home network, such as an attacker poking around for network vulnerabilities so that they can “break in” to your computer and steal info.

    2) Use a VPN.

    Also known as a virtual private network, a VPN helps protect your vital personal info and other data with bank-grade encryption. The VPN encrypts your internet connection to keep your online activity private on any network, even public networks. Using a public network without a VPN can increase your risk because others on the network can potentially spy on your browsing and activity.

    If you’re new to the notion of using a VPN, check out this article on VPNs and how to choose one so that you can get the best protection and privacy possible. (Our McAfee+ plans offer a VPN as part of your subscription.)

    3) Keep a close grip on your Social Security Number.

    In the U.S., the Social Security Number (SSN) is one of the most prized pieces of personal info as it unlocks the door to employment, finances, and much more. First up, keep a close grip on it. Literally. Store your card in a secure location. Not your purse or wallet.

    Certain businesses and medical practices might ask you for your SSN for billing purposes and the like. You don’t have to provide it (although some businesses could refuse service if you don’t), and you can always ask if they will accept some alternative form of info. However, there are a handful of instances where an SSN is a requirement. These include:

    • Employment or contracting with a business.
    • Group health insurance.
    • Financial and real estate transactions.
    • Applying for credit cards, car loans, and so forth.

    Be aware that hackers often get a hold of SSNs because the organization holding that info gets hacked or compromised itself. Minimizing how often you provide your SSN can offer an extra degree of protection.

    4) Protect your files.

    Protecting your files with encryption is a core concept in data and info security, and thus it’s a powerful way to protect your personal info. It involves transforming data or info into code that requires a digital key to access it in its original, unencrypted format. For example, McAfee+ includes File Lock, which is our file encryption feature that lets you lock important files in secure digital vaults on your device.

    Additionally, you can also delete sensitive files with an application such as McAfee Shredder, which securely deletes files so that thieves can’t access them. (Quick fact: deleting files in your trash doesn’t delete them in the truest sense. They’re still there until they’re “shredded” or otherwise overwritten such that they can’t be restored.)

    5) Steer clear of those internet “quizzes.”

    Which Marvel Universe superhero are you? Does it really matter? After all, such quizzes and social media posts are often grifting pieces of your personal info in a seemingly playful way. While you’re not giving up your SSN, you might be giving up things like your birthday, your pet’s name, your first car…things that people often use to compose their passwords or use as answers to common security questions on banking and financial sites. The one way to pass this kind of quiz is not to take it!

    6) Be on the lookout for phishing attacks.

    A far more direct form of separating you from your personal info is phishing attacks. Posing as emails from known or trusted brands, financial institutions, or even a friend or family member, a scammer’s attack will try to trick you into sharing important info like your logins, account numbers, credit card numbers, and so on under the guise of providing customer service.

    How do you spot such emails? Well, it’s getting a little tougher nowadays because scammers are getting more sophisticated and can make their phishing emails look increasingly legitimate. Even more so with AI tools. However, there are several ways you can spot a phishing email and phony websites. Moreover, our McAfee Scam Protection can do it for you.

    7) Keep mum in your social media profile.

    You can take two steps to help protect your personal info from being at risk via social media. One, think twice about what you share in that post or photo — like the location of your child’s school or the license plate on your car. Two, set your profile to private so that only friends can see it. Social media platforms like Facebook, Instagram, and others give you the option of making your profile and posts visible to friends only. Choosing this setting keeps the broader internet from seeing what you’re doing, saying, and posting, which can help protect your privacy and gives a scammer less info to exploit. Using our Social Privacy Manager can make that even easier. With only a few clicks, it can adjust more than 100 privacy settings across their social media accounts — making them more private as a result.

    8) Look for HTTPS when you browse.

    The “S” stands for secure. Any time you’re shopping, banking, or sharing any kind of personal info, look for “https” at the start of the web address. Some browsers also indicate HTTPS by showing a small “lock” icon. Doing otherwise on plain HTTP sites exposes your personal info for anyone who cares to monitor that site for unsecured connections.

    9) Lock your devices.

    By locking your devices, you protect yourself that much better from personal info and data theft in the event your device is lost, stolen, or even left unattended for a short stretch. Use your password, PIN, facial recognition, thumbprint ID, what have you. Just lock your stuff. In the case of your smartphones, read up on how you can locate your phone or even wipe it remotely if you need to. Apple provides iOS users with a step-by-step guide for remotely wiping devices, and Google offers up a guide for Android users as well.

    10) Keep tabs on your credit — and your personal info.

    Theft of your personal info can lead to credit cards and other accounts being opened falsely in your name. What’s more, it can take some time before you even become aware of it, such as when your credit score takes a hit or a bill collector comes calling. By checking your credit, you can fix any issues that come up, as companies typically have a clear-cut process for contesting any fraud. You can get a free credit report in the U.S. via the Federal Trade Commission (FTC) and likewise, other nations like the UK have similar free offerings as well.

    Consider identity theft protection as well. A strong identity theft protection package pairs well with keeping track of your credit and offers cyber monitoring that scans the dark web to detect for misuse of your personal info. With our identity protection service, we help relieve the burden of identity theft if the unfortunate happens to you with $2M coverage for lawyer fees, travel expenses, lost wages, and more.

    The post How to Protect Your Personal Info appeared first on McAfee Blog.

    How to Protect Your Identity, Finances, and Security Online

    By: Jasdev Dhaliwal

    If you want to protect your identity, finances, and privacy online, you have a pretty powerful tool at hand. It’s online protection software. Today’s protection is built to get that job done.

    For starters, online protection has evolved tremendously over recent years, making it more comprehensive than ever. It goes far beyond antivirus. And it protects more than your devices. It protects you. Your identity. Your finances. Your privacy.

    Given how much of daily life has shifted to our computers and phones, like our finances and shopping, there’s a strong case for getting comprehensive online protection in place.

    Granted, we’re an online protection company. And of course, we hope you’ll give our protection like McAfee+ a close look. With that, a quick rundown of what it can do for you and your identity, finances, and privacy helps. In all, it shows just how comprehensive this protection gets.

    You can keep tabs on your identity.

    This form of protection starts with Identity Monitoring. It checks the dark web for your personal info, including email, government IDs, credit card and bank account numbers, and more. If any of it shows up on the dark web, it sends you an alert with guidance that can help protect you from identity theft.

    Should the unexpected happen, our Identity Theft Coverage & Restoration can get you on the path to recovery. It offers up to $2 million in coverage for legal fees, travel, and funds lost because of identity theft. Further, a licensed recovery pro can do the work for you, taking the necessary steps to repair your identity and credit.

    Another way identity thieves get what they want is through scam texts, emails, and messages. You can keep clear of their shady links with our new AI-powered Scam Protection. It automatically detects links that can send you to scam sites and other destinations that steal personal info. If you accidentally click? Don’t worry, we can block risky sites if you click on a suspicious link in texts, emails, social media, and more.

    You can monitor your financial big picture all in one place.

    As you conduct so many of your finances online, it only makes sense that you can keep tabs on them just as easily. Features like our Credit Monitoring keep an eye on changes to your credit score, report, and accounts with timely notifications and guidance so you can take action to tackle identity theft.

    And if you spot something out of the ordinary, our Security Freeze can quickly stop unauthorized access. It freezes credit card, bank, and utility accounts and prevents thieves from opening new ones in your name.

    Rounding things out, you also have transaction monitoring features. They track transactions on credit cards and bank accounts — shooting you a notice if unusual activity occurs. They also track retirement accounts, investments, and loans for questionable transactions. Finally, further features can help prevent a bank account takeover and keep others from taking out short-term payday loans in your name.

    You can lock down your privacy.

    Several features get the job done. Our Social Privacy Manager helps you adjust more than 100 privacy settings across your social media accounts in only a few clicks. This way, your personal info is only visible to the people you want to share it with.

    Another big intrusion on your privacy comes at the hands of online data brokers. They drive a multi-billion-dollar industry by collecting, batching, and selling people’s personal info. To anyone. That includes hackers, spammers, and scammers who use it to their own ends. Yet you can get your info removed from some of the worst offenders out there. Personal Data Cleanup scans data broker sites and shows you which ones are selling your personal info and helps you remove it.

    Another great tool for protecting your privacy comes in the form of a VPN. As a “virtual private network,” it encrypts your activity. Think of a VPN as a private tunnel for your internet traffic. It hides your search habits and history from those who might use that info to build a profile of you — whether to serve up targeted ads or to steal personal info for identity theft. In all, a VPN gives you one of the most secure ways you can go online.

    The post How to Protect Your Identity, Finances, and Security Online appeared first on McAfee Blog.

    What Should I do If My Phone Gets Stolen or Lost?

    By: Jasdev Dhaliwal

    Before your phone gets lost or stolen, put some basic steps in place.

    You’ll want to act quickly, so preparation is everything. With the right measures, you can find it, recover it, or even erase it if needed. These steps can get you set up so you can do exactly that.

    Ways to protect your smartphone from loss or theft

    Lock your phone.

    Locking your phone is one of the most basic smartphone security measures you can take. Trouble is, few of us do it. Our recent global research showed that only 56% of adults said that they protect their smartphone with a password, passcode, or other form of lock.[i] In effect, an unlocked phone is an open book to anyone who finds or steals a phone

    Setting up a lock screen is easy. It’s a simple feature found on iOS and Android devices. iPhones and Androids have an auto-lock feature that locks your phone after a certain period of inactivity. Keep this time on the low end, one minute or less, to help prevent unauthorized access.

    We suggest using a six-digit PIN or passcode rather than using a gesture to unlock your phone. They’re more complex and secure. Researchers proved as much with a little “shoulder surfing” test. They looked at how well one group of subjects could unlock a phone after observing the way another group of subjects unlocked it.[ii]

    Turn on “Find My Phone.”

    Another powerful tool you have at your disposal is the Find My Phone feature made possible thanks to GPS technology. The “find my” feature can help you pinpoint your phone if your lost or stolen phone has an active data or Wi-Fi connection and has its GPS location services enabled. Even if the phone gets powered down or loses connection, it can guide you to its last known location.

    Setting up this feature is easy. Apple offers a comprehensive web page on how to enable and use their “Find My” feature for phones (and other devices too). Android users can get a step-by-step walkthrough on Google’s Android support page as well.

    Back up your stuff in the cloud.

    Thanks to cloud storage, you might be able to recover your photos, files, apps, notes, contact info, and more if your phone is lost or stolen. Android owners can learn how to set up cloud backup with Google Drive here, and iPhone users can learn the same for iCloud here.

    Write down your phone’s unique ID number.

    Here are a couple of acronyms. IMEI (International Mobile Equipment Identity) or MEID (Mobile Equipment Identifier) are two types of unique ID numbers assigned to smartphones. Find yours and write it down. In case of loss or theft, your mobile carrier, police department, or insurance provider might ask for the info to assist in its return or reimbursement for loss.

    • For Android phones, you can find it in Settings → About Phone.
    • On iPhones, you can find it in Settings → General → About.

    More ways to protect your smartphone from loss or theft

    Beyond digital security measures, plenty of loss and theft prevention falls on you. Treat your phone like the desirable item it is. That’s a big step when it comes to preventing theft.

    Keep your phone close.

    And by close, we mean on your person. It’s easy to leave your phone on the table at a coffee shop, on a desk in a shared workspace, or on a counter when you’re shopping. Thieves might jump on any of these opportunities for a quick snatch-and-grab. You’re better off with your phone in your pocket or zipped up in a bag that you keep close.

    Secure your bags and the devices you carry in them.

    Enterprising thieves will find a way. They’ll snatch your bag while you’re not looking. Or they might even slice into it with a knife to get what’s inside, like your phone.

    Keep your bag or backpack close. If you’re stopping to grab a bite to eat, sling the handles through a chair leg. If you have a strong metal carabiner, you can use that too. Securing your bag like that can make it much tougher for a thief to walk by and swipe it. For extra security, look into a slash-resistant bag.

    If you have a credit card and ID holder attached to the back of your phone, you might want to remove your cards from it. That way, if your phone gets snatched, those important cards won’t get snatched as well.

    And if the unfortunate happens, know how to remotely, track, lock or erase your phone

    In the event of your phone getting lost or stolen, a combination of device tracking, device locking, and remote erasing can help protect your phone and the data on it.

    Different device manufacturers have different ways of going about it. But the result is the same — you can prevent others from using your phone, and even erase it if you’re truly worried that it’s in the wrong hands or gone for good. Apple provides iOS users with a step-by-step guide, and Google offers up a guide for Android users as well.

    Apple’s Find My app takes things a step further. Beyond locating a lost phone or wiping it, Find My can also mark the item as lost, notify you if you’ve left it behind, or trigger a sound to help you locate it. (A huge boon in that couch cushion scenario!) Drop by Apple’s page dedicated to the Find My app for more details on what you can do on what devices, along with instructions how.

    Take these steps as well if your phone gets lost or stolen

    1. Contact your mobile provider. They can suspend service to your phone if needed.
    2. File a police report. Theft is theft. Report it. It could help get your phone back if it’s found. Also, insurance companies might require a police report number if you file a claim.
    3. Change your passwords. Mail, social media, payment, and other apps might be accessible to anyone who can open your phone. Change the passwords to any important accounts or apps you have on your phone right away.

    All is not lost

    With preparation and prevention, you can give yourself reassurance if your phone gets lost or stolen. You have plenty of recovery options, in addition to plenty of ways to prevent bad actors from getting their hands on the sensitive info you keep on it.

    [i] https://www.mcafee.com/content/dam/consumer/en-us/docs/reports/rp-connected-family-study-2022-global.pdf

    [ii] https://arxiv.org/abs/1709.04959

     

    The post What Should I do If My Phone Gets Stolen or Lost? appeared first on McAfee Blog.

    Why Should I Pay for Online Protection?

    By: Jasdev Dhaliwal

    We all love free stuff. (Costco samples, anyone?) However, when it comes to your family’s security, do free online protection tools offer the coverage you truly need?

    Not always. In fact, they might invade the privacy you’re trying to protect.

    Here’s why.

    Free tools don’t offer the level of advanced protection that life on today’s internet needs. For starters, you’ll want malware and antivirus protection that’s as sophisticated as the threats they shut down. Ours includes AI technology and has for years now, which helps it shut down even the latest strains of malware as they hit the internet for the first time. We’re seeing plenty of that, as hackers have also turned to AI tools to code their malicious software.

    Malware and antivirus protection protects your devices. Yet a comprehensive approach protects something else. You and your family.

    What makes comprehensive online protection such a strong option

    Comprehensive online protection looks after your family’s privacy and identity. That keeps you safe from prying eyes and things like fraud and identity theft. Today’s comprehensive protection offers more features than ever, and far more than you’ll find in a free, and so incomplete, offering.

    Consider this short list of what comprehensive online protection like ours offers you and your family:

    Scam Protection

    Is that email, text, or message packing a scam link? Our scam protection lets you know before you click that link. It uses AI to sniff out bad links. And if you click or tap on one, no worries. It blocks links to malicious sites.

    Web Protection

    Like scam protection, our web protection sniffs out sketchy links while you browse. So say you stumble across a great-looking offer in a bed of search results. If it’s a link to a scam site, you’ll spot it. Also like scam protection, it blocks the site if you accidentally hit the link.

    Transaction Monitoring

    This helps you nip fraud in the bud. Based on the settings you provide, transaction monitoring keeps an eye out for unusual activity on your credit and debit cards. That same monitoring can extend to retirement, investment, and loan accounts as well. It can further notify you if someone tries to change the contact info on your bank accounts or take out a short-term loan in your name.

    Credit Monitoring

    This is an important thing to do in today’s password- and digital-driven world. Credit monitoring uncovers any inconsistencies or outright instances of fraud in your credit reports. Then it helps put you on the path to setting them straight. It further keeps an eye on your reports overall by providing you with notifications if anything changes in your history or score.

    Social Privacy Manager

    Our social privacy manager puts you in control of who sees what on social media. With it, you can secure your profiles the way you want. It helps you adjust more than 100 privacy settings across your social media accounts in just a few clicks. It offers recommendations as you go and makes sure your personal info is only visible to the people you want. You can even limit some of the ways that social media sites are allowed to use your data for greater peace of mind.

    Personal Data Cleanup

    This provides you with another powerful tool for protecting your privacy. Personal Data Cleanup removes your personal info from some of the sketchiest data broker sites out there. And they’ll sell those lines and lines of info about you to anyone. Hackers and spammers included. Personal Data Cleanup scans data broker sites and shows you which ones are selling your personal info. From there, it provides guidance for removing your data from those sites. Further, when part of our McAfee+ Advanced and Ultimate, it sends requests to remove your data automatically.

    Password Manager

    Scammers love weak or reused passwords. Even more so when they’re weak and reused. It offers them an easy avenue to force their way into people’s accounts. Our password manager creates and securely stores strong, unique passwords for you. That saves you the hassle of creating strong, unique passwords for your dozens and dozens of accounts. And helps protect you from fraud.

    Identity Theft Coverage & Restoration

    This provides you with extra assurance while you shop. Say the unfortunate happens to you and find yourself a victim of identity theft. Our coverage and restoration plan provides up to $2 million in lawyer fees and reimbursement for lawyer fees and stolen funds. Further, a licensed expert can help you repair your identity and credit. In all, this saves you money and your time if theft happens to you.

    Why “free” online protection often comes at a cost

    Say your online protection leaves gaps in your family’s safety, or that it uses less-effective methods and technologies. That exposes you to threats — threats can cost you time and money alike if one of those threats gets through.

    One example, consider the online crimes reported to the U.S. Federal Trade Commission. In 2023, they fielded 5.4 million fraud reports. Of them, 2.6 million reported a loss for a total of $10 billion. The median loss was $500 across all reports. Of course, that’s only the median dollar amount. That number can climb much higher in individual cases.

    Source: U.S. Federal Trade Commission

    Without question, protection is prevention, which can spare you some significant financial losses. Not to mention the time and stress of restoring your credit and identity — and getting your money back.

    Does free online protection software gather and share my data?

    A “free” solution has to make its money somehow.

    Free security solutions sometimes carry in-app advertising. More importantly, they might try to gather your user data to target ads or share it with others to make a profit. Also by advertising for premium products, the vendor indirectly admits that a free solution doesn’t provide enough security.

    Further, these tools also offer little to no customer support, leaving users to handle any technical difficulties on their own. What’s more, most free security solutions are meant for use on only one device, whereas the average person owns several connected devices. And that’s certainly the case for many families.

    Lastly, free solutions often limit a person’s online activity too. Many impose limits on which browser or email program the user can leverage, which can be inconvenient as many already have a preferred browser or email platform.

    Why comprehensive online protection like McAfee’s matters

    Free security products might provide the basics, but a comprehensive solution can protect you from a host of other risks — ones that could get in the way of enjoying your time online.

    With comprehensive online protection in place, your family’s devices get protection from the latest threats in the ever-evolving security landscape. It keeps your devices safe. And it keeps you safe. With that, we hope you’ll give us a close look when you decide to upgrade to comprehensive protection.

    The post Why Should I Pay for Online Protection? appeared first on McAfee Blog.

    What is ATM Skimming?

    By: Jasdev Dhaliwal

    Ever take a look at an ATM and feel like something’s off? You might have come across an ATM skimmer.

    It works like this… A crook tampers with an ATM by attaching a physical device that skims card info as cards people grab or deposit money. From there, a keypad overlay or tiny pinhole camera captures your PIN as people tap it in. And with that info, the crook has everything they need to create several counterfeit cards.

    Of course, that thief has to transfer that info. In some cases, the thief creeps back, removes the skimming device, downloads your data, and burns it to a blank ATM card. More sophisticated skimmers are connected, so thieves can download stolen info from the skimmer and then use that info to buy stuff online. Either way, a skimmer can take a big chunk out of your bank account.

    However, you have ways of spotting these sketchy ATMs. And yet, there are more ways to protect your finances if you fall victim to a carefully concealed skimmer.

    How to spot a hacked ATM

    Spotting a hacked ATM can get a bit tricky, yet you can look for a few signs. Generally speaking, ATMs are sturdy by design. If a card reader or keypad wiggles at all or the keypad feels too spongy or sticks when you tap the buttons, you might be looking at a hacked ATM. Also keep an eye out for extra pieces of plastic stuck to the ATM, which can be places where a crook has concealed a camera. Often, they’ll disguise cameras in brochure holders and overhead lights.

    Another clue of a hacked ATM — scanners and other components that don’t match the color and style of the machine. In all, anything that looks tacked on or out of place gives you a good reason to use another ATM.

    To protect yourself further, follow these tips:

    Be choosy.

    While out and about, consider using ATMs installed at a bank. These are watched more closely than ATMs in public places, which makes them harder to tamper with.

    Cover the keypad when entering your PIN.

    Thieves need your card number and your PIN to access your account with a copycat card. By covering the keypad, you prevent cameras and onlookers from seeing your PIN.

    Check your bank and credit card statements often.

    If your card does get skimmed, acting quickly counts. Thieves can quickly rack up purchases and out a chunk of your account. Banks typically watch for fraud and will contact you about unusual activity.

    Better yet, you can keep a closer eye on your accounts yourself. Our McAfee+ plans offer several types of account and transaction monitoring. Together, they can alert to strange transactions across bank, credit, retirement, and other accounts. They can also alert you if any of your info at the bank gets changed, which helps prevent account takeovers.

    The post What is ATM Skimming? appeared first on McAfee Blog.

    How Do I Protect Myself When Using Wi-Fi?

    By: Jasdev Dhaliwal

    How do you protect yourself when you use public Wi-Fi on your phone? For the 40% of people who say they use public Wi-Fi that way, it’s a good question to ask.

    A recent study from Forbes found that plenty of people use public Wi-Fi — with 35% saying they use it at least four times a month.[i]

    People have plenty of reasons for using public Wi-Fi on their phones. First off, they might want to save their cellular data usage. Maybe they want the speed it offers over a cell connection, like when they hop on a video call. In other cases, they might have a lousy cell signal indoors and want a better connection with Wi-Fi.

    All are valid reasons for using public Wi-Fi. And all are reasons for knowing how to play it safe when you do.

    The risks of public Wi-Fi

    In an ideal world, public Wi-Fi is quite safe. The operator has it set up with the latest protection protocols, like the WP3 standard. The operator also has current, updated network equipment. You’re using it to connect to a site that uses “https” for security. And there’s no hackers or snoops in the network mix.

    Of course, you can’t count on any of that every time you use public Wi-Fi.

    The safer bet on public Wi-Fi…a VPN

    So, what are your options if you want or need a public Wi-Fi connection?

    The readiest answer is to use a VPN. As a “virtual private network,” it runs your data connection through a secure, encrypted tunnel exclusive to you. This way, it shields you and what you do from any prying eyes on public Wi-Fi.

    The important bit here is to go with a trusted VPN provider. Ironically, many VPNs out there put you at risk. Some collect user info, particularly free VPNs. This gets bought and sold, and sometimes falls victim to data breaches — putting all kinds of personal info at risk.[ii] Moreover, some so-called VPNs install malware on phones instead. Others serve up ads in return for the free service.

    With that, choosing a secure and trustworthy VPN provider is a must. A VPN like ours has both your security and privacy in mind. In a VPN, look for:

    • The same encryption strength that banks use.
    • One that doesn’t log or track what you do online, so your online activity remains private. ​
    • A VPN that’s independently audited for security and privacy.
    • One that covers plenty of devices and that offers unlimited data.
    • A connection that turns on automatically when using public Wi-Fi.

    Not every VPN offers these features. Selecting one that does gives you the protection you want paired with the privacy you want.

    More ways you can stay safer on public Wi-Fi

    Turn off automatic connections.

    Be choosy about the networks you connect to. Turning off automatic connections on your phone allows you to select the trusted networks you know best.

    Keep your phone updated.

    Set your operating system and apps to update automatically. Updates often include security fixes that shore up recently discovered shortcomings.

    Watch out for extra taps to log in.

    Hackers set up sketchy public Wi-Fi as bait. With it, they might siphon off personal info as you browse, bank, and shop. Others use it to install malware, like spyware that also steals personal info. Avoid any public Wi-Fi that asks you to download extra software or apps.

    Prevent third parties from collecting your info.

    Some internet service providers (ISPs) offer public Wi-Fi networks in various places. However, many ISPs track, gather, and sometimes share connection info. A VPN can put a stop to plenty of that, which makes this one more good reason to use one on public Wi-Fi.

    Skip public Wi-Fi altogether.

    If possible, use your data connection instead. Most mobile phone providers encrypt the traffic between cell towers and your device.

    [i] https://www.forbes.com/advisor/business/public-wifi-risks/

    [ii] https://www.cpomagazine.com/cyber-security/free-vpn-data-leak-exposed-over-360-million-user-records/

     

    The post How Do I Protect Myself When Using Wi-Fi? appeared first on McAfee Blog.

    Does Antivirus Software Slow You Down?

    By: Jasdev Dhaliwal

    “Antivirus software slows down my PC.” This is a comment that is often heard when talking about antivirus and malware protection.

    That might be the case with many security products, but it’s not the case with McAfee. Independent tests since 2016 have proven that McAfee is not only good at catching malware and viruses, but also one of the lightest security products available today.

    What is antivirus protection?

    Antivirus forms a major cornerstone of online protection software. It protects your devices against malware and viruses through a combination of prevention, detection, and removal. Ours uses AI to detect the absolute latest threats — and has for several years now.

    For decades, people have installed antivirus software on their computers. Today, it can also protect your smartphones and tablets as well. In fact, we recommend installing it on those devices as well because they’re connected, just like a computer. And any device that connects to the internet is a potential target for malware and viruses.

    One important distinction about antivirus is its name, a name that first came into use years ago when viruses first appeared on the scene. However, antivirus protects you from more than viruses. It protects against the broad category of malware too — things like spyware, ransomware, and keyloggers.

    How does performance get measured?

    To measure how much impact online protection software has on PC performance, some independent test labs include performance impact benchmarks in their security product tests. The most well-known of these test labs are AV-TEST, which is based in Germany, and Austria-based AV-Comparatives. These independent labs are among the most reputable and well-known anti-malware test labs in the world.

    Over the years, we’ve tested strongly. Those results got stronger still with the release of our McAfee Next-gen Threat Protection.

    McAfee’s AI-powered security just got faster and stronger. Our Next-gen Threat Protection takes up less disk space, reduces its background processes by 75%, and scans 3x faster than before. This makes your time online safer without slowing down your browsing, shopping, streaming, and gaming.

    And the results show it.

    McAfee came in with the lowest system impact score in a field of 16. With an overall impact score of 2.8, it weighed in far less than the industry average of 12.3. This outstanding performance earned McAfee the highest possible ranking: ADVANCED+ 3 Stars.

    Strong antivirus doesn’t have to slow you down

    Even with strong protection continuously monitoring all activity on your PC and laptop for threats, the best kind of antivirus keeps your devices running quickly.

    Advances in our already high-performing protection have solidified our excellent standing in independent tests. The labs run them regularly, and we take pride in knowing that we’re not only protecting you, we’re keeping you moving along at a good clip.

     

    The post Does Antivirus Software Slow You Down? appeared first on McAfee Blog.

    Do You Share Passwords with Friends and Family?

    By: Jasdev Dhaliwal

    A text pops up on your phone. It’s your pal, and the text says, “What’s the password again?” It might be for a video streaming app, a delivery service, or a music site. But is it really OK to share passwords?

    The answer to that question takes a couple of forms.

    For starters, that app, service, or site you’re sharing has terms of use. Those terms might allow for sharing. Others might not. From that standpoint, sharing might break those terms.

    Secondly, sharing passwords with someone outside your household carries security risks. And that’s what we’ll focus on here.

    How many people share passwords?

    One set of research found that 79% of Americans surveyed said they shared passwords. Video streaming came in at 35%, delivery services at 29%, and music streaming at 9%.[i]

    Yet that same research revealed something else. Only 7% of Americans said they worried about getting hacked despite all that password sharing.

    What are the risks of sharing passwords?

    The broader use a password sees, the more vulnerable it is. And that has a couple of dimensions to it.

    The first is the more obvious of the two. Reusing passwords across accounts can lead to identity theft and fraud. Say a hacker gets a hold of a password on the dark web or directly through a data breach. If it’s reused across accounts, all those accounts could get compromised. The same is largely true of passwords that have little variation between them. When not unique, a hacker can figure out the variation with relatively little effort.

    The second is a bit more subtle. Sharing passwords with people outside the household means those passwords get used on devices outside of the household. The question then is, are those devices secure? Do the people who own them use online protection software to keep themselves safer online? If not, those passwords could get exposed. One example — a friend logs into a streaming site on unprotected Wi-Fi. A hacker monitors the traffic, skims the password, and sells it on the dark web.

    So, for several reasons, sharing passwords is not OK. And it brings up an important point about passwords in general. We have a lot of them. Yet each one must be secure.

    I have too many passwords! Help!

    So, we’ve mentioned some of the security risks around passwords. Primary among them, weak and reused passwords.

    It’s no wonder people go the route of easy-to-remember passwords they use again and again. According to Pew Research, American adults feel overwhelmed by the number of passwords they have to keep track of. Depending on the age group, that feeling ranges from 61% to 74%.[ii]

    That sense of overwhelm takes shape in another interesting way. Increasingly, people are doing something about it. Faced with creating strong and unique passwords, more people let a password manager do the work for them. In 2019, only 20% of Americans surveyed said they used one. In 2023, that number leapt up to 32%.[iii] A solid 12% rise that now covers nearly a third of all Americans.

    So, for anyone bogged down by passwords, a password manager offers an excellent solution.

    And a safe one at that.

    A password manager like ours helps you protect your accounts from hackers by securely creating and storing strong and unique passwords. The very kind of passwords that hackers hate. While you’re online, it auto-fills your info for faster logins. Best of all, you only have to remember a single password.

    The last word on sharing (and re-using) passwords

    Don’t.

    For one, sharing passwords might break the terms of use for the app, service, or site in question. Next, it can bring security issues with it as multiple people use it on multiple devices — ones that might or might not be secure.

    On a related note, re-using passwords across several accounts increases your risk of getting hacked even more. Whether they’re weak and memorable or variations on a common theme, passwords like these make life easier for hackers.

    As always, each of your accounts calls for a strong and unique password. And if you’re like the many who have dozens and dozens of accounts, a password manager can make that easy. And highly secure, too.

    [i] https://www.thezebra.com/resources/home/dangers-of-sharing-passwords/

    [ii] https://www.pewresearch.org/internet/2023/10/18/how-americans-protect-their-online-data/

    [iii] Ibid.

     

    The post Do You Share Passwords with Friends and Family? appeared first on McAfee Blog.

    How to Identify the Different Forms of Identity Theft

    By: Jasdev Dhaliwal

    Identity theft is a pervasive threat in today’s digital age, with various forms that can wreak havoc on individuals’ lives. In 2023, the Federal Trade Commission’s Consumer Sentinel Network received more than 5.39 million consumer reports, with 19% of those reports attributed to identity theft. 

    Understanding the types of identity theft is crucial for safeguarding personal information and financial well-being. From the insidious tactics of new account fraud to the alarming consequences of medical identity theft, each method poses distinct risks and challenges. Here are six types of the most common forms of identity theft.   

    New Account Fraud 

    Using another’s personal identifying information to obtain products and services using that person’s good credit standing. This fraud often requires the use of the victim’s Social Security number. Opening new utility, cell phone, and/or credit card accounts are the most prevalent forms of new account fraud. 

     Account Takeover Fraud 

    Using another person’s account numbers, such as a credit card number, to obtain products and services using that person’s existing accounts or extracting funds from a person’s bank account. 

     Criminal Identity Theft 

    Someone commits a crime under another person’s name. The thief, in the act of the crime or upon arrest, poses as the identity theft victim. Often the perpetrator will have a fake ID with the victim’s information but the imposter’s picture. 

     Medical Identity Theft 

    Medical identity theft occurs when someone uses a person’s name and/or insurance information—without the person’s knowledge or consent—to obtain medical services or goods, or to make false claims for medical goods or services. Medical identity theft frequently results in erroneous entries being put into the victim’s medical records, which in turn may lead to inappropriate and potentially life-threatening decisions by medical staff. 

    Business or Commercial Identity Theft 

    Using a business’s name to obtain credit or even billing those businesses’ clients for products and services. Perpetrators who commit business identity theft are often insiders — current or ex-employees — with direct access to operational documentation, who pad the books in favor of their scheming. 

    Identity Cloning 

    This type encompasses all forms of identity theft. The thief is actually living and functioning as the victim on purpose. They may be hiding in plain sight due to the fact they are running from the law, evading child support or they could be mentally ill. 

    It is important to observe basic security precautions to protect your identity. To protect your identity from theft, regularly monitor your financial accounts for suspicious activity and report any discrepancies immediately. Safeguard personal information by avoiding sharing sensitive data on insecure websites or over unsecured Wi-Fi networks. Utilize strong, unique passwords for each online account and enable multi-factor authentication whenever possible. Finally, be cautious of phishing attempts and never click on suspicious links or provide personal information in response to unsolicited communications. 

    Check out our blog post on the top signs of identity theft for further advice on what to do if you feel you may be at risk. Also consider an identity theft protection product, like McAfee+, that can provide greater peace of mind through 24/7 identity monitoring and alerts, plus up to $2 million in identity theft coverage. 

    The post How to Identify the Different Forms of Identity Theft appeared first on McAfee Blog.

    Sharing Isn’t Always Caring: Tips to Help Protect Your Online Privacy

    By: Jasdev Dhaliwal

    When it comes to protecting your privacy, take a close look at your social media use—because sharing can quickly turn into oversharing.

    The term “oversharing” carries several different definitions. Yet in our case here, oversharing means saying more than one should to more people than they should. Consider the audience you have across your social media profiles. Perhaps you have dozens, if not hundreds of friends and followers. All with various degrees of closeness and familiarity. Who among them can you absolutely trust with the information you share?

    And you might be sharing more than you think. Posts have a way of saying more than one thing, like:

    “This is the pool at the rental home I’m staying at this week. Amazing!” Which also tells everyone, “My home is empty for the next few days.”

    “I can’t start my workday without a visit to my favorite coffee shop.” Which also says, “If you ever want to track me down in person, you can find me at this location practically any weekday morning.”

    One can quickly point to other examples of oversharing. Unintentional oversharing at that.

    A first-day-of-school picture can tell practical strangers which elementary school your children attend, say if the picture includes the school’s reader board in it. A snapshot of you joking around with a co-worker might reveal a glimpse of company information. Maybe because of what’s written on the whiteboard behind the two of you. And in one extreme example, there’s the case of an assault on a pop star. Her attacker tracked her down through her selfie, determining her location through the reflection in her eyes.

    The list goes on.

    That’s not to say “don’t post.” More accurately, it’s “consider what you’re posting and who gets to see it.” You have control over what you post, and to some degree, who gets to see those posts. That combination is key to your privacy—and the privacy of others too.

    Three simple steps for protecting your privacy on social media

    1) Be more selective with your settings: Social media platforms like Facebook, Instagram, and others give you the option of making your profile and posts visible to friends only. Choosing this setting keeps the broader internet from seeing what you’re doing, saying, and posting—not to mention your relationships and likes. Taking a “friends only” approach to your social media profiles can help protect your privacy because that gives a possible scammer or stalker much less material to work with. Yet further, some platforms allow you to create sub-groups of friends and followers. With a quick review of your network, you can create a sub-group of your most trusted friends and restrict your posts to them as needed.

    2) Say “no” to strangers bearing friend requests: Be critical of the invitations you receive. Out-and-out strangers might be more than just a stranger. They might be a fake account designed to gather information on users for purposes of fraud. There are plenty of fake accounts too. In fact, in Q1 of 2023 alone, Facebook took action on 426 million fake accounts. Reject such requests.

    3) Consider what you post: Think about posting those vacation pictures after you get back so people don’t know you’re away when you’re away. Also, consider if your post pinpoints where you are or where you go regularly. Do you want people in your broader network to know that? Closely review the pics you take and see if there’s any revealing information in the background. If so, you can crop it out (think notes on a whiteboard, reflections in a window, or revealing location info). Further, ask anyone you want to include in their post for their permission. In all, consider their privacy too.

    Further ways to make yourself more private online

    While we’re on the topic, you can take a few other steps that can make you more private online. In addition to your social media usage, other steps can help keep more of your private and personal information with you—where it belongs:

    • Skip the online quizzes: Which superhero are you? “What’s your spooky Halloween name?” or “What’s your professional wrestler name?” You’ve probably seen quizzes like these crop up in your feed sometimes. Shadily, these quizzes might ask for the name of the street you grew up on, your birthdate, your favorite song, and maybe the name of a beloved first pet. Of course, these are pieces of personal information, sometimes the answer to commonly used security questions by banks and other financial institutions. (Like, what was the model of your first car?) With this info in hand, a hacker could attempt to gain access to your accounts. Needless to say, skip the quizzes.
    • Clean up your personal data trail: When was the last time you Googled yourself? The results might reveal all kinds of things, like your estimated income, the names and ages of your children, what you paid for your home, and, sometimes, your purchasing habits. Who’s collecting and posting this information about you? Online data brokers gather information from all manner of public records. Beyond that, they’ll also gather information from app developers, loyalty cards, and other companies that track your web browsing. Data brokers will sell this info to anyone. Advertisers, background checkers, telemarketers, and scammers too. Data brokers don’t discriminate. Yet you can clean up that information with a Personal Data Cleanup like ours. It scans some of the riskiest data broker sites for your personal info and helps manage the removal for you. ​
    • Spend time online more privately with a VPN: A VPN creates an encrypted “tunnel” that shields your activity from cybercriminals so what you do online remains anonymous.​ It helps make you anonymous to advertisers and other trackers too. By encrypting your web traffic requests, a VPN can hide your search habits and history from those who might use that info as part of building a profile of you—whether that’s for targeted ads or data collection that they might sell to brokers for profit. Comprehensive online protection software like ours includes one.

    More privacy partly comes down to you

    Granted, “social” is arguably the opposite of “private.” Using social media involves sharing, by its very definition. Yet any oversharing can lead to privacy issues.

    Maybe you want close friends to know what’s going on, but what about that so-so acquaintance deep in your friends list? How well do you really know them? And to what extent do you want them to know exacting details about where you are, where your kids go to school, and so on? Those are questions you ultimately must answer, and ultimately have some control over depending on what you share on social media.

    Also important to consider is this: if you post anything on the internet, consider it front-page news. Even with social media privacy settings in place, there’s no guarantee that someone won’t copy your posts or pics and pass them along to others.

    The flipside to the topic of social media and privacy is the platform you’re using. It’s no secret that social media companies gather hosts of personal information about their users in exchange for free use of their platforms. Certainly, that’s a topic unto itself. We cover what social media companies know about you in this article here—along with a few steps that can help you limit what they know as well.

    When it comes to your privacy and social media, it depends largely on how you use it. How you use various privacy and audience settings offers one way to manage it. The other is you and the information you put out there for others to see.

    The post Sharing Isn’t Always Caring: Tips to Help Protect Your Online Privacy appeared first on McAfee Blog.

    Everything You Need to Know to Keep Your Passwords Secure

    By: Jasdev Dhaliwal

    When it comes to passwords, most of us would love nothing more than to set it and forget it. But that’s exactly what hackers are hoping for — in fact, it makes their job a lot easier. This means the best line of defense is frequent password changes.   

    But how often should you create new passwords? Cybersecurity experts recommend changing your password every three months. There may even be situations where you should change your password immediately, especially if a cybercriminal has access to your account.   

    This article explores those exact situations and covers some of the best password practices you can use to help safeguard these important combinations of letters and numbers.   

    Change your password immediately if: 

    1. Your account was hacked: If you think someone has hacked your account, it’s important to act fast and change your password. Did everyone in your address book get a strange email that looks like it’s from you? Change your email password. Are your Facebook friends getting a new friend request from you? Something’s not right, so you’ll want to change your password. This can help limit the amount of time a cybercriminal has access to your account.  
    2. You are part of a data breach: If there’s a password breach at work or within a company you do business with, you’ll want to change the password for any affected accounts. If you use that password for any other websites, you’ll definitely want to change your password to those accounts. If hackers get access to your password, they may try it on multiple websites to see what else they can steal.  
    3. You used an unsecured network: As much as possible, try to avoid logging into your secure accounts on public Wi-Fi, such as at a library or cafe. Generally, an unsecured network means your online activity is public. If you need to use an unsecured network, change your password once you’re on a secure network.  It can also be a good idea to look into a smart VPN like McAfee Secure VPN, which automatically turns on to protect your personal data and credit card information even if you need to use public Wi-Fi.   
    4. You discover malware: Your personal information could be at risk if malware infects your computer. If you have high-quality antivirus software (like what’s included in McAfee+) and it detects malware, you’ll want to change your passwords from another device.   
    5. You remove people from the account: If you no longer have contact with someone, there’s no need for them to remain on your Netflix or Amazon account. There’s also no need for an ex to share a bank account or have mobile app access. Create new passwords when you’re no longer sharing an account with someone.  
    6. You no longer use certain accounts: You may have an account you haven’t used in a year, such as from an online retailer. Change old passwords for seldom-used accounts and close the account if you don’t intend to use it again. 

    How to create a strong password 

    A good password can make it more difficult for hackers to access your accounts. But what exactly makes a strong password? Here are a few criteria. 

    • It’s used only for one account. While it can be easy to use similar passwords for multiple accounts, hackers might be able to get into your other online accounts if they access just one.   
    • It’s at least 12 characters long. To make it easy to remember, use a lyric from a song or poem (for example, “andtherocketsredglare”). Or make an abbreviation from the words in a sentence (changing “the quick brown fox jumped over the lazy dog in the backyard” to “tqbfjotlditb,” for instance).   
    • It’s a complex password. Include at least one capital letter, one number, and one symbol. A computer can guess a password with eight letters immediately. But a 12-character password with at least one uppercase and one lowercase letter, number, and a special character would take 34,000 years to crack. Some sites allow users to create a passphrase. That’s a string of words that can be up to 100 characters long.  
    • It’s hard to guess. Don’t use information that people who know you or look at your social media can guess. Avoid personal information like your nickname or initials, birthday, address or street name, or a child or pet’s name.  
    • It doesn’t use common words like “password” or “qwerty.” You’d be surprised how many people use “password123” or “123456” as a password. A cybercriminal would not.  

    What are the most common ways passwords get hacked?

    A cybercriminal may use a variety of strategies to access your passwords. Here are some of their most common tactics.  

    • Guesswork: This is why password security requires unique passwords that don’t include personal information.  
    • Buying passwords on the dark web: Search engines don’t index the dark web. A lot of dark web activity isn’t traceable, including the sale of passwords.   
    • Phishing: This is when a hacker sends an email that appears to be from a trusted source to trick the recipient into typing in their password.  
    • Malware: Cybercriminals may infect a device with malicious software that allows them to access personal data, including passwords.  
    • Shoulder surfing: This could happen in a coffee shop or office if you leave sticky notes showing your passwords on your desk or laptop. 
    • Spidering: These are bots that search the web looking for personal data.  
    • Brute force attack: A bot systematically tries thousands of passwords hoping to find the correct one.  

    How can you keep your online passwords secure? 

    When it comes to keeping your data secure, password complexity is just the beginning. Here are a few key steps for keeping your passwords safe.  

    1. Do a password audit: Review the passwords for all of your accounts. Make sure you’re not using any for multiple websites. See if your passwords are guessable. Do they include personal information like birthdays or addresses? If you find passwords that are weak or repeated, change those first.  
    2. Use multi-factor authentication: Set up multi-factor authentication for important accounts, such as with financial institutions. Logging into a website with two-factor authentication requires you to enter a code sent by text or email in addition to a username and password. Some accounts require multi-factor authentication with biometric factors for added security, such as a thumbprint or face scan. Using multi-factor authentication with long, complicated passwords can make an account more secure.  
    3. Use a password manager: A password manager can help prevent unauthorized access to your online accounts by protecting your passwords with strong encryption. It also comes with a password generator to help you create complex passwords while storing them safely.  
    4. Add an extra layer of security: McAfee+ can help you defend your personal data. If you are hacked or the victim of a data breach, McAfee+ can help with 24/7 identity monitoring and alerts, plus up to $2 million in identity theft coverage, for greater peace of mind. AI-powered security on unlimited devices also provides real-time protection against viruses, hackers, and risky links. 

    With McAfee, you can continue enjoying the internet the way it was intended — free from hackers. 

    The post Everything You Need to Know to Keep Your Passwords Secure appeared first on McAfee Blog.

    How Free VPNs Come With a Price

    By: Jasdev Dhaliwal

    The number of people who use VPNs (virtual private networks) continues to mushroom. Recent research shows that 46% of American adults now use a VPN — 23% of which use it for strictly personal purposes.[i] Within that mix, 43% said they use a free VPN service. Yet “free” VPNs often come with a price. Typically at the expense of your privacy.

    A personal VPN establishes a secure tunnel over the internet, offering you both privacy and freedom from IP-based tracking. It protects your identity and financial info by encrypting, or scrambling, the data that flows through the tunnel. Moreover, it can mask your true location, making it appear as though you are connecting from somewhere else.

    Sometimes a VPN is included in more robust security software, as it is in our McAfee+ plans. It’s also, but often it is a standalone tool, that is offered for a monthly subscription rate or for free. While it might be tempting to go for a free option, there are some serious considerations that you should take to heart.

    Free VPNs – risky business

    Because free VPNs don’t charge a subscription, many make revenue indirectly through advertising. This means that users get bombarded with ads. And they get exposed to tracking by the provider. In fact, one study of 283 free VPN providers found that 72% included trackers.[ii] The irony is worth pointing out. Many people use VPNs to shroud their browsing from advertisers and other data collectors. Meanwhile, free VPNs often lead to that exact kind of exposure.

    But beyond the frustration of ads, slowness, and upgrade prompts is the fact that some free VPN tools include malware that can put your sensitive info at risk. The same study found that 38% of the free VPN applications in the Google Play Store were found to have malware, such as keyloggers, and some even stole data from devices.

    Also concerning is how these free providers handle your data. In one worrying case, security researchers uncovered seven VPN providers that gathered user logs despite pledges not to.[iii]

    Clearly, many so-called “free” VPNs aren’t free at all.

    Privacy worth paying for – paid VPN benefits

    VPNs are critical tools for enhancing our privacy and shouldn’t be an avenue opening the door to new risks. That’s why your best bet is to look for a paid VPN with the following features:

    Unlimited bandwidth — You want your network connection to stay secure no matter how much time you spend online.

    Speedy performance — We all know how frustrating a sluggish internet connection can be when you are trying to get things done. Whether connecting for productivity, education, or entertainment, we’re all dependent on bandwidth. That’s why it’s important to choose a high-speed VPN that enhances your privacy, without sacrificing the quality of your connection.

    Multiple device protection — These days many of us toggle between mobile devices, laptops, and computers, so they should all be able to connect securely.

    Less battery drain — Some free mobile VPNs zap your battery life, making users less likely to stay protected. You shouldn’t have to choose between your battery life and safeguarding your privacy.

    Ease of use — For technology to really work, it has to be convenient. After all, these technologies should power your connected life, not serve as a hindrance.

    Fortunately, we don’t have to sacrifice convenience, or pay high prices, for a VPN that can offer a high level of privacy and protection. A comprehensive security suite like McAfee+ includes our standalone VPN with auto-renewal and takes the worry out of connecting, so you can focus on what’s important to you and your family, and enjoy quality time together.

    [i] https://www.security.org/resources/vpn-consumer-report-annual/

    [ii] https://www.icir.org/vern/papers/vpn-apps-imc16.pdf

    [iii] https://www.pcmag.com/news/7-vpn-services-found-recording-user-logs-despite-no-log-pledge

     

    The post How Free VPNs Come With a Price appeared first on McAfee Blog.

    ❌