Login
According to Pew, three-in-ten U.S. adults say they have used a dating site or app. That number climbs to 53% for people under the age of 30. More and more people are turning to digital platforms to find love and companionship or simply to expand their social circles. However, as the popularity of online dating grows, so do the potential risks associated with it. From privacy concerns to identity theft, the digital dating world can be fraught with peril if you’re not careful. But fear not, by following a few simple guidelines, you can navigate the online dating scene safely and securely.
This article is for you or anyone you know who may be hopping onto an online dating app like Match, Bumble, Plenty of Fish, eHarmony, Tinder, or OkCupid. Think of it as an advice column of a different sort, where we talk about dating in light of your online privacy and safety.
For starters, we have a couple of previous blogs that offer sound advice about online dating. The first covers ways you can protect your privacy when you’re using online dating apps, which starts with picking a dating app that has a good reputation. The second rounds out the topic with further online dating advice for adults and teens alike. Give them a look!
It starts with basic hygiene. Digital hygiene, that is. Before you dive into a dating app, ensure that your device (and all your connected devices while you’re at it) has a comprehensive security solution in place. As you surf, chat, and meet up online, you’ll want to know that you’re protected against malware, viruses, phishing attacks, sketchy links, and so forth. Other features will come in handy (and be necessary as well), like ones that help you manage your passwords, protect your identity, safeguard your privacy, and more—all of which we’ll talk about in a bit.
Picking the right app is like picking the right date. From a security standpoint, these apps are the keepers of highly personal information about you, so you’ll want to know how they handle data, what privacy protections are in place, what information they gather when you first sign up, and what they continue to gather as you use the app. Do your research. Read up on their privacy policies. See what other people have to say about their experiences. And get a sense of what the app is all about. What’s its approach to dating? What kind of relationships are they focusing on? Make sure all of it feels right to you.
Only give the app the information that’s absolutely necessary to sign up. Dating apps ask questions so that they can help you find an ideal match, yet only share what you feel comfortable sharing. This is true from a personal standpoint, but it’s true from a security standpoint too. Anything you share along those lines could be at risk of a hack or a breach, the likes of which were reported by Wired and Forbes last year. If your info is compromised, it could lead to anywhere from identity theft to harassment, so when you use a dating app, keep the sharing to a minimum—and keep your eyes peeled for any suspicious activity across your social media, online accounts, and even your finances.
Another password to remember! That’s just what you need, right? Right! It absolutely is, and a strong one is vital. You can create one and manage all of your passwords with McAfee+’s password manager. It’ll encrypt your passwords and use multi-factor authentication, which offers even further protection from hacks and attacks on your account.
You can help keep your chats more private, and just about anything else you’re doing online, by using a VPN (virtual private network). For example, our VPN uses bank-level encryption to keep your personal data and activities private from hackers. And it’ll hide other information associated with your dating account while you’re online, like personal details, credit card numbers, and so forth. Given the security risks we’ve talked about so far, you’ll want to look into a VPN.
If you’re not using a VPN on your device, don’t use your dating app on public Wi-Fi. The issue is this: plenty of public Wi-Fi hotspots aren’t secure. Someone else on the network could easily intercept the information you send over it, including your passwords, any photos you share, and any chats you have. In other words, using public Wi-Fi without protection is like opening a door that leads right to you and your most personal data. This applies to everything on public Wi-Fi, not just dating apps. If you use public Wi-Fi at all, you really should use a VPN.
In the ever-evolving landscape of online dating, safeguarding your privacy and security is paramount. By implementing strategies such as using strong passwords, employing a reliable VPN, and exercising caution on public Wi-Fi, you can navigate the digital dating sphere with confidence. Remember, your safety and privacy are non-negotiable priorities in the pursuit of love and companionship online.
The post How to Safely Date Online appeared first on McAfee Blog.
For years now, the popularity of online dating has been on the rise—and so have the number of online romance scams that leave people with broken hearts and empty wallets.
In a recent CBS News story, one Texan woman was scammed out of $3,200 by a scammer claiming to be a German Cardiologist. After months of exchanging messages and claiming to be in love with her, he said that he’d been robbed while on a business trip in Nigeria and needed her help.
According to the U.S. Federal Trade Commission (FTC), the reported cost of online romance scams was $1.14 billion in 2023.
Dating and romance scams aren’t limited to online dating apps and sites, they’ll happen on social media and in online games as well. However, the FTC reports that the scam usually starts the same way, typically through an unexpected friend request or a message that comes out of the blue.
With the phony relationship established, the scammer starts asking for money. The FTC reports that they’ll ask for money for several bogus reasons, usually revolving around some sort of hardship where they need a “little help” so that they can pay:
The list goes on, yet that’s the general gist. Scammers often employ a story with an intriguing complication that seems just reasonable enough, one where the romance scammer makes it sound like they could really use the victim’s financial help.
People who have filed fraud reports say they’ve paid their scammer in a few typical ways.
One is by wiring money, often through a wire transfer company. The benefit of this route, for the scammer anyway, is that this is as good as forking over cash. Once it’s gone, it’s gone. The victim lacks the protections they have with other payment forms, such as a credit card that allows the holder to cancel or contest a charge.
Another way is through gift cards. Scammers of all stripes, not just romance scammers, like these because they effectively work like cash, whether it’s a gift card for a major online retailer or a chain of brick-and-mortar stores. Like a wire transfer, once that gift card is handed over, the money on it is highly difficult to recover, if at all.
One more common payment is through reloadable debit cards. A scammer may make an initial request for such a card and then make several follow-on requests to load it up again.
In all, a romance scammer will typically look for the easiest payment method that’s the most difficult to contest or reimburse, leaving the victim in a financial lurch once the scam ends.
When it comes to meeting new people online, the FTC suggests the following:
Scammers, although arguably heartless, are still human. They make mistakes. The stories they concoct are just that. Stories. They may jumble their details, get their times and dates all wrong, or simply get caught in an apparent lie. Also, keep in mind that some scammers may be working with several victims at once, which is yet another opportunity for them to get confused and slip up.
As mentioned above, some romance scammers troll social media and reach out through direct messages or friend requests. With that, there are three things you can do to cut down your chances of getting caught up with a scammer:
Social media platforms like Facebook, Instagram, and others give you the option of making your profile and posts visible to friends only. Choosing this setting keeps the broader internet from seeing what you’re doing, saying, and posting, which can help protect your privacy and give a romance scammer less information to exploit.
Be critical of the invitations you receive. Out-and-out strangers could be more than a romance scammer, they could be a fake account designed to gather information on users for purposes of cybercrime, or they can be an account designed to spread false information. There are plenty of them too. In fact, in Q4 of 2023 alone, Facebook took action on 693 million fake accounts. Reject such requests.
Online protection software like ours can help you spot fakes and scams. Features like McAfee Scam Protection use advanced AI to detect scam links in texts, email, and social media messages before you click. Our Personal Data Cleanup can keep you safer still by removing your personal info from sketchy data broker sites — places where scammers go to harvest useful info on their victims. And if the unfortunate happens, we offer $2 million in identity theft coverage and identity restoration support.
If you suspect that you’re being scammed, put an end to the relationship and report it, as difficult as that may feel.
Notify the FTC at ReportFraud.ftc.gov for support and next steps to help you recover financially as much as possible. Likewise, notify the social media site, app, or service where the scam occurred as well. In some cases, you may want to file a police report, which we cover in our broader article on identity theft and fraud.
If you sent funds via a gift card, the FTC suggests filing a claim with the company as soon as possible. They offer further advice on filing a claim here, along with a list of contact numbers for gift card brands that scammers commonly use.
Lastly, go easy on yourself. If you find yourself a victim of online dating or romance fraud, know that you won’t be the first or last person to be taken advantage of this way. By reporting your case, you in fact may help others from falling victim too.
The post How to Spot Dating Scams appeared first on McAfee Blog.
It’s that time of year again – tax season! Whether you’ve already filed in the hopes of an early refund or have yet to start the process, one thing is for sure: cybercriminals will certainly use tax season as a means to get victims to give up their personal and financial information. This time of year is advantageous for malicious actors since the IRS and tax preparers are some of the few people who actually need your personal data. As a result, consumers are targeted with various scams impersonating trusted sources like the IRS or DIY tax software companies. Fortunately, every year the IRS outlines the most prevalent tax scams, such as voice phishing, email phishing, and fake tax software scams. Let’s explore the details of these threats.
So, how do cybercriminals use voice phishing to impersonate the IRS? Voice phishing, a form of criminal phone fraud, uses social engineering tactics to gain access to victims’ personal and financial information. For tax scams, criminals will make unsolicited calls posing as the IRS and leave voicemails requesting an immediate callback. The crooks will then demand that the victim pay a phony tax bill in the form of a wire transfer, prepaid debit card or gift card. In one case outlined by Forbes, victims received emails in their inbox that allegedly contained voicemails from the IRS. The emails didn’t actually contain any voicemails but instead directed victims to a suspicious SharePoint URL. Last year, a number of SharePoint phishing scams occurred as an attempt to steal Office 365 credentials, so it’s not surprising that cybercriminals are using this technique to access taxpayers’ personal data now as well.
In addition to voice phishing schemes, malicious actors are also using email to try and get consumers to give up their personal and financial information. This year alone, almost 400 IRS phishing URLs have been reported. In a typical email phishing scheme, scammers try to obtain personal tax information like usernames and passwords by using spoofed email addresses and stolen logos. In many cases, the emails contain suspicious hyperlinks that redirect users to a fake site or PDF attachments that may download malware or viruses. If a victim clicks on these malicious links or attachments, they can seriously endanger their tax data by giving identity thieves the opportunity to steal their refund. What’s more, cybercriminals are also using subject lines like “IRS Important Notice” and “IRS Taxpayer Notice” and demanding payment or threatening to seize the victim’s tax refund.
Cybercriminals are even going so far as to impersonate trusted brands like TurboTax for their scams. In this case, DIY tax preparers who search for TurboTax software on Google are shown ads for pirated versions of TurboTax. The victims will pay a fee for the software via PayPal, only to have their computer infected with malware after downloading the software. You may be wondering, how do victims happen upon this malicious software through a simple Google search? Unfortunately, scammers have been paying to have their spoofed sites show up in search results, increasing the chances that an innocent taxpayer will fall victim to their scheme.
Money is a prime motivator for many consumers, and malicious actors are fully prepared to exploit this. Many people are concerned about how much they might owe or are predicting how much they’ll get back on their tax refund, and scammers play to both of these emotions. So, as hundreds of taxpayers are waiting for a potential tax return, it’s important that they navigate tax season wisely. Check out the following tips to avoid being spoofed by cybercriminals and identity thieves:
File before cybercriminals do it for you. The easiest defense you can take against tax season schemes is to get your hands on your W-2 and file as soon as possible. The more prompt you are to file, the less likely your data will be raked in by a cybercriminal.
Keep an eye on your credit and your identity. Keeping tabs on your credit report and knowing if your personal information has been compromised in some way can help prevent tax fraud. Together, they can let you know if someone has stolen your identity or if you have personal info on the dark web that could lead to identity theft.
Watch out for spoofed websites. Scammers have extremely sophisticated tools that help disguise phony web addresses for DIY tax software, such as stolen company logos and site designs. To avoid falling for this, go directly to the source. Type the address of a website directly into the address bar of your browser instead of following a link from an email or internet search. If you receive any suspicious links in your email, investigating the domain is usually a good way to tell if the source is legitimate or not.
Protect yourself from scam messages. Scammers also send links to scam sites via texts, social media messages, and email. McAfee Scam Protection can help you spot if the message you got is a fake. It uses AI technology that automatically detects links to scam URLs. If you accidentally click, don’t worry, it can block risky sites if you do.
Clean up your personal info online. Crooks and scammers have to find you before they can contact you. After all, they need to get your phone number or email from somewhere. Sometimes, that’s from “people finder” and online data brokers that gather and sell personal info to any buyer. Including crooks. McAfee Personal Data Cleanup can remove your personal info from the data broker sites scammers use to contact their victims.
Consider an identity theft protection solution. If for some reason your personal data does become compromised, be sure to use an identity theft solution such as McAfee Identity Theft Protection, which allows users to take a proactive approach to protect their identities with personal and financial monitoring and recovery tools to help keep their identities personal and secured.
The post How to Steer Clear of Tax Season Scams appeared first on McAfee Blog.
Before you take the fun-looking quiz that popped up in your social media feed, think twice. The person holding the answers may be a hacker.
Where people go, hackers are sure to follow. So it’s no surprise hackers have set up shop on social media. This has been the case for years, yet now social media-based crime is on the rise. Since 2021, total reported losses to this type of fraud reached $2.7 billion.
Among these losses are cases of identity theft, where criminals use social media to gather personal information and build profiles of potential victims they can target. Just as we discussed in our recent blog, “Can thieves steal identities with only a name and address?” these bits of information are important pieces in the larger jigsaw puzzle that is your overall identity.
Let’s uncover these scams these crooks use so that you can steer clear and stay safe.
“What’s your spooky Halloween name?” or “What’s your professional wrestler name?” You’ve probably seen a few of those and similar quizzes in your feed where you use the street you grew up on, your birthdate, your favorite song, and maybe the name of a beloved first pet to cook up a silly name or some other result. Of course, these are pieces of personal information, sometimes the answer to commonly used security questions by banks and other financial institutions. (Like, what was the model of your first car?) With this info in hand, a hacker could attempt to gain access to your accounts.
Similarly, scammers will also post surveys with the offer of a gift card to a popular retailer. All you have to do is fork over your personal info. Of course, there’s no gift card coming. Meanwhile, that scammer now has some choice pieces of personal info that they can potentially use against you.
How to avoid them: Simply put, don’t take those quizzes and surveys online.
The list here is long. These include posts and direct messages about phony relief funds, grants, and giveaways—along with bogus business opportunities that run the gamut from thinly veiled pyramid schemes and gifting circles to mystery shopper jobs. What they all have in common is that they’re run by scammers who want your information, money, or both. If this sounds familiar, like those old emails about transferring funds for a prince in some faraway nation, it is. Many of these scams simply made the jump from email to social media platforms.
How to avoid them: Research any offer, business opportunity, or organization that reaches out to you. A good trick is to do a search of the organization’s name plus the term “scam” or “review” or “complaint” to see if anything sketchy comes up.
If there’s one government official that scammers like to use to scare you, it’s the tax collector. These scammers will use social media messaging (and other mediums like emails, texts, and phone calls) to pose as an official who’s either demanding back taxes or offering a refund or credit—all of which are bogus and all of which involve you handing over your personal info, money, or both.
How to avoid them: Delete the message. In the U.S., the IRS and other government agencies will never reach out to you in this way or ask you for your personal information. Likewise, they won’t demand payment via wire transfer, gift cards, or cryptocurrency like Bitcoin. Only scammers will.
These are far more targeted than the scams listed above because they’re targeted and often rely upon specific information about you and your family. Thanks to social media, scammers can gain access to that info and use it against you. One example is the “grandkid scam” where a hacker impersonates a grandchild and asks a grandparent for money. Similarly, there are family emergency scams where a bad actor sends a message that a family member was in an accident or arrested and needs money quickly. In all, they rely on a phony story that often involves someone close to you who’s in need or trouble.
How to avoid them: Take a deep breath and confirm the situation. Reach out to the person in question or another friend or family member to see if there really is a concern. Don’t jump to pay right away.
This is one of the most targeted attacks of all—the con artist who strikes up an online relationship to bilk a victim out of money. Found everywhere from social media sites to dating apps to online forums, this scam involves creating a phony profile and a phony story to go with it. From there, the scammer will communicate several times a day, perhaps talking about their exotic job in some exotic location. They’ll build trust along the way and eventually ask the victim to wire money or purchase gift cards.
How to avoid them: Bottom line, if someone you’ve never met in person asks you for money online, it’s a good bet that it’s a scam. Don’t do it.
Now with an idea of what the bad actors are up to out there, here’s a quick rundown of things you can do to protect yourself further from the social media scams they’re trying to pull.
Above and beyond what we’ve covered so far, some online protection basics can keep you safer still. Comprehensive online protection software will help you create strong, unique passwords for all your accounts, help you keep from clicking links to malicious sites, and prevent you from downloading malware. Moreover, it can provide you with identity protection services like ours, which keep your personal info private with around-the-clock monitoring of your email addresses and bank accounts with up to $1M of ID theft insurance.
Together, with some good protection and a sharp eye, you can avoid those identity theft scams floating around on social media—and get back to enjoying time spent online with your true family and friends.
The post Quizzes and Other Identity Theft Schemes to Avoid on Social Media appeared first on McAfee Blog.
Elder scams cost seniors in the U.S. some $3 billion annually. And tax season adds a healthy sum to that appalling figure.
What makes seniors such a prime target for tax scams? The Federal Bureau of Investigation (FBI) states several factors. For one, elders are typically trusting and polite. Additionally, many own their own home, have some manner of savings, and enjoy the benefits of good credit—all of which make for an ideal victim profile.
Also according to the FBI, elders may be less able or willing to report being scammed because they may not know the exact way in which they were scammed, or they may feel a sense of shame over it, or even some combination of the two. Moreover, being scammed may instill fear that family members will lose confidence in their ability to look after their own affairs.
If there’s one thing that we can do for our elders, it’s help them raise their critical hackles so they can spot these scams and stop them in their tracks, particularly around tax time. With that, let’s see how crooks target elders, what those scams look and feel like, along with the things we can do to keep ourselves and our loved ones from getting stung.
The phone rings, and an assertive voice admonishes an elder for non-payment of taxes. The readout on the caller ID shows “Internal Revenue Service” or “IRS,” the person cites an IRS badge number, and the victim is told to pay now via a wire transfer or prepaid gift card. The caller even knows the last four digits of their Social Security Number (SSN). This is a scam.
The caller, and the claim of non-payment, are 100 percent bogus. Even with those last four digits of the SSN attempting to add credibility, it’s still bogus. (Chances are, those last four digits were compromised elsewhere and ended up in the hands of the thieves by way of the black market or dark web so that they could use them in scams just like these.)
Some IRS imposter scams take it a step further. Fraudsters will threaten victims with arrest, deportation, or other legal action, like a lien on funds or the suspension of a driver’s license. They’ll make repeated calls as well, sometimes with additional imposters posing as law enforcement as a means of intimidating elders into payment.
The IRS will never threaten you or someone you know in such a way.
In fact, the IRS will never call you to demand payment. Nor will the IRS ever ask you to wire funds or pay with a gift card or prepaid debit card. And if the IRS claims you do owe funds, you will be notified of your rights as a taxpayer and be given the opportunity to make an appeal. If there’s any question about making payments to the IRS, the IRS has specific guidelines as to how to make a payment properly and safely on their official website.
It’s also helpful to know what the IRS will do in the event you owe taxes. In fact, they have an entire page that spells out how to know it’s really the IRS calling or knocking at your door. It’s a quick read and a worthwhile one at that.
In all, the IRS will contact you by mail or in person. Should you get one of these calls, hang up. Then, report it. I’ll include a list of ways you can file a report at the end of the article.
Whether it’s a disembodied voice generated by a computer or a scripted message that’s been recorded by a person, robocalls provide scammers with another favorite avenue of attack. The approach is often quite like the phone scam outlined above, albeit less personalized because the attack is a canned robocall. However, robocalls allow crooks to cast a much larger net in the hopes of illegally wresting money away from victims. In effect, they can spam hundreds or thousands of people with one message in the hopes of landing a bite.
While perhaps not as personalized as other imposter scams, they can still create that innate sense of unease of being contacted by the IRS and harangue a victim into dialing a phony call center where they are further pressured into paying by wire or with a prepaid card, just like in other imposter scams. As above, your course of action here is to simply hang up and report it.
Here’s another popular attack. An elder gets an unsolicited email from what appears to be the IRS, yet isn’t. The phony email asks them to update or verify their personal or financial information for a payment or refund. The email may also contain an attachment which they are instructed to click and open. Again, all of these are scams.
Going back to what we talked about earlier, that’s not how the IRS will contact you. These are phishing attacks aimed at grifting prized personal and financial information that scammers can use to commit acts of theft or embezzlement. In the case of the attachment, it very well may contain malware that can do further harm to their device, finances, or personal information.
If you receive one of these emails, don’t open it. And certainly don’t open any attachments—which holds true for any unsolicited email you receive with an attachment.
Beyond simply knowing how to spot a possible attack, you can do several things to prevent one from happening in the first place.
First let’s start with some good, old-fashioned physical security. You may also want to look into purchasing a locking mailbox. Mail and porch theft are still prevalent, and it’s not uncommon for thieves to harvest personal and financial information by simply lifting it from your mailbox.
Another cornerstone of physical security is shredding paper correspondence that contains personal or financial information, such as bills, medical documents, bank statements and so forth. I suggest investing a few dollars on an actual paper shredder, which are typically inexpensive if you look for a home model. If you have sensitive paper documents in bulk, such as old tax records that you no longer need to save, consider calling upon a professional service that can drive up to your home and do that high volume of shredding for you.
Likewise, consider the physical security of your digital devices. Make sure you lock your smartphones, tablets, and computers with a PIN or password. Losing a device is a terrible strain enough, let alone knowing that the personal and financial information on them could end up in the hands of a crook. Also see if tracking is available on your device. That way, enabling device tracking can help you locate a lost or stolen item.
There are plenty of things you can do to protect yourself on the digital front too. Step one is installing comprehensive security software on your devices. This will safeguard you in several ways, such as email filters that will protect you from phishing attacks, features that will warn you of sketchy links and downloads, plus further protection for your identity and privacy—in addition to overall protection from viruses, malware, and other cyberattacks.
Additional features in comprehensive security software that can protect you from tax scams include:
And here’s one item that certainly bears mentioning: dispose of your old technology securely. What’s on that old hard drive of yours? That old computer may contain loads of precious personal and financial info on it. Look into the e-waste disposal options in your community. There are services that will dispose of and recycle old technology while doing it in a secure manner so the data and info on your device doesn’t see the light of day again.
As said earlier, don’t let a bad deed go unreported. The IRS offers the following avenues of communication to report scams.
In all, learning to recognize the scams that crooks aim at elders and putting some strong security measures in place can help prevent these crimes from happening to you or a loved one. Take a moment to act. It’s vital, because your personal information has a hefty price tag associated with it—both at tax time and any time.
The post How to Spot, and Prevent, the Tax Scams That Target Elders appeared first on McAfee Blog.
Borrowing from the playbook of ransomware purveyors, the darknet narcotics bazaar Incognito Market has begun extorting all of its vendors and buyers, threatening to publish cryptocurrency transaction and chat records of users who refuse to pay a fee ranging from $100 to $20,000. The bold mass extortion attempt comes just days after Incognito Market administrators reportedly pulled an “exit scam” that left users unable to withdraw millions of dollars worth of funds from the platform.
An extortion message currently on the Incognito Market homepage.
In the past 24 hours, the homepage for the Incognito Market was updated to include a blackmail message from its owners, saying they will soon release purchase records of vendors who refuse to pay to keep the records confidential.
“We got one final little nasty surprise for y’all,” reads the message to Incognito Market users. “We have accumulated a list of private messages, transaction info and order details over the years. You’ll be surprised at the number of people that relied on our ‘auto-encrypt’ functionality. And by the way, your messages and transaction IDs were never actually deleted after the ‘expiry’….SURPRISE SURPRISE!!! Anyway, if anything were to leak to law enforcement, I guess nobody never slipped up.”
Incognito Market says it plans to publish the entire dump of 557,000 orders and 862,000 cryptocurrency transaction IDs at the end of May.
“Whether or not you and your customers’ info is on that list is totally up to you,” the Incognito administrators advised. “And yes, this is an extortion!!!!”
The extortion message includes a “Payment Status” page that lists the darknet market’s top vendors by their handles, saying at the top that “you can see which vendors care about their customers below.” The names in green supposedly correspond to users who have already opted to pay.
The “Payment Status” page set up by the Incognito Market extortionists.
We’ll be publishing the entire dump of 557k orders and 862k crypto transaction IDs at the end of May, whether or not you and your customers’ info is on that list is totally up to you. And yes, this is an extortion!!!!
Incognito Market said it plans to open up a “whitelist portal” for buyers to remove their transaction records “in a few weeks.”
The mass-extortion of Incognito Market users comes just days after a large number of users reported they were no longer able to withdraw funds from their buyer or seller accounts. The cryptocurrency-focused publication Cointelegraph.com reported Mar. 6 that Incognito was exit-scamming its users out of their bitcoins and Monero deposits.
CoinTelegraph notes that Incognito Market administrators initially lied about the situation, and blamed users’ difficulties in withdrawing funds on recent changes to Incognito’s withdrawal systems.
Incognito Market deals primarily in narcotics, so it’s likely many users are now worried about being outed as drug dealers. Creating a new account on Incognito Market presents one with an ad for 5 grams of heroin selling for $450.
New Incognito Market users are treated to an ad for $450 worth of heroin.
The double whammy now hitting Incognito Market users is somewhat akin to the double extortion techniques employed by many modern ransomware groups, wherein victim organizations are hacked, relieved of sensitive information and then presented with two separate ransom demands: One in exchange for a digital key needed to unlock infected systems, and another to secure a promise that any stolen data will not be published or sold, and will be destroyed.
Incognito Market has priced its extortion for vendors based on their status or “level” within the marketplace. Level 1 vendors can supposedly have their information removed by paying a $100 fee. However, larger “Level 5” vendors are asked to cough up $20,000 payments.
The past is replete with examples of similar darknet market exit scams, which tend to happen eventually to all darknet markets that aren’t seized and shut down by federal investigators, said Brett Johnson, a convicted and reformed cybercriminal who built the organized cybercrime community Shadowcrew many years ago.
“Shadowcrew was the precursor to today’s Darknet Markets and laid the foundation for the way modern cybercrime channels still operate today,” Johnson said. “The Truth of Darknet Markets? ALL of them are Exit Scams. The only question is whether law enforcement can shut down the market and arrest its operators before the exit scam takes place.”
I've been getting a lot of those "your parcel couldn't be delivered" phishing attacks lately and if you're a human with a phone, you probably have been too. Just as a brief reminder, they look like this:
These get through all the technical controls that exist at my telco and they land smack bang in my SMS inbox. However, I don't fall for the scams because I look for the warning signs: a sense of urgency, fear of missing out, and strange URLs that look nothing like any parcel delivery service I know of. They have a pretty rough go of convincing me they're from Australia Post by putting "auspost" somewhere or other within each link, but I'm a smart human so I don't fall for this (that's a joke, read why humans are bad at URLs).
However... I am expecting a parcel. It's well into the 2020's and post COVID so I'm always expecting a parcel, because that's just how we buy stuff these days. And so, when I received the following SMS earlier this week I was expecting a parcel and I was expecting phishing attacks:
So... which is it? Parcel or phish? Let's see what the people say:
Referring to the parent tweet, is this message legit and should I pay the duty and taxes?
— Troy Hunt (@troyhunt) February 20, 2024
Whoa - that's an 87% "dodgy AF" vote from over 4,000 respondents so yeah, that's pretty emphatic. Why such an overwhelmingly suspicious crowd? Let's break that message down into 7 "dodgy AF" signs:
And so, I was with the 87% of other people. However... I was expecting a package. From FedEx. Coming from outside Australia so it may attract duty and taxes. And I really want to get this package because it's a new 3D printer from Prusa, and they're awesome!
There's a sage piece of advice that's always relevant in these cases and it's very simple: if in doubt, go the website in question and verify the request yourself. So, I went to the purchase confirmation from Prusa, found the shipping details and followed the link to the FedEx website. Now it was simply a matter of finding the section that talks about tax, except...
Dodgy. A. F.
I went all through that page and couldn't find a single reference to duty, nor for anything tax related. Try as I might, I couldn't establish the authenticity of the SMS by going directly to the (alleged) source. But what I could easily establish is that if you follow that link in the SMS, you can change the tracking number, the customer name and the amount to absolutely anything you want!
This is all done by simply changing the URL parameters; I'm not modifying the browser DOM or intercepting traffic or doing anything fancy, it's literally just query string parameter tampering reflected XSS style. This feels like every phishing site ever, not a payment service run by Australia's largest bank. Seriously, BPOINT is provided by the Commonwealth Bank and after the experience above, I'm at the point of reaching out to them and making a disclosure. Except that this is how the system was obviously designed to work and it's a completely parallel issue to phishy FedEx SMSs. Speaking of which, the very next morning I got another one from the same sender:
I don't know if this makes it better or worse 🤦♂️ Let's just jump into the highlights, both good and bad:
It's quite unbelievable what they've done with the link because it makes the SMS entirely unactionable. It's impossible to click anywhere and pay the money. And while I'm here, why are all the query string parameter names now capitalised? It's like there's a completely different (broken) process somewhere generating these links. Or scammers just aren't consistent...
Because "dodgy AF" is the prevailing theme, I needed to dig deeper, so I searched for the 1800 number. One of the first results was for a Reverse Australia page for that number which upon reading the first 3 comments, perfectly summed up the sentiment so far:
And the more you read both on that site and other top links in the search results, the more people are totally confused about the legitimacy of the messages. There's only one thing to do - call FedEx. Not by the number in the (still potentially phishy) SMS, but rather via the number on their website. So, click the "Support" menu item, down to "Customer Support" and we end up here:
I'll save you the pain of reading the response that ensued, suffice to say that it only referred to email communications and boiled down to suggesting you read the domain of the sender. But I did manage to pin the system down on a phone number which as you'll see, is completely different to the one in the SMS messages:
So, I call the number and follow the voice prompts, selecting options via the keypad to route me through to the duty and taxes section. But eventually, several steps deep into the process, the system stops responding to key presses! "1" doesn't work and neither does "2" so without a response, the same message just repeats. But it does offer an alternative and suggestions I call 132610. That's the number I called in the first place to get stuck in this infinite loop!
I try again, this time following a different series of prompts that eventually asks for a tracking number and then proceeds to tell me precisely what the website already does! But it also provides the option to speak to a customer service operator and I'm actually promptly put through. The operator explains that my shipment is valued at US$799 which converts to AU$1,215.97 and it therefore subject to some inbound fees. "Great, but how much and does it match what's in the phishy SMSs I've received?" He promises someone will call be back shortly...
And then, out of the blue 3 days after the initial phishy SMS arrived, an email landed in my inbox:
The dollar figure, the BPOINT address and the messaging all lined up with the SMSs, but that's just merely correlation and if someone had both my phone number and email address they could easily attempt to phish both with the same details. But then, I looked at the attachment to the email and found this:
IT'S THE MISSING LINK!!!
My complete Prusa invoice was attached along with the order number, price and shipping details. In other words, 87% of you were wrong 😲
On a more serious note, Aussies alone are losing north of AU$3B annually to scams, and that's obviously only a drop in the ocean compared to the global scale of this problem. Our Australian Communications and Media Authority body (ACMA) recently reported 336M blocked scam SMSs and technical controls like these are obviously great, but absent from their reporting was the number of scam messages they didn't block. There's an easy explanation for this omission: they simply don't know how many are sent. But if I were to take a guess, they've merely blocked the tip of the iceberg. This is why in addition to technical controls, we reply on human controls which means helping people identify the patterns of a scam: requests for money, a sense of urgency, grammar and casing that's a bit off, odd looking URLs. You know, stuff like this:
What makes this situation so ridiculous is that while we're all watching for scammers attempting to imitate legitimate organisations, FedEx is out there imitating scammers! Here we are in the era of burgeoning AI-driven scams that are becoming increasingly hard for humans to identify, and FedEx is like "here, hold my beer" as they one-up the scammers at their own game and do a perfect job of being completely indistinguishable from them.
Ah well, as I ultimately lament in these situations, it's a good time to be in the industry 😊
AI scams are becoming increasingly common. With the rise of artificial intelligence and technology, fraudulent activity is becoming more sophisticated and sophisticated. As a result, it is becoming increasingly important for families to be aware of the dangers posed by AI scams and to take steps to protect themselves.
By taking these steps, you can help protect your family from AI scams. Educating yourself and your family about the potential risks of AI scams, monitoring your family’s online activity, using strong passwords, installing anti-virus software, and checking your credit report regularly can help keep your family safe from AI scams.
No one likes to be taken advantage of or scammed. By being aware of the potential risks of AI scams, you protect your family from becoming victims.
In addition, it is important to be aware of emails or texts that appear to be from legitimate sources but are actually attempts to entice you to click on suspicious links or provide personal information. If you receive a suspicious email or text, delete it immediately. If you are unsure, contact the company directly to verify that the message is legitimate. By being aware of potential AI scams keep your family safe from financial loss or identity theft.
You can also take additional steps to protect yourself and your family from AI scams. Consider using two-factor authentication when logging in to websites or apps, and keep all passwords and usernames secure. Be skeptical of unsolicited emails or texts never provide confidential information unless you are sure you know who you are dealing with. Finally, always consider the source and research any unfamiliar company or service before you provide any personal information. By taking these steps, you can help to protect yourself and your family from the dangers posed by AI scams.
monitor your bank accounts and credit reports to ensure that no unauthorized activity is taking place. Set up notifications to alert you of any changes or suspicious activity. Make sure to update your security software to the latest version and be aware of phishing attempts, which could be attempts to gain access to your personal information. If you receive a suspicious email or text, do not click on any links and delete the message immediately.
Finally, stay informed and know the signs of scam. Be your online accounts and look out for any requests for personal information. If something looks suspicious, trust your instincts and don’t provide any information. Report any suspicious activity to the authorities and make sure to spread the word to others from falling victim to AI scams.
This blog post was co-written with artifical intelligence (AI) as a tool to supplement, enhance, and make suggestions. While AI may assist in the creative and editing process, the thoughts, ideas, opinions, and the finished product are entirely human and original to their author. We strive to ensure accuracy and relevance, but please be aware that AI-generated content may not always fully represent the intent or expertise of human-authored material.
The post How to Protect Your Family From AI Scams appeared first on McAfee Blog.
Just when they need financial security the most, job seekers face another challenge—getting ripped off by job scams.
Scammers will capitalize on any opportunity to fleece a victim, like the holidays with ecommerce scams and tax time with IRS scams. Now, with surging employment figures, scammers have turned to job scams that harvest money and personal information from job seekers.
In some ways, the tactics bear resemblance to online dating and romance scammers who hide behind a phony profile and tell their victims a story they want to hear, namely that someone loves them. With job scams, they take on the persona of a recruiter and lure their victims with what seems like an outstanding job offer. Of course, there’s no job. It’s a scam.
These attacks have gained a degree of sophistication that they once lacked. Years prior, scammers relied on spammy emails and texts to share their bogus job offers. Now, they’re using phony profiles on social media platforms to target victims.
Social media platforms have several mechanisms in place to identity and delete the phony profiles that scammers use for these attacks. Of note, LinkedIn’s latest community report cited the removal of more than 21 million fake accounts in the first half of 2022:
Likewise, Facebook took action on 1.5 billion fake accounts in Q3 of 2022 alone, with more than 99% of them acted on before users reported them.
Still, some scammers make their way through.
As Steve Grobman, our senior vice president and chief technology officer, was quoted in an article for CNET, the continued shift to remote work, along with remote hiring, has also made it easier for online job scams to flourish. And the figures bear that out.
In 2021, the FTC called out $209 million in reported losses due to job scams. In just the first three quarters of 2022, reported job scam losses had already reached $250 million. While year-end figures have yet to be posted, the final tally for 2022 could end up well over $300 million, a 50% uptick. And the median loss per victim? Right around $2,000 each.
While the promise of work or a job offer make these scams unique, the scammers behind them want the same old things—your money, along with your personal information so that they can use it to cause yet more harm. The moment any so-called job offer asks for any of those, a red flag should immediately go up.
It’s possibly a scam if:
In the hands of a scammer, your SSN or tax ID is the master key to your identity. With it, they can open up bank cards, lines of credit, apply for insurance benefits, collect benefits and tax returns, or even commit crimes, all in your name. Needless to say, scammers will ask for it, perhaps under the guise of background check or for payroll purposes. The only time you should provide your SSN or tax ID is when you know that you have accepted a legitimate job with a legitimate company, and through a secure document signing service, never via email, text, or over the phone.
Another trick scammers rely on is asking for bank account information so that they can wire payment to you. As with the SSN above, closely guard this information and treat it in exactly the same way. Don’t give it out unless you actually have a legitimate job with a legitimate company.
Some scammers will take a different route. They’ll promise employment, but first you’ll need to pay them for training, onboarding, or equipment before you can start work. Legitimate companies won’t make these kinds of requests.
Aside from the types of information they ask for, the way they ask for your information offers other clues that you might be mixed up in a scam. Look out for the following as well:
You can sniff out many online scams with the “too good to be true” test. Scammers often make big promises during the holidays with low-priced offers for hard-to-get holiday gifts and then simply don’t deliver. It’s the same with job scams. The high pay, the low hours, and even the offer of things like a laptop and other perks, these are signs that a job offer might be a scam. Moreover, when pressed for details about this seemingly fantastic job opportunity, scammers may balk. Or they may come back with incomplete or inconsistent replies because the job doesn’t exist at all.
Job scammers hide behind their screens. They use the anonymity of the internet to their advantage. Job scammers likewise create phony profiles on networking and social media websites, which means they won’t agree to a video chat or call, which are commonly used in legitimate recruiting today. If your job offer doesn’t involve some sort of face-to-face communication, that’s an indication it may be a scam.
Scammers now have an additional tool reel in their victims—AI chatbots like Chat GPT, which can generate email correspondence, chats, LinkedIn profiles, and other content in seconds so they can bilk victims on a huge scale. However, AI has its limits. Right now, it tends to use shorter sentences in a way that seems like it’s simply spitting out information. There’s little story or substance to the content it creates. That may be a sign of a scam. Likewise, even without AI, you may spot a recruiter using technical or job-related terms in an unusual ways, as if they’re unfamiliar with the work they’re hiring for. That’s another potential sign.
Scammers love a quick conversion. Yet job seekers today know that interview processes are typically long and involved, often relying on several rounds of interviews and loops. If a job offer comes along without the usual rigor and the recruiter is asking for personal information practically right away, that’s another near-certain sign of a scam.
This is another red flag. Legitimate businesses stick to platforms associated with networking for business purposes, typically not networking for families, friends, and interests. Why do scammers use sites like Facebook anyway? They’re a gold mine of information. By trolling public profiles, they have access to years of posts and armloads of personal information on thousands of people, which they can use to target their attacks. This is another good reason to set your social media profiles on platforms like Facebook, Instagram, and other friend-oriented sites to private so that scammers of all kinds, not just job scammers, can’t use your information against you.
As a job hunter you know, getting the right job requires some research. You look up the company, dig into their history—the work they do, how long they’ve been at it, where their locations are, and maybe even read some reviews provided by current or former employees. When it comes to job offers that come out of the blue, it calls for taking that research a step further.
After all, is that business really a business, or is it really a scam?
In the U.S., you have several resources that can help you answer that question. The Better Business Bureau (BBB) offers a searchable listing of businesses in the U.S., along with a brief profile, a rating, and even a list of complaints (and company responses) waged against them. Spending some time here can quickly shed light on the legitimacy of a company.
Also in the U.S., you can visit the website of your state’s Secretary of State and search for the business in question, where you can find when it was founded, if it’s still active, or if it exists at all. For businesses based in a state other than your own, you can visit that state’s Secretary of State website for information. For a state-by-state list of Secretaries of State, you can visit the Secretary of State Corporate Search page here.
For a listing of businesses with international locations, organizations like S&P Global Ratings and the Dun and Bradstreet Corporation can provide background information, which may require signing up for an account.
Given the way rely so heavily on the internet to get things done and simply enjoy our day, comprehensive online protection software that looks out for your identity, privacy, and devices is a must. Specific to job scams, it can help you in several ways, these being just a few:
Job searches are loaded with emotion—excitement and hopefulness, sometimes urgency and frustration as well. Scammers will always lean into these emotions and hope to catch you off your guard. If there’s a common thread across all kinds of online scams, that’s it. Emotion.
A combination of a cool head and some precautionary measures that protect you and your devices can make for a much safer job-hunting experience, and a safer, more private life online too.
Editor’s Note:
Job scams are a crime. If you think that you or someone you know has fallen victim to one, report it to your authorities and appropriate government agencies. In the case of identity theft or loss of personal information, our knowledge base article on identity theft offers suggestions for the specific steps you can take in specific countries, along with helpful links for local authorities that you can turn to for reporting and assistance.
The post Job Scams—How to Tell if that Online Job Offer is Fake appeared first on McAfee Blog.
As with any major holiday or special occasion, Valentine’s Day is unfortunately not immune to scammers looking for an opportunity to exploit unsuspecting individuals. Their deceitful acts can break hearts and bank accounts. In this article, we spotlight some common Valentine’s Day scams, offer tips on how to protect yourself and navigate this romantic day with confidence and caution.
Valentine’s Day is a time when love is in the air. It’s a time to express your feelings for that special someone in your life, or perhaps even embark on a new romantic journey. But while you’re busy planning that perfect dinner or choosing the ideal gift, there’s an unromantic side to the day that you should be aware of – the potential for scams.
Scammers, always looking for new ways to trick people into parting with their money, use the heightened emotions of Valentine’s Day to their advantage. They prey on the unwary, the love-struck, and even the lonely – anyone who might let their guard down in the quest for love or the pursuit of the perfect gift. And in our increasingly digital world, these unscrupulous individuals have more ways than ever to reach potential victims.
→ Dig Deeper: AI Goes Dating: McAfee Study Shows 1 in 3 Men Plan to Use Artificial Intelligence to Write Love Letters this Valentine’s Day
Knowledge is power, as the saying goes, and that’s certainly true when it comes to protecting yourself from scams. By understanding the types of scams that are common around Valentine’s Day, you can be better prepared to spot them – and avoid falling victim.
One of the most common Valentine’s Day scams is the romance scam. Scammers, often posing as potential love interests on dating websites or social media, manipulate victims into believing they are in a romantic relationship. Once they have gained their victim’s trust, they ask for money – perhaps to pay for a flight so they can meet in person, or because of a sudden personal crisis. These scams can be emotionally devastating, and they can also result in significant financial loss.
→ Dig Deeper: Fraudulent Adult Dating Services Turn 10 Years Old, Still Evolving
Another popular scam around Valentine’s Day involves online shopping. With many people seeking the perfect gift for their loved ones, scammers set up fake websites that appear to sell everything from jewelry to concert tickets. After making a purchase, the unsuspecting victim either receives a counterfeit product or, in some cases, nothing at all. Additionally, these sites may be designed to steal credit card information or other personal data.
Phishing scams are also common. In these scams, victims receive emails that appear to be from a legitimate company – perhaps a florist or a candy company – asking them to confirm their account information or to click on a link. The goal is to steal sensitive information, such as credit card numbers or login credentials.
While the existence of these scams is unquestionably concerning, the good news is that there are steps you can take to protect yourself. Valentine’s Day should be a celebration of love, not a source of stress and worry.
One of the most important is to be aware that these scams exist and to be cautious when interacting with unfamiliar people or websites. If something seems too good to be true, it probably is.
When shopping online, make sure the website you are using is secure, and consider using a credit card, which offers greater protection against fraud compared to other forms of payment. Be wary of emails from unknown sources, especially those that ask for personal information or urge you to click on a link.
For shopping scams, it’s recommended to do research on any unfamiliar online retailer before making a purchase. Look for reviews or complaints about the retailer on independent consumer websites. If the website is offering items at a price that seems too good to be true, it likely is. Also, consider the website’s URL. A URL that begins with ‘https://’ indicates that the website encrypts user information, making it safer to input sensitive information than on websites with ‘http://’ URLs.
Forewarned is forearmed, and having advanced strategies to detect and avoid scams is also a strong line of defense. When it comes to online dating, be sure to thoroughly vet any potential romantic interests. This involves doing a reverse image search of profile photos, which can quickly reveal if a picture has been stolen from another online source. Additionally, be aware of red flags such as overly-flattering messages or requests to move the conversation to a private email or messaging app.
McAfee Pro Tip: If you’re considering using one of these for a bit of dating beyond a dating app or simply to stay connected with family and friends, the key advice is to do your homework. Look into their security measures and privacy policies, especially because some have faced security issues recently. For more information, take a look at this article on video conferencing to ensure you can keep hackers and uninvited guests away when you’re chatting.
If you come across a scam or fall victim to one, it’s crucial to report it to the appropriate authorities. This helps law enforcement track down scammers and alert others to the scam. In the U.S., you can report scams to the Federal Trade Commission through their website. If the scam involves a financial transaction, also report it to your bank or credit card company. They may be able to help recover your funds or prevent further losses.
Additionally, take steps to protect yourself after falling victim to a scam. This could involve changing passwords, monitoring your financial accounts for unusual activity, or even freezing your credit. It can also be beneficial to alert your friends and family to the scam, both to protect them and to gain their support and assistance in dealing with the aftermath of the scam.
→ Dig Deeper: How To Report An Online Scam
The unfortunate reality is that scammers are ever-present and always looking for new ways to exploit unsuspecting victims. However, by being informed, cautious, and proactive, you can significantly decrease your chances of falling victim to a Valentine’s Day scam. Whether you’re looking for love or shopping for the perfect gift, remember to always prioritize your safety and security.
And if you do encounter a scam, take comfort in knowing that you’re not alone and there are resources available to help. McAfee’s blogs and reports are just some of them. By reporting scams to the authorities, you’re doing your part to help stop scammers in their tracks and protect others from falling victim. Remember, Valentine’s Day is a day for celebrating love, not for worrying about scammers. Stay safe, stay informed, and don’t let a scammer ruin your Valentine’s Day.
Remember to always stay vigilant. Protect your heart and your bank account, and make sure your Valentine’s Day is filled with love and happiness, not regret and frustration. Don’t let scammers break your heart or your bank account – on Valentine’s Day or on any other day.
The post Valentine’s Alert: Don’t Let Scammers Break Your Heart or Your Bank Account appeared first on McAfee Blog.
The eagerly awaited holiday sales such as Black Friday and Cyber Monday are just around the corner. As consumers, we look forward to getting the best deals online, but we’re not the only ones. Hackers are also keenly anticipating these holidays but for different reasons. They use this period to come up with all sorts of shopping scams that can potentially put a dampener on the holiday spirit for unsuspecting shoppers.
This article provides you with ten tips to keep you and your family safe from online shopping scams this season. These tips will not only help you spot a good deal but also help you avoid falling prey to online scams, thereby ensuring that you keep your finances safe during this shopping season.
A common tactic employed by hackers involves the use of malware hidden in email attachments. During the holiday sales season, they often camouflage their malware in emails that claim to contain offers or shipping notifications. It is important to remember that legitimate retailers and shipping companies will not send offers, promo codes, or tracking numbers as email attachments. Instead, they will mention these details in the body of the email.
Therefore, be wary of any email attachments you receive from retailers or shippers. If something seems off, it probably is. Do not download or open suspicious attachments, as this could potentially lead to a malware attack.
→ Dig Deeper: McAfee Protects Against Suspicious Email Attachments
Scammers often employ a tactic known as “typosquatting,” where they create phony email addresses and URLs that look incredibly similar to the legitimate addresses of well-known companies and retailers. These are often sent via phishing emails, and instead of leading you to great deals, these links can direct you to scam websites that extract your login credentials, payment information, or even directly extract funds from your account when you attempt to place an order through them.
Therefore, it is imperative to double-check all email addresses and URLs before clicking on them. Look out for subtle discrepancies in the spelling or arrangement of characters, as these are often indicators of a scam. If a link or email address seems suspicious, do not click on it.
→ Dig Deeper: How Typosquatting Scams Work
In continuation with the previous point, scammers also set up websites that resemble those run by trusted retailers or brands. These websites often advertise special offers or attractive deals on popular holiday items. However, these are nothing more than a ruse to trick unsuspecting shoppers into divulging their personal and financial information.
These scam websites are often spread through social media, email, and other messaging platforms. It’s crucial to exercise skepticism when encountering such links. Instead of clicking on them, it’s always safer to visit the brand’s official website directly and look for the deal there.
→ Dig Deeper: 8 Ways to Know If Online Stores Are Safe and Legit
Using a robust and comprehensive security software suite while shopping can provide you with additional layers of protection against scams. For instance, web browser protection features can block malicious and suspicious links, reducing the risk of falling prey to malware or a financial scam.
Ensure your antivirus software is up to date and your firewall is enabled. At the same time, enable secure browsing options available in your web browser. These simple steps can go a long way in securing your online shopping experience.
Using the same passwords across multiple platforms is akin to giving hackers a free pass. If they manage to hack into one account, they can potentially gain access to others that share the same password. To avoid this, consider using a password manager. These tools can generate complex and unique passwords for each of your accounts and store them securely, saving you the hassle of remembering them all.
By diversifying your passwords and securing them effectively, you can significantly reduce the risk of becoming a victim of a hack or a scam. The importance of this proactive approach cannot be overstated in today’s interconnected world, where our personal and financial information is often just a few clicks away from prying eyes and malicious intent.
→ Dig Deeper: Strong Password Ideas to Keep Your Information Safe
Two-factor authentication (2FA) is an invaluable tool that adds an extra layer of protection to your accounts. When 2FA is enabled, gaining access to your accounts isn’t as simple as just entering your username and password. Instead, you also need to input a unique, one-time-use code that is typically sent to your phone or email. This code acts as a second password, making your account significantly more secure.
If any of your accounts offer 2FA, it’s crucial to take advantage of this feature. While it might initially seem cumbersome, the added security is well worth the slight inconvenience.
Public Wi-Fi networks, such as those found in coffee shops and other public locations, can be dangerous due to their lack of security. If you shop online through a public Wi-Fi network, you’re essentially broadcasting your private information to anyone who cares to look. To prevent this, consider using a virtual private network (VPN).
VPNs encrypt your internet traffic, securing it against any prying eyes. This encryption protects your passwords, credit card numbers, and other sensitive information from being intercepted and misused. If you frequently shop online in public places, using a VPN is a must.
In the U.S., the Fair Credit Billing Act protects against fraudulent charges on credit cards. Under this act, you can dispute any charges over $50 for goods and services that you never received or were billed incorrectly for. Moreover, many credit card companies offer policies that add to the protections provided by the Fair Credit Billing Act.
However, these protections don’t extend to debit cards. When you use a debit card, the money is immediately drawn from your bank account, making it more difficult to recover in case of fraud. So, for online shopping, it’s safer to use a credit card instead of a debit card.
A virtual credit card can provide an extra layer of security for your online purchases. When you use one of these cards, it generates a temporary card number for each transaction, keeping your real card number safe. However, there are potential downsides to be aware of, such as difficulties with returns and refunds.
Before deciding to use a virtual credit card, understand its pros and cons. Research the policies of the issuing company so you can make an informed decision about whether or not it’s the right choice for you.
Given the number of accounts most of us manage and the rampant incidents of data breaches, it’s crucial to monitor your credit reports for any signs of fraud. An unexpected change in your credit score could indicate that someone has taken out a loan or credit card in your name. If you notice any discrepancies, report them immediately to the credit bureau and to the lender who reported the fraudulent information.
In the U.S., you’re entitled to a free credit report from each of the three major credit bureaus every year. Utilize this service and check your reports regularly. Remember, quickly identifying and reporting fraudulent activity is the key to mitigating its impact.
McAfee Pro Tip: Have you encountered a suspicious charge on your credit card and felt uncertain about the next steps? Get a credit monitoring service to monitor any unusual credit-related transactions that may be a potential sign of identity theft.
As we approach Cyber Monday, it’s important to stay vigilant to protect yourself and your family from online scams. By taking simple precautions like verifying email addresses, resorting to 2FA, using a VPN while shopping on public Wi-Fi, and monitoring your credit reports, you can significantly reduce your chances of falling for an online shopping scam. Additionally, consider employing cybersecurity solutions like McAfee+, which offer robust protection against various online threats. Remember, if a deal seems too good to be true, it probably is. Happy and safe shopping!
The post Cyber Monday: Protect Yourself and Your Family from Online Shopping Scams appeared first on McAfee Blog.
In the shadow of the COVID-19 pandemic, workplaces worldwide have undergone a seismic shift towards remote working. This adjustment involves much more than just allowing employees to access work resources from various locations. It necessitates the update of remote working policies and heightened cybersecurity security awareness.
Cybercriminals and potential nation-states are reportedly exploiting the global health crisis for their own gain. Hackers have targeted an array of sectors, including healthcare, employing COVID-19-related baits to manipulate user behavior. This article aims to provide a comprehensive guide on how you, as an employee, can augment your cybersecurity measures and stay safe when working remotely.
It has been reported that criminals are using COVID-19 as bait in phishing emails, domains, malware, and more. While the exploitation of this global crisis is disheartening, it is unsurprising as criminals habitually leverage large events to their advantage. That said, it’s crucial to identify potential targets, particularly in certain geographic regions.
The data so far reveals a broad geographic dispersion of ‘targets,’ with many countries that are typical phishing targets being hit. However, there are anomalies such as Panama, Taiwan, and Japan, suggesting possible campaigns targeting specific countries. The landscape is continuously evolving as more threats are identified, necessitating vigilant monitoring on your part to stay safe.
→ Dig Deeper: McAfee Labs Report Reveals Latest COVID-19 Threats and Malware Surges
The abrupt shift to remote work has left many employees unprepared, with some needing to operate from personal devices. These personal devices, if lacking appropriate security measures, can expose both you and your company or employer to various potential attacks.
Over the last few years, there has been a surge in targeted ransomware attacks, particularly through “commodity malware.” This malware type is often directed at consumers. Consequently, accessing work networks from potentially infected personal devices without appropriate security measures significantly increases the risk. Both employees and employers are left vulnerable to breaches and ransomware lockdowns.
Office closures and working-from-home mandates due to COVID-19 permanently changed the way we look at workplace connectivity. A recent Fenwick poll among HR, privacy, and security professionals across industries noted that approximately 90% of employees now handle intellectual property, confidential, and personal information on their in-home Wi-Fi as opposed to in-office networks. Additionally, many are accessing this information on personal and mobile devices that often do not have the same protections as company-owned devices. The elevated number of unprotected devices connected to unsecured networks creates weak areas in a company’s infrastructure, making it harder to protect against hackers.
One technology your organization should be especially diligent about is video conferencing software. Hackers can infiltrate video conferencing software to eavesdrop on private discussions and steal vital information. Many disrupt video calls via brute force, where they scan a list of possible meeting IDs to try and connect to a meeting. Others seek more complex infiltration methods through vulnerabilities in the actual software. Up until recently, Agora’s video conferencing software exhibited these same vulnerabilities.
Hackers will usually try to gain access to these network vulnerabilities by targeting unsuspecting employees through phishing scams which can lead to even greater consequences if they manage to insert malware or hold your data for ransom. Without proper training on how to avoid these threats, many employees wouldn’t know how to handle the impact should they become the target.
If you’re an employee working remotely, it is essential to comprehend and adhere to best security practices. Here are some guidelines you could follow:
Considering the rise of remote working, it is more crucial than ever for employees, especially those working remotely, to invest in secure solutions and tools. However, as end-users, it’s also wisest to take extra steps like installing comprehensive security software to ward off cyber threats. These software have features that collectively provide a holistic approach to security, detecting vulnerabilities, and minimizing the chance of an attack.
We recommend McAfee+ and McAfee Total Protection if you want an all-inclusive security solution. With a powerful combination of real-time threat detection, antivirus, and malware protection, secure browsing, identity theft prevention, and privacy safeguards, McAfee+ and McAfee Total Protection ensure that your devices and personal information remain secure and your online experience is worry-free.
McAfee Pro Tip: Gauge your security protection and assess your security needs before you get a comprehensive security plan. This proactive approach is the foundation for establishing robust cybersecurity measures tailored to your specific requirements and potential vulnerabilities. Learn more about our award-winning security products award-winning security products.
In the current digital age, employees must be aware of their crucial role in maintaining organizational security. As such, you should consider engaging in tailored security education and training programs that help employees identify and avoid potential threats such as phishing and malicious downloads. Regular training and updates can be beneficial as employees are often the first line of defense and can significantly help mitigate potential security breaches.
To ensure effective acquisition of knowledge, engage in security training that is designed in an engaging, easy-to-understand manner and utilizes practical examples that you can relate to. Successful training programs often incorporate interactive modules, quizzes, and even games to instill important security concepts.
Effective communication and collaboration are paramount in a remote working environment. Employees need to share information and collaborate on projects effectively while ensuring that sensitive information remains secure. Use and participate in platforms that enable secure communication and collaboration. Tools such as secure messaging apps, encrypted email services, secure file sharing, and collaboration platforms will ensure information protection while allowing seamless collaboration.
Make sure that you’re provided with detailed guidelines and training on the proper use of these tools and their security features. This will help prevent data leaks and other security issues that can arise from misuse or misunderstanding.
→ Dig Deeper: Five Tips from McAfee’s Remote Workers
The transition to a remote working environment brings with it various cybersecurity challenges. Prioritizing secure communication and collaboration tools, coupled with ongoing education and adherence to best practices, can help you navigate these challenges with confidence, ultimately reaping the benefits of a flexible and efficient remote work environment while safeguarding critical data and information. McAfee can help you with that and more, so choose the best combination of features that fits your remote work setup.
The post Staying Safe While Working Remotely appeared first on McAfee Blog.
Some scams make a telltale sound—rinnng, rinnng! Yup, the dreaded robocall. But you can beat them at their game.
Maybe it’s a call about renewing an extended warranty on your car (one you don’t have). Or maybe the robocaller offers up a debt relief service with a shockingly low rate. Calls like these can get annoying real quick. And they can also be scams.
In the U.S., unwanted calls rank as the top consumer complaint reported to the Federal Communications Commission (FCC). Partly because scammers have made good use of spoofing technologies that serve up phony caller ID numbers. As a result, that innocent-looking phone number might not be innocent at all.
Whether the voice on the other end of the smartphone is recorded or an actual person, the intent behind the call is likely the same—to scam you out of your personal information, money, or both. Callers such as these might impersonate banks, government agencies, insurance companies, along with any number of other organizations. Anything that gives them an excuse to demand payment, financial information, or ID numbers.
And some of those callers can sound rather convincing. Others, well, they’ll just get downright aggressive or threatening. One of the most effective tools these scam calls use is a sense of urgency and fear, telling you that there’s a problem right now and they need your information immediately to resolve whatever bogus issue they’ve come up with. That right there is a sign you should take pause and determine what’s really happening before responding or taking any action.
Whatever form these unwanted calls take, there are things you can do to protect yourself and even keep you from getting them in the first place. These tips will get you started:
This straightforward piece of advice can actually get a little tricky. We mentioned spoofing, and certain forms of it can get rather exact. Sophisticated spoofing can make a call appear to come from someone you know. Yet more run-of-the-mill spoofing will often use a form of “neighbor spoofing.” The scammers will use a local area code or the same prefix of your phone number to make it seem more familiar. In short, you might answer one of these calls by mistake. If you do answer, never say “yes.” Similarly sophisticated scammers will record a victim’s voice for use in other scams. That can include trying to hack into credit card accounts by using the company’s phone tree. Recordings of slightly longer lengths can also lead to voice cloning using AI-driven tools. In fact, three seconds of audio is all it takes in some cases to clone a voice with up to 70% accuracy.
Apple and Android phones have features you can enable to silence calls from unknown numbers. Apple explains call silencing here, and Android users can silence spam calls as well. Note that these settings might silence calls you otherwise might want to take. Think about when your doctor’s office calls or the shop rings you with word that your car is ready. Cell phone carriers offer blocking and filtering services as well. Carriers often offer this as a basic service by default. Yet if you’re unsure if you’re covered, contact your carrier.
So, let’s say you let an unknown call go through to voicemail. The call sounds like it’s from a bank or business with news of an urgent matter. If you feel the need to confirm, get a legitimate customer service number from a statement, bill, or website of the bank or business in question so you can verify the situation for yourself. Calling back the number captured by your phone or left in a voicemail can play right into the hands of a scammer.
As you can see, scammers love to play the role of an imposter and will tell you there’s something wrong with your taxes, your account, or your bank statement. Some of them can be quite convincing, so if you find yourself in a conversation where you don’t feel comfortable with what’s being said or how it’s being said, hang up and follow up the bank or business as called out above. In all, look out for pressure or scare tactics and keep your info to yourself.
Several nations provide such a service, effectively a list that legitimate businesses and telemarketers will reference before making their calls. While this might not prevent scammers from ringing you up, it can cut down on unsolicited calls in general. For example, the U.S., Canada, and the UK each offer do not call registries.
Scammers and spammers got your number somehow. Good chance they got it from a data broker site. Data brokers collect and sell personal information of thousands and even millions of individuals. They gather them from public sources, public records, and from third parties as well—like data gathered from smartphone apps and shopping habits from supermarket club cards. And for certain, phone numbers are often in that mix. Our Personal Data Cleanup can help. It scans some of the riskiest data broker sites and shows you which ones are selling your personal info. From there, it guides you through the removal process and can even manage the removal for you in select plans.
Hop onto the app stores out there and you’ll find several call blocking apps, for free or at low cost. While these apps can indeed block spam calls, they might have privacy issues. Which is ironic when you’re basically trying to protect your privacy with these apps in the first place.
These apps might collect information, such as your contact list, usage data, and other information about your phone. As with any app, the key resides in the user agreement. It should tell you what information the app might collect and why. It should also tell you if this information is shared with or sold to third parties.
What’s at risk? Should the app developers get hit with a data breach, that information could end up in the wild. In cases where information is sold to analytics companies, the information might end up with online data brokers.
Pay particularly close attention to free apps. How are they making their money? There’s a fine chance that data collection and sale might generate their profits. At some expense to your privacy.
Given that your privacy is at stake, proceed with caution if you consider this route.
A quieter phone is a happy phone, at least when it comes to annoying robocalls.
While blocking 100% of them remains an elusive goal, you can reduce them greatly with the steps mentioned here. Thankfully, businesses, legislators, and regulatory agencies have taken steps to make it tougher for scammers to make their calls. A combination of technology and stiffer penalties has seen to that. Taken all together, these things work in your favor and can help you beat robocallers at their game.
The post How to Beat Robocallers at Their Game appeared first on McAfee Blog.
The first of August marks the celebration of World Wide Web Day – a day dedicated to the global network that powers our online activity, creating a wealth of knowledge at our fingertips. The World Wide Web (WWW) has revolutionized the way we communicate, learn, and explore, becoming an integral part of our daily lives. With the importance of the internet only growing stronger, it’s only fitting to honor the World Wide Web with a special day of commemoration. But with the internet comes risks, and it’s important to make sure your family is protected from potential threats. Here are some tips and tricks to keep your family safe online.
Phishing scams are a type of fraud that involves sending emails or other messages that appear to be from a legitimate source. The goal of these messages is to trick users into providing personal information such as passwords, credit card numbers, and bank account details. To protect against phishing scams, teach your family to:
Identity theft is a crime in which someone uses another person’s personal information to commit fraud or other crimes. Teach your family to protect against identity theft by:
A virtual private network (VPN) is a type of technology that provides a secure connection to a private network over the internet. A VPN can help protect your family’s online activity by encrypting the data and hiding your online activity from others. To ensure your family’s online safety, teach them to:
Strong passwords are an important part of online security. Teach your family to create strong passwords and to never share them with anyone. Additionally, use a password manager to store and manage your family’s passwords. A password manager can help by:
To conclude, celebrations on World Wide Web Day allow us to give thanks for the incredible world of knowledge, commerce, entertainment, communication, and innovation that the internet has provided, and continues to provide for us all. By following these tips and tricks, your family can stay safe online and enjoy all the benefits of the internet. Happy World Wide Web Day!
The WWW has enabled us to achieve so many things that were simply impossible before. From the ability to catch up with friends and family across the globe to finding information about virtually any topic, the power of the internet is remarkable. In fact, the World Wide Web has significantly enriched our lives in countless ways.
Did you know that the first-ever image posted on the World Wide Web was a photo of Les Horribles Cernettes, a parody pop band founded by employees at CERN? It was uploaded in 1992 by Sir Tim Berners-Lee, who used a NeXT computer as the first-ever web server. And although we use the term “surfing the net” regularly, do you know who actually coined the phrase? A librarian by the name of Jean Armour Polly wrote an article titled “Surfing the Internet” in the Wilson Library Bulletin at the University of Minnesota in 1992.
There are many other remarkable facts about the World Wide Web, including its growth over the years. By the start of the year 1993, there were only 50 servers worldwide, but that number had grown to over 500 by October of the same year. Advances in data compression enabled media streaming to happen over the web, which was previously impractical due to high bandwidth requirements for uncompressed media. Although the number of websites online was still small in comparison to today’s figure, notable sites such as Yahoo! Directory and Yahoo! Search were launched in 1994 and 1995, respectively, marking the beginning of web commerce.
On World Wide Web Day, you can celebrate by exploring the capabilities of the internet and discovering how it has changed over the years. Many organizations worldwide host events featuring conversations and interviews with technology leaders, entrepreneurs, and creators. There are also different talks, activities, and discussions online that you can join, allowing you to delve deeper into the history and potential of the World Wide Web. You could even consider running an event at your local business to market the day and celebrate what WWW has done for us all!
The post World Wide Web Day: How to Protect Your Family Online appeared first on McAfee Blog.
There is a significant secondary marketplace where tickets can sell for several times their original value, opening the opportunity for scammers and fraud
The post Protect yourself from ticketing scams ahead of the Premier League Summer Series USA Tour appeared first on WeLiveSecurity
Sarah didn’t see it coming.
A single mom in her late 40s, “Sarah” was especially lonely after her divorce (name changed to protect her identity). Her teenager had convinced her to join a dating site, so she created a profile on a popular app. After a handful of dates fell flat, she found Scott (name also changed). He was charismatic, kind. “We had an instant connection,” according to Sarah.
They spent hours on the phone sharing their deepest secrets and even started imagining a future together. But after about three months, Scott fell on hard times. At first, he needed to borrow $400 to pay for airfare to visit a dying relative, which he paid back immediately. Over the next few months, the numbers grew to $1,000 for rent and $3,000 for a business venture.
Repayments for those loans never came, and before long, Sarah had loaned her new love over $8,500. When she pressed him for the money, Scott ghosted Sarah online, moved out of town, and she never saw him again. She didn’t share her story with many people. She didn’t report it. She was too embarrassed and humiliated and even became depressed following what she calls “the Scott scam.” Painfully, she lost her trust in others.
Sarah isn’t alone. In the U.S. alone, about 70,000 people reported a romance scam in 2022, according to the Federal Trade Commission (FTC). Reported losses hit $1.3 billion, with a median loss of $4,400. And with such statistics, those figures reflect only what was reported. How many other “Sarahs” in the U.S. got scammed and never reported it? How many worldwide?
That’s the pain of online dating and romance scams. Feelings of embarrassment and humiliation compound financial and emotional pain. After all, the victims were looking for love and companionship.
And that’s what scammers count on. Yet that shouldn’t stop you from a romance that springs online. With a strong heart and sharp eye, you can spot a scam and put an end to it before any damage gets done.
Dating and romance scams can start in several ways. They might begin on dating apps and sites, just like in Sarah’s case. Yet they can happen elsewhere and even pop out of the blue too. Scammers prowl around on social media, texts, and online games by pinging potential victims with an unexpected introductory message — a sort of digital opening line. In fact, the FTC reports that 40% of online dating and romance scams began with a message on social media, versus only 19% on dating apps.
With the initial connection made, a chat begins, and a friendship (or more) blossoms from there. Along the way, the scammer will often rely on a mix of somewhat exotic yet believable storytelling to lure the victim in. Often, that will involve their job and where they’re working. Reports say that scammers will talk of being workers on an offshore oil rig, members of the military stationed overseas, doctors working alongside an international organization or working in the sort of jobs that prevent them from otherwise easily meeting up in person.
With the phony relationship established, the scammer starts asking for money. The FTC reports that they’ll ask for money for several bogus reasons, usually revolving around some sort of hardship where they need a “little help” so that they can pay:
The list goes on, yet that’s the general gist. Scammers often employ a story with an intriguing complication that seems just reasonable enough, one where the romance scammer makes it sound like they could really use the victim’s financial help.
People who have filed fraud reports say they’ve paid their scammer in a few typical ways.
One is by wiring money, often through a wire transfer company. The benefit of this route, for the scammer anyway, is that this is as good as forking over cash. When it’s gone, it’s gone. The victim lacks the protections they have with other payment forms, such as a credit card that allows the holder to cancel or contest a charge.
Another way is through gift cards. Scammers of all stripes like these because they effectively work like cash, whether it’s a gift card for a major online retailer or a chain of brick-and-mortar stores. Like a wire transfer, when that gift card is handed over, the money on it is highly difficult to recover, if at all.
One more common payment method is reloadable debit cards. A scammer might make an initial request for such a card and then make several follow-on requests to load it up again.
In all, a romance scammer typically looks for the easiest payment method that’s the most difficult to contest or reimburse, leaving the victim in a financial lurch when the scam ends.
When it comes to meeting new people online, the FTC suggests the following:
Scammers, although heartless, are still human. They make mistakes. The stories they concoct are just that. Stories. They might jumble their details, get their times and dates all wrong, or simply get caught in an apparent lie. Also, remember that some scammers might be grifting several victims at once, which is yet another opportunity for them to get confused and slip up. Keep an eye out for that. Inconsistencies are the watermarks of a scam.
Lastly, take note that romance scammers have an entirely new set of tricks at their disposal. AI deepfakes. With inexpensive and readily available AI tools, scammers can make themselves look and sound like an entirely different person. All in real-time. As striking as that sounds, keep it in mind. Romance deepfakes now exist in the realm of possibility.
It once was that if a person didn’t want to hop on a voice chat, it might count as a sign of a scam. That’s no longer the case with deepfake technology in play. Even so, many of the same tried-and-true means of avoiding a romance scam still apply.
1. Lock down your privacy on social media.
Social media platforms like Facebook, Instagram, and others give you the option of making your profile and posts visible to friends only. Choosing this setting keeps the broader internet from seeing what you’re doing, saying, and posting, which can help protect your privacy and give a romance scammer less info to exploit. Using our Social Privacy Manager can make that even easier. With only a few clicks, it can adjust more than 100 privacy settings across their social media accounts — making them more private as a result.
2. Google yourself, and then remove what you find.
Have you ever googled yourself online? You’ll find personal info like your date of birth, previous addresses, names of your children and their ages, your estimated income, and more. This info is collected by data brokers and available for sell to advertisers or worse — like scammers. Sophisticated scammers use this info to profile and exploit their victims further. A Personal Data Cleanup service can help you remove this kind of personal data from the web.
3. Say “no” to strangers bearing friend requests.
Be critical of the invitations you receive. Out-and-out strangers might be more than a romance scammer. They might front fake accounts designed to gather info on users for cybercrime, or they can be an account designed to spread false info. There are plenty of them too. In fact, in Q4 of 2023 alone, Facebook took action on 691 million fake accounts. Reject such requests.
4. Go light on the details in your dating profile.
To the extent that you can, provide the minimum amount of details in your dating profile. Granted, this requires a bit of a balancing act. You want to put some info out there to help find a match, yet too much can give you and your location away. Same for your profile pics. Be sure yours have a generic-looking background, rather than anything that might identify where you live, work, or go to school.
5. Protect yourself and your devices.
Online protection software can steer you clear from clicking on malicious links that a scammer might send you online, while also steering you clear of other threats like viruses, ransomware, and phishing attacks in general. It can look out for your personal info as well, by protecting your privacy and monitoring your email, SSN, bank accounts, credit cards, and other info that a scammer or identity thief might put to use. With identity theft a rather commonplace occurrence today, security software is really a must.
If you suspect that you’re being scammed, put an end to the relationship and report it, as difficult as that might feel.
Notify the FTC at ReportFraud.ftc.gov for support and next steps to help you recover financially as much as possible. Likewise, notify the social media site, app, or service where the scam occurred as well. In some cases, you might want to file a police report, which we cover in our broader article on identity theft and fraud.
If you sent funds via a gift card, the FTC suggests filing a claim with the company as soon as possible. They offer further advice on filing a claim here, along with a list of contact numbers for gift card brands that scammers commonly use.
Lastly, go easy on yourself. If you find yourself a victim of online dating or romance fraud, know that you won’t be the first or last person to be taken advantage of this way. By reporting your case, you might help others from falling victim too.
The post How Online Dating Scams work and How to Spot Them appeared first on McAfee Blog.
With the advent of technology and the widespread use of mobile phones, scam calls and texts have become increasingly common. These annoying and invasive attempts to trick you out of your personal information can be frightening and frustrating. They often come in the form of ‘vishing‘ and ‘smishing‘ attacks. But what exactly are these types of scams, and how can you protect yourself against them?
Vishing and smishing are two common methods used by scammers to steal personal information. Vishing, a combination of ‘voice’ and ‘phishing,’ typically involves a scammer calling you and pretending to be from a trusted organization, such as your bank. They may tell you that there has been unusual activity on your account and ask for your personal information to ‘resolve’ the issue.
Smishing, on the other hand, combines ‘SMS’ (text) and ‘phishing.’ In this type of scam, you may receive a text message stating that you have won a prize, or that there is a problem with your account. The message will instruct you to click on a link, which will then try and trick you into providing personal information.
The main strategy of scammers behind vishing and smishing attacks is volume. They send out calls and messages to a large number of phones, hoping that at least a few will fall for the scam. There are several ways these scammers can get bulk phone numbers for their attacks:
Data breaches are a common way for scammers to obtain phone numbers, along with names and email addresses. This information can give them everything they need to launch effective vishing and smishing attacks. While some breaches result in the loss of credit card or government ID numbers, others simply provide basic personal information that can be enough to make their scams seem legitimate.
Another method scammers use to get phone numbers is by purchasing lists from data brokers. These online entities collect and sell detailed information about millions of individuals, including their phone numbers. These lists can be bought for a few dollars with just a few clicks. The data brokers don’t care who they sell to, so even scammers can easily purchase these lists.
→ Dig Deeper: How Data Brokers Sell Your Identity
Scammers often scour social media platforms and online forums to gather personal information, including phone numbers. People sometimes inadvertently share their contact details or other personal information in public posts, comments, or private messages. Scammers exploit these details to build their contact lists.
Scammers may also access publicly available records and directories, such as online phone directories, business listings, or government databases. These sources can provide them with a substantial amount of phone numbers and associated information.
Some scammers use phishing emails or fraudulent online surveys to trick individuals into disclosing their personal information, which can include phone numbers. They may pose as legitimate organizations or institutions, enticing recipients to provide their contact information in the process.
You may have already seen smishing attacks without realizing what they were. Here are a few examples of common smishing scams:
One feature that these messages have in common is that they all include a link. These links often have unusual character strings and web addresses that do not match the supposed sender of the message. This is a clear indication that the message is a scam.
Fortunately, there are steps you can take to protect yourself against these types of scams. Here are a few tips:
Scammers have tools at their disposal that can tamper with caller ID, making it appear as though the call is coming from a trusted organization. Do not rely solely on caller ID to determine the legitimacy of a call or text.
→ Dig Deeper: Be on the Lookout for Scam Tech Support Calls
If you receive a call or text message that seems suspicious, do not provide any personal information. Instead, hang up or ignore the text and contact the organization directly to verify the request.
If you believe you have been the target of a vishing or smishing attack, document the incident and report it to the company it was supposedly from. Many organizations have dedicated fraud reporting tools for this purpose.
As a general rule, avoid clicking on links in text messages, especially if they look suspicious or you do not recognize the sender. If you have concerns, always contact the organization directly.
→ Dig Deeper: The Latest Mobile Scams & How To Stay Safe
There are a number of strategies that you can employ to combat these types of scams. One of the most effective ways is to install comprehensive online protection software like McAfee+ on your phone. This software offers features such as web protection that warns you of suspicious links in texts, search results, and websites you browse. If your personal information appears on the dark web, the software can alert you and provide guidance on how to proceed. It can also help you remove your personal information from data broker sites, reducing your exposure to data breaches and spam calls.
Another strategy is to educate yourself on the telltale signs of a scam call or text. For instance, scammers often use scare tactics or threats to manipulate you into giving up your personal information. If you receive a message that seems to play on your emotions or tries to rush you into action, it’s probably a scam. Legitimate businesses and organizations will not typically resort to such tactics. If in doubt, always contact the organization directly to verify the validity of the message.
Internet service providers and mobile carriers have a crucial role to play in combating vishing and smishing attacks. By implementing advanced security measures, they can help protect their customers from these types of scams. For example, many carriers now offer features such as scam call blocking and identification. These features can help you identify potentially fraudulent calls and texts and avoid falling victim to these scams.
ISPs and mobile carriers can also educate their customers about the risks of vishing and smishing. By providing clear, easy-to-understand information about these scams and how to avoid them, they can empower their customers to protect themselves. As these types of attacks become more sophisticated, the role of ISPs and mobile carriers in combating them will only become more important.
McAfee Pro Tip: Regardless of the nature of these unwelcome calls, there are proactive measures you can take to safeguard yourself and even prevent them from reaching you in the initial instance. Know how to beat and block robocalls.
In conclusion, vishing and smishing are increasingly common types of scams that target individuals through phone calls and text messages. These scams can be frightening and invasive, but by understanding how they work and implementing strategies to protect yourself, you can significantly reduce your risk of being a victim. Comprehensive online protection software, being vigilant to the signs of a scam, and leveraging features offered by your ISP or mobile carrier are all effective ways to combat these scams. Remember, if something doesn’t feel right, it probably isn’t – always contact the organization directly if you’re unsure about a call or text.
The post Those Annoying Scam Calls and Texts: How to Fight Back Against Vishing and Smishing appeared first on McAfee Blog.
Social engineering. It’s a con game. And a con game by any other name stings just as badly.
Like any form of con, social engineering dupes their victims by playing on their emotions. Fear, excitement, and surprise. And they prey on human nature as well. The desire to help others, recognizing authority, and even the dream of hitting it big in the lottery. All of this comes into play in social engineering.
By design, the scammers who employ social engineering do so in an attempt to bilk people out of their personal information, their money, or both. More broadly, they’re designed to give scammers access—to a credit card, bank account, proprietary company information, and even physical access to a building or restricted space in the case of tailgating attacks. In this way, social engineering is an attack technique rather than a specific type of attack.
Several types of attacks employ social engineering:
The list goes on. Yet those are among the top attacks that use social engineering as a means of hoodwinking their victims. It’s a scammer’s secret weapon. Time and time again, we’ve seen just how effective it can be.
So while many bad actors turn to social engineering tricks to do their dirty work, they share several common characteristics. That makes them easy to spot. If you know what you’re looking for.
An overexcited or aggressive tone in an email, text, DM, or any kind of message you receive should put up a big red flag. Scammers use these scare tactics to get you to act without thinking things through first.
Common examples include imposter scams. The scammer will send a text or email that looks like it comes from someone you know. And they’ll say they’re in a jam of some sort, like their car has broken down in the middle of nowhere, or that they have a medical emergency and to go to urgent care. In many of these cases, scammers will quickly ask for money.
Another classic is the tax scam, where a scammer poses as a tax agent or representative. From there, they bully money out of their victims with threats of legal action or even arrest. Dealing with an actual tax issue might be uncomfortable, but a legitimate tax agent won’t threaten you like that.
You’ve won a sweepstakes! (That you never entered.) Get a great deal on this hard-to-find item! (That will never ship after you’ve paid for it.) Scammers will concoct all kinds of stories to separate you from your personal information.
The scammers behind bogus prizes and sweepstakes will ask you for banking information or sometimes even your tax ID number to pay out your winnings. Winnings you’ll never receive, of course. The scammer wants that information to raid your accounts and commit all kinds of identity theft.
Those great deals? The scammers might not ship them at all. They’ll drain your credit or debit card instead and leave you tapping your foot by your mailbox. Sometimes, the scammers might indeed ship you something after all—a knock-off item. One possibly made with child labor.
Scammers will often pose as people you know. That can include friends, family members, co-workers, bosses, vendors or clients at work, and so on. And when they do, something about the message you get will seem a bit strange.
For starters, the message might not sound like it came from them. What they say and how they say it seems off or out of character. It might include links or attachments you didn’t expect to get. Or the message might come to you via a DM sent from a “new” account they set up. In the workplace, you might get a message from your boss instructing you to pay someone a large sum from the company account.
These are all signs that something scammy might be afoot. You’ll want to follow up with these people in person or with a quick phone call just to confirm. Reach them in any way other than by replying to the message you received. Even if it looks like a legitimate account. There’s the chance their account was hacked.
How do scammers know how to reach you in the first place? And how do they seem to know just enough about you to cook up a convincing story? Clever scammers have resources, and they’ll do their homework. You can give them far less to work with by taking the following steps.
Online data brokers hoard all kinds of personal information about individuals. And they’ll sell it to anyone. That includes scammers. Data brokers gather it from multiple sources, such as public records and third parties that have further information like browsing histories and shopping histories (think your supermarket club card). With that information, a scammer can sound quite convincing—like they know you in some way or where your interests lie. You can get this information removed so scammers can’t get their hands on it. Our Personal Data Cleanup scans some of the riskiest data broker sites and shows you which ones are selling your personal info. It also provides guidance on how you can remove your data from those sites and with select products, it can even manage the removal for you.
Needless to say, social media says a lot about you and what you’re into. You already know that because you put a part of yourself out there with each post—not to mention a record of the groups, pages, and things that you follow or like. All this provides yet more grist for a scammer’s mill when it comes time for them to concoct their stories. Setting your accounts to private takes your posts out of the public eye, and the eye of potential scammers too. This can help reduce your risk of getting conned.
Scammers throw all kinds of bogus links at people in the hope they’ll click and wind up on their scammy websites. They’ll also send attachments loaded with malware—a payload that contains ransomware, spyware, or viruses. If you get a message about one of your accounts, a shipment, or anything that involves your personal or financial info, confirm the sender. Did the message come from a legitimate address or account? Or was the address spoofed or the account a fake? For example, some scammers create social media accounts to pose as the U.S. Internal Revenue Service (IRS). The IRS doesn’t contact people through social media. If you have a concern about a message or account, visit the site in question by typing it in directly instead of clicking on the link in the message. Access your information from there or call their customer service line.
The combination of these two things makes it tough for scammers to crack your accounts. Even if they somehow get hold of your password, they can’t get into your account without the multifactor authentication number (usually sent to your phone in some form). A password manager as part of comprehensive online protection software can help you create and securely store those strong, unique passwords. Also, never give your authentication number to anyone after you receive it. Another common scammer trick is to masquerade as a customer service rep and ask you to send that number to them.
This is the one piece of advice scammers don’t want you to have, let alone follow. They count on you getting caught up in the moment—the emotion of it all. Once again, emotions, urgency, and human nature are all key components in any social engineering con. The moment you stop and think about the message, what it’s asking of you, and the way it’s asking you for it, will often quickly let you know that something is not quite right. Follow up. A quick phone call or face-to-face chat can help you from getting conned.
The post Social Engineering—The Scammer’s Secret Weapon appeared first on McAfee Blog.
One of the most expensive aspects of any cybercriminal operation is the time and effort it takes to constantly create large numbers of new throwaway email accounts. Now a new service offers to help dramatically cut costs associated with large-scale spam and account creation campaigns, by paying people to sell their email account credentials and letting customers temporarily rent access to a vast pool of established accounts at major providers.
The service in question — kopeechka[.]store — is perhaps best described as a kind of unidirectional email confirmation-as-a-service that promises to “save your time and money for successfully registering multiple accounts.”
“Are you working on large volumes and are costs constantly growing?” Kopeechka’s website asks. “Our service will solve all your problems.”
As a customer of this service, you don’t get full access to the email inboxes you are renting. Rather, you configure your botnet or spam machine to make an automated application programming interface (API) call to the Kopeechka service, which responds with a working email address at an email provider of your choosing.
Once you’ve entered the supplied email address into the new account registration page at some website or service, you tell Kopeechka which service or website you’re expecting an account confirmation link from, and they will then forward any new messages matching that description to your Kopeechka account panel.
Ensuring that customers cannot control inboxes rented through the service means that Kopeechka can rent the same email address to multiple customers (at least until that email address has been used to register accounts at most of the major online services).
Kopeechka also has multiple affiliate programs, including one that pays app developers for embedding Kopeechka’s API in their software. However, far more interesting is their program for rewarding people who choose to sell Kopeechka usernames and passwords for working email addresses.
Kopeechka means “penny” in Russian, which is generous verbiage (and coinage) for a service that charges a tiny fraction of a penny for access to account confirmation links. Their pricing fluctuates slightly based on which email provider you choose, but a form on the service’s homepage says a single confirmation message from apple.com to outlook.com costs .07 rubles, which is currently equal to about $0.00087 dollars.
The pricing for Kopeechka works out to about a fraction of a penny per confirmation message.
“Emails can be uploaded to us for sale, and you will receive a percentage of purchases %,” the service explains. “You upload 1 mailbox of a certain domain, discuss percentage with our technical support (it depends on the liquidity of the domain and the number of downloaded emails).”
We don’t have to look very far for examples of Kopeechka in action. In May, KrebsOnSecurity interviewed a Russian spammer named “Quotpw“ who was mass-registering accounts on the social media network Mastodon in order to conduct a series of huge spam campaigns advertising scam cryptocurrency investment platforms.
Much of the fodder for that story came from Renaud Chaput, a freelance programmer working on modernizing and scaling the Mastodon project infrastructure — including joinmastodon.org, mastodon.online, and mastodon.social. Chaput told KrebsOnSecurity that his team was forced to temporarily halt all new registrations for these communities last month after the number of new registrations from Quotpw’s spam campaign started to overwhelm their systems.
“We suddenly went from like three registrations per minute to 900 a minute,” Chaput said. “There was nothing in the Mastodon software to detect that activity, and the protocol is not designed to handle this.”
After that story ran, Chaput said he discovered that the computer code powering Quotpw’s spam botnet (which has since been released as open source) contained an API call to Kopeechka’s service.
“It allows them to pool many bot-created or compromised emails at various providers and offer them to cyber criminals,” Chaput said of Kopeechka. “This is what they used to create thousands of valid Hotmail (and other) addresses when spamming on Mastodon. If you look at the code, it’s really well done with a nice API that forwards you the confirmation link that you can then fake click with your botnet.”
It’s doubtful anyone will make serious money selling email accounts to Kopeechka, unless of course that person already happens to run a botnet and has access to ridiculous numbers of email credentials. And in that sense, this service is genius: It essentially offers scammers a new way to wring extra income from resources that are already plentiful for them.
One final note about Quotpw and the spam botnet that ravaged Chaput’s Mastodon servers last month: Trend Micro just published a report saying Quotpw was spamming to earn money for a Russian-language affiliate program called “Impulse Team,” which pays people to promote cryptocurrency scams.
The crypto scam affiliate program “Project Impulse,” advertising in 2021.
Websites under the banner of the Impulse Scam Crypto Project are all essentially “advanced fee” scams that tell people they have earned a cryptocurrency investment credit. Upon registering at the site, visitors are told they need to make a minimum deposit on the service to collect the award. However, those who make the initial investment never hear from the site again, and their money is gone.
Interestingly, Trend Micro says the scammers behind the Impulse Team also appear to be operating a fake reputation service called Scam-Doc[.]com, a website that mimics the legitimate Scamdoc.com for measuring the trustworthiness and authenticity of various sites. Trend notes that the phony reputation site routinely gave high trust ratings to a variety of cryptocurrency scam and casino websites.
“We can only suppose that either the same cybercriminals run operations involving both or that several different cybercriminals share the scam-doc[.]com site,” the Trend researchers wrote.
The ScamDoc fake reputation websites, which were apparently used to help make fake crypto investment platforms look more trustworthy. Image: Trend Micro.
According to the FBI, financial losses from cryptocurrency investment scams dwarfed losses for all other types of cybercrime in 2022, rising from $907 million in 2021 to $2.57 billion last year.
A peek under the hood of a cybercrime operation and what you can do to avoid being an easy target for similar ploys
The post Tricks of the trade: How a cybercrime ring operated a multi‑level fraud scheme appeared first on WeLiveSecurity
Everyone loves a great deal when they shop online. Until they discover it’s a rip-off.
Social media ads for vintage wear. Website ads for home entertainment gear. Search ads for handbags. Some of these ads aren’t what they seem. Instead of leading you to deals on a trustworthy ecommerce site, the ads take you to a bogus page designed to steal your money and personal info.
Unfortunately, it happens. And one global report estimated that online shoppers lost $41 billion to fraud in 2022. How do scammers pull it off? With the same tools that legitimate businesses use.
Let’s look at how they do it and how you can steer clear of their tricks.
Many of today’s scammers work in organized fashion. They oversee large cybercrime operations that run much like a business. They employ web designers, coders, marketing teams, and customer call centers that mimic a genuine online retailer. Which makes sense. The more they can look and act like the real thing, the more likely they can lure victims into their online stores.
Smaller bands of scammers get in on this action as well. Just as a small business can easily create an online store with any number of off-the-shelf services and solutions, so can a couple of scammers.
In this way, scammers large and small can readily create a professional-looking website, create effective ads to drive traffic to it, and collect financial information from there.
Yet, some scammers don’t steal financial information outright. They might indeed ship you the goods, but they won’t be the goods you ordered. They’re counterfeit. And it might be part of a large-scale operation that exploits child workers.
Whether they’re out to steal your money or sell you knockoff goods, online shopping scams tend to ramp up around gift-giving seasons. They’ll bait shoppers with hard-to-find items, tout steep discounts on other popular items, and otherwise play into the rush of holiday gift buying. Yet they crop up year-round as well. Really, any time you shop is a time to be on the lookout for them.
This is a great piece of advice to start with. Directly typing in the correct address for online stores and retailers is a prime way to avoid scammers online. In the case of retailers that you don’t know much about, the U.S. Better Business Bureau (BBB) asks shoppers to do their research. Ensure that the retailer has a good reputation. The BBB makes that easier with a listing of retailers you can search by typing in their name.
Also in the U.S., you can visit the website of your state’s Secretary of State. There you can search for the business in question, learn when it was founded, if it’s still active, or if it exists at all. For businesses based in a state other than your own, you can visit that state’s Secretary of State website for information. For a state-by-state list of Secretaries of State, you can visit the Secretary of State Corporate Search page here.
For a listing of businesses with international locations, organizations like S&P Global Ratings and the Dun and Bradstreet Corporation can provide background information.
Never heard of that retailer before? See when they launched their website. A relatively new site might be a sign that it’s part of a scam.
A quick visit to the ICANN (Internet Corporation for Assigned Names and Numbers) website can show you certain background information for any website you type in. Given how quickly and easily scammers can register and launch a website, this kind of information can help you sniff out a scam.
Of course, it might also indicate a new business that’s entirely legitimate, so a little more digging is called for. That’s where reviews come in. Aside from the resources listed above, a simple web search of “[company name] reviews” or “[company name] scam” can help you find out if the retailer is legit.
3. Look for the lock icon in your browser when you shop.
Secure websites begin their addresses with “https,” not just “http.” That extra “s” stands for “secure,” which means that it uses a secure protocol for transmitting sensitive info like passwords, credit card numbers, and the like over the internet. It often appears as a little padlock icon in the address bar of your browser, so double-check for that. If you don’t see that it’s secure, it’s best to avoid making purchases on that website.
4. Pay with a credit card instead of your debit card.
Credit cards offer fraud protections that debit cards don’t. Another key difference: when fraud occurs with a debit card, you fight to get your money back—it’s gone straight out of your account. With a credit card, the issuer fights to get their money back. They’re the ones who take the financial hit.
Additionally, in the U.S., the Fair Credit Billing Act offers the public protection against fraudulent charges on credit cards. The act gives citizens the power to dispute charges over $50 for goods and services that were never delivered or otherwise billed incorrectly. Note that many credit card companies have their own policies that improve upon the Fair Credit Billing Act as well. However, debit cards aren’t afforded the same protection under the Act. Avoid using a debit card while shopping online and use your credit card instead.
Two-factor authentication is an extra layer of defense on top of your username and password. It adds a one-time-use code to access your login procedure, typically sent to your smartphone by text or call. Together, that makes it tougher for a crook to hack your account. If any of your accounts support two-factor authentication, the few extra seconds it takes to set up is more than worth the big boost in protection you’ll get.
Public Wi-Fi in coffee shops and other public locations can expose your private surfing to prying eyes because those networks are open to all. A virtual private network (VPN) encrypts your browsing, shopping, and other internet traffic. That makes it secure from bad actors who try to intercept your data on public Wi-Fi, which can include your passwords and credit card numbers.
A complete suite of online protection software like McAfee+ can offer layers of extra security while you shop. It includes web browser protection that can block malicious and questionable links that might lead you down the road to malware or a phishing scam— along with a password manager that can create and securely store strong, unique passwords.
Social media has made it easier for sellers large and small to reach customers online. It’s made it easier for scammers to reach victims too.
If you’re on social media, you’ve certainly seen your share of ads. Some are from companies and retailers you know and trust. Yet more are from names you’ve likely never heard of. They might be legitimate businesses, yet they might be fronts for a convincing-looking scam.
These ads end up on social media the same way ads from legitimate businesses do, by way of social media ad platforms. Social media companies created these platforms so advertisers can reach millions of individual users based upon their age group, hobbies and interests, past purchases, and so on.
For example, a scammer might target younger shoppers with an interest in retro fashion. From there, the scammer can narrow that down to target people who live in metropolitan areas who like 1980s memorabilia. The scammers then create an ad that takes that audience to a phony website loaded with bogus t-shirts, coats, and bags.
All of it costs relatively little. A small ad budget of a few hundred dollars can give scammers exposure to millions of potential victims.
The best way to avoid getting stung by these sites is to do your homework. Seek out the company’s track record. Look for reviews. And if you’re unsure, take a pass. Don’t shop with that company.
Shopping scams can look and feel rather sophisticated today. With a host of low-cost and easy-to-use tools for publishing and advertising online, scammers of all sizes can create bogus shopping experiences that look convincing.
So buyers be wary. Before you click or tap on that ad, do some research. Determine if the company is legitimate, if it’s had complaints waged against it, and how those complaints were resolved. And always use your credit card. It offers the best consumer protections you have in the event you do end up getting scammed.
The post Steer Clear of Rip-offs: Top Tips for Safer Online Shopping appeared first on McAfee Blog.
Ping, it’s a scammer!
The sound of an incoming email, text, or direct message has a way of getting your attention, so you take a look and see what’s up. It happens umpteen times a week, to the extent that it feels like the flow of your day. And scammers want to tap into that with sneaky phishing attacks that catch you off guard, all with the aim of stealing your personal information or bilking you out of your money.
Phishing attacks take several forms, where scammers masquerade as a legitimate company, financial institution, government agency, or even as someone you know. And they’ll come after you with messages that follow suit:
You can see why phishing attacks can be so effective. Messages like these have an urgency to them, and they seem like they’re legit, or they at least seem like they might deal with something you might care about. But of course they’re just a ruse. And some of them can look and sound rather convincing. Or at least convincing enough that you’ll not only give them a look, but that you’ll also give them a click too.
And that’s where the troubles start. Clicking the links or attachments sent in a phishing attack can lead to several potentially nasty things, such as:
However, plenty of phishing attacks are preventable. A mix of knowing what to look for and putting a few security steps in place can help you keep scammers at bay.
How you end up with one has a lot to do with it.
There’s a good chance you’ve already seen your share of phishing attempts on your phone. A text comes through with a brief message that one of your accounts needs attention, from an entirely unknown number. Along with it is a link that you can tap to follow up, which will send you to a malicious site. In some cases, the sender may skip the link and attempt to start a conversation with the aim of getting you to share your personal information or possibly fork over some payment with a gift card, money order, rechargeable debit card, or other form of payment that is difficult to trace and recover.
In the case of social media, you can expect that the attack will come from an imposter account that’s doing its best to pose as one of those legitimate businesses or organizations we talked about, or perhaps as a stranger or even someone you know. And the name and profile pic will do its best to play the part. If you click on the account that sent it, you may see that it was created only recently and that it has few to no followers, both of which are red flags. The attack is typically conversational, much like described above where the scammer attempts to pump you for personal info or money.
Attacks that come by direct messaging apps will work much in the same way. The scammer will set up a phony account, and where the app allows, a phony name and a phony profile pic to go along with it.
Email gets a little more complicated because emails can range anywhere from a few simple lines of text to a fully designed piece complete with images, formatting, and embedded links—much like a miniature web page.
In the past, email phishing attacks looked rather unsophisticated, rife with poor spelling and grammar, along with sloppy-looking layouts and images. That’s still sometimes the case today. Yet not always. Some phishing emails look like the real thing. Or nearly so.
Case in point, here’s a look at a phishing email masquerading as a McAfee email:
There’s a lot going on here. The scammers try to mimic the McAfee brand, yet don’t quite pull it off. Still, they do several things to try and be convincing.
Note the use of photography and the box shot of our software, paired with a prominent “act now” headline. It’s not the style of photography we use. Not that people would generally know this. However, some might have a passing thought like, “Huh. That doesn’t really look right for some reason.”
Beyond that, there are a few capitalization errors, some misplaced punctuation, plus the “order now” and “60% off” icons look rather slapped on. Also note the little dash of fear it throws in at the top of the email with mention of “There are (42) viruses on your computer.”
Taken all together, you can spot many email scams by taking a closer look, seeing what doesn’t feel right, and then trusting you gut. But that asks you to slow down, take a moment, and eyeball the email critically. Which people don’t always do. And that’s what scammers count on.
Similar ploys see scammers pose as legitimate companies and retailers, where they either ask you to log into a bogus account page to check statement or the status of an order. Some scammers offer links to “discount codes” that are instead links to landing pages designed steal your account login information as well. Similarly, they may simply send a malicious email attachment with the hope that you’ll click it.
In other forms of email phishing attacks, scammers may pose as a co-worker, business associate, vendor, or partner to get the victim to click a malicious link or download malicious software. These may include a link to a bogus invoice, spreadsheet, notetaking file, or word processing doc—just about anything that looks like it could be a piece of business correspondence. Instead, the link leads to a scam website that asks the victim “log in and download” the document, which steals account info as a result. Scammers may also include attachments to phishing emails that can install malware directly on the device, sometimes by infecting an otherwise everyday document with a malicious payload.
Email scammers may also pose as someone you know, whether by propping up an imposter email account or by outright hijacking an existing account. The attack follows the same playbook, using a link or an attachment to steal personal info, request funds, or install malware.
While you can’t outright stop phishing attacks from making their way to your computer or phone, you can do several things to keep yourself from falling to them. Further, you can do other things that may make it more difficult for scammers to reach you.
The content and the tone of the message can tell you quite a lot. Threatening messages or ones that play on fear are often phishing attacks, such angry messages from a so-called tax agent looking to collect back taxes. Other messages will lean heavy on urgency, like the phony McAfee phishing email above that says your license has expired today and that you have “(42)” viruses. And during the holidays, watch out for loud, overexcited messages about deep discounts on hard-to-find items. Instead of linking you off to a proper ecommerce site, they may link you to a scam shopping site that does nothing but steal your money and the account information you used to pay them. In all, phishing attacks indeed smell fishy. Slow down and review that message with a critical eye. It may tip you off to a scam.
Some phishing attacks can look rather convincing. So much so that you’ll want to follow up on them, like if your bank reports irregular activity on your account or a bill appears to be past due. In these cases, don’t click on the link in the message. Go straight to the website of the business or organization in question and access your account from there. Likewise, if you have questions, you can always reach out to their customer service number or web page.
When scammers contact you via social media, that in of itself can be a tell-tale sign of a scam. Consider, would an income tax collector contact you over social media? The answer there is no. For example, in the U.S. the Internal Revenue Service (IRS) makes it quite clear that they will never contact taxpayers via social media. (Let alone send angry, threatening messages.) In all, legitimate businesses and organizations don’t use social media as a channel for official communications. They have accepted ways they will, and will not, contact you. If you have any doubts about a communication you received, contact the business or organization in question directly and follow up with one of their customer service representatives.
Some phishing attacks involve attachments packed with malware like the ransomware, viruses, and keyloggers we mentioned earlier. If you receive a message with such an attachment, delete it. Even if you receive an email with an attachment from someone you know, follow up with that person. Particularly if you weren’t expecting an attachment from them. Scammers will often hijack or spoof email accounts of everyday people to spread malware.
On computers and laptops, you can hover your cursor over links without clicking on them to see the web address. Take a close look at the addresses the message is using. If it’s an email, look at the email address. Maybe the address doesn’t match the company or organization at all. Or maybe it looks like it almost does, yet it adds a few letters or words to the name. This marks yet another sign that you may have a phishing attack on your hands. Scammers also use the common tactic of a link shortener, which creates links that almost look like strings of indecipherable text. These shortened links mask the true address, which may indeed be a link to scam site. Delete the message. If possible, report it. Many social media platforms and messaging apps have built-in controls for reporting suspicious accounts and messages.
On social media and messaging platforms, stick to following, friending, and messaging people who you really know. As for those people who contact you out of the blue, be suspicious. Sad to say, they’re often scammers canvassing these platforms for victims. Better yet, where you can, set your profile to private, which makes it more difficult for scammers select and stalk you for an attack.
How’d that scammer get your phone number or email address anyway? Chances are, they pulled that information off a data broker site. Data brokers buy, collect, and sell detailed personal information, which they compile from several public and private sources, such as local, state, and federal records, plus third parties like supermarket shopper’s cards and mobile apps that share and sell user data. Moreover, they’ll sell it to anyone who pays for it, including people who’ll use that information for scams. You can help reduce those scam texts and calls by removing your information from those sites. Our Personal Data Cleanup scans some of the riskiest data broker sites and shows you which ones are selling your personal info.
Online protection software can protect you in several ways. First, it can offer safe browsing features that can identify malicious links and downloads, which can help prevent clicking them. Further, it can steer you away from dangerous websites and block malware and phishing sites if you accidentally click on a malicious link. And overall, strong virus and malware protection can further block any attacks on your devices. Be sure to protect your smartphones in addition to your computers and laptops as well, particularly given all the sensitive things we do on them, like banking, shopping, and booking rides and travel.
Once phishing attacks were largely the domain of bogus emails, yet now they’ve spread to texts, social media, and messaging apps—anywhere a scammer can send a fraudulent message while posing as a reputable source.
Scammers count on you taking the bait, the immediate feelings of fear or concern that there’s a problem with your taxes or one of your accounts. They also prey on scarcity, like during the holidays where people search for great deals on gifts and have plenty of packages on the move. With a critical eye, you can often spot those scams. Sometimes, a pause and a little thought is all it takes. And in the cases where a particularly cagey attack makes its way through, online protection software can warn you that the link you’re about to click is indeed a trap.
Taken all together, you have plenty of ways you can beat scammers at their game.
The post How to Avoid Phishing Attacks on Your Smartphones and Computers appeared first on McAfee Blog.
There are plenty of phish in the sea.
Millions of bogus phishing emails land in millions of inboxes each day with one purpose in mind—to rip off the recipient. Whether they’re out to crack your bank account, steal personal information, or both, you can learn how to spot phishing emails and keep yourself safe.
And some of today’s phishing emails are indeed getting tougher to spot.
They seem like they come from companies you know and trust, like your bank, your credit card company, or services like Netflix, PayPal, and Amazon. And some of them look convincing. The writing and the layout are crisp, and the overall presentation looks professional. Yet still, there’s still something off about them.
And there’s certainly something wrong with that email. It was written by a scammer. Phishing emails employ a bait-and-hook tactic, where an urgent or enticing message is the bait and malware or a link to a phony login page is the hook.
Once the hook gets set, several things might happen. That phony login page may steal account and personal information. Or that malware might install keylogging software that steals information, viruses that open a back door through which data can get hijacked, or ransomware that holds a device and its data hostage until a fee is paid.
Again, you can sidestep these attacks if you know how to spot them. There are signs.
Let’s look at how prolific these attacks are, pick apart a few examples, and then break down the things you should look for.
<h2>Phishing attack statistics—the millions of attempts made each year.
In the U.S. alone, more than 300,000 victims reported a phishing attack to the FBI in 2022. Phishing attacks topped the list of reported complaints, roughly six times greater than the second top offender, personal data breaches. The actual figure is undoubtedly higher, given that not all attacks get reported.
Looking at phishing attacks worldwide, one study suggests that more than 255 million phishing attempts were made in the second half of 2022 alone. That marks a 61% increase over the previous year. Another study concluded that 1 in every 99 mails sent contained a phishing attack.
Yet scammers won’t always cast such a wide net. Statistics point to a rise in targeted spear phishing, where the attacker goes after a specific person. They will often target people at businesses who have the authority to transfer funds or make payments. Other targets include people who have access to sensitive information like passwords, proprietary data, and account information.
As such, the price of these attacks can get costly. In 2022, the FBI received 21,832 complaints from businesses that said they fell victim to a spear phishing attack. The adjusted losses were over $2.7 billion—an average cost of $123,671 per attack.
So while exacting phishing attack statistics remain somewhat elusive, there’s no question that phishing attacks are prolific. And costly.
<h2>What does a phishing attack look like?
Nearly every phishing attack sends an urgent message. One designed to get you to act.
Some examples …
When set within a nice design and paired some official-looking logos, it’s easy to see why plenty of people click the link or attachment that comes with messages like these.
And that’s the tricky thing with phishing attacks. Scammers have leveled up their game in recent years. Their phishing emails can look convincing. Not long ago, you could point to misspellings, lousy grammar, poor design, and logos that looked stretched or that used the wrong colors. Poorly executed phishing attacks like that still make their way into the world. However, it’s increasingly common to see far more sophisticated attacks today. Attacks that appear like a genuine message or notice.
Case in point:
Say you got an email that said your PayPal account had an issue. Would you type your account information here if you found yourself on this page? If so, you would have handed over your information to a scammer.
We took the screenshot above as part of following a phishing attack to its end—without entering any legitimate info, of course. In fact, we entered a garbage email address and password, and it still let us in. That’s because the scammers were after other information, as you’ll soon see.
As we dug into the site more deeply, it looked pretty spot on. The design mirrored PayPal’s style, and the footer links appeared official enough. Yet then we looked more closely.
Note the subtle errors, like “card informations” and “Configuration of my activity.” While companies make grammatical errors on occasion, spotting them in an interface should hoist a big red flag. Plus, the site asks for credit card information very early in the process. All suspicious.
Here’s where the attackers really got bold.
They ask for bank “informations,” which not only includes routing and account numbers, but they ask for the account password too. As said, bold. And entirely bogus.
Taken all together, the subtle errors and the bald-faced grab for exacting account information clearly mark this as a scam.
Let’s take a few steps back, though. Who sent the phishing email that directed us to this malicious site? None other than “paypal at inc dot-com.”
Clearly, that’s a phony email. And typical of a phishing attack where an attacker shoehorns a familiar name into an unassociated email address, in this case “inc dot-com.” Attackers may also gin up phony addresses that mimic official addresses, like “paypalcustsv dot-com.” Anything to trick you.
Likewise, the malicious site that the phishing email sent us to used a spoofed address as well. It had no official association with PayPal at all—which is proof positive of a phishing attack.
Note that companies only send emails from their official domain names, just as their sites only use their official domain names. Several companies and organizations will list those official domains on their websites to help curb phishing attacks.
For example, PayPal has a page that clearly states how it will and will not contact you. At McAfee, we have an entire page dedicated to preventing phishing attacks, which also lists the official email addresses we use.
Not every scammer is so sophisticated, at least in the way that they design their phishing emails. We can point to a few phishing emails that posed as legitimate communication from McAfee as examples.
There’s a lot going on in this first email example. The scammers try to mimic the McAfee brand, yet don’t pull it off. Still, they do several things to try to act convincing.
Note the use of photography and the box shot of our software, paired with a prominent “act now” headline. It’s not the style of photography we use. Not that people would generally know this. However, some might have a passing thought like, “Huh. That doesn’t really look like what McAfee usually sends me.”
Beyond that, there are a few capitalization errors, some misplaced punctuation, and the “order now” and “60% off” icons look rather slapped on. Also note the little dash of fear it throws in with a mention of “There are (42) viruses on your computer …”
Taken all together, someone can readily spot that this is a scam with a closer look.
This next ad falls into the less sophisticated category. It’s practically all text and goes heavy on the red ink. Once again, it hosts plenty of capitalization errors, with a few gaffes in grammar as well. In all, it doesn’t read smoothly. Nor is it easy on the eye, as a proper email about your account should be.
What sets this example apart is the “advertisement” disclaimer below, which tries to lend the attack some legitimacy. Also note the phony “unsubscribe” link, plus the (scratched out) mailing address and phone, which all try to do the same.
This last example doesn’t get our font right, and the trademark symbol is awkwardly placed. The usual grammar and capitalization errors crop up again, yet this piece of phishing takes a slightly different approach.
The scammers placed a little timer at the bottom of the email. That adds a degree of scarcity. They want you to think that you have about half an hour before you are unable to register for protection. That’s bogus, of course.
Seeing any recurring themes? There are a few for sure. With these examples in mind, get into the details—how you can spot phishing attacks and how you can avoid them altogether.
Just as we saw, some phishing attacks indeed appear fishy from the start. Yet sometimes it takes a bit of time and a particularly critical eye to spot.
And that’s what scammers count on. They hope that you’re moving quickly or otherwise a little preoccupied when you’re going through your email or messages. Distracted enough so that you might not pause to think, is this message really legit?
One of the best ways to beat scammers is to take a moment to scrutinize that message while keeping the following in mind …
Fear. That’s a big one. Maybe it’s an angry-sounding email from a government agency saying that you owe back taxes. Or maybe it’s another from a family member asking for money because there’s an emergency. Either way, scammers will lean heavily on fear as a motivator.
If you receive such a message, think twice. Consider if it’s genuine. For instance, consider that tax email example. In the U.S., the Internal Revenue Service (IRS) has specific guidelines as to how and when they will contact you. As a rule, they will likely contact you via physical mail delivered by the U.S. Postal Service. (They won’t call or apply pressure tactics—only scammers do that.) Likewise, other nations will have similar standards as well.
Scammers also love urgency. Phishing attacks begin by stirring up your emotions and getting you to act quickly. Scammers might use threats or overly excitable language to create that sense of urgency, both of which are clear signs of a potential scam.
Granted, legitimate businesses and organizations might reach out to notify you of a late payment or possible illicit activity on one of your accounts. Yet they’ll take a far more professional and even-handed tone than a scammer would. For example, it’s highly unlikely that your local electric utility will angrily shut off your service if you don’t pay your past due bill immediately.
Gift cards, cryptocurrency, money orders—these forms of payment are another sign that you might be looking at a phishing attack. Scammers prefer these methods of payment because they’re difficult to trace. Additionally, consumers have little or no way to recover lost funds from these payment methods.
Legitimate businesses and organizations won’t ask for payments in those forms. If you get a message asking for payment in one of those forms, you can bet it’s a scam.
Here’s another way you can spot a phishing attack. Take a close look at the addresses the message is using. If it’s an email, look at the email address. Maybe the address doesn’t match the company or organization at all. Or maybe it does somewhat, yet it adds a few letters or words to the name. This marks yet another sign that you might have a phishing attack on your hands.
Likewise, if the message contains a web link, closely examine that as well. If the name looks at all unfamiliar or altered from the way you’ve seen it before, that might also mean you’re looking at a phishing attempt.
Online protection software can protect you from phishing attacks in several ways.
For starters, it offers web protection that warns you when links lead to malicious websites, such as the ones used in phishing attacks. In the same way, online protection software can warn you about malicious downloads and email attachments so that you don’t end up with malware on your device. And, if the unfortunate does happen, antivirus can block and remove malware.
Online protection software like ours can also address the root of the problem. Scammers must get your email address from somewhere. Often, they get it from online data brokers, sites that gather and sell personal information to any buyer—scammers included.
Data brokers source this information from public records and third parties alike that they sell in bulk, providing scammers with massive mailing lists that can target thousands of potential victims. You can remove your personal info from some of the riskiest data broker sites with our Personal Data Cleanup, which can lower your exposure to scammers by keeping your email address out of their hands.
In all, phishing emails have telltale signs, some more difficult to see than others. Yet you can spot them when you know what to look for and take the time to look for them. With these attacks so prevalent and on the rise, looking at your email with a critical eye is a must today.
The post How to Spot Phishing Emails and Scams appeared first on McAfee Blog.
Ping, it’s a scammer!
The sound of an incoming email, text, or direct message has a way of getting your attention, so you take a look and see what’s up. It happens umpteen times a week, to the extent that it feels like the flow of your day. And scammers want to tap into that with sneaky phishing attacks that catch you off guard, all with the aim of stealing your personal information or bilking you out of your money.
Phishing attacks take several forms, where scammers masquerade as a legitimate company, financial institution, government agency, or even as someone you know. And they’ll come after you with messages that follow suit:
You can see why phishing attacks can be so effective. Messages like these have an urgency to them, and they seem like they’re legit, or they at least seem like they might deal with something you might care about. But of course they’re just a ruse. And some of them can look and sound rather convincing. Or at least convincing enough that you’ll not only give them a look, but that you’ll also give them a click too.
And that’s where the troubles start. Clicking the links or attachments sent in a phishing attack can lead to several potentially nasty things, such as:
However, plenty of phishing attacks are preventable. A mix of knowing what to look for and putting a few security steps in place can help you keep scammers at bay.
How you end up with one has a lot to do with it.
There’s a good chance you’ve already seen your share of phishing attempts on your phone. A text comes through with a brief message that one of your accounts needs attention, from an entirely unknown number. Along with it is a link that you can tap to follow up, which will send you to a malicious site. In some cases, the sender may skip the link and attempt to start a conversation with the aim of getting you to share your personal information or possibly fork over some payment with a gift card, money order, rechargeable debit card, or other form of payment that is difficult to trace and recover.
In the case of social media, you can expect that the attack will come from an imposter account that’s doing its best to pose as one of those legitimate businesses or organizations we talked about, or perhaps as a stranger or even someone you know. And the name and profile pic will do its best to play the part. If you click on the account that sent it, you may see that it was created only recently and that it has few to no followers, both of which are red flags. The attack is typically conversational, much like described above where the scammer attempts to pump you for personal info or money.
Attacks that come by direct messaging apps will work much in the same way. The scammer will set up a phony account, and where the app allows, a phony name and a phony profile pic to go along with it.
Email gets a little more complicated because emails can range anywhere from a few simple lines of text to a fully designed piece complete with images, formatting, and embedded links—much like a miniature web page.
In the past, email phishing attacks looked rather unsophisticated, rife with poor spelling and grammar, along with sloppy-looking layouts and images. That’s still sometimes the case today. Yet not always. Some phishing emails look like the real thing. Or nearly so.
Case in point, here’s a look at a phishing email masquerading as a McAfee email:
There’s a lot going on here. The scammers try to mimic the McAfee brand, yet don’t quite pull it off. Still, they do several things to try and be convincing.
Note the use of photography and the box shot of our software, paired with a prominent “act now” headline. It’s not the style of photography we use. Not that people would generally know this. However, some might have a passing thought like, “Huh. That doesn’t really look right for some reason.”
Beyond that, there are a few capitalization errors, some misplaced punctuation, plus the “order now” and “60% off” icons look rather slapped on. Also note the little dash of fear it throws in at the top of the email with mention of “There are (42) viruses on your computer.”
Taken all together, you can spot many email scams by taking a closer look, seeing what doesn’t feel right, and then trusting you gut. But that asks you to slow down, take a moment, and eyeball the email critically. Which people don’t always do. And that’s what scammers count on.
Similar ploys see scammers pose as legitimate companies and retailers, where they either ask you to log into a bogus account page to check statement or the status of an order. Some scammers offer links to “discount codes” that are instead links to landing pages designed steal your account login information as well. Similarly, they may simply send a malicious email attachment with the hope that you’ll click it.
In other forms of email phishing attacks, scammers may pose as a co-worker, business associate, vendor, or partner to get the victim to click a malicious link or download malicious software. These may include a link to a bogus invoice, spreadsheet, notetaking file, or word processing doc—just about anything that looks like it could be a piece of business correspondence. Instead, the link leads to a scam website that asks the victim “log in and download” the document, which steals account info as a result. Scammers may also include attachments to phishing emails that can install malware directly on the device, sometimes by infecting an otherwise everyday document with a malicious payload.
Email scammers may also pose as someone you know, whether by propping up an imposter email account or by outright hijacking an existing account. The attack follows the same playbook, using a link or an attachment to steal personal info, request funds, or install malware.
While you can’t outright stop phishing attacks from making their way to your computer or phone, you can do several things to keep yourself from falling to them. Further, you can do other things that may make it more difficult for scammers to reach you.
The content and the tone of the message can tell you quite a lot. Threatening messages or ones that play on fear are often phishing attacks, such angry messages from a so-called tax agent looking to collect back taxes. Other messages will lean heavy on urgency, like the phony McAfee phishing email above that says your license has expired today and that you have “(42)” viruses. And during the holidays, watch out for loud, overexcited messages about deep discounts on hard-to-find items. Instead of linking you off to a proper ecommerce site, they may link you to a scam shopping site that does nothing but steal your money and the account information you used to pay them. In all, phishing attacks indeed smell fishy. Slow down and review that message with a critical eye. It may tip you off to a scam.
Some phishing attacks can look rather convincing. So much so that you’ll want to follow up on them, like if your bank reports irregular activity on your account or a bill appears to be past due. In these cases, don’t click on the link in the message. Go straight to the website of the business or organization in question and access your account from there. Likewise, if you have questions, you can always reach out to their customer service number or web page.
When scammers contact you via social media, that in of itself can be a tell-tale sign of a scam. Consider, would an income tax collector contact you over social media? The answer there is no. For example, in the U.S. the Internal Revenue Service (IRS) makes it quite clear that they will never contact taxpayers via social media. (Let alone send angry, threatening messages.) In all, legitimate businesses and organizations don’t use social media as a channel for official communications. They have accepted ways they will, and will not, contact you. If you have any doubts about a communication you received, contact the business or organization in question directly and follow up with one of their customer service representatives.
Some phishing attacks involve attachments packed with malware like the ransomware, viruses, and keyloggers we mentioned earlier. If you receive a message with such an attachment, delete it. Even if you receive an email with an attachment from someone you know, follow up with that person. Particularly if you weren’t expecting an attachment from them. Scammers will often hijack or spoof email accounts of everyday people to spread malware.
On computers and laptops, you can hover your cursor over links without clicking on them to see the web address. Take a close look at the addresses the message is using. If it’s an email, look at the email address. Maybe the address doesn’t match the company or organization at all. Or maybe it looks like it almost does, yet it adds a few letters or words to the name. This marks yet another sign that you may have a phishing attack on your hands. Scammers also use the common tactic of a link shortener, which creates links that almost look like strings of indecipherable text. These shortened links mask the true address, which may indeed be a link to scam site. Delete the message. If possible, report it. Many social media platforms and messaging apps have built-in controls for reporting suspicious accounts and messages.
On social media and messaging platforms, stick to following, friending, and messaging people who you really know. As for those people who contact you out of the blue, be suspicious. Sad to say, they’re often scammers canvassing these platforms for victims. Better yet, where you can, set your profile to private, which makes it more difficult for scammers select and stalk you for an attack.
How’d that scammer get your phone number or email address anyway? Chances are, they pulled that information off a data broker site. Data brokers buy, collect, and sell detailed personal information, which they compile from several public and private sources, such as local, state, and federal records, plus third parties like supermarket shopper’s cards and mobile apps that share and sell user data. Moreover, they’ll sell it to anyone who pays for it, including people who’ll use that information for scams. You can help reduce those scam texts and calls by removing your information from those sites. Our Personal Data Cleanup scans some of the riskiest data broker sites and shows you which ones are selling your personal info.
Online protection software can protect you in several ways. First, it can offer safe browsing features that can identify malicious links and downloads, which can help prevent clicking them. Further, it can steer you away from dangerous websites and block malware and phishing sites if you accidentally click on a malicious link. And overall, strong virus and malware protection can further block any attacks on your devices. Be sure to protect your smartphones in addition to your computers and laptops as well, particularly given all the sensitive things we do on them, like banking, shopping, and booking rides and travel.
Once phishing attacks were largely the domain of bogus emails, yet now they’ve spread to texts, social media, and messaging apps—anywhere a scammer can send a fraudulent message while posing as a reputable source.
Scammers count on you taking the bait, the immediate feelings of fear or concern that there’s a problem with your taxes or one of your accounts. They also prey on scarcity, like during the holidays where people search for great deals on gifts and have plenty of packages on the move. With a critical eye, you can often spot those scams. Sometimes, a pause and a little thought is all it takes. You can stay one step ahead of scammers with the power of AI, our new McAfee Scam Protection can alert you when scam texts pop up on your device or phone. Removing the guessing and it can block risky sites if you accidentally follow a scam link in a text, email, social media, and more. And in the cases where a particularly cagey attack makes its way through, online protection software can warn you that the link you’re about to click is indeed a trap.
Taken all together, you have plenty of ways you can beat scammers at their game.
The post How to Protect Yourself From Phishing Scams appeared first on McAfee Blog.
Who else loves tax season besides accountants? Scammers.
It’s high time of year for online risks here in the U.S. with the onset of tax season, where scammers unleash all manner of scams aimed at taxpayers. The complexity, and even uncertainty, of filing a proper tax return can stir up anxieties like, Have I filed correctly, Did I claim the right deductions, Will I get audited, and Will I get stung with a tax penalty are just a few—and these are the very same anxieties that criminals use as the cornerstone of their attacks.
Yet like so many scams, tax scams give off telltale signs that they’re indeed not on the up-and-up. You have ways you can spot one before you get caught up in one.
In all, we’ve learned to watch our step with the Internal Revenue Service (IRS), so much so that receiving a notification from the IRS can feel like an unwanted surprise. Uh oh, did I do something wrong? However, in reality, less than 2% of returns get audited and most discrepancies or adjustments can get handled easily if addressed promptly.
Still, that wariness of the IRS makes for ripe pickings when it comes to hackers, who prey on people’s fear of audits and penalties. Common scams include email phishing attacks, phone calls from crooks posing as IRS agents, texts claiming there’s a problem with our tax software, and even robocalls that threaten jail time for unpaid back taxes. What’s more, fraudsters can take things a step further by committing identity theft and then filing tax claims in other people’s names.
With that, let’s dig into a list of the top scams winding up on our screens and phones during tax time.
Straight from the authority itself, the IRS publishes its Dirty Dozen, an annual list of the top tax season scams. Year-over-year, many of the same scams make the list, yet new ones continue to crop up as scammers try to take advantage of current events. A couple recent examples include email phishing scams centered around Employee Retention Credits, pandemic relief checks, and federal stimulus checks. Additionally, the IRS has warned filers about disinformation that circulates on social media, such as bogus advice that urges filers to alter their W-2 figures for a better refund. With new scams entering the mix every tax season, the Dirty Dozen offers plenty of good advice that can help you steer clear of scams.
We all know the annoyance of spammy phone calls, whether they’re for phony car warranties, tech support services, or debt collection agencies. During this time of year, you can add phony IRS agents and financial service providers to the list.
The stories that scammers will tell will vary, but they often share common themes:
Another thing they have in common: they each outright ask for money, personal information, and sometimes a combination of both. All of which is an indication of a scam.
For the record, per the IRS, it does not:
Also, per the IRS, they cannot revoke your driver’s license, business license, or immigration status. As noted above, scammers will often weave these threats into their stories. Those threats are entirely empty.
What will the IRS do? Generally, the IRS will first mail a notice to any taxpayer who owes taxes. In some instances, IRS collection employees may make an unannounced visit to your home and properly identify themselves with IRS-issued credentials and a federal ID card. In all cases, the revenue officer will only request required payments by cash, check, certified funds, or money order payable to “United States Treasury.”
As for scam calls that pose as financial services companies or tax preparers, ignore them. If you’re planning to work with a tax pro, do your research and work with a legitimate, accredited individual or organization. The IRS has a great resource that can get you started on your search with its “Directory of Federal Tax Return Preparers.” There you can get a list of qualified tax preparers that are verified by the IRS, which you can narrow down based on their accreditations and distance from your zip code.
Don’t fall for AI tax scams! With the rise of AI technology, it’s becoming harder to spot these fraudulent schemes. In the past, fake voices, accents, and grammar mistakes were obvious red flags. But now, scammers are using AI-generated voices that sound just like your neighbors. They’ll pose as the IRS, offering tax assistance or forgiveness. McAfee’s CTO, Steve Grobman warns that cyber-criminals are even cloning American accents to make their scams more convincing. Last month, McAfee detected over a million suspicious URLs related to tax scams. Protect yourself by using antivirus software and call-blocking apps. But be cautious of phishing attempts through texts, emails, and calls. Scammers may threaten you with back taxes or promise unrealistic zero-tax programs. Remember, the IRS never threatens or contacts you through phone, text, or email. They always send official letters by mail. And they never ask for payment in gift cards, Apple Pay, Crypto, Bitcoin, Venmo, or Zelle. Stay alert and keep your personal information and money safe! Watch the video below from Steve, discussing AI voice scams.
One way you can be sure that someone other than the IRS has reached you is if they contact you by text, messaging app, or social media. The IRS will not contact you in any of these ways. Ignore any such messages, and if your app or platform allows you to report messages or accounts as spam, do so. You can often do it with a simple click or tap.
Another increasingly popular scam on phones is the bogus account alert. The scammer may send a message that says Your account is on hold, or something like We’ve detected unusual activity. During most of the year, scammers will use these messages to pose as online payment platforms, banks, credit card companies, online stores, and streaming services.
Now during tax season, they’ll masquerade as IRS agents or popular tax software companies. Even though the names change, the game remains the same. The text or message will serve up a link so you can “correct the situation,” one that leads to a site that could steal your personal information or otherwise trick you into installing malware on your phone.
As always, don’t click these links. Report them if you can.
Phishing emails pull many of the same tricks that calls, texts, and direct messages do—you’ll simply find them in your inbox instead. The same rules for avoiding other IRS scams apply here. First, note that the IRS will never initiate contact with you via email. Nor will they send you emails about your tax refund or any other sensitive information.
In the past, the IRS has reported that phishing emails often send their victims to lookalike IRS sites that can appear quite convincing. There, victims either receive a prompt to enter their personal and financial information or to download a file that’s laden with malware. Other emails may include attachments, which may be loaded with malware as well.
Delete any such emails you receive. And if you have any concerns, contact your tax professional or the IRS directly. Also, the IRS asks people who receive scam emails to notify them at phishing@irs.gov. This helps the IRS track and prosecute scammers.
Imagine filing your return only to find out it’s already been filed.
A far more serious form of tax-related crime is identity theft, where a scammer uses the victim’s personal information and Social Security number to file a return in the victim’s name—and claim the refund. One particularly painful aspect of identity theft and taxes is that victims often find out only after it occurs or when it’s well underway. For example:
Other signs are related to employment, such as getting assigned an Employer Identification Number even though you didn’t request one, discovering that the IRS shows you received income from an employer you didn’t work for, or finding out that someone has claimed unemployment benefits in your name. Once again, both are signs of full-on identity theft where someone has assumed your identity.
The IRS states that you should always respond to any IRS notice, particularly if you believe it is in error. If you’ve already contacted the IRS about an identity theft issue, you can reach them at 800-908-4490 for further assistance.
Understand that if this form of identity theft occurs to you, it’s highly likely that the scammer has your Social Security number. Report that right away at https://www.ssa.gov/number-card/report-stolen-number if you think your number is being used by someone else.
Your Social Security number ranks at the very top of your most valuable personal information. It unlocks everything from driver’s licenses, photo identification, employment, insurance claims, and of course taxes. Act immediately if you think it’s been compromised.
One way to protect yourself from an identity thief from claiming a return in your name is to file yours before they do. As mentioned, many victims of identity theft find out they’ve been scammed when they receive an IRS notification that their tax claim has already been filed. Simply put, file early.
Another way you can help prevent someone from filing a return in your name is to request a six-digit Identity Protection PIN (IP PIN). Once you receive am IP PIN, the IRS will use it to verify your identity when you file by paper or electronically. It’s good for one calendar year, and you can generate a new one each year for your account. You can request an IP PIN at: https://www.irs.gov/identity-theft-fraud-scams/get-an-identity-protection-pin.
Also, be aware that scammers want your IP PIN as well. Phone calls, emails, or texts asking for it are scams. Outside of including it when filing your return, the IRS will never ask for it. If you are working with a tax professional, only provide it when it comes time to file.
Keeping tabs on your credit report and knowing if your personal information has been compromised in some way can help prevent tax fraud. Together, they can let you know if someone has stolen your identity or if you have personal info on the dark web that could lead to identity theft.
Our credit monitoring service can keep an eye on changes to your credit score, report, and accounts with timely notifications and guidance so you can take action to tackle identity theft.
Our identity monitoring service checks the dark web for your personal info, including email, government IDs, credit card and bank account info, and more—then provides alerts if your data is found on the dark web, an average of 10 months ahead of similar services.
If you fall victim to identity theft, having identity theft protection in place can provide significant relief, both financially and in terms of recovery. Our identity theft coverage & restoration support includes $1 million in funds if it’s determined that you’re a victim, which covers lawyer’s fees, travel expenses, and stolen funds reimbursement—while licensed recovery experts can help you repair your credit and identity. Considering the potential costs in both time and money, identity theft protection can speed and ease recovery.
How’d that scammer get your phone number or email address anyway? Chances are, they pulled that information off a data broker site. Data brokers buy, collect, and sell detailed personal information, which they compile from several public and private sources, such as local, state, and federal records, plus third parties like supermarket shopper’s cards and mobile apps that share and sell user data. Moreover, they’ll sell it to anyone who pays for it, including people who’ll use that information for scams.
You can help reduce those scam texts and calls by removing your information from those sites. Our Personal Data Cleanup scans some of the riskiest data broker sites and shows you which ones are selling your personal info. We also provide guidance on how you can remove your data from those sites and, with select plans, even manage the removal for you—while continuing to scan those sites in case your information reappears.
Comprehensive online protection software can help you on a number of counts. It warns you of suspicious links in emails and texts that could send you to malicious sites. It can further protect you from ransomware attacks, which IRS has also listed amongst its Dirty Dozen. And you can use it to monitor all your transactions across all your financial accounts in one place, which can spot any questionable activity. In all, tax time or otherwise, online protection software is always a strong security move.
A little stress and uncertainty can enter the picture during tax season, and scammers know it. In fact, they prey upon it. They concoct their scams around those feelings, hoping that you’ll take the bait and act quickly without taking the time to scrutinize what they’re saying and what they’re really asking you to do.
Keeping up to date on what the latest scams are, having a good sense of which ones get recycled every year, and putting protections in place can help you avoid getting stung by a scam during tax season.
For yet more information, visit the IRS Tax Scam and Consumer Alert site at: https://www.irs.gov/newsroom/tax-scams-consumer-alerts
The post How to Protect Yourself Against Tax Scams appeared first on McAfee Blog.
How fraudsters groom their marks and move in for the kill using tricks from the playbooks of romance and investment scammers
The post Pig butchering scams: The anatomy of a fast‑growing threat appeared first on WeLiveSecurity
How cybercriminals can exploit Silicon Valley Bank's downfall for their own ends – and at your expense
The post SVB’s collapse is a scammer’s dream: Don’t get caught out appeared first on WeLiveSecurity
Here’s how to know you have fallen victim to a scam – and what to do in order to undo or mitigate the damage.
The post 5 signs you’ve fallen for a scam – and what to do next appeared first on WeLiveSecurity
Here's a roundup of some of the most common tricks that fraudsters use to dupe their victims on WhatsApp – and what you can do to protect yourself against them.
The post Common WhatsApp scams and how to avoid them appeared first on WeLiveSecurity
Smartphones put the proverbial world in the palm of your hand—you pay with it, play with it, keep in touch with it, and even run parts of your home with it. No wonder hackers and scammers have made smartphones a target. A prime one.
Each year, our Consumer Mobile Threat Report uncovers trends in mobile threats, which detail tricks that hackers and scammers have turned to, along with ways you can protect yourself from them. For 2023, the big trend is apps. Malicious apps, more specifically.
Malicious apps often masquerade as games, office utilities, and communication tools. Yet now with the advent of a ChatGPT AI chatbot and the DALL-E 2 AI image generator, yet more AI-related malicious apps have cropped up to cash in on the buzz.
And money is what it’s all about. Hackers and scammers generally want your money, or they want your data and personal info that they can turn into money. Creating fraudulent ads, stealing user credentials, or skimming personal information are some of the most common swindles that these apps try. Much of this can happen in the background, often without victims knowing it.
How do these apps end up on people’s phones? Sometimes they’re downloaded from third-party app stores, which may not have a rigorous review process in place to spot malicious apps—or the third-party store may be a front for distributing malware-laden apps.
They also find their way into legitimate app stores, like Apple’s App Store and Google Play. While these stores indeed have review processes in place to weed out malicious apps, hackers and scammers have found workarounds. Sometimes they upload an app that’s initially clean and then push the malware to users as part of an update. Other times, they embed the malicious code so that it only triggers once it’s run in certain countries. They will also encrypt bad code in the app that they submit, which can make it difficult for stores to sniff out.
In all, our report cites several primary ways how hackers and scammers are turning to apps today:
For starters, stick with legitimate apps stores like Google Play and Apple’s App Store, which have measures in place to review and vet apps to help ensure that they are safe and secure. And for the malicious apps that sneak past these processes, Google and Apple are quick to remove malicious apps once discovered, making their stores that much safer.
As with so many attacks, hackers rely on people clicking links or tapping “download” without a second thought. Before you download, take time to do some quick research. That may uncover some signs that the app is malicious. Check out the developer—have they published several other apps with many downloads and good reviews? A legit app typically has quite a few reviews, whereas malicious apps may have only a handful of (phony) five-star reviews. Lastly, look for typos and poor grammar in both the app description and screenshots. They could be a sign that a hacker slapped the app together and quickly deployed it.
Yet better than combing through user reviews yourself is getting a recommendation from a trusted source, like a well-known publication or from app store editors themselves. In this case, much of the vetting work has been done for you by an established reviewer. A quick online search like “best fitness apps” or “best apps for travelers” should turn up articles from legitimate sites that can suggest good options and describe them in detail before you download.
Another way hackers weasel their way into your device is by getting permissions to access things like your location, contacts, and photos—and they’ll use sketchy apps to do it. So, check and see what permissions the app is requesting. If it’s asking for way more than you bargained for, like a simple game wanting access to your camera or microphone, it may be a scam. Delete the app and find a legitimate one that doesn’t ask for invasive permissions like that. If you’re curious about permissions for apps that are already on your phone, iPhone users can learn how to allow or revoke app permission here, and Android can do the same here.
With all that we do on our phones, it’s important to get security software installed on them, just like we install it on our computers and laptops. Whether you go with comprehensive online protection software that secures all your devices or pick up an app in Google Play or Apple’s App Store, you’ll have malware, web, and device security that’ll help you stay safe on your phone.
Together with installing security software, keeping your phone’s operating system up to date can help to keep you protected from most malware. Updates can fix vulnerabilities that hackers rely on to pull off their malware-based attacks—it’s another tried and true method of keeping yourself safe and your phone running great too.
Who can you trust? As for scammers who use legitimate communications apps to lure in their victims, McAfee’s Mobile Research team recommends the following:
The complete report uncovers yet more mobile trends, such as the top mobile malware groups McAfee identified in 2022, predictions for the year ahead, ways you can keep your children safer on their phones, and ways you can keep yourself safer when you use your phone for yourself and for work.
The full report is free, and you can download it here.
The post McAfee 2023 Consumer Mobile Threat Report appeared first on McAfee Blog.
It all feels so harmless. Who isn’t even alittle curious which celebrity is their look-a-like or what ’80s song best matches their personality? While some of these fun little quizzes and facial recognition-type games that pop up on social media are advertiser-generated and harmless, others have been carefully designed to steal your data.
According to the Better Business Bureau (BBB) consumers need to beware with the IQ tests, quizzes that require you to trade information. Depending on the goal of the scam, one click could result in a new slew of email or text spam, malicious data mining, or even a monthly charge on your phone bill.
Besides the spammy quizzes, scammers also use click bait, that are headlines designed to get your click and your data. Such headlines often promise juicy info on celebrities and may even legitimate human interest stories that claim, “and you won’t believe what happened next.” While some of those headlines are authored by reputable companies simply trying to sell products and compete for clicks, others are data traps that chip away at your privacy.
The best defense against click bait is knowledge. Similar to the plague of fake news circulating online, click bait is getting more sophisticated and deceptive in appearance, which means that users must be even more sophisticated in understanding how to sidestep these digital traps.
Our digital landscape is peppered with fake news and click bait, which makes it difficult to build trust with individuals and brands who have legitimate messages and products to share. As you become savvy to the kinds of data scams, your discernment and ability to hold onto your clicks will become second nature. Continue to have fun, learn, connect, but guard your heart with every click. Be sure to keep yor devices protected while you do!
The post Are You Getting Caught by Click Bait? appeared first on McAfee Blog.
Don’t be their next victim – here’s a handy round-up of some the most common signs that should set your alarm bells ringing
The post 10 signs that scammers have you in their sights appeared first on WeLiveSecurity
Scammers now have new tools to lure people who are looking for love online, by reeling in potential victims with artificial intelligence (AI). Thanks to the aid of popular AI tools like ChatGPT, scammers can potentially generate anything from seemingly innocent intro chats to full-blown love letters in seconds, all ready to dupe their victims on demand.
Tactics like these are typical of “catfishing” in dating and romance scams, where the scammer creates a phony online persona and uses it to lure their victim into a relationship for financial gain. Think of it as a bait-and-hook approach, where the promise of love is the bait, and theft is the hook.
And as explained above, baiting that hook just got far easier with AI.
Sound farfetched? After all, who would fall for such a thing? It turns out that a sophisticated AI chatbot can sound an awful lot like a real person seeking romance. In our latest “Modern Love” research report, we presented a little love letter to more than 5,000 people worldwide and asked them if it was written by a person or by AI:
My dearest,
The moment I laid eyes on you, I knew that my heart would forever be yours. Your beauty, both inside and out, is unmatched and your kind and loving spirit only adds to my admiration for you.
You are my heart, my soul, my everything. I cannot imagine a life without you, and I will do everything in my power to make you happy. I love you now and forever.
Forever yours …
One-third of the people (33%) thought that a person wrote this letter, 31% said an AI wrote it, and 36% said they couldn’t tell one way or another.
What did you think? If you said that a person wrote the letter, you got hoodwinked. An AI wrote it.
The implications are concerning. Put plainly, scammers can turn on the charm practically at will with AI, generating high volumes of romance-laden content for potentially high volumes of victims. And as our research indicates, plenty of people are ready to soak it up.
Worldwide, we found:
Chatting with a stranger is one thing. Yet how often did it lead to a request for money or other personal information? More than half the time.
Scammers love a good story, one that’s intriguing enough to be believable, such as holding a somewhat exotic job outside of the country. Common tales include drilling on an offshore oil rig, working as a doctor for an international relief organization, or typically some sort of job that prevents them from meeting up in person.
Luckily, this is where many people start to catch on. In our research, people said they found out they were being catfished when:
Of course, the true telltale sign of an online dating or romance scam is when the scammer asks for money. The scammer includes a little story with that request too, usually revolving around some sort of hardship. They may say they need to pay for travel or medical expenses, a visa or other travel documents, or even customs fees to retrieve an item that they say is stuck in the mail. There’s always some kind of twist or intriguing complication that seems just reasonable enough such that the victim falls for it.
Scammers will often favor payment via wire transfers, gift cards, and reloadable debit cards, because they’re like cash in many regards—once you fork over that money, it’s as good as gone. These forms of payment offer few protections in the event of scam, theft, or loss, unlike a credit card charge that you can contest or cancel with the credit card company. Unsurprisingly, scammers have also added cryptocurrency to that list because it’s notoriously difficult to trace and recover.
In all, a romance scammer will typically look for the easiest payment method that’s the most difficult to contest, reimburse, or trace back to the recipient. Requests for money, particularly in these forms, should raise a major red flag.
What makes online dating and romance scams so malicious, and so difficult to sniff out, is that scammers prey on people’s emotions. This is love we’re talking about, after all. People may not always think or act clearly to the extent that they may wave away their doubts—or even defend the scammer when friends or family confront them on the relationship.
However, an honest look at yourself and the relationship you’re in provides some of the best guidance around when it comes to meeting new people online:
Scammers, although arguably heartless, are still human. They make mistakes. The stories they concoct are just that. Stories. They may jumble their details, get their times and dates all wrong, or simply get caught in an apparent lie. Also, keep in mind that some scammers may be working on several victims at once, which is yet another opportunity for them to get confused and slip up.
In the cases where scammers may use AI tools to pad their conversations, you can look for several other signs. AI still isn’t always the smoothest operator when it comes to language. AI often uses short sentences and reuses the same words, and sometimes it generates a lot of content without saying much at all. What you’re reading may seem to lack a certain … substance.
Scammers are likely to use all kinds of openers. That text you got from an unknown number that says, “Hi, where are you? We’re still meeting for lunch, right?” or that out-of-the-blue friend request on social media are a couple examples. Yet before that, the scammer had to track down your number or profile some way or somehow. Chances are, all they needed to do was a little digging around online.
Be critical of the invitations you receive. Out-and-out strangers could be more than a romance scammer, they could be a fake account designed to gather information on users for purposes of cybercrime, or they can be an account designed to spread false information. There are plenty of them too. In fact, in Q3 of 2022 alone, Facebook took action on 1.5 billion fake accounts. Reject requests from strangers.
How did that scammer get your phone number or contact information in the first place? It could have come from a data broker site. Data brokers are part of a global data economy estimated at $200 billion U.S. dollars a year fueled by thousands of data points on billions of people scraped from public records, social media, third-party sources, and sometimes other data broker sites as well. With info from data broker sites, scammers compile huge lists of potential victims for their spammy texts and calls.
Our Personal Data Cleanup can help remove your info from those sites for you. Personal Data Cleanup scans some of the riskiest data broker sites and shows you which ones are selling your personal info. It also provides guidance on how you can remove your data from those sites and can even manage the removal for you depending on your plan. It also monitors those sites, so if your info gets posted again, you can request its removal again.
Online protection software can protect you from clicking on malicious links that a scammer may send you online, while also steering you clear of other threats like viruses, ransomware, and phishing attacks in general. It can look out for your personal information as well, protecting your privacy by monitoring the dark web for your email, SSN, bank accounts, credit cards, and other info that a scammer or identity thief may put to use. With identity theft a rather commonplace occurrence today, security software is really a must.
Worldwide, we found that 30% of men (and 26% of all adults) said they plan to use artificial intelligence tools to put their feelings into words. Yet, there’s a flipside. We also found that 49% of respondents said they’d be offended if they found out the note they received had been produced by a machine.
So why are people turning to AI? The most popular reason given for using AI as a ghostwriter was that it would make the sender feel more confident (27%), while others cited lack of time (21%) or lack of inspiration (also 21%), while 10% said it would just be quicker and easier and that they didn’t think they’d get found out.
It’s also worth noting that true romance seekers have called upon AI to kick off chats in dating apps, which might take the form of an ice-breaking joke or wistful comment. Likewise, AI-enabled apps have started cropping up in app stores, which can coach you through a conversation based on contextual cues like asking someone out or rescheduling a date. Some can even create AI-generated art on demand to share a feeling through an image.
It may be better than opening a conversation with an otherwise dull “hey,” yet as our research shows, there are risks involved if people lean on it too heavily—and prove to be quite a different person when they start talking on their own.
It’s important to remember that an AI chatbot like ChatGPT is a tool. It’s not inherently good or bad. It’s all in the hands of the user and how they choose to apply it. And in the case of scammers, AI chatbots have the potential to do a lot of harm.
However, you can protect yourself. In fact, you can still spot online dating and romance scams in much the same way as before. They still follow certain rules and share the same signs. If anything, the one thing that has changed is this: reading messages today calls for extra scrutiny. It will take a sharp eye to tell what’s real and what’s fake.
As our research showed, online dating and romance scams begin and end with you. Thinking back to what we learned as children about “stranger danger” goes a long way here. Be suspicious and, better yet, don’t engage. Go about your way. And if you do find yourself chatting with someone who requests money or personal information, end it. Painful as the decision may be, it’s the right decision. No true friend or partner, one you’ve never seen or met, would rightfully ask that of you.
Editor’s Note:
Online dating and romance scams are a crime. If you think that you or someone you know has fallen victim to one, report it to your authorities and appropriate government agencies. In the case of identity theft or loss of personal information, our knowledge base article on identity theft offers suggestions for the specific steps you can take in specific countries, along with helpful links for local authorities that you can turn to for reporting and assistance.
The post Could ChatGPT Cause Heartbreak with Online Dating Scams? appeared first on McAfee Blog.
Swiping right is like a box of Valentine’s Day chocolates: You never know what you’re going to get. You could land with a ghost, a gem, or a fraudster who’s not interested in stealing your heart but your cryptocurrency.
Romance scams have been breaking hearts and emptying bank accounts since the advent of online dating in the 1990s. In 2021 alone, the FTC received 56,000 reports of romance scams and losses totaling $547 million. Compared to just four years earlier, total losses increased by 500%.1
Cryptocurrency romance scams are a relatively new evolution of the scheme. Here’s what you should know and signs that may indicate you’re communicating with a manipulative crypto thief.
A cryptocurrency romance scam is an online scheme where a cybercriminal forges romantic relationships through online platforms to trick people into handing over crypto assets. Conversations may begin on social media platforms or dating apps. After a few days, weeks, or – if the criminal is patient – months of communicating, the scammer uses their manufactured romantic bond to guilt their target into sending cryptocurrency. The criminal will often tug on heartstrings with made-up sad stories to explain what they’ll use the money for. They may ask for a few hundred to thousands of dollars’ worth of crypto. Once they’ve received payment, they may continue the charade of a relationship to attempt to weasel more money, or they may “end the relationship” and disappear to try their luck with someone else.
Artificial intelligence text generators like ChatGPT make juggling multiple love scams at once easier and quicker for scammers. Instead of using their brain to think up “heartfelt” proclamations of love, they can ask an AI program to do the work for them. And AI-written love letters are convincing! In McAfee’s Modern Love Report, 69% of global respondents were unable to tell if a love note was written by a human or a machine.
In crypto romance plots specifically, the criminal will ask for payment in cryptocurrency, such as Bitcoin or Ethereum. In general, you should be skeptical of any person or organization that asks for payment in crypto. Cryptocurrency is famously untraceable, meaning that once it hits someone else’s crypto wallet, there’s no way to get it back or ascertain the real identity of the account holder. Unlike a bank account that a real person with a valid Social Security Number must open, crypto does not have such requirements. The anonymity is what makes crypto the preferred payment type of nefarious characters.
In a 14-month span, cryptocurrency romance scams accounted for $185 million in crypto losses.2 And that figure only accounts for filed reports. It’s possible that some people are still in the swirls of a scam or are too embarrassed to report the crime.
There are three tell-tale signs of an online crypto dating scam. If you encounter any of these scenarios, begin to ask more probing questions. If you’re unsatisfied with the answers or the person you’re communicating with becomes defensive, you may want to consider blocking this person on your device and removing them from your life.
The getting-to-know-you phase of any new relationship is exciting and interesting. Even in this day and age of accelerated courtship and constant communication via texting, social media direct messages, and dating apps, this important phase takes time. If someone you’ve never met in person tells you they love you after just a few conversations, be wary of their compliments. Love-at-first-direct-message isn’t real.
Refusing or constantly postponing in-person meetings is a major red flag. In 39% of catfishing incidents, turning down in-person meetups was the ultimate sign that alerted people to the catfish, according to the Modern Love Report. Catfish – or someone using fake photos and/or backstories to deceive others online – often make all kinds of excuses to avoid showing their face or even talk on the phone. Excuses range from illness, family or work obligations, to the burdensome cost of travel. When two people have a deep connection based on genuine love, they’ll make the necessary compromises to show their real face.
Romance scammers may constantly lament their financial woes and say how they wished money wasn’t a problem. To gain sympathy, they may claim to have a sick family member or pet who needs expensive medical treatment. At this point, the scammer will hope that the target offers to send money, or the scammer may sheepishly request money outright. To keep targets from growing suspicious or resentful, the scammer is often overly thankful and promises to never ask for money again; however, they always do. Never share your crypto wallet private key with anyone, and immediately be on alert if someone you met online and have never met in person asks for payment in crypto.
Everyone who’s ever endured a breakup hates this saying for its maddening simplicity, but its message is true: There are other fish in the sea. Literally billions. Everyone deserves a partner who respects their time and needs. If the person on the other side of the screen is taking more than they’re giving, it’s time to say goodbye.
A partner who will never let you down is McAfee+ Ultimate. This all-in-one device, privacy, and identity protection service lets you live your best online life confidently. In case you ever fall victim to identity theft or you suspect your credit is compromised, you’re protected with credit lock, security freeze, and up to $1 million in identity theft coverage.
So, this Valentine’s Day, slow down and evaluate each new match for the robustness of their messages, not their “photo,” “job,” or “grand future plans.” Be careful in that harsh dating world and never settle for mediocre. The perfect person is out there somewhere!
1Federal Trade Commission, “Reports of romance scams hit record highs in 2021”
2Federal Trade Commission, “Reports show scammers cashing in on crypto craze”
The post 3 Signs You May Be Caught in a Cryptocurrency Romance Scam appeared first on McAfee Blog.
Cybercriminals will always try to cash in on a good thing, and football is no exception. Online scammers are ramping up for the big game with all types of schemes designed to rip you off and steal your personal info—but you have several ways you can beat them at their game.
Like shopping holidays, tax season, and even back-to-school time, scammers take advantage of annual events that get people searching for deals and information online. You can include big games and tournaments in that list too.
Specific to this big game, you can count on several types of scams to rear their heads this time of year—ticket scams, merchandise scams, betting scams, and phony sweepstakes as well. They’re all in the mix, and they’re all avoidable. Here, we’ll break them down.
As of two weeks out, tickets for the big game on the official ticketing website were going for $6,000 or so, and that was for the so-called “cheap seats.” Premium seats in the lower bowl 50-yard line, sold by verified resellers, were listed at $20,000 a pop or higher.
While the game tickets are now 100% mobile, that hasn’t prevented scammers from trying to pass off phony tickets as the real deal. They’ll hawk those counterfeits in plenty of places online, sometimes in sites like your friendly neighborhood Craigslist.
So if you’re in the market for tickets, there are certainly a few things to look out for:
If you plan on enjoying the game closer to home, you may be in the market for some merch—a hat, a jersey, a tee, or maybe some new mugs for entertaining when you host the game at your place. With all the hype around the game, out will come scammers who set up bogus online stores. They’ll advertise items for sale but won’t deliver—leaving you a few dollars lighter and the scammers with your payment information, which they can use on their own for identity fraud.
You can shop safely with a few straightforward steps:
This is a great one to start with. Directly typing in the correct address for reputable online stores and retailers is a prime way to avoid scammers online. In the case of retailers that you don’t know much about, the U.S. Better Business Bureau (BBB) asks shoppers to do their research and make sure that retailer has a good reputation. The BBB makes that easier with a listing of retailers you can search simply by typing in their name.
If you feel like doing extra sleuthing, look up the address of the website and see when it was launched. A visit to the Internet Corporation for Assigned Names and Numbers (ICANN) at ICANN.org gives you the option to search a web address and see when it was launched, along with other information about who registered it. While a recently launched site is not an indicator of a scam site alone, sites with limited track records may give you pause if you want to shop there—particularly if there’s a chance it was just propped up by a scammer.
<h3>Look for the lock icon in your browser when you shop.
Secure websites begin their address with “https,” not just “http.” That extra “s” in stands for “secure,” which means that it uses a secure protocol for transmitting sensitive info like passwords, credit card numbers, and the like over the internet. It often appears as a little padlock icon in the address bar of your browser, so double-check for that. If you don’t see that it’s secure, it’s best to avoid making purchases on that website.
Credit cards are a good way to go. One reason why is the Fair Credit Billing Act, which offers protection against fraudulent charges on credit cards by giving you the right to dispute charges over $50 for goods and services that were never delivered or otherwise billed incorrectly. Your credit card companies may have their own policies that improve upon the Fair Credit Billing Act as well. Debit cards don’t get the same protection under the Act.
Comprehensive online protection software will defend against the latest virus, malware, spyware, and ransomware attacks plus further protect your privacy and identity. In addition to this, it can also provide strong password protection by generating and automatically storing complex passwords to keep your credentials safer from hackers and crooks who may try to force their way into your accounts. And, specific to the scams floating around this time of year, online protection can help prevent you from clicking links to known or suspected malicious sites.
It’s hard to watch sports these days without odds and stat lines popping up onto the screen, along with a fair share of ads that promote online betting. If you’re thinking about making things interesting with some betting, keep a few things in mind:
As it is every year, you’ll see kinds of sweepstakes and giveaways leading up to the game, plenty of them legitimate. Yet as they do, scammers will try and blend in by rolling out their own bogus promotions. Their aim: to part you from your cash or even your personal information.
A quick way to sniff out these scams is to take a close look at the promotion. For example, if it asks you to provide your bank information to send you your prize money, count on it being a scam. Likewise, if the promotion asks you to pay to claim a prize in some form or other, it’s also likely someone’s trying to scam you.
In all, steer clear of promotions that ask something for something in return, particularly if it’s your money or personal information.
As it is of late, all kinds of scams will try to glom onto the big game this year. And some of the best advice for avoiding them is not to give in to the hype. Scammers prey on scarcity, a sense of urgency, and keyed-up emotions in general. Their hope is that these things may make you less critical and more likely to overlook things that would otherwise seem sketchy or too good to be true. Staying focused as you shop, place a wager, or otherwise look to round out your enjoyment of the big game is some of your absolute best defense against scammers right now, and any time.
The post Super Scams – Beat the Online Scammers Who Want to Sack Your Big Game appeared first on McAfee Blog.
“Can I tell a legitimate survey apart from a fake one?” is the single most important question you need to answer for yourself before taking any surveys online
The post Are online surveys legit and safe? Watch out for survey scams appeared first on WeLiveSecurity
Written by James Schmidt
Editor’s Note: We often speak of online scams in our blogs, ones that cost victims hundreds if not thousands of dollars. This account puts a face on one of those scams—along with the personal, financial, and emotional pain that they can leave in their wake. This is the story of “Meredith,” whose aunt “Leslie” fell victim to an emerging form on online elder fraud. Our thanks to James for bringing it forward and to “Meredith’s” family for sharing it, all so others can prevent such scams from happening to them.
“Embarrassing. Simply embarrassing.” She shook her head. “It’s too raw. I can’t talk about it right now. I need time.”
Her aunt had been scammed. To the tune of $100,000 dollars. My colleague—we both work in the security industry—felt a peculiar sense of loss.
“I work in this industry. I thought I’d done everything right. I’ve passed on enough warnings to my family and friends to ensure they’d avoid the fate of the scammed. Simply because I’m in this industry does not imply my circle is always aware of all the threats to them, even if I do my best to teach them.”
“My mental state, recently, borders on shame; this feeling, you know? How could someone working in my industry have something like this happen to a family member?”
I told her many people working in other industries cannot control what happens to people in their families even if people in that industry had knowledge that could have helped them or otherwise avoided a problem altogether.
“I know, but this simply should never have happened! My aunt is one of the smartest, most conscientious people I know, and she fell for this. It’s crazy and I can’t wrap my head around it.”
My colleague, let’s call her Meredith (not her real name as she’s a bit ashamed to know this happened to a family member), told me the beginnings.
Let’s call her aunt Leslie.
Her story unfolds, the overall picture a pastiche of millions of people in the United States today. Her aunt is retired, bored, lonely, and isolated. She feels adrift without something to occupy her time; she was looking for companionship, connections, someone (anyone) to talk to. Her feelings intensified during the pandemic. She morphed into perfect prey for scammers of what is now known as the “Pig Butchering Scam.”
The term “Pig Butchering” has a visceral and raw feel to it, which falls right in line with how brutal this scam can be. It’s a long con game, where the scammer befriends the victim and encourages them to make small investments through the scammer, which get bigger and bigger over time. The scammer builds trust early with what appear to be small investment wins. None of it is legit. The money goes right into the scammer’s pocket, even as the scammer shows the victim phony financial statements and dashboards to show off the bogus returns. Confidence grows. The scammer wrings even larger sums out of the victim. And then disappears.
It was a targeted attack that started innocuously enough with a “fake wrong number”. An SMS arrives. A text conversation starts. The scammer then apologizes but tells Leslie someone gave them the number to initiate the text.
The scammer then uses emotional and psychological techniques to keep Leslie hooked. “How are you, are you having a nice day?” Leslie, being bored and interested, engages willingly.
The scammer asks to talk directly, not via text: and a phone conversation ensues. The scammer proceeds to describe—in very soothing detail—what they are doing, helping people, like Leslie, invest their “hard-earned money” into something that will make them more money, to help them out in retirement.
Of course, it is too good to be true.
“The craziest part of all of this is my aunt refuses—to this day—to believe she’s been scammed!”
She still thinks this scammer is a “friend” even though the entire family is up in arms over this, all of whom beg her aunt to “open her eyes.”
“My aunt still thinks she’d going to see that money again, or even make some money, which is crazy. The scammers are so good at emotional intelligence; really leveraging heartstrings and psychological makeup of the forlorn in society. My aunt finally agreed to stop sending more money to the scammers, but only after the entire family threatened to cut her off from the rest of the family. It took a lot to get her to stop trusting the scammers.”
Meredith feels this is doubly sad as the aunt in question is not someone they’d ever imagine would in this predicament. She was always the upright one, always the diligent and hardworking and the best with money. She is smart and savvy and we could never imagine her to be taken by these people and taken so easily. It boggles the mind.”
She did start to change in the last few years. And the pandemic created a weird situation. Retirement, loneliness from loss of a partner, and the added burden of the pandemic created a perfect storm for her to open herself up to someone willingly, simply for the sake of connection.
“No one deserves this. It has rocked my family to the core. It is not only about the money, but we’ve found family bonds stretched. She believes these random people, these scammers, more than she believes her own family. Have we been neglectful of our aunt? Does she no longer put her faith in people she knows, rather gives money to complete strangers?”
Being a security professional does not provide magical protection. We are more aware of scams and scammers, and how they work, and what to look for, and we try to do all we can to keep our family aware of scams out there in the big wide world, but we are human. We fall short.
Diligence is action. Awareness is action. Education is action.
We need to be better, all of us, at socializing risky things. We need to consistently educate our family and friends to protect themselves, not only via security software (which everyone should have as default) but by providing tips and tricks and warnings for things we all need to be on the lookout. This is not a one-time thing. The cliché holds true: “If you see something say something.” Repetition helps.
In today’s world, the need for protecting people’s security, identity, and privacy is critical to keeping them safe. Scammers long stopped focusing on attacking only your computer. Now focus more than ever on YOU: your identity, your privacy, your trust. If they get you there, they soon get your money.
As for contributing factors to scammers success with their victims, such as loneliness, isolation, and boredom, they all have remedies. Make connections with your loved ones, especially those easily tagged as vulnerable, those you feel might be at risk. Reach out. It may be hard sometimes due to distance and other factors but make it a point to connect. There is a reason these scammers are succeeding. They are stepping into roles of companions to people who are desperate for connection.
Most people are greatly saddened at seeing other people being “taken.” Let’s work together to help stop the scammers.
Look out for each other, and get your people protected!
Editor’s Closing Note:
If you or someone you know suspects elder fraud, the following resources can help:
For further reading on scams and scam prevention, check out the guides in our McAfee Safety Series, which provide in-depth advice on protecting your identity and privacy—and your family from scams. They’re ready to download and share.
The post A Scam in the Family—How a Close Relative Lost $100,000 to an Elder Scam appeared first on McAfee Blog.
ChatGPT: Everyone’s favorite chatbot/writer’s-block buster/ridiculous short story creator is skyrocketing in fame. 1 In fact, the AI-generated content “masterpieces” (by AI standards) are impressing technologists the world over. While the tech still has a few kinks that need ironing, ChatGPT is almost capable of rivaling human, professional writers.
However, as with most good things, bad actors are using technology for their own gains. Cybercriminals are exploring the various uses of the AI chatbot to trick people into giving up their privacy and money. Here are a few of the latest unsavory uses of AI text generators and how you can protect yourself—and your devices—from harm.
Besides students and time-strapped employees using ChatGPT to finish writing assignments for them, scammers and cybercriminals are using the program for their own dishonest assignments. Here are a few of the nefarious AI text generator uses:
The best way to avoid being fooled by AI-generated text is by being on high alert and scrutinizing any texts, emails, or direct messages you receive from strangers. There are a few tell-tale signs of an AI-written message. For example, AI often uses short sentences and reuses the same words. Additionally, AI may create content that says a lot without saying much at all. Because AI can’t form opinions, their messages may sound substance-less. In the case of romance scams, if the person you’re communicating with refuses to meet in person or chat over video, consider cutting ties.
To improve your peace of mind, McAfee+ Ultimate allows you to live your best and most confident life online. In case you ever do fall victim to an identity theft scam or your device downloads malware, McAfee will help you resolve and recover from the incident. In addition, McAfee’s proactive protection services – such as three-bureau credit monitoring, unlimited antivirus, and web protection – can help you avoid the headache altogether!
1Poc Network, “I asked AI (ChatGPT) to write me a rather off short story and the result was amazing”
2CyberArk, “Chatting Our Way Into Creating a Polymorphic Malware”
The post ChatGPT: A Scammer’s Newest Tool appeared first on McAfee Blog.
Hello, is it me you’re looking for? Fraudsters still want to help you 'fix' a computer problem you never had in the first place.
The post Tech support scammers are still at it: Here’s what to look out for in 2023 appeared first on WeLiveSecurity
FreshRSS 