Login
According to Pew, three-in-ten U.S. adults say they have used a dating site or app. That number climbs to 53% for people under the age of 30. More and more people are turning to digital platforms to find love and companionship or simply to expand their social circles. However, as the popularity of online dating grows, so do the potential risks associated with it. From privacy concerns to identity theft, the digital dating world can be fraught with peril if you’re not careful. But fear not, by following a few simple guidelines, you can navigate the online dating scene safely and securely.
This article is for you or anyone you know who may be hopping onto an online dating app like Match, Bumble, Plenty of Fish, eHarmony, Tinder, or OkCupid. Think of it as an advice column of a different sort, where we talk about dating in light of your online privacy and safety.
For starters, we have a couple of previous blogs that offer sound advice about online dating. The first covers ways you can protect your privacy when you’re using online dating apps, which starts with picking a dating app that has a good reputation. The second rounds out the topic with further online dating advice for adults and teens alike. Give them a look!
It starts with basic hygiene. Digital hygiene, that is. Before you dive into a dating app, ensure that your device (and all your connected devices while you’re at it) has a comprehensive security solution in place. As you surf, chat, and meet up online, you’ll want to know that you’re protected against malware, viruses, phishing attacks, sketchy links, and so forth. Other features will come in handy (and be necessary as well), like ones that help you manage your passwords, protect your identity, safeguard your privacy, and more—all of which we’ll talk about in a bit.
Picking the right app is like picking the right date. From a security standpoint, these apps are the keepers of highly personal information about you, so you’ll want to know how they handle data, what privacy protections are in place, what information they gather when you first sign up, and what they continue to gather as you use the app. Do your research. Read up on their privacy policies. See what other people have to say about their experiences. And get a sense of what the app is all about. What’s its approach to dating? What kind of relationships are they focusing on? Make sure all of it feels right to you.
Only give the app the information that’s absolutely necessary to sign up. Dating apps ask questions so that they can help you find an ideal match, yet only share what you feel comfortable sharing. This is true from a personal standpoint, but it’s true from a security standpoint too. Anything you share along those lines could be at risk of a hack or a breach, the likes of which were reported by Wired and Forbes last year. If your info is compromised, it could lead to anywhere from identity theft to harassment, so when you use a dating app, keep the sharing to a minimum—and keep your eyes peeled for any suspicious activity across your social media, online accounts, and even your finances.
Another password to remember! That’s just what you need, right? Right! It absolutely is, and a strong one is vital. You can create one and manage all of your passwords with McAfee+’s password manager. It’ll encrypt your passwords and use multi-factor authentication, which offers even further protection from hacks and attacks on your account.
You can help keep your chats more private, and just about anything else you’re doing online, by using a VPN (virtual private network). For example, our VPN uses bank-level encryption to keep your personal data and activities private from hackers. And it’ll hide other information associated with your dating account while you’re online, like personal details, credit card numbers, and so forth. Given the security risks we’ve talked about so far, you’ll want to look into a VPN.
If you’re not using a VPN on your device, don’t use your dating app on public Wi-Fi. The issue is this: plenty of public Wi-Fi hotspots aren’t secure. Someone else on the network could easily intercept the information you send over it, including your passwords, any photos you share, and any chats you have. In other words, using public Wi-Fi without protection is like opening a door that leads right to you and your most personal data. This applies to everything on public Wi-Fi, not just dating apps. If you use public Wi-Fi at all, you really should use a VPN.
In the ever-evolving landscape of online dating, safeguarding your privacy and security is paramount. By implementing strategies such as using strong passwords, employing a reliable VPN, and exercising caution on public Wi-Fi, you can navigate the digital dating sphere with confidence. Remember, your safety and privacy are non-negotiable priorities in the pursuit of love and companionship online.
The post How to Safely Date Online appeared first on McAfee Blog.
For years now, the popularity of online dating has been on the rise—and so have the number of online romance scams that leave people with broken hearts and empty wallets.
In a recent CBS News story, one Texan woman was scammed out of $3,200 by a scammer claiming to be a German Cardiologist. After months of exchanging messages and claiming to be in love with her, he said that he’d been robbed while on a business trip in Nigeria and needed her help.
According to the U.S. Federal Trade Commission (FTC), the reported cost of online romance scams was $1.14 billion in 2023.
Dating and romance scams aren’t limited to online dating apps and sites, they’ll happen on social media and in online games as well. However, the FTC reports that the scam usually starts the same way, typically through an unexpected friend request or a message that comes out of the blue.
With the phony relationship established, the scammer starts asking for money. The FTC reports that they’ll ask for money for several bogus reasons, usually revolving around some sort of hardship where they need a “little help” so that they can pay:
The list goes on, yet that’s the general gist. Scammers often employ a story with an intriguing complication that seems just reasonable enough, one where the romance scammer makes it sound like they could really use the victim’s financial help.
People who have filed fraud reports say they’ve paid their scammer in a few typical ways.
One is by wiring money, often through a wire transfer company. The benefit of this route, for the scammer anyway, is that this is as good as forking over cash. Once it’s gone, it’s gone. The victim lacks the protections they have with other payment forms, such as a credit card that allows the holder to cancel or contest a charge.
Another way is through gift cards. Scammers of all stripes, not just romance scammers, like these because they effectively work like cash, whether it’s a gift card for a major online retailer or a chain of brick-and-mortar stores. Like a wire transfer, once that gift card is handed over, the money on it is highly difficult to recover, if at all.
One more common payment is through reloadable debit cards. A scammer may make an initial request for such a card and then make several follow-on requests to load it up again.
In all, a romance scammer will typically look for the easiest payment method that’s the most difficult to contest or reimburse, leaving the victim in a financial lurch once the scam ends.
When it comes to meeting new people online, the FTC suggests the following:
Scammers, although arguably heartless, are still human. They make mistakes. The stories they concoct are just that. Stories. They may jumble their details, get their times and dates all wrong, or simply get caught in an apparent lie. Also, keep in mind that some scammers may be working with several victims at once, which is yet another opportunity for them to get confused and slip up.
As mentioned above, some romance scammers troll social media and reach out through direct messages or friend requests. With that, there are three things you can do to cut down your chances of getting caught up with a scammer:
Social media platforms like Facebook, Instagram, and others give you the option of making your profile and posts visible to friends only. Choosing this setting keeps the broader internet from seeing what you’re doing, saying, and posting, which can help protect your privacy and give a romance scammer less information to exploit.
Be critical of the invitations you receive. Out-and-out strangers could be more than a romance scammer, they could be a fake account designed to gather information on users for purposes of cybercrime, or they can be an account designed to spread false information. There are plenty of them too. In fact, in Q4 of 2023 alone, Facebook took action on 693 million fake accounts. Reject such requests.
Online protection software like ours can help you spot fakes and scams. Features like McAfee Scam Protection use advanced AI to detect scam links in texts, email, and social media messages before you click. Our Personal Data Cleanup can keep you safer still by removing your personal info from sketchy data broker sites — places where scammers go to harvest useful info on their victims. And if the unfortunate happens, we offer $2 million in identity theft coverage and identity restoration support.
If you suspect that you’re being scammed, put an end to the relationship and report it, as difficult as that may feel.
Notify the FTC at ReportFraud.ftc.gov for support and next steps to help you recover financially as much as possible. Likewise, notify the social media site, app, or service where the scam occurred as well. In some cases, you may want to file a police report, which we cover in our broader article on identity theft and fraud.
If you sent funds via a gift card, the FTC suggests filing a claim with the company as soon as possible. They offer further advice on filing a claim here, along with a list of contact numbers for gift card brands that scammers commonly use.
Lastly, go easy on yourself. If you find yourself a victim of online dating or romance fraud, know that you won’t be the first or last person to be taken advantage of this way. By reporting your case, you in fact may help others from falling victim too.
The post How to Spot Dating Scams appeared first on McAfee Blog.
It’s that time of year again – tax season! Whether you’ve already filed in the hopes of an early refund or have yet to start the process, one thing is for sure: cybercriminals will certainly use tax season as a means to get victims to give up their personal and financial information. This time of year is advantageous for malicious actors since the IRS and tax preparers are some of the few people who actually need your personal data. As a result, consumers are targeted with various scams impersonating trusted sources like the IRS or DIY tax software companies. Fortunately, every year the IRS outlines the most prevalent tax scams, such as voice phishing, email phishing, and fake tax software scams. Let’s explore the details of these threats.
So, how do cybercriminals use voice phishing to impersonate the IRS? Voice phishing, a form of criminal phone fraud, uses social engineering tactics to gain access to victims’ personal and financial information. For tax scams, criminals will make unsolicited calls posing as the IRS and leave voicemails requesting an immediate callback. The crooks will then demand that the victim pay a phony tax bill in the form of a wire transfer, prepaid debit card or gift card. In one case outlined by Forbes, victims received emails in their inbox that allegedly contained voicemails from the IRS. The emails didn’t actually contain any voicemails but instead directed victims to a suspicious SharePoint URL. Last year, a number of SharePoint phishing scams occurred as an attempt to steal Office 365 credentials, so it’s not surprising that cybercriminals are using this technique to access taxpayers’ personal data now as well.
In addition to voice phishing schemes, malicious actors are also using email to try and get consumers to give up their personal and financial information. This year alone, almost 400 IRS phishing URLs have been reported. In a typical email phishing scheme, scammers try to obtain personal tax information like usernames and passwords by using spoofed email addresses and stolen logos. In many cases, the emails contain suspicious hyperlinks that redirect users to a fake site or PDF attachments that may download malware or viruses. If a victim clicks on these malicious links or attachments, they can seriously endanger their tax data by giving identity thieves the opportunity to steal their refund. What’s more, cybercriminals are also using subject lines like “IRS Important Notice” and “IRS Taxpayer Notice” and demanding payment or threatening to seize the victim’s tax refund.
Cybercriminals are even going so far as to impersonate trusted brands like TurboTax for their scams. In this case, DIY tax preparers who search for TurboTax software on Google are shown ads for pirated versions of TurboTax. The victims will pay a fee for the software via PayPal, only to have their computer infected with malware after downloading the software. You may be wondering, how do victims happen upon this malicious software through a simple Google search? Unfortunately, scammers have been paying to have their spoofed sites show up in search results, increasing the chances that an innocent taxpayer will fall victim to their scheme.
Money is a prime motivator for many consumers, and malicious actors are fully prepared to exploit this. Many people are concerned about how much they might owe or are predicting how much they’ll get back on their tax refund, and scammers play to both of these emotions. So, as hundreds of taxpayers are waiting for a potential tax return, it’s important that they navigate tax season wisely. Check out the following tips to avoid being spoofed by cybercriminals and identity thieves:
File before cybercriminals do it for you. The easiest defense you can take against tax season schemes is to get your hands on your W-2 and file as soon as possible. The more prompt you are to file, the less likely your data will be raked in by a cybercriminal.
Keep an eye on your credit and your identity. Keeping tabs on your credit report and knowing if your personal information has been compromised in some way can help prevent tax fraud. Together, they can let you know if someone has stolen your identity or if you have personal info on the dark web that could lead to identity theft.
Watch out for spoofed websites. Scammers have extremely sophisticated tools that help disguise phony web addresses for DIY tax software, such as stolen company logos and site designs. To avoid falling for this, go directly to the source. Type the address of a website directly into the address bar of your browser instead of following a link from an email or internet search. If you receive any suspicious links in your email, investigating the domain is usually a good way to tell if the source is legitimate or not.
Protect yourself from scam messages. Scammers also send links to scam sites via texts, social media messages, and email. McAfee Scam Protection can help you spot if the message you got is a fake. It uses AI technology that automatically detects links to scam URLs. If you accidentally click, don’t worry, it can block risky sites if you do.
Clean up your personal info online. Crooks and scammers have to find you before they can contact you. After all, they need to get your phone number or email from somewhere. Sometimes, that’s from “people finder” and online data brokers that gather and sell personal info to any buyer. Including crooks. McAfee Personal Data Cleanup can remove your personal info from the data broker sites scammers use to contact their victims.
Consider an identity theft protection solution. If for some reason your personal data does become compromised, be sure to use an identity theft solution such as McAfee Identity Theft Protection, which allows users to take a proactive approach to protect their identities with personal and financial monitoring and recovery tools to help keep their identities personal and secured.
The post How to Steer Clear of Tax Season Scams appeared first on McAfee Blog.
Before you take the fun-looking quiz that popped up in your social media feed, think twice. The person holding the answers may be a hacker.
Where people go, hackers are sure to follow. So it’s no surprise hackers have set up shop on social media. This has been the case for years, yet now social media-based crime is on the rise. Since 2021, total reported losses to this type of fraud reached $2.7 billion.
Among these losses are cases of identity theft, where criminals use social media to gather personal information and build profiles of potential victims they can target. Just as we discussed in our recent blog, “Can thieves steal identities with only a name and address?” these bits of information are important pieces in the larger jigsaw puzzle that is your overall identity.
Let’s uncover these scams these crooks use so that you can steer clear and stay safe.
“What’s your spooky Halloween name?” or “What’s your professional wrestler name?” You’ve probably seen a few of those and similar quizzes in your feed where you use the street you grew up on, your birthdate, your favorite song, and maybe the name of a beloved first pet to cook up a silly name or some other result. Of course, these are pieces of personal information, sometimes the answer to commonly used security questions by banks and other financial institutions. (Like, what was the model of your first car?) With this info in hand, a hacker could attempt to gain access to your accounts.
Similarly, scammers will also post surveys with the offer of a gift card to a popular retailer. All you have to do is fork over your personal info. Of course, there’s no gift card coming. Meanwhile, that scammer now has some choice pieces of personal info that they can potentially use against you.
How to avoid them: Simply put, don’t take those quizzes and surveys online.
The list here is long. These include posts and direct messages about phony relief funds, grants, and giveaways—along with bogus business opportunities that run the gamut from thinly veiled pyramid schemes and gifting circles to mystery shopper jobs. What they all have in common is that they’re run by scammers who want your information, money, or both. If this sounds familiar, like those old emails about transferring funds for a prince in some faraway nation, it is. Many of these scams simply made the jump from email to social media platforms.
How to avoid them: Research any offer, business opportunity, or organization that reaches out to you. A good trick is to do a search of the organization’s name plus the term “scam” or “review” or “complaint” to see if anything sketchy comes up.
If there’s one government official that scammers like to use to scare you, it’s the tax collector. These scammers will use social media messaging (and other mediums like emails, texts, and phone calls) to pose as an official who’s either demanding back taxes or offering a refund or credit—all of which are bogus and all of which involve you handing over your personal info, money, or both.
How to avoid them: Delete the message. In the U.S., the IRS and other government agencies will never reach out to you in this way or ask you for your personal information. Likewise, they won’t demand payment via wire transfer, gift cards, or cryptocurrency like Bitcoin. Only scammers will.
These are far more targeted than the scams listed above because they’re targeted and often rely upon specific information about you and your family. Thanks to social media, scammers can gain access to that info and use it against you. One example is the “grandkid scam” where a hacker impersonates a grandchild and asks a grandparent for money. Similarly, there are family emergency scams where a bad actor sends a message that a family member was in an accident or arrested and needs money quickly. In all, they rely on a phony story that often involves someone close to you who’s in need or trouble.
How to avoid them: Take a deep breath and confirm the situation. Reach out to the person in question or another friend or family member to see if there really is a concern. Don’t jump to pay right away.
This is one of the most targeted attacks of all—the con artist who strikes up an online relationship to bilk a victim out of money. Found everywhere from social media sites to dating apps to online forums, this scam involves creating a phony profile and a phony story to go with it. From there, the scammer will communicate several times a day, perhaps talking about their exotic job in some exotic location. They’ll build trust along the way and eventually ask the victim to wire money or purchase gift cards.
How to avoid them: Bottom line, if someone you’ve never met in person asks you for money online, it’s a good bet that it’s a scam. Don’t do it.
Now with an idea of what the bad actors are up to out there, here’s a quick rundown of things you can do to protect yourself further from the social media scams they’re trying to pull.
Above and beyond what we’ve covered so far, some online protection basics can keep you safer still. Comprehensive online protection software will help you create strong, unique passwords for all your accounts, help you keep from clicking links to malicious sites, and prevent you from downloading malware. Moreover, it can provide you with identity protection services like ours, which keep your personal info private with around-the-clock monitoring of your email addresses and bank accounts with up to $1M of ID theft insurance.
Together, with some good protection and a sharp eye, you can avoid those identity theft scams floating around on social media—and get back to enjoying time spent online with your true family and friends.
The post Quizzes and Other Identity Theft Schemes to Avoid on Social Media appeared first on McAfee Blog.
Elder scams cost seniors in the U.S. some $3 billion annually. And tax season adds a healthy sum to that appalling figure.
What makes seniors such a prime target for tax scams? The Federal Bureau of Investigation (FBI) states several factors. For one, elders are typically trusting and polite. Additionally, many own their own home, have some manner of savings, and enjoy the benefits of good credit—all of which make for an ideal victim profile.
Also according to the FBI, elders may be less able or willing to report being scammed because they may not know the exact way in which they were scammed, or they may feel a sense of shame over it, or even some combination of the two. Moreover, being scammed may instill fear that family members will lose confidence in their ability to look after their own affairs.
If there’s one thing that we can do for our elders, it’s help them raise their critical hackles so they can spot these scams and stop them in their tracks, particularly around tax time. With that, let’s see how crooks target elders, what those scams look and feel like, along with the things we can do to keep ourselves and our loved ones from getting stung.
The phone rings, and an assertive voice admonishes an elder for non-payment of taxes. The readout on the caller ID shows “Internal Revenue Service” or “IRS,” the person cites an IRS badge number, and the victim is told to pay now via a wire transfer or prepaid gift card. The caller even knows the last four digits of their Social Security Number (SSN). This is a scam.
The caller, and the claim of non-payment, are 100 percent bogus. Even with those last four digits of the SSN attempting to add credibility, it’s still bogus. (Chances are, those last four digits were compromised elsewhere and ended up in the hands of the thieves by way of the black market or dark web so that they could use them in scams just like these.)
Some IRS imposter scams take it a step further. Fraudsters will threaten victims with arrest, deportation, or other legal action, like a lien on funds or the suspension of a driver’s license. They’ll make repeated calls as well, sometimes with additional imposters posing as law enforcement as a means of intimidating elders into payment.
The IRS will never threaten you or someone you know in such a way.
In fact, the IRS will never call you to demand payment. Nor will the IRS ever ask you to wire funds or pay with a gift card or prepaid debit card. And if the IRS claims you do owe funds, you will be notified of your rights as a taxpayer and be given the opportunity to make an appeal. If there’s any question about making payments to the IRS, the IRS has specific guidelines as to how to make a payment properly and safely on their official website.
It’s also helpful to know what the IRS will do in the event you owe taxes. In fact, they have an entire page that spells out how to know it’s really the IRS calling or knocking at your door. It’s a quick read and a worthwhile one at that.
In all, the IRS will contact you by mail or in person. Should you get one of these calls, hang up. Then, report it. I’ll include a list of ways you can file a report at the end of the article.
Whether it’s a disembodied voice generated by a computer or a scripted message that’s been recorded by a person, robocalls provide scammers with another favorite avenue of attack. The approach is often quite like the phone scam outlined above, albeit less personalized because the attack is a canned robocall. However, robocalls allow crooks to cast a much larger net in the hopes of illegally wresting money away from victims. In effect, they can spam hundreds or thousands of people with one message in the hopes of landing a bite.
While perhaps not as personalized as other imposter scams, they can still create that innate sense of unease of being contacted by the IRS and harangue a victim into dialing a phony call center where they are further pressured into paying by wire or with a prepaid card, just like in other imposter scams. As above, your course of action here is to simply hang up and report it.
Here’s another popular attack. An elder gets an unsolicited email from what appears to be the IRS, yet isn’t. The phony email asks them to update or verify their personal or financial information for a payment or refund. The email may also contain an attachment which they are instructed to click and open. Again, all of these are scams.
Going back to what we talked about earlier, that’s not how the IRS will contact you. These are phishing attacks aimed at grifting prized personal and financial information that scammers can use to commit acts of theft or embezzlement. In the case of the attachment, it very well may contain malware that can do further harm to their device, finances, or personal information.
If you receive one of these emails, don’t open it. And certainly don’t open any attachments—which holds true for any unsolicited email you receive with an attachment.
Beyond simply knowing how to spot a possible attack, you can do several things to prevent one from happening in the first place.
First let’s start with some good, old-fashioned physical security. You may also want to look into purchasing a locking mailbox. Mail and porch theft are still prevalent, and it’s not uncommon for thieves to harvest personal and financial information by simply lifting it from your mailbox.
Another cornerstone of physical security is shredding paper correspondence that contains personal or financial information, such as bills, medical documents, bank statements and so forth. I suggest investing a few dollars on an actual paper shredder, which are typically inexpensive if you look for a home model. If you have sensitive paper documents in bulk, such as old tax records that you no longer need to save, consider calling upon a professional service that can drive up to your home and do that high volume of shredding for you.
Likewise, consider the physical security of your digital devices. Make sure you lock your smartphones, tablets, and computers with a PIN or password. Losing a device is a terrible strain enough, let alone knowing that the personal and financial information on them could end up in the hands of a crook. Also see if tracking is available on your device. That way, enabling device tracking can help you locate a lost or stolen item.
There are plenty of things you can do to protect yourself on the digital front too. Step one is installing comprehensive security software on your devices. This will safeguard you in several ways, such as email filters that will protect you from phishing attacks, features that will warn you of sketchy links and downloads, plus further protection for your identity and privacy—in addition to overall protection from viruses, malware, and other cyberattacks.
Additional features in comprehensive security software that can protect you from tax scams include:
And here’s one item that certainly bears mentioning: dispose of your old technology securely. What’s on that old hard drive of yours? That old computer may contain loads of precious personal and financial info on it. Look into the e-waste disposal options in your community. There are services that will dispose of and recycle old technology while doing it in a secure manner so the data and info on your device doesn’t see the light of day again.
As said earlier, don’t let a bad deed go unreported. The IRS offers the following avenues of communication to report scams.
In all, learning to recognize the scams that crooks aim at elders and putting some strong security measures in place can help prevent these crimes from happening to you or a loved one. Take a moment to act. It’s vital, because your personal information has a hefty price tag associated with it—both at tax time and any time.
The post How to Spot, and Prevent, the Tax Scams That Target Elders appeared first on McAfee Blog.
AI scams are becoming increasingly common. With the rise of artificial intelligence and technology, fraudulent activity is becoming more sophisticated and sophisticated. As a result, it is becoming increasingly important for families to be aware of the dangers posed by AI scams and to take steps to protect themselves.
By taking these steps, you can help protect your family from AI scams. Educating yourself and your family about the potential risks of AI scams, monitoring your family’s online activity, using strong passwords, installing anti-virus software, and checking your credit report regularly can help keep your family safe from AI scams.
No one likes to be taken advantage of or scammed. By being aware of the potential risks of AI scams, you protect your family from becoming victims.
In addition, it is important to be aware of emails or texts that appear to be from legitimate sources but are actually attempts to entice you to click on suspicious links or provide personal information. If you receive a suspicious email or text, delete it immediately. If you are unsure, contact the company directly to verify that the message is legitimate. By being aware of potential AI scams keep your family safe from financial loss or identity theft.
You can also take additional steps to protect yourself and your family from AI scams. Consider using two-factor authentication when logging in to websites or apps, and keep all passwords and usernames secure. Be skeptical of unsolicited emails or texts never provide confidential information unless you are sure you know who you are dealing with. Finally, always consider the source and research any unfamiliar company or service before you provide any personal information. By taking these steps, you can help to protect yourself and your family from the dangers posed by AI scams.
monitor your bank accounts and credit reports to ensure that no unauthorized activity is taking place. Set up notifications to alert you of any changes or suspicious activity. Make sure to update your security software to the latest version and be aware of phishing attempts, which could be attempts to gain access to your personal information. If you receive a suspicious email or text, do not click on any links and delete the message immediately.
Finally, stay informed and know the signs of scam. Be your online accounts and look out for any requests for personal information. If something looks suspicious, trust your instincts and don’t provide any information. Report any suspicious activity to the authorities and make sure to spread the word to others from falling victim to AI scams.
This blog post was co-written with artifical intelligence (AI) as a tool to supplement, enhance, and make suggestions. While AI may assist in the creative and editing process, the thoughts, ideas, opinions, and the finished product are entirely human and original to their author. We strive to ensure accuracy and relevance, but please be aware that AI-generated content may not always fully represent the intent or expertise of human-authored material.
The post How to Protect Your Family From AI Scams appeared first on McAfee Blog.
As with any major holiday or special occasion, Valentine’s Day is unfortunately not immune to scammers looking for an opportunity to exploit unsuspecting individuals. Their deceitful acts can break hearts and bank accounts. In this article, we spotlight some common Valentine’s Day scams, offer tips on how to protect yourself and navigate this romantic day with confidence and caution.
Valentine’s Day is a time when love is in the air. It’s a time to express your feelings for that special someone in your life, or perhaps even embark on a new romantic journey. But while you’re busy planning that perfect dinner or choosing the ideal gift, there’s an unromantic side to the day that you should be aware of – the potential for scams.
Scammers, always looking for new ways to trick people into parting with their money, use the heightened emotions of Valentine’s Day to their advantage. They prey on the unwary, the love-struck, and even the lonely – anyone who might let their guard down in the quest for love or the pursuit of the perfect gift. And in our increasingly digital world, these unscrupulous individuals have more ways than ever to reach potential victims.
→ Dig Deeper: AI Goes Dating: McAfee Study Shows 1 in 3 Men Plan to Use Artificial Intelligence to Write Love Letters this Valentine’s Day
Knowledge is power, as the saying goes, and that’s certainly true when it comes to protecting yourself from scams. By understanding the types of scams that are common around Valentine’s Day, you can be better prepared to spot them – and avoid falling victim.
One of the most common Valentine’s Day scams is the romance scam. Scammers, often posing as potential love interests on dating websites or social media, manipulate victims into believing they are in a romantic relationship. Once they have gained their victim’s trust, they ask for money – perhaps to pay for a flight so they can meet in person, or because of a sudden personal crisis. These scams can be emotionally devastating, and they can also result in significant financial loss.
→ Dig Deeper: Fraudulent Adult Dating Services Turn 10 Years Old, Still Evolving
Another popular scam around Valentine’s Day involves online shopping. With many people seeking the perfect gift for their loved ones, scammers set up fake websites that appear to sell everything from jewelry to concert tickets. After making a purchase, the unsuspecting victim either receives a counterfeit product or, in some cases, nothing at all. Additionally, these sites may be designed to steal credit card information or other personal data.
Phishing scams are also common. In these scams, victims receive emails that appear to be from a legitimate company – perhaps a florist or a candy company – asking them to confirm their account information or to click on a link. The goal is to steal sensitive information, such as credit card numbers or login credentials.
While the existence of these scams is unquestionably concerning, the good news is that there are steps you can take to protect yourself. Valentine’s Day should be a celebration of love, not a source of stress and worry.
One of the most important is to be aware that these scams exist and to be cautious when interacting with unfamiliar people or websites. If something seems too good to be true, it probably is.
When shopping online, make sure the website you are using is secure, and consider using a credit card, which offers greater protection against fraud compared to other forms of payment. Be wary of emails from unknown sources, especially those that ask for personal information or urge you to click on a link.
For shopping scams, it’s recommended to do research on any unfamiliar online retailer before making a purchase. Look for reviews or complaints about the retailer on independent consumer websites. If the website is offering items at a price that seems too good to be true, it likely is. Also, consider the website’s URL. A URL that begins with ‘https://’ indicates that the website encrypts user information, making it safer to input sensitive information than on websites with ‘http://’ URLs.
Forewarned is forearmed, and having advanced strategies to detect and avoid scams is also a strong line of defense. When it comes to online dating, be sure to thoroughly vet any potential romantic interests. This involves doing a reverse image search of profile photos, which can quickly reveal if a picture has been stolen from another online source. Additionally, be aware of red flags such as overly-flattering messages or requests to move the conversation to a private email or messaging app.
McAfee Pro Tip: If you’re considering using one of these for a bit of dating beyond a dating app or simply to stay connected with family and friends, the key advice is to do your homework. Look into their security measures and privacy policies, especially because some have faced security issues recently. For more information, take a look at this article on video conferencing to ensure you can keep hackers and uninvited guests away when you’re chatting.
If you come across a scam or fall victim to one, it’s crucial to report it to the appropriate authorities. This helps law enforcement track down scammers and alert others to the scam. In the U.S., you can report scams to the Federal Trade Commission through their website. If the scam involves a financial transaction, also report it to your bank or credit card company. They may be able to help recover your funds or prevent further losses.
Additionally, take steps to protect yourself after falling victim to a scam. This could involve changing passwords, monitoring your financial accounts for unusual activity, or even freezing your credit. It can also be beneficial to alert your friends and family to the scam, both to protect them and to gain their support and assistance in dealing with the aftermath of the scam.
→ Dig Deeper: How To Report An Online Scam
The unfortunate reality is that scammers are ever-present and always looking for new ways to exploit unsuspecting victims. However, by being informed, cautious, and proactive, you can significantly decrease your chances of falling victim to a Valentine’s Day scam. Whether you’re looking for love or shopping for the perfect gift, remember to always prioritize your safety and security.
And if you do encounter a scam, take comfort in knowing that you’re not alone and there are resources available to help. McAfee’s blogs and reports are just some of them. By reporting scams to the authorities, you’re doing your part to help stop scammers in their tracks and protect others from falling victim. Remember, Valentine’s Day is a day for celebrating love, not for worrying about scammers. Stay safe, stay informed, and don’t let a scammer ruin your Valentine’s Day.
Remember to always stay vigilant. Protect your heart and your bank account, and make sure your Valentine’s Day is filled with love and happiness, not regret and frustration. Don’t let scammers break your heart or your bank account – on Valentine’s Day or on any other day.
The post Valentine’s Alert: Don’t Let Scammers Break Your Heart or Your Bank Account appeared first on McAfee Blog.
The eagerly awaited holiday sales such as Black Friday and Cyber Monday are just around the corner. As consumers, we look forward to getting the best deals online, but we’re not the only ones. Hackers are also keenly anticipating these holidays but for different reasons. They use this period to come up with all sorts of shopping scams that can potentially put a dampener on the holiday spirit for unsuspecting shoppers.
This article provides you with ten tips to keep you and your family safe from online shopping scams this season. These tips will not only help you spot a good deal but also help you avoid falling prey to online scams, thereby ensuring that you keep your finances safe during this shopping season.
A common tactic employed by hackers involves the use of malware hidden in email attachments. During the holiday sales season, they often camouflage their malware in emails that claim to contain offers or shipping notifications. It is important to remember that legitimate retailers and shipping companies will not send offers, promo codes, or tracking numbers as email attachments. Instead, they will mention these details in the body of the email.
Therefore, be wary of any email attachments you receive from retailers or shippers. If something seems off, it probably is. Do not download or open suspicious attachments, as this could potentially lead to a malware attack.
→ Dig Deeper: McAfee Protects Against Suspicious Email Attachments
Scammers often employ a tactic known as “typosquatting,” where they create phony email addresses and URLs that look incredibly similar to the legitimate addresses of well-known companies and retailers. These are often sent via phishing emails, and instead of leading you to great deals, these links can direct you to scam websites that extract your login credentials, payment information, or even directly extract funds from your account when you attempt to place an order through them.
Therefore, it is imperative to double-check all email addresses and URLs before clicking on them. Look out for subtle discrepancies in the spelling or arrangement of characters, as these are often indicators of a scam. If a link or email address seems suspicious, do not click on it.
→ Dig Deeper: How Typosquatting Scams Work
In continuation with the previous point, scammers also set up websites that resemble those run by trusted retailers or brands. These websites often advertise special offers or attractive deals on popular holiday items. However, these are nothing more than a ruse to trick unsuspecting shoppers into divulging their personal and financial information.
These scam websites are often spread through social media, email, and other messaging platforms. It’s crucial to exercise skepticism when encountering such links. Instead of clicking on them, it’s always safer to visit the brand’s official website directly and look for the deal there.
→ Dig Deeper: 8 Ways to Know If Online Stores Are Safe and Legit
Using a robust and comprehensive security software suite while shopping can provide you with additional layers of protection against scams. For instance, web browser protection features can block malicious and suspicious links, reducing the risk of falling prey to malware or a financial scam.
Ensure your antivirus software is up to date and your firewall is enabled. At the same time, enable secure browsing options available in your web browser. These simple steps can go a long way in securing your online shopping experience.
Using the same passwords across multiple platforms is akin to giving hackers a free pass. If they manage to hack into one account, they can potentially gain access to others that share the same password. To avoid this, consider using a password manager. These tools can generate complex and unique passwords for each of your accounts and store them securely, saving you the hassle of remembering them all.
By diversifying your passwords and securing them effectively, you can significantly reduce the risk of becoming a victim of a hack or a scam. The importance of this proactive approach cannot be overstated in today’s interconnected world, where our personal and financial information is often just a few clicks away from prying eyes and malicious intent.
→ Dig Deeper: Strong Password Ideas to Keep Your Information Safe
Two-factor authentication (2FA) is an invaluable tool that adds an extra layer of protection to your accounts. When 2FA is enabled, gaining access to your accounts isn’t as simple as just entering your username and password. Instead, you also need to input a unique, one-time-use code that is typically sent to your phone or email. This code acts as a second password, making your account significantly more secure.
If any of your accounts offer 2FA, it’s crucial to take advantage of this feature. While it might initially seem cumbersome, the added security is well worth the slight inconvenience.
Public Wi-Fi networks, such as those found in coffee shops and other public locations, can be dangerous due to their lack of security. If you shop online through a public Wi-Fi network, you’re essentially broadcasting your private information to anyone who cares to look. To prevent this, consider using a virtual private network (VPN).
VPNs encrypt your internet traffic, securing it against any prying eyes. This encryption protects your passwords, credit card numbers, and other sensitive information from being intercepted and misused. If you frequently shop online in public places, using a VPN is a must.
In the U.S., the Fair Credit Billing Act protects against fraudulent charges on credit cards. Under this act, you can dispute any charges over $50 for goods and services that you never received or were billed incorrectly for. Moreover, many credit card companies offer policies that add to the protections provided by the Fair Credit Billing Act.
However, these protections don’t extend to debit cards. When you use a debit card, the money is immediately drawn from your bank account, making it more difficult to recover in case of fraud. So, for online shopping, it’s safer to use a credit card instead of a debit card.
A virtual credit card can provide an extra layer of security for your online purchases. When you use one of these cards, it generates a temporary card number for each transaction, keeping your real card number safe. However, there are potential downsides to be aware of, such as difficulties with returns and refunds.
Before deciding to use a virtual credit card, understand its pros and cons. Research the policies of the issuing company so you can make an informed decision about whether or not it’s the right choice for you.
Given the number of accounts most of us manage and the rampant incidents of data breaches, it’s crucial to monitor your credit reports for any signs of fraud. An unexpected change in your credit score could indicate that someone has taken out a loan or credit card in your name. If you notice any discrepancies, report them immediately to the credit bureau and to the lender who reported the fraudulent information.
In the U.S., you’re entitled to a free credit report from each of the three major credit bureaus every year. Utilize this service and check your reports regularly. Remember, quickly identifying and reporting fraudulent activity is the key to mitigating its impact.
McAfee Pro Tip: Have you encountered a suspicious charge on your credit card and felt uncertain about the next steps? Get a credit monitoring service to monitor any unusual credit-related transactions that may be a potential sign of identity theft.
As we approach Cyber Monday, it’s important to stay vigilant to protect yourself and your family from online scams. By taking simple precautions like verifying email addresses, resorting to 2FA, using a VPN while shopping on public Wi-Fi, and monitoring your credit reports, you can significantly reduce your chances of falling for an online shopping scam. Additionally, consider employing cybersecurity solutions like McAfee+, which offer robust protection against various online threats. Remember, if a deal seems too good to be true, it probably is. Happy and safe shopping!
The post Cyber Monday: Protect Yourself and Your Family from Online Shopping Scams appeared first on McAfee Blog.
In the shadow of the COVID-19 pandemic, workplaces worldwide have undergone a seismic shift towards remote working. This adjustment involves much more than just allowing employees to access work resources from various locations. It necessitates the update of remote working policies and heightened cybersecurity security awareness.
Cybercriminals and potential nation-states are reportedly exploiting the global health crisis for their own gain. Hackers have targeted an array of sectors, including healthcare, employing COVID-19-related baits to manipulate user behavior. This article aims to provide a comprehensive guide on how you, as an employee, can augment your cybersecurity measures and stay safe when working remotely.
It has been reported that criminals are using COVID-19 as bait in phishing emails, domains, malware, and more. While the exploitation of this global crisis is disheartening, it is unsurprising as criminals habitually leverage large events to their advantage. That said, it’s crucial to identify potential targets, particularly in certain geographic regions.
The data so far reveals a broad geographic dispersion of ‘targets,’ with many countries that are typical phishing targets being hit. However, there are anomalies such as Panama, Taiwan, and Japan, suggesting possible campaigns targeting specific countries. The landscape is continuously evolving as more threats are identified, necessitating vigilant monitoring on your part to stay safe.
→ Dig Deeper: McAfee Labs Report Reveals Latest COVID-19 Threats and Malware Surges
The abrupt shift to remote work has left many employees unprepared, with some needing to operate from personal devices. These personal devices, if lacking appropriate security measures, can expose both you and your company or employer to various potential attacks.
Over the last few years, there has been a surge in targeted ransomware attacks, particularly through “commodity malware.” This malware type is often directed at consumers. Consequently, accessing work networks from potentially infected personal devices without appropriate security measures significantly increases the risk. Both employees and employers are left vulnerable to breaches and ransomware lockdowns.
Office closures and working-from-home mandates due to COVID-19 permanently changed the way we look at workplace connectivity. A recent Fenwick poll among HR, privacy, and security professionals across industries noted that approximately 90% of employees now handle intellectual property, confidential, and personal information on their in-home Wi-Fi as opposed to in-office networks. Additionally, many are accessing this information on personal and mobile devices that often do not have the same protections as company-owned devices. The elevated number of unprotected devices connected to unsecured networks creates weak areas in a company’s infrastructure, making it harder to protect against hackers.
One technology your organization should be especially diligent about is video conferencing software. Hackers can infiltrate video conferencing software to eavesdrop on private discussions and steal vital information. Many disrupt video calls via brute force, where they scan a list of possible meeting IDs to try and connect to a meeting. Others seek more complex infiltration methods through vulnerabilities in the actual software. Up until recently, Agora’s video conferencing software exhibited these same vulnerabilities.
Hackers will usually try to gain access to these network vulnerabilities by targeting unsuspecting employees through phishing scams which can lead to even greater consequences if they manage to insert malware or hold your data for ransom. Without proper training on how to avoid these threats, many employees wouldn’t know how to handle the impact should they become the target.
If you’re an employee working remotely, it is essential to comprehend and adhere to best security practices. Here are some guidelines you could follow:
Considering the rise of remote working, it is more crucial than ever for employees, especially those working remotely, to invest in secure solutions and tools. However, as end-users, it’s also wisest to take extra steps like installing comprehensive security software to ward off cyber threats. These software have features that collectively provide a holistic approach to security, detecting vulnerabilities, and minimizing the chance of an attack.
We recommend McAfee+ and McAfee Total Protection if you want an all-inclusive security solution. With a powerful combination of real-time threat detection, antivirus, and malware protection, secure browsing, identity theft prevention, and privacy safeguards, McAfee+ and McAfee Total Protection ensure that your devices and personal information remain secure and your online experience is worry-free.
McAfee Pro Tip: Gauge your security protection and assess your security needs before you get a comprehensive security plan. This proactive approach is the foundation for establishing robust cybersecurity measures tailored to your specific requirements and potential vulnerabilities. Learn more about our award-winning security products award-winning security products.
In the current digital age, employees must be aware of their crucial role in maintaining organizational security. As such, you should consider engaging in tailored security education and training programs that help employees identify and avoid potential threats such as phishing and malicious downloads. Regular training and updates can be beneficial as employees are often the first line of defense and can significantly help mitigate potential security breaches.
To ensure effective acquisition of knowledge, engage in security training that is designed in an engaging, easy-to-understand manner and utilizes practical examples that you can relate to. Successful training programs often incorporate interactive modules, quizzes, and even games to instill important security concepts.
Effective communication and collaboration are paramount in a remote working environment. Employees need to share information and collaborate on projects effectively while ensuring that sensitive information remains secure. Use and participate in platforms that enable secure communication and collaboration. Tools such as secure messaging apps, encrypted email services, secure file sharing, and collaboration platforms will ensure information protection while allowing seamless collaboration.
Make sure that you’re provided with detailed guidelines and training on the proper use of these tools and their security features. This will help prevent data leaks and other security issues that can arise from misuse or misunderstanding.
→ Dig Deeper: Five Tips from McAfee’s Remote Workers
The transition to a remote working environment brings with it various cybersecurity challenges. Prioritizing secure communication and collaboration tools, coupled with ongoing education and adherence to best practices, can help you navigate these challenges with confidence, ultimately reaping the benefits of a flexible and efficient remote work environment while safeguarding critical data and information. McAfee can help you with that and more, so choose the best combination of features that fits your remote work setup.
The post Staying Safe While Working Remotely appeared first on McAfee Blog.
There is a significant secondary marketplace where tickets can sell for several times their original value, opening the opportunity for scammers and fraud
The post Protect yourself from ticketing scams ahead of the Premier League Summer Series USA Tour appeared first on WeLiveSecurity
Sarah didn’t see it coming.
A single mom in her late 40s, “Sarah” was especially lonely after her divorce (name changed to protect her identity). Her teenager had convinced her to join a dating site, so she created a profile on a popular app. After a handful of dates fell flat, she found Scott (name also changed). He was charismatic, kind. “We had an instant connection,” according to Sarah.
They spent hours on the phone sharing their deepest secrets and even started imagining a future together. But after about three months, Scott fell on hard times. At first, he needed to borrow $400 to pay for airfare to visit a dying relative, which he paid back immediately. Over the next few months, the numbers grew to $1,000 for rent and $3,000 for a business venture.
Repayments for those loans never came, and before long, Sarah had loaned her new love over $8,500. When she pressed him for the money, Scott ghosted Sarah online, moved out of town, and she never saw him again. She didn’t share her story with many people. She didn’t report it. She was too embarrassed and humiliated and even became depressed following what she calls “the Scott scam.” Painfully, she lost her trust in others.
Sarah isn’t alone. In the U.S. alone, about 70,000 people reported a romance scam in 2022, according to the Federal Trade Commission (FTC). Reported losses hit $1.3 billion, with a median loss of $4,400. And with such statistics, those figures reflect only what was reported. How many other “Sarahs” in the U.S. got scammed and never reported it? How many worldwide?
That’s the pain of online dating and romance scams. Feelings of embarrassment and humiliation compound financial and emotional pain. After all, the victims were looking for love and companionship.
And that’s what scammers count on. Yet that shouldn’t stop you from a romance that springs online. With a strong heart and sharp eye, you can spot a scam and put an end to it before any damage gets done.
Dating and romance scams can start in several ways. They might begin on dating apps and sites, just like in Sarah’s case. Yet they can happen elsewhere and even pop out of the blue too. Scammers prowl around on social media, texts, and online games by pinging potential victims with an unexpected introductory message — a sort of digital opening line. In fact, the FTC reports that 40% of online dating and romance scams began with a message on social media, versus only 19% on dating apps.
With the initial connection made, a chat begins, and a friendship (or more) blossoms from there. Along the way, the scammer will often rely on a mix of somewhat exotic yet believable storytelling to lure the victim in. Often, that will involve their job and where they’re working. Reports say that scammers will talk of being workers on an offshore oil rig, members of the military stationed overseas, doctors working alongside an international organization or working in the sort of jobs that prevent them from otherwise easily meeting up in person.
With the phony relationship established, the scammer starts asking for money. The FTC reports that they’ll ask for money for several bogus reasons, usually revolving around some sort of hardship where they need a “little help” so that they can pay:
The list goes on, yet that’s the general gist. Scammers often employ a story with an intriguing complication that seems just reasonable enough, one where the romance scammer makes it sound like they could really use the victim’s financial help.
People who have filed fraud reports say they’ve paid their scammer in a few typical ways.
One is by wiring money, often through a wire transfer company. The benefit of this route, for the scammer anyway, is that this is as good as forking over cash. When it’s gone, it’s gone. The victim lacks the protections they have with other payment forms, such as a credit card that allows the holder to cancel or contest a charge.
Another way is through gift cards. Scammers of all stripes like these because they effectively work like cash, whether it’s a gift card for a major online retailer or a chain of brick-and-mortar stores. Like a wire transfer, when that gift card is handed over, the money on it is highly difficult to recover, if at all.
One more common payment method is reloadable debit cards. A scammer might make an initial request for such a card and then make several follow-on requests to load it up again.
In all, a romance scammer typically looks for the easiest payment method that’s the most difficult to contest or reimburse, leaving the victim in a financial lurch when the scam ends.
When it comes to meeting new people online, the FTC suggests the following:
Scammers, although heartless, are still human. They make mistakes. The stories they concoct are just that. Stories. They might jumble their details, get their times and dates all wrong, or simply get caught in an apparent lie. Also, remember that some scammers might be grifting several victims at once, which is yet another opportunity for them to get confused and slip up. Keep an eye out for that. Inconsistencies are the watermarks of a scam.
Lastly, take note that romance scammers have an entirely new set of tricks at their disposal. AI deepfakes. With inexpensive and readily available AI tools, scammers can make themselves look and sound like an entirely different person. All in real-time. As striking as that sounds, keep it in mind. Romance deepfakes now exist in the realm of possibility.
It once was that if a person didn’t want to hop on a voice chat, it might count as a sign of a scam. That’s no longer the case with deepfake technology in play. Even so, many of the same tried-and-true means of avoiding a romance scam still apply.
1. Lock down your privacy on social media.
Social media platforms like Facebook, Instagram, and others give you the option of making your profile and posts visible to friends only. Choosing this setting keeps the broader internet from seeing what you’re doing, saying, and posting, which can help protect your privacy and give a romance scammer less info to exploit. Using our Social Privacy Manager can make that even easier. With only a few clicks, it can adjust more than 100 privacy settings across their social media accounts — making them more private as a result.
2. Google yourself, and then remove what you find.
Have you ever googled yourself online? You’ll find personal info like your date of birth, previous addresses, names of your children and their ages, your estimated income, and more. This info is collected by data brokers and available for sell to advertisers or worse — like scammers. Sophisticated scammers use this info to profile and exploit their victims further. A Personal Data Cleanup service can help you remove this kind of personal data from the web.
3. Say “no” to strangers bearing friend requests.
Be critical of the invitations you receive. Out-and-out strangers might be more than a romance scammer. They might front fake accounts designed to gather info on users for cybercrime, or they can be an account designed to spread false info. There are plenty of them too. In fact, in Q4 of 2023 alone, Facebook took action on 691 million fake accounts. Reject such requests.
4. Go light on the details in your dating profile.
To the extent that you can, provide the minimum amount of details in your dating profile. Granted, this requires a bit of a balancing act. You want to put some info out there to help find a match, yet too much can give you and your location away. Same for your profile pics. Be sure yours have a generic-looking background, rather than anything that might identify where you live, work, or go to school.
5. Protect yourself and your devices.
Online protection software can steer you clear from clicking on malicious links that a scammer might send you online, while also steering you clear of other threats like viruses, ransomware, and phishing attacks in general. It can look out for your personal info as well, by protecting your privacy and monitoring your email, SSN, bank accounts, credit cards, and other info that a scammer or identity thief might put to use. With identity theft a rather commonplace occurrence today, security software is really a must.
If you suspect that you’re being scammed, put an end to the relationship and report it, as difficult as that might feel.
Notify the FTC at ReportFraud.ftc.gov for support and next steps to help you recover financially as much as possible. Likewise, notify the social media site, app, or service where the scam occurred as well. In some cases, you might want to file a police report, which we cover in our broader article on identity theft and fraud.
If you sent funds via a gift card, the FTC suggests filing a claim with the company as soon as possible. They offer further advice on filing a claim here, along with a list of contact numbers for gift card brands that scammers commonly use.
Lastly, go easy on yourself. If you find yourself a victim of online dating or romance fraud, know that you won’t be the first or last person to be taken advantage of this way. By reporting your case, you might help others from falling victim too.
The post How Online Dating Scams work and How to Spot Them appeared first on McAfee Blog.
Social engineering. It’s a con game. And a con game by any other name stings just as badly.
Like any form of con, social engineering dupes their victims by playing on their emotions. Fear, excitement, and surprise. And they prey on human nature as well. The desire to help others, recognizing authority, and even the dream of hitting it big in the lottery. All of this comes into play in social engineering.
By design, the scammers who employ social engineering do so in an attempt to bilk people out of their personal information, their money, or both. More broadly, they’re designed to give scammers access—to a credit card, bank account, proprietary company information, and even physical access to a building or restricted space in the case of tailgating attacks. In this way, social engineering is an attack technique rather than a specific type of attack.
Several types of attacks employ social engineering:
The list goes on. Yet those are among the top attacks that use social engineering as a means of hoodwinking their victims. It’s a scammer’s secret weapon. Time and time again, we’ve seen just how effective it can be.
So while many bad actors turn to social engineering tricks to do their dirty work, they share several common characteristics. That makes them easy to spot. If you know what you’re looking for.
An overexcited or aggressive tone in an email, text, DM, or any kind of message you receive should put up a big red flag. Scammers use these scare tactics to get you to act without thinking things through first.
Common examples include imposter scams. The scammer will send a text or email that looks like it comes from someone you know. And they’ll say they’re in a jam of some sort, like their car has broken down in the middle of nowhere, or that they have a medical emergency and to go to urgent care. In many of these cases, scammers will quickly ask for money.
Another classic is the tax scam, where a scammer poses as a tax agent or representative. From there, they bully money out of their victims with threats of legal action or even arrest. Dealing with an actual tax issue might be uncomfortable, but a legitimate tax agent won’t threaten you like that.
You’ve won a sweepstakes! (That you never entered.) Get a great deal on this hard-to-find item! (That will never ship after you’ve paid for it.) Scammers will concoct all kinds of stories to separate you from your personal information.
The scammers behind bogus prizes and sweepstakes will ask you for banking information or sometimes even your tax ID number to pay out your winnings. Winnings you’ll never receive, of course. The scammer wants that information to raid your accounts and commit all kinds of identity theft.
Those great deals? The scammers might not ship them at all. They’ll drain your credit or debit card instead and leave you tapping your foot by your mailbox. Sometimes, the scammers might indeed ship you something after all—a knock-off item. One possibly made with child labor.
Scammers will often pose as people you know. That can include friends, family members, co-workers, bosses, vendors or clients at work, and so on. And when they do, something about the message you get will seem a bit strange.
For starters, the message might not sound like it came from them. What they say and how they say it seems off or out of character. It might include links or attachments you didn’t expect to get. Or the message might come to you via a DM sent from a “new” account they set up. In the workplace, you might get a message from your boss instructing you to pay someone a large sum from the company account.
These are all signs that something scammy might be afoot. You’ll want to follow up with these people in person or with a quick phone call just to confirm. Reach them in any way other than by replying to the message you received. Even if it looks like a legitimate account. There’s the chance their account was hacked.
How do scammers know how to reach you in the first place? And how do they seem to know just enough about you to cook up a convincing story? Clever scammers have resources, and they’ll do their homework. You can give them far less to work with by taking the following steps.
Online data brokers hoard all kinds of personal information about individuals. And they’ll sell it to anyone. That includes scammers. Data brokers gather it from multiple sources, such as public records and third parties that have further information like browsing histories and shopping histories (think your supermarket club card). With that information, a scammer can sound quite convincing—like they know you in some way or where your interests lie. You can get this information removed so scammers can’t get their hands on it. Our Personal Data Cleanup scans some of the riskiest data broker sites and shows you which ones are selling your personal info. It also provides guidance on how you can remove your data from those sites and with select products, it can even manage the removal for you.
Needless to say, social media says a lot about you and what you’re into. You already know that because you put a part of yourself out there with each post—not to mention a record of the groups, pages, and things that you follow or like. All this provides yet more grist for a scammer’s mill when it comes time for them to concoct their stories. Setting your accounts to private takes your posts out of the public eye, and the eye of potential scammers too. This can help reduce your risk of getting conned.
Scammers throw all kinds of bogus links at people in the hope they’ll click and wind up on their scammy websites. They’ll also send attachments loaded with malware—a payload that contains ransomware, spyware, or viruses. If you get a message about one of your accounts, a shipment, or anything that involves your personal or financial info, confirm the sender. Did the message come from a legitimate address or account? Or was the address spoofed or the account a fake? For example, some scammers create social media accounts to pose as the U.S. Internal Revenue Service (IRS). The IRS doesn’t contact people through social media. If you have a concern about a message or account, visit the site in question by typing it in directly instead of clicking on the link in the message. Access your information from there or call their customer service line.
The combination of these two things makes it tough for scammers to crack your accounts. Even if they somehow get hold of your password, they can’t get into your account without the multifactor authentication number (usually sent to your phone in some form). A password manager as part of comprehensive online protection software can help you create and securely store those strong, unique passwords. Also, never give your authentication number to anyone after you receive it. Another common scammer trick is to masquerade as a customer service rep and ask you to send that number to them.
This is the one piece of advice scammers don’t want you to have, let alone follow. They count on you getting caught up in the moment—the emotion of it all. Once again, emotions, urgency, and human nature are all key components in any social engineering con. The moment you stop and think about the message, what it’s asking of you, and the way it’s asking you for it, will often quickly let you know that something is not quite right. Follow up. A quick phone call or face-to-face chat can help you from getting conned.
The post Social Engineering—The Scammer’s Secret Weapon appeared first on McAfee Blog.
A peek under the hood of a cybercrime operation and what you can do to avoid being an easy target for similar ploys
The post Tricks of the trade: How a cybercrime ring operated a multi‑level fraud scheme appeared first on WeLiveSecurity
Everyone loves a great deal when they shop online. Until they discover it’s a rip-off.
Social media ads for vintage wear. Website ads for home entertainment gear. Search ads for handbags. Some of these ads aren’t what they seem. Instead of leading you to deals on a trustworthy ecommerce site, the ads take you to a bogus page designed to steal your money and personal info.
Unfortunately, it happens. And one global report estimated that online shoppers lost $41 billion to fraud in 2022. How do scammers pull it off? With the same tools that legitimate businesses use.
Let’s look at how they do it and how you can steer clear of their tricks.
Many of today’s scammers work in organized fashion. They oversee large cybercrime operations that run much like a business. They employ web designers, coders, marketing teams, and customer call centers that mimic a genuine online retailer. Which makes sense. The more they can look and act like the real thing, the more likely they can lure victims into their online stores.
Smaller bands of scammers get in on this action as well. Just as a small business can easily create an online store with any number of off-the-shelf services and solutions, so can a couple of scammers.
In this way, scammers large and small can readily create a professional-looking website, create effective ads to drive traffic to it, and collect financial information from there.
Yet, some scammers don’t steal financial information outright. They might indeed ship you the goods, but they won’t be the goods you ordered. They’re counterfeit. And it might be part of a large-scale operation that exploits child workers.
Whether they’re out to steal your money or sell you knockoff goods, online shopping scams tend to ramp up around gift-giving seasons. They’ll bait shoppers with hard-to-find items, tout steep discounts on other popular items, and otherwise play into the rush of holiday gift buying. Yet they crop up year-round as well. Really, any time you shop is a time to be on the lookout for them.
This is a great piece of advice to start with. Directly typing in the correct address for online stores and retailers is a prime way to avoid scammers online. In the case of retailers that you don’t know much about, the U.S. Better Business Bureau (BBB) asks shoppers to do their research. Ensure that the retailer has a good reputation. The BBB makes that easier with a listing of retailers you can search by typing in their name.
Also in the U.S., you can visit the website of your state’s Secretary of State. There you can search for the business in question, learn when it was founded, if it’s still active, or if it exists at all. For businesses based in a state other than your own, you can visit that state’s Secretary of State website for information. For a state-by-state list of Secretaries of State, you can visit the Secretary of State Corporate Search page here.
For a listing of businesses with international locations, organizations like S&P Global Ratings and the Dun and Bradstreet Corporation can provide background information.
Never heard of that retailer before? See when they launched their website. A relatively new site might be a sign that it’s part of a scam.
A quick visit to the ICANN (Internet Corporation for Assigned Names and Numbers) website can show you certain background information for any website you type in. Given how quickly and easily scammers can register and launch a website, this kind of information can help you sniff out a scam.
Of course, it might also indicate a new business that’s entirely legitimate, so a little more digging is called for. That’s where reviews come in. Aside from the resources listed above, a simple web search of “[company name] reviews” or “[company name] scam” can help you find out if the retailer is legit.
3. Look for the lock icon in your browser when you shop.
Secure websites begin their addresses with “https,” not just “http.” That extra “s” stands for “secure,” which means that it uses a secure protocol for transmitting sensitive info like passwords, credit card numbers, and the like over the internet. It often appears as a little padlock icon in the address bar of your browser, so double-check for that. If you don’t see that it’s secure, it’s best to avoid making purchases on that website.
4. Pay with a credit card instead of your debit card.
Credit cards offer fraud protections that debit cards don’t. Another key difference: when fraud occurs with a debit card, you fight to get your money back—it’s gone straight out of your account. With a credit card, the issuer fights to get their money back. They’re the ones who take the financial hit.
Additionally, in the U.S., the Fair Credit Billing Act offers the public protection against fraudulent charges on credit cards. The act gives citizens the power to dispute charges over $50 for goods and services that were never delivered or otherwise billed incorrectly. Note that many credit card companies have their own policies that improve upon the Fair Credit Billing Act as well. However, debit cards aren’t afforded the same protection under the Act. Avoid using a debit card while shopping online and use your credit card instead.
Two-factor authentication is an extra layer of defense on top of your username and password. It adds a one-time-use code to access your login procedure, typically sent to your smartphone by text or call. Together, that makes it tougher for a crook to hack your account. If any of your accounts support two-factor authentication, the few extra seconds it takes to set up is more than worth the big boost in protection you’ll get.
Public Wi-Fi in coffee shops and other public locations can expose your private surfing to prying eyes because those networks are open to all. A virtual private network (VPN) encrypts your browsing, shopping, and other internet traffic. That makes it secure from bad actors who try to intercept your data on public Wi-Fi, which can include your passwords and credit card numbers.
A complete suite of online protection software like McAfee+ can offer layers of extra security while you shop. It includes web browser protection that can block malicious and questionable links that might lead you down the road to malware or a phishing scam— along with a password manager that can create and securely store strong, unique passwords.
Social media has made it easier for sellers large and small to reach customers online. It’s made it easier for scammers to reach victims too.
If you’re on social media, you’ve certainly seen your share of ads. Some are from companies and retailers you know and trust. Yet more are from names you’ve likely never heard of. They might be legitimate businesses, yet they might be fronts for a convincing-looking scam.
These ads end up on social media the same way ads from legitimate businesses do, by way of social media ad platforms. Social media companies created these platforms so advertisers can reach millions of individual users based upon their age group, hobbies and interests, past purchases, and so on.
For example, a scammer might target younger shoppers with an interest in retro fashion. From there, the scammer can narrow that down to target people who live in metropolitan areas who like 1980s memorabilia. The scammers then create an ad that takes that audience to a phony website loaded with bogus t-shirts, coats, and bags.
All of it costs relatively little. A small ad budget of a few hundred dollars can give scammers exposure to millions of potential victims.
The best way to avoid getting stung by these sites is to do your homework. Seek out the company’s track record. Look for reviews. And if you’re unsure, take a pass. Don’t shop with that company.
Shopping scams can look and feel rather sophisticated today. With a host of low-cost and easy-to-use tools for publishing and advertising online, scammers of all sizes can create bogus shopping experiences that look convincing.
So buyers be wary. Before you click or tap on that ad, do some research. Determine if the company is legitimate, if it’s had complaints waged against it, and how those complaints were resolved. And always use your credit card. It offers the best consumer protections you have in the event you do end up getting scammed.
The post Steer Clear of Rip-offs: Top Tips for Safer Online Shopping appeared first on McAfee Blog.
Ping, it’s a scammer!
The sound of an incoming email, text, or direct message has a way of getting your attention, so you take a look and see what’s up. It happens umpteen times a week, to the extent that it feels like the flow of your day. And scammers want to tap into that with sneaky phishing attacks that catch you off guard, all with the aim of stealing your personal information or bilking you out of your money.
Phishing attacks take several forms, where scammers masquerade as a legitimate company, financial institution, government agency, or even as someone you know. And they’ll come after you with messages that follow suit:
You can see why phishing attacks can be so effective. Messages like these have an urgency to them, and they seem like they’re legit, or they at least seem like they might deal with something you might care about. But of course they’re just a ruse. And some of them can look and sound rather convincing. Or at least convincing enough that you’ll not only give them a look, but that you’ll also give them a click too.
And that’s where the troubles start. Clicking the links or attachments sent in a phishing attack can lead to several potentially nasty things, such as:
However, plenty of phishing attacks are preventable. A mix of knowing what to look for and putting a few security steps in place can help you keep scammers at bay.
How you end up with one has a lot to do with it.
There’s a good chance you’ve already seen your share of phishing attempts on your phone. A text comes through with a brief message that one of your accounts needs attention, from an entirely unknown number. Along with it is a link that you can tap to follow up, which will send you to a malicious site. In some cases, the sender may skip the link and attempt to start a conversation with the aim of getting you to share your personal information or possibly fork over some payment with a gift card, money order, rechargeable debit card, or other form of payment that is difficult to trace and recover.
In the case of social media, you can expect that the attack will come from an imposter account that’s doing its best to pose as one of those legitimate businesses or organizations we talked about, or perhaps as a stranger or even someone you know. And the name and profile pic will do its best to play the part. If you click on the account that sent it, you may see that it was created only recently and that it has few to no followers, both of which are red flags. The attack is typically conversational, much like described above where the scammer attempts to pump you for personal info or money.
Attacks that come by direct messaging apps will work much in the same way. The scammer will set up a phony account, and where the app allows, a phony name and a phony profile pic to go along with it.
Email gets a little more complicated because emails can range anywhere from a few simple lines of text to a fully designed piece complete with images, formatting, and embedded links—much like a miniature web page.
In the past, email phishing attacks looked rather unsophisticated, rife with poor spelling and grammar, along with sloppy-looking layouts and images. That’s still sometimes the case today. Yet not always. Some phishing emails look like the real thing. Or nearly so.
Case in point, here’s a look at a phishing email masquerading as a McAfee email:
There’s a lot going on here. The scammers try to mimic the McAfee brand, yet don’t quite pull it off. Still, they do several things to try and be convincing.
Note the use of photography and the box shot of our software, paired with a prominent “act now” headline. It’s not the style of photography we use. Not that people would generally know this. However, some might have a passing thought like, “Huh. That doesn’t really look right for some reason.”
Beyond that, there are a few capitalization errors, some misplaced punctuation, plus the “order now” and “60% off” icons look rather slapped on. Also note the little dash of fear it throws in at the top of the email with mention of “There are (42) viruses on your computer.”
Taken all together, you can spot many email scams by taking a closer look, seeing what doesn’t feel right, and then trusting you gut. But that asks you to slow down, take a moment, and eyeball the email critically. Which people don’t always do. And that’s what scammers count on.
Similar ploys see scammers pose as legitimate companies and retailers, where they either ask you to log into a bogus account page to check statement or the status of an order. Some scammers offer links to “discount codes” that are instead links to landing pages designed steal your account login information as well. Similarly, they may simply send a malicious email attachment with the hope that you’ll click it.
In other forms of email phishing attacks, scammers may pose as a co-worker, business associate, vendor, or partner to get the victim to click a malicious link or download malicious software. These may include a link to a bogus invoice, spreadsheet, notetaking file, or word processing doc—just about anything that looks like it could be a piece of business correspondence. Instead, the link leads to a scam website that asks the victim “log in and download” the document, which steals account info as a result. Scammers may also include attachments to phishing emails that can install malware directly on the device, sometimes by infecting an otherwise everyday document with a malicious payload.
Email scammers may also pose as someone you know, whether by propping up an imposter email account or by outright hijacking an existing account. The attack follows the same playbook, using a link or an attachment to steal personal info, request funds, or install malware.
While you can’t outright stop phishing attacks from making their way to your computer or phone, you can do several things to keep yourself from falling to them. Further, you can do other things that may make it more difficult for scammers to reach you.
The content and the tone of the message can tell you quite a lot. Threatening messages or ones that play on fear are often phishing attacks, such angry messages from a so-called tax agent looking to collect back taxes. Other messages will lean heavy on urgency, like the phony McAfee phishing email above that says your license has expired today and that you have “(42)” viruses. And during the holidays, watch out for loud, overexcited messages about deep discounts on hard-to-find items. Instead of linking you off to a proper ecommerce site, they may link you to a scam shopping site that does nothing but steal your money and the account information you used to pay them. In all, phishing attacks indeed smell fishy. Slow down and review that message with a critical eye. It may tip you off to a scam.
Some phishing attacks can look rather convincing. So much so that you’ll want to follow up on them, like if your bank reports irregular activity on your account or a bill appears to be past due. In these cases, don’t click on the link in the message. Go straight to the website of the business or organization in question and access your account from there. Likewise, if you have questions, you can always reach out to their customer service number or web page.
When scammers contact you via social media, that in of itself can be a tell-tale sign of a scam. Consider, would an income tax collector contact you over social media? The answer there is no. For example, in the U.S. the Internal Revenue Service (IRS) makes it quite clear that they will never contact taxpayers via social media. (Let alone send angry, threatening messages.) In all, legitimate businesses and organizations don’t use social media as a channel for official communications. They have accepted ways they will, and will not, contact you. If you have any doubts about a communication you received, contact the business or organization in question directly and follow up with one of their customer service representatives.
Some phishing attacks involve attachments packed with malware like the ransomware, viruses, and keyloggers we mentioned earlier. If you receive a message with such an attachment, delete it. Even if you receive an email with an attachment from someone you know, follow up with that person. Particularly if you weren’t expecting an attachment from them. Scammers will often hijack or spoof email accounts of everyday people to spread malware.
On computers and laptops, you can hover your cursor over links without clicking on them to see the web address. Take a close look at the addresses the message is using. If it’s an email, look at the email address. Maybe the address doesn’t match the company or organization at all. Or maybe it looks like it almost does, yet it adds a few letters or words to the name. This marks yet another sign that you may have a phishing attack on your hands. Scammers also use the common tactic of a link shortener, which creates links that almost look like strings of indecipherable text. These shortened links mask the true address, which may indeed be a link to scam site. Delete the message. If possible, report it. Many social media platforms and messaging apps have built-in controls for reporting suspicious accounts and messages.
On social media and messaging platforms, stick to following, friending, and messaging people who you really know. As for those people who contact you out of the blue, be suspicious. Sad to say, they’re often scammers canvassing these platforms for victims. Better yet, where you can, set your profile to private, which makes it more difficult for scammers select and stalk you for an attack.
How’d that scammer get your phone number or email address anyway? Chances are, they pulled that information off a data broker site. Data brokers buy, collect, and sell detailed personal information, which they compile from several public and private sources, such as local, state, and federal records, plus third parties like supermarket shopper’s cards and mobile apps that share and sell user data. Moreover, they’ll sell it to anyone who pays for it, including people who’ll use that information for scams. You can help reduce those scam texts and calls by removing your information from those sites. Our Personal Data Cleanup scans some of the riskiest data broker sites and shows you which ones are selling your personal info.
Online protection software can protect you in several ways. First, it can offer safe browsing features that can identify malicious links and downloads, which can help prevent clicking them. Further, it can steer you away from dangerous websites and block malware and phishing sites if you accidentally click on a malicious link. And overall, strong virus and malware protection can further block any attacks on your devices. Be sure to protect your smartphones in addition to your computers and laptops as well, particularly given all the sensitive things we do on them, like banking, shopping, and booking rides and travel.
Once phishing attacks were largely the domain of bogus emails, yet now they’ve spread to texts, social media, and messaging apps—anywhere a scammer can send a fraudulent message while posing as a reputable source.
Scammers count on you taking the bait, the immediate feelings of fear or concern that there’s a problem with your taxes or one of your accounts. They also prey on scarcity, like during the holidays where people search for great deals on gifts and have plenty of packages on the move. With a critical eye, you can often spot those scams. Sometimes, a pause and a little thought is all it takes. And in the cases where a particularly cagey attack makes its way through, online protection software can warn you that the link you’re about to click is indeed a trap.
Taken all together, you have plenty of ways you can beat scammers at their game.
The post How to Avoid Phishing Attacks on Your Smartphones and Computers appeared first on McAfee Blog.
There are plenty of phish in the sea.
Millions of bogus phishing emails land in millions of inboxes each day with one purpose in mind—to rip off the recipient. Whether they’re out to crack your bank account, steal personal information, or both, you can learn how to spot phishing emails and keep yourself safe.
And some of today’s phishing emails are indeed getting tougher to spot.
They seem like they come from companies you know and trust, like your bank, your credit card company, or services like Netflix, PayPal, and Amazon. And some of them look convincing. The writing and the layout are crisp, and the overall presentation looks professional. Yet still, there’s still something off about them.
And there’s certainly something wrong with that email. It was written by a scammer. Phishing emails employ a bait-and-hook tactic, where an urgent or enticing message is the bait and malware or a link to a phony login page is the hook.
Once the hook gets set, several things might happen. That phony login page may steal account and personal information. Or that malware might install keylogging software that steals information, viruses that open a back door through which data can get hijacked, or ransomware that holds a device and its data hostage until a fee is paid.
Again, you can sidestep these attacks if you know how to spot them. There are signs.
Let’s look at how prolific these attacks are, pick apart a few examples, and then break down the things you should look for.
<h2>Phishing attack statistics—the millions of attempts made each year.
In the U.S. alone, more than 300,000 victims reported a phishing attack to the FBI in 2022. Phishing attacks topped the list of reported complaints, roughly six times greater than the second top offender, personal data breaches. The actual figure is undoubtedly higher, given that not all attacks get reported.
Looking at phishing attacks worldwide, one study suggests that more than 255 million phishing attempts were made in the second half of 2022 alone. That marks a 61% increase over the previous year. Another study concluded that 1 in every 99 mails sent contained a phishing attack.
Yet scammers won’t always cast such a wide net. Statistics point to a rise in targeted spear phishing, where the attacker goes after a specific person. They will often target people at businesses who have the authority to transfer funds or make payments. Other targets include people who have access to sensitive information like passwords, proprietary data, and account information.
As such, the price of these attacks can get costly. In 2022, the FBI received 21,832 complaints from businesses that said they fell victim to a spear phishing attack. The adjusted losses were over $2.7 billion—an average cost of $123,671 per attack.
So while exacting phishing attack statistics remain somewhat elusive, there’s no question that phishing attacks are prolific. And costly.
<h2>What does a phishing attack look like?
Nearly every phishing attack sends an urgent message. One designed to get you to act.
Some examples …
When set within a nice design and paired some official-looking logos, it’s easy to see why plenty of people click the link or attachment that comes with messages like these.
And that’s the tricky thing with phishing attacks. Scammers have leveled up their game in recent years. Their phishing emails can look convincing. Not long ago, you could point to misspellings, lousy grammar, poor design, and logos that looked stretched or that used the wrong colors. Poorly executed phishing attacks like that still make their way into the world. However, it’s increasingly common to see far more sophisticated attacks today. Attacks that appear like a genuine message or notice.
Case in point:
Say you got an email that said your PayPal account had an issue. Would you type your account information here if you found yourself on this page? If so, you would have handed over your information to a scammer.
We took the screenshot above as part of following a phishing attack to its end—without entering any legitimate info, of course. In fact, we entered a garbage email address and password, and it still let us in. That’s because the scammers were after other information, as you’ll soon see.
As we dug into the site more deeply, it looked pretty spot on. The design mirrored PayPal’s style, and the footer links appeared official enough. Yet then we looked more closely.
Note the subtle errors, like “card informations” and “Configuration of my activity.” While companies make grammatical errors on occasion, spotting them in an interface should hoist a big red flag. Plus, the site asks for credit card information very early in the process. All suspicious.
Here’s where the attackers really got bold.
They ask for bank “informations,” which not only includes routing and account numbers, but they ask for the account password too. As said, bold. And entirely bogus.
Taken all together, the subtle errors and the bald-faced grab for exacting account information clearly mark this as a scam.
Let’s take a few steps back, though. Who sent the phishing email that directed us to this malicious site? None other than “paypal at inc dot-com.”
Clearly, that’s a phony email. And typical of a phishing attack where an attacker shoehorns a familiar name into an unassociated email address, in this case “inc dot-com.” Attackers may also gin up phony addresses that mimic official addresses, like “paypalcustsv dot-com.” Anything to trick you.
Likewise, the malicious site that the phishing email sent us to used a spoofed address as well. It had no official association with PayPal at all—which is proof positive of a phishing attack.
Note that companies only send emails from their official domain names, just as their sites only use their official domain names. Several companies and organizations will list those official domains on their websites to help curb phishing attacks.
For example, PayPal has a page that clearly states how it will and will not contact you. At McAfee, we have an entire page dedicated to preventing phishing attacks, which also lists the official email addresses we use.
Not every scammer is so sophisticated, at least in the way that they design their phishing emails. We can point to a few phishing emails that posed as legitimate communication from McAfee as examples.
There’s a lot going on in this first email example. The scammers try to mimic the McAfee brand, yet don’t pull it off. Still, they do several things to try to act convincing.
Note the use of photography and the box shot of our software, paired with a prominent “act now” headline. It’s not the style of photography we use. Not that people would generally know this. However, some might have a passing thought like, “Huh. That doesn’t really look like what McAfee usually sends me.”
Beyond that, there are a few capitalization errors, some misplaced punctuation, and the “order now” and “60% off” icons look rather slapped on. Also note the little dash of fear it throws in with a mention of “There are (42) viruses on your computer …”
Taken all together, someone can readily spot that this is a scam with a closer look.
This next ad falls into the less sophisticated category. It’s practically all text and goes heavy on the red ink. Once again, it hosts plenty of capitalization errors, with a few gaffes in grammar as well. In all, it doesn’t read smoothly. Nor is it easy on the eye, as a proper email about your account should be.
What sets this example apart is the “advertisement” disclaimer below, which tries to lend the attack some legitimacy. Also note the phony “unsubscribe” link, plus the (scratched out) mailing address and phone, which all try to do the same.
This last example doesn’t get our font right, and the trademark symbol is awkwardly placed. The usual grammar and capitalization errors crop up again, yet this piece of phishing takes a slightly different approach.
The scammers placed a little timer at the bottom of the email. That adds a degree of scarcity. They want you to think that you have about half an hour before you are unable to register for protection. That’s bogus, of course.
Seeing any recurring themes? There are a few for sure. With these examples in mind, get into the details—how you can spot phishing attacks and how you can avoid them altogether.
Just as we saw, some phishing attacks indeed appear fishy from the start. Yet sometimes it takes a bit of time and a particularly critical eye to spot.
And that’s what scammers count on. They hope that you’re moving quickly or otherwise a little preoccupied when you’re going through your email or messages. Distracted enough so that you might not pause to think, is this message really legit?
One of the best ways to beat scammers is to take a moment to scrutinize that message while keeping the following in mind …
Fear. That’s a big one. Maybe it’s an angry-sounding email from a government agency saying that you owe back taxes. Or maybe it’s another from a family member asking for money because there’s an emergency. Either way, scammers will lean heavily on fear as a motivator.
If you receive such a message, think twice. Consider if it’s genuine. For instance, consider that tax email example. In the U.S., the Internal Revenue Service (IRS) has specific guidelines as to how and when they will contact you. As a rule, they will likely contact you via physical mail delivered by the U.S. Postal Service. (They won’t call or apply pressure tactics—only scammers do that.) Likewise, other nations will have similar standards as well.
Scammers also love urgency. Phishing attacks begin by stirring up your emotions and getting you to act quickly. Scammers might use threats or overly excitable language to create that sense of urgency, both of which are clear signs of a potential scam.
Granted, legitimate businesses and organizations might reach out to notify you of a late payment or possible illicit activity on one of your accounts. Yet they’ll take a far more professional and even-handed tone than a scammer would. For example, it’s highly unlikely that your local electric utility will angrily shut off your service if you don’t pay your past due bill immediately.
Gift cards, cryptocurrency, money orders—these forms of payment are another sign that you might be looking at a phishing attack. Scammers prefer these methods of payment because they’re difficult to trace. Additionally, consumers have little or no way to recover lost funds from these payment methods.
Legitimate businesses and organizations won’t ask for payments in those forms. If you get a message asking for payment in one of those forms, you can bet it’s a scam.
Here’s another way you can spot a phishing attack. Take a close look at the addresses the message is using. If it’s an email, look at the email address. Maybe the address doesn’t match the company or organization at all. Or maybe it does somewhat, yet it adds a few letters or words to the name. This marks yet another sign that you might have a phishing attack on your hands.
Likewise, if the message contains a web link, closely examine that as well. If the name looks at all unfamiliar or altered from the way you’ve seen it before, that might also mean you’re looking at a phishing attempt.
Online protection software can protect you from phishing attacks in several ways.
For starters, it offers web protection that warns you when links lead to malicious websites, such as the ones used in phishing attacks. In the same way, online protection software can warn you about malicious downloads and email attachments so that you don’t end up with malware on your device. And, if the unfortunate does happen, antivirus can block and remove malware.
Online protection software like ours can also address the root of the problem. Scammers must get your email address from somewhere. Often, they get it from online data brokers, sites that gather and sell personal information to any buyer—scammers included.
Data brokers source this information from public records and third parties alike that they sell in bulk, providing scammers with massive mailing lists that can target thousands of potential victims. You can remove your personal info from some of the riskiest data broker sites with our Personal Data Cleanup, which can lower your exposure to scammers by keeping your email address out of their hands.
In all, phishing emails have telltale signs, some more difficult to see than others. Yet you can spot them when you know what to look for and take the time to look for them. With these attacks so prevalent and on the rise, looking at your email with a critical eye is a must today.
The post How to Spot Phishing Emails and Scams appeared first on McAfee Blog.
Ping, it’s a scammer!
The sound of an incoming email, text, or direct message has a way of getting your attention, so you take a look and see what’s up. It happens umpteen times a week, to the extent that it feels like the flow of your day. And scammers want to tap into that with sneaky phishing attacks that catch you off guard, all with the aim of stealing your personal information or bilking you out of your money.
Phishing attacks take several forms, where scammers masquerade as a legitimate company, financial institution, government agency, or even as someone you know. And they’ll come after you with messages that follow suit:
You can see why phishing attacks can be so effective. Messages like these have an urgency to them, and they seem like they’re legit, or they at least seem like they might deal with something you might care about. But of course they’re just a ruse. And some of them can look and sound rather convincing. Or at least convincing enough that you’ll not only give them a look, but that you’ll also give them a click too.
And that’s where the troubles start. Clicking the links or attachments sent in a phishing attack can lead to several potentially nasty things, such as:
However, plenty of phishing attacks are preventable. A mix of knowing what to look for and putting a few security steps in place can help you keep scammers at bay.
How you end up with one has a lot to do with it.
There’s a good chance you’ve already seen your share of phishing attempts on your phone. A text comes through with a brief message that one of your accounts needs attention, from an entirely unknown number. Along with it is a link that you can tap to follow up, which will send you to a malicious site. In some cases, the sender may skip the link and attempt to start a conversation with the aim of getting you to share your personal information or possibly fork over some payment with a gift card, money order, rechargeable debit card, or other form of payment that is difficult to trace and recover.
In the case of social media, you can expect that the attack will come from an imposter account that’s doing its best to pose as one of those legitimate businesses or organizations we talked about, or perhaps as a stranger or even someone you know. And the name and profile pic will do its best to play the part. If you click on the account that sent it, you may see that it was created only recently and that it has few to no followers, both of which are red flags. The attack is typically conversational, much like described above where the scammer attempts to pump you for personal info or money.
Attacks that come by direct messaging apps will work much in the same way. The scammer will set up a phony account, and where the app allows, a phony name and a phony profile pic to go along with it.
Email gets a little more complicated because emails can range anywhere from a few simple lines of text to a fully designed piece complete with images, formatting, and embedded links—much like a miniature web page.
In the past, email phishing attacks looked rather unsophisticated, rife with poor spelling and grammar, along with sloppy-looking layouts and images. That’s still sometimes the case today. Yet not always. Some phishing emails look like the real thing. Or nearly so.
Case in point, here’s a look at a phishing email masquerading as a McAfee email:
There’s a lot going on here. The scammers try to mimic the McAfee brand, yet don’t quite pull it off. Still, they do several things to try and be convincing.
Note the use of photography and the box shot of our software, paired with a prominent “act now” headline. It’s not the style of photography we use. Not that people would generally know this. However, some might have a passing thought like, “Huh. That doesn’t really look right for some reason.”
Beyond that, there are a few capitalization errors, some misplaced punctuation, plus the “order now” and “60% off” icons look rather slapped on. Also note the little dash of fear it throws in at the top of the email with mention of “There are (42) viruses on your computer.”
Taken all together, you can spot many email scams by taking a closer look, seeing what doesn’t feel right, and then trusting you gut. But that asks you to slow down, take a moment, and eyeball the email critically. Which people don’t always do. And that’s what scammers count on.
Similar ploys see scammers pose as legitimate companies and retailers, where they either ask you to log into a bogus account page to check statement or the status of an order. Some scammers offer links to “discount codes” that are instead links to landing pages designed steal your account login information as well. Similarly, they may simply send a malicious email attachment with the hope that you’ll click it.
In other forms of email phishing attacks, scammers may pose as a co-worker, business associate, vendor, or partner to get the victim to click a malicious link or download malicious software. These may include a link to a bogus invoice, spreadsheet, notetaking file, or word processing doc—just about anything that looks like it could be a piece of business correspondence. Instead, the link leads to a scam website that asks the victim “log in and download” the document, which steals account info as a result. Scammers may also include attachments to phishing emails that can install malware directly on the device, sometimes by infecting an otherwise everyday document with a malicious payload.
Email scammers may also pose as someone you know, whether by propping up an imposter email account or by outright hijacking an existing account. The attack follows the same playbook, using a link or an attachment to steal personal info, request funds, or install malware.
While you can’t outright stop phishing attacks from making their way to your computer or phone, you can do several things to keep yourself from falling to them. Further, you can do other things that may make it more difficult for scammers to reach you.
The content and the tone of the message can tell you quite a lot. Threatening messages or ones that play on fear are often phishing attacks, such angry messages from a so-called tax agent looking to collect back taxes. Other messages will lean heavy on urgency, like the phony McAfee phishing email above that says your license has expired today and that you have “(42)” viruses. And during the holidays, watch out for loud, overexcited messages about deep discounts on hard-to-find items. Instead of linking you off to a proper ecommerce site, they may link you to a scam shopping site that does nothing but steal your money and the account information you used to pay them. In all, phishing attacks indeed smell fishy. Slow down and review that message with a critical eye. It may tip you off to a scam.
Some phishing attacks can look rather convincing. So much so that you’ll want to follow up on them, like if your bank reports irregular activity on your account or a bill appears to be past due. In these cases, don’t click on the link in the message. Go straight to the website of the business or organization in question and access your account from there. Likewise, if you have questions, you can always reach out to their customer service number or web page.
When scammers contact you via social media, that in of itself can be a tell-tale sign of a scam. Consider, would an income tax collector contact you over social media? The answer there is no. For example, in the U.S. the Internal Revenue Service (IRS) makes it quite clear that they will never contact taxpayers via social media. (Let alone send angry, threatening messages.) In all, legitimate businesses and organizations don’t use social media as a channel for official communications. They have accepted ways they will, and will not, contact you. If you have any doubts about a communication you received, contact the business or organization in question directly and follow up with one of their customer service representatives.
Some phishing attacks involve attachments packed with malware like the ransomware, viruses, and keyloggers we mentioned earlier. If you receive a message with such an attachment, delete it. Even if you receive an email with an attachment from someone you know, follow up with that person. Particularly if you weren’t expecting an attachment from them. Scammers will often hijack or spoof email accounts of everyday people to spread malware.
On computers and laptops, you can hover your cursor over links without clicking on them to see the web address. Take a close look at the addresses the message is using. If it’s an email, look at the email address. Maybe the address doesn’t match the company or organization at all. Or maybe it looks like it almost does, yet it adds a few letters or words to the name. This marks yet another sign that you may have a phishing attack on your hands. Scammers also use the common tactic of a link shortener, which creates links that almost look like strings of indecipherable text. These shortened links mask the true address, which may indeed be a link to scam site. Delete the message. If possible, report it. Many social media platforms and messaging apps have built-in controls for reporting suspicious accounts and messages.
On social media and messaging platforms, stick to following, friending, and messaging people who you really know. As for those people who contact you out of the blue, be suspicious. Sad to say, they’re often scammers canvassing these platforms for victims. Better yet, where you can, set your profile to private, which makes it more difficult for scammers select and stalk you for an attack.
How’d that scammer get your phone number or email address anyway? Chances are, they pulled that information off a data broker site. Data brokers buy, collect, and sell detailed personal information, which they compile from several public and private sources, such as local, state, and federal records, plus third parties like supermarket shopper’s cards and mobile apps that share and sell user data. Moreover, they’ll sell it to anyone who pays for it, including people who’ll use that information for scams. You can help reduce those scam texts and calls by removing your information from those sites. Our Personal Data Cleanup scans some of the riskiest data broker sites and shows you which ones are selling your personal info.
Online protection software can protect you in several ways. First, it can offer safe browsing features that can identify malicious links and downloads, which can help prevent clicking them. Further, it can steer you away from dangerous websites and block malware and phishing sites if you accidentally click on a malicious link. And overall, strong virus and malware protection can further block any attacks on your devices. Be sure to protect your smartphones in addition to your computers and laptops as well, particularly given all the sensitive things we do on them, like banking, shopping, and booking rides and travel.
Once phishing attacks were largely the domain of bogus emails, yet now they’ve spread to texts, social media, and messaging apps—anywhere a scammer can send a fraudulent message while posing as a reputable source.
Scammers count on you taking the bait, the immediate feelings of fear or concern that there’s a problem with your taxes or one of your accounts. They also prey on scarcity, like during the holidays where people search for great deals on gifts and have plenty of packages on the move. With a critical eye, you can often spot those scams. Sometimes, a pause and a little thought is all it takes. You can stay one step ahead of scammers with the power of AI, our new McAfee Scam Protection can alert you when scam texts pop up on your device or phone. Removing the guessing and it can block risky sites if you accidentally follow a scam link in a text, email, social media, and more. And in the cases where a particularly cagey attack makes its way through, online protection software can warn you that the link you’re about to click is indeed a trap.
Taken all together, you have plenty of ways you can beat scammers at their game.
The post How to Protect Yourself From Phishing Scams appeared first on McAfee Blog.
How fraudsters groom their marks and move in for the kill using tricks from the playbooks of romance and investment scammers
The post Pig butchering scams: The anatomy of a fast‑growing threat appeared first on WeLiveSecurity
How cybercriminals can exploit Silicon Valley Bank's downfall for their own ends – and at your expense
The post SVB’s collapse is a scammer’s dream: Don’t get caught out appeared first on WeLiveSecurity
Here’s how to know you have fallen victim to a scam – and what to do in order to undo or mitigate the damage.
The post 5 signs you’ve fallen for a scam – and what to do next appeared first on WeLiveSecurity
Here's a roundup of some of the most common tricks that fraudsters use to dupe their victims on WhatsApp – and what you can do to protect yourself against them.
The post Common WhatsApp scams and how to avoid them appeared first on WeLiveSecurity
It all feels so harmless. Who isn’t even alittle curious which celebrity is their look-a-like or what ’80s song best matches their personality? While some of these fun little quizzes and facial recognition-type games that pop up on social media are advertiser-generated and harmless, others have been carefully designed to steal your data.
According to the Better Business Bureau (BBB) consumers need to beware with the IQ tests, quizzes that require you to trade information. Depending on the goal of the scam, one click could result in a new slew of email or text spam, malicious data mining, or even a monthly charge on your phone bill.
Besides the spammy quizzes, scammers also use click bait, that are headlines designed to get your click and your data. Such headlines often promise juicy info on celebrities and may even legitimate human interest stories that claim, “and you won’t believe what happened next.” While some of those headlines are authored by reputable companies simply trying to sell products and compete for clicks, others are data traps that chip away at your privacy.
The best defense against click bait is knowledge. Similar to the plague of fake news circulating online, click bait is getting more sophisticated and deceptive in appearance, which means that users must be even more sophisticated in understanding how to sidestep these digital traps.
Our digital landscape is peppered with fake news and click bait, which makes it difficult to build trust with individuals and brands who have legitimate messages and products to share. As you become savvy to the kinds of data scams, your discernment and ability to hold onto your clicks will become second nature. Continue to have fun, learn, connect, but guard your heart with every click. Be sure to keep yor devices protected while you do!
The post Are You Getting Caught by Click Bait? appeared first on McAfee Blog.
Don’t be their next victim – here’s a handy round-up of some the most common signs that should set your alarm bells ringing
The post 10 signs that scammers have you in their sights appeared first on WeLiveSecurity
Scammers now have new tools to lure people who are looking for love online, by reeling in potential victims with artificial intelligence (AI). Thanks to the aid of popular AI tools like ChatGPT, scammers can potentially generate anything from seemingly innocent intro chats to full-blown love letters in seconds, all ready to dupe their victims on demand.
Tactics like these are typical of “catfishing” in dating and romance scams, where the scammer creates a phony online persona and uses it to lure their victim into a relationship for financial gain. Think of it as a bait-and-hook approach, where the promise of love is the bait, and theft is the hook.
And as explained above, baiting that hook just got far easier with AI.
Sound farfetched? After all, who would fall for such a thing? It turns out that a sophisticated AI chatbot can sound an awful lot like a real person seeking romance. In our latest “Modern Love” research report, we presented a little love letter to more than 5,000 people worldwide and asked them if it was written by a person or by AI:
My dearest,
The moment I laid eyes on you, I knew that my heart would forever be yours. Your beauty, both inside and out, is unmatched and your kind and loving spirit only adds to my admiration for you.
You are my heart, my soul, my everything. I cannot imagine a life without you, and I will do everything in my power to make you happy. I love you now and forever.
Forever yours …
One-third of the people (33%) thought that a person wrote this letter, 31% said an AI wrote it, and 36% said they couldn’t tell one way or another.
What did you think? If you said that a person wrote the letter, you got hoodwinked. An AI wrote it.
The implications are concerning. Put plainly, scammers can turn on the charm practically at will with AI, generating high volumes of romance-laden content for potentially high volumes of victims. And as our research indicates, plenty of people are ready to soak it up.
Worldwide, we found:
Chatting with a stranger is one thing. Yet how often did it lead to a request for money or other personal information? More than half the time.
Scammers love a good story, one that’s intriguing enough to be believable, such as holding a somewhat exotic job outside of the country. Common tales include drilling on an offshore oil rig, working as a doctor for an international relief organization, or typically some sort of job that prevents them from meeting up in person.
Luckily, this is where many people start to catch on. In our research, people said they found out they were being catfished when:
Of course, the true telltale sign of an online dating or romance scam is when the scammer asks for money. The scammer includes a little story with that request too, usually revolving around some sort of hardship. They may say they need to pay for travel or medical expenses, a visa or other travel documents, or even customs fees to retrieve an item that they say is stuck in the mail. There’s always some kind of twist or intriguing complication that seems just reasonable enough such that the victim falls for it.
Scammers will often favor payment via wire transfers, gift cards, and reloadable debit cards, because they’re like cash in many regards—once you fork over that money, it’s as good as gone. These forms of payment offer few protections in the event of scam, theft, or loss, unlike a credit card charge that you can contest or cancel with the credit card company. Unsurprisingly, scammers have also added cryptocurrency to that list because it’s notoriously difficult to trace and recover.
In all, a romance scammer will typically look for the easiest payment method that’s the most difficult to contest, reimburse, or trace back to the recipient. Requests for money, particularly in these forms, should raise a major red flag.
What makes online dating and romance scams so malicious, and so difficult to sniff out, is that scammers prey on people’s emotions. This is love we’re talking about, after all. People may not always think or act clearly to the extent that they may wave away their doubts—or even defend the scammer when friends or family confront them on the relationship.
However, an honest look at yourself and the relationship you’re in provides some of the best guidance around when it comes to meeting new people online:
Scammers, although arguably heartless, are still human. They make mistakes. The stories they concoct are just that. Stories. They may jumble their details, get their times and dates all wrong, or simply get caught in an apparent lie. Also, keep in mind that some scammers may be working on several victims at once, which is yet another opportunity for them to get confused and slip up.
In the cases where scammers may use AI tools to pad their conversations, you can look for several other signs. AI still isn’t always the smoothest operator when it comes to language. AI often uses short sentences and reuses the same words, and sometimes it generates a lot of content without saying much at all. What you’re reading may seem to lack a certain … substance.
Scammers are likely to use all kinds of openers. That text you got from an unknown number that says, “Hi, where are you? We’re still meeting for lunch, right?” or that out-of-the-blue friend request on social media are a couple examples. Yet before that, the scammer had to track down your number or profile some way or somehow. Chances are, all they needed to do was a little digging around online.
Be critical of the invitations you receive. Out-and-out strangers could be more than a romance scammer, they could be a fake account designed to gather information on users for purposes of cybercrime, or they can be an account designed to spread false information. There are plenty of them too. In fact, in Q3 of 2022 alone, Facebook took action on 1.5 billion fake accounts. Reject requests from strangers.
How did that scammer get your phone number or contact information in the first place? It could have come from a data broker site. Data brokers are part of a global data economy estimated at $200 billion U.S. dollars a year fueled by thousands of data points on billions of people scraped from public records, social media, third-party sources, and sometimes other data broker sites as well. With info from data broker sites, scammers compile huge lists of potential victims for their spammy texts and calls.
Our Personal Data Cleanup can help remove your info from those sites for you. Personal Data Cleanup scans some of the riskiest data broker sites and shows you which ones are selling your personal info. It also provides guidance on how you can remove your data from those sites and can even manage the removal for you depending on your plan. It also monitors those sites, so if your info gets posted again, you can request its removal again.
Online protection software can protect you from clicking on malicious links that a scammer may send you online, while also steering you clear of other threats like viruses, ransomware, and phishing attacks in general. It can look out for your personal information as well, protecting your privacy by monitoring the dark web for your email, SSN, bank accounts, credit cards, and other info that a scammer or identity thief may put to use. With identity theft a rather commonplace occurrence today, security software is really a must.
Worldwide, we found that 30% of men (and 26% of all adults) said they plan to use artificial intelligence tools to put their feelings into words. Yet, there’s a flipside. We also found that 49% of respondents said they’d be offended if they found out the note they received had been produced by a machine.
So why are people turning to AI? The most popular reason given for using AI as a ghostwriter was that it would make the sender feel more confident (27%), while others cited lack of time (21%) or lack of inspiration (also 21%), while 10% said it would just be quicker and easier and that they didn’t think they’d get found out.
It’s also worth noting that true romance seekers have called upon AI to kick off chats in dating apps, which might take the form of an ice-breaking joke or wistful comment. Likewise, AI-enabled apps have started cropping up in app stores, which can coach you through a conversation based on contextual cues like asking someone out or rescheduling a date. Some can even create AI-generated art on demand to share a feeling through an image.
It may be better than opening a conversation with an otherwise dull “hey,” yet as our research shows, there are risks involved if people lean on it too heavily—and prove to be quite a different person when they start talking on their own.
It’s important to remember that an AI chatbot like ChatGPT is a tool. It’s not inherently good or bad. It’s all in the hands of the user and how they choose to apply it. And in the case of scammers, AI chatbots have the potential to do a lot of harm.
However, you can protect yourself. In fact, you can still spot online dating and romance scams in much the same way as before. They still follow certain rules and share the same signs. If anything, the one thing that has changed is this: reading messages today calls for extra scrutiny. It will take a sharp eye to tell what’s real and what’s fake.
As our research showed, online dating and romance scams begin and end with you. Thinking back to what we learned as children about “stranger danger” goes a long way here. Be suspicious and, better yet, don’t engage. Go about your way. And if you do find yourself chatting with someone who requests money or personal information, end it. Painful as the decision may be, it’s the right decision. No true friend or partner, one you’ve never seen or met, would rightfully ask that of you.
Editor’s Note:
Online dating and romance scams are a crime. If you think that you or someone you know has fallen victim to one, report it to your authorities and appropriate government agencies. In the case of identity theft or loss of personal information, our knowledge base article on identity theft offers suggestions for the specific steps you can take in specific countries, along with helpful links for local authorities that you can turn to for reporting and assistance.
The post Could ChatGPT Cause Heartbreak with Online Dating Scams? appeared first on McAfee Blog.
Cybercriminals will always try to cash in on a good thing, and football is no exception. Online scammers are ramping up for the big game with all types of schemes designed to rip you off and steal your personal info—but you have several ways you can beat them at their game.
Like shopping holidays, tax season, and even back-to-school time, scammers take advantage of annual events that get people searching for deals and information online. You can include big games and tournaments in that list too.
Specific to this big game, you can count on several types of scams to rear their heads this time of year—ticket scams, merchandise scams, betting scams, and phony sweepstakes as well. They’re all in the mix, and they’re all avoidable. Here, we’ll break them down.
As of two weeks out, tickets for the big game on the official ticketing website were going for $6,000 or so, and that was for the so-called “cheap seats.” Premium seats in the lower bowl 50-yard line, sold by verified resellers, were listed at $20,000 a pop or higher.
While the game tickets are now 100% mobile, that hasn’t prevented scammers from trying to pass off phony tickets as the real deal. They’ll hawk those counterfeits in plenty of places online, sometimes in sites like your friendly neighborhood Craigslist.
So if you’re in the market for tickets, there are certainly a few things to look out for:
If you plan on enjoying the game closer to home, you may be in the market for some merch—a hat, a jersey, a tee, or maybe some new mugs for entertaining when you host the game at your place. With all the hype around the game, out will come scammers who set up bogus online stores. They’ll advertise items for sale but won’t deliver—leaving you a few dollars lighter and the scammers with your payment information, which they can use on their own for identity fraud.
You can shop safely with a few straightforward steps:
This is a great one to start with. Directly typing in the correct address for reputable online stores and retailers is a prime way to avoid scammers online. In the case of retailers that you don’t know much about, the U.S. Better Business Bureau (BBB) asks shoppers to do their research and make sure that retailer has a good reputation. The BBB makes that easier with a listing of retailers you can search simply by typing in their name.
If you feel like doing extra sleuthing, look up the address of the website and see when it was launched. A visit to the Internet Corporation for Assigned Names and Numbers (ICANN) at ICANN.org gives you the option to search a web address and see when it was launched, along with other information about who registered it. While a recently launched site is not an indicator of a scam site alone, sites with limited track records may give you pause if you want to shop there—particularly if there’s a chance it was just propped up by a scammer.
<h3>Look for the lock icon in your browser when you shop.
Secure websites begin their address with “https,” not just “http.” That extra “s” in stands for “secure,” which means that it uses a secure protocol for transmitting sensitive info like passwords, credit card numbers, and the like over the internet. It often appears as a little padlock icon in the address bar of your browser, so double-check for that. If you don’t see that it’s secure, it’s best to avoid making purchases on that website.
Credit cards are a good way to go. One reason why is the Fair Credit Billing Act, which offers protection against fraudulent charges on credit cards by giving you the right to dispute charges over $50 for goods and services that were never delivered or otherwise billed incorrectly. Your credit card companies may have their own policies that improve upon the Fair Credit Billing Act as well. Debit cards don’t get the same protection under the Act.
Comprehensive online protection software will defend against the latest virus, malware, spyware, and ransomware attacks plus further protect your privacy and identity. In addition to this, it can also provide strong password protection by generating and automatically storing complex passwords to keep your credentials safer from hackers and crooks who may try to force their way into your accounts. And, specific to the scams floating around this time of year, online protection can help prevent you from clicking links to known or suspected malicious sites.
It’s hard to watch sports these days without odds and stat lines popping up onto the screen, along with a fair share of ads that promote online betting. If you’re thinking about making things interesting with some betting, keep a few things in mind:
As it is every year, you’ll see kinds of sweepstakes and giveaways leading up to the game, plenty of them legitimate. Yet as they do, scammers will try and blend in by rolling out their own bogus promotions. Their aim: to part you from your cash or even your personal information.
A quick way to sniff out these scams is to take a close look at the promotion. For example, if it asks you to provide your bank information to send you your prize money, count on it being a scam. Likewise, if the promotion asks you to pay to claim a prize in some form or other, it’s also likely someone’s trying to scam you.
In all, steer clear of promotions that ask something for something in return, particularly if it’s your money or personal information.
As it is of late, all kinds of scams will try to glom onto the big game this year. And some of the best advice for avoiding them is not to give in to the hype. Scammers prey on scarcity, a sense of urgency, and keyed-up emotions in general. Their hope is that these things may make you less critical and more likely to overlook things that would otherwise seem sketchy or too good to be true. Staying focused as you shop, place a wager, or otherwise look to round out your enjoyment of the big game is some of your absolute best defense against scammers right now, and any time.
The post Super Scams – Beat the Online Scammers Who Want to Sack Your Big Game appeared first on McAfee Blog.
“Can I tell a legitimate survey apart from a fake one?” is the single most important question you need to answer for yourself before taking any surveys online
The post Are online surveys legit and safe? Watch out for survey scams appeared first on WeLiveSecurity
ChatGPT: Everyone’s favorite chatbot/writer’s-block buster/ridiculous short story creator is skyrocketing in fame. 1 In fact, the AI-generated content “masterpieces” (by AI standards) are impressing technologists the world over. While the tech still has a few kinks that need ironing, ChatGPT is almost capable of rivaling human, professional writers.
However, as with most good things, bad actors are using technology for their own gains. Cybercriminals are exploring the various uses of the AI chatbot to trick people into giving up their privacy and money. Here are a few of the latest unsavory uses of AI text generators and how you can protect yourself—and your devices—from harm.
Besides students and time-strapped employees using ChatGPT to finish writing assignments for them, scammers and cybercriminals are using the program for their own dishonest assignments. Here are a few of the nefarious AI text generator uses:
The best way to avoid being fooled by AI-generated text is by being on high alert and scrutinizing any texts, emails, or direct messages you receive from strangers. There are a few tell-tale signs of an AI-written message. For example, AI often uses short sentences and reuses the same words. Additionally, AI may create content that says a lot without saying much at all. Because AI can’t form opinions, their messages may sound substance-less. In the case of romance scams, if the person you’re communicating with refuses to meet in person or chat over video, consider cutting ties.
To improve your peace of mind, McAfee+ Ultimate allows you to live your best and most confident life online. In case you ever do fall victim to an identity theft scam or your device downloads malware, McAfee will help you resolve and recover from the incident. In addition, McAfee’s proactive protection services – such as three-bureau credit monitoring, unlimited antivirus, and web protection – can help you avoid the headache altogether!
1Poc Network, “I asked AI (ChatGPT) to write me a rather off short story and the result was amazing”
2CyberArk, “Chatting Our Way Into Creating a Polymorphic Malware”
The post ChatGPT: A Scammer’s Newest Tool appeared first on McAfee Blog.
Hello, is it me you’re looking for? Fraudsters still want to help you 'fix' a computer problem you never had in the first place.
The post Tech support scammers are still at it: Here’s what to look out for in 2023 appeared first on WeLiveSecurity
Here's what to know about some of the most common ploys that scammers use on the payment app
The post Top 10 Venmo scams: Don’t fall for these common tricks appeared first on WeLiveSecurity
Oh, the scammers online are frightful, and the deals they offer seem delightful. No matter what you think you know, let it go, let it go, let it go (to the tune of 1945’s Let it Snow by Vaughn Monroe with the Norton Sisters).
‘Tis the season to find ourselves awash in good tidings and, well, consumerism. While it’s only partly tongue in cheek, we must be honest with ourselves. We spend a lot of money online. Often, we find ourselves leaving things to the last minute and hope that the delivery folks can make the magic happen and send us all the widgets and grapple grommets while we surf the Internet from the safety of our sofas with coffee in hand.
But, not every deal is what it appears to be. Scammers are always lurking in the void of the Internet waiting for a chance to fleece the unexpecting from their hard-earned money. This can manifest itself to the unsuspecting in many ways. There are shipping frauds, gift card giveaways and vishing (phone-based scams).
Scams tend to rely on generating a false sense of urgency. The shipping scam emails often show up in our inboxes as a warning about a missed or delayed package that will be sent back to the point of origin if we don’t answer quickly. Of course, this requires a payment to receive the fictitious package.
These types of shipping scam emails are quite effective this time of year when more often than naught many people have enough orders coming to their house to make a fort with the empty boxes.
The other kinds of attacks are the gift card scams and vishing. The first of which taps into the sense of excitement that a person might receive something for free. “Fill out this form with your credit card information for a chance to win a $200 gift card.” Sadly, this attack works well for older generations for which giveaways were more common and they aren’t as accustomed to spotting digital swindlers.
The last scam that we will tackle here is often labeled as vishing or voice phishing. This is a method whereby the attackers call a victim and attempt to convince their target that they need to do something which will lead to the exposure of financial information while pressuring the victim to think if they don’t act quickly that they will miss an opportunity for personal gain.
Unfortunately, the aforementioned scams really bring in a lot of return for the criminal element. In 2021, over 92,000 victims over the age of 60 reported losses of $1.7 billion. This represents a 74 percent increase in losses over losses reported in 2020.
One additional scam that plays on the heart strings is the romance scams. A lot of single people find themselves lonely during the holidays and can be manipulated into thinking that they’ve found a romantic match. But this can drain the bank accounts as well.
In 2021, the IC3 received reports from 7,658 victims who experienced over $432 million in losses to Confidence Fraud/Romance scams. This type of fraud accounts for the highest losses reported by victims over the age of 60.
All these attacks prey on people’s emotional responses. So, how do we prepare ourselves? We need to make knowledge a capability and arm ourselves with information that will help us avoid being taken advantage of by criminals.
Passwords are a significant exposure. They are the digital equivalent of a house key. A password will work for anyone that has access to it. We need to utilize technologies such as multi-factor authentication (MFA) on websites where it is possible to do so. So even if bad actors have our password, the victim still needs to approve the login.
If we don’t have the option to use MFA it would be an excellent idea to make use of a password manager. This is a way to safely store passwords and not fall into the trap of reusing passwords on multiple sites. Attackers bank on human nature and if we use the same credentials on multiple sites there is a high possibility that the criminals could gain access to other sites if they compromise just one.
I’m usually one to eschew the practice of New Year’s resolutions but I’ll make an exception. Keep a keen sense about yourselves whenever you receive an email or SMS that you were not expecting. If a deal is too good to be true then, well, it most likely is a scam. If you’re in doubt, try to look up the phone number, email address, person or “organization” offering the “deal.” More often than not, you’ll find lots of people reporting that it’s a scam.
Rather than being visited by the three ghosts of holiday scams, make sure you and your loved ones are prepared for a happy holiday and a prosperous New Year.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
This time of year, the air gets chillier and a bit cheerier for everyone … including online scammers. Holiday scams are a quick way to make a buck, and cybercriminals employ several holiday-themed schemes to weasel money and personally identifiable information (PII) from gift-givers and do-gooders.
Here are five common Black Friday, Cyber Monday, and holiday season shopping scams to watch out for this year, plus a few tips to help you stay safe online.
The holiday season often brings outpourings of generosity, and scammers kick their morals to the curb and use people’s kindness to make a profit. Social engineering is a tactic where a bad actor plays on people’s emotions to trick them into sharing personal or financial information. This holiday season, keep an eye out for strangers’ funding pages or social media posts asking for donations.
Artificial intelligence (AI) content generation tools like ChatGPT and Bard are likely to make these scams more believable than those in years past. While AI doesn’t understand human emotion, when given the right prompt, it can mimic it well. In one “60 Minutes” segment, Bard wrote a touching short story that made the presenter misty-eyed. Additionally, AI usually uses correct grammar and edits out typos, which used to be the hallmark of phishing attempts.
There are undoubtedly authentic stories of real people and families in need around the holidays. Be wary of any social media post that makes you feel an extreme emotion, in this case, sadness. Phishers want people to act before they think through their decision.
Are you a procrastinator? Watch out for last-minute shopping scams that are targeted at people who leave their gift buying until deep in December. As with anything else, if it’s too good to be true, it probably is. Shopping scams often take the form of phishing emails where criminals impersonate a well-known merchant.
While sales often have a quick timeline, don’t let that short timeline pressure you into making an impulsive decision. Phishing emails, when you take the time to inspect them, are usually easy to spot. The logos are often blurry and the tone of the message will seem “off.” Either it will sound very formal and impersonal or it will sound very informal and seem pushy.
During the holiday shopping season, your doorstep can be crowded with packages. Do you remember what’s in each one? Online criminals bank on the fact that you can’t quite keep track of what you’ve purchased.
Criminals try to lure people to download malware or divulge personal or account information with bogus order confirmation and delivery tracking number emails and texts. They’ll impersonate popular online retailers or postal services and claim to have information about your order if you click on their link; however, that link will redirect to a malicious site or download a malicious payload to your device.
This holiday shopping scam also dials in on people who’ve lost track of how many online orders they’ve made and the various shopping accounts in their name. Again, phishers will impersonate popular merchants and send “urgent” messages about suspending online accounts if payment isn’t received immediately. Similarly, phishers may also impersonate delivery services claiming that they’re (basically) holding your orders hostage until you pay up.
Gift cards are a standby present for the people on your list who are difficult to buy for or for people you don’t know too well but want to get them a small something. Whether the gift card is worth $5 or $500, an online scammer can steal the entire value through two techniques: a brute force attack or phishing. Known as gift card cracking, cybercriminals can take wild guesses at gift card codes and cash in the value for themselves by methodically guessing strings of numbers and letters and crossing their fingers for a match. Cybercriminals will also employ phishing emails, texts, or social media direct messages to trick people into divulging gift card information.
Luckily, there are several ways to sniff out a bad actor trying to cash in on your holiday spirit. Here are a few simple ways you can modify your online holiday shopping habits to keep your devices free from malware and your PII out of the hands of bad actors.
Cybercriminals hustle all year round, so it’s an excellent idea to invest in a security solution that gives you peace and mind and boosts your confidence in your privacy, identity, and device safety. McAfee+ is an excellent partner! It includes a VPN, safe browsing tool, credit lock, identity monitoring and remediation, and much more.
Happy shopping, happy holidays, and happy new year!
The post ’Tis the Season for Holiday Scams: 5 Common Schemes to Look Out For appeared first on McAfee Blog.
Even with the holidays in full swing, scammers won’t let up. In fact, it’s high time for some of their nastiest cons as people travel, donate to charities, and simply try to enjoy their time with friends and family.
Unfortunate as it is, scammers see this time of year as a tremendous opportunity to profit. While people focus giving to others, they focus on taking, propping up all manner of scams that use the holidays as a disguise. So as people move quickly about their day, perhaps with a touch of holiday stress in the mix, they hope to catch people off their guard with scams that wrap themselves in holiday trappings.
Yet once you know what to look for, they’re relatively easy to spot. The same scams roll out every year, sometimes changing in appearance yet remaining the same in substance. With a sharp eye, you can steer clear of them.
With Black Friday and Cyber Monday in the books, we can look forward to what’s next—a wave of post-holiday sales events that will likewise draw in millions of online shoppers. And just like those other big shopping days, bad actors will roll out a host of scams aimed at unsuspecting shoppers. Shopping scams take on several forms, which makes this a topic unto itself, one that we cover thoroughly in our Black Friday & Cyber Monday shopping scams blog. It’s worth a read if you haven’t done so already, as digs into the details of these scams and shows how you can avoid them.
However, the high-level advice for avoiding shopping scams is this: keep your eyes open. Deals that look too good to be true likely are, and shopping with retailers you haven’t heard of before requires a little bit of research to determine if their track record is clean. In the U.S., you can turn to the Better Business Bureau (BBB) for help with a listing of retailers you can search simply by typing in their names. You can also use https://whois.domaintools.com to look up the web address of the shopping site you want to research. There you can see its history and see when it was registered. A site that was registered only recently may be far less reputable than one that’s been registered for some time.
Plenty of new tech makes its way into our homes during the holiday season. And some of that tech can be a little challenging to set up. Be careful when you search for help online. Many scammers will establish phony tech support sites that aim to steal funds and credit card information. Go directly to the product manufacturer for help. Often, manufacturers will offer free support as part of the product warranty, so if you see a site advertising support for a fee, that could be a sign of a scam.
Likewise, scammers will reach out to you themselves. Whether through links from unsolicited emails, pop-up ads from risky sites, or by spammy phone calls, these scammers will pose as tech support from reputable brands. From there, they’ll falsely inform you that there’s something urgently wrong with your device and that you need to get it fixed right now—for a fee. Ignore these messages and don’t click on any links or attachments. Again, if you have concerns about your device, contact the manufacturer directly.
With the holidays comes travel, along with all the online booking and ticketing involved. Scammers will do their part to cash in here as well. Travel scams may include bogus emails that pose as reputable travel sites telling you something’s wrong with your booking. Clicking a link takes you to a similarly bogus site that asks for your credit card information to update the booking—which then passes it along to the scammer so they can rack up charges in your name. Other travel scams involve ads for cut-rate lodging, tours, airfare, and the like, all of which are served up on a phony website that only exists to steal credit card numbers and other personal information.
Some of these scams can look quite genuine, even though they’re not. They’ll use cleverly disguised web addresses that look legitimate, but aren’t, so don’t click any links. If you receive notice about an issue with your holiday travel, contact the company directly to follow up. Also, be wary of ads with unusually deep discounts or that promise availability in an otherwise busy season or time. These could be scams, so stick with reputable booking sites or with the websites maintained by hotels and travel providers themselves.
Donations to an organization or cause that’s close to someone’s heart make for a great holiday gift, just as they offer you a way to give back during the holiday season. And you guessed it, scammers will take advantage of this too. They’ll set up phony charities and apply tactics that pressure you into giving. As with so many scams out there, any time an email, text, direct message, or site urges you into immediate action—take pause. Research the charity. See how long they’ve been in operation, how they put their funds to work, and who truly benefits from them.
Likewise, note that there some charities pass along more money to their beneficiaries than others. As a general rule of thumb, most reputable organizations only keep 25% or less of their funds for operations, while some less-than-reputable organizations keep up to 95% of funds, leaving only 5% for advancing the cause they advocate. In the U.S., the Federal Trade Commission (FTC) has a site full of resources so that you can make your donation truly count. Resources like Charity Watch and Charity Navigator, along with the BBB’s Wise Giving Alliance can also help you identify the best charities.
The holidays also mean a flight of big-time sporting events, and with the advent of online betting in many regions scammers want to cash in. This scam works quite like shopping scams, where bad actors will set up online betting sites that look legitimate. They’ll take your bet, but if you win, they won’t pay out. Per the U.S. Better Business Bureau (BBB), the scam plays out like this:
“You place a bet, and, at first, everything seems normal. But as soon as you try to cash out your winnings, you find you can’t withdraw a cent. Scammers will make up various excuses. For example, they may claim technical issues or insist on additional identity verification. In other cases, they may require you to deposit even more money before you can withdraw your winnings. Whatever you do, you’ll never be able to get your money off the site. And any personal information you shared is now in the hands of scam artists.”
You can avoid these sites rather easily. Stick with the online betting sites that are approved by your regional gambling commission. Even so, be sure to read the fine print on any promo offers that these sites advertise because even legitimate betting sites can freeze accounts and the funds associated with them based on their terms and conditions.
A complete suite of online protection software, such as McAfee+ Ultimate can offer layers of extra security. In addition to more private and secure time online with a VPN, identity monitoring, and password management, it includes web browser protection that can block malicious and suspicious links that could lead you down the road to malware or a phishing scam—which antivirus protection can’t do alone. Additionally, we offer $1M identity theft coverage and support from a recovery pro, just in case.
And because scammers use personal information such as email addresses and cell phone numbers to wage their attacks, other features like our Personal Data Cleanup service can scan high-risk data broker sites for your personal information and then help you remove it, which can help reduce spam, phishing attacks, and deny bad actors the information they need to commit identity theft.
That’s why they enjoy the holidays so much. With all our giving, travel, and charity in play, it’s prime time for their scams. Yet a little insight into their cons, along with some knowledge as to how they play out, you can avoid them.
Remember that they’re playing into the hustle and bustle of the season and that they’re counting on you to lower your guard more than you might during other times of the year. Keep an eye open for the signs, do a little research when it’s called for, and stick with reputable stores, charities, and online services. With a thoughtful pause and a second look, you can spare yourself the grief of a scam and fully enjoy your holidays.
The post Unwrapping Some of the Holiday Season’s Biggest Scams appeared first on McAfee Blog.
Holding the door for someone might open the way to a cyberattack. For anyone who works in a secure building or workplace, they might want to rethink that courtesy. The hackers and thieves behind piggybacking and tailgating attacks count on it.
Piggyback and tailgating attacks occur when an unauthorized person gains access to a restricted workplace, one that requires some form of ID to enter. While quite similar, these attacks have an important difference:
In both cases, these unauthorized entries can put businesses and organizations at risk. They give potential bad actors all kinds of access to sensitive information and devices.
Trade secrets get stolen this way, as does customer information. In yet more malicious cases, bad actors might gain entry with the intent of sabotaging technology or hijacking a network. And of course, bad actors might do harm to people or property.
Businesses and organizations that find themselves at risk include those that:
Different businesses and organizations have different forms of security in place. You might be among the many who use a smart badge or some form of biometric security to enter a building or certain areas within a building.
However, determined bad actors will look for ways around these measures. With piggyback and tailgating attacks, it’s far easier for them to follow someone into a workplace than it is to break into a workplace.
Bad actors will simply walk in when someone holds the door for them. It’s as simple as that. Additionally, they’ll try several different tricks by:
In all, piggybacking and tailgating attacks rely on social engineering—playing off people’s innate courtesy, willingness to help, or even discomfort with conflict. Essentially, the attacker manipulates human nature.
A good portion of prevention falls on the owner of the building, whether that’s a business, organization, or a landlord. It falls on them to install security hardpoints like badge scanners, keypad locks, biometric scanners, and so on to keep the property secure. Moreover, employers owe it to themselves and their employees to train them on security measures.
Yet you can take further steps to prevent a piggybacking or tailgating attack on your workplace. Some steps include:
Also consider the security of your devices or any other sensitive information you work with. If a bad actor slips into your workplace, you can take other steps to prevent theft or damage.
Some aspects of piggybacking and tailgating prevention seem like they go against our better nature. We want to be kind, helpful, and sometimes we’d simply rather avoid confrontation. Again, piggybackers and tailgaters count on that. Yet a door is only as secure as the person who uses it—or who opens it for someone else.
The post How to Protect Yourself From Tailgating Attacks appeared first on McAfee Blog.
It pays not to let your guard down during the shopping bonanza – watch out for some of the most common scams doing the rounds this holiday shopping season
The post 10 tips to avoid Black Friday and Cyber Monday scams appeared first on WeLiveSecurity
Something looks a little … sketchy. Is that website safe or unsafe?
Nowadays, it can take a bit work to tell.
And that’s by design. Increasingly, hackers and scammers go to great pains when they create their malicious websites. They take extra steps to make their sites look legit, when in fact they’re anything but. Certainly, plenty of other hackers and scammers slap together malicious sites that still look a bit roughshod, which makes them easier to spot.
So whether it’s a clever knockoff or a slapdash effort, unsafe websites of all kinds have several telltale signs you can spot. We’ll show you, and let’s start things off with what makes an unsafe website unsafe in the first place.
Unsafe websites typically harbor one of two primary forms of attack—yet sometimes both:
Malware: Hackers will use their sites to install malware on your device, often by tricking you into clicking or tapping on a download. They might tempt you with an offer, a prize, a show to stream—just about anything you might want to otherwise download. (Recently, we saw hackers installing malware on sites that offered to stream dubbed versions of the “Barbie” movie.)
Phishing: Another classic attack. Phishing involves scammers who try to hoodwink you into providing account or financial information. Common ruses include links in emails, texts, and DMs that appear to be urgent messages from streaming services, banks, social media, and other accounts. Of course, those messages are phony.
As a result, unsafe websites can lead to some not-so-good things.
On the malware side, attackers can install spyware and similar apps that siphon financial and personal information from your device while you’re using it. Other malware might steal files outright or maliciously delete them altogether. Ransomware remains a major concern today as well, where attackers hold devices and data hostage. And even if victims end up paying the ransom, they have no guarantee that the attacker will free their device or data.
Phishing attacks often lead to financial headaches, sometimes large ones at that. It depends on the information scammers get their hands on. In some cases, the damage might lead to identity fraud and a few illicit charges on a debit or credit card. If scammers gather enough information, they can take that a step further and commit identity theft. That can include opening new credit or loans in your name. It could also give a scammer the info they need to get driver’s licenses or employment in your name.
Above and beyond committing fraud or theft on their own, scammers might also sell stolen information to others on the dark web.
Again, all not-so-good. Yet quite preventable.
For some sites, it only takes one sign. For other sites, it takes a few signs—a series of red flags that warn you a site is unsafe. When you’re online, keep a sharp eye out for the following:
The “s” stands for “secure.” Specifically, it means that the website uses SSL (Secure Sockets Layer) that creates an encrypted link between a web server and a web browser. SSL helps prevent others from intercepting and reading your sensitive information as it’s transmitted, which is particularly important when you shop or bank online. Likewise, you can also look for a little lock symbol in the address bar of your web browser. That’s one more way you can spot a site that uses SSL.
From spelling errors and grammatical mistakes, to stretched out logos and cheap photography, some unsafe websites are designed poorly. Legitimate businesses pride themselves on error-free and professional-looking sites. If a website looks like it got cobbled together in a hurry or doesn’t seem to be well-designed, that’s usually a red flag. The site might be unsafe, created by attackers who don’t have a strong attention to detail—or the creative capabilities to create a good-looking website in the first place.
Plenty of unsafe sites are imposter sites. They’ll try to pass themselves off as a legitimate company, like the streaming services, banks, and so forth that we mentioned earlier—all to get a hold of your account information. With all these imposter sites in play, look at the site’s address. Scammers will gin up web addresses that are close to but different from legitimate sites, so close that you might miss it. If you’re uncertain about the address, leave the page. Also note that many companies have web pages that provide lists of the official addresses that they use. Amazon provides on example, and we do the same here at McAfee. Reviewing these lists can help you spot an imposter site.
A window or graphic pops up on your screen. The site you’re on says that it’s identified a security issue with your device. Or maybe it says that your system isn’t current. Either way, there’s a file the site wants you to download. “You can correct the issue with a click!” Don’t. It’s a classic trick. Instead of fixing your non-existent problem, the download will create one. Scammers use the security alert trick to install malware on the devices of unsuspecting victims.
A screen full of links insisting you to click ranks among the top signs of an unsafe site. So much so, it’s often the subject of sitcom bits. Needless to say, the attackers behind these sites want you to click for one of several reasons. It might be to get you to download malware. It might be to generate ad revenue with clicks. Or it might be to get you to click a link that redirects you to another malicious site. In all, if you encounter a site like this, close your browser. And then run a system scan with your online protection software.
These unsafe sites sprout up around the holidays and gift-giving seasons. When stores run low on particularly popular or hot items, scammers will quickly launch sites that claim these items are in stock and ready to ship. Similarly, they might promote popular items at a deep discount. Of course, shopping at these sites will likely lead to one thing—a credit card charge and no item on your doorstep. Be wary when you see ads for stores in your social media feed, in search, and elsewhere. Stick with known, trusted retailers. (And for more on shopping safely online, give this article a quick read.)
These sites bear similarities to malicious online shopping sites. When popular movies hit the big screen or major sporting events come around, so do scam sites that promise to stream them for free or at a low cost. Avoid them. Trusted streamers will only carry shows and events that they have the rights to. If you find an offer to stream something that’s heavily discounted, free, or not available on known media outlets, it’s likely a scam. At the very least, it might serve up pirated content, which could carry malware threats along with it.
Not every site that promotes some kind of giveaway or deal is a scam. Yet the ones that ask for personal or financial information likely are. Scammers prey on people’s love for saving money or even winning a buck or two. Enter the prize, coupon, and quiz sites. Malicious prize and coupon sites will often ask for credit or debit card information, often under the guise of a payout or a discount. Malicious quiz sites will likewise ask for all kinds of personal information, typically questions about the name of your pet, the first car you owned, or where you went to school. The questions share much in common with the security questions used by banks and credit card companies. Handing this information over could lead to a breached account. Give these sites a pass.
Comprehensive online protection software like ours includes web protection that can spot malicious sites for you. It has further features that can prevent downloading malware by accident, not to mention strong antivirus protection if a hacker makes their way through to you. In all, it gives you extra confidence that wherever your travels take you online, you’re protected from sketchy and unsafe sites.
However, another part of your best defense against unsafe websites is you. Knowing what the red flags are and the kinds of information hackers want to steal can help you avoid their attacks from the start.
The post How to Tell Whether a Website Is Safe or Unsafe appeared first on McAfee Blog.
What color jersey will you be sporting this November and December? The World Cup is on its way to television screens around the world, and scores of fans are dreaming of cheering on their team at stadiums throughout Qatar. Meanwhile, cybercriminals are dreaming of stealing the personally identifiable information (PII) of fans seeking last-minute vacation and ticket deals.
Don’t let the threat of phishers and online scammers dampen your team spirit this World Cup tournament. Here are three common schemes cybercriminals will likely employ and a few tips to help you dribble around their clumsy offense and protect your identity, financial information, and digital privacy.
Phishers will be out in full force attempting to capitalize on World Cup fever. People wrapped up in the excitement may jump on offers that any other time of the year they would treat with skepticism. For example, in years past, fake contests and travel deals inundated email inboxes across the world. Some companies do indeed run legitimate giveaways, and cybercriminals slip in their phishing attempts among them.
If you receive an email or text saying that you’re the winner of a ticket giveaway, think back: Did you even enter a contest? If not, treat any “winner” notification with skepticism. It’s very rare for a company to automatically enter people into a drawing. Usually, companies want you to act – subscribe to a newsletter or engage with a social media post, for example – in exchange for your entry into their contest. Also, beware of emails that urge you to respond within a few hours to “claim your prize.” While it’s true that real contest winners must reply promptly, organized companies will likely give you at least a day if not longer to acknowledge receipt.
Traveling is rarely an inexpensive endeavor. Flights, hotels, rental cars, dining costs, and tourist attraction admission fees add up quickly. In the case of this year’s host country, Qatar, there’s an additional cost for American travelers: visas.
If you see package travel deals to the World Cup that seem too good to pass up … pass them up. Fake ads for ultra-cheap flights, hotels, and tickets may appear not only in your email inbox but also on your social media feed. Just because it’s an ad doesn’t mean it comes from a legitimate company. Legitimate travel companies will likely have professional-looking websites with clear graphics and clean website copy. Search for the name of the organization online and see what other people have to say about the company. If no search results appear or the website looks sloppy, proceed with caution or do not approach at all.
Regarding visas, be wary of anyone offering to help you apply for a visa. There are plenty of government-run websites that’ll walk you through the process, which isn’t difficult as long as you leave enough time for processing. Do not send your physical passport to anyone who is not a confirmed government official.
Even fans who’ve given up on watching World Cup matches in person aren’t out of the path of scams. Sites claiming to have crystal clear streams of every game could be malware spreaders in disguise. Malware and ransomware targeting home computers often lurk on sketchy sites. All it takes is a click on one bad link to let a cybercriminal or a virus into your device.
Your safest route to good-quality live game streams is through the official sites of your local broadcasting company or the official World Cup site. You may have to pay a fee, but in the grand scheme of things, that fee could be a lot less expensive than replacing or repairing an infected device.
Here’s an excellent rule to follow with any electronic correspondence: Never send anyone your passwords, routing and account number, passport information, or Social Security Number. A legitimate organization will never ask for your password, and it’s best to communicate any sensitive financial or identifiable information over the phone, not email or text as they can easily fall into the wrong hands. Also, do not wire large sums of money to someone you just met online.
Don’t let scams ruin your enjoyment of this year’s World Cup! With these tips, you should be able to avoid the most common schemes but to boost your confidence in your online presence, consider signing up for McAfee+. Think of McAfee+ as the ultimate goalkeeper who’ll block any cybercriminals looking to score on you. With identity monitoring, credit lock, unlimited VPN and antivirus, and more, you can surf safely and with peace of mind.
The post Watch Out for These 3 World Cup Scams appeared first on McAfee Blog.
When in doubt, kick it out, plus other tips for hardening your cyber-defenses against World Cup-themed phishing and other scams
The post FIFA World Cup 2022 scams: Beware of fake lotteries, ticket fraud and other cons appeared first on WeLiveSecurity
Smishing and vishing are scams where criminals attempt to get users to click a fraudulent link through a phone text message, email, or voicemail. These scams are becoming increasingly popular as cybercriminals try to take advantage of people who are more likely to fall for them, such as those who aren’t as familiar with technology or who may be experiencing a crisis.
Be aware that cybercrime and hacking can happen to anyone. Criminals are always looking for new ways to exploit people, and they know that others may not be cautious or recognize the warning signs of phishing scams when using the internet. That’s why it’s important to be aware of the different types of cybercrime and how to protect yourself.
This article discusses how to protect yourself from smishing attempts and scams where criminals try to get you to click on a fraudulent link or respond to their voicemail message to steal your personal data.
Most people are familiar with phishing scams, where scammers try to trick you into giving them your personal or financial information by pretending to be a legitimate company or organization. But have you ever heard of smishing or vishing?
Smishing is a type of phishing scam where attackers send SMS messages (or text messages) to trick victims into sharing personal information or installing malware on their devices. Vishing is almost identical to smishing, except cybercriminals use VoIP (Voice over IP) to place phone calls to trick victims instead of SMS (short message service) messages.
Smishing messages often appear to be from a legitimate source, such as a well-known company or government agency. It may even include urgent language or threats in an effort to get victims to act quickly. In some cases, the message may also include a link that directs victims to a fake website where they are prompted to enter personal information or download malware.
Here are some examples of smishing text messages hackers use to steal your personal details:
If you fall for a smishing scam, you could end up giving away your personal information or money. Cybercriminals use smishing messages to get personal and financial information, like your credit card number or access to your financial services.
For example, one type of smishing scam is when you get a text message that looks like it’s from your bank. The message might say there’s been suspicious activity on your account and that you need to click on a link to verify your identity. If you do click on the link, you’ll be taken to a fake website where you’ll be asked to enter your banking information. Once the scammers have your login information, they have access to clean out your account.
Smishing scams can be very difficult to spot, but there are some telltale signs to look for and steps to take to protect yourself.
One of the easiest ways to protect yourself from smishing scams is to be able to recognize the signs of a smishing text message. Here are some tips:
While you can’t avoid smishing attacks altogether, you can block spam text messages you receive on your mobile phone. iPhone and Android have cybersecurity tools like spam filters and phone number blocking to help protect you from phishing attacks and malicious links.
To set up spam filters on your iPhone:
To set up spam filters on your Android mobile device:
McAfee Mobile Security is a mobile security app that helps protect your phone from malware, phishing attacks, and other online threats. McAfee Mobile Security is available for Android and iOS cell phones.
One of the benefits of using McAfee Mobile Security is that it can help detect and block smishing attacks. With identity monitoring, McAfee Mobile Security monitors your sensitive information like email accounts, credit card numbers, phone numbers, Social Security numbers, and more to protect against identity theft. They notify you if they find any security breaches.
Other benefits include:
These days, our lives are more intertwined with our mobile devices than ever. We use them to stay connected with our loved ones on social media, conduct our business, and even access our most personal, sensitive data. It’s no surprise that mobile cybersecurity is becoming increasingly important.
McAfee Mobile Security is a comprehensive security solution that helps protect your device from viruses, malware, and other online threats. It also offers a variety of other features, like a secure VPN to protect your credit card numbers and other personal data.
Whether you’re browsing your favorite website, keeping up with friends on social media, or shopping online at Amazon, McAfee Mobile Security provides the peace of mind that comes from knowing your mobile device is safe and secure.
So why wait? Don‘t let the smishers win. Get started today with McAfee Mobile Security and rest easy knowing your mobile device and sensitive information are protected.
The post What Is Smishing and Vishing, and How Do You Protect Yourself? appeared first on McAfee Blog.
Authored by: Christy Crimmins and Oliver Devane
Football (or Soccer as we call it in the U.S.) is the most popular sport in the world, with over 3.5 billion fans across the globe. On November 20th, the men’s World Cup kicks off (pun intended) in Qatar. This event, a tournament played by 32 national teams every four years, determines the sport’s world champion. It will also be one of the most-watched sporting events of at least the last four years (since the previous World Cup).
An event with this level of popularity and interest also attracts fraudsters and cyber criminals looking to capitalize on fans’ excitement. Here’s how to spot these scams and stay penalty-free during this year’s tournament.
Phishing is a tool that cybercriminals have used for years now. Most of us are familiar with the telltale signs—misspelled words, poor grammar, and a sender email whose email address makes no sense or whose phone number is unknown. But excitement and anticipation can cloud our judgment. What football fan wouldn’t be tempted to win a free trip to see their home team participate in the ultimate tournament? Cybercriminals are betting that this excitement will cloud fans’ judgment, leading them to click on nefarious links that ultimately download malware or steal personal information.
It’s important to realize that these messages can come via a variety of channels, including email, text messages, (also known as smishing) and other messaging channels like WhatsApp and Telegram. No matter what the source is, it’s essential to remain vigilant and pause to think before clicking links or giving out personal or banking information.
For more information on phishing and how to spot a phisher, see McAfee’s “What is Phishing?” blog.
According to ActionFraud, the UK’s national reporting center for fraud and cybercrime, thousands of people were victims of ticket fraud in 2019—and that’s just in the UK. Ticket fraud is when someone advertises tickets for sale, usually through a website or message board, collects the payment and then disappears, without the buyer ever receiving the ticket.
The World Cup is a prime (and lucrative) target for this type of scam, with fans willing to pay thousands of dollars to see their teams compete. Chances are most people have their tickets firmly in hand (or digital wallet) by now, but if you’re planning to try a last-minute trip, beware of this scam and make sure that you’re using a legitimate, reputable ticket broker. To be perfectly safe, stick with well-known ticket brokers and those who offer consumer protection. Also beware of sites that don’t accept debit or credit cards and only accept payment in the form of bitcoin or wire transfers such as the one on the fake ticket site below:
The red box on the right image shows that the ticket site accepts payment via Bitcoin.
Other red flags to look out for are websites that ask you to contact them to make payment and the only contact information is via WhatsApp.
Let’s be realistic—most of us are going to have to settle for watching the World Cup from the comfort of our own home, or the pub down the street. If you’re watching the tournament online, be sure that you’re using a legitimate streaming service. A quick Google of “FIFA World Cup 2022 Official Streaming” along with your country should get you the information you need to safely watch the event through official channels. The FIFA site itself is also a good source of information.
Illegal streaming sites usually contain deceptive ads and malware which can cause harm to your device.
In countries or regions where sports betting is legal, the 2022 World Cup is expected to drive an increase in activity. There’s no shortage of things to bet on, from a simple win/loss to the exact minute a goal will be scored by a particular player. Everything is subject to wager.
As with our previous examples, this increase in legitimate gambling brings with it an increase in deceptive activity. Online betting scams often start when users are directed to or search for gambling site and end up on a fraudulent one. After placing their bets and winning, users realize that while they may have “won” money, they are unable to withdraw it and are even sometimes asked to deposit even more money to make winnings available, and even then, they still won’t be. By the end of this process, the bettor has lost all their initial money (and then some, potentially) as well as any personal information they shared on the site.
Like other scams, users should be wary of sites that look hastily put together or are riddled with errors. Your best bet (yes, again, pun intended) is to look for an established online service that is approved by your government or region’s gaming commission. Finally, reading the fine print on incentives or bonuses is always a good idea. If something sounds too good to be true, it’s best to double-check.
For more on how you can bet online safely, and for details on how legalized online betting works in the U.S., check out our blog on the topic.
Using a free public Wi-Fi connection is risky. User data on these networks is unprotected, which makes it vulnerable to cyber criminals. Whether you’re traveling to Qatar for a match or watching the them with friends at your favorite pub, if you’re connecting to a public Wi-Fi connection, make sure you use a trusted VPN connection.
For more information on scams, visit our scam education page. Hopefully, with these tips, you’ll be able to enjoy and participate in some of the World Cup festivities, after all, fun is the goal!
The post Don’t Get Caught Offsides with These World Cup Scams appeared first on McAfee Blog.
With the shopping bonanzas of Black Friday and Cyber Monday comes a flurry of deals and offers, some of which are too good to be true. Unfortunately, the latter instances often become scams run by fraudsters seeking to take advantage of the shopping frenzy. In this article, we will discuss some of the most notorious Black Friday and Cyber Monday scams that you should keep an eye out for.
Scammers are skilled manipulators who know how to twist human emotions to their advantage. They create a sense of urgency, fear, or stress, which are heightened during the holiday season rush. As people scramble to get the best deals and hard-to-get items, they often let their guard down, making them easy targets for these fraudsters. Knowing how to identify these scams is the first step to safeguarding yourself from becoming a victim.
Whether you’re a seasoned online shopper or just getting started, this guide will help you identify the top online shopping scams today and stay one step ahead to enjoy a safer, more secure shopping experience:
As everyone is hurrying to grab the best deals during the holiday season, keeping track of all the orders can be challenging. Scammers leverage this situation, sending fake order confirmations via email or text. These seemingly legit confirmations often contain malware or phishing links that the scammers use to steal your identity. The best strategy is to track your orders directly from the seller’s website or platform.
Similar to the fake order scam, fraudsters send fake package tracking notifications as an email attachment or link. Actual retailers will never send tracking numbers via an attachment. Scammers use these tactics to infect your device with malware or direct you to phishing sites. As always, visit the seller’s site to get accurate tracking information for your order.
Scammers are skilled at creating fake email addresses and URLs that resemble those of legitimate companies. These phishing emails often lead to scam sites that capture your login credentials and payment information. Avoid clicking on email links; it’s safer to type the URL manually and search for deals.
→ Dig Deeper: 7 Ways to Tell If It’s a Fake
Scarcity is a prime tool for scammers. They create fake websites offering popular items that are generally hard to find. These scams can result in you paying for a product you’ll never receive and the scammer possessing your payment details. The Better Business Bureau provides useful reviews to help verify the legitimacy of a product or seller.
During the holiday season, there’s a surge in charity donations, and scammers know this trend. They set up bogus charities and employ high-pressure tactics to get you to donate. Be wary of organizations that accept payment only through gift cards, wire transfers, or cryptocurrency. The U.S. Federal Trade Commission (FTC) offers resources to ensure your donations reach legitimate charities.
Amidst the whirlwind of savings and special offers, there’s a lurking concern that every savvy shopper should be aware of – scams. Protecting yourself from potential scams during these shopping bonanzas is paramount. Several strategies are available to help you stay one step ahead of potential scammers and ensure a safe and successful shopping experience during Black Friday and Cyber Monday. Here are strategies you can follow:
One of the simplest ways to avoid scammers is to shop from familiar and reputable online retailers. If you’re unsure about a retailer, the U.S. Better Business Bureau provides listings to help you research their reputation.
Secure websites start with “https,” with the extra “s” standing for “secure.” You’ll often see a padlock icon in the address bar of your browser. If you don’t see these security indicators, avoid purchasing on that website.
McAfee Pro Tip: When you’re visiting a website, it’s important to keep your radar up for a few essential clues that tell you whether it’s safe or not. Sure, we’ve talked about the ‘https’ thing in the web address, but there are other giveaways, too, like phony icons and symbols, how well the website’s put together, how fast it loads, and a bunch of other stuff. Want to know more about how to check out if a website’s the real deal or not? Check how to tell whether a website is safe.
In this scam, fraudsters lure victims with advertisements offering significant discounts on popular products. These advertisements usually contain a link redirecting you to a fraudulent website where your personal and financial information gets stolen. Always cross-check the offered prices with those on the manufacturer’s or well-known retailers’ websites. Also, check if the seller provides complete contact information. A lack of information or a recently registered website should raise a red flag.
During the holiday season, a gift exchange scam often resurfaces on social media. The concept is simple: you buy a gift worth a certain amount, typically $10, and supposedly receive several gifts in return. However, the only person who benefits is the scammer who initiated the scheme. This type of scam is not only deceptive but also illegal. If you encounter such a scheme on social media, report it immediately.
→ Dig Deeper: 6 Tips for Protecting Your Social Media Accounts
Scammers love gift cards! They use emails or text messages to trick you into thinking you’ve received a gift card from a friend or family member. These messages often contain links that, when clicked, install malware on your device or steal your personal information. Always verify the source before clicking on any links. And remember, if a deal sounds too good to be true, it probably is.
Beware of new e-commerce sites offering popular items at massive discounts. Scammers often create fake e-commerce sites that vanish after collecting money from their victims. Always research the seller’s reputation before making a purchase. If you can’t find any reviews or feedback about the seller, it’s better to avoid the risk.
→ Dig Deeper: 8 Ways to Know If Online Stores Are Safe and Legit
Smishing is a scam where fraudsters send text messages posing as reputable companies to trick individuals into revealing personal information. During the holiday season, these messages often link to a supposed deal or gift. However, the link usually leads to a fraudulent website designed to steal your data. Treat unsolicited print messages with caution, and never click on suspicious links.
While the holiday season brings joy and excitement, it also increases online shopping scams. Scammers use a variety of tactics, including fake order confirmations, phony tracking numbers, bogus websites, and nonexistent e-tailers, to trick their victims. To protect yourself, always verify the source before clicking on any links, research sellers before purchasing, and avoid deals that seem too good to be true. By being vigilant and taking precautions, you can safely navigate through the holiday shopping frenzy and prevent yourself from falling victim to these Black Friday and Cyber Monday scams. And, of course, don’t forget to equip your devices with security solutions further to improve your security, privacy, and finances.
The post Black Friday and Cyber Monday Scams: Beware of the Pitfalls appeared first on McAfee Blog.
Gather around, folks, to learn about some of the ghastliest tricks used by criminals online and how you can avoid security horrors this Halloween and beyond
The post Trick or treat? Stay so cyber‑safe it’s scary – not just on Halloween appeared first on WeLiveSecurity
As package delivery scams that spoof DHL, USPS and other delivery companies soar, here’s how to stay safe not just this shopping season
The post Parcel delivery scams are on the rise: Do you know what to watch out for? appeared first on WeLiveSecurity
With hot-ticket events firmly back on the agenda, scammers selling fake tickets online have also come out in force
The post Don’t get scammed when buying tickets online appeared first on WeLiveSecurity
Fraudsters use various tactics to separate people from their hard-earned cash on Zelle. Here’s how to keep your money safe while using the popular P2P payment service.
The post 10 common Zelle scams – and how to avoid them appeared first on WeLiveSecurity
One of the oldest tricks in the cybercrime playbook is phishing. It first hit the digital scene in 1995, at a time when millions flocked to America Online (AOL) every day. And if we know one thing about cybercriminals, it’s that they tend to follow the masses. In earlier iterations, phishing attempts were easy to spot due to link misspellings, odd link redirects, and other giveaways. However, today’s phishing tricks have become personalized, advanced, and shrouded in new disguises. So, let’s take a look at some of the different types, real-world examples and how you can recognize a phishing lure.
Every day, users get sent thousands of emails. Some are important, but most are just plain junk. These emails often get filtered to a spam folder, where phishing emails are often trapped. But sometimes they slip through the digital cracks, into a main inbox. These messages typically have urgent requests that require the user to input sensitive information or fill out a form through an external link. These phishing emails can take on many personas, such as banking institutions, popular services, and universities. As such, always remember to stay vigilant and double-check the source before giving away any information.
A sort of sibling to email phishing, link manipulation is when a cybercriminal sends users a link to malicious website under the ruse of an urgent request or deadline. After clicking on the deceptive link, the user is brought to the cybercriminal’s fake website rather than a real or verified link and asked to input or verify personal details. This exact scenario happened last year when several universities and businesses fell for a campaign disguised as a package delivery issue from FedEx. This scheme is a reminder that anyone can fall for a cybercriminals trap, which is why users always have to careful when clicking, as well as ensure the validity of the claim and source of the link. To check the validity, it’s always a good idea to contact the source directly to see if the notice or request is legitimate.
Corporate executives have always been high-level targets for cybercriminals. That’s why C-suite members have a special name for when cybercriminals try to phish them – whaling. What sounds like a silly name is anything but. In this sophisticated, as well as personalized attack, a cybercriminal attempts to manipulate the target to obtain money, trade secrets, or employee information. In recent years, organizations have become smarter and in turn, whaling has slowed down. Before the slowdown, however, many companies were hit with data breaches due to cybercriminals impersonating C-suite members and asking lower-level employees for company information. To avoid this pesky phishing attempt, train C-suite members to be able to identify phishing, as well as encourage unique, strong passwords on all devices and accounts.
Just as email spam and link manipulation are phishing siblings, so too are whaling and spear-phishing. While whaling attacks target the C-suite of a specific organization, spear-phishing rather targets lower-level employees of a specific organization. Just as selective and sophisticated as whaling, spear-phishing targets members of a specific organization to gain access to critical information, like staff credentials, intellectual property, customer data, and more. Spear-phishing attacks tend to be more lucrative than a run-of-the-mill phishing attack, which is why cybercriminals will often spend more time crafting and obtaining personal information from these specific targets. To avoid falling for this phishing scheme, employees must have proper security training so they know how to spot a phishing lure when they see one.
With so many things to click on a website, it’s easy to see why cybercriminals would take advantage of that fact. Content spoofing is based on exactly that notion – a cybercriminal alters a section of content on a page of a reliable website to redirect an unsuspecting user to an illegitimate website where they are then asked to enter personal details. The best way to steer clear of this phishing scheme is to check that the URL matches the primary domain name.
When users search for something online, they expect reliable resources. But sometimes, phishing sites can sneak their way into legitimate results. This tactic is called search engine phishing and involves search engines being manipulated into showing malicious results. Users are attracted to these sites by discount offers for products or services. However, when the user goes to buy said product or service, their personal details are collected by the deceptive site. To stay secure, watch out for potentially sketchy ads in particular and when in doubt always navigate to the official site first.
With new technologies come new avenues for cybercriminals to try and obtain personal data. Vishing, or voice phishing, is one of those new avenues. In a vishing attempt, cybercriminals contact users by phone and ask the user to dial a number to receive identifiable bank account or personal information through the phone by using a fake caller ID. For example, just last year, a security researcher received a call from their financial institution saying that their card had been compromised. Instead of offering a replacement card, the bank suggested simply blocking any future geographic-specific transactions. Sensing something was up, the researcher hung up and dialed his bank – they had no record of the call or the fraudulent card transactions. This scenario, as sophisticated as it sounds, reminds users to always double-check directly with businesses before sharing any personal information.
As you can see, phishing comes in all shapes and sizes. This blog only scratches the surface of all the ways cybercriminals lure unsuspecting users into phishing traps. The best way to stay protected is to invest in comprehensive security and stay updated on new phishing scams.
The post The Seven Main Phishing Lures of Cybercriminals appeared first on McAfee Blog.
Venmo, quick and convenient. A great way to pay back a friend or split the cost of a meal. Yet its ease of use and popularity has made it a hunting ground for scammers.
Venmo scams come in all shapes, and many of them look like variations of email phishing and text scams. The scammers behind them will pose as Venmo customer service reps who ask for your login credential. Other scammers offer bogus cash prizes and pyramid schemes that lure in victims with the promise of quick cash. Some scammers will use the app itself to impersonate friends and family to steal money from you.
All of it is preventable.
Just like any other payment app out there, using Venmo safely calls for a few precautions—and for knowing the tricks that scammers like to pull.
Keep your transactions private. Venmo has a social component that can display a transaction between two people and allow others to comment on it. Payment amounts are always secret. Yet you have control over who sees what by adjusting your privacy settings:
This brings up the question, what if the participants in the transaction have different privacy settings? Venmo uses the most restrictive one. So, if you’re paying someone who has their privacy set to “Public” and you have yours set to “Private,” the transaction will indeed be private.
We suggest going private with your account. The less financial information you share, the better. You can set your transactions to private by heading into the Settings of the Venmo app, tapping on Privacy, and then selecting Private.
In short, just because something is designed to be social doesn’t mean it should become a treasure trove of personal data about your spending habits.
Add extra layers of security. Take extra precautions that make it difficult for others to access your Venmo app.
Pay only people you trust. Per Venmo, the app was originally designed for people who know and trust each other to send each other payments. Since then, it’s expanded to making payments for goods and services under certain circumstances. In Venmo’s words:
“The only way to accept payments for goods and services on Venmo is to be explicitly authorized to accept Venmo for purchases, either by applying for a business profile or tag a payment to a personal profile as a purchase.”
Venmo further clarifies their policy by stating (emphasis theirs):
“Unless directly given the option by Venmo, DO NOT USE VENMO TO TRANSACT WITH PEOPLE YOU DON’T PERSONALLY KNOW, ESPECIALLY IF THE TRANSACTION INVOLVES THE PURCHASE OR SALE OF A GOOD OR SERVICE (for example, concert tickets, electronic equipment, sneakers, a watch, or other merchandise).”
Purchases that don’t follow these policies open you up to risk. That includes the many scammers who peddle phony goods, ask their victims to pay with Venmo, and never deliver a thing. On the flip side, when you make an authorized purchase through Venmo, you gain the benefits of their protection plan. You can learn more about it on their protection plan site.
Venmo has a dedicated web page on the topic of scams, and lists the following as the top Venmo scams out there:
|
|
Venmo breaks down each of these scams in detail on their site. They further share things you can do to avoid them—or steps to take if you unfortunately fall victim to one of these scams.
Broadly speaking, though, you can take several steps to avoid Venmo scams:
Scammers will often pose as customer service reps to pump information out of their victims. They’ll ask for things like bank account information, debit card or credit card numbers, or even passwords and authentication codes sent to your phone. Never share this information. Legitimate reps from legitimate companies won’t request it.
In the U.S., Venmo is regulated by the Treasury Department. As such, Venmo might require your SSN in certain circumstances. Venmo details the cases where they might need your SSN for reporting, here on their website. Note that this is an exception to what we say about sharing SSNs and tax ID numbers. As a payment app, Venmo might have legitimate reasons to request it. However, don’t send this information by email or text (any email or text that asks you to do that is a scam). Instead, always use the mobile app by going to Settings then Identity Verification.
Venmo always sends communications through their official “venmo.com” domain name. If you receive an email that claims to be from Venmo but that doesn’t use “venmo.com,” it’s a scam. Never click or tap on links in emails or texts supposedly sent by Venmo.
Another broad category of scams includes people who aren’t who they say they are. In the case of Venmo, scammers will create imposter accounts that look like they might be a friend or family member but aren’t. If you receive an unexpected and likely urgent-sounding request for payment, contact that person outside the app. See if it’s really them.
Online protection software like ours offers several additional layers of security when it comes to your safety and finances online.
For starters, it includes web browser protection that can block malicious and questionable links that might lead you down the road to malware or a phishing scam—such as a phony Venmo link designed to steal your login credentials. It also includes a password manager that creates and stores strong, unique passwords for each of your accounts.
Moreover, it further protects you by locking down your identity online. Transaction Monitoring and Credit Monitoring help you spot any questionable financial activity quickly. And if identity theft unfortunately happens to you, $1 ID theft coverage & restoration can help you recover quickly.
In all, there’s no question that Venmo makes payments quick and convenient. You can make them far more secure too. The right precautions and tools can see to it.
The post How to Identify and Protect Yourself From Venmo Scams and Other Cash App Scams appeared first on McAfee Blog.
Are you aware of the perils of the world’s no. 1 social media? Do you know how to avoid scams and stay safe on TikTok?
The post TikShock: Don’t get caught out by these 5 TikTok scams appeared first on WeLiveSecurity
Email scammers sent an Uber to the home of an 80-year-old woman who responded to a well-timed email scam, in a bid to make sure she went to the bank and wired money to the fraudsters. In this case, the woman figured out she was being scammed before embarking for the bank, but her story is a chilling reminder of how far crooks will go these days to rip people off.
Travis Hardaway is a former music teacher turned app developer from Towson, Md. Hardaway said his mother last month replied to an email she received regarding an appliance installation from BestBuy/GeekSquad. Hardaway said the timing of the scam email couldn’t have been worse: His mom’s dishwasher had just died, and she’d paid to have a new one delivered and installed.
“I think that’s where she got confused, because she thought the email was about her dishwasher installation,” Hardaway told KrebsOnSecurity.
Hardaway said his mom initiated a call to the phone number listed in the phony BestBuy email, and that the scammers told her she owed $160 for the installation, which seemed right at the time. Then the scammers asked her to install remote administration software on her computer so that they could control the machine from afar and assist her in making the payment.
After she logged into her bank and savings accounts with scammers watching her screen, the fraudster on the phone claimed that instead of pulling $160 out of her account, they accidentally transferred $160,000 to her account. They said they they needed her help to make sure the money was “returned.”
“They took control of her screen and said they had accidentally transferred $160,000 into her account,” Hardaway said. “The person on the phone told her he was going to lose his job over this transfer error, that he didn’t know what to do. So they sent her some information about where to wire the money, and asked her to go to the bank. But she told them, ‘I don’t drive,’ and they told her, “No problem, we’re sending an Uber to come help you to the bank.'”
Hardaway said he was out of town when all this happened, and that thankfully his mom eventually grew exasperated and gave up trying to help the scammers.
“They told her they were sending an Uber to pick her up and that it was on its way,” Hardaway said. “I don’t know if the Uber ever got there. But my mom went over to the neighbor’s house and they saw it for what it was — a scam.”
Hardaway said he has since wiped her computer, reinstalled the operating system and changed her passwords. But he says the incident has left his mom rattled.
“She’s really second-guessing herself now,” Hardaway said. “She’s not computer-savvy, and just moved down here from Boston during COVID to be near us, but she’s living by herself and feeling isolated and vulnerable, and stuff like this doesn’t help.”
According to the Federal Bureau of Investigation (FBI), seniors are often targeted because they tend to be trusting and polite. More importantly, they also usually have financial savings, own a home, and have good credit—all of which make them attractive to scammers.
“Additionally, seniors may be less inclined to report fraud because they don’t know how, or they may be too ashamed of having been scammed,” the FBI warned in May. “They might also be concerned that their relatives will lose confidence in their abilities to manage their own financial affairs. And when an elderly victim does report a crime, they may be unable to supply detailed information to investigators.”
In 2021, more than 92,000 victims over the age of 60 reported losses of $1.7 billion to the FBI’s Internet Crime Complaint Center (IC3). The FBI says that represents a 74 percent increase in losses over losses reported in 2020.
The abuse of ride-sharing services to scam the elderly is not exactly new. Authorities in Tampa, Fla. say they’re investigating an incident from December 2021 where fraudsters who’d stolen $700,000 from elderly grandparents used Uber rides to pick up bundles of cash from their victims.
Are you on Tinder? With 75 million monthly active users, you might be able to find the right one. However there are also traps you need to look out for. Read more about catfishing, sextortion, phishing and other practices used by scammers.
The post Don’t get singed by scammers while you’re carrying the torch for Tinder appeared first on WeLiveSecurity
It pays to be careful – here’s how you can stay safe from fake giveaways, money flipping scams and other cons that fraudsters use to trick payment app users out of their hard-earned cash
The post Cash App fraud: 10 common scams to watch out for appeared first on WeLiveSecurity
When we published our 2020 Predictions report in December, we didn’t realize there was a global pandemic brewing that would give cybercriminals an almost daily news cycle to take advantage of in their attacks against people and organizations around the world. Malicious actors have always taken advantage of big news to use as lures for socially engineered threats, but these events tend to be fairly short news cycles.
When Covid-19 started making headlines in early 2020, we started seeing new threats using this in the attacks. As you see below, April was the peak month for email-based Covid-19 related threats.
The same was true for phishing URLs related to Covid-19, but for files using Covid-19 in their naming convention, the peak month in the first half was June.
Impact on Cybercrime
The constant 24×7 news around cases, cures and vaccines makes this pandemic unique for cybercriminals. Also, the shift to remote working and the challenges posed to supply chains all gave cybercriminals new content they could use as lures to entice victims into infecting themselves.
As we’ve seen for many years now, email-based threats were the most used threat vector by malicious actors, which makes sense as the number one infection vector to penetrate an organization’s network is to use a socially engineered email against an employee.
We even saw malicious mobile apps being developed using Covid-19 as a lure, as you see below.
In this case it was supporting potential cures for the virus, which many people would have wanted.
Other Highlights in 1H 2020
While Covid-19 dominated the threat landscape in the 1H 2020, it wasn’t the only thing that defined it. Ransomware actors continued their attacks against organizations, but as we’ve been seeing over the past year, they’ve become much more selective in their victims. The spray and pray model using spam has been shifted to a more targeted approach, similar to how nation-state actors and APT groups perform their attacks. Two things showcase this trend:
|
|
Home network attacks are another interesting aspect of the threat landscape in the first half of this year. We have millions of home routers around the world that give us threat data on events coming into and out of home networks.
Threat actors are taking advantage of more remote workers by launching more attacks against these home networks. As you see below, the first half of 2020 saw a marked increase in attacks.
Many of these attacks are brute force login attempts as actors try to obtain login credentials for routers and devices within the home network, which can allow them to do further damage.
The above are only a small number of security events and trends we saw in just six months of 2020. Our full roundup of the security landscape so far this year is detailed out in our security roundup report – Securing the Pandemic-Disrupted Workplace. You can read about all we found to help prepare for many of the threats we will continue to see for the rest of the year.
The post 1H 2020 Cyber Security Defined by Covid-19 Pandemic appeared first on .
Few national emergencies have the ability to strike panic into the populace quite like a virus pandemic. It’s fortunately something most of us have never had to experience, until now. At the time of writing, the number of global confirmed cases of Coronavirus infection, or COVID-19, has reached nearly 174,000 worldwide. Although the official US total currently remains a fraction of that (around 4,000), problems with testing mean many cases are likely to be going unreported here.
This is a difficult time for many Americans, as it is for citizens all over the world. But unfortunately it’s extraordinary global events like this that cyber-criminals look for in order to make their schemes more successful. True to form, they’re using mass awareness of the outbreak and a popular desire for more information on the virus, to trick users into giving away personal information and log-ins, or to unwittingly install malware on their devices.
As organizations enforce remote working to reduce the impact of the virus, many of you will be logging-on from home or your mobile computing devices, which may have fewer built-in protections from such threats. This makes it more important than ever to know how the bad guys are trying to cash in on COVID-19 and what you can do to stay safe.
Here’s a quick guide to the key online threats and security tips:
Phishing for trouble
Decades before COVID-19 burst onto the scene, a different kind of pandemic was spreading across the globe. Phishing messages have been one of the most popular tools in the hackers’ arsenal for years. In fact, Trend Micro blocked nearly 48 billion email-borne threats in 2019, 91% of the total we detected. Phishing is designed to trick the user into handing over their log-ins or personal and financial details, or persuading them to unwittingly download malware. Cyber-criminals typically achieve this by spoofing an email to make it appear as if sent from a legitimate and trustworthy source.
Once a user has been hooked, they are enticed into clicking on a malicious link or opening a malware-laden attachment. This could be anything from a banking trojan designed to steal online banking log-ins, to a piece of ransomware which will lock the user out of their PC until they pay a fee. It could even be cryptojacking malware which sits on the infected machine, quietly mining for Bitcoin while running up large energy bills and slowing down your PC.
The bad news is that phishing messages — whether sent by email, social media, text or messaging app — are getting harder to spot. Many now feature perfect English, and official logos and sender domains. They also often use current newsworthy events to trick the user into clicking. And they don’t get more high-profile than the COVID-19 pandemic.
Depending on how well protected your computing devices are, you may be more likely to receive one of these scam messages than be exposed to the virus itself. So, it pays to know what’s out there.
Watch out for these scams
The phishing landscape is evolving all the time. But here is a selection of some of the most common scams doing the rounds at the moment:
‘Official’ updates
Many of these emails purport to come from official organizations such as the US Center for Disease Control and Prevention (CDC), or the World Health Organization (WHO). They claim to contain key updates on the spread of the virus and must-read recommendations on how to avoid infection. Booby-trapped links and attachments carry malware and/or could redirect users to phishing sites.
Coronavirus map
Sometimes legitimate tools can be hijacked to spread malware. Researchers have spotted a version of the interactive Coronavirus dashboard created by Johns Hopkins University which was altered to contain information-stealing malware known as AZORult. If emails arrive with links to such sites, users should exercise extreme caution.
Corporate updates
Many big brands are proactively contacting their customer base to reassure them of the steps they are taking to keep staff and customers safe from the virus. But here too, the hackers are jumping in with spoof messages of their own purporting to come from the companies you may do business with. FedEx is one such global brand that has been spoofed in this way.
Donations
Another trick is to send phishing emails calling for donations to help fund research into the virus. One, claiming to come from the “Department of Health” has a subject line, “URGENT: Coronavirus, Can we count on your support today?” A key tactic in phishing emails is to create a sense of urgency like this to rush the reader into making hasty decisions.
Click here for a cure
One scam email claims to come from a medical professional and contains details about a vaccine for COVID-19 which has been “hushed up” by global governments. Of course, clicking through to find the non-existent ‘cure’ will bring the recipient nothing but trouble.
Tax refunds
In the UK, users have received emails spoofed to appear as if sent from the government, and promising a tax refund to help citizens cope with the financial shock of the pandemic. As governments in the US and elsewhere start to take more interventionist measures to prop up their economies, we can expect more of these types of phishing email.
How to stay safe
The good news is that there’s plenty you can do to protect you and your family from phishing emails like these. A blend of the following technical and human fixes will go a long way to minimizing the threat:
|
|
How Trend Micro can help
Fortunately, Trend Micro Security can also help. Among its anti-phishing features are the following:
Antispam for Outlook: includes checks on email sender reputation, employs web threat protection to block malicious URLs in messages, and scans for threats in files attached to email messages.
Fraud Buster: uses leading-edge AI technology to detect fake emails in Gmail and Outlook webmail that don’t contain malicious URLs or attachments, but still pose a risk to the user.
To find out more about how Trend Micro can help keep your family safe from online threats and phishing, go to our Trend Micro Security homepage, or watch our video series: How to Prevent Phishing, Part 1 and Part 2.
The post How to Stay Safe as Online Coronavirus Scams Spread appeared first on .
Tax season has always been a pretty nerve-wracking time for hard-working Americans. But over the years, technology advances have arrived to gradually make the process a bit easier. The bad news is that they can also introduce new cyber risks and even more stress.
There are two things that cybercriminals are always on the hunt for: people’s identity data from their accounts, and their money. And during the tax-filing season both can be unwittingly exposed. Over the years, cybercriminals have adapted multiple tools and techniques to part taxpayers with their personal information and funds.
Let’s take look at some of the main threats out there and what you can do to stay safe.
What do they want?
Cybercrime is a highly efficient money-making business. Some reports suggest this underground economy generates as much as $1.5 trillion each year. (See Into the Web of Profit, April 2018, McGuire, Bromium.) And tax-related scams are an increasingly popular way for the bad guys to drive-up profits. The Internal Revenue Service (IRS) claims that “thousands of people have lost millions of dollars and their personal information” to such attacks.
The bottom line is that they’re after one of two things: to trick you into wiring funds to them, and/or to get hold of your personally identifiable information (PII), including bank account and Social Security Numbers (SSNs). This personal data can subsequently be used to defraud you or the IRS, or may be deployed in follow-on identity fraud schemes to capture illicit funds from you.
There are various ways cyber-criminals can achieve these goals. The most common is by using social engineering tactics to trick taxpayers into sending money or personal information. But they might also use malware, either delivered to you personally or targeted at your tax preparer. This means you not only have to look after your own cybersecurity but also demand that the third-party businesses you work with store and transmit your sensitive information securely.
Look out for these scams
Here’s a round-up of the most popular tactics used by tax scammers today:
Impersonation: The fraudster gets in touch pretending to be an IRS representative. This could be via email, phone, social media or even SMS. They usually claim you owe the IRS money in unpaid taxes or fines and demand a wire transfer, or funds from a prepaid debit card. Sometimes they may ask for personal and financial details—for example, by claiming you’re entitled to a large tax refund and they just need you to supply your bank account info.
These interactions are usually pushy. The scammer knows the best way of making you pay up is by creating a sense of urgency and, sometimes, shaming the individual into believing they’ve been withholding tax payments. Phishing emails may look highly convincing, right down to the logo and sender domain, while phone callers will use fake names and badge numbers. Sometimes the scammers use personal data they may have stolen previously or bought on the Dark Web to make their communications seem more convincing.
In some impersonation scams, the fraudsters may even pretend to work for charities and ask for personal details to help disaster victims with tax refund claims.
Spoofing, phishing, and malware: In some cases, a text, email or social media message spoofed to appear as if sent from the IRS or your tax preparer actually contains malware. The scammers use the same tactics as above but trick the recipient into clicking on a malicious link or opening an attachment laden with malware. The covert download that follows could result in: theft of your personal information; your computer being completely hijacked by hackers via remote control software; or a ransomware download that locks your computer until you pay a fee.
Fake tax returns: Another trick the scammers employ is to use stolen SSNs and other personal information to file tax returns on your behalf. They can then try to claim a large payment in tax refunds from the IRS. The PII they use to file in your name may have been taken from a third-party source without your knowledge, and the first you might hear of it is when you go to file a legitimate tax return. It can take months to resolve the problem.
Attacks targeting tax preparers: Over half of Americans use third-party tax preparation companies to help them with their returns. However, this offers another opportunity for scammers to get hold of your sensitive information. In one recently discovered campaign, malware deployed on tax preparers’ websites was designed to download to the visitor’s computer as soon as they loaded the page. The IRS warns that businesses large and small are potentially at risk, as scammers are keen to get hold of tax information which enables them to file highly convincing fake returns in your name.
What to do
The good news is that by taking a few simple steps you can insulate yourself from the worst of these scams. Remember: the IRS does not contact taxpayers by email, text messages or social media to request personal/financial information— so if you receive communications that do, they are definitely a scam. It’s also important to remember that scams happen all year round, not just in the run-up to the tax filing deadline. That means, unfortunately, that you need to be on your guard all the time.
Here are a few other recommendations:
|
|
It also pays to demand that your tax preparer take their own precautions to keep your data secure. They should not be sending sensitive data or documents unencrypted in emails and must take steps on their own to combat phishing emails that target employees, since these can cascade to you during your tax preparation process. Whether hosted in the cloud or running on-premises, the servers that hold your data should also have adequate protection—and you have a right (and a duty to yourself) to ask ahead of time what they’re doing to protect it.
According to the IRS tax preparers should put the following internal controls in place:
|
|
How Trend Micro can help
Trend Micro offers a range of security tools to help taxpayers keep their personal and financial information safe from fraudsters.
Our flagship consumer solution Trend Micro Security (TMS) provides the following protections:
|
|
To find out more, go to our Trend Micro Security website.
The post Tax Scams – Everything you need to know to keep your money and data safe appeared first on .
FreshRSS 