Login
Unfortunately in today’s world, scammers are coming at us from all angles to trick us to get us to part with our hard-earned money. We all need to be vigilant in protecting ourselves online. If you aren’t paying attention, even if you know what to look for, they can get you. There are numerous ways to detect fake sites or emails, phishing, and other scams.
Before we delve into the signs of fake websites, we will first take a closer look at the common types of scam that use websites, what happens when you accidentally access a fake website, and what you can do in case you unknowingly purchased items from it.
Fake or scam websites are fraudulent sites that look legitimate while secretly attempting to steal your personal information, money, or account access.
These deceptive platforms masquerade as trustworthy businesses or organizations, sending urgent messages such as popular shopping websites offering fantastic limited-time deals, banking websites requesting immediate account verification, government portals claiming you owe taxes or are eligible for refunds, and shipping companies asking for delivery fees.
The urgency aims to trick you into logging in and sharing sensitive details—credit card numbers, Social Security information, login credentials, and personal data. Once you submit your data, the scammers will steal your identity, drain your accounts, or sell your details to other criminals on the dark web.
These scam websites have become increasingly prevalent because they’re relatively inexpensive to create and can reach millions of potential victims quickly through email and text campaigns, social media ads, and search engine manipulation.
Cybersecurity researchers and consumer protection agencies discover these fraudulent sites through various methods, including monitoring suspicious domain registrations, analyzing reported phishing attempts, and tracking unusual web traffic patterns. According to the FBI’s Internet Crime Complaint Center, losses from cyber-enabled fraud amounted to $13.7 billion, with fake websites representing a significant portion of these losses.
Visiting a fake website, accidentally or intentionally, can expose you to several serious security risks that can impact your digital life and financial well-being:
Scammers use different tricks to make fake websites look real, but most of them fall into familiar patterns. Knowing the main types of scam sites helps you recognize danger faster. This section lists the most common categories of scam websites, how they work, and the red flags that give them away before they can steal your information or money.
Understanding these common scam types helps you recognize fake sites before they can steal your information or money. When in doubt, verify legitimacy by visiting official websites directly through bookmarks or search engines rather than clicking suspicious links.
For the latest warnings and protection guidance, check resources from the Federal Trade Commission and the FBI’s Internet Crime Complaint Center.
You can protect yourself by learning to recognize the warning signs of fake sites. By understanding what these scams look like and how they operate, you’ll be better equipped to shop, bank, and browse online with confidence. Remember, legitimate companies will never pressure you to provide sensitive information through unsolicited emails or urgent pop-up messages.
Most scams usually start out from social engineering tactics such as phishing, smishing, and fake social media messages with suspicious links, before leading you to a fake website.
From these communications, the scammers impersonate legitimate organizations before finally executing their malevolent intentions. To avoid being tricked, it is essential to recognize the warning signs wherever you encounter them.
Fake emails are among the most common phishing attempts you’ll encounter. If you see any of these signs in an unsolicited email, it is best not to engage:
Smishing messages bear the same signs as phishing emails and have become increasingly sophisticated. These fake messages often appear to come from delivery services, banks, or government agencies. Common tactics include fake package delivery notifications, urgent banking alerts, or messages claiming you’ve won prizes or need to verify account information.
Legitimate organizations typically don’t include clickable links in unsolicited text messages, especially for account-related actions. When in doubt, don’t click the link—instead, open your banking app directly or visit the official website by typing the URL manually.
Social media platforms give scammers new opportunities to create convincing fake profiles and pages. They might impersonate customer service accounts, create fake giveaways, or send direct messages requesting personal information. These fake sites often use profile pictures and branding that closely resemble legitimate companies.
Unusual sender behavior is another indicator of a scam across all platforms. This includes messages from contacts you haven’t heard from in years, communications from brands you don’t typically interact with, or requests that seem out of character for the supposed sender.
Scammers have become increasingly cunning in creating fake websites that closely mimic legitimate businesses and services. Here are some real-life examples of how cybercriminals use fake websites to victimize consumers:
Scammers exploit your trust in the United States Postal Service (USPS), designing sophisticated fake websites to steal your personal information, payment details, or money. They know you’re expecting a package or need to resolve a delivery issue, making you more likely to enter sensitive information without carefully verifying the site’s authenticity.
USPS-themed smishing attacks arrive as text messages stating your package is delayed, undeliverable, or requires immediate action. Common phrases include “Pay $1.99 to reschedule delivery” or “Your package is held – click here to release.”
Scammers use various URL manipulation techniques to make their fake sites appear official. Watch for these red flags:
Always verify package information and delivery issues through official USPS channels before taking any action on suspicious websites or messages:
Reporting fake USPS websites helps protect others from falling victim to these scams and assists law enforcement in tracking down perpetrators.
Remember that legitimate USPS services are free for standard delivery confirmation and tracking. Any website demanding payment for basic package tracking or delivery should be treated as suspicious and verified through official USPS channels before providing any personal or financial information.
According to the Federal Trade Commission, tech support scams cost Americans nearly $1.5 billion in 2024. These types of social engineering attacks are increasingly becoming sophisticated, making it more important than ever to verify security alerts through official channels.
Sadly, many scammers are misusing the McAfee name to create fake tech support pop-up scams and trick you into believing your computer is infected or your protection has expired and hoping you’ll act without thinking.
These pop-ups typically appear while you’re browsing and claim your computer is severely infected with viruses, malware, or other threats. They use official-looking McAfee logos, colors, and messaging to appear legitimate to get you to call a fake support number, download malicious software, or pay for unnecessary services.
Learning to detect fake sites and pop-ups protects you from scam. Be on the lookout for these warning signs:
If you see a suspicious pop-up claiming to be from McAfee, here’s exactly what you should do:
To check if your McAfee protection is genuinely active and up-to-date:
Remember, legitimate McAfee software updates and notifications come through the installed program itself, not through random browser pop-ups. Your actual McAfee protection works quietly in the background without bombarding you with alarming messages.
Stay protected by trusting your installed McAfee software and always verifying security alerts through official McAfee channels such as your installed McAfee dashboard or the official website.
Be prepared and know how to respond quickly when something doesn’t feel right. If you suspect you’ve encountered a fake website, trust your instincts and take these protective steps immediately.
Recognizing fake sites and emails becomes easier with practice. The key is to trust your instincts—if something feels suspicious or too good to be true, take a moment to verify through official channels. With the simple verification techniques covered in this guide, you can confidently navigate the digital world and spot fake sites and emails before they cause harm.
Your best defense is to make these quick security checks a regular habit—verify URLs, look for secure connections, and trust your instincts when something feels off. Go directly to the source or bookmark your most-used services and always navigate to them. Enable two-factor authentication on important accounts, and remember that legitimate companies will never ask for sensitive information via email. Maintaining healthy skepticism about unsolicited communications will protect not only your personal information but also help create a safer online environment for everyone.
For the latest information on fake websites and scams and to report them, visit the Federal Trade Commission’s scam alerts or the FBI’s Internet Crime Complaint Center.
The post Ways to Tell if a Website Is Fake appeared first on McAfee Blog.
Two-step verification, two-factor authentication, multi-factor authentication…whatever your social media platform calls it, it’s an excellent way to protect your accounts.
There’s a good chance you’re already using multi-factor verification with your other accounts — for your bank, your finances, your credit card, and any number of things. The way it requires an extra one-time code in addition to your login and password makes life far tougher for hackers.
It’s increasingly common to see nowadays, where all manner of online services only allow access to your accounts after you’ve provided a one-time passcode sent to your email or smartphone. That’s where two-step verification comes in. You get sent a code as part of your usual login process (usually a six-digit number), and then you enter that along with your username and password.
Some online services also offer the option to use an authenticator app, which sends the code to a secure app rather than via email or your smartphone. Authenticator apps work much in the same way, yet they offer three unique features:
Google, Microsoft, and others offer authenticator apps if you want to go that route. You can get a good list of options by checking out the “editor’s picks” at your app store or in trusted tech publications.
Whichever form of authentication you use, always keep that secure code to yourself. It’s yours and yours alone. Anyone who asks for that code, say someone masquerading as a customer service rep, is trying to scam you. With that code, and your username/password combo, they can get into your account.
Passwords and two-step verification work hand-in-hand to keep you safer. Yet not any old password will do. You’ll want a strong, unique password. Here’s how that breaks down:
Now, with strong passwords in place, you can get to setting up multi-factor verification on your social media accounts.
When you set up two-factor authentication on Facebook, you’ll be asked to choose one of three security methods:
And here’s a link to the company’s full walkthrough: https://www.facebook.com/help/148233965247823
When you set up two-factor authentication on Instagram, you’ll be asked to choose one of three security methods: an authentication app, text message, or WhatsApp.
And here’s a link to the company’s full walkthrough: https://help.instagram.com/566810106808145
And here’s a link to the company’s full walkthrough: https://faq.whatsapp.com/1920866721452534
And here’s a link to the company’s full walkthrough: https://support.google.com/accounts/answer/185839?hl=en&co=GENIE.Platform%3DDesktop
1. TapProfileat the bottom of the screen.
2. Tap the Menu button at the top.
3. Tap Settings and Privacy, then Security.
4. Tap 2-step verification and choose at least two verification methods: SMS (text), email, and authenticator app.
5. Tap Turn on to confirm.
And here’s a link to the company’s full walkthrough: https://support.tiktok.com/en/account-and-privacy/personalized-ads-and-data/how-your-phone-number-is-used-on-tiktok
The post How to Protect Your Social Media Passwords with Multi-factor Verification appeared first on McAfee Blog.
Before your phone gets lost or stolen, put some basic steps in place.
You’ll want to act quickly, so preparation is everything. With the right measures, you can find it, recover it, or even erase it if needed. These steps can get you set up so you can do exactly that.
Lock your phone.
Locking your phone is one of the most basic smartphone security measures you can take. Trouble is, few of us do it. Our recent global research showed that only 56% of adults said that they protect their smartphone with a password, passcode, or other form of lock.[i] In effect, an unlocked phone is an open book to anyone who finds or steals a phone
Setting up a lock screen is easy. It’s a simple feature found on iOS and Android devices. iPhones and Androids have an auto-lock feature that locks your phone after a certain period of inactivity. Keep this time on the low end, one minute or less, to help prevent unauthorized access.
We suggest using a six-digit PIN or passcode rather than using a gesture to unlock your phone. They’re more complex and secure. Researchers proved as much with a little “shoulder surfing” test. They looked at how well one group of subjects could unlock a phone after observing the way another group of subjects unlocked it.[ii]
Turn on “Find My Phone.”
Another powerful tool you have at your disposal is the Find My Phone feature made possible thanks to GPS technology. The “find my” feature can help you pinpoint your phone if your lost or stolen phone has an active data or Wi-Fi connection and has its GPS location services enabled. Even if the phone gets powered down or loses connection, it can guide you to its last known location.
Setting up this feature is easy. Apple offers a comprehensive web page on how to enable and use their “Find My” feature for phones (and other devices too). Android users can get a step-by-step walkthrough on Google’s Android support page as well.
Back up your stuff in the cloud.
Thanks to cloud storage, you might be able to recover your photos, files, apps, notes, contact info, and more if your phone is lost or stolen. Android owners can learn how to set up cloud backup with Google Drive here, and iPhone users can learn the same for iCloud here.
Write down your phone’s unique ID number.
Here are a couple of acronyms. IMEI (International Mobile Equipment Identity) or MEID (Mobile Equipment Identifier) are two types of unique ID numbers assigned to smartphones. Find yours and write it down. In case of loss or theft, your mobile carrier, police department, or insurance provider might ask for the info to assist in its return or reimbursement for loss.
Beyond digital security measures, plenty of loss and theft prevention falls on you. Treat your phone like the desirable item it is. That’s a big step when it comes to preventing theft.
Keep your phone close.
And by close, we mean on your person. It’s easy to leave your phone on the table at a coffee shop, on a desk in a shared workspace, or on a counter when you’re shopping. Thieves might jump on any of these opportunities for a quick snatch-and-grab. You’re better off with your phone in your pocket or zipped up in a bag that you keep close.
Secure your bags and the devices you carry in them.
Enterprising thieves will find a way. They’ll snatch your bag while you’re not looking. Or they might even slice into it with a knife to get what’s inside, like your phone.
Keep your bag or backpack close. If you’re stopping to grab a bite to eat, sling the handles through a chair leg. If you have a strong metal carabiner, you can use that too. Securing your bag like that can make it much tougher for a thief to walk by and swipe it. For extra security, look into a slash-resistant bag.
If you have a credit card and ID holder attached to the back of your phone, you might want to remove your cards from it. That way, if your phone gets snatched, those important cards won’t get snatched as well.
In the event of your phone getting lost or stolen, a combination of device tracking, device locking, and remote erasing can help protect your phone and the data on it.
Different device manufacturers have different ways of going about it. But the result is the same — you can prevent others from using your phone, and even erase it if you’re truly worried that it’s in the wrong hands or gone for good. Apple provides iOS users with a step-by-step guide, and Google offers up a guide for Android users as well.
Apple’s Find My app takes things a step further. Beyond locating a lost phone or wiping it, Find My can also mark the item as lost, notify you if you’ve left it behind, or trigger a sound to help you locate it. (A huge boon in that couch cushion scenario!) Drop by Apple’s page dedicated to the Find My app for more details on what you can do on what devices, along with instructions how.
With preparation and prevention, you can give yourself reassurance if your phone gets lost or stolen. You have plenty of recovery options, in addition to plenty of ways to prevent bad actors from getting their hands on the sensitive info you keep on it.
[i] https://www.mcafee.com/content/dam/consumer/en-us/docs/reports/rp-connected-family-study-2022-global.pdf
[ii] https://arxiv.org/abs/1709.04959
The post What Should I do If My Phone Gets Stolen or Lost? appeared first on McAfee Blog.
In today’s interconnected world, our mobile devices serve as essential tools for communication, productivity, and entertainment. However, for some tech-savvy users, the allure of unlocking the full potential of their devices through jailbreaking (for iOS) or rooting (for Android) can be tempting. While these processes offer users greater control and customization over their devices, they also raise significant questions about security implications.
To “jailbreak” means to allow the phone’s owner to gain full access to the root of the operating system and access all the features. Jailbreaking is the process of removing the limitations imposed by Apple and associated carriers on devices running the iOS operating system. Jailbroken phones came into the mainstream when Apple first released their iPhone and it was only on AT&T’s network. Users who wanted to use an iPhone with other carriers were not able to unless they had a jailbroken iPhone.
Similar to jailbreaking, “rooting” is the term for the process of removing the limitations on a mobile or tablet running the Android operating system. By gaining privileged control, often referred to as “root access,” over an Android device’s operating system, users can modify system files, remove pre-installed bloatware, install custom ROMs, and unlock features not accessible on stock devices.
Rooting or jailbreaking grants users deeper access to the device’s operating system, allowing for extensive customization of the user interface, system settings, and even hardware functionality. Advanced users can optimize system performance, remove unnecessary bloatware, and tweak settings to improve battery life, speed, and responsiveness.
However, hacking your device potentially opens security holes that may have not been readily apparent or undermines the device’s built-in security measures. Jailbroken and rooted phones are much more susceptible to viruses and malware because users can avoid Apple and Google application vetting processes that help ensure users are downloading virus-free apps.
In addition to security vulnerabilities, hacking your device may lead to a voided manufacturer’s warranty, leaving you without official support for repairs or replacements. Altering the device’s operating system can also lead to instability, crashes, and performance issues, especially if incompatible software or modifications are installed.
While rooting or jailbreaking may offer users enticing opportunities for customization and optimization of their mobile devices, the associated risks cannot be overlooked. By circumventing built-in security measures, users expose their devices to potential security vulnerabilities, making them more susceptible to viruses and malware. Ultimately, the decision to root or jailbreak a mobile device should be made with careful consideration of the trade-offs involved, as the security risks often outweigh the benefits.
When thinking about mobile security risks, consider adding reputable mobile security software to your device to augment the built-in security measures. These security solutions provide real-time scanning and threat detection capabilities, helping to safeguard sensitive data and maintain the integrity of the device’s operating system.
The post How Does Jailbreaking Or Rooting Affect My Mobile Device Security? appeared first on McAfee Blog.
“Vishing” occurs when criminals cold-call victims and attempt to persuade them to divulge personal information over the phone. These scammers are generally after credit card numbers and personal identifying information, which can then be used to commit financial theft. Vishing can occur both on your landline phone or via your cell phone.
The term is a combination of “voice,” and “phishing,” which is the use of spoofed emails to trick targets into clicking malicious links. Rather than email, vishing generally relies on automated phone calls that instruct targets to provide account numbers. Techniques scammers use to get your phone numbers include:
Once vishers have phone numbers, they employ various strategies to deceive their targets and obtain valuable personal information:
To protect yourself from vishing scams, you should:
Staying vigilant and informed is your best defense against vishing scams. By verifying caller identities, being skeptical of unsolicited requests for personal information, and using call-blocking tools, you can significantly reduce your risk of falling victim to these deceptive practices. Additionally, investing in identity theft protection services can provide an extra layer of security. These services monitor your personal information for suspicious activity and offer assistance in recovering from identity theft, giving you peace of mind in an increasingly digital world. Remember, proactive measures and awareness are key to safeguarding your personal information against vishing threats.
The post How to Protect Yourself from Vishing appeared first on McAfee Blog.
My mother recently turned 80, so of course a large celebration was in order. With 100 plus guests, entertainment, and catering to organise, the best way for me to keep everyone updated (and share tasks) was to use Google Docs. Gee, it worked well. My updates could immediately be seen by everyone, the family could access it from all the devices, and it was free to use! No wonder Google has a monopoly on drive and document sharing.
But here’s the thing – hackers know just how much both individuals and businesses have embraced Google products. So, it makes complete sense that they use reputable companies such as Google to devise phishing emails that are designed to extract our personal information. In fact, the Google Docs phishing scam was widely regarded as one of the most successful personal data extraction scams to date. They know that billions of people worldwide use Google so an invitation to click a link and view a document does not seem like an unreasonable email to receive. But it caused so much grief for so many people.
Emails designed to trick you into sharing your personal information are a scammer’s bread and butter. This is essentially what phishing is. It is by far the most successful tool they use to get their hands on your personal data and access your email.
‘But why do they want my email logins?’ – I hear you ask. Well, email accounts are what every scammer dreams of – they are a treasure trove of personally identifiable material that they can either steal or exploit. They could also use your email to launch a wide range of malicious activities from spamming and spoofing to spear phishing. Complicated terms, I know but in essence these are different types of phishing strategies. So, you can see why they are keen!!
But successful phishing emails usually share a few criteria which is important to know. Firstly, the email looks like it has been sent from a legitimate company e.g. Microsoft, Amex, or Google. Secondly, the email has a strong ‘call to action’ e.g. ‘your password has been changed, if this is not the case, please click here’. And thirdly, the email does not seem too out of place or random from the potential victim’s perspective.
Despite the fact that scammers are savvy tricksters, there are steps you can take to maximise the chances your email remains locked away from their prying eyes. Here’s what I suggest:
Never respond to an unexpected email or website that asks you for personal information or your login details no matter how professional it looks. If you have any doubts, always contact the company directly to verify.
Make sure you have super-duper internet security software that includes all the bells and whistles. Not only does internet security software McAfee+ include protection for daily browsing but it also has a password manager, a VPN, and a social privacy manager that will lock down your privacy settings on your social media accounts. A complete no-brainer!
Avoid using public Wi-Fi to log into your email from public places. It takes very little effort for a hacker to position themselves between you and the connection point. So, it’s entirely possible for them to be in receipt of all your private information and logins which clearly you don’t want. If you really need to use it, invest in a Virtual Private Network (VPN) which will ensure everything you share via Wi-Fi will be encrypted. Your McAfee+ subscription includes a VPN.
Public computers should also be avoided even just to ‘check your email’. Not only is there a greater chance of spyware on untrusted computers but some of them sport key-logging programs which can both monitor and record the keys you strike on the keyboard – a great way of finding out your password!
Ensuring each of your online accounts has its own unique, strong, and complex password is one of the best ways of keeping hackers out of your life. I always suggest at least 10-12 characters with a combination of upper and lower case letters, symbols, and numbers. A crazy nonsensical sentence is a great option here but better still is a password manager that will remember and generate passwords that no human could! A password manager is also part of your McAfee+ online security pack.
Even if you have taken all the necessary steps to protect your email from hackers, there is the chance that your email logins may be leaked in a data breach. A data breach happens when a company’s data is accessed by scammers and customers’ personal information is stolen. You may remember the Optus, Medibank and Latitude hacks of 2022/23?
If you have had your personal information stolen, please be assured that there are steps you can take to remedy this. The key is to act fast. Check out my recent blog post here for everything you need to know.
So, next time you’re organising a big gathering don’t hesitate to use Google Docs to plan or Microsoft Teams to host your planning meetings. While the thought of being hacked might make you want to withdraw, please don’t. Instead, cultivate a questioning mindset in both yourself and your kids, and always have a healthy amount of suspicion when going about your online life. You’ve got this!!
Till next time,
Stay safe!
Alex
The post How To Prevent Your Emails From Being Hacked appeared first on McAfee Blog.
I think I could count on one hand the people I know who have NOT had their email hacked. Maybe they found a four-leaf clover when they were kids! Email hacking is one of the very unfortunate downsides of living in our connected, digital world. And it usually occurs as a result of a data breach – a situation that even the savviest tech experts find themselves in.
In simple terms, a data breach happens when personal information is accessed, disclosed without permission, or lost. Companies, organisations, and government departments of any size can be affected. Data stolen can include customer login details (email addresses and passwords), credit card numbers, identifying IDs of customers e.g. driver’s license numbers and/or passport numbers, confidential customer information, company strategy, or even matters of national security.
Data breaches have made headlines, particularly over the last few years. When the Optus and Medibank data breaches hit the news in 2022 affecting almost 10 million Aussies apiece, we were all shaken. But then when Aussie finance company Latitude was affected in 2023 with a whopping 14 million people from both Australia and New Zealand, it almost felt inevitable that by now, most of us would have been impacted.
The reality is that data breaches have been happening for years. In fact, the largest data breach in Australian history happened in 2019 to the online design site Canva which affected 139 million users globally. In short, it can happen to anyone, and the chances are you may have already been affected.
The sole objective of a hacker is to get their hands on your data. Any information that you share in your email account can be very valuable to them. Why do they want your data, you ask? It’s simple really – so they can cash in!
Some will keep the juicy stuff for themselves – passwords or logins to government departments or large companies they may want to ’target’ with the aim of extracting valuable data and/or funds. The more sophisticated ones will sell your details including name, telephone, email address, and credit card details to cash in on the dark web. They often do this in batches. Some experts believe they can get as much as AU$250 for a full set of details including credit cards. So, you can see why they’d be interested in you.
The other reason why hackers will be interested in your email address and password is that many of us re-use our login details across our other online accounts. Once they’ve got their hands on your email credentials, they may be able to access your online banking and investment accounts, if you use the same credentials everywhere. So, you can see why I harp on about using a unique password for every online account!
There is a plethora of statistics on just how big this issue is – all of them concerning. According to the Australian Institute of Criminology, of all the country’s cybercrime reports in 2024, about 21.9% involved identity theft and misuse. The Australian Bureau of Statistics adds that the identity theft victimisation rate has steadily increased from 0.8% to 1.2% from 2021 to 2024, respectively.
Meanwhile, The Australian Government revealed that at least one cybercrime is reported every 6 minutes, with business email compromise alone costing the national economy up to $84 million in losses. Regardless of which statistic you choose to focus on, we have a big issue on our hands.
Hackers use a range of techniques—some highly sophisticated, others deceptively simple—to gain access. It is important to know how these attacks happen so you can stay ahead and prevent them.
Yes, absolutely. An email account is often the central hub of your digital life. Once a cybercriminal controls it, they can initiate password resets for your other online accounts, including banking, shopping, and social media. They can intercept sensitive information sent to you, such as financial statements or medical records.
With enough information gathered from your emails, they can commit identity theft, apply for credit in your name, or access other sensitive services. If you suspect your email was hacked, it’s crucial to monitor your financial statements and consider placing a fraud alert with credit bureaus.
If you find yourself a victim of email hacking, these are a few very important steps you need to take. Fast.
Using a separate, clean device, this is the very first thing you must do to ensure the hacker can’t get back into your account. It is essential that your new password is complex and totally unrelated to previous passwords. Always use random words and characters, a passphrase with a variety of upper and lower cases, and throw in some symbols and numbers.
I really like the idea of a crazy, nonsensical sentence – easier to remember and harder to crack! But, better still, get yourself a password manager that will create a password that no human would be capable of creating. If you find the hacker has locked you out of your account by changing your password, you will need to reset the password by clicking on the ‘Forgot My Password’ link.
This is time-consuming, but essential. Ensure you change any other accounts that use the same username and password as your compromised email. Hackers love the fact that many people use the same logins for multiple accounts, so it is guaranteed they will try your info in other email applications and sites such as PayPal, Amazon, Netflix – you name it!
Once the dust has settled, review your password strategy for all your online accounts. A best practice is to ensure every online account has its own unique and complex password.
Most email services have a security feature that lets you remotely log out of all active sessions. Once you’ve changed your password, signing out from your email account also signs out the hacker and forces them to log-in with the new password, which fortunately they do not know. These, combined with two- or multi-factor authentication, will help you to regain control of your account and prevent further compromise.
A big part of the hacker’s strategy is to get their claws into your address book to hook others as well. Send a message to all your email contacts as soon as possible so they know to avoid opening any emails—most likely loaded with malware—that have come from you.
Two-factor or multi-factor authentication may seem like an additional, inconvenient step to your login, but it also adds another layer of protection. Enabling this means you will need a special one-time-use code to log in, aside from your password. This is sent to your mobile phone or generated via an authenticator app. So worthwhile!
It is common for hackers to modify your email settings so that a copy of every email you receive is automatically forwarded to them. Not only can they monitor your logins to other sites; they can also keep a watchful eye on any particularly juicy personal information. So, check your mail forwarding settings to ensure no unexpected email addresses have been added.
Also, ensure your ‘reply to’ email address is actually yours. Hackers have been known to create an email address that looks similar to yours, so that when someone replies, it will go straight to their account, not yours.
Don’t forget to check your email signature to ensure nothing spammy has been added, as well as your recovery phone number and alternate email address. Hackers also change these to maintain control. Update them to your own secure details.
Regularly scanning your devices for unwanted invaders is essential. If you find anything, please ensure it is addressed, and then change your email password again. If you don’t have antivirus software, please invest in it.
Comprehensive security software will provide you with a digital shield for your online life, protecting all your devices – including your smartphone – from viruses and malware. Some services also include a password manager to help you generate and store unique passwords for all your accounts.
If you have been hacked several times and your email provider isn’t mitigating the amount of spam you are receiving, consider starting afresh. Do not, however, delete your old email address because email providers are known to recycle old email addresses. This means a hacker could spam every site they can find with a ‘forgot my password’ request and try to impersonate you and steal your identity.
Your email is an important part of your online identity so being vigilant and addressing any fallout from hacking is essential for your digital reputation. Even though it may feel that getting hacked is inevitable, you can definitely reduce your risk by installing some good-quality security software on all your devices.
Trusted and reliable comprehensive security software will alert you when visiting risky websites, warn you when a download looks dodgy, and block annoying and dangerous emails with anti-spam technology. It makes sense really – if you don’t receive the dodgy phishing email – you can’t click on it. Smart!
Finally, don’t forget that hackers love social media – particularly those of us who overshare on it. So, before you post details of your adorable new kitten, remember it may just provide the perfect clue for a hacker trying to guess your email password!
Reporting an email hack is a crucial step to create a necessary paper trail for disputes with banks or credit agencies. When reporting, gather evidence such as screenshots of suspicious activity, unrecognized login locations and times, and any phishing emails you received. This information can be vital for the investigation.
Generally, no. Deleting the account can cause more problems than it solves. Many online services are linked to that email, and deleting it means you lose the ability to receive password reset links and security notifications for those accounts.
More importantly, some email providers recycle deleted addresses, meaning a hacker could potentially re-register your old email address and use it to impersonate you and take over your linked accounts.
The better course of action is to regain control, thoroughly secure the account with a new password and multi-factor authentication, and clean up any damage. Only consider migrating to a new email address after you have fully secured the old one.
Each email provider has a specific, structured process for account recovery. It is vital to only use the official recovery pages provided by the service and be wary of scam websites or third-party services that claim they can recover your account for a fee. Below are the official steps of the major providers that you can follow.
Your email account is the master key to your digital kingdom, and protecting it is more critical than ever since many of your other accounts are connected with your email. Realizing “my email has been hacked” is a stressful experience, but taking swift and correct action can significantly limit the damage.
By following the recovery steps and adopting strong, ongoing security habits like using a password manager and enabling multi-factor authentication, you can turn a potential crisis into a lesson in digital resilience. Stay vigilant, stay proactive, and keep your digital front door securely locked.
To add another wall of defense, consider investing in a trusted and reliable comprehensive security software like McAfee+. Our solution will help you dodge hacking attempts by alerting you when visiting risky websites, or downloading questionable apps, and blocking malicious emails with anti-spam technology.
The post What to Do If Your Email Is Hacked appeared first on McAfee Blog.
It’s that time of year again – tax season! Whether you’ve already filed in the hopes of an early refund or have yet to start the process, one thing is for sure: cybercriminals will certainly use tax season as a means to get victims to give up their personal and financial information. This time of year is advantageous for malicious actors since the IRS and tax preparers are some of the few people who actually need your personal data. As a result, consumers are targeted with various scams impersonating trusted sources like the IRS or DIY tax software companies. Fortunately, every year the IRS outlines the most prevalent tax scams, such as voice phishing, email phishing, and fake tax software scams. Let’s explore the details of these threats.
So, how do cybercriminals use voice phishing to impersonate the IRS? Voice phishing, a form of criminal phone fraud, uses social engineering tactics to gain access to victims’ personal and financial information. For tax scams, criminals will make unsolicited calls posing as the IRS and leave voicemails requesting an immediate callback. The crooks will then demand that the victim pay a phony tax bill in the form of a wire transfer, prepaid debit card or gift card. In one case outlined by Forbes, victims received emails in their inbox that allegedly contained voicemails from the IRS. The emails didn’t actually contain any voicemails but instead directed victims to a suspicious SharePoint URL. Last year, a number of SharePoint phishing scams occurred as an attempt to steal Office 365 credentials, so it’s not surprising that cybercriminals are using this technique to access taxpayers’ personal data now as well.
In addition to voice phishing schemes, malicious actors are also using email to try and get consumers to give up their personal and financial information. This year alone, almost 400 IRS phishing URLs have been reported. In a typical email phishing scheme, scammers try to obtain personal tax information like usernames and passwords by using spoofed email addresses and stolen logos. In many cases, the emails contain suspicious hyperlinks that redirect users to a fake site or PDF attachments that may download malware or viruses. If a victim clicks on these malicious links or attachments, they can seriously endanger their tax data by giving identity thieves the opportunity to steal their refund. What’s more, cybercriminals are also using subject lines like “IRS Important Notice” and “IRS Taxpayer Notice” and demanding payment or threatening to seize the victim’s tax refund.
Cybercriminals are even going so far as to impersonate trusted brands like TurboTax for their scams. In this case, DIY tax preparers who search for TurboTax software on Google are shown ads for pirated versions of TurboTax. The victims will pay a fee for the software via PayPal, only to have their computer infected with malware after downloading the software. You may be wondering, how do victims happen upon this malicious software through a simple Google search? Unfortunately, scammers have been paying to have their spoofed sites show up in search results, increasing the chances that an innocent taxpayer will fall victim to their scheme.
Money is a prime motivator for many consumers, and malicious actors are fully prepared to exploit this. Many people are concerned about how much they might owe or are predicting how much they’ll get back on their tax refund, and scammers play to both of these emotions. So, as hundreds of taxpayers are waiting for a potential tax return, it’s important that they navigate tax season wisely. Check out the following tips to avoid being spoofed by cybercriminals and identity thieves:
File before cybercriminals do it for you. The easiest defense you can take against tax season schemes is to get your hands on your W-2 and file as soon as possible. The more prompt you are to file, the less likely your data will be raked in by a cybercriminal.
Keep an eye on your credit and your identity. Keeping tabs on your credit report and knowing if your personal information has been compromised in some way can help prevent tax fraud. Together, they can let you know if someone has stolen your identity or if you have personal info on the dark web that could lead to identity theft.
Watch out for spoofed websites. Scammers have extremely sophisticated tools that help disguise phony web addresses for DIY tax software, such as stolen company logos and site designs. To avoid falling for this, go directly to the source. Type the address of a website directly into the address bar of your browser instead of following a link from an email or internet search. If you receive any suspicious links in your email, investigating the domain is usually a good way to tell if the source is legitimate or not.
Protect yourself from scam messages. Scammers also send links to scam sites via texts, social media messages, and email. Text Scam Detector can help you spot if the message you got is a fake. It uses AI technology that automatically detects links to scam URLs. If you accidentally click, don’t worry, it can block risky sites if you do.
Clean up your personal info online. Crooks and scammers have to find you before they can contact you. After all, they need to get your phone number or email from somewhere. Sometimes, that’s from “people finder” and online data brokers that gather and sell personal info to any buyer. Including crooks. McAfee Personal Data Cleanup can remove your personal info from the data broker sites scammers use to contact their victims.
Consider an identity theft protection solution. If for some reason your personal data does become compromised, be sure to use an identity theft solution such as McAfee Identity Theft Protection, which allows users to take a proactive approach to protect their identities with personal and financial monitoring and recovery tools to help keep their identities personal and secured.
The post How to Steer Clear of Tax Season Scams appeared first on McAfee Blog.
FreshRSS 