Login
Summer vacations are a time for families to relax, unwind, and create lasting memories together. Whether you’re heading to the beach, embarking on a road trip, or exploring new destinations, it’s important to prioritize the online safety of your loved ones. However, our Safer Summer Holidays Travel Report found that almost half (48%) of travelers admitted to being less security conscious when on holiday, such as by choosing to connect to Wi-Fi networks even though they look a bit suspicious (22%).
With the increasing prevalence of online threats and the growing reliance on technology, taking proactive steps to protect your family’s digital well-being is more crucial than ever. Here are some actionable tips to ensure a safe and enjoyable online experience during your summer adventures.
Teach your children about the importance of practicing safe online behavior and what safer online habits are. Explain the risks of sharing personal information online, interacting with strangers, and clicking suspicious links or attachments. Talk about the concept of “phishing” and how to recognize suspicious links or messages. Encourage open communication and make sure your children feel comfortable coming to you if they encounter any concerning or questionable content online.
When connecting to the internet while on vacation, be cautious about the Wi-Fi networks you use. Public Wi-Fi networks, such as those found in hotels, airports, and cafes, may not be secure and could expose your family to cyber threats like hacking and identity theft. That’s because they are often a missing layer of protection called encryption. Encryption acts like a secret code, scrambling the data as it travels from your device to the Wi-Fi router, so nobody else can understand it. Without this protection, hackers can easily sneak in and read the information you’re sending over the Wi-Fi network, putting your privacy and security at risk. If you do need to connect to a public Wi-Fi network, use a virtual private network (VPN) to encrypt your internet connection and protect sensitive data from prying eyes.
When traveling, it is essential to be cautious of certain payment methods, especially when dealing with vacation rentals, tours, or travel packages. Scammers often insist on wire transfers, gift cards, or cryptocurrency as the only acceptable forms of payment for accommodations. These payment methods are untraceable and nearly impossible to recover once sent. Exercise skepticism and avoid any requests for payment through these channels, as they are typically red flags indicating fraudulent activity. Instead, opt for secure and traceable payment methods, such as credit cards or reputable online payment platforms.
Take precautions to secure your devices against theft or loss while traveling. Use strong passwords or biometric authentication methods to lock your devices and prevent unauthorized access. Consider installing tracking apps or software that allow you to remotely locate, lock, or erase your devices in case they are lost or stolen. Additionally, avoid leaving your devices unattended in public places and always be vigilant of your surroundings.
While traveling, keep a close eye on your bank accounts, credit card statements, and other financial accounts. Check for unauthorized transactions or suspicious activity and immediately report any discrepancies to your financial institution. Consider enabling alerts or notifications on your accounts to receive real-time updates on account activity and detect any signs of fraud or unauthorized access.
Before you leave for vacation, ensure all devices within the family have the latest software updates. Cybercriminals often exploit vulnerabilities in outdated software to gain access to devices and steal sensitive information. Updates not only improve performance but also fix any security vulnerabilities that cybercriminals could exploit to gain unauthorized access to your devices and potentially compromise your sensitive information.
Before you embark on your vacation, take the time to set up parental controls on all your devices. Vacations might involve more downtime or long journeys, leading to increased screen time for children. Parental control features can allow you to restrict access to certain websites, apps, and content, allowing you to more effectively ensure that kids stay safe and engage with only appropriate content. Use these tools to create a safe online environment for your children and prevent them from stumbling upon inappropriate or harmful content. Our Social Privacy Manager can also help protect your child’s social media visibility and data.
With McAfee+ Family plans, you can safeguard up to 6 family members under one subscription with each member receiving individualized identity and privacy protection, secure VPN, and personalized notifications offering guidance on enhancing their online security. Rest assured, each family member can connect with confidence, knowing their personal information, online privacy, and devices are all securely protected.
Following these family-friendly cybersecurity tips, you can enjoy a safe and secure online experience during your summer vacations. Taking proactive steps to protect against cyber threats can help ensure peace of mind, knowing that your family’s online safety is safeguarded wherever your summer adventures may take you.
The post Family-Friendly Online Safety Tips for Summer Vacations appeared first on McAfee Blog.
Summer is synonymous with vacations, a time when families pack their bags, grab their sunscreen, and embark on exciting adventures. In the digital age, smartphones have become an indispensable part of our lives, serving as cameras, maps, entertainment hubs, and communication tools. While these devices enhance our travel experiences, they also become prime targets for theft or damage while we’re away from home. From keeping us connected with family and friends, assisting in navigation, capturing moments, to even helping us with language translation – it is a device of many conveniences. However, when you bring your smartphone while vacationing, like any other valuable item, it becomes a target for theft and damage. Not to mention the potential for high roaming charges.
Don’t let the fear of losing or damaging your valuable devices dampen your vacation spirit! By taking some simple precautions and implementing effective strategies, you can ensure that your family’s smartphones remain safe and secure throughout your travels. In this blog post, we’ll share essential tips and tricks for safeguarding your devices, so you can focus on creating unforgettable memories without any tech-related worries. This article will provide you with tips on how to protect your family’s smartphones while on vacation. We will cover strategies like enabling security settings, backing up data, checking for travel insurance policies, and utilizing helpful apps. Ensuring the safety of your devices will make your vacation more enjoyable and worry-free.
Traveling without smartphones seems almost impossible. However, having them on vacation puts them at risk. In tourist hotspots, where distractions are many, it is easy to lose or have your device stolen. Moreover, using public Wi-Fi networks can expose your smartphone to cyber attacks.
→ Dig Deeper: The Risks of Public Wi-Fi and How to Close the Security Gap
Therefore, it is vital to be proactive in securing both your smartphones and the data they contain. Not only will it save you from the high costs of replacing a lost or damaged phone, but it also prevents potential misuse of personal and financial information. Implementing even just a few of these safety measures can help ensure your family’s smartphones are well-protected during your vacation. So let’s dive into the practical steps you can take.
The first layer of protection for your phone should be a physical one. It starts with investing in a good quality, durable phone case. A waterproof case is always a good idea, especially if you’re planning on vacationing near the beach or a pool. A screen protector can also keep your screen from shattering or getting scratched. Remember, you’re more likely to drop your phone while on vacation as you juggle through maps, travel apps, and numerous photo opportunities.
Another aspect of physical protection is to be mindful of where you store your phone. Avoid leaving it in plain sight or unattended, which could invite potential thieves. Instead, carry it in a secure, zipped pocket or bag. If you’re staying at a hotel, consider using the safe to store your phone when not in use. Most importantly, be aware of your surroundings and keep your phone safely tucked away in crowded places.
McAfee Pro Tip: Activating the correct features can determine whether your personal data is lost permanently or if your device can swiftly recover. Install McAfee Mobile Security and learn more tips on what to do if your phone gets stolen on this blog.
Safeguarding your phone is not just about protecting the physical device—your personal and sensitive data deserves protection too. Before you leave for your vacation, make sure that your phone is password-protected. Optimally, use a complex password, fingerprint, or face recognition feature instead of a simple four-digit PIN. This singular step can deter any prying eyes from accessing your information if your phone is lost or stolen.
Ensure your phone’s software is up to date. Regular updates not only enhance the device’s performance but also incorporate vital security patches, fortifying its defenses against potential threats like malware. By staying vigilant and keeping your phone’s software current, you contribute to a more secure environment, minimizing the risk of unauthorized eyes accessing your valuable information in the event of a loss or theft.
→ Dig Deeper: Why Software Updates Are So Important
Backing up your smartphone’s data before leaving for vacation can save you from a lot of stress. In case of loss, theft, or damage, having a backup ensures that you won’t lose your cherished photos, contacts, and other essential data. Most smartphones allow you to back up your data to the cloud. Make sure to do this over a safe, secure network and not on public Wi-Fi.
For Android users, Google provides an automatic backup service for things like app data, call history, and settings. You can check if this feature is enabled on your phone by going to the Google Drive App and checking in the Backups section. For iPhone users, iCloud Backup can help save most of your data and settings. To enable it, go to Settings, tap on your name, then tap iCloud and scroll down to tap iCloud Backup.
Without proper management, staying connected while abroad can result in expensive roaming charges. Before you leave, check with your mobile provider to understand the costs associated with using your phone abroad. Some providers offer international plans that you can temporarily switch to for your vacation. If your provider’s charges are too high, consider purchasing a local SIM card once you arrive at your destination or use an international data package.
Another way to avoid roaming charges is by using Wi-Fi. Most hotels, cafes, and many public spaces have free Wi-Fi available. However, again, public Wi-Fi is not always safe. So, avoid accessing sensitive information such as bank accounts, and before traveling, download maps and essential content before traveling to reduce the need for constant data usage. This is especially helpful for navigation apps. To protect your data in such situations, it’s advisable to use a Virtual Private Network (VPN).
→ Dig Deeper: How to Keep Your Data & Devices Safe While Traveling
Several apps can help protect your phone and its data during your vacation. Most smartphone operating systems offer a “Find My Phone” feature that can locate, lock, or erase your device if it is lost or stolen. Make sure this feature is enabled before you leave.
Again, antivirus apps can provide an extra layer of protection against virus and malware threats. Password manager apps can help you create and store complex, unique passwords for your accounts to enhance security.
VPN apps can protect your data from being intercepted when using public Wi-Fi networks. There are also apps that monitor your data usage and can alert you if you’re near your limit to avoid unexpected charges. Research and install these apps prior to your vacation for added security and peace of mind.
Your family’s smartphones are essential travel companions that deserve as much protection as any other valuable item during your vacation. By physically safeguarding the device, securing your data, backing up regularly, understanding roaming charges, and utilizing productive apps, you can enjoy a worry-free vacation. Remember, in the event of a mishap, having travel insurance can provide an extra layer of financial protection. So, before setting off, review your policy and check if it covers lost or stolen devices. In the end, preparation is key, so take the time to implement these safety measures and enjoy your vacation with peace of mind.
Above and beyond security settings and software, there’s you. Get in the habit of talking with your child for a sense of what they’re doing online. As a mom, I like to ask them about their favorite games, share some funny TikTok clips or cute photos with them, and generally make it a point to be a part of their digital lives. It’s great, because it gives you peace of mind knowing what types of things they are doing or interactions they are having online.
For those of you hitting the road in the coming weeks, enjoy your travels, wherever they take you!
The post How To Protect Your Family’s Smartphones While on Vacation appeared first on McAfee Blog.
In the hands of a thief, your Social Security Number is the master key to your identity.
With a Social Security Number (SSN), a thief can unlock everything from credit history and credit line to tax refunds and medical care. In extreme cases, thieves can use it to impersonate others. So, if you suspect your number is lost or stolen, it’s important to report identity theft to Social Security right away.
Part of what makes an SSN so powerful in identity theft is that there’s only one like it. Unlike a compromised credit card, you can’t hop on the phone and get a replacement. No question, the theft of your SSN has serious implications. If you suspect it, report it. So, let’s take a look at how it can happen and how you can report identity theft to Social Security if it does.
Yes. Sort of. The Social Security Administration can assign a new SSN in a limited number of cases. However, per the SSA, “When we assign a different Social Security number, we do not destroy the original number. We cross-refer the new number with the original number to make sure the person receives credit for all earnings under both numbers.”
In other words, your SSN is effectively for forever, which means if it’s stolen, you’re still faced with clearing up any of the malicious activity associated with the theft potentially for quite some time. That’s yet another reason why the protection of your SSN deserves particular attention.
There are several ways an SSN can end up with a thief. Some involve physical theft, and others can take the digital route. To what extent are SSNs at risk? Notably, there was the Equifax breach of 2017, which exposed some 147 million SSNs. Yet just because an SSN has been potentially exposed does not mean that an identity crime has been committed with it.
So, let’s start with the basics: how do SSNs get stolen or exposed?
That’s quite the list. Broadly speaking, the examples above give good reasons for keeping your SSN as private and secure as possible. With that, it’s helpful to know that there are only a handful of situations where your SSN is required for legitimate purposes, which can help you make decisions about how and when to give it out. The list of required cases is relatively short, such as:
You’ll notice that places like doctor’s offices and other businesses are not listed here, though they’ll often request an SSN for identification purposes. While there’s no law preventing them from asking you for that information, they may refuse to work with you if you do not provide that info. In such cases, ask what the SSN would be used for and if there is another form of identification that they can use instead. In all, your SSN is uniquely yours, so be extremely cautious in order to minimize its potential exposure to theft.
Let’s say you spot something unusual on your credit report or get a notification that someone has filed a tax return on your behalf without your knowledge. These are possible signs that your identity, if not your SSN, is in jeopardy, which means it’s time to act right away using the steps below:
1. Report the theft to local and federal authorities.
File a police report and a Federal Trade Commission (FTC) Identity Theft Report. This will help in case someone uses your Social Security number to commit fraud since it will provide a legal record of the theft. The FTC can also assist by guiding you through the identity theft recovery process as well. Their site really is an excellent resource.
2. Contact the businesses involved.
Get in touch with the fraud department at each of the businesses where you suspect theft has taken place, let them know of your situation, and follow the steps they provide. With your police and FTC reports, you will already have a couple of vital pieces of information that can help you clear your name.
3. Reach the Social Security Administration and the IRS.
Check your Social Security account to see if someone has gotten a job and used your SSN for employment purposes. Reviewing earnings associated with your SSN can uncover fraudulent use. You can also contact the Social Security Fraud Hotline at (800) 269-0271 or reach out to your local SSA office for further, ongoing assistance. Likewise, contact the Internal Revenue Service at (800) 908-4490 to report the theft and help prevent someone from submitting a tax return in your name.
As we’ve talked about in some of my other blog posts, identity theft can be a long-term problem where follow-up instances of theft can crop up over time. However, there are a few steps you can take to minimize the damage and ensure it doesn’t happen again. I cover several of those steps in detail in this blog here, yet let’s take a look at a few of the top items as they relate to SSN theft:
Consider placing a fraud alert.
By placing a fraud alert, you can make it harder for thieves to open accounts in your name. Place it with one of the three major credit bureaus (Experian, TransUnion, Equifax), and they will notify the other two. During the year-long fraud alert period, it will require businesses to verify your identity before issuing new credit in your name.
Look into an all-out credit freeze.
A full credit freeze is in place until you lift it and will prohibit creditors from pulling your credit report altogether. This can help stop thieves dead in their tracks since approving credit requires pulling a report. However, this applies to legitimate inquiries, including any that you make, like opening a new loan or signing up for a credit card. If that’s the case, you’ll need to take extra steps as directed by the particular institution or lender. Unlike the fraud alert, you’ll need to notify each of the three major credit bureaus (Experian, TransUnion, Equifax) when you want the freeze lifted.
Monitor your credit reports.
Once a week you can access a free credit report from Experian, TransUnion, and Equifax. Doing so will allow you to spot any future discrepancies and offer you options for correcting them.
Sign up for an identity protection service.
Using a service to help protect your identity can monitor several types of personally identifiable information and alert you of potentially unauthorized use. Our own Identity Protection Service will do all this and more, like offering guided help to neutralize threats and prevent theft from happening again. You can set it up on your computers and smartphone to stay in the know, address issues immediately, and keep your identity secured.
Of all the forms of identity theft, the theft of a Social Security Number is certainly one of the most potentially painful because it can unlock so many vital aspects of your life. It’s uniquely you, even more than your name alone – at least in the eyes of creditors, banks, insurance companies, criminal records, etc. Your SSN calls for extra protection, and if you have any concerns that it may have been lost or stolen, don’t hesitate to spring into action.
The post How to Report Identity Theft to Social Security appeared first on McAfee Blog.
Some conversations on social media can get … heated. Some can cross the line into harassment. Or worse.
Harassment on social media has seen an unfortunate rise in recent years. Despite platforms putting in reporting mechanisms, policies, and even using AI to detect and remove harmful speech, people are seeing more and more harassment on social media.
Yet even as it becomes more prevalent, nothing about it is usually. Or acceptable. No, you can’t prevent social media harassment. Yet you can protect yourself in the face of these attacks.
In 2023, research showed that 52% of American adults said they experienced harassment at some point online. That’s up from 40% in 2022. Also in 2023, 33% said they experienced it in the last year, a jump of 10% from 2022.i
The same trend follows for teens, where 51% of them said they experienced harassment in the past year, compared to 36% in the year prior.ii
Earlier research conducted in the U.S. tracked a significant rise in harassment online between 2014 and 2020. This included the doubling or the near doubling of the most severe forms of online harassment.iii
Our own research in 2022 also noted a rise of another kind — worry about online harassment. Globally, 60% of children said they were more worried that year about social media harassment (cyberbullying) compared to the year prior. Their parents showed yet more concern, with 74% of them more worried that year about their child being harassed than the last.iv
Stats are one thing, yet behind each figure stands a victim. Harassment takes a hard toll on its victims — emotional, financial, and sometimes physical. That becomes clear the moment you look at the forms it can take.
Social media harassment includes:
It includes other acts, such as:
In practice, the results can get ugly. Scanning press releases from various state attorneys general, you’ll find unflinching accounts of harassment. Like a targeted, three-year cyberstalking campaign against a victim and that person’s parents, coworkers, siblings, and court-mandated professionals.v Another, where the harasser attempted to defame his victim through a fake LinkedIn profile — and further doxed his victim by publicly posting source code the victim had written worth millions of dollars.vi
All of this serves as a reminder. Harassment can quickly turn into a crime.
The unfortunate fact remains that you can’t prevent social media harassment. Some people simply find themselves driven to do it. You can take several steps to shield yourself from attackers and deny them the info they need to fuel their attacks.
Secure your accounts.
Account security should be a high priority for you, your loved ones, and anyone else. That’s especially true during periods of harassment. Every account you have should be secured with a complex password — at least 12 to 14 characters long, with numbers, capital letters, lowercase letters, and symbols. And with two-factor authentication.
Two-factor authentication is especially important when it comes to account security. The reason is simple: a lot of harassers are tech-savvy, and enjoy taking over a victim’s account to make offensive comments in their name and damage their reputation.
Two-factor authentication prevents account takeovers like this. It requires a user to know the password and username for an account, along with another way they can prove they are who they say they are. Often that involves a code sent to their smartphone that they can use to verify their identity. At McAfee, we recommend you use two-factor authentication on any account that offers it.
Control who can follow you.
Social media platforms offer plenty of ways you can lock down your privacy, even as you remain “social” on them to some degree. Our Social Privacy Manager can help you be as private as you like. It helps you adjust more than 100 privacy settings across your social media accounts in only a few clicks, so your personal info is only visible to the people you want to share it with. By making yourself more private, you deny a potential harasser an important source of info about you, in addition to your friends, family, and life overall.
Limit what you share online.
Limit how much info you share about yourself on social media websites. Addresses, phone numbers, and locations shouldn’t be shared in posts and shouldn’t be included in biographies. Attackers can use this type of info to make false threats and, in some cases, falsify crimes to elicit a police response — this is a technique called “SWATTING” and it’s quite serious.vii
In some instances, harassers gather info about their victims on data brokers or “people finder” sites. Some of this info can get pretty detailed, and these sites will sell it to anyone. You can clean up that info, however. Our Personal Data Cleanup scans data broker sites and shows you which ones are selling your personal info. It also provides guidance on how you can remove your data from those sites — or remove it for you, depending on your plan.
Report the harassment to the social media platform.
If you find yourself targeted, don’t respond. That’s what the harasser wants. Use your social media platform’s tools to block and then report the harasser. Many platforms have web pages dedicated to harassment that walk you through the process.
Report harassment to the authorities.
First off, if you feel that you are in immediate danger, contact your local authorities for help.
In many cases, harassment is illegal. Slander, threats, damage to your professional reputation, doxing, and many of the examples mentioned earlier can amount to a crime. There are options for victims, legally speaking. If you feel a harassment campaign has crossed the line, then it’s time to contact the authorities. Bring proof of harassment. Take screenshots of everything and submit them as part of your complaint.
Talk with trusted family members and friends.
We’ve seen just how damaging and painful harassment can be. Let trusted people in your life know what’s happening. Lean on them for support. And have them help you find any resources you might need in the wake of harassment, such as counseling or even legal assistance. You might find this tough to do, yet realize that you’re not at fault here. Any ugliness you’re dealing with comes from the hands of a harasser. Not yours. Close family and friends will recognize this.
[i] https://www.adl.org/resources/report/online-hate-and-harassment-american-experience-2023
[ii] https://www.adl.org/resources/report/online-hate-and-harassment-american-experience-2023
[iii] https://www.pewresearch.org/internet/2021/01/13/the-state-of-online-harassment/
[vii] https://www.theguardian.com/technology/2016/apr/15/swatting-law-teens-anonymous-prank-call-police
The post How to Protect Yourself From Social Media Harassment appeared first on McAfee Blog.
While last-minute tax filers stare down the clock, scammers look for easy pickings. Tax scams are in full swing as April 15th approaches, and we have a rundown of the top ones making the rounds this year.
For starters, the stakes this year remain the same as ever. Scammers are taking advantage of the stress and uncertainty that comes with tax season as they target people’s personal info, money, or both. Their avenues of attack remain the same as well, via email, texts, direct messages, and the phone.
Yet there’s a new wrinkle this year. Scammers have tapped into AI tools that make their scams look and feel far more sophisticated than ever.
We saw the first stirrings of AI-driven scams last year as AI tools first entered the marketplace. This year, AI-driven scams feature more and more in the landscape of threats. Scammers use them to generate images, write copy, and build websites in a fraction of the time that it once took. While they still make some of the design and writing mistakes they’ve made in the past, they make far fewer of them.
We have a couple of tax scams to share from the many we’ve uncovered. The first one involves a popular brand of tax software here in the U.S.
Example of a scammer email
At first blush, this bogus email looks pretty legit. At first. The layout, photograph, and link all look like standard fare for an email. Though looking more closely, you can spot several AI fingerprints all over it.
For one, big brands like TurboTax have writers, editors, and reviewers who comb over copy before it gets approved for release. Here, the headline breaks a pretty standard formatting rule. In “headline case” writing, the “with” should be lowercase. Sure, mistakes get made, and this might be one example. Yet the problems go deeper than that.
Read the fine print. You’ll see that the grammar is off. The paragraph overall has a broken feel to it. You’ll also see that the copy mentions “market leader” twice — and awkwardly so. And what company mentions its competitors in an email like this? They’re not out to boost competitors.
Lastly, the email spells out the company’s name wrong in the fine print. It’s “TurboTax,” not “Turbo Tax with License Code.” All of this points to an obvious fake. But only by looking closely at it. It’s as if the scammers prompted an AI chatbot with “Describe what TurboTax is” and got this as a response.
Granted, that represents an example of rather sloppy work. The next example looks more convincing. This time, the scammers impersonate the IRS:
Example of a scammer website
We discovered this fake IRS site when our McAfee Labs team investigated a link sent in an email. The bait is the promise of getting a tax ID number for a business or organization. The hook is this bogus site designed to harvest personal and business info.
If you’ve visited the IRS site recently, you’ll recognize the look and feel of an IRS webpage quickly. It seems familiar enough, yet once again a closer look reveals a few things.
First, a small grammatical error rears its head in the copy. The term “setup” is a noun, yet the copy uses it as a verb. It should read “set up” instead. Granted, this is a common error. Many sites make it, yet it’s a red flag nonetheless. Next, the contact method in the top right raises yet another. Contact “an EIN expert” via email during set hours? Set hours are for phone calls, not email.
We omitted the final telltale sign — the URL. It was clearly a fake and not the official irs.gov address.
In all, it shows just how cagey tax scammers can be today. Particularly with AI. It puts a fresh look on some old tactics, making scams tougher to spot.
Sketchy email attachments — the five most popular types.
This classic is back. Scammers spread all manner of malware with email attachments. One example: spyware that steals info as you type usernames and passwords as you log into your accounts. Another: ransomware that holds the data on your device hostage until you pay. Maybe. The list goes on, yet scammers always try to package it up in a way that looks legit.
One way they pull that off is with a phony tax document bundled up in a .pdf document. In fact, the .pdf format marks the number one file type that hackers and scammers use in their attacks. By our count, it tops the number two file type by a ratio of roughly 6 to 1.
Here are the top five file types used by scammers and hackers:
What makes the .pdf format so popular? People trust it. It gets commonly used in business, and many legitimate tax forms come in that format. However, it also offers a versatile platform for exploits. Hackers and scammers can embed malicious links and content within them. So clicking what’s inside that .pdf doc can lead to trouble, say in the form of a malicious website designed to steal personal info.
Starting in the second half of last year, we noted a spike in malicious attachments that used the .pdf format. Another reason that makes .pdf files so popular, email filters tend to focus on other file types like the executable .exe format. So, a .pdf has a better shot at slipping through.
Our advice:
As always, strong antivirus software can detect and protect you from malicious email attachments. Our Next-gen Threat Protection found in all our McAfee+ plans once again proves itself as a top option for antivirus. Results from the independent lab AV-TEST in December 2023 saw it block 100% of entirely new malware attacks in real-world testing. It likewise scored 100% against malware discovered in the previous four weeks. In all, it received the highest marks for protection, performance, and usability — earning it the AV-TEST Top Product certification.
Tax time phishing scams.
Phishing scams crop up in plenty of places and take plenty of forms. As in years past, we see scammers cranking up their bogus texts, direct messages, and emails. They all follow the tax season theme, yet they take different approaches to roping in victims. Some include:
Additionally, many phishing attacks point people to malicious websites — once again that steal personal info. We’ve seen a spike in malicious tax-related URLs starting in the second half of last year as well.
Our advice:
You can absolutely protect yourself from phishing scams. Now with the help of AI. McAfee Scam Protection detects suspicious URLs with AI before they’re opened or clicked on. This takes the guesswork out of those sometimes convincing-looking messages by letting you know if they’re fakes. If you accidentally click or tap on a suspicious link in a text, email, social media, or browser search, it blocks the scam site from loading. You’ll find McAfee Scam Protection across our McAfee+ plans.
Fake charity scams also crop up this time of year.
Whether it’s for natural disaster aid, aiding refugees in war-torn regions, or even protecting animals and pets, scammers set up phony charities with the aim of pulling heartstrings. And then stealing money as a result.
Scammers reach out with the usual methods, by email, text, direct message, and sometimes phone calls as well. They all share one thing in common. They all give potential victims a chance to support a cause that they care for and get a tax credit in return. Yet with these scams, the charity doesn’t exist. Instead, money and personal info end up in the hands of scammers.
Our advice:
Yet you have several ways you can spot a fake charity. For one, the message often has a pressing, almost alarming, tone. One that urges you to “act now.” Before acting, take a moment. Research the charity. See how long they’ve been in operation, how they put their funds to work, and who truly benefits from them.
Likewise, note that some charities pass along more money to their beneficiaries than others. Generally, most reputable organizations only keep 25% or less of their funds for operations, while some less-than-reputable organizations keep up to 95% of funds, leaving only 5% for advancing the cause they advocate. In the U.S., the Federal Trade Commission (FTC) has a site full of resources so that you can make your donation truly count. Resources like Charity Watch and Charity Navigator, along with the BBB’s Wise Giving Alliance can also help you identify the best charities.
Keep an ear out for scam calls.
Scammers like to pick up the phone too. A popular form of attack involves “the call from the IRS.” Typically, a recorded message notifies the recipient that they owe money. And because scammers know just how jarring a call from the IRS can be, they apply heavy pressure in the message.
In the past, we’ve heard messages that threatened fines, jail time, and revoking driver’s licenses. They’ve mentioned the police and other law enforcement agents in them as well, just to turn up the heat.
Now with AI, scammers can create robocalls that sound highly realistic in only moments of time. It’s as simple as writing a few lines of a script, feeding it into an AI tool, and then generating an audio file. No need for another person to record the message. AI takes care of it all.
Our advice:
The best way you can avoid falling for this scam is by knowing what the IRS will and will not do when they contact you. From the irs.gov website, the IRS will not:
Lastly, also know that the IRS is here to help. The agency offers a full help page with online resources, along with several ways you can contact the IRS for help. If you have any questions about a notification that you received, contact them.
While scammers have a wealth of tools available to them, you have one tool that protects you from all kinds of threats. Comprehensive online protection software like McAfee+ offers yet more ways to steer clear of tax scams.
In addition to the antivirus and scam protection features we mentioned, it can make you more private on social media, which can prevent scammers from profiling you. It can also remove your personal info from the data broker sites scammers use to contact their victims. (Granted, scammers have to get your contact info from somewhere, and these sites offer that info, plus much more.) Also, a VPN can help you connect and file your taxes even more securely, so what you do stays private.
And if the unfortunate happens, our identity theft coverage can help you recover. It provides $2 million in identity theft coverage and a licensed recovery expert who can help restore your identity.
Yes, we’re seeing plenty of old scams with new twists this year. Yet the same ways you can protect yourself from them only get better and better.
The post The Top Tax Scams of 2024 appeared first on McAfee Blog.
It’s that time of year again – tax season! Whether you’ve already filed in the hopes of an early refund or have yet to start the process, one thing is for sure: cybercriminals will certainly use tax season as a means to get victims to give up their personal and financial information. This time of year is advantageous for malicious actors since the IRS and tax preparers are some of the few people who actually need your personal data. As a result, consumers are targeted with various scams impersonating trusted sources like the IRS or DIY tax software companies. Fortunately, every year the IRS outlines the most prevalent tax scams, such as voice phishing, email phishing, and fake tax software scams. Let’s explore the details of these threats.
So, how do cybercriminals use voice phishing to impersonate the IRS? Voice phishing, a form of criminal phone fraud, uses social engineering tactics to gain access to victims’ personal and financial information. For tax scams, criminals will make unsolicited calls posing as the IRS and leave voicemails requesting an immediate callback. The crooks will then demand that the victim pay a phony tax bill in the form of a wire transfer, prepaid debit card or gift card. In one case outlined by Forbes, victims received emails in their inbox that allegedly contained voicemails from the IRS. The emails didn’t actually contain any voicemails but instead directed victims to a suspicious SharePoint URL. Last year, a number of SharePoint phishing scams occurred as an attempt to steal Office 365 credentials, so it’s not surprising that cybercriminals are using this technique to access taxpayers’ personal data now as well.
In addition to voice phishing schemes, malicious actors are also using email to try and get consumers to give up their personal and financial information. This year alone, almost 400 IRS phishing URLs have been reported. In a typical email phishing scheme, scammers try to obtain personal tax information like usernames and passwords by using spoofed email addresses and stolen logos. In many cases, the emails contain suspicious hyperlinks that redirect users to a fake site or PDF attachments that may download malware or viruses. If a victim clicks on these malicious links or attachments, they can seriously endanger their tax data by giving identity thieves the opportunity to steal their refund. What’s more, cybercriminals are also using subject lines like “IRS Important Notice” and “IRS Taxpayer Notice” and demanding payment or threatening to seize the victim’s tax refund.
Cybercriminals are even going so far as to impersonate trusted brands like TurboTax for their scams. In this case, DIY tax preparers who search for TurboTax software on Google are shown ads for pirated versions of TurboTax. The victims will pay a fee for the software via PayPal, only to have their computer infected with malware after downloading the software. You may be wondering, how do victims happen upon this malicious software through a simple Google search? Unfortunately, scammers have been paying to have their spoofed sites show up in search results, increasing the chances that an innocent taxpayer will fall victim to their scheme.
Money is a prime motivator for many consumers, and malicious actors are fully prepared to exploit this. Many people are concerned about how much they might owe or are predicting how much they’ll get back on their tax refund, and scammers play to both of these emotions. So, as hundreds of taxpayers are waiting for a potential tax return, it’s important that they navigate tax season wisely. Check out the following tips to avoid being spoofed by cybercriminals and identity thieves:
File before cybercriminals do it for you. The easiest defense you can take against tax season schemes is to get your hands on your W-2 and file as soon as possible. The more prompt you are to file, the less likely your data will be raked in by a cybercriminal.
Keep an eye on your credit and your identity. Keeping tabs on your credit report and knowing if your personal information has been compromised in some way can help prevent tax fraud. Together, they can let you know if someone has stolen your identity or if you have personal info on the dark web that could lead to identity theft.
Watch out for spoofed websites. Scammers have extremely sophisticated tools that help disguise phony web addresses for DIY tax software, such as stolen company logos and site designs. To avoid falling for this, go directly to the source. Type the address of a website directly into the address bar of your browser instead of following a link from an email or internet search. If you receive any suspicious links in your email, investigating the domain is usually a good way to tell if the source is legitimate or not.
Protect yourself from scam messages. Scammers also send links to scam sites via texts, social media messages, and email. McAfee Scam Protection can help you spot if the message you got is a fake. It uses AI technology that automatically detects links to scam URLs. If you accidentally click, don’t worry, it can block risky sites if you do.
Clean up your personal info online. Crooks and scammers have to find you before they can contact you. After all, they need to get your phone number or email from somewhere. Sometimes, that’s from “people finder” and online data brokers that gather and sell personal info to any buyer. Including crooks. McAfee Personal Data Cleanup can remove your personal info from the data broker sites scammers use to contact their victims.
Consider an identity theft protection solution. If for some reason your personal data does become compromised, be sure to use an identity theft solution such as McAfee Identity Theft Protection, which allows users to take a proactive approach to protect their identities with personal and financial monitoring and recovery tools to help keep their identities personal and secured.
The post How to Steer Clear of Tax Season Scams appeared first on McAfee Blog.
People under 60 are losing it online. And by it, I mean money—thanks to digital identity theft.
In its simplest form, your digital identity is made up of a whole host of things that can be traced back to you and who you are. That can range anywhere from photos you post online to online shopping accounts, email accounts to telephone numbers, and bank accounts to your tax ID.
In this way, your digital identity is like dozens upon dozens of puzzle pieces made up of different accounts, ID numbers, and so forth. When put together, they create a picture of you. And that’s why those little puzzle pieces of your identity are such attractive targets for hackers. If they get the right combination of them, you can end up a victim of theft or fraud.
Here’s what’s happening: people under 60 were twice as likely to report losing money while shopping online. The spotlight also shows that adults under 60 are more than four times more likely to report losing money to an investment scam, and the majority of those losses happened in scams involving some form of cryptocurrency investments.
And it’s no surprise younger adults get targeted this way. They’re far more likely than any other age group to use mobile apps for peer-to-peer payments, transfer money between accounts, deposit checks, and pay bills. In short, there’s a lot of money flowing through the palms of their hands thanks to their phones, as well as their computers.
Protecting yourself from hackers and fraud means protecting your digital identity. And that can feel like a pretty huge task given all the information your digital identity includes. It can be done, though, especially if you think about your identity like a puzzle. A piece here, another piece there, can complete the picture (or complete it just enough) to give a hacker what they need to separate you from your money. Thus, the way to stay safe is to keep those puzzle pieces out of other people’s hands.
It’s actually not that tough. With a few new habits and a couple of apps to help you out, you can protect yourself from the headaches and flat-out pain of fraud. Here’s a list of straightforward things that you can get started on right away:
1. Start with the basics—security software
Protect yourself by protecting your stuff. Installing and using security software on your computers and phones can prevent all kinds of attacks and make you safer while you surf, bank, and shop online. I should emphasize it again—protect your phone. Only about half of people protect their phones even though they use them to hail rides, order food, send money to friends, and more. Going unprotected on your phone means you’re sending all that money on the internet in a way that’s far, far less safe than if you use online protection.
2. Create strong passwords
You hear this one all the time and for good reason—strong, unique passwords offer one of your best defenses against hackers. Never re-use them (or slight alterations of them) across the different platforms and services you use. Don’t forget to update them on the regular (that means at least every 60 days)! While that sounds like a lot of work, a password manager can keep on top of it all for you. And if your platform or service offers the use of two-factor authentication, definitely make use of that. It’s a further layer of security that makes hacking tougher for crooks.
3. Keep up to date with your updates
Updates have a way of popping up on our phones and computers nearly every day, resist the urge to put them off until later. Aside from making improvements, updates often include important security fixes. So, when you get an alert for your operating system or app on your devices, go ahead and update. Think of it as adding another line of defense from hackers who are looking to exploit old flaws in your apps.
4. Think twice when you share
Social media is one place hackers go to harvest personal information because people sometimes have a way of sharing more than they should. With info like your birthday, the name of your first school, your mother’s maiden name, or even the make of your first car, they can answer common security questions that could hack into your accounts. Crank up the privacy settings on your accounts so only friends and family can see your posts—and realize the best defense here is not to post any possibly sensitive info in the first place. Also, steer clear of those “quizzes” that sometimes pop up in your social feeds. Those are other ways that hackers try to gain bits of info that can put your identity at risk.
5. Shred it
Even though so many of us have gone paperless with our bills, identity theft by digging through the trash, or “dumpster diving,” is still a thing. Things like medical bills, tax documents, and checks still might make their way to your mailbox. You’ll want to dispose of them properly when you’re through with them. First, invest in a paper shredder. Once you’ve online deposited that check or paid that odd bill, shred it so that any personal or account info on there can’t be read (and can be recycled securely). Second, if you’re heading out of town for a bit, have a friend collect your mail or have the post office put a temporary hold on your mail. That’ll prevent thieves from lifting personal info right from your mailbox while you’re away.
6. Check your credit
Even if you don’t think there’s a problem, go ahead and check your credit. The thing is, someone could be charging things against your name without you even knowing it. Depending on where you live, different credit reporting agencies keep tabs on people’s credit. In the U.S., the big ones are Equifax, Experian, and TransUnion. Also in the U.S., the Fair Credit Reporting Act (FCRA) requires these agencies to provide you with a free credit check at least once every 12 months. Canada, the UK, and other nations likewise offer ways to get a free credit report. Run down your options—you may be surprised by what you find.
As I just mentioned, the quickest way to get sense of what’s happening with your identity is to check your credit. Identity theft goes beyond money. Crooks will steal identities to rent apartments, access medical services, and even get jobs. Things like that can show up on a credit report, such as when an unknown address shows up in a list of your current and former residences or when a company you’ve never worked for shows up as an employer. If you spot anything strange, track it down right away. Many businesses have fraud departments with procedures in place that can help you clear your name if you find a charge or service wrongfully billed under your name.
Other signs are far more obvious. You may find collection agencies calling or even see tax notices appearing in your mailbox (yikes). Clearly, cases like those are telltale signs that something is really wrong. In that case, report it right away:
Likewise, many nations offer similar government services. A quick search will point you in the right direction.
Another step you can take is to ask each credit bureau to freeze your credit, which prevents crooks from using your personal information to open new lines of credit or accounts in your name. Fraud alerts offer another line of protection for you as well, and you can learn more about fraud alerts here.
With so many bits and pieces of information making up your digital identity, a broader way of keeping it safe involves asking yourself a question: what could happen if someone got their hands on this info? Further realizing that even little snippets of unsecured info can lead to fraud or theft in your name helps—even that un-shredded bill or innocuous refund check for a couple of bucks could give a crook the puzzle piece they need. You can keep your digital identity safe by keeping those pieces of info out of other people’s hands.
The post How to Protect Your Digital Identity appeared first on McAfee Blog.
There used to be a time when one roommate split the cost of rent with another by writing a check. Who still owns a checkbook these days? Of course, those days are nearly long gone, in large part thanks to “peer to peer” (P2P) mobile payment apps, like Venmo, Zelle, or Cash App. Now with a simple click on an app, you can transfer your friend money for brunch before you even leave the table. Yet for all their convenience, P2P mobile payment apps could cost you a couple of bucks or more if you’re not on the lookout for things like fraud. The good news is that there are some straightforward ways to protect yourself.
You likely have one of these apps on your phone already. If so, you’re among the many. It’s estimated that 49% of adults in the U.S. use mobile payment apps like these.
Yet with all those different apps come different policies and protections associated with them. So, if you ever get stuck with a bum charge, it may not always be so easy to get your money back.
With that, here are seven quick tips for using your P2P mobile payment apps safely.
In addition to securing your account with a strong password, go into your settings and set up your app to use a PIN code, facial ID, or fingerprint ID. (And make sure you’re locking your phone the same way too.) This provides an additional layer of protection in the event your phone is stolen or lost and someone, other than you, tries to make a payment with it.
What’s worse than sending money to the wrong person? When paying a friend for the first time, have them make a payment request for you. This way, you can be sure that you’re sending money to the right person. With the freedom to create account names however one likes, a small typo can end up as a donation to a complete stranger. To top it off, that money could be gone for good!
Another option is to make a test payment. Sending a small amount to that new account lets both of you know that the routing is right and that a full payment can be made with confidence.
Bye, bye, bye! Unlike some other payment methods, new mobile payment apps don’t have a way to dispute a charge, cancel a payment, or otherwise use some sort of recall or retrieval feature. If anything, this reinforces the thought above—be sure that you’re absolutely making the payment to the right person.
Credit cards offer a couple of clear advantages over debit cards when using them in association with mobile payment apps (and online shopping for that matter too). Essentially, they can protect you better from fraud:
Report any activity like this immediately to your financial institution. Timing can be of the essence in terms of limiting your liabilities and losses. For additional info, check out this article from the Federal Trade Commission (FTC) that outlines what to do if your debit or credit card is stolen and what your liabilities are.
Also, note the following guidance from the FTC on payment apps:
“New mobile apps and forms of payment may not provide these same protections. That means it might not always be easy to get your money back if something goes wrong. Make sure you understand the protections and assurances your payment services provider offers with their service.”
It’s sad but true. Crooks are setting up all kinds of scams that use mobile payment apps. A popular one involves creating fake charities or posing as legitimate ones and then asking for funds by mobile payment. To avoid getting scammed, check and see if the charity is legit. The FTC suggests researching resources like Better Business Bureau’s Wise Giving Alliance, Charity Navigator, Charity Watch or, GuideStar.
Overall, the FTC further recommends the following to keep yourself from getting scammed:
With so much of your life on your phone, getting security software installed on it can protect you and the things you keep on your phone. Whether you’re an Android owner or iOS owner, mobile security software can keep your data, shopping, and payments secure.
The post Avoid Making Costly Mistakes with Your Mobile Payment Apps appeared first on McAfee Blog.
Before you take the fun-looking quiz that popped up in your social media feed, think twice. The person holding the answers may be a hacker.
Where people go, hackers are sure to follow. So it’s no surprise hackers have set up shop on social media. This has been the case for years, yet now social media-based crime is on the rise. Since 2021, total reported losses to this type of fraud reached $2.7 billion.
Among these losses are cases of identity theft, where criminals use social media to gather personal information and build profiles of potential victims they can target. Just as we discussed in our recent blog, “Can thieves steal identities with only a name and address?” these bits of information are important pieces in the larger jigsaw puzzle that is your overall identity.
Let’s uncover these scams these crooks use so that you can steer clear and stay safe.
“What’s your spooky Halloween name?” or “What’s your professional wrestler name?” You’ve probably seen a few of those and similar quizzes in your feed where you use the street you grew up on, your birthdate, your favorite song, and maybe the name of a beloved first pet to cook up a silly name or some other result. Of course, these are pieces of personal information, sometimes the answer to commonly used security questions by banks and other financial institutions. (Like, what was the model of your first car?) With this info in hand, a hacker could attempt to gain access to your accounts.
Similarly, scammers will also post surveys with the offer of a gift card to a popular retailer. All you have to do is fork over your personal info. Of course, there’s no gift card coming. Meanwhile, that scammer now has some choice pieces of personal info that they can potentially use against you.
How to avoid them: Simply put, don’t take those quizzes and surveys online.
The list here is long. These include posts and direct messages about phony relief funds, grants, and giveaways—along with bogus business opportunities that run the gamut from thinly veiled pyramid schemes and gifting circles to mystery shopper jobs. What they all have in common is that they’re run by scammers who want your information, money, or both. If this sounds familiar, like those old emails about transferring funds for a prince in some faraway nation, it is. Many of these scams simply made the jump from email to social media platforms.
How to avoid them: Research any offer, business opportunity, or organization that reaches out to you. A good trick is to do a search of the organization’s name plus the term “scam” or “review” or “complaint” to see if anything sketchy comes up.
If there’s one government official that scammers like to use to scare you, it’s the tax collector. These scammers will use social media messaging (and other mediums like emails, texts, and phone calls) to pose as an official who’s either demanding back taxes or offering a refund or credit—all of which are bogus and all of which involve you handing over your personal info, money, or both.
How to avoid them: Delete the message. In the U.S., the IRS and other government agencies will never reach out to you in this way or ask you for your personal information. Likewise, they won’t demand payment via wire transfer, gift cards, or cryptocurrency like Bitcoin. Only scammers will.
These are far more targeted than the scams listed above because they’re targeted and often rely upon specific information about you and your family. Thanks to social media, scammers can gain access to that info and use it against you. One example is the “grandkid scam” where a hacker impersonates a grandchild and asks a grandparent for money. Similarly, there are family emergency scams where a bad actor sends a message that a family member was in an accident or arrested and needs money quickly. In all, they rely on a phony story that often involves someone close to you who’s in need or trouble.
How to avoid them: Take a deep breath and confirm the situation. Reach out to the person in question or another friend or family member to see if there really is a concern. Don’t jump to pay right away.
This is one of the most targeted attacks of all—the con artist who strikes up an online relationship to bilk a victim out of money. Found everywhere from social media sites to dating apps to online forums, this scam involves creating a phony profile and a phony story to go with it. From there, the scammer will communicate several times a day, perhaps talking about their exotic job in some exotic location. They’ll build trust along the way and eventually ask the victim to wire money or purchase gift cards.
How to avoid them: Bottom line, if someone you’ve never met in person asks you for money online, it’s a good bet that it’s a scam. Don’t do it.
Now with an idea of what the bad actors are up to out there, here’s a quick rundown of things you can do to protect yourself further from the social media scams they’re trying to pull.
Above and beyond what we’ve covered so far, some online protection basics can keep you safer still. Comprehensive online protection software will help you create strong, unique passwords for all your accounts, help you keep from clicking links to malicious sites, and prevent you from downloading malware. Moreover, it can provide you with identity protection services like ours, which keep your personal info private with around-the-clock monitoring of your email addresses and bank accounts with up to $1M of ID theft insurance.
Together, with some good protection and a sharp eye, you can avoid those identity theft scams floating around on social media—and get back to enjoying time spent online with your true family and friends.
The post Quizzes and Other Identity Theft Schemes to Avoid on Social Media appeared first on McAfee Blog.
What’s the difference between identity fraud and identity theft? Well, it’s subtle, so much so that it’s easy to use them nearly interchangeably. While both can take a bite out of your wallet, they are different—and knowing the differences can help you understand what’s at stake.
Let’s start with an overview and a few examples of each.
So there’s that subtle difference we mentioned. Identity fraud involves the misuse of an existing account. Identity theft means the theft of your personal information, which is then used to impersonate you in some way, such as opening new accounts in your name.
Above and beyond those definitions and examples, a couple of real-life examples put the differences in perspective as well.
As for identity fraud, individual cases of fraud don’t always make the headlines, but that’s not to say you won’t hear about it in a couple of different ways.
The first way may be news stories about data breaches, where hackers gain things like names, emails, and payment information from companies or organizations. That info can then end up in the hands of a fraudster, who then accesses those accounts to drain funds or make purchases.
On a smaller scale, you may know someone who has had to get a new credit or debit card because theirs was compromised, perhaps by a breach or by mistakenly making a payment through an insecure website or by visiting a phony login page as part of a phishing attack. These can lead to fraud as well.
It usually starts with someone saying anything from, “That’s strange …” to “Oh, no!” There’ll be a strange charge on your credit card bill, a piece of mail from a bill collector, or a statement from an account you never opened—just to name a few things.
With that, I have a few recent blogs that help you spot all kinds of identity crime, along with advice to help keep it from happening to you in the first place:
While there are differences between identity fraud and identity theft, they do share a couple of things in common: you can take steps to prevent them, and you can take steps to limit their impact should you find yourself faced with one or the other.
The articles called out above will give you the details, yet staying safe begins with vigilance. Check on your accounts and credit reports regularly and really scrutinize what’s happening in them. Consider covering yourself with an identity monitoring solution — and act on anything that looks strange or outright fishy by reporting it to the company or institution in question.
The post How To Tell The Difference Between Identity Fraud and Identity Theft? appeared first on McAfee Blog.
When it comes to identity theft, trust your gut when something doesn’t feel right. Follow up. What you’re seeing could be a problem.
A missing bill or a mysterious charge on your credit card could be the tip of an identity theft iceberg, one that can run deep if left unaddressed. Here, we’ll look at several signs of identity theft that likely need some investigation and the steps you can take to take charge of the situation.
Unfortunately, it can happen in several ways.
In the physical world, it can happen simply because you lost your wallet or debit card. However, there are also cases where someone gets your information by going through your mail or trash for bills and statements. In other more extreme cases, theft can happen by someone successfully registering a change of address form in your name (although the U.S. Postal Service has security measures in place that make this difficult).
In the digital world, that’s where the avenues of identity theft blow wide open. It could come by way of a data breach, a thief “skimming” credit card information from a point-of-sale terminal, or by a dedicated crook piecing together various bits of personal information that have been gathered from social media, phishing attacks, or malware designed to harvest information. Additionally, thieves may eavesdrop on public Wi-Fi and steal information from people who are shopping or banking online without the security of a VPN.
Regardless of how crooks pull it off, identity theft is on the rise. According to the Federal Trade Commission (FTC), identity theft claims jumped up from roughly 650,000 claims in 2019 to 1 million in 2023. Of the reported fraud cases where a dollar loss was reported, the FTC calls out the following top three contact methods for identity theft:
However, phone calls, texts, and email remain the most preferred contact methods that fraudsters use, even if they are less successful in creating dollar losses than malicious websites, ads, and social media.
Identity thieves leave a trail. With your identity in hand, they can charge things to one or more of your existing accounts—and if they have enough information about you, they can even create entirely new accounts in your name. Either way, once an identity thief strikes, you’re probably going to notice that something is wrong. Possible signs include:
As you can see, the signs of possible identity theft can run anywhere from, “Well, that’s strange …” to “OH NO!” However, the good news is that there are several ways to check if someone is using your identity before it becomes a problem – or before it becomes a big problem that gets out of hand.
The point is that if you suspect fraud, you need to act right away. With identity theft becoming increasingly commonplace, many businesses, banks, and organizations have fraud reporting mechanisms in place that can assist you should you have any concerns. With that in mind, here are some immediate steps you can take:
Whether you spot a curious charge on your bank statement or you discover what looks like a fraudulent account when you get your free credit report, let the bank or business involved know you suspect fraud. With a visit to their website, you can track down the appropriate number to call and get the investigation process started.
Some businesses will require you to file a local police report to acquire a case number to complete your claim. Even beyond a business making such a request, filing a report is still a good idea. Identity theft is still theft and reporting it provides an official record of the incident. Should your case of identity theft lead to someone impersonating you or committing a crime in your name, filing a police report right away can help clear your name down the road. Be sure to save any evidence you have, like statements or documents that are associated with the theft. They can help clean up your record as well.
The FTC’s identity theft website is a fantastic resource should you find yourself in need. Above and beyond simply reporting the theft, the FTC can provide you with a step-by-step recovery plan—and even walk you through the process if you create an account with them. Additionally, reporting theft to the FTC can prove helpful if debtors come knocking to collect on any bogus charges in your name. You can provide them with a copy of your FTC report and ask them to stop.
You can place a free one-year fraud alert with one of the major credit bureaus (Experian, TransUnion, Equifax), and they will notify the other two. A fraud alert will make it tougher for thieves to open accounts in your name, as it requires businesses to verify your identity before issuing new credit in your name.
A credit freeze goes a step further. As the name implies, a freeze prohibits creditors from pulling your credit report, which is needed to approve credit. Such a freeze is in place until you lift it, and it will also apply to legitimate queries as well. Thus, if you intend to get a loan or new credit card while a freeze is in place, you’ll likely need to take extra measures to see that through. Contact each of the major credit bureaus (Experian, TransUnion, Equifax) to put a freeze in place or lift it when you’re ready.
This can run the gamut from closing any false accounts that were set up in your name, removing bogus charges, and correcting information in your credit report such as phony addresses or contact information. With your FTC report, you can dispute these discrepancies and have the business correct the record. Be sure to ask for written confirmation and keep a record of all documents and conversations involved.
If you receive a notice from the IRS that someone used your identity to file a tax return in your name, follow the information provided by the IRS in the notice. From there, you can file an identity theft affidavit with the IRS. If the notice mentions that you were paid by an employer you don’t know, contact that employer as well and let them know of possible fraud—namely that someone has stolen your identity and that you don’t truly work for them.
Also, be aware that the IRS has specific guidelines as to how and when they will contact you. As a rule, they will most likely contact you via physical mail delivered by the U.S. Postal Service. (They won’t call or apply harassing pressure tactics—only scammers do that.) Identity-based tax scams are a topic all of their own, and for more on it, you can check out this article on tax scams and how to avoid them.
Another downside of identity theft is that it can mark the start of a long, drawn-out affair. One instance of theft can possibly lead to another, so even what may appear to be an isolated bad charge on your credit card calls for keeping an eye on your identity. Many of the tools you would use up to this point still apply, such as checking up on your credit reports, maintaining fraud alerts as needed, and reviewing your accounts closely.
With all the time we spend online as we bank, shop, and simply surf, we create and share all kinds of personal information—information that can get collected and even stolen. The good news is that you can prevent theft and fraud with online protection software, such as McAfee+ Ultimate.
With McAfee+ Ultimate you can:
In all, it’s our most comprehensive privacy, identity, and device protection plan, built for a time when we rely so heavily on the internet to go about our day, whether that’s work, play, or simply getting things done.
Realizing that you’ve become a victim of identity theft carries plenty of emotion with it, which is understandable—the thief has stolen a part of you to get at your money, information, and even reputation. Once that initial rush of anger and surprise has passed, it’s time to get clinical and get busy. Think like a detective who’s building – and closing – a case. That’s exactly what you’re doing. Follow the steps, document each one, and build up your case file as you need. Staying cool, organized, and ready with an answer to any questions you’ll face in the process of restoring your identity will help you see things through.
Once again, this is a good reminder that vigilance is the best defense against identity theft from happening in the first place. While there’s no absolute, sure-fire protection against it, there are several things you can do to lower the odds in your favor. And at the top of the list is keeping consistent tabs on what’s happening across your credit reports and accounts.
The post How to Detect Signs of Identity Theft appeared first on McAfee Blog.
Can thieves steal identities with only a name and address?
In short, the answer is “no.” Which is a good thing, as your name and address are in fact part of the public record. Anyone can get a hold of them. However, because they are public information, they are still tools that identity thieves can use.
If you think of your identity as a jigsaw puzzle, your name and address are the first two pieces that they can use to build a bigger picture and ultimately put your identity at risk.
With that, let’s look at some other key pieces of your identity that are associated with your name and address—and what you can do to protect them.
For starters, this information is so general that it is of little value in and of itself to an identity thief. Yet a determined identity thief can do a bit of legwork and take a few extra steps to use them as a springboard for other scams.
For example, with your name and address a thief could:
There are volumes of public information that are readily available should someone want to add some more pieces to your identity jigsaw puzzle, such as:
In the U.S., the availability of such information will vary from state to state and different levels of government may have different regulations about what information gets filed—in addition to whether and how those reports are made public. Globally, different nations and regions will collect varying amounts of public information and have their own regulations in place as well. More broadly, though, many of these public databases are now online. Consequently, accessing them is easier than the days when getting a hold of that information required an in-person visit to a library or public office.
Cybercriminals can gain additional information about you from other online sources, such as data brokers. And data brokerage is a big business, a global economy estimated at $280 billion U.S. dollars a year. What fuels it? Personal information, representing thousands of data points on billions of people scraped from public records, social media, smartphone apps, shopper loyalty cards, third-party sources, and sometimes other data broker sites as well.
The above-the-board legal intent of data broker sites is to sell that information to advertisers so that they can create highly targeted campaigns based on people’s behaviors, travels, interests, and even political leanings. Others such as law enforcement officials, journalists, and others who are conducting background checks will use them too.
On the dark side, hackers, scammers, and thieves will buy this information as well, which they can use to commit identity theft and fraud. The thing is, data brokers will sell to anyone. They don’t discriminate.
Phishing attacks aren’t just for email, texts, and direct messages. In fact, thieves are turning to old tricks via old-fashioned physical mail. That includes sending phony offers or impersonating officials of government institutions, all designed to trick you into giving up your personally identifiable information (PII).
What might that look like in your mailbox? They can take the form of bogus lottery prizes that request bank information for routing (non-existent) winnings. Another favorite of scammers is bogus tax notifications that demand immediate payment. In all, many can look quite convincing at first blush, yet there are ready ways you can spot them. In fact, many of the tips for avoiding these physical mail phishing attacks are the same for avoiding phishing attacks online.
Recently, I’ve seen a few news stories like this where thieves reportedly abuse the change-of-address system with the U.S. Postal Service. Thieves will simply forward your mail to an address of their choosing, which can drop sensitive information like bank and credit card statements in their mailbox. From there, they could potentially have new checks sent to them or perhaps an additional credit card—both of which they can use to drain your accounts and run up your bills.
The Postal Service has mechanisms in place to prevent this, however. Among these, the Postal Service will send you a physical piece of mail to confirm the forwarding. So, if you ever receive mail from the Postal Service, open it and give it a close look. If you get such a notice and didn’t order the forwarding, visit your local post office to get things straightened out. Likewise, if it seems like you’re missing bills in the mail, that’s another good reason to follow up with your post office and the business in question to see if there have been any changes made in your mail forwarding.
So while your name and address are out there for practically all to see, they’re largely of little value to an identity thief on their own. But as mentioned above, they are key puzzle pieces to your overall identity. With enough of those other pieces in hand, that’s where an identity thief can cause trouble.
Other crucial pieces of your identity include:
Let’s start with the biggest one. This is the master key to your identity, as it is one of the most unique identifiers you have. As I covered in my earlier blog on Social Security fraud, a thief can unlock everything from credit history and credit line to tax refunds and medical care with your Social Security or tax ID number. In extreme cases, they can use it to impersonate you for employment, healthcare, and even in the event of an arrest.
You can protect your Social Security Number by keeping it locked in a safe place (rather than in your wallet) and by providing your number only when absolutely necessary. For more tips on keeping your number safe, drop by that blog on Social Security fraud I mentioned.
Thieves have figured out ways of getting around the fact that IDs like these include a photo. They may be able to modify or emulate these documents “well enough” to pull off certain types of fraud, particularly if the people requesting their bogus documents don’t review them with a critical eye.
Protecting yourself in this case means knowing where these documents are at any time. (With passports, you may want to store those securely like your Social Security or tax ID number.) Also be careful when you share this information, as the identifiers on these documents are highly unique. If you’re uncomfortable with sharing this information, you can ask if other forms of ID might work—or if this information is really needed at all. Also, take a moment to make copies of these documents and store them in a secure place. This can help you provide important info to the proper authorities if they’re lost or stolen.
With data breaches large and small making the news (and many more that do not), keeping a sharp eye on your accounts is a major part of identity theft prevention. We talk about this topic quite often, and it’s worth another mention because protecting these means protecting yourself from thieves who are after direct access to your finances and more.
Secure your digital accounts for banking, credit cards, financials, and shopping by using strong, unique passwords for each of your accounts that you change every 60 days. Sound like a lot of work? Let a password manager do it for you, which you can find in comprehensive online protection software. By changing your strong passwords and keeping them unique can help prevent you from becoming a victim if your account information is part of a breach—by the time a crook attempts to use it, you may have changed it and made it out of date.
In addition to protecting the core forms of identity mentioned above, a few other good habits go a long way toward keeping your identity secure.
By protecting your devices, you protect what’s on them, like your personal information. Comprehensive online protection software can protect your identity in several ways, like creating and managing the strong, unique passwords we talked about and providing further services that monitor and protect your identity—in addition to digital shredders that can permanently remove sensitive documents (simply deleting them won’t do that alone.) Further, it can monitor your identity and monitor your credit, further protecting you from theft and fraud.
Identity theft where thieves dig through trash or go “dumpster diving” for literal scraps of personal info in bills and statements, has been an issue for some time. You can prevent it by shredding up any paper medical bills, tax documents, and checks once you’re through with them. Paper shredders are inexpensive, and let’s face it, kind of fun too. Also, if you’re traveling, have a trusted someone collect your mail or have the post office put a temporary hold on your mail. Thieves still poach mail from mailboxes too.
Getting statements online cuts the paper out of the equation and thus removes another thing that a thief can physically steal and possibly use against you. Whether you use electronic statements through your bank, credit card company, medical provider, or insurance company, use a secure password and a secure connection provided by a VPN. Both will make theft of your personal info far tougher on identity thieves.
A VPN is a Virtual Private Network, a service that protects your data and privacy online. It creates an encrypted tunnel to keep you more anonymous online by masking your IP address, device information, and the data you’re passing along that connection. In this way, it makes it far more difficult for advertisers, data brokers, and bad actors to skim your private information—in addition to shielding your information from crooks and snoops while you’re banking, shopping, or handling any kind of sensitive information online.
Give your statements a close look each time they come around. While many companies and institutions have fraud detection mechanisms in place, they don’t always catch every instance of fraud. Look out for strange purchases or charges and follow up with your bank or credit card company if you suspect fraud. Even the smallest charge could be a sign that something shady is afoot.
This is a powerful tool for spotting identity theft. And in many cases, it’s free to do so. In the U.S., the Fair Credit Reporting Act (FCRA) requires the major credit agencies to provide you with a free credit check at least once every 12 months. Canada provides this service, and the UK has options to receive free reports as well, along with several other nations. It’s a great idea to check your credit report, even if you don’t suspect a problem.
If the thought of your personal info being bought and sold puts you off, there’s something you can do about it. Our Personal Data Cleanup service can scan some of the riskiest data broker sites and show you which ones are selling your personal info. It also provides guidance on how you can remove your data from those sites, and with select products, it can even manage the removal for you.
While thieves need more than just your name and address to commit the overwhelming majority of fraud, your name and address are centerpieces of the larger jigsaw puzzle that is your overall identity.
And the interesting thing is your puzzle gets larger and larger as time goes on. With each new account you create and service that you sign into, that’s one more piece added to the puzzle. Thieves love getting their hands on any pieces they can because with enough of them in place, they can try and pull a fast one in your name. By looking after each piece and knowing what your larger jigsaw puzzle looks like, you can help keep identity thieves out of your business and your life.
The post Can Thieves Steal Identities With Only a Name and Address? appeared first on McAfee Blog.
There’s little rest for your hard-working smartphone. If you’re like many professionals today, you use it for work, play, and a mix of personal business in between. Now, what if something went wrong with that phone, like loss or theft? Worse yet, what if your smartphone got hacked? Let’s try and keep that from happening to you.
Globally, plenty of people pull double duty with their smartphones. In Spain, one survey found that 55% of people use the same phone for a mix of personal and and work activity. The same survey showed that up to half of people interviewed in Japan, Australia, and the U.S. do so as well, while nations like the UK and Germany trailed at 31% and 23% respectively.
Whether these figures trend on the low or high end, the security implications remain constant. A smartphone loaded with business and personal data makes for a desirable target. Hackers target smartphones because they’re often unprotected, which gives hackers an easy “in” to your personal information and to any corporate networks you may use. It’s like two hacks with one stone.
Put simply, as a working professional with a smartphone, you’re a high-value target.
As both a parent and a professional, I put together a few things you can do to protect your smartphone from hacks so that you can keep your personal and work life safe:
First up, the basics. Locking your phone with facial ID, a fingerprint, pattern or a pin is your most basic form of protection, particularly in the event of loss or theft. (Your options will vary depending on the device, operating system, and manufacturer.) Take it a step further for even more protection. Secure the accounts on your phone with strong passwords and use two-factor authentication on the apps that offer it, which doubles your line of defense.
Or, put another way, don’t hop onto public Wi-Fi networks without protection. A VPN masks your connection from hackers allowing you to connect privately when you are on unsecure public networks at airports, cafes, hotels, and the like. With a VPN connection, you’ll know that your sensitive data, documents, and activities you do are protected from snooping, which is definitely a great feeling given the amount of personal and professional business we manage with our smartphones.
Both Google Play and Apple’s App Store have measures in place to help prevent potentially dangerous apps from making it into their stores. Malicious apps are often found outside of the app stores, which can run in the background and compromise your personal data like passwords, credit card numbers, and more—practically everything that you keep on your phone. Further, when you are in the app stores, look closely at the descriptions and reviews for apps before you download them. Malicious apps and counterfeits can still find their way into stores, and here are a few ways you can keep those bad apps from getting onto your phone.
Backing up your phone is always a good idea for two reasons:
Both iPhones and Android phones have straightforward ways of backing up your phone regularly.
Worst case scenario—your phone is gone. Really gone. Either it’s hopelessly lost or got stolen. What now? Lock it remotely or even wipe its data entirely. While that last bit about wiping the phone seems like a drastic move, if you maintain regular backups as mentioned above, your data is secure in the cloud—ready for you to restore. In all, this means that hackers won’t be able to access you, or your company’s, sensitive information—which can keep you out of trouble and your professional business safe. Apple provides iOS users with a step-by-step guide for remotely wiping devices, and Google offers up a guide for Android users as well.
We all download apps, use them once, and then forget they are on our phone. Take a few moments to swipe through your screen and see which ones you’re truly done with and delete them along with their data. Some apps have an account associated with them that may store data off your phone as well. Take the extra step and delete those accounts so any off-phone data is deleted.
The reason for this is that every extra app is another app that needs updating or that may have a security issue associated with it. In a time of data breaches and vulnerabilities, deleting old apps is a smart move. As for the ones you keep, update them regularly and turn on auto-updates if that’s an option. Updates not only introduce new features to apps, but they also often address security issues too.
With so much of your life on your phone, getting security software installed on it can protect you and the things you keep on your phone. Whether you’re an Android owner or iOS owner, mobile security software can keep your data, your shopping, and payments secure.
The post 7 Tips to Protect Your Smartphone from Getting Hacked appeared first on McAfee Blog.
When you open your laptop or your mobile device, what is the first thing you do? Do you head to your favorite social media site to skim the latest news, or do you place your weekly grocery delivery order? No matter what your daily online habits are, even the slightest degree of caution can go a long way in staying secure online.
That’s because hackers are experts at hiding malware in your everyday online routines, or even infiltrating your cookies to steal login information and learn about your personal preferences.
According to a StatsCan Canadian internet use survey, six out of ten internet users reported experiencing a cybersecurity incident. There are many hoops to jump through when navigating the digital landscape. By taking the necessary steps to remedy vulnerabilities in your digital activity, you can dramatically improve your online protection.
Cybercriminals take advantage of online users through routine avenues you would not expect. Here are three common ways that cybercriminals eavesdrop on online users.
Adware, or advertising-supported software, generates ads in the user interface of a person’s device. Adware is most often used to generate revenue for the developer by targeting unsuspecting online users with personalized ads paid by third parties. These third parties usually pay per view, click, or application installation.
Though not always malicious, adware crosses into dangerous territory when it is downloaded without a user’s consent and has nefarious intent. In this case, the adware becomes known as a potentially unwanted application (PUA) that can remain undetected on users’ devices for long periods of time. According to a report by the Cybersecure Policy Exchange, an unintentionally installed or downloaded computer virus or piece of malware is one of the top five cybercrimes that Canadians experience. The PUA can then create issues like frequent crashes and slow performance.
Users unknowingly download adware onto their device when they download a free ad-supported program or visit a non-secure site that does not use the Hypertext Transfer Protocol Secure (HTTPS) to encrypt online communication.
Hackers also use invasive tactics known as ad injections, where they inject ads with malicious code for increased monetary gain. This is a practice known as “malvertising.” If a user clicks on a seemingly legitimate and well-placed ad, they risk exposing themselves to numerous online threats. These ads can be infected with malware such as viruses or spyware. For example, hackers can exploit browser vulnerabilities to download malware, steal information about the device system, and gain control over its operations. Hackers can also use malvertising to run fraudulent tech support scams, steal cookie data, or sell information to third-party ad networks.
Another vulnerability that many may not realize is their browser’s built-in autofill functions. As tempting as it is to use your browser’s autofill function to populate a long form, this shortcut may not be safe. Cybercriminals have found ways to capture credentials by inserting fake login boxes onto a web page that users cannot see. So, when you accept the option to autofill your username and password, you are also populating these fake boxes.
Take a proactive approach to your digital protection the next time you are browsing the internet by reassessing your online habits. Check out these five tips to ensure you are staying as safe as possible online.
Cookie data can contain anything from login information to credit card numbers. Cybercriminals looking to exploit this information can hijack browser sessions to pose as legitimate users and steal cookies as they travel across networks and servers. As a result, it is essential for online users to regularly clear out their cookies to better protect their information from falling into the wrong hands. Navigate to your browser’s history, where you can wipe the data associated with each browser session, including your cookies.
Clearing your browser’s cookie data will also remove your saved logins, which is why leveraging a password manager can make it easier to access regularly visited online accounts.
Many browsers come with a built-in password generator and manager; however, it is better to entrust your logins and password to a reputable password manager. Browser password managers are not as secure as password managers, because anyone who has access to your device will also access your online information. A password manager, provides a more secure solution since it requires you to log in with a separate master password. A password manager also works across various browsers and can generate stronger passwords than those created by your browser.
In addition to clearing cookie data, users should adjust their browser settings to ensure their online sessions remain private.
Another option is to access the internet in Private Browsing Mode to automatically block third-party tracking, making it a quick and easy option to ensure private browsing. Users can also enable the “do not track” function of their browser to prevent third-party tracking by advertisers and websites. Additionally, you can adjust your browser settings to block pop-up ads and control site permissions, such as access to cameras and locations.
Ad blockers suppress unwanted and potentially malicious ads to ensure a safer browsing experience. Ad blockers can also make it easier to view page layout by removing distracting ads and optimizing page load speed. Additionally, they prevent websites from tracking your information that third parties can sell.
Deploying a security solution like McAfee+ Ultimate ensures the safest internet browsing experience through a holistic approach for threat detection, protection, and remediation. Equipped with a password manager, antivirus software, and firewall protection, users can effectively sidestep online threats while browsing the internet. Moreover, it includes comprehensive privacy and identity protection, such as our Personal Data Cleanup, dark web monitoring, credit monitoring, along with ways you can quickly Lock or freeze your credit file to help prevent accounts from being opened in your name.
Your online behavior can say a lot about you so make sure you safeguard your internet protection. Whether it is through malvertising or invisible forms, hackers can glean information to paint a picture of who you are to target you through deceptive tactics. Cybercriminals are always looking for vulnerabilities which is why assessing your online habits sooner rather than later is a critical first step to smarter online browsing.
The post How to Protect Your Online Privacy appeared first on McAfee Blog.
AI has made the dating scene. In a big way. Nearly one in four Americans say they’ve spiced up their online dating photos and content with artificial intelligence (AI) tools. Yet that might do more harm than good, as 64% of people also said that they wouldn’t trust a love interest who used AI-generated photos in their profiles.
That’s only two of the findings from this year’s Modern Love research. Our second annual study surveyed 7,000 people in seven countries to discover how AI and the internet are changing love and relationships. And it should come as no surprise that AI has ushered in several hefty changes.
In all, we found that mixing love and AI has its ups and downs. For one, people cite how effective AI is. Almost 7 in 10 people said they got more interest and better responses using AI-generated content than their own. However, people also said they didn’t like receiving AI-coded sentiments. Some 57% said they’d be hurt or offended if they found out their Valentine’s message was written by AI.
The tricky part is this — people still find it tough to spot AI content. Only 24% of people said they were sure they could tell if a message or love letter was written by an AI tool like ChatGPT. Still, 42% said they saw fake profiles or photos on dating sites, apps, and social media in the past year.
Moreover, two-thirds of people said that they’re more concerned about phony AI-created content now than they were a year ago. As further findings from McAfee Labs show, those concerns have their roots in reality.
Without question, the rise of powerful AI tools has complicated the online dating landscape. In particular, AI has made it easier for romance scammers to trick people looking for love online. They can ramp up their scams more quickly and with more sophistication than ever before.
In fact, the McAfee Labs team has seen an increase in Valentine’s campaign themes, including malware campaigns, malicious URLs, and a variety of spam and scams. They expect these numbers will continue to rise as February 14 gets closer. Since late January, our Labs team has uncovered that:
These findings fall right in line with what online daters told us. Nearly one-third of Americans said that an online love interest turned out to be a scammer. Another 14% said they discovered an interest was an AI-bot and not a real person.
What’s at stake in these scams? Money, personal info, and sometimes both.
While many romance scammers make initial contact with their victims on dating websites and apps, they quickly move the conversation elsewhere, such as chat apps like WhatsApp and Telegram. In other cases, they move to texts. This gives scammers an advantage, as many dating platforms have fraud detection measures in place. And it’s here where romance scammers commit theft and fraud.
Large, organized crime operations run many romance scams. Moving the conversation from a dating site or app is often a sign that the victim has been “passed along” to a senior scammer who excels at extracting payments and personal info from victims. People shared the top types of info that scammers tried to tease out of them:
In a dating pool filled with an increasing number of scams and AI content, online daters find themselves doing some detective work.
Our study found that 38% of people said they used reverse image search on profile pictures of people they’ve met on social media or dating sites. Another 60% of respondents said they often use social media to dig into the background of their potential partners. As a result:
And rounding out those findings, 11% said they discovered something else entirely — that their potential special person was already in a relationship.
Online dating has always called for a bit of caution. Now with AI hitting the dating scene, it calls for a little skepticism, if not a little detective work. That, in combination with the right tools to protect your privacy, identity, and personal info, can mean the difference between a budding relationship or heartbreak — whether that’s financial, emotional, or both. The following steps can help:
The past year has brought plenty of change to online dating. People now use AI to pepper up their dating profiles and pics, compose love notes, or come up with a few lines for the inside of a card. Likewise, scammers have welcomed AI just as warmly. They use it to fuel content and chats that swindle victims looking for love, backed by sophisticated and large-scale operations that run like a business.
Yet today’s online daters still have what it takes to spot a fake. They have several tools and protections available to them, many powered by AI that can help them steer clear of heartbreak, both the financial and emotional kind. That, along with a mix of healthy skepticism and detective work, they can still date online with confidence, even as AI continues to make its way onto the dating scene.
Survey Methodology
The survey was conducted online between January 2024 by Market Research Company, MSI-ACI via email inviting people 18 years and older to complete an online questionnaire. In total 7,000 adults completed the survey from 7 countries included the United States, United Kingdom, France, Germany, Australia, India, and Japan.
The post Love Bytes – How AI is shaping Modern Love appeared first on McAfee Blog.
As voters in the recent New Hampshire primary have found, a fake robocall of President Joe Biden has been making the rounds. Using AI voice-cloning technologies, the bogus message urges Democratic voters to stay home and “… save your vote for the November election.”
The phony message further went on to say, “Your vote makes a difference in November, not this Tuesday.”
NBC News first reported the storyi, and the New Hampshire Attorney General’s office has since launched an investigation into what it calls an apparent “unlawful attempt to disrupt the New Hampshire Presidential Primary Election and to suppress New Hampshire votersii.”
This is just one of the many AI voice-clone attacks we’ll see this year. Not only in the U.S., but worldwide, as crucial elections are held around the globe.
Indeed, billions of people will cast their votes this year, and the rise of AI technologies begs something important from all of us — everyone must be a skeptic.
With AI tools making voice clones, video and photo deepfakes, and other forms of disinformation so easy to create, people should be on guard. Put simply, we need to run the content we see and hear through our own personal lie detectors.
A couple of things make it tough to spot a fake, as AI tools create content that appears more and more convincing.
First, our online lives operate at high speed. We’re busy, and a lot of content zips across our screens each day. If something looks or sounds just legit enough, we might assume it’s authentic without questioning it.
Second, we encounter a high volume of content that results in big emotions, making us less critical of what we see and hear. When fake content riles us up with anger or outrage, we might react, rather than follow up and learn if it’s true or not.
That’s where your personal lie detector comes in. Take a moment. Pause. And ask yourself a few questions.
What kind of questions? Common Sense Media offers several that can help you sniff out what’s likely real and what’s likely false. As you read articles, watch videos, and or receive that robocall, you can ask yourself:
Answering only a few of them can help you spot a scam or a piece of disinformation. Or at least get a sense that a scam or disinformation might be afoot. Let’s use the President Biden robocall as an example. Asking only three questions tells you a lot.
First, “Is this credible?”
In the call, the phony message from the President asks voters to “… save your vote for the November election.” Would the leader of the world’s largest democracy truly ask you not to vote in an election? Not to exercise a basic right? No. That unlikelihood marks a strong indication of a fake.
Second, “Who might benefit from or be harmed by this message?”
This question takes a little more digging to answer. Because the Democratic party shifted its first Presidential primary election from New Hampshire to South Carolina this year, local supporters have launched a grassroots effort. Its intent is to encourage voters to write in Joe Biden on their Tuesday ballot to show support for their favored candidate. The disinformation contained in the AI clone robocall could undermine such efforts, marking yet another strong indication of a fake.
Lastly, “what important info is left out of the message?
How does “saving your vote” for another election help a candidate? The message fails to explain why. That’s because it doesn’t help. You have a vote in every election. There’s no saving your vote. This further raises a major red flag.
While these questions didn’t give definitive answers, they certainly call plenty of components of the audio into question. Everything about this robocall sounds like a piece of disinformation, once you ask yourself a few quick questions and run the answers through your own internal lie detector.
With the political stakes so particularly high this year, expect to see more of these disinformation campaigns worldwide. We predict that more bad actors will use AI tools to make candidates say things they never said, give people incorrect polling info, and generate articles that mislead people on any number of topics and issues.
Expect to use your lie detector. By slowing down and asking some of those “Common Sense” questions, you can uncover plenty.
Also, take comfort in knowing that we’re developing technologies that detect AI fakes, like our Project Mockingbird for AI-generated audio. Moreover, we’re working on technologies for image detection, video detection, and text detection as well. We want to make spotting a fake far easier than it is, something you can do in seconds. Like having an AI lie detector in your back pocket.
Between those technologies and your own common sense, you’ll have powerful tools to know what’s real and what’s fake out there.
[ii] https://www.doj.nh.gov/news/2024/20240122-voter-robocall.html
The post Was the Fake Joe Biden Robocall Created with AI? appeared first on McAfee Blog.
“My phone’s been hacked!” Words you probably don’t want to hear or say. Ever.
Yes, a smartphone can get hacked just like any other device. And they make prize targets as well. Loaded as they are with personal and financial information, access to payment apps, files, photos, and contacts, bad actors have plenty to gain by tapping into your smartphone.
How do bad actors pull it off? They have several attack vectors they can choose from.
Today’s attackers have gotten cagier as well. It used to be that a hacked phone would run sluggishly or hot after it got infected by malware. The battery might have drained quickly as well. That was because the malware ate up system resources, created conflicts with other apps, and used your data or internet connection to pass along your personal information—all of which could make your smartphone feel a little off. That still might be the case with some mobile malware today, yet much of it works far more efficiently. The old telltale physical signs of a hacked phone might not present themselves at all.
However, you can spot several indications that might indicate your phone has been hacked.
A few examples follow. Note that these might be signs of a hacked phone, yet not always.
Install and run online protection software on your smartphone if you haven’t already. From there, delete any apps you didn’t download, delete risky texts, and then run your mobile security software again.
If you still have issues, wiping and restoring your phone is an option. Provided you have your photos, contacts, and other vital info backed up in the cloud, it’s a relatively straightforward process. A quick search online can show how to wipe and restore your model of phone.
Lastly, check your accounts and your credit card statements to see if any unauthorized purchases have been made. If so, you can go through the process of freezing those accounts and getting new cards and credentials issued. Further, update your passwords for your accounts with a password that is strong and unique to prevent further theft.
To help keep your phone from getting hacked in the first place, there are a few relatively easy steps you can take. Inside of a few minutes, you can find yourself much safer than you were before.
The post How to Know If Your Phone Has Been Hacked appeared first on McAfee Blog.
Yes, there is a Cyber Grinch. In fact, you’ll find evidence of an entire host of grinches online — the cybercrooks who, with the help of AI, create millions of online scams that crop up just in time to spoil the holiday season. But you can still shop safely, with a sharp eye and the right tools at your side.
This time of year always sees a boost in scams. After all, where shoppers go, scammers follow. Research from our McAfee Labs team found that scam volume ramps up 30% above average this time of year, kicking off in November and carrying over into the first week of the new year.
To gain even more insight into the impact online scams have on consumers, we conducted our inaugural Global Holiday Shopping Scams Study. More than 7,000 adults in seven countries told us how scams have impacted their holidays. They also shared their feelings about the recent onset of AI-driven scams.
The findings offer several significant insights, including the financial impact of scams, and even when and where people shop online (spoiler: that includes purchases made at the dinner table and in the bathtub).
Let’s dig into the findings. From there, we’ll show you several ways you can stay safe while you shop online, so you can send those grinches packing.
For starters, 36% of Americans said they were a victim of an online shopping scam during the holiday season. That’s more than one in three people, making it likely that you know someone who’s been taken in. Of those who fell for holiday scams online, nearly half said it cost them $100 or more. Strikingly, one in four victims said it cost them $1,000 or more.
The top three online scams people reported include:
We looked at those figures more closely and found some trends that show some folks get tangled up in these scams more than others.
Comparing men and women, 65% of men said they place the same level of trust in shopping online as they do in person. Meanwhile, women appear to be a bit more discerning. Only 46% of women said they had the same level of trust. We then found that men were nearly twice as likely to fall for an online holiday scam (46%) than women (26%).
When looking across generations, we found that 64% of Gen Z and 77% of Millennials trust shopping online as much as in person. Likewise, they found themselves victimized by scams more often than older adults. Of the younger set, 49% of Gen Z and 65% of Millennials said they fell for a holiday scam. Compare that to only 12% of people over 50 saying the same thing.
We also got some insight into people’s headspace.
People are as deal conscious as ever, with 1 out of 3 (35%) saying they will likely jump on a bargain when they see it. They also plan to shop around; 85% of people said they will look for the best deal before buying their holiday gifts.
It’s no surprise that 63% planned to shop online during Black Friday and Cyber Monday weekend. However, we found some surprises — namely, where they are when they shop online:
Take all that together and it leaves the Cyber Grinch wringing his hands in delight. Bargain hunting, shopping around, and buying online when you’re somewhat distracted make it easier for scammers to pull off their tricks.
Scammers count on the stress and pressures of holiday shopping. When people are tired or in a hurry, they tend to make mistakes. And now they’re easier to make, no thanks to the scammers who’ve picked up AI tools.
The bad actors out there now have AI-driven tools that help them fire up scams at alarming rates. They make it easier to create compelling fake emails, malicious sites, and text messages. In fact, a new phishing site is created every 11 seconds, and Americans receive an average of 12 fake messages or scams daily.
On top of that, AI has made it harder than ever to tell what’s real from what’s fake. Not only have we seen a deluge of scams, but it’s also a deluge of increasingly sophisticated scams. With AI tools, scammers can make their emails, messages, and texts look and sound more convincing than ever.
People shared their concerns about AI scams:
Despite what we discovered in many of the findings, we have good news to share: there are tools that can help you shop safely.
Think before you click. Cybercriminals use phishing emails or fake sites to lure people into clicking links that might lead to malware. If you receive an email or text message asking you to click on a link, it’s best to avoid interacting with the message altogether. Even if it’s a great-sounding deal or indicates it’ll provide useful info such as a parcel delivery update. Always go direct to the source and interact with reputable companies.
Remember that if it seems too good to be true, it probably is. Many scams are effective because the scammer creates a false sense of urgency or preys on a heightened emotional state. Pause before you rush to interact with any message that is threatening or urgent, especially if it is from an unknown or unlikely sender. The same very much applies for deals and sales online. Scammers will pop up bogus online ads and stores for sought-after gifts, of course with no intention of shipping you anything. Look out for offers that seem priced too low and hard-to-find items that are miraculously in stock at an online store you’ve never heard of. Stick with reputable retailers instead.
Go unlisted. Scammers have to get your contact info from somewhere. Often, they get it from online data brokers and other “people finder” sites. These sites collect and sell massive amounts of personal info to any buyer. You can remove that info from some of the riskiest data brokers with our Personal Data Cleanup service. It can help you remove that info, and with select products it can even manage the removal for you. Likewise, set your social media accounts to “friends and family” only so that your profile info doesn’t show up in search results.
Use AI to beat AI. From blocking dangerous links that appear in text messages, social media, or web browsers, you have AI on your side. McAfee Scam Protection automatically identifies and alerts you if it detects a dangerous URL in your text. No more wondering if a delivery message or bank notification text is real or not. McAfee’s patented AI technology instantaneously detects malicious links to stop you before you click by sending an alert message. It’ll even block risky sites if you accidentally click on a scam link in a text, email, social media, and more. You’ll find it in our online protection plans like our award-winning McAfee+ subscriptions.
One thing that hasn’t changed this year, scammers love the holidays. Just as you’re gearing up for shopping, they’re gearing up for scamming. The hustle and bustle of the holidays, AI-driven scam tools, and malicious messages and websites seemingly play in the favor of scammers. Yet AI-driven protection like ours puts the advantage back squarely in your corner. That, and keeping your guard up for trickery, will help you steer clear of all those grinches out there this year.
The survey, which focused on the topic of scam messages and holiday shopping, was conducted online between September 7 and September 21, 2023. 7,130 adults, age 18+, in 7 countries (US, Australia, India, UK, France, Germany, Japan), participated in the study.
The post How to Shop Safely This Holiday Season appeared first on McAfee Blog.
Sick and tired of scam messages? So are the 54% of Americans who said they’d rather get a root canal than fall for one of those scams.
That’s one of the striking findings we uncovered in our Global Scam Message Study. We surveyed more than 7,000 adults worldwide — including more than 1,000 in the U.S. for their thoughts on scam messages and texts. And just how painful they are.
If it seems like you’re getting more scam messages than before, you’re not alone. We found that Americans receive an average of 11.6 fake messages or scams each day. And it’s getting tougher to tell what’s real and what’s fake. More than 80% of Americans said that it’s harder than ever to spot if a text, email, or social media message is a scam.
What’s driving this fresh flood of increasingly believable scam messages? AI – and if you’ve tuned into our blogs this past year, that likely comes as little surprise.
As we’ve reported, the bad actors out there have supercharged their scams with AI tools. Effectively, AI makes it far easier to spin up their scams in two significant ways:
With that comes the inevitable fallout. Two-thirds (65%) of Americans have clicked or fallen for a scam. Of them, 45% lost money as a result, and 15% of them lost more than $1,000.
Now, about that root canal stat. People who fall victim to online messaging scams really do find it painful. Particularly as the time and money lost to those scams take their toll. Some people found them so painful, they said they’d rather deal with the following instead:
Ouch. You probably have your own answer to this “would you rather” question, but clearly people feel pretty fed up with this deluge of scam messaging.
You can get a little more insight into those feelings by looking at all the time they waste. Our study found that the average American spends more than an hour-and-a-half each week reviewing, verifying, or deciding whether the messages they get are real or fake.
Realistically, that’s the equivalent of watching a short feature film or streaming three shows — or 94 minutes spent doing just about anything else. Add that up, and it amounts to more than two full work weeks each year spent on scam-spotting.
Specifically, we found:
With the increased volume and more advanced appearance of scam messages, only 35% of Americans have avoided clicking on or falling for fake messages in the last year.
This sophisticated trickery takes five common forms. Below, you can see the types of messages people in the U.S. said they received in the past year:
In line with these findings, 65% of survey respondents have believed that one or more scam messages they got were real. The messages they believed the most were:
With scams evolving into increasingly clever forms, 40% of U.S. survey respondents said their trust in digital communications has decreased. Put another way, 55% of people believe they have a better shot at solving the Rubik’s Cube than identifying a scam message. We further found:
In all, AI has made the murky world of online scams that much murkier. And sadly, that’s partly ruined people’s time online. They spend a part of each day trying to decide if what they’re reading is real or fake. However, you can take a few straightforward steps that can spare you the pain — and without having a root canal instead.
Think before you click.
Cybercriminals use phishing emails or fake sites to lure people into clicking links that might lead to malware. If you receive an email or text message asking you to click on a link, it’s best to avoid interacting with the message altogether. Particularly if it’s a great-sounding deal or promises useful info. Always go direct to the source and interact with reputable companies.
Remember that if it seems too good to be true, it probably is.
Many scams are effective because the scammer creates a false sense of urgency or preys on a heightened emotional state. Pause before you rush to interact with any message that is threatening or urgent, especially if it is from an unknown or unlikely sender.
Go “unlisted.”
Scammers have to get your contact info from somewhere. Often, they get it from online data brokers and other “people finder” sites. These sites collect and sell massive amounts of personal info to any buyer. You can remove that info from some of the riskiest data brokers with our Personal Data Cleanup service. It can help you remove that info, and with select products it can even manage the removal for you. Likewise, set your social media accounts to “friends and family” only so that your profile info doesn’t show up in search results.
Use AI to beat AI.
From blocking dangerous links that appear in text messages, social media, or web browsers, you have AI on your side. McAfee Scam Protection automatically identifies and alerts you if it detects a dangerous URL in your text. No more wondering if a delivery message or bank notification text is real or not. McAfee’s patented AI technology instantaneously detects malicious links to stop you before you click by sending an alert message. It’ll even block risky sites if you accidentally click on a scam link in a text, email, social media, and more. You’ll find it in our online protection plans like our award-winning McAfee+ subscriptions.
Root canals and Rubik’s Cubes aside, you can protect yourself against AI messaging scams. Even as these scams look more and more like the real thing, the same protections apply. In fact, you have new AI-driven tools that can keep you safer too. If there’s one thing we’ve talked about in our blogs plenty as of late, it’s how AI works both ways. While scammers have their AI tools for hoodwinking you, you have AI tools that can keep you safer too.
It’s easy to feel a little helpless with all these AI scams floating about. Yet you really can take far more control than you might think. In fact, online protection software like ours is the most sophisticated it’s ever been. It’s truly an all-in-one fix for protecting your devices, privacy, and identity — and for keeping scam messages at bay.
The post Scam Texts Are More Painful Than Getting a Root Canal appeared first on McAfee Blog.
Hackers love Ryan Gosling. In fact, hackers use his name as bait more than any other celebrity.
With that, the celebrated star of “Barbie” and umpteen other hit films tops our Hacker Celebrity Hot List for 2023. It’s our annual study that reveals which big-name celebrity searches most often link to malware and risky sites. And this year, we’ve evolved the list. It now includes celebs spotted in deepfake and other AI-driven content.
With Gosling’s high profile this year, it comes as little surprise that he ranked so highly. As we reported earlier this year, “Barbie” was a huge hit for cybercriminals as well. They baited consumers with a rash of ticket scams, download scams, and other attacks that capitalized on the summer hit’s hype.
Months later, searches for Gosling remain high. His portrayal of Ken has scored him a first-ever Billboard Hot 100 song with “I’m Just Ken.” Meanwhile, Ken and Barbie outfits rank among the most popular Halloween costumes for 2023.
And if you’re wondering, Margot Robbie, who starred as Barbie to Gosling’s Ken, ranked number eight on our list. The full top ten breaks down as follows:
The hackers behind these celebrity-driven attacks are after two primary things.
Accordingly, they’ll pair celebrity names with terms like audio book, lyrics, deepfake, free ringtone, free movie, free download, MP4, among others—which generate results that lead to sketchy sites.
In all, they target people who want to download something or get a hold of celebrity-related content in some form. Again, think of the “Barbie” movie scams earlier this year that promoted free downloads of the movie — but of course they were malware and identity theft scams.
Searching for a celebrity name alone didn’t necessarily lead to a list of sketchy results. Our own Chief Technology Officer, Steve Grobman, described the risks well. “We know people are seeking out free content, such as movie downloads, which puts them at risk. If it sounds too good to be true, it generally is and deserves a closer look.” Yet hackers know how hungry people are for celebrity content, and unfortunately some people will go ahead and click those links that promise celebrity-filled content, despite the risks.
Further rounding out the list, we found several big names from sports and popular culture.
Argentine soccer player Lionel Messi comes in at number 18 on the list, who recently made the move to Miami’s Major League Soccer team. Recent retiree and all-time American football great Tom Brady clocked in at number 19, and Travis Kelce, American football tight end for the Kansas City Chiefs, came in at number 22. NBA star Steph Curry at number 23, while Aaron Rogers, another American football legend, came in at number 31. And Serena Williams, a dominant force on the court and in culture, ranked at number 32.
Reality and pop culture favorites also made the top 50, with Andy Cohen of “Real Housewives” fame taking the number 11 slot, followed by Kim Kardashian at number 24, and Tom Sandoval at number 40 on the list.
And for the Swifties out there, Taylor Swift ranked 25 on our list this year.
Thanks to readily available AI tools, cybercriminals have increased both the sophistication and volume of their attacks. It’s no different for these celebrity-based attacks.
According to McAfee researchers, one such AI-driven trend is on the rise: deepfakes. For example, Elon Musk. He hit number six on our list, and our researchers found a significant volume of malicious deepfake content tied to his name — often linked with cryptocurrency scams.
Taking a sample set of the top 50 list, McAfee researchers discovered between 25 to 135 deepfake URLs per celebrity search. While there are instances of malicious deepfakes, many celebrity deepfakes fall into recreational or false advertising use cases right now. However, there is growing evidence that future deepfakes could turn deceptive — deliberately passing along disinformation in a public figure’s name.
You have every reason, and every right, to search for and enjoy your celebrity content safely. A mix of a sharp eye and online protection can keep you safe out there.
Hackers and scammers love riding the coattails of celebrities. By hijacking big names like Ryan, J-Lo, and Bad Bunny, they dupe plenty of well-meaning fans into downloading malware or handing over their personal info.
Of course, that’s no reason to stop searching for those celebs. Not at all. Go ahead and enjoy your shows, music, and movies—and all the news, gossip, and tea surrounding them. That’s all part of the fun. Just do it with a sharp eye and the proper protection that has your back.
The post McAfee 2023 Hacker Celebrity Hot List – Why Hackers Love Ryan Gosling so Much appeared first on McAfee Blog.
Whether or not you’re much into online banking, protecting yourself from bank fraud is a must.
Online banking is well on its way to becoming a cornerstone of the banking experience overall. More and more transactions occur over the internet rather than at a teller’s window, and nearly every account has a username, password, and PIN linked with it. And whether you use your online banking credentials often or not, hackers and scammers still want to get their hands on them.
The fact is, online banking is growing and is here to stay. No longer a novelty, online banking is an expectation. Today, 78% of adults in the U.S. prefer to bank online. Meanwhile, only 29% prefer to bank in person. Further projections estimate that more than 3.6 billion people worldwide will bank online, driven in large part by online-only banks.
There’s no doubt about it. We live in a world where banking, shopping, and payments revolve around a username and password. That’s quite a bit to take in, particularly if your first experiences with banking involved walking into a branch, getting a paper passbook, and maybe even a free toaster for opening an account.
So, how do you protect yourself? Whether you use online banking regularly or sparingly, you can protect yourself from being the victim of fraud by following a few straightforward steps.
Start here. Passwords are your first line of defense. However, one thing that can be a headache is the number of passwords we have to juggle—a number that seems like it’s growing every day. Look around online and you’ll see multiple studies and articles stating that the average person has upwards of 80 to manage. Even if you have only a small percentage of those, strongly consider using a password manager. A good choice will generate strong, unique passwords for each of your accounts and store them securely for you.
In general, avoid simple passwords that people can guess or easily glean from other sources (like your birthday, your child’s birthday, the name of your pet, and so on). Additionally, make them unique from account to account. That can save you major headaches if one account gets compromised and a hacker tries to use the same password on another account.
If you want to set up your own passwords, check out this article on how you can make them strong and unique.
What exactly is two-factor authentication? It’s an extra layer of defense for your accounts. In practice, it means that in addition to providing a password, you also receive a special one-time-use code to access your account. That code might be sent to you via email or to your phone by text. In some cases, you can also receive that code by a call to your phone. Basically, two-factor authentication combines two things: something you know, like your password; and something you have, like your smartphone. Together, that makes it tougher for scammers to hack into your accounts.
Two-factor authentication is practically a standard, so much so that you already might be using it right now when you bank or use certain accounts. If not, you can see if your bank offers it as an option in your settings the next time you log in. Or, you can contact your bank for help to get it set up.
Phishing is a popular way for crooks to steal personal information by way of email, where a crook will look to phish (“fish”) personal and financial information out of you. No two phishing emails look alike. They can range from a request from a stranger posing as a lawyer who wants you to help with a bank transfer—to an announcement about (phony) lottery winnings. “Just send us your bank information and we’ll send your prize to you!” Those are a couple of classics. However, phishing emails have become much more sophisticated in recent years. Now, slicker hackers will pose as banks, online stores, and credit card companies, often using well-designed emails that look almost the same as the genuine article.
Of course, those emails are fakes. The links they embed in those emails lead you to them, so they can steal your personal info or redirect a payment their way. One telltale sign of a phishing email is if the sender used an address that slightly alters the brand name or adds to it by tacking extra language at the end of it. If you get one of these emails, don’t click any of the links. Contact the institute in question using a phone number or address posted on their official website. This is a good guideline in general. The best avenue of communication is the one you’ve used and trusted before.
It might seem a little traditional, yet criminals still like to use the phone. In fact, they rely on the fact that many still see the phone as a trusted line of communication. This is known as “vishing,” which is short for “voice phishing.” The aim is the same as it is with phishing. The fraudster is looking to lure you into a bogus financial transaction or attempting to steal information, whether that’s financial, personal, or both. They might call you directly, posing as your bank or even as tech support from a well-known company, or they might send you a text or email that directs you to call their number.
For example, a crook might call and introduce themselves as being part of your bank or credit card company with a line like “there are questions about your account” or something similar. In these cases, politely hang up. Next, call your bank or credit card company to follow up on your own. If the initial call was legitimate, you’ll quickly find out and can handle the issue properly. If you get a call from a scammer, they can be very persuasive. Remember, though. You’re in charge. You can absolutely hang up and then follow up using a phone number you trust.
There’s a good reason not to use public Wi-Fi: it’s not private. They’re public networks, and that means they’re unsecure and shared by everyone who’s using it, which allows hackers to read any data passing along it like an open book. That includes your accounts and passwords if you’re doing any banking or shopping on it. The best advice here is to wait and handle those things at home if possible. (Or connect to public Wi-Fi with a VPN service, which we’ll cover below in a moment.)
If not, you can always use your smartphone’s data connection to create a personal hotspot for your laptop, which will be far more secure. Another option is to use your smartphone alone. With a combination of your phone’s data connection and an app from your bank, you can take care of business that way instead of using public Wi-Fi. That said, be aware of your physical surroundings too. Make sure no one is looking over your shoulder!
Some basic digital hygiene will go a long way toward protecting you even more—not only your banking and finances, but all the things you do online as well. The following quick list can help:
The post How to Protect Yourself from Bank Fraud appeared first on McAfee Blog.
Three seconds of audio is all it takes.
Cybercriminals have taken up newly forged artificial intelligence (AI) voice cloning tools and created a new breed of scam. With a small sample of audio, they can clone the voice of nearly anyone and send bogus messages by voicemail or voice messaging texts.
The aim, most often, is to trick people out of hundreds, if not thousands, of dollars.
Our recent global study found that out of 7,000 people surveyed, one in four said that they had experienced an AI voice cloning scam or knew someone who had. Further, our research team at McAfee Labs discovered just how easily cybercriminals can pull off these scams.
With a small sample of a person’s voice and a script cooked up by a cybercriminal, these voice clone messages sound convincing, 70% of people in our worldwide survey said they weren’t confident they could tell the difference between a cloned voice and the real thing.
Cybercriminals create the kind of messages you might expect. Ones full of urgency and distress. They will use the cloning tool to impersonate a victim’s friend or family member with a voice message that says they’ve been in a car accident, or maybe that they’ve been robbed or injured. Either way, the bogus message often says they need money right away.
In all, the approach has proven quite effective so far. One in ten of people surveyed in our study said they received a message from an AI voice clone, and 77% of those victims said they lost money as a result.
Of the people who reported losing money, 36% said they lost between $500 and $3,000, while 7% got taken for sums anywhere between $5,000 and $15,000.
Of course, a clone needs an original. Cybercriminals have no difficulty sourcing original voice files to create their clones. Our study found that 53% of adults said they share their voice data online or in recorded notes at least once a week, and 49% do so up to ten times a week. All this activity generates voice recordings that could be subject to hacking, theft, or sharing (whether accidental or maliciously intentional).
Consider that people post videos of themselves on YouTube, share reels on social media, and perhaps even participate in podcasts. Even by accessing relatively public sources, cybercriminals can stockpile their arsenals with powerful source material.
Nearly half (45%) of our survey respondents said they would reply to a voicemail or voice message purporting to be from a friend or loved one in need of money, particularly if they thought the request had come from their partner or spouse (40%), mother (24%), or child (20%).
Further, they reported they’d likely respond to one of these messages if the message sender said:
These messages are the latest examples of targeted “spear phishing” attacks, which target specific people with specific information that seems just credible enough to act on it. Cybercriminals will often source this information from public social media profiles and other places online where people post about themselves, their families, their travels, and so on—and then attempt to cash in.
Payment methods vary, yet cybercriminals often ask for forms that are difficult to trace or recover, such as gift cards, wire transfers, reloadable debit cards, and even cryptocurrency. As always, requests for these kinds of payments raise a major red flag. It could very well be a scam.
In conjunction with this survey, researchers at McAfee Labs spent two weeks investigating the accessibility, ease of use, and efficacy of AI voice cloning tools. Readily, they found more than a dozen freely available on the internet.
These tools required only a basic level of experience and expertise to use. In one instance, just three seconds of audio was enough to produce a clone with an 85% voice match to the original (based on the benchmarking and assessment of McAfee security researchers). Further effort can increase the accuracy yet more. By training the data models, McAfee researchers achieved a 95% voice match based on just a small number of audio files.
McAfee’s researchers also discovered that that they could easily replicate accents from around the world, whether they were from the US, UK, India, or Australia. However, more distinctive voices were more challenging to copy, such as people who speak with an unusual pace, rhythm, or style. (Think of actor Christopher Walken.) Such voices require more effort to clone accurately and people with them are less likely to get cloned, at least with where the AI technology stands currently and putting comedic impersonations aside.
The research team stated that this is yet one more way that AI has lowered the barrier to entry for cybercriminals. Whether that’s using it to create malware, write deceptive messages in romance scams, or now with spear phishing attacks with voice cloning technology, it has never been easier to commit sophisticated looking, and sounding, cybercrime.
Likewise, the study also found that the rise of deepfakes and other disinformation created with AI tools has made people more skeptical of what they see online. Now, 32% of adults said their trust in social media is less than it’s ever been before.
A lot can come from a three-second audio clip.
With the advent of AI-driven voice cloning tools, cybercriminals have created a new form of scam. With arguably stunning accuracy, these tools can let cybercriminals nearly anyone. All they need is a short audio clip to kick off the cloning process.
Yet like all scams, you have ways you can protect yourself. A sharp sense of what seems right and wrong, along with a few straightforward security steps can help you and your loved ones from falling for these AI voice clone scams.
For a closer look at the survey data, along with a nation-by-nation breakdown, download a copy of our report here.
The survey was conducted between January 27th and February 1st, 2023 by Market Research Company MSI-ACI, with people aged 18 years and older invited to complete an online questionnaire. In total 7,000 people completed the survey from nine countries, including the United States, United Kingdom, France, Germany, Australia, India, Japan, Brazil, and Mexico.
The post Artificial Imposters—Cybercriminals Turn to AI Voice Cloning for a New Breed of Scam appeared first on McAfee Blog.
There are plenty of phish in the sea.
Millions of bogus phishing emails land in millions of inboxes each day with one purpose in mind—to rip off the recipient. Whether they’re out to crack your bank account, steal personal information, or both, you can learn how to spot phishing emails and keep yourself safe.
And some of today’s phishing emails are indeed getting tougher to spot.
They seem like they come from companies you know and trust, like your bank, your credit card company, or services like Netflix, PayPal, and Amazon. And some of them look convincing. The writing and the layout are crisp, and the overall presentation looks professional. Yet still, there’s still something off about them.
And there’s certainly something wrong with that email. It was written by a scammer. Phishing emails employ a bait-and-hook tactic, where an urgent or enticing message is the bait and malware or a link to a phony login page is the hook.
Once the hook gets set, several things might happen. That phony login page may steal account and personal information. Or that malware might install keylogging software that steals information, viruses that open a back door through which data can get hijacked, or ransomware that holds a device and its data hostage until a fee is paid.
Again, you can sidestep these attacks if you know how to spot them. There are signs.
Let’s look at how prolific these attacks are, pick apart a few examples, and then break down the things you should look for.
<h2>Phishing attack statistics—the millions of attempts made each year.
In the U.S. alone, more than 300,000 victims reported a phishing attack to the FBI in 2022. Phishing attacks topped the list of reported complaints, roughly six times greater than the second top offender, personal data breaches. The actual figure is undoubtedly higher, given that not all attacks get reported.
Looking at phishing attacks worldwide, one study suggests that more than 255 million phishing attempts were made in the second half of 2022 alone. That marks a 61% increase over the previous year. Another study concluded that 1 in every 99 mails sent contained a phishing attack.
Yet scammers won’t always cast such a wide net. Statistics point to a rise in targeted spear phishing, where the attacker goes after a specific person. They will often target people at businesses who have the authority to transfer funds or make payments. Other targets include people who have access to sensitive information like passwords, proprietary data, and account information.
As such, the price of these attacks can get costly. In 2022, the FBI received 21,832 complaints from businesses that said they fell victim to a spear phishing attack. The adjusted losses were over $2.7 billion—an average cost of $123,671 per attack.
So while exacting phishing attack statistics remain somewhat elusive, there’s no question that phishing attacks are prolific. And costly.
<h2>What does a phishing attack look like?
Nearly every phishing attack sends an urgent message. One designed to get you to act.
Some examples …
When set within a nice design and paired some official-looking logos, it’s easy to see why plenty of people click the link or attachment that comes with messages like these.
And that’s the tricky thing with phishing attacks. Scammers have leveled up their game in recent years. Their phishing emails can look convincing. Not long ago, you could point to misspellings, lousy grammar, poor design, and logos that looked stretched or that used the wrong colors. Poorly executed phishing attacks like that still make their way into the world. However, it’s increasingly common to see far more sophisticated attacks today. Attacks that appear like a genuine message or notice.
Case in point:
Say you got an email that said your PayPal account had an issue. Would you type your account information here if you found yourself on this page? If so, you would have handed over your information to a scammer.
We took the screenshot above as part of following a phishing attack to its end—without entering any legitimate info, of course. In fact, we entered a garbage email address and password, and it still let us in. That’s because the scammers were after other information, as you’ll soon see.
As we dug into the site more deeply, it looked pretty spot on. The design mirrored PayPal’s style, and the footer links appeared official enough. Yet then we looked more closely.
Note the subtle errors, like “card informations” and “Configuration of my activity.” While companies make grammatical errors on occasion, spotting them in an interface should hoist a big red flag. Plus, the site asks for credit card information very early in the process. All suspicious.
Here’s where the attackers really got bold.
They ask for bank “informations,” which not only includes routing and account numbers, but they ask for the account password too. As said, bold. And entirely bogus.
Taken all together, the subtle errors and the bald-faced grab for exacting account information clearly mark this as a scam.
Let’s take a few steps back, though. Who sent the phishing email that directed us to this malicious site? None other than “paypal at inc dot-com.”
Clearly, that’s a phony email. And typical of a phishing attack where an attacker shoehorns a familiar name into an unassociated email address, in this case “inc dot-com.” Attackers may also gin up phony addresses that mimic official addresses, like “paypalcustsv dot-com.” Anything to trick you.
Likewise, the malicious site that the phishing email sent us to used a spoofed address as well. It had no official association with PayPal at all—which is proof positive of a phishing attack.
Note that companies only send emails from their official domain names, just as their sites only use their official domain names. Several companies and organizations will list those official domains on their websites to help curb phishing attacks.
For example, PayPal has a page that clearly states how it will and will not contact you. At McAfee, we have an entire page dedicated to preventing phishing attacks, which also lists the official email addresses we use.
Not every scammer is so sophisticated, at least in the way that they design their phishing emails. We can point to a few phishing emails that posed as legitimate communication from McAfee as examples.
There’s a lot going on in this first email example. The scammers try to mimic the McAfee brand, yet don’t pull it off. Still, they do several things to try to act convincing.
Note the use of photography and the box shot of our software, paired with a prominent “act now” headline. It’s not the style of photography we use. Not that people would generally know this. However, some might have a passing thought like, “Huh. That doesn’t really look like what McAfee usually sends me.”
Beyond that, there are a few capitalization errors, some misplaced punctuation, and the “order now” and “60% off” icons look rather slapped on. Also note the little dash of fear it throws in with a mention of “There are (42) viruses on your computer …”
Taken all together, someone can readily spot that this is a scam with a closer look.
This next ad falls into the less sophisticated category. It’s practically all text and goes heavy on the red ink. Once again, it hosts plenty of capitalization errors, with a few gaffes in grammar as well. In all, it doesn’t read smoothly. Nor is it easy on the eye, as a proper email about your account should be.
What sets this example apart is the “advertisement” disclaimer below, which tries to lend the attack some legitimacy. Also note the phony “unsubscribe” link, plus the (scratched out) mailing address and phone, which all try to do the same.
This last example doesn’t get our font right, and the trademark symbol is awkwardly placed. The usual grammar and capitalization errors crop up again, yet this piece of phishing takes a slightly different approach.
The scammers placed a little timer at the bottom of the email. That adds a degree of scarcity. They want you to think that you have about half an hour before you are unable to register for protection. That’s bogus, of course.
Seeing any recurring themes? There are a few for sure. With these examples in mind, get into the details—how you can spot phishing attacks and how you can avoid them altogether.
Just as we saw, some phishing attacks indeed appear fishy from the start. Yet sometimes it takes a bit of time and a particularly critical eye to spot.
And that’s what scammers count on. They hope that you’re moving quickly or otherwise a little preoccupied when you’re going through your email or messages. Distracted enough so that you might not pause to think, is this message really legit?
One of the best ways to beat scammers is to take a moment to scrutinize that message while keeping the following in mind …
Fear. That’s a big one. Maybe it’s an angry-sounding email from a government agency saying that you owe back taxes. Or maybe it’s another from a family member asking for money because there’s an emergency. Either way, scammers will lean heavily on fear as a motivator.
If you receive such a message, think twice. Consider if it’s genuine. For instance, consider that tax email example. In the U.S., the Internal Revenue Service (IRS) has specific guidelines as to how and when they will contact you. As a rule, they will likely contact you via physical mail delivered by the U.S. Postal Service. (They won’t call or apply pressure tactics—only scammers do that.) Likewise, other nations will have similar standards as well.
Scammers also love urgency. Phishing attacks begin by stirring up your emotions and getting you to act quickly. Scammers might use threats or overly excitable language to create that sense of urgency, both of which are clear signs of a potential scam.
Granted, legitimate businesses and organizations might reach out to notify you of a late payment or possible illicit activity on one of your accounts. Yet they’ll take a far more professional and even-handed tone than a scammer would. For example, it’s highly unlikely that your local electric utility will angrily shut off your service if you don’t pay your past due bill immediately.
Gift cards, cryptocurrency, money orders—these forms of payment are another sign that you might be looking at a phishing attack. Scammers prefer these methods of payment because they’re difficult to trace. Additionally, consumers have little or no way to recover lost funds from these payment methods.
Legitimate businesses and organizations won’t ask for payments in those forms. If you get a message asking for payment in one of those forms, you can bet it’s a scam.
Here’s another way you can spot a phishing attack. Take a close look at the addresses the message is using. If it’s an email, look at the email address. Maybe the address doesn’t match the company or organization at all. Or maybe it does somewhat, yet it adds a few letters or words to the name. This marks yet another sign that you might have a phishing attack on your hands.
Likewise, if the message contains a web link, closely examine that as well. If the name looks at all unfamiliar or altered from the way you’ve seen it before, that might also mean you’re looking at a phishing attempt.
Online protection software can protect you from phishing attacks in several ways.
For starters, it offers web protection that warns you when links lead to malicious websites, such as the ones used in phishing attacks. In the same way, online protection software can warn you about malicious downloads and email attachments so that you don’t end up with malware on your device. And, if the unfortunate does happen, antivirus can block and remove malware.
Online protection software like ours can also address the root of the problem. Scammers must get your email address from somewhere. Often, they get it from online data brokers, sites that gather and sell personal information to any buyer—scammers included.
Data brokers source this information from public records and third parties alike that they sell in bulk, providing scammers with massive mailing lists that can target thousands of potential victims. You can remove your personal info from some of the riskiest data broker sites with our Personal Data Cleanup, which can lower your exposure to scammers by keeping your email address out of their hands.
In all, phishing emails have telltale signs, some more difficult to see than others. Yet you can spot them when you know what to look for and take the time to look for them. With these attacks so prevalent and on the rise, looking at your email with a critical eye is a must today.
The post How to Spot Phishing Emails and Scams appeared first on McAfee Blog.
Who else loves tax season besides accountants? Scammers.
It’s high time of year for online risks here in the U.S. with the onset of tax season, where scammers unleash all manner of scams aimed at taxpayers. The complexity, and even uncertainty, of filing a proper tax return can stir up anxieties like, Have I filed correctly, Did I claim the right deductions, Will I get audited, and Will I get stung with a tax penalty are just a few—and these are the very same anxieties that criminals use as the cornerstone of their attacks.
Yet like so many scams, tax scams give off telltale signs that they’re indeed not on the up-and-up. You have ways you can spot one before you get caught up in one.
In all, we’ve learned to watch our step with the Internal Revenue Service (IRS), so much so that receiving a notification from the IRS can feel like an unwanted surprise. Uh oh, did I do something wrong? However, in reality, less than 2% of returns get audited and most discrepancies or adjustments can get handled easily if addressed promptly.
Still, that wariness of the IRS makes for ripe pickings when it comes to hackers, who prey on people’s fear of audits and penalties. Common scams include email phishing attacks, phone calls from crooks posing as IRS agents, texts claiming there’s a problem with our tax software, and even robocalls that threaten jail time for unpaid back taxes. What’s more, fraudsters can take things a step further by committing identity theft and then filing tax claims in other people’s names.
With that, let’s dig into a list of the top scams wind up on our screens and phones during tax time.
Straight from the authority itself, the IRS publishes its Dirty Dozen, an annual list of the top tax season scams. Year-over-year, many of the same scams make the list, yet new ones continue to crop up as scammers try to take advantage of current events. A couple recent examples include email phishing scams centered around Employee Retention Credits, pandemic relief checks, and federal stimulus checks. Additionally, the IRS has warned filers about disinformation that circulates on social media, such as bogus advice that urges filers to alter their W-2 figures for a better refund. With new scams entering the mix every tax season, the Dirty Dozen offers plenty of good advice that can help you steer clear of scams.
We all know the annoyance of spammy phone calls, whether they’re for phony car warranties, tech support services, or debt collection agencies. During this time of year, you can add phony IRS agents and financial service providers to the list.
The stories that scammers will tell will vary, but they often share common themes:
Another thing they have in common: they each outright ask for money, personal information, and sometimes a combination of both. All of which is an indication of a scam.
For the record, per the IRS, it does not:
Also per the IRS, they cannot revoke your driver’s license, business licenses, or immigration status. As noted above, scammers will often weave these threats into their stories. Those threats are entirely empty.
What will the IRS do? Generally, the IRS will first mail a notice to any taxpayer who owes taxes. In some instances, IRS collection employees may make an unannounced visit to your home and properly identify themselves with IRS-issued credentials and an federal ID card. In all cases, the revenue officer will only request required payments by cash, check, certified funds, or money order payable to “United States Treasury.”
As for scam calls that pose as financial services companies or tax preparers, ignore them. If you’re planning to work with a tax pro, do your research and work with a legitimate, accredited individual or organization. The IRS has a great resource that can get you started on your search with its “Directory of Federal Tax Return Preparers.” There you can get a list of qualified tax preparers that are verified by the IRS, which you can narrow down based on their accreditations and distance from your zip code.
One way you can be sure that someone other than the IRS has reached you is if they contact you by text, messaging app, or social media. The IRS will not contact you in any of these ways. Ignore any such messages, and if your app or platform allows you to report messages or accounts as spam, do so. You can often do it with a simple click or tap.
Another increasingly popular scam on phones is the bogus account alert. The scammer may send a message that says Your account is on hold, or something like We’ve detected unusual activity. During most of the year, scammers will use these messages to pose as online payment platforms, banks, credit card companies, online stores, and streaming services.
Now during tax season, they’ll masquerade as IRS agents or popular tax software companies. Even though the names change, the game remains the same. The text or message will serve up a link so you can “correct the situation,” one that leads to a site that could steal your personal information or otherwise trick you into installing malware on your phone.
As always, don’t click these links. Report them if you can.
Phishing emails pull many of the same tricks that calls, texts, and direct messages do—you’ll simply find them in your inbox instead. The same rules for avoiding other IRS scams apply here. First, note that the IRS will never initiate contact with you via email. Nor will they send you emails about your tax refund or any other sensitive information.
In the past, the IRS has reported that phishing emails often send their victims to lookalike IRS sites that can appear quite convincing. There, victims either receive a prompt to enter their personal and financial information or to download a file that’s laden with malware. Other emails may include attachments, which may be loaded with malware as well.
Delete any such emails you receive. And if you have any concerns, contact your tax professional or the IRS directly. Also, the IRS asks people who receive scam emails to notify them at phishing@irs.gov. This helps the IRS track and prosecute scammers.
Imagine filing your return only to find out it’s already been filed.
A far more serious form of tax-related crime is identity theft, where a scammer uses the victim’s personal information and Social Security number to file a return in the victim’s name—and claim the refund. One particularly painful aspect of identity theft and taxes is that victims often find out only after it occurs or when it’s well underway. For example:
Other signs are related to employment, such as getting assigned an Employer Identification Number even though you didn’t request one, discovering that the IRS shows you received income from an employer you didn’t work for, or finding out that someone has claimed unemployment benefits in your name. Once again, both are signs of full-on identity theft where someone has assumed your identity.
The IRS states that you should always respond to any IRS notice, particularly if you believe it is in error. If you’ve already contacted the IRS about an identity theft issue, you can reach them at 800-908-4490 for further assistance.
Understand that if this form of identity theft occurs to you, it’s highly likely that the scammer has your Social Security number. Report that right away at https://www.ssa.gov/number-card/report-stolen-number if you think your number is being used by someone else.
Your Social Security number ranks at the very top of your most valuable personal information. It unlocks everything from driver’s licenses, photo identification, employment, insurance claims, and of course taxes. Act immediately if you think it’s been compromised.
One way to protect yourself from an identity thief from claiming a return in your name is to file yours before they do. As mentioned, many victims of identity theft find out they’ve been scammed when they receive an IRS notification that their tax claim has already been filed. Simply put, file early.
Another way you can help prevent someone from filing a return in your name is to request a six-digit Identity Protection PIN (IP PIN). Once you receive am IP PIN, the IRS will use it to verify your identity when you file by paper or electronically. It’s good for one calendar year, and you can generate a new one each year for your account. You can request an IP PIN at: https://www.irs.gov/identity-theft-fraud-scams/get-an-identity-protection-pin.
Also be aware that scammers want your IP PIN as well. Phone calls, emails, or texts asking for it are scams. Outside of including it when filing your return, the IRS will never ask for it. If you are working with a tax professional, only provide it when it comes time to file.
Keeping tabs on your credit report and knowing if your personal information has been compromised in some way can help prevent tax fraud. Together, they can let you know if someone has stolen your identity or if you have personal info on the dark web that could lead to identity theft.
Our credit monitoring service can keep an eye on changes to your credit score, report, and accounts with timely notifications and guidance so you can take action to tackle identity theft.
Our identity monitoring service checks the dark web for your personal info, including email, government IDs, credit card and bank account info, and more—then provides alerts if your data is found on the dark web, an average of 10 months ahead of similar services.
If you fall victim to identity theft, having identity theft protection in place can provide significant relief, both financially and in terms of recovery. Our identity theft coverage & restoration support includes $1 million in funds if it’s determined that you’re a victim, which covers lawyer’s fees, travel expenses, and stolen funds reimbursement—while licensed recovery experts can help you repair your credit and identity. Considering the potential costs in both time and money, identity theft protection can speed and ease recovery.
How’d that scammer get your phone number or email address anyway? Chances are, they pulled that information off a data broker site. Data brokers buy, collect, and sell detailed personal information, which they compile from several public and private sources, such as local, state, and federal records, plus third parties like supermarket shopper’s cards and mobile apps that share and sell user data. Moreover, they’ll sell it to anyone who pays for it, including people who’ll use that information for scams.
You can help reduce those scam texts and calls by removing your information from those sites. Our Personal Data Cleanup scans some of the riskiest data broker sites and shows you which ones are selling your personal info. We also provide guidance on how you can remove your data from those sites and, with select plans, even manage the removal for you—while continuing to scan those sites in case your information reappears.
Comprehensive online protection software can help you on a number of counts. It warns you of suspicious links in emails and texts that could send you to malicious sites. It can further protect you from ransomware attacks, which IRS has also listed among its Dirty Dozen. And you can use it to monitor all your transactions across all your financial accounts in one place, which can spot any questionable activity. In all, tax time or otherwise, online protection software is always a strong security move.
A little stress and uncertainty can enter the picture during tax season, and scammers know it. In fact, they prey upon it. They concoct their scams around those feelings, hoping that you’ll take the bait and act quickly without taking the time to scrutinize what they’re saying and what they’re really asking you to do.
Keeping up to date on what the latest scams are, having a good sense of which ones get recycled every year, and putting protections in place can help you avoid getting stung by a scam at tax season.
For yet more information, visit the IRS Tax Scam and Consumer Alert site at: https://www.irs.gov/newsroom/tax-scams-consumer-alerts
The post How to Stay Safe When Paying Your Taxes to the IRS appeared first on McAfee Blog.
Artificial intelligence (AI) is making its way from high-tech labs and Hollywood plots into the hands of the general population. ChatGPT, the text generation tool, hardly needs an introduction and AI art generators (like Midjourney and DALL-E) are hot on its heels in popularity. Inputting nonsensical prompts and receiving ridiculous art clips in return is a fun way to spend an afternoon.
However, while you’re using AI art generators for a laugh, cybercriminals are using the technology to trick people into believing sensationalist fake news, catfish dating profiles, and damaging impersonations. Sophisticated AI-generated art can be difficult to spot, but here are a few signs that you may be viewing a dubious image or engaging with a criminal behind an AI-generated profile.
To better understand the cyberthreats posed by each, here are some quick definitions:
AI art and deepfake aren’t technologies found on the dark web. Anyone can download an AI art or deepfake app, such as FaceStealer and Fleeceware. Because the technology isn’t illegal and it has many innocent uses, it’s difficult to regulate.
How Do People Use AI Art Maliciously?
It’s perfectly innocent to use AI art to create a cover photo for your social media profile or to pair it with a blog post. However, it’s best to be transparent with your audience and include a disclaimer or caption saying that it’s not original artwork. AI art turns malicious when people use images to intentionally trick others and gain financially from the trickery.
Catfish may use deepfake profile pictures and videos to convince their targets that they’re genuinely looking for love. Revealing their real face and identity could put a criminal catfish at risk of discovery, so they either use someone else’s pictures or deepfake an entire library of pictures.
Fake news propagators may also enlist the help of AI art or a deepfake to add “credibility” to their conspiracy theories. When they pair their sensationalist headlines with a photo that, at quick glance, proves its legitimacy, people may be more likely to share and spread the story. Fake news is damaging to society because of the extreme negative emotions they can generate in huge crowds. The resulting hysteria or outrage can lead to violence in some cases.
Finally, some criminals may use deepfake to trick face ID and gain entry to sensitive online accounts. To prevent someone from deepfaking their way into your accounts, protect your accounts with multifactor authentication. That means that more than one method of identification is necessary to open the account. These methods can be one-time codes sent to your cellphone, passwords, answers to security questions, or fingerprint ID in addition to face ID.
Before you start an online relationship or share an apparent news story on social media, scrutinize images using these three tips to pick out malicious AI-generated art and deepfake.
Fake images usually don’t appear by themselves. There’s often text or a larger article around them. Inspect the text for typos, poor grammar, and overall poor composition. Phishers are notorious for their poor writing skills. AI-generated text is more difficult to detect because its grammar and spelling are often correct; however, the sentences may seem choppy.
Does the image seem too bizarre to be real? Too good to be true? Extend this generation’s rule of thumb of “Don’t believe everything you read on the internet” to include “Don’t believe everything you see on the internet.” If a fake news story is claiming to be real, search for the headline elsewhere. If it’s truly noteworthy, at least one other site will report on the event.
AI technology often generates a finger or two too many on hands, and a deepfake creates eyes that may have a soulless or dead look to them. Also, there may be shadows in places where they wouldn’t be natural, and the skin tone may look uneven. In deepfaked videos, the voice and facial expressions may not exactly line up, making the subject look robotic and stiff.
Fake images are tough to spot, and they’ll likely get more realistic the more the technology improves. Awareness of emerging AI threats better prepares you to take control of your online life. There are quizzes online that compare deepfake and AI art with genuine people and artworks created by humans. When you have a spare ten minutes, consider taking a quiz and recognizing your mistakes to identify malicious fake art in the future.
To give you more confidence in the security of your online life, partner with McAfee. McAfee+ Ultimate is the all-in-one privacy, identity, and device security service. Protect up to six members of your family with the family plan, and receive up to $2 million in identity theft coverage. Partner with McAfee to stop any threats that sneak under your watchful eye.
The post How to Spot Fake Art and Deepfakes appeared first on McAfee Blog.
Scammers now have new tools to lure people who are looking for love online, by reeling in potential victims with artificial intelligence (AI). Thanks to the aid of popular AI tools like ChatGPT, scammers can potentially generate anything from seemingly innocent intro chats to full-blown love letters in seconds, all ready to dupe their victims on demand.
Tactics like these are typical of “catfishing” in dating and romance scams, where the scammer creates a phony online persona and uses it to lure their victim into a relationship for financial gain. Think of it as a bait-and-hook approach, where the promise of love is the bait, and theft is the hook.
And as explained above, baiting that hook just got far easier with AI.
Sound farfetched? After all, who would fall for such a thing? It turns out that a sophisticated AI chatbot can sound an awful lot like a real person seeking romance. In our latest “Modern Love” research report, we presented a little love letter to more than 5,000 people worldwide and asked them if it was written by a person or by AI:
My dearest,
The moment I laid eyes on you, I knew that my heart would forever be yours. Your beauty, both inside and out, is unmatched and your kind and loving spirit only adds to my admiration for you.
You are my heart, my soul, my everything. I cannot imagine a life without you, and I will do everything in my power to make you happy. I love you now and forever.
Forever yours …
One-third of the people (33%) thought that a person wrote this letter, 31% said an AI wrote it, and 36% said they couldn’t tell one way or another.
What did you think? If you said that a person wrote the letter, you got hoodwinked. An AI wrote it.
The implications are concerning. Put plainly, scammers can turn on the charm practically at will with AI, generating high volumes of romance-laden content for potentially high volumes of victims. And as our research indicates, plenty of people are ready to soak it up.
Worldwide, we found:
Chatting with a stranger is one thing. Yet how often did it lead to a request for money or other personal information? More than half the time.
Scammers love a good story, one that’s intriguing enough to be believable, such as holding a somewhat exotic job outside of the country. Common tales include drilling on an offshore oil rig, working as a doctor for an international relief organization, or typically some sort of job that prevents them from meeting up in person.
Luckily, this is where many people start to catch on. In our research, people said they found out they were being catfished when:
Of course, the true telltale sign of an online dating or romance scam is when the scammer asks for money. The scammer includes a little story with that request too, usually revolving around some sort of hardship. They may say they need to pay for travel or medical expenses, a visa or other travel documents, or even customs fees to retrieve an item that they say is stuck in the mail. There’s always some kind of twist or intriguing complication that seems just reasonable enough such that the victim falls for it.
Scammers will often favor payment via wire transfers, gift cards, and reloadable debit cards, because they’re like cash in many regards—once you fork over that money, it’s as good as gone. These forms of payment offer few protections in the event of scam, theft, or loss, unlike a credit card charge that you can contest or cancel with the credit card company. Unsurprisingly, scammers have also added cryptocurrency to that list because it’s notoriously difficult to trace and recover.
In all, a romance scammer will typically look for the easiest payment method that’s the most difficult to contest, reimburse, or trace back to the recipient. Requests for money, particularly in these forms, should raise a major red flag.
What makes online dating and romance scams so malicious, and so difficult to sniff out, is that scammers prey on people’s emotions. This is love we’re talking about, after all. People may not always think or act clearly to the extent that they may wave away their doubts—or even defend the scammer when friends or family confront them on the relationship.
However, an honest look at yourself and the relationship you’re in provides some of the best guidance around when it comes to meeting new people online:
Scammers, although arguably heartless, are still human. They make mistakes. The stories they concoct are just that. Stories. They may jumble their details, get their times and dates all wrong, or simply get caught in an apparent lie. Also, keep in mind that some scammers may be working on several victims at once, which is yet another opportunity for them to get confused and slip up.
In the cases where scammers may use AI tools to pad their conversations, you can look for several other signs. AI still isn’t always the smoothest operator when it comes to language. AI often uses short sentences and reuses the same words, and sometimes it generates a lot of content without saying much at all. What you’re reading may seem to lack a certain … substance.
Scammers are likely to use all kinds of openers. That text you got from an unknown number that says, “Hi, where are you? We’re still meeting for lunch, right?” or that out-of-the-blue friend request on social media are a couple examples. Yet before that, the scammer had to track down your number or profile some way or somehow. Chances are, all they needed to do was a little digging around online.
Be critical of the invitations you receive. Out-and-out strangers could be more than a romance scammer, they could be a fake account designed to gather information on users for purposes of cybercrime, or they can be an account designed to spread false information. There are plenty of them too. In fact, in Q3 of 2022 alone, Facebook took action on 1.5 billion fake accounts. Reject requests from strangers.
How did that scammer get your phone number or contact information in the first place? It could have come from a data broker site. Data brokers are part of a global data economy estimated at $200 billion U.S. dollars a year fueled by thousands of data points on billions of people scraped from public records, social media, third-party sources, and sometimes other data broker sites as well. With info from data broker sites, scammers compile huge lists of potential victims for their spammy texts and calls.
Our Personal Data Cleanup can help remove your info from those sites for you. Personal Data Cleanup scans some of the riskiest data broker sites and shows you which ones are selling your personal info. It also provides guidance on how you can remove your data from those sites and can even manage the removal for you depending on your plan. It also monitors those sites, so if your info gets posted again, you can request its removal again.
Online protection software can protect you from clicking on malicious links that a scammer may send you online, while also steering you clear of other threats like viruses, ransomware, and phishing attacks in general. It can look out for your personal information as well, protecting your privacy by monitoring the dark web for your email, SSN, bank accounts, credit cards, and other info that a scammer or identity thief may put to use. With identity theft a rather commonplace occurrence today, security software is really a must.
Worldwide, we found that 30% of men (and 26% of all adults) said they plan to use artificial intelligence tools to put their feelings into words. Yet, there’s a flipside. We also found that 49% of respondents said they’d be offended if they found out the note they received had been produced by a machine.
So why are people turning to AI? The most popular reason given for using AI as a ghostwriter was that it would make the sender feel more confident (27%), while others cited lack of time (21%) or lack of inspiration (also 21%), while 10% said it would just be quicker and easier and that they didn’t think they’d get found out.
It’s also worth noting that true romance seekers have called upon AI to kick off chats in dating apps, which might take the form of an ice-breaking joke or wistful comment. Likewise, AI-enabled apps have started cropping up in app stores, which can coach you through a conversation based on contextual cues like asking someone out or rescheduling a date. Some can even create AI-generated art on demand to share a feeling through an image.
It may be better than opening a conversation with an otherwise dull “hey,” yet as our research shows, there are risks involved if people lean on it too heavily—and prove to be quite a different person when they start talking on their own.
It’s important to remember that an AI chatbot like ChatGPT is a tool. It’s not inherently good or bad. It’s all in the hands of the user and how they choose to apply it. And in the case of scammers, AI chatbots have the potential to do a lot of harm.
However, you can protect yourself. In fact, you can still spot online dating and romance scams in much the same way as before. They still follow certain rules and share the same signs. If anything, the one thing that has changed is this: reading messages today calls for extra scrutiny. It will take a sharp eye to tell what’s real and what’s fake.
As our research showed, online dating and romance scams begin and end with you. Thinking back to what we learned as children about “stranger danger” goes a long way here. Be suspicious and, better yet, don’t engage. Go about your way. And if you do find yourself chatting with someone who requests money or personal information, end it. Painful as the decision may be, it’s the right decision. No true friend or partner, one you’ve never seen or met, would rightfully ask that of you.
Editor’s Note:
Online dating and romance scams are a crime. If you think that you or someone you know has fallen victim to one, report it to your authorities and appropriate government agencies. In the case of identity theft or loss of personal information, our knowledge base article on identity theft offers suggestions for the specific steps you can take in specific countries, along with helpful links for local authorities that you can turn to for reporting and assistance.
The post Could ChatGPT Cause Heartbreak with Online Dating Scams? appeared first on McAfee Blog.
Using a VPN on your smartphone can boost your privacy in a big way, particularly with all the data tracking that’s happening out there today.
For some time now, we’ve recommended a VPN when using public Wi-Fi in airports, libraries, hotels, and coffee shops. Given that these are public networks, a determined hacker can snoop on the other devices transmitting data on them. With a VPN, any connection becomes a secure connection, which includes public Wi-Fi. That advice still holds true. Yet there’s a good reason to use it on your smartphone all the time—for your privacy.
Let’s start with a quick look at the two big things a VPN does for you.
The bank-grade encryption used by a strong VPN shields your data and information while it’s in transit, which makes it terrifically difficult for hackers to spy on your connection. (Think of your data and information traveling through a tunnel that no one else can use or see into.) In that way, a VPN makes all kinds of online activities more secure—like banking, shopping, and checking up on your finances.
By masking your whereabouts and your IP address, along with encryption that helps keep your activities private, a VPN reduces the personal information that others can collect and track. That includes internet service providers, social media companies, businesses, app developers, websites, and others who gather your data for marketing purposes or resale to third parties.
As far as your privacy is concerned, a VPN on a smartphone can be a smart move. There are a couple of reasons for that: first, because of the way smartphones have additional tracking technologies built in, and second, because of all the trackable data we create when using smartphones as frequently as we do—up to six hours per day for some.
As for how your smartphone is built, data collectors can harvest your personal information that reveals what you’re doing, when you’re doing it, and where you’re doing it as well. Several technologies allow them to pinpoint where you are at any given time, such as GPS and location services, along with Bluetooth connectivity and location tracking based on which cell phone tower you’re connected to. Even scanning a QR code with your phone can reveal location information. It can all get rather precise, which is of interest to advertisers, businesses, and even governments.
Next, think about all the activities you do on your phone, with a special emphasis on the apps you use and the data they create, about your health, your shopping habits, your travels, who you’re chatting with, and what content you’re posting online—just to name a few things. Once again, that information in and of itself is valuable to data collectors. It becomes even more valuable when they know where you do these things.
Taken together, data broker companies readily gather this information from millions of devices, generating billions of data points, and creating massive lists of targeted information. And that information gets quite specific. With some data brokers collecting hundreds and thousands of data points per person, they can provide interested buyers with a high-resolution snapshot of who you are, where you live, who’s in your family, your income, where you shop, what you like to buy—right on down to your favorite shampoo. And that’s just for starters.
It’s little surprise that all this data brokering activity fuels a global business estimated at $280 billion U.S. dollars a year.
How’s this happening? In large part by way of the privacy policies you may or may not have read.
Within those policies, device manufacturers, social media companies, app developers, and so on will detail what data they collect, under what conditions, what they do with it, and if they share or resell that data to other parties. However, if you’ve ever dived into the fine print of a privacy policy, what’s stated there isn’t always clear. Now consider all the apps you have on your phone and the privacy policies associated with each one—your personal data privacy picture gets even less clear.
With digital data and information collection baked into so much of what we do online, it’s little wonder that more than 70% of people feel like their data privacy is out of their control.
Yet there are things you can do.
Using a VPN on your smartphone can make you far more anonymous online. A VPN can minimize the data that gets exposed as it transmits to and from your smartphone. As a result, companies and data brokers can potentially learn far less about you, your shopping, your travels, your habits, and any other information that they could possibly collect and otherwise profit from.
While you have free VPN options available, I suggest steering clear of them. As with many “free” services, there’s going to be some catch, often involving data collection. For example, some so-called “free VPNs” have served up tracking malware or actually collected private data and information for sale—the very things you want a VPN to prevent.
Given that this is your privacy we’re talking about, do a little background check. Has the VPN you’re considering been independently audited for security? The technology that powers ours undergoes a thorough audit every year. Search news articles and see if the VPN you’re looking at has a track record of collecting and selling data in any way. Again, with our VPN technology, we don’t log or track what you do online so your online activity remains private.
What about the information that’s already out there? Our Personal Data Cleanup can help you remove your personal information from high-risk data broker sites, so you can prevent it from being further collected and sold online. If you’re unsure if your data and information are out there, consider what one major data broker has touted in the past—a reach of over 62 countries and the ability to reach over 2.5 billion consumers globally. With 5 billion internet users today, that accounts for half of the world’s online population. And that’s just one data broker alone.
Moreover, consider that data brokers acquire plenty of information from places other than your smartphone and other connected devices. They skim and collate public records associated with you, information purchased from retailers with loyalty card programs, not to mention census data, court records, and motor vehicle records. And that’s just a few of the many sources. Using our Personal Data Cleanup can help remove those sorts of records too.
Together, the combination of a VPN and Personal Data Cleanup can help you become far more private than before. With so much of our digital lives getting collected, tracked, and tabulated, often without our knowledge thanks to confusing privacy policies, taking control of your privacy makes sense and only gets easier to do thanks to the tools and services available to you.
The post Why You Need a VPN on Your Smartphone appeared first on McAfee Blog.
FreshRSS 