Login
Scammers aren’t worried about ending up on the naughty list. If anything, they’re doubling down in 2025.
This year, scammers are impersonating major brands with startling accuracy, from fake delivery updates to cloned checkout pages.
Our McAfee Labs researchers analyzed real scam texts, emails, and URLs from October through early November, along with consumer survey data, to identify the patterns shaping this season’s fraud.
Here’s what shoppers need to know, what’s trending upward, and how to spot the fakes before they reach your cart.
A brand-impersonation scam is when criminals copy a real brand, like a retailer, tech company, bank, or delivery service, to make fake emails, texts, ads, or websites that look legitimate.
Their goal is to trick shoppers into clicking, entering account details, or making a payment.
McAfee Labs’ brand impersonation analysis shows criminals focusing on the items people shop for most — tech gifts, luxury goods, and high-demand drops.
Fake versions of these brands typically include:
Scammers are getting better at copying the brands you trust, but avoiding the fakes gets much easier when you slow down, verify what you see, and use tools that check links and messages before you click.
Here’s what actually helps during a season when realistic-looking scams are everywhere:
If you get a message about an order, refund, delivery issue, or account lockout, don’t click the link.
Go directly to the retailer’s app or type the URL manually.
This single habit eliminates most holiday scams.
Scammers can recreate logos, colors, and templates perfectly.
What they can’t easily mimic:
If the sender looks off, the message is off.
McAfee’s online protection adds a critical layer of holiday safety, especially when scammers imitate retailers with near-perfect accuracy.
Key protections include:
Web Protection
Blocks malicious or suspicious websites before they load — including fake checkout pages, login portals, and support sites.
Scam Detector
Built into all core McAfee plans. It flags scam texts, emails, and even deepfake-style video promotions, letting you know a link or message is unsafe before you interact with it.
Password Manager
Creates and stores strong, unique passwords so a stolen login from one retailer doesn’t unlock your whole digital life.
Identity & Financial Monitoring
Transaction Monitoring and Credit Monitoring can alert you to unusual activity — a crucial safety net when stolen logins, card numbers, or personal details circulate quickly during the holidays.
These tools help counter the exact tactics scammers rely on: cloned websites, fake brand emails, and phishing links disguised as legitimate retailers.
Even if a scammer gets your password, they can’t get in without your one-time code.
Legitimate companies don’t ask you to “act in minutes,” pay fees to “unlock” an account, or claim you must stay on the line.
Pressure is a tactic — not customer service.
Check your banking and shopping accounts weekly.
Small unauthorized charges often appear before large ones.
The post The Most Impersonated Brands in Holiday Shopping, Ranked appeared first on McAfee Blog.
You’ve seen the videos: a too-perfect Taylor Swift promoting free cookware. A fake Tom Hanks offering dental insurance.
They look real—but they’re not.
New research from McAfee Labs shows just how common these scams have become.
Our 2025 Most Dangerous Celebrity: Deepfake Deception List ranks the stars and influencers whose likenesses are most hijacked by scammers, and reveals a growing market for AI-powered fake endorsements.
At the top of the list? Taylor Swift, followed by Scarlett Johansson, Jenna Ortega, and Sydney Sweeney. Globally, names like Brad Pitt, Billie Eilish, and Emma Watson also appear among the most exploited.
McAfee also released its first-ever Influencer Deepfake Deception List, led by gamer and streamer Pokimane, showing that scammers are now targeting social platforms just as aggressively as Hollywood.
The formula is simple: use someone people trust to sell something that doesn’t exist.
Criminals clone celebrity voices and faces with AI to promote fake giveaways, skincare products, crypto investments, or “exclusive” deals that lead straight to malware or payment fraud.
According to McAfee’s survey of 8,600 people worldwide:
Scammers exploit trust. When you see a familiar face, your brain automatically lowers its guard. And that’s exactly what they count on.
AI has made these scams look frighteningly real.
Modern deepfake generators can mimic voices, facial movements, and even micro-expressions with uncanny precision. Only 29% of people feel confident identifying a fake, and 21% admit to having low confidence spotting deepfakes.
That’s how fake endorsements and AI romance scams have exploded online.
“Seeing is believing” doesn’t apply anymore, and scammers know it.
Deepfake scams don’t just rely on technology; they prey on parasocial relationships, the one-sided emotional bonds fans form with public figures.
When a “celebrity” DMs you, it doesn’t always feel strange. It feels personal. That sense of intimacy makes people act before thinking.
It’s the same psychological playbook behind romance scams, now supercharged by AI tools that make fake videos and voice messages sound heartbreakingly real.
Celebrity and influencer culture has always shaped what we buy, but now it’s shaping how scammers deceive. These deepfakes don’t just steal money; they chip away at our trust in what we see, hear, and share online.
The celebrities at the center of these scams aren’t accomplices, they’re victims, too, as criminals hijack their likenesses to exploit the bond between fans and the people they admire. And as deepfake tools become easier to use, the line between real and fake is vanishing fast.
The next viral “giveaway” might not be an ad at all…it could be bait.
You can’t stop scammers from cloning famous faces, but you can stop them from fooling you. Use McAfee’s Scam Detector to scan links, messages, and videos before you click.
The post The Stars Scammers Love Most: McAfee Reveals World’s Most Deepfaked Celebs appeared first on McAfee Blog.
It’s an all-too-familiar trap. You’re scrolling TikTok when an ad for your favorite shoe brand pops up. Black Friday and Cyber Monday sales are everywhere, and this one—buy one, get one free—looks completely legit.
The site it links to looks real too. The logo, the product pages, even the checkout cart all match what you’d expect from the brand. You place your order and move on.
A few days later, you notice the charge on your bank statement. It’s the right amount—but the payment didn’t go to the store you thought. Instead, there’s a company name you don’t recognize.
That’s when it hits you: the site wasn’t real at all. You’ve been scammed.
Peak shopping season is peak scam season, with fake deals and ads making up one major tactic used to deceive shoppers.
Nearly all U.S. adults plan to shop online this season, with about half planning to do so daily or more. Scammers know that when people are rushing to buy gifts and click “checkout,” they’re also less likely to slow down and verify what they’re seeing.
That’s when fraudsters strike, often using artificial intelligence to make their fake messages and websites look authentic.
McAfee’s 2025 holiday shopping research revealed that almost half of Americans (46%) say they’ve already encountered these AI-powered scams while shopping.
The era of “obvious scams” is over.
Generative AI tools have made it simple to clone brand websites, copy influencer voices, and even create realistic video ads promoting fake sales. And our recent State of the Scamiverse research found people struggle identifying deepfakes, with 39% of people saying deepfake video scams are getting more sophisticated and harder to spot.
That’s why deepfake-driven scams utilizing advanced tactics are multiplying across platforms like TikTok and Instagram. Scammers are impersonating celebrity likenesses, or well-known brands, to advertise “exclusive” promotions or fake giveaways. For holiday shoppers, the line between what is authentic and fraudulent continues to blur.
These scams mimic major brand websites down to the logo, product photography, and even customer service pages. The only difference is the URL—a single extra letter or misplaced period (“target-sale.com” instead of “target.com”).
When shoppers enter their payment details or passwords on these fraudulent websites, that information goes directly to criminals. According to McAfee research, this fear of scams while shopping has stopped 40% of consumers from completing a holiday purchase.
How to spot it: Always check the full web address, look for “https,” and avoid clicking through from an ad or social post. It’s best to just type the retailer’s name directly into your browser instead to reach the official site.
Even cybercriminals follow trends, and short-form videos are scam hotspots. Scammers use deepfakes or stolen influencer content to make “exclusive” deals look legitimate.
For example, a TikTok clip may show a celebrity promoting a discount code that redirects to a counterfeit store.
According to McAfee research, 1 in 5 people (20%) say they or someone they know has fallen victim to a deepfake scam in the past year. And overwhelmingly, respondents said they came across deepfakes on social media.
How to spot it: Check if the creator’s account is verified. Look at past posts and engagement patterns. Real brands rarely share one-off videos with unfamiliar links.
You’ll receive a text saying a package can’t be delivered or that a small fee is needed to confirm your address.
McAfee found that 43% of people have encountered fake delivery notifications, and many victims say they entered credit card information thinking they were resolving a legitimate issue.
How to spot it: Real shipping companies rarely send texts with clickable payment links. Visit the carrier’s official website or app to verify any delivery problems.
These scams pressure you to “verify” your account or make an urgent payment. Messages may claim your PayPal or Amazon account is locked and request you to confirm details. Others ask for gift cards to “resolve” a billing issue.
Scammers count on urgency—once you send a code or card number, the funds are gone instantly.
How to spot it: No legitimate company will ask for payment in gift cards or ask you to share one-time codes over text. Always log in to your account directly, never through a link sent via message.
Go straight to the source. If you see an offer on social media, type the retailer’s URL yourself instead of clicking through the post. Fraudulent ads often lead to look-alike domains.
Pause before you click. Take a moment to verify emails and DMs. Check the sender’s address, look for misspellings, and hover over links to preview where they lead.
Use AI to fight AI. McAfee’s Scam Detector can identify suspicious messages, fake websites, and deepfake content before harm occurs.
Keep your software up to date. Many scams exploit outdated browsers or apps. Regular updates patch vulnerabilities before criminals can use them.
Avoid public Wi-Fi while shopping. Public networks are easy for hackers to monitor. Use a secure or mobile connection instead. Check out McAfee’s VPN to stay protected while browsing and shopping.
Never pay with gift cards: Legitimate companies and businesses will never ask for you to pay or verify a purchase in exchange for gift cards.
Be suspicious of requests to pay with crypto: A legitimate company will not force you to pay in crypto or other specific crypto assets.
McAfee’s Scam Detector uses advanced artificial intelligence to automatically detect scams across text, email, and video. It blocks dangerous links, identifies deepfakes, and stops harm before it happens.
McAfee’s identity protection tools also monitor for signs that your personal information may have been exposed and guide you through recovery steps.
You can sign in to your McAfee account to scan for recent breaches linked to your email, or try a free trial of McAfee antivirus to keep your devices secure throughout the shopping season.
The post Holiday Shopping Scams: What to Watch as Black Friday & Cyber Monday Approach appeared first on McAfee Blog.
If you’ve been watching the news, you’ve probably seen the headlines out of Paris: one of the most audacious heists in decades took place at the Louvre, where thieves made off with centuries-old crown jewels worth tens of millions of dollars.
But amid the cinematic drama, a quieter detail emerged that’s almost harder to believe—according to French newspaper Libération (via PC Gamer), auditors discovered that the password protecting the museum’s video surveillance system was simply “Louvre.”
While it’s not yet confirmed whether this played a direct role in the robbery, cybersecurity experts point out that weak or reused passwords remain one of the easiest ways for criminals—digital or otherwise—to get inside.
The Louvre’s cybersecurity audits, dating back to 2014, reportedly revealed a pattern of outdated software and simple passwords that hadn’t been updated in years. Subsequent reviews noted “serious shortcomings,” including security systems running on decades-old software no longer supported by developers.
That situation mirrors one of the most common security issues individuals face at home. Whether it’s an email account, a social media login, or your home Wi-Fi router, using an easy or repeated password is like leaving the front door open. Hackers don’t need to break in when they can just walk through.
As experts here at McAfee have explained, cybercriminals routinely rely on “credential stuffing” attacks, in which they test stolen passwords from one breach against other sites to see what else they can access. If you’ve used the same password for your streaming account and your online banking, it’s not hard to imagine what could go wrong.
A strong password is long, complex, and unique. Cybersecurity experts recommend at least 12–16 characters that mix uppercase and lowercase letters, numbers, and symbols. A short password can be guessed in minutes; a long one can take decades to crack.
If that sounds like a lot to juggle, you’re not alone. That’s why password managers exist.
A password manager takes the work—and the guesswork—out of creating and remembering complex passwords. It generates random combinations that are nearly impossible to crack, then stores them securely using advanced encryption.
The added bonus? You’ll never have to reuse a password again. Even if one account is theoretically compromised in a breach, your others remain protected because each password is unique.
McAfee’s password manager also uses multi-factor authentication (MFA), meaning you’ll need at least two forms of verification before signing in—like a code sent to your phone. That extra step can stop hackers cold, even if they somehow get your password.
To keep your digital treasures safer than the Louvre’s jewels:
Reports of the Louvre’s weak password might make for an easy punchline, but the truth is that millions of people make the same mistake every day—reusing simple passwords across dozens of accounts. Strong, unique passwords (and the right tools to manage them) are still one of the most powerful defenses against data theft and identity fraud.
As scams and breaches continue to evolve, your best defense is awareness and protection that adapts just as fast. McAfee’s built-in Scam Detector, included in all core plans, automatically detects scams across text, email, and video, blocks dangerous links, and identifies deepfakes—stopping harm before it happens.
The post The Louvre Used Its Own Name as a Password. Here’s What to Learn From It appeared first on McAfee Blog.
Your digital life is being stitched together—one purchase, one search, one swipe at a time.
Data brokers collect and combine fragments of your personal information to build detailed profiles they can sell to advertisers, employers, and anyone willing to pay.
While you can request that these brokers delete your data, many make it almost impossible to do so.
A joint investigation by CalMatters and The Markup found that 35 data brokers had intentionally hidden their opt-out pages from search results, making it harder for people to remove their information.
The result: a patchwork version of you exists online—a Frankenstein of your data, stitched together without your consent.
Moreover, practically anyone can purchase this sensitive info. That ranges from advertisers to law enforcement and from employers to anyone on the street who wants to know a lot more about you.
Here’s what’s happening, and what you can do about it.
As part of the article, reporters analyzed 499 data broker sites registered in the state of California. Of them, 35 had search-blocking code. Additionally per the article, many opt out pages “required scrolling multiple screens, dismissing pop-ups for cookie permissions, and newsletter sign-ups and then finding a link that was a fraction the size of other text on the page.”[i]
Once the publications contacted the data brokers in question, multiple companies halted the practice, some responding that they were unaware their site had search-blocking code. Several others didn’t respond by the time the article was published and kept their practices in place.
There are several ways information brokers can get your info about you …
Sources available to the public: Some of your personal records are easily available to the public. Data brokers can collect public records like your voter registration records, birth certificate, criminal record, and even bankruptcy records. By rounding them up from multiple sources and gathering them in one place, it takes someone seconds to find out all these things about you, rather than spending hours poring over public records.
Search, browsing, and app usage: Through a combination of data collected from internet service providers (ISPs), websites, and apps, data brokers can get access to all kinds of activity. They can see what content you’re interested in, how much time you spend on certain sites, and even your daily travels thanks to location data. They also use web scraping tools (software that pulls info from the web), to gather yet more. All this data collecting makes up a multi-billion-dollar industry where personal data is gathered, analyzed, sold, and then sold again and again—all without a person’s knowledge.
Online agreements: As it is with smartphone apps, you’ll usually have to sign an agreement when signing up for a new online service. Many of these agreements have disclosures in the fine print that give the company the right to collect and distribute your personal info.
Purchase history: Data brokers want to know what products or services you’ve purchased, how you paid for them (credit card, debit card, or coupon), and when and where you purchased them. In some cases, they get this info from loyalty programs at places like supermarkets, drugstores, and other retailers. Kroger, one of the largest grocery chains, is a good example of how purchasing insights end up in the hands of others. According to Consumer Reports, the company draws 35% of its net income from selling customer data to other companies.
For starters, there aren’t any data privacy laws on the federal level. That, so far, has fallen to individual states to enact. As such, data privacy laws vary from state-to-state, with California having some of the earliest and strongest protections on record, via the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA).
In all, 20 states currently have comprehensive privacy laws in place, with five others that have put narrower privacy protections in place, covering data brokers, internet service providers, and medical/biometric data.
States with Comprehensive Data Privacy Laws
| · California
· Virginia · Colorado · Connecticut · Utah · Iowa · Indiana · Tennessee · Texas |
· Florida
· Montana · Oregon · Delaware · New Hampshire · New Jersey · Kentucky · Nebraska · Rhode Island |
For specific laws in your state and how they can protect you, we suggest doing a search for “data privacy laws [your state]” for more info.
Even if your state has no or narrow data privacy laws in place, you still have several ways you can take back your privacy.
The first thing you can do is keep a lower profile online. That can limit the amount of personal info they can get their hands on:
The list of data brokers is long. Cleaning up your personal data online can quickly eat up your time, as it requires you to reach out to multiple data brokers and opt out.
Rather than removing yourself one-by-one from the host of data broker sites out there, you have a solution: our Personal Data Cleanup.
Personal Data Cleanup scans data broker and people search sites and shows you which ones are selling your personal info. It also provides guidance on how you can remove your data from those sites. And if you want to save time on manually removing that info, you have options. Our McAfee+ Advanced and Ultimate plans come with full-service Personal Data Cleanup, which sends requests to remove your data automatically.
If the thought of your personal info getting bought and sold in such a public way bothers you, our Personal Data Cleanup can put you back in charge of it.
The post Frankenstein Data: How Data Brokers Stitch Together—and Sell—Your Digital Self appeared first on McAfee Blog.
They’re not hiding in dark alleys—they’re hiding in plain sight. Airports, cafés, hotels, even libraries can harbor dangerous Vampire Wi-Fi networks.
These vampires pass themselves off as legitimate public Wi-Fi hotspots, using names that look innocent enough, such as “FREE_WIFI” and “AT&T_FREE_WIFI”. These can potentially be “evil twin networks,” they often mimic the name of the airport you’re in, or the place where you’re grabbing a quick coffee and some laptop time while you’re on the road. In fact, when you connect to a vampire or evil twin network, you’re connecting to a hacker.
These networks are relatively easy to set up. With just a few hundred dollars of gear, attackers can set up these digital bloodsuckers anywhere. The moment you log on, they begin feeding on your data, using tools called packet sniffers to capture and analyze every bit you send.
So say you’re on the road and log into one of these networks, a hacker on the network can see what you’re connecting to and what data you’re passing along. Your credit card number while you shop. Your password when you bank. That confidential contract you just sent to a client. And your email password when your app regularly checks for mail every few minutes or so.
What tools let hackers snoop? Network analyzers, or packet sniffers as many call them. A bad actor can gather up data with a packet sniffer, analyze it, and pluck out the sensitive bits of info that are of value. Before you know it, you’re a victim of identity theft.
Another common vampire Wi-Fi ploy is to set up a phony login screen that asks for a username and password, often for popular online services like Google and Apple. In this case, the hacker gets the keys to all the personal info, apps, files, and financial info connected to them.
Hackers typically take lengths to make these networks look legitimate, but they may give off signs:
Still, even with some of these flags, they can be tough to spot. And that’s a reason why our mobile security apps for iOS and Android analyze Wi-Fi networks before you connect to them—letting you know if a connection is Safe, Risky, or altogether Unsafe.
Your best bet when using any public Wi-Fi at all is to use a VPN.
A VPN is an app that you install on your device to help keep your data safe as you browse the internet. With your VPN on, your device makes a secure connection to a VPN server that routes internet traffic through an encrypted “tunnel.” This keeps your online activity private on any network, shielding it from prying eyes.
While you’re on a VPN, you can browse and bank with the confidence that your passwords, credentials, and financial info are secure. If a hacker attempts to intercept your web traffic, they’ll only see garbled content, thanks to your VPN’s encryption functionality.
With that, choosing a secure and trustworthy VPN provider is a must. A VPN like ours has both your security and privacy in mind. In a VPN, look for:
Not every VPN offers these features. Selecting one that does gives you the protection you want paired with the privacy you want. You’ll find them all in our VPN, which is also included as part of our McAfee+ plans.
Several other straightforward steps can keep you safer from vampire and evil twin Wi-Fi—and safer while using public Wi-Fi in general:
Vampire Wi-Fi networks aren’t going anywhere. Hackers will keep setting up these traps because they work. People see “free Wi-Fi” and click without thinking twice. But now you know better. You’ve got the tools to spot the red flags, the habits to stay protected, and most importantly, you understand why a quality VPN isn’t optional anymore—it’s essential.
McAfee+ gives you everything we’ve talked about: bank-level encryption, zero-logging policies, independent security audits, and that smart auto-connect feature that kicks in when you need it most. Plus, unlimited data across all your devices, because who has time to ration their security?
Your personal information is worth protecting. Your financial data, your work files, your private conversations, they’re all valuable to the wrong people. Don’t hand them over just because someone dangled “free Wi-Fi” in front of you.
Ready to stop gambling with your data? Get comprehensive protection with McAfee+ and never worry about vampire networks again.
The post Vampire Wifi: How Public Wi-Fi Traps Travelers in Cyber Attacks appeared first on McAfee Blog.
Remember that website where you bought a T-shirt in 2013? No?
Hackers do. And it’s one way they can steal your personal info.
Consider this website, and other forgotten sites like it, an example of a “Ghost Account,” a place where one of your long-unused logins lives on and puts your identity at risk.
Ghosts aside, old accounts like these are very real.
Think of all the times you’ve created a one-off account to make a single purchase, take an online quiz, or get more information about an event or a sale. For all the accounts you remember, there are plenty more you’ve probably completely forgotten about.
Even as estimates vary, it’s likely the average person has somewhere between 100 to 200 online accounts, where varying degrees of their personal and financial info are stored.
And all those accounts add up to plenty of exposure. Those companies still have your address, payment information, and other personal details in their system.
In a time where data breaches of varying sizes hack 3.5 million accounts on average each day, the odds of an old account of yours getting compromised are higher than you may realize. The more places your info resides, the more exposure to risk you have, namely data breaches, which can quickly lead to identity theft and fraud.
Compounding the problem is human nature. People tend to reuse passwords, or use highly similar passwords, all in an effort to maintain some degree of sanity across all the accounts they’re juggling. Hackers love that too. With one password in hand, they potentially get the keys to several other accounts, also with varying levels of personal and financial info, which (again) can lead to identity theft and fraud.
Our Online Account Cleanup can do the work for you, which you can find in all our McAfee+ plans.
It finds and deletes old accounts to reduce your risk of data exposure. In our McAfee+ Ultimate plans, you get full-service Online Account Cleanup, which sends the data deletion requests for you.
With each scan, you get an all-up view of accounts in your name. From there, it shows which are riskiest to keep, along with a look at what personal info is typically included in those accounts, which helps you decide what you’d like to keep and what you’d like to delete. Again, with McAfee+ Ultimate, you can request to delete accounts with a single click.
And because you add accounts and passwords from time to time, Online Account Cleanup gives you a monthly report. That way, you can keep tabs on your ever-evolving list of accounts and delete any you don’t want over time.
Yes, with all those accounts come passwords. While you’re cleaning up your old accounts, you can better protect the ones you keep with our Password Manager. It’s a simple and highly secure way you can create strong, unique passwords for each and every one of your accounts. That offers you yet one more line of defense against data breaches, because hackers know so many people reuse their passwords.
Lastly, it’s convenient. You only need to remember one password. Our password manager securely stores all your passwords, where one primary password grants access to them all.
Whether it’s for an old online gaming account, a streaming service you never use anymore, or a login for a doctor’s office you don’t visit anymore, delete it. The less personal and financial info you have sitting in a database somewhere is less info a hacker can steal and use to commit identity theft or fraud.
We all have our “ghosts” floating around online, and today you have an easy way to get rid of them for good.
The post Ghost Accounts: How Old, Forgotten Logins Put You at Risk for Identity Theft appeared first on McAfee Blog.
Cybercriminals are turning to TikTok to spread new scams that promise “free upgrades” or access to premium versions of popular apps.
According to Bleeping Computer, scammers are posting videos that look like tech tutorials, offering so-called activation hacks for software like Windows, Adobe Premiere, or Photoshop, and even fake “premium” services for Netflix and Spotify.
But instead of unlocking anything, these videos trick people into running hidden malware on their devices. Once that happens, attackers can steal passwords, cryptocurrency wallet details, or access to social media and bank accounts.
These “ClickFix” scams, as researchers call them, are spreading quickly because they rely on trust and curiosity. The videos look legitimate. Many use the same tone and layout as real how-to tech content, but behind the scenes, they’re designed to take control of your device and your data.
The scam works because it blends the look and feel of ordinary TikTok tutorials with social proof, think comments, hashtags, and even fake success stories, that make it seem credible.
Security researchers say the same technique has been spotted in similar scams spreading via fake CAPTCHA pages and cracked game downloads. The goal is always the same: convince users to “verify,” “activate,” or “fix” something, when in reality, they’re opening the door to attackers.
McAfee Labs has been tracking a related wave of attacks using fake CAPTCHA pages and cracked download sites to deliver info-stealing malware. In both campaigns, scammers prey on everyday habits such as downloading software, clicking “I’m not a robot,” or following quick tech fixes that seem safe.
Our researchers found that these scams spread through multiple channels, including phishing emails and fake support sites, all designed to look familiar. The end result is the same: stolen credentials, compromised devices, and exposed personal information.
These patterns mirror the rise of TikTok-based scams reported by Bleeping Computer. The methods may evolve, but the psychology is the same: social engineering that turns trust into a weapon.
Scammers are getting smarter about how they reach people. They’re blending into everyday content like short-form videos, social challenges, and viral tips. Then they’re using those moments of distraction to plant malware.
Tools like McAfee’s built-in Scam Detector, included in all core plans, are designed to spot this new kind of threat early. It automatically detects scams across text, email, and video, blocks dangerous links, and even identifies AI-manipulated content like deepfakes, helping stop harm before it happens.
As scammers adapt, your best defense is awareness and technology that adapts just as fast.
The post This New “Verification” Trick Fools You Into Installing Malware appeared first on McAfee Blog.
Amazon Web Services (AWS), one of the world’s largest cloud providers, recently experienced a major outage that disrupted popular websites and apps across the globe—including Snapchat, Reddit, Fortnite, Ring, and Coinbase, according to reports from CNN and CNBC.
The disruption began out of Northern Virginia, where many of the internet’s most-used applications are hosted.
AWS said the problem originated within its EC2 internal network, impacting more than 70 of its own services, and was tied to DNS issues, the system that tells browsers how to find the right servers online.
A few hours after the initial reports of outages, AWS said the problem had been “fully mitigated,” though it took several more hours for all users to see their systems stabilized, according to CNBC.
There is no indication the outage was caused by a cyberattack, and Amazon continues to investigate the root cause.
When Amazon Web Services falters, the ripple effects reach far beyond businesses. Millions of consumers suddenly lose access to everyday apps and tools, including everything from banking and airline systems to gaming platforms and smart home devices.
“In the past, companies ran their own servers—if one failed, only that company’s customers felt it,” said Steve Grobman, McAfee’s Chief Technology Officer. “Today, much of the internet runs on shared backends like Amazon Web Services or Google Cloud. That interconnectedness makes the web faster and more efficient, but it also means one glitch can impact dozens of services at once.”
Grobman noted the issue was related to a capability called DNS within AWS, he described DNS as providing the directions on how systems find each other and even if those systems are operational, it can be detrimental.. It’s analogous to “tearing up a map or turning off your GPS before driving to the store.” The store might still be open and stocked, he explained, but if you can’t find your way there, it doesn’t matter.
“Even with rigorous safeguards in place, events like this remind us just how complex and intertwined our digital world has become,” Grobman added. “It highlights why resilience and layered protection matter more than ever.”
Events like this sow uncertainty for consumers. When apps fail to load, people may wonder: Is my account hacked? Is my data at risk? Is it just me?
Cybercriminals exploit that confusion. After past outages, McAfee researchers have seen phishing campaigns, fake refund emails, and malicious links promising “fixes” or “status updates” appear within hours.
Scammers often mimic legitimate service alerts—complete with logos and urgent wording—to trick users into entering passwords or payment information. Others push fake customer-support numbers or send direct messages claiming to “restore access.”
Here’s how to stay secure when the :
Using advanced artificial intelligence, McAfee’s Scam Detector automatically detects scams across text, email, and video, blocks dangerous links, and identifies deepfakes, stopping harm before it happens.
McAfee’s identity protection tools also monitor for signs that your personal information may have been exposed and guide you through steps to recover quickly.
Sign in to your McAfee account to scan for recent breaches linked to your email. You can also sign up for a free trial of McAfee antivirus to protect your devices.
The post AWS Outage Disrupts Major Apps Like Reddit and Snapchat—What Happened and How to Stay Safe appeared first on McAfee Blog.
Cybercriminals tricked employees at major global companies into handing over Salesforce access and used that access to steal millions of customer records.
Here’s the McAfee breakdown on what happened, what information was leaked, and what you need to know to keep your data and identity safe:
Hackers claim they’ve stolen customer data from multiple major companies, including household names like Adidas, Cisco, Disney, Google, IKEA, Pandora, Toyota, and Vietnam Airlines. Security Week has reported throughout 2025 on a wave of social-engineering attacks exploiting human – rather than platform – vulnerabilities.
According to The Wall Street Journal, the hacking group has already released millions of Qantas Airlines customer records and is threatening to expose information from other companies next.
The data reportedly includes names, email addresses, phone numbers, dates of birth, and loyalty program details. While it doesn’t appear that financial data was included, this kind of personal information can still be exploited in phishing and scam campaigns.
Salesforce has issued multiple advisories stressing that these attacks stem from credential theft and malicious connected apps – not from a breach of its infrastructure.
Unfortunately, incidents like this aren’t rare, and they’re not limited to any one platform or industry. Even the most sophisticated companies can fall victim when hackers rely on social engineering and manipulation to breach secure systems.
Hackers reportedly called various companies’ employees pretending to be IT support staff—a tactic known as “vishing”—and convinced them to share login credentials or connect fake third-party tools, essentially handing the criminals the keys to their accounts. Once inside, they accessed customer databases and stole the information stored there.
Think of it less like a burglar breaking a lock, and more like someone being tricked into opening the door.
So far, leaked data appears to include:
There’s no indication of credit card or banking data in the confirmed leaks, but that doesn’t mean you’re in the clear.
Even if your financial information isn’t exposed in a data breach, personal details like name and address can still be used for targeted scams and phishing. When that information is stolen and sold online, scammers use it to:
Even if your data isn’t part of this specific leak, these attacks highlight how often your information moves through third-party systems you don’t control.
1) Change your passwords—today.
Use strong, unique passwords for every account. McAfee’s password manager can help. Try our random password generator here.
2) Turn on two-factor authentication (2FA).
Even if a hacker has your password, they can’t get in without your code.
3) Monitor your financial and loyalty accounts.
Watch for strange charges, redemptions, or password reset emails you didn’t request.
4) Freeze your credit.
It’s free and prevents new accounts from being opened in your name. You can unfreeze it anytime. McAfee users can employ a “security freeze” for extra protection.
5) Be extra cautious with “breach” emails or calls.
Scammers often pretend to be from affected companies to “help you secure your account.” Don’t click links or give information over the phone. Go directly to the company’s website or app or your own IT team if a breach happens at your workplace.
6) Consider identity protection.
McAfee’s built-in identity monitoring can monitor your personal info across the dark web, send alerts if your data appears in a breach, and include up to $1 million in coverage for identity recovery expenses.
Your data could already be out there, but you don’t have to leave it there.
McAfee helps you take back control. Using advanced artificial intelligence, McAfee’s Scam Detector automatically detects scams across text, email, and video, blocks dangerous links, and identifies deepfakes, stopping harm before it happens.
And McAfee’s Personal Data Cleanup can help you check which data brokers have your private details and request to have it removed on your behalf.
Stay ahead of scammers. Check your exposure, clean up your data, and protect your identity, all with McAfee.
Learn more about McAfee and McAfee Scam Detector.
What to do if you’re caught up in a data breach
How to delete yourself from the internet
How to spot phishing emails and scams
The post Hackers Trick Staff Into Exposing Major Companies’ Salesforce Data–Find Out if You’re Safe appeared first on McAfee Blog.
We’re proud to share that McAfee has won “Best Use of AI in Cybersecurity” at The 2025 A.I. Awards for our groundbreaking work on McAfee’s Scam Detector, which automatically identifies risky texts and emails, and also includes the world’s first automated deepfake detection.
Online scams have reached an all-time high, with 1 in 3 Americans reporting they’ve fallen victim, losing an average of $1,500 each. From fake job offers and text messages to AI-generated deepfakes, these threats are evolving faster than ever.
That’s where McAfee’s Scam Detector comes in. Using advanced artificial intelligence, it automatically detects scams across text, email, and video, blocks dangerous links, and identifies deepfakes, stopping harm before it happens.
Scam Detector is also included with every core McAfee plan, and is available on PC, mobile, and web. In just its first few months, Scam Detector crossed the million-user milestone, underscoring the urgent need for smarter, faster protection in the AI-powered world.
As one of the judges, Rakesh Datta, noted:
“McAfee’s Scam Detector is leading the fight against digital deception, harnessing advanced AI to identify scams, deepfakes, and fraud in real time. By combining exceptional accuracy with proactive protection, it restores confidence and redefines trust in the modern digital era. The A.I. Awards is proud to recognize McAfee’s innovation in safeguarding users worldwide.”
This recognition highlights McAfee’s commitment to building responsible, consumer-first AI that empowers people to live safer, more confident lives on and offline.
We’re honored to be recognized alongside other global innovators, and we’re even more motivated to keep pushing forward, creating technology that helps people stay one step ahead of online threats.
Check out all The 2025 A.I. Awards winners and learn more about McAfee Scam Detector.
The post McAfee Wins “Best Use of AI in Cybersecurity” for Scam Detector appeared first on McAfee Blog.
McAfee Total Protection has once again been named a TOP PRODUCT by the independent test lab AV-TEST, earning perfect scores in all three categories for the July–August 2025 test cycle.
This marks the 31st consecutive TOP PRODUCT certification for McAfee since June 2020, proof that our consumer protection consistently meets the highest independent standards.
While many security tools can slow your computer or trigger false alarms, McAfee keeps impact minimal and alerts meaningful, giving you reliable protection without getting in your way.
What the Scores Mean for You
Together, these results mean you’re getting lab-verified security that beats industry averages and stays ahead of major competitors, without sacrificing speed or ease of use.
You can read the full AV-TEST report here.
The post McAfee Again Certified as “TOP PRODUCT” by AV-TEST appeared first on McAfee Blog.
Was that spinning head a mistake—or the whole point?
When McAfee dropped a new digital ad showing a woman lounging on a beach, only to have her head rotate a full 360 degrees, the internet lit up. Some viewers thought it was a post-production error. Others assumed it was a weird deepfake gone wrong. And while a few sharp-eyed commentators caught the joke right away, most were left wondering: was this brilliant marketing or a complete fail?
Spoiler: it was on purpose.
You may have seen the ad—the calm beach scene, the casual vibe, and then, the fully rotating head. Reactions ranged from confused to amused, with a handful of keen observers nodding in understanding.
We didn’t mess up.
With the help of our creative agency VSA, we developed a series of digital ads using generative AI to blur the line between real and surreal. The goal? To make a bigger point: AI is now capable of mimicking reality in subtle, clever ways that are increasingly hard to detect. That’s exactly why tools like McAfee’s Scam Detector matter more than ever.
“While the ads are clearly AI, the implication is that AI isn’t always so easy to spot,” said Anne-Marie Rosser, CEO of VSA. “It’s funny, and it creates empathy for the user since we’re all susceptible.”
And don’t worry—we didn’t hand everything over to the machines. McAfee and VSA’s full creative and design teams were instrumental in shaping every detail, from concept to execution. The AI was a tool. The vision came from real people.
These creative choices reflect our philosophy at McAfee: take cybersecurity seriously, but don’t always take yourself too seriously. Humor has the power to break through fear and shame—and ultimately, help people protect themselves better.
Alongside these eye-catching ads, we’re launching Scam Stories, a social campaign built around real voices. From concert ticket scams to spoofed customer service texts, people across the country are sharing their experiences using #KeepItReal and #MyScamStory—and we’re listening.
Some of those individuals, like actor Chris Carmack (of Grey’s Anatomy and The O.C.), have joined our campaign to share their own moments of being duped. Others, like cyber student Henry or life coach Cory, are helping us educate others by turning personal pain into public empowerment.
This campaign isn’t just about awareness—it’s about action. That’s why we’ve partnered with FightCybercrime.org, a nonprofit that helps people recognize, report, and recover from scams. We’re donating $50,000 worth of McAfee protection to people in FightCybercrime programs and to the volunteers who support them.
We’re also teaming up to expand education efforts through our Online Safety for Kids initiative—because building a safer internet starts early.
Scammers rely on silence, shame, and speed. But when we slow down, speak up, and share our stories, we take away their power.
The Keep It Real campaign is more than just a product launch. It’s a movement to stop the stigma around scams, help people protect their peace of mind, and remind you: if it can happen to Chris Carmack, it can happen to anyone.
So what’s your scam story? We’re listening.
The post Keep It Real: How McAfee Is Using AI to Fight AI—and End Scam Stigma appeared first on McAfee Blog.
When Grey’s Anatomy actor Chris Carmack and musician Erin Slaver tried to order custom patio cushions from what seemed like a trustworthy small business, they thought they were making a simple home upgrade.
But after clicking and paying through a special link, the cushions never arrived. Delays turned into excuses, messages went unanswered, and the seller’s account eventually disappeared—along with their money.
It was a scam. And like so many others, they were left frustrated, embarrassed, and unsure of what to do next.
Now, Chris and Erin are sharing their story—not just to warn others, but to help launch Scam Stories, a McAfee-led movement to end the stigma around being scammed, remind people that it can happen to anyone, and help keep everyone safer online.
Scammers win when we stay silent. At McAfee, we believe speaking out about your experience is a brave way to support your community and help others stay safe from scams.
Built-in partnership with FightCybercrime.org, the Scam Stories movement invites people to share their scam experiences, end the stigma around being scammed, and build a more informed, supportive community.
And Chris and Erin aren’t the only ones speaking up. Our campaign features stories from everyday people who’ve been scammed—and are now helping others by sharing what happened.
These scams happened fast—and could happen to anyone. Each one involved tactics that McAfee Scam Detector is designed to catch:
These stories are powerful reminders that scam prevention starts with awareness. And when people share what happened, it helps others recognize red flags and feel less alone.
FightCybercrime.org is a nonprofit dedicated to helping people recognize, report, and recover from cybercrime. Their tools, educational materials, and survivor support network make them an ideal partner in our mission.
Together with FightCybercrime.org, we’ll be expanding online safety education —and helping more people recover from scams with real support.
As part of our collaboration, McAfee is donating $50,000 worth of protection products to individuals going through FightCybercrime.org’s recovery programs and to the staff and volunteers who support them every day.
At McAfee, we believe that scam protection isn’t just about tools—it’s about empowering people with knowledge and support. And that starts by ending the stigma.
Scam Stories is here to change the narrative—from shame to strength. With help from public figures like Chris and Erin, and brave individuals across the country, we’re turning painful moments into teachable ones—and helping everyone stay safer online.
McAfee is collecting scam stories and encouraging people to share their experiences on social media using #MyScamStory and #KeepItReal.
Learn more and join the movement at www.mcafee.com/en-us/scam-stories.
No one should feel alone or ashamed after being scammed. And the more we talk about scams, the harder it is for scammers to succeed.
Scam Stories is here to change the narrative—from shame to strength.
The post Introducing Scam Stories: A McAfee Campaign to End Scam Stigma appeared first on McAfee Blog.
Cory considers himself pretty cautious. But like millions of people juggling packed schedules, one click on a hectic day proved costly.
The message looked legit. It said it was from his phone provider. It claimed someone was trying to access his account and urged him to verify via a link. He tapped. And just like that, his phone went dark.
“I was in the middle of a busy day and clicked without thinking. My phone stopped working almost immediately.”
What Cory didn’t know was that the message wasn’t from his real cell company—it was from a scammer. The link gave them everything they needed to hijack his phone number.
In minutes, someone walked into a brick-and-mortar phone store, bought a new device, and ported Cory’s number to it. That gave them access to two-factor authentication codes, texts, and more.
“Suddenly I couldn’t call, text, or access anything that used my phone number. It was terrifying.”
As a life coach, Cory communicates with clients constantly—often by text. The idea that someone could impersonate him wasn’t just inconvenient. It was threatening.
“I’m a life coach—I talk to clients all day. The thought that someone could impersonate me or access those conversations was awful.”
He had to print out directions just to get to a Verizon store and spent nearly six hours recovering his phone number. Though he reset passwords in time to avoid deeper harm, billing issues lingered for months.
“It was one click. That’s all it took. I’ll never forget how fast it happened.”
SIM swap scams—like the one Cory experienced—are rising. The scary part? They often start with a single click. That’s where McAfee’s Scam Detector can make all the difference.
If Cory had access to McAfee’s Scam Detector, here’s how it could have helped:
Cory’s story is a powerful reminder: even careful people can get caught. The right protection gives you time to pause—and tools to act.
To stay ahead of similar scams, here are four critical tips:
1. Never click links in texts from unknown numbers.
Even if it looks like it’s from your phone carrier. Always verify through official apps or websites.
2. Turn on multi-factor authentication using an app—not just SMS.
Scammers target phone numbers for a reason. Authenticator apps like Google Authenticator or Duo offer stronger security.
3. Use McAfee’s Scam Detector for real-time protection.
Whether it’s a text, email, or link, McAfee can spot scam language and risky behavior before you’re compromised.
4. Report suspicious texts and lock down your account.
Call your carrier immediately if your service cuts off suddenly or you see suspicious account changes.
Cory’s quick click could have ended much worse. But what matters most is what happened after. He acted fast. He reset passwords. And now, he speaks out to help others recognize the signs.
“Slow down. Trust your gut. It’s okay to pause and double-check—even when you’re in a hurry.”
Scammers count on your rush. Slowing down—and having the right tools—can make all the difference.
If you’ve experienced a scam, your story can help others avoid the same fate. You’re not alone.
Visit our Scam Stories hub to read more scam stories or share your own.
The post Cory’s Scam Story: A Fake Text Nearly Took His Identity appeared first on McAfee Blog.
Brittany C., a dedicated teacher, had been planning a special night for months. After saving up steadily, she landed four prized tickets to Taylor Swift’s Eras Tour for her and her closest friends.
But days before the show, she logged into her account—and the tickets were gone.
“I’d been saving for months. I was so excited—and then I logged in and the tickets were just… gone. It felt like someone reached through the screen and took that night away from me.”
Like many of us, Brittany had received plenty of “your data was part of a breach” emails over the years. But she never expected what happened next.
A few days before the tickets disappeared, she had clicked on what she now realizes was a suspicious link. “I clicked one weird link. Nothing happened at the time, so I didn’t think twice,” she said. But that link was the scammer’s way in.
Using her reused password and without two-factor authentication on her account, the attacker was able to log in and transfer the tickets out—all without Brittany’s knowledge.
The emotional toll hit fast. “The stress was overwhelming,” she says. “Friends had made travel plans, taken time off. I felt like I’d let everyone down.”
After a long back and forth with the online ticket sales platform, Brittany managed to recover the tickets. But the damage was done. The experience reshaped how she thinks about online safety.
“You can be careful and still get caught. I’m only human—and that’s exactly what scammers count on.”
Brittany’s experience is a textbook example of how a small slip can spiral into a high-stakes scam. McAfee’s Scam Detector is designed to catch those mistakes before they snowball.
If she had McAfee’s Scam Detector, here’s how it could have helped:
With Scam Detector watching her back, Brittany could have known that the link was dangerous before clicking—and avoided the gut-wrenching scramble to reclaim her tickets.
Here are four essential tips to help protect your digital accounts and event tickets:
1. Never reuse passwords.
Use a password manager to create strong, unique passwords for each account—especially ticketing and banking platforms.
2. Always turn on two-factor authentication.
It’s one of the easiest ways to block unauthorized logins—even if someone has your password.
3. Think before you click.
If a message or link seems off, don’t open it. Use McAfee’s Quick Check to scan suspicious links before interacting.
4. Use scam detection software for extra protection.
Tools like McAfee’s Scam Detector offer real-time alerts and background scanning to help prevent phishing, credential theft, and social engineering attacks.
Scams can happen to anyone—even people who do everything right. Brittany’s story is a reminder that vigilance matters, but so does visibility.
By telling your story, you’re helping others spot the signs of scams and take steps to protect themselves.
At McAfee, we believe there’s no shame in being scammed—only power in sharing.
Visit our scam stories hub to read more real scam stories or share your own to help end scam stigma.
The post Brittany’s Scam Story: Eras Tour Chaos appeared first on McAfee Blog.
Henry A. had been trying for weeks to score a ticket to see Tyler, the Creator in Dallas. Even without a confirmed seat, he headed to the venue hoping for a miracle. And that’s when the message came in—someone nearby claimed to have extra tickets.
The seller said he was just outside too. The price? Reasonable enough. The tone? Casual and confident. All Henry had to do was send half the money to hold the tickets.
Minutes later, he sent the full $280.
“I was already in line—excited, hopeful, and just trying to get in. That made me an easy target.”
At first, the offer felt legitimate. The seller even said his girlfriend was wary of strangers, which seemed believable. But after Henry sent the full amount, the conversation took a turn.
“He said his girlfriend didn’t trust me, then suddenly wanted full payment. Then it was someone else offering more. That’s when I knew.”
The seller began stalling. Then came a screenshot—another buyer offering a higher price. He pressured Henry to pay more. When Henry refused, the seller blocked him.
Just like that, the tickets were gone. So was the money. And Henry and his friend never made it into the show.
“I sent $280 and got blocked. We never made it inside.”
It wasn’t just the lost money—it was the emotional rollercoaster. The disappointment. The feeling of being tricked right at the door.
Scams like Henry’s are becoming more common—especially around live events. That’s why McAfee’s Scam Detector is built to flag shady behavior before it costs you.
If Henry had been using McAfee’s Scam Detector, here’s how it could’ve helped:
“If I’d had something flagging the account or even the language in the messages, it might’ve stopped me in time.”
Want to protect yourself from last-minute ticket scams? Follow these smart tips:
1. Don’t pay up front without protection.
Always use secure payment methods that offer fraud protection—never cash apps or peer-to-peer services for strangers.
2. Use scam detection tools before sending money.
Paste messages or links into McAfee’s Quick Check to analyze them for red flags.
3. Watch for changing terms or pressure tactics.
If someone shifts the deal mid-conversation, it’s a red flag. Real sellers don’t change the price last minute or ask for more money after payment.
4. Trust your instincts—and the tech.
Scammers rely on urgency and excitement. Having McAfee Scam Detector on your phone adds a digital gut check when your real one is clouded.
Henry is already spreading the word on social media, warning other fans about concert scams. Now we’re helping amplify his voice—because awareness is one of the most powerful forms of protection.
“I’m already trying to warn others on social media. Concert scams are real—and they’re getting more common.”
Have a scam story of your own? Don’t keep it to yourself. By sharing what happened, you can help someone else avoid the same fate.
Visit our scam stories hub to read more or share your experience. Together, we can end scam stigma and stop scammers in their tracks.
The post Henry’s Scam Story: The Social Media Con appeared first on McAfee Blog.
Bradley K. was a brand-new dad, sleep-deprived and juggling life with a newborn, when he received a phone call that would change everything. The caller claimed to be from the IRS and said Bradley owed back taxes. If he didn’t pay immediately, they warned, he could be arrested.
Unfortunately, it was a tax scam—and one that cost him $800 and left him shaken for months.
Like many Americans, Bradley had just filed his taxes. When the call came through, it seemed believable. The caller knew personal information, spoke with a local accent, and used aggressive tactics to demand fast action.
“I had just filed my taxes, so when they told me there was a problem, it didn’t seem completely far-fetched.”
Under pressure and running on little sleep, Bradley didn’t stop to verify. He didn’t call his dad—who also happened to be his accountant. Instead, he sent $800 and unknowingly gave scammers access to his bank account.
“I was running on barely any sleep with a newborn, and I wasn’t thinking as clearly as I normally would have.”
It wasn’t until days later that a friend told him the truth: the IRS never calls demanding immediate payment. By then, it was too late. The money was gone, and Bradley was left feeling embarrassed and anxious.
“Even now, almost a year later, I’m constantly on edge, making sure nothing else has been stolen.”
Bradley’s experience is exactly why we created McAfee’s Scam Detector—a smart, AI-powered tool that identifies scams across email, text, and even video.
If Bradley had received a scam follow-up message or email while using McAfee’s Scam Detector, the tool could have flagged it automatically—before he ever opened it. He could have also used the Quick Check feature to paste in the message or phone transcript and receive an instant scam analysis.
Key features that could have protected Bradley:
Best of all? McAfee’s Scam Detector is included at no extra cost with McAfee core plans.
Here’s how to avoid tax scams like the one that targeted Bradley:
1) Know the IRS will never call you to demand payment.
If someone says you owe money and threatens arrest, it’s a scam. The IRS contacts people by mail first.
2) Use McAfee’s Scam Detector for real-time protection.
Scan any suspicious email, text, or message using Quick Check before clicking or responding.
3) Always take a pause before acting.
Scammers rely on urgency. Take a breath, verify the claim independently, and talk to someone you trust.
4) Keep scam protection up to date.
Enable scam alerts across your devices to stay one step ahead. McAfee Scam Detector works across smartphones, laptops, and tablets.
Bradley’s story is just one of thousands. But too often, people stay silent out of shame or embarrassment. That silence helps scammers win.
At McAfee, we believe in highlighting real scam stories—not to scare people but to empower them. These aren’t victims. They’re survivors.
Have a story of your own? You’re not alone—and your experience could help someone else.
Visit our Scam Stories Hub to share your story and help stop scams in their tracks.
The post Bradley’s Scam Story: New Dad vs Fake IRS Call appeared first on McAfee Blog.
It usually starts with something small.
You’re scrolling TikTok or Instagram, half-paying attention, when a Black Friday ad pops up. It looks like the brand you love—same logo, same photos, same “limited-time deal” language you’ve seen in real promos. The link takes you to a site that looks identical to the real one. The checkout page works. The confirmation email looks legit.
Then the payment clears, and the merchant name on your bank statement doesn’t match the store at all.
That moment, wait, what did I just buy from?, is becoming the defining holiday-shopping scam of 2025.
This year, fake ads and cloned storefronts aren’t sketchy one-offs or typo-filled red flags. They’re polished. They’re identical. And increasingly, they’re powered by AI.
McAfee’s 2025 holiday research found that nearly half of Americans (46%) have already encountered AI-altered or AI-generated scams while shopping. And with 96% of people planning to shop online, many doing so daily, scammers know this is peak opportunity.
Here’s how fraudsters are blending into the busiest shopping season of the year, what the data shows, and how to stay one step ahead.
A perfect storm is happening:
People are shopping more often.
Nearly half of U.S. adults expect to shop online daily or multiple times per day during the holidays.
People are rushed.
From early Black Friday “price drop” alerts to Cyber Monday countdowns, shoppers don’t slow down to verify what they’re seeing.
AI makes scam content nearly flawless.
McAfee found technology email scams surging ~85%, retail email scams rising ~50%, and fraudulent URLs climbing across the board—from counterfeit Apple support pages to fake Costco refund portals.
Holiday deals are already rolling out—and so are the scams.
McAfee’s 2025 holiday research shows major spikes in email scams (~50% increase), technology scams (~85% increase), and fake storefronts that mimic trusted retailers. AI tools are making these scams faster, more realistic, and harder to spot.
It’s not that shoppers suddenly got careless.
It’s that scammers suddenly got good.
This is the big one, and it’s getting cleaner every year.
Scammers lift entire storefronts:
The only giveaway? A URL that’s juuust slightly off—“target-sale.com” instead of “target.com,” or a link ending in “.shop” or “.store” rather than a brand’s normal domain.
Once you enter your payment info, it goes directly into a database that criminals resell or use to make purchases.
How to spot and avoid this scam: Skip the ad. Type the retailer’s name into your browser yourself. If it’s a real deal, you’ll find it on their actual site.
Short-form videos are now a prime scam vehicle.
Scammers steal influencer footage, use AI voice clones, or generate deepfake “promo” videos with celebrities offering huge holiday discounts. When someone clicks the link, it leads straight to a counterfeit store.
How to spot and avoid this scam: Check the creator’s account history. Real brands don’t drop one-off promo videos from accounts you’ve never seen before. Same as our initial advice, skip the ad entirely and go directly to the official brand website rather than clicking any links.
The classic delivery scam is back, with McAfee researchers finding dozens of examples of fake messages attempting to scam holiday shoppers.
You’ll receive a text saying a package can’t be delivered or that a small fee is needed to confirm your address.
McAfee found that 43% of people have encountered fake delivery notifications, and many victims say they entered credit card information thinking they were resolving a legitimate issue.
How to spot and avoid this scam: UPS, USPS, and FedEx will never send a clickable payment link in a text. If you’re wondering about a specific delivery, go directly to the site you ordered it from, or your original receipt in your email to find your tracking information.
These hit during the weeks leading up to the holidays.
Messages claim:
How to spot and avoid this scam:
No legitimate company will ever resolve account issues through gift cards or text-confirmation codes.
Not long ago, scam emails had broken English and pixelated logos.
Now scammers use generative AI to:
And people are noticing.
57% of shoppers say they’re more concerned about AI scams this year than last.
Yet 38% believe they can spot scams—even though 22% have fallen for one.
Confidence ≠ protection.
If something feels off—a message, a link, a charge on your bank statement—don’t panic. Most holiday scams rely on speed and confusion. Slowing down and taking a few simple steps can keep a bad situation from turning into real damage.
Close the tab, delete the message, and don’t click anything else.
Scammers often stack multiple pop-ups or redirects to pressure you into acting fast.
If you started typing in a password or card number but didn’t hit “submit,” back out.
If you did enter details, move to the next steps right away.
Use a strong, unique password—especially for accounts tied to:
A reused password is how one compromised login unlocks everything else. McAfee offers a password manager to help you make and store strong, unique passwords.
Fraud usually starts small: $1–$5 “test” charges, odd merchant names, or tiny withdrawals.
If you see anything suspicious, contact your bank and request:
Some fake sites drop malware or spyware quietly in the background.
A quick scan can detect:
McAfee offers a free antivirus trial that you can use to scan your device and check for compromises.
Reporting helps stop other shoppers from being targeted.
You can report scams to:
McAfee can automatically detect whether the link, message, or site you interacted with is malicious—and alert you if your information may have been exposed.
Tools like:
can help contain an issue before it turns into identity theft.
There’s always someone on your holiday list who doesn’t want more stuff, they want something useful. The friend who loves a clean inbox. The sibling who’s constantly traveling. The parent who keeps forwarding you suspicious texts asking, “Is this real?”
For them, security might actually be the most thoughtful gift you can give this year.
Online safety tools aren’t flashy, but they are the thing people reach for the moment they click the wrong link, lose a password, or get a sketchy delivery text. And with scams more believable than ever, digital protection has quietly become a new “practical essential,” like a good VPN or a reliable password manager.
Gifting McAfee means giving someone:
Scam protection that works quietly in the background
Scam Detector flags dangerous messages, deepfake-style content, and fake shopping sites before they ever interact with them.
Identity & financial monitoring
A huge help for anyone who’s been burned by fraud in the past — or is tired of checking bank statements manually.
Password security that doesn’t require them to remember anything
Perfect for the person who uses the same password everywhere (and you know exactly who I mean).
Device protection for laptops, phones, and tablets
Which is especially relevant for people shopping, traveling, or working remotely through the holiday season.
It’s practical. It’s protective. And unlike most presents, it’s something they’ll use all year.
The post How To Protect Yourself from Black Friday and Cyber Monday AI Scams appeared first on McAfee Blog.
FreshRSS 