Normal view

The New Grad’s Guide to Job and Recruitment Scams

12 May 2026 at 12:10
blogging on social media

Graduation season should be about launching your career, not dodging scams.

But for many new grads, the job search now comes with a hidden risk: fake recruiters, fraudulent job offers, and convincing messages designed to steal money, personal information, or both.

The threat is larger than many people realize. According to McAfee’s 2026 State of the Scamiverse report, 76% of Americans have encountered a scam, and the average person receives 14 scam messages every day through text, email, and social media. Americans now spend an estimated 114 hours each year trying to figure out what is real online and what is not.

Young adults are among the most heavily targeted groups. Nearly 3 in 10 people ages 18 to 24 (28%) report receiving conversational scams that begin with casual outreach such as “Hey, how are you?” or a “wrong number” text. Those same tactics increasingly appear in fake recruiter messages, LinkedIn outreach, and texts promoting remote job opportunities.

Today’s job scams can look highly professional. Scammers build polished LinkedIn profiles, clone legitimate company websites, and even use AI-generated interviews to appear credible. Many scams unfold quickly, with nearly half completed in less than an hour, creating pressure to act before candidates have time to verify what is real.

That’s where tools like McAfee’s Scam Detector come in—flagging suspicious emails, texts, links, and messages before you engage, so you can tell what’s real before you click. 

Here’s how to avoid job scams and stay safe with McAfee: 

How Job Scams Actually Work

Step

What Happens

Red Flags

What Scammers Want

1. The Outreach

You’re contacted via email, text, or social media about a job

Unsolicited offer, vague role, overly enthusiastic recruiter

Your attention

2. The Build-Up

They walk you through interviews or onboarding steps

No video calls, inconsistent details, fast timeline

Your trust

3. The Ask

They request personal info or payment

SSN requests, bank info, “training fees”

Identity + money

4. The Trap

They escalate the situation or disappear

More payment requests or sudden silence

Continued financial gain

A Real Example: How People Get Pulled In

Even experienced professionals fall for these scams.

In one case, a tech expert with decades of experience lost $13,000 after accepting what looked like a legitimate part-time role reviewing products.

The opportunity seemed real:

  • A polished website
  • Structured onboarding
  • A small initial payout

Then came the shift. He was told he needed to deposit money to continue working and kept paying more to “unlock” earnings that never came.

This type of advance fee scam is increasingly common in job fraud, and it works because it builds trust first.

What the Data Says

Recent graduates are entering the workforce at a time when scams are more sophisticated, more personalized, and harder to spot than ever before. McAfee’s 2026 State of the Scamiverse report highlights why younger job seekers should be especially cautious.

Young Adults Face Higher Risk

  • Younger adults report the highest rates of repeat scam victimization. McAfee’s research found that scam victims under 35 are more likely than older adults to be targeted again, suggesting that early-career professionals may be especially vulnerable as they navigate job searches, salaries, and onboarding for the first time.

Scam Messages Are Constant

  • Americans receive 14 scam messages per day on average.
  • 76% of Americans say they have encountered an online scam.
  • People spend 114 hours per year, nearly three full workweeks, trying to determine what is real and what is fake online.

Professional Platforms Are Not Immune

  • 7% of respondents reported encountering scams on LinkedIn.
  • 44% have replied to suspicious messages that contained no link at all.

Many modern scams begin with a simple message such as “I came across your profile” or “We’d like to discuss an opportunity,” rather than an obviously suspicious URL.

Job Scams Move Fast

  • The average scam unfolds in just 38 minutes.

Scammers often create urgency by claiming a role is limited, an offer will expire quickly, or onboarding must begin immediately.

AI Makes Fake Recruiters More Convincing

  • 35% of Americans are not confident they can spot deepfake scams.
  • McAfee predicts job scams will become increasingly personalized as scammers use AI to create tailored outreach, onboarding documents, and contracts that closely match a candidate’s background.

Job Scams Are a Growing Financial Threat

  • FTC-reported job scam losses rose nearly 40% year over year, increasing from $543 million in 2024 to $752 million in 2025.

For new graduates eager to land their first job, the lesson is simple: if an opportunity seems rushed, asks for money, or feels too good to be true, take a step back and verify before you respond.

Where McAfee Comes In

Job scams don’t just happen in one moment. They unfold in stages—first a message, then a conversation, then a request for information or money.

That’s why protection needs to work the same way: across the entire experience. McAfee’s comprehensive protection helps you stay ahead of job scams at every step:

McAfee+ Advanced gives you multiple layers working together so you are not left figuring it out after the damage is done:

  • Identity Monitoring alerts you if your personal info shows up where it should not, so you can act fast
  • Personal Data Cleanup helps remove your information from data broker sites, making you harder to target in the first place
  • Scam Detector flags suspicious texts, emails, links, and even deepfake videos before you engage
  • Safe Browsing helps block risky sites if you do click
  • Device Security helps detect malicious apps or downloads
  • Secure VPN keeps your data private, especially on public Wi-Fi   

The Biggest Red Flags to Watch For

These patterns show up again and again in job scams:

Red Flag

What It Looks Like

Why It’s a Problem

What to Do Instead

Requests for Sensitive Information Too Early

Asked for your Social Security number, banking info, or ID details early in the process

Scammers use this to steal your identity or access your accounts

Only share sensitive info after accepting a verified job—and through secure onboarding systems

You’re Asked to Pay to Work

Fees for training, equipment, onboarding, or background checks

Legitimate employers don’t charge candidates to get hired

Walk away immediately—this is one of the clearest signs of a scam

The Job Sounds Too Good to Be True

High pay, low hours, minimal experience required, vague responsibilities

Designed to hook attention and lower your guard

Research typical salaries and ask detailed questions about the role

The Hiring Process Moves Too Fast

Immediate job offers or rushed decisions without interviews

Real hiring processes involve multiple steps and evaluations

Be cautious of offers that skip standard hiring steps

No Real Interaction

Communication only via email or chat, refusal to do video or phone calls

Scammers avoid real-time interaction to stay anonymous

Request a video call or verify the recruiter through official company channels

How to Protect Yourself

You don’t need to overcomplicate it. Stick to a few grounded habits:

  • Verify the company independently: Search the company, check official sites, confirm recruiter identities
  • Keep communication on trusted platforms: Be cautious with offers coming from unexpected channels
  • Never pay upfront for a job: That’s a dealbreaker
  • Pause before sharing personal information: Especially early in the process
  • Use tools that flag risks automatically: Scam Detector helps catch what looks legitimate, but isn’t

What to Do If You Think It’s a Scam

If something feels off:

  • Stop communication immediately
  • Do not send money or personal information
  • Report the scam to the FTC
  • Monitor your accounts for suspicious activity

If you’ve already shared sensitive information, act quickly to secure your accounts.

With McAfee’s comprehensive protection, you’re not left to figure it out on your own.

From blocking risky links to monitoring your identity and helping you respond quickly, it’s designed to help you stay one step ahead, and recover faster if needed. Because job searching is stressful enough without scammers, and you deserve to land your next job with confidence.

The post The New Grad’s Guide to Job and Recruitment Scams appeared first on McAfee Blog.

How to Protect Yourself After the Canvas Education Data Breach + Fake Amazon Recall Texts

8 May 2026 at 12:10

If you have ever checked your child’s grades online, submitted a college paper through a school portal, downloaded homework assignments, or received messages from a teacher through a classroom app, there is a good chance you have used Canvas, a nationwide learning management system that was just in a massive data breach. 

This is exactly the moment McAfee+ Advanced was built for. With our built-in Scam Detector to flag risky links, QR codes, and deepfakes; Identity Monitoring that alerts you when your data appears where it shouldn’t; and Personal Data Cleanup that removes your information from the dark web and data brokers, McAfee+ Advanced is an all-in-one solution for protection after a data breach.

Now let’s get into what you need to know about this breach: 

Who Is Behind the Canvas Breach? 

The ransomware group ShinyHunters is claiming responsibility for the attack. The group alleges it stole roughly 275 million records tied to nearly 9,000 schools and educational institutions worldwide. 

How Did the Canvas Cyberattack Happen? 

Instructure, the company behind Canvas, confirmed a cyber incident affecting its cloud-hosted environment. The attackers later posted claims about the breach on their leak site, where ransomware groups pressure organizations into paying by threatening to release stolen data publicly. 

What Information Was Stolen in the Canvas Breach? 

The stolen data reportedly includes: 

  • Student names  
  • Teacher and staff names  
  • Email addresses  
  • Student IDs  
  • Course and enrollment information  
  • School-related records  

ShinyHunters claims the breach exposed roughly 275 million records and more than 231 million unique email addresses. 

How Could the Canvas Data Breach Impact Families and Students? 

Even if financial information was not exposed, this kind of data can still be extremely valuable to scammers. Criminals can use real school names, real classes, teacher names, and student information to create highly convincing phishing emails, fake school alerts, scholarship scams, tuition scams, or password reset messages. 

A scam message referencing your child’s actual school or assignment is much harder to spot as fake. 

This is what a Canvas message might look like when forwarded to your email inbox. Hackers claim to have millions of these types of messages.
This is what a Canvas message might look like when forwarded to your email inbox. Hackers claim to have millions of these types of messages.

This is a real message from Canvas from a community college professor after yours truly took an anthropology class for fun during the pandemic. It’s full of links to apply for programs and reach out to professors. It has exact details about courses I’ve taken.  

While this correspondence is real, it’s exactly the type of messaging that scammers could fake and replicate, replacing real links with fake “paid” opportunities to pursue degrees.  

Now think of the millions of messages and specific scenarios scammers have access to, to create dubious and convincing scams. That’s why protecting yourself after a breach is key.  

What To Do Right Now 

Here are some actions you can take immediately ot protect yourself after this breach:

  • Change you or your child’s Canvas password immediately, and update any other accounts where they reuse that password 
  • Turn on multi-factor authentication (2FA) on parent and student accounts wherever the school permits it — Instructure’s own post-incident guidance specifically called out enforcing MFA as a recommended precaution 
  • Ask your school what identity protection is being offered if sensitive data was involved 
  • Consider placing a credit freeze on your or your child’s file to block new accounts from being opened in their name 
  • Avoid clicking links in any messages that reference the breach, go directly to the official site instead 

And that, my friends, is issue number one in this week’s This Week in Scams. Let’s get into what else is on our radar in cybersecurity and scam news. 


Fake Amazon Recall Texts Are Targeting Shoppers  

Your phone buzzes. It’s a text from an unknown number, but the message looks official. 

“Dear Amazon Customer, we are writing to inform you that an item from your March 2026 order has been identified for recall.” There’s an order number. A link at the top of the message. A note about quality standards and a refund waiting for you. 

It looks real. It has the Amazon logo, the branded formatting, even a reference to the “Amazon Customer Safety Team.” The only thing it doesn’t have? Any connection to Amazon at all. 

A photo of a scam recall text I received this week. Luckily Scam Detector flags the link as risky if you try to click.
A photo of a scam recall text I received this week. Luckily Scam Detector flags the link as risky if you try to click.

This is a fake Amazon recall scam, and it is making the rounds right now. The goal is to get you to click that link, which takes you to a site designed to harvest your login credentials, payment information, or both.  

If you get a text like this, do not click the link. Go directly to amazon.com in your browser, log in, and check your orders and messages from there. Amazon does not initiate recall or refund processes through unsolicited texts with outside links. 

What Is a Fake Amazon Recall Scam And How Does It Work? 

A fake Amazon recall scam is a text message or email in which criminals impersonate Amazon to convince you that one of your recent orders has been flagged for a product recall. The message directs you to an external link leading to a phishing site designed to steal your Amazon credentials, credit card details, or personal information. 

Red Flags To Watch For 

  • The text comes from an unknown number, not a short code or verified sender 
  • The link goes to a domain that is not amazon.com 
  • The message asks you to complete a refund through an external link 
  • Small typos or awkward phrasing appear in what looks like official communication 
  • The greeting says “Dear Amazon Customer” rather than your actual name 

What To Do If You Get One 

  • Do not click the link 
  • Go to amazon.com directly and check your orders and account notifications 
  • Report the text to Amazon at stop-spoofing@amazon.com 
  • Block the number 

Where McAfee Steps In (So You Don’t Have to Guess)  

Scams today are layered.  A fake email leads to stolen credentials. A breach leads to targeted phishing. And those follow-ups are getting harder to spot.  

With McAfee+ Advanced, multiple layers work together so you’re not left figuring it out after the damage is done: 

  • Identity Monitoring alerts you if your personal info shows up where it should not, so you can act fast  
  • Personal Data Cleanup helps remove your information from sites selling it. 
  • Scam Detector flags suspicious texts, emails, links, QR codes, and even deepfake videos before you engage  
  • Safe Browsing helps block risky sites, even if you do accidentally click  
  • Device Security helps detect malicious apps or downloads  
  • Secure VPN keeps your data private, especially on public Wi-Fi    

McAfee Safety Tips This Week 

Our advice based on this week’s scams and stories: 

  • If your child’s school uses Canvas, update their password now and enable multi-factor authentication if available 
  • Consider a credit freeze for your child’s identity, especially if sensitive identifiers were part of the breach 
  • Never click links in unsolicited texts about refunds, recalls, or account issues — go directly to the official site instead 
  • Treat any message that references your recent orders or personal account details with extra skepticism, even if it looks legitimate 
  • Use Scam Detector to check suspicious links before engaging, and stay alert in the weeks and months after a breach, not just the first few days 

And we’ll be back next week with more scams and cybersecurity news making headlines. 

The post How to Protect Yourself After the Canvas Education Data Breach + Fake Amazon Recall Texts appeared first on McAfee Blog.

The Canvas Hack Is a New Kind of Ransomware Debacle

8 May 2026 at 05:02
Thousands of schools around the US were paralyzed on Thursday after education tech firm Instructure shut down access to its Canvas platform following a breach by hackers going by the name ShinyHunters.

How to Disable Google's Gemini in Chrome

7 May 2026 at 20:31
Chrome users were caught off guard by a 4-GB Google AI model baked into Chrome, sparking privacy concerns. The good news: You can easily uninstall it. The bad? You might not want to.

Now Available: Use ChatGPT with McAfee to Spot Scams Faster

7 May 2026 at 11:55

Scam messages are getting smarter and faster. 

According to McAfee’s 2026 State of the Scamiverse report, Americans now spend 114 hours a year trying to figure out what’s real and what’s fake online. That’s nearly three full workweeks lost to second-guessing messages, alerts, and links. 

And when scams do succeed, they move quickly. The typical scam unfolds in about 38 minutes, leaving little room for hesitation. 

That creates a gap: People want to check before they act, but the tools haven’t always met them in that moment. 

ChatGPT + McAfee is designed to close that gap, bringing scam detection directly to a platform people are already using to ask questions and make decisions. 

And it’s available to anyone. You don’t have to be a McAfee subscriber. 

This isn’t just detection. It’s guidance in the exact moment you’re deciding what to do.  

Instead of guessing, you can paste a message or drop in a screenshot and get a clear explanation of what’s riskyand what to do nextpowered by McAfee’s threat intelligence. 

What You Can Do with ChatGPT + McAfee 

With this integration, checking something suspicious becomes as simple as asking a question. 

Paste a message. Drop in a link. Upload a screenshot. 

McAfee analyzes it and explains what’s going on clearly and in context. 

Here’s how it works: 

Feature  What it does  How it protects you 
Link safety check  Paste a suspicious URL and get a reputational analysis based on McAfee threat intelligence  Scam links are often designed to look legitimate. A quick check helps avoid phishing and malware 
Message analysis  Submit texts, emails, or social messages for evaluation  Many scams now rely on urgency and tone. Analysis helps surface subtle red flags 
Screenshot uploads  Upload screenshots of messages, emails, or posts for review  Scams don’t always come as clean text. This makes it easier to check what you’re actually seeing 
Clear explanations  Get a breakdown of why something is flagged as risky or safe  Not just a warning—an explanation that helps you recognize patterns next time 
Guided next steps  Receive recommendations on what to do next  Helps prevent escalation, especially in moments of uncertainty 

It’s a quick, accessible way to get answers in the moment. But it’s just one part of a broader system designed to protect you more comprehensively. 

Add the app to your ChatGPT account here. 

McAfee's ChatGPT extension
McAfee’s ChatGPT extension

Built on McAfee’s Threat Intelligence 

Behind the scenes, ChatGPT + McAfee is powered by the same intelligence that fuels McAfee’s broader scam protection ecosystem. 

When you submit something for review: 

  • Links are checked against known threat signals  
  • Messages are analyzed for scam patterns and language cues  
  • Results are translated into clear, human-readable explanations  

The goal isn’t just to flag risk. It’s to help you understand it. 

A New Way to Stay Ahead of Scams 

Scams aren’t slowing down. If anything, they’re becoming more convincing, more personalized, and harder to detect. 

That’s where ChatGPT + McAfee comes in. But this is only one part of a much bigger system designed to protect you before, during, and after a scam attempt. 

With McAfee+ Advanced, multiple layers work together so you’re not left figuring it out after the damage is done: 

  • Identity Monitoring alerts you if your personal info shows up where it should not, so you can act fast  
  • Personal Data Cleanup helps remove your information from sites selling it. 
  • Scam Detector flags suspicious texts, emails, links, QR codes, and even deepfake videos before you engage  
  • Safe Browsing helps block risky sites, even if you do accidentally click  
  • Device Security helps detect malicious apps or downloads  
  • Secure VPN keeps your data private, especially on public Wi-Fi    

The ChatGPT experience gives you a fast, intuitive way to check something in the moment. 

McAfee+ Advanced makes sure you’re protected across everything else.

The post Now Available: Use ChatGPT with McAfee to Spot Scams Faster appeared first on McAfee Blog.

A Kid With a Fake Mustache Tricked an Online Age-Verification Tool

6 May 2026 at 21:24
To stop children from bypassing its age checks, Meta is revamping its age-verification tools with an AI system that analyzes images and videos for “visual cues,” such as height and bone structure.

Hackers Hate AI Slop Even More Than You Do

6 May 2026 at 15:49
It's not just you. Scammers, hackers, and other cybercriminals are complaining about “AI shit” flooding platforms where they discuss cyberattacks and other illegal activity.

DHS Demanded Google Surrender Data on Canadian’s Activity, Location Over Anti-ICE Posts

4 May 2026 at 14:45
Using a 1930s trade law, Homeland Security targeted the man—who hasn’t entered the US in more than a decade—following posts on X condemning the killings of Renee Good and Alex Pretti.

Dangerous New Linux Exploit Gives Attackers Root Access to Countless Computers

1 May 2026 at 20:30
The exploit, dubbed CopyFail and tracked as CVE-2026-31431, allows hackers to take over PCs and data center servers. The Linux vulnerabilities have been patched—but many machines remain at risk.

Ad Impersonation Scams and Record-Breaking Social Media Fraud Losses: This Week in Scams

1 May 2026 at 12:01

You’re scrolling through Facebook or TikTok and see it. 

A flash sale from a brand you recognize. A limited-time investment opportunity. A job posting that promises quick money. 

The ad has comments. The account looks polished. Maybe someone you follow even liked it. 

So you click. 

From there, things move fast. You’re pushed to act quickly, enter your information, or send payment before the “deal” disappears. And just like that, the money is gone or your account is compromised. 

This isn’t an edge case anymore. According to new FTC data, nearly 30% of people who reported losing money to a scam in 2025 said it started on social media, with total losses hitting $2.1 billion. 

That’s why McAfee+ Advanced includes comprehensive protection designed to help you spot and stop scams at every step, including McAfee’s Scam Detector, which flags suspicious links and messages and explains why they may be risky, along with identity and privacy tools that help protect your information if a scam slips through. 

How Social Media Ad Scams Work 

A social media ad scam is when scammers use paid ads, fake profiles, or hijacked accounts on platforms like Facebook, Instagram, or TikTok to promote fake products, services, or investment opportunities in order to steal money or personal information. 

Step  What happens  What to do  How McAfee helps 
1  You see an ad, post, or DM promoting a deal, job, or investment  Don’t engage immediately, even if it looks legitimate  Scam Detector flags suspicious links and messages before you interact 
2  The ad links to a website or moves you into DMs  Avoid clicking unfamiliar links or continuing off-platform  Safe Browsing helps block risky or newly created websites 
3  You’re pressured to act quickly or “secure your spot”  Slow down and verify the company independently  Scam Detector explains urgency tactics and why they’re risky 
4  You’re asked to pay, share login info, or download something  Never send money or credentials based on a social media interaction  Identity Monitoring helps protect your personal data if exposed 
5  The product never arrives, the investment disappears, or your account is compromised  Report the scam and secure your accounts immediately  Personal Data Cleanup and monitoring help reduce ongoing exposure 

Red Flags To Watch For 

  • Deals that feel unusually cheap or urgent  
  • Ads linking to unfamiliar or slightly misspelled websites  
  • Requests to move conversations off-platform quickly  
  • Payment requests via apps, crypto, or wire transfer  
  • Accounts with limited history or inconsistent engagement  

And that is the first part of This Week in Scams! This Friday we’re taking a different format to talk about this new FTC data and all that it reveals.  

Let’s keep digging in: 

FTC Report: Social Media Scams Are Now The Most Costly Fraud Channel 

New data from the FTC shows just how dominant social media has become in the scam landscape. 

  • Social media scams drove $2.1 billion in reported losses in 2025  
  • Losses have increased eightfold since 2020  
  • Investment scams alone accounted for $1.1 billion of those losses 

Where Scams Are Happening And What’s Changing 

Category  What to know 
Most common scams  Shopping scams lead, with over 40% of victims reporting purchases from social media ads that never arrived 
Most costly scams  Investment scams drive the biggest losses, often starting with ads or group chats showing fake success 
What’s changing  Scammers are using platform tools like ads, targeting, and profile data to reach people more precisely than ever 

How Scams Play Out Across Platforms 

Platform  How scams typically start  What to watch for 
Facebook  Ads, Marketplace listings, hacked accounts  Fake stores, duplicate listings, urgent purchase pressure 
Instagram  Sponsored posts, influencer impersonation  “Limited drop” scams, fake brand collaborations 
TikTok  Ads, stolen videos/profiles, comment links, bio links,   “Get rich quick” schemes, external link funnels, reselling via TikTok 
WhatsApp  Group chats, investment communities  Fake testimonials, coordinated pressure to invest 

 How McAfee Protects You from Scams and Cyber Threats 

McAfee+ Advanced gives you multiple layers working together so you are not left figuring it out after the damage is done:   

  • Identity Monitoring alerts you if your personal info shows up where it should not, so you can act fast  
  • Personal Data Cleanup helps remove your information from data broker sites, making you harder to target in the first place  
  • Scam Detector flags suspicious texts, emails, links, and even deepfake videos before you engage  
  • Safe Browsing helps block risky sites if you do click  
  • Device Security helps detect malicious apps or downloads  
  • Secure VPN keeps your data private, especially on public Wi-Fi    

McAfee Safety Tips This Week 

Our advice based on this week’s scams and schemes: 

  • Treat social media ads like any other unknown source, not a trusted recommendation  
  • Pause before clicking, especially when urgency is involved  
  • Verify brands by going directly to their official website  
  • Avoid sending money or personal information through social media  
  • Use tools like Scam Detector to check suspicious links before engaging  

And we’ll be back next week with more scams making headlines.

The post Ad Impersonation Scams and Record-Breaking Social Media Fraud Losses: This Week in Scams appeared first on McAfee Blog.

From Strategy to Architecture: How Cisco is Building a Quantum-Safe Future

30 April 2026 at 12:00
Dive into the architecture behind Cisco’s holistic, mutilayered PQC strategy to understand how Cisco is operationalizing the secure communications and secure products across the communication planes, inside the chipset, and down to the firmware that loads before your operating system even boots.

Why Sharing a Screenshot Can Get You Jailed in the UAE

28 April 2026 at 17:49
The war in Iran has drawn attention to arrests in the United Arab Emirates over online content, but the legal framework behind that enforcement has existed for years.

❌