Login
Imagine a “Privacy Facts” label on the apps, devices, and websites you use. Like a digital version of the “Nutrition Facts” on the sides of your cereal boxes and other food you buy. With a quick look, you could see what the company behind that app, device, or website collects — and what they do with it.
Sadly, no such label exists. The fact of privacy today is that it takes work to uncover how the apps, devices, and websites you use collect your personal data and info.
To uncover those details, you’ll find yourself wading through privacy policies, which are known for their thick legalese. And they can get rather vague. Words like “may” and “might” leave the door open for what companies really do with the personal info and data they collect. They “may” share it with other parties and they “might” sell it to other parties as well.
Meanwhile, those other parties “may” or “might” use it for their own purposes. Other parties that are largely unknown to you, if not completely unknown, because they’re undisclosed.
As a result, once your personal data and info gets out there, it has a way of getting around.
Data and info collection powers the internet, which counts as yet one more fact of privacy. Yet that collection has its legal and ethical boundaries. And those boundaries stand front and center once again this Data Privacy Day.
Data Privacy Day gives us a chance to consider the importance of respecting privacy, of protecting data, and of building trust. Particularly on the internet, where data is the coin of the realm. It holds great value. Companies want it to improve their services and marketing. Bad actors want it to commit fraud and theft — or sell it on dark marketplaces.
Your clutch of personal data and info has a price tag hanging on it. That makes it worth protecting.
Granted, we think about privacy every day. The value it has. The importance of protecting it. And how we can make that protection it stronger and easier for you. That’s very much on our minds in a time where people say they have little idea about what personal data and info gets collected.
Indeed, plenty of people are scratching their heads about their privacy online. Findings from Pew Research in 2023 showed that roughly three-quarters of Americans surveyed said they feel like they have little or no control over data collectioni. Moreover, 67% of them said they understand little to nothing about what companies are doing with their personal data. That’s up 8% from 59% in 2019ii.
In four short years, more people feel like protecting their privacy is out of their hands. Even the ripple effects of the European Union’s General Data Protection Regulation (GDPR)iii and strong consumer privacy laws in a dozen or so U.S. statesiv haven’t increased their confidence. Only 61% of Americans feel that anything they do will make much difference when it comes to managing their privacy onlinev.
Yet something else has happened in those four years. Online protection software has become more powerful. Particularly when it comes to privacy. Even if things feel otherwise, you truly can take significant steps that make a difference in your privacy.
As far as our online protection software goes, it offers several simple and powerful ways to protect your privacy. McAfee+ features Personal Data Cleanup and Online Account Cleanup — two ways you can take control of your data and info. With them, you can:
Further, McAfee+ rounds things out with our VPN. That keeps you anonymous from advertisers and other data collectors, all while securing you from other prying eyes online.
Those handful of features, part of your overall identity and virus protection, can make you far more private. Even in a time of opaque privacy policies and heavy data collection online. Once again, our aim is to make that simple and powerful for you.
It really is too bad there’s not a label for privacy. Sure, it’d be nice if you could peer into the Privacy Facts of the apps, devices, and websites you use. But the good news is that online protection software can put you in control of your personal data and info without those details. You truly are in more charge of your privacy than you might feel nowadays.
[ii] https://www.pewresearch.org/internet/2023/10/18/how-americans-view-data-privacy/
[iii] https://gdpr.eu/what-is-gdpr/
[iv] https://pro.bloomberglaw.com/brief/state-privacy-legislation-tracker/
The post Protect What Matters on Data Privacy Day appeared first on McAfee Blog.
Security researchers have discovered a massive data breach containing more than 26 billion records — a hacker’s trove of records compiled from LinkedIn, Twitter, Adobe, and thousands of other organizations. Likely the largest of its kind, researchers have dubbed it MOAB or the “Mother of All Breaches.”
With billions of pieces of personal info compromised, you can count on one thing here for sure. Bad actors out there will surely take advantage of this windfall. We’ll share the immediate steps you can take to stay safe.
Just to get a sense of the breach’s scope, the newly discovered database contains over 3,800 folders, each containing records from an individual data breach. As such, it seems that these breached records were compiled over time to create this database.
Within that list of 3,800 folders, it includes major brands and entities such as Twitter/X (281 million records), LinkedIn (251 million records), Evite (179 million records), and Adobe (153 million records). Leading the way with breached records is Tencent, with 1.5 billion records exposed.
Researchers also discovered that the leak contains records from government organizations in the US, Brazil, Germany, Philippines, Turkey, and other countries.
To date, no group has stepped forward to claim responsibility for this massive compilation of breached info. Researchers speculate that it could be a “malicious actor, data broker, or some service that works with large amounts of data.”
Given the scale of the breach, your best bet is to act like your data was caught up in it.
This breach truly is a treasure trove for hackers and scammers. With the info contained in it, they can launch follow-on attacks. Like identity theft, phishing attempts, and password-stuffing attacks often follow in the wake of breaches. And indeed, this is a massive breach.
We can’t stress enough that acting now is super important.
Immediate steps include:
Changing passwords now is a must. Strong and unique passwords are best, which means never reusing your passwords across different sites and platforms. Using a password manager will help you keep on top of it all, while also storing your passwords securely. Moreover, changing your passwords regularly might make a stolen password worthless because it’s out of date.
While a strong and unique password is a good first line of defense, enabling two-factor authentication across your accounts will help your cause by providing an added layer of security. It’s increasingly common to see nowadays, where banks and all manner of online services will only allow access to your accounts after you’ve provided a one-time passcode sent to your email or smartphone. If your accounts support two-factor authentication, enable it.
An identity monitoring service can monitor everything from email addresses to IDs and phone numbers for signs of breaches so you can take action to secure your accounts before they’re used for identity theft. Personal info harvested from data breaches can end up on dark web marketplaces where other bad actors buy it for their own attacks. Ours monitors the dark web for your personal info and provides early notifications if your data is found on there, an average of 10 months ahead of similar services. We also provide guidance to help you act if your info is found.
When personal info gets released, there’s a chance that a hacker, scammer, or thief will put it to use. This might include committing fraud, where they draw funds from existing accounts, and theft, where they create new accounts in a victim’s name.
With that, strongly consider taking preventive measures now. Checking your credit, putting a security freeze in place, and getting theft protection can help keep you safe in the wake of a breach. You can get all three in place with our McAfee+ Advanced or Ultimate plans. Features include:
Credit monitoring keeps an eye on changes to your credit score, report, and accounts with timely notifications and guidance so you can take action to tackle identity theft.
Security freeze protects you proactively by stopping unauthorized access to existing credit card, bank, and utility accounts or from new ones being opened in your name. And it won’t affect your credit score.
ID Theft & Restoration Coverage gives you $2 million in identity theft coverage and identity restoration support if determined you’re a victim of identity theft. This way, you can cover losses and repair your credit and identity with a licensed recovery expert.
A complete suite of online protection software can offer layers of extra security. In addition to password management and identity theft protection, it includes AI-powered scam detection that can spot scam texts, emails, and links on social media that otherwise look legit. If you accidentally tap or click on a sketchy link? Don’t worry, it can block those links from taking you to risky sites too. In all, online protection software offers you a broad range of defenses and preventative measures any time data breaches occur. Even breaches the size of the MOAB breach.
The post 26 Billion Records Released in “The mother of all breaches” appeared first on McAfee Blog.
Authored by Preksha Saxena and Yashvi Shah
McAfee Labs has been tracking a sophisticated VBS campaign characterized by obfuscated Visual Basic Scripting (VBS). Initially delivering the AgentTesla malware, the campaign has evolved into a multi-faceted threat, employing VBS scripts as a versatile delivery mechanism. Notably, this campaign extends beyond AgentTesla, now distributing a range of malware such as Guloader, Remcos RAT, Xworm, and Lokibot.
This campaign illustrates a comprehensive infection process initiated by a VBS file delivered via email. Starting with the activation of a VBS script, it progresses through PowerShell phases, utilizing the BitsTransfer utility for fetching a second-stage PowerShell script. The decoded and executed Shellcode A conceals and loads Shellcode B. In the final phase, wab.exe downloads the encrypted Remcos RAT payload. Shellcode B decrypts and injects it into wab.exe, making it function as the Remcos RAT.
The observed campaign has been noted for targeting diverse regions worldwide. Presented below is a geographical heatmap depicting McAfee customers who have been targeted and saved over the past three months.
Figure 1: Geo Heatmap showing targeted regions.
In the featured blog post, malicious actors utilized GuLoader to deploy the Remcos RAT.
Figure 2: Infection chain
The execution begins by running a VBS script. then it triggers the execution of the first-stage PowerShell. Subsequently, the BitsTransfer utility is employed to fetch a second-stage PowerShell which is base64 encoded.
The second stage PowerShell is then encoded and executed. Following this, the First Shellcode is meticulously carved out and loaded reflectively. The second Shellcode encoded within Shellcode A, undergoes decoding and is also reflectively loaded.
The final step involves a second Shellcode which is leveraged to retrieve and inject the Remcos RAT (Remote Control and Surveillance Tool) into a legitimate Windows process. In this case, wab.exe. This intricate series of actions allows for the stealthy deployment and operation of the Remcos RAT within the Windows environment.
Figure 3: Process Tree
Attached to the email is a ZIP file seemingly labeled as “revised_quotation_for_purchase_invoice_order_design_6th_november_2023“, resembling an invoice to the user. The intent, much like similar deceptive emails, is for the recipient not to scrutinize the email closely.
Inside the zip file attachment is a heavily obfuscated VBS file. The VBS script employed several techniques to make the analysis quite difficult. It has many garbage variables, decoy functions, and unnecessary comments, and all the malicious functions are obfuscated.
Figure 4: Heavily obfuscated script
The code appears streamlined after removing redundant lines, resulting in a more concise and efficient version. After removing all the comments, the script turned out to be as follows:
Figure 5: Post-removing the junk code
In the script, there’s a frequent appending of new strings to the variable “Fu6”. This method serves to increase the complexity of the analysis. Once all the strings are concatenated and formatted, the result emerges in a more intriguing manner. As shown in the below image.
Figure 6: After deobfuscating the code
The function “Mikr9” will handle the conversion of strings, rendering them readable. We converted all the lines to a readable format, with the help of the “Fu6” function. For example, as shown in Figure 5, the string
‘DelfhAdvetFagstStatpYapp:Nona/fisk/Indh1 Sic0 Tra3parc. Mon1Gens7Vide6Eufo.Tast1Outs1Midd1afte.Dors1husg6 Hal3Beja/ Hypm RenuColonSprgdNasahToasuRafflchon.GyttpBrnefMuckbAcci ‘ became http://103.176.111[.]163/mundhul.pfb.
Likewise, the entire script is decoded, and we get the following script:
Figure 7: After applying decrypting function Mikr9()
The script conducts the following sequence of activities:
The file retrieved shows zero detection on VT, appears to be base64 encoded, and has a size of 336KB.
Figure 8: Second Powershell script
Figure 9: Content is base64 encoded
Upon decoding “mundhul.pfb,” a detailed analysis can be conducted to comprehend its functionality, enabling further examination of the malware’s execution. Once the file gets decoded, it reveals a code resembling the image provided below.
Figure 10: Base64 decoded data
As specified in the script, execute a jump to offset 229981 and retrieve the ensuing 28050 units of data. This marks the start of the second PowerShell script, which is 28050 bytes, marked as follows.
Figure 11: Start of encrypted second PowerShell
The code contains various comments, so we followed the same procedure, as we did for the first script, removed all the junk code and we got a function that seems to handle the decryption of all the strings.
</centerFigure 12: After removing the junk
The decryption process iterates multiple times to unveil the strings, and the malware employs the “Invoke” method to execute its commands. After decoding all the strings using “Bedroges02” function, we finally got the intent of the script.
Figure 13: After applying decryption logic
The PowerShell script initially loads the VirtualAlloc() function and stores the memory handle in variables named “trll3” and “Akuammin195”. These sections possess permissions for writing, reading, and executing. The latter segment of the script appears to invoke a concealed shellcode embedded within it.
The execution sequence involves copying the bytes as follows: The initial 644 bytes from the beginning of this PowerShell script constitute the first shellcode. Subsequently, starting from byte 644, the script copies the next 229337 bytes, constituting the second shellcode.
Figure 14: Constituting shellcode
Following the execution sequence, malware initiates the API call CallWindowProcA, leading subsequently to the invocation of the native function NtProtectVirtualMemory. Then the process transitions directly to initiating the first shellcode.
The shellcode-A’s primary action involves copying the shellcode B into memory, as depicted in the figure below.
Figure 15: Loop used for copying shellcode B
The shellcode B undergoes decryption via XOR operation. This operation serves to transform the code into its executable form, allowing the decrypted shellcode to execute its intended instructions within the system’s memory.
Figure 16: Decryption loop used for decrypting shellcode B
The shellcode is designed to establish a new process named “wab.exe” and it replicates 0x3FC4000 bytes of decrypted shellcode into its memory space. As indicated by the highlighted blue box, the content decrypted from the second shellcode (shown in Figure 15) is subsequently injected into the wab.exe process (depicted in Figure 16).
Figure 17: Injection of second shellcode
The objective of the shellcode is to fetch the Remcos RAT from the specified URL, “hxxp://103.176.111.163/lnHxQotdQb132.bin” and subsequently inject it into the “wab.exe” process. Once “wab.exe” is injected by the final payload, it undertakes all malicious activities.
Figure 18: wab.exe connecting to C2
The file obtained from the provided URL seems to be an encrypted binary. Upon decryption, it has been recognized to initiate communication with the IP address 94.156.65.197 through port 2404. An observation revealed the creation of a mutex named “Rmc-R7V4VM.” Data keylogged during its operation is stored in a file labeled “logs.dat.” Additionally, screenshots captured are saved in a directory named “Screenshots,” while the overall repository for the collected data is titled “Remcos.”
Conclusion:
This campaign outlines the comprehensive infection process initiated by a VBS file received through email. The process begins with the activation of a VBS script, initiating the initial PowerShell phase. Subsequently, the BitsTransfer utility is used to fetch a second-stage PowerShell script, encoded in base64. After decoding and execution, the first Shellcode is carefully extracted and loaded reflectively. Simultaneously, Shellcode A conceals and loads the decoded Shellcode B.
In the final phase, the injected wab.exe proceeds to download the encrypted final payload of the Remcos RAT. Shellcode B is responsible for decrypting the payload, and it is subsequently injected into wab.exe. Consequently, this particular instance of wab.exe functions as the Remcos RAT.
VBScript in the Windows Environment: A Security Perspective
VBScript, introduced by Microsoft in 1996, was crucial in the Windows environment as a scripting language for task automation, tightly integrated with Internet Explorer, and a key component of technologies like Windows Script Host, Active Server Pages, and Office automation. It provided a simple scripting solution for system tasks, web development, and server-side logic. Microsoft is deprecating VBScript, and it will be available as a feature on-demand before eventual removal from Windows, said the company. This decision aligns with a broader strategy to reduce malware campaigns exploiting Windows and Office features. VBScript, disabled by default in Internet Explorer 11 since 2019, has been used by malicious actors for distributing malware, and Microsoft aims to enhance security by eliminating this infection vector. Attackers exploit vulnerabilities in phased-out technologies due to lingering use in legacy systems, slow adoption of updates, custom applications, stringent industry requirements, and user resistance to change. To mitigate risks, proactive measures such as prompt updates, security education, and staying informed about software lifecycles are crucial.
Mitigation:
Avoiding falling victim to email phishing involves adopting a vigilant and cautious approach. Here are some common practices to help prevent falling prey to email phishing:
| VBS file | 6fdd246520eebb59e37a7cd544477567b405a11e118b7754ff0d4a89c01251e4 |
| Second PowerShell | 5d21216a92ffea5b8ba70f48f9bcbb8a530a9b272423ae3ba519dbf74a905a65 |
| Final payload | 7d947df412e78a595029121ecaf9d8a88e69175cffd1f2d75d31e3ca8995c978 |
| URL1 | hxxp://103.176.111[.]163/mundhul.pfb |
| URL2 | hxxp://103.176.111[.]163/lnHxQotdQb132.bin |
| IP address | 103.176.111[.]163 |
| IP address | 94.156.65[.]197 |
| Mutex | Rmc-R7V4VM |
The post From Email to RAT: Deciphering a VB Script-Driven Campaign appeared first on McAfee Blog.
Taylor Swift wants plenty of good things for her fans — but a free Dutch oven isn’t one of them.
A new scam has cropped up on social media, where an AI deepfake of Swift targets her loyal Swifties with the lure of free Le Creuset products. Yet no one winds up with a piece of the singer’s much-beloved cookware. Instead, they end up with a case of identity fraud. This latest scam follows a string of celebrity deepfakes on YouTube and scams also targeting Kelly Clarkson.
The story has made its share of headlines. Unsurprisingly so, given the singer’s high profile. Scammers have cooked up a synthetic version of Swift’s voice, using AI voice cloning technology we’ve highlighted in our blogs before.
With a script for the voice clone and real snippets of video of the star, the scammers (not Swift) encourage fans to jump on the free offer. All it takes is a $9.96 shipping fee. Paid for by credit or debit card. Once in the hands of the scammers, the cards get charged, and sometimes charged repeatedly. In all, it’s a classic case of identity fraud — this time with an AI voice clone twist.
Image of footage from the Taylor Swift social media scam.
Le Creuset quickly pointed out that no such promotion exists and that any certified Le Creuset promotions get posted on their official social channels. So, to put a fine point on it, Tay-Tay will not send you a Le Creuset.
Swift unfortunately finds herself in plenty of company. As we’ve reported previously, 2023 saw numerous celebrity AI cloning scams that hawked bogus goods, crooked investment scams, and phony cryptocurrency deals. Our 2024 predictions blog called for much more of the same this year, and the Taylor Swift scam has kicked things off in a high-profile way.
If people haven’t heard about AI cloning scams already, there’s a good chance that they do now.
So, what are we to do about it? How are we to tell what’s real and what’s fake online? Our Project Mockingbird points to the answer.
We just unveiled Project Mockingbird at the CES tech show in Las Vegas, a new technology that helps detect AI-generated audio in deepfakes. Think of it as a lie detector that spots fake news and other schemes.
See for yourself. We ran video of the Taylor Swift cookware scam through our Project Mockingbird technology. You’ll see red lines spike as it detects cloned audio, which shows you to what degree the audio is real or fake, all along a charted timeline.
In addition to spotting celebrity scams, this approach to AI clone detection combats another particularly popular form of deepfake. The AI wrapper scam, where scammers wrap their cloned speech inside an otherwise legitimate video. Check out the example below. Here, scammers used clips of real news presenters to dress up their ChatGPT investment scam video.
Note how the detector registered at the baseline when the news presenters spoke, which indicates authentic audio. Then note how it spiked when the cloned audio kicked in — the part of the video that pitched the ChatGPT investment scam.
Project Mockingbird marks the first public demonstration of our new AI-detection technologies. In addition to AI audio detection, we’re working on technology for image detection, video detection, and text detection as well.
With these capabilities, we’ll put the power of knowing what is real or fake directly into your hands. Another way you can think about it is that McAfee is like having a lie detector in your back pocket. With it, you’ll know what’s real and what’s fake online. Something we’ll all need more and more as AI technologies mature.
Looking ahead, we’ll see more than celebrity scams. We’ll see AI voice clones used to trick family members into sending money as part of phony emergency message scams. We’ll see it used for cyberbullying. And we’ll see bad actors use it to twist political speech across 2024’s major election cycles worldwide.
Through it all, we aim to give you the power of trust — to trust what you see and hear online. To know what’s real and what’s fake out there. Project Mockingbird represents our first public step toward that goal.
The post No, Taylor Swift Won’t Send You a Free Dutch Oven — The New AI Cloning Scam appeared first on McAfee Blog.
New year, new tech. That’s what hits the floor at the CES show each January in Las Vegas. Whether it’s striking, strange, or just pretty cool, plenty of this year’s tech is connected — and that means it needs to get protected.
Already we’ve seen a personal health scanner that works like a tricorder from Star Trek, smart belts that help people with limited vision get around safely, and smart locks that open your door with the palm of your hand.
Coursing through all these connected devices are data and info — data and info about you. Your family. Your home. Your comings and goings. The kind of data and info that all kinds of people want to get their hands on.
That’s where protection comes in.
Any device connected to the internet must be protected. Even if it’s something as innocuous as a smart wall outlet. The reason is, your home network is only as strong as its weakest security link. And many smart devices don’t come with the best security out of the box. Hackers know this. By compromising a device like a smart wall outlet, a hacker can gain access to the rest of the network and the devices and data on it.
But how do you protect a smart wall outlet, along with that smart coffeemaker, door lock, and refrigerator? We’ll run it down for you, plus advice for keeping the latest in medical, fitness, and mobile devices safe as well.
Broadly speaking, you can protect most of your tech with a handful of steps. Whether it’s a new Wi-Fi router, smartwatch, or even a connected fridge, they can all benefit from the following basics.
Use strong, unique passwords.
When it’s time to set up a new account or device, go with a strong, unique password. Strong means a mix of at least 12 characters, if not more. That includes a mix of numbers, symbols, and both letter cases, upper and lower. Unique means you don’t repeat it across accounts. That way, if one password gets compromised, the rest will remain secure.
Why strong and unique? Given today’s computing power, a hacker’s password generator can create millions of passwords in seconds. Weak passwords have no chance against them. It’s a simple matter of statistics.
Consider a password that uses eight numbers, uppercase and lowercase letters, and symbols. Sounds pretty strong, right? Unfortunately, a brute-force attack might crack that password in as fast as one second. One second …
|
Password Length
(Using numbers, uppercase and lowercase letters, and symbols) |
Time to Crack |
| 8 | One Second |
| 12 | Eight Months |
| 16 | 16 Million Years |
However, increase that password length to twelve numbers, uppercase and lowercase letters, and symbols — it’d that eight months to crack that password. Bump it up to 16, and it would take 16 million years. The longer it is, the more complex it is. And thus tougher to crack. It’s the difference between one second and 16 million years. And if a hacker’s brute-force attack on one password takes too long, it’ll simply move onto the next one.
A password manager can help create strong, unique passwords for you. Also found in comprehensive online protection software, a password manager can create and securely store strong and unique passwords for your mom and dad, giving them one less thing they need to remember and worry about.
Use multi-factor authentication
Online banks, shops, and other services commonly offer multi-factor authentication to help protect your accounts — with the typical combination of your username, password, and a security code sent to another device you own (often a mobile phone).
If your device or account supports multi-factor authentication, consider using it there too. It throws a big barrier in the way of hackers who try and force their way into your device with a password/username combination.
Keep everything updated
Update your apps and devices regularly. In addition to fixing the odd bug or adding the occasional new feature, app and device updates often address security gaps. Out-of-date apps and devices might have flaws that hackers can exploit, so regular updating is a must from a security standpoint. If you can set your apps and devices to receive automatic updates, even better.
Keep in mind that this very much applies to smart home devices as well.
Secure your internet router
Another device that needs good password protection is your internet router. Make sure you use a strong and unique password there as well to help prevent hackers from breaking into your home network.
Also consider changing the name of your home network so that it doesn’t personally identify you. Fun alternatives to using your name or address include everything from movie lines like “May the Wi-Fi be with you” to old sitcom references like “Central Perk.” Also check that your router is using an encryption method, like WPA2 or the newer WPA3, which will keep your signal secure.
Protect (your) everything
Comprehensive online protection software can secure your phones, tablets, and computers. Moreover, it can protect your privacy, identity, and spot scam texts, messages, and links — just to name a few of the many things it can do.
Moreover, these devices often connect to other devices on your home network. In a way, they act as a remote control for smart home devices like thermostats, alarms, and door locks. Protecting phones, tablets, and computers thus protect those other devices by extension.
The smarts behind a smart home come from you. At least when it comes to keeping it more private and secure. The thing with smart home devices is this, they’re connected. And anything that gets connected gets protected. That can look a little different for these devices than it does for your computers and phones, yet there are steps you can take.
Reset the factory password
Many smart home and internet of things (IOT) devices come with preset usernames and passwords from the factory. So much so, that you can easily find lists of stock usernames and passwords for these devices posted online where hackers can get a hold of them.
In the past, we’ve seen all kinds of attacks occur when these credentials don’t get changed. Among them are stories of hacked baby monitors where attackers take control of the camera and speakers. So just as you do for your other devices and accounts, create a fresh username and pair it with a strong, unique password as outlined above.
Upgrade to a newer internet router
Likewise, older routers might have outdated security measures, which might make them more prone to attacks. If you’re renting yours from your internet provider, contact them for an upgrade. If you’re using your own, visit a reputable news or review site such as Consumer Reports for a list of the best routers that combine speed, capacity, and security.
Set up a guest network specifically for your IoT devices
Just as you can offer your guests secure access that’s separate from your own devices, creating an additional network on your router allows you to keep your computers and smartphones separate from IoT devices. This way, if an IoT device is compromised, a hacker will still have difficulty accessing your other devices on your primary network, the one where you connect your computers and smartphones.
One more note — research the manufacturer
One of the strongest security measures you can take is research. Before purchasing, look up the manufacturer. Have they had security issues with their devices in the past? Are their devices well-reviewed? How about their privacy policy? What are they doing with your data?
It can get a little tricky tracking down that kind of info, yet you have a couple of great places to start. One is Consumer Reports and their thorough reviews of devices and tech. Another resource is Mozilla Foundation’s “Privacy Not Included” site, which reviews connected products like smart home and IoT devices for safety and security.
For a quick check-in, a prescription consultation, or just a conversation with a healthcare pro, telemedicine has firmly established itself as a viable option for many types of care. Of course, the info discussed and shared in such a visit can be sensitive.
Use a VPN
A VPN, or virtual private network, offers a strong layer of additional protection when you’re transmitting health data or having a private conversation about your health with a professional. A VPN creates an encrypted tunnel to keep you and your activity anonymous. In effect, your data is scrambled and hidden to anyone outside your VPN tunnel, thus making your private info difficult to collect. Check with the care provider to see if their telemedicine solution uses a VPN. If not, you can always get a VPN as part of your online protection software.
Check in with your provider
If you’re considering a virtual doctor visit, now’s a great chance to check in with your care provider before your appointment. This way, you can get comfortable with what your visit will look like, find out what special apps (if any) are used, and how your care provider will protect your privacy. Also, you can decide which device you’ll use and where you’ll use it so that you feel at ease during your virtual visit.
A reputable care provider will likely put all this pre-appointment info together for you on their website or “frequently asked questions” (FAQ) page, which will include helpful links and numbers to call if you need help or have questions. For an example of what that might look like, check out the telemedicine page that Virginia Mason/Franciscan Health designed for its patients.
Pick a private place
We’ve talked plenty about digital security, yet there’s the old-fashioned issue of physical eavesdropping to think about too. When it’s time for your actual appointment, pick a place in your home where you can ensure yourself some privacy. (Of course, don’t go online for your virtual appointment in a public place.) Look for a space where you can’t be overheard by neighbors and passers-by — preferably someplace like your bedroom where you can be comfortable as well.
By design, many wearables are big on data collection. Coursing through them are all kinds of data, about your vital signs, sleep patterns, not to mention your whereabouts — like when and where you like to run on your hill training days. Keeping these devices secure means keeping some of your most personal info secure as well.
As always, research the manufacturer
Very similar to what we mentioned about smart home and IoT devices, check the manufacturer’s track record. Read reviews. Hit up trusted sources. In all, find out how private and secure your device is. The same resources listed above can help you make an informed purchase.
When it comes to privacy, not all privacy policies are equal. The same goes for their privacy policies. Reading the privacy policy will tell you what kind of data the device collects. Further, it will show if and how it’s shared with the manufacturer and if they sell or share it with others. Likewise, you can factor what you find into your purchasing decision.
Adjust the privacy settings
This will vary from device to device as well, yet one more way you can lock down your privacy is in the device settings. Look for options around location tracking, social media sharing, and what types of data are shared online in addition to the device. Overall, consider what kind of fitness data it gathers and where it goes. If you’re not comfortable with that data ending up in the hands of a stranger, make it private.
When upgrading to a new device, wipe your old one.
Along the same lines, that old wearable of yours might be chock full of data. Before passing it along, selling it, or recycling it, wipe it. Remove all the old data by restoring it to factory settings (your manufacturer can show you how).
Also, delete any old online account associated with it if you have no more use for it. See to it that any data with that account gets deleted as well, which leaves you with one less account that could wind up the target of a data breach. A service like our own McAfee Online Account Cleanup can help, which you can find in our McAfee+ plans.
Certainly, if there’s one device that works like the remote control for our lives, it’s our smartphone. Smartphones and mobile devices like them need protection too — in their own right, and because they connect to so much more.
Avoid third-party app stores
Google Play and Apple’s App Store have measures in place to review and vet apps to help ensure that they are safe and secure. Third-party sites might very well not, and they might intentionally host malicious apps as part of a front. Further, Google and Apple are quick to remove malicious apps from their stores when discovered, making shopping there safer still.
Review apps carefully
Check out the developer — have they published several other apps with many downloads and good reviews? A legit app typically has quite a few reviews, whereas malicious apps might have only a handful of (phony) five-star reviews. Lastly, look for typos and poor grammar in both the app description and screenshots. They could be a sign that a hacker slapped the app together and quickly deployed it.
Yet better than combing through user reviews yourself is getting a recommendation from a trusted source, like a well-known publication or from app store editors themselves. In this case, much of the vetting work has been done for you by an established reviewer. A quick online search like “best fitness apps” or “best apps for travelers” should turn up articles from legitimate sites that can suggest good options and describe them in detail before you download.
Keep an eye on app permissions
Another way hackers weasel their way into your device is by getting permissions to access things like your location, contacts, and photos — and they’ll use malicious apps to do it. If an app asks for way more than you bargained for, like a simple puzzle game that asks for access to your camera or microphone, it might be a scam. Delete the app.
Lock your phone — and keep an eye on it too
Some bad actors will try to install spyware on phones themselves. However, this requires access, time, and effort to pull off. Locking your phone and always keeping it close can help prevent bad actors from infecting your phone this way.
Another step you can take is to familiarize yourself with the remote locking and wiping features of your mobile device. Many manufacturers offer this feature on mobile devices. Strongly consider using it in the event of loss or theft.
The post New Year, New Tech at CES — The Latest Protection for the Latest Tech appeared first on McAfee Blog.
We’ve seen how AI can create — and how it can transform our lives. What gets talked about less is how AI protects us too.
Certainly, it’s tough to miss how generative AI has turned sci-fi dreams of the past into today’s reality. From AI apps that help ease loneliness thanks to their human-like conversations, to technology that can predict and manage health risks, to browsers that whip up pieces of art with a prompt, it’s changing the way we go about our day and the way we live our lives.
However, we find ourselves only in generative AI’s earliest days. Countless more applications await over the near and distant horizon alike.
Yet that’s the important thing to remember with AI. It’s an application. A tool. And like any other tool, it’s neutral. Whether it helps or harms comes down to the person using it.
Thus, on the flip side of AI, we’ve seen all manner of shady and damaging applications. Hackers use AI to code new forms of malware at record rates. Scammers spin up convincing-looking phishing attacks and sites that harvest personal info, also at record rates. And we’ve further seen bad actors use so-called “deepfake” technologies to clone the voices and likenesses of public figures, whether for profit or to spread disinformation.
So, amid the excitement about AI, there runs a thread of uncertainty. Recently, we found that 52% of Americans are more concerned than excited about AI in daily life. Only 10% of people said they’re more excited than concerned. Meanwhile, 36% feel a mix of excitement and concern.
Uncertainty prevails, for sure. Yet something often gets overlooked in the conversation about AI: it can offer powerful protections against all manner of threats. Moreover, AI offers particularly potent protections against AI threats.
In this way, AI is your ally. At McAfee, we’ve used it to protect you for nearly a decade now. In fact, AI applications have been around for some time, long before they made headlines like they do now. And we continue to evolve AI technologies to help keep you safe. In the age of AI, McAfee is your ally. Our aim is to give you certainty and safety in rapidly changing times.
Ultimately, here’s what’s at stake today: people want to know what they can trust, and AI has made that tricky. What’s real? What’s fake? It’s getting tougher and tougher to tell.
The future of AI and online safety lies in pairing progress with protection. Here at McAfee, we see this as our role. We’re evolving AI in ways that give people the power to protect their privacy, identity, and devices even better than before. Now, that protection extends yet further. It also gives them the power to know what they can trust whenever they go online.
The time couldn’t be more right for that. Uncertainty about AI prevails. In all, more than half of Americans we talked to said they’re concerned that the arrival of AI has made online scams more accurate and believable.
Our threat detection figures put their concerns into focus:
With that, we ask ourselves, what can AI do for you? How can it keep you safe? Three principles provide the answer:
These principles drive our thinking in significant ways as we pair progress with protection in the age of AI. They stand as our commitment to keeping you safe and certain online, through our existing technologies and entirely new technologies alike.
As we’ve used AI as a core component of our protection for years now, it’s done plenty for you over that time. Our AI has sniffed out viruses, malicious websites, and sketchy content online. It’s helped steer you clear of malicious websites too.
So, the AI you have in your McAfee antivirus, it works like this:
Now we’ve made improvements to our AI-driven protection — and unveiled all-new features that take full advantage of AI, such as McAfee Next-gen Threat Protection and McAfee Scam Protection.
McAfee’s AI-powered security just got faster and stronger. Our Next-gen Threat Protection takes up less disk space, reduces its background processes by 75%, and scans 3x faster than before. This makes your time online safer without slowing down your browsing, shopping, streaming, and gaming.
Results from AV-TEST’s product review in October 2023 saw it block 100% of entirely new malware attacks in real-world testing. It likewise scored 100% against malware discovered in the previous four weeks. In all, it received the highest marks for protection, performance, and usability — earning it the AV-TEST Top Product certification.
Moreover, AI continually gets smarter because every evaluation provides more data for it to learn and improve its accuracy. McAfee conducts over 4 billion threat scans a day, and that number is quickly growing. We continue to innovate with leading-edge AI technology to provide the most advanced and powerful protection available.
The AI-powered scam protection in McAfee+ is like having that lie detector test we mentioned earlier. Advanced AI-powered technology helps prevent you from opening scam texts and blocks risky sites if you accidentally click on a scam link in texts, QR codes, emails, social media posts, and more. This AI-driven scam protection delivers real-time mobile alerts when a scam text is detected and is the only app on the market that sends alerts on both iOS and Android.
Advances in threat protection and scam protection mark just the start of where we’re taking our long-standing use of AI next. Sure, AI has made life easier for hackers and scammers. In some ways. In yet more important ways, it’s making their lives far more difficult. Downright tough in fact, particularly as we use it here at McAfee to detect their scam messages and texts, beat their AI-generated malware, and warn you of their malicious websites. And that’s just for starters. We have more to come.
You can expect to see other fraud-busting and info-validating uses of AI across our online protection software in the months to come. That’s what’s in store as we stand as you ally in the age of AI.
The post How to Stay Safe in the Age of AI appeared first on McAfee Blog.
AI and major elections, deepfakes and the Olympics — they all feature prominently in our cybersecurity predictions for 2024.
That’s quite the mix. And that mix reflects the nature of cybersecurity. Just as changing technology shapes cybersecurity, it gets further shaped by the changing world we live in. The bad actors out there exploit new and emerging technologies — just as they exploit events and trends. It’s a potent formula that bad actors turn to again and again. With it, they concoct a mix of ever-evolving attacks.
For a pointed example of the interplay between technology and culture, look no further than Barbie. More specifically, the scams that cropped up around the release of the “Barbie” movie. Using AI tools, scammers generated videos that promoted bogus ticket giveaways. They combined the new technology of AI with the hype surrounding the film and duped thousands of victims as a result.
We expect to see more of the same in 2024, and we have several other predictions as well. With that, let’s look ahead so you can stay ahead of the hacks and attacks we expect to see in 2024.
2024 has plenty on the slate in terms of pivotal elections. Across the globe, we have the United States presidential election, general elections in India, and the European Union parliamentary elections, to name a few. While every election comes with its fair share of disinformation, the continued evolution of generative AI tools such as ChatGPT, DALL-E, and Stable Diffusion add an extra level of complication.
So, if a picture is worth a thousand words, what’s an AI-generated photo, video, or voice clone worth? For disinformation, plenty.
Already, many voters raise a skeptical brow when politicians sling statements aimed at discrediting their opponents. Yet when those words are backed by visual evidence, such as a photo or video, it lends them the appearance of credibility. With AI tools, a few keywords can give a false statement or accusation life in the form of a (bogus) photo or video, which now go by the common name of “deepfakes.”
Certainly, 2024 won’t be the first election where bad actors or unscrupulous individuals try to shape public opinion through the manipulation of photos and videos. However, it will be the first election where generative AI tools are significantly more accessible and easier than ever to use. As a result, voters can expect to see a glut of deepfakes and disinformation as the election cycle gears up.
Likewise, the advent of AI voice-cloning tools complicates matters yet more. Consider what that means for the pre-recorded “robocalls” that campaigns use to reach voters en masse. Now, with only a small sample of a candidate’s voice, bad actors can create AI voice clones with striking fidelity. They read from any script a bad actor bangs out and effectively put words in someone else’s mouth — potentially damaging the reputation and credibility of candidates.
As we reported earlier this year, AI voice cloning is easier and more accessible than ever. It stands to reason that bad actors will turn it to political ends in 2024.
Disinformation has several goals, depending on who’s serving it up. Most broadly, it involves gain for one group at the expense of others. It aims to confuse, misdirect, and manipulate its audience — often by needling strong emotional triggers. That calls on us to carefully consider the media and messages we see, particularly in the heat of the moment.
That can present challenges at a time when massive amounts of content scroll by our eyes in our subscriptions and feeds. Bad actors count on people taking content at immediate face value. Yet asking a few questions can help you spot disinformation when you see it.
The International Federation of Library Associations and Institutions offers this checklist:
That last piece of advice is particularly strong. De-bunking disinformation takes time and effort. Professional fact-checkers at news and media organizations do this work daily. Posted for all to see, they provide a quick way to get your answers. Some fact-checking groups include:
Put plainly, bad actors use disinformation to sow discord and divide people. While not every piece of controversial or upsetting piece of content is disinformation, those are surefire signs to follow up on what you’ve seen with several credible sources. Also, keep in mind that those bad actors out there want you to do their dirty work for them. They want you to share their content without a second thought. By taking a moment to check the facts before you react, curb the dissent they want to see spread.
In the ever-evolving landscape of cybercrime, the emergence of AI has introduced a new level of sophistication and danger. With the help of AI, cybercriminals now possess the ability to manipulate social media platforms and shape public opinion in ways that were previously unimaginable.
One of the most concerning aspects of this development is the power of AI tools to fabricate photos, videos, and audio. These tools enable bad actors to create highly convincing and realistic content, making it increasingly difficult for users to discern between what is real and what is manipulated. This opens up a whole new realm of possibilities for cybercriminals to exploit unsuspecting individuals and organizations.
One alarming consequence of this is the potential for celebrity and influencer names and images to be misused by cybercrooks. With the ability to generate highly convincing content, these bad actors can create fake endorsements that appear to come from well-known personalities. This can lead to an increase in scams and fraudulent activities, as unsuspecting consumers may be more likely to trust and engage with content that appears to be endorsed by their favorite celebrities or influencers.
Local online marketplaces are also at risk of being targeted by cybercriminals utilizing AI. By leveraging fabricated content, these bad actors can create fake listings and advertisements that appear legitimate. This can deceive consumers into making purchases or engaging in transactions that ultimately result in financial loss or other negative consequences.
As AI continues to advance, it is crucial for consumers to be aware of the potential risks and take necessary precautions. This includes being vigilant and skeptical of content encountered on social media platforms, verifying the authenticity of endorsements or advertisements, and utilizing secure online marketplaces with robust verification processes.
One of the most troubling trends on the horizon for 2024 is the alarming rise of cyberbullying, which is expected to be further exacerbated by the increasing use of deepfake technology. This advanced and remotely accessible tool has become readily available to young adults, enabling them to create exceptionally realistic fake content with ease.
In the past, cyberbullies primarily relied on spreading rumors and engaging in online harassment. However, with the emergence of deepfake technology, the scope and impact of cyberbullying have reached new heights. Cyberbullies can now manipulate images that are readily available in the public domain, altering them to create fabricated and explicit versions. These manipulated images are then reposted online, intensifying the harm inflicted on their victims.
The consequences of this escalating trend are far-reaching and deeply concerning. The false images and accompanying words can have significant and lasting effects on the targeted individuals and their families. Privacy becomes compromised as personal images are distorted and shared without consent, leaving victims feeling violated and exposed. Moreover, the fabricated content can tarnish one’s identity, leading to confusion, mistrust, and damage to personal and professional relationships.
The psychological and emotional well-being of those affected by deepfake cyberbullying is also at stake. The relentless onslaught of false and explicit content can cause severe distress, anxiety, and depression. Victims may experience a loss of self-esteem, as they struggle to differentiate between reality and the manipulated content that is being circulated online. The impact on their mental health can be long-lasting, requiring extensive support and intervention.
The ripple effects of deepfake cyberbullying extend beyond the immediate victims. Families are also deeply affected, as they witness the distress and suffering of their loved ones. Parents may feel helpless and overwhelmed, struggling to protect their children from the relentless onslaught of cyberbullying. The emotional toll on families can be immense, as they navigate the challenges of supporting their children through such traumatic experiences.
Scammers exploit emotions – such as the excitement of the Olympics. Darkly, they also tap into fear and grief.
A particularly heartless method of doing this is through charity fraud. While this takes many forms, it usually involves a criminal setting up a fake charity site or page to trick well-meaning contributors into thinking they are supporting legitimate causes or contributing money to help fight real issues.
2024 will see this continue. We further see potential for this to increase given the conflicts in Ukraine and the Middle East. Scammers might also increase the emotional pull of the messaging by tapping into the same AI technology we predict will be used in the 2024 election cycle. Overall, expect their attacks to look and feel far more sophisticated than in years past.
Aside from its ability to write love poems, answer homework questions, and create art with a few keyword prompts, AI can do something else. It can code. In the hands of hackers, that means AI can churn out new strains of malware and even spin up entire malicious websites. And quickly at that.
Already, we’ve seen hackers use AI tools to create malware. This will continue apace, and we can expect them to create smarter malware too. AI can spawn malware that analyzes and adapts to a device’s defenses. This helps particularly malicious attacks like spyware and ransomware to infect a device by allowing it to slip by undetected. It also makes the creation and dissemination of convincing phishing emails and QR code scams, faster and easier. This extends to the creation of deepfake video, photo, and audio content aimed at deceiving unsuspecting targets and scamming them out of money. The rise of QR code scams, also known as quishing, is an additional concern. Scammers use AI to generate malicious QR codes that, when scanned, lead to phishing websites or trigger malware downloads. As the barrier to entry for these threats lowers, these scams will spread to all platforms with an increased focus on mobile devices.
However, like any technology, AI is a tool. It works both ways. AI is on your side. In fact, it’s kept you safer online for some time now. Meanwhile, at McAfee, we’ve used AI as a core component of our protection for years now. As such, it’s done plenty for you over the years. AI has sniffed out viruses, malicious websites, and sketchy content online. It’s helped steer you clear of malicious websites too.
As such, you can expect an increasing number of AI-powered tools that combat AI-powered threats.
With big events come big scams. Look for plenty of them with the 2024 Summer Olympics.
An event with this level of global appeal attracts scammers looking to capitalize on the excitement. They promise tickets, merch, and exclusive streams to events, among other things. Yet they take a chunk out of your wallet and steal personal info instead.
You can expect to see a glut of email-based phishing and message-based smishing attacks. Now, with the introduction of generative AI, these scams are getting harder and harder to identify. AI writes cleaner emails and messages, so fewer scams feature the traditional hallmarks of misspelled words and poor grammar. Combine that with the excitement generated around the Olympic games, and we can easily see how people might be tempted by bogus sweepstakes and offers for the Olympics trip of a lifetime. If they only click or tap that link. Which of course leads to a scam website.
You can expect these messages to crop up across a variety of channels, including email, text messages, and other messaging channels like WhatsApp and Telegram. They might slide into social media DMs as well.
If you’re planning to catch the Olympic action in person, scammers have a plan in mind for you — ticket fraud. As we’ve seen at the FIFA World Cup and several other major sporting events over the years, scammers spin up scam ticket sites with tickets to all kinds of matches and events. Again, these sites don’t deliver. These sites can look rather professional, yet if the site only accepts cryptocurrency or wire transfers, you can be certain it’s fraud. Neither form of payment offers a way to challenge charges or recoup losses.
The post 6 Cybersecurity Predictions for 2024 – Staying Ahead of the Latest Hacks and Attacks appeared first on McAfee Blog.
Authored by Fernando Ruiz
McAfee Mobile Research Team identified an Android backdoor implemented with Xamarin, an open-source framework that allows building Android and iOS apps with .NET and C#. Dubbed Android/Xamalicious it tries to gain accessibility privileges with social engineering and then it communicates with the command-and-control server to evaluate whether or not to download a second-stage payload that’s dynamically injected as an assembly DLL at runtime level to take full control of the device and potentially perform fraudulent actions such as clicking on ads, installing apps among other actions financially motivated without user consent.
The second stage payload can take full control of the infected device due to the powerful accessibility services that were already granted during the first stage which also contains functions to self-update the main APK which means that it has the potential to perform any type of activity like a spyware or banking trojan without user interaction. However, we identified a link between Xamalicious and the ad-fraud app “Cash Magnet” which automatically clicks ads, installs apps, and other actions to fraudulently generate revenue while users that installed it may earn points that are supposed to be redeemable as a retail gift card. This means that the developers behind these threats are financially motivated and drive ad-fraud therefore this might be one of the main payloads of Xamalicious.
The usage of the Xamarin framework allowed malware authors to stay active and without detection for a long time, taking advantage of the build process for APK files that worked as a packer to hide the malicious code. In addition, malware authors also implemented different obfuscation techniques and custom encryption to exfiltrate data and communicate with the command-and-control server.
We’ve identified about 25 different malicious apps that carry this threat. Some variants have been distributed on Google Play since mid-2020. The apps identified in this report were proactively removed by Google from Google Play ahead of our reporting. McAfee is a member of the App Defense Alliance and an active partner in the malware mitigation program, which aims to quickly find Potentially Harmful Applications (PHAs) and stop them before they ever make it onto Google Play. Android users are protected by Google Play Protect, which can warn users of identified malicious apps on Android devices. McAfee Mobile Security detects this threat as Android/Xamalicious.
Based on the number of installations these apps may have compromised at least 327,000 devices from Google Play plus the installations coming from third-party markets that continually produce new infections based on the detection telemetry of McAfee clients around the world. This threat remains very active.
Figure 1. “Count Easy Calorie Calculator” was available on Google Play on August 2022 and carries Android/Xamalicious
Android/Xamalicious trojans are apps related to health, games, horoscope, and productivity. Most of these apps are still available for download in third-party marketplaces.
Previously we detected malware abusing Xamarin framework such as the open-sourced AndroSpy and forked versions of it, but Xamalicious is implemented differently. Technical details about Xamarin architecture are well documented and detail how .NET code is interpreted by Android using Mono.
Let’s use the app “Numerology: Personal horoscope & Number predictions” as an example. Once started it immediately requests the victim to enable accessibility services for “correct work” and provides directions to activate this permission:
Figure 2. Tricking users into granting accessibility services permission
Users need to manually activate the accessibility services after several OS warnings such as the following on the accessibility options:
Figure 3. Accessibility services configuration prompt highlights the risks of this permission.
This is not the traditional Java code or native ELF Android application, the malware module was written originally in .NET and compiled into a dynamic link library (DLL). Then it is LZ4 compressed, and it might be embedded into a BLOB file, or directly available in the /assemblies directory on the APK structure. This code is loaded then by a native library (ELF) or by the DEX file at runtime level. In simple words, this means that in some samples the reversing of the DLL assemblies is straightforward while in others it requires extra steps to unpack them.
The malicious code is usually available in two different assembly files in the /assemblies directory on the apk. Usually, file names are core.dll and a <package-specific>.dll.
Some malware variants has obfuscated the DLL assemblies to avoid analysis and reversing of the malicious code while others keep the original code available.
Figure 4. Core.dll and GoogleService.dll contain malicious code.
Once accessibility permissions are granted the malware initiates communication with the malicious server to dynamically load a second-stage payload.
Figure 5. App execution and communication with the malicious server
Android/Xamalicious collects multiple device data including the list of installed applications obtained via system commands to determine if the infected victim is a good target for the second stage payload. The malware can collect location, carrier, and network information among device rooting status, adb connectivity configuration, for instance, if the device is connected via ADB or is rooted, the C2 will not provide a second-stage payload DLL for download.
| Method/Command | Description |
| DevInfo |
Hardware and device information that includes:
|
| GeoInfo |
Location of the device based on IP address, the malware contacts services such as api.myip.com to verify the device location and ISP data.
FraudScore: Self-protection to identify if the device is not a real user |
| EmuInfo |
It lists all adbProperties that in a real device are around 640 properties. This list is encoded as a string param in URL encoded format.
This data may be used to determinate if the affected client is a real device or emulator since it contains params such as:
|
| RootInfo | After trying to identify if the device is rooted or not with multiple techniques the output is consolidated in this command |
| Packages | It uses the system commands “pm list packages -s” and “pm list packages -3” to list system and installed apps on the device. |
| Accessibility | It provides the status if accessibility services permissions are granted or not |
| GetURL | This command only provides the Android Id and it’s a request for the second-stage payload. The C2 evaluates the provided client request and returns a status and an encrypted assembly DLL. |
To evade analysis and detection, malware authors encrypted all communication and data transmitted between the C2 and the infected device, not only protected by HTTPS, it’s encrypted as a JSON Web Encryption (JWE) token using RSA-OAEP with a 128CBC-HS256 algorithm however the RSA key values used by the Xamalicious are hardcoded in the decompiled malicious DLL so decryption of transmitted information is possible if C2 infrastructure is available during the analysis.
In the Send() function Android/Xamalicious first prepares the received object, usually a JSON structure calling the function encrypt() which creates the JWT using a hardcoded RSA key. So the data is exfiltrated fully encrypted to the malware host pointing to the path “/Updater” via HTTP POST method.
Then it waits for the C2 response and passes it to the decrypt() function which has a hardcoded RSA private key to properly decrypt the received command which might contain a second stage payload for the “getURL” command.
Encrypt Method:
Figure 6. Encrypt function with hardcoded RSA Key values as XML string
The decryption method is also hardcoded into malware which allowed the research team to intercept and decrypt the communication from the C2 using the RSA key values provided as XML string it’s possible to build a certificate with the parameters to decrypt the JWE tokens content.
Collected data is transmitted to the C&C to determine if the device is a proper target to download a second-stage payload. The self-protection mechanism of the malware authors goes beyond traditional emulation detection and country code operator limitations because in this case, the command-and-control server will not deliver the second stage payload if the device is rooted or connected as ADB via USB or does not have a SIM card among multiple other environment validations.
With the getURL command, the infected client requests the malicious payload, if the C&C Server determines that the device is “Ok” to receive the malicious library it will encrypt a DLL with Advanced encryption standard (AES) in Cipher block chaining (CBC) using a custom key for the client that requested it based on the device id and other parameters explained below to decrypt the code since it’s a symmetric encryption method, the same key works for encryption and decryption of the payload.
The encrypted DLL is inserted as part of the HTTP response in the encrypted JSON Web Token “JWT”. Then the client will receive the token, decrypt it, and then decrypt the ‘url’ parm with AES CBC and a custom key.
The AES key used to decrypt the assembly is unique per infected device and its string of 32 chars of length contains appended the device ID, brand, model, and a hardcoded padding of “1” up to 32 chars of length.
For instance, if the device ID is 0123456ABCDEF010 and the affected device is a Pixel 5, then the AES key is: “0123456ABCDEF010googlePixel 5111”
This means that the DLL has multiple layers of encryption.
All these efforts are related to hiding the payload and trying to stay under the radar where this threat had relative success since some variants might have been active years ago without AV detections.
Xamalicious will name this DLL “cache.bin” and store it in the local system to finally dynamically load it using the Assembly.Load method.
Once the second stage payload has been loaded the device can be fully compromised because once accessibility permissions are granted, it can obverse and interact with any activity opening a backdoor to any type of malicious activity.
During the analysis, the downloaded second stage payload contained a DLL with the class “MegaSDKXE” which was obfuscated and incomplete probably because the C2 didn’t receive the expected params to provide the complete malicious second stage that might be limited to a specific carrier, language, app installed, location, time zone or unknown conditions of the affected device, however, we can assure that this is a high-risk backdoor that leaves the possibility to dynamically execute any command on the affected device not limited to spying, impersonation or as a financially motivated malware.
One of the Xamalicious samples detected by McAfee Mobile generic signatures was “LetterLink” (com.regaliusgames.llinkgame) which was available on Google Play at the end of 2020, with a book icon. It was poorly described as a hidden version of “Cash Magnet”: An app that performs ad-fraud with automated clicker activity, apps downloads, and other tasks that lead to monetization for affiliate marketing. This application offers users points that are supposed to be redeemable by retail gift cards or cryptocurrency.
Figure 8a. LetterLink login page after running the app for the first time.
Figure 8b. LetterLink agreement for Cash Magnet
Originally published in 2019 on Google Play, “Cash Magnet” (com.uicashmagnet) was described as a passive income application offering users to earn up to $30 USD per month running automated ads. Since it was removed by Google the authors then infiltrated LetterLink and more recently “Dots: One Line Connector” (com.orlovst.dots) which are hidden versions of the same ad-fraud scheme.
Figure 9. LetterLink Icon that hides Cash Magnet
“LetterLink” performs multiple Xamalicious activities since it contains the “core.dll” library, it connects to the same C2 server, and it uses the same hardcoded private RSA certificate to build the JWE encrypted tokens which provide a non-repudiation proof that the developers of Cash Magnet are behind Xamalicious.
Figure 10. Cash Magnet infiltrated the app as a Game, available until the end of 2023
“Dots: One Line Connector” app is not a game, the screenshot published by Google Play does not correspond to the application behavior because once it is started it just asks for authentication credentials without any logo or reference to Cash Magnet. “Dots” does not contain the same DLLs as its predecessor, however the communication with the C2 is similar using the same RSA key parameters. We reported this app to Google and they promptly removed it from Google Play.
Based on our telemetry we observed that more affected users are in the American continent with the most activity in the USA, Brazil, and Argentina. In Europe, clients also reported the infection, especially in the UK, Spain, and Germany.
Figure 11. McAfee detections Android/Xamalicious around the world
Android applications written in non-java code with frameworks such as Flutter, react native and Xamarin can provide an additional layer of obfuscation to malware authors that intentionally pick these tools to avoid detection and try to stay under the radar of security vendors and keep their presence on apps markets.
Avoid using apps that require accessibility services unless there is a genuine need for use. If a new app tries to convince you to activate accessibility services claiming that it’s required without a real and reasonable reason and requesting to ignore the operative system warning, then it’s a red flag.
The second stage payload might take control of the device because accessibility permissions are granted so any other permission or action can then be performed by the malware if these instructions are provided in the injected code.
Because it is difficult for users to actively deal with all these threats, we strongly recommend that users install security software on their devices and always keep up to date. By using McAfee Mobile Security products, users can further safeguard their devices and mitigate the risks linked with these kinds of malware, providing a safer and more secure experience.
Android/Xamalicious Samples Distributed on Google Play:
| Package Name | App Name | Installs |
| com.anomenforyou.essentialhoroscope | Essential Horoscope for Android | 100,000 |
| com.littleray.skineditorforpeminecraft | 3D Skin Editor for PE Minecraft | 100,000 |
| com.vyblystudio.dotslinkpuzzles | Logo Maker Pro | 100,000 |
| com.autoclickrepeater.free | Auto Click Repeater | 10,000 |
| com.lakhinstudio.counteasycaloriecalculator | Count Easy Calorie Calculator | 10,000 |
| com.muranogames.easyworkoutsathome | Sound Volume Extender | 5,000 |
| com.regaliusgames.llinkgame | LetterLink | 1,000 |
| com.Ushak.NPHOROSCOPENUMBER | NUMEROLOGY: PERSONAL HOROSCOPE &NUMBER PREDICTIONS | 1,000 |
| com.browgames.stepkeepereasymeter | Step Keeper: Easy Pedometer | 500 |
| com.shvetsStudio.trackYourSleep | Track Your Sleep | 500 |
| com.devapps.soundvolumebooster | Sound Volume Booster | 100 |
| com.Osinko.HoroscopeTaro | Astrological Navigator: Daily Horoscope & Tarot | 100 |
| com.Potap64.universalcalculator | Universal Calculator | 100 |
|
The post Stealth Backdoor “Android/Xamalicious” Actively Infecting Devices appeared first on McAfee Blog.
While you can’t delete your personal info from the internet entirely, you can take strong steps to remove it from risky places. Several where others could tap into it for profit or harm.
Why is it so important to take control of our personal info? It has street value, and it has for some time now. Because so much of business, finance, healthcare, and life in general runs on it, your personal info has a dollar sign to it. Plenty of people want to get a hold of it.
Personal info fuels targeted advertising and marketing campaigns, just as it helps adjusters set insurance rates and healthcare providers make projections about our well-being. Businesses want it for employment background checks. Law enforcement uses it when investigating persons of interest. Banks and credit card companies base their approvals on it. Websites and apps collect it for their own purposes, which they sometimes share or sell to third parties.
And of course, hackers, scammers, and thieves want it too. To steal your identity, drain your accounts, and wage other attacks on you.
No doubt, your personal info has value. High value. And that makes a strong argument for doing what you can to control what you share and where you share it to the best possible degree. With so much that hinges on your personal info, it’s good to know that you can take control in powerful ways. We’ll show how it’s far easier to do that today than ever before.
Taking control of your personal info starts with a look at your digital shadow. Everyone casts one. And like everyone else’s digital shadow, yours gets filled with info about you — personal info stored online across the internet.
For starters, your digital shadow includes things like posts in forums, social media profiles, the posts that you put up there, and other people’s posts that mention you. It includes other sources of info, like pictures of you in an online newsletter, your name listed in the standings of your co-ed soccer league, and a bio of you on your company’s “About Us” page. Online reviews provide potential sources too. In all, this part of your digital shadow grows larger in two ways — as you say more things, and as more things are said about you.
Your shadow grows yet more with the addition of public records. That might include what you paid for your home, who lives there with you, your age, your children, your driving record, education, occupation, and estimated income. It all depends on where you live and what data regulations are in place there. Some regions have stricter privacy rules in place than others when it comes to public records. For example, in the U.S., California, Virginia, Connecticut, Colorado, Utah, Iowa, Indiana, Tennessee, Oregon, Montana, Texas, and Delaware have strong data privacy laws on the books. The European Union has its well-known GDPR, the General Data Protection Regulation, in place.
Then there’s all manner of info about you gathered and sold by online data brokers. Data brokers pull hundreds of data points from public sources, not to mention private sources like supermarket club cards that track your shopping history. Other private sources include info from app developers and websites with less restrictive privacy policies when it comes to sharing and selling info. These data brokers sell personal info to anyone who’ll pay, including hackers, scammers, and spammers.
Finally, a sizable swathe of your shadow comes from info stored on the deep web. It forms the 95% of the internet that’s not searchable. Yet, you likely take trips there daily. Any time you go through a paywall or use a password to access internet content, you’re entering the deep web.
Examples include logging into your bank account, accessing medical records through your healthcare provider, or using corporate web pages as part of your workday. Even streaming a show can involve a trip to the deep web. None of that content is searchable.
What’s in there, aside from your Netflix viewing history? Think of all the info that forms the basis of your credit score, your health history, your financial info, and all the info that websites and advertisers capture about you as you simply spend time online. That’s the deep web too.
A subset of the deep web is the dark web. It’s not searchable as well, and it requires a special browser to access. Some of the sites and data stores found there are entirely legitimate, others questionable, and several are outright illegal. Some of your info might be there too. And yes, you’ll find dark marketplaces here where bad actors put up personal info for sale.
Everyone online indeed has a digital shadow. And some shadows are longer than others.
So, what’s the big deal? That’s how the internet works, right?
That’s a fair question. Part of the answer comes down to how important a person thinks their privacy is. Yet, more objectively, keeping a lower profile online offers better protection from cybercrime.
Consider research published by the science journal Nature, in 2019. Here’s an excerpt from the authors:
Using our model, we find that 99.98% of Americans would be correctly re-identified in any dataset using 15 demographic attributes. Our results suggest that even heavily sampled anonymized datasets are unlikely to satisfy the modern standards for anonymization set forth by GDPR [Europe’s General Data Protection Regulation] and seriously challenge the technical and legal adequacy of the de-identification release-and-forget model.
Put in practical terms, imagine a hacker or snoop gets their hands on a large set of public or private data. Like say, health data about certain medical conditions. Even though that data has been “scrubbed” to make the people in it anonymous, that hacker or snoop only needs 15 pieces of info to identify you in that mix. From there, they could pinpoint any health conditions linked to you.
In a time when all kinds of organizations gather all kinds of data, the impact of this research finding is clear. Data breaches happen, and a determined person can spot you in a batch of breached data with relative ease. They have several tools readily available that can cobble together those other 15 pieces of info to identify you. That further strengthens the argument for taking control of your personal info.
Shortening your so-called digital shadow helps improve everyday life in several ways. It can:
Cut down the number of sketchy texts, emails, and calls you get. If a hacker, scammer, or spammer can’t track down your contact info, they can’t reach you on your computers and phones. Removing info from data broker sites, old accounts you no longer use, and even social media can make it harder for them to reach you.
Reduce the risk of identity crimes, like theft, fraud, and harassment. Bad actors turn people’s info against them. With it, they take out loans in other people’s names, file bogus insurance claims, and, in more extreme cases, impersonate others for employment or criminal purposes. When you have less info online, they have less info to work with. That makes their attacks tougher to pull off. So tough that they might turn to another, easier target who has much more info online.
Keep snoops out of your business when taking care of things online. Tracking and monitoring are simple facts of going online. Sites and businesses do it for performance and marketing purposes. Hackers and bad actors do it for outright theft. Taking steps to mask and outright hide your activities online benefits your privacy and your security.
Take control of what people do and don’t know about you. Most broadly, increased privacy largely gives you the power to share your info. Not someone else. The fact is that many companies share info with other companies. And some of those other third parties might have looser data privacy and data security measures in place. What’s more, you likely have no idea who those third parties are. Increased privacy helps you take far more control of where your info does and doesn’t go.
The following can help:
1. Delete old apps. And be choosy about permissions on your phones. Fewer apps mean fewer avenues of potential data collection. If you have old, unused apps, consider deleting them, along with the accounts and data linked with them.
2. Delete old accounts. Many internet users can have over 350 online accounts, many of which they might not know are still active. McAfee Online Account Cleanup can help you delete them. It runs monthly scans to find your online accounts and shows you their risk level. From there, you can decide which to delete, protecting your personal info from data breaches and your overall privacy as a result.
3. Make your social media accounts more private. Our new McAfee Social Privacy Manager helps safeguard your privacy on social media by personalizing your privacy based on your preferences. It does the heavy lifting by adjusting more than 100 privacy settings across your social media accounts in only a few clicks. This ensures that your personal info is only visible to the people you want to share it with. It also keeps it out of search engines where the public can see it.
4. Remove your info from data brokers that sell it. McAfee Personal Data Cleanup helps you remove your personal info from many of the riskiest data broker sites out there. Running this feature regularly can keep your name and info off these sites, even as data brokers collect and post new info. Depending on your plan, it can send requests to remove your data automatically.
5. Take preventive measures. A few steps can help you keep your info off the internet in the first place. A VPN helps make your time online more private and more secure by obscuring things like your IP address and other identifying info. It also prevents hackers and snoops from monitoring your activity when you bank, shop, and access other accounts. Also, check out our article that covers privacy on your phone. Because phones offer others so many ways to gather personal info, making your phone more private helps make you more private.
The post How to Delete Yourself from the Internet appeared first on McAfee Blog.
Imagine paying $16,000 to park your car in a lot for a couple of hours. That’s what happened to one woman in the UK who fell for a QR code scam posted in a parking lot.
As reported by The Independent, scanning the posted QR code with her phone took her to a phony parking payment site that stole her card info. After her bank blocked several attempted fraudulent transactions, the scammers contacted her directly. They posed as the bank and convinced her to open a new account, racking up the equivalent of $16,000 in stolen funds.
Scams like that have spiked in popularity with crooks out there. In the U.S., the Federal Trade Commission (FTC) has warned of a fresh wave of QR code scams that have led to lost funds and identity theft. Not to mention infected devices with a glut of spyware, ransomware, and viruses.
Yet even as QR code scams become increasingly common, you can protect yourself. And enjoy the convenience they offer too, because they can truly make plenty of transactions go far more quickly.
You can find them practically anywhere nowadays.
QR stands for “quick-response,” thus a quick-response code. They look like a square of pixels and share many similarities with the bar codes you see on grocery items and other products. Yet a QR code can hold more than 300 times the data of a barcode. They’ve been around for some time. Dating back to industrial use in the 1990s, QR codes pack high volumes of visual info in a relatively compact space.
You can spot them popping up in plenty of places nowadays. With a click of your smartphone’s camera, they can quickly whisk you away to all kinds of sites.
You might see them pop up in TV ads, tacked up in a farmer’s market stand, and stapled onto telephone poles as part of a concert poster. Restaurants place QR codes on their tables so you can order from your phone. Parking lots post them on signs so you can quickly pay for parking (like above). Your drugstore might post them on shelves so that you can download a digital coupon.
Anyone can create one. A quick search for “QR code creator” turns up dozens of results. Many offer QR codes free of charge. It’s no wonder they show up in restaurants and farmer’s markets the way they do. And now in scams too.
As it is anywhere people, devices, and money meet, scammers have weaseled their way into QR codes. With the QR code scam, pointing your smartphone’s camera at a bogus QR code and giving it a scan, scammers can lead you to malicious websites and commit other attacks on your phone.
In several ways, the QR code scam works much like any other phishing attack. With a few added wrinkles, of course.
Classically, phishing attacks use doctored links that pose as legitimate websites in the hopes you’ll follow them to a scammer’s malicious website. It’s much the same with a QR code, yet they have a couple of big differences:
Typically, one of two things:
It’ll send you to a scam website designed to steal your personal and financial info. For example, a phony QR code for parking takes you to a site where you enter your credit card and license plate number. Instead of paying for parking, you pay a scammer. And they can go on to use your credit card in other places after that.
It can take you to a download that infects your device with malware. Downloads include spyware that snoops on your browsing and passwords, ransomware that locks up your device until you pay for its release (with no guarantees), or viruses that can delete or damage the things you’ve stored on your device.
Aside from appearing in emails, direct messages, social media ads, and such, there are plenty of other places where phony QR codes can show up. Here are a few that have been making the rounds in particular:
Scanning a QR code might open a notification on your smartphone screen to follow a link. Like other phishing-type scams, scammers will do their best to make that link look legitimate. They might alter a familiar company name so that it looks like it might have come from that company. Also, they might use link shorteners that take otherwise long web addresses and compress them into a short string of characters. The trick there is that you really have no way of knowing where it will send you by looking at it.
In this way, there’s more to using QR codes than simply “point and shoot.” A mix of caution and eagle-eyed consideration is called for to spot legitimate uses from malicious ones. Online protection software can help keep you safe as well.
Luckily, you can follow some basic rules and avoid QR code attacks. The U.S. Better Business Bureau (BBB) has put together a great list that can help. Their advice is right on the mark, which we’ve paraphrased and added to here:
1. Don’t open links or scan QR codes from strangers. Scammers send QR codes by email, over social media, and sometimes they even send them by physical mail as part of a “Special offer, just scan here” ploy. In all, if a QR code comes to you out of the blue, even from a friend, skip scanning it. See if you can type in a physical address to a site that you can trust instead.
2. Check the link and the destination. Given that many QR codes lead to phishing sites, look at the link that pops up after you scan it. Scammers alter addresses for known websites in subtle ways — or that differ from them entirely. For example, they might use “fed-exdeliverynotices.com” rather than the legitimate fedex.com. Or they might use a scam URL followed by text that tries to make it look legit, like “scamsite.com/fedex-delivery.” (For more on how to spot phishing attacks, check out our full article on the topic.)
3. Think twice about following shortened links. Shortened links can be a shortcut to a malicious website. This can particularly be the case with unsolicited communications. And it can still be the case with a friend or family member if their device or account has been hacked.
4. Watch out for tampering. In physical spaces, like parking lot signs, scammers have been known to stick their own QR codes over legitimate ones. If you see any sign of altering or a placement that looks slapdash, don’t give that code a scan.
5. Stick with your phone’s native QR code reader. Steer clear of QR code reading apps. They can be a security risk.
6. Don’t pay bills with QR codes. Once again, you can’t always be sure that the code will send you to a legit site. Use another trusted form of payment instead.
7. Use scam protection on your phone. Using the power of AI, our new McAfee Scam Protection can alert you when scam texts pop up on your phone. And as a second line of defense, it can block risky sites if you accidentally follow a scam link in a text, email, social media, and more. You’ll find it in our McAfee+ products — along with up to $2 million in identity theft coverage and restoration support if the unfortunate happens to you.
QR codes have made transactions smoother and accessing helpful content on our phones much quicker. As such, we’re seeing them in plenty of places. And useful as they are like other means of paying or browsing online, keep an eye open when using them. With this advice as a guide, if something doesn’t feel right, keep your smartphone in your pocket and away from that QR code.
The post How to Protect Yourself from QR Code Scams appeared first on McAfee Blog.
Crooks love a good gift card scam. It’s like stealing cash right out of your pocket.
That includes Amazon and Target gift cards, Apple and Google gift cards, Vanilla and Visa gift cards too. Scammers go after them all.
In the U.S. and Canada, the Better Business Bureau (BBB), the Federal Trade Commission (FTC), and the Canadian Anti-Fraud Centre have issued warnings about several types of gift card scams floating around this time of year.
The scams fall under three broad categories:
Payment scams — Here, gift card scams take their classic form. A scammer asks for payment with a gift card rather than a payment method a victim can contest, such as a credit card. When victims realize they’ve been scammed, they have no way of getting their money back.
Bogus balance-checking sites — These sites promise to check the balance on gift cards. However, they’re phishing sites. Entering card info into these sites gives scammers everything they need to steal the card balance for themselves.
Gift card tampering — This involves draining gift cards of funds after they’re purchased. Organized crime rackets steal the cards from stores and then restock them on shelves — only after they’ve scanned the barcodes and pin numbers or altered them in some way. When a victim purchases and activates the card, the crooks launder the money and leave the victim with an empty card.
Why all this focus on gift cards? They truly are as good as cash. When that money is gone, it’s gone. Yet better, it can get whisked away electronically quicker than the quickest of pickpockets.
Fortunately, you can avoid these scams rather easily when you know what to look for.
Not great. According to the U.S. Federal Trade Commission (FTC), they received nearly 50,000 reports of gift card fraud in 2022. Those losses racked up more than $250 million. Through September 2023, the BBB and FTC reported a 50% increase in cases of gift card scams over the same period in 2022. So far, that accounts for 29,000 reports and $147 million in losses — a figure that will surely climb much higher as October, November, and December roll by.
Affected cards include the usual list of well-known and reputable brands, such as Walmart, Target, Apple, Google, Amazon, Best Buy, and the Steam gaming platform. Back in 2021, Target gift cards racked up the biggest losses, an average of $2,500 per victim, according to the FTC.
Canada has seen a jump in reports as well. According to the BBB and the Canadian Anti-Fraud Centre, January through August 2023 saw roughly 1,200 reports with $3.5 million in losses for an average loss of roughly $2,900.
If you can imagine a transaction of any kind, a scammer will likely try to get you to pay for it with gift cards.
Some of the more striking examples include scammers who pose as dog breeders who take gift cards as advance payment. They also lurk in online marketplaces and local buy-sell groups, preying on victims looking to buy anything from furniture to golf carts.
And as we’ve reported in the past, scammers often pose as government officials. In these cases, they level heavy threats and demand payment for fines and back taxes, all with gift cards. That’s a sure sign of a scam.
Some scammers go to greater lengths by setting up phony online stores that only accept payment with gift cards. One high-profile example — the phony ticket sites for major sporting events like the Super Bowl and World Cup. Many of those sites offered gift cards as a payment option. In other instances, scammers set up similar bogus storefronts that sell lower-priced items like clothing and bags.
Lastly, we come around to those gift card balance-checking sites, which are really phishing sites. As reported by Tech Times, a user on Reddit uncovered a paid Google ad that directed people to one such site.
Source, Reddit
The ad is on the left. The phishing site is on the right. Note how Target is spelled as “Targets” in the ad, and the address on the phishing site is entirely different than Target.com. Yet that doesn’t stop the scammer from asking for all the info they need to steal funds from the card a victim enters.
Bottom line, if anyone, anywhere, asks you to pay for goods, services, or debts of any kind with a gift card, it’s a scam. Additionally, here’s further advice from us and the BBB:
1. Remember that gift cards are for gifts. Never for payments.
This reinforces the advice above. The crooks who run gift card scams pose as utility companies, the government, lottery officials, tech support from big-name companies, even family members — just about anyone. Yet what all these scams have in common is urgency. Scammers use high-pressure tactics to trick victims into paying with gift cards. And paying quickly.
2. Look for signs of tampering with your physical gift card.
Earlier we mentioned gift card tampering, where scammers either copy or alter the card info and then steal funds when the card is purchased. Signs of tampering include a bar code that’s affixed to the card with a sticker, a PIN that’s been exposed, or packaging that looks like it’s been altered in any way. If possible, purchase gift cards that are behind a counter where they are monitored. This can decrease the risk of purchasing a gift card that’s been tampered with. Also, save your receipt in the event of an issue.
3. Purchase online gift cards from reputable retailers.
One way you can avoid the tampering scenario above is to pick up online gift cards. Several reputable retailers and brands offer them.
4. Check your balance at the retailer or with their official app.
Both can tell you what your card balance is, securely and accurately. Avoid any site online that offers to check your balance for you.
5. Treat your gift cards like cash.
That’s what they are. If the brand or retailer issuing the card allows you to register the card, do so. And if it further allows you to change the PIN, do that as well. This way, you can report card theft with an eye to getting your money back — while changing the PIN can help keep scammers from using the card altogether.
If you fall victim to a scam, report it. Organized crime operations big and small often run them, and reports like yours can help shut them down.
Online protection like ours offers several features that can help steer you clear of scams. It can detect suspicious links, warn you of scam sites, and remove your personal info from sketchy data broker sites.
McAfee Scam Protection: McAfee’s patented and powerful AI technology helps you stay safer amid the rise in phishing scams. Including phishing scams generated by AI. It detects suspicious URLs in texts before they’re opened or clicked on. No more guessing if that text you just got is real or fake.
Web protection: And if you accidentally click on a suspicious link in a text, email, social media, or browser search, our web protection blocks the scam site from loading.
McAfee Personal Data Cleanup: Scammers must have gotten your contact info from somewhere, right? Often, that’s an online data broker — a company that keeps thousands of personal records for millions of people. And they’ll sell those records to anyone. Including scammers. A product like our Personal Data Cleanup can help you remove your info from some of the riskiest sites out there.
It’s gift-giving season, so it comes as no surprise that we’re seeing a spike in gift card scams. What makes this year’s jump so striking is the trending increase over last year’s numbers.
Remembering that gift cards are for gifts and never for payments can help you from falling for one of these scams. That and inspecting gift cards closely for tampering or opting for an online gift card can help as well. And as always, strong online protection like ours helps keep you safer from scammers as you shop, go through your messages, or simply surf around.
The post Gift Card Scams — The Gift That Keeps on Taking appeared first on McAfee Blog.
Authored by Neil Tyagi and Fernando Ruiz
In a digitally evolving world, the convenience of banking through mobile applications has revolutionized financial transactions. However, this advancement has also opened doors to a lesser-known adversary: Android phishing. Join us as we delve into the clandestine realm of cyber threats targeting India’s banking sector.
This blog uncovers the nuances of an Android phishing/banking trojan application identified as Android/Banker.AFX illustrates a common procedure from cybercriminals designed to drain the bank accounts of their victims:
First broadcasting phishing messages via WhatsApp and luring users to install an app that carries malicious code hidden as a verification tool. Once installed, the banking trojan can collect personal and financial information plus intercept SMS messages with the objective of stealing one-time passwords or verification codes that are required to complete transactions which may lead to stealing the banking account assets.
This trojan is just a variant and example of multiple banking trojans implementations recently observed in the wild that carry similar risks, which is not technically sophisticated but might be very effective and prevalent especially when it’s widely distributed on social media. McAfee Mobile Security protects broadly and generically against this type of banking trojans.
This blog explores the insidious tactics, alarming trends, and preventive measures against the rising tide of phishing attacks plaguing Android users in India’s financial landscape.
A sense of urgency is created for the user by warning him that the account would be blocked if he doesn’t install the APK and provide the necessary information to complete the KYC form.
These seemingly innocent prompts, meticulously crafted by cybercriminals, possess a cunning sophistication that mirrors the legitimate communication channels of banking institutions. They prey upon human curiosity, fear, and desire, tricking users into taking immediate actions that, at first glance, seem innocuous but have far-reaching consequences.
Since the app installer is triggered by Whatsapp, the installation by default should be blocked by Android unless the user previously allowed the installation of unknown apps from this source.
A warning is displayed after taping on the APK icon:
However, if users ignore the warning, they may deactivate this important security feature with just two clicks:
Now Android OS is warning about the risk of allowing the installation of unknown apps from WhatsApp. However, many users allow this option, which poses a high risk of infection.
Once the Trojan is installed, the victims will get the financial institution icon on their Android app list:
After installation, it abuses the icon of SBI to confuse the user.
Opening for the first time, it asks for SMS-related permissions.
The application’s landing page is similar to the net banking page of Real SBI.
This phishing site is locally loaded from the malware into a WebView.
The application asks for the user’s username, password, and phone number.
The Captcha used here is static. It does not change ever because all content is hardcoded locally.
As part of the KYC validation lure process, the malware collects sensitive user information such as:
After the victim inputs all the information, they are presented with a fake KYC validation code, which makes it look like a genuine procedure the user might not be suspicious about the app or the process.
Additionally, this banking trojan intercepts SMS messages and abuses Firebase to communicate with attackers. During the analysis the malware transmitted all collected information including credit card information to:
wss[:]//s-usc1a-nss-2003.firebaseio.com/.ws?v=5&ns=zero-a4c52-default-rtdb
According to the static analysis, any received SMS message would also be exfiltrated to the attackers’ servers via the opened socket communication since the app has granted SMS reading permissions at the first execution. This is implemented to extract any OTP required to complete transactions of the victim.
Exfiltrated credit card information from the local static site loaded by the malware abuses the Cordova framework. Credit card information, along with all collected information, is transmitted to the attackers using Firebase, a legitimate service that’s also abused by criminals.
Android/Banker.AXF!ML infections around the world: India is the target.
Banking trojans are not new or sophisticated but they are a persistent threat due to the lucrative business that poses for malware authors which can lure many victims that are unaware of the risk of phishing. As these campaigns can be massive even if a small percentage of targeted victims fall the criminals can have a large loot.
Cybercriminals are constantly improving their social engineering tricks to lure users into phishing and malware. The first line of defense against these threats is the user’s awareness. Some generic advises are:
McAfee Antivirus emerges as a formidable ally in the battle against Android phishing within India’s banking sector. With its robust suite of security features tailored for mobile devices, McAfee stands as a bulwark, providing critical defense mechanisms against the ever-mutating landscape of cyber threats.
| Hash | Package |
| 7cfc6360e69d22b09a28c940caf628959d11176e27b8a03e15b020b369569415 | hello.uwer.hello.hello.google.is.the.best |
| b067f5903e23288842ad056d4b31299b3b30052abe69bee236136b2b9fcab6a8 | hello.uwer.hello.hello.google.is.the.best |
| e2e097ef433be75dcab830baa4b08feb4a24267c46b568fd4aef00dbb081ed8f | hello.uwer.hello.hello.google.is.the.best |
| 9f046f769760d52a97680a91fd511f1e86c428b9eec27d7eb486b7b4d0666f0b | hello.uwer.hello.hello.google.is.the.best |
| 1c69b0a69ed1631a1f1b54627a9b5dac3b214a275280de36d05ee75021cbfb04 | hello.uwer.hello.hello.google.is.the.best |
| 495ab4efd3d1ec9bfc2d08d80df316aad20dc76e625374627fabea06f5151584 | hello.uwer.hello.hello.google.is.the.best |
| 6190144b56e06af8aeeeba2104a665a555d01f6ec2a22ba78212d943ac2b258d | hello.uwer.hello.hello.google.is.the.best |
| 6c6ea9fbeae967fb53ab9984edda9b754fb6d3f85b4ff5b14e1fd33399362ba4 | hello.uwer.hello.hello.google.is.the.best |
Abused Firebase host : Wss[:]//s-usc1a-nss-2003.firebaseio.com/.ws?v=5&ns=zero-a4c52-default-rtdb
The post Shielding Against Android Phishing in Indian Banking appeared first on McAfee Blog.
‘So, what is the ultimate goal of all of our parenting?’ When I asked this question to a group of mum friends during the week, the answers were all quite mixed. ‘To raise kind humans’, one offered. ‘To have someone look after me when I’m old!’, said another. But after a few minutes of heavy debate, we all agreed on one thing – our goal is to create responsible citizens who are independent and self-sufficient.
Now, clearly, this is a project that takes place over at least 18 years!! Quick fixes do not cut it when trying to mould and shape little humans into responsible adults. And of course, this also includes raising responsible digital citizens too – no room for quick fixes here!
We’ve all heard the term but what does it really mean?
Digital citizenship is all about safely and responsibly navigating digital environments and participating in a respectful fashion. In short, it means being responsible, respectful, and intentional in all your online activity.
In my opinion, a child’s emotional intelligence is intrinsically linked to their ability to be an effective digital citizen. So, I understand why some experts prefer the term digital intelligence to digital citizenship. It does a much better job of explaining that effective digital citizenship requires a set of social, emotional, and cognitive skills that are essential for navigating the digital world.
In my opinion, teaching kids about digital citizenship needs to happen as soon as a child can pick up a device. Yes – your child might only be 18 months old! But the earlier you start weaving in messages about responsibility and safety – the more automatic it will be for them to adopt a positive digital citizen mindset.
You’d be hard-pressed to find many parents who don’t worry about the risks of their kids being online. Whether it’s scams, online predators, or cyberbullying, unfortunately, there will always be some level of risk. And while many of us would love to remove our kids’ devices or better still, wrap our babies in cotton wool, this is just not a reality. So, in my opinion, the best way to protect them is to prepare them. I believe that if we take the time to help them develop into responsible and effective digital citizens then they are far more likely to make safe and responsible choices! A complete no-brainer!
This is one lesson you don’t want your kids to learn the hard way! When tweens and teens are in the moment, it is easy to forget to think of the consequences of what they post. But one’s online presence is a significant part of their identity and can often be the first place that someone forms an impression of you. The manager of our local supermarket regularly tells me how he will first assess potential applicants with a quick ‘Google’ before he even offers an interview. And if your child is keen to be considered for a leadership position at school or university, it is imperative that they think about how they conduct themselves online too. Intentional, respectful interactions are the name of the game!
Respect is at the core of all healthy relationships and that absolutely includes online interactions. So, encourage your child to extend the same level of respect to their online friends and acquaintances as they would to those they meet face-to-face. This means not creating or forwarding hurtful content and or getting involved in negative online discussions or gossip about anyone – no exceptions!
I’m a big fan of teaching your child to speak up if they experience or witness bullying. While they may think they can handle it on their own, having input from a trusted adult will make the situation feel more manageable and less overwhelming. Advise your kids to block anyone who does not treat them respectfully online – but always take screenshots first! Being proactive will help create a positive and supportive online experience.
3. Master Healthy Digital Habits
There are a few essential basic digital habits that are not negotiable, in my opinion. Ensuring your kids have these down-pat will mean that they are maximising the chance of a safe and positive online experience. Here are my top 5:
Kids love creating content, but it is essential that they don’t copy or plagiarise the work of others. Using others’ work without obtaining their permission is both unethical and technically, against the law. This encompasses all forms of online content (aka intellectual property) including texts, images, and music. As parents, we need to foster digital citizenship in our kids by reminding them to appreciate the efforts and originality of fellow digital creators. In my opinion, giving credit when using others’ work is a ‘best practice’.
The ’do not copy’ rule also extends to piracy – the illegal downloading of digital content e.g. music or movies. Many kids dabble in piracy, but it really is no different to stealing someone’s work. Encourage your kids to treat the creative work of others with the same respect you would want for your own. And yes, that includes Taylor Swift!
One of the hardest lessons some kids learn online is that not everyone is who they say they are. It can be a crushing moment. So, getting ahead of the game and teaching your kids to be cautiously suspicious about people, platforms, organisations and offers they come across online will hold them in great stead.
Exercising caution when sharing information with strangers and unfamiliar organisations is an important way to protect yourself. Always do your due diligence before ‘trusting’ someone you connect with on a dating site, always request a legitimate way to transfer money when buying goods online and never just enter personal information on a site without doing your research.
We’ve all heard the expression ‘when something is too good to be true, it usually is’. This needs to be the golden rule when navigating the internet. Whether it’s early access to snippets from a yet to be released movie, a compelling discount on an iPhone or weight loss supplements, scammers know how to hook us in! Scamwatch is a great resource for identifying and reporting scams here in Australia.
If your child is uncertain about a website’s credibility, they can pose critical questions to themselves, such as “whose interests does this site serve?” or “how accurate and reliable is the information I’m reading?” This can guide your child in distinguishing between questionable sites and those providing accurate news and content.
But let me share one final piece of advice. We can encourage and educate our kids all day long about being a responsible digital citizen but unless we are modelling the behaviour we are trying to foster, it’s just not going to work. So, when you’re sharing a new post on Facebook, or commenting on a news article, ensure you are considerate and responsible with your word choice. Show your kids how to have kind and respectful interactions online and always fact-check any information you choose to share – because they are always watching and learning!!
Happy parenting digital citizens!!
Alex
The post How to Raise Responsible Digital Citizens appeared first on McAfee Blog.
Inquisitive, curious and fiercely independent. These are the three words that come to mind when I remember my boys as tweens and teens. Now, these are all wonderful qualities but when you’re trying to teach your kids to navigate the internet, these ‘wonderful’ qualities can often make things a little harder!! Curious types want to discover and investigate – that’s natural! But it also makes our job as parents even more challenging, particularly when it comes to protecting them from the slew of inappropriate content that can be found online.
In short, inappropriate content is anything your kids may find online that they find disturbing or are not yet ready for, developmentally. It may be an image, a video or written text that is offensive and upsetting. Now, this could happen accidentally but also deliberately.
Many of us immediately think of sexually explicit material when we think of inappropriate content but there is, unfortunately, more. It can also include material that promotes extremism or terrorism, violent imagery or copy, hateful or offensive sites or posts as well as false or misleading information.
As you can imagine, it’s hard to find accurate data as to how many kids have seen inappropriate content. Many kids would loathe to admit what they have seen, feel embarrassed or are simply too distressed to report their experience. So, it’s likely that the real statistics are higher than the reported data. Research undertaken by our eSafety Office shows that a high proportion of Aussie kids aged 12 to 17 have seen inappropriate content. Here are the details:
Is it inevitable that you will see something inappropriate online? I wish I could answer no, but the reality is that at some stage it is likely that your kids will see something that they find confusing or upsetting. So, the aim of the parental game here is to ensure this happens as late as possible and that they are ready for it. Here is where I suggest you put your energy into making this happen:
I am a big fan of a family tech agreement that outlines your expectations of your kids’ online behaviour and the family’s ‘rules of engagement.’ This should be age appropriate but if your kids are young enough then please include a list of the sites they can visit, the apps they can download and the information they can share – nothing personally identifiable. I would also include rules about device usage – no devices in bedrooms overnight!! Check out my post here that will help you tailor an agreement for your family.
A clear and detailed agreement means that every family member has clarity on the rules that will keep them safe. I find sharing the ‘why’ with my kids so important – so ensure they know you’re your goal here is to keep them safe and set them up for a positive online experience.
Go out of your way to create a home environment when your kids feel comfortable talking and sharing about all aspects of their lives without judgement. Once you have this, then you will be able to have regular conversations that will help them better understand the online world and most importantly, keep them safe! The goal here is to have genuine 2-way conversations without them feeling like they are being lectured at. For example, you can explain that anything they share online creates their own ‘digital footprint’ so they need to be mindful of how they conduct themselves, You could also talk them through the dangers of spreading rumours online or sharing hurtful photos or jokes.
And if your kids know they can talk to you about anything and that you won’t overact, then they are more likely to tell you if they have seen something online that has worried them. Now, we all hope that doesn’t happen, but we all want to be able to help our kids navigate challenges if and when they arise.
Parental controls can be a really helpful tool that allows you to monitor and manage what your child sees and does online. Of course, using parental controls is not a silver bullet – you still need to remain vigilant and invested however it can be a great thing to have in your toolbox. Here’s what I Iike:
Check out more information about McAfee’s parental controls here.
As we all know, the sky is the limit when it comes to finding anything online. So, young curious minds have ample opportunity to have their every question answered. However, this is not ideal when your kids have neither age nor experience on your side. So, let me introduce you to some child-friendly search engines that will ensure there are healthy boundaries for inquisitive minds!
This is a search engine that’s designed to produce safe results for kids so it will produce quite limited results – perfect! It has been designed to block swear words and ‘rude’ language but a Commonsense Media trial found that some violent content could be generated using it.
This search engine uses Google’s strict filtering software to produce up-to-date results without the risk of anything inappropriate. Their advanced keyword filtering system monitors for alternate and modified spellings which is great for youngins!
Also using Google’s SafeSearch, KidRex promotes kid-friendly pages in its results. It also has an additional database of inappropriate keywords and sites and blocks social media results. How good!
But, if you just want to stick with Google and turn on the SafeSearch filters, you absolutely can. Just remember, that you’ll need to activate it on every device that your kids might use – including their phone!
How often do you hear yourself saying or doing something your mother does? I do all the time! Our parents are our biggest influence and are our biggest role models. And this also applies to how we engage with technology. Make sure your kids see you enjoying tech-free time, so they ‘normalise’ this. Leave your phone at home when you walk the dog, never have phones at the dinner table and always turn your phone on do not disturb when talking with your kids. The less time spent on technology means the more time for real in-person human connection.
Being open is also an imperative way to protect your kids. In fact, the more open and communicative you are with your kids, the less reason they will have to undertake their own ‘research’ online. So, if you’ve created an environment where talking about puberty, hormonal changes and teenage relationships is normal, chances are they won’t need to turn to Google for answers – and risk seeing inappropriate content.
So, if you have a tribe of curious tweens or teens, then I’m sending you my very best. It’s not an easy task protecting them from some of the more challenging content that the internet can offer. But having come out the other side – and survived – I can assure you that the more proactive you are, the easier the ride will be.
Good luck!!
Alex XX
PS If you’re thinking about parental controls, don’t forget about enabling these on your streaming services too. Netflix, Amazon Prime and Stan all offer parental controls which can restrict the content that your kids can view. It’s definitely worth the effort.
The post How to Protect Your Kids From Inappropriate Online Content appeared first on McAfee Blog.
A disturbing story out of western Spain spotlights challenges of technological evolution. Unwitting children and teenagers were victims of users of a deepfake app. Their families, shocked at how the events transpired, are equally frustrated by how little recourse they feel they have. Deepfake technology, which leverages sophisticated artificial intelligence to create realistic yet fabricated images and videos, has seen a significant uptick in usage, a surge partly attributed to advancements in AI. As this technology becomes more accessible, concerns about its misuse, particularly in creating unauthorized or malicious content that mimics real individuals, are growing.
To protect yourself and your family from being victimized by deepfake technology, it is crucial to understand some steps you can take.
There may be no perfect solution to the dynamic threat of deepfake fraud. As technology advances, people will find novel ways to leverage it for means both innocent and otherwise. Yet, there are still strategies organizations and individuals can employ to help prevent deepfake fraud and to mitigate the impacts of it, should it occur. Sometimes, in an ever-more-complicated online world, the best bet may be to simplify. Adopting tools like our personal data cleanup solutions or our all-in-one security platform with identity protection can fortify protection against deepfakes and other forms of fraud. The digital landscape is evolving. The good news is, you can, too.
The post Deepfake Defense: Your 8-Step Shield Against Digital Deceit appeared first on McAfee Blog.
Depending on the day’s most popular headlines, AI is either a panacea or the ultimate harbinger of doom. We could solve the world’s problems if we just asked the algorithm how. Or it’s going to take your job and become too smart for its own good. The truth, as per usual, lies somewhere in between. AI will likely have plenty of positive impacts that do not change the world while also offering its fair share of negativity that isn’t society-threatening. To identify the happy medium requires answering some interesting questions about the appropriate use of AI.
The full answer to this question could probably fill volumes, but we won’t go that far. Instead, we can focus on a use case that is becoming increasingly popular and democratized: generative AI assistants. By now, you’ve likely used ChatGPT or Bard or one of the dozens of platforms available to anyone with a computer. But can you prompt these algorithms and be wholly satisfied with what they spit out?
The short answer is, “no.” These chatbots are quite capable of hallucinations, instances where the AI will make up answers. The answers it provides come from the algorithm’s set of training data but may not actually be traceable back to real-life knowledge. Take the recent story of a lawyer who presented a brief in a courtroom. It turns out, he used ChatGPT to write the entire brief, wherein the AI cited fake cases to support the brief.1
When it comes to AI, human oversight will likely always be necessary. Whether the model is analyzing weather patterns to predict rainfall or evaluating a business model, it can still make mistakes or even provide answers that do not make logical sense. Appropriate use of AI, especially with tools like ChatGPT and its ilk, requires a human fact checker.
Again, this is a question more complicated than this space allows. But, we can attempt to examine a narrower application of the question. Consider that many AI algorithms in the real-world have been found to exhibit discriminatory behavior. For example, one AI had a much larger error rate depending on the sex or race of subjects. Another incorrectly classified inmate risk, leading to disproportionate rates of recidivism.2
So, can those who write these algorithms fix these concerns once the model is live? Yes, engineers can always revisit their code and attempt to adjust after publishing their models. However, the process of evaluating and auditing can be an ongoing endeavor. What AI creators can do instead is to focus on reflecting values in their models’ infancy.
Algorithms’ results are only as strong as the data on which they were trained. If a model is trained on a population of data disproportionate to the population it’s trying to evaluate, those inherent biases will show up once the model is live. However robust a model is, it will still lack the basic human understanding of what is right vs. wrong. And it likely cannot know if a user is leveraging it with nefarious intent in mind.
While creators can certainly make changes after building their models, the best course of action is to focus on engraining the values the AI should exhibit from day one.
A few years ago, an autonomous vehicle struck and killed a pedestrian.3 The question that became the incident’s focus was, “who was responsible for the accident?” Was it Uber, whose car it was? The operator of the car? In this case, the operator of the vehicle, who sat in the car, was charged with endangerment.
But what if the car had been empty and entirely autonomous? What if an autonomous car didn’t recognize a jaywalking pedestrian because the traffic signal was the right color? As AI finds its way into more and more public use cases, the question of responsibility looms large.
Some jurisdictions, such as the EU, are moving forward with legislation governing AI culpability. The rule will strive to establish different “obligations for providers and users depending on the level of risk from” AI.
It’s in everyone’s best interest to be as careful as possible when using AI. The operator in the autonomous car might have paid more attention to the road, for example. People sharing content on social media can do more due diligence to ensure what they’re sharing isn’t a deepfake or other form of AI-generated content.
This may just be the most pressing question of all those related to appropriate use of AI. Any algorithm needs vast quantities of training data to develop. In cases where the model will evaluate real-life people for anti-fraud measures, for example, it will likely need to be trained on real-world information. How do organizations ensure the data they use isn’t at risk of being stolen? How do individuals know what information they’re sharing and what purposes it’s being used for?
This large question is clearly a collage of smaller, more specific questions that all attempt to get to the heart of the matter. The biggest challenge related to these questions for individuals is whether they can trust the organizations ostensibly using their data for good or in a secure fashion.
For individuals concerned about whether their information is being used for AI training or otherwise at risk, there are some steps they can take. The first is to always make a cookies selection when browsing online. Now that the GDPA and CCPA are in effect, just about every company doing business in the U.S. or EU must place a warning sign on their website that it collects browsing information. Checking those preferences is a good way to keep companies from using information when you don’t want them to.
The second is to leverage third-party tools like McAfee+, which provides services like VPNs, privacy and identity protection as part of a comprehensive security platform. With full identity-theft protection, you’ll have an added layer of security on top of cookies choices and other good browsing habits you’ve developed. Don’t just hope that your data will be used appropriately — safeguard it, today.
The post Safer AI: Four Questions Shaping Our Digital Future appeared first on McAfee Blog.
You guard the keys to your home closely, right? They have their own special spot in your bag or in your front pocket. When your keys go missing, does a slight pit of unease grow in your gut?
Our homes store many sentimental and valuable treasures within their walls. The same goes for your online accounts. Think of your login and passwords as the keys to the cozy home of your date of birth, Social Security Number, full name, and address. When you lose those keys and they fall into the hands of a criminal, the break-ins to your online home can be costly.
In a scheme called credential phishing, online scammers seek to steal the keys to your online accounts: your login and password combinations. Just like you’d protect the keys to your house, so should you guard your online account credentials closely.
Credential phishing is a type of online scam where a cybercriminal devises tricks to gain one type of valuable information: username and password combinations. Once they eke this information from their targets, the thief is able to help themselves to online bank accounts, online shopping sites, online tax forms, and more. From there, they could go on a shopping spree on your dime or pilfer your personally identifiable information (PII) and steal your identity.
There are two common ways a criminal might try to steal online account credentials. The first is through a phishing attempt that asks specifically for usernames and passwords. They may impersonate a person or organization with authority, such as your boss, a bank representative, or the IRS. Phishing attempts often threaten dire consequences if you don’t reply promptly. Handle emails, texts, and social media direct messages that demand urgency with care. If it’s truly important, your bank will find another way to get in touch with you. Additionally, be aware of your notification preferences and communication channels with important organizations. For example, the IRS only contacts people by mail.
A second way credential phishers may try to steal your passwords is through fake login pages. You may get redirected to a fake login page by clicking on a risky link hidden in a phishing message or on a malicious website. An example of credential phishing and fake login pages in action happened to customers of a password storage company. Customers received phishing emails that contained a link to a “login page” that was actually a malicious subdomain that sent the details straight to scammers.1
There’s one very simple rule to avoid a phisher stealing your credentials: never share your password with anyone! No matter how authoritative a phone call, text, or email sounds, a legitimate business nor an IT professional nor your boss will ever ask you for your password and username combination.
If you suspect a phishing attempt, do not reply or forward the message. Additionally, do not click on any links. Artificial intelligence content creation tools like ChatGPT can make phishing messages sound convincing, as AI tools often compose messages without typos or grammar mistakes. But if anything in the tone or content of the message strikes you as suspicious, it’s best to delete it and forget about it.
Ultimate secrecy is a great first step in keeping your credentials a mystery. Practice these other password and online account safety best practices to keep your PII safe:
To add extra security to your online comings and goings, consider investing in McAfee+, which includes McAfee Scam Protection. McAfee Scam Protection is an AI-powered tool that blocks risky links in your emails, texts, and on social media. This is helpful just in case you accidentally click on a link that would’ve brought you to a fake login page or to another risky site. The more you use Scam Protection, the smarter it gets! And should your credentials and PII ever fall into the wrong hands, McAfee+ has credit and identity monitoring tools that can alert you to suspicious activity.
Consider McAfee as the home security system for your online life. When you log off and lock up, you can relax knowing that McAfee will alert you to breaking-and-entering attempts.
1Cybernews, “LastPass employees and customers targeted in ‘pervasive’ phishing campaign”
The post What Is Credential Phishing? appeared first on McAfee Blog.
If you had to count the number of social media platforms your teen uses, I wonder what the score would be? 2, 5 or maybe even more? Well, surprisingly research from our Aussie eSafety Commissioner shows that Aussie kids use an average of 4 social media services. I bet you thought it would be more. I did! So, maybe this means we don’t need to worry too much about joining and understanding these platforms? Surely their skills must be quite polished if there are only using four platforms? Wrong!! Being a good digital parent means we need to take the time to understand our kids’ digital world – even when we think they have a handle on it.
Over the last 12 years in my job as Cybermum, I’ve shared an abundance of advice. But if I had to pick the most important piece it is this – the absolute best way to keep your kids safe online is to commit to understanding your kids’ online world, particularly when they are starting out on their digital journey. So, if they are on Facebook, Instagram, Snapchat and TikTok then you need to sign up, and spend time understanding how it works. If they love Minecraft, Fortnite or Among Us – then you now do too! I’m sure you’re figuring out the pattern by now…
I’m not sure how it works for you but one thing that does NOT work for me is listening to advice from someone who has no relevant experience. To be honest, it really grinds my gears!! So, isn’t it logical that our teens would feel the same? I honestly don’t think we can expect them to take advice from us about online safety if we have no lived experience. In my opinion, experience = credibility.
So, when you join Snapchat or Instagram not only are you learning about your child’s digital life but you’re also developing credibility which may just be the most important ingredient in keeping your kids safe online. Because if and when your kids find themselves in tricky situation online, they will be far more likely to come to you with a problem if they know you understand how it all works.
Taylor Swift fandom is massive in Australia right now. With many taking days off work to secure tickets to her upcoming shows and a hot movie release, you’d be hard pressed to find many young girls who don’t think she is the ‘bees knees’. And if your sons are made keen Le Bron, Tom Brady or Nathan Cleary fans then they wouldn’t be alone – my sons are all in awe of these spectacular athletes. But despite all the hype and the potential influence from these celebrities, I need to remind you of one very important thing – you are the most important role model for your kids. You hold the greatest influence in their decision making and value setting.
If your kids see you using the same platforms they use in a healthy, balanced way – then you really have a tonne of ability to help them develop positive digital habits. Your ‘tech cred’ will mean they are even more likely to pick up on your habits. So, make sure you have a healthy mix of digital and non-digital activities into your life. Consider:
Remember, they are watching and learning!!
Now, I don’t want to force you to do anything that you are not comfortable with, but I do want you to understand how best to support your kids in their digital life. To me, it’s quite simple. Whatever platform your kids spend the bulk of their time online then that’s where you need to spend your time too. You’ll develop credibility which means they are more likely to come to you if they have an issue online. It also gives you an opportunity to model health digital habits which can be really powerful. So, if your kids use Snapchat then yes – you need to join!!! All the ‘know-how’ you amass while using it will absolutely help make you a great digital parent.
Till next time
Alex
The post Do I Really Need to be on Snapchat to be a Good Digital Parent? appeared first on McAfee Blog.
“My phone’s been hacked!” Words you probably don’t want to hear or say. Ever.
Yes, a smartphone can get hacked just like any other device. And they make prize targets as well. Loaded as they are with personal and financial information, access to payment apps, files, photos, and contacts, bad actors have plenty to gain by tapping into your smartphone.
How do bad actors pull it off? They have several attack vectors they can choose from.
Today’s attackers have gotten cagier as well. It used to be that a hacked phone would run sluggishly or hot after it got infected by malware. The battery might have drained quickly as well. That was because the malware ate up system resources, created conflicts with other apps, and used your data or internet connection to pass along your personal information—all of which could make your smartphone feel a little off. That still might be the case with some mobile malware today, yet much of it works far more efficiently. The old telltale physical signs of a hacked phone might not present themselves at all.
However, you can spot several indications that might indicate your phone has been hacked.
A few examples follow. Note that these might be signs of a hacked phone, yet not always.
Install and run online protection software on your smartphone if you haven’t already. From there, delete any apps you didn’t download, delete risky texts, and then run your mobile security software again.
If you still have issues, wiping and restoring your phone is an option. Provided you have your photos, contacts, and other vital info backed up in the cloud, it’s a relatively straightforward process. A quick search online can show how to wipe and restore your model of phone.
Lastly, check your accounts and your credit card statements to see if any unauthorized purchases have been made. If so, you can go through the process of freezing those accounts and getting new cards and credentials issued. Further, update your passwords for your accounts with a password that is strong and unique to prevent further theft.
To help keep your phone from getting hacked in the first place, there are a few relatively easy steps you can take. Inside of a few minutes, you can find yourself much safer than you were before.
The post How to Know If Your Phone Has Been Hacked appeared first on McAfee Blog.
Smart speakers. Banking online. Location tracking. If you are a senior adult, there’s no doubt, the digital leaps and bounds you’re asked to consider each day can be daunting. If you are the child of a senior adult trying to make digital life more accessible, helping your parent consistently stay safe online can also be a challenge.
According to a recent Pew study on the topic, senior adults continue to become more digitally connected, but adoption rates continue to trail younger users, and digital divides remain. The study also revealed that 77% of older adults needed assistance in learning how to use technology.
As a senior, it’s easy to feel intimidated and even try to avoid technology altogether as a safety plan. However, more healthcare, banking, and retailers become almost 100% digital, opting out of digital life is becoming impossible.
Still, there’s a way forward. As with any challenge, it’s best to begin one step at a time. First, put your stake in the ground by committing to increase your awareness and consistency in the digital realm. Doing so will help you reduce your fear about potential data breaches, malware attacks, or worse, falling prey to an online scam. Here are seven more ways to build upon your privacy path.
Online protection software safeguards your privacy while also looking after your privacy too. McAfee+ Family plans include personalized protection for each member of the family, including older family members outside the home. For example, a grandparent can set up and manage their own protection for their identity, privacy, computers, and phones. And inviting a grandparent onto the plan is as simple as sending an email.
Updating your passwords regularly is an online privacy gamechanger. The only problem? It’s tough to remember all those passwords, so who wants to risk changing them, right? Consider a password manager (find the software packages that have a password manager built-in). Your Password Manager (PM) stores then populates the username and password fields every time you log on to a favorite site or app. Better yet, it makes changing your password an easy task since you don’t need to do any remembering—your PM does it all for you.
What in the world? 2FA sounds complicated! Don’t worry, it’s not. Opting for 2FA means that before logging onto your account, you will have one more step to verify it’s you logging on. When given this privacy option, take it. Commonly, the 2FA process is a code generated by a smartphone app—no biggie. If you want to try, go to your settings in your favorite apps, such as Google or Facebook, and turn on the 2FA option.
Along with strong passwords, updating your software is a front-line defense against identity theft and fraud. Installing software updates (those pesky pop-up notices that are critical to your privacy) is essential in securing your IoT devices, PCs and phones, and the social media, banking, and healthcare portals connected to them.
5. Use a Virtual Private Network (VPN).
If we could write this one tip down a hundred times without losing our readers, we surely would. Every senior adult needs a VPN for practical, powerful privacy protection and peace of mind. A VPN keeps credit card and personal info contained in a secure network and away from prying eyes.
Fraudulent emails connected to fraudulent websites can look very legitimate. A secure website will have an “HTTPS” in the browser’s address bar. The “s” stands for “secure.” If the web address or URL is just HTTP, it’s not a secure site. Still unsure? Read reviews of the site from other users before making a purchase. Never send cash, cashier’s check, or a personal check to any online vendor. If purchasing, always use a credit card in case there is a dispute. Stay up-to-date on scams that target seniors specifically. Lately, elder scams have been constructed around COVID, dating apps, tax returns, employment, and, of course, the common military catfish scams.
Like it or not, companies gather, share, and sell plenty of information about us online. Among them, online data brokers that collect information about people from public records and third parties, like shopping information from the discount cards we use to get deals at the supermarket or drug store. They compile this information and post it online for anyone to see, for a price. And they’ll sell it to anyone. That includes marketers, advertisers, and even bad actors who use it for scams and to help them commit identity theft. You can clean up these digital breadcrumbs, though. Our Personal Data Cleanup scans some of the riskiest data broker sites and show you which ones are selling your personal info. We’ll also provide guidance on how you can remove your data from those sites and with select products, we can even manage the removal for you.
When trying to boost your digital skills, don’t forget about all the amazing instructional content at your fingertips. A quick search of YouTube will render easy-to-understand videos on how to do just about everything (including install security software, change your router password, secure the smart devices in your home, and how to adjust your privacy settings on any device).
Learning or building a new skill isn’t always easy, but if you stop to think about it, as a senior, you’ve gained so many skills over your lifetime (far more than your juniors). So, practically speaking, building up your tech skills is one is just one more task to ace. So, lean into the challenge, have fun learning, and don’t hesitate to ask for help if you need it.
The post 7 Savvy Ways Senior Adults Can Safeguard Digital Privacy appeared first on McAfee Blog.
Throw open the windows and let in some fresh air. It’s time for spring cleaning.
And that goes for your digital stuff too.
Whether it’s indeed spring where you are or not, you can give your devices, apps, and online accounts a good decluttering. Now’s the time. Cleaning them up can protect your privacy and your identity because when there’s less lying about, there’s less for hackers to scoop up and exploit.
The reality is that we accumulate plenty of digital clutter that needs cleaning up from time to time. Think about it:
Together, these things take up space on your devices and, in some cases, can open you up to security hazards. Let’s take a look at how you can clean up in a few steps.
1. Review your accounts and delete the ones you don’t use. Look through your bookmarks, your password manager, or the other places where you store your passwords and usernames. Review the sites and services associated with them critically. If you haven’t used an account in some time, log in one last time, remove all personal info, and deactivate it.
Doing so can keep your email address, usernames, and passwords out of unnecessary circulation. Major breaches like this one happen with unfortunate regularity, and the sad thing is that you may not even be aware that a site you’ve used has been hit. Meanwhile, your name, password, and info associated with that account (such as your credit card) are in the hands of hackers. Limit your exposure. Close those old accounts.
2. Get organized, and safer too, with a password manager. While creating strong, unique passwords for each of our accounts is a must nowadays, it can be quite the feat, given all of the accounts in our lives. Here’s where a password manager comes in. It can create those strong, unique passwords for you. Not only that, but it also stores your passwords on secure servers, away from hackers and thieves.
Along those lines, never store your passwords on your computer or device, like a text document or spreadsheet. Should your device ever get compromised, lost, or stolen, having passwords stored on them are like handing over the keys to your digital life.
3. Clean your PC to improve your performance (and your security). Let’s face it, so many of us are so busy with the day-to-day that cleaning up our computers and laptops is way down the list. However, doing so once a month can keep our devices running stronger for longer and even give you that “new computer feeling,” particularly if you haven’t cleaned it up for some time. Check out our guide for improving PC performance. We will walk you through some straightforward steps that can make a marked difference.
Moreover, part of this process should entail bolstering your operating system and apps with the latest updates. Such updates can not only improve speed and functionality, but they also often include security upgrades as well that can make you safer in the long run. If your operating system and apps feature automatic updates, enable them, and they’ll do the work for you.
4. Organize and store your photos. Photos. Now there’s a topic all unto itself. Here’s the thing: Estimates show that worldwide we took somewhere around 1.2 trillion photos. And you certainly have your share.
However, your photos may be just sitting there, taking up storage space on your computer or phone, instead of becoming something special like an album, greeting cards, a wall hanging, or popping them into a digital picture frame for your kitchen or living room. And this is where a little spring cleaning can be a bit of fun. For tips on cleaning up your photos, backing them up, and making something special with them.
5. Delete old apps and the data associated with them. Let’s say you have a couple of apps on your phone for tracking your walks, runs, and exercise. You’ve since stopped using one altogether. Go ahead and delete the old one. But before you do, go in and delete your account associated with the app to ensure that any data stored off your phone, along with your password and user id are deleted as well.
For your computers and laptops, follow the same procedure, recognizing that they also may have account data stored elsewhere other than on your device.
In short, many apps today store information that’s stored and maintained by the app provider. Make sure you close your accounts so that data and information is taken out of circulation as well.
6. Shred your old files and encrypt the important files you’re holding on to. This bit of advice calls for using comprehensive security software on your devices. In addition to protecting you from viruses, malware, and other cyberattacks on your privacy and identity, it can help you protect your sensitive information as well. Such security software can offer:
7. Throwing away old computers and tech—dispose of them properly. When it comes time to say goodbye to an old friend, whether that’s a computer, laptop, phone, or tablet, do so in a way that’s friendly to the environment and your security.
Consider this … what’s on that old hard drive of yours? That old computer may contain loads of precious personal and financial info on it. The same goes for your tablets and phones. The Federal Trade Commission (FTC) offers some straightforward advice in their article about protecting your data before you get rid of your computer. You don’t want those old tax returns ending up in the trash unprotected.
When it comes time for disposal, you have a few options:
As with any spring cleaning, you’ll be glad you did it
Enjoying the benefits of your work—that’s what spring cleaning is all about, right? With this little list, you can end up with a digital life that’s safer and faster than before.
The post Digital Spring Cleaning: Seven Steps for Faster, Safer Devices appeared first on McAfee Blog.
Just when they need financial security the most, job seekers face another challenge—getting ripped off by job scams.
Scammers will capitalize on any opportunity to fleece a victim, like the holidays with ecommerce scams and tax time with IRS scams. Now, with surging employment figures, scammers have turned to job scams that harvest money and personal information from job seekers.
In some ways, the tactics bear resemblance to online dating and romance scammers who hide behind a phony profile and tell their victims a story they want to hear, namely that someone loves them. With job scams, they take on the persona of a recruiter and lure their victims with what seems like an outstanding job offer. Of course, there’s no job. It’s a scam.
These attacks have gained a degree of sophistication that they once lacked. Years prior, scammers relied on spammy emails and texts to share their bogus job offers. Now, they’re using phony profiles on social media platforms to target victims.
Social media platforms have several mechanisms in place to identity and delete the phony profiles that scammers use for these attacks. Of note, LinkedIn’s latest community report cited the removal of more than 21 million fake accounts in the first half of 2022:
Likewise, Facebook took action on 1.5 billion fake accounts in Q3 of 2022 alone, with more than 99% of them acted on before users reported them.
Still, some scammers make their way through.
As Steve Grobman, our senior vice president and chief technology officer, was quoted in an article for CNET, the continued shift to remote work, along with remote hiring, has also made it easier for online job scams to flourish. And the figures bear that out.
In 2021, the FTC called out $209 million in reported losses due to job scams. In just the first three quarters of 2022, reported job scam losses had already reached $250 million. While year-end figures have yet to be posted, the final tally for 2022 could end up well over $300 million, a 50% uptick. And the median loss per victim? Right around $2,000 each.
While the promise of work or a job offer make these scams unique, the scammers behind them want the same old things—your money, along with your personal information so that they can use it to cause yet more harm. The moment any so-called job offer asks for any of those, a red flag should immediately go up.
It’s possibly a scam if:
In the hands of a scammer, your SSN or tax ID is the master key to your identity. With it, they can open up bank cards, lines of credit, apply for insurance benefits, collect benefits and tax returns, or even commit crimes, all in your name. Needless to say, scammers will ask for it, perhaps under the guise of background check or for payroll purposes. The only time you should provide your SSN or tax ID is when you know that you have accepted a legitimate job with a legitimate company, and through a secure document signing service, never via email, text, or over the phone.
Another trick scammers rely on is asking for bank account information so that they can wire payment to you. As with the SSN above, closely guard this information and treat it in exactly the same way. Don’t give it out unless you actually have a legitimate job with a legitimate company.
Some scammers will take a different route. They’ll promise employment, but first you’ll need to pay them for training, onboarding, or equipment before you can start work. Legitimate companies won’t make these kinds of requests.
Aside from the types of information they ask for, the way they ask for your information offers other clues that you might be mixed up in a scam. Look out for the following as well:
You can sniff out many online scams with the “too good to be true” test. Scammers often make big promises during the holidays with low-priced offers for hard-to-get holiday gifts and then simply don’t deliver. It’s the same with job scams. The high pay, the low hours, and even the offer of things like a laptop and other perks, these are signs that a job offer might be a scam. Moreover, when pressed for details about this seemingly fantastic job opportunity, scammers may balk. Or they may come back with incomplete or inconsistent replies because the job doesn’t exist at all.
Job scammers hide behind their screens. They use the anonymity of the internet to their advantage. Job scammers likewise create phony profiles on networking and social media websites, which means they won’t agree to a video chat or call, which are commonly used in legitimate recruiting today. If your job offer doesn’t involve some sort of face-to-face communication, that’s an indication it may be a scam.
Scammers now have an additional tool reel in their victims—AI chatbots like Chat GPT, which can generate email correspondence, chats, LinkedIn profiles, and other content in seconds so they can bilk victims on a huge scale. However, AI has its limits. Right now, it tends to use shorter sentences in a way that seems like it’s simply spitting out information. There’s little story or substance to the content it creates. That may be a sign of a scam. Likewise, even without AI, you may spot a recruiter using technical or job-related terms in an unusual ways, as if they’re unfamiliar with the work they’re hiring for. That’s another potential sign.
Scammers love a quick conversion. Yet job seekers today know that interview processes are typically long and involved, often relying on several rounds of interviews and loops. If a job offer comes along without the usual rigor and the recruiter is asking for personal information practically right away, that’s another near-certain sign of a scam.
This is another red flag. Legitimate businesses stick to platforms associated with networking for business purposes, typically not networking for families, friends, and interests. Why do scammers use sites like Facebook anyway? They’re a gold mine of information. By trolling public profiles, they have access to years of posts and armloads of personal information on thousands of people, which they can use to target their attacks. This is another good reason to set your social media profiles on platforms like Facebook, Instagram, and other friend-oriented sites to private so that scammers of all kinds, not just job scammers, can’t use your information against you.
As a job hunter you know, getting the right job requires some research. You look up the company, dig into their history—the work they do, how long they’ve been at it, where their locations are, and maybe even read some reviews provided by current or former employees. When it comes to job offers that come out of the blue, it calls for taking that research a step further.
After all, is that business really a business, or is it really a scam?
In the U.S., you have several resources that can help you answer that question. The Better Business Bureau (BBB) offers a searchable listing of businesses in the U.S., along with a brief profile, a rating, and even a list of complaints (and company responses) waged against them. Spending some time here can quickly shed light on the legitimacy of a company.
Also in the U.S., you can visit the website of your state’s Secretary of State and search for the business in question, where you can find when it was founded, if it’s still active, or if it exists at all. For businesses based in a state other than your own, you can visit that state’s Secretary of State website for information. For a state-by-state list of Secretaries of State, you can visit the Secretary of State Corporate Search page here.
For a listing of businesses with international locations, organizations like S&P Global Ratings and the Dun and Bradstreet Corporation can provide background information, which may require signing up for an account.
Given the way rely so heavily on the internet to get things done and simply enjoy our day, comprehensive online protection software that looks out for your identity, privacy, and devices is a must. Specific to job scams, it can help you in several ways, these being just a few:
Job searches are loaded with emotion—excitement and hopefulness, sometimes urgency and frustration as well. Scammers will always lean into these emotions and hope to catch you off your guard. If there’s a common thread across all kinds of online scams, that’s it. Emotion.
A combination of a cool head and some precautionary measures that protect you and your devices can make for a much safer job-hunting experience, and a safer, more private life online too.
Editor’s Note:
Job scams are a crime. If you think that you or someone you know has fallen victim to one, report it to your authorities and appropriate government agencies. In the case of identity theft or loss of personal information, our knowledge base article on identity theft offers suggestions for the specific steps you can take in specific countries, along with helpful links for local authorities that you can turn to for reporting and assistance.
The post Job Scams—How to Tell if that Online Job Offer is Fake appeared first on McAfee Blog.
With the rush of Black Friday and Cyber Monday shopping comes a rush of another kind. Millions of fake delivery texts sent by scammers – designed to steal your personal info or saddle your phone with malware.
From late November through early January, scammers slip into the holiday mix and catch online shoppers unaware with fake delivery texts. They pose as postal services, delivery companies, and retailers, sending texts that alert their potential victims of some delivery issue or other.
The stories these scammers spin vary, yet the classics include:
In every case, the con game is the same. The scammer wants you to tap the link they’ve included in your text.
From there, that link whisks you to a malicious site designed to do you harm. That might involve installing malware like ransomware, spyware, or viruses. It might also steal your personal and financial info by asking you to fill out a form. Or both.
But you can absolutely beat these scams. A combo of knowing what to look for and some helpful tools can steer you clear of these scams and the headaches that follow.
A little background shows why hackers send so many during the holidays — and it starts with the reported $38 billion that U.S. consumers spent from Black Friday through Cyber Mondayi. Think of it this way, that’s $38 billion worth of stuff coursing through the mail and delivery services.
The U.S. Postal Service (USPS) alone will deliver an estimated 800 million packages between Thanksgiving and New Year’s Dayii. Overall, the USPS will process 15 billion pieces of mail. And then there’s the millions more shipped by UPS, FedEx, and Amazon’s delivery services.
That offers scammers plenty of opportunities. With all those packages moving around, they count on people responding to their fake delivery texts. Scammers make good money when even a small percentage of people tap the links in those texts.
That flood of bogus texts has understandably put people on their guard. Our own recent research shows that 36% of Americans said they were a victim of an online shopping scam during the holiday season. That’s more than one in three people, making it likely that you know someone who’s been taken in. Of those who fell for holiday scams online, nearly half said it cost them $100 or more. Strikingly, one in four victims said it cost them $1,000 or more.
The top two online scams people reported include:
Complicating matters more this year – AI. We’ve been talking a lot about that in our blogs this year, and with good reason. Scammers now have AI-driven tools that help them fire up fake emails, malicious sites, and text messages with a few clicks. In fact, a new phishing site is created every 11 seconds, and Americans receive an average of 12 fake messages or scams dailyiii.
As a result, 31% of people we surveyed said that it’s getting tougher to tell a real message from a fake one. And that includes delivery notifications by text.
With that, let’s cover what you can look out for.
As with any fake text, scammers do their best to look legitimate. All in the hope that their victims will tap that malicious link. Here’s how they try to disguise themselves:
In the U.S., the “big four” organizations that scammers like to impersonate are the U.S. Postal Service (USPS), FedEx, UPS, and Amazon. With that, they can cast a rather wide net because they’re responsible for so many deliveries this time of year. Of course, scammers won’t limit themselves to posing as those organizations. Just about any company will do.
Companies typically have a standard set of web addresses and phone numbers that they use for contacting customers. For example, Amazon states that legitimate Amazon addresses have a dot before “amazon.com” such as https://pay.amazon.com for Amazon Pay. Scammers try to spoof these addresses, often with addresses that look like the real thing but aren’t. They might use “fed-exdeliverynotices.com” rather than the legitimate fedex.com. In other cases, scammers might use a totally unrelated dot-com address, like in this phony DHL delivery notice below:
Note how the scammer slipped in “dhl” after the dot-com address, all in a ruse to make the link look more legitimate by using the DHL name, a legitimate shipping company.
Scammers rely on stress and high emotions to lure in their victims. And during the gift-giving season, an alert about a package delivery can do the trick. Scammers (falsely) claim that you won’t get your package without tapping that link and taking some sort of next step.
Once, red flags like these let you know you were staring down a scam. That’s still the case, yet AI has changed that. Scammers now use common AI tools to cook up their texts, which are far less likely to contain common typographical and grammatical errors. Still, look for any kind of writing that looks or reads a bit “off.” Trust your gut. That’s a warning sign.
You have several ways you can avoid the headaches and harm that these texts can lead to.
Consider being a part of the solution. Many companies have dedicated email addresses and web pages for fraud protection. This helps them identify scams along with their behaviors and trends. In turn, they can alert their customer base of current scams and help them track down the scammers.
Further, in the U.S., you can also report scam texts to the Federal Trade Commission (FTC) at https://www.ReportFraud.ftc.gov. Similarly, they use and share reports with law enforcement partners to help with investigations.
By taking a deep breath and scrutinizing that seemingly alarming delivery message, you can avoid getting taken in by scammers and hackers this time of year. Using official websites and apps to track your packages goes a long way toward putting you at ease that all’s well with your shipment. Or letting you know that there’s truly an issue with a package.
You also have comprehensive online protection software like ours in your corner. It protects more than your devices. It protects your privacy and identity too — from text scams like these and a host of other scams and attacks as well. In short, it can help you tell what’s real and what’s fake out there.
The post Is That Delivery Text Real or Fake? How to Shop and Ship Safely this Season appeared first on McAfee Blog.
By Lakshya Mathur & Yashvi Shah
Phishing attackers aim to deceive individuals into revealing sensitive information for financial gain, credential theft, corporate network access, and spreading malware. This method often involves social engineering tactics, exploiting psychological factors to manipulate victims into compromising actions that can have profound consequences for personal and organizational security.
Over the last four months, McAfee Labs has observed a rising trend in the utilization of PDF documents for conducting a succession of phishing campaigns. These PDFs were delivered as email attachments.
Attackers favor using PDFs for phishing due to the file format’s widespread trustworthiness. PDFs, commonly seen as legitimate documents, provide a versatile platform for embedding malicious links, content, or exploits. By leveraging social engineering and exploiting the familiarity users have with PDF attachments, attackers increase the likelihood of successful phishing campaigns. Additionally, PDFs offer a means to bypass email filters that may focus on detecting threats in other file formats.
The observed phishing campaigns using PDFs were diverse, abusing various brands such as Amazon and Apple. Attackers often impersonate well-known and trusted entities, increasing the chances of luring users into interacting with the malicious content. Additionally, we will delve into distinct types of URLs utilized by attackers. By understanding the themes and URL patterns, readers can enhance their awareness and better recognize potential phishing attempts.
Figure 1 – PDF Phishing Geo Heatmap showing McAfee customers targeted in last 1 month
Attackers employ a range of corporate themes in their social engineering tactics to entice victims into clicking on phishing links. Notable brands such as Amazon, Apple, Netflix, and PayPal, among others, are often mimicked. The PDFs are carefully crafted to induce a sense of urgency in the victim’s mind, utilizing phrases like “your account needs to be updated” or “your ID has expired.” These tactics aim to manipulate individuals into taking prompt action, contributing to the success of the phishing campaigns.
Below are some of the examples:
Figure 2 – Fake Amazon PDF Phish
Figure 3 – Fake Apple PDF Phish
Figure 4 – Fake Internal Revenue Service PDF Phish
Figure 5 – Fake Adobe PDF Phish
Below are the stats on the volume of various themes we have seen in these phishing campaigns.
Figure 6 – Different themed campaign stats based on McAfee customers hits in last 1 month
Cyber attackers are exploiting the popular professional networking platform LinkedIn and leveraging Google Apps Script to redirect users to phishing websites. Let us examine each method of abuse individually.
In the case of LinkedIn, attackers are utilizing smart links to circumvent Anti-Virus and other security measures. Smart links are integral to the LinkedIn Sales Navigator service, designed for tracking and marketing business accounts.
Figure 7 – LinkedIn Smart link redirecting to an external website
By employing these smart links, attackers redirect their victims to phishing pages. This strategic approach allows them to bypass traditional protection measures, as the use of LinkedIn as a referrer adds an element of legitimacy, making it more challenging for security systems to detect and block malicious activity.
In addition to exploiting LinkedIn, attackers are leveraging the functionality of Google Apps Script to redirect users to phishing pages. Google Apps Script serves as a JavaScript-based development platform used for creating web applications and various other functionalities. Attackers embed malicious or phishing code within this platform, and when victims access the associated URLs, it triggers the display of phishing or malicious pages.
Figure 8 – Amazon fake page displayed on accessing Google script URL
As shown in Figure 8, when victims click on the “Continue” button, they are subsequently redirected to a phishing website.
Crafting highly convincing PDFs mimicking legitimate companies has become effortlessly achievable for attackers. These meticulously engineered PDFs create a sense of urgency through skillful social engineering, prompting unsuspecting customers to click on embedded phishing links. Upon taking the bait, individuals are redirected to deceptive phishing websites, where attackers request sensitive information. This sophisticated tactic is deployed on a global scale, with these convincing PDFs distributed to thousands of customers worldwide. Specifically, we highlighted the increasing use of PDFs in phishing campaigns over the past four months, with attackers adopting diverse themes such as Amazon and Apple to exploit user trust. Notably, phishing tactics extend to popular platforms like LinkedIn, where attackers leverage smart links to redirect victims to phishing pages, evading traditional security measures. Additionally, Google Apps Script is exploited for its JavaScript-based functionality, allowing attackers to embed malicious code and direct users to deceptive websites.
Protecting oneself from phishing requires a combination of awareness, caution, and security practices. Here are some key steps to help safeguard against phishing:
McAfee provides coverage against a broad spectrum of active phishing campaigns, offering protection through features such as real-time scanning and URL filtering. While it enhances security against various phishing attempts, users must remain vigilant and adopt responsible online practices along with using McAfee.
The post PDF Phishing: Beyond the Bait appeared first on McAfee Blog.
In the 80’s, train stations and church groups were the key places to meet boys. And despite the fact I tried very hard to keep this side of my life well away from my parents, I know for a fact that they worried!! Well, some things have clearly changed with social media and dating apps providing unlimited opportunities for teens to connect with romantic partners across the world. But one thing definitely hasn’t changed – parents are still worrying!!
Despite what we may think, school is still the main place teens find their romantic partners according to a fascinating research study entitled: ‘Adolescents’ Partner Search in the Digital Age: Correlates and Characteristics of Relationships Initiated Online’. But second to this is the internet. The internet (including social media) even trumps ‘friends, parties and neighbourhoods’ as the 2nd most common place where adolescents meet their significant other.
Interestingly, the report also highlights the different types of kids who gravitate towards online dating. According to the research, girls who find it harder to fit in at school were more likely to initiate and find romantic relationships online rather than pursue them in person. This was the same for teens looking to pursue same-sex relationships. Overall, there were multiple examples of how the internet has become a ‘social intermediary’ for teens who may struggle with in-person social connection.
I want to make it very clear that this post isn’t designed to scare you or have you immediately remove all devices from your teen – although I get why it’s tempting! Instead, I want to help you, help your kids navigate online dating.
By now, we all know that there are both challenges and risks being online. Some of us navigate these with ease while others don’t. In my opinion, a teen’s ability to think critically, pick up social cues and manage conflict will have a direct impact on their ability to navigate their online life and that includes online dating.
So, yes there are risks – your teen may experience harassment, discrimination, sextortion, scams or cyberstalking. And of course, these are big heavy possibilities that no-one wants their child to experience. But you have to remember that for our kids, meeting someone online is just as normal as it was for my friends and I to meet boys at the local train station. In fact, it may even be less overwhelming as they can ‘google’ potential love matches and find friends of friends who can vouch for them or warn them away.
Instead of being worried, focus on helping your teen have a positive and safe online dating experience.
It’s completely natural to be hesitant about your teen dating online – I’ve been there! And yes, talking about their budding love life may be a bit uncomfortable. But, when there are some pretty large risks at play, you’re just going to have to push through on the awkwardness. Here are my top tips:
Take some time to research the various dating sites. Read the reviews, browse the community guidelines and understand how they verify users. The larger dating sites are for over 18s – think Hinge, Bumble and Tinder however let’s keep it real – it’s not that hard to ‘fudge’ your age. So even if your teen is under 18, I’d still do some due diligence here. In recent years, under 18 dating sites have cropped up. Mylol, the self-proclaimed “#1 teen network in the world”, is probably the most popular platform followed by Skout.
But traditional dating sites are not the only way teens meet potential love interests online. It’s not uncommon for kids to start messaging other kids whose profile they may have come across on Snapchat, Discord or even while gaming on Fortnite. You may have heard the expression ‘slide into your DMs’ – that means that someone has sent you a direct message on social media, most commonly for romantic purposes!!
Once you understand how it all works – you’ll be able to speak with more ‘weight’ to your teen. So, push through the awkwardness and start talking. If there is a lot of pushback from your teen, you might need to go slow. Why not share articles about online dating? Or, relay stories and experiences from your friends and their kids? Always reserve judgment and stay calm and neutral. Why not help them work out what they want by asking open and non-judgemental questions e.g. Is it a committed relationship or just a ‘fling’? This may help them work out the best platform and also manage their expectations.
Once the awkwardness has gone, you should start talking about healthy relationship boundaries. It’s important they understand how to set parameters, so they are safe and respected. They need to know that:
There are also some key safety measures that will help protect them when they embark on online dating. I love reminding my boys of these – fingers crossed they listen!!
I’m a big believer that being proactive is a very worthwhile parenting strategy. So, ‘ripping off the bandaid’ and helping your teens with their online dating strategy is a great way to set them up for a safe and positive experience. We all know from experience that the path to true love isn’t always linear, so there might be a few heartbreaks or dramas along the way. So, remind your teen that you are always available to listen to their concerns and help them troubleshoot a situation. Remember, the more you keep the lines of communication open, the more likely they will be to come to you if there is an issue.
Happy digital parenting!!
Alex x
The post How to Help Your Teens Stay Safe When They Start Dating Online appeared first on McAfee Blog.
Yes, there is a Cyber Grinch. In fact, you’ll find evidence of an entire host of grinches online — the cybercrooks who, with the help of AI, create millions of online scams that crop up just in time to spoil the holiday season. But you can still shop safely, with a sharp eye and the right tools at your side.
This time of year always sees a boost in scams. After all, where shoppers go, scammers follow. Research from our McAfee Labs team found that scam volume ramps up 30% above average this time of year, kicking off in November and carrying over into the first week of the new year.
To gain even more insight into the impact online scams have on consumers, we conducted our inaugural Global Holiday Shopping Scams Study. More than 7,000 adults in seven countries told us how scams have impacted their holidays. They also shared their feelings about the recent onset of AI-driven scams.
The findings offer several significant insights, including the financial impact of scams, and even when and where people shop online (spoiler: that includes purchases made at the dinner table and in the bathtub).
Let’s dig into the findings. From there, we’ll show you several ways you can stay safe while you shop online, so you can send those grinches packing.
For starters, 36% of Americans said they were a victim of an online shopping scam during the holiday season. That’s more than one in three people, making it likely that you know someone who’s been taken in. Of those who fell for holiday scams online, nearly half said it cost them $100 or more. Strikingly, one in four victims said it cost them $1,000 or more.
The top three online scams people reported include:
We looked at those figures more closely and found some trends that show some folks get tangled up in these scams more than others.
Comparing men and women, 65% of men said they place the same level of trust in shopping online as they do in person. Meanwhile, women appear to be a bit more discerning. Only 46% of women said they had the same level of trust. We then found that men were nearly twice as likely to fall for an online holiday scam (46%) than women (26%).
When looking across generations, we found that 64% of Gen Z and 77% of Millennials trust shopping online as much as in person. Likewise, they found themselves victimized by scams more often than older adults. Of the younger set, 49% of Gen Z and 65% of Millennials said they fell for a holiday scam. Compare that to only 12% of people over 50 saying the same thing.
We also got some insight into people’s headspace.
People are as deal conscious as ever, with 1 out of 3 (35%) saying they will likely jump on a bargain when they see it. They also plan to shop around; 85% of people said they will look for the best deal before buying their holiday gifts.
It’s no surprise that 63% planned to shop online during Black Friday and Cyber Monday weekend. However, we found some surprises — namely, where they are when they shop online:
Take all that together and it leaves the Cyber Grinch wringing his hands in delight. Bargain hunting, shopping around, and buying online when you’re somewhat distracted make it easier for scammers to pull off their tricks.
Scammers count on the stress and pressures of holiday shopping. When people are tired or in a hurry, they tend to make mistakes. And now they’re easier to make, no thanks to the scammers who’ve picked up AI tools.
The bad actors out there now have AI-driven tools that help them fire up scams at alarming rates. They make it easier to create compelling fake emails, malicious sites, and text messages. In fact, a new phishing site is created every 11 seconds, and Americans receive an average of 12 fake messages or scams daily.
On top of that, AI has made it harder than ever to tell what’s real from what’s fake. Not only have we seen a deluge of scams, but it’s also a deluge of increasingly sophisticated scams. With AI tools, scammers can make their emails, messages, and texts look and sound more convincing than ever.
People shared their concerns about AI scams:
Despite what we discovered in many of the findings, we have good news to share: there are tools that can help you shop safely.
Think before you click. Cybercriminals use phishing emails or fake sites to lure people into clicking links that might lead to malware. If you receive an email or text message asking you to click on a link, it’s best to avoid interacting with the message altogether. Even if it’s a great-sounding deal or indicates it’ll provide useful info such as a parcel delivery update. Always go direct to the source and interact with reputable companies.
Remember that if it seems too good to be true, it probably is. Many scams are effective because the scammer creates a false sense of urgency or preys on a heightened emotional state. Pause before you rush to interact with any message that is threatening or urgent, especially if it is from an unknown or unlikely sender. The same very much applies for deals and sales online. Scammers will pop up bogus online ads and stores for sought-after gifts, of course with no intention of shipping you anything. Look out for offers that seem priced too low and hard-to-find items that are miraculously in stock at an online store you’ve never heard of. Stick with reputable retailers instead.
Go unlisted. Scammers have to get your contact info from somewhere. Often, they get it from online data brokers and other “people finder” sites. These sites collect and sell massive amounts of personal info to any buyer. You can remove that info from some of the riskiest data brokers with our Personal Data Cleanup service. It can help you remove that info, and with select products it can even manage the removal for you. Likewise, set your social media accounts to “friends and family” only so that your profile info doesn’t show up in search results.
Use AI to beat AI. From blocking dangerous links that appear in text messages, social media, or web browsers, you have AI on your side. McAfee Scam Protection automatically identifies and alerts you if it detects a dangerous URL in your text. No more wondering if a delivery message or bank notification text is real or not. McAfee’s patented AI technology instantaneously detects malicious links to stop you before you click by sending an alert message. It’ll even block risky sites if you accidentally click on a scam link in a text, email, social media, and more. You’ll find it in our online protection plans like our award-winning McAfee+ subscriptions.
One thing that hasn’t changed this year, scammers love the holidays. Just as you’re gearing up for shopping, they’re gearing up for scamming. The hustle and bustle of the holidays, AI-driven scam tools, and malicious messages and websites seemingly play in the favor of scammers. Yet AI-driven protection like ours puts the advantage back squarely in your corner. That, and keeping your guard up for trickery, will help you steer clear of all those grinches out there this year.
The survey, which focused on the topic of scam messages and holiday shopping, was conducted online between September 7 and September 21, 2023. 7,130 adults, age 18+, in 7 countries (US, Australia, India, UK, France, Germany, Japan), participated in the study.
The post How to Shop Safely This Holiday Season appeared first on McAfee Blog.
It’s a common practice for many of us to share jokes, memes, and funny anecdotes with friends and family. With the advent of messaging and social media applications, this habit has become increasingly frequent and convenient, allowing humor to be shared at the click of a button. While we often perceive this as harmless fun, it’s essential to address a question that we don’t ask ourselves often enough: Are we forwarding jokes or inadvertently distributing spam?
The aim of this article is to offer an in-depth look at where the line between seemingly innocent forwards and potentially harmful spam lies. We will examine the characteristics of spam, the potential dangers of forwarding messages without due thought, and constructive steps we can take to ensure that our love for sharing humor does not metamorphose into inadvertent spamming.
Spam, in its most fundamental form, is any unwanted or unsolicited message that is sent in bulk. In the context of digital communication, they are typically commercial or promotional messages that are sent out repeatedly over the internet. Nevertheless, the definition of spam has evolved with the advancement in technology and the changing dynamics of digital communication. Today, any message that is repeatedly forwarded, irrespective of its content or intent, can fall within the category of spam.
The problem with spam is not just its annoying persistence or disruption of an otherwise clean inbox. It’s the potential threats and harm it may bring with it. Spams can contain links to malware or phishing sites, they can engage in the promotion of scams, or initiate chain letters. Hence, it’s not just the content of the message that essentially defines spam, but its potential for causing harm, intrusion, and annoyance.
→ Dig Deeper: Scam Texts Are More Painful Than Getting a Root Canal
When we forward a joke or a meme, our intention is to share a moment of laughter or light-heartedness with our contacts. However, without realizing it, we may be crossing the boundary between a simple forward and spam. If a forward is sent out in bulk, repeatedly, and without the recipient’s consent, it can be considered spam irrespective of its content. To put it bluntly, even a joke can be classified as spam if it doesn’t meet the criteria of a wanted, solicited, and single-instance message.
The issue here is also about the recipient’s perception. What one may find funny, another might find irritating, especially if sent repeatedly. It’s also crucial to remember that not everyone in your contact list might share your sense of humor. Hence, a joke forwarded with the best of intentions might end up being an unwelcome intrusion into someone’s inbox and, hence, spam.
When we forward a message, particularly to a large group, we rarely consider the origin of the content we’re sharing. In these days of misinformation and digital threats, this can pose significant risks. Sharing a joke might seem harmless, but if that joke contains a link or an attachment, it could actually be a gateway to malicious software or a phishing attempt. By forwarding such a message, you are potentially spreading a digital threat among your contacts.
Additionally, sending out bulk messages can make you a target for spam-related penalties. Most email service providers have policies against spamming in place. If a number of recipients mark your ‘jokes’ or forwards as spam, your email ID could be flagged, and you could face restrictions on your ability to send emails. This could potentially disrupt personal or work-related communication.
So, how can we ensure that our love for sharing humor doesn’t turn into unintentional spamming? The answer lies in being thoughtful, responsible, and aware digital communicators. Here are a few practical steps we can take:
Firstly, it’s important to understand the nature of the content we’re forwarding. If the message contains links, ensure they are safe and lead to credible sources. Avoid forwarding messages with attachments unless you’re sure about their origin and content. Secondly, consider the frequency of your forwards. If you’re sending the same joke or meme to multiple recipients repetitively, you might want to reconsider. Not only could this be perceived as spam, but it also dilutes the genuine moments of shared humor.
Always be mindful of the recipient’s consent. Just because someone is in your contact list does not automatically mean they consent to receive forwards from you. Ensure you have their permission before sending them any content. For instance, having separate WhatsApp groups or email threads for joke-sharing where all members have willingly joined could be an effective way of ensuring consent. Lastly, maintain some diversity in your forwards. If your jokes are always about a certain topic, they might not just be perceived as spam but possibly offensive too.
On a broader level, respecting digital etiquette can help prevent unintentional spamming. This includes being mindful of the time you send your messages, not sharing excessively private or sensitive information, not sending bulk messages, and overall, respecting the digital space of others as you would want yours to be respected.
→ Dig Deeper: Group Chat Etiquette: 10 Tips to Help Your Family Navigate the Digital Chatter
Being a responsible digital communicator does not just involve our individual actions, but also how we utilize technology to safeguard ourselves and others from spam. Many platforms now offer features to help control and prevent spam. For instance, email platforms provide options to report spam or block certain email IDs from sending you messages. On WhatsApp, there are options to restrict who can add you to group chats, which can help prevent unsolicited forwards.
There are also spam filters, which automatically screen your emails based on certain parameters and filter out potential spam. They are not always 100% accurate, and sometimes, genuine emails might end up in the spam folder, too. It’s important to check your spam folder periodically and mark the genuine emails as ‘Not spam’ so that the filter can learn and improve its screening process.
Spam detection tools and software are also available. They analyze the content of the message, the sender’s details, the frequency of such messages, etc., to determine if the message is spam or not. Some internet service providers also offer spam reporting services, which can help track and block the sources of spam.
McAfee Pro Tip: The tables have shifted. Now, you can leverage AI to detect and prevent harmful scam texts. With our new McAfee Scam Protection, it automatically recognizes and notifies you of potential threats from dangerous URLs in your texts. Say goodbye to uncertainties about the authenticity of package delivery messages or bank notifications.
In addition to using these tools, keeping our devices updated with the latest software versions and having good security software installed can also provide a strong line of defense against spam and its associated threats.
Sharing jokes and light-hearted content with our contacts can certainly add a touch of humor to our digital interactions. However, it’s important to be mindful of the line between sharing a joke and spamming. The potential risks associated with spam are real and can lead to harmful consequences.
By being aware of the nature of spam, practicing responsible digital communication, respecting the consent and digital space of others, and utilizing technology effectively, we can ensure that our forwards remain sources of joy and do not turn into unwanted spam.
In the end, it’s about striking a balance between sharing humor and preventing spam. With a bit of awareness and preventive measures, we can certainly achieve this balance and continue to spread smiles without unintentionally spreading spam. Be informed and spread awareness with McAfee.
The post Are You Forwarding Jokes Or Spam? appeared first on McAfee Blog.
Technology has permeated almost every aspect of our lives, including our romantic involvements. This is especially evident in the increasing prevalence of dating apps among teenagers. While these platforms can offer exciting opportunities for meeting new people and exploring romantic interests, they also present a considerable risk, especially to a vulnerable age group.
As a parent, you might feel caught in a dilemma. On one hand, you want to respect your teen’s privacy and independence. On the other, you worry about the potential dangers lurking behind these digital platforms. This article aims to shed light on the risks associated with teenage use of dating apps and offers practical advice on how to navigate this tricky territory.
Before we delve into the potential harm associated with dating apps, it’s important to comprehend why they are increasingly popular among teenagers. Essentially, these platforms provide an easy and convenient way for teens to connect with others, particularly during a pandemic when physical interactions are limited.
Moreover, dating apps may seem enticing due to their perceived freedom and anonymity. They allow teens to explore their own identities and relationships without the immediate scrutiny or judgment inherent in offline social settings. Such apps also hold the promise of romance and excitement, feeding into the natural curiosity and development of adolescents.
While dating apps can help in forging connections, they also have a darker side that cannot be ignored. One of the main issues is that they often cater to an adult audience, exposing teenagers to mature content and interactions they might not be equipped to handle. This could include explicit sexual content, cyberbullying, or even predatory behavior.
Further, many apps do not verify users’ ages, making it easy for older individuals to interact with younger users – a practice that can potentially lead to grooming and exploitation. While some might argue that ‘age is just a number,’ when it comes to online safety, even a few years can make a significant difference. A 19-year-old chatting with a 14-year-old might not seem like a big deal, but when you factor in the vast differences in maturity and life experience, the dynamic becomes more concerning.
→ Dig Deeper: AI Goes Dating: McAfee Study Shows 1 in 3 Men Plan to Use Artificial Intelligence to Write Love Letters this Valentine’s Day
In addition to the immediate dangers of inappropriate content and interactions, the use of dating apps also raises serious concerns about online privacy and data security. These platforms usually require a significant amount of personal information from users — everything from their name and location to personal preferences and pictures.
This data can be misused, leading to identity theft, online stalking, or other forms of cybercrime. Also, once information is shared online, it becomes almost impossible to completely erase it. A seemingly innocent picture or remark can resurface years later, potentially affecting future career prospects or personal relationships.
Dating apps have become increasingly prevalent, opening up new avenues for meeting people. While these platforms can be a way to connect, they also pose potential dangers, especially for young users. As a parent, it’s crucial to be proactive in safeguarding your kids from the risks associated with dating apps. This guide will provide you with essential tips and insights on how to protect your children and educate them about responsible online behavior, ensuring their safety in the world of digital dating:
Confronting your teen about the risks of dating apps can be a daunting task, especially if you are met with resistance or the classic “You just don’t understand” retort. So, how can you approach this subject effectively? One of the most crucial steps is to maintain open lines of communication.
Encourage your teen to share their experiences online, and assure them that they can come to you with their concerns or fears without judgment. Regularly discussing online safety might seem repetitive, but it is a crucial aspect of ensuring your child is well-equipped to navigate the online world safely and responsibly.
Remember, banning or strictly controlling internet use might seem like the easiest solution, but it can backfire by causing your teen to become more secretive or rebellious. Instead, strive to cultivate an environment where your teen feels comfortable discussing their online activities, helping them understand the potential risks and consequences.
McAfee Pro Tip: Balancing screen time and healthy device use is a constant challenge for parents. While devices connect kids to identity and peer acceptance, they also open the door to issues like cyberbullying, predators, risky behavior, and self-image struggles. We advise you to find and identify the right time to implement parental controls.
The next step after open communication is teaching responsible online behavior. It is essential to educate our children on the basic principles of online safety. This includes understanding privacy settings, the dangers of sharing personal information, and the importance of reporting any suspicious activity.
Moreover, explaining the permanence of internet actions can help teens grasp the seriousness of their online conduct. Highlight real-life examples of individuals who have faced the consequences due to inappropriate online behavior to drive your points home.
If your child is using or is interested in using dating apps, it’s crucial to do your homework. Familiarize yourself with the apps they are using or are curious about – download them, explore their interfaces, and understand their privacy settings. This will help you create a natural dialogue about their usage and will empower you to offer guidance on their functionality and potential risks. For instance, some apps may have location-sharing features that might be dangerous, while others might have robust reporting systems against harassment or bullying.
Then, open a conversation about these apps. Discuss the benefits and dangers of using them, reinforcing the principles of responsible online behavior. This discussion should cover what information should never be shared (like home address or school location), the importance of reporting inappropriate behavior, and the potential emotional implications of engaging romantically with strangers online. By maintaining an approachable and non-judgmental attitude, your teen is more likely to listen and take your advice seriously.
→ Dig Deeper: New Global McAfee Cyberbullying Report Reveals Children Now Regularly Face Threats of Racism and Physical Harm Online
While education and open conversation are the foundation of promoting online safety, sometimes, they might not be enough. In such cases, it might become necessary to put certain restrictions in place, which can be done in collaboration with your teen. These could include setting time limits for app usage, employing parental control software, or checking the age restrictions for each app. You could also encourage your teen to only use apps with verified users.
However, these restrictions should not be imposed without discussion. It is important to involve your teen in the decision-making process, explaining your concerns and hearing their point of view. By treating them as partners in their online safety, you not only empower them to make wise decisions but also foster a sense of responsibility towards their online behavior.
Finally, building resilience in your teenager is an invaluable tool in navigating the online world. Dating apps can amplify feelings of rejection, comparison, and inadequacy. Regularly reminding them that their online interactions do not define their worth can help cultivate a healthy online attitude. You should reassure them that it’s okay to turn down advances or stop conversations that make them feel uncomfortable.
Encouraging them to keep their real-world connections strong and to participate in offline activities can also help in grounding their sense of self-worth outside of the digital realm. This resilience will not only safeguard them within the online dating scene but is a life skill that can be applied in all aspects of their lives.
→ Dig Deeper: A Safer Internet for You, Your Family, and Others Too
As parents, we find ourselves in uncharted territories, navigating a digital landscape that we did not experience in our adolescence. But with open communication, education, implementing safety measures, and building resilience, we can help our teens explore these platforms safely. Remember, the goal is not to control every aspect of their online life but to guide and empower them to make responsible choices. After all, we are not just raising children, but future adults. It might seem daunting and even overwhelming at times, but together, we can equip them with the tools they need to stay safe in the online world.
Ensuring your child’s online safety is vital, and McAfee is here to help you safeguard them against the dangers of social media platforms and dating apps. Empower yourself with online safety – opt for McAfee for a more secure and protected online experience.
The post Parents: Are Your Kids Ignoring the Danger of Dating Apps? appeared first on McAfee Blog.
Short-URL services have emerged as a crucial part of the way we use the Internet. With the increasing use of social media, where the number of characters is limited, short-URL services are a useful tool for reducing a URL’s length. However, this convenience also comes with a potential risk. The anonymity provided by these services can serve as a breeding ground for online threats. This article delves deeper into the potential risks associated with using short-URL services and how you can safeguard yourself from these threats.
Short-URL services are online tools that convert a long URL into a short one. These services are often free and easy to use: you simply enter the long URL you wish to shorten and the service will generate a short URL for you. This can be particularly handy for social media platforms such as Twitter, where character limits can make sharing long URLS impractical.
The short URL does not provide any clues about the destination website – it is a random mix of letters and numbers. This lack of transparency can make it difficult for users to determine the legitimacy of the link before clicking it. Consequently, this has opened a pandora’s box for cyber threats, as ill-intentioned individuals can hide malicious links behind these short URLs.
While the brevity provided by short-URL services is a practical solution in the age of character-limited social media posts, it’s important to understand the accompanying risks. With the shortened URL, the original URL is hidden, which can make it challenging for users to discern whether the link is safe or not. This very feature is exploited by cybercriminals who mask malicious sites with short URLs, intending to trick users into visiting harmful web pages.
Phishing attacks, malware, and other types of online fraud can be hidden behind short URLs. Usually, these URLs are distributed via emails, social media, and instant messaging applications. Once clicked, these malicious links can infect a user’s device with malware or lead them to fake websites where sensitive information is collected. This manipulative tactic is known as ‘spoofing’.
→ Dig Deeper: New Malicious Clicker found in apps installed by 20M+ users
The practice of using short URLs has brought about an increased level of vulnerability in cyberspace. Certain security features that help in identifying a malicious website, such as examining the URL structure or the SSL certificate, are effectively nullified by the use of short URLs. As a result, even experienced internet users can fall prey to these malicious tactics. This marks a significant shift in traditional cybersecurity threats, where the danger is now hidden behind the veil of convenience.
→ Dig Deeper: “This Connection Is Not Private” – What it Means and How to Protect Your Privacy
Even more concerning is the fact that once a short URL is generated, it remains active indefinitely. This means a malicious link can continue to exist and pose a threat long after the original malicious activity has been detected and dealt with. Given the scale at which these short URLs are generated and shared across various digital platforms, the potential for harm is vast and hard to contain.
Given the opacity provided by short-URL services, they have become a popular tool among cybercriminals. A report by the cybersecurity firm Symantec found that 87% of the malicious URLs used in massive cyber-attacks were actually short URLs. This stark statistic illustrates the size of the problem at hand and the urgent need for adequate measures to tackle it.
Short URLs are like a wolf in sheep’s clothing. They appear harmless, but the reality could be contrary. Without the ability to inspect the actual URL, users can unknowingly fall into a trap set by online fraudsters. The success of these threats relies heavily on the victim’s ignorance and the inability to determine the authenticity of the link they are clicking on.
To fully comprehend the risks associated with short URLs, let’s examine a few real-life cases where short URLs were used to spread cyber threats. In one instance, a malicious short URL was used to propagate a Facebook scam that promised users a free gift card if they clicked on the link. Instead of a gift card, the link led users to a phishing site designed to steal personal information.
→ Dig Deeper: Don’t Take a Bite out of that Apple Gift Card Scam
In another instance, an email campaign used a short URL to spread the notorious Locky ransomware. The email contained an invoice with a short URL, which when clicked, downloaded the ransomware onto the user’s device. These two cases underscore the severe risks associated with short URLs and highlight the importance of exercising caution when dealing with such links.
While the threats presented by short URLs are real and potentially damaging, internet users are not entirely helpless against them. There are certain measures that can be taken to avoid falling victim to these threats. Below are some of the ways to ensure safe browsing habits:
Firstly, be wary of any strange or unexpected links, even if they come from trusted sources. Cybercriminals often disguise malicious links to appear as though they are from trusted sources, in a tactic known as ‘spoofing’. However, if an email or a message seems out of character or too good to be true, it’s best to avoid clicking on the link.
Secondly, consider using URL expansion services. These services allow you to enter a shortened URL and then reveal the full URL, enabling you to see where the link will take you before you click on it. This can provide an added layer of security when dealing with unfamiliar links.
Finally, keep your devices and internet security software up to date. This is a simple but effective measure against all forms of online threats, including those hidden in short URLs. By regularly updating your devices and software, you can ensure you have the most recent security patches and protections available.
McAfee Pro Tip: Enhance your online safety and privacy by employing a secure browser. A safe browser incorporates additional security features designed to thwart unauthorized third-party activities during your web surfing sessions. Know more about safe browsing.
While individual users can take steps to protect themselves, institutions also have a role to play in mitigating the threats associated with short URLs. Social media platforms, email providers and companies should all be invested in protecting their users from cyber threats. Implementing stricter URL policies, improving spam filters, and educating users about potential dangers can all help in reducing the risk.
Internet service providers can also have a hand in safeguarding users. For instance, they could monitor and block suspicious short URLs, or provide warnings to users about potential threats. While these measures may not completely eliminate the risk, they can greatly reduce the chances of users falling victim to cyber threats.
Moreover, there’s a growing need for regulatory policies around the usage and creation of short URLs. Instituting thorough checks before a short URL is generated could help in curbing the misuse of these services. Such checks could include verifying the authenticity of the original URL and scanning for potential threats.
Short-URL services undeniably offer a degree of convenience in this age of Twitter-length posts and character-limited updates. However, the potential threats that lurk behind these shortened links cannot be overlooked. Users and institutions need to balance the benefits of these services with the risks, and take appropriate measures to safeguard against potential threats.
While we cannot completely eliminate the risks associated with short URLs, by staying informed, exercising caution, and using tools and resources at our disposal, we can significantly reduce our vulnerability to these threats. In the end, it’s about promoting a safer Internet experience for everyone, where convenience doesn’t come at the cost of security.
Stay informed about the latest online threats plaguing the community today. Explore the insights provided by McAfee to arm yourself with the knowledge needed to protect against evolving cybersecurity challenges.
The post Short-URL Services May Hide Threats appeared first on McAfee Blog.
Smart technology has been on the rise, with internet-connected devices becoming increasingly common in our homes. From smart speakers to smart fridges, these devices are designed to make our lives easier and more efficient. However, they also raise new concerns about privacy and security. One device that has been gaining popularity is the smart coffee maker. While it may seem harmless, there are potential risks associated with this seemingly innocuous device.
A smart coffee maker, like other smart appliances, connects to your home network, offering convenience features such as scheduling brew times, remote start, and customization of your coffee preferences. However, this connectivity also opens the door to potential cybersecurity threats. If not properly managed, your smart coffee maker could be brewing up more than just your morning pick-me-up.
The central issue lies in the connectivity of these smart coffee makers. Just like your computer or smartphone, any device that connects to the internet can potentially be hacked. This may result in theft of personal information, disruption of your network, or even malicious use of the device itself. And while a hacked coffee maker might not seem like a big deal, it could be used as a gateway to access other, more sensitive devices on your network.
Many people may not even realize that their smart coffee maker poses a security risk. After all, it doesn’t store personal data like a phone or computer does. However, once it’s connected to your network, it becomes a potential entry point for hackers. And because it’s a relatively new type of device, it might not have the same level of security measures that more well-established smart devices have.
Another serious concern with smart coffee makers and similar devices is privacy. Some smart appliances have microphones, cameras, or other sensors that can monitor your habits and collect data. This data can potentially be sold to advertisers or used for other less-than-ethical purposes.
→ Dig Deeper: What Personal Data Do Companies Track?
Even if your smart coffee maker doesn’t have these features, it still collects data about your coffee habits, such as when you usually make coffee and how much you make. This information, while not as sensitive as personal or financial data, could still be valuable to advertisers and other third parties.
While it might seem far-fetched, hackers can cause a lot of trouble with a compromised coffee maker. One obvious issue is simple annoyance or disruption. A hacker could, for example, repeatedly start the brew cycle at odd hours, wasting coffee and creating a mess. But the potential problems go beyond simple pranks.
A more serious concern is that a hacker could use the coffee maker as a stepping stone to infiltrate the rest of your network. This could potentially give them access to sensitive data stored on other devices, such as personal documents on your computer or personal information stored on your phone. In some cases, they could even take control of other smart devices connected to your network.
The good news is that there are steps you can take to secure your smart coffee maker and other connected devices:
→ McAfee Pro Tip: Be cautious when downloading apps, especially third-party ones. Certain applications might contain malware or viruses that pose a threat to your device’s security.
While consumers have a responsibility to use their devices securely, manufacturers also have a role to play in improving the security of smart appliances. They can, for instance, design devices with security in mind from the outset. This could involve using secure coding practices and running through security tests before releasing a product. Manufacturers can also provide timely updates and clear instructions on how to apply them.
Manufacturers should also be transparent about what data their devices collect and how it’s used. If a device collects data, the manufacturer should provide clear information about this in the product’s privacy policy. They should also give users the ability to opt out of data collection if they choose.
→ Dig Deeper: The Tradeoff Between Convenience and Security – A Balancing Act for Consumers and Manufacturers
Smart coffee makers, like all connected devices, come with potential security and privacy risks. However, the convenience and efficiencies they offer can make them an attractive addition to your home. With a combination of diligent security practices on the part of the user and responsible design and transparency from manufacturers, these risks can be managed.
Despite the potential issues, this doesn’t mean you should be afraid to use a smart coffee maker or other smart devices. Instead, be aware of the risks and take proactive steps to protect yourself and your data. Whether it’s changing the default password, regularly updating the firmware, or researching before buying, these simple steps can go a long way toward safeguarding your smart home. After all, a warm cup of coffee in the morning should be a comfort, not a cause for concern.
The post Your Smart Coffee Maker is Brewing Up Trouble appeared first on McAfee Blog.
In the realm of cybersecurity, there is one vulnerability that is often overlooked – the human element. While firewalls, encryption, and other security measures can protect our data to a certain extent, the most sophisticated systems can still be breached by clever manipulations of human psychology. This is where the concept of Social Engineering comes in. Through this article, we aim to provide an overview of social engineering, why it is important, and how it is employed.
Social Engineering, in a cybersecurity context, refers to the techniques used by cybercriminals to manipulate individuals into divulging confidential information that can be used for fraudulent purposes. It is essentially an act of tricking people so that they give away their personal information such as passwords, bank account numbers, social security numbers, or other valuable data. This is often achieved not through technical means, but through human interactions.
Because most people are not aware that they are being targeted until it’s too late, social engineering is considered one of the biggest threats to cybersecurity. The success of a social engineering attack relies heavily on the ability to make the target believe that the attacker is someone they can trust or someone who has a legitimate reason for needing the information being sought. It exploits the natural tendency of a person to trust others and to want to help others, especially those who appear to be in a position of authority or in distress.
There are various types of social engineering attacks, each of which uses different tactics to trick victims. From sophisticated email scams to personalized impersonation, the variety of approaches underscores the need for a comprehensive understanding of these deceptive tactics to fortify defenses against the ever-evolving landscape of cyber threats. Let’s take a look at some of the most common types of social engineering attacks today:
Pretexting:
Vishing (Voice Phishing):
→ Dig Deeper: Artificial Imposters—Cybercriminals Turn to AI Voice Cloning for a New Breed of Scam
Baiting:
Quid Pro Quo:
Impersonation:
→ Dig Deeper: Fighting Mobile Phone Impersonation and Surveillance
Watering Hole Attacks:
Understanding the intricacies of these social engineering tactics is crucial for individuals and organizations alike, empowering them to recognize and thwart these manipulative strategies in an ever-evolving digital landscape.
At its core, social engineering is about exploiting the human element of security. It takes advantage of our ingrained behaviors and tendencies to trust and to want to be helpful. For instance, most people will not suspect a friendly phone call or an email from a co-worker to be a potential threat. As such, cybercriminals use these characteristics to their advantage in executing their attacks.
Psychology plays a crucial role in successful social engineering attacks. By understanding and manipulating human emotions such as fear, curiosity, greed, and the desire to help others, cybercriminals can more effectively trick their victims into falling for their scams. For example, they may send an email posing as the victim’s bank, warning of suspicious account activity and prompting them to verify their account credentials. In fear of losing their hard-earned savings, the victim is likely to comply, thus giving the attacker what they want.
→ Dig Deeper: Social Engineering—The Scammer’s Secret Weapon
In dealing with social engineering, awareness is the first line of defense. Individuals and businesses should ensure that they are familiar with the various types of social engineering attacks and how they operate. They should learn to recognize the common signs of these attacks, such as emails containing spelling and grammatical errors, or emails requesting urgent action or confidential information.
Strong, unique passwords and multi-factor authentication can also serve as deterrents to social engineering attacks. It’s crucial to regularly update and secure your systems, use encryption for sensitive data, and always verify the identity of individuals before divulging any personal or sensitive information. Additionally, organizations should hold regular training sessions to teach employees about social engineering tactics and how to respond to potential threats. It’s better to be safe than sorry – when in doubt, don’t give it out.
→ Dig Deeper: Protect Your Digital Life: Why Strong Passwords Matter
The consequences of falling victim to a social engineering attack can be devastating. Personal consequences may include financial loss, identity theft, and damage to personal reputation. Businesses that fall victim to such attacks can suffer damage to their brand reputation, financial loss from theft or fines due to non-compliance with data protection laws, and loss of customer trust.
Moreover, the information obtained through social engineering attacks can be used for further attacks, making the problem even more severe. For instance, a cybercriminal who has obtained someone’s email password can use it to send out phishing emails to the victim’s contacts, thus spreading the attack even further. The ripple effect of social engineering can therefore, lead to widespread damage, affecting not just individuals, but also the organizations they are a part of.
McAfee Pro Tip: Modern social engineering campaigns bear a striking resemblance to authentic communications from reputable organizations. Meticulously crafted, these campaigns may have grammatical correctness and seamlessly blend into plausible scenarios. Despite their polished appearance, their underlying objective remains consistent – the acquisition of sensitive information. Protect your personal data and identity with McAfee+ to avoid the consequences of social engineering.
It is clear that social engineering poses a significant risk to cybersecurity. This form of manipulation exploits the human vulnerability to trust and help others, leading to the disclosure of confidential information that can be used for fraudulent purposes. Despite advances in technology and security protections, this threat remains prevalent due to the human factor.
Individuals and organizations must stay educated and vigilant against these attacks. Only through awareness and adequate protective measures can the risk of social engineering be mitigated. By understanding the psychology of these attacks, recognizing the common signs, and employing prevention techniques, one can create a strong first line of defense against social engineering. In the realm of cybersecurity, every person should remember that they could potentially be the weakest link, but with adequate precautions, they can also be the strongest asset.
The post What is Social Engineering? appeared first on McAfee Blog.
As the tax season draws near, the incidence of cybercrime, particularly phishing for W-2s, tends to increase dramatically. Cybercriminals are aware that this is the time of year when many unsuspecting individuals are completing their tax returns, and they design schemes to exploit this vulnerability. This blog raises awareness about this growing problem and offers practical advice for keeping your financial data safe during tax season.
W-2 phishing scams often involve emails that appear to be from the IRS or another official source, requesting personal information. These phishing emails can be highly sophisticated, often mimicking the look and feel of legitimate communications. The goal is to trick the recipient into revealing confidential data, such as social security numbers and financial information, which the perpetrator can then use for fraudulent purposes. The first step in protecting against such scams is understanding how they work and being able to recognize the red flags.
Phishing scams are fundamentally deception tactics—disguised as legitimate correspondence, they aim to trick the recipient into parting with sensitive information. In the case of W-2 phishing scams, the perpetrator often poses as an employer, government agency, or financial institution. The message may request that the recipient update their personal information, verify their identity, or provide their W-2 form. Typically, these emails have a sense of urgency, indicating that failure to comply will result in adverse consequences.
The contents of a phishing email are often compelling and appear to be authentic. They may contain official logos, legal disclaimers, and even legitimate contact details. However, closer examination often reveals telltale signs of phishing. For example, the email address of the sender may not match the organization they claim to represent, or the message may contain poor grammar and spelling. Additionally, phishing emails often require the recipient to click a link or open an attachment—actions that could potentially install malware on the victim’s device or redirect them to a fraudulent website.
McAfee Pro Tip: Nowadays, those sneaky social engineering tricks look a lot like legit messages from well-known folks. They’re super well-crafted, with proper grammar, and seamlessly fit into everyday situations. But don’t be fooled by their slick appearance – underneath it all, they’re still after your sensitive info. Keep your personal stuff safe and sound with McAfee+ to dodge the headaches that come with social engineering.
Recent years have seen a significant increase in the number of reported W-2 phishing scams. According to the FBI’s Internet Crime Complaint Center (IC3), thousands of these scams occur every tax season, leading to substantial financial losses and ID theft. Not only does this affect individuals, but businesses too. In fact, some companies have reported instances where their entire workforce was targeted, resulting in massive data breaches.
The impact of falling for a W-2 phishing scam can be devastating. Once cybercriminals have gained access to your financial data, they can use it in a variety of malicious ways. This may include filing fraudulent tax returns, opening new credit accounts, or even selling the information on the black market. The recovery process from such scams can be lengthy and stressful, as victims have to prove their identity to the IRS, their bank, and credit reporting agencies. Additionally, they need to monitor their financial activity closely for signs of any further unauthorized transactions or fraudulent activities.
→ Dig Deeper: Watch Out For IRS Scams and Avoid Identity Theft
Given the prevalence and potential impact of W-2 phishing scams, it’s crucial to take steps to protect yourself. One of the most effective strategies is to improve your digital literacy, namely your ability to identify and respond appropriately to phishing attempts. This includes being skeptical of unsolicited emails, especially those that ask for personal or financial information. Always verify the sender’s identity before responding or clicking any links. Remember, legitimate organizations rarely request sensitive information via email.
Another important safeguard is to ensure your computer and mobile devices are protected with up-to-date security software. This can help identify and block potential phishing emails and malicious links. Further, regularly backing up data can help mitigate the potential damage caused by a successful breach. Consider using a secure cloud service or an external storage device for this purpose.
Next is to file your tax returns as early as possible. By doing so, you can beat the scammers who might make an attempt to file a fraudulent tax return in your name. Additionally, if you receive an email that appears suspicious, do not click on the links or download the attachments included in that email. Instead, forward the suspicious email to phishing@irs.gov.
Finally, two-factor authentication (2FA) is another excellent way to safeguard your data. By enabling 2FA, you are adding an extra layer of security that makes it harder for cybercriminals to access your data even if they get your password. Additionally, always be cautious about sharing your personal and financial information online. Make sure that you only enter such information on secure websites – those with ‘https://’ in the URL. Regularly check your financial accounts for any suspicious activity and report immediately to your bank if you notice anything unusual.
If you believe you have fallen victim to a W-2 phishing scam, it is crucial to act quickly. If you have divulged your social security number, contact the IRS immediately. They can aid you in taking steps to prevent potential tax fraud. Additionally, it would be wise to file an identity theft affidavit (Form 14039) with the IRS. This form alerts the IRS to the theft of your identity and allows them to secure your tax account.
Additionally, you should report the phishing scam to the Federal Trade Commission (FTC) using the FTC Complaint Assistant at FTC.gov. If you have clicked on a link or downloaded a suspicious attachment, run a full antivirus scan to check for malware. You should also consider placing a fraud alert or a credit freeze on your credit reports, which makes it harder for someone to open a new account in your name. Finally, you should check your credit reports frequently for any signs of fraudulent activity.
→Dig Deeper: Credit Lock and Credit Freeze: Which Service Is Best for You? Both!
Protecting your financial data during tax season is crucial, and being aware of phishing scams can save you from a world of trouble. By understanding the nature of W-2 phishing scams and implementing the above-mentioned best practices, you can keep your sensitive information safe. Remember to always be skeptical of unsolicited emails and never share personal or financial information unless you can confirm the legitimacy of the request. By doing so, you will not only protect yourself but also contribute to the collective fight against cybercrime.
Protecting your W-2 information during tax season is not a one-time effort but a continuous process. Always stay vigilant, and remember that it’s better to be safe than sorry. If you ever suspect that you have become a victim of a W-2 phishing scam, take prompt action by reporting it to the relevant authorities and taking necessary measures to mitigate possible damages. The key to staying safe is staying informed, vigilant, and prepared.
The post How to Protect Your Financial Data During Tax Season appeared first on McAfee Blog.
As with any major holiday or special occasion, Valentine’s Day is unfortunately not immune to scammers looking for an opportunity to exploit unsuspecting individuals. Their deceitful acts can break hearts and bank accounts. In this article, we spotlight some common Valentine’s Day scams, offer tips on how to protect yourself and navigate this romantic day with confidence and caution.
Valentine’s Day is a time when love is in the air. It’s a time to express your feelings for that special someone in your life, or perhaps even embark on a new romantic journey. But while you’re busy planning that perfect dinner or choosing the ideal gift, there’s an unromantic side to the day that you should be aware of – the potential for scams.
Scammers, always looking for new ways to trick people into parting with their money, use the heightened emotions of Valentine’s Day to their advantage. They prey on the unwary, the love-struck, and even the lonely – anyone who might let their guard down in the quest for love or the pursuit of the perfect gift. And in our increasingly digital world, these unscrupulous individuals have more ways than ever to reach potential victims.
→ Dig Deeper: AI Goes Dating: McAfee Study Shows 1 in 3 Men Plan to Use Artificial Intelligence to Write Love Letters this Valentine’s Day
Knowledge is power, as the saying goes, and that’s certainly true when it comes to protecting yourself from scams. By understanding the types of scams that are common around Valentine’s Day, you can be better prepared to spot them – and avoid falling victim.
One of the most common Valentine’s Day scams is the romance scam. Scammers, often posing as potential love interests on dating websites or social media, manipulate victims into believing they are in a romantic relationship. Once they have gained their victim’s trust, they ask for money – perhaps to pay for a flight so they can meet in person, or because of a sudden personal crisis. These scams can be emotionally devastating, and they can also result in significant financial loss.
→ Dig Deeper: Fraudulent Adult Dating Services Turn 10 Years Old, Still Evolving
Another popular scam around Valentine’s Day involves online shopping. With many people seeking the perfect gift for their loved ones, scammers set up fake websites that appear to sell everything from jewelry to concert tickets. After making a purchase, the unsuspecting victim either receives a counterfeit product or, in some cases, nothing at all. Additionally, these sites may be designed to steal credit card information or other personal data.
Phishing scams are also common. In these scams, victims receive emails that appear to be from a legitimate company – perhaps a florist or a candy company – asking them to confirm their account information or to click on a link. The goal is to steal sensitive information, such as credit card numbers or login credentials.
While the existence of these scams is unquestionably concerning, the good news is that there are steps you can take to protect yourself. Valentine’s Day should be a celebration of love, not a source of stress and worry.
One of the most important is to be aware that these scams exist and to be cautious when interacting with unfamiliar people or websites. If something seems too good to be true, it probably is.
When shopping online, make sure the website you are using is secure, and consider using a credit card, which offers greater protection against fraud compared to other forms of payment. Be wary of emails from unknown sources, especially those that ask for personal information or urge you to click on a link.
For shopping scams, it’s recommended to do research on any unfamiliar online retailer before making a purchase. Look for reviews or complaints about the retailer on independent consumer websites. If the website is offering items at a price that seems too good to be true, it likely is. Also, consider the website’s URL. A URL that begins with ‘https://’ indicates that the website encrypts user information, making it safer to input sensitive information than on websites with ‘http://’ URLs.
Forewarned is forearmed, and having advanced strategies to detect and avoid scams is also a strong line of defense. When it comes to online dating, be sure to thoroughly vet any potential romantic interests. This involves doing a reverse image search of profile photos, which can quickly reveal if a picture has been stolen from another online source. Additionally, be aware of red flags such as overly-flattering messages or requests to move the conversation to a private email or messaging app.
McAfee Pro Tip: If you’re considering using one of these for a bit of dating beyond a dating app or simply to stay connected with family and friends, the key advice is to do your homework. Look into their security measures and privacy policies, especially because some have faced security issues recently. For more information, take a look at this article on video conferencing to ensure you can keep hackers and uninvited guests away when you’re chatting.
If you come across a scam or fall victim to one, it’s crucial to report it to the appropriate authorities. This helps law enforcement track down scammers and alert others to the scam. In the U.S., you can report scams to the Federal Trade Commission through their website. If the scam involves a financial transaction, also report it to your bank or credit card company. They may be able to help recover your funds or prevent further losses.
Additionally, take steps to protect yourself after falling victim to a scam. This could involve changing passwords, monitoring your financial accounts for unusual activity, or even freezing your credit. It can also be beneficial to alert your friends and family to the scam, both to protect them and to gain their support and assistance in dealing with the aftermath of the scam.
→ Dig Deeper: How To Report An Online Scam
The unfortunate reality is that scammers are ever-present and always looking for new ways to exploit unsuspecting victims. However, by being informed, cautious, and proactive, you can significantly decrease your chances of falling victim to a Valentine’s Day scam. Whether you’re looking for love or shopping for the perfect gift, remember to always prioritize your safety and security.
And if you do encounter a scam, take comfort in knowing that you’re not alone and there are resources available to help. McAfee’s blogs and reports are just some of them. By reporting scams to the authorities, you’re doing your part to help stop scammers in their tracks and protect others from falling victim. Remember, Valentine’s Day is a day for celebrating love, not for worrying about scammers. Stay safe, stay informed, and don’t let a scammer ruin your Valentine’s Day.
Remember to always stay vigilant. Protect your heart and your bank account, and make sure your Valentine’s Day is filled with love and happiness, not regret and frustration. Don’t let scammers break your heart or your bank account – on Valentine’s Day or on any other day.
The post Valentine’s Alert: Don’t Let Scammers Break Your Heart or Your Bank Account appeared first on McAfee Blog.
Bullying is a pervasive problem in our society, occurring in schools, workplaces, online, and even within families. It can cause immense physical and emotional pain, leading to decreased self-esteem, increased anxiety, and even suicide in extreme cases. Given its severe potential consequences, it’s critical for every one of us to take steps to end the hate and stomp out bullying.
This article explores 10 ways in which you can stand up against bullying, ranging from individual actions to community-based initiatives. Remember, each effort counts. Together, we can create a world where respect, kindness, and acceptance rule over hate and intimidation.
Before we delve into the various ways to combat bullying, it’s important to first understand what it is. The World Health Organization defines bullying as “repeated exposure to negative actions from one or more individuals.” These actions may involve physical aggression, verbal abuse, intentional exclusion, public humiliation, or harmful manipulation.
Understanding the nature and effects of bullying is the first step in combating it. Recognizing the signs of bullying is essential in identifying victims or perpetrators. Those who are bullied often exhibit signs such as unexplained injuries, poor performance or attendance at school or work, changes in eating habits, or sudden loss of friends. On the other hand, those who bully often exhibit increased aggression, difficulty accepting responsibility for their actions, and a constant need to dominate or control others.
Education is a powerful tool in the fight against bullying. By educating yourself about different forms of bullying, its impact, and why it happens, you can better understand the reasons behind these harmful behaviors and approaches to address them. Learn about not just physical and verbal bullying, but also cyberbullying, sexual bullying, prejudicial bullying, and relational aggression.
There are plenty of resources available that can help increase your understanding of bullying. Anti-bullying organizations offer detailed information on different types of bullying, how to identify them, and ways to prevent them. Books and documentaries can also provide personal narratives and insights into the effects of bullying, giving you a deeper understanding of its impact on individuals.
After educating yourself about bullying, the next step is to raise awareness. By spreading the word about bullying and its harmful effects, you can bring this issue to the forefront of more people’s minds. This can be achieved through discussions, presentations, social media campaigns, or organizing events focused on bullying prevention.
Bullying often thrives on silence and ignorance. By bringing the issue to light, you empower victims, bystanders, and even bullies to change their behaviors and attitudes. Remember, change starts with awareness. The more people know about the issue, the more they can do to help combat it.
→ Dig Deeper: What You Do Now To Protect Your Child From Cyberbullying
Empathy is a powerful weapon against bullying. By empathizing with the victim, you are not only providing emotional support but also validating their feelings and experiences. It can help them feel less isolated and more confident to stand up against the bully.
Showing empathy also extends to those who bully. It’s essential to understand that bullies often act out due to their own difficulties. Demonstrating empathy doesn’t mean condoning their actions, but rather understanding their problems and helping them seek the needed support. It also means helping them realize the harm they’re causing and encouraging them to change their patterns of behavior.
→ Dig Deeper: Digital Strategies to Safeguard Your Child from Upsetting and Violent Content Online
Good behavior is often emulated. Thus, being a good role model can have a significant effect on how others treat people around them. Show respect, kindness, and understanding in your everyday interactions, and stand up against any form of intimidation or humiliation you witness.
If you’re in a position of authority (like a parent, teacher, or manager), your role modeling has an even greater impact. Show how conflicts can be resolved calmly and respectfully, and do not tolerate any form of bullying. This not only creates a positive environment but also teaches others about the importance of respectful interactions.
→ Dig Deeper: Helping Kids Think Critically About Influencers They Follow Online
Encouraging open and honest communication can empower victims and bystanders to speak up against bullying. Many times, children and even adults are afraid to express their feelings or fear being dismissed or ridiculed. By promoting a safe and open communication environment, you can help them voice their concerns and experiences without fear of judgment or backlash.
Remember, communication goes both ways. While it’s important to encourage victims and bystanders to speak up, it’s equally crucial for parents, teachers, and friends to listen actively and offer support, guidance, and intervention if necessary.
Don’t be a silent bystander. If you witness bullying, stand up and speak out against it. Bystander intervention can make a significant difference, as it can deter the bully and comfort the victim. It can also encourage other bystanders to take action. But always ensure your own safety before intervening. If you fear a violent reaction, you should report the incident to a trusted adult or authority figure instead.
Speaking out against bullying also means challenging discrimination and prejudice whenever you encounter them. Whether it’s racism, sexism, homophobia, or any other form of bias, these attitudes often underpin bullying behavior. By challenging them, you’re helping to create a more inclusive and respectful society.
→ Dig Deeper: Instagram Takes Huge Step to Filter Bullies, Become a Kinder Social Hub
If you know someone who is a victim of bullying, reach out to them. Let them know that they’re not alone and that you’re there to support them. Encourage them to report the bullying, and offer to accompany them if they’re anxious about doing so. You can also help by listening to their experiences, validating their feelings, and providing advice or resources for coping with bullying.
Remember, bullying can have a deep psychological impact on its victims. They may be struggling with issues like anxiety, depression, or low self-esteem. So, your support can make a real difference to their mental well-being. If you’re worried about a victim’s mental health, urge them to seek help from a mental health professional.
If you witness or experience bullying, report it to a trusted adult or authority figure. This could be a teacher, school principal, HR manager, or police officer, depending on the context. Many victims of bullying fear retaliation and so, don’t report their experiences. However, reporting can initiate the process of addressing the issue and holding the bully accountable.
When reporting bullying, it’s important to be specific about what happened. Include details like who was involved, when and where it occurred, what was said or done, and whether there were any witnesses. If the bullying is happening online, take screenshots as evidence. Remember, your report can help protect not only you but also other potential victims.
There are many organizations and programs dedicated to preventing bullying and supporting victims. You can support these initiatives in various ways, such as by donating money or time, participating in their events, or spreading the word about their work. By doing so, you can contribute to their efforts to create a bully-free world.
These anti-bullying organizations and programs often provide resources for education, prevention, and intervention, as well as support services for victims. Their work is crucial in raising awareness about bullying, teaching people how to stand up against it, and giving victims the help they need to recover.
Here are some notable anti-bullying organizations and programs:
If you’re a victim of bullying, it’s essential to practice self-care. Bullying can take a toll on your mental and physical health, but taking care of yourself can help you cope with its effects. This could involve activities like exercising, meditating, journaling, or spending time with loved ones. It could also involve seeking help from a mental health professional.
Self-care is equally important for those supporting victims. Standing up against bullying is a daunting task, and it can leave you feeling stressed or overwhelmed. So, make sure to take care of your own well-being too. Remember, you can’t pour from an empty cup.
Bullying is a grave issue that affects countless individuals worldwide. Its impacts can be devastating, leading to physical, emotional, and psychological harm. However, each one of us can play a crucial role in combating bullying. By educating ourselves, raising awareness, demonstrating empathy, being good role models, encouraging communication, standing up against bullying, reaching out to victims, reporting incidents, supporting anti-bullying initiatives, and practicing self-care, we can contribute to creating a world free from bullying. Remember, every effort counts. Together, with McAfee, we can end the hate and stomp out bullying.
The post End the Hate: 10 Ways to Stand Up and Help Stomp Out Bullying appeared first on McAfee Blog.
In today’s digital age, advanced technology and increased smartphone usage have led to new forms of communication, including sexting. While sexting may seem harmless or even fun to some individuals, it is essential to understand its legal implications, particularly when it involves minors. This article will shine a light on the legal consequences of sexting, with an aim to educate readers about this increasingly common issue.
Sexting, a term combining ‘sex’ and ‘texting,’ refers to the act of transmitting sexually explicit content, including photos, videos, or texts, via digital platforms. Although it is largely associated with teenagers, it occurs amongst adults as well. While consensual sexting between adults in most jurisdictions is legal, the scenario drastically changes when it involves minors.
The legal consequences of sexting can be severe. In many jurisdictions, this activity can come under laws related to child pornography, obscenity, or harassment, to name a few. This article aims to provide a comprehensive understanding of the legal implications related to sexting. Please note that laws may vary based on your location, and this information might not entirely cover the legal aspects of sexting in your specific area.
The exchange of intimate and explicit content, often in the form of text messages, images, or videos, has introduced a myriad of legal considerations. With that, let’s delve into the legal implications of sexting and explore the potential consequences for individuals involved and the challenges posed to legal frameworks. From issues of consent and privacy to the evolving landscape of sexting-related laws, understanding the legal dimensions of this behavior is crucial in navigating the complexities of intimate communication in the digital era.
Most countries’ child pornography laws were enacted before the digital age, so they weren’t originally designed to address sexting. However, in many jurisdictions, these laws have been applied to sexting cases involving minors, resulting in severe consequences. Depending on the jurisdiction, penalties can range from registration as a sex offender to imprisonment.
When sexting involves minors, it is considered illegal, even if the image was self-produced and consensually shared. This is because minors are not legally capable of giving consent. Therefore, an explicit image of a minor is considered child pornography, regardless of who produced or shared it. In many cases, both the sender and the recipient of the explicit content can be charged under child pornography laws.
In addition to child pornography laws, sexting can also be punished under obscenity laws in some jurisdictions. Obscenity laws prohibit the distribution of materials that appeal to the prurient interest, depict sexual conduct in an offensive way, or lack serious artistic, political, or scientific value. These laws are often applied to sexting cases involving adults.
While the definitions of ‘obscene,’ ‘prurient interest,’ and ‘sexual conduct’ may vary from jurisdiction to jurisdiction, generally, explicit sexual content shared without the recipient’s consent can be considered obscene. This means that even if the content was initially shared consensually, further distributing it without the consent of the other party could lead to obscenity charges.
Sexting can also come under the umbrella of harassment or cyberstalking laws. If a person continues to send explicit messages or images after being asked to stop, it could be considered harassment. These laws were enacted to protect individuals from unwanted or offensive communications. Depending on the jurisdiction, harassment laws may also apply if the explicit content is shared with the intent to intimidate, threaten, or embarrass the recipient.
In some cases, sexting becomes a form of revenge porn, which involves sharing explicit content without the consent of the person in the image, often after a relationship has ended. Many jurisdictions have introduced laws to specifically address revenge porn due to its increasing prevalence.
For minors involved in sexting, the legal consequences can be life-altering. In many jurisdictions, minors can be charged with the creation, distribution, or possession of child pornography, even if the explicit content they created, sent, or received was of themselves. These charges can lead to serious penalties, including possible imprisonment and registration as a sex offender.
While some argue that applying child pornography laws to teenage sexting is excessive, it’s important to note that these laws were established to protect children from sexual exploitation. However, many states and countries are reconsidering how these laws apply to consensual sexting between teenagers, with some introducing new laws specifically tailored to address adolescent sexting.
→ Dig Deeper:Could Your Child be Sexting? Signs to Look for and Ways to Respond
It’s important to understand that the laws and penalties related to sexting may vary considerably depending on the jurisdiction. For instance, the United States federal law addresses child pornography as a serious crime, but individual states have different laws regarding sexting between minors. Some states treat sexting between minors as a misdemeanor, while others have introduced ‘sexting-specific’ laws that carry less severe penalties than child pornography laws.
In contrast, legal approaches to sexting in other countries like Australia and Canada involve drawing a distinction between consensual and non-consensual activities. In the United Kingdom, the law is somewhat complex. Although it’s legal for adults to sext, sending or possessing ‘indecent images’ of anyone under 18, even if it’s a selfie, is a criminal act. Meanwhile, in countries like Sweden and Denmark, the focus is on consent, meaning it’s legal for two teenagers to exchange explicit images, provided both parties agree willingly.
Individuals, particularly minors, often underestimate the long-term legal repercussions of sexting. Once charged with a sexual offense, the person might be required to register as a sex offender. This designation can impact various aspects of life, including employment, education, and housing opportunities. More so, the public nature of the sex offender registry means that personal information will be made available to the public, significantly affecting one’s personal and social life.
Further, the digital nature of sexting is such that once an explicit image or message is sent, it’s almost impossible to completely erase it from the internet. This could lead to ongoing issues like cyberbullying, social stigma, and mental health struggles. Moreover, the distribution of explicit content without consent can lead to civil lawsuits for damages.
The best way to avoid the legal consequences of sexting is simply to refrain from the activity. This is particularly crucial for minors. Parents and educators should discuss the legal, social, and emotional implications of sexting with teenagers to help them understand the potential consequences. It is also important to talk about digital citizenship and respect for others’ privacy.
For adults, it’s crucial to ensure there’s mutual consent before sharing explicit content. Sharing explicit images or videos without the consent of the person involved could result in legal action. In circumstances where explicit content is received, it should not be forwarded or shared without explicit permission from the person pictured. Doing so could lead to charges under revenge porn laws, among others.
In navigating the complex legal landscape surrounding sexting, fostering a culture of informed and responsible behavior is key. This involves continuous dialogue, not only about the potential legal consequences but also about building a foundation of trust, respect, and digital mindfulness in both personal and professional spheres. As technology continues to evolve, so too must our understanding of the legal dimensions surrounding intimate communication in the digital age.
McAfee Pro Tip: Explore McAfee Parental Controls to actively manage and monitor your child’s digital footprint. This powerful tool allows you to set boundaries, block inappropriate content, and receive alerts on potentially risky behaviors, including sexting-related activities.
Sexting, especially involving minors, can lead to severe legal consequences. These can range from charges under child pornography laws, obscenity laws, or harassment laws, and can lead to penalties such as imprisonment or being registered as a sex offender. More than ever, with the digital age bringing new modes of communication, it is vital to understand the legal implications of our online behaviors.
While sexting between consenting adults isn’t necessarily illegal, it’s crucial to remember that once an image or video is sent digitally, it can’t truly be taken back. Therefore, it’s essential to make informed decisions about what we choose to share online. Prevention and education are crucial when it comes to avoiding legal issues related to sexting. By fostering open conversations about the risks and implications associated with sexting, we can better equip ourselves and the younger generation to make safer choices in the digital world.
Keep yourself updated on the latest threats that may pose a potential risk to your family, especially your kids. Sexting stands out as merely one instance among a range of risks. Delve into reports from McAfee and other reputable sources to deepen your understanding and bolster your knowledge.
The post Do You Know the Legal Consequences of Sexting? appeared first on McAfee Blog.
NetSupport malware variants have been a persistent threat, demonstrating adaptability and evolving infection techniques. In this technical analysis, we delve into the infection chain, technical intricacies, and IOCs (Indicators of Compromise) of distinct NetSupport variants.
The following is a heatmap depicting the current prevalence of NetSupport in the field. This malware is spreading across the United States and Canada, signifying its geographical reach.
Figure 1 : NetSupport Heat Map
McAfee Labs recently identified a new variation of NetSupport malware, which was distributed through JavaScript, highlighting the evolving tactics employed by cybercriminals.
Infection Chain
Figure 2 : Infection Chain
This Variant starts with a very long JS file. It follows an intricate infection chain, utilizing PowerShell commands. Key steps include changing the directory to the user’s AppData, setting variables, downloading files, and eventually executing ‘client32.exe’. This executable establishes control over the compromised system and registers for auto-startup through Windows Registry, following which the ‘client32.exe’ binary is placed in the ‘MsEdgeSandbox’ folder under AppData, providing persistence.
The JS code looks like as shown in the picture below. Attackers leverage obfuscated JavaScript files as the starting point of an infection chain. These files are designed to bypass security mechanisms and initiate the delivery of malicious payloads.
Figure 3: Encoded Java Script File
It contains a long list of string literals, each consisting of random characters and sequences of letters. These strings are typically used for various purposes in the code, such as constructing URLs, setting values for variables, or possibly for other purposes. The code defines several variables (hy, hY, hE, hi) and a function named ‘y’.
Figure 4 : Encoded Java Script File
Figure 5 : Encoded Java Script File
Figure 6 : Encoded Java Script File
The script shown in the AMSI buffer dumps in Figure 7, begins by changing the directory to the user’s AppData folder. It then sets up variables and proceeds to download and execute files. If certain commands are unavailable, it uses ‘bitsadmin’ for file downloads. The script ensures persistence by altering directory attributes, launching ‘client32.exe,’ and adding a Windows registry entry for automatic execution.
Figure 7 : AMSI Dump
Figure 8 : Code block
Figure 9 : Code block
Figure 10 : Code block
Figure 11 : Code block
Variant 2 of this malware shares a similar infection chain as Variant 1. Like Variant 1, it starts with obfuscated but different JavaScript files and subsequently invokes PowerShell. However, what sets Variant 2 apart is its distinct approach to manipulating files and content. It downloads a text file from a website, decodes base64-encoded data, and creates a ZIP file with potentially malicious content. Variant 2 differs significantly when it comes to file manipulation. Instead of placing the ‘client32.exe’ in the ‘MsEdgeSandbox’ folder like Variant 1, it follows an alternative path. In this case, it establishes the ‘client32.exe’ in a folder labeled ‘D’ under AppData. This distinct approach to file placement sets it apart from Variant 1, despite the shared initial infection chain.
The JS file as shown in Figure 12, includes two variables, ‘F4f’ and ‘EQGMUD.’ ‘F4f’ is set to a specific value, 140743580. ‘EQGMUD’ is a bit more complex; it’s a string formed by converting numerical values into characters. These values are derived by subtracting ‘F4f’ (140743580) from them. Finally, the ‘eval’ function is used to run the code stored in ‘EQGMUD’ as JavaScript, essentially executing this string as a script.
Figure 12 : Encoded Java Script File
The AMSI buffer dumps as shown in Figure 13, contains PowerShell commands that perform several actions, including downloading a file from the internet, extracting it, and making changes to the windows registry.
Figure 13 : AMSI Dump
Figure 14 : Directory Created
Figure 15 : Process Tree
Once the JavaScript file is executed, it launches wscript.exe and then launches PowerShell with the following command.
powershell.exe -ExecutionPolicy Bypass -V
Figure 16 : PowerShell Command
This way, PowerShell with the execution policy set to “Bypass”, which means that PowerShell will not enforce any execution restrictions. This allows scripts to run without any policy-related restrictions.
This malware is known for its persistence and attempts to hide within the user’s profile directories, which makes it challenging to remove.
It creates a “MsEdgeSandbox” folder in AppData in the first variant and downloads the following files in that folder.
Figure 17 : Created Directory
Various installation paths were seen in different variants.
C:\Users\user\AppData\Roaming\Apple2q6lxy6v\client32.exe
C:\Users\user\AppData\Roaming\Apple2q6lxy6v\client32.exe
C:\Users\user\AppData\Roaming\Apple2abm1oct\client32.exe
C:\Users\user\AppData\Roaming\Apple2w35hfwm7\client32.exe
C:\Users\user>\AppData\Roaming\Apple2abm1oct\client32.exe
c:\users\user\appdata\roaming\apple2u8g65jb\client32.exe
C:\Users\user\AppData\Roaming\Apple22w3r7sx\client32.exe
C:\Users\user\AppData\Roaming\Apple2hnrvoo\client32.exe
C:\Users\user\AppData\Roaming\Apple2kvu25\client32.exe
C:\Users\user\AppData\Roaming\Apple25aoyh\client32.exe
C:\Users\user\AppData\Roaming\Apple2i262cp\client32.exe
C:\Users\user\AppData\Roaming\Apple2hnrvoo\client32.exe
C:\Users\user\AppData\Roaming\Apple2g057yi\client32.exe
C:\Users\user\AppData\Roaming\Apple22fu82\client32.exe
C:\Users\user\AppData\Roaming\Apple25aoyh\client32.exe
C:\Users\user\AppData\Roaming\Apple2kvu25\client32.exe
C:\Users\user\AppData\Roaming\Apple22fu82\client32.exe
C:\Users\user\AppData\Roaming\ Apple2_5frlv9\client32.exe
C:\Users\user\AppData\Roaming\ Apple2_y8yyxp\client32.exe
C:\Users\user\AppData\Roaming\ Apple2_v8qm4f\client32.exe
C:\Users\user\AppData\Roaming\ Apple2_y44ztr\client32.exe
C:\Users\user\AppData\Roaming\ Apple2_joafqo\client32.exe
C:\Users\user\AppData\Roaming\ Apple2_ncfy5n\client32.exe
C:\Users\user\AppData\Roaming\ Apple2_v8qm4f\client32.exe
C:\Users\user\AppData\Roaming\ Apple2_y44ztr\client32.exe
C:\Users\user\AppData\Roaming\ Apple2_y8yyxp\client32.exe
C:\Users\user\AppData\Roaming\ Apple2_ncfy5n\client32.exe
C:\Users\user\AppData\Roaming\ Apple2_joafqo\client32.exe
C:\Users\user\AppData\Roaming\ Apple2_5frlv9\client32.exe
C:\Users\user\AppData\Roaming\ Apple2_z8yde3x\client32.exe
C:\Users\user\AppData\Roaming\ Apple2_z8yde3x\client32.exe
C:\Users\user\AppData\Local\Temp\o2pi4q4o.i1y\client32.exe
c:\users\user \appdata\roaming\d\client32.exe
C:\Users\user\AppData\Roaming\D\client32.exe
client32
c:\users\user\appdata\roaming\d\client32.exe
C:\Program Files (x86)\NetSupport\NetSupport DNA\Client\dnarc.exe
c:\program files (x86)\netsupport\netsupport dna\client\dnarc.exe
Figure 18 : File Signature
Client32.ini: This file contains the configuration settings for NetSupport Manager. It governs how NetSupport Manager interacts with managed hosts and allows operators to configure various options.
NSM.LIC: The LIC file contains license details related to the NetSupport Manager installation, which are essential for proper licensing and software activation.
Figure 19 : INI File
jokosampbulid1.com:1412
Domain: jokosampbulid1.com
Port: 1412
C2
Figure 20 : C2 Communication
Figure 21 : HXXP Stream
The analysis of NetSupport malware variants has revealed a persistent and continually evolving threat landscape. These variants employ intricate infection chains and technical intricacies to accomplish their malicious goals. Our investigation has provided insights into their modus operandi, including downloading, and executing files through obfuscated JavaScript code and altering the Windows Registry for persistence.
At McAfee Labs, our commitment is unwavering. We strive to provide robust and effective threat defense mechanisms to safeguard our users from a wide array of threats, including NetSupport and its various iterations. Our security software harnesses the power of signature-based, machine learning, threat intelligence, and behavior-based detection techniques, all working together to identify and thwart threats effectively. In an ever-changing digital landscape, our focus remains on keeping you safe and secure from emerging threats.
| Type | SHA256 |
| JS | 5ffb5e9942492f15460e58660dd121b31d4065a133a6f8461554ea8af5c407aa |
| EXE | 89F0C8F170FE9EA28B1056517160E92E2D7D4E8AA81F4ED696932230413A6CE1 |
| URL | hxxp://45[.]15[.]158[.]212/fakeurl.htm |
| Type | SHA256 |
| JS | 48bc766326068e078cf258dea70d49dcce265e4e6dbf18f1a0ce28d310f6a89a
73e0975c94ebcdec46fd23664ccecf8953dd70eea1f4e5813e7f8cd8d2dbc4f9 |
| URL | hxxps://svirtual[.]sanviatorperu[.]edu[.]pe/readme.txt |
The post Beneath the Surface: How Hackers Turn NetSupport Against Users appeared first on McAfee Blog.
While the majority of us look forward to Black Friday and Cyber Monday for the best deals, there’s another group that’s also eagerly anticipating these dates – cybercriminals. As the number of online shoppers increases, so do the opportunities for cybercriminals to steal personal and financial information. In this article, we will take a closer look at how these cybercriminals operate, and how you can protect yourself from becoming a victim.
With the advent of technology, more and more consumers are shifting towards online shopping. The COVID-19 pandemic has also forced a lot of people to favor this method of purchasing due to health and safety concerns. However, this shift has also opened up a new avenue for cybercriminals who are now focusing their efforts on gathering personal information from these online transactions. In this part of the article, we delve into how these criminals take advantage of Black Friday online sales to access and steal personal data.
The first step in understanding how to protect ourselves is to understand how cybercriminals operate. Black Friday and Cyber Monday provide the perfect opportunity for these criminals as the surge in online traffic can make their malicious activities less noticeable. They exploit the sense of urgency and excitement around these sales, using various tactics to deceive shoppers and gain access to their personal information.
One of the most common methods used by cybercriminals is phishing. It is a form of fraud where cybercriminals impersonate a legitimate organization in an attempt to steal sensitive data. During the Black Friday sale period, these criminals will send out emails or texts that appear to be from renowned retailers offering fantastic deals. However, these emails and texts are embedded with malicious links that when clicked, lead the shopper to a fake website designed to steal their personal and financial information. The shopper, lured by the enticing deal, unsuspectingly enters their details, giving the cybercriminals exactly what they want.
Another common tactic used by cybercriminals is the use of malware and ransomware. Malware is a type of software that is designed to cause damage to a computer, server, or computer network, while Ransomware is a type of malware that threatens to publish the victim’s data or perpetually block access to it unless a ransom is paid. During Black Friday, cybercriminals increase the distribution of such malicious software. Unsuspecting shoppers may download these onto their devices when they click on links or open attachments in emails offering Black Friday deals.
Once the malware or ransomware is downloaded onto the device, the cybercriminals can steal personal information, lock the device, or even use it to conduct other illegal activities. This type of attack is particularly dangerous as it not only compromises personal and financial information, but can also leave the victim with a non-functional device, adding insult to injury. The aftermath of such an attack could be extensive and costly, especially if valuable data is lost or if the ransom is paid to regain access to the device.
→ Dig Deeper: Online Shopping – How To Avoid The Bad So You Can Enjoy The Good!
Card skimming involves the illegal copying of information from the magnetic stripe of a credit or debit card. It is a serious problem in the brick-and-mortar retail sector, however, a new form of this crime has emerged and is becoming a major threat to online shoppers – E-skimming. E-skimming is a method used by cybercriminals to steal credit card information from online shoppers in real-time.
During the Black Friday period, the criminals may compromise a retailer’s website, typically by injecting malicious code into the site’s checkout process. When the shopper enters their credit card information, the criminals capture it. The information is then either used directly to make fraudulent purchases or sold on the dark web. This method is particularly challenging for retailers to combat as it can be difficult to detect, the e-skimming code may lay dormant until the checkout process is initiated, making it even harder to identify.
Now that we understand the methods used by cybercriminals, let’s explore how to protect our personal and financial information during this high-risk period. Cybersecurity should be everyone’s top priority and there are several measures you can take to ensure you don’t fall victim to these cyber-attacks.
Firstly, be skeptical of emails, texts, or advertisements offering too-good-to-be-true deals. Always double-check the source before clicking any links. It’s safer to directly navigate to the retailer’s website via your browser rather than clicking the link in an email or ad. If you receive an email from a retailer, cross-verify it by visiting their official website or contacting them directly. Avoid clicking on links from unknown or suspicious sources.
→ Dig Deeper: Invisible Adware: Unveiling Ad Fraud Targeting Android Users
Secondly, ensure your devices are equipped with up-to-date antivirus and anti-malware software. These tools can detect and block malicious activities, providing a layer of security. Regularly update your software and operating system to patch any vulnerabilities that cybercriminals might exploit. When shopping online, make sure the website’s URL begins with ‘https’, indicating it is secure and encrypted. Furthermore, regularly monitor your bank and credit card statements for any unauthorized transactions.
McAfee Pro Tip: Have you ever encountered a suspicious charge on your credit card and felt uncertain about the next steps to take? Protect yourself with McAfee’s credit monitoring service! Our tool can help you keep an eye on any unusual credit activity to detect potential signs of identity theft.
Finally, consider using a credit card instead of a debit card for online purchases. Credit cards often have better fraud protection and it’s easier to dispute fraudulent charges. Be mindful of where and how you’re sharing your personal information. Avoid making transactions over public WiFi as these networks can be easily compromised. Instead, use your mobile data or a trustworthy, private WiFi network.
While consumers can take steps to protect themselves, retailers also play a crucial role in ensuring the security of their customers’ data. They need to be proactive in implementing robust security measures and constantly monitoring for any suspicious activities. Regular audits and penetration testing can help identify potential vulnerabilities and fix them before they can be exploited.
Businesses should educate their employees on cybersecurity best practices and how to identify phishing attempts. Regular training can help prevent accidental breaches as well as deliberate insider threats. Employing secure payment systems and encryption are other steps retailers can take to safeguard customer data.
Multi-factor authentication can add an additional layer of security, making it harder for cybercriminals to gain access. Retailers should also have a response plan in place in case of a data breach, to minimize damage and swiftly communicate to affected customers.
Black Friday and Cyber Monday present lucrative opportunities for cybercriminals intent on stealing personal and financial information. However, understanding their tactics and taking proactive measures can significantly reduce the risk of falling victim to these attacks. From phishing and malware to E-skimming, the threats are diverse and evolving, but with caution and cybersecurity measures in place, both consumers and retailers can enjoy the benefits of these sales events safely.
Remember, if a deal seems too good to be true, it probably is. Be vigilant, keep your software updated, and prioritize safe shopping practices. Retailers, on the other hand, need to constantly monitor and update their security systems, educate their employees, and most importantly, ensure transparency with their customers. Together, we can make online shopping safer, not just during Black Friday, but throughout the year.
The post How Cybercriminals Are Shopping for Personal Data This Black Friday appeared first on McAfee Blog.
When we come across the term Artificial Intelligence (AI), our mind often ventures into the realm of sci-fi movies like I, Robot, Matrix, and Ex Machina. We’ve always perceived AI as a futuristic concept, something that’s happening in a galaxy far, far away. However, AI is not only here in our present but has also been a part of our lives for several years in the form of various technological devices and applications.
In our day-to-day lives, we use AI in many instances without even realizing it. AI has permeated into our homes, our workplaces, and is at our fingertips through our smartphones. From cell phones with built-in smart assistants to home assistants that carry out voice commands, from social networks that determine what content we see to music apps that curate playlists based on our preferences, AI has its footprints everywhere. Therefore, it’s integral to not only embrace the wows of this impressive technology but also understand and discuss the potential risks associated with it.
→ Dig Deeper: Artificial Imposters—Cybercriminals Turn to AI Voice Cloning for a New Breed of Scam
AI, a term that might sound intimidating to many, is not so when we understand it. It is essentially technology that can be programmed to achieve certain goals without assistance. In simple words, it’s a computer’s ability to predict, process data, evaluate it, and take necessary action. This smart way of performing tasks is being implemented in education, business, manufacturing, retail, transportation, and almost every other industry and cultural sector you can think of.
AI has been doing a lot of good too. For instance, Instagram, the second most popular social network, is now deploying AI technology to detect and combat cyberbullying in both comments and photos. No doubt, AI is having a significant impact on everyday life and is poised to metamorphose the future landscape. However, alongside its benefits, AI has brought forward a set of new challenges and risks. From self-driving cars malfunctioning to potential jobs lost to AI robots, from fake videos and images to privacy breaches, the concerns are real and need timely discussions and preventive measures.
AI has made it easier for people to face-swap within images and videos, leading to “deep fake” videos that appear remarkably realistic and often go viral. A desktop application called FakeApp allows users to seamlessly swap faces and share fake videos and images. While this displays the power of AI technology, it also brings to light the responsibility and critical thinking required when consuming and sharing online content.
→ Dig Deeper: The Future of Technology: AI, Deepfake, & Connected Devices
Yet another concern raised by AI is privacy breaches. The Cambridge Analytica/Facebook scandal of 2018, alleged to have used AI technology unethically to collect Facebook user data, serves as a reminder that our private (and public) information can be exploited for financial or political gain. Thus, it becomes crucial to discuss and take necessary steps like locking down privacy settings on social networks and being mindful of the information shared in the public feed, including reactions and comments on other content.
McAfee Pro Tip: Cybercriminals employ advanced methods to deceive individuals, propagating sensationalized fake news, creating deceptive catfish dating profiles, and orchestrating harmful impersonations. Recognizing sophisticated AI-generated content can pose a challenge, but certain indicators may signal that you’re encountering a dubious image or interacting with a perpetrator operating behind an AI-generated profile. Know the indicators.
With the advent of AI, cybercrime has found a new ally. As per McAfee’s Threats Prediction Report, AI technology might enable hackers to bypass security measures on networks undetected. This can lead to data breaches, malware attacks, ransomware, and other criminal activities. Moreover, AI-generated phishing emails are scamming people into unknowingly handing over sensitive data.
→ Dig Deeper: How to Keep Your Data Safe From the Latest Phishing Scam
Bogus emails are becoming highly personalized and can trick intelligent users into clicking malicious links. Given the sophistication of these AI-related scams, it is vital to constantly remind ourselves and our families to be cautious with every click, even those from known sources. The need to be alert and informed cannot be overstressed, especially in times when AI and cybercrime often seem to be two sides of the same coin.
As homes evolve to be smarter and synced with AI-powered Internet of Things (IoT) products, potential threats have proliferated. These threats are not limited to computers and smartphones but extend to AI-enabled devices such as voice-activated assistants. According to McAfee’s Threat Prediction Report, these IoT devices are particularly susceptible as points of entry for cybercriminals. Other devices at risk, as highlighted by security experts, include routers, and tablets.
This means we need to secure all our connected devices and home internet at its source – the network. Routers provided by your ISP (Internet Security Provider) are often less secure, so consider purchasing your own. As a primary step, ensure that all your devices are updated regularly. More importantly, change the default password on these devices and secure your primary network along with your guest network with strong passwords.
Having an open dialogue about AI and its implications is key to navigating through the intricacies of this technology. Parents need to have open discussions with kids about the positives and negatives of AI technology. When discussing fake videos and images, emphasize the importance of critical thinking before sharing any content online. Possibly, even introduce them to the desktop application FakeApp, which allows users to swap faces within images and videos seamlessly, leading to the production of deep fake photos and videos. These can appear remarkably realistic and often go viral.
Privacy is another critical area for discussion. After the Cambridge Analytica/Facebook scandal of 2018, the conversation about privacy breaches has become more significant. These incidents remind us how our private (and public) information can be misused for financial or political gain. Locking down privacy settings, being mindful of the information shared, and understanding the implications of reactions and comments are all topics worth discussing.
Awareness and knowledge are the best tools against AI-enabled cybercrime. Making families understand that bogus emails can now be highly personalized and can trick even the most tech-savvy users into clicking malicious links is essential. AI can generate phishing emails, scamming people into handing over sensitive data. In this context, constant reminders to be cautious with every click, even those from known sources, are necessary.
→ Dig Deeper: Malicious Websites – The Web is a Dangerous Place
The advent of AI has also likely allowed hackers to bypass security measures on networks undetected, leading to data breaches, malware attacks, and ransomware. Therefore, being alert and informed is more than just a precaution – it is a vital safety measure in the digital age.
Artificial Intelligence has indeed woven itself into our everyday lives, making things more convenient, efficient, and connected. However, with these advancements come potential risks and challenges. From privacy breaches, and fake content, to AI-enabled cybercrime, the concerns are real and need our full attention. By understanding AI better, having open discussions, and taking appropriate security measures, we can leverage this technology’s immense potential without falling prey to its risks. In our AI-driven world, being informed, aware, and proactive is the key to staying safe and secure.
To safeguard and fortify your online identity, we strongly recommend that you delve into the extensive array of protective features offered by McAfee+. This comprehensive cybersecurity solution is designed to provide you with a robust defense against a wide spectrum of digital threats, ranging from malware and phishing attacks to data breaches and identity theft.
The post AI & Your Family: The Wows and Potential Risks appeared first on McAfee Blog.
In today’s digital era, pickpocketing has taken a new form. Gone are the days when thieves would physically steal your wallet. Instead, they are using sophisticated techniques to steal your personal information and drain your bank accounts without you even realizing it. This article aims to shed light on digital pickpocketing, its impacts on your digital assets, and measures to prevent it.
Digital pickpocketing, also known as electronic pickpocketing or e-pickpocketing, refers to the use of digital tools and technologies to steal someone’s personal information without their knowledge or consent. The information stolen usually includes credit card numbers, passwords, and other sensitive details that can be used for fraudulent activities.
→Dig Deeper: Russian Hackers Steal 1.2 Billion Passwords
It’s important to note that digital pickpocketing doesn’t only happen on the internet. With the advancement of technology, pickpockets can now steal your credit card information just by standing close to you, thanks to a method called Radio Frequency Identification (RFID) skimming. This makes digital pickpocketing a pervasive threat that needs urgent attention.
Before we delve into ways to prevent digital pickpocketing, it’s crucial to understand how it happens. There are numerous ways somebody can fall victim, and being informed about these methods is the first line of defense.
The most common form of digital pickpocketing is done via malicious software programs called malware. These programs find their way onto your computer or smartphone through email attachments, infected websites, or unsecured Wi-Fi networks. Once installed, they work quietly in the background, collecting your personal data and sending it off to the thief.
Another method is phishing, where fraudsters impersonate a trustworthy entity such as a bank or a website you frequent, tricking you into providing your personal information. The communication usually appears as an urgent call-to-action, prompting you to click on a link or download an attachment, which ultimately leads to your information being stolen.
RFID skimming, on the other hand, involves the use of a portable device that scans and records data from RFID-enabled cards when they come into its proximity. This method doesn’t require internet access or any form of physical contact, making it a more stealthy approach to digital pickpocketing.
The consequences of digital pickpocketing stretch far beyond financial loss. The theft of your personal information can lead to numerous problems, including identity theft, damaged credit score, and emotional distress.
Identity theft can be particularly damaging. Once a fraudster has enough of your personal information, they can potentially open new bank accounts, take out loans, or even commit crimes in your name. Not only could this lead to a huge financial mess, but it could also get you into legal trouble.
Furthermore, if credit card information is stolen and used fraudulently, it can significantly damage your credit score. A low credit score can make it more difficult to get loans, secure housing, or even find employment. The process of repairing your credit can be long and arduous, causing unnecessary stress and inconvenience.
Preventing digital pickpocketing is possible with the right precautions. Protecting your personal information demands a proactive approach. Here are some tips and steps to help prevent digital pickpocketing:
Digital pickpocketing poses a serious threat in this digital age. However, with the right information and measures, you can protect your personal information and avoid falling victim. Remember, prevention is always better than cure.
If you’ve fallen victim to digital pickpocketing, swift action is key. The first step is to contact your bank or credit card company and inform them about the theft. Most companies have policies in place to protect their customers, and they can help prevent further damage by blocking your card or changing your account details.
Next, file a report with your local law enforcement, and consider contacting a credit reporting agency to place a fraud alert on your credit file. This can make it harder for a thief to open more accounts in your name. It’s also important to change your passwords and consider enrolling in an identity protection service, which can monitor your credit and personal information for any suspicious activity.
While technology has given rise to digital pickpocketing, it also offers solutions to combat it. Many apps and services now feature advanced security measures such as biometric authentication, encryption, and machine learning algorithms to detect and prevent fraudulent activities.
→ Dig Deeper: Banks are Using Biometric Measures to Protect Against Fraud
Financial institutions and tech companies are continually improving their security systems, implementing advanced firewalls, intrusion detection systems, and secure networks to protect customer data. While these technologies can’t guarantee absolute safety, they significantly reduce the risk of digital pickpocketing and help create a safer digital environment.
From a legal perspective, governments and regulatory bodies worldwide are tightening regulations on data privacy and security. Laws like the European Union’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) have strict guidelines and penalties for data breaches, encouraging businesses to prioritize data protection.
While these laws are a step in the right direction, it’s crucial for individuals to stay informed about their rights and the protective measures they can take. After all, the fight against digital pickpocketing is a collective effort that requires the participation of consumers, businesses, and regulators alike.
Ultimately, digital pickpocketing is a modern-day problem that requires a modern-day solution. By understanding the threats and implementing protective measures, we can protect ourselves from these digital thieves. It’s also reassuring to know that as technology advances, so do the methods to combat such digital crimes, and regulatory measures are continually being updated to provide better security in the digital era.
Remember, the key to combating digital pickpocketing lies in awareness, vigilance, and proactive protection. Stay informed and secure with McAfee, and let’s make the digital world a safer place for everyone.
The post Pickpocketing – Digital Style appeared first on McAfee Blog.
Keeping your child safe online is a growing concern for many parents. Instagram, a popular social media platform among tweens and teens, is no exception. Despite privacy settings that can effectively limit who sees your child’s posts, their Instagram bio nonetheless remains public by default. This leaves an opening through which those with ill intentions can glean personal information about your child. However, there are ways you can help safeguard your child’s Instagram bio and enhance their online safety. Here are 5 tips to consider:
The first step towards protecting your child’s online identity on Instagram starts with their profile picture. This image is the face your child presents to the world, and unfortunately, it can sometimes attract unwanted attention. As such, it’s crucial that you approve your child’s profile picture. Make sure that the photo does not in any way make your child look older than their age. For instance, if your child is 13, their photos should reflect their age and not make them look 20.
Moreover, it’s important to ensure that their chosen profile picture is not suggestive or revealing. It’s worth noting that what may seem normal to your child might come off as suggestive to others. As a parent, you need to hold your ground and make the final decision on what constitutes an appropriate profile picture.
→ Dig Deeper: McAfee Survey: Parents Share Pictures of Their Kids Online, Despite Understanding the Risks Involved
Another critical step to safeguarding your child’s Instagram bio is to carefully oversee its contents. While it’s tempting for your child to share personal information such as their age, hometown, school, favorite sports team, etc., these can potentially serve as breadcrumbs for predators. By piecing together these nuggets of data, it’s easy for individuals with ill intentions to form a complete picture of your child’s life. Therefore, it’s best to either completely omit these details or edit the bio in a way that it does not divulge any personal information.
Teach your child about digital privacy and the dangers of sharing too much online. Explain that while it may seem like sharing a tidbit about their favorite band or TV show is harmless when combined with other pieces of information, it can end up providing a clear window into their personal life.
→ Dig Deeper: Oversharing: Are You Ignoring Your Child’s Privacy When You Post Online?
Often, Instagram users will add a link to their bio that directs to another social media platform, an email address, or some other online platform. While this might seem like a simple way of connecting different aspects of their online presence, it can, unfortunately, also provide potential predators with additional ways to access your child’s personal information.
Therefore, do not allow your child to include any links in their Instagram bio. By limiting the information available about your child online, you make it harder for anyone to trace or track them, thereby enhancing their online safety.
The Geo-Tagging feature on Instagram allows users to add their exact location to their posts. While this might seem like a fun and harmless feature to your child, it can unfortunately put them at risk. Predators can use this feature to track your child’s routines, activities, and even their real-world location. This is why it’s crucial to turn off Geo-Tagging/Location-based services on your child’s Instagram account.
→ Dig Deeper: What Are the Risks of Geo-Location?
Teach your child that it’s not safe to share their location online. Make sure they understand that leaving the location feature enabled can potentially allow strangers to figure out where they live, go to school, or hang out. You can turn off this feature by going to the settings in the Instagram app and turning off the location services. Remind your child not to manually add their location to posts. If they need to share their location, they should do it privately and only with trusted friends or family.
One of the most effective ways to ensure your child’s online safety is to stay involved and keep a close eye on their online activity. While this might seem like an invasion of your child’s privacy, it’s crucial to remember that as a parent, your number one priority is keeping your child safe. Let them know that you’ll be checking their Instagram account regularly, and make sure they’re aware of the potential risks they face online.
Studies show that about 50% of teens would change their online behavior knowing their parents are watching. Digital safeguards are an essential part of maintaining online safety. Make it a regular habit to browse your child’s Instagram and monitor their posts, their followers, and the people they follow. This can help you to quickly pick up on anything suspicious and take necessary action.
McAfee Pro Tip: Although parental controls can play a significant role in nurturing positive online behaviors, it’s vital for these tools to work in tandem with a devoted and actively involved parent who is enthusiastic about guiding their children through the digital world. Explore how parental controls can contribute to the development of healthy habits.
Ensuring your child’s online safety requires a combination of education, open discussion, and vigilant monitoring. Profile pictures should be age-appropriate, and their bio free from personal details or links. Location services should be switched off for Instagram to avoid sharing real-world locations. Finally, a regular check of their Instagram account helps to keep a tab on their online activity. Remember, safeguarding your child’s Instagram bio is not about controlling them but rather, it’s about protecting them from potential online threats.
By taking these steps to safeguard your child’s Instagram bio, you not only protect them but also teach them the importance of online safety and the steps they can take themselves. In the age of growing digital threats, it is crucial to stay vigilant and proactive in protecting our children online.
The post 5 Ways to Safeguard Your Child’s Instagram Bio appeared first on McAfee Blog.
In a chilling echo of George Orwell’s dystopian novel 1984, it’s possible that Big Brother – or in this case, Big Hacker – might be surveilling you through your own television. Evidence is emerging that Smart TVs can be just as prone to hacking as home computers.
Security analysts Aaron Grattafiori and Josh Yavor from iSEC Partners have spent several months investigating this issue, working alongside Smart TV manufacturers to address potential vulnerabilities. They presented their findings at the recent Black Hat network security conference in Las Vegas. Their demonstration highlighted the worrying tendency of Smart TVs to pry into personal data, whether via web searches, app usage, or even physical surveillance through the built-in camera.
Despite their advanced technology, Smart TVs carry the same risks as their more primitive forebears. The primary culprit is the IP address, which allows these devices to connect with various web apps like Facebook, YouTube, and Skype. The issue is that these apps often run on the same code (such as Javascript or HTML5) as home computers or smartphones, making them susceptible to malware attacks when left unprotected.
While they might look like ordinary TVs, many Smart TVs bear a closer resemblance to laptops, incorporating internet-connected apps, video streaming services, microphones, and even internal cameras. Sure, these features enhance the viewing experience, but they can also present a clear and present danger to your privacy.
Malicious code can easily find its way into your TV through seemingly harmless chat messages or browser searches. Once it’s there, your television is open to several types of spyware. With the right code, a hacker could gain full control over your device, accessing your TV’s cameras and microphones. In essence, they could use your camera to spy on you, turning your own TV into a surveillance device.
Although manufacturers have issued fixes to reinforce the exposed code, no device is 100% secure. The scenario of hackers gaining control over a TV’s cameras and microphones is not just an invasion of privacy but can also lead to potential misuse of personal information. It’s a stark reminder of the importance of protecting our digital presence and understanding the broader implications of IoT devices in our homes. As technology continues to advance, so too must our vigilance in guarding against these emerging threats.
Regular updates are crucial to maintaining the security of your TV and its apps. The digital world is full of bugs waiting for a chance to invade your device, so don’t let outdated apps provide them the perfect entry point. Ensure your apps are updated regularly to maintain your digital fortress.
→ Dig Deeper: Why Software Updates Are So Important
Also, when it comes to Smart TVs, it’s best to use social media sparingly. Video-streaming platforms like Netflix pose less of a threat than social media sites, which are notorious hunting grounds for identity thieves. These criminals often bait their traps with fake offers and tailored “phishing” messages. Whenever possible, restrict social media usage to devices (like your computer, smartphone or tablet) that have comprehensive security protection like McAfee LiveSafe™ service, which safeguards your devices, your identity, and your data.
→ Dig Deeper: Could a Streaming Device Help Hackers Hijack Your TV?
In conclusion, while Smart TVs may be a little too clever for their own good, that doesn’t mean you can’t stay one step ahead. You just need to stay vigilant and informed about potential security threats, so you can enjoy the benefits of your Smart TV without worrying about privacy violations.
With an inbuilt camera and microphone, Smart TVs are capable of providing a stream of surreptitious surveillance data back to both manufacturers as well as potentially unscrupulous cyber criminals. With the right malware code, hackers can turn your TV into a spying device, watching your everyday activities and listening to your private conversations. This is not some fly-by-night conspiracy theory; it is a reality acknowledged by the top security researchers in the world.
It is not just your personal data that is at risk. Smart TVs, due to their inherent connectivity, can also serve as a gateway into your home network. Once hackers infiltrate your Smart TV, they can potentially gain access to your computer, tablet, or smartphone and the personal information within them. This could lead to serious breaches in financial and personal security, making Smart TV hacking a significant threat that should not be taken lightly.
→ Dig Deeper: Are Smart TVs too smart for their own good?
If the thought of your living room turning into a hacker’s surveillance paradise sends a chill down your spine, you’re not alone. The good news is that there are measures you can take to safeguard your privacy and make your Smart TV safe. First and foremost, it’s important to regularly update your TV’s firmware. Manufacturers often release patches that can fix security vulnerabilities, so keeping your TV updated is a crucial step in maintaining your privacy.
Consider disabling certain features on your TV. For instance, if you never use your TV’s camera, it would be prudent to tape it up or disable it entirely in your TV’s settings. Likewise, if your TV has ‘voice recognition’ or ‘motion control’ features, disabling them might be a good idea, as they can potentially be used to spy on you. Remember: the fewer features you activate, the fewer opportunities hackers have to exploit your TV.
One of the best ways to protect yourself is to stay informed about the latest developments in Smart TV security. Attend webinars, read articles, and follow experts in the field to keep abreast of the latest security threats and fixes. By educating yourself, you can stay one step ahead of the hackers and keep your Smart TV safe.
Secondly, make sure to use secure, unique passwords for all of your apps and online accounts. Avoid using personal information that could be easily guessed, such as your name, date of birth, or common phrases. Instead, opt for a mixture of uppercase and lowercase letters, numbers, and special characters to create a strong password. Always remember, a strong password is your first line of defense against cyber attacks.
Today, in the age of hyper-connectivity, even our televisions aren’t just for watching shows anymore; they are portals to the internet, complete with all the associated risks and threats. While Smart TVs offer a myriad of exciting features and functionalities, they also present new avenues for hackers to invade our privacy. But by staying vigilant, regularly updating our devices, using strong passwords, and carefully managing our TV’s features, we can enjoy the benefits of Smart TVs while steering clear of the risks. So, is your Smart TV spying on you? With the right precautions, you can make sure the answer is a resounding ‘No’.
The post Is Your Smart TV Spying on You? appeared first on McAfee Blog.
In recent times, the humble password’s efficacy as a security measure has come under scrutiny. With tendencies to be easily guessed, stolen, or bypassed, passwords have been deemed inadequate for securing sensitive information. Thankfully, more secure alternatives have emerged, with terms such as “two-factor” and “multi-factor” authentication gaining traction.
However, these terms may seem abstract to those unfamiliar with them, potentially leading to confusion about their functions and differences. This article aims to break down these forms of authentication, explaining how they work and how they can enhance online information security.
Before diving into the intricacies of multi-factor and two-factor authentication, it is pertinent to understand their predecessor: single-factor authentication. The simplest form of authentication, single-factor authentication, requires only one factor to verify a user’s identity. Typically, this involves matching a password with a corresponding username, a method used universally for online account logins.
While convenient in its simplicity, single-factor authentication carries glaring security flaws. Easy-to-guess passwords or stolen credentials can lead to unauthorized access, compromising the security of user accounts and confidential information. Hence, it became necessary to introduce additional layers of security to the authentication process, giving rise to two-factor and multi-factor authentication.
→ Dig Deeper: The Optus Data Breach – Steps You Can Take to Protect Yourself
Two-factor authentication augments the simplicity of single-factor authentication with an extra layer of security. Besides providing a password, users are also required to verify their identity with an additional factor that only they possess. This additional factor often takes the form of a unique code sent to the user’s mobile phone.
The rationale behind this method is straightforward: even if a hacker manages to secure a user’s password, they would still require the unique code to gain access. However, it is important to note that this method is not completely foolproof. Crafty hackers able to intercept the unique code or create duplicate websites to steal credentials can still bypass this security measure. Despite these vulnerabilities, the complexities involved in these hacking methods make two-factor authentication considerably safer than its single-factor counterpart.
Also worth mentioning is “true” two-factor authentication, which involves giving users a unique device, such as a security token, that generates a unique code for the user. This code, which changes at set intervals, is matched with a profile in a database, making guessing impossible.
Building upon the concepts of two-factor authentication, multi-factor authentication introduces even more factors for user verification. These factors usually include something that the user possesses and something unique to their physical being, such as a retina or fingerprint scan. Location and time of day can also serve as additional authentication factors.
While the notion of multi-factor authentication may seem like a concept from a science fiction movie, it is already being used extensively, especially by financial institutions. Advancements in camera technology have enabled the implementation of facial recognition as a secure method of recognition, adding another factor to the multi-factor authentication process.
→ Dig Deeper: Banks are Using Biometric Measures to Protect Against Fraud
With the potential vulnerabilities associated with single-factor authentication, implementing two-factor or multi-factor authentication for sensitive online accounts becomes a necessity. These added layers of security help to safeguard your digital information from unscrupulous elements. Two-factor authentication utilizes a password and an extra verification layer, such as a unique code sent to your mobile device, to ensure that you’re indeed the account holder. With multi-factor authentication, additional verification elements are added, such as biometric data or your physical location.
So how do you implement these forms of authentication? Most online service providers now offer two-factor authentication as an option in their security settings. Once you’ve opted for this extra level of security, you’ll be required to input a unique code sent to your mobile device each time you attempt to log in. For multi-factor authentication, the process might require additional steps, such as providing biometric data like facial recognition or fingerprints. However, these extra steps are a small inconvenience compared to the potential risk of your sensitive information being compromised.
→ Dig Deeper: Make a Hacker’s Job Harder with Two-step Verification
Biometric authentication is a subset of multi-factor authentication that relies on unique physical or behavioral traits for verification. Biometric authentication methods include facial recognition, fingerprints, iris scans, voice recognition, and even your typing pattern. These methods are gradually becoming mainstream, with smartphone manufacturers leading the way in implementing fingerprint scanners and facial recognition technology into their devices. Biometric authentication’s edge over traditional passwords lies in its uniqueness; while passwords can be guessed or stolen, biometric traits are unique to each individual.
As with all forms of technology, biometric authentication also has its drawbacks. For instance, it may not always be accurate, as facial features or fingerprints may change over time due to aging or injury. Also, there are valid concerns about privacy and the potential misuse of biometric data if it falls into the wrong hands. However, with proper safeguards and data encryption in place, biometric authentication can be a secure and efficient way to protect online accounts from unauthorized access.
McAfee Pro Tip: Biometric authentication definitely has its strengths and weaknesses, so it’s important to choose the best combination of authentication and security software for your devices and accounts. Learn more about the opportunities and vulnerabilities of biometric authentication.
As our digital footprint grows, so does the need for secure authentication methods. Single-factor authentication, although simple and convenient, is no longer sufficient to protect sensitive online information. Two-factor and multi-factor authentication provide an additional layer of security, significantly reducing the risk of unauthorized access.
Additionally, advancements in biometric technology have introduced a new realm of secure verification methods unique to each individual. Remember, the goal is not to eliminate all risks but to reduce them to a level that’s acceptable and manageable. When setting up your online accounts, always opt for the highest level of security available, whether it’s two-factor, multi-factor, or biometric authentication. Take full advantage of these methods, and ensure you’re doing everything you can to safeguard your digital information.
The post Two-Factor vs. Multi-Factor Authentication: What’s the Difference? appeared first on McAfee Blog.
As we continue to evolve technologically, so do cybercriminals in their never-ending quest to exploit vulnerabilities in our digital lives. The previous years have clearly shown that cybercriminals are increasingly leveraging new technologies and trends to trick their victims. As we move into another year, it’s crucial to be aware of the tried and tested tactics these cyber criminals use and stay prepared against potential threats.
In this article, we delve deeper into one such tactic that remains a favorite among cybercriminals – ‘phishing‘ via emails. We focus on the trickiest and most dangerous email subject lines that have been commonly used in worldwide phishing emails. Recognizing these ‘ baits’ can be your first step towards safeguarding your identity and valuables against cybercriminals. Beware, there are plenty of these ‘phishes’ in the sea, and it helps to be on your guard at all times.
Sending email messages filled with malicious links or infectious attachments remains a dominant strategy among cybercriminals. This strategy, commonly known as ‘phishing,’ is often disguised in a variety of forms. The term ‘Phishing’ is derived from the word ‘Fishing,’ and just like fishing, where bait is thrown in the hope that a fish will bite, phishing is a cyber trick where an email is the bait, and the unsuspecting user is the fish.
Today’s most common phishing scams found by McAfeerevealed that cybercriminals tend to use certain email subject lines more often. Although this does not mean that emails with other subject lines are not harmful, being aware of the most commonly used ones can give you an edge. The key takeaway here is to be vigilant and alert when it comes to all kinds of suspicious emails, not just those with specific subject lines.
Let’s take a look at the top five most commonly used subject lines in worldwide phishing emails. The list will give you an understanding of the varied strategies employed by cybercriminals. The strategies range from social networking invitations to ‘returned mail’ error messages and phony bank notifications. Be aware that these are just the tip of the iceberg and cyber criminals are continuously coming up with new and improved tactics to gain access to your sensitive data.
In the past, cybercriminals used to cast big, untargeted nets in the hopes of trapping as many victims as possible. However, recent trends indicate a shift towards more targeted and custom messages designed to ensnare more victims. A classic example of such a targeted phishing attack is the JP Morgan Chase phishing scam that took place earlier this year.
→ Dig Deeper: Mobile Bankers Beware: A New Phishing Scam Wants Your Money
The fact that phishing scams are still on the rise amplifies the importance of proactive measures to protect our digital assets. As technology advances, these threats continue to evolve, making ongoing vigilance, education, and caution in our online engagements critical in combating the increasing prevalence of such scams.
Phishing emails, often with a guise of urgency or familiarity, cunningly aim to deceive recipients into revealing sensitive information, most commonly, personal identities and financial credentials. These malicious messages are designed to prey on our trust and curiosity, making it crucial to scrutinize each email carefully. Cybercriminals behind phishing schemes are after the keys to both your digital identity and your wallet. They may seek login credentials, credit card details, social security numbers, and other sensitive data, which can lead to identity theft, financial loss, and even broader security breaches. It is essential to exercise caution and rely on best practices for email and internet security to thwart their efforts and safeguard your online presence.
While phishing emails come in a variety of forms, their ultimate goal remains the same: to steal your identity and money. As we move into the New Year, it’s prudent to add a few safety measures to your resolutions list. Protecting yourself from the increasingly sophisticated and customized phishing attacks requires more than awareness.
With an understanding of phishing techniques, the next step is learning how to protect yourself from falling prey to them. Ultimately, you are the first line of defense. If you’re vigilant, you can prevent cyber criminals from stealing your sensitive information. The following are some tips that can help you safeguard your digital life and assets:
First, avoid opening attachments or clicking on links from unknown senders. This is the primary method that cybercriminals use to install malware on your device. If you don’t recognize the sender of an email, or if something seems suspicious, don’t download the attachment or click on the link. Even if you do know the sender, be cautious if the email message seems odd or unexpected. Cybercriminals often hack into email accounts to send malicious links to the victim’s contacts.
Another important practice is to think twice before sharing personal information. If you’re asked for your name, address, banking information, password, or any other sensitive data on a website you accessed from an email, don’t supply this information, as it is likely a phishing attempt. In case of any doubts regarding the authenticity of a request for your information, contact the company directly using a phone number or web address you know to be correct.
Even with the most diligent practices, it’s still possible to fall victim to phishing attacks. Hence, having security nets in place is crucial. Start by being careful on social networks. Cybercriminals often hack into social media accounts and send out phishing links as the account owner. Even if a message appears to come from a friend, be cautious if it looks suspicious, especially if it contains only a link and no text.
Installing comprehensive security software is another essential step. McAfee LiveSafe service, for instance, offers full protection against malware and viruses on multiple devices. This software can be a lifeline if you happen to click a malicious link or download a hazardous attachment from an email.
It’s also a smart idea to regularly update your devices. Updates often contain patches for security vulnerabilities that have been discovered since the last iteration of the software. Cybercriminals are always looking for vulnerabilities to exploit, so keeping your software up-to-date is one of the most effective ways to protect yourself.
McAfee Pro Tip: Always update both your software and devices. First and foremost, software updates often include patches and fixes for vulnerabilities and weaknesses that cybercriminals can exploit. By staying up-to-date, you ensure that you have the latest defenses against evolving threats. Learn more about the importance of software updates.
Phishing attempts are a constant threat in the digital world, and their sophistication continues to evolve. Cybercriminals are relying more on tailored and targeted attacks to deceive their victims. The top five most dangerous email subject lines mentioned above are a clear indicator that criminals are becoming more nuanced in their attempts to trick victims. However, with awareness and vigilance, you can effectively avoid their traps.
Remember, your personal and financial information is valuable. Make sure to protect yourself from phishing attempts by avoiding suspicious links and attachments, thinking twice before sharing your personal information, being cautious on social media, installing comprehensive security software like McAfee+, and keeping all software up-to-date. Being prepared can make all the difference in keeping your digital life secure.
The post Top 5 Most Dangerous Email Subject Lines appeared first on McAfee Blog.
In the last decade, the proliferation of smartphones and mobile devices has revolutionized the way we interact with the digital world. The debate between the mobile web and native apps has become increasingly relevant, with each approach offering unique advantages and disadvantages. The choice between implementing a mobile website or a native app depends largely on your end goals. Each possesses key attributes and functions that can affect not only user experience but also online safety.
This article aims to provide a comprehensive comparison between mobile web and native apps, with a particular emphasis on how each can impact your online safety. The objective here is to arm you with knowledge to make informed decisions regarding your digital path. Let’s delve deeper into these two digital mediums, analyze their features, and look at a critical aspect – online safety in the era of increasing cyber threats.
As smartphones and tablets have proliferated, so has the importance of optimizing web content for these portable platforms. Understanding the mobile web involves delving into the unique challenges and opportunities presented by mobile devices, exploring the ways in which users engage with content on smaller screens, and recognizing the impact of mobile technology on the broader digital landscape.
→ Dig Deeper: How the Proliferation of Mobile Devices is Impacting Consumer Security
The mobile web refers to browser-based internet services accessed from handheld mobile devices, such as smartphones or tablets, through a mobile or other wireless network. Essentially, it’s a website that you access through a web browser on your mobile device. These sites are typically written in HTML5 and can display text content, images, video, and data just like any desktop website.
Mobile websites are designed to work on any device, making them universally accessible. They are responsive by nature, meaning they adjust their layout to fit any screen size. This is a significant advantage to businesses as it allows for a broader audience reach, regardless of the device a consumer uses.
McAfee Pro Tip: While you may be familiar with anti-spyware and antivirus tools that react after a threat emerges, opting for a secure browsing tool is optimal for enhancing your web security. Learn more about safe browsing.
One of the standout features of the mobile web is its universal accessibility. A user can access the mobile web from any device with an internet connection and a web browser. This creates a high level of convenience as there’s no need for downloading or installing anything.
→ Dig Deeper: Celebrate National Download Day With This Safe Downloading Checklist
Another major advantage of mobile web is easy updates. Changes to the content or design of a mobile website can be published instantly and are immediately visible to users. This is a significant boon for businesses that need to make frequent updates to their site, ensuring their audience always has the most current information at their fingertips.
Now, let’s explore what constitutes a native app that lays the foundation for understanding its distinct characteristics, advantages, and limitations compared to mobile apps.
Native apps are applications developed for specific platforms or devices. Because they’re built for a particular operating system, they can take full advantage of all the device features — they can use the camera, the GPS, the accelerometer, the compass, the list of contacts, and so on. They also incorporate gestures – either standard operating-system gestures or new, app-defined gestures.
Besides, native apps can use the device’s notification system and can work offline. They also have direct access to application stores, which makes app distribution easier. As they are tailored to the platform, they have the look and feel of the operating system, leading to better performance and a better user experience overall.
Native apps offer a high degree of reliability and fast performance. They are more efficient as they store their data directly on the device. This leads to a better user experience as users can navigate the app smoothly and without loading delays. Moreover, native apps allow for deeper integration with the device’s system, making maximum use of all the device’s hardware capabilities.
Another key advantage is the ability to work offline. Unlike mobile websites that require an internet connection, native apps can function offline, providing continuous access to their content and features. This can prove useful in situations where connectivity is limited or unavailable.
Taking a closer look at mobile web and native apps, it’s evident that each method caters to different needs and situations. While the mobile web is universally accessible and easy to update, native apps provide a more integrated user experience and the ability to work offline. Depending on the nature of your digital project, you may lean towards one over the other.
It’s essential to consider the nature of your project, target audience, and key objectives before choosing between a mobile website or a native app. In the next section, we will cover a crucial topic that significantly impacts the decision between these two mediums – online safety.
Figuring out whether to go for the Mobile Web or Native Apps is a real head-scratcher. And let’s be real: we’ve all got safety concerns while cruising the digital highway. This dive is about checking out what’s what when it comes to staying safe online with the mobile web and native apps.
When it comes to online safety, the mobile web offers quite a few advantages and some risks as well. Since mobile websites are accessed via browsers, they are generally subject to the same security measures that web browsers employ. Browsers are being updated regularly to fix bugs and respond to new threats, and they also typically include features like pop-up blockers and phishing filters. Moreover, since users don’t need to download anything to use a mobile website, the risk of downloading malicious software is significantly reduced.
However, the mobile web is not exempt from threats. Cybercriminals can create rogue websites that look like legitimate sites to trick users into entering their credentials or personal information. Users might also encounter malicious ads that try to install unwanted software or direct users to harmful websites. Therefore, users must exercise caution when visiting new websites and clicking on links.
Native apps, on the other hand, offer a different set of security considerations. Since they are downloaded from app stores, they generally go through an approval process that aims to remove any malicious software. App stores also often provide user reviews, which can give potential downloaders insight into any potential issues or security concerns. Once downloaded, native apps can function offline, reducing the risk of threats that rely on internet connectivity.
Nonetheless, native apps are not free from risks either. Although app stores have vetting processes, some malicious apps manage to slip through the cracks. Furthermore, users may unintentionally grant permissions to apps that allow them access to sensitive information on the device. Therefore, users need to be careful about what apps they download and what permissions they grant.
Understanding the unique risks and protective measures associated with each app and platform is crucial in empowering users to make informed choices and ensuring the integrity of their digital experiences. Let’s shed light on the considerations that may arise when engaging with the mobile web and native apps in an increasingly interconnected world.
There are several measures users can take to enhance their safety when using the mobile web. First and foremost, it’s crucial to use a secure browser. A secure browser will utilize encryption to protect your data and will receive updates to combat new security threats. Additionally, users should be wary of the websites they visit and the links they click on. Ensuring that the website is using secure HTTPS protocol rather than unsecured HTTP can also enhance safety.
Furthermore, users should be careful with providing personal information. Giving out sensitive information should only be done on secure sites, and only when necessary. Using strong and unique passwords can also help protect your data. Finally, consider using a trusted VPN to encrypt your online activity and shield your data from potential eavesdroppers or hackers.
Just as with the mobile web, there are precautions to take when using native apps. Firstly, download apps only from trusted sources, like official app stores. Even then, be sure to check user ratings and reviews for any red flags. Be cautious of the permissions the app asks for; if an app requests permissions that seem unrelated to its functionality, it’s best to reconsider the download.
It’s also important to keep your apps updated. Updates often include security patches that protect against newly discovered threats. For extra security, consider using a mobile security app. These apps can provide features like virus scanning, remote data wiping, and other security tools. However, similar to other apps, only download security apps from trusted sources.
→ Dig Deeper: Why Software Updates Are So Important
Both the mobile web and native apps offer unique advantages in terms of user experience and accessibility. However, they both also come with their own sets of security considerations. It’s not a matter of which method is inherently safer, but how you use them. By staying informed about potential threats and following safety guidelines, you can enjoy a safe and secure digital experience whether you’re browsing the mobile web or using a native app.
Remember: Keep your browsers and apps updated, be cautious of the websites you visit and the apps you download, pay attention to the information you share and permissions you grant, and consider using additional security tools like secure browsers, VPNs, and security apps. At the end of the day, your online safety is in your hands.
The post The Mobile Web vs. Native Apps appeared first on McAfee Blog.
Roblox, an online platform that hosts millions of user-created games, has become increasingly popular among young people. Its reported 150 million users can not only play games but also design their own, share them with the online community, and even earn money if their creation becomes popular. This has made Roblox an exciting and engaging platform for kids and teens, many of whom have the site downloaded on their phone, tablet, PC, or Xbox.
What sets Roblox apart from traditional gaming platforms is its social networking aspect. Users can chat, meet up, and even host private events like birthday parties. During the quarantine period, Roblox became a vital tool for social interaction, providing a virtual space for users to host private birthday parties and other social gatherings.
→ Dig Deeper: Study: Fortnite Game Becoming the Preferred Social Network for Kids
Like many other online platforms, Roblox poses certain safety concerns that parents need to be aware of. While Roblox itself is not inherently unsafe, its open chat feature and the potential for contact with strangers can pose risks. It’s therefore crucial for parents to take time to optimize parental controls, monitor their child’s usage, and engage in open dialogue about online safety.
One major concern is the potential for contact with strangers. Although the “Chat & Party” feature allows easy communication between users, it also opens up the possibility for unwanted contact. Adjusting settings to restrict strangers from friending an account is one step towards ensuring a safer experience for your child on Roblox.
Online predators can be a real concern when children use platforms like Roblox, which allow for social interactions and communication with other users. These individuals often use deception and manipulation to exploit the anonymity provided by online platforms. They may create fake profiles and pretend to be fellow players or peers to gain a child’s trust. Once trust is established, they might engage in inappropriate conversations, request personal information, or attempt to groom children for more harmful activities.
Alongside the potential risk of contact with strangers, several other safety concerns exist on Roblox. One significant concern is cyberbullying. As users can join any game at any time, the platform could be a breeding ground for online bullying. Parents should discuss with their children how to handle inappropriate chats and comments, and they should be aware of how to report any rule violations on the forum.
Online scams and phishing attempts are also prevalent risks that can compromise a child’s safety and digital well-being. Children should be educated about the common tactics employed by scammers and phishers, which can include fraudulent free Robux offers, fake giveaways, and deceptive messages asking for personal information or account credentials.
Roblox’s user-generated content may contain inappropriate content, ranging from harmless to violent and sexual themes or characters. Hence, it becomes crucial for parents to monitor their child’s activities and block any mature games through settings.
Another security concern on Roblox is its in-app currency, Robux. Robux can be used by children to purchase game accessories such as pets, clothes, and weapons. However, this can lead to significant charges if not limited or monitored properly. Parents need to set limits for purchases or adjust the settings on Roblox to prohibit in-app purchases.
→ Dig Deeper: How To Get Your Head Around Your Kids’ Online Gaming Life
Fortunately, Roblox offers several ways for parents to monitor their child’s activity. By accessing your child’s login information, you can view their activity history, including their chat, games played, friends list, and items purchased. Furthermore, if your child is under 13, make sure their birthdate is correct in the system, as Roblox automatically filters chat and game content for younger users.
The best way to ensure your child’s safety on Roblox, or on any online platform, is through open conversation, constant monitoring, and setting boundaries. Encourage your child to share their online experiences with you, and don’t forget to join in the fun by playing their favorite Roblox games together.
Like every other online platform, Roblox comes with certain safety and security concerns. Roblox is safe for children, provided that parents take the necessary precautions, optimize parental controls, and closely monitor their child’s activities on the forum. Especially in a gaming community that attracts children, it becomes essential to keep an eye on the conversations happening across the globe.
Various potential safety concerns have been reported on Roblox. One of the significant issues is the connection with strangers. The forum’s chat feature can be accessed easily and is available on almost every page of the site. This allows possible predators to target their victims using the chat feature. In addition, the “Chat & Party” window can be accessed by any user, which opens the possibility of being targeted by predators.
Roblox offers additional security measures to ensure the safety of the children. Parents can view their child’s activity history, including private and group chats, friends list, games played, games created, and items purchased, by having their login information. Furthermore, setting the correct birth date is crucial as Roblox itself filters chats and game content for users under 13. Roblox has a separate login for parents of younger children, allowing them to view all activities.
Open and honest conversations about personal choices and potential risks online are the best ways to keep the child safe on any online platform, including Roblox. Encouraging children to share their online experiences and playing their favorite games alongside them ensures their safety and also makes the experience enjoyable for both.
McAfee Pro Tip: While parental controls can certainly assist in fostering positive online habits, it is crucial for these tools to be coupled with a dedicated and engaged parent who is eager to guide their children through the digital landscape. Know how parental controls can create good habits.
Roblox is a fantastic platform for children to play, create, and share games while also socializing with their friends. However, it poses potential safety risks like connection with strangers, cyberbullying, inappropriate content, and unmonitored in-app purchases. Therefore, parents must take the necessary precautions like optimizing parental controls, closely monitoring their child’s activities, blocking mature games, and discussing with their children the potential risks and ways to deal with them.
The best way is to have open and honest conversations with the children about their online experiences and to enjoy the games alongside them. The combination of parental controls and open communication fosters a balanced and secure online experience, allowing your children to make the most of their time on Roblox while staying protected.
The post What is Roblox and is It Safe for Kids? appeared first on McAfee Blog.
If you are the parent of a tween or teen, you know the challenge of setting and following through with consequences. You’ve worked hard to establish ground rules, but human nature and the sometimes rocky road to maturity guarantees your child will push, step, and even leap outside the agreed-upon lines. If you are like many parents, your first instinct is to restrict the thing they love the most, which is communication with their peers and the dependence they have on their phones.
There are a few problems with taking away your teen’s phone, the first of which, you know well: Taking their phone is hard on you as well because you’ve become just as dependent on instant communication via the phone as they have. Too, if your teen drives a vehicle or is away from home for the day, the phone adds a layer of safety to the family dynamic.
The second hurdle — which you may or may not realize — is that with or without their phones, most teens have created an alternative communication grid that ensures there’s barely a hiccup if anyone gets a phone taken away. To clarify: This post is not an ‘us against them’ post, or an ‘outsmart them’ strategy, it’s simply a dose of reality that may influence and inform everyday parenting decisions.
→Dig Deeper: Should You Use Near-Field Communications?
A few ways kids can maintain their social life without their phones include:
Because schools now require kids to be online to get assignments via internal assignment platforms and email, your child will likely ask you to log onto his or her laptop or family PC to do homework. In doing that, they will also quietly log on to their favorite apps SnapChat, Twitter, or Instagram account, and talk to friends non-stop. Solution: Monitor homework time.
McAfee Pro Tip: Our children who have grown up in the digital age are deeply immersed in smartphone culture. Even if you desire to disconnect and return to a simpler way of life, it would be quite challenging to achieve this while ensuring that your child remains academically competitive with their peers. Get smarter about phones and homework time with our tips.
Kids will also be asked to read or do an assignment via the iPad or tablet; you can’t cut them off from learning, right? Wrong. They can again download their favorite social apps as well as chat apps they hope you know nothing about, such as Kik Messenger. Solution: Monitor homework and TV time.
I hate to make it sound like your kids are part of the teen tech mafia, but they keep their old phones for a reason. While that old iPhone and Android may be without phone service, the social and texting apps on them can still be used—and you can bet they are. Solution: 1) If you are restricting your smartphone, you need to take away the iPod (music) as well 2) Be upfront. Ask your kids if they’ve borrowed a phone 3) Check backpacks for rogue phones.
→ Dig Deeper: The Privacy Problems with Mobile Messaging Apps
Gaming systems have chat and messaging that kids use all the time. In addition, social media and television are now overlapping, so all of the apps you get on your phone can be easily accessed via most TVs. Solution: 1) Go to the network settings on your TV and password protect it 2) Monitor media 3) Take away all media in addition to the phone.
→ Dig Deeper: How To Get Your Head Around Your Kids’ Online Gaming Life
Everything seems quiet on the posting front. You’ve checked, and your child is not posting on Facebook, Instagram, or Twitter, and you have their phone, so Snapchat is out, right? Not so much. If your kids are logging on to their apps via any of the devices listed above, chances are they know better than to post in the public stream. What they will be doing is using the private messaging of Twitter, Instagram, and Snapchat (accessed via other devices) as an alternative way to text and communicate without feeling the loss of their personal smartphone.
So what’s the alternative to taking your child’s tech as a consequence? If you know the loopholes listed above, tech restriction is still an option (even though your child will be clearly annoyed with your roadblocks). If your child is over 16 and loves the freedom of driving, that restriction is always an excellent option.
Experts agree: Strong ground rules and equally strong communication provide the best discipline. If family rules are vague or brought up only when your child messes up (i.e., grades, responsibilities, or behavior), he or she will have a tough time staying on track. Look for empowering opportunities for your child to take responsibility for his or her mistakes.
In truth, the only way to ensure appropriate behavior both online and offline is to teach your kids about personal responsibility. This is the key aspect of parenting that sets your child up for success in the real world. The ability to manage themselves, especially when it comes to online activities, is an invaluable life skill that they will bring with them into adulthood. The best way to teach responsibility is to model it. Show them through your actions and decisions that you are worthy of their respect, and they will follow suit.
Teens need to be taught how to behave responsibly online, how to protect their privacy, avoid scams, and how to deal with cyberbullying. They need to understand the consequences of inappropriate behavior online. One good way to teach them about cyber ethics is to have regular discussions about these topics. Create an open environment where they feel comfortable to share their experiences and concerns. Then, guide them on how to respond appropriately to these situations.
Communication is the cornerstone of a healthy relationship between parent and child. As a parent, it’s important to create an atmosphere of trust, openness, and respect. Regular discussions about proper digital etiquette and responsible internet behavior are key. Make time to discuss what your teen is doing online, who they are communicating with, and what type of content they are sharing. Be open about your expectations and why they are in place. If they understand why the rules exist, they will be more likely to follow them.
Consistent communication also enables you to keep up with the rapidly changing digital landscape teens navigate daily. By maintaining an open dialogue, you will be more attuned to the latest apps, games, and social media platforms your teen is using. This way, you can stay informed about developments that might affect your teens’ online safety.
→ Dig Deeper: 10 Easy Ways to Build Up Your Family’s Online Security
Trust is a two-way street. While it’s important that your child trusts you as a parent, it’s equally important for you to demonstrate trust in them. This means giving them some level of freedom and privacy online, while also making it clear that you expect them to act responsibly. Trusting your teens to make good decisions online shows them respect which encourages them to validate your trust.
However, trust is not about blind faith. It’s about setting boundaries and expectations and then allowing your teen to prove they can stay within those boundaries. When trust is breached, it’s important to discuss why it happened, the consequences, and how it can be rebuilt. Trust building is a process, and it takes time and consistency.
Managing your teen’s digital life can be challenging, but with open communication, respect, trust and a strong focus on personal responsibility, you can navigate this digital world together. Ultimately, the goal isn’t to control your teen’s every online interaction. Rather, it’s to equip them with the knowledge, skills, and values they need to navigate the increasingly complex digital landscape safely and responsibly. Removing a teen’s phone may seem like an easy solution, but it’s far more effective to guide them toward responsible digital citizenship.
Take the step to safeguard your teen’s digital journey today, and empower them to thrive in the digital age, all while providing you with the control and confidence you need as a parent. Explore McAfee’s parental controls now and create a secure and nurturing digital environment for your teens.
The post Why Taking Your Teen’s Phone Away Doesn’t Work Anymore appeared first on McAfee Blog.
Given the climate surrounding COVID-19, many of us have had to substitute in-person social interactions with virtual communication. For parents, this includes organizing virtual playdates, hangouts, and video chats for their kids. While this provides an excellent solution for children to continue interacting with their peers, it has also opened up a new avenue for potential risks and dangers. It is imperative to ensure these virtual platforms are safe for all involved. In this article, we will provide some essential strategies for maintaining a secure and enjoyable online social environment for everyone.
The advent of technology has significantly transformed the way we communicate and interact with each other. However, as with any great invention, it also comes with potential risks and dangers, especially for kids who may not fully comprehend the implications of their online activities. With cyberbullying, online predators, and inappropriate content being just a few of the digital risks, it is crucial to establish robust safety measures when kids engage in online social activities such as virtual playdates, hangouts, and video chats.
In this article, we will explore the different ways parents and caregivers can keep these activities secure and fun. By understanding the risks involved, staying informed on the latest developments in online safety, and taking actionable steps, everyone can navigate the digital world safely and confidently.
Navigating the potential pitfalls of online interaction requires proactive measures and informed strategies. Let’s take a look at these tips on how to safeguard everyone from the inherent dangers of virtual communication, promoting a secure and positive digital experience for all.
The first step in ensuring a safe online environment for children is understanding the potential risks and how they can be mitigated. Internet safety is not just about blocking and filtering inappropriate content; it’s also about educating ourselves and our children on how to behave responsibly online and understanding the potential repercussions of our digital footprint.
Online activities, especially those involving video chats, can expose children to various risks, including cyberbullying, identity theft, and exposure to inappropriate content. These risks can have devastating consequences on a child’s mental health, self-esteem, and overall well-being. As such, it is vital for parents and caregivers to have regular conversations about these potential dangers with their children. It’s also crucial to ensure that children feel comfortable expressing any concerns or reporting any uncomfortable situations they encounter online.
→ Dig Deeper: Messenger Rooms: New Video Chat Option is Fun But Has Risks
The market is flooded with countless communication platforms, each with its features, safety measures, and potential loopholes. As a parent, choosing the right tool for your child’s online activities can be quite overwhelming. Not all platforms are created equal, and while some prioritize user safety and provide robust parental controls, others may not provide the same level of security.
When choosing a platform for your child’s virtual playdates or hangouts, consider aspects like age restrictions, privacy settings, and whether the platform allows parental controls. Additionally, evaluate the platform’s reputation regarding safety – a quick internet search can provide insights into any security issues or breaches the platform may have had in the past. Remember, the goal is to create a safe and enjoyable online experience for children.
One of the essential ways to ensure online safety for kids is by properly setting up privacy settings and parental controls on the communication tools they use. These settings can limit what information is shared and with whom, restrict access to certain content, and even set time limits for usage. Parental controls are a fantastic way of managing and monitoring your child’s online activities without being overly intrusive.
However, it’s important to note that these controls and settings are not foolproof. They should be used in conjunction with open communication and education about online safety. It’s essential to explain to children why these measures are in place, rather than just imposing them. They are more likely to follow these guidelines if they understand their purpose.
McAfee Pro Tip: Parental controls are effective in monitoring children, but nothing beats proactive digital parenting. Managing digital parenting doesn’t need to be daunting, especially when you approach it step by step. Know how parental controls and digital parenting can help create good habits.
Establishing clear guidelines for online communications is another critical aspect of ensuring a secure online environment for kids. These guidelines should be age-appropriate and cover aspects like sharing personal information, accepting friend requests, and how to behave respectfully online.
It’s also important to educate kids on the permanence of their online activities. Once something is shared online, it can be difficult, if not impossible, to completely remove it. They should understand the potential impact of their online behavior on their future, such as college admissions or job opportunities. Encouraging safe and responsible online behavior can go a long way in mitigating many of the potential risks associated with online communication.
→ Dig Deeper: Teens’ Online Behavior Can Get Them in Trouble
In addition to safety measures, it’s also important to establish some etiquette for virtual playdates to ensure they are enjoyable and respectful for everyone involved. These guidelines should include respecting others’ time, muting when not speaking to avoid background noise, and understanding when to use the chat feature versus when to speak up.
It’s also important to discuss how to handle disagreements or misunderstandings that may arise during these virtual gatherings. Encourage kids to express themselves respectfully and listen to others’ perspectives. Remind them that it’s okay to disagree with someone but that it should be done in a respectful and kind manner.
Depending on the age of your child, you may need to monitor the amount of time they spend on virtual activities. It’s easy for kids to lose track of time when they are engrossed in a fun virtual playdate or hangout. Setting and enforcing time limits can help prevent screen addiction and ensure your child has a balanced life with ample time for physical activities, schoolwork, and offline social interactions.
To make this process easier, you can use the built-in screen time management features available on most devices or utilize third-party apps that provide more detailed monitoring and control. Talk to your child about the importance of balancing online and offline activities. Make sure they understand that these limits are set out of concern for their well-being, not as a form of punishment.
Just like offline interactions, teaching kids to be respectful in their digital communications is crucial. They should understand that the same rules of kindness and respect apply, whether they’re interacting with others face-to-face or through a screen. Cyberbullying is a significant concern for many parents, and teaching children to treat others respectfully can help mitigate this risk.
Encourage your child to empathize with others by imagining how they would feel if the roles were reversed. Foster an online culture of acceptance, understanding, and respect by setting a positive example through your own online interactions. Remember, kids often emulate the behavior they see around them.
→ Dig Deeper: 5 Digital Family Values to Embrace to Make the Internet a Better Place
Open communication is the key to any successful relationship, and this holds true for your relationship with your child. Encourage them to talk to you about their online experiences, both good and bad. This can help you identify any potential problems before they escalate and provide guidance on how to handle various situations.
Ensure your child feels comfortable coming to you with any issues or concerns they may have. Make it clear that you’re there to help, not to chastise them for making mistakes. Remember, the online world can be a confusing and intimidating place for kids, and they need to know they have a trusted adult to turn to when they need help navigating it.
The online world is constantly evolving, so staying up-to-date with the latest safety tips is crucial. Regularly check reliable online safety resources and learn about the latest threats, trends, and best practices. This can help you prepare for and mitigate potential risks before they impact your child.
Consider joining online communities where parents share tips and advice about online safety. These platforms can be a great source of information and support as you navigate the digital world with your child. Remember, knowledge is power, and the more informed you are, the better you can protect your child.
In conclusion, ensuring online safety during virtual playdates, hangouts, and video chats involves a combination of selecting the right communication platforms, using privacy settings and parental controls, establishing guidelines for online communications, and promoting open, respectful interactions. As parents and caregivers, it’s essential to remain vigilant and proactive in teaching our children about online safety.
However, it’s equally important to remember that our ultimate goal isn’t to eliminate all online risks but to create a balance where our kids can enjoy the benefits of the virtual world while being mindful of its potential pitfalls. By employing the strategies discussed in this article, you can provide a safe and enjoyable online environment for your child, fostering their growth and development while ensuring their safety.
The post Keeping Virtual Play Dates, Hangouts, and Video Chats Safe for Everyone appeared first on McAfee Blog.
As the use of mobile devices continues to skyrocket worldwide, a new danger is silently emerging against consumers. This menace, known as malicious software or malware, presents itself in various ways, affecting users in areas such as privacy, identity, and financial theft. This article delves into the deep end of how the proliferation of mobile devices is impacting consumer security.
Undeniably, mobile technology has become an invaluable part of our everyday life. Everywhere you look, you will see individuals caught up in their smartphones or tablets – browsing the internet, shopping, chatting, or even working. However, this increased dependence has not come without its pitfalls. As people tend to shy away from securing their mobile devices properly, they unknowingly expose themselves to fraudsters and hackers.
Mobile technology has become the new frontier for fraudsters and hackers. The ease and convenience that these devices offer have made consumers lower their guard, putting their personal information and security at risk. A worrying trend shows that a significant percentage of smartphone users do not bother to use a simple safeguard like a four-digit password. This lack of basic security, combined with the habit of saving login information on the device, creates an easy avenue for crime.
Statistically, mobile phones have become the prime target for theft, with cities like New York and Washington, D.C., recording high percentages of robberies involving mobile phones. This soaring rate of mobile theft offers a terrifying insight into the severity of the current situation and the challenges that lie ahead in the domain of consumer security.
→ Dig Deeper: So, Your Phone Got Stolen. Here’s What to Do.
Many factors converge to make these handheld marvels increasingly susceptible to breaches. From the expansive array of mobile apps to the subtleties of social engineering, let’s highlight key vulnerabilities and the need for heightened awareness.
Accessing another person’s mobile device has become incredibly easy. With the tech advancements we have today, a hacker can remotely control almost any mobile device. Malicious software can be designed as a harmless picture or audio clip. Unwary users who click on these links or open these attachments get malware installed on their devices without their permission.
On mobile devices, malware operates differently than early PC malware. It does not require your consent, and once installed, you lose control over your device. In essence, your device is figuratively in the hands of the fraudsters. This easy access to your device, coupled with the fact that most users do not secure their devices, has led to a surge in fraud and identity theft cases globally.
The sheer number of mobile applications available on app stores makes it difficult for users to determine which ones are safe. Malicious apps can often make their way onto app stores, and users might inadvertently download and install them, granting access to their device and personal data.
Hackers have become adept at using social engineering tactics to manipulate users into divulging sensitive information or clicking on malicious links. They might impersonate trusted entities or use psychological tricks to deceive users.
Many mobile device users are not sufficiently aware of the security risks associated with their devices. They might not realize the importance of regularly updating their operating systems and apps or employing strong passwords and other security measures.
Users who do not update their mobile operating systems are more susceptible to security vulnerabilities that hackers can exploit. Regular updates often include patches for known vulnerabilities.
→ Dig Deeper: Why Software Updates Are So Important
While many users rely on PINs or simple patterns to unlock their devices, using stronger authentication methods like long, complex passcodes or two-factor authentication can significantly enhance device security.
McAfee Pro Tip: You might be familiar with the phrases “two-factor” or “biometric” authentication. Furthermore, multi-factor authentication is gaining traction in professional settings. Amidst this sea of terminology, distinguishing between the various authentication methods can become quite a challenge. Know the difference between two-factor authentication and multi-factor authentication.
Modern criminals are well aware that your mobile device is an indispensable part of your life. This is because, in a single device, you store some of your most private conversations, confidential information, personal photos, and financial details. For many people, their smartphone is their life – from being a communication tool to a vault for their sensitive data.
These little gadgets have become the key to our personal and financial lives. As they are always on and always with us, they continually create, store, and connect us to valuable and often confidential information. This information has immense value to fraudsters and identity thieves. They realize that just like on your PC, software can track and record your online activities, chats, instant messages, emails, keystrokes, and program usage. It can also capture sensitive details such as bank account numbers, passwords, security questions and answers, GPS locations, and more.
The world of cyber threats as we know it is evolving, thanks to mobile technology. Traditional forms of cybercrime, which primarily targeted PCs are becoming increasingly sophisticated, due to the wealth of information available on mobile devices. The speed and dynamism of the mobile landscape have necessitated the development of new tactics and tools to navigate this challenging and ever-changing terrain.
Disguises and deceptions are commonplace in the mobile cybercrime arena. Things are rarely what they appear to be, with hackers and fraudsters continually developing novel and inventive ways of accessing confidential information. Therefore, the rules of the game have changed, and it is no longer sufficient to solely protect your PC with antivirus software. To ensure user security, a comprehensive approach that encompasses all devices is now paramount.
→ Dig Deeper: 4 Mobile Malware Threats You Can’t Even See
As mobile devices become an essential part of our lives, it is crucial to prioritize their security. With most devices connected to financial accounts, and storing a goldmine of personal, professional, and confidential data, it becomes a pressing necessity to invest in a comprehensive security solution. It should not be limited to an antivirus but should also extend to protecting your identity and personal data on all your devices.
A robust solution like McAfee+ service is recommended. This service not only includes antivirus protection but also safeguards the identity and data of the user and their families on ALL devices. Not only does it provide you with an antivirus shield, but it also ensures your peace of mind by offering identity and privacy protection. Investing in such a service will provide a much-needed barrier against the rising tide of mobile device-related fraud and identity theft.
As the usage of mobile devices continues to rise exponentially, so too does the threat to consumer security. The ease and convenience that these devices offer have inadvertently made them prime targets for fraudsters and hackers. As a result, there is an alarming increase in fraud, identity theft, and privacy loss.
However, as ominous as the threat landscape may seem, it can be navigated with adequate caution and security measures. Users must recognize the importance of securing their mobile devices and take necessary precautions. Investing in comprehensive security solutions that protect not just the device but also the privacy and identity of the users is a step in the right direction. As we further embrace mobile technology, we must also adapt and upgrade our security practices to ensure that these conveniences do not become our vulnerabilities.
The evolution of mobile technology has indeed changed the game in the realm of cyber threats. Still, with the right tools and practices, users can enjoy the benefits of their devices while maintaining their security and privacy.
The post Proliferation of Mobile Devices: The Impact on Consumer Security appeared first on McAfee Blog.
In today’s digital age, we know the importance of online privacy and security. However, with an increasing number of websites requiring passwords, it becomes tough to remember them all. This is where a password manager comes into play.
A password manager is a software application that is used to store and manage the passwords that a user has for various online accounts and security features. Password Managers provide a convenient and secure way of keeping track of all your passwords, ensuring that you never forget a password again. But do you need a password manager? Let’s delve into why a password manager might be necessary for you.
The internet has become an integral part of our lives. We use it for everything from banking and shopping to managing our health records. This has led to an explosion in the number of accounts and passwords we need to remember. The complexity of these accounts and the security risks associated with them mean that managing them all can be a daunting task.
Let’s discuss the importance of a password manager, why you need one, and how it can benefit you. We’ll look at the challenges of managing multiple passwords and how a password manager solves these problems.
1. The Increasing Number of Passwords to Remember
In our daily online activities, we create a lot of accounts on different websites. From social media platforms, online banking, and email service providers, to various apps we use daily. Each of these accounts requires a unique password to ensure optimal security. As the number of online accounts increases, it becomes more challenging to remember each password.
Often, due to this increasing complexity, many people opt to use one password for all their accounts or keep relatively simple passwords. Both these practices are security hazards. Using one password across all accounts means that if one account is breached, all your accounts are at risk. On the other hand, using simple passwords makes it easy for hackers to guess your password and gain access to your accounts.
2. Security and Privacy Risks
Passwords are the first line of defense against unauthorized access to your personal and financial data. Failure to properly manage your passwords can lead to data breaches, identity theft, and financial losses. According to a report by Verizon, 81% of hacking-related breaches leverage either stolen and/or weak passwords. This shows a clear link between poor password practices and security incidents.
Another major risk comes from phishing attacks. Cybercriminals often use deceptive emails and websites to trick users into revealing their passwords. If you use the same password for all your accounts or simple passwords, you become an easy target for these cyber-attacks. A password manager can protect you from such threats by generating strong, unique passwords for all your accounts.
3. The Convenience Factor
Aside from security concerns, there is also a matter of convenience. Remembering a long list of complex, unique passwords can be downright daunting. When you fail to remember a password, you have to go through the tedious process of resetting it. This is where a password manager provides a major relief. It does the hard work of remembering your passwords, so you don’t have to. With a password manager, all you need to remember is one master password.
Most password managers also fill in your login details for you automatically. This not only saves you time but also protects you from keyloggers, a malicious program that tracks your keystrokes. Keyloggers are often used by cybercriminals to steal your passwords, credit card numbers, and other sensitive information.
There are different types of password managers available, each with its unique features. Understanding the different types can help you choose the one that best suits your needs. The most common ones are:
Cloud-based Password Managers
Cloud-based password managers store your passwords on a server in the cloud. You can access these from any device with an internet connection, making them highly convenient. The disadvantage, however, is that if the company’s server is hacked, your data may be at risk. Nevertheless, most reputable cloud-based password managers use robust encryption techniques to protect your data.
Local Password Managers
Local password managers store your password data on your device. This makes them less vulnerable to server hacks. The downside is that if you lose your device or it gets stolen, you lose your password data. Unless, of course, you have a backup somewhere else.
McAfee Pro Tip: Every individual is vulnerable to data loss or theft, and safeguarding against such risks can be achieved through a simple yet crucial measure—backing up your data. This step not only protects all your information but also serves as a deterrent against cybercriminals attempting to seize what rightfully belongs to you. Know how you can protect your data through backup.
Browser-based Password Managers
Browser-based password managers are integrated into your web browser. They offer the convenience of auto-filling forms and password fields. However, they are generally less secure than standalone password managers.
With many password managers in the market, it can get overwhelming to choose the right one. Here are some key features to consider when shopping for a password manager:
1. Strong Encryption
The primary role of a password manager is to keep your passwords secure. Thus, strong encryption is a must-have feature. Most reputable password managers use AES-256 bit encryption, the same encryption standard used by banks and governments.
2. Auto-fill and Auto-change
Another crucial feature is auto-fill, which automatically fills in your login details when you visit a site. This feature not only saves time but also eliminates the risk of keyloggers capturing your keystrokes. Some password managers also offer auto-change, a feature that automatically changes your passwords at regular intervals or whenever a breach is detected
3. Two-factor Authentication
Two-factor authentication, or 2FA, adds an extra layer of security to your password manager. With 2FA, even if someone gets hold of your master password, they will also need a second factor (like a fingerprint or a unique code sent to your phone) to access your data.
4. User-friendly Interface
A password manager should be easy to use. A user-friendly interface ensures that you can quickly and easily add, retrieve, and manage your passwords.
In conclusion, a password manager is an essential tool in today’s digital age. With the increasing number of online accounts we have and the growing threats of cybercrime, a password manager provides a secure, convenient solution for managing your passwords. It not only helps you create strong, unique passwords for each of your online accounts but also remembers them for you. This eliminates the risk of using weak or the same passwords across multiple platforms, which is a significant security concern.
There are different types of password managers available, so it’s important to choose the one that best fits your needs. Look for important features like strong encryption, auto-fill and auto-change, two-factor authentication, and a user-friendly interface. With all these features in place, a password manager can significantly enhance your online security while making your life a whole lot easier.
For a comprehensive solution that encompasses all these aspects and more, consider exploring McAfee Password Manager. With McAfee, not only can you significantly boost your online security, but you can also simplify your digital life.
The post Why Do I Need a Password Manager? appeared first on McAfee Blog.
Internet shopping has become an integral part of our daily lives, providing convenience, variety, and easy price comparisons. However, with this convenience comes potential risks. This article explores the dos and don’ts of online shopping to help you navigate this virtual marketplace safely and effectively.
Online shopping offers an amazing array of benefits. It saves time and effort, provides a platform where product comparison becomes a breeze, and allows us to avoid queues and crowds. Not to mention – it’s open all day, every day. However, it also exposes consumers to cyber threats, misinformation, and poor quality or non-existent products. This is why it is crucial to follow certain guidelines when buying online.
In this article, we will explore various dos and don’ts of online shopping centered around security, payment methods, product audits, return policies, and online behavior. The ultimate goal is to help you become a savvy, risk-aware internet shopper.
To make the most of your online shopping experience and secure your transactions, it’s crucial to adhere to some essential ‘do’s. These simple guidelines not only enhance your safety and satisfaction but also ensure a seamless and enjoyable transaction process.
Your first line of defense when shopping online should be to stick to well-known and trusted retailers. These retailers have established secure online shopping platforms and have robust security measures in place. They also typically have reliable customer support and return policies that protect you as the buyer. Online marketplaces such as Amazon, eBay, and Alibaba also provide customer protection mechanisms for purchases made through their platforms.
However, this does not mean you should completely avoid lesser-known online stores. Many fantastic independent retailers sell online exclusively. The key is to conduct a bit of research on these stores before handing over your money. A quick Google search can help you find reviews and ratings from other customers.
→ Dig Deeper: 8 Ways to Know If Online Stores Are Safe and Legit
Another important tip for safe online shopping is to use secure payment methods. Credit cards and secure online payment services, such as PayPal, have added security measures that protect you from fraud. Such services also often provide dispute resolution services in case something goes wrong with your transaction. When using a credit card, make sure you monitor your statements regularly for any suspicious charges.
→ Dig Deeper: PayPal Users: Here’s What You Need to Know About the New Phishing Scam
Furthermore, avoid using debit cards for online shopping as they lack many of the protections that credit cards provide. If a scammer gains access to your debit card information, they may have the ability to drain your bank account before you even notice.
McAfee Pro Tip: Do you use a digital wallet for online purchases? A digital wallet, or mobile wallet, is a smartphone app that securely stores payment information for tap-to-pay transactions at most point-of-sale terminals. Your digital wallet is secure as long as you safeguard your smartphone with the same level of attention as you would your physical wallet. If you use one, we have some tips to improve your digital wallet’s security.
One fundamental practice to uphold security is to exclusively patronize secure websites. These are platforms that have implemented robust measures to protect the confidentiality and integrity of the data exchanged during your online interactions. Shop only on secure websites that have a valid SSL certificate. Look for “https://” in the URL and a padlock icon in the address bar to ensure your personal information is protected.
The importance of using unique passwords for each online account cannot be overstated. In the event that one of your passwords is compromised, having distinct credentials for different platforms ensures that the security breach is contained, limiting potential damage. Reusing passwords across multiple accounts creates a vulnerability where a single compromised password could lead to unauthorized access to various aspects of your digital life.
Use a strong password, one that combines a mixture of uppercase and lowercase letters, numbers, and symbols and creates a complex sequence that is challenging for malicious actors or automated programs to decipher. Avoid easily guessable information such as birthdays, names, or common words.
Understanding the “Don’ts of Online Shopping” is as crucial as embracing the dos. From avoiding potential pitfalls to safeguarding your personal information, these guidelines serve as a compass, steering you away from common missteps that could compromise your online shopping journey.
Public Wi-Fi networks may be convenient, but they are often insecure. This makes it easy for cybercriminals to intercept your data, including credit card information or login details. So, as a rule of thumb, avoid making online purchases when you’re connected to public Wi-Fi.
→ Dig Deeper: Why You Need to Watch Out When Using Public Wi-Fi
Remember also to be cautious about which websites you visit and what personal information you provide while on public Wi-Fi. Even seemingly harmless activities, like checking email, can expose you to risks if a hacker is spying on your connection.
While shopping online, you might run into deals that seem too good to be true – and often, they are. Extremely low prices can be a sign of a scam, especially if they’re found on an obscure website. Be wary of online stores that require payment via wire transfer, provide vague or non-existent contact information, or have lots of negative reviews.
Keeping your devices, such as your computer, smartphone, or tablet, updated with the latest software is a simple but effective way to maintain a secure online shopping environment. Software updates often include patches for security vulnerabilities that have been discovered by the developers. By not updating your software, you are leaving your devices open to these vulnerabilities, which can be exploited by cybercriminals. Hence, always ensure that your devices are running the latest software versions.
In case of mobile devices, consider installing a trusted security app to help protect you from potential threats. These apps can help detect malware, prevent phishing attempts, and provide a host of other security features to keep you safe while shopping online.
→ Dig Deeper: Why Software Updates Are So Important
If you must shop online while on a public network, use a virtual private network (VPN) to encrypt your activity. A VPN is a tool that can provide an extra layer of security when you are shopping online. A VPN encrypts your internet connection, making your online activity invisible to anyone who might be snooping around, including hackers, your Internet Service Provider (ISP), or even the government. This can especially come in handy when you are shopping on a public Wi-Fi network, as mentioned earlier.
However, it’s important to choose a VPN carefully. Some VPNs can slow down your internet connection significantly or, worse, fail to provide the promised security features. Hence, always opt for a well-renowned and trusted VPN service provider.’
Return and refund policies are something you should never ignore while shopping online. These policies clarify what you can expect if the product turns out to be unsatisfactory, defective, or not as described. So, before making a purchase, always take the time to read and understand the return or refund policy of the online store. Avoid shopping from sites that have unclear, unfair, or non-existent return policies, as this could leave you stuck with unsatisfactory products.
Additionally, always print or save a copy of your order confirmation and receipt. This can be crucial for returning a product or disputing a charge in your credit card statement.
Phishing is a common online scam where cybercriminals trick you into providing sensitive information, such as your credit card details, by pretending to be a trustworthy entity. Often, these scams come in the form of fake emails or texts that look like they’re from reputable companies. Be wary of such communication, especially if it asks for personal or financial details.
Always verify whether the email or text is genuine by contacting the company through their official contact details. Never click on links from suspicious emails as this can also lead to malicious websites designed to steal your information. Remember, reputable companies will never ask for sensitive information through emails or texts.
Online shopping can be a convenient and enjoyable experience, but it also comes with its own set of risks. By following the dos and don’ts highlighted in this article, you can drastically reduce these risks and safeguard yourself from potential cyber threats. Remember to always stay vigilant while shopping online. Be aware of the common scams, stick to trusted retailers, and always protect your personal and financial information.
Improve your online shopping experience with McAfee+, which goes beyond traditional antivirus measures and provides an integrated suite of tools that shield your personal and financial information from evolving cyber threats!
The post Online Shopping: The Dos and Don’ts appeared first on McAfee Blog.
SMiShing, a term from ‘SMS phishing’, is a growing cyber threat that is as dangerous, if not more, than its sibling, “Phishing.” While the terms may seem comical, the repercussions of falling victim to these scams are no laughing matter. In an increasingly digital age, cybercriminals are taking advantage of our reliance on technology to steal personal information and leverage it for malicious purposes. This article provides an in-depth explanation of SMiShing, how it works, and, most importantly, how you can protect yourself from it.
In essence, SMiShing is a deceptive practice where scammers send fraudulent text messages masquerading as reputable institutions, aiming to dupe recipients into clicking on a link, calling a number, or providing sensitive personal information. The risk with SMiShing is that mobile users tend to trust their SMS messages more than their emails, making it an effective scamming tool. The best line of defense is awareness and understanding of what SMiShing is, how it operates, and the protective measures you can take against it.
The term ‘SMiShing’ is a concatenation of ‘SMS’ (short message service) and ‘Phishing’. The latter is a cybercriminal strategy, where scammers send emails that impersonate legitimate organizations with the aim of luring victims into clicking links and/or entering their login data or credentials. The word ‘Phishing’ is a play on the word ‘fishing’, depicting the tactic of baiting victims and fishing for their personal information.
SMiShing is a variant of phishing, a social engineering tactic where scammers resort to sending text messages instead of emails. These messages are engineered to appear as though they’ve been sent by legitimate, trusted organizations, leading the recipient to either click on a link or respond with their personal details. The transition from emails to text messages signals a shift in cybercrime trends, as scammers exploit the trust users place in their text messages, as opposed to their scrutiny of emails.
→ Dig Deeper: What Is Smishing and Vishing, and How Do You Protect Yourself?
Cybercriminals use sophisticated technology that allows them to generate cell phone numbers based on area codes. These phone numbers include a cell carrier’s provided extension, plus the last four random numbers. Once these phone numbers are generated, the scammers utilize mass text messaging services to disseminate their SMiShing bait, much like casting a large fishing net hoping to snare unsuspecting victims. A simple online search for “mass SMS software” will yield numerous free and low-cost programs that facilitate mass texting, revealing the ease with which these scams can be carried out.
→ Dig Deeper: What You Need to Know About the FedEx SMiShing Scam
SMiShing has proven to be effective mainly because most people have been conditioned to trust text messages more than emails. Moreover, unlike emails accessed on a PC, text messages do not allow for easy link previewing, making it risky to click on links embedded within the texts. The links either lead to malicious websites intended to steal data or prompt the download of keyloggers, tools that record every keystroke on your device, facilitating the theft of personal information. Alternatively, some SMiShing texts may trick recipients into calling specific numbers which, when dialed, incur hefty charges on the victim’s phone bill.
The first step towards protecting yourself against SMiShing is recognizing the threat. Cybercriminals often capitalize on the victim’s lack of understanding about how these scams work. They prey on the recipient’s trust in their text messages and their curiosity to view links sent via SMS. By understanding how SMiShing works, you are able to spot potential scams and protect yourself against them.
Typically, SMiShing messages are crafted to impersonate familiar, reputable organizations such as banks, utility companies, or even government institutions. They often induce a sense of urgency, pushing the recipient to act swiftly, leaving little to no time for scrutiny. The messages may alert you of suspicious activity on your account, a pending bill, or offer incredible deals that seem too good to be true. Any SMS message that prompts you to click on a link, call a certain number, or provide personal information should be treated with suspicion.
More often than not, recognizing an SMiShing scam relies on your observational skills and your ability to spot the tell-tale signs. One common red flag is poor grammar and spelling. Although this is not always the case, several SMiShing scams tend to have mistakes that professional communications from reputable institutions would not.
Another sign is that the message is unsolicited. If you didn’t initiate contact or expect a message from the supposed sender, you should treat it with suspicion. Additionally, reputable organizations usually employ a secure method of communication when dealing with sensitive information; they would rarely, if ever, ask for personal data via SMS.
Pay attention to the phone number. A text from a legitimate institution usually comes from a short code number, not a regular ten-digit phone number. Also, check whether the message uses a generic greeting instead of your name. Finally, use your common sense. If an offer seems too good to be true, it probably is. Also, remember that verifying the legitimacy of the text message with the supposed sender can never harm.
Many of these signs can be subtle and easy to overlook. However, staying vigilant and taking the time to scrutinize unusual text messages can save you from falling victim to SMiShing.
→ Dig Deeper: How to Squash the Android/TimpDoor SMiShing Scam
Psychological Manipulation is a critical aspect of this cyber threat, involving the art of exploiting human psychology and trust to trick individuals into revealing sensitive information or engaging in harmful actions. Even individuals with the intelligence to steer clear of scams might become vulnerable if the psychological manipulation is exceptionally compelling.
Smishing attackers employ a range of social engineering techniques that tap into human emotions, including fear, curiosity, and urgency. They often impersonate trusted entities or use personalized information to lower recipients’ guard and establish trust. The use of emotional manipulation and emotional triggers, such as excitement or outrage, further intensifies the impact of these attacks. Recognizing and understanding these psychological tactics is paramount for individuals and organizations in fortifying their defenses against smishing, empowering them to identify and resist such manipulative attempts effectively.
→ Dig Deeper: Social Engineering—The Scammer’s Secret Weapon
Arming yourself with knowledge about SMiShing and its modus operandi is the initial line of defense. Once you comprehend the nature of this scam, you are better equipped to identify it. However, understanding alone is not enough. There are several practical measures that you can adopt to safeguard your personal information from SMiShing scams.
At the top of this list is exercising caution with text messages, especially those from unknown sources. Resist the impulse to click on links embedded within these texts. These links often lead to malicious websites engineered to steal your data or trigger the download of harmful software like keyloggers. Do not respond to text messages that solicit personal information. Even if the message seems to originate from a trusted entity, it is always better to verify through other means before responding.
Furthermore, be wary of text messages that create a sense of urgency or evoke fear. SMiShers often manipulate emotions to spur immediate action, bypassing logical scrutiny. For instance, you may receive a message supposedly from your bank alerting you about a security breach or unauthorized transaction. Instead of panicking and clicking on the provided link, take a moment to contact your bank through their officially listed number for clarification.
There is also the option of using comprehensive mobile security applications. These apps provide an array of features such as text message filtering, antivirus, web protection, and anti-theft measures. Applications like McAfee Mobile Security can significantly enhance your defense against SMiShing attacks and other cyber threats.
McAfee Pro Tip: Try McAfee Mobile Security’s scam protection. It scans the URLs within your text messages to enhance your online safety. If a suspicious or scam link is detected, it will send an alert on Android devices or automatically filter out the problematic text. Additionally, it actively blocks potentially harmful links in emails, text messages, and social media if you happen to click on them by mistake, adding an extra layer of protection to your online experience.
SMiShing is a serious cyber threat that aims to exploit the trust that individuals place in their text messages. By impersonating reputable organizations and creating a sense of urgency, scammers try to trick recipients into providing personal information or clicking on malicious links. Protecting oneself from SMiShing involves understanding what it is, recognizing the threat, and adopting effective protective measures. These include being cautious of unsolicited text messages, refraining from clicking on links within these texts, and using comprehensive mobile security applications. Additionally, being aware of the red flags, such as poor grammar, unsolicited messages, and requests for sensitive information via SMS, can help in detecting potential scams. In an increasingly digital age, staying vigilant and proactive is the best way to protect your personal information from cybercriminals.
The post Understanding and Protecting Yourself from SMiShing appeared first on McAfee Blog.
As a parent and a professional in the cybersecurity industry, I am incredibly aware of the importance of online safety, particularly as it relates to children. Despite vast improvements in technology and cybersecurity, the reality is that kids lack the resources and knowledge to protect themselves against the multitude of threats that exist online. The majority of domestic tech devices, such as personal computers and smartphones, only have basic consumer antivirus software, if any at all. This puts children at significant risk of falling victim to cyber threats like malware and phishing attacks.
However, the risks children face online aren’t limited to just these digital threats. The internet, in all its vastness, also exposes our children to many other potential dangers, from online predators in gaming environments to unrestricted internet usage in their downtime. This guide is geared towards educating and providing effective strategies for parents and other concerned individuals to ensure the online safety of children.
→ Dig Deeper: Reports of Online Predators on the Rise. How to Keep Your Kids Safe.
Recent statistics from Pew Research Center found that 46% of U.S. teenagers aged 13 to 17 have encountered at least one of six different cyberbullying behaviors. Among these behaviors, name-calling is the most prevalent, with 32% of teens reporting that they have been subjected to offensive name-calling online or on their phones. Additionally, 22% have had false rumors spread about them online, and 17% have received unsolicited explicit images.
Furthermore, 15% of teenagers have dealt with persistent inquiries from someone other than a parent about their whereabouts, activities, and companions. Additionally, 10% have faced physical threats, and 7% have had explicit images of themselves shared without their consent. In total, 28% of teenagers have experienced multiple forms of cyberbullying.
→ Dig Deeper: More Dangers of Cyberbullying Emerge—Our Latest Connected Family Report
The high level of exposure and the increasing number of online threats led to the development of the McAfee’s Digital Safety Program, previously known as McAfee’s Online Safety for Kids. This program provides essential resources that can be used by cybersecurity experts to educate school children about the potential dangers that lurk online and how best to protect themselves. Over the past five years, the highly interactive program has been implemented in numerous school systems across the United States, shedding light on the depth and extent of the threats that children encounter daily.
→ Dig Deeper: McAfee Relaunches Award-Winning Online Safety Program for Kids
The McAfee Digital Safety Program is a collaborative effort that brings together the expertise of security professionals, the experiences of children, and the efforts of community partners. It involves not just theoretical learning, but also anecdotal sharing of online experiences, which greatly enhances the effectiveness of the program. Participants of the program, both children and adults alike, often leave with a profound sense of the multitude of threats that children encounter online. By sharing these real-world experiences, it allows everyone involved in the program to better understand the landscape of online dangers and reinforces the importance of adequate protection measures.
Recently, at our Technical Forum in Puerto Rico, the McAfee team and our partners introduced the Digital Safety Program to a private middle school, engaging more than 100 students from grades 6 to 8. Previous participants in the program have ranged from company owners and senior executives to sales and marketing teams. However, at this event, it was the technical experts delivering the message. This not only allowed their technical peers to understand the ease and satisfaction of participating in such a program but also inspired them to consider innovative ways of protecting children and getting their fellow peers and clients involved.
The McAfee Digital Safety Program does more than just promote online safety – it serves as a vessel of corporate social responsibility, connecting security professionals with their local communities and raising awareness of the need for better cybersecurity measures. Additionally, the program offers tangible benefits for partners involved. Many have reported increased brand awareness and appreciation from the communities they serve. Plus, delivering the online safety message serves as a valuable training tool that improves their sales and marketing skills.
While the quest for online safety for children comes with business benefits, it is an endeavor that is worth pursuing regardless. We encourage all our partners and anyone interested to learn more about the McAfee Digital Safety Program and consider how they can implement it in their local communities.
While certain elements of digital threats are beyond our control, what we can do is educate our children and ourselves about online safety and equip ourselves with tools that can help guard against such risks. McAfee’s Digital Safety Program aims to provide adequate knowledge and resources for this purpose. However, it is also important to use the available protection measures that can make the digital playground safer for our children.
One of the first measures to ensure online safety is having a strong and reliable security software installed on the devices used by children. This software should be effective in protecting against malware, phishing attacks, and other online threats. It is also important to keep the software updated, as new threats emerge regularly. Furthermore, parental control features, such as content filters and usage restrictions, can provide an extra layer of protection by limiting the exposure of children to inappropriate or dangerous online content.
Despite implementing technological measures to ensure online safety, the most effective tool is open and thorough conversations about the potential risks and threats that exist online. Children are often unaware of the potential dangers or may not fully comprehend the gravity of these threats. Therefore, it is essential to engage kids in an ongoing dialogue about online safety, equip them with the knowledge to make informed decisions, and encourage them to seek adult assistance when they encounter something unfamiliar or suspicious online.
It is important to have these discussions as early and as often as possible. But, of course, the content and tone of conversations should be age-appropriate. It is equally important to create a safe and non-judgemental environment where children feel comfortable discussing their online experiences without fear of punishment or ridicule. Building trust with children can go long way toward ensuring their safety online.
McAfee Pro Tip: Implement parental controls on their devices gradually, even if your kids may not be enthusiastic about it. This is akin to encouraging them to consume vegetables; it’s a measure taken for their well-being.
The internet is a wonderful tool for learning and communication but, like every innovation, it comes with its own set of risks and threats, especially for our children who are particularly vulnerable. As adults, we need to play our part in en/suring their online safety. Through proactive measures and ongoing open conversation’s, we can create a safer online environment for our children. Initiatives like McAfee’s Digital Safety Program are essential in making this a reality. It is a continuous journey, but the efforts to protect our children from online threats and to educate them about online safety are undoubtedly worth it.
The post Keeping Kids Safe from Online Threats appeared first on McAfee Blog.
In today’s digital era, smartphones and tablets are quickly becoming essentials for everybody. However, despite their increasing popularity, many people fail to take adequate security precautions with their mobile devices. Statistics show that roughly 75% of Americans do not use mobile security software. Moreover, approximately 36% of users do not have a basic PIN to secure their mobile devices. Therefore, it becomes imperative to understand the risks and take necessary precautions, particularly for Android users.
Android has, over time, become a popular target for hackers. Recently, McAfee Labs™ found that all new forms of malicious mobile software were solely designed to exploit vulnerabilities in the Android operating system. Multiple factors contribute to this increase in mobile malware. One of the major reasons is the exponential growth of the Android platform, which currently holds the largest share of the mobile marketplace. Naturally, cybercriminals are drawn to the size and potential for exploitation in the Android space.
Malicious mobile activity, particularly on Android devices, is generally driven by bad apps. These rogue applications come with a myriad of risks. They can access your contacts, sending them unwanted emails. They can track and record everything you do on your mobile device, leading to severe consequences such as data theft, keylogging, and unauthorized access to sensitive information like banking credentials. They may even hijack your device or distribute personal content without consent, posing emotional and reputational damage.
In addition to individual risks, mobile malware can serve broader purposes, including espionage and geopolitical motives, often orchestrated by nation-states or hacktivist groups. These advanced persistent threats (APTs) may target specific individuals, organizations, or regions, posing significant damage potential. To protect against these advanced threats and prevent the proliferation of mobile malware, proactive cybersecurity measures, awareness, and safe online practices are indispensable.
→ Dig Deeper: 4 Mobile Malware Threats You Can’t Even See
While the extent of smartphone malware is currently less severe compared to desktop or laptop PCs, awareness of its existence can go a long way toward ensuring your data’s security. There are a few simple steps you can take to protect yourself and your data:
Begin by using a PIN to lock your device. Just as you would be cautious with your computer, always think twice before clicking on links, especially from unfamiliar sources. Ensure that you have web protection software installed which can help keep you from visiting malicious sites. When looking to download apps, remember to do your research. Reading the ratings and reviews can give you a good idea about the app’s credibility. Only download apps from well-known, reputable app stores to minimize the possibility of downloading a malicious app.
→ Dig Deeper: How Safe Is Your Android PIN Code?
During the app installation process, ensure you review what permissions the app is requesting on your device. Consider using an app protection feature that alerts you if an app is accessing data it does not require. Lastly, consider installing a comprehensive mobile security solution like McAfee Mobile Security. This type of software generally includes anti-malware, web protection, anti-theft, and app protection features.
App permissions play a crucial role in this process. Android developers have the liberty to choose from over 150 different permissions that an app can access on your mobile device. Examples include turning on your camera to record images or videos, accessing all your contacts, and even accessing your IMEI code (a unique identifier for your mobile device). Therefore, it’s crucial to understand why an app needs to access specific information to prevent it from sending your personal information to potentially malicious entities.
With each download, apps request permission to access certain functionalities on your device. Unfortunately, these permissions can sometimes be used to compromise your personal data. For instance, an app might ask for access to your device’s camera, microphone, or location. While these permissions might seem harmless at face value, they can be exploited. Cybercriminals can potentially use these permissions to steal sensitive information or even engage in surveillance activities. That’s why it’s critical to cross-verify each permission an app requests and deny any that seem unnecessary.
For those unsure, consider asking the following questions: Why does this app need access to my contacts, SMS, or location? Is this access necessary for the functionality of the app? If you’re unsure, look up the app on online forums or ask for advice from trusted sources. Remember, it’s always better to be safe than sorry.
McAfee Pro Tip: Be careful when downloading third-party apps. Developers of third-party apps are not under the control of the OS owners and official application stores like App Store and Google Play, so they can have lower security levels. This enables advertisers and hackers to insert malicious codes within the app. Know more about third-party apps and how to check app authenticity.
Another crucial measure to protect your Android device is to keep it updated. Software updates not only introduce new features but also fix potential security flaws. Hackers often exploit these security flaws to infiltrate your device, making updates a crucial part of your security toolkit. Regularly check for updates and install them as soon as they are available.
Google frequently releases monthly security patches for Android. These patches address various security vulnerabilities that have been discovered in the Android operating system. However, the responsibility for pushing these updates to individual devices lies with the device manufacturers and carriers. Ensure that you are aware of your device’s update cycle and prioritize installing these updates.
→ Dig Deeper: Why Software Updates Are So Important
Your Android device serves as a repository for a wealth of personal and sensitive information. As we continue to incorporate these devices into our daily lives, the need for stringent security measures has never been more urgent. While the world of mobile security might seem daunting, the right knowledge and a few preventive measures can help you avoid the majority of potential threats.
Start by locking your device with a PIN, be cautious about the links you click on, verify app permissions, ensure you download apps from a trusted source, and keep your device updated. Remember, your digital security is in your hands. Equip yourself with the necessary tools and awareness to navigate the online world safely. Lastly, consider investing in a comprehensive mobile security solution like McAfee Mobile Security to fortify your defenses against potential cyber threats.
The post Understanding the Risks of Using an Android Device appeared first on McAfee Blog.
With the surge in the usage of mobile phones, there has been a concurrent increase in malicious activities targeting these devices. One common technique used by hackers is to corrupt legitimate applications. Android devices, in particular, see increases in malware targeting mobile phones year by year. According to McAfee 2023 Consumer Mobile Threat Report, Clicker Malware, a type of malware that runs in the background, spread through deceptive applications masquerading as system utilities such as flashlights and task managers in 2022. Other types of malware also became rampant, such as Dropper, Hidden Ads, and FakeApp. Almost all new mobile malware targets Android’s operating system.
While the instances of smartphone malware are relatively few compared to what is seen with desktop or laptop PCs, being aware of the threat is the first step towards safeguarding yourself and your data. Thorough research of applications and their publishers is crucial. It is always safer to install applications that have high user ratings, are widely used, or have been recommended by your friends or acquaintances.
Getting apps from a reputable and well-established market is also advisable. Android users can prevent the installation of non-market apps by deselecting the “Unknown Sources” option in their device’s application settings menu. However, if this option isn’t available, it means that your mobile provider has automatically blocked applications from unknown sources.
→ Dig Deeper: Are third-party apps for you?
As you install different applications, you will notice a list of permissions for services that can access the hardware and software components on your device. You need to stay vigilant and check these permissions. If you suspect any foul play, for instance, a game or alarm clock app asking for your contact details or any other sensitive data, refrain from installing the app. In case you have any doubts regarding the data the app is accessing, the best course of action is not to install it.
Another important step that you can take is installing antivirus software on your phone. Doing this before adding any other apps to your new mobile device can help to increase its security.
McAfee Pro Tip: Enhance your mobile security with McAfee Mobile Security! Not only does it alert you to app permissions during downloads, but it also offers insights into any unexpected capabilities an app may have. Discover our software’s range of additional features for comprehensive protection.
When it comes to the complex world of mobile threats, having security software that offers multiple layers of protection can act as your best defense. For instance, McAfee Mobile Security™ for Android smartphones and tablets, BlackBerry, and Symbian smartphones is one such software.
McAfee Mobile Security provides complete antivirus, antispyware, and antiphishing facilities helping you to scan and clean malicious code from inbound or outbound emails, text messages, attachments, and files.
Other features of this security software include safe searching and shopping – protection against web threats like risky links within text messages, emails, and social networking sites, browser exploits, and malicious QR codes; app protection and app alert system – letting you review a report on your app’s access to your personal data to make informed decisions about each app; as well as a device lock feature – helping to protect against misuse of your phone and personal data by remotely locking all data, including the data on your memory (SIM) card.
→ Dig Deeper: Are Fake Apps Taking Over Your Phone?
Aside from the aforementioned steps, there are several other security measures that you can employ to protect your mobile device. A very elementary yet highly efficient method is setting up a strong password for your device. Make sure to choose one that cannot be easily guessed. Regularly updating your phone’s operating system and apps is also crucial since updates usually come with security fixes for vulnerabilities that hackers might exploit.
Next, be cautious when clicking on links in text messages, emails, or social media. Verify the sender’s legitimacy and avoid downloading attachments or clicking suspicious links. These may lead to phishing websites, which aim to deceive you into revealing sensitive information, or malware downloads that can compromise your device’s security.
One more thing to be wary of is the Wi-Fi networks that your device connects to. Public Wi-Fi networks are often unsecured and can provide an avenue for hackers to steal information. When connecting to such networks, it’s best to use a VPN (Virtual Private Network) to encrypt your data and keep it safe from prying eyes. Furthermore, always be cautious about the information you share online; avoid posting sensitive data such as your address, phone number, or personal identification number.
Recognizing malicious apps requires vigilance and a keen eye. Malicious apps often masquerade as popular apps, baiting users into downloading them. They often have strange names, with spelling or grammatical errors. Another tell-tale sign is when the app asks for unnecessary permissions that are not needed for it to function. If you find an app asking for permission to access your location or contacts when it has no need to, then it might be malicious.
Finally, note the publisher of the app. Malicious apps often come from unknown or suspicious sources. Genuine apps come from reputable companies that you can trust. Check the reviews and ratings of the app, as they often indicate the app’s legitimacy. Remember, it’s always better to err on the side of caution regarding your mobile device’s security.
→ Dig Deeper: Device & App Safety Guide for Families
In conclusion, safeguarding your mobile device from malicious apps is a task that requires constant vigilance and proactive measures. From thoroughly researching the apps you install, and carefully reviewing their permissions, to installing robust antivirus software, every step is crucial in securing your device. Moreover, recognizing the tell-tale signs of malicious apps and employing additional security measures such as strong passwords and secure Wi-Fi connections can add an extra layer of protection.
While the rise of mobile threats is alarming, being informed and taking appropriate protective measures can greatly minimize the risk. Stay safe by staying informed and always prioritize your device’s security in this increasingly digital age.
The post Beware of Malicious Mobile Apps appeared first on McAfee Blog.
Overheating is a common issue in mobile devices, but it often raises alarms among users. This concern is usually unnecessary, as there are several common and easily resolvable reasons why phones get hot, including overuse, exposure to harsh weather conditions, and battery problems. However, it is essential to cool down an excessively hot device promptly to prevent it from overheating again.
Below we delve into the five most common reasons why your phone might be getting hot and how to cool it down.
Mobile malware can have effects beyond data leaks, software damage, or battery drainage. It can also overload your device’s processor and cause it to overheat by making it work overtime. Utilizing a robust mobile security tool, such as McAfee Mobile Security, can protect your pocket-sized digital life by blocking malicious apps, threats, and malware from entering your device.
McAfee Pro Tip: For more information on current mobile threats, check out this full report. The McAfee 2023 Consumer Mobile Threat Report is one of our latest resources that delve into the ever-evolving realm of mobile security challenges and risks.
Streaming video content, running graphically demanding gaming apps, and recording video content for prolonged periods can heat your phone’s central processing unit (CPU). This can lead to an unexpectedly hot Apple or Android device.
While computers have internal fans to keep them cool, phones don’t. Therefore, if you overwork your phone, it is likely to get hotter than you would like. This elevated heat not only affects user comfort but also poses potential risks to the device itself. Excessive heat can accelerate battery degradation, diminish overall performance, and even lead to thermal throttling, which reduces processing power to prevent damage. It’s crucial to be mindful of your phone’s workload and ensure it doesn’t become excessively hot to maintain optimal functionality and prolong the lifespan of your device.
→ Dig Deeper: What You Need to Know About Livestreaming
Your phone’s battery health plays a significant role in whether or not it overheats. As the battery health degrades, the likelihood of your phone overheating increases. Checking whether the back of your device heats up more than the front can tell you if the battery is at fault.
Most devices also have a feature allowing you to check your battery’s health. You can find this feature on an iPhone—go to “Settings” and choose “Battery”. To check your battery’s health on an Android device, you can typically navigate to the “Settings” app, and then look for the “Battery” or “Battery & Device Care” section, which can vary in name. Within this section, you’ll often find options to assess your battery’s condition and performance.
Failing to update your apps can pose overheating risks to your device. App updates often include bug fixes, extra features, and security additions, all of which improve your device’s performance and minimize overheating issues. Make sure to regularly update your apps, whether you’re using the App Store on iOS or Google Play on Android.
→ Dig Deeper: Why Software Updates Are So Important
Next, we delve into the potential permanent damage that overheating can cause. While a heat warning on a hot summer afternoon might not seem alarming, continual exposure to heat can slow down your device, cause data loss, and result in battery leakage.
One of the most concerning outcomes of overheating is the potential for battery leakage. High temperatures can accelerate the chemical reactions within the battery, which can lead to the release of harmful gasses, swelling of the battery, and, in the worst-case scenario, leakage of electrolytes. Battery leakage not only compromises your device’s performance but can also pose safety hazards. Therefore, it is important to keep your phone cool and take precautions if it does overheat.
If you find your phone getting excessively hot, it’s crucial to take immediate steps to cool it down. Some of these steps are pretty straightforward but can do wonders in bringing the temperature of your phone down. And in preventing your phone from heating up in the future, here are some techniques:
One of the simplest ways to prevent overheating is by keeping your phone up to date. Regular updates not only keep your device secure but also often fix bugs that can lead to excessive battery drain and heating.
Believe it or not, how you charge your phone can also impact how hot it gets. Always make sure to use the correct charger and charging cable for your device. Avoid full cycle and overnight charging, and never cover your phone or keep it in a hot place while it’s charging.
→ Dig Deeper: US-B Careful: Public iPhone Chargers Lie in Wait
Turning on airplane mode can help cool down your device faster. Airplane mode restricts all wireless communication on your device, such as searching for a cellular signal or Wi-Fi, which can drain your battery and cause your device to heat up.
High screen brightness not only drains your phone’s battery faster but also generates more heat. Your screen needs more power to shine brighter, which can make your device run hotter, particularly if you have your brightness cranked up for extended periods. It’s always best to auto-adjust the screen brightness on your mobile device to match your environmental conditions. At night or in darker environments, your screen brightness doesn’t need to be high.
Additionally, dynamic wallpapers and widgets can cause your device to use more power, which can result in excess heat. Try using static backgrounds and minimizing the number of widgets to help keep your device cool.
While phone cases are essential for protecting your device from accidental damage, they can also trap heat. Removing your phone’s case can allow heat to escape and can help cool down your device faster.
The intense heat generated by the sun can not only make your device uncomfortably warm to the touch but can also trigger thermal stress, adversely affecting its performance and battery life. Direct sunlight can cause your device to heat up quickly, so always make sure to keep your device away from direct sunlight and other heat sources.
As discussed earlier, malware can keep your device working overtime and generate more heat. A security app like McAfee Mobile Security can prevent malicious apps and threats from entering your device and causing it to overheat.
While an overheating phone may cause an alarm, it’s usually not a cause for concern. Several factors can cause your phone to get hot, including overuse, high screen brightness, and malware. Regular updates, correct charging habits, and using antivirus protection can all help prevent your phone from overheating. Remember, if your phone gets excessively hot, it’s crucial to take immediate steps to cool it down and prevent potential damage.
The post Why Does My Phone Get Hot? appeared first on McAfee Blog.
With the reality of the digital age, the internet has become a vital part of our daily lives. While it offers immense benefits, the online world also has its potential risks. One such alarming issue involves extremist groups targeting impressionable teenagers online. An example of this is the Orlando nightclub massacre, where the gunman was believed to have been radicalized online. This guide aims to shed light on how these extremist groups operate and provide helpful measures for parents to protect their children.
According to experts, extremist groups approach their targets subtly, often presenting their ideologies as non-threatening at first. These manipulations are not limited to only social media platforms, such as Facebook or Twitter, but can be encountered in various forms like pop-up ads, hashtags, blog posts, and even videos. Extremist content is widespread online, and it has become increasingly crucial to educate your family about these threats.
Influence from these groups does not happen overnight. It often starts with behavioral changes. Common signs that a teen may be exposed to extremist ideologies include physical changes, sudden interest in fundamental values, increasingly critical towards the U.S., or constantly praising extremist violence in the news. These changes may seem minor at first, but they can lead to sinister results if left unchecked.
ISIS, among other extremist groups, has used the internet extensively for propaganda and recruitment. Their online presence is state-of-the-art and their recruitment methods are sophisticated. They primarily target impressionable teens and young adults who are often at the peak of their emotional turmoil and rebellion. They capitalize on the young person’s desire for acceptance, camaraderie and the urge to act out.
Extremist ideology is presented in a way that validates and glorifies this rebellion, treating it as an act of bravery. These groups lure in both males and females with promises of material rewards, eternal favor, adventure, and even heroism. All these appeal to the human desire for acceptance and significance, making it more appealing for impressionable youths.
The Family Institute for Online Safety (FOSI) released a report entitled “Violent Extremism: The New Online Safety Discussion”. It highlighted the ongoing threat of online extremism and the potential exposure of children to extremist content. The report recommends proactive measures such as awareness, education, and collaboration among government, community leaders, and social media companies to keep families safe from these threats.
Parents play a critical role in curbing this menace. They need to discuss current world events and the reliability of online content their children might encounter online. They should help their children develop critical thinking skills about the content they consume online, understand the motivations behind posted content and the potential manipulation involved.
As a parent, it is important to observe your child’s online behavior. This does not imply invading their privacy but rather maintaining open communication about their online activities. As recommended by the FOSI report, parents should be aware of the sites their children visit and the content they consume. Encourage your child to discuss questionable content or unusual interactions they encounter online. This open communication helps build trust and promotes a safer online environment.
Teaching your children about digital footprint is also essential. Explain how their online behavior can have real-life consequences. This can range from damaging their reputation to attracting unwanted attention from malicious figures, such as those from extremist groups. Encourage them to think twice before posting or responding to content online, and remind them that nothing they do online is truly hidden or erased.
→ Dig Deeper: 6 Tips to Help Protect and Improve Your Child’s Online Reputation
There are numerous online resources available to assist parents in mitigating the influence of online extremism on their children. These include guides on dealing with tragedy and resources to help identify and address childhood depression. Utilizing these resources can equip parents with the knowledge to address difficult situations appropriately and limit the impact on their child’s mental health. Here are some sources you might want to check out:
→ Dig Deeper: Does Your Child Have an Unhealthy Relationship with Social Media?
The digital age brings with it immense benefits and potential risks. Online extremism is a real threat, but proactive and involved parenting can help minimize its influence on our children. By staying informed about extremist tactics, maintaining open dialogue with our children about their online activities, and utilizing available resources, we can help ensure their online safety. After all, armed with knowledge and understanding, we are well-equipped to face, address, and overcome these challenges.
Improve yours and your children’s understanding of the online world with the help of McAfee. Whether it’s through educational content, parental control solutions, or security features, McAfee empowers both parents and children to make informed decisions, practice responsible online behavior, and stay safe in an ever-evolving digital landscape.
The post How Extremist Groups Target Teens Online appeared first on McAfee Blog.
Recent Internet attacks have caused several popular sites to become unreachable. These include Twitter, Etsy, Spotify, Airbnb, Github, and The New York Times. These incidents have highlighted a new threat to online services: botnets powered by the Internet of Things (IoT). Distributed denial of service (DDoS) attacks have been around for over a decade and, for the most part, have been handled by network providers’ security services. However, the landscape is changing.
The primary strategy in these attacks is to control a number of devices which then simultaneously flood a destination with network requests. The target becomes overloaded and legitimate requests cannot be processed. Traditional network filters typically handle this by recognizing and blocking systems exhibiting this malicious behavior. However, when thousands of systems mount an attack, these traditional filters fail to differentiate between legitimate and malicious traffic, causing system availability to crumble.
Cybercriminals and hacktivists have found a new weapon in this war: the IoT. Billions of IoT devices exist, ranging in size from a piece of jewelry to a tractor. These devices all have one thing in common: they connect to the internet. While this connection offers tremendous benefits, such as allowing users to monitor their homes or check the contents of their refrigerators remotely, it also presents a significant risk. For hackers, each IoT device represents a potential recruit for their bot armies.
A recent attack against a major DNS provider shed light on this vulnerability. Botnets containing tens or hundreds of thousands of hijacked IoT devices have the potential to bring down significant sections of the internet. Over the coming months, we’ll likely discover just how formidable a threat these devices pose. For now, let’s dig into the key aspects of recent IoT DDoS attacks.
The proliferation of Internet of Things (IoT) devices has ushered in a new era of digital convenience, but it has also opened the floodgates to a range of cybersecurity concerns. To navigate the complexities of this digital landscape, it’s essential to grasp five key points:
Each device that can be hacked is a potential soldier for a botnet army, which could be used to disrupt essential parts of the internet. Such attacks can interfere with your favorite sites for streaming, socializing, shopping, healthcare, education, banking, and more. They have the potential to undermine the very foundations of our digital society. This underscores the need for proactive measures to protect our digital way of life and ensure the continued availability of essential services that have become integral to modern living.
→Dig Deeper: How Valuable Is Your Health Care Data?
Hackers will fight to retain control over them. Though the malware used in the Mirai botnets is simple, it will evolve as quickly as necessary to allow attackers to maintain control. IoT devices are significantly valuable to hackers as they can enact devastating DDoS attacks with minimal effort. As we embrace the convenience of IoT, we must also grapple with the responsibility of securing these devices to maintain the integrity and resilience of our increasingly digitized way of life.
Identifying and mitigating attacks from a handful of systems is manageable. However, when tens or hundreds of thousands of devices are involved, it becomes nearly impossible. The resources required to defend against such an attack are immense and expensive. For instance, a recent attack that aimed to incapacitate Brian Krebs’ security-reporting site led to Akamai’s Vice President of Web Security stating that if such attacks were sustained, they could easily cost millions in cybersecurity services to keep the site available. Attackers are unlikely to give up these always-connected devices that are ideal for forming powerful DDoS botnets.
There’s been speculation that nation-states are behind some of these attacks, but this is highly unlikely. The authors of Mirai, a prominent botnet, willingly released their code to the public, something a governmental organization would almost certainly not do. However, it’s plausible that after observing the power of IoT botnets, nation-states are developing similar strategies—ones with even more advanced capabilities. In the short term, however, cybercriminals and hacktivists will continue to be the primary drivers of these attacks.
→ Dig Deeper: Mirai Botnet Creates Army of IoT Orcs
In the coming months, it’s expected that criminals will discover ways to profit from these attacks, such as through extortion. The authors of Mirai voluntarily released their code to the public—an action unlikely from a government-backed team. However, the effectiveness of IoT botnets hasn’t gone unnoticed, and it’s a good bet that nation-states are already working on similar strategies but with significantly more advanced capabilities.
Over time, expect cybercriminals and hacktivists to remain the main culprits behind these attacks. In the immediate future, these groups will continue to exploit insecure IoT devices to enact devastating DDoS attacks, constantly evolving their methods to stay ahead of defenses.
→ Dig Deeper: Hacktivists Turn to Phishing to Fund Their Causes
Unfortunately, the majority of IoT devices lack robust security defenses. The devices currently being targeted are the most vulnerable, many of which have default passwords easily accessible online. Unless the owner changes the default password, hackers can quickly and easily gain control of these devices. With each device they compromise, they gain another soldier for their botnet.
To improve this situation, several factors must be addressed. Devices must be designed with security at the forefront; they must be configured correctly and continuously managed to keep their security up-to-date. This will require both technical advancements and behavioral changes to stay in line with the evolving tactics of hackers.
McAfee Pro Tip: Software updates not only enhance security but also bring new features, better compatibility, stability improvements, and feature removal. While frequent update reminders can be bothersome, they ultimately enhance the user experience, ensuring you make the most of your technology. Know more about the importance of software updates.
Securing IoT devices is now a critical issue for everyone. The sheer number of IoT devices, combined with their vulnerability, provides cybercriminals and hacktivists with a vast pool of resources to fuel potent DDoS campaigns. We are just beginning to observe the attacks and issues surrounding IoT security. Until the implementation of comprehensive controls and responsible behaviors becomes commonplace, we will continue to face these challenges. By understanding these issues, we take the first steps toward a more secure future.
Take more steps with McAfee to secure your digital future. Explore our security solutions or read our cybersecurity blogs and reports.
The post Top 5 Things to Know About Recent IoT Attacks appeared first on McAfee Blog.
In today’s digital age, most of our personal information and sensitive data are stored online. From banking transactions to vital records, everything lies behind the protective screen of our passwords. The importance of having strong, unique passwords cannot be overstated. However, most individuals tend to use weak passwords or reuse the same password over and over, exposing their digital assets to potential hackers.
Based on a study conducted by McAfee, consumers tend to estimate the value of their digital assets, distributed over multiple devices, to be around $35,000. These digital assets not only include music, videos, photos, and apps but also important information like emails, texts, health and financial records, resumes, and even portfolios. The very thought of losing all this data to cybercriminals is horrifying but is a potential risk if you rely on weak passwords.
Many individuals prefer to reuse their passwords as it’s easier to remember one password rather than a multitude. However, by doing so, you’re inviting a potential breach. If hackers decipher the password for one account, they gain access to all your accounts. Moreover, the challenge is further escalated by the inconsistent password policies across different websites, with some allowing usage of special characters while others don’t.
→ Dig Deeper: Digital Estate Planning – What to Do With Your Digital Assets
A weak password is one that lacks the necessary characteristics to withstand modern hacking techniques. These vulnerabilities often include brevity, where a password is too short to provide sufficient security. Short passwords, especially those with fewer than eight characters, are much easier for attackers to guess using brute force or dictionary attacks. Additionally, weak passwords often lack complexity, relying solely on letters or numbers without incorporating a mix of uppercase letters, lowercase letters, numbers, and special characters. This makes them susceptible to straightforward hacking attempts.
Furthermore, weak passwords may be derived from easily accessible personal information, such as the user’s name, birthdate, or other readily available details. Attackers can often exploit this information through social engineering or data breaches. Additionally, common words, phrases, or dictionary terms in passwords, like “password” or “qwerty,” are particularly weak, as they are frequently targeted in automated password-cracking attacks. To ensure the strength of a password, it is essential to create long, complex, and unique combinations that are challenging for attackers to decipher.
What are the potential consequences of a weak password? A determined hacker can track a person’s online activity, identify and hack weak passwords then use those weak passwords to access banking information, credit card numbers, and personal data used to steal a person’s identity. Remember: Just as you go to work each morning to put food on the table for your family, a hacker has similar goals. So, work with equal diligence to protect what’s yours.Here’s a look at some intriguing numbers that underline the scale of the problem:
The need for a better password management strategy is evident. Start by ensuring you use different passwords for each of your accounts. Even though it’s tempting, avoid using the ‘remember me’ function on your browsers or mobile apps. This function offers convenience but at the risk of revealing your passwords if your device gets stolen or lost.
Avoid entering passwords on computers that you don’t control, like those in an Internet café or library. Further, avoid accessing your accounts via unsecured Wi-Fi connections, such as those at an airport or coffee shop, as hackers can easily intercept your data. Use a VPN. Also, remember, your password is private. Do not share it with anyone. You never know when a trusted friend might turn into a threat.
→ Dig Deeper: Why You Need to Watch Out When Using Public Wi-Fi
Creating a strong password is not as complicated as it seems, and there are several strategies you can apply to create one. A strong password should be long (at least 12 characters), include a mix of letters (both upper and lower case), numbers, and special characters. Avoid using dictionary words, personal information like your name, date of birth, etc., and avoid obvious keyboard paths like “qwerty” or “123456”.
One effective method to create a strong password is to use a phrase or sentence that is meaningful to you, and use the first letter of each word, include numbers or special characters to replace some letters. For example, “My cat Whiskers was born on July 7.” could be transformed into “McWwboJ7.”. This password is strong, unique, and easier to remember than a random string of letters, numbers, and special characters.
Keeping track of different passwords for each account can be challenging. This is why using password managers can be useful. Password managers like LastPass, Dashlane, or McAfee’s password manager can securely store your passwords and help you log in to your accounts with just a click. They also generate strong, unique passwords for you and store them in an encrypted vault, only accessible with a master password.
The master password is the only one you need to remember, so make it a strong one. Also, most password managers offer multi-factor authentication, adding an extra layer of protection. Remember, just like your passwords, your master password should be kept private and not shared with anyone.
Use unique passwords and MFA. If taken seriously, these two extra steps could save you a million headaches. Use unique passwords for each of your accounts. By using different passwords, you avoid having all of your accounts become vulnerable if you are hacked (think domino effect). Then activate MFA, a Multi-Factor Authentication (also called two-step verification or authentication ). MFA confirms a user’s identity only after presenting two or more pieces of evidence. Though not 100% secure, this practice adds a layer of security to an account.
McAfee Pro Tip: Whenever possible, opt for true two-factor and multi-factor authentication. These are robust and dependable verification methods, so make the most of their security benefits. Take advantage of biometric authentication like fingerprint reading and facial recognition. Learn more about 2FA and MFA.
Our digital assets are extremely valuable, and in our increasingly digital world, protecting them becomes even more critical. The key to strong password management involves creating unique, complex passwords, not reusing them across platforms, and changing them regularly. Using tools like password managers can simplify this process and provide additional security. And of course, adding antivirus, like McAfee antivirus, and other security solutions on top of password management is also encouraged. Ultimately, taking these steps can help you secure your digital life and avoid a potential cyber nightmare.
The post Weak Passwords Can Cost You Everything appeared first on McAfee Blog.
Human beings are remarkable in their resilience. Beyond our ability to build and grow civilizations, we possess a somewhat less understood but equally important characteristic – the ability to deceive ourselves. The implications of this trait are vast and diverse, sometimes manifesting in seemingly irrational behavior, such as underestimating risks in the realm of cybersecurity.
Psychology explores the distinguishing factor of mankind from the rest of the species on our planet – reason. How we perceive the world around us and how we act, whether consciously or subconsciously, is governed by our minds. However, when it comes to risk assessment, our brain often falls prey to its limitations. It’s our innate tendencies to underestimate slowly rising threats, substitute one risk for another, or fall under the illusion of control that reveal our resilience in ignoring the hard truths. This applies to today’s digital environment and our approach to cybersecurity.
These psychological tendencies significantly impact the world of cybersecurity. Employees often justify risky behaviors like clicking on unknown links or emails or dismiss their gut feeling when something feels suspicious. Cybersecurity professionals might put an overinflated trust in their own abilities to handle the next threat, rather than seeking help from a third party with potentially more experience. The slow trickle of breaches that make the headlines create an illusion that we are somehow immune to the next one, and while we stay in denial, the risk continues to mount unnoticed.
Survey data provides some alarming insights. According to McAfee’s research among American consumers, 71% of those aged 18-34 believe their data is more secure today than it was a year ago. Similarly, 65% of those aged 35-54 agree. This is in stark contrast to the rapidly growing threats in our virtual world, exemplified by the fact that ten years ago, McAfee Labs observed 25 new threats per day, whereas today we face more than 400,000 new threats per day!
→ Dig Deeper: McAfee Labs Report Reveals Latest COVID-19 Threats and Malware Surges
Despite recognising the growing dangers of the cyberspace, consumers often overestimate their own capabilities to defend against such threats. This overconfidence coupled with self-deception presents an ideal opportunity for threat actors to exploit their vulnerabilities. The victims, both consumers and cybersecurity professionals alike, unknowingly advertise themselves as easy targets for the next cyber attack.
Fortunately, there is a solution to this problem. While it might be unrealistic to completely eliminate our inborn tendencies towards self-deceit, we can certainly address them through open dialogue and constructive discussions about our propensity to miscalculate risks. By doing so, we can disarm the enemies, significantly reducing their arsenal and mitigating the threats.
McAfee Pro Tip: Everything starts with self-awareness. We can only disarm these enemies–hackers, in this context–if we inform ourselves of the latest cybersecurity threats that might come our way. Find out more about the latest cybersecurity news on McAfee.
If you would like to learn more about the perceptions of cybersecurity risks, consider reading the book titled, “The Second Economy: The Race for Trust, Treasure and Time in the Cybersecurity War.” This book delves deeper into the complexities of cybersecurity, explaining in detail the intricacies of navigating the cyber threat environment and how to protect yourself effectively.
In addition, McAfee has developed a holistic strategy to transform the learning experience of cybersecurity into an informative journey. Our resources encompass a diverse collection of blogs, enlightening reports, and instructive guides. These materials have been carefully crafted to offer users a wealth of information on safeguarding your online life.
The human brain has been wired over thousands of years of evolution to protect us from threats and ensure our survival. Unfortunately, due to this “protection” mechanism, it often deceives us about the realities of risk. This deception is not intentional but a result of cognitive biases, which are ingrained predispositions that influence our judgement and decision-making.
Various cognitive biases come into play while evaluating risk. For instance, the ‘optimism bias’ leads us to believe that we are less prone to negative outcomes than others. The ‘confirmation bias’ induces us to interpret information in a way that validates our preexisting beliefs. In the cybersecurity landscape, these biases can push us towards underestimating the threats and overestimating our abilities to tackle them.
The optimism bias, for one, can make individuals and organizations overly optimistic about their cybersecurity posture. This bias may lead them to believe that they are less likely to experience a security breach than others, even when they have the same or similar vulnerabilities. This can result in underinvestment in security measures and a lack of preparedness for potential threats.
Confirmation bias, meanwhile, can lead cybersecurity professionals to selectively seek and interpret information that aligns with their preexisting beliefs about security. For example, if an organization believes that a specific security technology is the best solution, they may unconsciously filter out data that contradicts this view. This can result in the implementation of ineffective security measures and a false sense of security.
Recognizing and addressing these biases is crucial in the field of cybersecurity to ensure that risks are accurately assessed, and appropriate measures are taken to protect sensitive data and systems. Cybersecurity professionals should strive to maintain objectivity, seek diverse perspectives, and engage in ongoing risk assessment and mitigation efforts to counteract these biases.
Given how our inbuilt cognitive biases can negatively impact our risk judgments, it is critical to take efforts towards mitigating the resultant miscalculations. Firstly, we need to acknowledge that our minds are prone to deception and can mislead us in evaluating cyber threats. This involves being open to critique and willing to question our assumptions regarding cybersecurity.
Secondly, we need to foster a culture of learning and awareness around cybersecurity. Regular training programs and workshops can help individuals understand the potential threats and learn how to counteract them effectively. Cybersecurity awareness needn’t be a one-time event; it should be an ongoing process. Finally, embracing a proactive approach to cybersecurity that focuses on preventing threats rather than merely responding to them can further help in reducing the risk. This approach not only fortifies our defenses but also empowers us to adapt and thrive in an increasingly interconnected world, where the security of our information is of paramount importance.
→ Dig Deeper: See Yourself in Cyber – Five Quick Ways You Can Quickly Get Safer Online
The deception and resilience of the human mind are two sides of the same coin. While they contribute to our survival and success as a species, they can sometimes lead us astray in intricate domains like cybersecurity. Recognizing our cognitive biases and striving to overcome them can help us better assess and respond to cyber threats. With a proactive approach to cybersecurity and ongoing efforts towards raising awareness, we can make strides towards a safer virtual world.
We invite you to explore the subject further with the book, “The Second Economy: The Race for Trust, Treasure and Time in the Cybersecurity War”. It provides a comprehensive look at the complex world of cybersecurity and offers valuable insights into navigating the cyber threat environment effectively. Alternatively, you can also browse our cybersecurity resources at McAfee.
The post Cybersecurity: Miscalculating Cyber Threats appeared first on McAfee Blog.
Imagine this. You’re 15, feeling unsure about yourself in the world, possibly even a little lonely. One day, a pretty girl starts messaging you on Instagram. She’s kind and funny. She has pets and several happy snaps of her friends and family on her profile – so she looks ‘normal’. Messages are running pretty hot for a few days and you’re loving it. You’re getting on well and are so pumped that someone likes you for you. But then she asks for a nude pic of you, including your face. You’re unsure what to do but don’t want to lose the vibe with this great girl. So, you send it. But there’s a big problem. The ‘normal’ looking girl is in fact a scammer.
In 2022, the Australian Centre to Counter Child Exploitation (ACCCE) averaged more than 100 reports of sextortion every month in 2022. But Australian law enforcement authorities believe the real statistics may in fact be much higher with many estimating than less than 25% of cases are reported. Australian Federal Police Commander Hilda Sirec said that data showed more than 90% of victims were male and aged predominantly between 15 and 17 years of age. Police have seen victims as young as 10 years old.
Sextortion or sexual extortion is a form of blackmail where someone threatens to share a nude or sexual image of yourself unless you meet their demands. Often the victim is tricked or coerced into sending the images. Offenders may demand money, more images or in-person sexual favours. Sexual images may also be captured while a young person is on live stream or video. This is known as ‘capping’.
At the risk of stating the obvious, this can be an incredibly stressful process for the victim. Many offenders have mastered the art of manipulation and can make the victim feel like there is no way out of the situation. The constant threat of sharing content with family and friends coupled with the relentless demands can understandably, send many young people into a mental health tailspin. The shame and embarrassment are all consuming. Many victims feel like they have done something wrong and will be punished by parents and/or prosecuted by police if anyone finds out.
The sextortion trend is not isolated to Australia. There is currently a global trend of sextortion targeting teenage boys to send sexual images and threatening to share them unless they pay up. Organised crime syndicates are believed to be behind the trend, having diversified from just targeting adults.
In December 2022, the Australian Federal Police revealed that more than 500 Australian bank accounts, financial services and digital currency accounts linked to sextortion syndicates targeting Aussie teens had been shut down.
If your child is a victim, praise them for being brave and coming to you for help. And be grateful that you have an opportunity to help them! Here is what else I suggest:
The most important thing to do is commit to supporting your teen. Reassure them that you will help them, that they are not in trouble, and that you’ll protect them.
Help your teen collect as much proof as possible. Take screenshots of all interactions. These will be essential to help identify the perpetrator.
Contact your local police station or the Australian Centre to Counter Child Exploitation (ACCCE) and report the incident. Please reassure your teen that they will not be prosecuted despite the fact they shared intimate content. Reporting the crime could prevent other teens becoming victims.
All contact with the person blackmailing your teen needs to stop ASAP.
Under no circumstance should you pay the blackmailer, give them more money or more intimate content – despite their demands.
The ACCCE has developed an online blackmail and sexual exploitation response kit. You can access a copy here.
In my opinion, the best way to get ahead of this disturbing trend is to focus on prevention. So, why not take the time to ensure your teens have the privacy settings on all their social media accounts set to ‘friends only’ or ‘private’? That way, they can’t be contacted by anyone they don’t know. Also, remind your kids that friends they meet online can’t be trusted like real ‘in-person’ friends so no sharing of personal information.
And keep the communication open and regular. If your kids know you are genuinely interested in all aspects of their life – both online and offline – and that you have their back, then they are far more likely to come to you if and when there is a problem. And isn’t that what we are here for? To help them navigate the tricky stuff.
Happy digital parenting
Alex
The post Sextortion – What Every Parent Needs To Know appeared first on McAfee Blog.
FreshRSS 