This Week in Scams: Dating App Breaches, TikTok Data, Grubhub Extortion

This week in scams, three headlines tell the same story: attackers are getting better at manipulating people, not just breaking into systems. We’re seeing a wave of intrusions tied to social engineering, a major delivery platform confirming a breach amid extortion claims, and a big tech headline that has a lot of people rethinking how apps handle their data. 

Every week, this roundup breaks down the scam and cybersecurity stories making news and explains how they actually work, so you can spot risk earlier and avoid getting pulled into someone else’s playbook. 

Let’s get into it. 

A Wave of Cyberattacks Hits Bumble, Match, Panera, and CrunchBase 

The big picture: Several major brands were hit by cybersecurity incidents tied to social engineering tactics like phishing and vishing. 

What happened: Bloomberg reported that Bumble, Match Group, Panera Bread, and CrunchBase each confirmed incidents.  

Bumble said a contractor account was compromised in a phishing incident, which led to brief unauthorized access to a small portion of its network, and said its member database, accounts, messages, and profiles were not accessed.  

Panera said an attacker accessed a software application it used to store data, and said the data involved was contact information.  

Match said the incident affected a limited amount of user data, and said it saw no indication that user logins, financial information, or private communications were accessed.  

CrunchBase said documents on its corporate network were impacted, and said it contained the incident. 

According to Bloomberg, cybersecurity firm Mandiant has also warned about a hacking campaign linked to a group that calls itself ShinyHunters. The group is using vishing, which means scam phone calls, to trick people into giving up their login information. Once attackers get those logins, they can access cloud tools and online work systems that companies use every day. The group has said they are behind some of these recent attacks, but that has not been independently confirmed. 

Red flags to watch for: 

Calls that pressure you to approve a login, reset credentials, or share a one-time code 

Messages posing as IT support, a vendor, or “security” that try to rush you 

MFA prompts you did not initiate 

“Quick verification” requests that bypass normal internal processes 

How this works: Social engineering works because it blends into normal life. A convincing message or call gets someone to do one small “reasonable” thing. Approve a prompt. Read a code. Reset access. That is often all an attacker needs to get inside with legitimate credentials, then pivot into the tools where valuable data lives. 

TikTok’s Privacy Policy Update Sparks Backlash 

Ok, we know this is called “This Week in Scams” but this is also a cybersecurity newsletter. So when the biggest tech and privacy headline of the week is TikTok updating its privacy policy, we have to talk about it. 

The big picture: TikTok’s updated terms and privacy policy are raising fresh questions about what data is collected, especially around location. 

What happened: TikTok confirmed last week that a new U.S.-based entity is in control of the app after splitting from ByteDance earlier this year. That same day, CBS reported TikTok published updated terms and a new privacy policy, which prompted backlash on social media. 

CBS reported that one major point of concern is language stating TikTok may collect precise location information if users enable location services in device settings. This is reportedly a shift from previous policy language, and TikTok said it plans to give U.S. users a prompt to opt in or opt out when precise location features roll out. 

According to CBS, some users are also concerned the new privacy policy would allow the TikTok to more easily share their private data with the federal and local government. 

That fear is based on a change in policy language stating that TikTok “processes such sensitive personal information in accordance with applicable law.” 

A quick, practical takeaway: This is a good reminder that “privacy policy drama” usually comes down to one thing you can actually control: your app permissions. 

What to do (general privacy steps): 

Check your phone settings for TikTok and confirm whether location access is Off, While Using, or Always. 

If your device supports it, consider turning off precise location for apps that do not truly need it. 

Do a quick permission sweep across social apps: location, contacts, photos, microphone, camera, and Bluetooth. 

Make sure your account is protected with a strong, unique password and two-factor authentication. 

Note: This is not a recommendation about whether to keep or remove any specific app. It’s a reminder that your device settings matter and they are worth revisiting. 

Grubhub Confirms a Data Breach Amid Reports of Extortion 

The big picture: Even when a company says payment details were not affected, a breach can still create risk because stolen data often gets reused for phishing. 

What happened: According to BleepingComputer, Grubhub confirmed unauthorized individuals downloaded data from certain systems and that it investigated, stopped the activity, and is taking steps to strengthen security. Sources told BleepingComputer the company is facing extortion demands tied to stolen data. Grubhub said sensitive information like financial details and order history was not affected, and did not provide more detail on timing or scope. 

Red flags to watch for next: Breach headlines are often followed by scam waves. Be on alert for: 

“Refund” or “order problem” emails you did not request 

Fake customer support messages asking you to verify account details 

Password reset prompts you did not initiate 

Links to “resolve your account” that don’t come from a known, official domain 

How this works: Customer support systems can contain personal details that make scams feel real. Names, emails, and account notes are often enough for attackers to craft messages that sound like legitimate help, especially when the brand is already in the news. 

Fake Chrome Extensions Are Quietly Taking Over Accounts 

The big picture: Some browser extensions that look like normal workplace tools are actually designed to hijack accounts and lock users out of their own security controls. 

What happened: Security researchers told Fox News that they uncovered a campaign involving malicious Google Chrome extensions that impersonate well-known business and human resources platforms, including tools commonly used for payroll, benefits, and workplace access. 

Researchers identified several fake extensions that were marketed as productivity or security tools. Once installed, they quietly ran in the background without obvious warning signs. According to Fox News, Google said the extensions have been removed from the Chrome Web Store, but some are still circulating on third-party download sites. 

How the scam actually works: Instead of stealing passwords directly, the extensions captured active login sessions. When you sign into a website, your browser stores small files that keep you logged in. If attackers get access to those files, they can enter an account without ever knowing the password. 

Some extensions went a step further by interfering with security settings. Victims were unable to change passwords, review login history, or reach account controls. That made it harder to detect the intrusion and even harder to recover access once something felt off. 

Why this matters: This kind of attack removes the safety net people rely on when accounts are compromised. Password resets and two-factor authentication only help if you can reach them. By cutting off access to those tools, attackers can maintain control longer and move through connected systems with less resistance. 

What to watch for: 

Browser extensions you don’t remember installing 

Add-ons claiming to manage HR, payroll, or internal business access 

Missing or inaccessible security settings on accounts 

Being logged into accounts you did not recently open 

A quick safety check: Take a few minutes to review your browser extensions. Remove anything unfamiliar or unnecessary, especially tools tied to work platforms. Extensions have deep access to your browser, which means they deserve the same scrutiny as any other software you install. 

McAfee’s Safety Tips for This Week 

Be skeptical of “helpful” tools. Browser extensions, workplace add-ons, and productivity tools can have deep access to your accounts. Only install what you truly need and remove anything unfamiliar. 

Treat calls and prompts with caution. Unexpected login requests, MFA approvals, or “IT support” outreach are common entry points for social engineering. If you didn’t initiate it, pause and verify. 

Review app and browser permissions. Take a few minutes to check what apps and extensions can access your location, accounts, and data. Small changes here can significantly reduce risk. 

Protect your logins first. Use strong, unique passwords and enable two-factor authentication on email and work-related accounts. If attackers get your email, they can reset almost everything else. McAfee’s Password Manager can help you create and store unique passwords for all of your accounts.  

Expect follow-up scams after headlines. When breaches or policy changes make the news, scammers often follow with phishing messages that reference them. Extra skepticism in the days and weeks after a story breaks can prevent bigger problems later. 

The post This Week in Scams: Dating App Breaches, TikTok Data, Grubhub Extortion appeared first on McAfee Blog.

Buying Harry Styles Tickets? Avoid These Common Ticket Scams

As Harry Styles concert tickets go on sale for his first tour in years, cybersecurity experts warn that the same excitement driving ticket registrations and social chatter will also drive a spike in ticket scams across social media, email, and text messages. 

“When demand spikes around a major tour, ticket scams spike too,” said Abhishek Karnik, Head of Threat Research at McAfee. “We saw this during recent major ticket releases, including the Oasis reunion, when McAfee Labs identified more than 2,000 suspicious ticket listings online.” 

“Scammers take advantage of the urgency fans already feel, and the fear of missing out, inserting themselves into social posts, DMs, and text threads with offers that sound normal and believable,” Karnik added.

“Avoid interacting with unknown sellers, especially when offers are made over social media,” Karnik said. “Payments made via wire transfers, cryptocurrency, gift cards, or peer-to-peer platforms like Venmo or Zelle are often not recoverable, which is why it’s safer to buy directly from official ticketing sites or well known resale platforms.”

Where, When, and How to Get Harry Styles Tickets 

Styles announced Together, Together on January 22, marking his first tour since 2023. 

The residency-style run spans seven cities worldwide: Amsterdam, London, São Paulo, Mexico City, New York, Melbourne, and Sydney. Shows begin in May and continue through December. 

New York City is the only North American stop, making competition for tickets especially intense for U.S. fans. In fact, a record-breaking 11.5 million people have already registered for ticket information to attend the Madison Square Garden stop alone. For context, the capacity for that venue is just 19,500 people.  

According to The Hollywood Reporter, that means just 5% of people who signed up for U.S. tickets will be able to buy them when they go on sale this week.  

American Express access presale ticket sales are already live, and Ticketmaster is the primary platform handling official sales.  

The rest of the Together, Together tour tickets will be released in two stages:  

1. General on sale for NYC dates August 26 – October 9 begins on Friday, January 30.  
2. General on sale for October 10 – 31 begins Wednesday, February 4. 

That staggered release schedule matters. Multiple on-sale moments mean repeated waves of urgency, which scammers often mirror with fake “last chance” messages, counterfeit presale links, or impersonations of ticketing platforms and customer support. 

What do Harry Styles tickets cost right now 

Ticket prices range widely by seat location and package, with outlets reporting lower prices starting in the $100 range. However, premium seats climb past $1,000. According to Forbes, the average ticket price of his 2022 tour was $113. 

That context matters, because it helps fans recognize the biggest red flag in ticket fraud: a too-good-to-be-true price.  

If you are seeing “floor seats for $50” while reputable platforms are showing far higher prices for comparable sections, that is not a deal. It is a hook for a scammer. 

How ticket scams work 

Ticket scams rarely start with “Buy my fake ticket.” They start with the conditions that make people easy to rush: too much noise, too many messages, and too little time to verify what’s real. 

McAfee’s State of the Scamiverse survey of 7,500 consumers found people now receive 14 scam messages per day on average, and spend a “time tax” of 114 hours a year sorting real from fake. In that environment, criminals don’t need you to be careless. They just need you to be busy. And major ticket drops create the perfect opening: high demand, fast-moving queues, and price shock that makes a “good deal” feel like something you have to grab immediately. 

What’s changed is that scams don’t even need a link anymore. The report found more than 1 in 4 people (26%) say suspicious social messages now arrive without a URL, and 44% admit they reply to those linkless DMs anyway, often triggering the next step of the scam. That’s the blueprint behind many ticket scams today: a believable message, a quick pivot to payment, and pressure to move fast before you can verify. 

Below are among the most common ticket-scam patterns to watch for, and exactly how they play out. 

Ticket fraud 

Ticket fraud is when someone advertises tickets, takes payment, and delivers nothing, or delivers tickets that do not work at the door. This includes fake screenshots, fake confirmation emails, and counterfeit QR codes. 

How it plays out: 

• A seller claims they “cannot make the show.” 
• They ask you to pay quickly to “hold” the tickets. 
• They send a screenshot of a ticket or order email. 
• The tickets never arrive, or the QR code fails when scanned. 

Resale duplication scams 

A resale duplication scam happens when the scammer sells the same ticket to multiple buyers. Sometimes the scammer has one legitimate ticket and sells it repeatedly. Sometimes they have none and simply reuse the same screenshot. 

How it plays out: 

• You receive something that looks real. 
• Multiple people show up with the same ticket. 
• Only the first scan gets in. 

Phishing scams 

A phishing scam is a message designed to trick you into clicking a link or sharing personal information. Ticket phishing often pretends to be from Ticketmaster, a venue, a presale program, or customer support. 

How it plays out: 

• “Your tickets are on hold, confirm within 10 minutes.” 
• “Unusual activity detected. Verify your account.” 
• “Your payment failed. Update billing.” 

Modern phishing messages can look polished and grammatically clean, which is why relying on spelling errors is no longer a reliable defense. 

Cloned ticket websites 

A cloned ticket website is a fake site made to look like a legitimate seller. These sites are built to capture your payment info, personal data, or both. 

How it plays out: 

• You click an ad or link from social media. 
• The site looks legitimate, but the URL is slightly off. 
• You “buy” tickets and either receive nothing or later see fraud on your card. 

Ticket transfer and account takeover scams 

A ticket transfer scam exploits the fact that many tickets are digital and transferable. A related risk is account takeover, where scammers steal your ticketing login and transfer tickets out of your account. 

How it plays out: 

• You get a message claiming your account needs verification. 
• You enter credentials on a fake page. 
• The attacker logs in and transfers tickets away. 

Fake customer support scams 

A fake customer support scam is when scammers pose as a company’s help desk, often after you post publicly that you need help. 

How it plays out: 

• You tweet, post, or comment about ticket issues. 
• An “agent” messages you first. 
• They ask for login details, a code, or payment to “unlock” tickets. 

A true scam story: Henry’s last-minute ticket scam 

Henry A. had been trying for weeks to score a ticket to see Tyler, the Creator in Dallas. Even without a confirmed seat, he headed to the venue hoping for a miracle. And that’s when the message came in, someone nearby claimed to have extra tickets.  

The seller said he was just outside too. The price? Reasonable enough. The tone? Casual and confident. All Henry had to do was send half the money to hold the tickets.  

Minutes later, he sent the full $280.  

“I was already in line—excited, hopeful, and just trying to get in. That made me an easy target.”  

The seller began stalling. Then came a screenshot—another buyer offering a higher price. He pressured Henry to pay more. When Henry refused, the seller blocked him. 

Just like that, the tickets were gone. So was the money. And Henry and his friend never made it into the show.  

“I sent $280 and got blocked. We never made it inside.”  

What makes Henry’s experience so common is not the platform. It is the pattern: 

• A believable story 
• A “reasonable” price 
• A fast-moving negotiation 
• A sudden change in terms 
• Pressure, then disappearance 

How to spot a ticket scam fast 

Use these red flags as a reality filter: 

Red Flag	What It Looks Like in Real Life
Price mismatch	Tickets priced far below or far above comparable listings on official or verified resale platforms.
Urgency tactics	Messages pushing “last chance,” “only today,” or claiming someone else is about to buy.
Unprotected payment requests	Asking for wire transfers, cryptocurrency, gift cards, or peer-to-peer payments to strangers.
Off-platform pressure	Requests to move the transaction to text, DMs, or email instead of using an official site.
Refusal to verify tickets	Sellers unwilling to use a verified resale platform or provide proof that can be independently confirmed.
Suspicious links	Shortened URLs, unusual domains, or ticket links sent through direct messages.

Safer ways to buy tickets 

If you want the simplest rule: buy through official ticketing and verified resale platforms that offer buyer protection. Scammers can create fake accounts anywhere, but they cannot easily bypass legitimate purchase protections. 

Practical steps: 

1. Go direct: Type the official ticketing URL into your browser, do not follow random links. 
2. Use protected payment: Credit cards generally offer stronger dispute options than unprotected transfers. 
3. Avoid risky payment demands: Crypto, gift cards, and wires are common in fraud because they are hard to reverse. 
4. Secure your accounts: Use strong passwords and enable two-factor authentication where available. 
5. Pause before paying: Scammers depend on emotional momentum. 

How Scam Detector can help 

Tools like McAfee’s Scam Detector can act as a second set of eyes when messages or links are designed to rush you.  

Scam detection can help flag suspicious language patterns, risky links, and social engineering tactics before money leaves your account. 

The post Buying Harry Styles Tickets? Avoid These Common Ticket Scams appeared first on McAfee Blog.

How McAfee’s Scam Detector Checks QR Codes and Social Messages

Scams don’t always arrive with obvious warning signs. 

They show up as QR codes on parking meters. As casual DMs that start with “Hey.” As social messages that feel routine enough to respond to without thinking twice. 

That shift has created a new burden for consumers. According to McAfee’s 2026 State of the Scamiverse report, Americans now spend 114 hours a year trying to figure out what’s real and what’s fake online. That is nearly three full workweeks lost to second-guessing messages, alerts, links, and notifications. 

McAfee’s upgraded Scam Detector is designed to meet people in those exact moments, with enhancements rolling out across core McAfee plans beginning in February. 

The latest improvements add instant QR code scam checks and smarter social messaging protection, making it easier to spot scams before they escalate. 

Figure 1: An example of a suspicious text being flagged by McAfee’s Scam Detector 

What’s new in McAfee’s Scam Detector 

Scams now move quickly across platforms and formats, often escalating in minutes once someone engages. Among people who were harmed by a scam, the typical scam unfolded in about 38 minutes. 

That speed leaves little room for hesitation. Scam protection has to work in real time, not after the damage is done. 

McAfee’s latest Scam Detector upgrades are designed around that reality, adding: 

• Instant QR code safety checks, so users can assess risk before tapping 
• Smarter social messaging protection, with clearer warnings for suspicious texts, emails, and DMs, even when no link is present 

These Scam Detector upgrades will begin rolling out in February across all core McAfee plans, bringing real-time protection to the moments where scams escalate fastest. 

QR codes, quishing, and why instant scans are needed 

QR codes were designed for convenience. That is exactly why scammers use them. 

Cybercriminals increasingly hide malicious links behind QR codes placed on menus, parking meters, packages, posters, and public signage. People scan quickly, often without stopping to evaluate where the code leads. 

McAfee research shows how common this risk has become: 

• 68% of people scanned a QR code in the past three months 
• 18% landed on a suspicious or unsafe page after scanning 
• Among those who did, more than half took risky actions such as entering personal information, installing an app, or connecting a digital wallet 

Figure 2. A still from a demo video, showing a risky QR code being blocked by McAfee’s Scam Detector 

Social media scams and the rise of linkless messages 

Phishing is no longer confined to emails with obvious red flags. 

Scams now arrive through WhatsApp, Instagram, Messenger, Telegram, and other social platforms, often starting as vague or friendly messages designed to lower suspicion rather than trigger alarm. 

McAfee’s research highlights a key shift: more than one in four suspicious social messages contain no link at all, and 44% of Americans say they have replied to a suspicious DM with no link. 

These messages rely on familiarity and momentum. A short greeting. A warning about an account issue. A promise of easy money. By the time a request or link appears, the conversation already feels normal. 

And the economic impact of these scams is significant. According to the FTC, social media scams drove $1.9 billion in reported losses in 2024, making social platforms one of the top channels for fraud and identity theft. 

That’s why McAfee’s Scam Detector includes smarter social messaging protection, delivering clearer warnings for suspicious texts, emails, and DMs, even those without risky links, across popular platforms. The focus is on identifying suspicious patterns and behavior, not just URLs. 

Users can take a quick screenshot of their social media content on social media, and McAfee’s Scam Detector will analyze the message for suspicious activity. 

Get protection that works before scams escalate 

The stakes are high: 

• One in three Americans has lost money to a scam 
• Among those who lost money, the average loss was $1,160 
• 15% of scam victims fall for another scam within a year 

Scams are not just increasing in volume. They are becoming more personal, more believable, and easier to scale using AI. 

McAfee’s upgraded Scam Detector is designed to stay ahead of those shifts, offering real-time guidance when it matters most, whether that’s a suspicious QR code, a vague DM, or a message that feels just normal enough to trust. 

The enhanced Scam Detector, including instant QR code checks and smarter social messaging protection, will begin rolling out in February across all core McAfee plans. 

The post How McAfee’s Scam Detector Checks QR Codes and Social Messages appeared first on McAfee Blog.

McAfee Report: In the AI Slop Era, Americans Spend Weeks Each Year Questioning What’s Real

Merriam-Webster’s word of 2025 was “slop.” Specifically, AI slop. 

Low-effort, AI-generated content now fills social feeds, inboxes, and message threads. Much of it is harmless. Some of it is entertaining. But its growing presence is changing what people expect to see online.

McAfee’s 2026 State of the Scamiverse report shows that scammers are increasingly using the same AI tools and techniques to make fraud feel familiar and convincing. Phishing sites look more legitimate. Messages sound more natural. Conversations unfold in ways that feel routine instead of suspicious.

According to McAfee’s consumer survey, Americans now spend an average of 114 hours a year trying to determine whether the messages they receive are real or scams. That’s nearly three full workweeks lost not to fraud itself, but to hesitation and doubt.

As AI-generated content becomes more common, the traditional signals people relied on to spot scams, such as strange links and awkward grammar, are fading. That shift does not mean everything online is dangerous. It means it takes more effort to tell what is real from what is malicious.

The result is growing uncertainty. And a rising cost in time, attention, and confidence.

The average American receives 14 scam messages a day 

Scams are no longer occasional interruptions. They are a constant background noise. 

According to the report, Americans receive an average of 14 scam messages per day across text, email, and social media.  

Many of these messages do not look suspicious at first glance. They resemble routine interactions people are conditioned to respond to. 

• Delivery notices 
• Account verification requests 
• Subscription renewals  
• Job outreach 
• Bank alerts 
• Charity appeals 

And with the use of AI tools, scammers are churning out these scam messages and making them look extremely realistic.

That strategy is working. One in three Americans says they feel less confident spotting scams than they did a year ago.  

 

Figure 1. Types of scams reported in our consumer survey. 

Most scams move fast, and many are over in minutes 

The popular image of scams often involves long email threads or elaborate schemes. In reality, many modern scams unfold quickly. 

Among Americans who were harmed by a scam, the typical scam played out in about 38 minutes.  

That speed matters. It leaves little time for reflection, verification, or second opinions. Once a person engages, scammers often escalate immediately. 

Still, some scammers play the long game with realistic romance or friendship scams that turn into crypto pitches or urgent requests for financial support. Often these scams start with no link at all, but just a familiar DM.

In fact, the report found that more than one in four suspicious social messages contain no link at all, removing one of the most familiar warning signs of a scam.  And 44% of people say they have replied to a suspicious direct message without a link.  

The cost is not just money. It is time and attention. 

Financial losses from scams remain significant. One in three Americans report losing money to a scam. Among those who lost money, the average loss was $1,160.  

But the report argues that focusing only on dollar amounts understates the broader impact: scams also cost time, attention, and emotional energy. 

People are forced to second-guess everyday digital interactions. Opening a message. Answering a call. Scanning a QR code. Responding to a notification. That time adds up. 

And who doesn’t know that sinking feeling when you realize a message you opened or a link you clicked wasn’t legitimate?

Figure 3. World Map of Average Scam Losses. 

Why AI slop makes scams harder to spot 

The rise of AI-generated content has changed the baseline of what people expect online. It’s now an everyday part of life.

According to the report, Americans say they see an average of three deepfakes per day.  

Most are not scams. But that familiarity has consequences. 

When AI-generated content becomes normal, it becomes harder to recognize when the same tools are being used maliciously. The report found that more than one in three Americans do not feel confident identifying deepfake scams, and one in ten say they have already experienced a voice-clone scam. Voice clone scams often feature AI deepfake audio of public figures, or even people you know, requesting urgent financial support and compromising information.

These AI-generated scams also come in the form of phony customer support outreach, fake job opportunities and interviews, and illegitimate investment pitches.

Account takeovers are becoming routine 

Scams do not always end with an immediate financial loss. Many are designed to gain long-term access to accounts. 

The report found that 55% of Americans say a social media account was compromised in the past year.  

Once an account is taken over, scammers can impersonate trusted contacts, spread malicious links, or harvest additional personal information. The damage often extends well beyond the original interaction. 

Scams are blending into everyday digital life 

What stands out most in the 2026 report is how thoroughly scams have blended into normal online routines. 

Scammers are embedding fraud into the same systems people rely on to work, communicate, and manage their lives. 

• Cloud storage alerts (such as Google Drive or iCloud notices) warning that storage is full or access will be restricted unless action is taken, pushing users toward fake login pages.
• Shared document notifications that appear to come from coworkers or collaborators, prompting recipients to open files or sign in to view a document that does not exist.
• Payment confirmations that claim a charge has gone through, pressuring people to click or reply quickly to dispute a transaction they do not recognize.
• Verification codes sent unexpectedly, often as part of account takeover attempts designed to trick people into sharing one-time passwords.
• Customer support messages that impersonate trusted brands, offering help with an issue the recipient never reported.

Figure 4: Example of a cloud scam message. 

The Key Takeaway

Not all AI-generated content is a scam. Much of what people encounter online every day is harmless, forgettable, or even entertaining. But the rapid growth of AI slop is creating a different kind of risk.

Learn more and read the full report here.

FAQ: Understanding the AI Slop Era and Modern Scams 

Q: What is AI slop?   A: The term refers to the flood of low-quality, AI-generated content now common online. While much of it is harmless, constant exposure can make it harder to identify when similar technology is used for scams.

Q: How much time do Americans lose to scams?   A: Americans spend 114 hours a year determining whether digital messages and alerts are real or fraudulent. That is nearly three workweeks.

Q: How fast do scams happen today?   A: Among people harmed by scams, the typical scam unfolds in about 38 minutes from first interaction to harm.

Q: How common are deepfake scams?   A: Americans report seeing three deepfakes per day on average, and one in ten say they have experienced a voice-clone scam.

 

The post McAfee Report: In the AI Slop Era, Americans Spend Weeks Each Year Questioning What’s Real appeared first on McAfee Blog.

This Week in Scams: Netflix Phishing and QR Code Espionage

This week in scams, attackers are leaning hard on familiar brands, everyday tools, and routine behavior to trigger fast, unthinking reactions. From fake Netflix billing alerts to malicious browser extensions and QR code phishing tied to foreign espionage, the common thread is trust being weaponized at exactly the right moment. 

Every week, this roundup breaks down the scam and cybersecurity stories making news and explains how they actually work, so readers can better recognize risk and avoid being manipulated. 

Let’s get into it. 

Netflix Billing Emails Are Back… And Still Catching People Off Guard 

The big picture: Subscription phishing is resurging, with scammers impersonating Netflix and using fake billing failures to push victims into handing over payment details. 

What happened: Multiple Netflix impersonation emails circulated again this month, warning recipients that a payment failed and urging them to “update payment” to avoid service interruption. The messages closely mirror Netflix’s real branding and include polished formatting, official-looking language, and even PDF attachments designed to feel like legitimate billing notices. 

What makes these scams effective is timing. Victims often receive them while actively reviewing subscriptions, updating payment methods, or considering canceling services. That context lowers skepticism just enough for a quick click before slowing down to verify. 

McAfee’s Scam Detector flagged the messages (which one of our own employees received this week) as phishing, confirming they were designed to steal payment information rather than resolve a real billing issue. 

Red flags to watch for: 

• Unexpected billing problems paired with urgent calls to act 
• Payment requests delivered by email instead of inside the app 
• Attachments or buttons asking you to “fix” account issues 
• Sender addresses that don’t match official Netflix domains 

How this scam works: This is classic brand impersonation phishing. Scammers don’t need to hack Netflix itself. They rely on people recognizing the logo, trusting the message, and reacting emotionally to the idea of losing access. The attachment and clean design help bypass instinctive spam filters in the brain, even when technical filters catch it later. 

Netflix has warned customers about these scams and offers advice on its site if you encounter one.

What to do instead: If you get a billing alert, don’t click. Open the Netflix app or manually type the site address to check your account. If there’s no issue there, the email wasn’t real. 

Fake Ad Blocker Crashes Browsers to Push “Fix It” Malware 

The big picture: Attackers are exploiting browser crashes themselves as a social engineering tool, turning technical disruption into a pathway for malware installation. 

What happened: Researchers reported a malvertising campaign promoting a fake ad-blocking browser extension called “NexShield,” which falsely claimed to be created by the developer of a well-known, legitimate ad blocker. Once installed, the extension intentionally overwhelmed the browser, causing freezes, crashes, and system instability. 

After restart, victims were shown fake security warnings instructing them to “fix” the problem by running commands on their own computer. Following those instructions triggered the download of a remote access tool capable of spying, executing commands, and installing additional malware. The reporting was first detailed by Bleeping Computer, with technical analysis from security researchers. 

Red flags to watch for: 

• Browser extensions promising performance boosts or “ultimate” protection 
• Crashes immediately after installing a new extension 
• Pop-ups instructing you to run commands manually 
• “Security fixes” that require copying and pasting code 

How this scam works: This is a variant of ClickFix attacks. Instead of faking a problem, attackers cause a real one, then position themselves as the solution. The crash creates urgency and confusion, making people more likely to follow instructions they’d normally question. It turns frustration into compliance. 

FBI Warns QR Code Phishing Is Being Used for Cyber Espionage 

The big picture: QR codes are being used as stealth phishing tools, with highly targeted attacks tied to foreign intelligence operations. 

What happened: The Federal Bureau of Investigation issued a warning about QR code phishing, or “quishing,” campaigns linked to a North Korean government-backed hacking group. According to reporting by Fox News, attackers sent emails containing QR codes that redirected victims to fake login pages or malware-hosting sites. 

In some cases, simply visiting the site allowed attackers to collect device data, location details, and system information, even if no credentials were entered. These campaigns are highly targeted, often aimed at professionals in policy, research, and technology sectors. 

Red flags to watch for: 

• QR codes sent by email or messaging apps 
• QR codes leading to login pages for work tools or cloud services 
• Messages that feel personalized but unexpected 
• Requests to scan instead of click 

How this scam works: QR codes hide the destination URL, removing the visual cues people rely on to judge safety. Because scanning feels faster and more “passive” than clicking a link, people often skip verification entirely. That moment of trust is what attackers exploit. 

Read our ultimate guide to “quishing” and how to spot and avoid QR code scams here. 

McAfee’s Safety Tips for This Week 

• Verify inside official apps. Billing or security issues should be confirmed directly in the app or website you normally use, not through email links or QR codes. 
• Treat extensions like software installs. Only install browser extensions from trusted publishers you already know, and remove anything that causes instability. 
• Slow down with QR codes. If a QR code leads to a login page or download, close it and navigate manually instead. 
• Watch for urgency + familiarity. Scammers increasingly rely on brands, tools, and behaviors you already trust to short-circuit caution. 

McAfee will be back next week with another roundup of the scams making headlines and the practical steps you can take to stay safer online. 

The post This Week in Scams: Netflix Phishing and QR Code Espionage appeared first on McAfee Blog.

Today’s Microsoft Outage Explained and Why it Triggers a Scam Playbook

Microsoft users across the U.S. experienced widespread disruptions Thursday after a technical failure prevented people from sending or receiving email through Outlook, a core service within Microsoft 365. 

The outage occurred during U.S. business hours and quickly affected schools, government offices, and companies that rely on Outlook for daily operations. Microsoft confirmed the issue publicly and said it was working to restore service. There is no indication the disruption was caused by a cyberattack, according to company statements.

Still, McAfee warns in these situations to be wary of phishing attempts as scammers latch onto these outages to take advantage of innocent users. 

“Outages like this create uncertainty, and scammers move fast to take advantage of it,” said Steve Grobman, McAfee’s Chief Technology Officer. “When people can’t get into email or the tools they use every day, it’s easy to assume something is wrong with your account — and that’s exactly the moment attackers look for.”

“Fake alerts start circulating that look like they’re coming from the real company, with logos and urgent language telling you to reset a password or verify your information,” Grobman added. “Some push fake support numbers or messages claiming they can restore access. If you’re impacted, slow down, go straight to the official source for updates, and don’t share passwords, verification codes, or payment details in response to an unexpected message.”

“Tools that can spot suspicious links and fake login pages help reduce risk — especially when people are trying to get back online quickly,” Grobman said.

Here, we break down what happened and why outages are prime time for scammers.

What happened to Microsoft Outlook? 

A Microsoft infrastructure failure disrupted email delivery. 

Microsoft said the outage was caused by a portion of its North American service infrastructure that was failing to properly handle traffic. Users attempting to send or receive email encountered a “451 4.3.2 temporary server issue” error message.

Microsoft also warned that related services, including OneDrive search and SharePoint Online, could experience slowdowns or intermittent failures during the incident.

When did the Microsoft outage happen? 

The disruption unfolded over several hours on Thursday afternoon (ET). 

Based on timelines reported by CNBC and live coverage from Tom’s Guide, the outage progressed as follows: 

Around 2:00 p.m. ET: User reports spike across Microsoft services, especially Outlook, according to Down Detector data cited by Tom’s Guide.

2:37 p.m. ET: Microsoft confirms it is investigating an Outlook email issue, per CNBC.

3:17 p.m. ET: Microsoft says it identified misrouted traffic tied to infrastructure problems in North America, CNBC reports.

4:14 p.m. ET: The company announces affected infrastructure has been restored and traffic is being redirected to recover service.

Tom’s Guide reported that while outage reports declined after Microsoft’s fix, some users continued to experience intermittent access issues as systems rebalanced. 

Was this a hack or cyberattack? 

No. Microsoft says the outage was caused by technical infrastructure issues. 

According to CNBC, Microsoft has not indicated that the outage was the result of hacking, ransomware, or any external attack. Instead, the company attributed the disruption to internal infrastructure handling errors, similar to a previous Outlook outage last July that lasted more than 21 hours. 

A message sent by Microsoft about the server issue.

Why outages  cause widespread disruption 

Modern work depends on shared cloud infrastructure. 

That sudden loss of access often leaves users unsure whether: 

• Their account has been compromised 
• Their data is at risk 
• They need to take immediate action 

That uncertainty is exactly what scammers look for. 

How scammers exploit big tech outages

They impersonate the company and trick users into signing in again. 

After major outages involving Microsoft, Google, or Amazon Web Services, security researchers, including McAfee, have observed scam campaigns emerge within hours. 

These scams typically work by: 

Impersonating Microsoft using logos, branding, and language copied from real outage notices 

Sending fake “service restoration” emails or texts claiming users must re-authenticate 

Linking to realistic login pages designed to steal Microsoft usernames and passwords 

Posing as IT support or Microsoft support and directing users to fake phone numbers 

Once credentials are stolen, attackers can access email accounts, reset passwords on other services, or launch further phishing attacks from a trusted address. 

How to stay safe during a Microsoft outage 

Outages are confusing. Scammers rely on urgency and familiarity. 

To reduce risk: 

• Do not click links in emails or texts about outages or “account recovery.” 
• Go directly to official sources, such as Microsoft’s status page or verified social accounts. 
• Never re-enter your password through links sent during an outage. 
• Ignore urgent fixes that ask for downloads, payments, or credentials. 

If you already clicked or entered information: 

• Change your Microsoft password immediately 
• Update passwords anywhere you reused it 
• Turn on or refresh two-factor authentication 
• Review recent account activity 
• Run a trusted security scan to remove malicious software (check out our free trial) 

How McAfee can help 

Using advanced artificial intelligence, McAfee’s built-in Scam Detector automatically detects scams across text, email, and video, blocks dangerous links, and identifies deepfakes, helping stop harm before it happens. 

McAfee’s identity protection tools also monitor for signs your personal information may be exposed and guide you through recovery if scammers gain access. 

FAQ 

Q: Is Microsoft Outlook still down? A: Microsoft said Thursday afternoon that it had restored affected infrastructure and was redirecting traffic to recover service, according to CNBC. Some users may still experience intermittent issues.

Q: Was the Microsoft outage caused by hackers? A: No. Microsoft has not reported any cyberattack or data breach related to the outage, per CNBC.

Q: Can scammers really use outages to steal accounts? A: Yes. During major outages, scammers often impersonate companies like Microsoft and trick users into signing in again on fake websites.

Q: Should I reset my password after an outage? A: Only if you clicked a suspicious link or entered your credentials somewhere outside Microsoft’s official site. Otherwise, resetting passwords isn’t necessary.

 

The post Today’s Microsoft Outage Explained and Why it Triggers a Scam Playbook appeared first on McAfee Blog.

Didn’t Request an Instagram Password Reset? Here’s What to Do

If you recently received an unexpected email from Instagram asking you to reset your password, you are not alone. Over the past several days, thousands of users reported receiving legitimate password reset emails they did not request. 

The sudden wave of messages led to widespread confusion and concern about whether Instagram had suffered a data breach. Instagram and its parent company Meta deny that a breach occurred, stating instead that they fixed an issue that allowed an external party to trigger password reset emails for some users. 

While the exact source of the activity remains disputed, the situation highlights a broader and more important issue. Password reset emails, even when legitimate, are often the first signal users get that their information may be exposed, reused, or being targeted by attackers. 

Here is what we know so far and what this incident reveals about how password compromises really happen. 

Was Instagram Hacked? 

Instagram says no. 

In statements reported by the BBC and BleepingComputer, Meta said it resolved a problem that allowed an external party to request password reset emails on behalf of users. The company maintains there was no breach of its systems and that accounts remain secure. 

At the same time, cybersecurity researchers and firms, including Malwarebytes, have warned about a dataset circulating on hacking forums that allegedly contains information linked to more than 17 million Instagram accounts. According to reporting, that data may include usernames, email addresses, phone numbers, locations, and account IDs, but not passwords. 

Some researchers believe the dataset may be a compilation of older scraped data rather than evidence of a new breach. Others say the timing of the password reset emails and the appearance of the data raises unresolved questions. 

What matters for users is this: regardless of whether this was a new breach, old scraped data, or a technical abuse of password reset systems, attackers routinely use exposed personal information to launch phishing, account takeover attempts, and social engineering attacks. 

What Counts as a Data Breach and What Does Not 

A true data breach occurs when attackers gain unauthorized access to internal systems and steal protected data such as passwords, financial information, or private communications. 

In many cases, personal data is also exposed through: 

• API scraping of publicly accessible information 
• Older leaks that are resold or repackaged 
• Credential stuffing using passwords stolen from unrelated sites 
• Abuse of account recovery or password reset features 

That distinction matters because even when passwords are not leaked, exposed personal data can still be weaponized. Names, emails, phone numbers, and locations are often enough for scammers to craft convincing phishing messages that appear legitimate. 

Why You Might Receive a Password Reset Email You Did Not Request 

There are several common reasons this happens, and none of them require your Instagram password to be stolen. 

• Someone may be testing whether your email address is linked to an account. 
• Attackers may be attempting credential stuffing using passwords from past breaches. 
• Your information may appear in older datasets that are being reused or resold. 
• A platform bug or abuse of recovery systems may trigger reset emails at scale. 

Scammers often use these moments to send fake follow-up emails that look nearly identical to legitimate ones. That is why security experts consistently recommend going directly to the app or official website rather than clicking links in unexpected messages. 

What to Do If You Received an Instagram Password Reset Email 

If you did not request the reset:  

1. Do not click links in the email. 
2. Open the Instagram app or visit the official site directly to review security settings.  
3. Check recent login activity and remove any unfamiliar sessions. 
4. Enable two-factor authentication (2FA) if it is not already turned on. 

If you decide to change your password, make sure the new one is unique and not used anywhere else. 

Click “Review Settings” to enable 2FA in your Account Center

How to enable multi-factor authentication for Instagram 

1. Click More in the bottom left, then click Settings. 
2. Click See more in Accounts Center, then click Password and Security. 
3. Click Two-factor (2FA) authentication, then select an account. 
4. Choose the security method you want to add and follow the on-screen instructions. 

When you set up two-factor authentication on Instagram, you’ll be asked to choose one of three security methods: an authentication app, text message, or WhatsApp. 

And here’s a link to the company’s full walkthrough: https://help.instagram.com/566810106808145 

How to Manage Passwords the Right Way 

Remembering dozens of unique, strong passwords is not realistic for most people. That is why password managers exist. 

A password manager can: 

• Generate strong, unique passwords for every account 
• Store them securely so you do not need to remember them 
• Alert you if your credentials appear in known breaches 
• Reduce the risk of account takeover from reused passwords 

Using a password manager removes the pressure to reuse passwords and helps close one of the most common doors attackers walk through.  

McAfee’s password manager helps you secure your accounts by generating complex passwords, storing them and auto-filling your info for faster logins across devices. It’s secure and, best of all, you only have to remember a single password. 

FAQ: Instagram Password Reset Emails and Account Safety 

Was my Instagram password stolen? There is no evidence that passwords were leaked in this incident.

Should I reset my password anyway? If you are unsure or reuse passwords elsewhere, resetting it directly in the app is a smart precaution.

Are the emails real or phishing? Some emails were legitimate, but scammers often mimic them. Always go directly to the app or website.

Why is password reuse dangerous? Because a breach on one site can expose all accounts that share the same password.

 

The post Didn’t Request an Instagram Password Reset? Here’s What to Do appeared first on McAfee Blog.

This Week in Scams: Fake Brand Messages and Account Takeovers

This week in scams, social engineering sits at the center of several major headlines, from investment platform breaches to social media account takeovers and new warnings about AI-driven fraud.  

Every week, this roundup breaks down the scam and cybersecurity stories making news and explains how they actually work, so readers can better recognize risk and avoid being manipulated. 

Let’s get into it:  

Betterment Warns Customers of Breach 

The big picture:
Attackers accessed third-party systems used by Betterment, then used the information they stole to impersonate the company, contact customers, and promise scam crypto investment opportunities with too-good-to-be-true returns. 

What happened: 

• Attackers used social engineering to compromise third-party tools Betterment uses for marketing and operations, as reported by TechCrunch.  
• With access to internal systems, they sent messages to customers that appeared legitimate. 
• The messages promised to triple crypto holdings if recipients sent $10,000 to a wallet controlled by the attackers, a classic “send money to get more back” lure, later detailed by The Verge. 
• Betterment says no account logins or passwords were compromised, but personal data like names, contact details, and dates of birth were exposed, enough to make the messages feel real. 

Red flags to watch for: 

• Promises of guaranteed or multiplied crypto returns 
• Requests to send money first to “unlock” a benefit 
• Messages tied to a breach but asking for immediate action outside the app 

How the breach happened: 

Social engineering is a type of scam that targets people rather than software or security systems. Instead of hacking code, scammers focus on tricking someone into giving them access.  

Attackers research how a company operates, which tools it uses, and who is likely to have permissions. They then impersonate a trusted source, such as a vendor, coworker, or automated system, and send a realistic message asking for a routine action.  

That action might be approving a login, resetting credentials, sharing a file, or clicking a link. Once the person complies, the scammer gains legitimate access and can move through systems using real permissions. Social engineering works because it exploits trust, familiarity, and urgency, making normal workplace behavior the pathway to a breach. 

Social Engineering Scams Fueled by AI On the Rise 

Big picture:
Fraud is increasingly driven by impersonation, automation, and trust abuse rather than technical hacking, according to new industry forecasts. 

What happened:
A new Future of Fraud Forecast from Experian warns that fraudsters are rapidly weaponizing AI and identity manipulation. The report highlights agentic AI systems committing fraud autonomously, deepfake job candidates passing live interviews, cloned websites overwhelming takedown efforts, and emotionally intelligent bots running scams at scale. 

The scope of the problem is already visible. Federal Trade Commission data shows consumers lost more than $12.5 billion to fraud in 2024, while nearly 60% of companies reported rising fraud losses between 2024 and 2025. Experian’s forecast suggests these losses will accelerate as fraud becomes harder to attribute, trace, and interrupt. 

Red flags to watch: 

• Requests or actions initiated without clear human ownership 
• Identity verification steps that feel automated or unusually frictionless 
• Transactions triggered by AI systems with unclear accountability 

Phishing Scam Locks Users Out of X Accounts 

Big picture: Officials are warning of increasing phishing attacks that steal X users’ accounts and then use their profile to sell crypto. 

What happened: The Better Business Bureau issued a warning about phishing messages targeting users on X, particularly accounts with large followings. Victims receive direct messages that appear to come from colleagues or professional contacts, often asking them to click a link to support a contest, event, or opportunity. 

Once the link is clicked, victims are locked out of their accounts. The compromised accounts are then used to promote cryptocurrency and other products, while automatically sending the same phishing message to additional contacts. 

Red flags to watch: 

• Unsolicited direct messages containing links 
• Requests framed as favors, votes, or professional support 
• Sudden loss of account access after clicking a link 

How this happened and what to learn:
The scam relies on account impersonation and lateral spread. Instead of reaching strangers, attackers move through existing trust networks, using one compromised account to reach the next.  

The takeaway is that familiarity does not equal legitimacy. Even messages from known contacts should be treated with caution when links or logins are involved. 

McAfee’s Safety Tips for This Week 

• Learn more about spotting phishing emails. Don’t accidentally expose yourself, your friends, family, or workplace to scammers. Our ultimate phishing guide has real world examples and more practical tips. 

• Verify inside official apps or sites. If you get a security email, don’t click any links. Instead, open the official app or type the website address yourself for more information. 

• Watch your exposed data. With tools like Google’s Dark Web Monitoring going away, ongoing identity monitoring matters more than ever. 

• Stay alert to trending scams. Weight-loss drug fraud like Ozempic offers is already surging in the new year, and awareness is your first defense. 

McAfee will be back next week with another roundup of the scams making headlines and the practical steps you can take to stay safer online. 

The post This Week in Scams: Fake Brand Messages and Account Takeovers appeared first on McAfee Blog.

McAfee and Pat McAfee Turn a Name Mix-Up Into a Push for Online Safety

If a message popped up in your feed tomorrow promising a cash refund, a surprise giveaway, or a limited-time crypto opportunity, would you pause long enough to question it? 

That split second matters more than ever.

Most modern scams don’t rely on panic or obvious red flags. They rely on familiarity. On things that feel normal. On moments that seem too small to question. 

And those moments are exactly what scammers exploit. 

Why Today’s Scams Are So Easy to Fall For 

There was a time when spotting a scam was relatively straightforward. The emails were badly written. The websites looked rushed. The warnings were obvious. 

Scammers don’t just rely on obvious spam or panic-driven messages. Instead, many now use: 

• Friendly, natural language 
• Faces of celebrities and figures you trust 
• Messages that arrive through trusted apps 
• Conversations that unfold gradually 
• Requests that feel routine instead of suspicious 

McAfee’s Celebrity Deepfake Deception research shows how common and convincing these scams have become: 72% of Americans say they’ve seen a fake or AI-generated celebrity endorsement, and 39% say they’ve clicked on one that turned out to be fraudulent. When scam content shows up in the same feeds, apps, and formats people use every day, it feels normal. 

That’s the danger zone. It’s also why McAfee chose to use a familiar, culturally recognizable moment to talk about a much bigger issue.

Why McAfee Partnered with Pat McAfee 

Whether you’ve been saying mack-uh-fee or mick-affy, the long-running name mix-up is harmless in everyday conversation. 

Online, though, small moments of confusion can have outsized consequences. 

Scammers rely on quick assumptions: that a familiar name means legitimacy, that a recognizable face means trust, that a message arriving in the right place must be real. They move fast, hoping people act before stopping to verify 

Pat McAfee knows firsthand how scammers exploit familiarity and trust. 

In recent months, fake social media giveaways promising cash and prizes have circulated using Pat’s likeness, and even a fraudulent “American Heart Association fundraiser” made the rounds, falsely claiming he was collecting donations. 

Pat wants his fans to know: if you ever see a giveaway, fundraiser, or message claiming to be from him, double-check it on his official channels first. If it feels off, it probably is. 

Unfortunately, these scams work because people trust Pat. Scammers exploit that trust to lower people’s guard and make fraudulent requests feel legitimate. 

It’s the same tactic used across countless impersonation scams today: borrow the authority of a familiar face, add a sense of urgency, and move fast before anyone stops to verify, “is this legit?” We’ve seen it happen with Taylor Swift, Tom Hanks, Al Roker, Brad Pitt, and numerous others. 

Remember, no legitimate giveaway will ask for payment, banking details, login credentials, or account access. And no nonprofit fundraiser tied to a celebrity should ever come from a personal message or unfamiliar social account. 

Watch: Pat McAfee Explains How McAfee Is More Than an Antivirus 

In the video below, Pat McAfee playfully demonstrates how easily familiar moments online can turn into risk, and why digital safety today can’t rely on perfect judgment alone. 

 

How to Protect Yourself Right Now 

You don’t have to stop using your favorite platforms. But you do have to change how you verify online threats. 

Before You Trust Any Urgent Message or Offer: 

• Be skeptical of sudden financial opportunities 
• Assume giveaways that require payment or credentials are scams 
• Never connect accounts, wallets, or payment methods from social links 
• Verify claims on official websites, not just inside apps 
• Be cautious of messages that replace clear context with urgency 

If a video or message feels real but the request feels extreme, that’s a red flag. 

McAfee offers more than traditional antivirus, combining multiple layers of digital protection in one app 

• Scam Detector to help flag suspicious messages and links 
• Safe Browsing tools to help block risky websites 
• VPN to keep your connection private on public Wi-Fi 
• Identity Monitoring and Alerts to notify you if your personal information appears where it shouldn’t 
• Personal Data Cleanup to help remove your information from high-risk data broker sites 
• Device and Account Security to help protect the things you use most 

Final Takeaway 

If a scam looks obvious, most people won’t fall for it. 

But modern scams don’t look obvious. They look familiar. They use your favorite faces. They look normal. They look safe. And that’s where people get hurt. 

Staying safe now means slowing down, verifying independently, and having protection work quietly in the background while you stay focused on what you actually came online to do. 

McAfee’s built-in Scam Detector, included in all core plans, automatically detects scams across text, email, and video, blocks dangerous sites, and identifies deepfakes, stopping harm before it happens. 

And because today’s risks aren’t just about what you click, a VPN and Personal Data Cleanup add additional layers of defense by helping protect your connection and limit how much personal information is available to be exploited in the first place. 

Ready to get Pat’s Picks? Learn more here. 

FAQs 

For clarity, and because these questions come up often, here’s the straightforward explanation: 

Q: Is Pat McAfee the founder of McAfee antivirus? A: No. Pat McAfee is not associated with the founding or leadership of McAfee. McAfee was founded by John McAfee and operates independently.

Q: Are Pat McAfee and McAfee the same company? A: No. Pat McAfee is a sports media personality. McAfee is a cybersecurity company. They are separate entities.

Q: Why does McAfee work with Pat McAfee? A: McAfee partnered with Pat McAfee to raise awareness about online scams, impersonation fraud, and digital safety using culturally relevant examples.

 

The post McAfee and Pat McAfee Turn a Name Mix-Up Into a Push for Online Safety appeared first on McAfee Blog.

McAfee’s Scam Detector Earns Third Major Award Within Months of Launch

McAfee’s Scam Detector has been named a Winner of the 2026 BIG Innovation Awards, presented by the Business Intelligence Group, marking the third major industry award the product has earned since launching just months ago. 

The recognition underscores a growing consensus across independent judges: as scams become more sophisticated and AI-driven, consumers need protection that works automatically, explains risks clearly, and helps stop harm before it happens. 

What Is the BIG Innovation Award? 

The BIG Innovation Awards recognize products and organizations that deliver measurable innovation with real-world impact. The program focuses not only on technical advancement, but on how solutions improve everyday life for individuals and households. 

For consumer cybersecurity products like Scam Detector, that means being evaluated on: 

• Real-world relevance 
• Ease of use for non-experts 
• Societal impact 
• Demonstrated adoption and need 

The award highlights Scam Detector’s role in helping people stay safer online as scams grow more sophisticated, more personal, and increasingly powered by AI.  

Why Scam Detector Stands Out 

According to feedback from the BIG Innovation Awards judging panel, Scam Detector was recognized for: 

Strong real-world relevance: Scams are now an everyday risk, not a niche technical issue 

Clear consumer value: Protection that runs automatically in the background without requiring expert knowledge

AI used responsibly: Applying advanced models to reduce harm, not increase it

Early impact: Rapid adoption, with more than one million users in its first months 

Judges also noted the importance of Scam Detector’s educational alerts, which don’t just block threats, but explain why something is risky, helping people build confidence over time. 

Using AI to Fight AI-Driven Scams 

Scam Detector is McAfee’s AI-powered protection designed to detect scams across text, email, and video, block dangerous links, and identify deepfakes, before harm occurs. 

As scammers increasingly use generative AI to impersonate people, brands, and institutions, protection needs to operate at the same speed and scale. Scam Detector is built to do exactly that, quietly working in the background while users go about their day. 

Scam Detector is included with all core McAfee plans and is available across mobile, PC, and web. 

In Good Company: Consumer Innovation Across Industries 

McAfee was recognized alongside other consumer-facing innovators whose products directly serve individuals and households. Fellow 2026 BIG Innovation Award winners include: 

Capital One Auto – Chat Concierge: A consumer-facing service designed to help car buyers and owners navigate financing and ownership decisions. 

Starkey – Omega AI Hearing Aid: A wearable hearing aid that integrates AI assistance, health monitoring, and real-time translation. 

Phonak – Virto R Infinio: Custom-fit hearing aids designed to deliver personalized hearing solutions for individual users. 

EZVIZ – 9c Dual 4G Series Camera: A smart home security camera built for personal and household use. 

Sinomax USA: Consumer mattresses and comfort products focused on everyday home use. 

beyoutica 1905: A wellness product designed for health- and lifestyle-focused consumers. 

Wheels – Pool CheckOut: A consumer-oriented solution designed to simplify vehicle service and checkout experiences. 

Together, these winners reflect how innovation increasingly shows up in tools people rely on at home, in their cars, and on their phones. 

Scam Detector Awards and Industry Recognition 

Since launch, McAfee’s Scam Detector has earned recognition across multiple independent award programs, each highlighting a different dimension of its impact: 

2026 BIG Innovation Awards

Winner and Top 10 Innovator – Large Business, recognizing real-world consumer impact and responsible AI use. 

2025 A.I. Awards

2025 Tech Ascension Awards 

The post McAfee’s Scam Detector Earns Third Major Award Within Months of Launch appeared first on McAfee Blog.

Google Ends Dark Web Report. What That Means and How to Stay Safe

Google has officially discontinued its Dark Web Report, the tool that alerted users when their personal information appeared in dark web breach databases. New scans stop on January 15, 2026, and on February 16, 2026, Google will permanently delete all data associated with the feature. 

This does not mean Google.com or Google Accounts are going away. It means Google is no longer scanning the dark web for leaked data tied to your account, and it is no longer storing or updating any breach information that was collected for the report. 

For people who relied on Google’s alerts, this change creates a real gap. After January 16, you will no longer get new notifications if your information shows up in breach databases. That is why it is worth taking a few minutes now to lock down the basics. 

According to reporting from TechCrunch, Google said it ended the service after concluding that it did not give users enough clarity about what to do once their data was found. 

That decision highlights a much larger shift in online security: Finding leaked data is no longer enough. Protecting identity is now the real challenge. 

What did Google’s Dark Web Report do? 

The Dark Web Report was a Google Account feature that searched known data breach dumps and dark web marketplaces for personal information tied to a user, such as email addresses, phone numbers, and other identifiers. 

If Google found a match, it sent an alert. 

What it did not do was show which accounts were at risk, whether financial or government ID data was involved, or how to prevent fraud from happening next. That gap is why some users said the tool fell short. 

What is the dark web, and why does  stolen data end up there? 

The internet has three layers: 

1. The surface web is what search engines index. 
2. The deep web includes anything behind a login, like email, banking, and medical portals. 
3. The dark web is a hidden part of the deep web that is not indexed by search engines and is accessed through specialized networks or browsers like Tor. 

The dark web is where data from breaches is commonly sold, traded, and packaged for scams. When a company is hacked, stolen files often end up in dark web databases that include email addresses, passwords, Social Security numbers, bank details, and full identity profiles. 

Scammers use this data to commit account takeovers, financial fraud, tax fraud, and identity theft.  

Even without passwords, this personal information can be enough for scammers to target you with convincing phishing and social engineering scams.  

How to check if your personal information is on the dark web: 

Looking up an email address is no longer enough. Modern identity theft relies on things like Social Security numbers, government IDs, bank and credit card numbers, tax records, insurance data, usernames, and phone numbers. 

To understand whether any of that is exposed, people need to monitor the dark web for identity-level data, not just logins. 

Here is what that looks like in practice: 

• Scan breach databases for government ID numbers and financial data 
• Look for full identity profiles being sold or traded 
• Match leaked records back to real people 

Tools like McAfee’s Identity Monitoring are designed to look for those types of data so you can act before fraud happens. 

Have 30 minutes right now? Do this: 

Been meaning to bolster your security? Here are three quick ways you can enhance your identity protection and reduce real-world damage in a breach: 

Freeze your credit

Estimated time: 10 minutes 

This is a powerful free protection option that many forget about. A credit freeze blocks anyone from opening new loans, credit cards, or accounts in your name, even if they have your Social Security number and full identity profile. 

You can do this for free with any of the major credit bureaus. If you do it with one, the others are notified. 

Why this matters: Most identity theft today is not account hacking. It is criminals opening accounts in your name. A credit freeze stops that cold. 

 

Set up fraud and login alerts on your financial accounts 

Estimated time: 10 minutes 

Go into your main bank and credit card apps and turn on: 

• Login alerts
• Transaction alerts
• Password or profile change alerts
• These are not the same as marketing notifications. They tell you when someone is trying to access or move money. 

You’ll find these somewhere under Settings>Alerts.

Why this matters: Identity thieves often test stolen data with small charges or login attempts before stealing larger amounts. These alerts are how you catch it early.

Lock down account recovery paths

Estimated time: 10 minutes 

This is one of the most overlooked vulnerabilities. 

Go into: 

• Your email account 
• Your Apple ID or Google account 

Check and update: 

• Recovery email 
• Recovery phone number 
• Backup codes 
• Trusted devices 

Remove anything you do not recognize. 

Why this matters: Even if you change your password, attackers can still take over accounts through recovery systems if those are compromised. This closes that back door. 

 

FAQ: 

Is Google deleting my Google Account data? No. Google is only deleting the data it collected specifically for the Dark Web Report feature. Your Gmail, Drive, Photos, and other Google Account data are not affected.

Is Google still protecting my account from hackers? Yes. Google continues to offer security features like two-factor authentication, login alerts, and account recovery tools. What it removed is the dark web scanning and alert system tied to breach data.

Does the dark web report website still exist? No. After February 16, 2026, Google no longer operates or updates the Dark Web Report feature. There is no active scanning, no dashboard, and no stored breach data tied to it.

Does this mean dark web monitoring is useless? No. It means email-only monitoring is not enough. Criminals use far more than emails to commit fraud, which is why identity-level monitoring is now more important.

What kind of information is most dangerous if it appears on the dark web? Social Security numbers, government IDs, bank and credit card numbers, tax records, insurance IDs, usernames, and phone numbers are the data types most commonly used for identity theft and financial fraud.

How can I check if my information is exposed right now? You can use an identity monitoring service like McAfee that scans dark web sources for sensitive personal data, not just email addresses. That is how people can see whether their identity is being traded or abused today.

 

The post Google Ends Dark Web Report. What That Means and How to Stay Safe appeared first on McAfee Blog.

McAfee Earns 29th Consecutive AAA Rating From SE Labs

McAfee has once again earned the highest possible AAA rating from SE Labs, marking the 29th consecutive time our consumer protection has received this top-tier recognition. 

In SE Labs’ latest Q4 Home Anti-Malware Test, McAfee Total Protection achieved 100% protection with zero false positives, reinforcing a streak that has remained unbroken since December 2018. 

What the SE Labs AAA Rating Measures 

SE Labs is an independent, UK-based security testing organization known for evaluating products against real-world threats, not just controlled lab samples. Its test results are therefore referenced and trusted by numerous journalists and product reviewers alike.  

Their Home Anti-Malware tests simulate the types of attacks people actually face, including: 

• Email-based threats 
• Malicious websites 
• Targeted attacks designed to appear relevant or trustworthy 
• Common malware encountered during everyday online activity 

To earn an AAA rating, products must demonstrate: 

• Strong threat detection 
• Effective prevention before harm occurs 
• Minimal false positives that disrupt normal use 

Why This Recognition Matters for Consumers 

For people choosing security software, independent testing helps answer a simple question: Does this protection actually work when it matters? SE Labs’ results show that McAfee continues to block threats accurately, without over-flagging safe activity. 

Independent recognition like this reinforces McAfee’s ongoing commitment to consumer-first security that is tested, proven, and trusted over time. 

Learn more about McAfee’s core protection plans and how we can help keep you safe online. And find the full SE Labs report here. 

The post McAfee Earns 29th Consecutive AAA Rating From SE Labs appeared first on McAfee Blog.

This Week in Scams: Explaining the Fake Amazon Code Surge

This week in scams, the biggest threats showed up as routine security messages, viral consumer “warnings,” and AI-generated content that blended seamlessly into platforms people already trust. 

Every week, we bring you a roundup of the scams making headlines, not just to track what’s happening, but to explain how these schemes work, why they’re spreading now, and what you can do to stay ahead of them.  

Here are scams in the news this week, and safety tips from our experts at McAfee: 

Amazon One-Time Passcode Scam: How Fake Security Calls Hijack Real Accounts 

Scammers are increasingly impersonating Amazon customer support to take over accounts using real one-time passcodes (OTPs), not fake links or malware. 

Here’s how the scam works in practice. 

What is the Amazon one-time passcode scam? 

Victims receive an unsolicited phone call from someone claiming to work for Amazon. The caller says suspicious activity has been detected on the account and may reference expensive purchases, often items like smartphones, to make the threat feel credible. 

The call usually comes from a spoofed number and the scammer may already know your name or phone number, which helps lower suspicion. 

How scammers use real Amazon security codes 

While speaking to you, the scammer attempts to access your Amazon account themselves by entering your phone number or email address on the login page and selecting “forgot password” or triggering a login from a new device. 

That action causes Amazon’s real security system to send a legitimate one-time passcode to your phone or email. 

If you read that code aloud or share it, the scammer can immediately: 

• Complete the login process 
• Change your account password 
• Access saved payment methods 
• Place fraudulent orders or lock you out of the account 

The scam works precisely because the code is real—and because it arrives while the caller is convincing you it’s part of a routine security check. 

Key red flags to watch for 

• Unsolicited calls claiming to be from Amazon 
• Requests to share a one-time passcode 
• Pressure to act quickly “to secure your account” 

Important to remember: Amazon will never contact you first to ask for your password, verification codes, or security details. If you receive a one-time passcode you didn’t request, do not share it with anyone. 

AI Deepfake Scam on TikTok Uses Fake Princess to Steal Money 

A growing scam on TikTok shows how AI-generated deepfake videos are now being used not just for misinformation, but for direct financial fraud. 

This week, Spanish media and officials warned that scammers are circulating fake TikTok videos appearing to show Princess Leonor, the 20-year-old heir to Spain’s throne, offering financial assistance to users.  

According to The Guardian, the videos show an AI-generated version of Leonor promising payouts running into the thousands of dollars in exchange for a small upfront “fee.”  

Once victims send that initial payment, the scam doesn’t end. Fraudsters repeatedly demand additional fees before eventually disappearing. 

This case highlights how deepfakes are moving beyond novelty and into repeatable, high-reach fraud, where trust in familiar public figures is weaponized at scale. 

Viral Reddit “Whistleblower” Scam: When AI-Generated Posts Fool Millions 

A viral post on Reddit this week shows how AI-generated text can convincingly impersonate whistleblowers, and even mislead experienced journalists. 

The post claimed to come from an employee at a major food delivery company, alleging the firm was exploiting drivers and users through opaque AI systems. Written as a long, confessional screed, the author said he was drunk, using library Wi-Fi, and risking retaliation to expose the truth. 

The claims were believable in part because similar companies have faced real lawsuits in the past. The post rocketed to Reddit’s front page, collecting over 87,000 upvotes, and spread even further after being reposted on X, where it amassed tens of millions of impressions. 

As Platformer journalist Casey Newton later reported, the supposed whistleblower provided what appeared to be convincing evidence, including a photo of an employee badge and an 18-page internal document describing an AI-driven “desperation score” used to manage drivers. But during verification attempts, red flags emerged. The materials were ultimately traced back to an AI-generated hoax. 

Detection tools later confirmed that some of the images contained AI watermarks, but only after the post had already gone viral. 

Why AI-generated hoaxes like this are dangerous 

• They mimic real whistleblower behavior and language 
• They exploit existing public distrust of large platforms 
• They can mislead journalists, not just casual readers 
• Debunking often comes too late to stop spread 

This incident underscores a growing problem: AI-generated misinformation doesn’t need to steal money directly to cause harm. Sometimes, the damage is to trust itself — and by the time the truth surfaces, the narrative has already taken hold. 

McAfee’s Safety Tips for This Week 

As scams increasingly rely on a combination of realism and urgency, protecting yourself starts with slowing down and verifying before you act. 

If a message or video promises money or financial help: 

• Be skeptical of any offer that requires an upfront “fee,” no matter how small. 
• Remember that public figures, charities, and foundations do not distribute money through social media DMs or comment sections. 
• If an offer claims to come from a well-known individual or organization, verify it through official websites or trusted news sources. 

When content appears viral or emotionally convincing: 

• Pause before sharing or acting on posts framed as warnings, whistleblower revelations, or exposés. 
• Look for confirmation from multiple reputable outlets — not just screenshots or reposts. 
• Be cautious of long, detailed posts that feel personal or confessional but can’t be independently verified. 

When AI may be involved: 

• Assume that realistic images, videos, and documents can be generated quickly and at scale. 
• Don’t rely on appearance alone to determine authenticity, even high-quality content can be fake. 
• Treat unsolicited financial requests, account actions, or “inside information” as red flags, regardless of how credible they seem. 

If you think you’ve engaged with a scam: 

• Stop responding immediately. 
• Secure your accounts by changing passwords and enabling multi-factor authentication. 
• Monitor financial statements and account activity for unusual behavior. 

Final Takeaway 

The scams making headlines this week share a common theme: they don’t look like scams at first glance. Whether it’s an AI-generated video of a public figure or a viral post posing as a consumer warning, today’s fraud relies on familiarity, credibility, and trust. 

That’s why McAfee’s Scam Detector and Web Protection help detect scam messages, dangerous sites, and AI-generated deepfake videos, alerting you before you interact or click. 

We’ll be back next week with another roundup of the scams worth watching, the stories behind them, and the steps you can take to stay one step ahead. 

The post This Week in Scams: Explaining the Fake Amazon Code Surge appeared first on McAfee Blog.

Black or Scrambled Phone Screen? Here’s How to Spot a Hacked vs Broken Phone

It’s the screen you never want to see.

Something is seriously wrong with your phone. Or is it? You might not have a broken phone at all. Instead, you might have a hacked phone.

What you see above is a form of scareware, an attack that frightens you into thinking your device is broken or infected with a virus. What the hacker wants you to do next is panic. They want you to tap on a bogus link that says it’ll run a security check, remove a virus, or otherwise fix your phone before the problem gets worse.

Of course, tapping that link takes you to a malware or phishing site, where the hacker takes the next step and installs an even nastier form of malware on your phone. In other cases, they steal your personal info under the guise of a virus removal service. (And yes, sometimes they pose as McAfee when they pull that move. In fact,

Note that in this example above, the hacker behind the phony broken screen is arguably going for a user who’s perhaps less tech savvy. After all, the message atop the “broken” screen appears clear as day. Still, in the heat of the moment, it can be convincing enough.

How does scareware get on phones?

Scareware typically finds its way onto phones through misleading ads, fake security alerts, or hacked websites. In other cases, downloading apps from places other than an official app store can lead to scareware (and other forms of malware too).

As for malware on phones, you’ll find different risk levels between Android and iOS phones. While neither platform is completely immune to threats, Android phones are reportedly more susceptible to viruses than iPhones due to differences in their app downloading policies. On Android phones, you can install apps from third-party sources outside the official Google Play Store, which increases the risk of downloading malicious software.

In contrast, Apple restricts app installations to its official App Store, making it harder for malware to get on iOS devices. (That’s if you haven’t taken steps to jailbreak your iPhone, which removes the software restrictions imposed by Apple on its iOS operating system. We absolutely don’t recommend jailbreaking because it may void warranties and make it easier for malware, including scareware, to end up on your phone.)

If you think you’ve wound up with a case of scareware, stay calm. The first thing the hacker wants you to do is panic and click that link. Let’s go over the steps you can take.

How to remove malware from your Android phone

If you don’t already have mobile security and antivirus for your phone, your best bet is to get the latest virus removal guidance from Android, which you can find on this help page.

Moving forward, you can get protection that helps you detect and steer clear of potential threats as you use your phone. You can pick up McAfee Security: Antivirus VPN in the Google Play store, which also includes our Scam Detector and Identity Monitoring. You can also get it as part of your McAfee+

How to remove malware from your iPhone

Step 1: Restart your phone

Hold down the iPhone power button until you see slide to power off on your screen. Slide it, wait for the phone to power down, and then press the power button to restart your iPhone.

Step 2: Download updates 

Having the latest version of iOS on your phone ensures you have the best protection in place. Open the Settings app.  Look for Software Update in the General tab. Select Software Update. Tap Download and Install to the latest iPhone update.

Step 3: Delete suspicious apps 

Press a suspicious app icon on your screen and wait for the Remove App to pop up. Remove it and repeat that as needed for any other suspicious apps.

More steps you can take …

If those steps don’t take care of the issue, there are two stronger steps you can take. The first involves restoring your phone from a backup as described by Apple here.

The most aggressive step you can take is to reset your phone entirely. You can return it to the original factory settings (with the option to keep your content) by following the steps in this help article from Apple.

How to avoid malware on your phone

Clearly these attacks play on fear that one of the most important devices in your life has a problem—your phone.

1. Protect your phone.

Comprehensive online protection software can secure your phone in the same ways that it secures your laptops and computers. Installing it can protect your privacy, keep you safe from attacks on public Wi-Fi, automatically block unsafe websites and links, and detect scams, just to name a few things it can do.

2. Update your phone’s operating system.

Along with installing security software, keeping your phone’s operating system up to date can greatly improve your security. Updates can fix vulnerabilities that hackers rely on to pull off their malware-based attacks. It’s another tried-and-true method of keeping yourself safe—and for keeping your phone running great too.

3. Avoid third-party app stores.

Google Play and Apple’s App Store have measures in place to review and vet apps to help ensure that they are safe and secure. Third-party sites might very well not, and they might intentionally host malicious apps as part of a front. Further, Google and Apple are quick to remove malicious apps from their stores when discovered, making shopping there safer still.

The post Black or Scrambled Phone Screen? Here’s How to Spot a Hacked vs Broken Phone appeared first on McAfee Blog.

This Year in Scams: A 2025 Retrospective, and a Look Ahead at 2026

They came by phone, by text, by email, and they even weaseled their way into people’s love lives—an entire host of scams that we covered here in our blogs throughout the year.

Today, we look back, picking five noteworthy scams that firmly established new trends, along with one in particular that gives us a hint at the face of scams to come.

Let’s start it off with one scam that pinged plenty of phones over the spring and summer: those toll road texts.

1 – The Texts That Jammed Everyone’s Phones: The Toll Road Scam

It was the hot new scam of 2025 that increased by 900% in one year: the toll road scam.

There’s a good chance you got a few of these this year,scam texts that say you have an unpaid tab for tolls and that you need to pay right away. And as always, they come with a handy link where you can pay up and avoid that threat of a “late fee.”

2 – Romancing the Bot: AI Chatbots and Images Finagle Their Way Into Romance Scams

It started with a DM. And a few months later, it cost her $1,200.

Earlier this year, we brought you the story of 25-year-old computer programmer Maggie K. who fell for a romance scam on Instagram. Her story played out like so many. When she and her online boyfriend finally agreed to meet in person, he claimed he missed his flight and needed money to rebook. Desperate to finally see him, she sent the money and never heard from him again.

But here’s the twist—he wasn’t real in the first place.

When she reported the scam to police, they determined his images were all made with AI. In Maggie’s words, “That was the scariest part—I had trusted someone who never even existed.”

Maggie isn’t alone. Our own research earlier this year revealed that more than half (52%) of people have been scammed out of money or pressured to send money or gifts by someone they met online.

Moreover, we found that scammers have fueled those figures with the use of AI. Of people we surveyed, more than 1 in 4 (26%) said they—or someone they know—have been approached by an AI chatbot posing as a real person on a dating app or social media.

We expect this trend will only continue, as AI tools make it easier and more efficient to pull off romance scams on an increasingly larger scale.

Even so, the guidelines for avoiding romance scams remain the same:

• Never send money to someone you’ve never met in person.
• Things move too fast, too soon—like when the other person starts talking about love almost right away.
• They say they live far away and can’t meet in person because they live abroad, all part of a scammers story that they’re there for charity or military service.
• Look out for stories of urgent financial need, such as sudden emergencies or requests for help with travel expenses to meet you.
• Also watch out for people who ask for payment in gift cards, crypto, wire transfers, or other forms of payment that are tough to recover. That’s a sign of a scam.

3 – Paying to Get Paid: The New Job Scam That Raked in Millions

The job offer sounds simple enough … go online, review products, like videos, or do otherwise simple tasks and get paid doing it—until it’s time to get paid.

It’s a new breed of job scam that took root this spring, one where victims found themselves “paying to get paid.”

The FTC dubbed these scams as “gamified job scams” or “task scams.” Given the way these scams work, the naming fits.

It starts with a text or direct message from a “recruiter” offering work with the promise of making good money by “liking” or “rating” sets of videos or product images in an app, all with the vague purpose of “product optimization.” With each click, you earn a “commission” and see your “earnings” rack up in the app. You might even get a payout, somewhere between $5 and $20, just to earn your trust.

Then comes the hook.

Like a video game, the scammer sweetens the deal by saying the next batch of work can “level up” your earnings. But if you want to claim your “earnings” and book more work, you need to pay up. So you make the deposit, complete the task set, and when you try to get your pay the scammer and your money are gone. It was all fake.

This scam and others like it fall right in line with McAfee data that uncovered a spike in job-related scams of 1,000% between May and July,which undoubtedly built on 2024’s record-setting job scam losses of $501 million.

Whatever form they take, here’s how you can avoid job scams:

Step one—ignore job offers over text and social media

A proper recruiter will reach out to you by email or via a job networking site. Moreover, per the FTC, any job that pays you to “like” or “rate” content is against the law. That alone says it’s a scam.

Step two—look up the company

In the case of job offers in general, look up the company. Check out their background and see if it matches up with the job they’re pitching. In the U.S., The Better Business Bureau (BBB) offers a list of businesses you can search.

Step three—never pay to start a job.

Any case where you’re asked to pay to up front, with any form of payment, refuse, whether that’s for “training,” “equipment,” or more work. It’s a sign of a scam.

4 – Seeing is Believing is Out the Window: The Al Roker Deepfake Scam

Prince Harry, Taylor Swift, and now the Today show’s Al Roker, too, they’ve all found themselves as the AI-generated spokesperson for deepfake scams.

In the past, a deepfake Prince Harry pushed bogus investments, while another deepfake of Taylor Swift hawked a phony cookware deal. Then, this spring, a deepfake of Al Roker used his image and voice to promote a bogus hypertension cure—claiming, falsely, that he had suffered “a couple of heart attacks.”

 

The fabricated clip appeared on Facebook, which appeared convincing enough to fool plenty of people, including some of Roker’s own friends. “I’ve had some celebrity friends call because their parents got taken in by it,” said Roker.

While Meta quickly removed the video from Facebook after being contacted by TODAY, the damage was done. The incident highlights a growing concern in the digital age: how easy it is to create—and believe—convincing deepfakes.

Roker put it plainly, “We used to say, ‘Seeing is believing.’ Well, that’s kind of out the window now.”

In all, this stands as a good reminder to be skeptical of celebrity endorsements on social media. If public figure fronts an apparent deal for an investment, cookware, or a hypertension “cure” in your feed, think twice. And better yet, let our Scam Detector help you spot what’s real and what’s fake out there.

5 – September 2025: The First Agentic AI Attack Spotted in The Wild

And to close things out, a look at some recent news, which also serves as a look ahead.

Last September, researchers spotted something unseen before:a cyberattack almost entirely run by agentic AI.

What is Agentic AI?

Definition: Artificial intelligence systems that can independently plan, make decisions, and work toward specific goals with minimal human intervention; in this way, it executes complex tasks by adapting to new info and situations on its own.

Reported by AI researcher Anthropic, a Chinese state-sponsored group allegedly used the company’s Claude Code agent to automate most of an espionage campaign across nearly thirty organizations. Attackers allegedly bypassed guardrails that typically prevent such malicious use with jailbreaking techniques, which broke down their attacks into small, seemingly innocent tasks. That way, Claude orchestrated a large-scale attack it wouldn’t otherwise execute.

Once operational, the agent performed reconnaissance, wrote exploit code, harvested credentials, identified high-value databases, created backdoors, and generated documentation of the intrusion. By Anthropic’s estimate, they completed 80–90% of the work without any human involvement.

According to Anthropic: “At the peak of its attack, the AI made thousands of requests, often multiple per second—an attack speed that would have been, for human hackers, simply impossible to match.”

We knew this moment was coming, and now the time has arrived: what once took weeks of human effort to execute a coordinated attack now boils down to minutes as agentic AI does the work on someone’s behalf.

In 2026, we can expect to see more attacks led by agentic AI, along with AI-led scams as well, which raises an important question that Anthropic answers head-on:

If AI models can be misused for cyberattacks at this scale, why continue to develop and release them? The answer is that the very abilities that allow Claude to be used in these attacks also make it crucial for cyber defense. When sophisticated cyberattacks inevitably occur, our goal is for Claude—into which we’ve built strong safeguards—to assist cybersecurity professionals to detect, disrupt, and prepare for future versions of the attack.

That gets to the heart of security online: it’s an ever-evolving game. As new technologies arise, those who protect and those who harm one-up each other in a cycle of innovation and exploits. As we’re on the side of innovation here, you can be sure we’ll continue to roll out protections that keep you safer out there. Even as AI changes the game, our commitment remains the same.

Happy Holidays!

We’re taking a little holiday break here and we’ll be back with our weekly roundups again in 2026. Looking forward to catching up with you then and helping you stay safer in the new year.

The post This Year in Scams: A 2025 Retrospective, and a Look Ahead at 2026 appeared first on McAfee Blog.

How To Spot Health Insurance Scams This Open Enrollment Season

If you’re in the market for insurance right now, keep an eye out for scammers in the mix. They’re out in full force once again this open enrollment season.

As people across the U.S. sign up for, renew, or change their health insurance plans, scammers want to cash in as people rush to get their coverage set. And scammers have several factors working in their favor.

For starters, many people find the insurance marketplace confusing, frustrating, and even intimidating, all feelings that scammers can take advantage of. Moreover, concerns about getting the right level of coverage at an affordable price also play into the hands of scammers.

Amidst all this uncertainty and time pressure, health insurance scams crop up online. Whether under the guise of helping people navigate the complex landscape or by offering seemingly low-cost quotes, scammers prey on insurance seekers by stealing their personal information, Social Security numbers, and money.

According to the FBI, health insurance scams cost families millions each year. In some cases, the costs are up front. People pay for fraudulent insurance and have their personal info stolen. And for many, the follow-on costs are far worse, where victims go in for emergency care and find that their treatment isn’t covered—leaving them with a hefty bill.

Like so many of the scams we cover here in our blogs, you can spot health insurance scams relatively quickly once you get to know their ins and outs.

What Kind Of Health Insurance Scams Are Out There Right Now?

Here’s how some of those scams can play out.

The Phishing Strategy

Some are “one and done scams” where the scammer promises a policy or service and then disappears after stealing money and personal info—much like an online shopping scam. It’s a quick and dirty hit where scammers quickly get what they want by reaching victims the usual ways, such as through texts, emails, paid search results, and social media. In the end, victims end up on a phishing site where they think they’re locking in a good deal but handing over their info to scammers instead.

The Long Con

Other scams play a long con game, milking victims for thousands and thousands of dollars over time. The following complaint lodged by one victim in Washington state provides a typical example:

A man purchased a plan to cover himself, his wife, and his two children, only to learn there was no coverage. He was sold a second policy, with the same result, and offered a refund if he purchased a third policy. When he filed a complaint, his family still had no coverage, and he was seeking a refund for more than $20,000 and reimbursement for $55,000 in treatments and prescriptions he’d paid out of pocket.

Scams like these are known as ghost broker scams where scammers pose as insurance brokers who take insurance premiums and pocket the money, leaving victims thinking they have coverage when they don’t. In some cases, scammers initially apply for a genuine policy with a legitimate carrier, only to cancel it later, while still taking premiums from the victim as their “broker.” Many victims only find out that they got scammed when they attempt to file a claim.

The “Fake” Cancellation Scam

Another type of scam comes in the form of policy cancellation scams. These work like any number of other account-based scams, where a scammer pretends to be a customer service rep at a bank, utility, or credit card company. In the insurance version of it, scammers email, text, or call with some bad news—the person’s policy is about to get cancelled. Yet not to worry, the victim can keep the policy active they hand over some personal and financial info. It’s just one more way that scammers use urgency and fear to steal to commit identity theft and fraud.

What Are The Signs Of A Health Insurance Scam?

As said, health insurance scams become relatively easy to spot once you know the tricks that scammers use. The Federal Trade Commission (FTC) offers up its list of the ones they typically use the most:

1)Someone says they’re from the government and need money or your personal info.Government agencies don’t call people out of the blue to ask them for money or personal info. No one from the government will ask you to verify your Social Security, bank account, or credit card number, and they won’t ask you to wire money or pay by gift card or cryptocurrency.

If you have a question about Health Insurance Marketplace®, contact the government directly at: HealthCare.gov or 1-800-318-2596

2) Someone tries to sell you a medical discount plan. Legitimate medical discount plans differ from health insurance. They supplement it. In that way, they don’t pay for any of your medical expenses. Rather, they’re membership programs where you pay a recurring fee for access to a network of providers who offer their services at pre-negotiated, reduced rates. The FTC strongly advises thorough research before participating in one, as some take people’s money and offer very little in return. Call your caregiver and see if they really participate in the program and in what way. And always review the details of any medical discount plan in writing before you sign up.

3) Someone wants your sensitive personal info in exchange for a price quote. The Affordable Care Act’s (ACA’s) official government site is HealthCare.gov. It lets you compare prices on health insurance plans, check your eligibility for healthcare subsidies, and begin enrollment. But HealthCare.gov will only ask for your monthly income and your age to give you a price quote. Never enter personal financial info like your Social Security number, bank account, or credit card number to get a quote for health insurance.

4) Someone wants money to help you navigate the Health Insurance Marketplace. The people who offer legitimate help with the Health Insurance Marketplace (sometimes called Navigators or Assisters) are not allowed to charge you and won’t ask you for personal or financial info. If they ask for money, it’s a scam. Go to HealthCare.govand click “Find Local Help” to learn more.

How to Avoid Health Insurance Scams

1)For health insurance, visit a trusted source like HealthCare.gov or your state marketplace. Doing so helps guarantee that you’ll get the kind of fully compliant coverage you want.

2) Make sure the insurance covers you in your state. Not every insurer is licensed to operate in your state. Double-check that the one you’re dealing with is. A good place to start is to visit the site for your state’s insurance commission. It should have resources that let you look up the insurance companies, agents, and brokers in your state.

3) For any insurance, research the company offering it. Run a search with the company name and add “scam” or “fraud” to it. See if any relevant news or complaints show up. And if the plan you’re being offered sounds too good to be true, it probably is.

4) Watch out for high-pressure sales. Don’t pay anything up front and be cautious if a company is forcing you to make quick decisions.

5) Guard your personal info. Never share your personal info, account details, or Social Security number over text or email. Make sure you’re really working with a legitimate company and that you submit any info through a secure submissions process.

6) Block bad links to phishing sites. Many insurance scams rely on phishing sites to steal personal info. A  combination of our Web Protection and Scam Detector can steer you clear of them. They’ll alert you if a link might take you to one. It’ll also block those sites if you accidentally tap or click on a bad link.

7) Monitor your identity and credit. In some health insurance scams, your personal info winds up in wrong hands, which can lead to identity fraud and theft. And the problem is that you only find out once the damage is done. Actively monitoring your identity and credit can spot a problem before it becomes an even bigger one. You can take care of both easily with our identity monitoring and credit monitoring.

Additionally, our identity theft coverage can help if the unexpected happens with up to $2 million in identity theft coverage and identity restoration support if determined you’re a victim of identity theft.​

You’ll find these protections and more in McAfee+.

The post How To Spot Health Insurance Scams This Open Enrollment Season appeared first on McAfee Blog.

This Week in Scams: Petco Breach Warning, and Watch Out for Fake Federal Calls

Pets, poisoned AI search results, and a phone call that sounds like it’s coming straight from the federal government, this week’s scams don’t have much in common except one thing: they’re getting harder to spot.

In today’s edition of This Week in Scams, we’re breaking down the biggest security lapses and the tactics scammers used to exploit them, and what you can do to stay ahead of the latest threats.

Two data security lapses discovered at Petco in one week put pet parents at risk

If you’re a Petco customer, you’ll want to know about not one but two data security lapses in the past week.

First, as reported by TechCrunch on Monday, Petco followed Texas data privacy laws by filing a data breach with the attorney general’s office. In that filing, Petco reported that the affected data included names, Social Security numbers, and driver’s license numbers. Further info including account numbers, credit and debit card numbers, and dates of birth were also mentioned in the filing.

Also according to Techcrunch, the company filed similar notices in California and Massachusetts.

To date, Petco has not made a comment about the size of the breach and the number of people affected.

Different states have different policies for reporting data breaches. In some cases, that helps us put a figure to the size of the breach, as some states require companies to disclose the total number of people caught up in the breach. That’s not the case here, so the full scope of the attack remains in question, at least for right now.

As of Thursday, we know Petco reported that 329 Texans were affected along with seven Massachusetts residents, per the respective reports filed. California’s report does not contain the number of Californians affected, yet laws in that state require businesses to report breaches that affect 500 or more people, so at least 500 people were affected there.

Below you can see the form letter Petco sent to affected Californians in accordance with California’s data privacy laws:

 

In it, you can see that Petco discovered that “a setting within one of our software applications … inadvertently allowed certain files to become accessible online.” Further, Petco said that it “immediately took steps to correct the issue and to remove the files from further online access,” and that it “corrected” the setting and implemented unspecified “additional security measures.”

So while no foul play appears to have been behind the breach, it’s still no less risky and concerning for Petco’s customers. We’ll cover what you can do about that in a moment after we cover yet another data issue at Petco through its Vetco clinics.

Also within the same timeframe, yet more research and reporting from Techcrunch uncovered a second security lapse that exposed personal info online. From their article:

“TechCrunch identified a vulnerability in how Vetco’s website generates copies of PDF documents for its customers.

“Vetco’s customer portal, located at petpass.com, allows customers to log in and obtain veterinary records and other documents relating to their pet’s care. But TechCrunch found that the PDF generating page on Vetco’s website was public and not protected with a password.

“As such, it was possible for anyone on the internet to access sensitive customer files directly from Vetco’s servers by modifying the web address to input a customer’s unique identification number. Vetco customer numbers are sequential, which means one could access other customers’ data simply by changing a customer number by one or two digits.”

What to do if you think you had info stolen in the Petco breach

With the size and reach of the Petco breach still unknown, and the impact of the Vetco security lapse also unknown, we advise caution for all Petco customers. At minimum, monitor transactions and keep an eye on your credit report for any suspicious activity. And it’s always a good time to update a weak password.

For those who received a notification, we advise the following:

Check your credit, consider a security freeze, and get ID theft protection. You can get all three working for you with McAfee+ Advanced or McAfee+ Ultimate.

Monitor transactions across your accounts, also available in McAfee+ Advanced and Ultimate.

Keep an eye out for phishing attacks. Use our Scam Detector to spot any follow-on attacks.

Update your passwords. Strong and unique passwords are best. Our password manager can help you create and store them securely.

And use two-factor authentication on all your accounts. Enabling two-factor authentication provides an added layer of security.

 

What to do if your Social Security number was breached.

If you think your Social Security number was caught up in the breach, act quickly.

1. First, contact one of the three credit bureaus (Equifax, Experian, or TransUnion) and place a fraud alert on your credit report.
2. That will cover all three bureaus and make it harder for someone to open new accounts in your name. You can also quickly freeze your credit altogether with McAfee+ Ultimate.
3. Also notify the Social Security Administration (SSA) along with the Internal Revenue Service (IRS), and file a police report immediately if you believe your number is being misused.

The call center number that connects you to … scammers?

You might want to be careful when searching for customer service numbers while in AI mode. Or with an AI search engine. It could connect you to a scammer.

From The Times comes reports of scammers manipulating the AI in platforms like Google and Perplexity so that their search results return scam numbers instead of a proper customer service numbers for, say, British Airways.

How do they manipulate those results? By spamming the internet with false info that gets picked up and then amplified by AI.

“[S]cammers have started seeding fake call center numbers on the web so the AI is tricked into thinking it is genuine …

“Criminals have set up YouTube channels with videos claiming to help with customer support, which are packed with airline brand names and scam numbers designed to be scraped and reused by the AI.

“Bot-generated reviews on Yelp or video descriptions on YouTube are filled with fraudulent numbers as are airline and travel web forums.”

And with these tactics, scammers could poison the results for just about any organization, business, or brand. Not just airlines. Per The Times, “The scammers have also hijacked government sites, university domains, and even fitness sites to place scam numbers, which fools the AI into thinking they are genuine.”

This reveals a current limitation with many AI platforms. Largely they can’t distinguish when people deliberately feed them bad info, as seen in the case here.

Yet even as this attack is new, our advice remains the same: any time you want to ring up a customer service line, get the number directly from the company’s official website. Not from AI search and not by clicking a paid search result that shows up first (scammers can poison them too).

Is that a call from an FTC “agent?” If so, it’s a scam.

Are you under investigation for money laundering? Of course not. But this scam wants you to think so—and to pay up.

On Tuesday, the Federal Trade Commission (FTC) issued a consumer alert warning that people are reporting getting unexpected calls from someone saying they’re “FTC agent” John Krebs. Apparently “Agent Krebs” is telling people that they’re under investigation for money laundering—and that a deposit to a Bitcoin ATM can resolve the matter.

Of course, it’s a scam.

For starters, the FTC doesn’t have “agents.” And the idea of clearing one’s name in an investigation with a Bitcoin payment is a sure-fire sign of a scam. Lastly, any time someone asks for payment with Bitcoin or other payment methods that are near-impossible to recover (think wire transfers and gift cards), those are big red flags.

Apart from hanging up and holding on to your money, the FTC offers the following guidance, which holds true for any scam call:

• Never transfer or send money to anyone in response to an unexpected call or message, no matter who they say they are.
• Know that the FTC won’t ask for money. In fact, no government agency will ever tell you to deposit money at a cryptocurrency ATM, buy gift cards and share the numbers, or send money over a payment app like Zelle, Cash App, or Venmo.
• Don’t trust your caller ID. A call might look like it’s coming from the government or a business, but scammers often fake caller ID.

And we close things out a quick roundup …

As always, here’s a quick list of a few stories that caught our eye this week:

AI tools transform Christmas shopping as people turn to chatbots

National cybercrime network operating for 14 years dismantled in Indonesia

Why is AI becoming the go-to support for our children’s mental health?

We’ll see you next Friday with a special edition to close out 2025 … This Year in Scams.

The post This Week in Scams: Petco Breach Warning, and Watch Out for Fake Federal Calls appeared first on McAfee Blog.

Think That Party Invite Is Real? Fake E-Vite Scams Are the New Phishing Trap

It looks harmless enough.

A digital party invitation lands in your inbox or phone. You click to see the details. Then it asks you to log in or create an account before revealing the event. 

That’s where the scam begins. 

Fake e-vite phishing scams are on the rise, and they take advantage of something simple: social trust. You’re far more likely to click an invitation than a generic “account alert” or “delivery notice.” 

And that’s exactly why scammers are using them. 

In fact, here’s a screenshot of a fake phishing email I recently got this holiday season:

When you click the “open invitation” link, it immediately asks you to sign in or create an account with your personal information. That’s the step where scammers steal your private data. 

What Is a Fake E-Vite Scam? 

A fake e-vite scam is a phishing attack that pretends to be a real invitation from platforms like Paperless Post or other digital invitation services. 

The goal is to trick you into: 

• Entering your email and password 
• Creating a fake account on a malicious site 
• Clicking links that lead to credential-stealing pages 
• Downloading malware disguised as an invitation 

Once scammers have your login information, they can: 

• Take over your email 
• Reset passwords on other accounts 
• Send scams to your contacts 
• Launch identity theft attempts 

How These Fake Invitation Scams Usually Work 

Here’s the most common flow: 

1. You receive a digital invitation that looks normal 
2. The message prompts you to “view the invitation” 
3. You’re redirected to a login or signup page 
4. You enter your email, password, or personal info 
5. The invitation never appears 
6. Your credentials have now been stolen 

Because this starts with something familiar and social, many people don’t realize it’s phishing until accounts are already compromised. Plus, scammers then use your email and name to trick friends and family into trusting more fake e-vites from your account.

How to Tell If a Paperless Post Invite Is Real 

Paperless Post has publicly acknowledged these scams and shared what legitimate messages actually look like. 

Legitimate Paperless Post Emails Will Never: 

• Include .EXE attachments 
• Include .PDF attachments 
• Include any attachments other than image files 

Official Paperless Post Email Domains: 

Legitimate invitations and account messages only come from: 

• paperless@email.paperlesspost.com 
• paperlesspost@paperlesspost.com 
• paperlesspost@accounts.paperlesspost.com 

Official support emails only come from: 

• help@paperlesspost.com 
• pds@paperlesspost.com 
• security@paperlesspost.com 
• privacy@paperlesspost.com 
• agent@paperlesspost.com 
• optout@paperlesspost.com 

If the sender does not match one of these exactly, it’s a scam. 

Paperless Post also notes that verified emails may display a blue checkmark in supported inboxes to confirm authenticity.  

The Biggest Red Flags of a Fake E-Vite 

If you see any of the following, do not click: 

• You’re forced to log in to “see” who invited you 
• The sender email doesn’t match the official domains above 
• The invitation creates urgency 
• You’re asked for payment to view the event 
• The message feels generic instead of personal 
• The site address looks slightly off 

Why These Scams Are So Effective Right Now 

Modern phishing attacks don’t rely on sloppy design anymore. Many now use: 

• Polished branding 
• Clean layouts 
• Familiar platforms 
• Friendly language 
• Social pressure 

Invitation phishing is especially powerful because: 

• It triggers curiosity 
• It feels harmless 
• It mimics real social behavior 
• It doesn’t start with fear or threats 
• By the time the scam turns risky, your guard is already down. 

What To Do If You Clicked a Fake E-Vite 

If you entered any information into a suspicious invitation page: 

1. Immediately change your email password 
2. Change any other account that reused that password 
3. Enable two-factor authentication 
4. Check for unknown login activity 
5. Warn contacts if your email may have been compromised 
6. Run a security scan on your device 

The faster you act, the more damage you can prevent. 

The post Think That Party Invite Is Real? Fake E-Vite Scams Are the New Phishing Trap appeared first on McAfee Blog.

How to Stay Safe on Your New AI Browser

AI-powered browsers give you much more than a window to the web. They represent an entirely new way to experience the internet, with an AI “agent” working by your side.

We’re entering an age where you can delegate all kinds of tasks to a browser, and with that comes a few things you’ll want to keep in mind when using AI browsers like ChatGPT’s Atlas, Perplexity’s Comet, and others.

What are agentic AI browsers?

So, what’s the allure of this new breed of browser? The answer is that it’s highly helpful, and plenty more.

By design, these “agentic” AI browsers actively assist you with the things you do online. They can automate tasks and interpret your intentions when you make a request. Further, they can work proactively by anticipating things you might need or by offering suggestions.

In a way, an AI browser works like a personal assistant. It can summarize the pages in several open tabs, conduct research on just about any topic you ask it to, or even track down the lowest airfare to Paris in the month of May. Want it to order ink for your printer and some batteries for your remote? It can do that too. And that’s just to name a few possibilities.

As you can see, referring to the AI in these browsers as “agentic” fits. It truly works like an agent on your behalf, a capability that promises to get more powerful over time.

Is it safe to use an AI browser?

But as with any new technology, early adopters should balance excitement with awareness, especially when it comes to privacy and security. You might have seen some recent headlines that shared word of security concerns with these browsers.

The reported exploits vary, as does the harm they can potentially inflict. That ranges from stealing personal info, gaining access to Gmail and Google Drive files, installing malware, and injecting the AI’s “memory” with malicious instructions, which can follow from session to session and device to device, wherever a user logs in.

Our own research has shown that some of these attacks are now tougher to pull off than they were initially, particularly as the AI browser companies continue to put guardrails in place. If anything, this reinforces a long-standing truth about online security, it’s a cat-and-mouse game. Tech companies put protections in place, bad actors discover an exploit, companies put further protections in place, new exploits crop up, and so on. It’s much the same in the rapidly evolving space of AI browsers. The technology might be new, but the game certainly isn’t.

While these reports don’t mean AI browsers are necessarily unsafe to use, they do underscore how fast this space is evolving…and why caution is smart as the tech matures.

How To Use an AI Browser Safely

It’s still early days for AI-powered browsers and understanding the security and privacy implications of their use. With that, we strongly recommend the following to help reduce your risk:

Don’t let an AI browser do what you wouldn’t let a stranger do. Handle things like your banking, finances, and health on your own. And the same certainly goes for all the info tied to those aspects of your life.

Pay attention to confirmations. As of today, agentic browsers still require some level of confirmation from the user to perform key actions (like processing a payment, sending an email, or updating a calendar entry). Pay close attention to them, so you can prevent your browser from doing something you don’t want it to do.

Use the “logged out” mode, if possible. As of this writing, at least one AI browser, Atlas, gives you the option to use the agent in the logged-out mode.ⁱ This limits its access to sensitive data and the risk of it taking actions on your behalf with your credentials.

If possible, disable “model learning.” By turning it off, you reduce the amount of personal info stored and processed by the AI provider for AI training purposes, which can minimize security and privacy risks.

Set privacy controls to the strictest options available. Further, understand what privacy policies the AI developer has in place. For example, some AI providers have policies that allow people to review your interactions with the AI as part of its training. These policies vary from company to company, and they tend to undergo changes. Keeping regular tabs on the privacy policy of the AI browser you use makes for a privacy-smart move.

Keep yourself informed. The capabilities, features, and privacy policies of AI-powered browsers continue to evolve rapidly. Set up news alerts about the AI browser you use and see if any issues get reported and, if so, how the AI developer has responded. Do routine searches pairing the name of the AI browser with “privacy.”

How McAfee Can Help

McAfee’s award-winning protection helps you browse safer, whether you’re testing out new AI tools or just surfing the web.

McAfee offers comprehensive privacy services, including personal info scans and removal plus a secure VPN.

Plus, protections like McAfee’s Scam Detector automatically alert you to suspicious texts, emails, and videos before harm can happen—helping you manage your online presence confidently and safeguard your digital life for the long term. Likewise, Web Protection can help you steer you clear of suspicious websites that might take advantage of AI browsers.

The post How to Stay Safe on Your New AI Browser appeared first on McAfee Blog.

This Week in Scams: Phony AI Ads, Apple Account Takeover Attempts, and a PlayStation Scam

For this week in scams, we have fake AI-generated shopping images that could spoil your holidays, scammers use an Apple Support ticket in a takeover attempt, and a PlayStation scam partly powered by AI.

Let’s start with those fake ads, because holiday shopping is in full swing.

Keep a sharp eye out for fake AI shopping ads that sell knockoff goods

Turns out that three-quarters of people (74%) can’t correctly identify a fake AI-generated social media ad featuring popular holiday gifts—which could leave them open to online shopping scams.

That finding, and several others, comes by way of research from Santander, a financial services company in the UK.

Here’s a quick rundown of what else they found:

• Less than one in 10 (8%) people feel “very confident” in their ability to spot an AI-generated ad on social media.
• More than half (56%) fear that they or a family member could get scammed as a result.
• About two-thirds (63%) said that they won’t purchase anything from social media platforms because they’re not sure what’s real and what’s fake.

From the study … could you tell these ads are both fake?

 

 

 

 

In all, cheap and readily available AI tools make spinning up fake ads quick and easy work. The same goes for launching websites where those “goods” can get sold. In the past, we’ve seen scammers take two different approaches when they use social media ads and websites to lure in their victims:

Phishing sites

During the holidays, scammers pump out ads that offer seemingly outstanding deals on hot items. Of course, the offer and the site where it’s “sold” is fake. Victims hand over their personal info and credit card number, never to see the items they thought they’d purchased. On top of the money a victim loses, the scammer also has their card info and can run up its tab or sell it to others on the dark web.

Knock-off sites

In this case, the scammer indeed sells and delivers something. But you don’t get what you paid for. The item looks, feels, fits, or works entirely differently than what was advertised. In this way, people wind up with a cheaply made item cobbled together with inferior materials. Worse yet, these scams potentially prop up sweatshops, child labor, and other illegal operations in the process. Nothing about these sites and the things they sell on them are genuine.

So, fake AI shopping ads are out there. What should you look out for? Here’s a quick list:

• First off, any offer that sounds too good to be true and heavy discounts on hard-to-find or popular items are major signs of a scam—and have been for years running now.
• See if the image looks a little too polished or even cartoony in some cases. As for people in AI ads, they can look airbrushed and have skin tones that seemingly give off an odd glow.
• Look up reviews of the company. Trustpilot and the Better Business Bureau offer great resources for that. Even simple a search using “CompanyName scam” can give you an idea if it’s a scam or not.
• And lastly, the combination of our Scam Detector and Web Protection can help sniff out a scam for you.

The Apple Support scam that came from … Apple? (Not really. We’ll explain.)

“I almost lost everything—my photos, my email, my entire digital life.”

So opens a recent Medium post from Eric Moret recounting how he almost handed over his Apple Account to a scammer armed with a real Apple Support ticket to make this elaborate phishing attack look legit.

Over the course of nearly 30 minutes, a scammer calmly and professionally walked Moret through a phony account takeover attempt.

It started with two-factor authentication notifications that claimed someone was trying to access his iCloud account. Three minutes later, he got a call from an Atlanta-based number. The caller said they were with Apple Support. “Your account is under attack. We’re opening a ticket to help you. Someone will contact you shortly.”

Seconds later came another call from the same number, which is where the scam fully kicked in. The person also said they were from Apple Support and that they’d opened a case on Moret’s behalf. Sure enough, when directed, Moret opened his email and saw a legitimate case number from a legitimate Apple address.

The caller then told him to reset his password, which he did. Moret received a text with a link to a site where he could, apparently, close his case.

Note that at no time did the scammers ask him for his two-factor authentication code throughout this process, which is always the sign of a scam. However, the scammers had another way to get it.

The link took him to a site called “appeal-apple dot com,” which was in fact a scam site. However, the page looked official to him, and he entered a six-digit code “confirmation code” sent by text to finish the process.

That “confirmation code” was actually a fresh two-factor authentication code. With that finally in hand, the scammers signed in. Moret received a notice that a new device had logged into his account. Moret quickly reset his password again, which kicked them out and stopped the attack.

So, what went wrong here? Let’s break down three key moments in this account takeover scam:

• The unsolicited phone calls. That’s an immediate sign to hang up and call an official support number to confirm the “issue” yourself.
• The fake website. A site with a URL like “appeal-apple dot com” is a scam site, even if it looks “official.” Scammers can create them easily today.
• The code heist. Scammers trick people into handing over their authorization code by calling it something else, like a “confirmation code.”

So, how can you protect yourself from account takeover scams? Let’s break that down too.

• Know that Apple Support won’t call you or open a case on your behalf.
• Also know that anyone can create an Apple Support ticket for anyone else, without verification. If you didn’t create it yourself, it’s a strong sign of a scam.
• If you have concerns, call Apple yourself at 1-800-275-2273 or contact them through their Apple Support App, available here on Apple’s support page.
• Only interact with Apple through sites and emails with the proper “apple dot com” address. Watch out for altered addresses like the “appeal-apple dot com” used here.
• Never, ever share your authentication code in any way … verbally, in an email, in a text, or a website. Any request for it from anyone is a scam.
• You can see the devices signed into your account any time. Go to Settings, tap your Name, and scroll to see all devices linked to your Apple ID.
• Get protection that blocks links to scam sites, like our Scam Detectorand Web Protection.

The FCC takes aim at the Wal-Mart PlayStation 5 Robocall Scam

Maybe you didn’t get a scam call from “Emma” or “Carl” at Wal-Mart, but plenty of people did. Around eight million in all. Now the Federal Communications Commission’s (FCC) Enforcement Bureau wants to put a stop to them.

“Emma” and “Carl” are in fact a couple of AI voices fronting a scam framed around the bogus purchase of a PlayStation. It’s garnered its share of complaints, so much that the FCC has stepped in. It alleges that SK Teleco, a voice service provider, provisioned at least some of these calls, and that it must immediately stop.

According to the FCC, the call plays out like this:

“A preauthorized purchase of PlayStation 5 special edition with Pulse 3D headset is being ordered from your Walmart account for an amount of 919 dollars 45 cents. To cancel your order or to connect with one of our customer support representatives, please press ‘1.’ Thank you.”

Pressing “1” connects you to a live operator who asks for personal identifiable such as Social Security numbers to cancel the “purchase.”

If you were wondering, it’s unlawful to place calls to cellphones containing artificial or prerecorded voice messages absent an emergency purpose or prior express consent. According to the FCC’s press release, SK Teleco didn’t respond to a request to investigate the calls. The FCC further alleges that it’s unlikely the company has any such consent.

Per the FCC, “If SK Teleco fails to take swift action to prevent scam calls, the FCC will require all other providers to no longer accept call traffic from SK Teleco.”

We’ll see how this plays out, yet it’s a good reminder to report scam calls. When it comes to any kind of scam, law enforcement and federal agencies act on complaints.

Get a scam call? Who’s here you can report it to:

• The Federal Trade Commission (FTC): Report fraud, especially if you lost money, at ReportFraud.ftc.gov.
• The Federal Communications Commission (FCC): Report unwanted calls, texts, and caller ID spoofing at DoNotCall.gov.
• Your State Attorney General: You can find yours through https://www.naag.org/find-my-ag/.

And we close things out a quick roundup …

Here’s a quick list of a few stories that caught our eye this week:

Scammers pose as law enforcement, threaten jail time if you don’t pay (with audio)

Deepfake of North Carolina lawmaker used in award-winning Brazilian Whirlpool video

What happens when you kick millions of teens off social media? Australia’s about to find out

We’ll see you next Friday with more updates, scam news, and ways you can stay safer out there.

The post This Week in Scams: Phony AI Ads, Apple Account Takeover Attempts, and a PlayStation Scam appeared first on McAfee Blog.

McAfee Named ADVANCED+ in Real-World Protection — What That Means for You

When it comes to online safety, independent testing matters. And in the latest AV-Comparatives Real-World Protection Test, McAfee earned the highest possible rating, ADVANCED+, with a 99.5% protection rate. It’s the kind of recognition that helps shoppers understand which tools truly hold up in real-life conditions, not just in controlled lab environments.

For anyone navigating today’s mix of emails, downloads, suspicious links, and AI-driven scams, independent results like these are a clear signal: strong protection still makes a real difference.

What Is the AV-Comparatives Real-World Protection Test?

The Real-World Protection Test is an independent evaluation run by AV-Comparatives, a trusted third-party security testing lab. The test measures how well antivirus and online protection tools block real threats that people encounter every day, including dangerous URLs, malicious downloads, phishing pages, and harmful files attempting to run on a device.

This type of testing is widely cited by major tech publications and review sites because it reflects actual user behavior rather than controlled lab simulations.

Why This Recognition Matters

According to AV-Comparatives, their Real-World Protection Test is designed to measure how security products perform in situations people face every day: clicking a link, opening a file, visiting a site for the first time.

It’s one of the most widely cited sources in tech journalism and consumer product reviews, and it often shapes how online shoppers evaluate cybersecurity tools.

Here’s why tests like these are used in tech reviews, buying guides, and search engine rankings:

• They compare multiple brands under the same conditions
• They use real-world threats, not theoretical malware
• They measure false positives, which impact everyday usability
• They influence third-party reviews and product roundups
• They help shoppers choose trustworthy protection without guesswork

McAfee has earned an ADVANCED+ rating in all tests since June 2022, demonstrating our consistency and reliability in the moments that matter most: when a threat appears disguised as something routine.

About the AV-Comparatives Real-World Protection Test

The latest evaluation included 19 consumer security products, each tested across the full attack chain, from the moment a malicious URL is accessed to the instant a dangerous file tries to execute.

Unlike benchmark tests that focus on one part of the process, this assessment mirrors real user behavior. AV-Comparatives notes that the methodology is meant to be “as realistic as possible,” and the results often reveal meaningful differences in both protection and false positives.

With this round of testing, McAfee maintains its cycle of highest ratings in every Real-World Protection Test, while several well-known competitors were downgraded due to high false-positive counts.

What This Means for Everyday Users

A high protection score matters most when you’re simply going about your day — shopping, banking, downloading a file, or clicking a link you think is safe. Independent recognition signals three core things:

1. Trustworthy Protection

Strong results indicate that advanced threats, misleading links, and malicious downloads are blocked before they can cause harm.

2. Fewer False Alarms

With only four false positives out of nearly 500 samples, McAfee flagged less than 1% of clean files incorrectly. For context: the industry average in this test was 10 false positives, and one competitor even misidentified 75, meaning it labeled nearly 16% of harmless activity as a threat.

The takeaway is simple: strong protection shouldn’t get in your way, and these results show it doesn’t.

3. Innovation That Keeps Pace With Scammers

Criminals now use AI to make fake emails, websites, and support messages look real. Testing that mirrors those real-world conditions helps consumers see which tools stay ahead of that curve.

A Note on McAfee Protection Tools

McAfee’s threat protection, the same technology validated in this test, is built into McAfee+ Premium, McAfee+ Advanced, McAfee+ Ultimate, McAfee Total Protection, and McAfee LiveSafe.

McAfee’s built-in Scam Detector, included in all core plans, automatically detects scams across text, email, and video, blocks dangerous links, and identifies deepfakes—stopping harm before it happens.

The post McAfee Named ADVANCED+ in Real-World Protection — What That Means for You appeared first on McAfee Blog.

The Most Impersonated Brands in Holiday Shopping, Ranked

Scammers aren’t worried about ending up on the naughty list. If anything, they’re doubling down in 2025.  

This year, scammers are impersonating major brands with startling accuracy, from fake delivery updates to cloned checkout pages.

Our McAfee Labs researchers analyzed real scam texts, emails, and URLs from October through early November, along with consumer survey data, to identify the patterns shaping this season’s fraud.

Here’s what shoppers need to know, what’s trending upward, and how to spot the fakes before they reach your cart.

What Is a Holiday Brand-Impersonation Scam?

A brand-impersonation scam is when criminals copy a real brand, like a retailer, tech company, bank, or delivery service, to make fake emails, texts, ads, or websites that look legitimate.

Their goal is to trick shoppers into clicking, entering account details, or making a payment.

McAfee Labs’ brand impersonation analysis shows criminals focusing on the items people shop for most — tech gifts, luxury goods, and high-demand drops.

Fake versions of these brands typically include:

• Copied product photos
• Familiar layouts
• Holiday sale graphics
• Support pages designed to capture logins

Which Brands Are Being Faked the Most This Holiday Season?

Top 5 most impersonated luxury brands

1. Coach
2. Dior
3. Ralph Lauren
4. Rolex
5. Gucci

Top 5 most impersonated mainstream consumer brands

1. Apple
2. Nintendo
3. Samsung
4. Disney
5. Steam

Other Key Research Takeaways US:

• Email scams are exploding, up ~50% in retail and ~85% in tech as the holidays approach.
• Fake storefronts are rising, with technology URL scams up nearly 50% and consumer URL scams up ~5%.
• Trusted brands are the most impersonated, including Amazon, Microsoft, Apple, Walmart, and Costco.
• 96% plan to shop online
• 91% see ads from unfamiliar retailers
• 37% may buy from brands they don’t recognize
• AI is reshaping scams, with 46% of Americans encountering fake celebrity or influencer endorsements.

Other Key Research Takeaways UK:

• 97% plan to shop online
• 86% see ads from unfamiliar retailers
• 30% may buy from brands they don’t recognize
• AI is reshaping scams, with 42% of Americans encountering fake celebrity or influencer endorsements.

How to Stay Safe While Brands Are Being Faked This Season

Scammers are getting better at copying the brands you trust, but avoiding the fakes gets much easier when you slow down, verify what you see, and use tools that check links and messages before you click.

Here’s what actually helps during a season when realistic-looking scams are everywhere:

1. Go straight to the source

If you get a message about an order, refund, delivery issue, or account lockout, don’t click the link.

Go directly to the retailer’s app or type the URL manually.

This single habit eliminates most holiday scams.

2. Inspect the sender, not the graphics

Scammers can recreate logos, colors, and templates perfectly.

What they can’t easily mimic:

• A legitimate domain
• A verified phone number
• A support email that matches the company’s format

If the sender looks off, the message is off.

3. Let security tools check the link for you

McAfee’s online protection adds a critical layer of holiday safety, especially when scammers imitate retailers with near-perfect accuracy.

Key protections include:

Web Protection
Blocks malicious or suspicious websites before they load — including fake checkout pages, login portals, and support sites.

Scam Detector
Built into all core McAfee plans. It flags scam texts, emails, and even deepfake-style video promotions, letting you know a link or message is unsafe before you interact with it.

Password Manager
Creates and stores strong, unique passwords so a stolen login from one retailer doesn’t unlock your whole digital life.

Identity & Financial Monitoring
Transaction Monitoring and Credit Monitoring can alert you to unusual activity — a crucial safety net when stolen logins, card numbers, or personal details circulate quickly during the holidays.

These tools help counter the exact tactics scammers rely on: cloned websites, fake brand emails, and phishing links disguised as legitimate retailers.

4. Turn on two-factor authentication everywhere you shop

Even if a scammer gets your password, they can’t get in without your one-time code.

5. Treat urgency as a red flag

Legitimate companies don’t ask you to “act in minutes,” pay fees to “unlock” an account, or claim you must stay on the line.

Pressure is a tactic — not customer service.

6. Keep an eye on your accounts

Check your banking and shopping accounts weekly.

Small unauthorized charges often appear before large ones.

The post The Most Impersonated Brands in Holiday Shopping, Ranked appeared first on McAfee Blog.

This Week in Scams: DoorDash Breach and Fake Flight Cancellation Texts

Leading off our news on scams this week, a heads-up for DoorDash users, merchants, and Dashers too. A data breach of an undisclosed size may have impacted you.

Per an email sent by the company to “affected DoorDash users where required,” a third party gained access to data that may have included a mix of the following:

• First and last name
• Physical address
• Phone number
• Email address

You might have got the email too. And even if you didn’t, anyone who’s used DoorDash should take note.

As to the potential scope of the breach, DoorDash made no comment in its email or a post on their help site. Of note, though, is that one of the help lines cited in their post mentions a French-language number—implying that the breach might affect Canadian users as well. Any reach beyond the U.S. and Canada remains unclear.

Per the company’s Q2 financial report this year, “hundreds of thousands of merchants, tens of millions of consumers, and millions of Dashers across over 30 countries every month.” Stats published elsewhere put the user base at more than 40 million people, which includes some 600,000 merchants.

The company underscored that no “sensitive” info like Social Security Numbers (and potentially Canadian Social Insurance Numbers) were involved in the breach. This marks the third notable breach by the well-known delivery service, with incidents in 2019 and 2022

What to do if you think you got caught up in the DoorDash breach

While the types of info involved here appear to be limited, any time there’s a breach, we suggest the following:

Protect your credit and identity. Checking your credit and getting identity theft protection can help keep you safer in the aftermath of a breach. Further, a security freeze can help prevent identity theft if you spot any unusual activity. You can get all three in place with our McAfee+ Advanced or Ultimate plans.

Keep an eye out for phishing attacks. With some personal info in hand, bad actors might seek out more. They might follow up a breach with rounds of phishing attacks that direct you to bogus sites designed to steal your personal info. As with any text or email you get from a company, make sure it’s legitimate before clicking or tapping on any links. Instead, go straight to the appropriate website or contact them by phone directly. Also, protections like our Scam Detector and Web Protection can alert you to scams and sketchy links before they take you somewhere you don’t want to go.

Update your passwords and use two-factor authentication. Changing your password is a strong preventive measure. Strong and unique passwords are best, which means never reusing your passwords across different sites and platforms. Using a password manager helps you stay on top of it all while also storing your passwords securely.

Attention travelers: Now boarding, a rise in flight cancellation scams

Even as the FAA lifted recent flight restrictions on Monday morning, scammers are still taking advantage of lingering uncertainty, and upcoming holiday travel, with a spate of flight cancellation scams.

How the scam works

Fake cancellation texts

The first comes via a text message saying that your flight has been cancelled and you must call or rebook quickly to avoid losing your seat—usually in 30 minutes. It’s a typical scammer trick, where they hook you with a combination of bad news and urgency. Of course, the phone number and the site don’t connect you with your airline. They connect you to a scammer, who walks away with your money and your card info to potentially rip you off again.

Fake airline sites in search results

The second uses paid search results. We’ve talked about this trick in our blogs before. Because paid search results appear ahead of organic results, scammers spin up bogus sites that mirror legitimate ones and promote them in paid search. In this way, they can look like a certain well-known airline and appear in search before the real airline’s listing. With that, people often mistakenly click the first link they see. From there, the scam plays out just as above as the scammer comes away with your money and card info.

How to avoid flight cancellation scams

Q: How can I confirm whether my flight is really canceled?
A: Check directly in your airline’s official app or website. Never click links in texts or emails.

Q: How can I spot a fake airline search result?
A: Look for “Ad”/“Sponsored,” confirm the URL, and check that the site uses HTTPS, not HTTP.

Q: Is there a tool that flags fake booking sites?
A: Scam-spotting tools like Scam Detector and Web Protection can identify sketchy links before you click.

In search, first isn’t always best.

Look closely to see if your top results are tagged with “Sponsored” or “Ad” in some way, realizing it might be in fine print. Further, look at the web address. Does it start with “https” (the “s” means secure), because many scam sites simply use an unsecured “http” site. Also, does the link look right? For example, if you’re searching for “Generic Airlines,” is the link the expected “genericairlines dot-com” or something else? Scammers often try to spoof it in some way by adding to the name or by creating a subdomain like this: “genericairlines.rebookyourflight dot-com.”

Get a scam detector to spot bogus links for you.

Even with these tips and tools, spotting bogus links with the naked eye can get tricky. Some look “close enough” to a legitimate link that you might overlook it. Yet a combination of features in our McAfee+ plans can help do that work for you.  Our Scam Detector helps you stay safer with advanced scam detection technology built to spot and stop scams across text messages, emails, and videos. Likewise, our Web Protection will alert you if a link might take you to a sketchy site. It’ll also block those sites if you accidentally tap or click on a bad link.

Scammers Hijack a Trusted Mass Texting Provider

You’ve probably seen plenty of messages sent by short code numbers. They’re the five- or six-digit codes used to send texts instead of by a phone number. For example, your cable company might use one to send a text for resetting a streaming password, the same goes for your pharmacy to let you know a prescription is ready or your state’s DoT to issue a winter travel alert, and so on.

According to NBC News, scammers sent hundreds of thousands of texts using codes used by the state of New York, a charity, and a political organizing group. The article also cites an email sent to messaging providers by the U.S. Short Code Registry, an industry nonprofit that maintains those codes in the U.S. In the email, the registry said attempted attacks on messaging providers are on the rise.

What this means for the rest of us is that just about any text from an unknown number, and now short codes, might contain malicious links and content. It’s one more reason to arm yourself with the one-two punch of our Scam Detector and Web Protection.

What are short codes?
Short codes are 5–6 digit numbers used by pharmacies, utilities, banks, and government agencies to send official alerts.

Why this attack is unusual
Scammers didn’t spoof short codes—they gained access to real ones used by:

• The State of New York
• A charity
• A political organizing group

Why this matters
Even texts from legitimate short-code numbers can no longer be trusted at face value.

What to do now

• Treat any unexpected text—even from a short code—as suspicious.
• Don’t tap links.
• Verify by going directly to the official website or app.

Quick Scam Roundup

Consumers warned over AI chatbots giving inaccurate financial advice 

• Our advice: Always verify recommendations with trusted financial sources

Why our own clicks are often cybercrime’s greatest allies

• Our advice: Many attacks rely on rushed or emotional decisions, slow down before clicking

TikTok malware scam uses fake software activation guides to steal data

• Our advice: Download software only from official sources

 

We’ll be back after the Thanksgiving weekend with more updates, scam news, and ways to stay cyber safe.

The post This Week in Scams: DoorDash Breach and Fake Flight Cancellation Texts appeared first on McAfee Blog.

How to Follow McAfee on Google News in One Simple Step

Want McAfee’s latest scam alerts, cybersecurity tips, and safety updates to show up automatically in your Google News feed? You can follow McAfee directly on Google News with a single tap.

Google News now gives every official publisher a dedicated page — and McAfee has one. Once you follow us, our newest articles will appear in your Following tab and throughout your personalized news feed whenever they’re relevant to you.

Here’s how to do it in seconds.

Follow McAfee on Google News

Step 1: Go to our official Google News page

Tap or click this link:

McAfee Official Google News Source Page

This opens McAfee’s verified publisher page inside Google News.

Step 2: Tap the “Follow” button

You’ll see a star icon at the top of the page.

Tap Follow and you’re done.

That’s it — McAfee is now part of your personalized news feed.

What happens after you follow McAfee

When you tap the star:

• McAfee appears under Following → Sources in Google News
• Our stories show up more often when you search for cybersecurity topics
• You’ll see McAfee alerts, safety tips, and threat updates sooner
• Google prioritizes McAfee when we publish on topics you care about (AI scams, malware, identity theft, etc.)

No settings menus. No advanced search. Just one tap.

How to Unfollow or Manage Your Sources

If you ever want to update your feed:

1. Open Google News

2. Go to Following → Sources

3. Tap the star again to unfollow

4. Or rearrange which sources matter most to you

 

---

FAQs

Do I need the Google News app?

No. Following works in both browsers and the app.

Will this make McAfee show up first for every search?

Not automatically — but Google does prioritize publishers you follow when the content is relevant.

Can I follow McAfee on multiple devices?

Yes. It’s tied to your Google account, not your phone or laptop.

Is the follow button safe?

Absolutely. This is Google’s built-in publisher follow system.

Stay Updated, Stay Safer

Cyber threats move fast — following McAfee on Google News makes it easier to stay ahead of scams, breaches, and emerging AI risks.

The post How to Follow McAfee on Google News in One Simple Step appeared first on McAfee Blog.

This Week in Scams: New Alerts for iPhone and Android Users and a Major Google Crackdown

Welcome back to another This Week in Scams.

This week,  have attacks that take over Androids and iPhones, plus news that Google has gone on the offensive against phishing websites.

First up, a heads-up for iPhone owners.

The “We found your iPhone” scam

In the hands of a scammer, “Find My” can quickly turn into “Scam Me.”

Switzerland’s National Cyber Security Center (NCSC) shared word this week of a new scam that turns the otherwise helpful “Find My” iOS feature into an avenue of attack.

Now, the thought of losing your phone, along with all the important and precious things you have on it, is enough to give you goosebumps. Luckily, the “Find My” can help you track it down and even post a personalized message on the lock screen to help with its return. And that’s where the scam kicks in.

From the NCSC:

When a device is marked as lost, the owner can display a message on the lock screen containing contact details, such as a phone number or email address. This can be very helpful if the finder is honest – but in dishonest hands, the same information can be used to launch a targeted phishing attack.

With that, scammers send a targeted phishing text, as seen in the sample provided by the NCSC below …

What do the scammers want once you tap that link? They request your Apple ID and password, which effectively hands your phone over to them—along with everything on it and everything else that’s associated with your Apple ID.

It’s a scam you can easily avoid. So even if you’re still stuck with a lost phone that’s likely in the hands of a scammer the point of consolation is that, without your ID, the phone is useless to them.

Here’s what the NCSC suggests:

Ignore such messages. The most important rule is Apple will never contact you by text message or email to inform you that a lost device has been found.

Never click on links in unsolicited messages or enter your Apple ID credentials on a linked website.

If you lose your device, act immediately. Enable Lost Mode straight away via the Find My app on another device or at iCloud.com/find. This will lock the device.

Be careful about which contact details you show on your lost device’s lock screen. For example, use a dedicated email address created specifically for this purpose. Never remove the device from your Apple account, as this would disable the Activation Lock.

Make sure your SIM card is protected with a PIN. This simple yet effective measure prevents criminals from gaining access to your phone number.

Android phone takeover scam

Now, a different attack aimed at Android owners …

A story shared on Fox this week breaks down how a combination of paid search ads, remote access tools, and social engineering have led to hijacked Android phones.

It starts with a search, where an Android owner looks up a bank, a tech support company, or what have you. Instead of getting a legitimate result, they get a link to a bogus site via paid search results that appear above organic search results. The link, and the page it takes them to, look quite convincing, given the ease with which scammers can spin up ads and sites today. (More on that next.)

Once there, they call a support number and get connected to a phony agent. The agent convinces the victim to download an app that will help the “agent” solve their issue with their account or phone. In fact, the app is a remote access tool that gives control of the phone, and everything on it, to the scammer. That means they can steal passwords, send messages to friends, family, or anyone at all, and even go so far as to lock you out.

Basically, this scam hands over one of your most precious possessions to a scammer.

Here’s how you can avoid that:

Skip paid search results for extra security. That’s particularly true when contacting your bank or other companies you’re doing business with. Look for their official website in the organic search results below paid ads. Better yet, contact places like your bank or credit card company by calling the number on the back of your card.

Get a scam detector. A combination of our Scam Detector and Web Protection can call out sketchy links, like the bogus paid links here. They’ll even block malicious sites if you accidentally tap a bad link.

Never download apps from third-party sites outside of the Google Play Store. Google has checks in place to spot malicious apps in its store.

Lastly, never give anyone access to your phone. No bank rep needs it. So if someone on a call asks you to download an app like TeamViewer, AnyDesk, or AirDroid, it’s a scam. Hang up.

Beyond that, you can protect yourself further by installing an app like our McAfee Security: Antivirus VPN. You can pick it up in the Google Play store, which also includes our Scam Detector and Identity Monitoring. You can also get it as part of your McAfee+ protection.

Google takes aim at phishing scams with a lawsuit against an alleged criminal organization

Just Wednesday, Google took a first step toward making the internet safer from bogus sites, per a story filed by National Public Radio.

A lawsuit alleges that a China-based company called “Lighthouse” runs a “Phishing-as-a-Service” operation that outfits scammers with quick and easy tools and templates for creating convincing-looking websites. According to Google’s general counsel, these sites could “compromise between 12.7 and 115 million credit cards in the U.S. alone.”

The suit was filed in the U.S. District Court in the Southern District of New York, which, of course, has no jurisdiction over a China-based company. The aim, per Google’s counsel, is deterrence. From the article:

“It allows us a legal basis on which to go to other platforms and services and ask for their assistance in taking down different components of this particular illegal infrastructure,” she said, without naming which platforms or services Google might focus on. “Even if we can’t get to the individuals, the idea is to deter the overall infrastructure in some cases.”

We’ll keep an eye on this case as it progresses. And in the meantime, it’s a good reminder to get Scam Detector and Web Protection on all your devices so you don’t get hoodwinked by these increasingly convincing-looking scam sites.

Again, scammers can roll them out so quickly and easily today.

And now for a quick roundup …

Here’s a quick list of a few stories that caught our eye this week:

Alarmingly realistic deepfake threats now target banks in South Africa

Nearly 80% of parents fear their kids will fall for an AI scam, but they aren’t sure how to talk about it

Hyundai data breach exposes 2.7 million Social Security numbers

 

And that’s it for this week! We’ll see you next Friday with more updates, scam news, and ways you can stay safer out there.

The post This Week in Scams: New Alerts for iPhone and Android Users and a Major Google Crackdown appeared first on McAfee Blog.

Holiday Shopping 2025: US Fact Sheet 

The holidays are supposed to be about joy and generosity — but this year, they’re also peak season for AI-powered scams. New research from McAfee, a global leader in online protection, shows how fraudsters are using artificial intelligence to create more convincing lures — from deepfake endorsements to cloned delivery messages — as Americans head online to shop.

US – Holiday Shopping 2025 Fact Sheet 

The post Holiday Shopping 2025: US Fact Sheet  appeared first on McAfee Blog.

This Week in Scams: Fake Steaks and Debit Card Porch Pirates

We’re back with a new edition of “This Week in Scams,” a roundup of what’s current and trending in all things sketchy online.

This week, we have fake steaks, why you should shop online with a credit card, and a new and utterly brash form of debit card fraud.

Fake steaks from “0maha Steaks”

Yes, the letter “O” for Omaha in the subject line of this email scam is actually a zero. And that’s not the only thing that’s off with this email, it’s a total scam.

 

If you like your choice cuts, the name Omaha Steaks might be a familiar one. They’ve been around for almost 110 years, and since 1953 they’ve been in the mail order meat business. Today, they sell, well, just about anything you can picture in the butcher or seafood case. With that, the company enjoys a premium reputation, so it’s little surprise scammers have latched onto it and built a phishing attack around the brand—one they garnish with a nod to concerns over rising food prices.

A few things can quickly tip you off to this scam. For starters, the scammers oddly spell Omaha with a zero in the subject line, as mentioned. From there, the sender’s email address is a straight ref flag. In this case, it’s the curiously spelled “steaksamplnext” followed by a (redacted) domain name that isn’t the legitimate omahasteaks dot-com address. Also curious is the lack of an actual price for the bogus “Gourmet Box.” And lastly, you might think that a premium foods brand would showcase some pictures of their famous fare in the email. Not so here.

Rounding it out, you’ll see the classic scammer tactics of scarcity and urgency, which scammers hope will pressure people to act immediately. In this case, only 500 of these supposed boxes are available, and the offer “concludes tomorrow.”

How to avoid Omaha Steak scams and phishing scams like them

Even as this scam makes the rounds, it’s easy to spot if you give it a closer look and a little thought—giving it a sort of old-school feel to it. However, more and more of today’s phishing emails look increasingly legit, thanks to AI tools, which might get you to click.

As for phishing attacks like this in general, you can protect yourself by:

Always checking the email address of the sender. If it doesn’t match the proper address of the company or brand that’s supposedly sending the email, it’s a scam. In this case, from the people at Omaha Steaks themselves, “If it doesn’t show OmahaSteaks.com and @OmahaSteaks, it’s not us!”

Looking for addresses and links that look like they’ve been slightly altered so that they seem “close enough” to the real thing. In this case, the scammer didn’t even bother to try. However, you could expect an alteration like “omahasteakofferforyou.com” to try and look legit.

Getting a scam detector. Our Scam Detector, found in all core McAfee plans, helps you stay safer with advanced scam detection technology built to spot and stop scams across text messages, emails, and videos. It’ll also block those sites if you accidentally tap or click on a bad link.

One good reason for using your credit card when shopping online.

What’s the most common kind of fraud? If you said, “credit card,” you’ll find it number five on the list. The top form is debit cards, according to 2025 findings from the U.S. Federal Reserve.

As reported by financial institutions, the Fed found that attempts at debit card fraud rose to 73% with 52% of those attempts being successful.

The post This Week in Scams: Fake Steaks and Debit Card Porch Pirates appeared first on McAfee Blog.

The Louvre Used Its Own Name as a Password. Here’s What to Learn From It

If you’ve been watching the news, you’ve probably seen the headlines out of Paris: one of the most audacious heists in decades took place at the Louvre, where thieves made off with centuries-old crown jewels worth tens of millions of dollars.

But amid the cinematic drama, a quieter detail emerged that’s almost harder to believe—according to French newspaper Libération (via PC Gamer), auditors discovered that the password protecting the museum’s video surveillance system was simply “Louvre.”

While it’s not yet confirmed whether this played a direct role in the robbery, cybersecurity experts point out that weak or reused passwords remain one of the easiest ways for criminals—digital or otherwise—to get inside.

Safety Lessons You Can Learn from The Louvre

The Louvre’s cybersecurity audits, dating back to 2014, reportedly revealed a pattern of outdated software and simple passwords that hadn’t been updated in years. Subsequent reviews noted “serious shortcomings,” including security systems running on decades-old software no longer supported by developers.

That situation mirrors one of the most common security issues individuals face at home. Whether it’s an email account, a social media login, or your home Wi-Fi router, using an easy or repeated password is like leaving the front door open. Hackers don’t need to break in when they can just walk through.

As experts here at McAfee have explained, cybercriminals routinely rely on “credential stuffing” attacks, in which they test stolen passwords from one breach against other sites to see what else they can access. If you’ve used the same password for your streaming account and your online banking, it’s not hard to imagine what could go wrong.

What’s A Bad Password?

• Obvious or guessable: Anything like “password,” “123456,” or even the name of the service (“Louvre,” “Netflix,” “Chase”) can be cracked in seconds.
• Dictionary words: Real words or phrases are easier for hacking programs to guess, even when combined creatively.
• Repeated passwords: Reusing a password across multiple sites means one breach can expose everything.
• Personal details: Pet names, birthdays, and favorite bands can all be scraped from social media—making them the first thing a hacker will try.

What Makes A Strong Password

A strong password is long, complex, and unique. Cybersecurity experts recommend at least 12–16 characters that mix uppercase and lowercase letters, numbers, and symbols. A short password can be guessed in minutes; a long one can take decades to crack.

If that sounds like a lot to juggle, you’re not alone. That’s why password managers exist.

Why A Password Manager Is Your Best Guard

A password manager takes the work—and the guesswork—out of creating and remembering complex passwords. It generates random combinations that are nearly impossible to crack, then stores them securely using advanced encryption.

The added bonus? You’ll never have to reuse a password again. Even if one account is theoretically compromised in a breach, your others remain protected because each password is unique.

McAfee’s password manager also uses multi-factor authentication (MFA), meaning you’ll need at least two forms of verification before signing in—like a code sent to your phone. That extra step can stop hackers cold, even if they somehow get your password.

How to protect yourself

To keep your digital treasures safer than the Louvre’s jewels:

• Use strong, unique passwords for every account. Longer is better.
• Change passwords regularly and especially after any breach or suspicious activity.
• Turn on MFA wherever possible—it’s one of the simplest and most effective protections.
• Avoid public Wi-Fi for sensitive logins, or use a secure VPN.
• Store passwords safely with a reputable password manager instead of your browser or a notepad.

The bottom line

Reports of the Louvre’s weak password might make for an easy punchline, but the truth is that millions of people make the same mistake every day—reusing simple passwords across dozens of accounts. Strong, unique passwords (and the right tools to manage them) are still one of the most powerful defenses against data theft and identity fraud.

As scams and breaches continue to evolve, your best defense is awareness and protection that adapts just as fast. McAfee’s built-in Scam Detector, included in all core plans, automatically detects scams across text, email, and video, blocks dangerous links, and identifies deepfakes—stopping harm before it happens.

The post The Louvre Used Its Own Name as a Password. Here’s What to Learn From It appeared first on McAfee Blog.

AWS Outage Disrupts Major Apps Like Reddit and Snapchat—What Happened and How to Stay Safe

Amazon Web Services (AWS), one of the world’s largest cloud providers, recently experienced a major outage that disrupted popular websites and apps across the globe—including Snapchat, Reddit, Fortnite, Ring, and Coinbase, according to reports from CNN and CNBC.

The disruption began out of Northern Virginia, where many of the internet’s most-used applications are hosted.

AWS said the problem originated within its EC2 internal network, impacting more than 70 of its own services, and was tied to DNS issues, the system that tells browsers how to find the right servers online.

A few hours after the initial reports of outages, AWS said the problem had been “fully mitigated,” though it took several more hours for all users to see their systems stabilized, according to CNBC.

There is no indication the outage was caused by a cyberattack, and Amazon continues to investigate the root cause.

Why So Many Apps Went Down

When Amazon Web Services falters, the ripple effects reach far beyond businesses. Millions of consumers suddenly lose access to everyday apps and tools, including everything from banking and airline systems to gaming platforms and smart home devices.

“In the past, companies ran their own servers—if one failed, only that company’s customers felt it,” said Steve Grobman, McAfee’s Chief Technology Officer. “Today, much of the internet runs on shared backends like Amazon Web Services or Google Cloud. That interconnectedness makes the web faster and more efficient, but it also means one glitch can impact dozens of services at once.”

Grobman noted the issue was related to a capability called DNS within AWS, he described DNS as providing the directions on how systems find each other and even if those systems are operational, it can be detrimental.. It’s analogous to  “tearing up a map or turning off your GPS before driving to the store.” The store might still be open and stocked, he explained, but if you can’t find your way there, it doesn’t matter.

“Even with rigorous safeguards in place, events like this remind us just how complex and intertwined our digital world has become,” Grobman added. “It highlights why resilience and layered protection matter more than ever.”

Outages Create Confusion—And Opportunity for Scammers

Events like this sow uncertainty for consumers. When apps fail to load, people may wonder: Is my account hacked? Is my data at risk? Is it just me?

Cybercriminals exploit that confusion. After past outages, McAfee researchers have seen phishing campaigns, fake refund emails, and malicious links promising “fixes” or “status updates” appear within hours.

Scammers often mimic legitimate service alerts—complete with logos and urgent wording—to trick users into entering passwords or payment information. Others push fake customer-support numbers or send direct messages claiming to “restore access.”

How to Protect Yourself During a Major Outage

Here’s how to stay secure when the :

1. Pause before you click. Be skeptical of any unsolicited message about outages, refunds, or account verification.
2. Go straight to the source. Check the official app or website status pages—don’t follow links in emails or texts.
3. Ignore urgent “fix” offers. Legitimate companies won’t ask you to download tools or send payment to restore access.
4. Watch for red flags. Requests for money via gift cards, crypto, or wire transfers are almost always scams.
5. If you clicked a suspicious link:
   1. Change your password immediately (and for any accounts using the same one).
   2. Turn on or refresh two-factor authentication (2FA).
   3. Monitor recent transactions and set up alerts.
   4. Run a trusted security scan to remove any unwanted apps or remote-access tools.

How McAfee Can Help

Using advanced artificial intelligence, McAfee’s Scam Detector automatically detects scams across text, email, and video, blocks dangerous links, and identifies deepfakes, stopping harm before it happens.

McAfee’s identity protection tools also monitor for signs that your personal information may have been exposed and guide you through steps to recover quickly.

Sign in to your McAfee account to scan for recent breaches linked to your email. You can also sign up for a free trial of McAfee antivirus to protect your devices.

The post AWS Outage Disrupts Major Apps Like Reddit and Snapchat—What Happened and How to Stay Safe appeared first on McAfee Blog.

Hackers Trick Staff Into Exposing Major Companies’ Salesforce Data–Find Out if You’re Safe

Cybercriminals tricked employees at major global companies into handing over Salesforce access and used that access to steal millions of customer records. 

Here’s the McAfee breakdown on what happened, what information was leaked, and what you need to know to keep your data and identity safe: 

What’s Happening 

Hackers claim they’ve stolen customer data from multiple major companies, including household names like Adidas, Cisco, Disney, Google, IKEA, Pandora, Toyota, and Vietnam Airlines. Security Week has reported throughout 2025 on a wave of social-engineering attacks exploiting human – rather than platform – vulnerabilities. 

According to The Wall Street Journal, the hacking group has already released millions of Qantas Airlines customer records and is threatening to expose information from other companies next.  

The data reportedly includes names, email addresses, phone numbers, dates of birth, and loyalty program details. While it doesn’t appear that financial data was included, this kind of personal information can still be exploited in phishing and scam campaigns. 

Salesforce has issued multiple advisories stressing that these attacks stem from credential theft and malicious connected apps – not from a breach of its infrastructure. 

Unfortunately, incidents like this aren’t rare, and they’re not limited to any one platform or industry. Even the most sophisticated companies can fall victim when hackers rely on social engineering and manipulation to breach secure systems. 

How the Hackers Did it 

Hackers reportedly called various companies’ employees pretending to be IT support staff—a tactic known as “vishing”—and convinced them to share login credentials or connect fake third-party tools, essentially handing the criminals the keys to their accounts. Once inside, they accessed customer databases and stole the information stored there. 

Think of it less like a burglar breaking a lock, and more like someone being tricked into opening the door. 

What data was leaked 

So far, leaked data appears to include: 

• Names and email addresses 
• Phone numbers 
• Dates of birth 
• Home or mailing addresses 
• Loyalty or frequent-flyer numbers 

There’s no indication of credit card or banking data in the confirmed leaks, but that doesn’t mean you’re in the clear.  

Why this matters to you 

Even if your financial information isn’t exposed in a data breach, personal details like name and address can still be used for targeted scams and phishing.  When that information is stolen and sold online, scammers use it to: 

• Send realistic phishing emails or texts that reference real details about you. 

• Try to log into your other accounts if you reuse passwords. 

• Launch “refund” or “account verification” scams tied to brands you trust. 

Even if your data isn’t part of this specific leak, these attacks highlight how often your information moves through third-party systems you don’t control. 

How to find out if you’ve been affected 

• Check your email: If you’re a member or customer of one of the named companies, watch for official notifications.  

• Use a trusted breach-checking site: Visit Have I Been Pwned or sign in to your McAfee account to scan for recent breaches linked to your email. You can also sign up for a free trial of McAfee antivirus to protect your devices. 

• Avoid “dark web lookup” services: Some of these are scams themselves. Stick to legitimate sources. 

What to do now 

1) Change your passwords—today.
Use strong, unique passwords for every account. McAfee’s password manager can help. Try our random password generator here. 

2) Turn on two-factor authentication (2FA).
Even if a hacker has your password, they can’t get in without your code. 

3) Monitor your financial and loyalty accounts.
Watch for strange charges, redemptions, or password reset emails you didn’t request. 

4) Freeze your credit.
It’s free and prevents new accounts from being opened in your name. You can unfreeze it anytime. McAfee users can employ a “security freeze” for extra protection. 

5) Be extra cautious with “breach” emails or calls.
Scammers often pretend to be from affected companies to “help you secure your account.” Don’t click links or give information over the phone. Go directly to the company’s website or app or your own IT team if a breach happens at your workplace. 

6) Consider identity protection.
McAfee’s built-in identity monitoring can monitor your personal info across the dark web, send alerts if your data appears in a breach, and include up to $1 million in coverage for identity recovery expenses. 

 

What scams to expect next 

• Fake refund or compensation offers. “We noticed your account was impacted. Claim your refund here.” Don’t click. 

• Loyalty-point phishing. Emails that look like they’re from an airline or retailer asking you to log in to “protect your rewards.” 

• MFA fatigue scams. Attackers repeatedly send login codes to wear you down, then call pretending to be support asking you to read one aloud. Don’t. 

 

Need ongoing protection? 

Your data could already be out there, but you don’t have to leave it there. 

McAfee helps you take back control. Using advanced artificial intelligence, McAfee’s Scam Detector automatically detects scams across text, email, and video, blocks dangerous links, and identifies deepfakes, stopping harm before it happens. 

And McAfee’s Personal Data Cleanup can help you check which data brokers have your private details and request to have it removed on your behalf. 

Stay ahead of scammers. Check your exposure, clean up your data, and protect your identity, all with McAfee. 

Learn more about McAfee and McAfee Scam Detector.  

 

More reading: 

What to do if you’re caught up in a data breach 

How to delete yourself from the internet 

How to spot phishing emails and scams  

The post Hackers Trick Staff Into Exposing Major Companies’ Salesforce Data–Find Out if You’re Safe appeared first on McAfee Blog.

McAfee Wins “Best Use of AI in Cybersecurity” for Scam Detector

We’re proud to share that McAfee has won “Best Use of AI in Cybersecurity” at The 2025 A.I. Awards for our groundbreaking work on McAfee’s Scam Detector, which automatically identifies risky texts and emails, and also includes the world’s first automated deepfake detection. 

Scams Are Growing 

Online scams have reached an all-time high, with 1 in 3 Americans reporting they’ve fallen victim, losing an average of $1,500 each. From fake job offers and text messages to AI-generated deepfakes, these threats are evolving faster than ever. 

Using Good AI to Fight Bad AI 

That’s where McAfee’s Scam Detector comes in. Using advanced artificial intelligence, it automatically detects scams across text, email, and video, blocks dangerous links, and identifies deepfakes, stopping harm before it happens. 

Scam Detector is also included with every core McAfee plan, and is available on PC, mobile, and web. In just its first few months, Scam Detector crossed the million-user milestone, underscoring the urgent need for smarter, faster protection in the AI-powered world. 

Industry Recognition 

As one of the judges, Rakesh Datta, noted: 

“McAfee’s Scam Detector is leading the fight against digital deception, harnessing advanced AI to identify scams, deepfakes, and fraud in real time. By combining exceptional accuracy with proactive protection, it restores confidence and redefines trust in the modern digital era. The A.I. Awards is proud to recognize McAfee’s innovation in safeguarding users worldwide.” 

This recognition highlights McAfee’s commitment to building responsible, consumer-first AI that empowers people to live safer, more confident lives on and offline. 

Looking Ahead 

We’re honored to be recognized alongside other global innovators, and we’re even more motivated to keep pushing forward, creating technology that helps people stay one step ahead of online threats. 

Check out all The 2025 A.I. Awards winners and learn more about McAfee Scam Detector. 

The post McAfee Wins “Best Use of AI in Cybersecurity” for Scam Detector appeared first on McAfee Blog.

McAfee Again Certified as “TOP PRODUCT” by AV-TEST

McAfee Total Protection has once again been named a TOP PRODUCT by the independent test lab AV-TEST, earning perfect scores in all three categories for the July–August 2025 test cycle.

This marks the 31st consecutive TOP PRODUCT certification for McAfee since June 2020, proof that our consumer protection consistently meets the highest independent standards.

While many security tools can slow your computer or trigger false alarms, McAfee keeps impact minimal and alerts meaningful, giving you reliable protection without getting in your way.

What the Scores Mean for You

• Protection efficacy (100%): Stops the latest and most dangerous threats, including zero-day attacks and widespread malware, before they can infect your PC.
• Performance impact (below industry average): Runs quietly in the background so your computer stays fast while you work, stream, and game. Many of our competitors’ security tools can slow things down, but McAfee keeps impact minimal.
• Usability (no false positives): Alerts you only when it matters, avoiding annoying or confusing warnings about safe files and programs.

Together, these results mean you’re getting lab-verified security that beats industry averages and stays ahead of major competitors, without sacrificing speed or ease of use.

You can read the full AV-TEST report here.

The post McAfee Again Certified as “TOP PRODUCT” by AV-TEST appeared first on McAfee Blog.

Keep It Real: How McAfee Is Using AI to Fight AI—and End Scam Stigma

Was that spinning head a mistake—or the whole point?

When McAfee dropped a new digital ad showing a woman lounging on a beach, only to have her head rotate a full 360 degrees, the internet lit up. Some viewers thought it was a post-production error. Others assumed it was a weird deepfake gone wrong. And while a few sharp-eyed commentators caught the joke right away, most were left wondering: was this brilliant marketing or a complete fail?

Spoiler: it was on purpose.

AI on Purpose

You may have seen the ad—the calm beach scene, the casual vibe, and then, the fully rotating head. Reactions ranged from confused to amused, with a handful of keen observers nodding in understanding.

We didn’t mess up.

With the help of our creative agency VSA, we developed a series of digital ads using generative AI to blur the line between real and surreal. The goal? To make a bigger point: AI is now capable of mimicking reality in subtle, clever ways that are increasingly hard to detect. That’s exactly why tools like McAfee’s Scam Detector matter more than ever.

“While the ads are clearly AI, the implication is that AI isn’t always so easy to spot,” said Anne-Marie Rosser, CEO of VSA. “It’s funny, and it creates empathy for the user since we’re all susceptible.”

And don’t worry—we didn’t hand everything over to the machines. McAfee and VSA’s full creative and design teams were instrumental in shaping every detail, from concept to execution. The AI was a tool. The vision came from real people.

These creative choices reflect our philosophy at McAfee: take cybersecurity seriously, but don’t always take yourself too seriously. Humor has the power to break through fear and shame—and ultimately, help people protect themselves better.

 

Scam Stories, Real People

Alongside these eye-catching ads, we’re launching Scam Stories, a social campaign built around real voices. From concert ticket scams to spoofed customer service texts, people across the country are sharing their experiences using #KeepItReal and #MyScamStory—and we’re listening.

Some of those individuals, like actor Chris Carmack (of Grey’s Anatomy and The O.C.), have joined our campaign to share their own moments of being duped. Others, like cyber student Henry or life coach Cory, are helping us educate others by turning personal pain into public empowerment.

Partnering for Impact

This campaign isn’t just about awareness—it’s about action. That’s why we’ve partnered with FightCybercrime.org, a nonprofit that helps people recognize, report, and recover from scams. We’re donating $50,000 worth of McAfee protection to people in FightCybercrime programs and to the volunteers who support them.

We’re also teaming up to expand education efforts through our Online Safety for Kids initiative—because building a safer internet starts early.

What’s Next

Scammers rely on silence, shame, and speed. But when we slow down, speak up, and share our stories, we take away their power.

The Keep It Real campaign is more than just a product launch. It’s a movement to stop the stigma around scams, help people protect their peace of mind, and remind you: if it can happen to Chris Carmack, it can happen to anyone.

So what’s your scam story? We’re listening.

The post Keep It Real: How McAfee Is Using AI to Fight AI—and End Scam Stigma appeared first on McAfee Blog.

Introducing Scam Stories: A McAfee Campaign to End Scam Stigma

When Grey’s Anatomy actor Chris Carmack and musician Erin Slaver tried to order custom patio cushions from what seemed like a trustworthy small business, they thought they were making a simple home upgrade.  

But after clicking and paying through a special link, the cushions never arrived. Delays turned into excuses, messages went unanswered, and the seller’s account eventually disappeared—along with their money. 

It was a scam. And like so many others, they were left frustrated, embarrassed, and unsure of what to do next. 

Now, Chris and Erin are sharing their story—not just to warn others, but to help launch Scam Stories, a McAfee-led movement to end the stigma around being scammed, remind people that it can happen to anyone, and help keep everyone safer online. 

Real People, Real Stories 

Scammers win when we stay silent. At McAfee, we believe speaking out about your experience is a brave way to support your community and help others stay safe from scams. 

Built-in partnership with FightCybercrime.org, the Scam Stories movement invites people to share their scam experiences, end the stigma around being scammed, and build a more informed, supportive community. 

And Chris and Erin aren’t the only ones speaking up. Our campaign features stories from everyday people who’ve been scammed—and are now helping others by sharing what happened. 

These scams happened fast—and could happen to anyone. Each one involved tactics that McAfee Scam Detector is designed to catch:

• Brittany, an elementary school teacher, lost Taylor Swift tickets after clicking a phishing email that looked like a ticket confirmation. Scam Detector could have flagged the email as suspicious and warned her before she engaged.
• Cory, a wellness coach, tapped a convincing text that appeared to be from his mobile provider. Almost instantly, scammers hijacked his number and shut him out of his accounts. Scam Detector’s text scanning could have alerted him to the malicious link before he clicked.
• Henry, a college student, was tricked by a fake concert ticket seller on social media. The message looked urgent and real—but Scam Detector could have flagged the text as suspicious due to common scam language and pressure for fast payment, before it reached him.
• Bradley, a sleep-deprived new dad, received a threatening call from someone posing as the IRS. When they followed up with a phishing email, he panicked—and sent nearly $1,000. Scam Detector could have flagged the impersonation and helped him pause before acting. 

These stories are powerful reminders that scam prevention starts with awareness. And when people share what happened, it helps others recognize red flags and feel less alone. 

Why We Partnered With FightCybercrime.org 

FightCybercrime.org is a nonprofit dedicated to helping people recognize, report, and recover from cybercrime. Their tools, educational materials, and survivor support network make them an ideal partner in our mission. 

Together with FightCybercrime.org, we’ll be expanding online safety education —and helping more people recover from scams with real support.  

As part of our collaboration, McAfee is donating $50,000 worth of protection products to individuals going through FightCybercrime.org’s recovery programs and to the staff and volunteers who support them every day. 

Let’s End the Stigma, Together 

At McAfee, we believe that scam protection isn’t just about tools—it’s about empowering people with knowledge and support. And that starts by ending the stigma. 

Scam Stories is here to change the narrative—from shame to strength. With help from public figures like Chris and Erin, and brave individuals across the country, we’re turning painful moments into teachable ones—and helping everyone stay safer online. 

How to Get Involved 

McAfee is collecting scam stories and encouraging people to share their experiences on social media using #MyScamStory and #KeepItReal.  

• Visit our Scam Stories hub to share your scam story 

• Use #MyScamStory and #KeepItReal on social media 

• Follow along as we amplify survivor voices and help others stay safer 

Learn more and join the movement at www.mcafee.com/en-us/scam-stories. 

No one should feel alone or ashamed after being scammed. And the more we talk about scams, the harder it is for scammers to succeed. 

Scam Stories is here to change the narrative—from shame to strength.

The post Introducing Scam Stories: A McAfee Campaign to End Scam Stigma appeared first on McAfee Blog.

Introducing McAfee’s Scam Detector – Now Included in All Core Plans

In today’s online world, scams are everywhere—and they’re harder to spot than ever. From sophisticated phishing texts and deepfake videos to emails that look just like messages from your bank or delivery provider, scammers are constantly evolving. And so are we. 

Introducing McAfee’s Scam Detector: advanced scam detection technology built to spot and stop scams across text messages, emails, and videos. It’s included at no extra cost in all core McAfee plans for customers in the U.S., UK, and Australia—helping millions stay safer online without having to upgrade. 

Why We Built Scam Detector 

Scam messages are getting smarter and more frequent. McAfee Labs saw scam text volumes nearly quadruple between February and March 2025. Nearly half used cloaked links to disguise malicious intent. Scams mimicked toll charges, deliveries, payment services, and even messages from loved ones. 

Scammers use urgency and fear to push people into quick decisions—and it’s working. That’s why Scam Detector was designed with AI-powered detection, educational guidance, and coverage that works across multiple platforms and devices. 

McAfee’s Scam Detector flags ~1.5% of text messages analyzed as potential scams and ~1.8% of email messages analyzed as potential scams. The text scam detection model included in the initial release achieves greater than 99% accuracy.

What McAfee’s Scam Detector Can Do

1) Smarter text scam detection

• Detects suspicious messages across apps like iMessage, WhatsApp, Facebook Messenger, and others. 

• On Android: Messages are scanned as they arrive and flagged before you open them. 

• On iPhone: Suspicious texts are filtered into a separate folder, with manual scam check available. 

2) AI-based scam analysis for email

• Flags phishing and other suspicious emails across Gmail, Outlook, and Yahoo. 

• Adds a “McAfee Alert” label and explains why an email was flagged, helping you learn as you go. 

• Supports up to 10 email addresses per account. 

3) Deepfake detection for video

• Detects AI-generated or manipulated audio in videos on platforms like YouTube, TikTok, and Facebook. 

• Works in seconds, using on-device processing to protect your privacy. 

• Requires just six seconds of audio to analyze authenticity. 

4) On-demand Scam Check

• Unsure about a message? Upload a screenshot, message, or link for instant analysis. 

• Scam Detector offers context so you understand the “why” behind each result. 

5) Custom Sensitivity Settings

Choose the level of detection that works for you: 

• High: Maximum caution, more alerts 

• Balanced (default): Strong protection, fewer interruptions 

• Low: Flags only the most obvious threats 

6) Safe Browsing Layer

• If you do click a suspicious link, McAfee Safe Browsing can help block dangerous sites before they load. 

Privacy Comes First 

Scam Detector uses on-device AI wherever possible. That means your messages and data aren’t sent to the cloud for analysis. And because scam protection is now included in all core McAfee plans, there’s no need for additional purchases. 

Included at No Extra Cost 

Scam Detector is now included in all core plans: 

• McAfee+ 

• McAfee Total Protection 

• McAfee LiveSafe 

Available for customers in the U.S., UK, and Australia, this new feature rolls out automatically in the McAfee app. No upgrade required. 

Learn More About Scam Detector 

McAfee’s Scam Detector is designed to help people stay safer by identifying scams, explaining why they were flagged, and giving users more confidence in their digital decisions. 

In a time when scams are harder to detect than ever, it’s one more way McAfee is protecting people—not just devices. 

Learn more at https://www.mcafee.com/en-us/scam-detector.

The post Introducing McAfee’s Scam Detector – Now Included in All Core Plans appeared first on McAfee Blog.

This Week in Scams: $16.6 Billion Lost, Deepfakes Rise, and Google Email Scams Emerge

Welcome to the first edition of This Week in Scams, a new weekly series from McAfee breaking down the latest fraud trends, headlines, and real-time threats we’re detecting across the digital landscape. 

This week, we’re spotlighting the FBI’s shocking new cybercrime report, the rise of AI-generated deepfakes, and a sophisticated Gmail impersonation scam flagged by Google. We’re also seeing a surge in location-specific toll scams and fake delivery alerts—a reminder that staying ahead of scammers starts with knowing how they operate. 

Let’s dive in. 

Scams Making Headlines 

$16.6 Billion Lost to Online Scams in 2024
The FBI’s latest Internet Crime Report is here—and the numbers are staggering. Americans lost $16.6 billion to online scams last year, up from $12.5 billion in 2023. Older adults and crypto investors were hit especially hard, but the agency warns the real total is likely much higher, since many victims never report the crime.
Read more

AI-Powered Deepfake Scams Get More Convincing
Deepfake-enabled fraud has already caused more than $200 million in financial losses in just the first quarter of 2025.  

McAfee researchers estimate the average American sees three deepfakes per day, many of which are designed to mimic real people, services, or news stories. Whether it’s fake crypto pitches, job offers, or social media stunts—seeing is no longer believing.
Read more 

Google Warns Users of Sophisticated Email Scam  

Google is alerting Gmail users to a new type of phishing email that looks like it comes from Google itself. These messages often appear in legitimate email threads and pass all typical security checks, but lead victims to a cloned Google login page designed to steal credentials. The scam highlights how attackers are evolving to outsmart traditional filters.
Read more 

 

From Experts at McAfee 

McAfee Researchers have observed a recent surge in the following scam types: 

Fake Delivery Notifications: Scammers impersonate delivery services like USPS, UPS, and FedEx, sending fake tracking links that install malware or steal payment info

Invoice Scams: Fraudulent messages that claim you owe money for a product or service, often accompanied by a fake invoice PDF or request for payment via phone

Cloud Storage Spoofs: Emails that pretend to be from Google Drive, Dropbox, or OneDrive, prompting you to “log in” to view shared files. The links lead to phishing sites designed to capture your credentials. 

Toll Text Scams: Personalized smishing messages that claim you owe a toll and link to fake payment sites. These messages often use location data—like your area code or recent city visits—to appear legitimate. McAfee Labs saw toll scam texts spike nearly 4x between January and February.

This week, Steve Grobman, executive vice president and chief technology officer at McAfee, said the toll scam is effective because it hits all the correct social points for a consumer. 

These scams often rely on urgency and familiarity—pretending to be something you trust or expect—to get you to act quickly without double-checking. 

How to Stay One Step Ahead 

1. Be skeptical of emails—even from familiar senders.
   The Gmail scam shows that even official-looking messages can be fake. If an email asks you to log in, don’t click the link. Instead, go to the website directly through your browser and log in from there.
2. Understand how deepfakes are being used.
   Whether it’s a voice message from someone you know or a video of a public figure promoting an investment, deepfakes are designed to exploit trust. If a message pressures you to act urgently—especially involving money—slow down and verify it through another channel.
3. Don’t assume personalization means legitimacy.
   Scams like the toll fraud texts feel real because they include specific location data. But scammers can use leaked or purchased personal data to tailor messages. Just because it sounds accurate doesn’t mean it’s trustworthy.
4. Watch for emotional triggers.
   The most effective scams—whether it’s a fake support email, a travel deal, or a message about a missed toll—create urgency or panic. If something is pushing you to act fast, that’s your cue to stop and verify.
5. Protect yourself with tools that go beyond basic filters.
   Traditional spam filters aren’t enough anymore. Use security tools—like McAfee Scam Detector—that look at full message context and help flag advanced scams, impersonation attempts, and deepfakes before they cause harm.

Thanks for reading—See you next week with more scam alerts, insights, and protection tips from the McAfee team. 

The post This Week in Scams: $16.6 Billion Lost, Deepfakes Rise, and Google Email Scams Emerge appeared first on McAfee Blog.

Your Phone Is the #1 Target in a New Wave of IRS Scams, McAfee Finds

As Tax Day looms and last-minute taxpayers feel the pressure, a surge of IRS scams is on the rise.  

Research by our McAfee Labs team projects a fresh wave of sophisticated tax scams as the stress of peak filing season sets in, with bogus text messages leading the way.  

Nearly half of taxpayers complete their taxes between mid-March and April 15, which gives scammers ample opportunity to cash in as people rush their filings with the IRS.  

Based on our data from 2024, here’s what we can expect in the coming days: 

• We’ll see a surge in tax scams – The number of malicious tax scam URLs nearly quadrupled from February 1 (2.9% of activity) to February 28 (10.5%) last year, with the biggest spike at the end of the month.  

• Mobile attacks will dominate – 76% of all tax scam activity in 2024 targeted mobile users via text, often using URL shorteners to disguise fraudulent links. 

• Highly coordinated scam campaigns will roll out – A single campaign accounted for 17.3% of all tax-related blocked URLs in 2024, using fake IRS-style links (like, ”irs.gov.tax-helping[.]com”). 

In addition to posing as the IRS, scammers will pose as tax prep and tax software companies as well. Just as in years past, taxpayers can further expect scams built around quick refunds and easy filing solutions that are actually fronts for scams. Yet whatever guise scammers put on, their aim remains the same. They want to dupe taxpayers out of their personal and financial info.  

Common Tax Scams To Look Out For 

Tax season is high season for scammers because so much personal info gets gathered and shared online. With that, many taxpayers have their guard down. They expect to see messages, ads, and so forth about their taxes, which can make them more willing to share some of their most personal info. That’s where scammers step in. They want to: 

1. Steal account info – Scammers try to highjack account or financial info associated with credit cards and banks to steal funds and make purchases with a victim’s card.
2. File false returns – Scammers also try to file false returns in a victim’s name and claim their refunds, which leaves the victim without their money and a fraud claim on their hands.
3. Commit identity theft – Scammers use the info they steal to open new credit lines and accounts in a victim’s name. 
4. Re-sell stolen info – Finally, scammers can also turn a profit on their victims by selling stolen info on dark web marketplaces. Instead of using it to commit identity theft
   themselves, they sell it to others who will. 

Looking at this list, you can see what makes tax scams so damaging. Many of them target our most precious of personal info—our Social Security Numbers (SSNs).  

A stolen SSN opens the door to some of the most painful forms of identity theft, like imposter fraud, insurance fraud, employment fraud, and more. These follow-on attacks can cause great harm to a victim’s finances and reputation in ways that can take months, or even years, to repair.   

How Tax Scams Work

In effect, tax scams deliver a one-two punch. 

It begins by baiting the victim with a phony message from a scammer posing as the IRS, a tax prep business, or a tax software company. That might come by email, a direct message on social media, or even in paid search results. 

Largely, scammers bait victims with texts. Mobile attacks indeed dominate the preferred contact method, just as we called out. Here, scammers often use link shorteners to disguise fraudulent links. (You’ve likely seen plenty of link shorteners like bit.ly and goo.gl. They make it easier to share long addresses, but the flipside is that there’s no quick way to tell where they really take you.) 

In some cases, scammers attempt to trick taxpayers by weaving “irs.gov” into the web address. Below you can see one example, where the domain isn’t “irs.gov.” It’s actually “entes-tax[dot]com,” which leads to a scam site. 

Scam texts that weave “irs.gov” into a malicious link 

As for the text itself, scammers send urgent-sounding messages about tax returns like, “Your refund is on hold, contact the IRS immediately.” Other scammers use fear, leveling threats like jail time for non-payment. In other cases, scammers threaten to revoke things like driver’s licenses and business licenses, or even immigration status. According to the IRS, these are common signs of a scam. The IRS never uses threats or tactics like these to resolve tax issues. 

The second punch comes by clicking the link in these messages, which leads to IRS copycat scam sites. And they can look convincing. The most sophisticated of them mirror the look and feel of the official IRS website and use URLs that look “close enough” to an IRS URL, which can trick anyone who doesn’t examine them closely. 

 

Example of a fake IRS claim website 

And that’s where the damage gets done. Under the false pretense of receiving a refund or making a payment, the scammers collect that precious personal info we talked about, which can cause short- and long-term fallout for victims. 

The same approach works for scammers who pose as tax prep services and tax software companies. The texts and websites look different, yet they’re still part of a scheme for collecting the same types of personal and financial info.  

 

How To Avoid Tax Scams

Clever as these scams are, you can avoid them. The first step is awareness. By reading this article and sharing it with others, you spread the word about these scams and just how rampant they are. 

From there, you can take several more steps that can keep you far safer during tax time: 

• Be suspicious of emails and phone calls claiming to be from the IRS. The IRS typically contacts people by physical mail, not by email or text. (See their list of ways the IRS will contact you for more details.)

• Never give out personal info on the phone. The IRS will never call to ask for personal info over the phone, and no government agency will ever ask you for money over the phone. Payments demanded in money orders, gift cards, and online payment platforms other than IRS.gov are an absolute red flag. 

• Go straight to the source. Verify all websites and emails, even when it looks like they come from a trusted tax consultant or partner. Go straight to the source instead of clicking on links in emails or texts. 

• Use online protection that sniffs out scams. Features in our McAfee+ plans can help you spot scam sites and texts and our Web Protection and Online Account Cleanup in particular alert you if a link might take you to a sketchy site and help secure your online accounts. They’ll also block those sites if you accidentally tap or click on a bad link.  

• Put preventative measures in place. Check your credit report for unusual activity, keep your social media privacy settings tight, and set strong, unique passwords on your accounts. Features in our McAfee+ plans can help you do all of that, all in one place. 

• Remove your personal info from sketchy data broker sites. Scams over email, phone, and text all require something—your contact info. In many cases, scammers get it from data broker sites. Data brokers buy, collect, and sell detailed personal info, which they compile from several public and private sources. Our Personal Data Cleanup scans some of the riskiest data broker sites and shows you which ones are selling your personal info. 

• Lastly, file your taxes as quickly as possible. One way to keep a scammer from claiming your refund is to claim it first. In some cases, taxpayers only find out they’ve been scammed once they file a return—only to discover that it’s already been filed. 

The post Your Phone Is the #1 Target in a New Wave of IRS Scams, McAfee Finds appeared first on McAfee Blog.

McAfee Wins AV-TEST Awards for Best Advanced Protection and Best Performance

We’re thrilled to share that McAfee has earned two prestigious AV-TEST Awards: Best Advanced Protection and Best Performance for Consumer Users. 

“We are honored to receive both the Best Advanced Protection and the Best PC Performance awards,” said McAfee’s Chief Technology Officer, Steve Grobman. “AV-TEST is a renowned institute with an excellent reputation for independent analysis and quality assurance, and this recognition reinforces our leadership in online protection. As our digital world continues to evolve, so do the tactics of cybercriminals. With McAfee’s AI-powered threat protection, we can stay one step ahead and keep our customers safe from scams without compromising PC performance.”

These awards recognize our commitment to delivering powerful protection from malware, data stealers, and other threats—without slowing down your devices. Throughout 2024, McAfee consistently excelled in AV-TEST’s rigorous evaluations, standing out for both threat detection and system efficiency. 

As the only vendor to top both categories in 2024, McAfee is proud to provide trusted protection that enhances—not hinders—your PC’s performance. 

What’s Included in McAfee Total Protection?

McAfee Total Protection isn’t just antivirus software—it’s an all-in-one digital safety solution designed to keep your identity, devices, and privacy protected across unlimited devices. Here’s a breakdown of what’s inside:

AI-Powered Security on All Your Devices

With McAfee Total Protection, you get real-time defense powered by artificial intelligence to block viruses, malware, and phishing scams before they can reach you. It works across all your compatible devices—Windows, macOS, iOS, and Android—so you’re covered wherever you go.

Privacy Protection at Home and On the Go

Our Secure VPN uses bank-grade encryption to shield your personal info and browsing activity, especially on public Wi-Fi.

Easy-to-Use Password Management

Keep your online accounts secure with our built-in password manager, which stores, generates, and auto-fills strong passwords across devices. That means one less thing to remember—and a lot more peace of mind.

Find Out Why We’re #1

Protect yourself and your loved ones with the award-winning solution that topped both protection and performance rankings in 2024. Start your free trial of McAfee Total Protection today.

The post McAfee Wins AV-TEST Awards for Best Advanced Protection and Best Performance appeared first on McAfee Blog.

McAfee Named One of America’s Best Employers by Forbes

We’re thrilled to share some exciting news—McAfee has been recognized on Forbes’ prestigious list of America’s Best Midsize Employers for 2025! This recognition is a testament to our incredible employees, whose passion and commitment make McAfee not just an industry leader, but also a truly exceptional place to work. 

Forbes and Statista, a global data and business intelligence firm, compiled this list based on feedback from over 217,000 employees across various industries in the U.S. The ranking considers both direct feedback from McAfee team members and public perceptions of our workplace culture, with personal employee experiences carrying the most weight. 

What This Means for McAfee 

At McAfee, we believe that a great workplace isn’t just about the work—it’s about the people. This recognition underscores our ongoing commitment to fostering a culture where employees feel valued, empowered, and inspired. Whether it’s through innovative projects, professional growth opportunities, or a strong sense of community, we strive to make McAfee a place where talent thrives. 

Our spot within the top 300 of 500 companies, shows that our collective dedication to excellence, inclusivity, and collaboration is making an impact. 

A Big Thank You to Our Team 

This achievement wouldn’t be possible without our amazing employees who bring their best every day. Your contributions drive our success, and this recognition is as much yours as it is McAfee’s. 

As we continue to push boundaries in cybersecurity, we remain committed to ensuring McAfee is a company where talent grows, ideas flourish, and people love coming to work. 

Join us at McAfee   

It’s an exciting time to be part of Team McAfee! As we continue to grow and innovate, we’re always looking for passionate individuals who want to help create a safer online world.  

If you’re looking for a workplace where your ideas matter, your contributions are valued, and you can thrive in a dynamic, mission-driven environment, we’d love to have you on board. Explore opportunities to join us today!  

The post McAfee Named One of America’s Best Employers by Forbes appeared first on McAfee Blog.

McAfee Named #1 Antivirus and Security Software Brand in TIME’s 2024 World’s Best Brands 

McAfee has been named the top brand in the Antivirus and Security Software category in TIME and Statista’s 2024 World’s Best Brands list, ranking above all major industry competitors.

World’s Best Brands of 2024

The list, which surveyed over 22,000 U.S. consumers, ranks brands based on trust, awareness, and customer satisfaction across 66 industries.  

TIME’s World’s Best Brands of 2024 rankings highlight consumer preferences across industries, from tech to retail. The inclusion of cybersecurity in the list speaks to a broader trend: digital safety is no longer just a concern for businesses and IT professionals—it’s a household necessity. 

Recent data supports this shift. A global McAfee study found that 59% of people have fallen victim to an online scam or know someone who has, with 87% of those affected losing money—an average loss of $1,366 USD. As the financial and personal stakes of online security continue to rise, consumers are looking for trusted brands that offer comprehensive, easy-to-use protection. 

For those looking to strengthen their digital defenses, McAfee+ provides award-winning security that protects against malware, scams, and online fraud—allowing consumers to browse, shop, and connect with confidence. 

 

The post McAfee Named #1 Antivirus and Security Software Brand in TIME’s 2024 World’s Best Brands  appeared first on McAfee Blog.

AV-Comparatives Crowns McAfee as 2024’s Leader in Online Protection and Speed

McAfee Total Protection users can feel even more secure online knowing that AV-Comparatives has named it the best in 2024 for both real-world protection and overall speed.

The two awards – the 2024 Real-World Protection Gold Award and the Best Overall Speed Gold Award – underscore McAfee’s commitment to providing powerful security without compromising PC performance, a critical combination at a time when 59% of people globally report falling victim to an online scam or knowing someone who has, with 87% of these individuals losing money—an astounding average loss of $1,366 USD.

“We are honored to receive both the Best Real-World Protection and the Best PC Performance awards,” said McAfee Chief Technology Officer Steve Grobman. “AV-Comparatives is a renowned institute with a reputation for analysis and quality assurance that stands tall, and this recognition further reinforces our leadership in online protection. With our AI-powered threat protection, we remain committed to staying one step ahead of cybercriminals while having the lowest impact on PC performance, so that people can enjoy their online lives with confidence.”

Why McAfee Stands Out

Each year, AV-Comparatives rigorously tests leading consumer security products to evaluate their effectiveness in real-world scenarios as well as their impact on system performance. McAfee’s standout results reflect the strength of its:

• Real-World Protection: AV-Comparatives’ Real-World Protection Test measures a product’s ability to combat malware under everyday conditions. Winners of this test, such as McAfee, provide high levels of protection with minimal false alarms, sparing users the stress and burden of identifying whether something is harmful.
• Performance: The PC Performance Test evaluates the impact of a security product on system performance. McAfee ranked with the lowest impact on PC performance throughout 2024, ensuring users can stay secure online without their devices losing speed and slowing down.

Learn More About Our Award-Winning Protection

Protect yourself and your family today with McAfee Total Protection, which includes the award-winning anti-malware technology, scam protection, identity monitoring, Secure VPN, password management, and safe browsing capabilities for all-in-one security.

Get started with a free trial of McAfee Total Protection here. McAfee’s award-winning technology is also available in McAfee+ Premium, McAfee+ Advanced, and McAfee+ Ultimate.

Read the full report on AV-Comparatives’ awards here.

The post AV-Comparatives Crowns McAfee as 2024’s Leader in Online Protection and Speed appeared first on McAfee Blog.