Login
It’s the romance scam story that plays out like a segment on a true crime show. It starts with a budding relationship formed on an online dating site. It ends with an ominous note and an abandoned car on a riverside boat ramp hundreds of miles away from the victim’s home.
The story that follows offers a look at how far romance scams can go. With that, we warn you that this story comes to a grim ending. We share it to show just how high the stakes can get in these scams and how cunning the scammers who run them can be.
Most importantly, it gives us an opportunity to show how you can spot and avoid romance scams in all their forms.
As recently reported across several news outlets, comes the story of Laura, a 57-year-old retired woman from Chicago who joined an online dating service in search of a relationship. She went with a known site, thinking it would be safer than some of the other options online.
Sure enough, she met “Frank Borg,” who posed as a ruggedly good-looking Swedish businessman. A relationship flourished, and within days the pair professed their love for each other.
Over time, however, the messages became increasingly transactional. Transcripts show that “Frank” started asking for money, which Laura wired to a bogus company. All to the eventual tune of $1.5 million and a mortgaged home.
Yet the scam cut yet deeper than that. “Frank” then had her open several phony dating profiles on different online dating sites, set up new bank accounts, and further spin up fake companies. In all, “Frank” appears to not only have scammed Laura, he also weaponized her — turning her into an accomplice as “Frank” sought to scam others.
As the account goes, Laura grew suspicious about a year into the scam. A gap appears in her correspondence with “Frank,” and it appears that some conversations went offline. Today, Laura’s daughter speculates that her mother knew that what she was doing was illegal and was threatened to keep at it.
The story ends two years after the romance started, with Laura going missing, only to be found drowned in the Mississippi River. Left behind, a note, found by her daughter while searching Laura’s house. It wrote of living a double life that left her broke because of “Frank.” The note also left instructions for accessing her email, which chronicled the online part of the affair in detail.
Investigations found no clear evidence of foul play, yet several questions remain. What is known is that “Frank’s” profile picture was a doctor from Chile and that the emails originated in Ghana.
While Laura’s story falls into a heartbreaking extreme, romance scams of all sorts happen often enough. According to the Federal Bureau of Investigation’s (FBI) 2023 Internet Crime Report, losses to reported cases of romance scams topped more than $650 million.i
The U.S. Federal Trade Commission (FTC) cites even higher figures for 2023, at $1.4 billion, for a median loss of $2,000 per reported case.ii That makes romance scams the highest in reported losses for any form of imposter scam according to the FTC.
Sadly, many romance scams go unreported. The reasons vary. Understandably, some victims feel ashamed. This is particularly the case when it comes to older victims. Many fear their friends and families might take it as a sign that they aren’t able to fully care for themselves anymore. Other victims might feel that the romance was real — that they weren’t scammed at all. They believe that their love interest will come back.
Practically anyone can fall victim to a romance scam. People of all ages and backgrounds have found themselves entangled in romance scams. With that, there should be no shame. These scammers have shown time and time again how sophisticated their playbooks are. They excel at slow and insidious manipulation over time.
When the scammer starts asking for money, the victim is locked in. They believe that they’re in love with someone who loves them just the same. They fork over the money without question. And that’s what makes these scams so exceptionally damaging.
Sophisticated as these scammers are, you can spot them.
Even with the arrival of AI chat tools and deepfake technology, romance scammers still rely on a set of age-old tricks. Ultimately, romance scammers play long and patient mind games to get what they want. In many cases, scammers use scripted playbooks put together by other scammers. They follow a common roadmap, one that we can trace and share so you can avoid falling victim.
Top signs include …
It seems too good to be true.
If the person seems like a perfect match right from the start, be cautious. Scammers often stake out their victims and create profiles designed to appeal to their desires and preferences. In some cases, we’ve seen instances where a scammer uses pictures and profiles similar to the deceased partners of widowers.
Love comes quickly. Too quickly.
As the case was with “Frank,” two weeks hadn’t passed before the word “love” appeared in the messages. Take that as a red flag, particularly online when you’ve had no in-person contact with them. A rush into declarations of love might indicate ulterior motives.
The story doesn’t check out.
Victims might think they’re talking to a romantic partner, yet they’re talking with a scammer. Sometimes several different scammers. As we’ve shown in our blogs before, large online crime organizations run some romance scams. With several people running the scam, inconsistencies can crop up. Look out for that.
What’s more, even individual scammers forget details they’ve previously shared or provide conflicting info about their background, job, or family. It’s possible that one romance scammer has several scams going on at once, which can lead to confusion on their part.
You feel pressured.
Romance scammers pump their victims for info. With things like addresses, phone numbers, and financial details, scammers use that info to commit further identity theft or scams. If someone online presses you for this info, keep it to yourself. It might be a scam.
Another mark of a scam — if the person asks all sorts of prying questions and doesn’t give up any such info about themselves. A romance scam is very one way in this regard.
You’re asked for money in some form or fashion.
This is the heart of the scam. With the “relationship” established, the scammer starts asking for money. They might ask for bank transfers, cryptocurrency, money orders, or gift cards. In all, they ask for funds that victims have a tough time getting refunded, if at all. Consider requests for money in any form as the reddest of red flags.
Watch out for AI.
Scammers now use AI. And that actually gives us one less tell-tale sign of a romance scam. It used to be that romance scammers refused to hop on video calls as they would reveal their true identities. The same for voice chats. (Suddenly, that Swedish businessman doesn’t sound so Swedish.) That’s not the case anymore. With AI audio and video deepfake technology so widely available, scammers can now sound and look the part they’re playing — in real time. AI mirrors every expression they make as they chat on a video call.
As things stand now, these technologies have limits. The AI can only track faces, not body movements. Scammers who use this technology must sit rather rigidly. Further, many AI tools have a hard time capturing the way light reflects or catches the eye. If something looks off, the person on the other end of the call might be using deepfake technology.
The important point is this: today’s romance scammers can make themselves appear like practically anyone. Just because you’re chatting with a “real” person on a call or video meeting, that’s no guarantee they are who they say.
Romance scammers track down their victims in several ways. Some scammers blast out direct messages and texts en masse with the hope they’ll get a few bites. Others profile their potential victims before they contact them. Likewise, they’ll research anyone who indeed gives them a bite with a response to a blast.
In all cases, locking down your privacy can make it tougher for a scammer to target you. And tougher for them to scam you if they do. Your info is their goldmine, and they use that info against you as they build a “relationship” with you.
With that in mind, you can take several steps …
Make your social media more private. Our new McAfee Social Privacy Manager personalizes your privacy based on your preferences. It does the heavy lifting by adjusting more than 100 privacy settings across your social media accounts in only a few clicks. This makes sure that your personal info is only visible to the people you want to share it with. It also keeps it out of search engines where the public can see it. Including scammers.
Watch what you post on public forums. As with social media, scammers harvest info from online forums dedicated to sports, hobbies, interests, and the like. If possible, use a screen name on these sites so that your profile doesn’t immediately identify you. Likewise, keep your personal details to yourself. When posted on a public forum, it becomes a matter of public record. Anyone, including scammers, can look it up.
Remove your info from data brokers that sell it. McAfee Personal Data Cleanup helps you remove your personal info from many of the riskiest data broker sites out there. That includes your contact info. Running it regularly can keep your name and info off these sites, even as data brokers collect and post new info. Depending on your plan, it can send requests to remove your data automatically.
Delete your old accounts. Yet another source of personal info comes from data breaches. Scammers use this info as well to complete a sharper picture of their potential victims. With that, many internet users can have over 350 online accounts, many of which they might not know are still active. McAfee Online Account Cleanup can help you delete them. It runs monthly scans to find your online accounts and shows you their risk level. From there, you can decide which to delete, protecting your personal info from data breaches and your overall privacy as a result.
We’ve always had to keep our guard up to some extent when it comes to online romance. Things today call for even more skepticism. Romance scams have become tremendously more sophisticated, largely thanks to AI tools.
Even with technology reshaping the tricks scammers can pull, recognizing that their tactics remain the same as ever can protect you from harm.
Romance scammers flatter, manipulate, and pressure their way into the lives of their victims. They play off emotions and threaten to “leave” if they don’t get what they ask for. Emotionally, none of it feels right. Any kind of emotional extortion like that is a sign to end an online relationship, hard as that might be.
The trick is that the victim might be in deep at that point. They might not act even if things feel wrong. That’s where family and friends come in. If something doesn’t feel right, share what’s happening with someone you’ve known and trusted for years. That can help clear up any clouded judgment. Sometimes it takes an extra set of eyes to spot a scammer.
If you or someone you know falls victim to a romance scam, remember that no one is alone in this. Thousands and thousands of others are victims too. It might come as some comfort, particularly as many, many victims are otherwise savvy and centered people. Anyone, anyone, can find themselves a victim.
Lastly, romance scams are crimes. If one happens to you, report it. In the U.S., you can report it to the FBI’s Internet Crime Complaint Center (IC3) and you can file a complaint with the FTC. Also, report any theft or threats to your local authorities.
In all, the word on romance online is this — take things slowly. “Love” in two weeks or less hoists a big red flag. Very much so online. Know those signs of a scam when you see them. And if they rear their head, act on them.
The post How to Avoid Romance Scams appeared first on McAfee Blog.
You consider yourself a responsible person when it comes to taking care of your physical possessions. You’ve never left your wallet in a taxi or lost an expensive ring down the drain. You never let your smartphone out of your sight, yet one day you notice it’s acting oddly.
Did you know that your device can fall into cybercriminals’ hands without ever leaving yours? SIM swapping is a method that allows criminals to take control of your smartphone and break into your online accounts.
Don’t worry: there are a few easy steps you can take to safeguard your smartphone from prying eyes and get back to using your devices confidently.
First off, what exactly is a SIM card? SIM stands for subscriber identity module, and it is a memory chip that makes your phone truly yours. It stores your phone plan and phone number, as well as all your photos, texts, contacts, and apps. In most cases, you can pop your SIM card out of an old phone and into a new one to transfer your photos, apps, etc.
Unlike what the name suggests, SIM swapping doesn’t require a cybercriminal to get access to your physical phone and steal your SIM card. SIM swapping can happen remotely. A hacker, with a few important details about your life in hand, can answer security questions correctly, impersonate you, and convince your mobile carrier to reassign your phone number to a new SIM card. At that point, the criminal can get access to your phone’s data and start changing your account passwords to lock you out of your online banking profile, email, and more.
SIM swapping was especially relevant right after the AT&T data leak. Cybercriminals stole millions of phone numbers and the users’ associated personal details. They could later use these details to SIM swap, allowing them to receive users’ text or email two-factor authentication codes and gain access to their personal accounts.
The most glaring sign that your phone number was reassigned to a new SIM card is that your current phone no longer connects to the cell network. That means you won’t be able to make calls, send texts, or surf the internet when you’re not connected to Wi-Fi. Since most people use their smartphones every day, you’ll likely find out quickly that your phone isn’t functioning as it should.
Additionally, when a SIM card is no longer active, the carrier will often send a notification text. If you receive one of these texts but didn’t deactivate your SIM card, use someone else’s phone or landline to contact your wireless provider.
Check out these tips to keep your device and personal information safe from SIM swapping.
With just a few simple steps, you can feel better about the security of your smartphone, cellphone number, and online accounts. If you’d like extra peace of mind, consider signing up for an identity theft protection service like McAfee+. McAfee, on average, detects suspicious activity ten months earlier than similar monitoring services. Time is of the essence in cases of SIM swapping and other identity theft schemes. An identity protection partner can restore your confidence in your online activities.
The post How to Protect Your Smartphone from SIM Swapping appeared first on McAfee Blog.
For years now, the popularity of online dating has been on the rise—and so have the number of online romance scams that leave people with broken hearts and empty wallets.
In a recent CBS News story, one Texan woman was scammed out of $3,200 by a scammer claiming to be a German Cardiologist. After months of exchanging messages and claiming to be in love with her, he said that he’d been robbed while on a business trip in Nigeria and needed her help.
According to the U.S. Federal Trade Commission (FTC), the reported cost of online romance scams was $1.14 billion in 2023.
Dating and romance scams aren’t limited to online dating apps and sites, they’ll happen on social media and in online games as well. However, the FTC reports that the scam usually starts the same way, typically through an unexpected friend request or a message that comes out of the blue.
With the phony relationship established, the scammer starts asking for money. The FTC reports that they’ll ask for money for several bogus reasons, usually revolving around some sort of hardship where they need a “little help” so that they can pay:
The list goes on, yet that’s the general gist. Scammers often employ a story with an intriguing complication that seems just reasonable enough, one where the romance scammer makes it sound like they could really use the victim’s financial help.
People who have filed fraud reports say they’ve paid their scammer in a few typical ways.
One is by wiring money, often through a wire transfer company. The benefit of this route, for the scammer anyway, is that this is as good as forking over cash. Once it’s gone, it’s gone. The victim lacks the protections they have with other payment forms, such as a credit card that allows the holder to cancel or contest a charge.
Another way is through gift cards. Scammers of all stripes, not just romance scammers, like these because they effectively work like cash, whether it’s a gift card for a major online retailer or a chain of brick-and-mortar stores. Like a wire transfer, once that gift card is handed over, the money on it is highly difficult to recover, if at all.
One more common payment is through reloadable debit cards. A scammer may make an initial request for such a card and then make several follow-on requests to load it up again.
In all, a romance scammer will typically look for the easiest payment method that’s the most difficult to contest or reimburse, leaving the victim in a financial lurch once the scam ends.
When it comes to meeting new people online, the FTC suggests the following:
Scammers, although arguably heartless, are still human. They make mistakes. The stories they concoct are just that. Stories. They may jumble their details, get their times and dates all wrong, or simply get caught in an apparent lie. Also, keep in mind that some scammers may be working with several victims at once, which is yet another opportunity for them to get confused and slip up.
As mentioned above, some romance scammers troll social media and reach out through direct messages or friend requests. With that, there are three things you can do to cut down your chances of getting caught up with a scammer:
Social media platforms like Facebook, Instagram, and others give you the option of making your profile and posts visible to friends only. Choosing this setting keeps the broader internet from seeing what you’re doing, saying, and posting, which can help protect your privacy and give a romance scammer less information to exploit.
Be critical of the invitations you receive. Out-and-out strangers could be more than a romance scammer, they could be a fake account designed to gather information on users for purposes of cybercrime, or they can be an account designed to spread false information. There are plenty of them too. In fact, in Q4 of 2023 alone, Facebook took action on 693 million fake accounts. Reject such requests.
Online protection software like ours can help you spot fakes and scams. Features like McAfee Scam Protection use advanced AI to detect scam links in texts, email, and social media messages before you click. Our Personal Data Cleanup can keep you safer still by removing your personal info from sketchy data broker sites — places where scammers go to harvest useful info on their victims. And if the unfortunate happens, we offer $2 million in identity theft coverage and identity restoration support.
If you suspect that you’re being scammed, put an end to the relationship and report it, as difficult as that may feel.
Notify the FTC at ReportFraud.ftc.gov for support and next steps to help you recover financially as much as possible. Likewise, notify the social media site, app, or service where the scam occurred as well. In some cases, you may want to file a police report, which we cover in our broader article on identity theft and fraud.
If you sent funds via a gift card, the FTC suggests filing a claim with the company as soon as possible. They offer further advice on filing a claim here, along with a list of contact numbers for gift card brands that scammers commonly use.
Lastly, go easy on yourself. If you find yourself a victim of online dating or romance fraud, know that you won’t be the first or last person to be taken advantage of this way. By reporting your case, you in fact may help others from falling victim too.
The post How to Spot Dating Scams appeared first on McAfee Blog.
According to reports from the Federal Trade Commission’s Consumer Sentinel database, text message scams swindled $372 million from Americans in 2023 alone. The staggering figure highlights a growing concern for consumers globally, who increasingly interact with brands and service providers via text, email, and even social media. As our reliance on technology continues, it is important for everyone to understand how to spot scam texts amid the real messages they receive. amid the real messages they receive.
With such frequent communication from brands and organizations, you can be hard-pressed to figure out what is a scam or not. This practical and actionable advice may be able to help you spot the imposters and protect yourself against even the most hard-to-identify scam messages.
Most of us probably avoid reading disclaimers and terms of service from brands and organizations. Paying attention to guidelines for how an organization will contact you will help you stay safe from scams. Just take it from entertainment host, Andy Cohen.
Cohen received an email he thought was from his bank’s fraud department. Later, the scammer texted Cohen claiming to be from the bank, asking for more information. Cohen ended up sending the scammer money because he believed they were a bank representative. These days, many banks and brands have FYIs on their website about how to spot a legitimate text. Like this page from Chase, which goes over what a real Chase text looks like.
We have a similar disclosure on our site. For example, our customer service teams will never request sensitive information such as social security numbers, PINs, or bank or payment details. As soon as you sign up for a new account, it’s a good idea to check for this sort of disclaimer and familiarize yourself with contact methods and the type of information organizations might request.
Scam messages are so successful because scammers make them look real. During the holidays, when shoppers are ready to leap at deals, scam messages can be hard to resist. With an increased volume of scam texts during major shopping seasons, it’s no wonder open rates can be as high as 98%.
Consumers can protect themselves against realistic-looking scam messages by verifying the source of the message. If an email hits your mobile inbox, click on the sender’s name to expand their full email address. Typical brand emails will have a “do not reply” somewhere in the address or an official “@branddomain.com” email address. Scam email addresses often appear as strings of gibberish.
If unsure whether a text from a company is real, log into your account directly to see if it reflects the overdue bill or extra store credit that the text message suggests.
Knowing about the latest cybersecurity trends is always good practice. Scammers change their tactics constantly. Text scams that were popular one year may be totally out of style the next time you get a scam message.
Individuals looking for a place to start can check out FTC, FBI, and CISA websites. Those agencies offer valuable insights about fraud trends and recommendations about how people can protect themselves. The Better Business Bureau (BBB) has an interactive scam tracking tool, and AARP provides tips for older Americans who may not be as in tune with the latest tech trends and tools.
Thankfully, the software designed to protect against scams evolves, as well. Consumers can turn to product suites that offer features like finding and removing personal info from sites that sell it, adjusting social media controls, and even providing alerts about suspicious financial transactions.
For scam texts, AI is here to help. McAfee Scam Protection uses AI to scan SMS text messages and alert you about unsafe links. Users can delete those messages without opening them, reducing the risk of compromise and removing any question about whether the message is fraudulent or for real.
The $372 million figure is a stark reminder of growing fraud. As we continue into the digital age, the threat of fraudulent communications from scammers looms. To safeguard against bad actors, consumers must be proactive. By paying attention to brand communication guidelines, verifying the source of messages, remaining educated, and using modern privacy and identity products, consumers can avoid scams before they start.
The post How to Tell If Your Text Message Is Real appeared first on McAfee Blog.
We’ve said it several times in our blogs — it’s tough knowing what’s real and what’s fake out there. And that’s absolutely the case with AI audio deepfakes online.
Bad actors of all stripes have found out just how easy, inexpensive, and downright uncanny AI audio deepfakes can be. With only a few minutes of original audio, seconds even, they can cook up phony audio that sounds like the genuine article — and wreak all kinds of havoc with it.
A few high-profile cases in point, each politically motivated in an election year where the world will see more than 60 national elections:
Yet deepfakes have targeted more than election candidates. Other public figures have found themselves attacked as well. One example comes from Baltimore County in Maryland, where a high school principal has allegedly fallen victim to a deepfake attack.
It involves an offensive audio clip that resembles the principal’s voice which was posted on social media, news of which spread rapidly online. The school’s union has since stated that the clip was an AI deepfake, and an investigation is ongoing.iii In the wake of the attack, at least one expert in the field of AI deepfakes said that the clip is likely a deepfake, citing “distinct signs of digital splicing; this may be the result of several individual clips being synthesized separately and then combined.”iv
And right there is the issue. It takes expert analysis to clinically detect if an audio clip is an AI deepfake.
Audio deepfakes give off far fewer clues, as compared to the relatively easier-to-spot video deepfakes out there. Currently, video deepfakes typically give off several clues, like poorly rendered hands and fingers, off-kilter lighting and reflections, a deadness to the eyes, and poor lip-syncing. Clearly, audio deepfakes don’t suffer any of those issues. That indeed makes them tough to spot.
The implications of AI audio deepfakes online present themselves rather quickly. In a time where general awareness of AI audio deepfakes lags behind the availability and low cost of deepfake tools, people are more prone to believe an audio clip is real. Until “at home” AI detection tools become available to everyday people, skepticism is called for.
Just as “seeing isn’t always believing” on the internet, we can “hearing isn’t always believing” on the internet as well.
The people behind these attacks have an aim in mind. Whether it’s to spread disinformation, ruin a person’s reputation, or conduct some manner of scam, audio deepfakes look to do harm. In fact, that intent to harm is one of the signs of an audio deepfake, among several others.
Listen to what’s actually being said. In many cases, bad actors create AI audio deepfakes designed to build strife, deepen divisions, or push outrageous lies. It’s an age-old tactic. By playing on people’s emotions, they ensure that people will spread the message in the heat of the moment. Is a political candidate asking you not to vote? Is a well-known public figure “caught” uttering malicious speech? Is Taylor Swift offering you free cookware? While not an outright sign of an AI audio deepfake alone, it’s certainly a sign that you should verify the source before drawing any quick conclusions. And certainly before sharing the clip.
Think of the person speaking. If you’ve heard them speak before, does this sound like them? Specifically, does their pattern of speech ring true or does it pause in places it typically doesn’t … or speak more quickly and slowly than usual? AI audio deepfakes might not always capture these nuances.
Listen to their language. What kind of words are they saying? Are they using vocabulary and turns of phrase they usually don’t? An AI can duplicate a person’s voice, yet it can’t duplicate their style. A bad actor still must write the “script” for the deepfake, and the phrasing they use might not sound like the target.
Keep an ear out for edits. Some deepfakes stitch audio together. AI audio tools tend to work better with shorter clips, rather than feeding them one long script. Once again, this can introduce pauses that sound off in some way and ultimately affect the way the target of the deepfake sounds.
Is the person breathing? Another marker of a possible fake is when the speaker doesn’t appear to breathe. AI tools don’t always account for this natural part of speech. It’s subtle, yet when you know to listen for it, you’ll notice it when a person doesn’t pause for breath.
It’s upon us. Without alarmism, we should all take note that not everything we see, and now hear, on the internet is true. The advent of easy, inexpensive AI tools has made that a simple fact.
The challenge that presents us is this — it’s largely up to us as individuals to sniff out a fake. Yet again, it comes down to our personal sense of internet street smarts. That includes a basic understanding of AI deepfake technology, what it’s capable of, and how fraudsters and bad actors put it to use. Plus, a healthy dose of level-headed skepticism. Both now in this election year and moving forward.
[iii] https://www.baltimoresun.com/2024/01/17/pikesville-principal-alleged-recording/
[iv] https://www.scientificamerican.com/article/ai-audio-deepfakes-are-quickly-outpacing-detection/
The post How to Spot AI Audio Deepfakes at Election Time appeared first on McAfee Blog.
Deepfake technology has certainly made everything far more complicated online. How do you know for sure what’s real? Can you actually trust anything anymore? Recently, a Hong Kong company lost A$40 million in a deepfake scam after an employee transferred money following a video call with a scammer who looked like his boss! Even Oprah and Taylor have been affected by deepfake scammers using them to promote dodgy online schemes. So, how do we get our heads around it, and just as importantly, how do we help our kids understand it? Don’t stress – I got you. Here’s what you need to know.
Deepfake technology is essentially photoshopping on steroids. It’s when artificial intelligence is used to create videos, voice imitations, and images of people doing and saying things they never actually did. The ‘deep’ comes from the type of artificial intelligence that is used – deep learning. Deep learning trains computers to process data and make predictions in the same way the human brain does.
When it first emerged around 2017, it was clunky and many of us could easily spot a deepfake however it is becoming increasingly sophisticated and convincing. And that’s the problem. It can be used to create great harm and disruption. Not only can it be used by scammers and dodgy operators to have celebrities promote their products, but it can also be used to undertake image abuse, create pornographic material, and manipulate the outcome of elections.
When deepfakes first emerged they were clunky because they used a type of AI model called Generative Adversarial Network (or GAN). This is when specific parts of video footage or pictures are manipulated, quite commonly the mouth. You may remember when Australian mining magnate Andrew Forest was ‘deepfake’ into spruiking for a bogus ‘get rich quick’ scheme. This deepfake used GAN – as they manipulated just his mouth.
But deepfakes are now even more convincing thanks to the use of a new type of generative AI called a diffusion model. This new technology means a deepfake can be created from scratch without having to even manipulate original content making the deepfake even more realistic.
Experts and skilled scammers were the only ones who really had access to this technology until 2023 when it became widely available. Now, anyone who has a computer or phone and the right app (widely available) can make a deepfake.
While it might take a novice scammer just a few minutes to create a deepfake, skilled hackers are able to produce very realistic deepfakes in just a few hours.
As I mentioned before, deepfakes are generated to either create harm or cause disruption. But a flurry of recent research is showing that creating deepfake pornographic videos is where most scammers are putting their energy. A recent study into deepfakes in 2023 found that deepfake pornography makes up a whopping 98% of all deepfake videos found online. And not surprisingly, 99% of the victims are women. The report also found that it now takes less than 25 minutes and costs nothing to create a 60-second deepfake pornographic video of anyone using just one clear face image! Wow!!
Apart from pornography, they are often used for election tampering, identity theft, scam attempts and to spread fake news. In summary, nothing is off limits!
The ability to spot a deepfake is something we all need, given the potential harm they can cause. Here’s what to look out for:
There are two main ways you could be affected by deepfakes. First, as a victim e.g. being ‘cast’ in a deepfake pornographic video or photo. Secondly, by being influenced by a deepfake video that is designed to create harm e.g. scam, fake news, or even political disinformation.
But the good news is that protecting yourself from deepfake technology is not dissimilar to protecting yourself from general online threats. Here are my top tips:
Be Careful What You Share
The best way to protect yourself from becoming a victim is to avoid sharing anything online at all. I appreciate that this perhaps isn’t totally realistic so instead, be mindful of what and where you share. Always have privacy settings set to the highest level and consider sharing your pics and videos with a select group instead of with all your online followers. Not only does this reduce the chances of your pictures making their way into the hands of deepfake scammers but it also increases the chance of finding the attacker if someone does in fact create a deepfake of you.
Consider Watermarking Photos
If you feel like you need to share pics and videos online, perhaps add a digital watermark to them. This will make it much harder for deepfake creators to use your images as it is a more complicated procedure that could possibly be traceable.
Be Cautiously Suspicious Always
Teach your kids to never assume that everything they see online is true or real. If you always operate with a sceptical mindset, then there is less of a chance that you will be caught up in a deepfake scam. If you find a video or photo that you aren’t sure about, do a reverse image search. Or check to see if it’s covered by trusted news websites, if it’s a news video. Remember, if what the person in the video is saying or doing is important, the mainstream news media will cover it. You can always fact check what the ‘person’ in the video is claiming as well.
Use Multi-Factor Authentication
Adding another layer of security to all your online accounts will make it that much harder for a deepfake creator to access your accounts and use your photos and videos. Multi-factor authentication or 2-factor authentication means you simply add an extra step to your login process. It could be a facial scan, a code sent to your smartphone, or even a code generated on an authenticator app like Google Authenticator. This is a complete no-brainer and probably adds no more than 30 seconds to the logging in process.
Keep Your Software Updated
Yes, this can make a huge difference. Software updates commonly include ‘patches’ or fixes for security vulnerabilities. So, if your software is out of date, it’s a little like having a broken window and then wondering why people can still get in! I recommend turning on automatic updates, so you don’t have to think about it.
Passwords Are Key
A weak password is also like having a broken window – it’s so much easier for deepfake scammers to access your accounts and your pics and videos. I know it seems like a lot of work but if every one of your online accounts has its own complex and individual password then you have a much greater chance of keeping the deepfake scammers away!
So, be vigilant, always think critically, and remember you can report deepfake content to your law enforcement agency. In the US, that’s the FBI and in Australia, it is the eSafety Commissioner’s Office.
Stay safe all!
Alex
The post How To Teach Your Kids About Deepfakes appeared first on McAfee Blog.
Imagine receiving a call from a loved one, only to discover it’s not them but a convincing replica created by voice cloning technology. This scenario might sound like something out of a sci-fi movie, but it became a chilling reality for a Brooklyn couple featured in a New Yorker article who thought their loved ones were being held for ransom. The perpetrators used voice cloning to extort money from the couple as they feared for the lives of the husband’s parents.
Their experience is a stark reminder of the growing threat of voice cloning attacks and the importance of safeguarding our voices in the digital age. Voice cloning, also known as voice synthesis or voice mimicry, is a technology that allows individuals to replicate someone else’s voice with remarkable accuracy. While initially developed for benign purposes such as voice assistants and entertainment, it has also become a tool for malicious actors seeking to exploit unsuspecting victims.
As AI tools become more accessible and affordable, the prevalence of deepfake attacks, including voice cloning, is increasing. So, how can you safeguard yourself and your loved ones against voice cloning attacks? Here are some practical steps to take:
Voice cloning attacks represent a new frontier in cybercrime. With vigilance and preparedness, it’s possible to mitigate the risks and protect yourself and your loved ones. By staying informed, establishing safeguards, and remaining skeptical of unexpected communications, you can thwart would-be attackers and keep your voice secure in an increasingly digitized world.
The post How to Protect Yourself Against AI Voice Cloning Attacks appeared first on McAfee Blog.
‘Ensure your privacy settings are set to the highest level’ – if you’ve been reading my posts for a bit then you’ll know this is one of my top online safety tips. I’m a fan of ensuring that what you (and your kids) share online is limited to only the eyes that you trust. But let’s talk honestly. When was the last time you checked that your privacy settings were nice and tight? And what about your kids? While we all like to think they take our advice, do you think they have? Or it is all a bit complicated?
Research from McAfee confirms that the majority of us are keen to share our content online but with a tighter circle. In fact, 58% of social media users are keen to share content with only their family, friends, and followers but there’s a problem. Nearly half (46%) do not adjust their privacy settings on their social media platforms which means they’re likely sharing content with the entire internet!
And it’s probably no surprise why this is the case. When was the last time you tried to check your privacy settings? Could you even find them? Well, you are not alone with 55% of survey respondents confessing that they struggled to find the privacy settings on their social media platforms or even understand how they work.
Well, the good news is there is now a much easier way to decide exactly who you want to share with online. Introducing McAfee’s Social Privacy Manager. All you need to do is select your privacy preferences in a few quick clicks and McAfee will then adjust the privacy settings on your chosen social media accounts. Currently, McAfee’s software works with more than 100 platforms including LinkedIn, Google, Instagram, YouTube, and TikTok. It works across Android and iOS devices and on Windows and Mac computers also. The software is part of the McAfee+ suite.
Well, once you’ve got your social media privacy under control – you can relax – but just for a bit. Because there are a few other critical steps you need to take to ensure your online privacy is as protected as possible. Here’s what I recommend:
1. A Clever Password Strategy
In my opinion, passwords are one of the most powerful ways of protecting yourself online. If you have a weak and easily guessed password, you may as well not even bother. In an ideal world, every online account needs its own unique, complex password – think at least 12 characters, a combination of numbers, symbols, and both lower and upper case letters. I love using a crazy sentence. Better still, why not use a password manager that will create a password for you that no human could – and it will remember them for you too! A complete no-brainer!
2. Is Your Software Up To Date?
Software that is out of date is a little like leaving your windows and doors open and wondering why you might have an intruder. It exposes you to vulnerabilities and weaknesses that scammers can easily exploit. I always recommend setting your software to update automatically so take a little time to ensure yours is configured like this.
3. Think Critically Always
I encourage all my family members – both young and old – to always operate with a healthy dose of suspicion when going about their online business. Being mindful that not everything you see online is true is a powerful mindset. Whether it’s a sensational news article, a compelling ‘must have’ shopping deal, or a ‘TikTok’ influencer providing ‘tried and tested’ financial advice – it’s important to take a minute to think before acting. Always fact-check questionable news stories – you can use sites like Snopes. Why not ‘google’ to see if other customers have bad experiences with the shopping site that’s catching your eye? And if that TikTok influencer is really compelling, do some background research. But, if you have any doubts at all – walk away!
4. Wi-Fi – Think Before You Connect
Let’s be honest, Wi-Fi can be a godsend when you are travelling. If you don’t have mobile coverage and you need to check in on the kids then a Wi-Fi call is gold. But using public Wi-Fi can also be a risky business. So, use it sparingly and never ever conduct any financial transactions while connected to it – no exceptions! If you are a regular traveller, you might want to consider using a VPN to help you connect securely. A VPN will ensure that anything you send using Wi-Fi will be protected and unavailable to any potential prying eyes!
Keeping you and your family safe online is no easy feat. It’s time-consuming and let’s be honest sometimes quite overwhelming. If you have 3 kids and a partner and decided to manually update (or supervise them updating) their privacy settings then I reckon you’d be looking at least half a day’s work – plus all the associated negotiation! So, not only will McAfee’s Social Privacy Manager. ensure you and your loved ones have their social media privacy settings set nice and tight, it will also save you hours of work. And that my friends, is a good thing!
The post How Do You Manage Your Social Media Privacy? appeared first on McAfee Blog.
In recent news, Roku, a leading streaming platform, reported that over 591,000 user accounts were affected by credential stuffing attacks. This incident underscores the critical importance of safeguarding your online accounts against cyber threats. Here’s what you need to know to protect yourself and your streaming accounts.
As a proactive security measure, Roku has reset the passwords for all affected accounts. It is also notifying customers about the data leak and is refunding or reversing charges for those with unauthorized charges made by cybercriminals.
Credential stuffing is a type of cyber-attack where hackers use lists of stolen usernames and passwords from other data breaches to gain unauthorized access to user accounts on various platforms. In Roku’s case, hackers exploited this method to compromise over half a million accounts.
Hackers obtain lists of usernames and passwords from previous data breaches or leaks. These credentials are often available for sale on the dark web. They then use automated tools to input these stolen credentials into multiple websites or services, including streaming platforms like Roku. When the stolen credentials match an existing Roku account, the hackers gain access and can potentially take control of the account.
When cybercriminals gain access to your streaming accounts, they can do more than just watch your favorite shows. They may sell your account credentials on the dark web, use your personal information for identity theft, or even lock you out of your own account. This not only compromises your privacy but also puts your financial information at risk if you have payment methods linked to your streaming accounts.
The recent credential-stuffing attack on Roku serves as a stark reminder of the importance of prioritizing online protection in an increasingly digital world. By following best practices such as using strong passwords, enabling two-factor authentication, and staying vigilant about account activity, you can significantly reduce the risk of falling victim to cyber attacks. Protecting your streaming accounts isn’t just about safeguarding your entertainment preferences—it’s about safeguarding your privacy and personal information. Take the necessary steps today with McAfee+ to secure your online accounts and enjoy a safer, more secure streaming experience.
The post How to Protect Your Streaming Accounts: Lessons from Roku’s Data Leak appeared first on McAfee Blog.
Some conversations on social media can get … heated. Some can cross the line into harassment. Or worse.
Harassment on social media has seen an unfortunate rise in recent years. Despite platforms putting in reporting mechanisms, policies, and even using AI to detect and remove harmful speech, people are seeing more and more harassment on social media.
Yet even as it becomes more prevalent, nothing about it is usually. Or acceptable. No, you can’t prevent social media harassment. Yet you can protect yourself in the face of these attacks.
In 2023, research showed that 52% of American adults said they experienced harassment at some point online. That’s up from 40% in 2022. Also in 2023, 33% said they experienced it in the last year, a jump of 10% from 2022.i
The same trend follows for teens, where 51% of them said they experienced harassment in the past year, compared to 36% in the year prior.ii
Earlier research conducted in the U.S. tracked a significant rise in harassment online between 2014 and 2020. This included the doubling or the near doubling of the most severe forms of online harassment.iii
Our own research in 2022 also noted a rise of another kind — worry about online harassment. Globally, 60% of children said they were more worried that year about social media harassment (cyberbullying) compared to the year prior. Their parents showed yet more concern, with 74% of them more worried that year about their child being harassed than the last.iv
Stats are one thing, yet behind each figure stands a victim. Harassment takes a hard toll on its victims — emotional, financial, and sometimes physical. That becomes clear the moment you look at the forms it can take.
Social media harassment includes:
It includes other acts, such as:
In practice, the results can get ugly. Scanning press releases from various state attorneys general, you’ll find unflinching accounts of harassment. Like a targeted, three-year cyberstalking campaign against a victim and that person’s parents, coworkers, siblings, and court-mandated professionals.v Another, where the harasser attempted to defame his victim through a fake LinkedIn profile — and further doxed his victim by publicly posting source code the victim had written worth millions of dollars.vi
All of this serves as a reminder. Harassment can quickly turn into a crime.
The unfortunate fact remains that you can’t prevent social media harassment. Some people simply find themselves driven to do it. You can take several steps to shield yourself from attackers and deny them the info they need to fuel their attacks.
Secure your accounts.
Account security should be a high priority for you, your loved ones, and anyone else. That’s especially true during periods of harassment. Every account you have should be secured with a complex password — at least 12 to 14 characters long, with numbers, capital letters, lowercase letters, and symbols. And with two-factor authentication.
Two-factor authentication is especially important when it comes to account security. The reason is simple: a lot of harassers are tech-savvy, and enjoy taking over a victim’s account to make offensive comments in their name and damage their reputation.
Two-factor authentication prevents account takeovers like this. It requires a user to know the password and username for an account, along with another way they can prove they are who they say they are. Often that involves a code sent to their smartphone that they can use to verify their identity. At McAfee, we recommend you use two-factor authentication on any account that offers it.
Control who can follow you.
Social media platforms offer plenty of ways you can lock down your privacy, even as you remain “social” on them to some degree. Our Social Privacy Manager can help you be as private as you like. It helps you adjust more than 100 privacy settings across your social media accounts in only a few clicks, so your personal info is only visible to the people you want to share it with. By making yourself more private, you deny a potential harasser an important source of info about you, in addition to your friends, family, and life overall.
Limit what you share online.
Limit how much info you share about yourself on social media websites. Addresses, phone numbers, and locations shouldn’t be shared in posts and shouldn’t be included in biographies. Attackers can use this type of info to make false threats and, in some cases, falsify crimes to elicit a police response — this is a technique called “SWATTING” and it’s quite serious.vii
In some instances, harassers gather info about their victims on data brokers or “people finder” sites. Some of this info can get pretty detailed, and these sites will sell it to anyone. You can clean up that info, however. Our Personal Data Cleanup scans data broker sites and shows you which ones are selling your personal info. It also provides guidance on how you can remove your data from those sites — or remove it for you, depending on your plan.
Report the harassment to the social media platform.
If you find yourself targeted, don’t respond. That’s what the harasser wants. Use your social media platform’s tools to block and then report the harasser. Many platforms have web pages dedicated to harassment that walk you through the process.
Report harassment to the authorities.
First off, if you feel that you are in immediate danger, contact your local authorities for help.
In many cases, harassment is illegal. Slander, threats, damage to your professional reputation, doxing, and many of the examples mentioned earlier can amount to a crime. There are options for victims, legally speaking. If you feel a harassment campaign has crossed the line, then it’s time to contact the authorities. Bring proof of harassment. Take screenshots of everything and submit them as part of your complaint.
Talk with trusted family members and friends.
We’ve seen just how damaging and painful harassment can be. Let trusted people in your life know what’s happening. Lean on them for support. And have them help you find any resources you might need in the wake of harassment, such as counseling or even legal assistance. You might find this tough to do, yet realize that you’re not at fault here. Any ugliness you’re dealing with comes from the hands of a harasser. Not yours. Close family and friends will recognize this.
[i] https://www.adl.org/resources/report/online-hate-and-harassment-american-experience-2023
[ii] https://www.adl.org/resources/report/online-hate-and-harassment-american-experience-2023
[iii] https://www.pewresearch.org/internet/2021/01/13/the-state-of-online-harassment/
[vii] https://www.theguardian.com/technology/2016/apr/15/swatting-law-teens-anonymous-prank-call-police
The post How to Protect Yourself From Social Media Harassment appeared first on McAfee Blog.
It’s that time of year again – tax season! Whether you’ve already filed in the hopes of an early refund or have yet to start the process, one thing is for sure: cybercriminals will certainly use tax season as a means to get victims to give up their personal and financial information. This time of year is advantageous for malicious actors since the IRS and tax preparers are some of the few people who actually need your personal data. As a result, consumers are targeted with various scams impersonating trusted sources like the IRS or DIY tax software companies. Fortunately, every year the IRS outlines the most prevalent tax scams, such as voice phishing, email phishing, and fake tax software scams. Let’s explore the details of these threats.
So, how do cybercriminals use voice phishing to impersonate the IRS? Voice phishing, a form of criminal phone fraud, uses social engineering tactics to gain access to victims’ personal and financial information. For tax scams, criminals will make unsolicited calls posing as the IRS and leave voicemails requesting an immediate callback. The crooks will then demand that the victim pay a phony tax bill in the form of a wire transfer, prepaid debit card or gift card. In one case outlined by Forbes, victims received emails in their inbox that allegedly contained voicemails from the IRS. The emails didn’t actually contain any voicemails but instead directed victims to a suspicious SharePoint URL. Last year, a number of SharePoint phishing scams occurred as an attempt to steal Office 365 credentials, so it’s not surprising that cybercriminals are using this technique to access taxpayers’ personal data now as well.
In addition to voice phishing schemes, malicious actors are also using email to try and get consumers to give up their personal and financial information. This year alone, almost 400 IRS phishing URLs have been reported. In a typical email phishing scheme, scammers try to obtain personal tax information like usernames and passwords by using spoofed email addresses and stolen logos. In many cases, the emails contain suspicious hyperlinks that redirect users to a fake site or PDF attachments that may download malware or viruses. If a victim clicks on these malicious links or attachments, they can seriously endanger their tax data by giving identity thieves the opportunity to steal their refund. What’s more, cybercriminals are also using subject lines like “IRS Important Notice” and “IRS Taxpayer Notice” and demanding payment or threatening to seize the victim’s tax refund.
Cybercriminals are even going so far as to impersonate trusted brands like TurboTax for their scams. In this case, DIY tax preparers who search for TurboTax software on Google are shown ads for pirated versions of TurboTax. The victims will pay a fee for the software via PayPal, only to have their computer infected with malware after downloading the software. You may be wondering, how do victims happen upon this malicious software through a simple Google search? Unfortunately, scammers have been paying to have their spoofed sites show up in search results, increasing the chances that an innocent taxpayer will fall victim to their scheme.
Money is a prime motivator for many consumers, and malicious actors are fully prepared to exploit this. Many people are concerned about how much they might owe or are predicting how much they’ll get back on their tax refund, and scammers play to both of these emotions. So, as hundreds of taxpayers are waiting for a potential tax return, it’s important that they navigate tax season wisely. Check out the following tips to avoid being spoofed by cybercriminals and identity thieves:
File before cybercriminals do it for you. The easiest defense you can take against tax season schemes is to get your hands on your W-2 and file as soon as possible. The more prompt you are to file, the less likely your data will be raked in by a cybercriminal.
Keep an eye on your credit and your identity. Keeping tabs on your credit report and knowing if your personal information has been compromised in some way can help prevent tax fraud. Together, they can let you know if someone has stolen your identity or if you have personal info on the dark web that could lead to identity theft.
Watch out for spoofed websites. Scammers have extremely sophisticated tools that help disguise phony web addresses for DIY tax software, such as stolen company logos and site designs. To avoid falling for this, go directly to the source. Type the address of a website directly into the address bar of your browser instead of following a link from an email or internet search. If you receive any suspicious links in your email, investigating the domain is usually a good way to tell if the source is legitimate or not.
Protect yourself from scam messages. Scammers also send links to scam sites via texts, social media messages, and email. McAfee Scam Protection can help you spot if the message you got is a fake. It uses AI technology that automatically detects links to scam URLs. If you accidentally click, don’t worry, it can block risky sites if you do.
Clean up your personal info online. Crooks and scammers have to find you before they can contact you. After all, they need to get your phone number or email from somewhere. Sometimes, that’s from “people finder” and online data brokers that gather and sell personal info to any buyer. Including crooks. McAfee Personal Data Cleanup can remove your personal info from the data broker sites scammers use to contact their victims.
Consider an identity theft protection solution. If for some reason your personal data does become compromised, be sure to use an identity theft solution such as McAfee Identity Theft Protection, which allows users to take a proactive approach to protect their identities with personal and financial monitoring and recovery tools to help keep their identities personal and secured.
The post How to Steer Clear of Tax Season Scams appeared first on McAfee Blog.
Four in ten Americans say they use peer-to-peer payment services, like Venmo, PayPal, or Apple Pay, at least once a month. These platforms have made it even easier to send money by adding QR codes that people can quickly scan to pull up someone’s profile and complete a payment. Two-thirds of restaurants have started including QR codes on tables to access menus. Scanning QR codes has become a normal, convenient way to exchange money or information.
Unfortunately, scammers are always looking for ways to take advantage of moments when people are primed to part with their money. The Federal Trade Commission is warning that scammers now use QR codes to hide harmful links to steal personal information. This new type of phishing attack, called “quishing,” highlights how scamming methods are constantly changing. In response, artificial intelligence (AI) is becoming an even more crucial part of defending against scammers.
To protect yourself against phishing attacks, it’s crucial to remain vigilant and employ proactive measures. Make sure to scrutinize all incoming emails, text messages, or social media communications for any signs of suspicious or unsolicited requests, especially those urging immediate action or requesting sensitive information.
Avoid clicking links, downloading attachments, or scanning QR codes from unknown or untrusted sources. Check the legitimacy of the sender by cross-referencing contact information with official sources or contacting the organization directly through trusted channels.
Before accepting where a QR code is going to take you, carefully examine the associated URL. Verify its authenticity by scrutinizing for any discrepancies, such as misspellings or altered characters, especially if it resembles a familiar URL.
Safeguard your mobile device and accounts by regularly updating the operating system. Additionally, bolster the security of your online accounts by implementing robust passwords and integrating multi-factor authentication measures to thwart unauthorized access.
As fraudsters continually evolve their tactics, distinguishing between what’s real and what’s fake becomes increasingly challenging. However, there is formidable technology available to safeguard against their schemes. AI can analyze vast amounts of data in real-time to detect patterns and anomalies indicative of fraudulent behavior. By continuously learning from new data and adapting algorithms, AI can stay ahead of evolving fraud tactics.
The McAfee+ suite of identity and privacy protections uses AI for identity protection, transaction monitoring, credit monitoring, and proactive Scam Protection to keep you safe from even the most sophisticated scam attempts. Scam Protection employs AI technology to block risky sites, serving as a secondary defense against accidental clicks on spam links. This ensures that even after being tricked into clicking, your device won’t open the fraudulent site.
Don’t leave your digital defenses to chance. See for yourself what advanced security looks like today.
The post How to Protect Against New Types of Scams Like QR Phishing appeared first on McAfee Blog.
Scammers are turning a buck on the eclipse. A rash of eclipse scams have appeared online, many involving the sale of unsafe viewers and solar eclipse glasses.
With the eclipse making its way from Texas, through the Midwest, and up through the Northeast on April 8th, people increasingly want to get their hands on equipment to view it. And as it always is when it comes to big events and scarcity, scammers rush in.
A map of the eclipse path – GreatAmericanEclipse.com
As such, the Better Business Bureau (BBB) issued a consumer warning about the sale of cheap, knockoff solar eclipse glasses.i Worse yet, viewing the eclipse with these bogus glasses can harm your eyes. So as if getting ripped off wasn’t bad enough, this scam can damage a person’s vision.
Here, we’ll put you on the path to buying a safe set of viewing glasses — and offer several ways you can avoid buying knockoffs from a scammer.
The American Astronomical Society has a list you’ll find helpful. With a visit to their page dedicated to suppliers of solar filters and viewers, you’ll have your pick of places where you can purchase. The list is long, featuring a mix of online and retail outlets where you can get safe, approved gear for viewing.
Also, check out the society’s page on safe viewing for the eclipse. It covers what you need to know to view the eclipse safely, from how to use a viewer, the ISO 12312-2 standard that all viewers must adhere to, and how to properly clean viewers so they remain safe.
How do so many scams ramp up so quickly for such a highly specific event? It doesn’t take much to spin up e-commerce sites and pump out ads nowadays. Thanks to a host of low-cost and easy-to-use tools for publishing and advertising online, scammers of all sizes can create bogus shopping experiences much more quickly than ever.
And as we’ve discussed so often in our blogs as of late, scams look and feel increasingly sophisticated today. AI gives scammers ready access to design tools, audio and video creation tools, copywriting bots, and more. Then add in the ease with which scammers can post their ads in search and on social media, and they have quick and ready ways of reaching potential victims.
Even so, a few extra steps and a bit of caution can help you avoid these scams.
1. Stick with known, legitimate retailers online.
This is a great piece of advice to start with. Directly typing in the correct address for online stores and retailers is a prime way to avoid scammers online. In the case of retailers that you don’t know much about, the BBB asks shoppers to do their research. Ensure that the retailer has a good reputation. The BBB makes that easier with a listing of retailers you can search by typing in their name.
2. Research new sellers for their history and reviews.
Never heard of that retailer before? See when they launched their website. A relatively new site might be a sign that it’s part of a scam.
A quick visit to the ICANN (Internet Corporation for Assigned Names and Numbers) website can show you certain background info for any website you type in. Given how quickly and easily scammers can register and launch a website, this kind of info can help you sniff out a scam.
Of course, it might also indicate a new business that’s entirely legitimate, so a little more digging is called for. That’s where reviews come in. Aside from the resources listed above, a simple web search of “[company name] reviews” or “[company name] scam” can help you discover if the retailer is legit.
3. Look for the lock icon in your browser when you shop.
Secure websites begin their addresses with “https,” not just “http.” That extra “s” stands for “secure,” which means that it uses a secure protocol for transmitting sensitive info like passwords, credit card numbers, and the like over the internet. It often appears as a little padlock icon in the address bar of your browser, so double-check for that. If you don’t see that it’s secure, it’s best to avoid making purchases on that website.
4. Pay with a credit card instead of your debit card.
Credit cards offer fraud protections that debit cards don’t. Another key difference: when fraud occurs with a debit card, you fight to get your money back — it’s gone straight out of your account. With a credit card, the issuer fights to get their money back. They’re the ones who take the financial hit.
Additionally, in the U.S., the Fair Credit Billing Act offers the public protection against fraudulent charges on credit cards. The act gives citizens the power to dispute charges over $50 for goods and services that were never delivered or otherwise billed incorrectly. Note that many credit card companies have their own policies that improve upon the Fair Credit Billing Act as well. However, debit cards aren’t afforded the same protection under the Act. Avoid using a debit card while shopping online and use your credit card instead.
5. Protect your devices for shopping.
A complete suite of online protection software like McAfee+ can offer layers of extra security while you shop. It includes scam protection that can block malicious and questionable links that might lead you down the road to malware or a phishing scam — along with a password manager that can create and securely store strong, unique passwords.
If you have some last-minute bookings and travel in your plans for the eclipse, look out for online rental fraud scams. With a few images cobbled together from the internet, scammers list phony properties and seek to get paid outside legitimate rental platforms — leaving you short of funds and short of a place to stay when you finally arrive.
You can avoid these scams rather easily. Trust a trusted platform. Book your vacation rental through a reputable outlet. Vacation rental platforms like Airbnb and VRBO have policies and processes in place that protect renters from scammers.
You have several other ways you can avoid booking scams …
First, look at the listing.
Do the photos look grainy or like they came from a magazine? Do a reverse image search on the photo and see what comes up. It might be a piece of stock photography designed to trick you into thinking it was taken at an actual property for rent. Also, read the reviews for the property. Listings with no reviews are a red flag.
Only communicate on the platform.
The moment a host asks to communicate outside of the platform is another red flag. Scammers will try to lure you off the platform where they can request payment in forms that are difficult to recover or trace after you realize you’ve been scammed. That includes methods such as certified checks, money transfers like Western Union, and online payment apps like Zelle. Generally, when that money is gone, it’s gone for good.
Only pay on the platform.
Likewise, paying for your rental outside the platform might also go against the terms of service, as in the case of Airbnb. Or, as with VRBO, paying outside the platform voids their “Book with Confidence Guarantee,” which offers you certain protections. Use the platform to pay and use a credit card when you do. In the U.S., the Fair Credit Billing Act allows you to dispute charges. Additionally, some credit cards offer their own anti-fraud protections that can help you dispute a billing.
With big events comes scarcity. Postseason sports and merch. Holiday shopping and hot gifts. Vacation time and rentals at popular destinations. Scammers love this combination. With people in a rush to buy or book, scammers take advantage. As we now see, we can add eclipses to that list, just as we saw with the 2017 eclipse.
In addition to the advice above, take your time and ensure a safe purchase. Given that variants of this scam involve phony, unsafe viewing glasses, take the extra care that your vision absolutely deserves. Go with a reputable retailer with ISO-approved lenses.
The post How to Avoid Solar Eclipse Scams appeared first on McAfee Blog.
With the rise of cheap and easy-to-use AI tools, deepfake attacks find themselves likewise on the rise. Startling as that news might sound, you have several ways of falling victim to one.
Right now, we’re seeing plenty of AI voice cloning tools used in deepfake attacks. These attacks work much like classic targeted phishing attacks, also known as “spearphishing,” given the precision scammers use to pull them off.
It works like this:
A scammer identifies a target, gathers info on them, and then uses that info against them in a deepfake attack. With info gathered from their social media profiles, public records, “people finder” sites, and data broker sites, scammers create convincing-sounding messages with AI voice-cloning tools.
All they need is a script and a sample of a person’s voice that they want to impersonate — pulled from, say, YouTube, a social media video, a conference call, what have you. Just a few minutes does the trick, creating a voice clone that requires an expert to detect.
Between an uncanny voice clone and a script peppered with all kinds of personal details, these deepfake messages sound legit.
Moreover, scammers use another tool to get their victims to act. Urgency. They play on people’s emotions so that they’ll take the bait in the head of the moment. Imagine a deepfake message that sounds like it’s from a friend or family member. Their car broke down in the middle of nowhere and they need money for a repair or they run into trouble while traveling abroad and likewise need money to get out of a jam. In all, the voice clone says it needs help and needs it now.
Before the victim knows it, they’ve readily handed over funds, personal info, or both to a scammer — which leads to things like identity theft and fraud.
As these attacks started cropping up last year, we surveyed people worldwide to get a sense of just how often they occur. Out of 7,000 people surveyed, one in four said that they had experienced an AI voice cloning scam or knew someone who had.
Moreover, those attacks came at a cost. Of the people who reported losing money to an audio deepfake, 36% said they lost between $500 and $3,000, while 7% got taken for sums anywhere between $5,000 and $15,000.
Again, as even as convincing as these deepfake messages might sound, you can keep yourself safer from these attacks. It starts with keeping your personal info out of the hands of scammers.
Make your social media more private. Our new McAfee Social Privacy Manager personalizes your privacy based on your preferences. It does the heavy lifting by adjusting more than 100 privacy settings across your social media accounts in only a few clicks. This makes sure that your personal info is only visible to the people you want to share it with. It also keeps it out of search engines where the public, and scammers, can see it.
Remove your info from data brokers that sell it. McAfee Personal Data Cleanup helps you remove your personal info from many of the riskiest data broker sites out there. Running it regularly can keep your name and info off these sites, even as data brokers collect and post new info. Depending on your plan, it can send requests to remove your data automatically.
Delete your old accounts. Yet another source of personal info comes from data breaches. Scammers use this info as well to complete a sharper picture of their potential victims. With that, many internet users can have over 350 online accounts, many of which they might not know are still active. McAfee Online Account Cleanup can help you delete them. It runs monthly scans to find your online accounts and shows you their risk level. From there, you can decide which to delete, protecting your personal info from data breaches and your overall privacy as a result.
Set a verbal password with your friends and family. Several deepfake attacks involve an urgent voice message from a friend or family member. Setting a verbal password like you do with banks and alarm companies can help determine if a message is real or fake. Make sure everyone knows and uses it in messages when they ask for help.
Typically, deepfake attacks lead to some kind of fraud. Victims hand over money, personal info, credit card numbers, and gift cards after being taken in by the fraudster. So while deepfakes are new, the attack itself plays out like an age-old con game. With the age-old results. Given that, recovering from a deepfake attack follows the same steps it takes to recover from practically any type of fraud.
File a police report.
Someone stole from you. Treat fraud like the crime it is. Start by contacting law enforcement to file a report. Your local police department can issue a formal report, which you might need to get your bank or other financial institution to reverse fraudulent charges.
Before contacting the police, gather all the relevant info about what happened. This could include the dates and times of fraudulent activity and any account numbers affected. Bringing copies of your bank statements can be useful. Also, make note of any suspicious activity that might be related. For example, was your debit card recently lost or your email hacked? The police will want to know.
Notify the companies involved.
Depending on how you responded to the deepfake, the companies involved might include banks, credit card companies, the providers of gift cards, and other money transfer services. Each will have a method of reporting fraud. Some might offer ways to reverse the charges or recoup the funds. But not always. Scammers ask for payment in gift cards and money transfers for a reason. They’re as good as cash. After that money is gone, it’s likely gone for good.
In the U.S., File a report with the Federal Trade Commission.
In the U.S., the Federal Trade Commission (FTC) hosts IdentityTheft.gov where you can further report such crimes. Along with the details you provide, it can create a free recovery plan you can use to address the effects of identity theft, like contacting the major credit bureaus or alerting the Internal Revenue Service (IRS) fraud department. You can report your case online or by calling 1-877-438-4338.
For another excellent resource from the FTC, you can visit their page dedicated to scam recovery. It offers detailed guidance for several types of scams and what to do if you fall victim to one.
And outside of the U.S.
Our knowledge base article on identity theft offers suggestions for the specific steps you can take in specific countries, along with helpful links for local authorities that you can turn to for reporting and assistance.
Put a freeze on your credit to prevent further theft.
A credit freeze is another smart move, which you can do through each of the three major credit bureaus. You can either call them or start the process online. This prevents people from accessing your credit report. Lenders, creditors, retailers, landlords, and others might want to see your credit as proof of financial stability. For example, if someone tries to open a phone contract under your name, the retailer might check the credit report. If there is a credit freeze in place, they won’t be able to view it and won’t issue the contract. If you need to allow someone access to your credit report, you can temporarily lift the freeze. And depending on your plan, you can issue a credit freeze or an even more comprehensive security freeze right from the McAfee app.
Use identity theft coverage to recover from deepfake fraud.
Having coverage in place before an attack can save you time and money should the unexpected happen. Our Identity Theft & Restoration Coverage can help. It offers $2 million in coverage and assistance from a licensed identity restoration pro who can repair your identity and your credit after an attack.
The post Are You a Victim of a Deepfake Attack? Here’s What to Do Next appeared first on McAfee Blog.
People under 60 are losing it online. And by it, I mean money—thanks to digital identity theft.
In its simplest form, your digital identity is made up of a whole host of things that can be traced back to you and who you are. That can range anywhere from photos you post online to online shopping accounts, email accounts to telephone numbers, and bank accounts to your tax ID.
In this way, your digital identity is like dozens upon dozens of puzzle pieces made up of different accounts, ID numbers, and so forth. When put together, they create a picture of you. And that’s why those little puzzle pieces of your identity are such attractive targets for hackers. If they get the right combination of them, you can end up a victim of theft or fraud.
Here’s what’s happening: people under 60 were twice as likely to report losing money while shopping online. The spotlight also shows that adults under 60 are more than four times more likely to report losing money to an investment scam, and the majority of those losses happened in scams involving some form of cryptocurrency investments.
And it’s no surprise younger adults get targeted this way. They’re far more likely than any other age group to use mobile apps for peer-to-peer payments, transfer money between accounts, deposit checks, and pay bills. In short, there’s a lot of money flowing through the palms of their hands thanks to their phones, as well as their computers.
Protecting yourself from hackers and fraud means protecting your digital identity. And that can feel like a pretty huge task given all the information your digital identity includes. It can be done, though, especially if you think about your identity like a puzzle. A piece here, another piece there, can complete the picture (or complete it just enough) to give a hacker what they need to separate you from your money. Thus, the way to stay safe is to keep those puzzle pieces out of other people’s hands.
It’s actually not that tough. With a few new habits and a couple of apps to help you out, you can protect yourself from the headaches and flat-out pain of fraud. Here’s a list of straightforward things that you can get started on right away:
1. Start with the basics—security software
Protect yourself by protecting your stuff. Installing and using security software on your computers and phones can prevent all kinds of attacks and make you safer while you surf, bank, and shop online. I should emphasize it again—protect your phone. Only about half of people protect their phones even though they use them to hail rides, order food, send money to friends, and more. Going unprotected on your phone means you’re sending all that money on the internet in a way that’s far, far less safe than if you use online protection.
2. Create strong passwords
You hear this one all the time and for good reason—strong, unique passwords offer one of your best defenses against hackers. Never re-use them (or slight alterations of them) across the different platforms and services you use. Don’t forget to update them on the regular (that means at least every 60 days)! While that sounds like a lot of work, a password manager can keep on top of it all for you. And if your platform or service offers the use of two-factor authentication, definitely make use of that. It’s a further layer of security that makes hacking tougher for crooks.
3. Keep up to date with your updates
Updates have a way of popping up on our phones and computers nearly every day, resist the urge to put them off until later. Aside from making improvements, updates often include important security fixes. So, when you get an alert for your operating system or app on your devices, go ahead and update. Think of it as adding another line of defense from hackers who are looking to exploit old flaws in your apps.
4. Think twice when you share
Social media is one place hackers go to harvest personal information because people sometimes have a way of sharing more than they should. With info like your birthday, the name of your first school, your mother’s maiden name, or even the make of your first car, they can answer common security questions that could hack into your accounts. Crank up the privacy settings on your accounts so only friends and family can see your posts—and realize the best defense here is not to post any possibly sensitive info in the first place. Also, steer clear of those “quizzes” that sometimes pop up in your social feeds. Those are other ways that hackers try to gain bits of info that can put your identity at risk.
5. Shred it
Even though so many of us have gone paperless with our bills, identity theft by digging through the trash, or “dumpster diving,” is still a thing. Things like medical bills, tax documents, and checks still might make their way to your mailbox. You’ll want to dispose of them properly when you’re through with them. First, invest in a paper shredder. Once you’ve online deposited that check or paid that odd bill, shred it so that any personal or account info on there can’t be read (and can be recycled securely). Second, if you’re heading out of town for a bit, have a friend collect your mail or have the post office put a temporary hold on your mail. That’ll prevent thieves from lifting personal info right from your mailbox while you’re away.
6. Check your credit
Even if you don’t think there’s a problem, go ahead and check your credit. The thing is, someone could be charging things against your name without you even knowing it. Depending on where you live, different credit reporting agencies keep tabs on people’s credit. In the U.S., the big ones are Equifax, Experian, and TransUnion. Also in the U.S., the Fair Credit Reporting Act (FCRA) requires these agencies to provide you with a free credit check at least once every 12 months. Canada, the UK, and other nations likewise offer ways to get a free credit report. Run down your options—you may be surprised by what you find.
As I just mentioned, the quickest way to get sense of what’s happening with your identity is to check your credit. Identity theft goes beyond money. Crooks will steal identities to rent apartments, access medical services, and even get jobs. Things like that can show up on a credit report, such as when an unknown address shows up in a list of your current and former residences or when a company you’ve never worked for shows up as an employer. If you spot anything strange, track it down right away. Many businesses have fraud departments with procedures in place that can help you clear your name if you find a charge or service wrongfully billed under your name.
Other signs are far more obvious. You may find collection agencies calling or even see tax notices appearing in your mailbox (yikes). Clearly, cases like those are telltale signs that something is really wrong. In that case, report it right away:
Likewise, many nations offer similar government services. A quick search will point you in the right direction.
Another step you can take is to ask each credit bureau to freeze your credit, which prevents crooks from using your personal information to open new lines of credit or accounts in your name. Fraud alerts offer another line of protection for you as well, and you can learn more about fraud alerts here.
With so many bits and pieces of information making up your digital identity, a broader way of keeping it safe involves asking yourself a question: what could happen if someone got their hands on this info? Further realizing that even little snippets of unsecured info can lead to fraud or theft in your name helps—even that un-shredded bill or innocuous refund check for a couple of bucks could give a crook the puzzle piece they need. You can keep your digital identity safe by keeping those pieces of info out of other people’s hands.
The post How to Protect Your Digital Identity appeared first on McAfee Blog.
What’s the difference between identity fraud and identity theft? Well, it’s subtle, so much so that it’s easy to use them nearly interchangeably. While both can take a bite out of your wallet, they are different—and knowing the differences can help you understand what’s at stake.
Let’s start with an overview and a few examples of each.
So there’s that subtle difference we mentioned. Identity fraud involves the misuse of an existing account. Identity theft means the theft of your personal information, which is then used to impersonate you in some way, such as opening new accounts in your name.
Above and beyond those definitions and examples, a couple of real-life examples put the differences in perspective as well.
As for identity fraud, individual cases of fraud don’t always make the headlines, but that’s not to say you won’t hear about it in a couple of different ways.
The first way may be news stories about data breaches, where hackers gain things like names, emails, and payment information from companies or organizations. That info can then end up in the hands of a fraudster, who then accesses those accounts to drain funds or make purchases.
On a smaller scale, you may know someone who has had to get a new credit or debit card because theirs was compromised, perhaps by a breach or by mistakenly making a payment through an insecure website or by visiting a phony login page as part of a phishing attack. These can lead to fraud as well.
It usually starts with someone saying anything from, “That’s strange …” to “Oh, no!” There’ll be a strange charge on your credit card bill, a piece of mail from a bill collector, or a statement from an account you never opened—just to name a few things.
With that, I have a few recent blogs that help you spot all kinds of identity crime, along with advice to help keep it from happening to you in the first place:
While there are differences between identity fraud and identity theft, they do share a couple of things in common: you can take steps to prevent them, and you can take steps to limit their impact should you find yourself faced with one or the other.
The articles called out above will give you the details, yet staying safe begins with vigilance. Check on your accounts and credit reports regularly and really scrutinize what’s happening in them. Consider covering yourself with an identity monitoring solution — and act on anything that looks strange or outright fishy by reporting it to the company or institution in question.
The post How To Tell The Difference Between Identity Fraud and Identity Theft? appeared first on McAfee Blog.
When it comes to identity theft, trust your gut when something doesn’t feel right. Follow up. What you’re seeing could be a problem.
A missing bill or a mysterious charge on your credit card could be the tip of an identity theft iceberg, one that can run deep if left unaddressed. Here, we’ll look at several signs of identity theft that likely need some investigation and the steps you can take to take charge of the situation.
Unfortunately, it can happen in several ways.
In the physical world, it can happen simply because you lost your wallet or debit card. However, there are also cases where someone gets your information by going through your mail or trash for bills and statements. In other more extreme cases, theft can happen by someone successfully registering a change of address form in your name (although the U.S. Postal Service has security measures in place that make this difficult).
In the digital world, that’s where the avenues of identity theft blow wide open. It could come by way of a data breach, a thief “skimming” credit card information from a point-of-sale terminal, or by a dedicated crook piecing together various bits of personal information that have been gathered from social media, phishing attacks, or malware designed to harvest information. Additionally, thieves may eavesdrop on public Wi-Fi and steal information from people who are shopping or banking online without the security of a VPN.
Regardless of how crooks pull it off, identity theft is on the rise. According to the Federal Trade Commission (FTC), identity theft claims jumped up from roughly 650,000 claims in 2019 to 1 million in 2023. Of the reported fraud cases where a dollar loss was reported, the FTC calls out the following top three contact methods for identity theft:
However, phone calls, texts, and email remain the most preferred contact methods that fraudsters use, even if they are less successful in creating dollar losses than malicious websites, ads, and social media.
Identity thieves leave a trail. With your identity in hand, they can charge things to one or more of your existing accounts—and if they have enough information about you, they can even create entirely new accounts in your name. Either way, once an identity thief strikes, you’re probably going to notice that something is wrong. Possible signs include:
As you can see, the signs of possible identity theft can run anywhere from, “Well, that’s strange …” to “OH NO!” However, the good news is that there are several ways to check if someone is using your identity before it becomes a problem – or before it becomes a big problem that gets out of hand.
The point is that if you suspect fraud, you need to act right away. With identity theft becoming increasingly commonplace, many businesses, banks, and organizations have fraud reporting mechanisms in place that can assist you should you have any concerns. With that in mind, here are some immediate steps you can take:
Whether you spot a curious charge on your bank statement or you discover what looks like a fraudulent account when you get your free credit report, let the bank or business involved know you suspect fraud. With a visit to their website, you can track down the appropriate number to call and get the investigation process started.
Some businesses will require you to file a local police report to acquire a case number to complete your claim. Even beyond a business making such a request, filing a report is still a good idea. Identity theft is still theft and reporting it provides an official record of the incident. Should your case of identity theft lead to someone impersonating you or committing a crime in your name, filing a police report right away can help clear your name down the road. Be sure to save any evidence you have, like statements or documents that are associated with the theft. They can help clean up your record as well.
The FTC’s identity theft website is a fantastic resource should you find yourself in need. Above and beyond simply reporting the theft, the FTC can provide you with a step-by-step recovery plan—and even walk you through the process if you create an account with them. Additionally, reporting theft to the FTC can prove helpful if debtors come knocking to collect on any bogus charges in your name. You can provide them with a copy of your FTC report and ask them to stop.
You can place a free one-year fraud alert with one of the major credit bureaus (Experian, TransUnion, Equifax), and they will notify the other two. A fraud alert will make it tougher for thieves to open accounts in your name, as it requires businesses to verify your identity before issuing new credit in your name.
A credit freeze goes a step further. As the name implies, a freeze prohibits creditors from pulling your credit report, which is needed to approve credit. Such a freeze is in place until you lift it, and it will also apply to legitimate queries as well. Thus, if you intend to get a loan or new credit card while a freeze is in place, you’ll likely need to take extra measures to see that through. Contact each of the major credit bureaus (Experian, TransUnion, Equifax) to put a freeze in place or lift it when you’re ready.
This can run the gamut from closing any false accounts that were set up in your name, removing bogus charges, and correcting information in your credit report such as phony addresses or contact information. With your FTC report, you can dispute these discrepancies and have the business correct the record. Be sure to ask for written confirmation and keep a record of all documents and conversations involved.
If you receive a notice from the IRS that someone used your identity to file a tax return in your name, follow the information provided by the IRS in the notice. From there, you can file an identity theft affidavit with the IRS. If the notice mentions that you were paid by an employer you don’t know, contact that employer as well and let them know of possible fraud—namely that someone has stolen your identity and that you don’t truly work for them.
Also, be aware that the IRS has specific guidelines as to how and when they will contact you. As a rule, they will most likely contact you via physical mail delivered by the U.S. Postal Service. (They won’t call or apply harassing pressure tactics—only scammers do that.) Identity-based tax scams are a topic all of their own, and for more on it, you can check out this article on tax scams and how to avoid them.
Another downside of identity theft is that it can mark the start of a long, drawn-out affair. One instance of theft can possibly lead to another, so even what may appear to be an isolated bad charge on your credit card calls for keeping an eye on your identity. Many of the tools you would use up to this point still apply, such as checking up on your credit reports, maintaining fraud alerts as needed, and reviewing your accounts closely.
With all the time we spend online as we bank, shop, and simply surf, we create and share all kinds of personal information—information that can get collected and even stolen. The good news is that you can prevent theft and fraud with online protection software, such as McAfee+ Ultimate.
With McAfee+ Ultimate you can:
In all, it’s our most comprehensive privacy, identity, and device protection plan, built for a time when we rely so heavily on the internet to go about our day, whether that’s work, play, or simply getting things done.
Realizing that you’ve become a victim of identity theft carries plenty of emotion with it, which is understandable—the thief has stolen a part of you to get at your money, information, and even reputation. Once that initial rush of anger and surprise has passed, it’s time to get clinical and get busy. Think like a detective who’s building – and closing – a case. That’s exactly what you’re doing. Follow the steps, document each one, and build up your case file as you need. Staying cool, organized, and ready with an answer to any questions you’ll face in the process of restoring your identity will help you see things through.
Once again, this is a good reminder that vigilance is the best defense against identity theft from happening in the first place. While there’s no absolute, sure-fire protection against it, there are several things you can do to lower the odds in your favor. And at the top of the list is keeping consistent tabs on what’s happening across your credit reports and accounts.
The post How to Detect Signs of Identity Theft appeared first on McAfee Blog.
Elder scams cost seniors in the U.S. some $3 billion annually. And tax season adds a healthy sum to that appalling figure.
What makes seniors such a prime target for tax scams? The Federal Bureau of Investigation (FBI) states several factors. For one, elders are typically trusting and polite. Additionally, many own their own home, have some manner of savings, and enjoy the benefits of good credit—all of which make for an ideal victim profile.
Also according to the FBI, elders may be less able or willing to report being scammed because they may not know the exact way in which they were scammed, or they may feel a sense of shame over it, or even some combination of the two. Moreover, being scammed may instill fear that family members will lose confidence in their ability to look after their own affairs.
If there’s one thing that we can do for our elders, it’s help them raise their critical hackles so they can spot these scams and stop them in their tracks, particularly around tax time. With that, let’s see how crooks target elders, what those scams look and feel like, along with the things we can do to keep ourselves and our loved ones from getting stung.
The phone rings, and an assertive voice admonishes an elder for non-payment of taxes. The readout on the caller ID shows “Internal Revenue Service” or “IRS,” the person cites an IRS badge number, and the victim is told to pay now via a wire transfer or prepaid gift card. The caller even knows the last four digits of their Social Security Number (SSN). This is a scam.
The caller, and the claim of non-payment, are 100 percent bogus. Even with those last four digits of the SSN attempting to add credibility, it’s still bogus. (Chances are, those last four digits were compromised elsewhere and ended up in the hands of the thieves by way of the black market or dark web so that they could use them in scams just like these.)
Some IRS imposter scams take it a step further. Fraudsters will threaten victims with arrest, deportation, or other legal action, like a lien on funds or the suspension of a driver’s license. They’ll make repeated calls as well, sometimes with additional imposters posing as law enforcement as a means of intimidating elders into payment.
The IRS will never threaten you or someone you know in such a way.
In fact, the IRS will never call you to demand payment. Nor will the IRS ever ask you to wire funds or pay with a gift card or prepaid debit card. And if the IRS claims you do owe funds, you will be notified of your rights as a taxpayer and be given the opportunity to make an appeal. If there’s any question about making payments to the IRS, the IRS has specific guidelines as to how to make a payment properly and safely on their official website.
It’s also helpful to know what the IRS will do in the event you owe taxes. In fact, they have an entire page that spells out how to know it’s really the IRS calling or knocking at your door. It’s a quick read and a worthwhile one at that.
In all, the IRS will contact you by mail or in person. Should you get one of these calls, hang up. Then, report it. I’ll include a list of ways you can file a report at the end of the article.
Whether it’s a disembodied voice generated by a computer or a scripted message that’s been recorded by a person, robocalls provide scammers with another favorite avenue of attack. The approach is often quite like the phone scam outlined above, albeit less personalized because the attack is a canned robocall. However, robocalls allow crooks to cast a much larger net in the hopes of illegally wresting money away from victims. In effect, they can spam hundreds or thousands of people with one message in the hopes of landing a bite.
While perhaps not as personalized as other imposter scams, they can still create that innate sense of unease of being contacted by the IRS and harangue a victim into dialing a phony call center where they are further pressured into paying by wire or with a prepaid card, just like in other imposter scams. As above, your course of action here is to simply hang up and report it.
Here’s another popular attack. An elder gets an unsolicited email from what appears to be the IRS, yet isn’t. The phony email asks them to update or verify their personal or financial information for a payment or refund. The email may also contain an attachment which they are instructed to click and open. Again, all of these are scams.
Going back to what we talked about earlier, that’s not how the IRS will contact you. These are phishing attacks aimed at grifting prized personal and financial information that scammers can use to commit acts of theft or embezzlement. In the case of the attachment, it very well may contain malware that can do further harm to their device, finances, or personal information.
If you receive one of these emails, don’t open it. And certainly don’t open any attachments—which holds true for any unsolicited email you receive with an attachment.
Beyond simply knowing how to spot a possible attack, you can do several things to prevent one from happening in the first place.
First let’s start with some good, old-fashioned physical security. You may also want to look into purchasing a locking mailbox. Mail and porch theft are still prevalent, and it’s not uncommon for thieves to harvest personal and financial information by simply lifting it from your mailbox.
Another cornerstone of physical security is shredding paper correspondence that contains personal or financial information, such as bills, medical documents, bank statements and so forth. I suggest investing a few dollars on an actual paper shredder, which are typically inexpensive if you look for a home model. If you have sensitive paper documents in bulk, such as old tax records that you no longer need to save, consider calling upon a professional service that can drive up to your home and do that high volume of shredding for you.
Likewise, consider the physical security of your digital devices. Make sure you lock your smartphones, tablets, and computers with a PIN or password. Losing a device is a terrible strain enough, let alone knowing that the personal and financial information on them could end up in the hands of a crook. Also see if tracking is available on your device. That way, enabling device tracking can help you locate a lost or stolen item.
There are plenty of things you can do to protect yourself on the digital front too. Step one is installing comprehensive security software on your devices. This will safeguard you in several ways, such as email filters that will protect you from phishing attacks, features that will warn you of sketchy links and downloads, plus further protection for your identity and privacy—in addition to overall protection from viruses, malware, and other cyberattacks.
Additional features in comprehensive security software that can protect you from tax scams include:
And here’s one item that certainly bears mentioning: dispose of your old technology securely. What’s on that old hard drive of yours? That old computer may contain loads of precious personal and financial info on it. Look into the e-waste disposal options in your community. There are services that will dispose of and recycle old technology while doing it in a secure manner so the data and info on your device doesn’t see the light of day again.
As said earlier, don’t let a bad deed go unreported. The IRS offers the following avenues of communication to report scams.
In all, learning to recognize the scams that crooks aim at elders and putting some strong security measures in place can help prevent these crimes from happening to you or a loved one. Take a moment to act. It’s vital, because your personal information has a hefty price tag associated with it—both at tax time and any time.
The post How to Spot, and Prevent, the Tax Scams That Target Elders appeared first on McAfee Blog.
There’s little rest for your hard-working smartphone. If you’re like many professionals today, you use it for work, play, and a mix of personal business in between. Now, what if something went wrong with that phone, like loss or theft? Worse yet, what if your smartphone got hacked? Let’s try and keep that from happening to you.
Globally, plenty of people pull double duty with their smartphones. In Spain, one survey found that 55% of people use the same phone for a mix of personal and and work activity. The same survey showed that up to half of people interviewed in Japan, Australia, and the U.S. do so as well, while nations like the UK and Germany trailed at 31% and 23% respectively.
Whether these figures trend on the low or high end, the security implications remain constant. A smartphone loaded with business and personal data makes for a desirable target. Hackers target smartphones because they’re often unprotected, which gives hackers an easy “in” to your personal information and to any corporate networks you may use. It’s like two hacks with one stone.
Put simply, as a working professional with a smartphone, you’re a high-value target.
As both a parent and a professional, I put together a few things you can do to protect your smartphone from hacks so that you can keep your personal and work life safe:
First up, the basics. Locking your phone with facial ID, a fingerprint, pattern or a pin is your most basic form of protection, particularly in the event of loss or theft. (Your options will vary depending on the device, operating system, and manufacturer.) Take it a step further for even more protection. Secure the accounts on your phone with strong passwords and use two-factor authentication on the apps that offer it, which doubles your line of defense.
Or, put another way, don’t hop onto public Wi-Fi networks without protection. A VPN masks your connection from hackers allowing you to connect privately when you are on unsecure public networks at airports, cafes, hotels, and the like. With a VPN connection, you’ll know that your sensitive data, documents, and activities you do are protected from snooping, which is definitely a great feeling given the amount of personal and professional business we manage with our smartphones.
Both Google Play and Apple’s App Store have measures in place to help prevent potentially dangerous apps from making it into their stores. Malicious apps are often found outside of the app stores, which can run in the background and compromise your personal data like passwords, credit card numbers, and more—practically everything that you keep on your phone. Further, when you are in the app stores, look closely at the descriptions and reviews for apps before you download them. Malicious apps and counterfeits can still find their way into stores, and here are a few ways you can keep those bad apps from getting onto your phone.
Backing up your phone is always a good idea for two reasons:
Both iPhones and Android phones have straightforward ways of backing up your phone regularly.
Worst case scenario—your phone is gone. Really gone. Either it’s hopelessly lost or got stolen. What now? Lock it remotely or even wipe its data entirely. While that last bit about wiping the phone seems like a drastic move, if you maintain regular backups as mentioned above, your data is secure in the cloud—ready for you to restore. In all, this means that hackers won’t be able to access you, or your company’s, sensitive information—which can keep you out of trouble and your professional business safe. Apple provides iOS users with a step-by-step guide for remotely wiping devices, and Google offers up a guide for Android users as well.
We all download apps, use them once, and then forget they are on our phone. Take a few moments to swipe through your screen and see which ones you’re truly done with and delete them along with their data. Some apps have an account associated with them that may store data off your phone as well. Take the extra step and delete those accounts so any off-phone data is deleted.
The reason for this is that every extra app is another app that needs updating or that may have a security issue associated with it. In a time of data breaches and vulnerabilities, deleting old apps is a smart move. As for the ones you keep, update them regularly and turn on auto-updates if that’s an option. Updates not only introduce new features to apps, but they also often address security issues too.
With so much of your life on your phone, getting security software installed on it can protect you and the things you keep on your phone. Whether you’re an Android owner or iOS owner, mobile security software can keep your data, your shopping, and payments secure.
The post 7 Tips to Protect Your Smartphone from Getting Hacked appeared first on McAfee Blog.
According to reports from the Federal Trade Commission’s Consumer Sentinel database, text message scams swindled $330 million from Americans in 2022 alone. The staggering figure highlights a growing concern for consumers globally, who increasingly interact with brands and service providers via text, email, and even social media. As our reliance on technology continues, it is important for everyone to understand how to spot scam texts amid the real messages they receive. amid the real messages they receive.
With such frequent communication from brands and organizations, you can be hard-pressed to figure out what is a scam or not. This practical and actionable advice may be able to help you spot the imposters and protect yourself against even the most hard-to-identify scam messages.
Most of us probably avoid reading disclaimers and terms of service from brands and organizations. Paying attention to guidelines for how an organization will contact you will help you stay safe from scams. Just take it from entertainment host, Andy Cohen.
Cohen received an email he thought was from his bank’s fraud department. Later, the scammer texted Cohen claiming to be from the bank, asking for more information. Cohen ended up sending the scammer money because he believed they were a bank representative. These days, many banks and brands have FYIs on their website about how to spot a legitimate text. Like this page from Chase, which goes over what a real Chase text looks like.
We have a similar disclosure on our site. For example, our customer service teams will never request sensitive information such as social security numbers, PINs, or bank or payment details. As soon as you sign up for a new account, it’s a good idea to check for this sort of disclaimer and familiarize yourself with contact methods and the type of information organizations might request.
Scam messages are so successful because scammers make them look real. During the holidays, when shoppers are ready to leap at deals, scam messages can be hard to resist. With an increased volume of scam texts during major shopping seasons, it’s no wonder open rates can be as high as 98%.
Consumers can protect themselves against realistic-looking scam messages by verifying the source of the message. If an email hits your mobile inbox, click on the sender’s name to expand their full email address. Typical brand emails will have a “do not reply” somewhere in the address or an official “@branddomain.com” email address. Scam email addresses often appear as strings of gibberish.
If unsure whether a text from a company is real, log into your account directly to see if it reflects the overdue bill or extra store credit that the text message suggests.
Knowing about the latest cybersecurity trends is always good practice. Scammers change their tactics constantly. Text scams that were popular one year may be totally out of style the next time you get a scam message.
Individuals looking for a place to start can check out FTC, FBI, and CISA websites. Those agencies offer valuable insights about fraud trends, and recommendations about how people can protect themselves. The Better Business Bureau (BBB) has an interactive scam tracking tool, and AARP provides tips for older Americans who may not be as in tune with the latest tech trends and tools.
Thankfully, the software designed to protect against scams evolves, as well. Consumers can turn to product suites that offer features like finding and removing personal info from sites that sell it, adjusting social media controls and even providing alerts about suspicious financial transactions.
For scam texts, AI is here to help. McAfee Scam Protection uses AI to scan SMS text messages and alert you about unsafe links. Users can delete those messages without opening them, reducing the risk of compromise and removing any question about whether the message is fraudulent or real.
The $330 million figure is a stark reminder of growing fraud. As we continue into the digital age, the threat of fraudulent communications from scammers looms. To safeguard against bad actors, consumers must be proactive. By paying attention to brand communication guidelines, verifying the source of messages, remaining educated and using modern privacy and identity products, consumers can avoid scams before they start.
The post Scam or Not? How to Tell Whether Your Text Message Is Real appeared first on McAfee Blog.
Did you just get word that your personal information may have been caught up in a data breach? If so, you can take steps to protect yourself from harm should your info get into the hands of a scammer or thief.
How does that information get collected in the first place? We share personal information with companies for multiple reasons simply by going about our day—to pay for takeout at our favorite restaurant, to check into a hotel, or to collect rewards at the local coffee shop. Of course, we use our credit and debit cards too, sometimes as part of an online account that tracks our purchase history.
In other words, we leave trails of data practically wherever we go these days, and that data is of high value to hackers. Thus, all those breaches we read about.
Whether it’s a major breach that exposes millions of records or one of many other smaller-scale breaches like the thousands that have struck healthcare providers, each one serves as a reminder that data breaches happen regularly and that we could find ourselves affected. Depending on the breach and the kind of information you’ve shared with the business or organization in question, information stolen in a breach could include:
What do crooks do with that data? Several things. Apart from using it themselves, they may sell that data to other criminals. Either way, this can lead to illicit use of credit and debit cards, draining of bank accounts, claiming tax refunds or medical expenses in the names of the victims, or, in extreme cases, assuming the identity of others altogether.
In all, data is a kind of currency in of itself because it has the potential to unlock several aspects of victim’s life, each with its own monetary value. It’s no wonder that big breaches like these have made the news over the years, with some of the notables including:
As mentioned, these are big breaches with big companies that we likely more than recognize. Yet smaller and mid-sized businesses are targets as well, with some 43% of data breaches involving companies of that size. Likewise, restaurants and retailers have seen their Point-of-Sale (POS) terminals compromised, right on down to neighborhood restaurants.
When a company experiences a data breach, customers need to realize that this could impact their online safety. If your favorite coffee shop’s customer database gets leaked, there’s a chance that your personal or financial information was exposed. However, this doesn’t mean that your online safety is doomed. If you think you were affected by a breach, you can take several steps to protect yourself from the potential side effects.
One of the most effective ways to determine whether someone is fraudulently using one or more of your accounts is to check your statements. If you see any charges that you did not make, report them to your bank or credit card company immediately. They have processes in place to handle fraud. While you’re with them, see if they offer alerts for strange purchases, transactions, or withdrawals.
Our credit monitoring service can help you keep an eye on this. It monitors changes to your credit score, report, and accounts with timely notifications and guidance so you can take action to tackle identity theft.
Breached and stolen information often ends up in dark web marketplaces where hackers, scammers, and thieves purchase it to commit yet more crime. Once it was difficult to know if your information was caught up in such marketplaces, yet now an identity monitoring service can do the detective work for you.
Our service monitors the dark web for your personal info, including email, government IDs, credit card and bank account info, and more. This can help keep your personal info safe with early alerts that show you if your data is found on the dark web, an average of 10 months ahead of similar services. From there, you’ll get guidance that you can act on, which can help protect your info and accounts from theft.
If you suspect that your data might have been compromised, place a fraud alert on your credit. This not only ensures that any new or recent requests undergo scrutiny, but also allows you to have extra copies of your credit report so you can check for suspicious activity. You can place one fraud alert with any of the three major credit reporting agencies (Equifax, Experian, TransUnion) and they will notify the other two. A fraud alert typically lasts for a year, although there are options for extending it as well.
Freezing your credit will make it highly difficult for criminals to take out loans or open new accounts in your name, as a freeze halts all requests to pull your credit—even legitimate ones. In this way, it’s a far stronger measure than placing a fraud alert. Note that if you plan to take out a loan, open a new credit card, or other activity that will prompt a credit report, you’ll need to take extra steps to see that through while the freeze is in place. (The organization you’re working with can assist with the specifics.) Unlike the fraud alert, you’ll need to contact each major credit reporting agency to put one in place. Also, a freeze lasts as long as you have it in place. You’ll have to remove it yourself, again with each agency.
You can centrally manage this process with our security freeze service, which stops companies from looking at your credit profile, and thus halts the application process for loans, credit cards, utilities, new bank accounts, and more. A security freeze won’t affect your credit score.
Ensure that your passwords are strong and unique. Many people utilize the same password or variations of it across all their accounts. Therefore, be sure to diversify your passcodes to ensure hackers cannot obtain access to all your accounts at once, should one password be compromised. You can also employ a password manager to keep track of your credentials, such as the one you’ll find in comprehensive online protection software.
If the unfortunate happens to you, an identity theft coverage & restoration service can help you get back on your feet. Ours offers $1 million in coverage for lawyer fees, travel expenses, and stolen funds reimbursement. It further provides support from a licensed recovery expert who can take the needed steps to repair your identity and credit. In all, it helps you recover the costs of identity theft along with the time and money it takes to recover from it.
You can take this step any time, even if you haven’t been caught up in a data breach. The fact is that data broker companies collect and sell thousands of pieces of information on millions and millions of people worldwide, part of a global economy estimated at $200 billion U.S. dollars a year. And they’ll sell it to anyone—from advertisers for their campaigns, to scammers who will use it for spammy emails, texts, and calls, and to thieves who use that information for identity theft.
Yet you can clean it up. Our personal data cleanup service can scan some of the riskiest data broker sites and show you which ones are selling your personal info. It also provides guidance on how you can remove your data from those sites and, with select products, even manage the removal for you.
Comprehensive online protection software will offer you the tools and services listed above, along with further features that can protect you online. That includes a VPN to keep your time online more private from online data collection while protecting it from thieves who’re out to steal credit card and account information. It also includes web browsing protection that can warn you of sketchy websites and malicious downloads that look to steal your information. In all, it’s thorough protection for your devices, privacy, and identity. And in a time of data breaches, that kind of protection has become essential.
The post How to Protect Yourself From Identity Theft After a Data Breach appeared first on McAfee Blog.
Over the past year and a half, workers everywhere have gotten used to working from home. They have adopted an entirely new work from home mindset and diverted their weekly commuting hours to other productive and more enjoyable pursuits. As parts of the world return to a “new normal,” another change is on the way: a gradual return to the office.
The hybrid working model is met with mixed reviews from employees and business security teams alike. For some employees, a clearer separation between work and home is a welcome change. CTV News reports 66% of Canadian respondents to an International Workplace Group poll say they are looking forward to splitting their working hours between the office and home.
For business security teams who are just catching their breath after the monumental shift to a remote workforce, they are now gearing up for the new online safety challenges posed by the hybrid work model. According to a VMware Canada Threat Report, 86% of security professionals agree that cyberattacks aimed at their organizations have become more sophisticated since the onset of the pandemic. Additionally, 91% of global respondents cite employees working from home as the cause of cyberattacks. Challenges of the hybrid workforce include the constant back-and-forth of company-issued devices, the lack of control over home office setups, and mixing personal and company devices with company and personal business respectively. For example, if you pay your bills or shop online using your work device, it opens several new avenues for a hacker to walk right onto the corporate network. When your guard is down even a little bit when you are off the clock, you could fall victim to e-skimmers, fake login pages, or phishing scams.
No matter how advanced your company’s threat detection system, hackers know where vulnerabilities lie and are on the hunt to exploit them. Check out these tips to ensure you are not the weak link in your organization.
A virtual private network (VPN) is a service that scrambles online browsing data, making it impossible for nefarious characters to decipher your activity. This is an excellent way to deter hackers from tracking your movements and picking up sensitive pieces of information.
VPNs are essential if you are working in a public area, sharing a wireless network with strangers, or using a Wi-Fi connection that is not password protected. Public Wi-Fi networks are notoriously easy pickings for hackers seeking entry into unsuspecting users’ devices. On the days where you are not in the office, make sure your wireless connection is secure.
While a VPN is an excellent tool, security measures and your accounts are vulnerable without a strong and private password or passphrase to protect them. The gigantic Colonial Pipeline hack is being blamed on a hacker gaining entry through an unused VPN that was not secured with multifactor authentication. Multifactor authentication is an online safety measure where more than one method of identity verification is needed to access the valuable information that lies within password-protected accounts.
Consider using a password manager to organize all your passwords and logins. Password managers remember each pairing so you don’t have to, plus most managers are secured with multifactor authentication. A password manager makes it easier to add variety to your passwords and prevents you from ever having to write them down.
Professionals who travel between their home and an office are likely transporting their devices back and forth, increasing the number of opportunities for devices to be forgotten at either location or in transit. As convenient as it may be, never use your personal device for official business. Even if you pride yourself on sound online safety habits, your company device likely has more defenses ingrained in its hardware than your personal devices.
With your personal devices, you should carefully vet everything you download. With your work-issued devices, this vetting process is even more important as company information is at stake. The Information and Privacy Commissioner of Ontario states that employees should never download applications to their work devices without permission from the IT team. Apps and programs often have security vulnerabilities that could open a gateway for hackers.
Zero Trust is a security philosophy that is exactly what it sounds like: trust no one. Businesses are employing Zero Trust models to greatly limit who has access to sensitive data sources. Adopt your own personal Zero Trust philosophy concerning your passwords, logins, and device access. This means never sharing passwords or log in details, especially over email, instant messenger, or over a video conference. Hackers commonly eavesdrop on all three mediums. Also, even your most trusted coworker could mishandle your passwords and login details, such as writing them down and leaving them in a public place.
A key aspect of the Zero Trust model is only granting employees access to platforms that are vital to their job. Sharing your logins with coworkers who may not be authorized for using that platform undermines all the hard work the IT team does to keep tabs on data access.
Every time you turn on the nightly news, another ransomware attack has hit another organization, each one bigger than the last. This heightened prevalence is a reflection on the wiliness of hackers, but also the number of security holes every company must plug.
There are several vulnerable points of entry in every company, and some of those vulnerabilities are heightened by the hybrid work model. Always heed the advice of your company’s IT team, and make sure to do your part to keep your devices and work information secure.
The post Hybrid Workplace Vulnerabilities: 4 Ways to Promote Online Safety appeared first on McAfee Blog.
When you open your laptop or your mobile device, what is the first thing you do? Do you head to your favorite social media site to skim the latest news, or do you place your weekly grocery delivery order? No matter what your daily online habits are, even the slightest degree of caution can go a long way in staying secure online.
That’s because hackers are experts at hiding malware in your everyday online routines, or even infiltrating your cookies to steal login information and learn about your personal preferences.
According to a StatsCan Canadian internet use survey, six out of ten internet users reported experiencing a cybersecurity incident. There are many hoops to jump through when navigating the digital landscape. By taking the necessary steps to remedy vulnerabilities in your digital activity, you can dramatically improve your online protection.
Cybercriminals take advantage of online users through routine avenues you would not expect. Here are three common ways that cybercriminals eavesdrop on online users.
Adware, or advertising-supported software, generates ads in the user interface of a person’s device. Adware is most often used to generate revenue for the developer by targeting unsuspecting online users with personalized ads paid by third parties. These third parties usually pay per view, click, or application installation.
Though not always malicious, adware crosses into dangerous territory when it is downloaded without a user’s consent and has nefarious intent. In this case, the adware becomes known as a potentially unwanted application (PUA) that can remain undetected on users’ devices for long periods of time. According to a report by the Cybersecure Policy Exchange, an unintentionally installed or downloaded computer virus or piece of malware is one of the top five cybercrimes that Canadians experience. The PUA can then create issues like frequent crashes and slow performance.
Users unknowingly download adware onto their device when they download a free ad-supported program or visit a non-secure site that does not use the Hypertext Transfer Protocol Secure (HTTPS) to encrypt online communication.
Hackers also use invasive tactics known as ad injections, where they inject ads with malicious code for increased monetary gain. This is a practice known as “malvertising.” If a user clicks on a seemingly legitimate and well-placed ad, they risk exposing themselves to numerous online threats. These ads can be infected with malware such as viruses or spyware. For example, hackers can exploit browser vulnerabilities to download malware, steal information about the device system, and gain control over its operations. Hackers can also use malvertising to run fraudulent tech support scams, steal cookie data, or sell information to third-party ad networks.
Another vulnerability that many may not realize is their browser’s built-in autofill functions. As tempting as it is to use your browser’s autofill function to populate a long form, this shortcut may not be safe. Cybercriminals have found ways to capture credentials by inserting fake login boxes onto a web page that users cannot see. So, when you accept the option to autofill your username and password, you are also populating these fake boxes.
Take a proactive approach to your digital protection the next time you are browsing the internet by reassessing your online habits. Check out these five tips to ensure you are staying as safe as possible online.
Cookie data can contain anything from login information to credit card numbers. Cybercriminals looking to exploit this information can hijack browser sessions to pose as legitimate users and steal cookies as they travel across networks and servers. As a result, it is essential for online users to regularly clear out their cookies to better protect their information from falling into the wrong hands. Navigate to your browser’s history, where you can wipe the data associated with each browser session, including your cookies.
Clearing your browser’s cookie data will also remove your saved logins, which is why leveraging a password manager can make it easier to access regularly visited online accounts.
Many browsers come with a built-in password generator and manager; however, it is better to entrust your logins and password to a reputable password manager. Browser password managers are not as secure as password managers, because anyone who has access to your device will also access your online information. A password manager, provides a more secure solution since it requires you to log in with a separate master password. A password manager also works across various browsers and can generate stronger passwords than those created by your browser.
In addition to clearing cookie data, users should adjust their browser settings to ensure their online sessions remain private.
Another option is to access the internet in Private Browsing Mode to automatically block third-party tracking, making it a quick and easy option to ensure private browsing. Users can also enable the “do not track” function of their browser to prevent third-party tracking by advertisers and websites. Additionally, you can adjust your browser settings to block pop-up ads and control site permissions, such as access to cameras and locations.
Ad blockers suppress unwanted and potentially malicious ads to ensure a safer browsing experience. Ad blockers can also make it easier to view page layout by removing distracting ads and optimizing page load speed. Additionally, they prevent websites from tracking your information that third parties can sell.
Deploying a security solution like McAfee+ Ultimate ensures the safest internet browsing experience through a holistic approach for threat detection, protection, and remediation. Equipped with a password manager, antivirus software, and firewall protection, users can effectively sidestep online threats while browsing the internet. Moreover, it includes comprehensive privacy and identity protection, such as our Personal Data Cleanup, dark web monitoring, credit monitoring, along with ways you can quickly Lock or freeze your credit file to help prevent accounts from being opened in your name.
Your online behavior can say a lot about you so make sure you safeguard your internet protection. Whether it is through malvertising or invisible forms, hackers can glean information to paint a picture of who you are to target you through deceptive tactics. Cybercriminals are always looking for vulnerabilities which is why assessing your online habits sooner rather than later is a critical first step to smarter online browsing.
The post How to Protect Your Online Privacy appeared first on McAfee Blog.
AI has made the dating scene. In a big way. Nearly one in four Americans say they’ve spiced up their online dating photos and content with artificial intelligence (AI) tools. Yet that might do more harm than good, as 64% of people also said that they wouldn’t trust a love interest who used AI-generated photos in their profiles.
That’s only two of the findings from this year’s Modern Love research. Our second annual study surveyed 7,000 people in seven countries to discover how AI and the internet are changing love and relationships. And it should come as no surprise that AI has ushered in several hefty changes.
In all, we found that mixing love and AI has its ups and downs. For one, people cite how effective AI is. Almost 7 in 10 people said they got more interest and better responses using AI-generated content than their own. However, people also said they didn’t like receiving AI-coded sentiments. Some 57% said they’d be hurt or offended if they found out their Valentine’s message was written by AI.
The tricky part is this — people still find it tough to spot AI content. Only 24% of people said they were sure they could tell if a message or love letter was written by an AI tool like ChatGPT. Still, 42% said they saw fake profiles or photos on dating sites, apps, and social media in the past year.
Moreover, two-thirds of people said that they’re more concerned about phony AI-created content now than they were a year ago. As further findings from McAfee Labs show, those concerns have their roots in reality.
Without question, the rise of powerful AI tools has complicated the online dating landscape. In particular, AI has made it easier for romance scammers to trick people looking for love online. They can ramp up their scams more quickly and with more sophistication than ever before.
In fact, the McAfee Labs team has seen an increase in Valentine’s campaign themes, including malware campaigns, malicious URLs, and a variety of spam and scams. They expect these numbers will continue to rise as February 14 gets closer. Since late January, our Labs team has uncovered that:
These findings fall right in line with what online daters told us. Nearly one-third of Americans said that an online love interest turned out to be a scammer. Another 14% said they discovered an interest was an AI-bot and not a real person.
What’s at stake in these scams? Money, personal info, and sometimes both.
While many romance scammers make initial contact with their victims on dating websites and apps, they quickly move the conversation elsewhere, such as chat apps like WhatsApp and Telegram. In other cases, they move to texts. This gives scammers an advantage, as many dating platforms have fraud detection measures in place. And it’s here where romance scammers commit theft and fraud.
Large, organized crime operations run many romance scams. Moving the conversation from a dating site or app is often a sign that the victim has been “passed along” to a senior scammer who excels at extracting payments and personal info from victims. People shared the top types of info that scammers tried to tease out of them:
In a dating pool filled with an increasing number of scams and AI content, online daters find themselves doing some detective work.
Our study found that 38% of people said they used reverse image search on profile pictures of people they’ve met on social media or dating sites. Another 60% of respondents said they often use social media to dig into the background of their potential partners. As a result:
And rounding out those findings, 11% said they discovered something else entirely — that their potential special person was already in a relationship.
Online dating has always called for a bit of caution. Now with AI hitting the dating scene, it calls for a little skepticism, if not a little detective work. That, in combination with the right tools to protect your privacy, identity, and personal info, can mean the difference between a budding relationship or heartbreak — whether that’s financial, emotional, or both. The following steps can help:
The past year has brought plenty of change to online dating. People now use AI to pepper up their dating profiles and pics, compose love notes, or come up with a few lines for the inside of a card. Likewise, scammers have welcomed AI just as warmly. They use it to fuel content and chats that swindle victims looking for love, backed by sophisticated and large-scale operations that run like a business.
Yet today’s online daters still have what it takes to spot a fake. They have several tools and protections available to them, many powered by AI that can help them steer clear of heartbreak, both the financial and emotional kind. That, along with a mix of healthy skepticism and detective work, they can still date online with confidence, even as AI continues to make its way onto the dating scene.
Survey Methodology
The survey was conducted online between January 2024 by Market Research Company, MSI-ACI via email inviting people 18 years and older to complete an online questionnaire. In total 7,000 adults completed the survey from 7 countries included the United States, United Kingdom, France, Germany, Australia, India, and Japan.
The post Love Bytes – How AI is shaping Modern Love appeared first on McAfee Blog.
Deep fakes are a growing concern in the age of digital media and can be extremely dangerous for school children. Deep fakes are digital images, videos, or audio recordings that have been manipulated to look or sound like someone else. They can be used to spread misinformation, create harassment, and even lead to identity theft. With the prevalence of digital media, it’s important to protect school children from deep fakes.
Educating students on deep fakes is an essential step in protecting them from the dangers of these digital manipulations. Schools should provide students with information about the different types of deep fakes and how to spot them.
Media literacy is an important skill that students should have in order to identify deep fakes and other forms of misinformation. Schools should provide students with resources to help them understand how to evaluate the accuracy of a digital image or video.
Schools should emphasize the importance of digital safety and provide students with resources on how to protect their online identities. This includes teaching students about the risks of sharing personal information online, using strong passwords, and being aware of phishing scams.
Schools should monitor online activity to ensure that students are not exposed to deep fakes or other forms of online harassment. Schools should have policies in place to protect students from online bullying and harassment, and they should take appropriate action if they find any suspicious activity.
By following these tips, schools can help protect their students from the dangers of deep fakes. Educating students on deep fakes, encouraging them to be media literate, promoting digital safety, and monitoring online activity are all important steps to ensure that school children are safe online.
Through quipping students with the tools they need to navigate the online world, schools can also help them learn how to use digital technology responsibly. Through educational resources and programs, schools can teach students the importance of digital citizenship and how to use digital technology ethically and safely. Finally, schools should promote collaboration and communication between parents, students, and school administration to ensure everyone is aware of the risks of deep fakes and other forms of online deception.
Deep fakes have the potential to lead to identity theft, particularly if deep fakes tools are used to steal the identities of students or even teachers. McAfee’s Identity Monitoring Service, as part of McAfee+, monitors the dark web for your personal info, including email, government IDs, credit card and bank account info, and more. We’ll help keep your personal info safe, with early alerts if your data is found on the dark web, so you can take action to secure your accounts before they’re used for identity theft.
The post How to Protect School Children From Deep Fakes appeared first on McAfee Blog.
With the rise of artificial intelligence (AI) and machine learning, concerns about the privacy of personal data have reached an all-time high. Generative AI is a type of AI that can generate new data from existing data, such as images, videos, and text. This technology can be used for a variety of purposes, from facial recognition to creating “deepfakes” and manipulating public opinion. As a result, it’s important to be aware of the potential risks that generative AI poses to your privacy.
In this blog post, we’ll discuss how to protect your privacy from generative AI.
Generative AI is a type of AI that uses existing data to generate new data. It’s usually used for things like facial recognition, speech recognition, and image and video generation. This technology can be used for both good and bad purposes, so it’s important to understand how it works and the potential risks it poses to your privacy.
Generative AI can be used to create deepfakes, which are fake images or videos that are generated using existing data. This technology can be used for malicious purposes, such as manipulating public opinion, identity theft, and spreading false information. It’s important to be aware of the potential risks that generative AI poses to your privacy.
Generative AI uses existing data to generate new data, so it’s important to be aware of what data you’re sharing online. Be sure to only share data that you’re comfortable with and be sure to use strong passwords and two-factor authentication whenever possible.
There are a number of privacy-focused tools available that can help protect your data from generative AI. These include tools like privacy-focused browsers, VPNs, and encryption tools. It’s important to understand how these tools work and how they can help protect your data.
It’s important to stay up-to-date on the latest developments in generative AI and privacy. Follow trusted news sources and keep an eye out for changes in the law that could affect your privacy.
By following these tips, you can help protect your privacy from generative AI. It’s important to be aware of the potential risks that this technology poses and to take steps to protect yourself and your data.
Of course, the most important step is to be aware and informed. Research and organizations that are using generative AI and make sure you understand how they use your data. Be sure to read the terms and conditions of any contracts you sign and be aware of any third parties that may have access to your data. Additionally, be sure to look out for notifications of changes in privacy policies and take the time to understand any changes that could affect you.
Finally, make sure to regularly check your accounts and reports to make sure that your data is not being used without your consent. You can also take the extra step of making use of the security and privacy features available on your device. Taking the time to understand which settings are available, as well as what data is being collected and used, can help you protect your privacy and keep your data safe.
This blog post was co-written with artificial intelligence (AI) as a tool to supplement, enhance, and make suggestions. While AI may assist in the creative and editing process, the thoughts, ideas, opinions, and the finished product are entirely human and original to their author. We strive to ensure accuracy and relevance, but please be aware that AI-generated content may not always fully represent the intent or expertise of human-authored material.
The post How to Protect Your Privacy From Generative AI appeared first on McAfee Blog.
AI scams are becoming increasingly common. With the rise of artificial intelligence and technology, fraudulent activity is becoming more sophisticated and sophisticated. As a result, it is becoming increasingly important for families to be aware of the dangers posed by AI scams and to take steps to protect themselves.
By taking these steps, you can help protect your family from AI scams. Educating yourself and your family about the potential risks of AI scams, monitoring your family’s online activity, using strong passwords, installing anti-virus software, and checking your credit report regularly can help keep your family safe from AI scams.
No one likes to be taken advantage of or scammed. By being aware of the potential risks of AI scams, you protect your family from becoming victims.
In addition, it is important to be aware of emails or texts that appear to be from legitimate sources but are actually attempts to entice you to click on suspicious links or provide personal information. If you receive a suspicious email or text, delete it immediately. If you are unsure, contact the company directly to verify that the message is legitimate. By being aware of potential AI scams keep your family safe from financial loss or identity theft.
You can also take additional steps to protect yourself and your family from AI scams. Consider using two-factor authentication when logging in to websites or apps, and keep all passwords and usernames secure. Be skeptical of unsolicited emails or texts never provide confidential information unless you are sure you know who you are dealing with. Finally, always consider the source and research any unfamiliar company or service before you provide any personal information. By taking these steps, you can help to protect yourself and your family from the dangers posed by AI scams.
monitor your bank accounts and credit reports to ensure that no unauthorized activity is taking place. Set up notifications to alert you of any changes or suspicious activity. Make sure to update your security software to the latest version and be aware of phishing attempts, which could be attempts to gain access to your personal information. If you receive a suspicious email or text, do not click on any links and delete the message immediately.
Finally, stay informed and know the signs of scam. Be your online accounts and look out for any requests for personal information. If something looks suspicious, trust your instincts and don’t provide any information. Report any suspicious activity to the authorities and make sure to spread the word to others from falling victim to AI scams.
This blog post was co-written with artifical intelligence (AI) as a tool to supplement, enhance, and make suggestions. While AI may assist in the creative and editing process, the thoughts, ideas, opinions, and the finished product are entirely human and original to their author. We strive to ensure accuracy and relevance, but please be aware that AI-generated content may not always fully represent the intent or expertise of human-authored material.
The post How to Protect Your Family From AI Scams appeared first on McAfee Blog.
Social media is part of our social fabric. So much so that over 56% of the global population are social media users to some degree or other. With all that sharing, conversing, and information passing between family and friends, social media can be a distinct digital extension of ourselves—making it important to know how you can protect your social media accounts from hacks and attacks.
Beyond the sheer number of people who’re on social media, there’s also the amount of time we spend on it. People worldwide spend an average of 147 minutes a day on social media. With users in the U.S. spending just over two hours on social media a day and users in the Philippines spending nearly four hours a day, that figure can vary widely. Yet it’s safe to say that a good portion of our day features time scrolling and thumbing through our social media feeds.
Given how much we enjoy and rely on social media, now’s a fine time to give your social media settings and habits a closer look so that you can get the most out of it with less fuss and worry. Whether you’re using Facebook, Instagram, TikTok, or whatnot, here are several things you can do that can help keep you safe and secure out there:
Passwords mark square one in your protection, with strong and unique passwords across all your accounts forming primary line of defense. Yet with all the accounts we have floating around, juggling dozens of strong and unique passwords can feel like a task—thus the temptation to use (and re-use) simpler passwords. Hackers love this because one password can be the key to several accounts. Instead, try a password manager that can create those passwords for you and safely store them as well. Comprehensive security software will include one.
Social media platforms like Facebook, Instagram, and others give you the option of making your profile and posts visible to friends only. Choosing this setting keeps the broader internet from seeing what you’re doing, saying, and posting, which can help protect your privacy.
Be critical of the invitations you receive. Out-and-out strangers could be more than just a stranger, they could be a fake account designed to gather information on users for purposes of cybercrime, or they can be an account designed to spread false information. There are plenty of them too. In fact, in Q3 of 2021 alone, Facebook took action on 1.8 billion fake accounts. Reject such requests.
Nothing says “there’s nobody at home right now” like that post of you on vacation or sharing your location while you’re out on the town. In effect, such posts announce your whereabouts to a broad audience of followers (even a global audience, if you’re not posting privately, as called out above). Consider sharing photos and stories of your adventures once you’ve returned.
It’s a famous saying for a reason. Whether your profile is set to private or if you are using an app with “disappearing” messages and posts (like Snapchat), what you post can indeed be saved and shared again. It’s as simple as taking a screenshot. If you don’t want it out there, forever or otherwise, simply don’t post it.
We’re increasingly accustomed to the warnings about phishing emails, yet phishing attacks happen plenty on social media. The same rules apply. Don’t follow any links you get from strangers by way of instant or direct messengers. And keep your personal information close. Don’t pass out your email, address, or other info as well. Even those so-called “quiz” posts and websites can be ruses designed to steal bits and pieces of personal info that can be used as the basis of an attack.
Sadly, social media can also be a place where people pull a fast one. Get-rich-quick schemes, romance cons, and all kinds of imposters can set up shop in ads, posts, and even direct messages—typically designed to separate you from your personal information, money, or both. This is an entire topic to itself, and you can learn plenty more about quizzes and other identity theft scams to avoid on social media.
Some platforms such as Facebook allow users to review posts that are tagged with their profile names. Check your account settings and give yourself the highest degree of control over how and where your tags are used by others. This will help keep you aware of where you’re being mentioned by others and in what way.
Security software can protect you from clicking on malicious links while on social media while steering you clear of other threats like viruses, ransomware, and phishing attacks. It can look out for you as well, by protecting your privacy and monitoring your email, SSN, bank accounts, credit cards, and other personal information. With identity theft a rather commonplace occurrence today, security software is really a must.
Now you can point to a number that shows you just how safe you are with our Protection Score. It’s an industry first, and it works by taking stock of your overall security and grading it on a scale of 0 to 1,000. From there, it calls out any weak spots and then walks you through the steps to shore it up with personalized guidance. This way, you’re always in the know about your security, privacy, and personal identity on social media and practically wherever else your travels take you online.
The post How to Protect Your Social Media Accounts appeared first on McAfee Blog.
We’ve seen how AI can create — and how it can transform our lives. What gets talked about less is how AI protects us too.
Certainly, it’s tough to miss how generative AI has turned sci-fi dreams of the past into today’s reality. From AI apps that help ease loneliness thanks to their human-like conversations, to technology that can predict and manage health risks, to browsers that whip up pieces of art with a prompt, it’s changing the way we go about our day and the way we live our lives.
However, we find ourselves only in generative AI’s earliest days. Countless more applications await over the near and distant horizon alike.
Yet that’s the important thing to remember with AI. It’s an application. A tool. And like any other tool, it’s neutral. Whether it helps or harms comes down to the person using it.
Thus, on the flip side of AI, we’ve seen all manner of shady and damaging applications. Hackers use AI to code new forms of malware at record rates. Scammers spin up convincing-looking phishing attacks and sites that harvest personal info, also at record rates. And we’ve further seen bad actors use so-called “deepfake” technologies to clone the voices and likenesses of public figures, whether for profit or to spread disinformation.
So, amid the excitement about AI, there runs a thread of uncertainty. Recently, we found that 52% of Americans are more concerned than excited about AI in daily life. Only 10% of people said they’re more excited than concerned. Meanwhile, 36% feel a mix of excitement and concern.
Uncertainty prevails, for sure. Yet something often gets overlooked in the conversation about AI: it can offer powerful protections against all manner of threats. Moreover, AI offers particularly potent protections against AI threats.
In this way, AI is your ally. At McAfee, we’ve used it to protect you for nearly a decade now. In fact, AI applications have been around for some time, long before they made headlines like they do now. And we continue to evolve AI technologies to help keep you safe. In the age of AI, McAfee is your ally. Our aim is to give you certainty and safety in rapidly changing times.
Ultimately, here’s what’s at stake today: people want to know what they can trust, and AI has made that tricky. What’s real? What’s fake? It’s getting tougher and tougher to tell.
The future of AI and online safety lies in pairing progress with protection. Here at McAfee, we see this as our role. We’re evolving AI in ways that give people the power to protect their privacy, identity, and devices even better than before. Now, that protection extends yet further. It also gives them the power to know what they can trust whenever they go online.
The time couldn’t be more right for that. Uncertainty about AI prevails. In all, more than half of Americans we talked to said they’re concerned that the arrival of AI has made online scams more accurate and believable.
Our threat detection figures put their concerns into focus:
With that, we ask ourselves, what can AI do for you? How can it keep you safe? Three principles provide the answer:
These principles drive our thinking in significant ways as we pair progress with protection in the age of AI. They stand as our commitment to keeping you safe and certain online, through our existing technologies and entirely new technologies alike.
As we’ve used AI as a core component of our protection for years now, it’s done plenty for you over that time. Our AI has sniffed out viruses, malicious websites, and sketchy content online. It’s helped steer you clear of malicious websites too.
So, the AI you have in your McAfee antivirus, it works like this:
Now we’ve made improvements to our AI-driven protection — and unveiled all-new features that take full advantage of AI, such as McAfee Next-gen Threat Protection and McAfee Scam Protection.
McAfee’s AI-powered security just got faster and stronger. Our Next-gen Threat Protection takes up less disk space, reduces its background processes by 75%, and scans 3x faster than before. This makes your time online safer without slowing down your browsing, shopping, streaming, and gaming.
Results from AV-TEST’s product review in October 2023 saw it block 100% of entirely new malware attacks in real-world testing. It likewise scored 100% against malware discovered in the previous four weeks. In all, it received the highest marks for protection, performance, and usability — earning it the AV-TEST Top Product certification.
Moreover, AI continually gets smarter because every evaluation provides more data for it to learn and improve its accuracy. McAfee conducts over 4 billion threat scans a day, and that number is quickly growing. We continue to innovate with leading-edge AI technology to provide the most advanced and powerful protection available.
The AI-powered scam protection in McAfee+ is like having that lie detector test we mentioned earlier. Advanced AI-powered technology helps prevent you from opening scam texts and blocks risky sites if you accidentally click on a scam link in texts, QR codes, emails, social media posts, and more. This AI-driven scam protection delivers real-time mobile alerts when a scam text is detected and is the only app on the market that sends alerts on both iOS and Android.
Advances in threat protection and scam protection mark just the start of where we’re taking our long-standing use of AI next. Sure, AI has made life easier for hackers and scammers. In some ways. In yet more important ways, it’s making their lives far more difficult. Downright tough in fact, particularly as we use it here at McAfee to detect their scam messages and texts, beat their AI-generated malware, and warn you of their malicious websites. And that’s just for starters. We have more to come.
You can expect to see other fraud-busting and info-validating uses of AI across our online protection software in the months to come. That’s what’s in store as we stand as you ally in the age of AI.
The post How to Stay Safe in the Age of AI appeared first on McAfee Blog.
While you can’t delete your personal info from the internet entirely, you can take strong steps to remove it from risky places. Several where others could tap into it for profit or harm.
Why is it so important to take control of our personal info? It has street value, and it has for some time now. Because so much of business, finance, healthcare, and life in general runs on it, your personal info has a dollar sign to it. Plenty of people want to get a hold of it.
Personal info fuels targeted advertising and marketing campaigns, just as it helps adjusters set insurance rates and healthcare providers make projections about our well-being. Businesses want it for employment background checks. Law enforcement uses it when investigating persons of interest. Banks and credit card companies base their approvals on it. Websites and apps collect it for their own purposes, which they sometimes share or sell to third parties.
And of course, hackers, scammers, and thieves want it too. To steal your identity, drain your accounts, and wage other attacks on you.
No doubt, your personal info has value. High value. And that makes a strong argument for doing what you can to control what you share and where you share it to the best possible degree. With so much that hinges on your personal info, it’s good to know that you can take control in powerful ways. We’ll show how it’s far easier to do that today than ever before.
Taking control of your personal info starts with a look at your digital shadow. Everyone casts one. And like everyone else’s digital shadow, yours gets filled with info about you — personal info stored online across the internet.
For starters, your digital shadow includes things like posts in forums, social media profiles, the posts that you put up there, and other people’s posts that mention you. It includes other sources of info, like pictures of you in an online newsletter, your name listed in the standings of your co-ed soccer league, and a bio of you on your company’s “About Us” page. Online reviews provide potential sources too. In all, this part of your digital shadow grows larger in two ways — as you say more things, and as more things are said about you.
Your shadow grows yet more with the addition of public records. That might include what you paid for your home, who lives there with you, your age, your children, your driving record, education, occupation, and estimated income. It all depends on where you live and what data regulations are in place there. Some regions have stricter privacy rules in place than others when it comes to public records. For example, in the U.S., California, Virginia, Connecticut, Colorado, Utah, Iowa, Indiana, Tennessee, Oregon, Montana, Texas, and Delaware have strong data privacy laws on the books. The European Union has its well-known GDPR, the General Data Protection Regulation, in place.
Then there’s all manner of info about you gathered and sold by online data brokers. Data brokers pull hundreds of data points from public sources, not to mention private sources like supermarket club cards that track your shopping history. Other private sources include info from app developers and websites with less restrictive privacy policies when it comes to sharing and selling info. These data brokers sell personal info to anyone who’ll pay, including hackers, scammers, and spammers.
Finally, a sizable swathe of your shadow comes from info stored on the deep web. It forms the 95% of the internet that’s not searchable. Yet, you likely take trips there daily. Any time you go through a paywall or use a password to access internet content, you’re entering the deep web.
Examples include logging into your bank account, accessing medical records through your healthcare provider, or using corporate web pages as part of your workday. Even streaming a show can involve a trip to the deep web. None of that content is searchable.
What’s in there, aside from your Netflix viewing history? Think of all the info that forms the basis of your credit score, your health history, your financial info, and all the info that websites and advertisers capture about you as you simply spend time online. That’s the deep web too.
A subset of the deep web is the dark web. It’s not searchable as well, and it requires a special browser to access. Some of the sites and data stores found there are entirely legitimate, others questionable, and several are outright illegal. Some of your info might be there too. And yes, you’ll find dark marketplaces here where bad actors put up personal info for sale.
Everyone online indeed has a digital shadow. And some shadows are longer than others.
So, what’s the big deal? That’s how the internet works, right?
That’s a fair question. Part of the answer comes down to how important a person thinks their privacy is. Yet, more objectively, keeping a lower profile online offers better protection from cybercrime.
Consider research published by the science journal Nature, in 2019. Here’s an excerpt from the authors:
Using our model, we find that 99.98% of Americans would be correctly re-identified in any dataset using 15 demographic attributes. Our results suggest that even heavily sampled anonymized datasets are unlikely to satisfy the modern standards for anonymization set forth by GDPR [Europe’s General Data Protection Regulation] and seriously challenge the technical and legal adequacy of the de-identification release-and-forget model.
Put in practical terms, imagine a hacker or snoop gets their hands on a large set of public or private data. Like say, health data about certain medical conditions. Even though that data has been “scrubbed” to make the people in it anonymous, that hacker or snoop only needs 15 pieces of info to identify you in that mix. From there, they could pinpoint any health conditions linked to you.
In a time when all kinds of organizations gather all kinds of data, the impact of this research finding is clear. Data breaches happen, and a determined person can spot you in a batch of breached data with relative ease. They have several tools readily available that can cobble together those other 15 pieces of info to identify you. That further strengthens the argument for taking control of your personal info.
Shortening your so-called digital shadow helps improve everyday life in several ways. It can:
Cut down the number of sketchy texts, emails, and calls you get. If a hacker, scammer, or spammer can’t track down your contact info, they can’t reach you on your computers and phones. Removing info from data broker sites, old accounts you no longer use, and even social media can make it harder for them to reach you.
Reduce the risk of identity crimes, like theft, fraud, and harassment. Bad actors turn people’s info against them. With it, they take out loans in other people’s names, file bogus insurance claims, and, in more extreme cases, impersonate others for employment or criminal purposes. When you have less info online, they have less info to work with. That makes their attacks tougher to pull off. So tough that they might turn to another, easier target who has much more info online.
Keep snoops out of your business when taking care of things online. Tracking and monitoring are simple facts of going online. Sites and businesses do it for performance and marketing purposes. Hackers and bad actors do it for outright theft. Taking steps to mask and outright hide your activities online benefits your privacy and your security.
Take control of what people do and don’t know about you. Most broadly, increased privacy largely gives you the power to share your info. Not someone else. The fact is that many companies share info with other companies. And some of those other third parties might have looser data privacy and data security measures in place. What’s more, you likely have no idea who those third parties are. Increased privacy helps you take far more control of where your info does and doesn’t go.
The following can help:
1. Delete old apps. And be choosy about permissions on your phones. Fewer apps mean fewer avenues of potential data collection. If you have old, unused apps, consider deleting them, along with the accounts and data linked with them.
2. Delete old accounts. Many internet users can have over 350 online accounts, many of which they might not know are still active. McAfee Online Account Cleanup can help you delete them. It runs monthly scans to find your online accounts and shows you their risk level. From there, you can decide which to delete, protecting your personal info from data breaches and your overall privacy as a result.
3. Make your social media accounts more private. Our new McAfee Social Privacy Manager helps safeguard your privacy on social media by personalizing your privacy based on your preferences. It does the heavy lifting by adjusting more than 100 privacy settings across your social media accounts in only a few clicks. This ensures that your personal info is only visible to the people you want to share it with. It also keeps it out of search engines where the public can see it.
4. Remove your info from data brokers that sell it. McAfee Personal Data Cleanup helps you remove your personal info from many of the riskiest data broker sites out there. Running this feature regularly can keep your name and info off these sites, even as data brokers collect and post new info. Depending on your plan, it can send requests to remove your data automatically.
5. Take preventive measures. A few steps can help you keep your info off the internet in the first place. A VPN helps make your time online more private and more secure by obscuring things like your IP address and other identifying info. It also prevents hackers and snoops from monitoring your activity when you bank, shop, and access other accounts. Also, check out our article that covers privacy on your phone. Because phones offer others so many ways to gather personal info, making your phone more private helps make you more private.
The post How to Delete Yourself from the Internet appeared first on McAfee Blog.
Imagine paying $16,000 to park your car in a lot for a couple of hours. That’s what happened to one woman in the UK who fell for a QR code scam posted in a parking lot.
As reported by The Independent, scanning the posted QR code with her phone took her to a phony parking payment site that stole her card info. After her bank blocked several attempted fraudulent transactions, the scammers contacted her directly. They posed as the bank and convinced her to open a new account, racking up the equivalent of $16,000 in stolen funds.
Scams like that have spiked in popularity with crooks out there. In the U.S., the Federal Trade Commission (FTC) has warned of a fresh wave of QR code scams that have led to lost funds and identity theft. Not to mention infected devices with a glut of spyware, ransomware, and viruses.
Yet even as QR code scams become increasingly common, you can protect yourself. And enjoy the convenience they offer too, because they can truly make plenty of transactions go far more quickly.
You can find them practically anywhere nowadays.
QR stands for “quick-response,” thus a quick-response code. They look like a square of pixels and share many similarities with the bar codes you see on grocery items and other products. Yet a QR code can hold more than 300 times the data of a barcode. They’ve been around for some time. Dating back to industrial use in the 1990s, QR codes pack high volumes of visual info in a relatively compact space.
You can spot them popping up in plenty of places nowadays. With a click of your smartphone’s camera, they can quickly whisk you away to all kinds of sites.
You might see them pop up in TV ads, tacked up in a farmer’s market stand, and stapled onto telephone poles as part of a concert poster. Restaurants place QR codes on their tables so you can order from your phone. Parking lots post them on signs so you can quickly pay for parking (like above). Your drugstore might post them on shelves so that you can download a digital coupon.
Anyone can create one. A quick search for “QR code creator” turns up dozens of results. Many offer QR codes free of charge. It’s no wonder they show up in restaurants and farmer’s markets the way they do. And now in scams too.
As it is anywhere people, devices, and money meet, scammers have weaseled their way into QR codes. With the QR code scam, pointing your smartphone’s camera at a bogus QR code and giving it a scan, scammers can lead you to malicious websites and commit other attacks on your phone.
In several ways, the QR code scam works much like any other phishing attack. With a few added wrinkles, of course.
Classically, phishing attacks use doctored links that pose as legitimate websites in the hopes you’ll follow them to a scammer’s malicious website. It’s much the same with a QR code, yet they have a couple of big differences:
Typically, one of two things:
It’ll send you to a scam website designed to steal your personal and financial info. For example, a phony QR code for parking takes you to a site where you enter your credit card and license plate number. Instead of paying for parking, you pay a scammer. And they can go on to use your credit card in other places after that.
It can take you to a download that infects your device with malware. Downloads include spyware that snoops on your browsing and passwords, ransomware that locks up your device until you pay for its release (with no guarantees), or viruses that can delete or damage the things you’ve stored on your device.
Aside from appearing in emails, direct messages, social media ads, and such, there are plenty of other places where phony QR codes can show up. Here are a few that have been making the rounds in particular:
Scanning a QR code might open a notification on your smartphone screen to follow a link. Like other phishing-type scams, scammers will do their best to make that link look legitimate. They might alter a familiar company name so that it looks like it might have come from that company. Also, they might use link shorteners that take otherwise long web addresses and compress them into a short string of characters. The trick there is that you really have no way of knowing where it will send you by looking at it.
In this way, there’s more to using QR codes than simply “point and shoot.” A mix of caution and eagle-eyed consideration is called for to spot legitimate uses from malicious ones. Online protection software can help keep you safe as well.
Luckily, you can follow some basic rules and avoid QR code attacks. The U.S. Better Business Bureau (BBB) has put together a great list that can help. Their advice is right on the mark, which we’ve paraphrased and added to here:
1. Don’t open links or scan QR codes from strangers. Scammers send QR codes by email, over social media, and sometimes they even send them by physical mail as part of a “Special offer, just scan here” ploy. In all, if a QR code comes to you out of the blue, even from a friend, skip scanning it. See if you can type in a physical address to a site that you can trust instead.
2. Check the link and the destination. Given that many QR codes lead to phishing sites, look at the link that pops up after you scan it. Scammers alter addresses for known websites in subtle ways — or that differ from them entirely. For example, they might use “fed-exdeliverynotices.com” rather than the legitimate fedex.com. Or they might use a scam URL followed by text that tries to make it look legit, like “scamsite.com/fedex-delivery.” (For more on how to spot phishing attacks, check out our full article on the topic.)
3. Think twice about following shortened links. Shortened links can be a shortcut to a malicious website. This can particularly be the case with unsolicited communications. And it can still be the case with a friend or family member if their device or account has been hacked.
4. Watch out for tampering. In physical spaces, like parking lot signs, scammers have been known to stick their own QR codes over legitimate ones. If you see any sign of altering or a placement that looks slapdash, don’t give that code a scan.
5. Stick with your phone’s native QR code reader. Steer clear of QR code reading apps. They can be a security risk.
6. Don’t pay bills with QR codes. Once again, you can’t always be sure that the code will send you to a legit site. Use another trusted form of payment instead.
7. Use scam protection on your phone. Using the power of AI, our new McAfee Scam Protection can alert you when scam texts pop up on your phone. And as a second line of defense, it can block risky sites if you accidentally follow a scam link in a text, email, social media, and more. You’ll find it in our McAfee+ products — along with up to $2 million in identity theft coverage and restoration support if the unfortunate happens to you.
QR codes have made transactions smoother and accessing helpful content on our phones much quicker. As such, we’re seeing them in plenty of places. And useful as they are like other means of paying or browsing online, keep an eye open when using them. With this advice as a guide, if something doesn’t feel right, keep your smartphone in your pocket and away from that QR code.
The post How to Protect Yourself from QR Code Scams appeared first on McAfee Blog.
‘So, what is the ultimate goal of all of our parenting?’ When I asked this question to a group of mum friends during the week, the answers were all quite mixed. ‘To raise kind humans’, one offered. ‘To have someone look after me when I’m old!’, said another. But after a few minutes of heavy debate, we all agreed on one thing – our goal is to create responsible citizens who are independent and self-sufficient.
Now, clearly, this is a project that takes place over at least 18 years!! Quick fixes do not cut it when trying to mould and shape little humans into responsible adults. And of course, this also includes raising responsible digital citizens too – no room for quick fixes here!
We’ve all heard the term but what does it really mean?
Digital citizenship is all about safely and responsibly navigating digital environments and participating in a respectful fashion. In short, it means being responsible, respectful, and intentional in all your online activity.
In my opinion, a child’s emotional intelligence is intrinsically linked to their ability to be an effective digital citizen. So, I understand why some experts prefer the term digital intelligence to digital citizenship. It does a much better job of explaining that effective digital citizenship requires a set of social, emotional, and cognitive skills that are essential for navigating the digital world.
In my opinion, teaching kids about digital citizenship needs to happen as soon as a child can pick up a device. Yes – your child might only be 18 months old! But the earlier you start weaving in messages about responsibility and safety – the more automatic it will be for them to adopt a positive digital citizen mindset.
You’d be hard-pressed to find many parents who don’t worry about the risks of their kids being online. Whether it’s scams, online predators, or cyberbullying, unfortunately, there will always be some level of risk. And while many of us would love to remove our kids’ devices or better still, wrap our babies in cotton wool, this is just not a reality. So, in my opinion, the best way to protect them is to prepare them. I believe that if we take the time to help them develop into responsible and effective digital citizens then they are far more likely to make safe and responsible choices! A complete no-brainer!
This is one lesson you don’t want your kids to learn the hard way! When tweens and teens are in the moment, it is easy to forget to think of the consequences of what they post. But one’s online presence is a significant part of their identity and can often be the first place that someone forms an impression of you. The manager of our local supermarket regularly tells me how he will first assess potential applicants with a quick ‘Google’ before he even offers an interview. And if your child is keen to be considered for a leadership position at school or university, it is imperative that they think about how they conduct themselves online too. Intentional, respectful interactions are the name of the game!
Respect is at the core of all healthy relationships and that absolutely includes online interactions. So, encourage your child to extend the same level of respect to their online friends and acquaintances as they would to those they meet face-to-face. This means not creating or forwarding hurtful content and or getting involved in negative online discussions or gossip about anyone – no exceptions!
I’m a big fan of teaching your child to speak up if they experience or witness bullying. While they may think they can handle it on their own, having input from a trusted adult will make the situation feel more manageable and less overwhelming. Advise your kids to block anyone who does not treat them respectfully online – but always take screenshots first! Being proactive will help create a positive and supportive online experience.
3. Master Healthy Digital Habits
There are a few essential basic digital habits that are not negotiable, in my opinion. Ensuring your kids have these down-pat will mean that they are maximising the chance of a safe and positive online experience. Here are my top 5:
Kids love creating content, but it is essential that they don’t copy or plagiarise the work of others. Using others’ work without obtaining their permission is both unethical and technically, against the law. This encompasses all forms of online content (aka intellectual property) including texts, images, and music. As parents, we need to foster digital citizenship in our kids by reminding them to appreciate the efforts and originality of fellow digital creators. In my opinion, giving credit when using others’ work is a ‘best practice’.
The ’do not copy’ rule also extends to piracy – the illegal downloading of digital content e.g. music or movies. Many kids dabble in piracy, but it really is no different to stealing someone’s work. Encourage your kids to treat the creative work of others with the same respect you would want for your own. And yes, that includes Taylor Swift!
One of the hardest lessons some kids learn online is that not everyone is who they say they are. It can be a crushing moment. So, getting ahead of the game and teaching your kids to be cautiously suspicious about people, platforms, organisations and offers they come across online will hold them in great stead.
Exercising caution when sharing information with strangers and unfamiliar organisations is an important way to protect yourself. Always do your due diligence before ‘trusting’ someone you connect with on a dating site, always request a legitimate way to transfer money when buying goods online and never just enter personal information on a site without doing your research.
We’ve all heard the expression ‘when something is too good to be true, it usually is’. This needs to be the golden rule when navigating the internet. Whether it’s early access to snippets from a yet to be released movie, a compelling discount on an iPhone or weight loss supplements, scammers know how to hook us in! Scamwatch is a great resource for identifying and reporting scams here in Australia.
If your child is uncertain about a website’s credibility, they can pose critical questions to themselves, such as “whose interests does this site serve?” or “how accurate and reliable is the information I’m reading?” This can guide your child in distinguishing between questionable sites and those providing accurate news and content.
But let me share one final piece of advice. We can encourage and educate our kids all day long about being a responsible digital citizen but unless we are modelling the behaviour we are trying to foster, it’s just not going to work. So, when you’re sharing a new post on Facebook, or commenting on a news article, ensure you are considerate and responsible with your word choice. Show your kids how to have kind and respectful interactions online and always fact-check any information you choose to share – because they are always watching and learning!!
Happy parenting digital citizens!!
Alex
The post How to Raise Responsible Digital Citizens appeared first on McAfee Blog.
Inquisitive, curious and fiercely independent. These are the three words that come to mind when I remember my boys as tweens and teens. Now, these are all wonderful qualities but when you’re trying to teach your kids to navigate the internet, these ‘wonderful’ qualities can often make things a little harder!! Curious types want to discover and investigate – that’s natural! But it also makes our job as parents even more challenging, particularly when it comes to protecting them from the slew of inappropriate content that can be found online.
In short, inappropriate content is anything your kids may find online that they find disturbing or are not yet ready for, developmentally. It may be an image, a video or written text that is offensive and upsetting. Now, this could happen accidentally but also deliberately.
Many of us immediately think of sexually explicit material when we think of inappropriate content but there is, unfortunately, more. It can also include material that promotes extremism or terrorism, violent imagery or copy, hateful or offensive sites or posts as well as false or misleading information.
As you can imagine, it’s hard to find accurate data as to how many kids have seen inappropriate content. Many kids would loathe to admit what they have seen, feel embarrassed or are simply too distressed to report their experience. So, it’s likely that the real statistics are higher than the reported data. Research undertaken by our eSafety Office shows that a high proportion of Aussie kids aged 12 to 17 have seen inappropriate content. Here are the details:
Is it inevitable that you will see something inappropriate online? I wish I could answer no, but the reality is that at some stage it is likely that your kids will see something that they find confusing or upsetting. So, the aim of the parental game here is to ensure this happens as late as possible and that they are ready for it. Here is where I suggest you put your energy into making this happen:
I am a big fan of a family tech agreement that outlines your expectations of your kids’ online behaviour and the family’s ‘rules of engagement.’ This should be age appropriate but if your kids are young enough then please include a list of the sites they can visit, the apps they can download and the information they can share – nothing personally identifiable. I would also include rules about device usage – no devices in bedrooms overnight!! Check out my post here that will help you tailor an agreement for your family.
A clear and detailed agreement means that every family member has clarity on the rules that will keep them safe. I find sharing the ‘why’ with my kids so important – so ensure they know you’re your goal here is to keep them safe and set them up for a positive online experience.
Go out of your way to create a home environment when your kids feel comfortable talking and sharing about all aspects of their lives without judgement. Once you have this, then you will be able to have regular conversations that will help them better understand the online world and most importantly, keep them safe! The goal here is to have genuine 2-way conversations without them feeling like they are being lectured at. For example, you can explain that anything they share online creates their own ‘digital footprint’ so they need to be mindful of how they conduct themselves, You could also talk them through the dangers of spreading rumours online or sharing hurtful photos or jokes.
And if your kids know they can talk to you about anything and that you won’t overact, then they are more likely to tell you if they have seen something online that has worried them. Now, we all hope that doesn’t happen, but we all want to be able to help our kids navigate challenges if and when they arise.
Parental controls can be a really helpful tool that allows you to monitor and manage what your child sees and does online. Of course, using parental controls is not a silver bullet – you still need to remain vigilant and invested however it can be a great thing to have in your toolbox. Here’s what I Iike:
Check out more information about McAfee’s parental controls here.
As we all know, the sky is the limit when it comes to finding anything online. So, young curious minds have ample opportunity to have their every question answered. However, this is not ideal when your kids have neither age nor experience on your side. So, let me introduce you to some child-friendly search engines that will ensure there are healthy boundaries for inquisitive minds!
This is a search engine that’s designed to produce safe results for kids so it will produce quite limited results – perfect! It has been designed to block swear words and ‘rude’ language but a Commonsense Media trial found that some violent content could be generated using it.
This search engine uses Google’s strict filtering software to produce up-to-date results without the risk of anything inappropriate. Their advanced keyword filtering system monitors for alternate and modified spellings which is great for youngins!
Also using Google’s SafeSearch, KidRex promotes kid-friendly pages in its results. It also has an additional database of inappropriate keywords and sites and blocks social media results. How good!
But, if you just want to stick with Google and turn on the SafeSearch filters, you absolutely can. Just remember, that you’ll need to activate it on every device that your kids might use – including their phone!
How often do you hear yourself saying or doing something your mother does? I do all the time! Our parents are our biggest influence and are our biggest role models. And this also applies to how we engage with technology. Make sure your kids see you enjoying tech-free time, so they ‘normalise’ this. Leave your phone at home when you walk the dog, never have phones at the dinner table and always turn your phone on do not disturb when talking with your kids. The less time spent on technology means the more time for real in-person human connection.
Being open is also an imperative way to protect your kids. In fact, the more open and communicative you are with your kids, the less reason they will have to undertake their own ‘research’ online. So, if you’ve created an environment where talking about puberty, hormonal changes and teenage relationships is normal, chances are they won’t need to turn to Google for answers – and risk seeing inappropriate content.
So, if you have a tribe of curious tweens or teens, then I’m sending you my very best. It’s not an easy task protecting them from some of the more challenging content that the internet can offer. But having come out the other side – and survived – I can assure you that the more proactive you are, the easier the ride will be.
Good luck!!
Alex XX
PS If you’re thinking about parental controls, don’t forget about enabling these on your streaming services too. Netflix, Amazon Prime and Stan all offer parental controls which can restrict the content that your kids can view. It’s definitely worth the effort.
The post How to Protect Your Kids From Inappropriate Online Content appeared first on McAfee Blog.
You guard the keys to your home closely, right? They have their own special spot in your bag or in your front pocket. When your keys go missing, does a slight pit of unease grow in your gut?
Our homes store many sentimental and valuable treasures within their walls. The same goes for your online accounts. Think of your login and passwords as the keys to the cozy home of your date of birth, Social Security Number, full name, and address. When you lose those keys and they fall into the hands of a criminal, the break-ins to your online home can be costly.
In a scheme called credential phishing, online scammers seek to steal the keys to your online accounts: your login and password combinations. Just like you’d protect the keys to your house, so should you guard your online account credentials closely.
Credential phishing is a type of online scam where a cybercriminal devises tricks to gain one type of valuable information: username and password combinations. Once they eke this information from their targets, the thief is able to help themselves to online bank accounts, online shopping sites, online tax forms, and more. From there, they could go on a shopping spree on your dime or pilfer your personally identifiable information (PII) and steal your identity.
There are two common ways a criminal might try to steal online account credentials. The first is through a phishing attempt that asks specifically for usernames and passwords. They may impersonate a person or organization with authority, such as your boss, a bank representative, or the IRS. Phishing attempts often threaten dire consequences if you don’t reply promptly. Handle emails, texts, and social media direct messages that demand urgency with care. If it’s truly important, your bank will find another way to get in touch with you. Additionally, be aware of your notification preferences and communication channels with important organizations. For example, the IRS only contacts people by mail.
A second way credential phishers may try to steal your passwords is through fake login pages. You may get redirected to a fake login page by clicking on a risky link hidden in a phishing message or on a malicious website. An example of credential phishing and fake login pages in action happened to customers of a password storage company. Customers received phishing emails that contained a link to a “login page” that was actually a malicious subdomain that sent the details straight to scammers.1
There’s one very simple rule to avoid a phisher stealing your credentials: never share your password with anyone! No matter how authoritative a phone call, text, or email sounds, a legitimate business nor an IT professional nor your boss will ever ask you for your password and username combination.
If you suspect a phishing attempt, do not reply or forward the message. Additionally, do not click on any links. Artificial intelligence content creation tools like ChatGPT can make phishing messages sound convincing, as AI tools often compose messages without typos or grammar mistakes. But if anything in the tone or content of the message strikes you as suspicious, it’s best to delete it and forget about it.
Ultimate secrecy is a great first step in keeping your credentials a mystery. Practice these other password and online account safety best practices to keep your PII safe:
To add extra security to your online comings and goings, consider investing in McAfee+, which includes McAfee Scam Protection. McAfee Scam Protection is an AI-powered tool that blocks risky links in your emails, texts, and on social media. This is helpful just in case you accidentally click on a link that would’ve brought you to a fake login page or to another risky site. The more you use Scam Protection, the smarter it gets! And should your credentials and PII ever fall into the wrong hands, McAfee+ has credit and identity monitoring tools that can alert you to suspicious activity.
Consider McAfee as the home security system for your online life. When you log off and lock up, you can relax knowing that McAfee will alert you to breaking-and-entering attempts.
1Cybernews, “LastPass employees and customers targeted in ‘pervasive’ phishing campaign”
The post What Is Credential Phishing? appeared first on McAfee Blog.
In the 80’s, train stations and church groups were the key places to meet boys. And despite the fact I tried very hard to keep this side of my life well away from my parents, I know for a fact that they worried!! Well, some things have clearly changed with social media and dating apps providing unlimited opportunities for teens to connect with romantic partners across the world. But one thing definitely hasn’t changed – parents are still worrying!!
Despite what we may think, school is still the main place teens find their romantic partners according to a fascinating research study entitled: ‘Adolescents’ Partner Search in the Digital Age: Correlates and Characteristics of Relationships Initiated Online’. But second to this is the internet. The internet (including social media) even trumps ‘friends, parties and neighbourhoods’ as the 2nd most common place where adolescents meet their significant other.
Interestingly, the report also highlights the different types of kids who gravitate towards online dating. According to the research, girls who find it harder to fit in at school were more likely to initiate and find romantic relationships online rather than pursue them in person. This was the same for teens looking to pursue same-sex relationships. Overall, there were multiple examples of how the internet has become a ‘social intermediary’ for teens who may struggle with in-person social connection.
I want to make it very clear that this post isn’t designed to scare you or have you immediately remove all devices from your teen – although I get why it’s tempting! Instead, I want to help you, help your kids navigate online dating.
By now, we all know that there are both challenges and risks being online. Some of us navigate these with ease while others don’t. In my opinion, a teen’s ability to think critically, pick up social cues and manage conflict will have a direct impact on their ability to navigate their online life and that includes online dating.
So, yes there are risks – your teen may experience harassment, discrimination, sextortion, scams or cyberstalking. And of course, these are big heavy possibilities that no-one wants their child to experience. But you have to remember that for our kids, meeting someone online is just as normal as it was for my friends and I to meet boys at the local train station. In fact, it may even be less overwhelming as they can ‘google’ potential love matches and find friends of friends who can vouch for them or warn them away.
Instead of being worried, focus on helping your teen have a positive and safe online dating experience.
It’s completely natural to be hesitant about your teen dating online – I’ve been there! And yes, talking about their budding love life may be a bit uncomfortable. But, when there are some pretty large risks at play, you’re just going to have to push through on the awkwardness. Here are my top tips:
Take some time to research the various dating sites. Read the reviews, browse the community guidelines and understand how they verify users. The larger dating sites are for over 18s – think Hinge, Bumble and Tinder however let’s keep it real – it’s not that hard to ‘fudge’ your age. So even if your teen is under 18, I’d still do some due diligence here. In recent years, under 18 dating sites have cropped up. Mylol, the self-proclaimed “#1 teen network in the world”, is probably the most popular platform followed by Skout.
But traditional dating sites are not the only way teens meet potential love interests online. It’s not uncommon for kids to start messaging other kids whose profile they may have come across on Snapchat, Discord or even while gaming on Fortnite. You may have heard the expression ‘slide into your DMs’ – that means that someone has sent you a direct message on social media, most commonly for romantic purposes!!
Once you understand how it all works – you’ll be able to speak with more ‘weight’ to your teen. So, push through the awkwardness and start talking. If there is a lot of pushback from your teen, you might need to go slow. Why not share articles about online dating? Or, relay stories and experiences from your friends and their kids? Always reserve judgment and stay calm and neutral. Why not help them work out what they want by asking open and non-judgemental questions e.g. Is it a committed relationship or just a ‘fling’? This may help them work out the best platform and also manage their expectations.
Once the awkwardness has gone, you should start talking about healthy relationship boundaries. It’s important they understand how to set parameters, so they are safe and respected. They need to know that:
There are also some key safety measures that will help protect them when they embark on online dating. I love reminding my boys of these – fingers crossed they listen!!
I’m a big believer that being proactive is a very worthwhile parenting strategy. So, ‘ripping off the bandaid’ and helping your teens with their online dating strategy is a great way to set them up for a safe and positive experience. We all know from experience that the path to true love isn’t always linear, so there might be a few heartbreaks or dramas along the way. So, remind your teen that you are always available to listen to their concerns and help them troubleshoot a situation. Remember, the more you keep the lines of communication open, the more likely they will be to come to you if there is an issue.
Happy digital parenting!!
Alex x
The post How to Help Your Teens Stay Safe When They Start Dating Online appeared first on McAfee Blog.
Yes, there is a Cyber Grinch. In fact, you’ll find evidence of an entire host of grinches online — the cybercrooks who, with the help of AI, create millions of online scams that crop up just in time to spoil the holiday season. But you can still shop safely, with a sharp eye and the right tools at your side.
This time of year always sees a boost in scams. After all, where shoppers go, scammers follow. Research from our McAfee Labs team found that scam volume ramps up 30% above average this time of year, kicking off in November and carrying over into the first week of the new year.
To gain even more insight into the impact online scams have on consumers, we conducted our inaugural Global Holiday Shopping Scams Study. More than 7,000 adults in seven countries told us how scams have impacted their holidays. They also shared their feelings about the recent onset of AI-driven scams.
The findings offer several significant insights, including the financial impact of scams, and even when and where people shop online (spoiler: that includes purchases made at the dinner table and in the bathtub).
Let’s dig into the findings. From there, we’ll show you several ways you can stay safe while you shop online, so you can send those grinches packing.
For starters, 36% of Americans said they were a victim of an online shopping scam during the holiday season. That’s more than one in three people, making it likely that you know someone who’s been taken in. Of those who fell for holiday scams online, nearly half said it cost them $100 or more. Strikingly, one in four victims said it cost them $1,000 or more.
The top three online scams people reported include:
We looked at those figures more closely and found some trends that show some folks get tangled up in these scams more than others.
Comparing men and women, 65% of men said they place the same level of trust in shopping online as they do in person. Meanwhile, women appear to be a bit more discerning. Only 46% of women said they had the same level of trust. We then found that men were nearly twice as likely to fall for an online holiday scam (46%) than women (26%).
When looking across generations, we found that 64% of Gen Z and 77% of Millennials trust shopping online as much as in person. Likewise, they found themselves victimized by scams more often than older adults. Of the younger set, 49% of Gen Z and 65% of Millennials said they fell for a holiday scam. Compare that to only 12% of people over 50 saying the same thing.
We also got some insight into people’s headspace.
People are as deal conscious as ever, with 1 out of 3 (35%) saying they will likely jump on a bargain when they see it. They also plan to shop around; 85% of people said they will look for the best deal before buying their holiday gifts.
It’s no surprise that 63% planned to shop online during Black Friday and Cyber Monday weekend. However, we found some surprises — namely, where they are when they shop online:
Take all that together and it leaves the Cyber Grinch wringing his hands in delight. Bargain hunting, shopping around, and buying online when you’re somewhat distracted make it easier for scammers to pull off their tricks.
Scammers count on the stress and pressures of holiday shopping. When people are tired or in a hurry, they tend to make mistakes. And now they’re easier to make, no thanks to the scammers who’ve picked up AI tools.
The bad actors out there now have AI-driven tools that help them fire up scams at alarming rates. They make it easier to create compelling fake emails, malicious sites, and text messages. In fact, a new phishing site is created every 11 seconds, and Americans receive an average of 12 fake messages or scams daily.
On top of that, AI has made it harder than ever to tell what’s real from what’s fake. Not only have we seen a deluge of scams, but it’s also a deluge of increasingly sophisticated scams. With AI tools, scammers can make their emails, messages, and texts look and sound more convincing than ever.
People shared their concerns about AI scams:
Despite what we discovered in many of the findings, we have good news to share: there are tools that can help you shop safely.
Think before you click. Cybercriminals use phishing emails or fake sites to lure people into clicking links that might lead to malware. If you receive an email or text message asking you to click on a link, it’s best to avoid interacting with the message altogether. Even if it’s a great-sounding deal or indicates it’ll provide useful info such as a parcel delivery update. Always go direct to the source and interact with reputable companies.
Remember that if it seems too good to be true, it probably is. Many scams are effective because the scammer creates a false sense of urgency or preys on a heightened emotional state. Pause before you rush to interact with any message that is threatening or urgent, especially if it is from an unknown or unlikely sender. The same very much applies for deals and sales online. Scammers will pop up bogus online ads and stores for sought-after gifts, of course with no intention of shipping you anything. Look out for offers that seem priced too low and hard-to-find items that are miraculously in stock at an online store you’ve never heard of. Stick with reputable retailers instead.
Go unlisted. Scammers have to get your contact info from somewhere. Often, they get it from online data brokers and other “people finder” sites. These sites collect and sell massive amounts of personal info to any buyer. You can remove that info from some of the riskiest data brokers with our Personal Data Cleanup service. It can help you remove that info, and with select products it can even manage the removal for you. Likewise, set your social media accounts to “friends and family” only so that your profile info doesn’t show up in search results.
Use AI to beat AI. From blocking dangerous links that appear in text messages, social media, or web browsers, you have AI on your side. McAfee Scam Protection automatically identifies and alerts you if it detects a dangerous URL in your text. No more wondering if a delivery message or bank notification text is real or not. McAfee’s patented AI technology instantaneously detects malicious links to stop you before you click by sending an alert message. It’ll even block risky sites if you accidentally click on a scam link in a text, email, social media, and more. You’ll find it in our online protection plans like our award-winning McAfee+ subscriptions.
One thing that hasn’t changed this year, scammers love the holidays. Just as you’re gearing up for shopping, they’re gearing up for scamming. The hustle and bustle of the holidays, AI-driven scam tools, and malicious messages and websites seemingly play in the favor of scammers. Yet AI-driven protection like ours puts the advantage back squarely in your corner. That, and keeping your guard up for trickery, will help you steer clear of all those grinches out there this year.
The survey, which focused on the topic of scam messages and holiday shopping, was conducted online between September 7 and September 21, 2023. 7,130 adults, age 18+, in 7 countries (US, Australia, India, UK, France, Germany, Japan), participated in the study.
The post How to Shop Safely This Holiday Season appeared first on McAfee Blog.
As the tax season draws near, the incidence of cybercrime, particularly phishing for W-2s, tends to increase dramatically. Cybercriminals are aware that this is the time of year when many unsuspecting individuals are completing their tax returns, and they design schemes to exploit this vulnerability. This blog raises awareness about this growing problem and offers practical advice for keeping your financial data safe during tax season.
W-2 phishing scams often involve emails that appear to be from the IRS or another official source, requesting personal information. These phishing emails can be highly sophisticated, often mimicking the look and feel of legitimate communications. The goal is to trick the recipient into revealing confidential data, such as social security numbers and financial information, which the perpetrator can then use for fraudulent purposes. The first step in protecting against such scams is understanding how they work and being able to recognize the red flags.
Phishing scams are fundamentally deception tactics—disguised as legitimate correspondence, they aim to trick the recipient into parting with sensitive information. In the case of W-2 phishing scams, the perpetrator often poses as an employer, government agency, or financial institution. The message may request that the recipient update their personal information, verify their identity, or provide their W-2 form. Typically, these emails have a sense of urgency, indicating that failure to comply will result in adverse consequences.
The contents of a phishing email are often compelling and appear to be authentic. They may contain official logos, legal disclaimers, and even legitimate contact details. However, closer examination often reveals telltale signs of phishing. For example, the email address of the sender may not match the organization they claim to represent, or the message may contain poor grammar and spelling. Additionally, phishing emails often require the recipient to click a link or open an attachment—actions that could potentially install malware on the victim’s device or redirect them to a fraudulent website.
McAfee Pro Tip: Nowadays, those sneaky social engineering tricks look a lot like legit messages from well-known folks. They’re super well-crafted, with proper grammar, and seamlessly fit into everyday situations. But don’t be fooled by their slick appearance – underneath it all, they’re still after your sensitive info. Keep your personal stuff safe and sound with McAfee+ to dodge the headaches that come with social engineering.
Recent years have seen a significant increase in the number of reported W-2 phishing scams. According to the FBI’s Internet Crime Complaint Center (IC3), thousands of these scams occur every tax season, leading to substantial financial losses and ID theft. Not only does this affect individuals, but businesses too. In fact, some companies have reported instances where their entire workforce was targeted, resulting in massive data breaches.
The impact of falling for a W-2 phishing scam can be devastating. Once cybercriminals have gained access to your financial data, they can use it in a variety of malicious ways. This may include filing fraudulent tax returns, opening new credit accounts, or even selling the information on the black market. The recovery process from such scams can be lengthy and stressful, as victims have to prove their identity to the IRS, their bank, and credit reporting agencies. Additionally, they need to monitor their financial activity closely for signs of any further unauthorized transactions or fraudulent activities.
→ Dig Deeper: Watch Out For IRS Scams and Avoid Identity Theft
Given the prevalence and potential impact of W-2 phishing scams, it’s crucial to take steps to protect yourself. One of the most effective strategies is to improve your digital literacy, namely your ability to identify and respond appropriately to phishing attempts. This includes being skeptical of unsolicited emails, especially those that ask for personal or financial information. Always verify the sender’s identity before responding or clicking any links. Remember, legitimate organizations rarely request sensitive information via email.
Another important safeguard is to ensure your computer and mobile devices are protected with up-to-date security software. This can help identify and block potential phishing emails and malicious links. Further, regularly backing up data can help mitigate the potential damage caused by a successful breach. Consider using a secure cloud service or an external storage device for this purpose.
Next is to file your tax returns as early as possible. By doing so, you can beat the scammers who might make an attempt to file a fraudulent tax return in your name. Additionally, if you receive an email that appears suspicious, do not click on the links or download the attachments included in that email. Instead, forward the suspicious email to phishing@irs.gov.
Finally, two-factor authentication (2FA) is another excellent way to safeguard your data. By enabling 2FA, you are adding an extra layer of security that makes it harder for cybercriminals to access your data even if they get your password. Additionally, always be cautious about sharing your personal and financial information online. Make sure that you only enter such information on secure websites – those with ‘https://’ in the URL. Regularly check your financial accounts for any suspicious activity and report immediately to your bank if you notice anything unusual.
If you believe you have fallen victim to a W-2 phishing scam, it is crucial to act quickly. If you have divulged your social security number, contact the IRS immediately. They can aid you in taking steps to prevent potential tax fraud. Additionally, it would be wise to file an identity theft affidavit (Form 14039) with the IRS. This form alerts the IRS to the theft of your identity and allows them to secure your tax account.
Additionally, you should report the phishing scam to the Federal Trade Commission (FTC) using the FTC Complaint Assistant at FTC.gov. If you have clicked on a link or downloaded a suspicious attachment, run a full antivirus scan to check for malware. You should also consider placing a fraud alert or a credit freeze on your credit reports, which makes it harder for someone to open a new account in your name. Finally, you should check your credit reports frequently for any signs of fraudulent activity.
→Dig Deeper: Credit Lock and Credit Freeze: Which Service Is Best for You? Both!
Protecting your financial data during tax season is crucial, and being aware of phishing scams can save you from a world of trouble. By understanding the nature of W-2 phishing scams and implementing the above-mentioned best practices, you can keep your sensitive information safe. Remember to always be skeptical of unsolicited emails and never share personal or financial information unless you can confirm the legitimacy of the request. By doing so, you will not only protect yourself but also contribute to the collective fight against cybercrime.
Protecting your W-2 information during tax season is not a one-time effort but a continuous process. Always stay vigilant, and remember that it’s better to be safe than sorry. If you ever suspect that you have become a victim of a W-2 phishing scam, take prompt action by reporting it to the relevant authorities and taking necessary measures to mitigate possible damages. The key to staying safe is staying informed, vigilant, and prepared.
The post How to Protect Your Financial Data During Tax Season appeared first on McAfee Blog.
November 20 is World Children’s Day, a day that celebrates “international togetherness, awareness among children worldwide, and improving children’s welfare.” Highlights from last year’s celebration show the remarkable effort so many put into broadcasting their commitment to protecting children. However, the volume of online homages to the world’s youth also underscores how daunting the task of keeping children safe can be. The internet can bring a community together as it has over this event; it is also where many criminals and predators operate.
Statistics from the Global Cybersecurity Forum (GCF) show the risk that digital life may pose for kids. Nearly three-quarters of children have experienced at least one type of cyberthreat. Inappropriate ads, images, content, and phishing attempts find children even when they’re not attempting to dodge parental controls. For parents, the thrust of International Children’s Day is an ongoing adventure, wherein they often struggle to provide the safe online learning environment their children need to thrive. To celebrate this year’s day of awareness, we’re sharing six tips for ensuring a more private and safe digital life for kids.
According to GCF data, 83% of children claimed they would alert their parents if they experienced an online threat. Yet only four in 10 parents surveyed said their child had ever expressed concerns to them about inappropriate content. If parents want to make their child’s internet time safer, they can focus on making conversations about online content comfortable. When parents know their children are experiencing threats online, they will be better equipped to do something about those threats.
Remember, sometimes children can be exposed to traumatic content even if they follow your guidelines and go online with parental controls. Here are some additional tips for talking to your child about some of the content they may see online.
On plenty of occasions, online threats children experience likely do not require the involvement of law enforcement or similar entity. When online threats involve malicious or solicitous content, it can warrant reporting the incident. Most parents (56%) tend to simply delete content rather than report said content to the police (41%) or inform schools, when appropriate (34%). If parents want transparency from their children, they may consider practicing a bit more transparency themselves, especially when it comes to encounters that may represent criminal acts.
More than 80% of children go online daily, and 36% spend 3-5 hours online in a normal day. In the digital age that has seen a large uptick in digital learning, it’s tough to keep kids away from screens. But the easiest way to ensure kids remain safe from online threats is to limit their screen time altogether. That’s an easier-said-than-done task to be sure. If parents can find ways to decrease the amount of daily time kids spend behind screens, it will reduce the amount of time they’re available to be targeted by bad actors or inappropriate content.
Social media, one of the most popular online activities, is a popular way for younger generations to interact with one another. Built-in messaging on social media apps gives kids a place to message each other that’s one layer removed from text messages that parents may see. Social media has also made inappropriate content more accessible and gives hackers and other bad actors anonymity. Given that 36% of kids report coming across inappropriate images or content, and nearly 20% encounter hacking or phishing attempts when online, it’s not surprising that parents are worried about the social media content their children consume.
Parents can educate their children about more secure social media behavior. Creating awareness of potential scams in their children starts with strong passwords, locked accounts, and reminding them not to click on links from or interact with accounts of people they don’t know.
This may seem like an obvious safeguard against disturbing online content, but not every app, browser or device’s parental controls settings are obvious. Some portals to the internet have more granular settings and others are a bit higher-level, so creating a hermetic seal around kids’ environment can be challenging depending on how they get online and what they access when they get there. Devices like iPhones and major internet companies like Google and YouTube have pretty robust parental control settings to block mature content or remotely limit screen time. Some social media apps also have controls parents can adjust to reduce the likelihood strangers find their child’s account.
Most browsers offer a library of plugins that allow parents to cast a web around potentially harmful content. Ad blockers can keep ads with mature content off of websites, and parental-control plugins can establish browsing controls so that kids can’t even navigate to places inappropriate content is more likely to be. Some plugins block website URLs or entire domains, rendering those destinations unnavigable.
There are also many affordable VPNs on the market for parents. Most VPNs can do things like encrypt internet connections or obscure IP addresses and locations, making overarching internet connections safer and more private.
The UN established World Children’s Day to commemorate both the Declaration of the Rights of the Child, as well as the Convention on the Rights of the Child as guidelines for how to provide for and protect international children. Parents don’t need to wait for the calendar to turn to November to create a safer digital world for their families. These steps for protecting kids from malicious or inappropriate online content are not exhaustive but do provide a strong framework for adults who aren’t sure how to contend with the vast volume of information the world wide web generates.
For those who want to introduce another obstacle between kids and inappropriate content, there’s always something like McAfee+ Family Plans. McAfee+ Family plans add protection against everything from unwanted content via parental controls to identity monitoring and social media privacy management. It’s an all-in-one way to make it that much more unlikely children encounter online content they shouldn’t.
The post How to Protect Kids From Harmful Online Content appeared first on McAfee Blog.
In the ever-growing digital age, our mobile devices contain an alarming amount of personal, sensitive data. From emails, social media accounts, banking applications to payment apps, our personal and financial lives are increasingly entwined with the convenience of online, mobile platforms. However, despite the increasing threat to cyber security, it appears many of us are complacent about protecting our mobile devices.
Survey revealed that many mobile users still use easy-to-remember and easy-to-guess passwords. With such an increasing dependence on mobile devices to handle our daily tasks, it seems unimaginable that many of us leave our important personal data unguarded. Theft or loss of an unsecured mobile device can, and often does, result in a catastrophic loss of privacy and financial security.
The unfortunate reality of our digital era is that devices are lost, misplaced, or stolen every day. A mobile device without password protection is a gold mine for anyone with malicious intent. According to a global survey by McAfee and One Poll, many consumers are largely unconcerned about the security of their personal data stored on mobile devices. To illustrate, only one in five respondents had backed up data on their tablet or smartphone. Even more concerning, 15% admitted they saved password information on their phone.
Such statistics are troubling for several reasons. The most obvious is the risk of personal information —including banking details and online login credentials— falling into the wrong hands. A lost or stolen device is not just a device lost— it’s potentially an identity, a bank account, or worse. The lack of urgency in securing data on mobile devices speaks to a broad consumer misunderstanding about the severity of the threats posed by cybercriminals and the ease with which they can exploit an unprotected device.
→ Dig Deeper: McAfee 2023 Consumer Mobile Threat Report
Perhaps one of the most surprising findings of the survey is the difference in mobile security behaviors between men and women. This difference illustrates not just a disparity in the type of personal information each group holds dear, but also the degree of risk each is willing to accept with their mobile devices.
Broadly speaking, men tend to place greater value on the content stored on their devices, such as photos, videos, and contact lists. Women, on the other hand, appear more concerned about the potential loss of access to social media accounts and personal communication tools like email. They are statistically more likely to experience online harassment and privacy breaches. This could explain why they are more concerned about the security of their social media accounts, as maintaining control over their online presence can be a way to protect against harassment and maintain a sense of safety.
The loss of a mobile device, which for many individuals has become an extension of their social identity, can disrupt daily life significantly. This distinction illustrates that the consequences of lost or stolen mobile devices are not just financial, but social and emotional as well.
Despite the differences in what we value on our mobile devices, the survey showed a worrying level of risky behavior from both genders. Over half (55%) of respondents admitted sharing their passwords or PIN with others, including their children. This behavior not only leaves devices and data at risk of unauthorized access but also contributes to a wider culture of complacency around mobile security.
Password protection offers a fundamental layer of security for devices, yet many people still choose convenience over safety. Setting a password or PIN isn’t a failsafe method for keeping your data safe. However, it is a simple and effective starting point in the broader effort to protect our digital lives.
→ Dig Deeper: Put a PIN on It: Securing Your Mobile Devices
While the survey results raise an alarm, the good news is that we can turn things around. It all begins with acknowledging the risks of leaving our mobile devices unprotected. There are simple steps that can be taken to ramp up the security of your devices and protect your personal information.
First and foremost, password-protect all your devices. This means going beyond your mobile phone to include tablets and any other portable, internet-capable devices you may use. And, while setting a password, avoid easy ones like “1234” or “1111”. These are the first combinations a hacker will try. The more complex your password is, the sturdier a barrier it forms against unauthorized access.
Another important step is to avoid using the “remember me” function on your apps or mobile web browser. Although it might seem convenient to stay logged into your accounts for quick access, this considerably amplifies the risk if your device gets stolen or lost. It’s crucial to ensure you log out of your accounts whenever not in use. This includes email, social media, banking, payment apps, and any other accounts linked to sensitive information.
McAfee Pro Tip: If your phone is lost or stolen, employing a combination of tracking your device, locking it remotely, and erasing its data can safeguard both your phone and the information it contains. Learn more tips on how to protect your mobile device from loss and theft.
Sharing your PIN or password is also a risky behavior that should be discouraged. Admittedly, this might be challenging to implement, especially with family members or close friends. But the potential harm it can prevent in the long run far outweighs the temporary convenience it might present.
Having highlighted the importance of individual action towards secure mobile practices, it’s worth noting that investing in reliable security software can also make a world of difference. A mobile security product like McAfee Mobile Security, which offers anti-malware, web protection, and app protection, can provide a crucial extra layer of defense.
With app protection, not only are you alerted if your apps are accessing information on your mobile that they shouldn’t, but in the event that someone does unlock your device, your personal information remains safe by locking some or all of your apps. This means that even if your device falls into the wrong hands, they still won’t be able to access your crucial information.
It’s also critical to stay educated on the latest ways to protect your mobile device. Cyber threats evolve constantly, and awareness is your first line of defense. McAfee has designed a comprehensive approach to make the process of learning about mobile security not just informative but also engaging. Our array of resources includes a rich repository of blogs, insightful reports, and informative guides. These materials are meticulously crafted to provide users with a wealth of knowledge on how to protect their mobile devices, ensuring that the learning experience is not only informative but also engaging and enjoyable.
While the current state of mobile device security may seem concerning, it’s far from hopeless. By incorporating simple security practices such as setting complex passwords and avoiding shared access, we can significantly reduce the risk of unauthorized data access. Additionally, investing in trusted mobile security products like McAfee Mobile Security can provide a robust defense against advancing cyber threats. Remember, our digital lives mirror our real lives – just as we lock and secure our homes, so too must we protect our mobile devices.
The post How to Protect Your Mobile Device From Loss and Theft appeared first on McAfee Blog.
Reels of another kind rack up the views online. Stories about Facebook Marketplace scams.
Recently, TikTok’er Michel Janse (@michel.c.janse) got well over a million views with a most unusual story about selling furniture on Facebook Marketplace—and how it led to identity theft.
@michel.c.janse oops dont fall for this scam like me
The story goes like this:
A buyer reached out about the furniture Michel was selling, expressed interest, and then hesitated. Why the cold feet? The buyer wanted to speak to Michel on the phone to confirm that Michel was a real person. “Are you OK if I voice call you from Google?” Michel agreed, sent her number, and soon received a text with a Google Voice code. The buyer asked for the code, and as soon as Michel sent it, she got that sinking feeling. “I should have Googled before I did, because something feels really off.”
As she found out, it was. The scammer ghosted the conversation and ran off with the verification code.
This is a variation of the “Verification Code Scam,” where scammers ask you to send them that six-digit code you receive as part of an account login process. Here, scammers send a text message with a Google Voice verification code and ask you to send them that code. With it, they can create a Google Voice number linked to your phone number—and go on to commit other forms of identity theft in your name.
It happens so often that the U.S. Federal Trade Commission (FTC) has a page dedicated to the topic. Luckily, Michel got wise quickly enough. She quickly asked for another code and took back charge of that newly created Google Voice account.
This is just one of the many scams lurking about on Facebook Marketplace. Largely, Facebook is a great place packed with lots of great deals, yet you can get stung. But if you know what to look out for, you can spot those scams and steer clear of them when you do.
As the saying goes, buyer beware. And seller too. Scammers weasel their way into both ends of a transaction. Per Facebook, in addition to phishing attacks, scams on Facebook Marketplace take three primary forms:
A buyer scam is: When someone tries to buy or trade items from someone else without paying, resulting in a loss of money for the seller and a gain for the buyer. This might look like a buyer who:
An example, a scammer sends a seller a pre-paid shipping label to mail the item. Then they change the address via their tracking number and claim they never received the goods.
A seller scam is: When someone tries to sell or trade items to someone else without delivering the items as promised, resulting in a gain of money for the seller and a loss for the buyer. This might look like a seller who:
An example, a scammer offers up a game console—one that doesn’t work when you take it home and plug it in.
A listing scam is: When a listing appears to be dishonest, fake, or lures buyers to complete transactions outside Facebook Marketplace. This might look like a listing:
An example, you see a great price on a commuter bike, yet the seller wants to complete the transaction over text. And using a payment form not covered by Facebook’s purchase protection policies, such as Venmo or Zelle.
Like any transaction you make through social media, a few extra steps and a dose of buyer or seller beware can help you make a great purchase or sale. One that’s safe.
You can take three big steps to help set things straight.
Whether shopping on Facebook Marketplace or off, a combination of online protection software and smart habits can help you avoid getting scammed. Further, online protection can provide you with yet more ways of preventing and recovering from identity theft.
We’d like to thank Michel and all the others who have shared their stories. Getting scammed stings. That’s why people often fail to report it, let alone share that it happened to them. Yet scams are crimes. Without question, act and report on a scam for the crime that it is. Get the proper platforms and authorities involved.
Keep in mind the larger picture as well. Scams aren’t always one-offs. Organized crime gets in on scams as well, sometimes on a large scale. By acting and reporting on scams, you provide those platforms and authorities mentioned above with vital info that can help them shut it down.
Your best defenses are your nose and your online protection software. As Michel said, something felt off in her interaction. So, if something doesn’t pass the sniff test, pay attention to that instinct. Shut down that purchase or sale on Facebook Marketplace—and report it if you think it’s a scam. You might save someone else some heartache down the road.
The post How to Look Out For Scams on Facebook Marketplace appeared first on McAfee Blog.
As AI deepfakes and malware understandably grab the headlines, one thing gets easily overlooked—AI also works on your side. It protects you from fraud and malware as well.
For some time now, we’ve kept our eye on AI here at McAfee. Particularly as scammers cook up fresh gluts of AI-driven hustles. And there are plenty of them.
We’ve uncovered how scammers need only a few seconds of a voice recording to clone it using AI—which has led to all manner of imposter scams. We also showed how scammers can use AI writing tools to power their chats in romance scams, to the extent of writing love poems with AI. Recently, we shared word of fake news sites packed with bogus articles generated almost entirely with AI. AI-generated videos even played a role in a scam for “Barbie” movie tickets.
Law enforcement, government agencies, and other regulatory bodies have taken note. In April, the U.S. Federal Trade Commission (FTC) warned consumers that AI now “turbocharges” fraud online. The commission cited a proliferation of AI tools can generate convincing text, images, audio, and videos.
While not typically malicious in and of themselves, scammers twist these technologies to bilk victims out of their money and personal information. Likewise, just as legitimate application developers use AI to create code, hackers use AI to create malware.
There’s no question that all these AI-driven scams mark a major change in the way we stay safe online. Yet you have a powerful ally on your side. It’s AI, as well. And it’s out there, spotting scams and malware. In fact, you’ll find it in our online protection software. We’ve put AI to work on your behalf for some time now.
With a closer look at how AI works on your side, along with several steps that can help you spot AI fakery, you can stay safer out there. Despite the best efforts of scammers, hackers, and their AI tools.
One way to think about online protection is this: it’s a battle to keep you safe. Hackers employ new forms of attack that try to work around existing protections. Meanwhile, security professionals create technological advances that counter these attacks and proactively prevent them—which hackers try to work around once again. And on it goes. As technology evolves, so does this battle. And the advent of AI marks a decidedly new era in the struggle.
As a result, security professionals also employ AI to protect people from AI-driven attacks.
Companies now check facial scans for skin texture and translucency to determine if someone is using a mask to trick facial recognition ID. Banks employ other tools to detect suspicious mouse movements and transaction details that might be suspicious. Additionally, developers scan their code with AI tools to detect vulnerabilities that might lurk deep in their apps—in places that would take human teams hundreds, if not thousands of staff hours to detect. If at all. Code can get quite complex.
For us, we’ve used AI in our online protection for years now. McAfee has used AI for evaluating events, files, and website characteristics. We have further used AI for detection, which has proven highly effective against entirely new forms of attack.
We’ve also used these technologies to catalog sites for identifying sites that host malicious files or phishing operations. Moreover, cataloging has helped us shape out parental control features such that we can block content based on customer preferences with high accuracy.
And we continue to evolve it so that it detects threats even faster and yet more accurately than before. Taken together, AI-driven protection like ours quashes threats in three ways:
What does AI-driven protection look like for you? It can identify malicious websites before you can connect to them. It can prevent new forms of ransomware from encrypting your photos and files. And it can keep spyware from stealing your personal information by spotting apps that would connect them to a bad actor’s command-and-control server.
As a result, you get faster and more comprehensive protection with AI that works in conjunction with online protection software—and our security professionals develop them both.
Yet, as it is with any kind of scam, it can take more than technology to spot an AI-driven scam. It calls for eyeballing the content you come across critically. You can spot an AI-driven scam with your eyes, along with your ears and even your gut.
Take AI voice clone attacks, for example. You can protect yourself from them by taking the following steps:
As AI continues its evolution, it gets trickier and trickier to spot it in images, video, and audio. Advances in AI give images a clarity and crispness that they didn’t have before, deepfake videos play more smoothly, and voice cloning gets uncannily accurate.
Yet even with the best AI, scammers often leave their fingerprints all over the fake news content they create. Look for the following:
1) Consider the context
AI fakes usually don’t appear by themselves. There’s often text or a larger article around them. Inspect the text for typos, poor grammar, and overall poor composition. Look to see if the text even makes sense. And like legitimate news articles, does it include identifying information — like date, time, and place of publication, along with the author’s name.
2) Evaluate the claim
Does the image seem too bizarre to be real? Too good to be true? Today, “Don’t believe everything you read on the internet,” now includes “Don’t believe everything you see on the internet.” If a fake news story is claiming to be real, search for the headline elsewhere. If it’s truly noteworthy, other known and reputable sites will report on the event—and have done their own fact-checking.
3) Check for distortions
The bulk of AI technology still renders fingers and hands poorly. It often creates eyes that might have a soulless or dead look to them — or that show irregularities between them. Also, shadows might appear in places where they look unnatural. Further, the skin tone might look uneven. In deepfaked videos, the voice and facial expressions might not exactly line up, making the subject look robotic and stiff.
The battle between hackers and the people behind online protection continues. And while the introduction of AI has unleashed all manner of new attacks, the pattern prevails. Hackers and security professionals tap into the same technologies and continually up the game against each other.
Understandably, AI conjures questions, uncertainty, and, arguably, fear. Yet you can rest assured that, behind the headlines of AI threats, security professionals use AI technology for protection. For good.
Yet an online scam remains an online scam. Many times, it takes common sense and a sharp eye to spot a hustle when you see one. If anything, that remains one instance where humans still have a leg up on AI. Humans have gut instincts. They can sense when something looks, feels, or sounds …off. Rely on that instinct. And give yourself time to let it speak to you. In a time of AI-driven fakery, it still stands as an excellent first line of defense.
The post How to Win the Battle Against Deepfakes and Malware appeared first on McAfee Blog.
Let’s be honest, talking to your kids about identity theft isn’t probably top of your list. There’s a long list of topics to cover off when you are a parent. But if you take a minute to picture someone stealing your child’s identity or using their personal information to take out a loan for a shiny new car then you’ll probably want to move it closer to the top of your parenting to-do list!
What Is Identity Theft?
Identity theft occurs when a person’s personal identifying information is used without their permission, usually to commit fraud by making unauthorised purchases or transactions. Identity theft can happen in many ways, but its victims are usually left with significant damage to their finances, credit score, and even their mental health.
Most people associate identity theft with data breaches – think Optus, Latitude Financial and Medibank – however, there are many more ways that scammers can get their hands on your personal identifying details. They can use ‘phishing’ emails to get information from you, do a deep dive on your social media accounts to find identifying information in posts or photos, hack public Wi-Fi to access any information you share or simply, steal your wallet or go through your trash!!
How Big An Issue Is It Really?
In short, it’s a big problem – for both individuals and organisations. And here are the statistics:
How Do You Know If You’re a Victim?
One of the biggest issues with identity theft is that you often don’t immediately know that you’re a victim. In some cases, it might take weeks before you realise that something is awry which unfortunately, gives the thief a lot of time to wreak havoc! Some of the signs that something might be wrong include:
What To Do If You Think You’re a Victim
The key here is to act as soon as you believe you are affected. Don’t stress that there has been a delay in taking action – just take action now! Here’s what you need to do:
1. Call Your Bank
Your first call should be to your bank so they can block the affected account. The aim here is to prevent the scammer from taking any more money. Also remember to block any cards that are linked to this account, either credit or debit.
2. Change Your Passwords
If your identity has been stolen then it’s highly likely that the scammer knows your passwords so change the passwords for the affected accounts straight away!! And if you have used this same password on any other accounts then change these also. If you can’t remember, you can always reset the passwords on key accounts just to be safe.
3. Report It
It may feel like a waste of time reporting your identity theft, but it is an important step, particularly as your report becomes a formal record – evidence you may need down the track. It may also prevent others from becoming victims by helping authorities identify patterns and hopefully, perpetrators. If you think your personal identifying information has been used, report it to the Australian authorities at ReportCyber.
4. Make a Plan
It’s likely you’re feeling pretty overwhelmed at what to do next to limit the damage from your identity theft – and understandably so! Why not make a contract with IDCARE? It’s a free service dedicated to assisting victims of identity theft – both individuals and organisations – in Australia and New Zealand.
How Do We Talk To Our Kids About It?
If there is one thing I have learned in my 20+ years of parenting, it is this. If you want to get your kids ‘onboard’ with an idea or a plan, you need to take the time to explain the ‘why’. There is absolutely no point in asking or telling them to do something without such an explanation. It is also imperative that you don’t lecture them. And the final ingredient? Some compelling statistics or research – ideally with a diagram – my boys always respond well to a visual!
So, if you haven’t yet had the identity theft chat with your kids then I recommend not delaying it any further. And here’s how I’d approach it.
Firstly, ensure you are familiar with the issue. If you understand everything I’ve detailed above then you’re in good shape.
Secondly, arm yourself with relevant statistics. Check out the ones I have included above. Why not supplement this with a few relevant news stories that may resonate with them? This is your ‘why’.
Thirdly, focus on prevention. This needs to be the key focus. But don’t badger or lecture them. Perhaps tell them what you will be doing to minimise the risk – see below for your key ‘hot tips’ – you’re welcome!
What You Can Do To Manage Identity Theft?
There are a few key things that you can today that will both minimise your risk of becoming a victim and the consequences if you happen to be caught up in a large data breach.
1. Passwords
Managing passwords for your online accounts is one of the best risk management strategies for identity theft. I know it’s tedious, but I recommend creating a unique and complex 10+ digit password for each of your online accounts. Tricky passwords make it harder for someone to get access to your account. And, if you use the same log-in details for each of your online accounts – and your details are either leaked in a data breach or stolen – then you could be in a world of pain. So, take the time to get your passwords sorted out.
2. Think Before You Post
Sharing private information about your life on social media makes it much easier for a scammer to steal your identity. Pet names, holiday destination and even special dates can provide clues for passwords. So, lock your social media profiles down and ensure your privacy settings are on.
3. Be Proactive – Monitor Your Identity Online
Imagine how good it would be if you could be alerted when your personal identifying information was found on the Dark Web? Well, this is now a reality! McAfee’s latest security offering entitled McAfee+ will not only protect you against threats but provide 24/7 monitoring of your personal details so it can alert you if your information is found on the Dark Web. And if your details are found, then advice and help may also be provided to remedy the situation. How good!!
4. Using Public Computers and Wi-Fi With Caution
Ensuring you always log out of a shared computer is an essential way of keeping prying eyes away from your personal identifying information. And always be super careful with public Wi-Fi. I only use it if I am desperate and I never conduct any financial transactions, ever! Cybercriminals can ‘snoop’ on public Wi-Fi to see what’s being shared, they can stage ‘Man in The Middle Attacks’ where they eavesdrop on your activity, or they can lure you to use their trustworthy sounding Wi-Fi network – designed purely to extract your private information!
5. Monitor Your Bank Accounts
Why not make a habit of regularly checking your bank accounts? And if you find anything that doesn’t look right contact your bank immediately to clarify. It’s always best to know if there is a problem so you can address it right away.
With so many Aussies affected by data breaches and identity theft, it’s essential that our kids are armed with good information so they can protect themselves as best as possible. Why not use your next family dinner to workshop this issue with them?
Till Next Time
Stay Safe Online
Alex
The post How to Talk To Your Kids About Identity Theft appeared first on McAfee Blog.
Chocolate chip, oatmeal raisin, snickerdoodle: Cybercriminals have a sweet tooth just like you. But their favorite type of cookie is of the browser variety.
Browser cookies – often just referred to as cookies – track your comings and goings on websites. And when a cyber thief gets their mitts on your browser cookies, it can open all kinds of doors into your online accounts.
The first step to protecting your devices and online privacy from criminals is to understand their schemes. Here are the key terms you need to know about cookie theft plus how to keep malicious software off your devices.
Cookie theft can happen to anyone. Knowing the basics of this cyberscheme may help you better protect your online life:
Cookies thieves are generally motivated by the financial gains of breaking into people’s online accounts. Banking, social media, and online shopping accounts are full of valuable personal and financial details that a cybercriminal can either sell on the dark web or use to impersonate you and steal your identity.
Malware is generally the vehicle cybercriminals use to steal cookies. Once the malicious software gets onto a device, the malware is trained to copy a new cookie’s data and send it to the cybercriminal. Then, from their own machine, the cybercriminal can input that data and start a new session with the target’s stolen data.
There was a stretch of a few years where cookie thieves targeted high-profile YouTube influencers with malware spread through fake collaboration deals and crypto scams. The criminals’ goal was to steal cookies to sneak into the backend of the YouTube accounts to change passwords, recovery emails and phone numbers, and bypass two-factor authentication to lock the influencers out of their accounts.1
But you don’t have to have a valuable social media account to draw the eye of a cybercriminal. “Operation Cookie Monster” dismantled an online forum that sold stolen login information for millions of online accounts gained through cookie theft.2
To keep your internet cookies out of the hands of criminals, it’s essential to practice safe browsing habits. These four tips will go a long way toward keeping your accounts out of the reach of cookie thieves and your devices free from malicious software.
McAfee+ is an excellent partner to help you secure your devices and digital life. McAfee+ includes a safe browsing tool to alert you to suspicious websites, a password manager, identity monitoring, and more.
The next time you enjoy a cookie, spare a moment to think of cookies of the digital flavor: clear your cache if you haven’t in awhile, doublecheck your devices and online accounts for suspicious activity, and savor the sweetness of your digital privacy!
1The Hacker News, “Hackers Stealing Browser Cookies to Hijack High-Profile YouTube Accounts”
2CNN, “‘Operation Cookie Monster:’ FBI seizes popular cybercrime forum used for large-scale identity theft”
The post How to Keep Cybercriminals Out of Your Accounts appeared first on McAfee Blog.
Whether or not you’re much into online banking, protecting yourself from bank fraud is a must.
Online banking is well on its way to becoming a cornerstone of the banking experience overall. More and more transactions occur over the internet rather than at a teller’s window, and nearly every account has a username, password, and PIN linked with it. And whether you use your online banking credentials often or not, hackers and scammers still want to get their hands on them.
The fact is, online banking is growing and is here to stay. No longer a novelty, online banking is an expectation. Today, 78% of adults in the U.S. prefer to bank online. Meanwhile, only 29% prefer to bank in person. Further projections estimate that more than 3.6 billion people worldwide will bank online, driven in large part by online-only banks.
There’s no doubt about it. We live in a world where banking, shopping, and payments revolve around a username and password. That’s quite a bit to take in, particularly if your first experiences with banking involved walking into a branch, getting a paper passbook, and maybe even a free toaster for opening an account.
So, how do you protect yourself? Whether you use online banking regularly or sparingly, you can protect yourself from being the victim of fraud by following a few straightforward steps.
Start here. Passwords are your first line of defense. However, one thing that can be a headache is the number of passwords we have to juggle—a number that seems like it’s growing every day. Look around online and you’ll see multiple studies and articles stating that the average person has upwards of 80 to manage. Even if you have only a small percentage of those, strongly consider using a password manager. A good choice will generate strong, unique passwords for each of your accounts and store them securely for you.
In general, avoid simple passwords that people can guess or easily glean from other sources (like your birthday, your child’s birthday, the name of your pet, and so on). Additionally, make them unique from account to account. That can save you major headaches if one account gets compromised and a hacker tries to use the same password on another account.
If you want to set up your own passwords, check out this article on how you can make them strong and unique.
What exactly is two-factor authentication? It’s an extra layer of defense for your accounts. In practice, it means that in addition to providing a password, you also receive a special one-time-use code to access your account. That code might be sent to you via email or to your phone by text. In some cases, you can also receive that code by a call to your phone. Basically, two-factor authentication combines two things: something you know, like your password; and something you have, like your smartphone. Together, that makes it tougher for scammers to hack into your accounts.
Two-factor authentication is practically a standard, so much so that you already might be using it right now when you bank or use certain accounts. If not, you can see if your bank offers it as an option in your settings the next time you log in. Or, you can contact your bank for help to get it set up.
Phishing is a popular way for crooks to steal personal information by way of email, where a crook will look to phish (“fish”) personal and financial information out of you. No two phishing emails look alike. They can range from a request from a stranger posing as a lawyer who wants you to help with a bank transfer—to an announcement about (phony) lottery winnings. “Just send us your bank information and we’ll send your prize to you!” Those are a couple of classics. However, phishing emails have become much more sophisticated in recent years. Now, slicker hackers will pose as banks, online stores, and credit card companies, often using well-designed emails that look almost the same as the genuine article.
Of course, those emails are fakes. The links they embed in those emails lead you to them, so they can steal your personal info or redirect a payment their way. One telltale sign of a phishing email is if the sender used an address that slightly alters the brand name or adds to it by tacking extra language at the end of it. If you get one of these emails, don’t click any of the links. Contact the institute in question using a phone number or address posted on their official website. This is a good guideline in general. The best avenue of communication is the one you’ve used and trusted before.
It might seem a little traditional, yet criminals still like to use the phone. In fact, they rely on the fact that many still see the phone as a trusted line of communication. This is known as “vishing,” which is short for “voice phishing.” The aim is the same as it is with phishing. The fraudster is looking to lure you into a bogus financial transaction or attempting to steal information, whether that’s financial, personal, or both. They might call you directly, posing as your bank or even as tech support from a well-known company, or they might send you a text or email that directs you to call their number.
For example, a crook might call and introduce themselves as being part of your bank or credit card company with a line like “there are questions about your account” or something similar. In these cases, politely hang up. Next, call your bank or credit card company to follow up on your own. If the initial call was legitimate, you’ll quickly find out and can handle the issue properly. If you get a call from a scammer, they can be very persuasive. Remember, though. You’re in charge. You can absolutely hang up and then follow up using a phone number you trust.
There’s a good reason not to use public Wi-Fi: it’s not private. They’re public networks, and that means they’re unsecure and shared by everyone who’s using it, which allows hackers to read any data passing along it like an open book. That includes your accounts and passwords if you’re doing any banking or shopping on it. The best advice here is to wait and handle those things at home if possible. (Or connect to public Wi-Fi with a VPN service, which we’ll cover below in a moment.)
If not, you can always use your smartphone’s data connection to create a personal hotspot for your laptop, which will be far more secure. Another option is to use your smartphone alone. With a combination of your phone’s data connection and an app from your bank, you can take care of business that way instead of using public Wi-Fi. That said, be aware of your physical surroundings too. Make sure no one is looking over your shoulder!
Some basic digital hygiene will go a long way toward protecting you even more—not only your banking and finances, but all the things you do online as well. The following quick list can help:
The post How to Protect Yourself from Bank Fraud appeared first on McAfee Blog.
If you’re a LinkedIn user, log in now and strengthen your security. Reports indicate that LinkedIn accounts are under attack.
First brought to light by Cyberint, LinkedIn users have taken to social media with word that their accounts have been frozen or outright hacked. In some cases, users received ransom notes for the return of their hacked accounts.
It appears that LinkedIn is weathering a wave of brute-force attacks. This type of attack works much like it sounds—hackers try to force their way into accounts by guessing passwords. With powerful hacking apps, they can guess millions of passwords in seconds.
As a result, one of two things is happening:
Given the scope, scale, and consistent use of the rambler.ru domain, this has all the signs of an organized attack. As of this writing, no group has claimed credit.
If any event underscores the need for strong, unique passwords, this is it.
Given today’s computing power, the password generators hackers use for brute force attacks can create millions of passwords in seconds. Weak passwords have no chance against them. It’s a simple matter of statistics.
Consider a password that uses eight numbers, uppercase and lowercase letters, and symbols. Sounds pretty strong, right? Unfortunately, a brute force attack might crack that password in as fast as one second.
Password Length(Using numbers, uppercase and lowercase letters, and symbols) |
Time to Crack the Password |
| 8 | One Second |
| 12 | Eight Months |
| 16 | 16 Million Years |
However, increase that password length to twelve numbers, uppercase and lowercase letters, and symbols—it’d that eight months to crack that password. Bump it up to 16, and it would take 16 million years. The longer it is, the more complex it is. And thus tougher to crack. It’s the difference between one second and 16 million years. And if a hacker’s brute force attack on one password takes too long, it’ll simply move onto the next one.
Log into your LinkedIn account now and verify that it’s indeed secure. Then, take the following steps:
Fourteen characters? Even up to 16 characters? How do you create that without just mashing on your keyboard? (Not recommended.) A layered password can do the work. It’s a way of creating a phrase and turning it into a strong, unique password that you can still remember.
Now, you have a 17-character password that challenges hackers and that’s still something you can remember.
Granted, creating strong, unique passwords for dozens and dozens of accounts can take a bit of time. (To put it mildly.) It can take yet more time if you manage them, such as if change them regularly (which can help protect you from data breaches and brute force attacks like this one at LinkedIn). Here, a password manager can help.
A password manager can create, memorize, and store strong, unique passwords. It’ll use the random numbers, letters, and characters we mentioned earlier. The passwords won’t be memorable, but the manager does the memorizing for you. You can also use it to update passwords regularly. In a time of data breaches, this offers you extra protection. Taken together, every account you have gets powerful password protection when you hand the job over to a password manager.
This wave of attacks reminds us just how powerful, or weak, our passwords can be. A strong, unique password in conjunction with two-factor authentication stands as your best defense as LinkedIn weathers these attacks. Strengthen your security.
Strengthen your other accounts as well. Hackers target websites and platforms of all sizes, and not every attack makes the headlines. Strong security measures for each of your accounts will protect you best if you end up as a hacker’s target.
The post How to Protect Your LinkedIn Account appeared first on McAfee Blog.
Spotting fake news in your feed has always been tough. Now it just got tougher, thanks to AI.
Fake news crops up in plenty of places on social media. And it has for some time now. In years past, it took the form of misleading posts, image captions, quotes, and the sharing of outright false information in graphs and charts. Now with the advent of AI, we see fake news taken to new levels of deception:
All of it’s out there. And knowing how to separate truth from fact has never been of more importance, particularly as more and more people get their news via social media.
Pew Research found that about a third of Americans say they regularly get their news from Facebook and nearly 1 in 4 say they regularly get it from YouTube. Moreover, global research from Reuters uncovered that more people primarily get their news from social media (30%) rather than from an established news site or app (22%). This marks the first time that social media has toppled direct access to news.
Yet, you can spot fake news. Plenty of it.
The process starts with a crisp definition of what fake news is, followed by the forms it takes, and then a sense of what the goals behind it are. With that, you can apply a critical eye and pick out the telltale signs.
We’ll cover it all here.
A textbook definition of fake news goes something like this:
A false news story, fabricated with no verifiable facts, and presented in a way to appear as legitimate news.
As for its intent, fake news often seeks to damage the reputation of an individual, institution, or organization. It might also spout propaganda or attempt to undermine established facts.
That provides a broad definition. Yet, like much fake news itself, the full definition is much more nuanced. Within fake news, you’ll find two categories: disinformation and misinformation:
From there, fake news gets more nuanced still. Misinformation and disinformation fall within a range. Some of it might appear comical, while other types might have the potential to do actual harm.
Dr. Claire Wardle, the co-director of the Information Futures Lab at Brown University, cites seven types of misinformation and disinformation on a scale as visualized below:
Source – FirstDraftNews.org and Brown University
Put in a real-life context, you can probably conjure up plenty of examples where you’ve seen. Like clickbait-y headlines that link to letdown articles with little substance. Maybe you’ve seen a quote pasted on the image of a public figure, a quote that person never made. Perhaps an infographic, loaded with bogus statistics and attributed to an organization that doesn’t even exist. It can take all forms.
The answers here vary as well. Greatly so. Fake news can begin with a single individual, groups of like-minded individuals with an agenda, and it can even come from operatives for various nation-states. As for why, they might want to poke fun at someone, drive ad revenue through clickbait articles, or spout propaganda.
Once more, a visualization provides clarity in this sometimes-murky mix of fake news:
Source – FirstDraftNews.org and Brown University
In the wild, some examples of fake news and the reasons behind it might look like this:
Perhaps a few of these examples ring a bell. You might have come across some where you weren’t exactly sure if it was fake news or not.
The following tools can help you know for sure.
Some of the oldest advice is the best advice, and that holds true here: consider the source. Take time to examine the information you come across. Look at its source. Does that source have a track record of honesty and dealing plainly with the facts?
This falls under a similar category as “consider the source.” Plenty of fake news will take an old story and repost it or alter it in some way to make it appear relevant to current events. In recent years, we’ve seen fake news creators slap a new headline on a new photo, all to make it seem like it’s something current. Once again, a quick search can help you tell if it’s fake or not. Try a reverse image search and see what comes up. Is the photo indeed current? Who took it? When? Where?
Has a news story you’ve read or watched ever made you shake your fist at the screen or want to clap and cheer? How about something that made you fearful or simply laugh? Bits of content that evoke strong emotional responses tend to spread quickly, whether they’re articles, a post, or even a tweet. That’s a ready sign that a quick fact check might be in order. The content is clearly playing to your biases.
There’s a good reason for that. Bad actors who wish to foment unrest, unease, or spread disinformation use emotionally driven content to plant a seed. Whether or not their original story gets picked up and viewed firsthand doesn’t matter to these bad actors. Their aim is to get some manner of disinformation out into the ecosystem. They rely on others who will re-post, re-tweet, or otherwise pass it along on their behalf—to the point where the original source of the information gets completely lost. This is one instance where people readily begin to accept certain information as fact, even if it’s not factual at all.
Certainly, some legitimate articles will generate a response as well, yet it’s a good habit to do a quick fact check and confirm what you’ve read.
A single information source or story won’t provide a complete picture. It might only cover a topic from a certain angle or narrow focus. Likewise, information sources are helmed by editors and stories are written by people—all of whom have their biases, whether overt or subtle. It’s for this reason that expanding your media diet to include a broad range of information sources is so important.
So, see what other information sources have to say on the same topic. Consuming news across a spectrum will expose you to thoughts and coverage you might not otherwise get if you keep your consumption to a handful of sources. The result is that you’re more broadly informed and can compare different sources and points of view. Using the tips above, you can find other reputable sources to round out your media diet.
Additionally, for a list of reputable information sources, along with the reasons they’re reputable, check out “10 Journalism Brands Where You Find Real Facts Rather Than Alternative Facts” published by Forbes and authored by an associate professor at The King’s College in New York City. It certainly isn’t the end all, be all of lists, yet it should provide you with a good starting point.
De-bunking fake news takes time and effort. Often a bit of digging and research too. Professional fact-checkers at news and media organizations do this work daily. Posted for all to see, they provide a quick way to get your answers. Some fact-checking groups include:
As AI continues its evolution, it gets trickier and trickier to spot it in images, video, and audio. Advances in AI give images a clarity and crispness that they didn’t have before, deepfake videos play more smoothly, and voice cloning gets uncannily accurate.
Yet even with the best AI, scammers often leave their fingerprints all over the fake news content they create. Look for the following:
AI fakes usually don’t appear by themselves. There’s often text or a larger article around them. Inspect the text for typos, poor grammar, and overall poor composition. Look to see if the text even makes sense. And like legitimate news articles, does it include identifying information—like date, time, and place of publication, along with the author’s name.
Does the image seem too bizarre to be real? Too good to be true? Today, “Don’t believe everything you read on the internet,” now includes “Don’t believe everything you see on the internet.” If a fake news story is claiming to be real, search for the headline elsewhere. If it’s truly noteworthy, other known and reputable sites will report on the event—and have done their own fact-checking.
The bulk of AI technology still renders fingers and hands poorly. It often creates eyes that might have a soulless or dead look to them—or that show irregularities between them. Also, shadows might appear in places where they look unnatural. Further, the skin tone might look uneven. In deepfaked videos, the voice and facial expressions might not exactly line up, making the subject look robotic and stiff.
The fact is that fake news isn’t going anywhere. It’s a reality of going online. And AI makes it tougher to spot.
At least at first glance. The best tool for spotting fake news is a fact-check. You can do the work yourself, or you can rely on trusted resources that have already done the work.
This takes time, which people don’t always spend because social platforms make it so quick and easy to share. If we can point to one reason fake news spreads so quickly, that’s it. In fact, social media platforms reward such behavior.
With that, keep an eye on your own habits. We forward news in our social media feeds too—so make sure that what you share is truthful too.
Plenty of fake news can lure you into sketchy corners of the internet. Places where malware and phishing sites take root. Consider using comprehensive online protection software with McAfee+ to keep safe. In addition to several features that protect your devices, privacy, and identity, they can warn you of unsafe sites too. While it might not sniff out AI content (yet), it offers strong protection against bad actors who might use fake news to steal your information or harm your data and devices.
The post How to Spot Fake News in Your Social Media Feed appeared first on McAfee Blog.
Some scams make a telltale sound—rinnng, rinnng! Yup, the dreaded robocall. But you can beat them at their game.
Maybe it’s a call about renewing an extended warranty on your car (one you don’t have). Or maybe the robocaller offers up a debt relief service with a shockingly low rate. Calls like these can get annoying real quick. And they can also be scams.
In the U.S., unwanted calls rank as the top consumer complaint reported to the Federal Communications Commission (FCC). Partly because scammers have made good use of spoofing technologies that serve up phony caller ID numbers. As a result, that innocent-looking phone number might not be innocent at all.
Whether the voice on the other end of the smartphone is recorded or an actual person, the intent behind the call is likely the same—to scam you out of your personal information, money, or both. Callers such as these might impersonate banks, government agencies, insurance companies, along with any number of other organizations. Anything that gives them an excuse to demand payment, financial information, or ID numbers.
And some of those callers can sound rather convincing. Others, well, they’ll just get downright aggressive or threatening. One of the most effective tools these scam calls use is a sense of urgency and fear, telling you that there’s a problem right now and they need your information immediately to resolve whatever bogus issue they’ve come up with. That right there is a sign you should take pause and determine what’s really happening before responding or taking any action.
Whatever form these unwanted calls take, there are things you can do to protect yourself and even keep you from getting them in the first place. These tips will get you started:
This straightforward piece of advice can actually get a little tricky. We mentioned spoofing, and certain forms of it can get rather exact. Sophisticated spoofing can make a call appear to come from someone you know. Yet more run-of-the-mill spoofing will often use a form of “neighbor spoofing.” The scammers will use a local area code or the same prefix of your phone number to make it seem more familiar. In short, you might answer one of these calls by mistake. If you do answer, never say “yes.” Similarly sophisticated scammers will record a victim’s voice for use in other scams. That can include trying to hack into credit card accounts by using the company’s phone tree. Recordings of slightly longer lengths can also lead to voice cloning using AI-driven tools. In fact, three seconds of audio is all it takes in some cases to clone a voice with up to 70% accuracy.
Apple and Android phones have features you can enable to silence calls from unknown numbers. Apple explains call silencing here, and Android users can silence spam calls as well. Note that these settings might silence calls you otherwise might want to take. Think about when your doctor’s office calls or the shop rings you with word that your car is ready. Cell phone carriers offer blocking and filtering services as well. Carriers often offer this as a basic service by default. Yet if you’re unsure if you’re covered, contact your carrier.
So, let’s say you let an unknown call go through to voicemail. The call sounds like it’s from a bank or business with news of an urgent matter. If you feel the need to confirm, get a legitimate customer service number from a statement, bill, or website of the bank or business in question so you can verify the situation for yourself. Calling back the number captured by your phone or left in a voicemail can play right into the hands of a scammer.
As you can see, scammers love to play the role of an imposter and will tell you there’s something wrong with your taxes, your account, or your bank statement. Some of them can be quite convincing, so if you find yourself in a conversation where you don’t feel comfortable with what’s being said or how it’s being said, hang up and follow up the bank or business as called out above. In all, look out for pressure or scare tactics and keep your info to yourself.
Several nations provide such a service, effectively a list that legitimate businesses and telemarketers will reference before making their calls. While this might not prevent scammers from ringing you up, it can cut down on unsolicited calls in general. For example, the U.S., Canada, and the UK each offer do not call registries.
Scammers and spammers got your number somehow. Good chance they got it from a data broker site. Data brokers collect and sell personal information of thousands and even millions of individuals. They gather them from public sources, public records, and from third parties as well—like data gathered from smartphone apps and shopping habits from supermarket club cards. And for certain, phone numbers are often in that mix. Our Personal Data Cleanup can help. It scans some of the riskiest data broker sites and shows you which ones are selling your personal info. From there, it guides you through the removal process and can even manage the removal for you in select plans.
Hop onto the app stores out there and you’ll find several call blocking apps, for free or at low cost. While these apps can indeed block spam calls, they might have privacy issues. Which is ironic when you’re basically trying to protect your privacy with these apps in the first place.
These apps might collect information, such as your contact list, usage data, and other information about your phone. As with any app, the key resides in the user agreement. It should tell you what information the app might collect and why. It should also tell you if this information is shared with or sold to third parties.
What’s at risk? Should the app developers get hit with a data breach, that information could end up in the wild. In cases where information is sold to analytics companies, the information might end up with online data brokers.
Pay particularly close attention to free apps. How are they making their money? There’s a fine chance that data collection and sale might generate their profits. At some expense to your privacy.
Given that your privacy is at stake, proceed with caution if you consider this route.
A quieter phone is a happy phone, at least when it comes to annoying robocalls.
While blocking 100% of them remains an elusive goal, you can reduce them greatly with the steps mentioned here. Thankfully, businesses, legislators, and regulatory agencies have taken steps to make it tougher for scammers to make their calls. A combination of technology and stiffer penalties has seen to that. Taken all together, these things work in your favor and can help you beat robocallers at their game.
The post How to Beat Robocallers at Their Game appeared first on McAfee Blog.
What does a hacker want with your social media account? Plenty.
Hackers hijack social media accounts for several reasons. They’ll dupe the victim’s friends and followers with scams. They’ll flood feeds with misinformation. And they’ll steal all kinds of personal information—not to mention photos and chats in DMs. In all, a stolen social media account could lead to fraud, blackmail, and other crimes.
Yet you have a strong line of defense that can prevent it from happening to you: multi-factor authentication (MFA).
MFA goes by other names, such as two-factor authentication and two-step verification. Yet they all boost your account security in much the same way. They add an extra step or steps to the login process. Extra evidence to prove that you are, in fact, you. It’s in addition to the usual username/password combination, thus the “multi-factor” in multi-factor authentication.
Examples of MFA include:
With MFA, a hacker needs more than just your username and password to weasel their way into your account. They need that extra piece of evidence required by the login process, which is something only you should have.
This stands as a good reminder that you should never give out the information you use in your security questions—and to never share your one-time security codes with anyone. In fact, scammers cobble up all kinds of phishing scams to steal that information.
Major social media platforms offer MFA, although they might call it by other names. As you’ll see, several platforms call it “two-factor authentication.”
Given the way that interfaces and menus can vary and get updated over time, your best bet for setting up MFA on your social media accounts is to go right to the source. Social media platforms provide the latest step-by-step instructions in their help pages. A simple search for “multi-factor authentication” and the name of your social media platform should readily turn up results.
For quick reference, you can find the appropriate help pages for some of the most popular platforms here:
Another important reminder is to check the URL of the site you’re on to ensure it’s legitimate. Scammers set up all kinds of phony login and account pages to steal your info. Phishing scams like those are a topic all on their own. A great way you can learn to spot them is by giving our Phishing Scam Protection Guide a quick read. It’s part of our McAfee Safety Series, which covers a broad range of topics, from romance scams and digital privacy to online credit protection and ransomware.
In many ways, your social media account is an extension of yourself. It reflects your friendships, interests, likes, and conversations. Only you should have access to that. Putting MFA in place can help keep it that way.
More broadly, enabling MFA across every account that offers it is a smart security move as well. It places a major barrier in the way of would-be hackers who, somehow, in some way, have ended up with your username and password.
On the topic, ensure your social media accounts have strong, unique passwords in place. The one-two punch of strong, unique passwords and MFA will make hacking your account tougher still. Wondering what a strong, unique password looks like? Here’s a hint: a password with eight characters is less secure than you might think. With a quick read, you can create strong, unique passwords that are tough to crack.
Lastly, consider using comprehensive online protection software if you aren’t already. In addition to securing your devices from hacks and attacks, it can help protect your privacy and identity across your travels online—both on social media and off.
The post How to Protect Your Social Media Passwords from Hacks and Attacks appeared first on McAfee Blog.
When it comes to protecting your privacy, take a close look at your social media use—because sharing can quickly turn into oversharing.
The term “oversharing” carries several different definitions. Yet in our case here, oversharing means saying more than one should to more people than they should. Consider the audience you have across your social media profiles. Perhaps you have dozens, if not hundreds of friends and followers. All with various degrees of closeness and familiarity. Who among them can you absolutely trust with the information you share?
And you might be sharing more than you think. Posts have a way of saying more than one thing, like:
“This is the pool at the rental home I’m staying at this week. Amazing!” Which also tells everyone, “My home is empty for the next few days.”
“I can’t start my workday without a visit to my favorite coffeeshop.” Which also says, “If you ever want to track me down in person, you can find me at this location practically any weekday morning.”
One can quickly point to other examples of oversharing. Unintentional oversharing at that.
A first-day-of-school picture can tell practical strangers which elementary school your children attend, say if the picture includes the school’s reader board in it. A snapshot of you joking around with a co-worker might reveal a glimpse of company information. Maybe because of what’s written on the whiteboard behind the two of you. And in one extreme example, there’s the case an assault on a pop star. Her attacker tracked her down through her selfie, determining her location through the reflection in her eyes.
The list goes on.
That’s not to say “don’t post.” More accurately, it’s “consider what you’re posting and who gets to see it.” You have control over what you post, and to some degree, who gets to see those posts. That combination is key to your privacy—and the privacy of others too.
Social media platforms like Facebook, Instagram, and others give you the option of making your profile and posts visible to friends only. Choosing this setting keeps the broader internet from seeing what you’re doing, saying, and posting—not to mention your relationships and likes. Taking a “friends only” approach to your social media profiles can help protect your privacy, because that gives a possible scammer or stalker much less material to work with. Yet further, some platforms allow you to create sub-groups of friends and followers. With a quick review of your network, you can create a sub-group of your most trusted friends and restrict your posts to them as needed.
Be critical of the invitations you receive. Out-and-out strangers might be more than just a stranger. They might be a fake account designed to gather information on users for purposes of fraud. There are plenty of fake accounts too. In fact, in Q1 of 2023 alone, Facebook took action on 426 million fake accounts. Reject such requests.
Think about posting those vacation pictures after you get back so people don’t know you’re away when you’re away. Also consider if your post pinpoints where you are or where you go regularly. Do you want people in your broader network to know that? Closely review the pics you take and see if there’s any revealing information in the background. If so, you can crop it out (think notes on a whiteboard, reflections in a window, or revealing location info). Further, ask anyone you want to include in their post for their permission. In all, consider their privacy too.
While we’re on the topic, you can take a few other steps that can make you more private online. In addition to your social media usage, other steps can help keep more of your private and personal information with you—where it belongs:
Granted, “social” is arguably the opposite of “private.” Using social media involves sharing, by its very definition. Yet any oversharing can lead to privacy issues.
Maybe you want close friends to know what’s going on, but what about that so-so acquaintance deep in your friends list? How well do you really know them? And to what extent do you want them to know exacting details about where you are, where your kids go to school, and so on? Those are questions you ultimately must answer, and ultimately have some control over depending on what you share on social media.
Also important to consider is this: if you post anything on the internet, consider it front page news. Even with social media privacy settings in place, there’s no guarantee that someone won’t copy your posts or pics and pass them along to others.
The flipside to the topic of social media and privacy is the platform you’re using. It’s no secret that social media companies gather hosts of personal information about their users in exchange for free use of their platforms. Certainly, that’s a topic unto itself. We cover what social media companies know about you in this article here—along with a few steps that can help you limit what they know as well.
When it comes to your privacy and social media, it depends largely on how you use it. How you use various privacy and audience settings offers one way to manage it. The other is you and the information you put out there for others to see.
The post How to Help Protect Your Online Privacy appeared first on McAfee Blog.
While we’re enjoying all the good things in our digital lives—our eBooks, movies, email accounts, social media profiles, eBay stores, photos, online games, and more—there’ll come a time we should ask ourselves, What happens to all of this good stuff when I pass away?
Like anything else we own, those things can be passed along through our estates too. Some of it, anyway.
With the explosion of digital media, commerce, and even digital currency too, there’s a very good chance you have thousands of dollars of digital assets in your possession. For example, we can look at research we conducted in 2011 which found that people placed an average value of $37,438 on the digital assets they owned at the time. Now, with the growth of streaming services, digital currency, cloud storage, and more in the past decade, that figure feels conservative.
Enter the notion of a digital legacy, the way you can catalog your digital assets and prepare to pass them through your estate.
Like so many aspects of digital life nowadays, estate planning law has started to catch up to the new realities of life online. However, attorneys, executors, and heirs still face some challenges when dealing with an estate and its digital assets. In the U.S., new laws are rolling out that address how digital assets are treated when the owner passes away. For example, they give fiduciaries (like an estate executor, trustee, or an agent under a power of attorney) the right to manage a person’s digital assets if they already have the right to manage a person’s tangible assets. Such laws continue to evolve, and they can vary from state to state here in the U.S.
With that in mind, nothing offered in this article is legal advice, nor should it be construed as such. For legal advice, you can and should turn to your estate attorney for counsel on the best approach for you and the laws in your area. However, consider this article as a sort of checklist that can help you with your estate planning.
Whether your assets have real or sentimental value, you can prepare your estate for the ones you care about.
The best answer you can get to this question will come from your legal counsel. However, for purposes of discussion, a digital asset is any text or media in digital form that has value and offers the bearer with the right to use it.
To frame it up in everyday terms, let’s look at some real-world examples of digital assets that quickly come to mind. They include, but aren’t limited to:
However, digital assets can readily expand to further include:
And as far as your estate is concerned, you can also consider:
That’s quite the list, and it’s not entirely comprehensive, either.
The process of lining up your digital assets begins just like any other aspect of estate planning. List all the digital assets and accounts you own.
From there, you can see what you have and what you’d like to distribute—and what you can distribute. In fact, when it comes to digital, there are some things you can’t pass along. Let’s take a closer look.
Generally speaking, digital assets that you own can be passed along. “Own” is the operative word here. Many digital things we have are in fact licensed to us, which aren’t transferrable. More on that next, yet examples of things you can likely transfer include:
Check with your legal counsel to ensure you’re following the letter of the law in your region. Also look into any licensing agreements you might have for items like internet domain names and airline miles that you have. Sometimes you can transfer these. In other cases, you can’t. Your legal counsel can help determine if they are in fact transferrable.
Transfer is an important topic. As mentioned above, some accounts you hold are licensed to you and you alone. So, they will not transfer. Two of the biggest examples are social media and email accounts. This can have serious repercussions if you don’t leave specific instructions as to how those accounts should be handled after your passing.
For example, do you want your social media profiles to remain online as a memorial or do you want them simply shut down? Note that different social media platforms have different policies for handling the accounts of users who have passed away. For example, Facebook allows for creating memorialized accounts that allow friends and families to continue sharing memories. Policies vary, so check with your social media platforms of choice for specifics.
Likewise, will your executor need access to your email account to handle the estate’s affairs? And what about access to online accounts for paying bills and then ultimately closing those accounts? In all, these are points of discussion to have with an experienced estate attorney who knows the law in your region.
Other things to be aware of are that subscriptions to streaming accounts are likely non-transferrable as well. Often, eBooks and digital publications you own are only licensed to you as the sole owner and can’t be transferred. Check the agreements linked with items like these and have a talk with your attorney about them to determine what can and can’t be done with them.
Another aspect of your digital legacy is your voice. If you’re a blogger or a participant in an online community, you might wish for a fiduciary or family member to leave a farewell post. Additionally, in the case of a blog, you might want to set up some means for your work to stay online or get archived in some manner. Again, you can work with your attorney to leave specific instructions.
You can’t pass assets along if an executor can’t get access to them. A real-life example shows why digital executorship is so vital. Consider the story of the woman who lost family photos after her husband passed away. He kept them in an online storage account to which she had no access. And sadly, the company wouldn’t grant her access after his passing.
This is often the case with many online accounts and services. Legally speaking, the deceased might own the storage account and the media kept within it, yet the cloud storage company owns the servers on which that media is stored. Access by someone other than the deceased might constitute a breach of their privacy policy or user agreements.
One way you can avoid heartbreak like this is to discuss giving your executor access to your accounts. You can consider creating a list of accounts, usernames, and passwords in a sealed letter with instructions that outline your wishes. A sealed letter is important: a will is a public record after you pass away. A separate, sealed letter is not, which makes it a safe place to pass along account information. Again, you can discuss an option such as this with your attorney.
One thing you can do today that can protect your digital assets for the long haul is to use comprehensive security protection. Far more than just antivirus, comprehensive security can store precious and important files securely with encryption, arm all your online accounts with strong passwords, and protect your identity as well. Features like these will help you see to it that your digital legacy is secure.
When the idea of a digital estate plan comes up, a light might go on in your head. “Of course, that makes a lot of sense.” It’s easy to take our digital possessions somewhat for granted, perhaps in a way that we don’t with our physical possessions. Yet as you can see, there’s a good chance that you indeed have a digital legacy to pass along. By getting organized now, you can see to it that your wishes are followed. This checklist can help you get started.
The post How To Protect Your Digital Estate appeared first on McAfee Blog.
There are plenty of phish in the sea.
Millions of bogus phishing emails land in millions of inboxes each day with one purpose in mind—to rip off the recipient. Whether they’re out to crack your bank account, steal personal information, or both, you can learn how to spot phishing emails and keep yourself safe.
And some of today’s phishing emails are indeed getting tougher to spot.
They seem like they come from companies you know and trust, like your bank, your credit card company, or services like Netflix, PayPal, and Amazon. And some of them look convincing. The writing and the layout are crisp, and the overall presentation looks professional. Yet still, there’s still something off about them.
And there’s certainly something wrong with that email. It was written by a scammer. Phishing emails employ a bait-and-hook tactic, where an urgent or enticing message is the bait and malware or a link to a phony login page is the hook.
Once the hook gets set, several things might happen. That phony login page may steal account and personal information. Or that malware might install keylogging software that steals information, viruses that open a back door through which data can get hijacked, or ransomware that holds a device and its data hostage until a fee is paid.
Again, you can sidestep these attacks if you know how to spot them. There are signs.
Let’s look at how prolific these attacks are, pick apart a few examples, and then break down the things you should look for.
<h2>Phishing attack statistics—the millions of attempts made each year.
In the U.S. alone, more than 300,000 victims reported a phishing attack to the FBI in 2022. Phishing attacks topped the list of reported complaints, roughly six times greater than the second top offender, personal data breaches. The actual figure is undoubtedly higher, given that not all attacks get reported.
Looking at phishing attacks worldwide, one study suggests that more than 255 million phishing attempts were made in the second half of 2022 alone. That marks a 61% increase over the previous year. Another study concluded that 1 in every 99 mails sent contained a phishing attack.
Yet scammers won’t always cast such a wide net. Statistics point to a rise in targeted spear phishing, where the attacker goes after a specific person. They will often target people at businesses who have the authority to transfer funds or make payments. Other targets include people who have access to sensitive information like passwords, proprietary data, and account information.
As such, the price of these attacks can get costly. In 2022, the FBI received 21,832 complaints from businesses that said they fell victim to a spear phishing attack. The adjusted losses were over $2.7 billion—an average cost of $123,671 per attack.
So while exacting phishing attack statistics remain somewhat elusive, there’s no question that phishing attacks are prolific. And costly.
<h2>What does a phishing attack look like?
Nearly every phishing attack sends an urgent message. One designed to get you to act.
Some examples …
When set within a nice design and paired some official-looking logos, it’s easy to see why plenty of people click the link or attachment that comes with messages like these.
And that’s the tricky thing with phishing attacks. Scammers have leveled up their game in recent years. Their phishing emails can look convincing. Not long ago, you could point to misspellings, lousy grammar, poor design, and logos that looked stretched or that used the wrong colors. Poorly executed phishing attacks like that still make their way into the world. However, it’s increasingly common to see far more sophisticated attacks today. Attacks that appear like a genuine message or notice.
Case in point:
Say you got an email that said your PayPal account had an issue. Would you type your account information here if you found yourself on this page? If so, you would have handed over your information to a scammer.
We took the screenshot above as part of following a phishing attack to its end—without entering any legitimate info, of course. In fact, we entered a garbage email address and password, and it still let us in. That’s because the scammers were after other information, as you’ll soon see.
As we dug into the site more deeply, it looked pretty spot on. The design mirrored PayPal’s style, and the footer links appeared official enough. Yet then we looked more closely.
Note the subtle errors, like “card informations” and “Configuration of my activity.” While companies make grammatical errors on occasion, spotting them in an interface should hoist a big red flag. Plus, the site asks for credit card information very early in the process. All suspicious.
Here’s where the attackers really got bold.
They ask for bank “informations,” which not only includes routing and account numbers, but they ask for the account password too. As said, bold. And entirely bogus.
Taken all together, the subtle errors and the bald-faced grab for exacting account information clearly mark this as a scam.
Let’s take a few steps back, though. Who sent the phishing email that directed us to this malicious site? None other than “paypal at inc dot-com.”
Clearly, that’s a phony email. And typical of a phishing attack where an attacker shoehorns a familiar name into an unassociated email address, in this case “inc dot-com.” Attackers may also gin up phony addresses that mimic official addresses, like “paypalcustsv dot-com.” Anything to trick you.
Likewise, the malicious site that the phishing email sent us to used a spoofed address as well. It had no official association with PayPal at all—which is proof positive of a phishing attack.
Note that companies only send emails from their official domain names, just as their sites only use their official domain names. Several companies and organizations will list those official domains on their websites to help curb phishing attacks.
For example, PayPal has a page that clearly states how it will and will not contact you. At McAfee, we have an entire page dedicated to preventing phishing attacks, which also lists the official email addresses we use.
Not every scammer is so sophisticated, at least in the way that they design their phishing emails. We can point to a few phishing emails that posed as legitimate communication from McAfee as examples.
There’s a lot going on in this first email example. The scammers try to mimic the McAfee brand, yet don’t pull it off. Still, they do several things to try to act convincing.
Note the use of photography and the box shot of our software, paired with a prominent “act now” headline. It’s not the style of photography we use. Not that people would generally know this. However, some might have a passing thought like, “Huh. That doesn’t really look like what McAfee usually sends me.”
Beyond that, there are a few capitalization errors, some misplaced punctuation, and the “order now” and “60% off” icons look rather slapped on. Also note the little dash of fear it throws in with a mention of “There are (42) viruses on your computer …”
Taken all together, someone can readily spot that this is a scam with a closer look.
This next ad falls into the less sophisticated category. It’s practically all text and goes heavy on the red ink. Once again, it hosts plenty of capitalization errors, with a few gaffes in grammar as well. In all, it doesn’t read smoothly. Nor is it easy on the eye, as a proper email about your account should be.
What sets this example apart is the “advertisement” disclaimer below, which tries to lend the attack some legitimacy. Also note the phony “unsubscribe” link, plus the (scratched out) mailing address and phone, which all try to do the same.
This last example doesn’t get our font right, and the trademark symbol is awkwardly placed. The usual grammar and capitalization errors crop up again, yet this piece of phishing takes a slightly different approach.
The scammers placed a little timer at the bottom of the email. That adds a degree of scarcity. They want you to think that you have about half an hour before you are unable to register for protection. That’s bogus, of course.
Seeing any recurring themes? There are a few for sure. With these examples in mind, get into the details—how you can spot phishing attacks and how you can avoid them altogether.
Just as we saw, some phishing attacks indeed appear fishy from the start. Yet sometimes it takes a bit of time and a particularly critical eye to spot.
And that’s what scammers count on. They hope that you’re moving quickly or otherwise a little preoccupied when you’re going through your email or messages. Distracted enough so that you might not pause to think, is this message really legit?
One of the best ways to beat scammers is to take a moment to scrutinize that message while keeping the following in mind …
Fear. That’s a big one. Maybe it’s an angry-sounding email from a government agency saying that you owe back taxes. Or maybe it’s another from a family member asking for money because there’s an emergency. Either way, scammers will lean heavily on fear as a motivator.
If you receive such a message, think twice. Consider if it’s genuine. For instance, consider that tax email example. In the U.S., the Internal Revenue Service (IRS) has specific guidelines as to how and when they will contact you. As a rule, they will likely contact you via physical mail delivered by the U.S. Postal Service. (They won’t call or apply pressure tactics—only scammers do that.) Likewise, other nations will have similar standards as well.
Scammers also love urgency. Phishing attacks begin by stirring up your emotions and getting you to act quickly. Scammers might use threats or overly excitable language to create that sense of urgency, both of which are clear signs of a potential scam.
Granted, legitimate businesses and organizations might reach out to notify you of a late payment or possible illicit activity on one of your accounts. Yet they’ll take a far more professional and even-handed tone than a scammer would. For example, it’s highly unlikely that your local electric utility will angrily shut off your service if you don’t pay your past due bill immediately.
Gift cards, cryptocurrency, money orders—these forms of payment are another sign that you might be looking at a phishing attack. Scammers prefer these methods of payment because they’re difficult to trace. Additionally, consumers have little or no way to recover lost funds from these payment methods.
Legitimate businesses and organizations won’t ask for payments in those forms. If you get a message asking for payment in one of those forms, you can bet it’s a scam.
Here’s another way you can spot a phishing attack. Take a close look at the addresses the message is using. If it’s an email, look at the email address. Maybe the address doesn’t match the company or organization at all. Or maybe it does somewhat, yet it adds a few letters or words to the name. This marks yet another sign that you might have a phishing attack on your hands.
Likewise, if the message contains a web link, closely examine that as well. If the name looks at all unfamiliar or altered from the way you’ve seen it before, that might also mean you’re looking at a phishing attempt.
Online protection software can protect you from phishing attacks in several ways.
For starters, it offers web protection that warns you when links lead to malicious websites, such as the ones used in phishing attacks. In the same way, online protection software can warn you about malicious downloads and email attachments so that you don’t end up with malware on your device. And, if the unfortunate does happen, antivirus can block and remove malware.
Online protection software like ours can also address the root of the problem. Scammers must get your email address from somewhere. Often, they get it from online data brokers, sites that gather and sell personal information to any buyer—scammers included.
Data brokers source this information from public records and third parties alike that they sell in bulk, providing scammers with massive mailing lists that can target thousands of potential victims. You can remove your personal info from some of the riskiest data broker sites with our Personal Data Cleanup, which can lower your exposure to scammers by keeping your email address out of their hands.
In all, phishing emails have telltale signs, some more difficult to see than others. Yet you can spot them when you know what to look for and take the time to look for them. With these attacks so prevalent and on the rise, looking at your email with a critical eye is a must today.
The post How to Spot Phishing Emails and Scams appeared first on McAfee Blog.
What is a VPN (virtual private network)? And how can it make your time online more secure—and a little more private too? Here we’ll take a look at what a VPN is, what it has to offer, and how that benefits you.
A VPN is an app that you install on your device to help keep your data safe as you browse the internet. When you turn on your VPN app, your device makes a secure connection to a VPN server that routes internet traffic. Securely. This keeps your online activity private on any network, shielding it from prying eyes. Thus, while you’re on a VPN, you can browse and bank with the confidence that your passwords, credentials, and financial information are secure. If any malicious actors attempt to intercept your web traffic, they’ll only see garbled content thanks to your VPN’s encryption functionality.
Every internet connection is assigned a unique set of numbers called an IP address, which is tied to information such as geographic location or an Internet Service Provider (ISP). A VPN replaces your actual IP address to make it look like you’ve connected to the internet from the physical location of the VPN server, rather than your real location. This is just one reason why so many people use VPNs.
To change your IP address, you simply open your VPN app, select the server location you’d like to connect to, and you’re done. You’re now browsing with a new IP address. If you’d like to make sure your IP has changed, open a browser and search for “What’s my IP address” and click on one of the results.
An ideal case for using a VPN is when you’re using public Wi-Fi at the airport, a café, hotel, or just about any place “free Wi-Fi” is offered. The reason being is that these are open networks, and any somewhat enterprising cybercriminal can tap into these networks and harvest sensitive information as a result. One survey showed that 39% of internet users worldwide understand public Wi-Fi is unsafe, yet some users still bank, shop, and do other sensitive things on public Wi-Fi despite the understood risks.
Further, you have your privacy to consider. You can use a VPN to help stop advertisers from tracking you. Searches you perform and websites you visit won’t be traced back to you, which can prevent advertisers from gleaning information about you and your online habits in general. Moreover, some ISPs collect the browsing history of their users and share it with advertisers and other third parties. A VPN can prevent this type of collection as well.
A VPN protects your search history through the secure connection you share. When you search for a website, or type a URL into your navigation bar, your device sends something called a DNS request, which translates the website into the IP address of the web server. This is how your browser can find the website and serve its content to you. By encrypting your DNS requests, a VPN can hide your search habits and history from those that might use that info as part of building a profile of you. This type of info could be used in a wide variety of ways, from legitimately serving targeted ads to nefarious social engineering.
Note that a VPN is quite different and far, far more comprehensive than using “Private Mode” or “Incognito Mode” on your browser. Those modes only hide your search history locally on your device—not from others on the internet, like ISPs and advertisers.
No, a VPN cannot make you anonymous. Not entirely anyway. They help secure what you’re doing, but your ISP still knows when you’re using the internet. They just can’t see what you’re doing, what sites you visit, or how long you’ve been on a site.
Apple’s Private Relay is similar to a VPN in that it changes your IP address so websites you visit can’t tell exactly where you are. It works on iOS and Macs as part of an iCloud+ subscription. Yet there is one important distinction: it only protects your privacy while surfing with the Safari browser.
Per Apple, it works like this:
When Private Relay is enabled, your requests are sent through two separate, secure internet relays. Your IP address is visible to your network provider and to the first relay, which is operated by Apple. Your DNS records are encrypted, so neither party can see the address of the website you’re trying to visit. The second relay, which is operated by a third-party content provider, generates a temporary IP address, decrypts the name of the website you requested, and connects you to the site. All of this is done using the latest internet standards to maintain a high-performance browsing experience while protecting your privacy.
Note that as of this writing, Apple Private Relay is not available in all countries and regions. If you travel somewhere that Private Relay isn’t available, it will automatically turn off and will notify you when it’s unavailable and once more when it’s active again. You can learn more about it here and how you can enable it on your Apple devices.
As mentioned above, Private Relay only works with Safari on iOS and macOS as part of an iCloud+ subscription. Even if you are using an Apple device, a VPN is still a good idea because it will protect the information that your device sends outside of Safari—such as any info passed along by your apps or any other browsers you may use.
An unlimited VPN with bank-grade encryption comes as part of your McAfee+ subscription and provides the security and privacy benefits above with bank-grade encryption. Additionally, it turns on automatically any time you connect to an unsecured Wi-Fi network, which takes the guesswork out of when you absolutely need to use it.
In all, our VPN makes it practically impossible for cybercriminals or advertisers to access so that what you do online remains anonymous, so you can enjoy your time online with confidence.
The post How a VPN Can Make You More Private and Secure appeared first on McAfee Blog.
Who else loves tax season besides accountants? Scammers.
It’s high time of year for online risks here in the U.S. with the onset of tax season, where scammers unleash all manner of scams aimed at taxpayers. The complexity, and even uncertainty, of filing a proper tax return can stir up anxieties like, Have I filed correctly, Did I claim the right deductions, Will I get audited, and Will I get stung with a tax penalty are just a few—and these are the very same anxieties that criminals use as the cornerstone of their attacks.
Yet like so many scams, tax scams give off telltale signs that they’re indeed not on the up-and-up. You have ways you can spot one before you get caught up in one.
In all, we’ve learned to watch our step with the Internal Revenue Service (IRS), so much so that receiving a notification from the IRS can feel like an unwanted surprise. Uh oh, did I do something wrong? However, in reality, less than 2% of returns get audited and most discrepancies or adjustments can get handled easily if addressed promptly.
Still, that wariness of the IRS makes for ripe pickings when it comes to hackers, who prey on people’s fear of audits and penalties. Common scams include email phishing attacks, phone calls from crooks posing as IRS agents, texts claiming there’s a problem with our tax software, and even robocalls that threaten jail time for unpaid back taxes. What’s more, fraudsters can take things a step further by committing identity theft and then filing tax claims in other people’s names.
With that, let’s dig into a list of the top scams winding up on our screens and phones during tax time.
Straight from the authority itself, the IRS publishes its Dirty Dozen, an annual list of the top tax season scams. Year-over-year, many of the same scams make the list, yet new ones continue to crop up as scammers try to take advantage of current events. A couple recent examples include email phishing scams centered around Employee Retention Credits, pandemic relief checks, and federal stimulus checks. Additionally, the IRS has warned filers about disinformation that circulates on social media, such as bogus advice that urges filers to alter their W-2 figures for a better refund. With new scams entering the mix every tax season, the Dirty Dozen offers plenty of good advice that can help you steer clear of scams.
We all know the annoyance of spammy phone calls, whether they’re for phony car warranties, tech support services, or debt collection agencies. During this time of year, you can add phony IRS agents and financial service providers to the list.
The stories that scammers will tell will vary, but they often share common themes:
Another thing they have in common: they each outright ask for money, personal information, and sometimes a combination of both. All of which is an indication of a scam.
For the record, per the IRS, it does not:
Also, per the IRS, they cannot revoke your driver’s license, business license, or immigration status. As noted above, scammers will often weave these threats into their stories. Those threats are entirely empty.
What will the IRS do? Generally, the IRS will first mail a notice to any taxpayer who owes taxes. In some instances, IRS collection employees may make an unannounced visit to your home and properly identify themselves with IRS-issued credentials and a federal ID card. In all cases, the revenue officer will only request required payments by cash, check, certified funds, or money order payable to “United States Treasury.”
As for scam calls that pose as financial services companies or tax preparers, ignore them. If you’re planning to work with a tax pro, do your research and work with a legitimate, accredited individual or organization. The IRS has a great resource that can get you started on your search with its “Directory of Federal Tax Return Preparers.” There you can get a list of qualified tax preparers that are verified by the IRS, which you can narrow down based on their accreditations and distance from your zip code.
Don’t fall for AI tax scams! With the rise of AI technology, it’s becoming harder to spot these fraudulent schemes. In the past, fake voices, accents, and grammar mistakes were obvious red flags. But now, scammers are using AI-generated voices that sound just like your neighbors. They’ll pose as the IRS, offering tax assistance or forgiveness. McAfee’s CTO, Steve Grobman warns that cyber-criminals are even cloning American accents to make their scams more convincing. Last month, McAfee detected over a million suspicious URLs related to tax scams. Protect yourself by using antivirus software and call-blocking apps. But be cautious of phishing attempts through texts, emails, and calls. Scammers may threaten you with back taxes or promise unrealistic zero-tax programs. Remember, the IRS never threatens or contacts you through phone, text, or email. They always send official letters by mail. And they never ask for payment in gift cards, Apple Pay, Crypto, Bitcoin, Venmo, or Zelle. Stay alert and keep your personal information and money safe! Watch the video below from Steve, discussing AI voice scams.
One way you can be sure that someone other than the IRS has reached you is if they contact you by text, messaging app, or social media. The IRS will not contact you in any of these ways. Ignore any such messages, and if your app or platform allows you to report messages or accounts as spam, do so. You can often do it with a simple click or tap.
Another increasingly popular scam on phones is the bogus account alert. The scammer may send a message that says Your account is on hold, or something like We’ve detected unusual activity. During most of the year, scammers will use these messages to pose as online payment platforms, banks, credit card companies, online stores, and streaming services.
Now during tax season, they’ll masquerade as IRS agents or popular tax software companies. Even though the names change, the game remains the same. The text or message will serve up a link so you can “correct the situation,” one that leads to a site that could steal your personal information or otherwise trick you into installing malware on your phone.
As always, don’t click these links. Report them if you can.
Phishing emails pull many of the same tricks that calls, texts, and direct messages do—you’ll simply find them in your inbox instead. The same rules for avoiding other IRS scams apply here. First, note that the IRS will never initiate contact with you via email. Nor will they send you emails about your tax refund or any other sensitive information.
In the past, the IRS has reported that phishing emails often send their victims to lookalike IRS sites that can appear quite convincing. There, victims either receive a prompt to enter their personal and financial information or to download a file that’s laden with malware. Other emails may include attachments, which may be loaded with malware as well.
Delete any such emails you receive. And if you have any concerns, contact your tax professional or the IRS directly. Also, the IRS asks people who receive scam emails to notify them at phishing@irs.gov. This helps the IRS track and prosecute scammers.
Imagine filing your return only to find out it’s already been filed.
A far more serious form of tax-related crime is identity theft, where a scammer uses the victim’s personal information and Social Security number to file a return in the victim’s name—and claim the refund. One particularly painful aspect of identity theft and taxes is that victims often find out only after it occurs or when it’s well underway. For example:
Other signs are related to employment, such as getting assigned an Employer Identification Number even though you didn’t request one, discovering that the IRS shows you received income from an employer you didn’t work for, or finding out that someone has claimed unemployment benefits in your name. Once again, both are signs of full-on identity theft where someone has assumed your identity.
The IRS states that you should always respond to any IRS notice, particularly if you believe it is in error. If you’ve already contacted the IRS about an identity theft issue, you can reach them at 800-908-4490 for further assistance.
Understand that if this form of identity theft occurs to you, it’s highly likely that the scammer has your Social Security number. Report that right away at https://www.ssa.gov/number-card/report-stolen-number if you think your number is being used by someone else.
Your Social Security number ranks at the very top of your most valuable personal information. It unlocks everything from driver’s licenses, photo identification, employment, insurance claims, and of course taxes. Act immediately if you think it’s been compromised.
One way to protect yourself from an identity thief from claiming a return in your name is to file yours before they do. As mentioned, many victims of identity theft find out they’ve been scammed when they receive an IRS notification that their tax claim has already been filed. Simply put, file early.
Another way you can help prevent someone from filing a return in your name is to request a six-digit Identity Protection PIN (IP PIN). Once you receive am IP PIN, the IRS will use it to verify your identity when you file by paper or electronically. It’s good for one calendar year, and you can generate a new one each year for your account. You can request an IP PIN at: https://www.irs.gov/identity-theft-fraud-scams/get-an-identity-protection-pin.
Also, be aware that scammers want your IP PIN as well. Phone calls, emails, or texts asking for it are scams. Outside of including it when filing your return, the IRS will never ask for it. If you are working with a tax professional, only provide it when it comes time to file.
Keeping tabs on your credit report and knowing if your personal information has been compromised in some way can help prevent tax fraud. Together, they can let you know if someone has stolen your identity or if you have personal info on the dark web that could lead to identity theft.
Our credit monitoring service can keep an eye on changes to your credit score, report, and accounts with timely notifications and guidance so you can take action to tackle identity theft.
Our identity monitoring service checks the dark web for your personal info, including email, government IDs, credit card and bank account info, and more—then provides alerts if your data is found on the dark web, an average of 10 months ahead of similar services.
If you fall victim to identity theft, having identity theft protection in place can provide significant relief, both financially and in terms of recovery. Our identity theft coverage & restoration support includes $1 million in funds if it’s determined that you’re a victim, which covers lawyer’s fees, travel expenses, and stolen funds reimbursement—while licensed recovery experts can help you repair your credit and identity. Considering the potential costs in both time and money, identity theft protection can speed and ease recovery.
How’d that scammer get your phone number or email address anyway? Chances are, they pulled that information off a data broker site. Data brokers buy, collect, and sell detailed personal information, which they compile from several public and private sources, such as local, state, and federal records, plus third parties like supermarket shopper’s cards and mobile apps that share and sell user data. Moreover, they’ll sell it to anyone who pays for it, including people who’ll use that information for scams.
You can help reduce those scam texts and calls by removing your information from those sites. Our Personal Data Cleanup scans some of the riskiest data broker sites and shows you which ones are selling your personal info. We also provide guidance on how you can remove your data from those sites and, with select plans, even manage the removal for you—while continuing to scan those sites in case your information reappears.
Comprehensive online protection software can help you on a number of counts. It warns you of suspicious links in emails and texts that could send you to malicious sites. It can further protect you from ransomware attacks, which IRS has also listed amongst its Dirty Dozen. And you can use it to monitor all your transactions across all your financial accounts in one place, which can spot any questionable activity. In all, tax time or otherwise, online protection software is always a strong security move.
A little stress and uncertainty can enter the picture during tax season, and scammers know it. In fact, they prey upon it. They concoct their scams around those feelings, hoping that you’ll take the bait and act quickly without taking the time to scrutinize what they’re saying and what they’re really asking you to do.
Keeping up to date on what the latest scams are, having a good sense of which ones get recycled every year, and putting protections in place can help you avoid getting stung by a scam during tax season.
For yet more information, visit the IRS Tax Scam and Consumer Alert site at: https://www.irs.gov/newsroom/tax-scams-consumer-alerts
The post How to Protect Yourself Against Tax Scams appeared first on McAfee Blog.
Who else loves tax season besides accountants? Scammers.
It’s high time of year for online risks here in the U.S. with the onset of tax season, where scammers unleash all manner of scams aimed at taxpayers. The complexity, and even uncertainty, of filing a proper tax return can stir up anxieties like, Have I filed correctly, Did I claim the right deductions, Will I get audited, and Will I get stung with a tax penalty are just a few—and these are the very same anxieties that criminals use as the cornerstone of their attacks.
Yet like so many scams, tax scams give off telltale signs that they’re indeed not on the up-and-up. You have ways you can spot one before you get caught up in one.
In all, we’ve learned to watch our step with the Internal Revenue Service (IRS), so much so that receiving a notification from the IRS can feel like an unwanted surprise. Uh oh, did I do something wrong? However, in reality, less than 2% of returns get audited and most discrepancies or adjustments can get handled easily if addressed promptly.
Still, that wariness of the IRS makes for ripe pickings when it comes to hackers, who prey on people’s fear of audits and penalties. Common scams include email phishing attacks, phone calls from crooks posing as IRS agents, texts claiming there’s a problem with our tax software, and even robocalls that threaten jail time for unpaid back taxes. What’s more, fraudsters can take things a step further by committing identity theft and then filing tax claims in other people’s names.
With that, let’s dig into a list of the top scams wind up on our screens and phones during tax time.
Straight from the authority itself, the IRS publishes its Dirty Dozen, an annual list of the top tax season scams. Year-over-year, many of the same scams make the list, yet new ones continue to crop up as scammers try to take advantage of current events. A couple recent examples include email phishing scams centered around Employee Retention Credits, pandemic relief checks, and federal stimulus checks. Additionally, the IRS has warned filers about disinformation that circulates on social media, such as bogus advice that urges filers to alter their W-2 figures for a better refund. With new scams entering the mix every tax season, the Dirty Dozen offers plenty of good advice that can help you steer clear of scams.
We all know the annoyance of spammy phone calls, whether they’re for phony car warranties, tech support services, or debt collection agencies. During this time of year, you can add phony IRS agents and financial service providers to the list.
The stories that scammers will tell will vary, but they often share common themes:
Another thing they have in common: they each outright ask for money, personal information, and sometimes a combination of both. All of which is an indication of a scam.
For the record, per the IRS, it does not:
Also per the IRS, they cannot revoke your driver’s license, business licenses, or immigration status. As noted above, scammers will often weave these threats into their stories. Those threats are entirely empty.
What will the IRS do? Generally, the IRS will first mail a notice to any taxpayer who owes taxes. In some instances, IRS collection employees may make an unannounced visit to your home and properly identify themselves with IRS-issued credentials and an federal ID card. In all cases, the revenue officer will only request required payments by cash, check, certified funds, or money order payable to “United States Treasury.”
As for scam calls that pose as financial services companies or tax preparers, ignore them. If you’re planning to work with a tax pro, do your research and work with a legitimate, accredited individual or organization. The IRS has a great resource that can get you started on your search with its “Directory of Federal Tax Return Preparers.” There you can get a list of qualified tax preparers that are verified by the IRS, which you can narrow down based on their accreditations and distance from your zip code.
One way you can be sure that someone other than the IRS has reached you is if they contact you by text, messaging app, or social media. The IRS will not contact you in any of these ways. Ignore any such messages, and if your app or platform allows you to report messages or accounts as spam, do so. You can often do it with a simple click or tap.
Another increasingly popular scam on phones is the bogus account alert. The scammer may send a message that says Your account is on hold, or something like We’ve detected unusual activity. During most of the year, scammers will use these messages to pose as online payment platforms, banks, credit card companies, online stores, and streaming services.
Now during tax season, they’ll masquerade as IRS agents or popular tax software companies. Even though the names change, the game remains the same. The text or message will serve up a link so you can “correct the situation,” one that leads to a site that could steal your personal information or otherwise trick you into installing malware on your phone.
As always, don’t click these links. Report them if you can.
Phishing emails pull many of the same tricks that calls, texts, and direct messages do—you’ll simply find them in your inbox instead. The same rules for avoiding other IRS scams apply here. First, note that the IRS will never initiate contact with you via email. Nor will they send you emails about your tax refund or any other sensitive information.
In the past, the IRS has reported that phishing emails often send their victims to lookalike IRS sites that can appear quite convincing. There, victims either receive a prompt to enter their personal and financial information or to download a file that’s laden with malware. Other emails may include attachments, which may be loaded with malware as well.
Delete any such emails you receive. And if you have any concerns, contact your tax professional or the IRS directly. Also, the IRS asks people who receive scam emails to notify them at phishing@irs.gov. This helps the IRS track and prosecute scammers.
Imagine filing your return only to find out it’s already been filed.
A far more serious form of tax-related crime is identity theft, where a scammer uses the victim’s personal information and Social Security number to file a return in the victim’s name—and claim the refund. One particularly painful aspect of identity theft and taxes is that victims often find out only after it occurs or when it’s well underway. For example:
Other signs are related to employment, such as getting assigned an Employer Identification Number even though you didn’t request one, discovering that the IRS shows you received income from an employer you didn’t work for, or finding out that someone has claimed unemployment benefits in your name. Once again, both are signs of full-on identity theft where someone has assumed your identity.
The IRS states that you should always respond to any IRS notice, particularly if you believe it is in error. If you’ve already contacted the IRS about an identity theft issue, you can reach them at 800-908-4490 for further assistance.
Understand that if this form of identity theft occurs to you, it’s highly likely that the scammer has your Social Security number. Report that right away at https://www.ssa.gov/number-card/report-stolen-number if you think your number is being used by someone else.
Your Social Security number ranks at the very top of your most valuable personal information. It unlocks everything from driver’s licenses, photo identification, employment, insurance claims, and of course taxes. Act immediately if you think it’s been compromised.
One way to protect yourself from an identity thief from claiming a return in your name is to file yours before they do. As mentioned, many victims of identity theft find out they’ve been scammed when they receive an IRS notification that their tax claim has already been filed. Simply put, file early.
Another way you can help prevent someone from filing a return in your name is to request a six-digit Identity Protection PIN (IP PIN). Once you receive am IP PIN, the IRS will use it to verify your identity when you file by paper or electronically. It’s good for one calendar year, and you can generate a new one each year for your account. You can request an IP PIN at: https://www.irs.gov/identity-theft-fraud-scams/get-an-identity-protection-pin.
Also be aware that scammers want your IP PIN as well. Phone calls, emails, or texts asking for it are scams. Outside of including it when filing your return, the IRS will never ask for it. If you are working with a tax professional, only provide it when it comes time to file.
Keeping tabs on your credit report and knowing if your personal information has been compromised in some way can help prevent tax fraud. Together, they can let you know if someone has stolen your identity or if you have personal info on the dark web that could lead to identity theft.
Our credit monitoring service can keep an eye on changes to your credit score, report, and accounts with timely notifications and guidance so you can take action to tackle identity theft.
Our identity monitoring service checks the dark web for your personal info, including email, government IDs, credit card and bank account info, and more—then provides alerts if your data is found on the dark web, an average of 10 months ahead of similar services.
If you fall victim to identity theft, having identity theft protection in place can provide significant relief, both financially and in terms of recovery. Our identity theft coverage & restoration support includes $1 million in funds if it’s determined that you’re a victim, which covers lawyer’s fees, travel expenses, and stolen funds reimbursement—while licensed recovery experts can help you repair your credit and identity. Considering the potential costs in both time and money, identity theft protection can speed and ease recovery.
How’d that scammer get your phone number or email address anyway? Chances are, they pulled that information off a data broker site. Data brokers buy, collect, and sell detailed personal information, which they compile from several public and private sources, such as local, state, and federal records, plus third parties like supermarket shopper’s cards and mobile apps that share and sell user data. Moreover, they’ll sell it to anyone who pays for it, including people who’ll use that information for scams.
You can help reduce those scam texts and calls by removing your information from those sites. Our Personal Data Cleanup scans some of the riskiest data broker sites and shows you which ones are selling your personal info. We also provide guidance on how you can remove your data from those sites and, with select plans, even manage the removal for you—while continuing to scan those sites in case your information reappears.
Comprehensive online protection software can help you on a number of counts. It warns you of suspicious links in emails and texts that could send you to malicious sites. It can further protect you from ransomware attacks, which IRS has also listed among its Dirty Dozen. And you can use it to monitor all your transactions across all your financial accounts in one place, which can spot any questionable activity. In all, tax time or otherwise, online protection software is always a strong security move.
A little stress and uncertainty can enter the picture during tax season, and scammers know it. In fact, they prey upon it. They concoct their scams around those feelings, hoping that you’ll take the bait and act quickly without taking the time to scrutinize what they’re saying and what they’re really asking you to do.
Keeping up to date on what the latest scams are, having a good sense of which ones get recycled every year, and putting protections in place can help you avoid getting stung by a scam at tax season.
For yet more information, visit the IRS Tax Scam and Consumer Alert site at: https://www.irs.gov/newsroom/tax-scams-consumer-alerts
The post How to Stay Safe When Paying Your Taxes to the IRS appeared first on McAfee Blog.
Artificial intelligence (AI) is making its way from high-tech labs and Hollywood plots into the hands of the general population. ChatGPT, the text generation tool, hardly needs an introduction and AI art generators (like Midjourney and DALL-E) are hot on its heels in popularity. Inputting nonsensical prompts and receiving ridiculous art clips in return is a fun way to spend an afternoon.
However, while you’re using AI art generators for a laugh, cybercriminals are using the technology to trick people into believing sensationalist fake news, catfish dating profiles, and damaging impersonations. Sophisticated AI-generated art can be difficult to spot, but here are a few signs that you may be viewing a dubious image or engaging with a criminal behind an AI-generated profile.
To better understand the cyberthreats posed by each, here are some quick definitions:
AI art and deepfake aren’t technologies found on the dark web. Anyone can download an AI art or deepfake app, such as FaceStealer and Fleeceware. Because the technology isn’t illegal and it has many innocent uses, it’s difficult to regulate.
How Do People Use AI Art Maliciously?
It’s perfectly innocent to use AI art to create a cover photo for your social media profile or to pair it with a blog post. However, it’s best to be transparent with your audience and include a disclaimer or caption saying that it’s not original artwork. AI art turns malicious when people use images to intentionally trick others and gain financially from the trickery.
Catfish may use deepfake profile pictures and videos to convince their targets that they’re genuinely looking for love. Revealing their real face and identity could put a criminal catfish at risk of discovery, so they either use someone else’s pictures or deepfake an entire library of pictures.
Fake news propagators may also enlist the help of AI art or a deepfake to add “credibility” to their conspiracy theories. When they pair their sensationalist headlines with a photo that, at quick glance, proves its legitimacy, people may be more likely to share and spread the story. Fake news is damaging to society because of the extreme negative emotions they can generate in huge crowds. The resulting hysteria or outrage can lead to violence in some cases.
Finally, some criminals may use deepfake to trick face ID and gain entry to sensitive online accounts. To prevent someone from deepfaking their way into your accounts, protect your accounts with multifactor authentication. That means that more than one method of identification is necessary to open the account. These methods can be one-time codes sent to your cellphone, passwords, answers to security questions, or fingerprint ID in addition to face ID.
Before you start an online relationship or share an apparent news story on social media, scrutinize images using these three tips to pick out malicious AI-generated art and deepfake.
Fake images usually don’t appear by themselves. There’s often text or a larger article around them. Inspect the text for typos, poor grammar, and overall poor composition. Phishers are notorious for their poor writing skills. AI-generated text is more difficult to detect because its grammar and spelling are often correct; however, the sentences may seem choppy.
Does the image seem too bizarre to be real? Too good to be true? Extend this generation’s rule of thumb of “Don’t believe everything you read on the internet” to include “Don’t believe everything you see on the internet.” If a fake news story is claiming to be real, search for the headline elsewhere. If it’s truly noteworthy, at least one other site will report on the event.
AI technology often generates a finger or two too many on hands, and a deepfake creates eyes that may have a soulless or dead look to them. Also, there may be shadows in places where they wouldn’t be natural, and the skin tone may look uneven. In deepfaked videos, the voice and facial expressions may not exactly line up, making the subject look robotic and stiff.
Fake images are tough to spot, and they’ll likely get more realistic the more the technology improves. Awareness of emerging AI threats better prepares you to take control of your online life. There are quizzes online that compare deepfake and AI art with genuine people and artworks created by humans. When you have a spare ten minutes, consider taking a quiz and recognizing your mistakes to identify malicious fake art in the future.
To give you more confidence in the security of your online life, partner with McAfee. McAfee+ Ultimate is the all-in-one privacy, identity, and device security service. Protect up to six members of your family with the family plan, and receive up to $2 million in identity theft coverage. Partner with McAfee to stop any threats that sneak under your watchful eye.
The post How to Spot Fake Art and Deepfakes appeared first on McAfee Blog.
All your online activity creates a trail of data. And that data tells a story. The story of you.
The websites, apps, and services you use throughout the day all collect data. They may collect data about your behaviors, interests, and purchases—along with what you’re doing, for how long, and where, largely without your knowledge. They may also collect personal information, information you provide, such as health records, your Social Security Number, banking info, your driver’s license number, and more. This can include further health data, such as the kind that gets tracked from a smartwatch or wearable device.
“So what?”
I’ve heard plenty of people say exactly that about data collection. And plenty of others simply resign themselves to the reality of data collection. “What’s out there is already out there.” They feel like there’s not much they can do about it. If anything at all. And does it really matter?
It absolutely matters.
That is, it matters if you hate spam calls and texts. If you’re worried about identity theft. If you’re worried that practically anyone can purchase a detailed picture of your personal information from an online data broker and use it as they like.
Indeed, your data tells the story of you. And plenty of others are interested in your story. Businesses and advertisers for one, so they can market to the most targeted of your needs and interests. Yet also hackers, scammers, spammers, and thieves—and in extreme cases, stalkers as well.
While it’s true that you cannot control how each byte of data about you and your family is shared and processed, you’re not helpless! In many cases, you can control how you share your data by taking a few steps. Your data is precious, and you deserve to be selective about who you share it with.
That’s the reason you’ve seen McAfee roll out so many protections for your privacy and identity, with several more to come. While there are so many tools for data collection today, so are the tools for you to take control.
Looking at our own McAfee+ online protection plans, they offer you identity theft and fraud protections such as Personal Data Cleanup, identity monitoring, along with credit monitoring, a VPN that can help keep your online activity more private, $1M in identity theft coverage and support from an identity restoration specialist … the list goes on. These are tools everyone can benefit from in the face of the current threats out there.
The evolution of McAfee+ reflects the nature of online threats today. Increasingly, the target is you—your privacy, your identity, and all the things that they unlock.
Another simple yet powerful step is to protect your devices with comprehensive online protection software. This will help defend you against the latest virus, malware, spyware, and ransomware attacks plus further shield your privacy, and minimize web tracking (think advertisers) with a VPN. In addition to this, it will also create and store strong, unique passwords, and offer web protection that can help steer you clear of sketchy websites that may try to steal your data.
Start with the devices and apps you use most. Different devices and apps will have their own privacy settings, so give them a look and see what your options are. You may be surprised to find how you can limit which information advertisers can use to serve up ads to you. You may find that some apps have GPS tracking turned on, even though they don’t need it to function. All of this adds up to data that companies may collect, share, or resell—depending on their privacy policy. Again, start with the devices and apps you use most then expand from there. It’s also a good opportunity to delete apps you don’t use anymore—along with the data associated with them.
One major privacy leak comes at the hands of online data brokers, companies that collect and resell volumes of exacting personal information about millions of people. In fact, they make up a multi-billion-dollar industry that spans worldwide. Additionally, there are so-called “White Pages” and “people finder” sites that post information like names, addresses, and other public records that anyone can access. With all this information collected in a central location that’s easily searched and accessed, these sites can be an ideal resource for hackers, spammers, and thieves. McAfee’s Personal Data Cleanup can help you take control. It scans high-risk data broker sites and lets you know which ones are selling your data, and depending on your McAfee+ plan, it can remove it for you too.
Yet you can take even more control of your privacy. As part of our McAfee Safety Series, we have an entire guide dedicated to the topic of online privacy, the McAfee Digital Privacy Guide. It shows you ways that you can take control of your digital privacy, insight into what information you may be creating, and how you may be passing it along—whether you know it or not.
In all, your privacy is your own. We believe that what you share and don’t share, who you share it with and who you don’t, and for what reason … should be your decision.
It’s your story. Take control. And we’re here to help.
The post How to Protect Your Personal Data appeared first on McAfee Blog.
Holding the door for someone might open the way to a cyberattack. For anyone who works in a secure building or workplace, they might want to rethink that courtesy. The hackers and thieves behind piggybacking and tailgating attacks count on it.
Piggyback and tailgating attacks occur when an unauthorized person gains access to a restricted workplace, one that requires some form of ID to enter. While quite similar, these attacks have an important difference:
In both cases, these unauthorized entries can put businesses and organizations at risk. They give potential bad actors all kinds of access to sensitive information and devices.
Trade secrets get stolen this way, as does customer information. In yet more malicious cases, bad actors might gain entry with the intent of sabotaging technology or hijacking a network. And of course, bad actors might do harm to people or property.
Businesses and organizations that find themselves at risk include those that:
Different businesses and organizations have different forms of security in place. You might be among the many who use a smart badge or some form of biometric security to enter a building or certain areas within a building.
However, determined bad actors will look for ways around these measures. With piggyback and tailgating attacks, it’s far easier for them to follow someone into a workplace than it is to break into a workplace.
Bad actors will simply walk in when someone holds the door for them. It’s as simple as that. Additionally, they’ll try several different tricks by:
In all, piggybacking and tailgating attacks rely on social engineering—playing off people’s innate courtesy, willingness to help, or even discomfort with conflict. Essentially, the attacker manipulates human nature.
A good portion of prevention falls on the owner of the building, whether that’s a business, organization, or a landlord. It falls on them to install security hardpoints like badge scanners, keypad locks, biometric scanners, and so on to keep the property secure. Moreover, employers owe it to themselves and their employees to train them on security measures.
Yet you can take further steps to prevent a piggybacking or tailgating attack on your workplace. Some steps include:
Also consider the security of your devices or any other sensitive information you work with. If a bad actor slips into your workplace, you can take other steps to prevent theft or damage.
Some aspects of piggybacking and tailgating prevention seem like they go against our better nature. We want to be kind, helpful, and sometimes we’d simply rather avoid confrontation. Again, piggybackers and tailgaters count on that. Yet a door is only as secure as the person who uses it—or who opens it for someone else.
The post How to Protect Yourself From Tailgating Attacks appeared first on McAfee Blog.
Something looks a little … sketchy. Is that website safe or unsafe?
Nowadays, it can take a bit work to tell.
And that’s by design. Increasingly, hackers and scammers go to great pains when they create their malicious websites. They take extra steps to make their sites look legit, when in fact they’re anything but. Certainly, plenty of other hackers and scammers slap together malicious sites that still look a bit roughshod, which makes them easier to spot.
So whether it’s a clever knockoff or a slapdash effort, unsafe websites of all kinds have several telltale signs you can spot. We’ll show you, and let’s start things off with what makes an unsafe website unsafe in the first place.
Unsafe websites typically harbor one of two primary forms of attack—yet sometimes both:
Malware: Hackers will use their sites to install malware on your device, often by tricking you into clicking or tapping on a download. They might tempt you with an offer, a prize, a show to stream—just about anything you might want to otherwise download. (Recently, we saw hackers installing malware on sites that offered to stream dubbed versions of the “Barbie” movie.)
Phishing: Another classic attack. Phishing involves scammers who try to hoodwink you into providing account or financial information. Common ruses include links in emails, texts, and DMs that appear to be urgent messages from streaming services, banks, social media, and other accounts. Of course, those messages are phony.
As a result, unsafe websites can lead to some not-so-good things.
On the malware side, attackers can install spyware and similar apps that siphon financial and personal information from your device while you’re using it. Other malware might steal files outright or maliciously delete them altogether. Ransomware remains a major concern today as well, where attackers hold devices and data hostage. And even if victims end up paying the ransom, they have no guarantee that the attacker will free their device or data.
Phishing attacks often lead to financial headaches, sometimes large ones at that. It depends on the information scammers get their hands on. In some cases, the damage might lead to identity fraud and a few illicit charges on a debit or credit card. If scammers gather enough information, they can take that a step further and commit identity theft. That can include opening new credit or loans in your name. It could also give a scammer the info they need to get driver’s licenses or employment in your name.
Above and beyond committing fraud or theft on their own, scammers might also sell stolen information to others on the dark web.
Again, all not-so-good. Yet quite preventable.
For some sites, it only takes one sign. For other sites, it takes a few signs—a series of red flags that warn you a site is unsafe. When you’re online, keep a sharp eye out for the following:
The “s” stands for “secure.” Specifically, it means that the website uses SSL (Secure Sockets Layer) that creates an encrypted link between a web server and a web browser. SSL helps prevent others from intercepting and reading your sensitive information as it’s transmitted, which is particularly important when you shop or bank online. Likewise, you can also look for a little lock symbol in the address bar of your web browser. That’s one more way you can spot a site that uses SSL.
From spelling errors and grammatical mistakes, to stretched out logos and cheap photography, some unsafe websites are designed poorly. Legitimate businesses pride themselves on error-free and professional-looking sites. If a website looks like it got cobbled together in a hurry or doesn’t seem to be well-designed, that’s usually a red flag. The site might be unsafe, created by attackers who don’t have a strong attention to detail—or the creative capabilities to create a good-looking website in the first place.
Plenty of unsafe sites are imposter sites. They’ll try to pass themselves off as a legitimate company, like the streaming services, banks, and so forth that we mentioned earlier—all to get a hold of your account information. With all these imposter sites in play, look at the site’s address. Scammers will gin up web addresses that are close to but different from legitimate sites, so close that you might miss it. If you’re uncertain about the address, leave the page. Also note that many companies have web pages that provide lists of the official addresses that they use. Amazon provides on example, and we do the same here at McAfee. Reviewing these lists can help you spot an imposter site.
A window or graphic pops up on your screen. The site you’re on says that it’s identified a security issue with your device. Or maybe it says that your system isn’t current. Either way, there’s a file the site wants you to download. “You can correct the issue with a click!” Don’t. It’s a classic trick. Instead of fixing your non-existent problem, the download will create one. Scammers use the security alert trick to install malware on the devices of unsuspecting victims.
A screen full of links insisting you to click ranks among the top signs of an unsafe site. So much so, it’s often the subject of sitcom bits. Needless to say, the attackers behind these sites want you to click for one of several reasons. It might be to get you to download malware. It might be to generate ad revenue with clicks. Or it might be to get you to click a link that redirects you to another malicious site. In all, if you encounter a site like this, close your browser. And then run a system scan with your online protection software.
These unsafe sites sprout up around the holidays and gift-giving seasons. When stores run low on particularly popular or hot items, scammers will quickly launch sites that claim these items are in stock and ready to ship. Similarly, they might promote popular items at a deep discount. Of course, shopping at these sites will likely lead to one thing—a credit card charge and no item on your doorstep. Be wary when you see ads for stores in your social media feed, in search, and elsewhere. Stick with known, trusted retailers. (And for more on shopping safely online, give this article a quick read.)
These sites bear similarities to malicious online shopping sites. When popular movies hit the big screen or major sporting events come around, so do scam sites that promise to stream them for free or at a low cost. Avoid them. Trusted streamers will only carry shows and events that they have the rights to. If you find an offer to stream something that’s heavily discounted, free, or not available on known media outlets, it’s likely a scam. At the very least, it might serve up pirated content, which could carry malware threats along with it.
Not every site that promotes some kind of giveaway or deal is a scam. Yet the ones that ask for personal or financial information likely are. Scammers prey on people’s love for saving money or even winning a buck or two. Enter the prize, coupon, and quiz sites. Malicious prize and coupon sites will often ask for credit or debit card information, often under the guise of a payout or a discount. Malicious quiz sites will likewise ask for all kinds of personal information, typically questions about the name of your pet, the first car you owned, or where you went to school. The questions share much in common with the security questions used by banks and credit card companies. Handing this information over could lead to a breached account. Give these sites a pass.
Comprehensive online protection software like ours includes web protection that can spot malicious sites for you. It has further features that can prevent downloading malware by accident, not to mention strong antivirus protection if a hacker makes their way through to you. In all, it gives you extra confidence that wherever your travels take you online, you’re protected from sketchy and unsafe sites.
However, another part of your best defense against unsafe websites is you. Knowing what the red flags are and the kinds of information hackers want to steal can help you avoid their attacks from the start.
The post How to Tell Whether a Website Is Safe or Unsafe appeared first on McAfee Blog.
Venmo, quick and convenient. A great way to pay back a friend or split the cost of a meal. Yet its ease of use and popularity has made it a hunting ground for scammers.
Venmo scams come in all shapes, and many of them look like variations of email phishing and text scams. The scammers behind them will pose as Venmo customer service reps who ask for your login credential. Other scammers offer bogus cash prizes and pyramid schemes that lure in victims with the promise of quick cash. Some scammers will use the app itself to impersonate friends and family to steal money from you.
All of it is preventable.
Just like any other payment app out there, using Venmo safely calls for a few precautions—and for knowing the tricks that scammers like to pull.
Keep your transactions private. Venmo has a social component that can display a transaction between two people and allow others to comment on it. Payment amounts are always secret. Yet you have control over who sees what by adjusting your privacy settings:
This brings up the question, what if the participants in the transaction have different privacy settings? Venmo uses the most restrictive one. So, if you’re paying someone who has their privacy set to “Public” and you have yours set to “Private,” the transaction will indeed be private.
We suggest going private with your account. The less financial information you share, the better. You can set your transactions to private by heading into the Settings of the Venmo app, tapping on Privacy, and then selecting Private.
In short, just because something is designed to be social doesn’t mean it should become a treasure trove of personal data about your spending habits.
Add extra layers of security. Take extra precautions that make it difficult for others to access your Venmo app.
Pay only people you trust. Per Venmo, the app was originally designed for people who know and trust each other to send each other payments. Since then, it’s expanded to making payments for goods and services under certain circumstances. In Venmo’s words:
“The only way to accept payments for goods and services on Venmo is to be explicitly authorized to accept Venmo for purchases, either by applying for a business profile or tag a payment to a personal profile as a purchase.”
Venmo further clarifies their policy by stating (emphasis theirs):
“Unless directly given the option by Venmo, DO NOT USE VENMO TO TRANSACT WITH PEOPLE YOU DON’T PERSONALLY KNOW, ESPECIALLY IF THE TRANSACTION INVOLVES THE PURCHASE OR SALE OF A GOOD OR SERVICE (for example, concert tickets, electronic equipment, sneakers, a watch, or other merchandise).”
Purchases that don’t follow these policies open you up to risk. That includes the many scammers who peddle phony goods, ask their victims to pay with Venmo, and never deliver a thing. On the flip side, when you make an authorized purchase through Venmo, you gain the benefits of their protection plan. You can learn more about it on their protection plan site.
Venmo has a dedicated web page on the topic of scams, and lists the following as the top Venmo scams out there:
|
|
Venmo breaks down each of these scams in detail on their site. They further share things you can do to avoid them—or steps to take if you unfortunately fall victim to one of these scams.
Broadly speaking, though, you can take several steps to avoid Venmo scams:
Scammers will often pose as customer service reps to pump information out of their victims. They’ll ask for things like bank account information, debit card or credit card numbers, or even passwords and authentication codes sent to your phone. Never share this information. Legitimate reps from legitimate companies won’t request it.
In the U.S., Venmo is regulated by the Treasury Department. As such, Venmo might require your SSN in certain circumstances. Venmo details the cases where they might need your SSN for reporting, here on their website. Note that this is an exception to what we say about sharing SSNs and tax ID numbers. As a payment app, Venmo might have legitimate reasons to request it. However, don’t send this information by email or text (any email or text that asks you to do that is a scam). Instead, always use the mobile app by going to Settings then Identity Verification.
Venmo always sends communications through their official “venmo.com” domain name. If you receive an email that claims to be from Venmo but that doesn’t use “venmo.com,” it’s a scam. Never click or tap on links in emails or texts supposedly sent by Venmo.
Another broad category of scams includes people who aren’t who they say they are. In the case of Venmo, scammers will create imposter accounts that look like they might be a friend or family member but aren’t. If you receive an unexpected and likely urgent-sounding request for payment, contact that person outside the app. See if it’s really them.
Online protection software like ours offers several additional layers of security when it comes to your safety and finances online.
For starters, it includes web browser protection that can block malicious and questionable links that might lead you down the road to malware or a phishing scam—such as a phony Venmo link designed to steal your login credentials. It also includes a password manager that creates and stores strong, unique passwords for each of your accounts.
Moreover, it further protects you by locking down your identity online. Transaction Monitoring and Credit Monitoring help you spot any questionable financial activity quickly. And if identity theft unfortunately happens to you, $1 ID theft coverage & restoration can help you recover quickly.
In all, there’s no question that Venmo makes payments quick and convenient. You can make them far more secure too. The right precautions and tools can see to it.
The post How to Identify and Protect Yourself From Venmo Scams and Other Cash App Scams appeared first on McAfee Blog.
Until recently, people had little control over how companies used their online data. But, with data privacy now a human right, people are pickier about who can access their data and how they use it.
Every time you visit a website by typing its address on the address bar, your browser history holds a record of information like the name of the site, its location, and when you visited it. Unfortunately, third parties can access this data, leaving you vulnerable to identity theft and data misuse. Simply deleting your Internet Explorer browser history is not enough to safeguard your data.
This article explains how to keep your internet activities private and delete your web browser history for good.
Most people don’t know that clearing your browsing history doesn’t actually delete it.
Even after you’ve clicked on the “clear browsing history” option in your selected browser, there’s still a record of every Google search from the beginning of time. This information can be accessed by third parties like your internet service provider, the websites you visit, and advertisers. So, clearing your browsing history is not enough to safeguard your data.
While clearing your browser history has benefits like better application efficiency, you should invest in useful online tools like McAfee’s identity theft protection, which can better protect your data online.
Before diving into how to clear your browser history, let’s talk about why you should give importance to deleting your data for good.
Just like you have to clear out the dust from your vacuum cleaner to continue cleaning, you should clear the data on your browser so it remains speedy and efficient.
Your browsing history records are cluttered with cache files, cookies, search history, and autofill data. All this digital clutter fills up your Random Access Memory (or RAM), slowing your PC, Apple iOS device, or Android device’s functioning.
You might see pop-ups on websites telling you that they use cookies. Without giving it much thought, you might click the “OK” or “Accept cookies” button and continue browsing the site. But do you know how these cookies are used?
Cookies are temporary internet files that store browsing data and preferences to make your future online experiences easier. For example, this helps you personalize your search results to an extent. The cache stores parts of pages, websites, or images you visit, enabling the pages to load faster the next time you open them.
These types of files sound like they help you have a better internet experience, so why should you delete them?
Here are some reasons to clear your browsing history, cache, and cookies:
However, simply clearing the cache and cookies is not enough. This method will clear space on your device and erase some references, but the data is still saved on your device as free space. You should use tools to permanently delete your browsing data from the hard drive because:
So, it’s crucial to properly wipe your data if you’re serious about protecting your privacy online.
Many people switch to incognito mode when making an embarrassing Google search because it seemingly leaves no trace of the search on your device. But, does using incognito mode or a private browsing window protect your data and ensure your privacy & security?
When you use an incognito or private browsing mode, the tracking cookies on the websites you visit are blocked by default, and your cookie data and search history are deleted from the browser as soon as you close the window. Essentially, it auto-deletes your browser history as soon as you close the window.
However, your browser actions are still visible to the websites you have visited and your internet service provider (ISP). In addition, data from your browsing activity is saved to any accounts you’re logged into (like your Google account), even when using incognito mode.
Your internet service provider and other third parties have easy access to your browser activity irrespective of whether you’re in private browsing mode. This means using incognito mode is not enough to protect your online privacy.
If you’re worried about what someone might see on your laptop or you notice your applications slowing down, we’re here to help. We’ll show you how to quickly clear your device’s browser history from some commonly used internet options.
There’s no fixed or recommended time for deleting your browsing history, cache, and cookies. It’s all relative to your system’s storage space and personal preferences. Refer to this step-by-step guide whenever you feel like it’s time to clear junk from your browsers.
To delete your browser history on Google Chrome:
Some of your settings might be deleted when clearing your browser history. For example, you might have to re-sign into your accounts.
If you want to delete cookies and cache for a specific site, you can learn how to change more cookie settings in Chrome.
To delete your browsing, search, and download history on Mozilla Firefox, follow these steps:
Now, you have quickly deleted your browser history on Mozilla Firefox.
To clear your Microsoft Edge browsing data from just the device you are currently using, turn off sync before clearing the data. The selected data will be deleted across all of your synced devices if sync is turned on.
Follow these steps to turn off sync:
To clear browsing data on Microsoft Edge:
This is how to clear your browsing data on Microsoft Edge in a few simple steps.
Here are simple steps to clear browser cache and cookies on Safari 8.0 through 10.0. These steps apply to your Apple laptop running macOS, but an iPad or iPhone might have slightly different steps.
That’s all! You’ve now deleted your browser history on Safari.
To clear cache and browser history in Opera:
There you have it! It’s simple and free to erase your browser history, cache, and cookies, and you should regularly do so.
Now you know how to delete your browser history to keep your device running smoothly and limit how much data advertisers and companies can collect about you.
However, you may be concerned about the identity traces still being captured without your knowledge.
If you’re serious about maintaining complete privacy with your online data, invest in advanced tools to safeguard your online information and prevent identity theft.
McAfee helps keep your digital data private and protected from identity theft. Access various tools to safeguard your online spaces by investing in McAfee+. This service includes antivirus software for unlimited devices, complete data cleanup from your hard drive and browser, and much more. In addition, this product comes with a 30-day money-back guarantee.
The post How to Delete Your Browser History appeared first on McAfee Blog.
FreshRSS 