Login
We’ve said it several times in our blogs — it’s tough knowing what’s real and what’s fake out there. And that’s absolutely the case with AI audio deepfakes online.
Bad actors of all stripes have found out just how easy, inexpensive, and downright uncanny AI audio deepfakes can be. With only a few minutes of original audio, seconds even, they can cook up phony audio that sounds like the genuine article — and wreak all kinds of havoc with it.
A few high-profile cases in point, each politically motivated in an election year where the world will see more than 60 national elections:
Yet deepfakes have targeted more than election candidates. Other public figures have found themselves attacked as well. One example comes from Baltimore County in Maryland, where a high school principal has allegedly fallen victim to a deepfake attack.
It involves an offensive audio clip that resembles the principal’s voice which was posted on social media, news of which spread rapidly online. The school’s union has since stated that the clip was an AI deepfake, and an investigation is ongoing.iii In the wake of the attack, at least one expert in the field of AI deepfakes said that the clip is likely a deepfake, citing “distinct signs of digital splicing; this may be the result of several individual clips being synthesized separately and then combined.”iv
And right there is the issue. It takes expert analysis to clinically detect if an audio clip is an AI deepfake.
Audio deepfakes give off far fewer clues, as compared to the relatively easier-to-spot video deepfakes out there. Currently, video deepfakes typically give off several clues, like poorly rendered hands and fingers, off-kilter lighting and reflections, a deadness to the eyes, and poor lip-syncing. Clearly, audio deepfakes don’t suffer any of those issues. That indeed makes them tough to spot.
The implications of AI audio deepfakes online present themselves rather quickly. In a time where general awareness of AI audio deepfakes lags behind the availability and low cost of deepfake tools, people are more prone to believe an audio clip is real. Until “at home” AI detection tools become available to everyday people, skepticism is called for.
Just as “seeing isn’t always believing” on the internet, we can “hearing isn’t always believing” on the internet as well.
The people behind these attacks have an aim in mind. Whether it’s to spread disinformation, ruin a person’s reputation, or conduct some manner of scam, audio deepfakes look to do harm. In fact, that intent to harm is one of the signs of an audio deepfake, among several others.
Listen to what’s actually being said. In many cases, bad actors create AI audio deepfakes designed to build strife, deepen divisions, or push outrageous lies. It’s an age-old tactic. By playing on people’s emotions, they ensure that people will spread the message in the heat of the moment. Is a political candidate asking you not to vote? Is a well-known public figure “caught” uttering malicious speech? Is Taylor Swift offering you free cookware? While not an outright sign of an AI audio deepfake alone, it’s certainly a sign that you should verify the source before drawing any quick conclusions. And certainly before sharing the clip.
Think of the person speaking. If you’ve heard them speak before, does this sound like them? Specifically, does their pattern of speech ring true or does it pause in places it typically doesn’t … or speak more quickly and slowly than usual? AI audio deepfakes might not always capture these nuances.
Listen to their language. What kind of words are they saying? Are they using vocabulary and turns of phrase they usually don’t? An AI can duplicate a person’s voice, yet it can’t duplicate their style. A bad actor still must write the “script” for the deepfake, and the phrasing they use might not sound like the target.
Keep an ear out for edits. Some deepfakes stitch audio together. AI audio tools tend to work better with shorter clips, rather than feeding them one long script. Once again, this can introduce pauses that sound off in some way and ultimately affect the way the target of the deepfake sounds.
Is the person breathing? Another marker of a possible fake is when the speaker doesn’t appear to breathe. AI tools don’t always account for this natural part of speech. It’s subtle, yet when you know to listen for it, you’ll notice it when a person doesn’t pause for breath.
It’s upon us. Without alarmism, we should all take note that not everything we see, and now hear, on the internet is true. The advent of easy, inexpensive AI tools has made that a simple fact.
The challenge that presents us is this — it’s largely up to us as individuals to sniff out a fake. Yet again, it comes down to our personal sense of internet street smarts. That includes a basic understanding of AI deepfake technology, what it’s capable of, and how fraudsters and bad actors put it to use. Plus, a healthy dose of level-headed skepticism. Both now in this election year and moving forward.
[iii] https://www.baltimoresun.com/2024/01/17/pikesville-principal-alleged-recording/
[iv] https://www.scientificamerican.com/article/ai-audio-deepfakes-are-quickly-outpacing-detection/
The post How to Spot AI Audio Deepfakes at Election Time appeared first on McAfee Blog.
Imagine receiving a call from a loved one, only to discover it’s not them but a convincing replica created by voice cloning technology. This scenario might sound like something out of a sci-fi movie, but it became a chilling reality for a Brooklyn couple featured in a New Yorker article who thought their loved ones were being held for ransom. The perpetrators used voice cloning to extort money from the couple as they feared for the lives of the husband’s parents.
Their experience is a stark reminder of the growing threat of voice cloning attacks and the importance of safeguarding our voices in the digital age. Voice cloning, also known as voice synthesis or voice mimicry, is a technology that allows individuals to replicate someone else’s voice with remarkable accuracy. While initially developed for benign purposes such as voice assistants and entertainment, it has also become a tool for malicious actors seeking to exploit unsuspecting victims.
As AI tools become more accessible and affordable, the prevalence of deepfake attacks, including voice cloning, is increasing. So, how can you safeguard yourself and your loved ones against voice cloning attacks? Here are some practical steps to take:
Voice cloning attacks represent a new frontier in cybercrime. With vigilance and preparedness, it’s possible to mitigate the risks and protect yourself and your loved ones. By staying informed, establishing safeguards, and remaining skeptical of unexpected communications, you can thwart would-be attackers and keep your voice secure in an increasingly digitized world.
The post How to Protect Yourself Against AI Voice Cloning Attacks appeared first on McAfee Blog.
‘Ensure your privacy settings are set to the highest level’ – if you’ve been reading my posts for a bit then you’ll know this is one of my top online safety tips. I’m a fan of ensuring that what you (and your kids) share online is limited to only the eyes that you trust. But let’s talk honestly. When was the last time you checked that your privacy settings were nice and tight? And what about your kids? While we all like to think they take our advice, do you think they have? Or it is all a bit complicated?
Research from McAfee confirms that the majority of us are keen to share our content online but with a tighter circle. In fact, 58% of social media users are keen to share content with only their family, friends, and followers but there’s a problem. Nearly half (46%) do not adjust their privacy settings on their social media platforms which means they’re likely sharing content with the entire internet!
And it’s probably no surprise why this is the case. When was the last time you tried to check your privacy settings? Could you even find them? Well, you are not alone with 55% of survey respondents confessing that they struggled to find the privacy settings on their social media platforms or even understand how they work.
Well, the good news is there is now a much easier way to decide exactly who you want to share with online. Introducing McAfee’s Social Privacy Manager. All you need to do is select your privacy preferences in a few quick clicks and McAfee will then adjust the privacy settings on your chosen social media accounts. Currently, McAfee’s software works with more than 100 platforms including LinkedIn, Google, Instagram, YouTube, and TikTok. It works across Android and iOS devices and on Windows and Mac computers also. The software is part of the McAfee+ suite.
Well, once you’ve got your social media privacy under control – you can relax – but just for a bit. Because there are a few other critical steps you need to take to ensure your online privacy is as protected as possible. Here’s what I recommend:
1. A Clever Password Strategy
In my opinion, passwords are one of the most powerful ways of protecting yourself online. If you have a weak and easily guessed password, you may as well not even bother. In an ideal world, every online account needs its own unique, complex password – think at least 12 characters, a combination of numbers, symbols, and both lower and upper case letters. I love using a crazy sentence. Better still, why not use a password manager that will create a password for you that no human could – and it will remember them for you too! A complete no-brainer!
2. Is Your Software Up To Date?
Software that is out of date is a little like leaving your windows and doors open and wondering why you might have an intruder. It exposes you to vulnerabilities and weaknesses that scammers can easily exploit. I always recommend setting your software to update automatically so take a little time to ensure yours is configured like this.
3. Think Critically Always
I encourage all my family members – both young and old – to always operate with a healthy dose of suspicion when going about their online business. Being mindful that not everything you see online is true is a powerful mindset. Whether it’s a sensational news article, a compelling ‘must have’ shopping deal, or a ‘TikTok’ influencer providing ‘tried and tested’ financial advice – it’s important to take a minute to think before acting. Always fact-check questionable news stories – you can use sites like Snopes. Why not ‘google’ to see if other customers have bad experiences with the shopping site that’s catching your eye? And if that TikTok influencer is really compelling, do some background research. But, if you have any doubts at all – walk away!
4. Wi-Fi – Think Before You Connect
Let’s be honest, Wi-Fi can be a godsend when you are travelling. If you don’t have mobile coverage and you need to check in on the kids then a Wi-Fi call is gold. But using public Wi-Fi can also be a risky business. So, use it sparingly and never ever conduct any financial transactions while connected to it – no exceptions! If you are a regular traveller, you might want to consider using a VPN to help you connect securely. A VPN will ensure that anything you send using Wi-Fi will be protected and unavailable to any potential prying eyes!
Keeping you and your family safe online is no easy feat. It’s time-consuming and let’s be honest sometimes quite overwhelming. If you have 3 kids and a partner and decided to manually update (or supervise them updating) their privacy settings then I reckon you’d be looking at least half a day’s work – plus all the associated negotiation! So, not only will McAfee’s Social Privacy Manager. ensure you and your loved ones have their social media privacy settings set nice and tight, it will also save you hours of work. And that my friends, is a good thing!
The post How Do You Manage Your Social Media Privacy? appeared first on McAfee Blog.
Some conversations on social media can get … heated. Some can cross the line into harassment. Or worse.
Harassment on social media has seen an unfortunate rise in recent years. Despite platforms putting in reporting mechanisms, policies, and even using AI to detect and remove harmful speech, people are seeing more and more harassment on social media.
Yet even as it becomes more prevalent, nothing about it is usually. Or acceptable. No, you can’t prevent social media harassment. Yet you can protect yourself in the face of these attacks.
In 2023, research showed that 52% of American adults said they experienced harassment at some point online. That’s up from 40% in 2022. Also in 2023, 33% said they experienced it in the last year, a jump of 10% from 2022.i
The same trend follows for teens, where 51% of them said they experienced harassment in the past year, compared to 36% in the year prior.ii
Earlier research conducted in the U.S. tracked a significant rise in harassment online between 2014 and 2020. This included the doubling or the near doubling of the most severe forms of online harassment.iii
Our own research in 2022 also noted a rise of another kind — worry about online harassment. Globally, 60% of children said they were more worried that year about social media harassment (cyberbullying) compared to the year prior. Their parents showed yet more concern, with 74% of them more worried that year about their child being harassed than the last.iv
Stats are one thing, yet behind each figure stands a victim. Harassment takes a hard toll on its victims — emotional, financial, and sometimes physical. That becomes clear the moment you look at the forms it can take.
Social media harassment includes:
It includes other acts, such as:
In practice, the results can get ugly. Scanning press releases from various state attorneys general, you’ll find unflinching accounts of harassment. Like a targeted, three-year cyberstalking campaign against a victim and that person’s parents, coworkers, siblings, and court-mandated professionals.v Another, where the harasser attempted to defame his victim through a fake LinkedIn profile — and further doxed his victim by publicly posting source code the victim had written worth millions of dollars.vi
All of this serves as a reminder. Harassment can quickly turn into a crime.
The unfortunate fact remains that you can’t prevent social media harassment. Some people simply find themselves driven to do it. You can take several steps to shield yourself from attackers and deny them the info they need to fuel their attacks.
Secure your accounts.
Account security should be a high priority for you, your loved ones, and anyone else. That’s especially true during periods of harassment. Every account you have should be secured with a complex password — at least 12 to 14 characters long, with numbers, capital letters, lowercase letters, and symbols. And with two-factor authentication.
Two-factor authentication is especially important when it comes to account security. The reason is simple: a lot of harassers are tech-savvy, and enjoy taking over a victim’s account to make offensive comments in their name and damage their reputation.
Two-factor authentication prevents account takeovers like this. It requires a user to know the password and username for an account, along with another way they can prove they are who they say they are. Often that involves a code sent to their smartphone that they can use to verify their identity. At McAfee, we recommend you use two-factor authentication on any account that offers it.
Control who can follow you.
Social media platforms offer plenty of ways you can lock down your privacy, even as you remain “social” on them to some degree. Our Social Privacy Manager can help you be as private as you like. It helps you adjust more than 100 privacy settings across your social media accounts in only a few clicks, so your personal info is only visible to the people you want to share it with. By making yourself more private, you deny a potential harasser an important source of info about you, in addition to your friends, family, and life overall.
Limit what you share online.
Limit how much info you share about yourself on social media websites. Addresses, phone numbers, and locations shouldn’t be shared in posts and shouldn’t be included in biographies. Attackers can use this type of info to make false threats and, in some cases, falsify crimes to elicit a police response — this is a technique called “SWATTING” and it’s quite serious.vii
In some instances, harassers gather info about their victims on data brokers or “people finder” sites. Some of this info can get pretty detailed, and these sites will sell it to anyone. You can clean up that info, however. Our Personal Data Cleanup scans data broker sites and shows you which ones are selling your personal info. It also provides guidance on how you can remove your data from those sites — or remove it for you, depending on your plan.
Report the harassment to the social media platform.
If you find yourself targeted, don’t respond. That’s what the harasser wants. Use your social media platform’s tools to block and then report the harasser. Many platforms have web pages dedicated to harassment that walk you through the process.
Report harassment to the authorities.
First off, if you feel that you are in immediate danger, contact your local authorities for help.
In many cases, harassment is illegal. Slander, threats, damage to your professional reputation, doxing, and many of the examples mentioned earlier can amount to a crime. There are options for victims, legally speaking. If you feel a harassment campaign has crossed the line, then it’s time to contact the authorities. Bring proof of harassment. Take screenshots of everything and submit them as part of your complaint.
Talk with trusted family members and friends.
We’ve seen just how damaging and painful harassment can be. Let trusted people in your life know what’s happening. Lean on them for support. And have them help you find any resources you might need in the wake of harassment, such as counseling or even legal assistance. You might find this tough to do, yet realize that you’re not at fault here. Any ugliness you’re dealing with comes from the hands of a harasser. Not yours. Close family and friends will recognize this.
[i] https://www.adl.org/resources/report/online-hate-and-harassment-american-experience-2023
[ii] https://www.adl.org/resources/report/online-hate-and-harassment-american-experience-2023
[iii] https://www.pewresearch.org/internet/2021/01/13/the-state-of-online-harassment/
[vii] https://www.theguardian.com/technology/2016/apr/15/swatting-law-teens-anonymous-prank-call-police
The post How to Protect Yourself From Social Media Harassment appeared first on McAfee Blog.
In a world where digital communication dominates, the art of scamming has evolved into a sophisticated game of deception. A recent story in The Cut featured a seasoned personal finance journalist falling prey to an Amazon scam call and being duped out of a staggering $50,000. The story serves as a stark reminder that anyone, regardless of their expertise or background, can become a victim of vishing. Short for “voice phishing,” vishing is a form of cybercrime where scammers use phone calls to deceive individuals into revealing personal or financial information.
Contrary to common belief, it’s not just the elderly or technologically naive who fall victim to such schemes. One national survey found that only 15% of Gen Z and 20% of millennials express concern about falling victim to financial fraud. However, the Federal Trade Commission paints a different picture, indicating that younger adults are over four times more likely to report losing money to fraud than older adults. This dissonance highlights the need for heightened awareness and education across all age groups.
Vishing is a form of fraud that exploits the trust we place in phone calls. It operates through various strategies, all aimed at tricking victims. For example, wardialing involves automated systems dialing phone numbers to find vulnerable targets. VoIP, or Voice over Internet Protocol, allows scammers to make calls over the internet, often making it harder to trace them.
Caller ID spoofing is another tactic where scammers manipulate the caller ID to display a trusted or familiar number, tricking recipients into answering. These techniques create a false sense of legitimacy, making it difficult for individuals to distinguish between real and fraudulent calls.
Vishing exploits trust and naivety to obtain sensitive information or conduct unauthorized transactions. Humans have always been vulnerable to scams, but the abundance of personal data available on the dark web, obtained from various data breaches and leaks, has significantly heightened the threat. For example, LinkedIn experienced a data breach in 2021 that exposed data from 700 million users on a dark web forum.
A data breach like that presents scammers with a treasure trove of details about potential victims, enabling them to personalize their attacks with alarming precision. By incorporating specific details gleaned from these data sources, scammers can craft convincing narratives and establish a false sense of trust and credibility with their targets. Consequently, even individuals who exercise caution in safeguarding their personal information may find themselves vulnerable to vishing scams.
As a result, individuals must remain vigilant and adopt comprehensive security practices. Familiarizing oneself with the telltale signs of a scam call is the first line of defense. Be wary of:
If an unsolicited call seems suspicious, hang up the phone. Verify the caller’s legitimacy through independent channels, such as contacting the organization directly using a trusted phone number. In addition to recognizing signs of scam calls, implementing call-blocking technologies or screening unknown numbers can reduce exposure to potential scams. McAfee Mobile Security’s call blocker feature can be employed to diminish the volume of incoming calls.
The alarming reality is that vishing knows no bounds and can affect any age or demographic. The unfortunate ordeal of the seasoned journalist losing $50,000 serves as a sobering reminder of the perils lurking behind seemingly innocuous phone calls. Vishing demands vigilance and awareness. Security software and apps can significantly increase the overall security of your phone by detecting and preventing various threats, such as malware, phishing attempts, and unauthorized access to sensitive information.
By adopting proactive measures, we can fortify our defenses against vishing scams and safeguard our financial well-being. Stay informed, stay vigilant, and stay protected.
The post A Finance Journalist Fell Victim to a $50K Vishing Scam – Are You Also at Risk? appeared first on McAfee Blog.
In today’s digital landscape, distinguishing between legitimate communications and phishing attempts can feel like navigating a labyrinth blindfolded. Phishing is a deceptive tactic where cybercriminals use fraudulent emails, texts, or messages to trick individuals into revealing sensitive information or clicking on malicious links. And let’s not forget its crafty sibling, “smishing” – the text message iteration of this digital charade.
Now that most brands and even government agencies communicate with consumers via text or email, it’s hard to know whether a message is legit or not. Consider the United States Postal Service, which should be solely focused on dependable package delivery, yet is frequently tasked with warning individuals against clicking on links from unsolicited messages impersonating the postal service.
Many people are concerned that they’ll unwittingly open an official-looking email or text only to become victims of a scam. Fortunately, there are steps you can take to educate yourself and establish safeguards against phishing and smishing attempts.
Here are five steps for staying cyber savvy and protecting yourself from phishing scams:
In a world where even simple emails and text messages can harbor malevolent intent, it’s crucial to fortify yourself with knowledge and vigilance. Using multifactor authentication and learning how to spot scam messages will help you avoid scams. If you want additional protection, our AI-powered Scam Protection scans text messages and alerts users or filters out the text if it detects a scam link. The software also blocks links from scam emails, texts, and social media messages in the event you accidentally click one. It’s not always easy to spot phishing scams, but we can help by providing that first — and second line of defense.
The post Stay Cyber Savvy: Your 5-Step Guide to Outsmarting Phishing Scams appeared first on McAfee Blog.
While last-minute tax filers stare down the clock, scammers look for easy pickings. Tax scams are in full swing as April 15th approaches, and we have a rundown of the top ones making the rounds this year.
For starters, the stakes this year remain the same as ever. Scammers are taking advantage of the stress and uncertainty that comes with tax season as they target people’s personal info, money, or both. Their avenues of attack remain the same as well, via email, texts, direct messages, and the phone.
Yet there’s a new wrinkle this year. Scammers have tapped into AI tools that make their scams look and feel far more sophisticated than ever.
We saw the first stirrings of AI-driven scams last year as AI tools first entered the marketplace. This year, AI-driven scams feature more and more in the landscape of threats. Scammers use them to generate images, write copy, and build websites in a fraction of the time that it once took. While they still make some of the design and writing mistakes they’ve made in the past, they make far fewer of them.
We have a couple of tax scams to share from the many we’ve uncovered. The first one involves a popular brand of tax software here in the U.S.
Example of a scammer email
At first blush, this bogus email looks pretty legit. At first. The layout, photograph, and link all look like standard fare for an email. Though looking more closely, you can spot several AI fingerprints all over it.
For one, big brands like TurboTax have writers, editors, and reviewers who comb over copy before it gets approved for release. Here, the headline breaks a pretty standard formatting rule. In “headline case” writing, the “with” should be lowercase. Sure, mistakes get made, and this might be one example. Yet the problems go deeper than that.
Read the fine print. You’ll see that the grammar is off. The paragraph overall has a broken feel to it. You’ll also see that the copy mentions “market leader” twice — and awkwardly so. And what company mentions its competitors in an email like this? They’re not out to boost competitors.
Lastly, the email spells out the company’s name wrong in the fine print. It’s “TurboTax,” not “Turbo Tax with License Code.” All of this points to an obvious fake. But only by looking closely at it. It’s as if the scammers prompted an AI chatbot with “Describe what TurboTax is” and got this as a response.
Granted, that represents an example of rather sloppy work. The next example looks more convincing. This time, the scammers impersonate the IRS:
Example of a scammer website
We discovered this fake IRS site when our McAfee Labs team investigated a link sent in an email. The bait is the promise of getting a tax ID number for a business or organization. The hook is this bogus site designed to harvest personal and business info.
If you’ve visited the IRS site recently, you’ll recognize the look and feel of an IRS webpage quickly. It seems familiar enough, yet once again a closer look reveals a few things.
First, a small grammatical error rears its head in the copy. The term “setup” is a noun, yet the copy uses it as a verb. It should read “set up” instead. Granted, this is a common error. Many sites make it, yet it’s a red flag nonetheless. Next, the contact method in the top right raises yet another. Contact “an EIN expert” via email during set hours? Set hours are for phone calls, not email.
We omitted the final telltale sign — the URL. It was clearly a fake and not the official irs.gov address.
In all, it shows just how cagey tax scammers can be today. Particularly with AI. It puts a fresh look on some old tactics, making scams tougher to spot.
Sketchy email attachments — the five most popular types.
This classic is back. Scammers spread all manner of malware with email attachments. One example: spyware that steals info as you type usernames and passwords as you log into your accounts. Another: ransomware that holds the data on your device hostage until you pay. Maybe. The list goes on, yet scammers always try to package it up in a way that looks legit.
One way they pull that off is with a phony tax document bundled up in a .pdf document. In fact, the .pdf format marks the number one file type that hackers and scammers use in their attacks. By our count, it tops the number two file type by a ratio of roughly 6 to 1.
Here are the top five file types used by scammers and hackers:
What makes the .pdf format so popular? People trust it. It gets commonly used in business, and many legitimate tax forms come in that format. However, it also offers a versatile platform for exploits. Hackers and scammers can embed malicious links and content within them. So clicking what’s inside that .pdf doc can lead to trouble, say in the form of a malicious website designed to steal personal info.
Starting in the second half of last year, we noted a spike in malicious attachments that used the .pdf format. Another reason that makes .pdf files so popular, email filters tend to focus on other file types like the executable .exe format. So, a .pdf has a better shot at slipping through.
Our advice:
As always, strong antivirus software can detect and protect you from malicious email attachments. Our Next-gen Threat Protection found in all our McAfee+ plans once again proves itself as a top option for antivirus. Results from the independent lab AV-TEST in December 2023 saw it block 100% of entirely new malware attacks in real-world testing. It likewise scored 100% against malware discovered in the previous four weeks. In all, it received the highest marks for protection, performance, and usability — earning it the AV-TEST Top Product certification.
Tax time phishing scams.
Phishing scams crop up in plenty of places and take plenty of forms. As in years past, we see scammers cranking up their bogus texts, direct messages, and emails. They all follow the tax season theme, yet they take different approaches to roping in victims. Some include:
Additionally, many phishing attacks point people to malicious websites — once again that steal personal info. We’ve seen a spike in malicious tax-related URLs starting in the second half of last year as well.
Our advice:
You can absolutely protect yourself from phishing scams. Now with the help of AI. McAfee Scam Protection detects suspicious URLs with AI before they’re opened or clicked on. This takes the guesswork out of those sometimes convincing-looking messages by letting you know if they’re fakes. If you accidentally click or tap on a suspicious link in a text, email, social media, or browser search, it blocks the scam site from loading. You’ll find McAfee Scam Protection across our McAfee+ plans.
Fake charity scams also crop up this time of year.
Whether it’s for natural disaster aid, aiding refugees in war-torn regions, or even protecting animals and pets, scammers set up phony charities with the aim of pulling heartstrings. And then stealing money as a result.
Scammers reach out with the usual methods, by email, text, direct message, and sometimes phone calls as well. They all share one thing in common. They all give potential victims a chance to support a cause that they care for and get a tax credit in return. Yet with these scams, the charity doesn’t exist. Instead, money and personal info end up in the hands of scammers.
Our advice:
Yet you have several ways you can spot a fake charity. For one, the message often has a pressing, almost alarming, tone. One that urges you to “act now.” Before acting, take a moment. Research the charity. See how long they’ve been in operation, how they put their funds to work, and who truly benefits from them.
Likewise, note that some charities pass along more money to their beneficiaries than others. Generally, most reputable organizations only keep 25% or less of their funds for operations, while some less-than-reputable organizations keep up to 95% of funds, leaving only 5% for advancing the cause they advocate. In the U.S., the Federal Trade Commission (FTC) has a site full of resources so that you can make your donation truly count. Resources like Charity Watch and Charity Navigator, along with the BBB’s Wise Giving Alliance can also help you identify the best charities.
Keep an ear out for scam calls.
Scammers like to pick up the phone too. A popular form of attack involves “the call from the IRS.” Typically, a recorded message notifies the recipient that they owe money. And because scammers know just how jarring a call from the IRS can be, they apply heavy pressure in the message.
In the past, we’ve heard messages that threatened fines, jail time, and revoking driver’s licenses. They’ve mentioned the police and other law enforcement agents in them as well, just to turn up the heat.
Now with AI, scammers can create robocalls that sound highly realistic in only moments of time. It’s as simple as writing a few lines of a script, feeding it into an AI tool, and then generating an audio file. No need for another person to record the message. AI takes care of it all.
Our advice:
The best way you can avoid falling for this scam is by knowing what the IRS will and will not do when they contact you. From the irs.gov website, the IRS will not:
Lastly, also know that the IRS is here to help. The agency offers a full help page with online resources, along with several ways you can contact the IRS for help. If you have any questions about a notification that you received, contact them.
While scammers have a wealth of tools available to them, you have one tool that protects you from all kinds of threats. Comprehensive online protection software like McAfee+ offers yet more ways to steer clear of tax scams.
In addition to the antivirus and scam protection features we mentioned, it can make you more private on social media, which can prevent scammers from profiling you. It can also remove your personal info from the data broker sites scammers use to contact their victims. (Granted, scammers have to get your contact info from somewhere, and these sites offer that info, plus much more.) Also, a VPN can help you connect and file your taxes even more securely, so what you do stays private.
And if the unfortunate happens, our identity theft coverage can help you recover. It provides $2 million in identity theft coverage and a licensed recovery expert who can help restore your identity.
Yes, we’re seeing plenty of old scams with new twists this year. Yet the same ways you can protect yourself from them only get better and better.
The post The Top Tax Scams of 2024 appeared first on McAfee Blog.
It’s that time of year again – tax season! Whether you’ve already filed in the hopes of an early refund or have yet to start the process, one thing is for sure: cybercriminals will certainly use tax season as a means to get victims to give up their personal and financial information. This time of year is advantageous for malicious actors since the IRS and tax preparers are some of the few people who actually need your personal data. As a result, consumers are targeted with various scams impersonating trusted sources like the IRS or DIY tax software companies. Fortunately, every year the IRS outlines the most prevalent tax scams, such as voice phishing, email phishing, and fake tax software scams. Let’s explore the details of these threats.
So, how do cybercriminals use voice phishing to impersonate the IRS? Voice phishing, a form of criminal phone fraud, uses social engineering tactics to gain access to victims’ personal and financial information. For tax scams, criminals will make unsolicited calls posing as the IRS and leave voicemails requesting an immediate callback. The crooks will then demand that the victim pay a phony tax bill in the form of a wire transfer, prepaid debit card or gift card. In one case outlined by Forbes, victims received emails in their inbox that allegedly contained voicemails from the IRS. The emails didn’t actually contain any voicemails but instead directed victims to a suspicious SharePoint URL. Last year, a number of SharePoint phishing scams occurred as an attempt to steal Office 365 credentials, so it’s not surprising that cybercriminals are using this technique to access taxpayers’ personal data now as well.
In addition to voice phishing schemes, malicious actors are also using email to try and get consumers to give up their personal and financial information. This year alone, almost 400 IRS phishing URLs have been reported. In a typical email phishing scheme, scammers try to obtain personal tax information like usernames and passwords by using spoofed email addresses and stolen logos. In many cases, the emails contain suspicious hyperlinks that redirect users to a fake site or PDF attachments that may download malware or viruses. If a victim clicks on these malicious links or attachments, they can seriously endanger their tax data by giving identity thieves the opportunity to steal their refund. What’s more, cybercriminals are also using subject lines like “IRS Important Notice” and “IRS Taxpayer Notice” and demanding payment or threatening to seize the victim’s tax refund.
Cybercriminals are even going so far as to impersonate trusted brands like TurboTax for their scams. In this case, DIY tax preparers who search for TurboTax software on Google are shown ads for pirated versions of TurboTax. The victims will pay a fee for the software via PayPal, only to have their computer infected with malware after downloading the software. You may be wondering, how do victims happen upon this malicious software through a simple Google search? Unfortunately, scammers have been paying to have their spoofed sites show up in search results, increasing the chances that an innocent taxpayer will fall victim to their scheme.
Money is a prime motivator for many consumers, and malicious actors are fully prepared to exploit this. Many people are concerned about how much they might owe or are predicting how much they’ll get back on their tax refund, and scammers play to both of these emotions. So, as hundreds of taxpayers are waiting for a potential tax return, it’s important that they navigate tax season wisely. Check out the following tips to avoid being spoofed by cybercriminals and identity thieves:
File before cybercriminals do it for you. The easiest defense you can take against tax season schemes is to get your hands on your W-2 and file as soon as possible. The more prompt you are to file, the less likely your data will be raked in by a cybercriminal.
Keep an eye on your credit and your identity. Keeping tabs on your credit report and knowing if your personal information has been compromised in some way can help prevent tax fraud. Together, they can let you know if someone has stolen your identity or if you have personal info on the dark web that could lead to identity theft.
Watch out for spoofed websites. Scammers have extremely sophisticated tools that help disguise phony web addresses for DIY tax software, such as stolen company logos and site designs. To avoid falling for this, go directly to the source. Type the address of a website directly into the address bar of your browser instead of following a link from an email or internet search. If you receive any suspicious links in your email, investigating the domain is usually a good way to tell if the source is legitimate or not.
Protect yourself from scam messages. Scammers also send links to scam sites via texts, social media messages, and email. McAfee Scam Protection can help you spot if the message you got is a fake. It uses AI technology that automatically detects links to scam URLs. If you accidentally click, don’t worry, it can block risky sites if you do.
Clean up your personal info online. Crooks and scammers have to find you before they can contact you. After all, they need to get your phone number or email from somewhere. Sometimes, that’s from “people finder” and online data brokers that gather and sell personal info to any buyer. Including crooks. McAfee Personal Data Cleanup can remove your personal info from the data broker sites scammers use to contact their victims.
Consider an identity theft protection solution. If for some reason your personal data does become compromised, be sure to use an identity theft solution such as McAfee Identity Theft Protection, which allows users to take a proactive approach to protect their identities with personal and financial monitoring and recovery tools to help keep their identities personal and secured.
The post How to Steer Clear of Tax Season Scams appeared first on McAfee Blog.
Scammers are turning a buck on the eclipse. A rash of eclipse scams have appeared online, many involving the sale of unsafe viewers and solar eclipse glasses.
With the eclipse making its way from Texas, through the Midwest, and up through the Northeast on April 8th, people increasingly want to get their hands on equipment to view it. And as it always is when it comes to big events and scarcity, scammers rush in.
A map of the eclipse path – GreatAmericanEclipse.com
As such, the Better Business Bureau (BBB) issued a consumer warning about the sale of cheap, knockoff solar eclipse glasses.i Worse yet, viewing the eclipse with these bogus glasses can harm your eyes. So as if getting ripped off wasn’t bad enough, this scam can damage a person’s vision.
Here, we’ll put you on the path to buying a safe set of viewing glasses — and offer several ways you can avoid buying knockoffs from a scammer.
The American Astronomical Society has a list you’ll find helpful. With a visit to their page dedicated to suppliers of solar filters and viewers, you’ll have your pick of places where you can purchase. The list is long, featuring a mix of online and retail outlets where you can get safe, approved gear for viewing.
Also, check out the society’s page on safe viewing for the eclipse. It covers what you need to know to view the eclipse safely, from how to use a viewer, the ISO 12312-2 standard that all viewers must adhere to, and how to properly clean viewers so they remain safe.
How do so many scams ramp up so quickly for such a highly specific event? It doesn’t take much to spin up e-commerce sites and pump out ads nowadays. Thanks to a host of low-cost and easy-to-use tools for publishing and advertising online, scammers of all sizes can create bogus shopping experiences much more quickly than ever.
And as we’ve discussed so often in our blogs as of late, scams look and feel increasingly sophisticated today. AI gives scammers ready access to design tools, audio and video creation tools, copywriting bots, and more. Then add in the ease with which scammers can post their ads in search and on social media, and they have quick and ready ways of reaching potential victims.
Even so, a few extra steps and a bit of caution can help you avoid these scams.
1. Stick with known, legitimate retailers online.
This is a great piece of advice to start with. Directly typing in the correct address for online stores and retailers is a prime way to avoid scammers online. In the case of retailers that you don’t know much about, the BBB asks shoppers to do their research. Ensure that the retailer has a good reputation. The BBB makes that easier with a listing of retailers you can search by typing in their name.
2. Research new sellers for their history and reviews.
Never heard of that retailer before? See when they launched their website. A relatively new site might be a sign that it’s part of a scam.
A quick visit to the ICANN (Internet Corporation for Assigned Names and Numbers) website can show you certain background info for any website you type in. Given how quickly and easily scammers can register and launch a website, this kind of info can help you sniff out a scam.
Of course, it might also indicate a new business that’s entirely legitimate, so a little more digging is called for. That’s where reviews come in. Aside from the resources listed above, a simple web search of “[company name] reviews” or “[company name] scam” can help you discover if the retailer is legit.
3. Look for the lock icon in your browser when you shop.
Secure websites begin their addresses with “https,” not just “http.” That extra “s” stands for “secure,” which means that it uses a secure protocol for transmitting sensitive info like passwords, credit card numbers, and the like over the internet. It often appears as a little padlock icon in the address bar of your browser, so double-check for that. If you don’t see that it’s secure, it’s best to avoid making purchases on that website.
4. Pay with a credit card instead of your debit card.
Credit cards offer fraud protections that debit cards don’t. Another key difference: when fraud occurs with a debit card, you fight to get your money back — it’s gone straight out of your account. With a credit card, the issuer fights to get their money back. They’re the ones who take the financial hit.
Additionally, in the U.S., the Fair Credit Billing Act offers the public protection against fraudulent charges on credit cards. The act gives citizens the power to dispute charges over $50 for goods and services that were never delivered or otherwise billed incorrectly. Note that many credit card companies have their own policies that improve upon the Fair Credit Billing Act as well. However, debit cards aren’t afforded the same protection under the Act. Avoid using a debit card while shopping online and use your credit card instead.
5. Protect your devices for shopping.
A complete suite of online protection software like McAfee+ can offer layers of extra security while you shop. It includes scam protection that can block malicious and questionable links that might lead you down the road to malware or a phishing scam — along with a password manager that can create and securely store strong, unique passwords.
If you have some last-minute bookings and travel in your plans for the eclipse, look out for online rental fraud scams. With a few images cobbled together from the internet, scammers list phony properties and seek to get paid outside legitimate rental platforms — leaving you short of funds and short of a place to stay when you finally arrive.
You can avoid these scams rather easily. Trust a trusted platform. Book your vacation rental through a reputable outlet. Vacation rental platforms like Airbnb and VRBO have policies and processes in place that protect renters from scammers.
You have several other ways you can avoid booking scams …
First, look at the listing.
Do the photos look grainy or like they came from a magazine? Do a reverse image search on the photo and see what comes up. It might be a piece of stock photography designed to trick you into thinking it was taken at an actual property for rent. Also, read the reviews for the property. Listings with no reviews are a red flag.
Only communicate on the platform.
The moment a host asks to communicate outside of the platform is another red flag. Scammers will try to lure you off the platform where they can request payment in forms that are difficult to recover or trace after you realize you’ve been scammed. That includes methods such as certified checks, money transfers like Western Union, and online payment apps like Zelle. Generally, when that money is gone, it’s gone for good.
Only pay on the platform.
Likewise, paying for your rental outside the platform might also go against the terms of service, as in the case of Airbnb. Or, as with VRBO, paying outside the platform voids their “Book with Confidence Guarantee,” which offers you certain protections. Use the platform to pay and use a credit card when you do. In the U.S., the Fair Credit Billing Act allows you to dispute charges. Additionally, some credit cards offer their own anti-fraud protections that can help you dispute a billing.
With big events comes scarcity. Postseason sports and merch. Holiday shopping and hot gifts. Vacation time and rentals at popular destinations. Scammers love this combination. With people in a rush to buy or book, scammers take advantage. As we now see, we can add eclipses to that list, just as we saw with the 2017 eclipse.
In addition to the advice above, take your time and ensure a safe purchase. Given that variants of this scam involve phony, unsafe viewing glasses, take the extra care that your vision absolutely deserves. Go with a reputable retailer with ISO-approved lenses.
The post How to Avoid Solar Eclipse Scams appeared first on McAfee Blog.
As taxpayers prepare their returns for April 15th, scammers prepare too. They see tax season as high time to run all kinds of scams and identity theft schemes.
Fake accountants, fake tax software, robocalls, and more all make the list. We’ll give you a look at what’s happening out there right now. And we’ll run down several ways you can keep safe.
A commonly used tactic involves hackers posing as collectors from the IRS, as tax preparers, or government bureaus. This tactic is pretty effective due to Americans’ concerns about misfiling their taxes or accidentally running into trouble with the IRS. Scammers take advantage of this fear, manipulating innocent users into providing sensitive information or money over the phone or by email. And in extreme cases, hackers may be able to infect computers with malware via malicious links or attachments sent through IRS email scams.
Another tactic used to take advantage of taxpayers is the canceled social security number scam. Hackers use robocalls claiming that law enforcement will suspend or cancel the victim’s Social Security number in response to taxes owed. Often, victims are scared into calling the fraudulent numbers back and persuaded into transferring assets to accounts that the scammer controls. Users need to remember that the IRS will only contact taxpayers through snail mail or in person, not over the phone.
Another scam criminals use involves emails impersonating the IRS. Victims receive a phishing email claiming to be from the IRS, reminding them to file their taxes or offering them information about their tax refund via malicious links. If a victim clicks on the link, they will be redirected to a spoofed site that collects the victim’s personal data, facilitating identity theft. What’s more, a victim’s computer can become infected with malware if they click on a link with malicious code, allowing fraudsters to steal more data.
Scammers also take advantage of the fact that many users seek out the help of a tax preparer or CPA during this time. These criminals will often pose as professionals, accepting money to complete a user’s taxes but won’t sign the return. This makes it look like the user completed the return themselves. However, these ghost tax preparers often lie on the return to make the user qualify for credits they haven’t earned or apply changes that will get them in trouble. Since the scammers don’t sign, the victim will then be responsible for any errors. This could lead to the user having to repay money owed, or potentially lead to an audit.
While these types of scams can occur at any time of the year, they are especially prevalent leading up to the April tax filing due date. Consumers need to be on their toes during tax season to protect their personal information and keep their finances secure. To avoid being spoofed by scammers and identity thieves, follow these tips:
File before cybercriminals do it for you. The easiest defense you can take against tax seasons schemes is to get your hands on your W-2 and file as soon as possible. The more prompt you are to file, the less likely your data will be raked in by a cybercriminal.
Keep an eye on your credit and your identity. Keeping tabs on your credit report and knowing if your personal information has been compromised in some way can help prevent tax fraud. Together, they can let you know if someone has stolen your identity or if you have personal info on the dark web that could lead to identity theft.
Beware of phishing attempts. It’s clear that phishing is the primary tactic crooks are leveraging this tax season, so it’s crucial you stay vigilant around your inbox. This means if any unfamiliar or remotely suspicious emails come through requesting tax data, double check their legitimacy with a manager or the security department before you respond. Remember: the IRS will not initiate contact with taxpayers by email, text messages, or social media channels to request personal or financial info. So someone contacts you that way, ignore the message.
Watch out for spoofed websites. Scammers have extremely sophisticated tools that help disguise phony web addresses for DIY tax software, such as stolen company logos and site designs. To avoid falling for this, go directly to the source. Type the address of a website directly into the address bar of your browser instead of following a link from an email or internet search. If you receive any suspicious links in your email, investigating the domain is usually a good way to tell if the source is legitimate or not.
Protect yourself from scam messages. Scammers also send links to scam sites via texts, social media messages, and email. McAfee Scam Protection can help you spot if the message you got is a fake. It uses AI technology that automatically detects links to scam URLs. If you accidentally click, don’t worry, it can block risky sites if you do.
Clean up your personal info online. Crooks and scammers have to find you before they can contact you. After all, they need to get your phone number or email from somewhere. Sometimes, that’s from “people finder” and online data brokers that gather and sell personal info to any buyer. Including crooks. McAfee Personal Data Cleanup can remove your personal info from the data broker sites scammers use to contact their victims.
Consider an identity theft protection solution. If for some reason your personal data does become compromised, be sure to use an identity theft solution such as McAfee Identity Theft Protection, which allows users to take a proactive approach to protect their identities with personal and financial monitoring and recovery tools to help keep their identities personal and secured.
The post Watch Out For IRS Scams and Avoid Identity Theft appeared first on McAfee Blog.
Hackers used one of the oldest tricks in the book to turn a buck. All at the expense of several thousand Roku users.
Roku notified users that “certain individual Roku accounts” might have been accessed by someone other than their owners. The method of attack involved … credential stuffing, where stolen passwords from one account are “stuffed” into other accounts. With this form of attack, a reused password in one account can give access to several others.
Roku discovered that was the likely cause here, affecting at least 15,000 users.[i]
“Through our investigation, we determined that unauthorized actors had likely obtained certain usernames and passwords of consumers from third-party sources (e.g., through data breaches of third-party services that are not related to Roku).”
So while Roku itself wasn’t breached, hackers used info from other data breaches to break into these accounts, which were sold online. Reportedly for as little as fifty cents each.
With access to the compromised accounts, thieves tried to purchase subscriptions and hardware using stored payment options.
Roku went on to say that these unauthorized actors didn’t get access to “social security numbers, full payment account numbers, dates of birth, or other similar sensitive personal information requiring notification.”
The company said it continues to monitor accounts for unusual activity and that it’s working with subscribers to refund any unauthorized charges.
It has also reset passwords for potentially affected account holders. The company directed users to visit my.roku.com and use the “Forgot password?” option on the sign-in page.
While an estimated 15,000-plus compromised accounts have been identified, the possibility remains that yet more might be at risk as well. Every Roku subscriber should check their account for unusual activity. From there, we suggest updating your password to a new password that’s both strong and unique.
With that, we recommend that you take the following steps, which can help prevent and halt any harm being done with your personal info.
With some personal info in hand, bad actors might seek out more. They might follow up a breach with rounds of phishing attacks that direct you to bogus sites designed to steal your personal info — either by tricking you into providing it or by stealing it without your knowledge. So look out for phishing attacks, particularly after breaches.
If you are contacted by a company, make certain the communication is legitimate. Bad actors might pose as them to steal personal info. Don’t click or tap on links sent in emails, texts, or messages. Instead, go straight to the appropriate website or contact them by phone directly.
In this case, head to my.roku.com and use the “Forgot password?” option as the company suggests.
Changing passwords now is a must. Strong and unique passwords are best, which means never reusing your passwords across different sites and platforms. Using a password manager helps you keep on top of it all, while also storing your passwords securely. Moreover, changing your passwords regularly might make a stolen password worthless because it’s out of date.
While a strong and unique password is a good first line of defense, enabling two-factor authentication across your accounts helps your cause by providing an added layer of security. It’s increasingly common to see nowadays, where banks and all manner of online services will only allow access to your accounts after you’ve provided a one-time passcode sent to your email or smartphone. If your accounts support two-factor authentication, enable it.
Unfortunately at this time, Roku users don’t have this option available to them (although Roku does offer it for its smart home app).
An identity monitoring service can monitor everything from email addresses to IDs and phone numbers for signs of breaches so you can take action to secure your accounts before they’re used for identity theft. Personal info harvested from data breaches can end up on dark web marketplaces where other bad actors buy it for their own attacks. Ours monitors the dark web for your personal info and provides early alerts if your data is found on there, an average of 10 months ahead of similar services. We also provide guidance to help you act if your info is found.
In the case of the Roku attack, the account thieves purchased compromised accounts on dark web marketplaces. Identity monitoring can help you spot that kind of activity, which then lets you know it’s time to change your passwords.
Although Roku said it found no evidence that account thieves gained access to further sensitive info, treat your info like it was anyway. Strongly consider taking preventive measures now. Checking your credit and getting identity theft protection can help keep you safe in the wake of a breach. Further, a security freeze can help prevent identity theft if you spot any unusual activity. You can get all three in place with our McAfee+ Advanced or Ultimate plans. Features include:
A complete suite of online protection software can offer layers of extra security. In addition to more private and secure time online with a VPN, identity monitoring, and password management, it includes web browser protection that can block malicious and suspicious links that might lead you down the road to malware or a phishing scam — which antivirus protection can’t do alone. Additionally, we offer support from a licensed recovery pro who can help you restore your credit, just in case.
[i] https://apps.web.maine.gov/online/aeviewer/ME/40/e9cc298b-379b-47ba-a10d-e2263963b574.shtml
The post 15,000+ Roku Accounts Compromised — Take These Steps to Protect Yourself appeared first on McAfee Blog.
“Jessica” cost him one million dollars.
In an account to Forbes, one man described how he met “Jessica” online.i Readily, they formed a friendship. Turns out, “Jessica” was a great listener, particularly as he talked about the tough times he was going through. Through chats on WhatsApp, he shared the struggles of supporting his family and rapidly ailing father.
The story telegraphs itself. Yes, “Jessica” was a scammer. Yet this scam put a new twist on an old con game. The man fell victim to a pig butchering scam — a scam that weaves together long strings of messages, cryptocurrency, and bogus investment opportunities.
Many victims lose everything.
“Jessica’s” victim broke down the scam, how it worked, and how he got roped in. It began with an introductory text in October that spun into a WhatsApp transcript spanning 271,000 words. Throughout, he shared his family and financial struggles.
Then, “Jessica” offered hope. Investments that would turn a fast buck.
“Jessica” walked him through several transactions on an app he was told to download. Small investments at first, yet increasingly larger. “Jessica” needed him to invest more and more, despite his reservations. Yet his balance grew and grew each time he followed her explicit directions.
Then, the trap sprung. Twice. In November, he logged into the app and found a negative balance close to half a million dollars. “Jessica” reassured him that he could get it back, and then some. “Jessica” encouraged him to borrow. He did. From his bank and a childhood friend.
Soon, he was back up to nearly $2 million. Or so he thought. In December, he logged into the app once again and found a negative balance of $1 million. His savings and borrowed money alike disappeared — straight into the hands of scammers. All the while, they manipulated the app with a plug-in that fabricated financial results. His whopping gains were actually massive losses.
He’s far from the only victim of pig butchering. Last year, we brought you the story of “Leslie,” a retired woman who fell victim to a different form of the same scam. A so-called friend she met online directed her to invest her retirement funds for even more returns. Soon, a lonely yet otherwise sharp retiree found herself down $100,000.
Victims like these find themselves among the thousands of people who fall for pig butchering scams each year. The problem is global in scope, costing billions of dollars each year. Yet as pig butchering represents a new type of scam, it uses some age-old tricks to separate people from their money.
With that, pig butchering scams are preventable. Awareness plays a major role, along with several other steps people can take to keep it from happening to them.
It’s a con game with a vivid name. Just as a livestock farm raises pork for profit, scammers foster long-term relationships with their victims for profit. The scammers start by taking small sums of money, which increase over time, until the victim finally gets “fattened up” and “butchered” for one final whopping sum. The term appears to have origins in the Chinese phrase zhu zai, meaning “to slaughter a pig.”
What sets pig butchering scams apart from romance scams, elder scams, and other con games is cryptocurrency. Scammers lure their victims into investing in ventures, seemingly profitable ones because the scammers appear to make the same investments themselves. With great success. Victims then mirror those investments, yet the “market” is rigged. With phony sites and apps, the scammers point to big gains — which are all mocked up on the screen. Instead, the money goes straight to them.
The scam follows a script, one that “Jessica” played out to the letter. You can see the steps.
It starts out innocently enough. A text on the phone, a note on a messaging app, or a direct message on social media comes to the victim from out of the blue. It’s from someone they don’t know, and they might ask a simple question, like …
“Is this John? We shared a tee time at the course last week and I have that extra club I said I’d give you.”
“Hi, Sally. It’s me. Sorry I can’t make lunch today. Can we reschedule?”
Or even as simple as …
“Hey.”
These “wrong number” texts and messages are anything but unintended. In some cases, victims get randomly picked. Blasts of texts and messages get sent to broad audiences, all in the hope that a handful of potential victims will reply.
Yet, by and large, victims get carefully selected. And researched. The scammers work from a dossier of info gathered on the victim, full of tidbits harvested from the victim’s online info and social media profiles. Who puts together those dossiers? Often, it’s a large, organized crime operation. The scammer behind the messages is only one part of a much larger scamming machine, which we’ll cover in a bit.
With that intel in hand, the scammers have their opening.
After an introduction, the scammer kicks off a conversation. Over time, the conversations get personal. And those personal touches have a way of luring people in. Scammers pose as another person, such as “Jessica,” sprinkle things into the conversation like similar interests or family backgrounds. Anything that’s just enough to intrigue the victim and keep them chatting.
From there, scammers play a long con game, building trust with their victims over time. Things tend to get increasingly personal. The scammer pumps the victim for more and more news of their life. What they’re worried about. What dreams they have. And in cases where the scam takes a romantic turn, how they’ll build a life together.
Then, money comes into play.
With a solid read on their victims and their lives, scammers drop hints about investment opportunities with big returns. The scammer rarely takes the money themselves. In fact, they almost always insist that the victim handles the money themselves. Instead, scammers lure their victims into using bogus apps that look like they support a legitimate trading platform. Yet they’re not. These apps act as a direct line to the scamming operation that the scammer’s working for. The money goes right into their pocket.
Meanwhile, victims see something else entirely. Scammers give them step-by-step instructions that cover what to invest, where, and how to conduct transactions with cryptocurrency. The sums start small. First $5,000 or $10,000. The victim checks in with their new investment “app” and sees a great gain. The process repeats, as the sums get proverbially fatter and fatter.
Finally, the truth comes out. Hard reality strikes when victims try to transfer their cryptocurrency out of their app. They can’t. There’s nothing there. The scammers manipulated the info on that bogus app. All the investments, all the transaction history, and all the earnings — fake.
And because the scammers did their dirty work in cryptocurrency, that money is gone. Practically untraceable and practically impossible to get back.
Clearly, “Jessica” followed this scam to the letter. However, it’s highly likely “Jessica” didn’t work alone.
Organized crime props up the vast majority of pig butchering scams.
The United States FBI points to several large-scale pig butchering operations, centered mostly in Southeast Asia.ii Other findings point to operations in Nigeria, where thousands of “Yahoo Boys” fire off romantic messages in their form of a pig butchering ring.iii
In another account, a Reuters Special Report traced $9 million to an account registered to a well-connected representative of a Chinese trade group in Thailand — which hinted at yet broader collusion and fraud.
These are big-time scams, backed by big-time operations. They run like them too.
They have dev and design teams that create legit-looking finance apps. They have even further trappings of a large, legitimate company, including support, customer service, accounting, and the like to manage transactions. Then they have their front-line operatives, the people doing the texting and messaging.
However, many of these front-line scammers do it against their will.
An even darker aspect of pig butchering scams reveals itself when you discover who does the actual dirty work. As reported by the FBI, these front-line scammers are often human trafficking victims:
Criminal actors target victims, primarily in Asia, in employment fraud schemes by posting false job advertisements on social media and online employment sites. The schemes cover a wide range of opportunities, to include tech support, call center customer service, and beauty salon technicians.
Job seekers are offered competitive salaries, lucrative benefits, paid travel expenses as well as room and board. Often throughout the process, the location for the position is shifted from the advertised location. Upon job seekers’ arrival in the foreign country, criminal actors use multiple means to coerce them to commit cryptocurrency investment schemes, such as confiscation of passports and travel documents, threat of violence, and use of violence.iv
The cruel fact of pig butchering scams is this: victims victimize victims.
Meanwhile, organized crime operations get rich. One piece of academic research traced $75.3 billion to one suspected pig butchering network alone between 2020 and 2024.v
In the U.S., the FBI points to $2.57 billion in cryptocurrency and pig butchering fraud reports in 2022.vi As always with such figures, many losses go unreported. That figure climbs much higher. Yet higher still when it accounts for victims worldwide.
Effective pig butchering requires that dossier we talked about before. A profile of the victim that includes personal details siphoned from online sources. One move that can lower your risk of becoming a target involves trimming down your presence online.
Steps include …
Make your social media more private. Our new McAfee Social Privacy Manager personalizes your privacy based on your preferences. It does the heavy lifting by adjusting more than 100 privacy settings across your social media accounts in only a few clicks. This makes sure that your personal info is only visible to the people you want to share it with. It also keeps it out of search engines where the public can see it. Including scammers.
Watch what you post on public forums. As with social media, scammers harvest info from online forums dedicated to sports, hobbies, interests, and the like. If possible, use a screen name on these sites so that your profile doesn’t immediately identify you. Likewise, keep your personal details to yourself. When posted on a public forum, it becomes a matter of public record. Anyone, including scammers, can look it up.
Remove your info from data brokers that sell it. McAfee Personal Data Cleanup helps you remove your personal info from many of the riskiest data broker sites out there. Running it regularly can keep your name and info off these sites, even as data brokers collect and post new info. Depending on your plan, it can send requests to remove your data automatically.
Delete your old accounts. Yet another source of personal info comes from data breaches. Scammers use this info as well to complete a sharper picture of their potential victims. With that, many internet users can have over 350 online accounts, many of which they might not know are still active. McAfee Online Account Cleanup can help you delete them. It runs monthly scans to find your online accounts and shows you their risk level. From there, you can decide which to delete, protecting your personal info from data breaches and your overall privacy as a result.
Whether you think you’re a target or think you know someone who might be, you can take immediate steps to stop a pig butchering attack. It begins with awareness. Simply by reading this blog article, you’ve gained an understanding of what these attacks are and how they work. Not to mention how costly they can be.
If you think something sketchy is going on, take the following steps:
Ignore it.
It’s that simple. The fact that a lot of these scams start over WhatsApp and text messages means that the scammer either got your phone number online or they targeted your number randomly. In either case, they count on your response. And continued responses. In many cases, the initial contact is made by one person and viable candidates are passed on to more seasoned scammers. Bottom line: don’t interact with people you don’t know. No need to reply with “Sorry, wrong number” or anything like that. Ignore these messages and move on.
When a stranger you’ve just met online brings up money, consider it a scam.
Money talk is an immediate sign of a scam. The moment a person you’ve never met and got to know face to face asks for money, put an end to the conversation. Whether they ask for money, bank transfers, cryptocurrency, money orders, or gift cards, say no. And with pig butchering scams, never follow their directions for making a specific investment with specific tools. Doing so only funnels money into the scamming operation’s coffers.
End the conversation.
You might say no, and the scammer might back off — only to bring up the topic again later. This is a sign to end the conversation. That persistence is a sure sign of a scam. Recognize that this might be far easier said than done, as the saying goes. Scammers horn their way into the lives of their victims. A budding friendship or romance might be at stake. That’s what the scammers want you to think. They play off emotions. Hard as it is, end the relationship.
Talk with trusted friends or family members. And look out for them too.
Sometimes it takes an extra set of eyes to spot a scammer. Conversations with scammers won’t always add up. By talking about the people you meet online with someone you trust can help you see when it doesn’t. Given the way that scammers pull all kinds of strings on their victims, conversation — even to the point of showing messages to a friend — can help clear up any clouded judgment.
Alarming as pig butchering stories sound, not every new person you meet online is out to get you. For every “Jessica” out there, you’ll find far more genuine people who really do want to strike up a friendship with you. Yet as these scams increase, our guard must go up as well.
It’s always been good advice to take a relationship slowly online. Scammers have long taken advantage of people who rush to provide personal details and hand over their trust. As with any confidence scam, look for people who want to have a video call with you, meet in person in a public place, or otherwise give you the chance to see that they’re a genuine person. And not a “Jessica.”
Know those signs of a scam when you see them. And if they rear their head, act on them.
[ii] https://www.ic3.gov/Media/Y2023/PSA230522
[iii] https://papers.ssrn.com/sol3/papers.cfm?abstract_id=4742235
[iv] https://www.ic3.gov/Media/Y2023/PSA230522
[v] https://papers.ssrn.com/sol3/papers.cfm?abstract_id=4742235
[vi] https://www.ic3.gov/Media/PDF/AnnualReport/2022_IC3Report.pdf
The post What are Pig Butchering Scams and How Do They Work? appeared first on McAfee Blog.
There are more online users now than ever before, thanks to the availability of network-capable devices and online services. The internet population in Canada is the highest it has been, topping the charts at 33 million. That number is only expected to increase through the upcoming years. However, this growing number and continued adoption of online services pose increasing cybersecurity risks as cybercriminals take advantage of more online users and exploit vulnerabilities in online infrastructure. This is why we need AI-backed software to provide advanced protection for online users.
The nature of these online threats is ever-changing, making it difficult for legacy threat detection systems to monitor threat behavior and detect new malicious code. Fortunately, threat detection systems such as McAfee+ adapt to incorporate the latest threat intelligence and artificial intelligence (AI) driven behavioral analysis. Here’s how AI impacts cybersecurity to go beyond traditional methods to protect online users.
Most of today’s antivirus and threat detection software leverages behavioral heuristic-based detection based on machine learning models to detect known malicious behavior. Traditional methods rely on data analytics to detect known threat signatures or footprints with incredible accuracy. However, these conventional methods do not account for new malicious code, otherwise known as zero-day malware, for which there is no known information available. AI is mission-critical to cybersecurity since it enables security software and providers to take a more intelligent approach to virus and malware detection. Unlike AI–backed software, traditional methods rely solely on signature-based software and data analytics.
Similar to human-like reasoning, machine learning models follow a three-stage process to gather input, process it, and generate an output in the form of threat leads. Threat detection software can gather information from threat intelligence to understand known malware using these models. It then processes this data, stores it, and uses it to draw inferences and make decisions and predictions. Behavioral heuristic-based detection leverages multiple facets of machine learning, one of which is deep learning.
Deep learning employs neural networks to emulate the function of neurons in the human brain. This architecture uses validation algorithms for crosschecking data and complex mathematical equations, which applies an “if this, then that” approach to reasoning. It looks at what occurred in the past and analyzes current and predictive data to reach a conclusion. As the numerous layers in this framework process more data, the more accurate the prediction becomes.
Many antivirus and detection systems also use ensemble learning. This process takes a layered approach by applying multiple learning models to create one that is more robust and comprehensive. Ensemble learning can boost detection performance with fewer errors for a more accurate conclusion.
Additionally, today’s detection software leverages supervised learning techniques by taking a “learn by example” approach. This process strives to develop an algorithm by understanding the relationship between a given input and the desired output.
Machine learning is only a piece of an effective antivirus and threat detection framework. A proper framework combines new data types with machine learning and cognitive reasoning to develop a highly advanced analytical framework. This framework will allow for advanced threat detection, prevention, and remediation.
Online threats are increasing at a staggering pace. McAfee Labs observed an average of 588 malware threats per minute. These risks exist and are often exacerbated for several reasons, one of which is the complexity and connectivity of today’s world. Threat detection analysts are unable to detect new malware manually due to their high volume. However, AI can identify and categorize new malware based on malicious behavior before they get a chance to affect online users. AI–enabled software can also detect mutated malware that attempts to avoid detection by legacy antivirus systems.
Today, there are more interconnected devices and online usage ingrained into people’s everyday lives. However, the growing number of digital devices creates a broader attack surface. In other words, hackers will have a higher chance of infiltrating a device and those connected to it.
Additionally, mobile usage is putting online users at significant risk. Over 85% of the Canadian population owns a smartphone. Hackers are noticing the rising number of mobile users and are rapidly taking advantage of the fact to target users with mobile-specific malware.
The increased online connectivity through various devices also means that more information is being stored and processed online. Nowadays, more people are placing their data and privacy in the hands of corporations that have a critical responsibility to safeguard their users’ data. The fact of the matter is that not all companies can guarantee the safeguards required to uphold this promise, ultimately resulting in data and privacy breaches.
In response to these risks and the rising sophistication of the online landscape, security companies combine AI, threat intelligence, and data science to analyze and resolve new and complex cyber threats. AI-backed threat protection identifies and learns about new malware using machine learning models. This enables AI-backed antivirus software to protect online users more efficiently and reliably than ever before.
AI addresses numerous challenges posed by increasing malware complexity and volume, making it critical for online security and privacy protection. Here are the top 3 ways AI enhances cybersecurity to better protect online users.
1. Effective threat detection
The most significant difference between traditional signature-based threat detection methods and advanced AI-backed methods is the capability to detect zero-day malware. Functioning exclusively from either of these two methods will not result in an adequate level of protection. However, combining them results in a greater probability of detecting more threats with higher precision. Each method will ultimately play on the other’s strengths for a maximum level of protection.
2. Enhanced vulnerability management
AI enables threat detection software to think like a hacker. It can help software identify vulnerabilities that cybercriminals would typically exploit and flag them to the user. It also enables threat detection software to better pinpoint weaknesses in user devices before a threat has even occurred, unlike conventional methods. AI-backed security advances past traditional methods to better predict what a hacker would consider a vulnerability.
2. Better security recommendations
AI can help users understand the risks they face daily. An advanced threat detection software backed by AI can provide a more prescriptive solution to identifying risks and how to handle them. A better explanation results in a better understanding of the issue. As a result, users are more aware of how to mitigate the incident or vulnerability in the future.
AI and machine learning are only a piece of an effective threat detection framework. A proper threat detection framework combines new data types with the latest machine learning capabilities to develop a highly advanced analytical framework. This framework will allow for better threat cyber threat detection, prevention, and remediation.
The post The What, Why, and How of AI and Threat Detection appeared first on McAfee Blog.
Over the past year and a half, workers everywhere have gotten used to working from home. They have adopted an entirely new work from home mindset and diverted their weekly commuting hours to other productive and more enjoyable pursuits. As parts of the world return to a “new normal,” another change is on the way: a gradual return to the office.
The hybrid working model is met with mixed reviews from employees and business security teams alike. For some employees, a clearer separation between work and home is a welcome change. CTV News reports 66% of Canadian respondents to an International Workplace Group poll say they are looking forward to splitting their working hours between the office and home.
For business security teams who are just catching their breath after the monumental shift to a remote workforce, they are now gearing up for the new online safety challenges posed by the hybrid work model. According to a VMware Canada Threat Report, 86% of security professionals agree that cyberattacks aimed at their organizations have become more sophisticated since the onset of the pandemic. Additionally, 91% of global respondents cite employees working from home as the cause of cyberattacks. Challenges of the hybrid workforce include the constant back-and-forth of company-issued devices, the lack of control over home office setups, and mixing personal and company devices with company and personal business respectively. For example, if you pay your bills or shop online using your work device, it opens several new avenues for a hacker to walk right onto the corporate network. When your guard is down even a little bit when you are off the clock, you could fall victim to e-skimmers, fake login pages, or phishing scams.
No matter how advanced your company’s threat detection system, hackers know where vulnerabilities lie and are on the hunt to exploit them. Check out these tips to ensure you are not the weak link in your organization.
A virtual private network (VPN) is a service that scrambles online browsing data, making it impossible for nefarious characters to decipher your activity. This is an excellent way to deter hackers from tracking your movements and picking up sensitive pieces of information.
VPNs are essential if you are working in a public area, sharing a wireless network with strangers, or using a Wi-Fi connection that is not password protected. Public Wi-Fi networks are notoriously easy pickings for hackers seeking entry into unsuspecting users’ devices. On the days where you are not in the office, make sure your wireless connection is secure.
While a VPN is an excellent tool, security measures and your accounts are vulnerable without a strong and private password or passphrase to protect them. The gigantic Colonial Pipeline hack is being blamed on a hacker gaining entry through an unused VPN that was not secured with multifactor authentication. Multifactor authentication is an online safety measure where more than one method of identity verification is needed to access the valuable information that lies within password-protected accounts.
Consider using a password manager to organize all your passwords and logins. Password managers remember each pairing so you don’t have to, plus most managers are secured with multifactor authentication. A password manager makes it easier to add variety to your passwords and prevents you from ever having to write them down.
Professionals who travel between their home and an office are likely transporting their devices back and forth, increasing the number of opportunities for devices to be forgotten at either location or in transit. As convenient as it may be, never use your personal device for official business. Even if you pride yourself on sound online safety habits, your company device likely has more defenses ingrained in its hardware than your personal devices.
With your personal devices, you should carefully vet everything you download. With your work-issued devices, this vetting process is even more important as company information is at stake. The Information and Privacy Commissioner of Ontario states that employees should never download applications to their work devices without permission from the IT team. Apps and programs often have security vulnerabilities that could open a gateway for hackers.
Zero Trust is a security philosophy that is exactly what it sounds like: trust no one. Businesses are employing Zero Trust models to greatly limit who has access to sensitive data sources. Adopt your own personal Zero Trust philosophy concerning your passwords, logins, and device access. This means never sharing passwords or log in details, especially over email, instant messenger, or over a video conference. Hackers commonly eavesdrop on all three mediums. Also, even your most trusted coworker could mishandle your passwords and login details, such as writing them down and leaving them in a public place.
A key aspect of the Zero Trust model is only granting employees access to platforms that are vital to their job. Sharing your logins with coworkers who may not be authorized for using that platform undermines all the hard work the IT team does to keep tabs on data access.
Every time you turn on the nightly news, another ransomware attack has hit another organization, each one bigger than the last. This heightened prevalence is a reflection on the wiliness of hackers, but also the number of security holes every company must plug.
There are several vulnerable points of entry in every company, and some of those vulnerabilities are heightened by the hybrid work model. Always heed the advice of your company’s IT team, and make sure to do your part to keep your devices and work information secure.
The post Hybrid Workplace Vulnerabilities: 4 Ways to Promote Online Safety appeared first on McAfee Blog.
Imagine a tool that can transform text into captivating videos, bridging the gap between imagination and reality by creating videos that look “lifted from a Hollywood movie” in minutes. In a world where technology continues to push boundaries, OpenAI is once again at the forefront of innovation with the unveiling of Sora, a groundbreaking text-to-video artificial intelligence (AI) model.
But what are the implications for personal internet security? As Sora enters the scene with its remarkable abilities, there arises a concern about how such advanced AI technology might impact the safety of online interactions and the potential for misuse or manipulation of generated content.
What is Sora?
OpenAI is the creator behind the ChatGPT AI chatbot. Their creation of Sora represents a leap forward in AI capabilities.
Sora transforms text prompts into videos. Previously, videos created by AI have had issues like choppiness and distortion; it was easy to tell that it was AI-generated content. In contrast, Sora’s video creation capabilities are adept at crafting intricate scenes with vivid characters and dynamic motion. While Sora still has limitations, its ability as an instant video generator far surpasses what has been seen before.
Currently, OpenAI is having Sora evaluated by cybersecurity professionals to identify critical areas for potential harm. As with any emerging technology, it’s essential to approach Sora with caution, recognizing both its benefits and its potential risks.
Top Internet Safety Concerns About Sora
Scammers and cybercriminals are likely to employ AI video generation for their deceptive purposes. Here are some of the dishonest applications of AI video generators to be aware of:
How to Stay Safe Against AI-generated Video Content
Protecting yourself against the risks associated with AI-generated video content is paramount in today’s digital landscape. Here are some key strategies to stay safe:
While it’s essential to acknowledge the new risks to personal internet security brought about by advances in AI video generation, the future isn’t a daunting place—it’s brimming with endless technological possibilities!
Embrace these opportunities with confidence, knowing that McAfee has your back. To protect your online privacy, devices, and identity, entrust your digital safety to McAfee+. McAfee+ includes $1 million in identity theft coverage, virtual private network (VPN), Personal Data Cleanup, and more.
The post What is Sora and What Does It Mean for Your Personal Internet Security? appeared first on McAfee Blog.
If you’re concerned about your privacy on social media, you have plenty of company. Here’s something else you have — a great way to lock it down.
Just how concerned are people about their privacy on social media? We asked. Worldwide, 73% of social media users said they’re highly concerned with their security and privacy on social media platforms.
And for parents of teens, those concerns about privacy on social media weigh even heavier. Fresh insights published by Pew Research[i] reveal that nearly 1 in 5 teens in the U.S. said they’re on YouTube and TikTok “almost constantly.”
With social media usage and privacy concerns so high, we created McAfee’s Social Privacy Manager.
If you’ve ever taken a dive into the privacy settings on your social media accounts, you know just how deep they can go. And if you haven’t, it can involve dozens of individual menus and settings. In all, it can get tricky when it comes time to setting them the way you like. It’s a lot of work. Plenty of work when you consider how platforms change and update their settings over time.
Our Social Privacy Manager does that work for you, automatically adjusting more than 100 privacy settings across all the accounts you choose. As a result, you can reduce the amount of data being collected and ensure your info is only visible to the people you want to share it with — which can help keep your personal info out of the wrong hands. As we’ll see, social media provides a wealth of info that hackers and scammers can potentially use against you.
That’s why privacy on social media matters so much. Let’s start with a look at what bad actors are up to on social media and at how much time teens are spending on it. From there, we’ll hop into how quickly and easily McAfee’s Social Privacy Manager can help keep you and your family far safer than before.
For some time, we’ve seen how hackers and scammers use social media to fuel their attacks and scams. It’s an open book. A book about you. Your likes, your life, not to mention the photos of where you go, what you like to do, and who you do it with. That info is as good as gold for hackers and scammers.
With that exacting kind of info, bad actors out there can commit identity theft and cook up phishing scams using relevant info about you. An analogy explains how. Your identity is like a puzzle, and various pieces of personal info are the pieces. With enough pieces, a bad actor can put together a puzzle picture of you. One that’s complete just enough to open a loan, make an insurance claim, or pose as you in some way.
For those pieces, they’ll turn to info found on the dark web, info readily available from online data brokers, and yet more info from social media. Already, we have products and features that protect your identity on the dark web and that help remove your info from sketchy data broker sites. Now, our Social Privacy Manager helps you shut down one more source of info from bad actors — a source they successfully tap into.
According to the U.S. Federal Trade Commission (FTC), scammers recently used social media as a contact method in 11% of the fraud and identity theft cases where victims cited a method.
Source: FTC
While that figure finds itself somewhat in the middle of the pack in terms of contact methods, it was the second-most effective method as it led to a loss 61% of the time. Only ads and pop-ups worked more effectively at 63%, making social media a goldmine for hackers and scammers indeed.
Earlier, we mentioned just how much time teens spend on social media. Taking a deeper dive into the numbers provided by Pew Research, we can see a couple of things — the top platforms they use and how often they use them:
YouTube absolutely leads the way with 93% of U.S. teens using that social media platform. Right behind it, TikTok, Snapchat, and Instagram. Also on this chart, you can spot the steep ten-year decline of Facebook and Twitter (X), a particularly precipitous drop for Facebook of more than half.
As for how often teens visit these platforms daily, the same names follow in order. YouTube takes the number one spot yet again, with 71% of teens saying they use it daily. In all, teens are telling us that social media factors into a large part of their day. “Almost constantly” for some.
From a parental standpoint, the privacy implications are clear. High use leads to high exposure and the potential privacy risks that follow. Not to mention possible exposure to scams just as adult social media users might encounter.
Without question, this makes privacy on social media a family matter.
While social media provides bad actors with another avenue to commit crimes online, you can still use social media safely in a way that reduces your risk.
With our Social Privacy Manager, you can determine what you do and don’t want to share. It scans the accounts you enter and offers suggestions that can improve your privacy. You select which ones you want to enable, and the app makes the updates with a single click.
Making it even simpler, you can also secure your privacy based on what kind of social media user you are. Whether you just tend to hang back, explore, or put yourself out there a bit more, there’s a privacy setting for you. And if you change your mind, it can help change your settings whenever you like.
If it all seems rather straightforward and simple, it is. We designed it so that you don’t have to dig through menu after menu to uncover every setting and then make the informed choice you want to make. The app does the work for you. And you can run it any time and update your settings as you like. In fact, we suggest running checks regularly as platforms can and do change their privacy settings and policies.
And as we saw above, teens are on social media. A lot. Note that you can use our Social Privacy Manager on the accounts your teens have too. It’s just a matter of running through the same steps with each of their accounts. This way, everyone in the family can boost their privacy on social media.
You can find McAfee’s Social Privacy Manager in our McAfee+ online protection plans. In conjunction with a host of other features like Identity Monitoring and Personal Data Cleanup, you can thoroughly protect your privacy and identity. On social media and anywhere else your travels take you online.
You can take a peek of Social Privacy Manager here:
In all, the last several years have seen numerous advances that make it easier, and quicker, to protect your privacy and identity. Old, manual processes that were spread out across umpteen sites and services are now automatic. And guided too. McAfee’s Social Privacy Manager stands as yet one more of those advances.
True, going online carries its risks. Social media complicates them more so. Yet you can reduce those risks, significantly so. You really can lock down your privacy. Quickly and easily, for you and your family.
[i] https://www.pewresearch.org/internet/2023/12/11/teens-social-media-and-technology-2023/
The post Introducing Social Privacy Manager appeared first on McAfee Blog.
AI has made the dating scene. In a big way. Nearly one in four Americans say they’ve spiced up their online dating photos and content with artificial intelligence (AI) tools. Yet that might do more harm than good, as 64% of people also said that they wouldn’t trust a love interest who used AI-generated photos in their profiles.
That’s only two of the findings from this year’s Modern Love research. Our second annual study surveyed 7,000 people in seven countries to discover how AI and the internet are changing love and relationships. And it should come as no surprise that AI has ushered in several hefty changes.
In all, we found that mixing love and AI has its ups and downs. For one, people cite how effective AI is. Almost 7 in 10 people said they got more interest and better responses using AI-generated content than their own. However, people also said they didn’t like receiving AI-coded sentiments. Some 57% said they’d be hurt or offended if they found out their Valentine’s message was written by AI.
The tricky part is this — people still find it tough to spot AI content. Only 24% of people said they were sure they could tell if a message or love letter was written by an AI tool like ChatGPT. Still, 42% said they saw fake profiles or photos on dating sites, apps, and social media in the past year.
Moreover, two-thirds of people said that they’re more concerned about phony AI-created content now than they were a year ago. As further findings from McAfee Labs show, those concerns have their roots in reality.
Without question, the rise of powerful AI tools has complicated the online dating landscape. In particular, AI has made it easier for romance scammers to trick people looking for love online. They can ramp up their scams more quickly and with more sophistication than ever before.
In fact, the McAfee Labs team has seen an increase in Valentine’s campaign themes, including malware campaigns, malicious URLs, and a variety of spam and scams. They expect these numbers will continue to rise as February 14 gets closer. Since late January, our Labs team has uncovered that:
These findings fall right in line with what online daters told us. Nearly one-third of Americans said that an online love interest turned out to be a scammer. Another 14% said they discovered an interest was an AI-bot and not a real person.
What’s at stake in these scams? Money, personal info, and sometimes both.
While many romance scammers make initial contact with their victims on dating websites and apps, they quickly move the conversation elsewhere, such as chat apps like WhatsApp and Telegram. In other cases, they move to texts. This gives scammers an advantage, as many dating platforms have fraud detection measures in place. And it’s here where romance scammers commit theft and fraud.
Large, organized crime operations run many romance scams. Moving the conversation from a dating site or app is often a sign that the victim has been “passed along” to a senior scammer who excels at extracting payments and personal info from victims. People shared the top types of info that scammers tried to tease out of them:
In a dating pool filled with an increasing number of scams and AI content, online daters find themselves doing some detective work.
Our study found that 38% of people said they used reverse image search on profile pictures of people they’ve met on social media or dating sites. Another 60% of respondents said they often use social media to dig into the background of their potential partners. As a result:
And rounding out those findings, 11% said they discovered something else entirely — that their potential special person was already in a relationship.
Online dating has always called for a bit of caution. Now with AI hitting the dating scene, it calls for a little skepticism, if not a little detective work. That, in combination with the right tools to protect your privacy, identity, and personal info, can mean the difference between a budding relationship or heartbreak — whether that’s financial, emotional, or both. The following steps can help:
The past year has brought plenty of change to online dating. People now use AI to pepper up their dating profiles and pics, compose love notes, or come up with a few lines for the inside of a card. Likewise, scammers have welcomed AI just as warmly. They use it to fuel content and chats that swindle victims looking for love, backed by sophisticated and large-scale operations that run like a business.
Yet today’s online daters still have what it takes to spot a fake. They have several tools and protections available to them, many powered by AI that can help them steer clear of heartbreak, both the financial and emotional kind. That, along with a mix of healthy skepticism and detective work, they can still date online with confidence, even as AI continues to make its way onto the dating scene.
Survey Methodology
The survey was conducted online between January 2024 by Market Research Company, MSI-ACI via email inviting people 18 years and older to complete an online questionnaire. In total 7,000 adults completed the survey from 7 countries included the United States, United Kingdom, France, Germany, Australia, India, and Japan.
The post Love Bytes – How AI is shaping Modern Love appeared first on McAfee Blog.
With the rise of artificial intelligence (AI) and machine learning, concerns about the privacy of personal data have reached an all-time high. Generative AI is a type of AI that can generate new data from existing data, such as images, videos, and text. This technology can be used for a variety of purposes, from facial recognition to creating “deepfakes” and manipulating public opinion. As a result, it’s important to be aware of the potential risks that generative AI poses to your privacy.
In this blog post, we’ll discuss how to protect your privacy from generative AI.
Generative AI is a type of AI that uses existing data to generate new data. It’s usually used for things like facial recognition, speech recognition, and image and video generation. This technology can be used for both good and bad purposes, so it’s important to understand how it works and the potential risks it poses to your privacy.
Generative AI can be used to create deepfakes, which are fake images or videos that are generated using existing data. This technology can be used for malicious purposes, such as manipulating public opinion, identity theft, and spreading false information. It’s important to be aware of the potential risks that generative AI poses to your privacy.
Generative AI uses existing data to generate new data, so it’s important to be aware of what data you’re sharing online. Be sure to only share data that you’re comfortable with and be sure to use strong passwords and two-factor authentication whenever possible.
There are a number of privacy-focused tools available that can help protect your data from generative AI. These include tools like privacy-focused browsers, VPNs, and encryption tools. It’s important to understand how these tools work and how they can help protect your data.
It’s important to stay up-to-date on the latest developments in generative AI and privacy. Follow trusted news sources and keep an eye out for changes in the law that could affect your privacy.
By following these tips, you can help protect your privacy from generative AI. It’s important to be aware of the potential risks that this technology poses and to take steps to protect yourself and your data.
Of course, the most important step is to be aware and informed. Research and organizations that are using generative AI and make sure you understand how they use your data. Be sure to read the terms and conditions of any contracts you sign and be aware of any third parties that may have access to your data. Additionally, be sure to look out for notifications of changes in privacy policies and take the time to understand any changes that could affect you.
Finally, make sure to regularly check your accounts and reports to make sure that your data is not being used without your consent. You can also take the extra step of making use of the security and privacy features available on your device. Taking the time to understand which settings are available, as well as what data is being collected and used, can help you protect your privacy and keep your data safe.
This blog post was co-written with artificial intelligence (AI) as a tool to supplement, enhance, and make suggestions. While AI may assist in the creative and editing process, the thoughts, ideas, opinions, and the finished product are entirely human and original to their author. We strive to ensure accuracy and relevance, but please be aware that AI-generated content may not always fully represent the intent or expertise of human-authored material.
The post How to Protect Your Privacy From Generative AI appeared first on McAfee Blog.
Two massive data breaches in France have impacted roughly half the nation’s population. The data of an estimated 33 million people has been compromised, making this the country’s largest-ever data breach.
Attackers targeted two French healthcare payment service providers, Viamedis and Almerys. Both companies manage third-party payments for health insurance in France. According to the CNIL, (Commission nationale de l’informatique et des libertés) France’s data protection agency, data was compromised during two separate breaches that struck in early February.
From a statement issued by the CNIL, affected records of policyholders and their families include:
The CNIL further stated that data such as banking info, medical data, health reimbursements, postal details, telephone numbers, and emails were not swept up by the breaches.
The concern with this breach, as with any other, is how this breached info might get combined with info from other breaches. Taken together, bad actors might use that combined info to conduct follow-on attacks, including identity theft.
As such, the CNIL suggests the following for policyholders:
In the meantime, the CNIL stated that it’s investigating the attack further, particularly to determine whether the security measures in place were in line with European data standards and obligations.
Any time a data breach occurs, it means that your personal info might end up in the hands of a bad actor. In light of this, there are a few steps you can take to protect yourself in the aftermath of a data breach, which involves a combination of preventative steps and some monitoring on your part.
Report unauthorized use of your info or accounts immediately.
As noted by the CNIL, keep an eye on your account. If you note any unusual activity, notify Viamedis or Almerys immediately.
Keep an eye out for phishing attacks.
With some personal info in hand, bad actors might seek out more. They might follow up a breach with rounds of phishing attacks that direct you to bogus sites designed to steal your personal info. So it’s always wise to keep a skeptical eye open for unsolicited messages that ask you for info, often in ways that urge or pressure you into acting. Always look out for phishing attacks, particularly after breaches.
With that, you can look into McAfee Scam Protection. It uses AI that detects suspicous links in email, texts, and social media messages. Further, it can block risky sites if you accidentally click or tap a link.
Change your passwords and use a password manager.
While it doesn’t appear that login info was affected, a password update is still a strong security move. Strong and unique passwords are best, which means never reusing your passwords across different sites and platforms. Using a password manager will help you keep on top of it all, while also storing your passwords securely. Moreover, changing your passwords regularly might make a stolen password worthless because it’s out of date.
Enable two-factor authentication.
While a strong and unique password is a good first line of defense, enabling two-factor authentication across your accounts will help your cause by providing an added layer of security. It’s increasingly common to see nowadays, where banks and all manner of online services only allow access to your accounts after you’ve provided a one-time passcode sent to your email or smartphone. If your accounts support two-factor authentication, enable it.
Consider using identity monitoring.
Breached and stolen info often ends up in dark web marketplaces where hackers, scammers, and thieves purchase it to commit yet more crime. Once it was difficult to know if your info was caught up in such marketplaces, yet now an Identity Monitoring service can do the detective work for you.
McAfee’s service monitors the dark web for your personal info, including email, government IDs, health IDs, credit card and bank account info, and more. This can help keep your personal info safe with early alerts that show you if your data is found on the dark web, an average of 10 months ahead of similar services. From there, you’ll get guidance that you can act on, which can help protect your info and accounts from potential theft.
We also offer identity restoration services through our McAfee+ Ultimate subscriptions. Identity restoration includes access to experts who can help generate an effective and efficient plan to quickly restore your identity, so you don’t have to tackle the issue by yourself.
Consider using comprehensive online protection.
A complete suite of online protection software can offer layers of extra security. It offers you the tools and services listed above, along with further features that can protect you online. That includes a VPN to keep your time online more private from online data collection while protecting it from thieves who’re out to steal credit card and account info. It also includes web browsing protection that can warn you of sketchy websites and malicious downloads that look to steal your info. In all, it’s thorough protection for your devices, privacy, and identity. And in a time of data breaches, that kind of protection has become essential.
Whether you’re a French citizen or not, word of this data breach offers an opportunity to bolster your defenses. Major breaches like these occur, just as we saw with the Facebook breach in 2021, the PayPal breach in 2023, and the 23andMe breach, also in 2023. Taking preventative steps now can put you a step ahead of the next one.
Of those steps, using comprehensive online protection software is the strongest. Protection like ours safeguards your privacy, identity, and devices in breadth and depth — protecting you from data breaches and all manner of scams and attacks that often follow them.
The post France Gets Hit with Its Largest Data Breach Ever — What You Need to Know appeared first on McAfee Blog.
On Safer Internet Day, we ask an important question: how can you tell what’s real and what’s fake online?
There’s plenty of fakery out there, due in large part to AI-generated content. And spotting the difference takes a bit of work nowadays.
Taylor Swift showed us why back in January. More accurately, a Taylor Swift AI voice clone showed us why. Scammers combined old footage of Swift with phony AI-cloned audio that touted a free cookware giveaway. They went about it in a cagey way, using the Le Creuset brand as bait, a brand that her fans know she loves.
Of course, all people had to do was “answer a few questions” to get their “free” cookware. When some did, they wound up with stolen personal info. It’s one of many full-on identity theft scams with a bogus celebrity AI twist.
Of course, this wasn’t the first time that scammers used AI to trick well-meaning people. Last December saw AI voice-cloning tools mimic singer Kelly Clarksoni to sell weight-loss gummies. Over the summer, scammers posted other ads using the synthesized voice of Elon Muskii.
Meanwhile, more quietly yet no less damaging, we’ve seen a glut of AI-generated fakes flood our screens. They look more convincing than ever, as bad actors use AI tools to spin up fake videos, emails, texts, and images. They do it quickly and on the cheap, yet this fake content still has a polish to it. Much of it lacks the telltale signs of a fake, like poor spelling, grammar, and design.
Another example of AI-generated fake content comes from a BBC report on disinformation being fed to young studentsiii. In it, they investigated several YouTube channels that use AI to make videos. The creators of these channels billed them as educational content for children, yet the investigators found them packed with falsehoods and flat-out conspiracy theories.
This BBC report offers a prime example of deliberate disinformation, produced on a vast scale, passing itself off as the truth. It’s also one more example of how bad actors use AI, not for scams, but for spreading outright lies.
Amid all these scams and disinformation floating around, going online can feel like playing a game of “true or false.” Quietly, and sometimes not so quietly, we find ourselves asking, “Is what I’m seeing and hearing real?”
AI has made answering that question tougher, for sure. Yet that’s changing. In fact, we’re now using AI to spot AI. As security professionals, we can use AI to help sniff out what’s real and what’s fake. Like a lie detector.
We showcased that exact technology at the big CES tech show in Las Vegas earlier this year. Our own Project Mockingbird, which spots AI-generated voices with better than 90% accuracy. Here’s a look at it in action when we ran it against the Taylor Swift scam video. As the red lines spike, that’s our AI technology calling out what’s fake …
In addition to AI audio detection, we’re working on technology for image detection, video detection, and text detection as well — tools that will help us tell what’s real and what’s fake. It’s good to know technology like this is on the horizon.
Yet above and beyond technology, there’s you. Your own ability to spot a fake. You have a lie detector of your own built right in.
Like Ferris Bueller said in the movies years ago, “Life moves pretty fast …” and that’s true of the internet too. The speed of life online and the nature of our otherwise very busy days make it tough to spot fakes. We’re in a rush, and we don’t always stop and think if what we’re seeing and hearing is real. Yet that’s what it takes. Stopping, and asking a few quick questions.
As put forward by Common Sense Media, a handful of questions can help you sniff out what’s likely real and what’s likely false. As you read articles, watch videos, and so forth, you can ask yourself:
Answering only a few of them can help you spot a scam. Or at least get a sense that a scam might be afoot. Let’s use the Taylor Swift video as an example. Asking just three questions tells you a lot.
First, “what important info is left out?”
The video mentions a “packaging error.” Really? What kind of error? And why would it lead Le Creuset to give away thousands and thousands of dollars worth of their cookware? Companies have ways of correcting errors like these. So, that seems suspicious.
Second, “is this credible?”
This one gets a little tricky. Yet, watch the video closely. That first clip of Swift looks like a much younger Swift compared to the other shots used later. We’re seeing Taylor Swift from her different “eras” throughout, stitched together in a slapdash way. With that, note how quick the cuts are. Likely the scammers wanted to hide the poor lip-synching job they did. That seems yet more suspicious.
Lastly, “who paid for this content?”
OK, let’s say Le Creuset really did make a “packaging error.” Would they really put the time, effort, and money into an ad that features Taylor Swift? That would most certainly heap even more losses on those 3,000 “mispackaged” pieces of cookware. It doesn’t make sense.
While these questions didn’t give definitive answers, they certainly raised several red flags. Everything about this sounds like a scam, thanks to asking a few quick questions and running the answers through your own internal lie detector.
So, how you can tell what’s real and what’s fake online? In the time of AI, it’ll get easier as new technologies that detect fakes roll out. Yet as it is with staying safe online, the other part of knowing what’s true and false is you.
Hopping online today calls for a critical eye more now than ever. Bad actors can cook up content with AI at rates unseen until now. And they create it to strike a nerve. To lure you into a scam or to sway your thinking with disinformation. With that, content that riles you up, catches you by surprise, or that excites you into action is content that you should pause and think about.
Asking a few questions can help you spot a fake or give you a sense that something about that content isn’t quite right, both of which can keep you safer online.
The post Safer Internet Day: Telling What’s Real from What’s Fake Online appeared first on McAfee Blog.
As voters in the recent New Hampshire primary have found, a fake robocall of President Joe Biden has been making the rounds. Using AI voice-cloning technologies, the bogus message urges Democratic voters to stay home and “… save your vote for the November election.”
The phony message further went on to say, “Your vote makes a difference in November, not this Tuesday.”
NBC News first reported the storyi, and the New Hampshire Attorney General’s office has since launched an investigation into what it calls an apparent “unlawful attempt to disrupt the New Hampshire Presidential Primary Election and to suppress New Hampshire votersii.”
This is just one of the many AI voice-clone attacks we’ll see this year. Not only in the U.S., but worldwide, as crucial elections are held around the globe.
Indeed, billions of people will cast their votes this year, and the rise of AI technologies begs something important from all of us — everyone must be a skeptic.
With AI tools making voice clones, video and photo deepfakes, and other forms of disinformation so easy to create, people should be on guard. Put simply, we need to run the content we see and hear through our own personal lie detectors.
A couple of things make it tough to spot a fake, as AI tools create content that appears more and more convincing.
First, our online lives operate at high speed. We’re busy, and a lot of content zips across our screens each day. If something looks or sounds just legit enough, we might assume it’s authentic without questioning it.
Second, we encounter a high volume of content that results in big emotions, making us less critical of what we see and hear. When fake content riles us up with anger or outrage, we might react, rather than follow up and learn if it’s true or not.
That’s where your personal lie detector comes in. Take a moment. Pause. And ask yourself a few questions.
What kind of questions? Common Sense Media offers several that can help you sniff out what’s likely real and what’s likely false. As you read articles, watch videos, and or receive that robocall, you can ask yourself:
Answering only a few of them can help you spot a scam or a piece of disinformation. Or at least get a sense that a scam or disinformation might be afoot. Let’s use the President Biden robocall as an example. Asking only three questions tells you a lot.
First, “Is this credible?”
In the call, the phony message from the President asks voters to “… save your vote for the November election.” Would the leader of the world’s largest democracy truly ask you not to vote in an election? Not to exercise a basic right? No. That unlikelihood marks a strong indication of a fake.
Second, “Who might benefit from or be harmed by this message?”
This question takes a little more digging to answer. Because the Democratic party shifted its first Presidential primary election from New Hampshire to South Carolina this year, local supporters have launched a grassroots effort. Its intent is to encourage voters to write in Joe Biden on their Tuesday ballot to show support for their favored candidate. The disinformation contained in the AI clone robocall could undermine such efforts, marking yet another strong indication of a fake.
Lastly, “what important info is left out of the message?
How does “saving your vote” for another election help a candidate? The message fails to explain why. That’s because it doesn’t help. You have a vote in every election. There’s no saving your vote. This further raises a major red flag.
While these questions didn’t give definitive answers, they certainly call plenty of components of the audio into question. Everything about this robocall sounds like a piece of disinformation, once you ask yourself a few quick questions and run the answers through your own internal lie detector.
With the political stakes so particularly high this year, expect to see more of these disinformation campaigns worldwide. We predict that more bad actors will use AI tools to make candidates say things they never said, give people incorrect polling info, and generate articles that mislead people on any number of topics and issues.
Expect to use your lie detector. By slowing down and asking some of those “Common Sense” questions, you can uncover plenty.
Also, take comfort in knowing that we’re developing technologies that detect AI fakes, like our Project Mockingbird for AI-generated audio. Moreover, we’re working on technologies for image detection, video detection, and text detection as well. We want to make spotting a fake far easier than it is, something you can do in seconds. Like having an AI lie detector in your back pocket.
Between those technologies and your own common sense, you’ll have powerful tools to know what’s real and what’s fake out there.
[ii] https://www.doj.nh.gov/news/2024/20240122-voter-robocall.html
The post Was the Fake Joe Biden Robocall Created with AI? appeared first on McAfee Blog.
Imagine a “Privacy Facts” label on the apps, devices, and websites you use. Like a digital version of the “Nutrition Facts” on the sides of your cereal boxes and other food you buy. With a quick look, you could see what the company behind that app, device, or website collects — and what they do with it.
Sadly, no such label exists. The fact of privacy today is that it takes work to uncover how the apps, devices, and websites you use collect your personal data and info.
To uncover those details, you’ll find yourself wading through privacy policies, which are known for their thick legalese. And they can get rather vague. Words like “may” and “might” leave the door open for what companies really do with the personal info and data they collect. They “may” share it with other parties and they “might” sell it to other parties as well.
Meanwhile, those other parties “may” or “might” use it for their own purposes. Other parties that are largely unknown to you, if not completely unknown, because they’re undisclosed.
As a result, once your personal data and info gets out there, it has a way of getting around.
Data and info collection powers the internet, which counts as yet one more fact of privacy. Yet that collection has its legal and ethical boundaries. And those boundaries stand front and center once again this Data Privacy Day.
Data Privacy Day gives us a chance to consider the importance of respecting privacy, of protecting data, and of building trust. Particularly on the internet, where data is the coin of the realm. It holds great value. Companies want it to improve their services and marketing. Bad actors want it to commit fraud and theft — or sell it on dark marketplaces.
Your clutch of personal data and info has a price tag hanging on it. That makes it worth protecting.
Granted, we think about privacy every day. The value it has. The importance of protecting it. And how we can make that protection it stronger and easier for you. That’s very much on our minds in a time where people say they have little idea about what personal data and info gets collected.
Indeed, plenty of people are scratching their heads about their privacy online. Findings from Pew Research in 2023 showed that roughly three-quarters of Americans surveyed said they feel like they have little or no control over data collectioni. Moreover, 67% of them said they understand little to nothing about what companies are doing with their personal data. That’s up 8% from 59% in 2019ii.
In four short years, more people feel like protecting their privacy is out of their hands. Even the ripple effects of the European Union’s General Data Protection Regulation (GDPR)iii and strong consumer privacy laws in a dozen or so U.S. statesiv haven’t increased their confidence. Only 61% of Americans feel that anything they do will make much difference when it comes to managing their privacy onlinev.
Yet something else has happened in those four years. Online protection software has become more powerful. Particularly when it comes to privacy. Even if things feel otherwise, you truly can take significant steps that make a difference in your privacy.
As far as our online protection software goes, it offers several simple and powerful ways to protect your privacy. McAfee+ features Personal Data Cleanup and Online Account Cleanup — two ways you can take control of your data and info. With them, you can:
Further, McAfee+ rounds things out with our VPN. That keeps you anonymous from advertisers and other data collectors, all while securing you from other prying eyes online.
Those handful of features, part of your overall identity and virus protection, can make you far more private. Even in a time of opaque privacy policies and heavy data collection online. Once again, our aim is to make that simple and powerful for you.
It really is too bad there’s not a label for privacy. Sure, it’d be nice if you could peer into the Privacy Facts of the apps, devices, and websites you use. But the good news is that online protection software can put you in control of your personal data and info without those details. You truly are in more charge of your privacy than you might feel nowadays.
[ii] https://www.pewresearch.org/internet/2023/10/18/how-americans-view-data-privacy/
[iii] https://gdpr.eu/what-is-gdpr/
[iv] https://pro.bloomberglaw.com/brief/state-privacy-legislation-tracker/
The post Protect What Matters on Data Privacy Day appeared first on McAfee Blog.
Security researchers have discovered a massive data breach containing more than 26 billion records — a hacker’s trove of records compiled from LinkedIn, Twitter, Adobe, and thousands of other organizations. Likely the largest of its kind, researchers have dubbed it MOAB or the “Mother of All Breaches.”
With billions of pieces of personal info compromised, you can count on one thing here for sure. Bad actors out there will surely take advantage of this windfall. We’ll share the immediate steps you can take to stay safe.
Just to get a sense of the breach’s scope, the newly discovered database contains over 3,800 folders, each containing records from an individual data breach. As such, it seems that these breached records were compiled over time to create this database.
Within that list of 3,800 folders, it includes major brands and entities such as Twitter/X (281 million records), LinkedIn (251 million records), Evite (179 million records), and Adobe (153 million records). Leading the way with breached records is Tencent, with 1.5 billion records exposed.
Researchers also discovered that the leak contains records from government organizations in the US, Brazil, Germany, Philippines, Turkey, and other countries.
To date, no group has stepped forward to claim responsibility for this massive compilation of breached info. Researchers speculate that it could be a “malicious actor, data broker, or some service that works with large amounts of data.”
Given the scale of the breach, your best bet is to act like your data was caught up in it.
This breach truly is a treasure trove for hackers and scammers. With the info contained in it, they can launch follow-on attacks. Like identity theft, phishing attempts, and password-stuffing attacks often follow in the wake of breaches. And indeed, this is a massive breach.
We can’t stress enough that acting now is super important.
Immediate steps include:
Changing passwords now is a must. Strong and unique passwords are best, which means never reusing your passwords across different sites and platforms. Using a password manager will help you keep on top of it all, while also storing your passwords securely. Moreover, changing your passwords regularly might make a stolen password worthless because it’s out of date.
While a strong and unique password is a good first line of defense, enabling two-factor authentication across your accounts will help your cause by providing an added layer of security. It’s increasingly common to see nowadays, where banks and all manner of online services will only allow access to your accounts after you’ve provided a one-time passcode sent to your email or smartphone. If your accounts support two-factor authentication, enable it.
An identity monitoring service can monitor everything from email addresses to IDs and phone numbers for signs of breaches so you can take action to secure your accounts before they’re used for identity theft. Personal info harvested from data breaches can end up on dark web marketplaces where other bad actors buy it for their own attacks. Ours monitors the dark web for your personal info and provides early notifications if your data is found on there, an average of 10 months ahead of similar services. We also provide guidance to help you act if your info is found.
When personal info gets released, there’s a chance that a hacker, scammer, or thief will put it to use. This might include committing fraud, where they draw funds from existing accounts, and theft, where they create new accounts in a victim’s name.
With that, strongly consider taking preventive measures now. Checking your credit, putting a security freeze in place, and getting theft protection can help keep you safe in the wake of a breach. You can get all three in place with our McAfee+ Advanced or Ultimate plans. Features include:
Credit monitoring keeps an eye on changes to your credit score, report, and accounts with timely notifications and guidance so you can take action to tackle identity theft.
Security freeze protects you proactively by stopping unauthorized access to existing credit card, bank, and utility accounts or from new ones being opened in your name. And it won’t affect your credit score.
ID Theft & Restoration Coverage gives you $2 million in identity theft coverage and identity restoration support if determined you’re a victim of identity theft. This way, you can cover losses and repair your credit and identity with a licensed recovery expert.
A complete suite of online protection software can offer layers of extra security. In addition to password management and identity theft protection, it includes AI-powered scam detection that can spot scam texts, emails, and links on social media that otherwise look legit. If you accidentally tap or click on a sketchy link? Don’t worry, it can block those links from taking you to risky sites too. In all, online protection software offers you a broad range of defenses and preventative measures any time data breaches occur. Even breaches the size of the MOAB breach.
The post 26 Billion Records Released in “The mother of all breaches” appeared first on McAfee Blog.
Taylor Swift wants plenty of good things for her fans — but a free Dutch oven isn’t one of them.
A new scam has cropped up on social media, where an AI deepfake of Swift targets her loyal Swifties with the lure of free Le Creuset products. Yet no one winds up with a piece of the singer’s much-beloved cookware. Instead, they end up with a case of identity fraud. This latest scam follows a string of celebrity deepfakes on YouTube and scams also targeting Kelly Clarkson.
The story has made its share of headlines. Unsurprisingly so, given the singer’s high profile. Scammers have cooked up a synthetic version of Swift’s voice, using AI voice cloning technology we’ve highlighted in our blogs before.
With a script for the voice clone and real snippets of video of the star, the scammers (not Swift) encourage fans to jump on the free offer. All it takes is a $9.96 shipping fee. Paid for by credit or debit card. Once in the hands of the scammers, the cards get charged, and sometimes charged repeatedly. In all, it’s a classic case of identity fraud — this time with an AI voice clone twist.
Image of footage from the Taylor Swift social media scam.
Le Creuset quickly pointed out that no such promotion exists and that any certified Le Creuset promotions get posted on their official social channels. So, to put a fine point on it, Tay-Tay will not send you a Le Creuset.
Swift unfortunately finds herself in plenty of company. As we’ve reported previously, 2023 saw numerous celebrity AI cloning scams that hawked bogus goods, crooked investment scams, and phony cryptocurrency deals. Our 2024 predictions blog called for much more of the same this year, and the Taylor Swift scam has kicked things off in a high-profile way.
If people haven’t heard about AI cloning scams already, there’s a good chance that they do now.
So, what are we to do about it? How are we to tell what’s real and what’s fake online? Our Project Mockingbird points to the answer.
We just unveiled Project Mockingbird at the CES tech show in Las Vegas, a new technology that helps detect AI-generated audio in deepfakes. Think of it as a lie detector that spots fake news and other schemes.
See for yourself. We ran video of the Taylor Swift cookware scam through our Project Mockingbird technology. You’ll see red lines spike as it detects cloned audio, which shows you to what degree the audio is real or fake, all along a charted timeline.
In addition to spotting celebrity scams, this approach to AI clone detection combats another particularly popular form of deepfake. The AI wrapper scam, where scammers wrap their cloned speech inside an otherwise legitimate video. Check out the example below. Here, scammers used clips of real news presenters to dress up their ChatGPT investment scam video.
Note how the detector registered at the baseline when the news presenters spoke, which indicates authentic audio. Then note how it spiked when the cloned audio kicked in — the part of the video that pitched the ChatGPT investment scam.
Project Mockingbird marks the first public demonstration of our new AI-detection technologies. In addition to AI audio detection, we’re working on technology for image detection, video detection, and text detection as well.
With these capabilities, we’ll put the power of knowing what is real or fake directly into your hands. Another way you can think about it is that McAfee is like having a lie detector in your back pocket. With it, you’ll know what’s real and what’s fake online. Something we’ll all need more and more as AI technologies mature.
Looking ahead, we’ll see more than celebrity scams. We’ll see AI voice clones used to trick family members into sending money as part of phony emergency message scams. We’ll see it used for cyberbullying. And we’ll see bad actors use it to twist political speech across 2024’s major election cycles worldwide.
Through it all, we aim to give you the power of trust — to trust what you see and hear online. To know what’s real and what’s fake out there. Project Mockingbird represents our first public step toward that goal.
The post No, Taylor Swift Won’t Send You a Free Dutch Oven — The New AI Cloning Scam appeared first on McAfee Blog.
New year, new tech. That’s what hits the floor at the CES show each January in Las Vegas. Whether it’s striking, strange, or just pretty cool, plenty of this year’s tech is connected — and that means it needs to get protected.
Already we’ve seen a personal health scanner that works like a tricorder from Star Trek, smart belts that help people with limited vision get around safely, and smart locks that open your door with the palm of your hand.
Coursing through all these connected devices are data and info — data and info about you. Your family. Your home. Your comings and goings. The kind of data and info that all kinds of people want to get their hands on.
That’s where protection comes in.
Any device connected to the internet must be protected. Even if it’s something as innocuous as a smart wall outlet. The reason is, your home network is only as strong as its weakest security link. And many smart devices don’t come with the best security out of the box. Hackers know this. By compromising a device like a smart wall outlet, a hacker can gain access to the rest of the network and the devices and data on it.
But how do you protect a smart wall outlet, along with that smart coffeemaker, door lock, and refrigerator? We’ll run it down for you, plus advice for keeping the latest in medical, fitness, and mobile devices safe as well.
Broadly speaking, you can protect most of your tech with a handful of steps. Whether it’s a new Wi-Fi router, smartwatch, or even a connected fridge, they can all benefit from the following basics.
Use strong, unique passwords.
When it’s time to set up a new account or device, go with a strong, unique password. Strong means a mix of at least 12 characters, if not more. That includes a mix of numbers, symbols, and both letter cases, upper and lower. Unique means you don’t repeat it across accounts. That way, if one password gets compromised, the rest will remain secure.
Why strong and unique? Given today’s computing power, a hacker’s password generator can create millions of passwords in seconds. Weak passwords have no chance against them. It’s a simple matter of statistics.
Consider a password that uses eight numbers, uppercase and lowercase letters, and symbols. Sounds pretty strong, right? Unfortunately, a brute-force attack might crack that password in as fast as one second. One second …
|
Password Length
(Using numbers, uppercase and lowercase letters, and symbols) |
Time to Crack |
| 8 | One Second |
| 12 | Eight Months |
| 16 | 16 Million Years |
However, increase that password length to twelve numbers, uppercase and lowercase letters, and symbols — it’d that eight months to crack that password. Bump it up to 16, and it would take 16 million years. The longer it is, the more complex it is. And thus tougher to crack. It’s the difference between one second and 16 million years. And if a hacker’s brute-force attack on one password takes too long, it’ll simply move onto the next one.
A password manager can help create strong, unique passwords for you. Also found in comprehensive online protection software, a password manager can create and securely store strong and unique passwords for your mom and dad, giving them one less thing they need to remember and worry about.
Use multi-factor authentication
Online banks, shops, and other services commonly offer multi-factor authentication to help protect your accounts — with the typical combination of your username, password, and a security code sent to another device you own (often a mobile phone).
If your device or account supports multi-factor authentication, consider using it there too. It throws a big barrier in the way of hackers who try and force their way into your device with a password/username combination.
Keep everything updated
Update your apps and devices regularly. In addition to fixing the odd bug or adding the occasional new feature, app and device updates often address security gaps. Out-of-date apps and devices might have flaws that hackers can exploit, so regular updating is a must from a security standpoint. If you can set your apps and devices to receive automatic updates, even better.
Keep in mind that this very much applies to smart home devices as well.
Secure your internet router
Another device that needs good password protection is your internet router. Make sure you use a strong and unique password there as well to help prevent hackers from breaking into your home network.
Also consider changing the name of your home network so that it doesn’t personally identify you. Fun alternatives to using your name or address include everything from movie lines like “May the Wi-Fi be with you” to old sitcom references like “Central Perk.” Also check that your router is using an encryption method, like WPA2 or the newer WPA3, which will keep your signal secure.
Protect (your) everything
Comprehensive online protection software can secure your phones, tablets, and computers. Moreover, it can protect your privacy, identity, and spot scam texts, messages, and links — just to name a few of the many things it can do.
Moreover, these devices often connect to other devices on your home network. In a way, they act as a remote control for smart home devices like thermostats, alarms, and door locks. Protecting phones, tablets, and computers thus protect those other devices by extension.
The smarts behind a smart home come from you. At least when it comes to keeping it more private and secure. The thing with smart home devices is this, they’re connected. And anything that gets connected gets protected. That can look a little different for these devices than it does for your computers and phones, yet there are steps you can take.
Reset the factory password
Many smart home and internet of things (IOT) devices come with preset usernames and passwords from the factory. So much so, that you can easily find lists of stock usernames and passwords for these devices posted online where hackers can get a hold of them.
In the past, we’ve seen all kinds of attacks occur when these credentials don’t get changed. Among them are stories of hacked baby monitors where attackers take control of the camera and speakers. So just as you do for your other devices and accounts, create a fresh username and pair it with a strong, unique password as outlined above.
Upgrade to a newer internet router
Likewise, older routers might have outdated security measures, which might make them more prone to attacks. If you’re renting yours from your internet provider, contact them for an upgrade. If you’re using your own, visit a reputable news or review site such as Consumer Reports for a list of the best routers that combine speed, capacity, and security.
Set up a guest network specifically for your IoT devices
Just as you can offer your guests secure access that’s separate from your own devices, creating an additional network on your router allows you to keep your computers and smartphones separate from IoT devices. This way, if an IoT device is compromised, a hacker will still have difficulty accessing your other devices on your primary network, the one where you connect your computers and smartphones.
One more note — research the manufacturer
One of the strongest security measures you can take is research. Before purchasing, look up the manufacturer. Have they had security issues with their devices in the past? Are their devices well-reviewed? How about their privacy policy? What are they doing with your data?
It can get a little tricky tracking down that kind of info, yet you have a couple of great places to start. One is Consumer Reports and their thorough reviews of devices and tech. Another resource is Mozilla Foundation’s “Privacy Not Included” site, which reviews connected products like smart home and IoT devices for safety and security.
For a quick check-in, a prescription consultation, or just a conversation with a healthcare pro, telemedicine has firmly established itself as a viable option for many types of care. Of course, the info discussed and shared in such a visit can be sensitive.
Use a VPN
A VPN, or virtual private network, offers a strong layer of additional protection when you’re transmitting health data or having a private conversation about your health with a professional. A VPN creates an encrypted tunnel to keep you and your activity anonymous. In effect, your data is scrambled and hidden to anyone outside your VPN tunnel, thus making your private info difficult to collect. Check with the care provider to see if their telemedicine solution uses a VPN. If not, you can always get a VPN as part of your online protection software.
Check in with your provider
If you’re considering a virtual doctor visit, now’s a great chance to check in with your care provider before your appointment. This way, you can get comfortable with what your visit will look like, find out what special apps (if any) are used, and how your care provider will protect your privacy. Also, you can decide which device you’ll use and where you’ll use it so that you feel at ease during your virtual visit.
A reputable care provider will likely put all this pre-appointment info together for you on their website or “frequently asked questions” (FAQ) page, which will include helpful links and numbers to call if you need help or have questions. For an example of what that might look like, check out the telemedicine page that Virginia Mason/Franciscan Health designed for its patients.
Pick a private place
We’ve talked plenty about digital security, yet there’s the old-fashioned issue of physical eavesdropping to think about too. When it’s time for your actual appointment, pick a place in your home where you can ensure yourself some privacy. (Of course, don’t go online for your virtual appointment in a public place.) Look for a space where you can’t be overheard by neighbors and passers-by — preferably someplace like your bedroom where you can be comfortable as well.
By design, many wearables are big on data collection. Coursing through them are all kinds of data, about your vital signs, sleep patterns, not to mention your whereabouts — like when and where you like to run on your hill training days. Keeping these devices secure means keeping some of your most personal info secure as well.
As always, research the manufacturer
Very similar to what we mentioned about smart home and IoT devices, check the manufacturer’s track record. Read reviews. Hit up trusted sources. In all, find out how private and secure your device is. The same resources listed above can help you make an informed purchase.
When it comes to privacy, not all privacy policies are equal. The same goes for their privacy policies. Reading the privacy policy will tell you what kind of data the device collects. Further, it will show if and how it’s shared with the manufacturer and if they sell or share it with others. Likewise, you can factor what you find into your purchasing decision.
Adjust the privacy settings
This will vary from device to device as well, yet one more way you can lock down your privacy is in the device settings. Look for options around location tracking, social media sharing, and what types of data are shared online in addition to the device. Overall, consider what kind of fitness data it gathers and where it goes. If you’re not comfortable with that data ending up in the hands of a stranger, make it private.
When upgrading to a new device, wipe your old one.
Along the same lines, that old wearable of yours might be chock full of data. Before passing it along, selling it, or recycling it, wipe it. Remove all the old data by restoring it to factory settings (your manufacturer can show you how).
Also, delete any old online account associated with it if you have no more use for it. See to it that any data with that account gets deleted as well, which leaves you with one less account that could wind up the target of a data breach. A service like our own McAfee Online Account Cleanup can help, which you can find in our McAfee+ plans.
Certainly, if there’s one device that works like the remote control for our lives, it’s our smartphone. Smartphones and mobile devices like them need protection too — in their own right, and because they connect to so much more.
Avoid third-party app stores
Google Play and Apple’s App Store have measures in place to review and vet apps to help ensure that they are safe and secure. Third-party sites might very well not, and they might intentionally host malicious apps as part of a front. Further, Google and Apple are quick to remove malicious apps from their stores when discovered, making shopping there safer still.
Review apps carefully
Check out the developer — have they published several other apps with many downloads and good reviews? A legit app typically has quite a few reviews, whereas malicious apps might have only a handful of (phony) five-star reviews. Lastly, look for typos and poor grammar in both the app description and screenshots. They could be a sign that a hacker slapped the app together and quickly deployed it.
Yet better than combing through user reviews yourself is getting a recommendation from a trusted source, like a well-known publication or from app store editors themselves. In this case, much of the vetting work has been done for you by an established reviewer. A quick online search like “best fitness apps” or “best apps for travelers” should turn up articles from legitimate sites that can suggest good options and describe them in detail before you download.
Keep an eye on app permissions
Another way hackers weasel their way into your device is by getting permissions to access things like your location, contacts, and photos — and they’ll use malicious apps to do it. If an app asks for way more than you bargained for, like a simple puzzle game that asks for access to your camera or microphone, it might be a scam. Delete the app.
Lock your phone — and keep an eye on it too
Some bad actors will try to install spyware on phones themselves. However, this requires access, time, and effort to pull off. Locking your phone and always keeping it close can help prevent bad actors from infecting your phone this way.
Another step you can take is to familiarize yourself with the remote locking and wiping features of your mobile device. Many manufacturers offer this feature on mobile devices. Strongly consider using it in the event of loss or theft.
The post New Year, New Tech at CES — The Latest Protection for the Latest Tech appeared first on McAfee Blog.
We’ve seen how AI can create — and how it can transform our lives. What gets talked about less is how AI protects us too.
Certainly, it’s tough to miss how generative AI has turned sci-fi dreams of the past into today’s reality. From AI apps that help ease loneliness thanks to their human-like conversations, to technology that can predict and manage health risks, to browsers that whip up pieces of art with a prompt, it’s changing the way we go about our day and the way we live our lives.
However, we find ourselves only in generative AI’s earliest days. Countless more applications await over the near and distant horizon alike.
Yet that’s the important thing to remember with AI. It’s an application. A tool. And like any other tool, it’s neutral. Whether it helps or harms comes down to the person using it.
Thus, on the flip side of AI, we’ve seen all manner of shady and damaging applications. Hackers use AI to code new forms of malware at record rates. Scammers spin up convincing-looking phishing attacks and sites that harvest personal info, also at record rates. And we’ve further seen bad actors use so-called “deepfake” technologies to clone the voices and likenesses of public figures, whether for profit or to spread disinformation.
So, amid the excitement about AI, there runs a thread of uncertainty. Recently, we found that 52% of Americans are more concerned than excited about AI in daily life. Only 10% of people said they’re more excited than concerned. Meanwhile, 36% feel a mix of excitement and concern.
Uncertainty prevails, for sure. Yet something often gets overlooked in the conversation about AI: it can offer powerful protections against all manner of threats. Moreover, AI offers particularly potent protections against AI threats.
In this way, AI is your ally. At McAfee, we’ve used it to protect you for nearly a decade now. In fact, AI applications have been around for some time, long before they made headlines like they do now. And we continue to evolve AI technologies to help keep you safe. In the age of AI, McAfee is your ally. Our aim is to give you certainty and safety in rapidly changing times.
Ultimately, here’s what’s at stake today: people want to know what they can trust, and AI has made that tricky. What’s real? What’s fake? It’s getting tougher and tougher to tell.
The future of AI and online safety lies in pairing progress with protection. Here at McAfee, we see this as our role. We’re evolving AI in ways that give people the power to protect their privacy, identity, and devices even better than before. Now, that protection extends yet further. It also gives them the power to know what they can trust whenever they go online.
The time couldn’t be more right for that. Uncertainty about AI prevails. In all, more than half of Americans we talked to said they’re concerned that the arrival of AI has made online scams more accurate and believable.
Our threat detection figures put their concerns into focus:
With that, we ask ourselves, what can AI do for you? How can it keep you safe? Three principles provide the answer:
These principles drive our thinking in significant ways as we pair progress with protection in the age of AI. They stand as our commitment to keeping you safe and certain online, through our existing technologies and entirely new technologies alike.
As we’ve used AI as a core component of our protection for years now, it’s done plenty for you over that time. Our AI has sniffed out viruses, malicious websites, and sketchy content online. It’s helped steer you clear of malicious websites too.
So, the AI you have in your McAfee antivirus, it works like this:
Now we’ve made improvements to our AI-driven protection — and unveiled all-new features that take full advantage of AI, such as McAfee Next-gen Threat Protection and McAfee Scam Protection.
McAfee’s AI-powered security just got faster and stronger. Our Next-gen Threat Protection takes up less disk space, reduces its background processes by 75%, and scans 3x faster than before. This makes your time online safer without slowing down your browsing, shopping, streaming, and gaming.
Results from AV-TEST’s product review in October 2023 saw it block 100% of entirely new malware attacks in real-world testing. It likewise scored 100% against malware discovered in the previous four weeks. In all, it received the highest marks for protection, performance, and usability — earning it the AV-TEST Top Product certification.
Moreover, AI continually gets smarter because every evaluation provides more data for it to learn and improve its accuracy. McAfee conducts over 4 billion threat scans a day, and that number is quickly growing. We continue to innovate with leading-edge AI technology to provide the most advanced and powerful protection available.
The AI-powered scam protection in McAfee+ is like having that lie detector test we mentioned earlier. Advanced AI-powered technology helps prevent you from opening scam texts and blocks risky sites if you accidentally click on a scam link in texts, QR codes, emails, social media posts, and more. This AI-driven scam protection delivers real-time mobile alerts when a scam text is detected and is the only app on the market that sends alerts on both iOS and Android.
Advances in threat protection and scam protection mark just the start of where we’re taking our long-standing use of AI next. Sure, AI has made life easier for hackers and scammers. In some ways. In yet more important ways, it’s making their lives far more difficult. Downright tough in fact, particularly as we use it here at McAfee to detect their scam messages and texts, beat their AI-generated malware, and warn you of their malicious websites. And that’s just for starters. We have more to come.
You can expect to see other fraud-busting and info-validating uses of AI across our online protection software in the months to come. That’s what’s in store as we stand as you ally in the age of AI.
The post How to Stay Safe in the Age of AI appeared first on McAfee Blog.
AI and major elections, deepfakes and the Olympics — they all feature prominently in our cybersecurity predictions for 2024.
That’s quite the mix. And that mix reflects the nature of cybersecurity. Just as changing technology shapes cybersecurity, it gets further shaped by the changing world we live in. The bad actors out there exploit new and emerging technologies — just as they exploit events and trends. It’s a potent formula that bad actors turn to again and again. With it, they concoct a mix of ever-evolving attacks.
For a pointed example of the interplay between technology and culture, look no further than Barbie. More specifically, the scams that cropped up around the release of the “Barbie” movie. Using AI tools, scammers generated videos that promoted bogus ticket giveaways. They combined the new technology of AI with the hype surrounding the film and duped thousands of victims as a result.
We expect to see more of the same in 2024, and we have several other predictions as well. With that, let’s look ahead so you can stay ahead of the hacks and attacks we expect to see in 2024.
2024 has plenty on the slate in terms of pivotal elections. Across the globe, we have the United States presidential election, general elections in India, and the European Union parliamentary elections, to name a few. While every election comes with its fair share of disinformation, the continued evolution of generative AI tools such as ChatGPT, DALL-E, and Stable Diffusion add an extra level of complication.
So, if a picture is worth a thousand words, what’s an AI-generated photo, video, or voice clone worth? For disinformation, plenty.
Already, many voters raise a skeptical brow when politicians sling statements aimed at discrediting their opponents. Yet when those words are backed by visual evidence, such as a photo or video, it lends them the appearance of credibility. With AI tools, a few keywords can give a false statement or accusation life in the form of a (bogus) photo or video, which now go by the common name of “deepfakes.”
Certainly, 2024 won’t be the first election where bad actors or unscrupulous individuals try to shape public opinion through the manipulation of photos and videos. However, it will be the first election where generative AI tools are significantly more accessible and easier than ever to use. As a result, voters can expect to see a glut of deepfakes and disinformation as the election cycle gears up.
Likewise, the advent of AI voice-cloning tools complicates matters yet more. Consider what that means for the pre-recorded “robocalls” that campaigns use to reach voters en masse. Now, with only a small sample of a candidate’s voice, bad actors can create AI voice clones with striking fidelity. They read from any script a bad actor bangs out and effectively put words in someone else’s mouth — potentially damaging the reputation and credibility of candidates.
As we reported earlier this year, AI voice cloning is easier and more accessible than ever. It stands to reason that bad actors will turn it to political ends in 2024.
Disinformation has several goals, depending on who’s serving it up. Most broadly, it involves gain for one group at the expense of others. It aims to confuse, misdirect, and manipulate its audience — often by needling strong emotional triggers. That calls on us to carefully consider the media and messages we see, particularly in the heat of the moment.
That can present challenges at a time when massive amounts of content scroll by our eyes in our subscriptions and feeds. Bad actors count on people taking content at immediate face value. Yet asking a few questions can help you spot disinformation when you see it.
The International Federation of Library Associations and Institutions offers this checklist:
That last piece of advice is particularly strong. De-bunking disinformation takes time and effort. Professional fact-checkers at news and media organizations do this work daily. Posted for all to see, they provide a quick way to get your answers. Some fact-checking groups include:
Put plainly, bad actors use disinformation to sow discord and divide people. While not every piece of controversial or upsetting piece of content is disinformation, those are surefire signs to follow up on what you’ve seen with several credible sources. Also, keep in mind that those bad actors out there want you to do their dirty work for them. They want you to share their content without a second thought. By taking a moment to check the facts before you react, curb the dissent they want to see spread.
In the ever-evolving landscape of cybercrime, the emergence of AI has introduced a new level of sophistication and danger. With the help of AI, cybercriminals now possess the ability to manipulate social media platforms and shape public opinion in ways that were previously unimaginable.
One of the most concerning aspects of this development is the power of AI tools to fabricate photos, videos, and audio. These tools enable bad actors to create highly convincing and realistic content, making it increasingly difficult for users to discern between what is real and what is manipulated. This opens up a whole new realm of possibilities for cybercriminals to exploit unsuspecting individuals and organizations.
One alarming consequence of this is the potential for celebrity and influencer names and images to be misused by cybercrooks. With the ability to generate highly convincing content, these bad actors can create fake endorsements that appear to come from well-known personalities. This can lead to an increase in scams and fraudulent activities, as unsuspecting consumers may be more likely to trust and engage with content that appears to be endorsed by their favorite celebrities or influencers.
Local online marketplaces are also at risk of being targeted by cybercriminals utilizing AI. By leveraging fabricated content, these bad actors can create fake listings and advertisements that appear legitimate. This can deceive consumers into making purchases or engaging in transactions that ultimately result in financial loss or other negative consequences.
As AI continues to advance, it is crucial for consumers to be aware of the potential risks and take necessary precautions. This includes being vigilant and skeptical of content encountered on social media platforms, verifying the authenticity of endorsements or advertisements, and utilizing secure online marketplaces with robust verification processes.
One of the most troubling trends on the horizon for 2024 is the alarming rise of cyberbullying, which is expected to be further exacerbated by the increasing use of deepfake technology. This advanced and remotely accessible tool has become readily available to young adults, enabling them to create exceptionally realistic fake content with ease.
In the past, cyberbullies primarily relied on spreading rumors and engaging in online harassment. However, with the emergence of deepfake technology, the scope and impact of cyberbullying have reached new heights. Cyberbullies can now manipulate images that are readily available in the public domain, altering them to create fabricated and explicit versions. These manipulated images are then reposted online, intensifying the harm inflicted on their victims.
The consequences of this escalating trend are far-reaching and deeply concerning. The false images and accompanying words can have significant and lasting effects on the targeted individuals and their families. Privacy becomes compromised as personal images are distorted and shared without consent, leaving victims feeling violated and exposed. Moreover, the fabricated content can tarnish one’s identity, leading to confusion, mistrust, and damage to personal and professional relationships.
The psychological and emotional well-being of those affected by deepfake cyberbullying is also at stake. The relentless onslaught of false and explicit content can cause severe distress, anxiety, and depression. Victims may experience a loss of self-esteem, as they struggle to differentiate between reality and the manipulated content that is being circulated online. The impact on their mental health can be long-lasting, requiring extensive support and intervention.
The ripple effects of deepfake cyberbullying extend beyond the immediate victims. Families are also deeply affected, as they witness the distress and suffering of their loved ones. Parents may feel helpless and overwhelmed, struggling to protect their children from the relentless onslaught of cyberbullying. The emotional toll on families can be immense, as they navigate the challenges of supporting their children through such traumatic experiences.
Scammers exploit emotions – such as the excitement of the Olympics. Darkly, they also tap into fear and grief.
A particularly heartless method of doing this is through charity fraud. While this takes many forms, it usually involves a criminal setting up a fake charity site or page to trick well-meaning contributors into thinking they are supporting legitimate causes or contributing money to help fight real issues.
2024 will see this continue. We further see potential for this to increase given the conflicts in Ukraine and the Middle East. Scammers might also increase the emotional pull of the messaging by tapping into the same AI technology we predict will be used in the 2024 election cycle. Overall, expect their attacks to look and feel far more sophisticated than in years past.
Aside from its ability to write love poems, answer homework questions, and create art with a few keyword prompts, AI can do something else. It can code. In the hands of hackers, that means AI can churn out new strains of malware and even spin up entire malicious websites. And quickly at that.
Already, we’ve seen hackers use AI tools to create malware. This will continue apace, and we can expect them to create smarter malware too. AI can spawn malware that analyzes and adapts to a device’s defenses. This helps particularly malicious attacks like spyware and ransomware to infect a device by allowing it to slip by undetected. It also makes the creation and dissemination of convincing phishing emails and QR code scams, faster and easier. This extends to the creation of deepfake video, photo, and audio content aimed at deceiving unsuspecting targets and scamming them out of money. The rise of QR code scams, also known as quishing, is an additional concern. Scammers use AI to generate malicious QR codes that, when scanned, lead to phishing websites or trigger malware downloads. As the barrier to entry for these threats lowers, these scams will spread to all platforms with an increased focus on mobile devices.
However, like any technology, AI is a tool. It works both ways. AI is on your side. In fact, it’s kept you safer online for some time now. Meanwhile, at McAfee, we’ve used AI as a core component of our protection for years now. As such, it’s done plenty for you over the years. AI has sniffed out viruses, malicious websites, and sketchy content online. It’s helped steer you clear of malicious websites too.
As such, you can expect an increasing number of AI-powered tools that combat AI-powered threats.
With big events come big scams. Look for plenty of them with the 2024 Summer Olympics.
An event with this level of global appeal attracts scammers looking to capitalize on the excitement. They promise tickets, merch, and exclusive streams to events, among other things. Yet they take a chunk out of your wallet and steal personal info instead.
You can expect to see a glut of email-based phishing and message-based smishing attacks. Now, with the introduction of generative AI, these scams are getting harder and harder to identify. AI writes cleaner emails and messages, so fewer scams feature the traditional hallmarks of misspelled words and poor grammar. Combine that with the excitement generated around the Olympic games, and we can easily see how people might be tempted by bogus sweepstakes and offers for the Olympics trip of a lifetime. If they only click or tap that link. Which of course leads to a scam website.
You can expect these messages to crop up across a variety of channels, including email, text messages, and other messaging channels like WhatsApp and Telegram. They might slide into social media DMs as well.
If you’re planning to catch the Olympic action in person, scammers have a plan in mind for you — ticket fraud. As we’ve seen at the FIFA World Cup and several other major sporting events over the years, scammers spin up scam ticket sites with tickets to all kinds of matches and events. Again, these sites don’t deliver. These sites can look rather professional, yet if the site only accepts cryptocurrency or wire transfers, you can be certain it’s fraud. Neither form of payment offers a way to challenge charges or recoup losses.
The post 6 Cybersecurity Predictions for 2024 – Staying Ahead of the Latest Hacks and Attacks appeared first on McAfee Blog.
Crooks love a good gift card scam. It’s like stealing cash right out of your pocket.
That includes Amazon and Target gift cards, Apple and Google gift cards, Vanilla and Visa gift cards too. Scammers go after them all.
In the U.S. and Canada, the Better Business Bureau (BBB), the Federal Trade Commission (FTC), and the Canadian Anti-Fraud Centre have issued warnings about several types of gift card scams floating around this time of year.
The scams fall under three broad categories:
Payment scams — Here, gift card scams take their classic form. A scammer asks for payment with a gift card rather than a payment method a victim can contest, such as a credit card. When victims realize they’ve been scammed, they have no way of getting their money back.
Bogus balance-checking sites — These sites promise to check the balance on gift cards. However, they’re phishing sites. Entering card info into these sites gives scammers everything they need to steal the card balance for themselves.
Gift card tampering — This involves draining gift cards of funds after they’re purchased. Organized crime rackets steal the cards from stores and then restock them on shelves — only after they’ve scanned the barcodes and pin numbers or altered them in some way. When a victim purchases and activates the card, the crooks launder the money and leave the victim with an empty card.
Why all this focus on gift cards? They truly are as good as cash. When that money is gone, it’s gone. Yet better, it can get whisked away electronically quicker than the quickest of pickpockets.
Fortunately, you can avoid these scams rather easily when you know what to look for.
Not great. According to the U.S. Federal Trade Commission (FTC), they received nearly 50,000 reports of gift card fraud in 2022. Those losses racked up more than $250 million. Through September 2023, the BBB and FTC reported a 50% increase in cases of gift card scams over the same period in 2022. So far, that accounts for 29,000 reports and $147 million in losses — a figure that will surely climb much higher as October, November, and December roll by.
Affected cards include the usual list of well-known and reputable brands, such as Walmart, Target, Apple, Google, Amazon, Best Buy, and the Steam gaming platform. Back in 2021, Target gift cards racked up the biggest losses, an average of $2,500 per victim, according to the FTC.
Canada has seen a jump in reports as well. According to the BBB and the Canadian Anti-Fraud Centre, January through August 2023 saw roughly 1,200 reports with $3.5 million in losses for an average loss of roughly $2,900.
If you can imagine a transaction of any kind, a scammer will likely try to get you to pay for it with gift cards.
Some of the more striking examples include scammers who pose as dog breeders who take gift cards as advance payment. They also lurk in online marketplaces and local buy-sell groups, preying on victims looking to buy anything from furniture to golf carts.
And as we’ve reported in the past, scammers often pose as government officials. In these cases, they level heavy threats and demand payment for fines and back taxes, all with gift cards. That’s a sure sign of a scam.
Some scammers go to greater lengths by setting up phony online stores that only accept payment with gift cards. One high-profile example — the phony ticket sites for major sporting events like the Super Bowl and World Cup. Many of those sites offered gift cards as a payment option. In other instances, scammers set up similar bogus storefronts that sell lower-priced items like clothing and bags.
Lastly, we come around to those gift card balance-checking sites, which are really phishing sites. As reported by Tech Times, a user on Reddit uncovered a paid Google ad that directed people to one such site.
Source, Reddit
The ad is on the left. The phishing site is on the right. Note how Target is spelled as “Targets” in the ad, and the address on the phishing site is entirely different than Target.com. Yet that doesn’t stop the scammer from asking for all the info they need to steal funds from the card a victim enters.
Bottom line, if anyone, anywhere, asks you to pay for goods, services, or debts of any kind with a gift card, it’s a scam. Additionally, here’s further advice from us and the BBB:
1. Remember that gift cards are for gifts. Never for payments.
This reinforces the advice above. The crooks who run gift card scams pose as utility companies, the government, lottery officials, tech support from big-name companies, even family members — just about anyone. Yet what all these scams have in common is urgency. Scammers use high-pressure tactics to trick victims into paying with gift cards. And paying quickly.
2. Look for signs of tampering with your physical gift card.
Earlier we mentioned gift card tampering, where scammers either copy or alter the card info and then steal funds when the card is purchased. Signs of tampering include a bar code that’s affixed to the card with a sticker, a PIN that’s been exposed, or packaging that looks like it’s been altered in any way. If possible, purchase gift cards that are behind a counter where they are monitored. This can decrease the risk of purchasing a gift card that’s been tampered with. Also, save your receipt in the event of an issue.
3. Purchase online gift cards from reputable retailers.
One way you can avoid the tampering scenario above is to pick up online gift cards. Several reputable retailers and brands offer them.
4. Check your balance at the retailer or with their official app.
Both can tell you what your card balance is, securely and accurately. Avoid any site online that offers to check your balance for you.
5. Treat your gift cards like cash.
That’s what they are. If the brand or retailer issuing the card allows you to register the card, do so. And if it further allows you to change the PIN, do that as well. This way, you can report card theft with an eye to getting your money back — while changing the PIN can help keep scammers from using the card altogether.
If you fall victim to a scam, report it. Organized crime operations big and small often run them, and reports like yours can help shut them down.
Online protection like ours offers several features that can help steer you clear of scams. It can detect suspicious links, warn you of scam sites, and remove your personal info from sketchy data broker sites.
McAfee Scam Protection: McAfee’s patented and powerful AI technology helps you stay safer amid the rise in phishing scams. Including phishing scams generated by AI. It detects suspicious URLs in texts before they’re opened or clicked on. No more guessing if that text you just got is real or fake.
Web protection: And if you accidentally click on a suspicious link in a text, email, social media, or browser search, our web protection blocks the scam site from loading.
McAfee Personal Data Cleanup: Scammers must have gotten your contact info from somewhere, right? Often, that’s an online data broker — a company that keeps thousands of personal records for millions of people. And they’ll sell those records to anyone. Including scammers. A product like our Personal Data Cleanup can help you remove your info from some of the riskiest sites out there.
It’s gift-giving season, so it comes as no surprise that we’re seeing a spike in gift card scams. What makes this year’s jump so striking is the trending increase over last year’s numbers.
Remembering that gift cards are for gifts and never for payments can help you from falling for one of these scams. That and inspecting gift cards closely for tampering or opting for an online gift card can help as well. And as always, strong online protection like ours helps keep you safer from scammers as you shop, go through your messages, or simply surf around.
The post Gift Card Scams — The Gift That Keeps on Taking appeared first on McAfee Blog.
Inquisitive, curious and fiercely independent. These are the three words that come to mind when I remember my boys as tweens and teens. Now, these are all wonderful qualities but when you’re trying to teach your kids to navigate the internet, these ‘wonderful’ qualities can often make things a little harder!! Curious types want to discover and investigate – that’s natural! But it also makes our job as parents even more challenging, particularly when it comes to protecting them from the slew of inappropriate content that can be found online.
In short, inappropriate content is anything your kids may find online that they find disturbing or are not yet ready for, developmentally. It may be an image, a video or written text that is offensive and upsetting. Now, this could happen accidentally but also deliberately.
Many of us immediately think of sexually explicit material when we think of inappropriate content but there is, unfortunately, more. It can also include material that promotes extremism or terrorism, violent imagery or copy, hateful or offensive sites or posts as well as false or misleading information.
As you can imagine, it’s hard to find accurate data as to how many kids have seen inappropriate content. Many kids would loathe to admit what they have seen, feel embarrassed or are simply too distressed to report their experience. So, it’s likely that the real statistics are higher than the reported data. Research undertaken by our eSafety Office shows that a high proportion of Aussie kids aged 12 to 17 have seen inappropriate content. Here are the details:
Is it inevitable that you will see something inappropriate online? I wish I could answer no, but the reality is that at some stage it is likely that your kids will see something that they find confusing or upsetting. So, the aim of the parental game here is to ensure this happens as late as possible and that they are ready for it. Here is where I suggest you put your energy into making this happen:
I am a big fan of a family tech agreement that outlines your expectations of your kids’ online behaviour and the family’s ‘rules of engagement.’ This should be age appropriate but if your kids are young enough then please include a list of the sites they can visit, the apps they can download and the information they can share – nothing personally identifiable. I would also include rules about device usage – no devices in bedrooms overnight!! Check out my post here that will help you tailor an agreement for your family.
A clear and detailed agreement means that every family member has clarity on the rules that will keep them safe. I find sharing the ‘why’ with my kids so important – so ensure they know you’re your goal here is to keep them safe and set them up for a positive online experience.
Go out of your way to create a home environment when your kids feel comfortable talking and sharing about all aspects of their lives without judgement. Once you have this, then you will be able to have regular conversations that will help them better understand the online world and most importantly, keep them safe! The goal here is to have genuine 2-way conversations without them feeling like they are being lectured at. For example, you can explain that anything they share online creates their own ‘digital footprint’ so they need to be mindful of how they conduct themselves, You could also talk them through the dangers of spreading rumours online or sharing hurtful photos or jokes.
And if your kids know they can talk to you about anything and that you won’t overact, then they are more likely to tell you if they have seen something online that has worried them. Now, we all hope that doesn’t happen, but we all want to be able to help our kids navigate challenges if and when they arise.
Parental controls can be a really helpful tool that allows you to monitor and manage what your child sees and does online. Of course, using parental controls is not a silver bullet – you still need to remain vigilant and invested however it can be a great thing to have in your toolbox. Here’s what I Iike:
Check out more information about McAfee’s parental controls here.
As we all know, the sky is the limit when it comes to finding anything online. So, young curious minds have ample opportunity to have their every question answered. However, this is not ideal when your kids have neither age nor experience on your side. So, let me introduce you to some child-friendly search engines that will ensure there are healthy boundaries for inquisitive minds!
This is a search engine that’s designed to produce safe results for kids so it will produce quite limited results – perfect! It has been designed to block swear words and ‘rude’ language but a Commonsense Media trial found that some violent content could be generated using it.
This search engine uses Google’s strict filtering software to produce up-to-date results without the risk of anything inappropriate. Their advanced keyword filtering system monitors for alternate and modified spellings which is great for youngins!
Also using Google’s SafeSearch, KidRex promotes kid-friendly pages in its results. It also has an additional database of inappropriate keywords and sites and blocks social media results. How good!
But, if you just want to stick with Google and turn on the SafeSearch filters, you absolutely can. Just remember, that you’ll need to activate it on every device that your kids might use – including their phone!
How often do you hear yourself saying or doing something your mother does? I do all the time! Our parents are our biggest influence and are our biggest role models. And this also applies to how we engage with technology. Make sure your kids see you enjoying tech-free time, so they ‘normalise’ this. Leave your phone at home when you walk the dog, never have phones at the dinner table and always turn your phone on do not disturb when talking with your kids. The less time spent on technology means the more time for real in-person human connection.
Being open is also an imperative way to protect your kids. In fact, the more open and communicative you are with your kids, the less reason they will have to undertake their own ‘research’ online. So, if you’ve created an environment where talking about puberty, hormonal changes and teenage relationships is normal, chances are they won’t need to turn to Google for answers – and risk seeing inappropriate content.
So, if you have a tribe of curious tweens or teens, then I’m sending you my very best. It’s not an easy task protecting them from some of the more challenging content that the internet can offer. But having come out the other side – and survived – I can assure you that the more proactive you are, the easier the ride will be.
Good luck!!
Alex XX
PS If you’re thinking about parental controls, don’t forget about enabling these on your streaming services too. Netflix, Amazon Prime and Stan all offer parental controls which can restrict the content that your kids can view. It’s definitely worth the effort.
The post How to Protect Your Kids From Inappropriate Online Content appeared first on McAfee Blog.
A disturbing story out of western Spain spotlights challenges of technological evolution. Unwitting children and teenagers were victims of users of a deepfake app. Their families, shocked at how the events transpired, are equally frustrated by how little recourse they feel they have. Deepfake technology, which leverages sophisticated artificial intelligence to create realistic yet fabricated images and videos, has seen a significant uptick in usage, a surge partly attributed to advancements in AI. As this technology becomes more accessible, concerns about its misuse, particularly in creating unauthorized or malicious content that mimics real individuals, are growing.
To protect yourself and your family from being victimized by deepfake technology, it is crucial to understand some steps you can take.
There may be no perfect solution to the dynamic threat of deepfake fraud. As technology advances, people will find novel ways to leverage it for means both innocent and otherwise. Yet, there are still strategies organizations and individuals can employ to help prevent deepfake fraud and to mitigate the impacts of it, should it occur. Sometimes, in an ever-more-complicated online world, the best bet may be to simplify. Adopting tools like our personal data cleanup solutions or our all-in-one security platform with identity protection can fortify protection against deepfakes and other forms of fraud. The digital landscape is evolving. The good news is, you can, too.
The post Deepfake Defense: Your 8-Step Shield Against Digital Deceit appeared first on McAfee Blog.
Depending on the day’s most popular headlines, AI is either a panacea or the ultimate harbinger of doom. We could solve the world’s problems if we just asked the algorithm how. Or it’s going to take your job and become too smart for its own good. The truth, as per usual, lies somewhere in between. AI will likely have plenty of positive impacts that do not change the world while also offering its fair share of negativity that isn’t society-threatening. To identify the happy medium requires answering some interesting questions about the appropriate use of AI.
The full answer to this question could probably fill volumes, but we won’t go that far. Instead, we can focus on a use case that is becoming increasingly popular and democratized: generative AI assistants. By now, you’ve likely used ChatGPT or Bard or one of the dozens of platforms available to anyone with a computer. But can you prompt these algorithms and be wholly satisfied with what they spit out?
The short answer is, “no.” These chatbots are quite capable of hallucinations, instances where the AI will make up answers. The answers it provides come from the algorithm’s set of training data but may not actually be traceable back to real-life knowledge. Take the recent story of a lawyer who presented a brief in a courtroom. It turns out, he used ChatGPT to write the entire brief, wherein the AI cited fake cases to support the brief.1
When it comes to AI, human oversight will likely always be necessary. Whether the model is analyzing weather patterns to predict rainfall or evaluating a business model, it can still make mistakes or even provide answers that do not make logical sense. Appropriate use of AI, especially with tools like ChatGPT and its ilk, requires a human fact checker.
Again, this is a question more complicated than this space allows. But, we can attempt to examine a narrower application of the question. Consider that many AI algorithms in the real-world have been found to exhibit discriminatory behavior. For example, one AI had a much larger error rate depending on the sex or race of subjects. Another incorrectly classified inmate risk, leading to disproportionate rates of recidivism.2
So, can those who write these algorithms fix these concerns once the model is live? Yes, engineers can always revisit their code and attempt to adjust after publishing their models. However, the process of evaluating and auditing can be an ongoing endeavor. What AI creators can do instead is to focus on reflecting values in their models’ infancy.
Algorithms’ results are only as strong as the data on which they were trained. If a model is trained on a population of data disproportionate to the population it’s trying to evaluate, those inherent biases will show up once the model is live. However robust a model is, it will still lack the basic human understanding of what is right vs. wrong. And it likely cannot know if a user is leveraging it with nefarious intent in mind.
While creators can certainly make changes after building their models, the best course of action is to focus on engraining the values the AI should exhibit from day one.
A few years ago, an autonomous vehicle struck and killed a pedestrian.3 The question that became the incident’s focus was, “who was responsible for the accident?” Was it Uber, whose car it was? The operator of the car? In this case, the operator of the vehicle, who sat in the car, was charged with endangerment.
But what if the car had been empty and entirely autonomous? What if an autonomous car didn’t recognize a jaywalking pedestrian because the traffic signal was the right color? As AI finds its way into more and more public use cases, the question of responsibility looms large.
Some jurisdictions, such as the EU, are moving forward with legislation governing AI culpability. The rule will strive to establish different “obligations for providers and users depending on the level of risk from” AI.
It’s in everyone’s best interest to be as careful as possible when using AI. The operator in the autonomous car might have paid more attention to the road, for example. People sharing content on social media can do more due diligence to ensure what they’re sharing isn’t a deepfake or other form of AI-generated content.
This may just be the most pressing question of all those related to appropriate use of AI. Any algorithm needs vast quantities of training data to develop. In cases where the model will evaluate real-life people for anti-fraud measures, for example, it will likely need to be trained on real-world information. How do organizations ensure the data they use isn’t at risk of being stolen? How do individuals know what information they’re sharing and what purposes it’s being used for?
This large question is clearly a collage of smaller, more specific questions that all attempt to get to the heart of the matter. The biggest challenge related to these questions for individuals is whether they can trust the organizations ostensibly using their data for good or in a secure fashion.
For individuals concerned about whether their information is being used for AI training or otherwise at risk, there are some steps they can take. The first is to always make a cookies selection when browsing online. Now that the GDPA and CCPA are in effect, just about every company doing business in the U.S. or EU must place a warning sign on their website that it collects browsing information. Checking those preferences is a good way to keep companies from using information when you don’t want them to.
The second is to leverage third-party tools like McAfee+, which provides services like VPNs, privacy and identity protection as part of a comprehensive security platform. With full identity-theft protection, you’ll have an added layer of security on top of cookies choices and other good browsing habits you’ve developed. Don’t just hope that your data will be used appropriately — safeguard it, today.
The post Safer AI: Four Questions Shaping Our Digital Future appeared first on McAfee Blog.
You guard the keys to your home closely, right? They have their own special spot in your bag or in your front pocket. When your keys go missing, does a slight pit of unease grow in your gut?
Our homes store many sentimental and valuable treasures within their walls. The same goes for your online accounts. Think of your login and passwords as the keys to the cozy home of your date of birth, Social Security Number, full name, and address. When you lose those keys and they fall into the hands of a criminal, the break-ins to your online home can be costly.
In a scheme called credential phishing, online scammers seek to steal the keys to your online accounts: your login and password combinations. Just like you’d protect the keys to your house, so should you guard your online account credentials closely.
Credential phishing is a type of online scam where a cybercriminal devises tricks to gain one type of valuable information: username and password combinations. Once they eke this information from their targets, the thief is able to help themselves to online bank accounts, online shopping sites, online tax forms, and more. From there, they could go on a shopping spree on your dime or pilfer your personally identifiable information (PII) and steal your identity.
There are two common ways a criminal might try to steal online account credentials. The first is through a phishing attempt that asks specifically for usernames and passwords. They may impersonate a person or organization with authority, such as your boss, a bank representative, or the IRS. Phishing attempts often threaten dire consequences if you don’t reply promptly. Handle emails, texts, and social media direct messages that demand urgency with care. If it’s truly important, your bank will find another way to get in touch with you. Additionally, be aware of your notification preferences and communication channels with important organizations. For example, the IRS only contacts people by mail.
A second way credential phishers may try to steal your passwords is through fake login pages. You may get redirected to a fake login page by clicking on a risky link hidden in a phishing message or on a malicious website. An example of credential phishing and fake login pages in action happened to customers of a password storage company. Customers received phishing emails that contained a link to a “login page” that was actually a malicious subdomain that sent the details straight to scammers.1
There’s one very simple rule to avoid a phisher stealing your credentials: never share your password with anyone! No matter how authoritative a phone call, text, or email sounds, a legitimate business nor an IT professional nor your boss will ever ask you for your password and username combination.
If you suspect a phishing attempt, do not reply or forward the message. Additionally, do not click on any links. Artificial intelligence content creation tools like ChatGPT can make phishing messages sound convincing, as AI tools often compose messages without typos or grammar mistakes. But if anything in the tone or content of the message strikes you as suspicious, it’s best to delete it and forget about it.
Ultimate secrecy is a great first step in keeping your credentials a mystery. Practice these other password and online account safety best practices to keep your PII safe:
To add extra security to your online comings and goings, consider investing in McAfee+, which includes McAfee Scam Protection. McAfee Scam Protection is an AI-powered tool that blocks risky links in your emails, texts, and on social media. This is helpful just in case you accidentally click on a link that would’ve brought you to a fake login page or to another risky site. The more you use Scam Protection, the smarter it gets! And should your credentials and PII ever fall into the wrong hands, McAfee+ has credit and identity monitoring tools that can alert you to suspicious activity.
Consider McAfee as the home security system for your online life. When you log off and lock up, you can relax knowing that McAfee will alert you to breaking-and-entering attempts.
1Cybernews, “LastPass employees and customers targeted in ‘pervasive’ phishing campaign”
The post What Is Credential Phishing? appeared first on McAfee Blog.
If you had to count the number of social media platforms your teen uses, I wonder what the score would be? 2, 5 or maybe even more? Well, surprisingly research from our Aussie eSafety Commissioner shows that Aussie kids use an average of 4 social media services. I bet you thought it would be more. I did! So, maybe this means we don’t need to worry too much about joining and understanding these platforms? Surely their skills must be quite polished if there are only using four platforms? Wrong!! Being a good digital parent means we need to take the time to understand our kids’ digital world – even when we think they have a handle on it.
Over the last 12 years in my job as Cybermum, I’ve shared an abundance of advice. But if I had to pick the most important piece it is this – the absolute best way to keep your kids safe online is to commit to understanding your kids’ online world, particularly when they are starting out on their digital journey. So, if they are on Facebook, Instagram, Snapchat and TikTok then you need to sign up, and spend time understanding how it works. If they love Minecraft, Fortnite or Among Us – then you now do too! I’m sure you’re figuring out the pattern by now…
I’m not sure how it works for you but one thing that does NOT work for me is listening to advice from someone who has no relevant experience. To be honest, it really grinds my gears!! So, isn’t it logical that our teens would feel the same? I honestly don’t think we can expect them to take advice from us about online safety if we have no lived experience. In my opinion, experience = credibility.
So, when you join Snapchat or Instagram not only are you learning about your child’s digital life but you’re also developing credibility which may just be the most important ingredient in keeping your kids safe online. Because if and when your kids find themselves in tricky situation online, they will be far more likely to come to you with a problem if they know you understand how it all works.
Taylor Swift fandom is massive in Australia right now. With many taking days off work to secure tickets to her upcoming shows and a hot movie release, you’d be hard pressed to find many young girls who don’t think she is the ‘bees knees’. And if your sons are made keen Le Bron, Tom Brady or Nathan Cleary fans then they wouldn’t be alone – my sons are all in awe of these spectacular athletes. But despite all the hype and the potential influence from these celebrities, I need to remind you of one very important thing – you are the most important role model for your kids. You hold the greatest influence in their decision making and value setting.
If your kids see you using the same platforms they use in a healthy, balanced way – then you really have a tonne of ability to help them develop positive digital habits. Your ‘tech cred’ will mean they are even more likely to pick up on your habits. So, make sure you have a healthy mix of digital and non-digital activities into your life. Consider:
Remember, they are watching and learning!!
Now, I don’t want to force you to do anything that you are not comfortable with, but I do want you to understand how best to support your kids in their digital life. To me, it’s quite simple. Whatever platform your kids spend the bulk of their time online then that’s where you need to spend your time too. You’ll develop credibility which means they are more likely to come to you if they have an issue online. It also gives you an opportunity to model health digital habits which can be really powerful. So, if your kids use Snapchat then yes – you need to join!!! All the ‘know-how’ you amass while using it will absolutely help make you a great digital parent.
Till next time
Alex
The post Do I Really Need to be on Snapchat to be a Good Digital Parent? appeared first on McAfee Blog.
Just when they need financial security the most, job seekers face another challenge—getting ripped off by job scams.
Scammers will capitalize on any opportunity to fleece a victim, like the holidays with ecommerce scams and tax time with IRS scams. Now, with surging employment figures, scammers have turned to job scams that harvest money and personal information from job seekers.
In some ways, the tactics bear resemblance to online dating and romance scammers who hide behind a phony profile and tell their victims a story they want to hear, namely that someone loves them. With job scams, they take on the persona of a recruiter and lure their victims with what seems like an outstanding job offer. Of course, there’s no job. It’s a scam.
These attacks have gained a degree of sophistication that they once lacked. Years prior, scammers relied on spammy emails and texts to share their bogus job offers. Now, they’re using phony profiles on social media platforms to target victims.
Social media platforms have several mechanisms in place to identity and delete the phony profiles that scammers use for these attacks. Of note, LinkedIn’s latest community report cited the removal of more than 21 million fake accounts in the first half of 2022:
Likewise, Facebook took action on 1.5 billion fake accounts in Q3 of 2022 alone, with more than 99% of them acted on before users reported them.
Still, some scammers make their way through.
As Steve Grobman, our senior vice president and chief technology officer, was quoted in an article for CNET, the continued shift to remote work, along with remote hiring, has also made it easier for online job scams to flourish. And the figures bear that out.
In 2021, the FTC called out $209 million in reported losses due to job scams. In just the first three quarters of 2022, reported job scam losses had already reached $250 million. While year-end figures have yet to be posted, the final tally for 2022 could end up well over $300 million, a 50% uptick. And the median loss per victim? Right around $2,000 each.
While the promise of work or a job offer make these scams unique, the scammers behind them want the same old things—your money, along with your personal information so that they can use it to cause yet more harm. The moment any so-called job offer asks for any of those, a red flag should immediately go up.
It’s possibly a scam if:
In the hands of a scammer, your SSN or tax ID is the master key to your identity. With it, they can open up bank cards, lines of credit, apply for insurance benefits, collect benefits and tax returns, or even commit crimes, all in your name. Needless to say, scammers will ask for it, perhaps under the guise of background check or for payroll purposes. The only time you should provide your SSN or tax ID is when you know that you have accepted a legitimate job with a legitimate company, and through a secure document signing service, never via email, text, or over the phone.
Another trick scammers rely on is asking for bank account information so that they can wire payment to you. As with the SSN above, closely guard this information and treat it in exactly the same way. Don’t give it out unless you actually have a legitimate job with a legitimate company.
Some scammers will take a different route. They’ll promise employment, but first you’ll need to pay them for training, onboarding, or equipment before you can start work. Legitimate companies won’t make these kinds of requests.
Aside from the types of information they ask for, the way they ask for your information offers other clues that you might be mixed up in a scam. Look out for the following as well:
You can sniff out many online scams with the “too good to be true” test. Scammers often make big promises during the holidays with low-priced offers for hard-to-get holiday gifts and then simply don’t deliver. It’s the same with job scams. The high pay, the low hours, and even the offer of things like a laptop and other perks, these are signs that a job offer might be a scam. Moreover, when pressed for details about this seemingly fantastic job opportunity, scammers may balk. Or they may come back with incomplete or inconsistent replies because the job doesn’t exist at all.
Job scammers hide behind their screens. They use the anonymity of the internet to their advantage. Job scammers likewise create phony profiles on networking and social media websites, which means they won’t agree to a video chat or call, which are commonly used in legitimate recruiting today. If your job offer doesn’t involve some sort of face-to-face communication, that’s an indication it may be a scam.
Scammers now have an additional tool reel in their victims—AI chatbots like Chat GPT, which can generate email correspondence, chats, LinkedIn profiles, and other content in seconds so they can bilk victims on a huge scale. However, AI has its limits. Right now, it tends to use shorter sentences in a way that seems like it’s simply spitting out information. There’s little story or substance to the content it creates. That may be a sign of a scam. Likewise, even without AI, you may spot a recruiter using technical or job-related terms in an unusual ways, as if they’re unfamiliar with the work they’re hiring for. That’s another potential sign.
Scammers love a quick conversion. Yet job seekers today know that interview processes are typically long and involved, often relying on several rounds of interviews and loops. If a job offer comes along without the usual rigor and the recruiter is asking for personal information practically right away, that’s another near-certain sign of a scam.
This is another red flag. Legitimate businesses stick to platforms associated with networking for business purposes, typically not networking for families, friends, and interests. Why do scammers use sites like Facebook anyway? They’re a gold mine of information. By trolling public profiles, they have access to years of posts and armloads of personal information on thousands of people, which they can use to target their attacks. This is another good reason to set your social media profiles on platforms like Facebook, Instagram, and other friend-oriented sites to private so that scammers of all kinds, not just job scammers, can’t use your information against you.
As a job hunter you know, getting the right job requires some research. You look up the company, dig into their history—the work they do, how long they’ve been at it, where their locations are, and maybe even read some reviews provided by current or former employees. When it comes to job offers that come out of the blue, it calls for taking that research a step further.
After all, is that business really a business, or is it really a scam?
In the U.S., you have several resources that can help you answer that question. The Better Business Bureau (BBB) offers a searchable listing of businesses in the U.S., along with a brief profile, a rating, and even a list of complaints (and company responses) waged against them. Spending some time here can quickly shed light on the legitimacy of a company.
Also in the U.S., you can visit the website of your state’s Secretary of State and search for the business in question, where you can find when it was founded, if it’s still active, or if it exists at all. For businesses based in a state other than your own, you can visit that state’s Secretary of State website for information. For a state-by-state list of Secretaries of State, you can visit the Secretary of State Corporate Search page here.
For a listing of businesses with international locations, organizations like S&P Global Ratings and the Dun and Bradstreet Corporation can provide background information, which may require signing up for an account.
Given the way rely so heavily on the internet to get things done and simply enjoy our day, comprehensive online protection software that looks out for your identity, privacy, and devices is a must. Specific to job scams, it can help you in several ways, these being just a few:
Job searches are loaded with emotion—excitement and hopefulness, sometimes urgency and frustration as well. Scammers will always lean into these emotions and hope to catch you off your guard. If there’s a common thread across all kinds of online scams, that’s it. Emotion.
A combination of a cool head and some precautionary measures that protect you and your devices can make for a much safer job-hunting experience, and a safer, more private life online too.
Editor’s Note:
Job scams are a crime. If you think that you or someone you know has fallen victim to one, report it to your authorities and appropriate government agencies. In the case of identity theft or loss of personal information, our knowledge base article on identity theft offers suggestions for the specific steps you can take in specific countries, along with helpful links for local authorities that you can turn to for reporting and assistance.
The post Job Scams—How to Tell if that Online Job Offer is Fake appeared first on McAfee Blog.
With the rush of Black Friday and Cyber Monday shopping comes a rush of another kind. Millions of fake delivery texts sent by scammers – designed to steal your personal info or saddle your phone with malware.
From late November through early January, scammers slip into the holiday mix and catch online shoppers unaware with fake delivery texts. They pose as postal services, delivery companies, and retailers, sending texts that alert their potential victims of some delivery issue or other.
The stories these scammers spin vary, yet the classics include:
In every case, the con game is the same. The scammer wants you to tap the link they’ve included in your text.
From there, that link whisks you to a malicious site designed to do you harm. That might involve installing malware like ransomware, spyware, or viruses. It might also steal your personal and financial info by asking you to fill out a form. Or both.
But you can absolutely beat these scams. A combo of knowing what to look for and some helpful tools can steer you clear of these scams and the headaches that follow.
A little background shows why hackers send so many during the holidays — and it starts with the reported $38 billion that U.S. consumers spent from Black Friday through Cyber Mondayi. Think of it this way, that’s $38 billion worth of stuff coursing through the mail and delivery services.
The U.S. Postal Service (USPS) alone will deliver an estimated 800 million packages between Thanksgiving and New Year’s Dayii. Overall, the USPS will process 15 billion pieces of mail. And then there’s the millions more shipped by UPS, FedEx, and Amazon’s delivery services.
That offers scammers plenty of opportunities. With all those packages moving around, they count on people responding to their fake delivery texts. Scammers make good money when even a small percentage of people tap the links in those texts.
That flood of bogus texts has understandably put people on their guard. Our own recent research shows that 36% of Americans said they were a victim of an online shopping scam during the holiday season. That’s more than one in three people, making it likely that you know someone who’s been taken in. Of those who fell for holiday scams online, nearly half said it cost them $100 or more. Strikingly, one in four victims said it cost them $1,000 or more.
The top two online scams people reported include:
Complicating matters more this year – AI. We’ve been talking a lot about that in our blogs this year, and with good reason. Scammers now have AI-driven tools that help them fire up fake emails, malicious sites, and text messages with a few clicks. In fact, a new phishing site is created every 11 seconds, and Americans receive an average of 12 fake messages or scams dailyiii.
As a result, 31% of people we surveyed said that it’s getting tougher to tell a real message from a fake one. And that includes delivery notifications by text.
With that, let’s cover what you can look out for.
As with any fake text, scammers do their best to look legitimate. All in the hope that their victims will tap that malicious link. Here’s how they try to disguise themselves:
In the U.S., the “big four” organizations that scammers like to impersonate are the U.S. Postal Service (USPS), FedEx, UPS, and Amazon. With that, they can cast a rather wide net because they’re responsible for so many deliveries this time of year. Of course, scammers won’t limit themselves to posing as those organizations. Just about any company will do.
Companies typically have a standard set of web addresses and phone numbers that they use for contacting customers. For example, Amazon states that legitimate Amazon addresses have a dot before “amazon.com” such as https://pay.amazon.com for Amazon Pay. Scammers try to spoof these addresses, often with addresses that look like the real thing but aren’t. They might use “fed-exdeliverynotices.com” rather than the legitimate fedex.com. In other cases, scammers might use a totally unrelated dot-com address, like in this phony DHL delivery notice below:
Note how the scammer slipped in “dhl” after the dot-com address, all in a ruse to make the link look more legitimate by using the DHL name, a legitimate shipping company.
Scammers rely on stress and high emotions to lure in their victims. And during the gift-giving season, an alert about a package delivery can do the trick. Scammers (falsely) claim that you won’t get your package without tapping that link and taking some sort of next step.
Once, red flags like these let you know you were staring down a scam. That’s still the case, yet AI has changed that. Scammers now use common AI tools to cook up their texts, which are far less likely to contain common typographical and grammatical errors. Still, look for any kind of writing that looks or reads a bit “off.” Trust your gut. That’s a warning sign.
You have several ways you can avoid the headaches and harm that these texts can lead to.
Consider being a part of the solution. Many companies have dedicated email addresses and web pages for fraud protection. This helps them identify scams along with their behaviors and trends. In turn, they can alert their customer base of current scams and help them track down the scammers.
Further, in the U.S., you can also report scam texts to the Federal Trade Commission (FTC) at https://www.ReportFraud.ftc.gov. Similarly, they use and share reports with law enforcement partners to help with investigations.
By taking a deep breath and scrutinizing that seemingly alarming delivery message, you can avoid getting taken in by scammers and hackers this time of year. Using official websites and apps to track your packages goes a long way toward putting you at ease that all’s well with your shipment. Or letting you know that there’s truly an issue with a package.
You also have comprehensive online protection software like ours in your corner. It protects more than your devices. It protects your privacy and identity too — from text scams like these and a host of other scams and attacks as well. In short, it can help you tell what’s real and what’s fake out there.
The post Is That Delivery Text Real or Fake? How to Shop and Ship Safely this Season appeared first on McAfee Blog.
In the 80’s, train stations and church groups were the key places to meet boys. And despite the fact I tried very hard to keep this side of my life well away from my parents, I know for a fact that they worried!! Well, some things have clearly changed with social media and dating apps providing unlimited opportunities for teens to connect with romantic partners across the world. But one thing definitely hasn’t changed – parents are still worrying!!
Despite what we may think, school is still the main place teens find their romantic partners according to a fascinating research study entitled: ‘Adolescents’ Partner Search in the Digital Age: Correlates and Characteristics of Relationships Initiated Online’. But second to this is the internet. The internet (including social media) even trumps ‘friends, parties and neighbourhoods’ as the 2nd most common place where adolescents meet their significant other.
Interestingly, the report also highlights the different types of kids who gravitate towards online dating. According to the research, girls who find it harder to fit in at school were more likely to initiate and find romantic relationships online rather than pursue them in person. This was the same for teens looking to pursue same-sex relationships. Overall, there were multiple examples of how the internet has become a ‘social intermediary’ for teens who may struggle with in-person social connection.
I want to make it very clear that this post isn’t designed to scare you or have you immediately remove all devices from your teen – although I get why it’s tempting! Instead, I want to help you, help your kids navigate online dating.
By now, we all know that there are both challenges and risks being online. Some of us navigate these with ease while others don’t. In my opinion, a teen’s ability to think critically, pick up social cues and manage conflict will have a direct impact on their ability to navigate their online life and that includes online dating.
So, yes there are risks – your teen may experience harassment, discrimination, sextortion, scams or cyberstalking. And of course, these are big heavy possibilities that no-one wants their child to experience. But you have to remember that for our kids, meeting someone online is just as normal as it was for my friends and I to meet boys at the local train station. In fact, it may even be less overwhelming as they can ‘google’ potential love matches and find friends of friends who can vouch for them or warn them away.
Instead of being worried, focus on helping your teen have a positive and safe online dating experience.
It’s completely natural to be hesitant about your teen dating online – I’ve been there! And yes, talking about their budding love life may be a bit uncomfortable. But, when there are some pretty large risks at play, you’re just going to have to push through on the awkwardness. Here are my top tips:
Take some time to research the various dating sites. Read the reviews, browse the community guidelines and understand how they verify users. The larger dating sites are for over 18s – think Hinge, Bumble and Tinder however let’s keep it real – it’s not that hard to ‘fudge’ your age. So even if your teen is under 18, I’d still do some due diligence here. In recent years, under 18 dating sites have cropped up. Mylol, the self-proclaimed “#1 teen network in the world”, is probably the most popular platform followed by Skout.
But traditional dating sites are not the only way teens meet potential love interests online. It’s not uncommon for kids to start messaging other kids whose profile they may have come across on Snapchat, Discord or even while gaming on Fortnite. You may have heard the expression ‘slide into your DMs’ – that means that someone has sent you a direct message on social media, most commonly for romantic purposes!!
Once you understand how it all works – you’ll be able to speak with more ‘weight’ to your teen. So, push through the awkwardness and start talking. If there is a lot of pushback from your teen, you might need to go slow. Why not share articles about online dating? Or, relay stories and experiences from your friends and their kids? Always reserve judgment and stay calm and neutral. Why not help them work out what they want by asking open and non-judgemental questions e.g. Is it a committed relationship or just a ‘fling’? This may help them work out the best platform and also manage their expectations.
Once the awkwardness has gone, you should start talking about healthy relationship boundaries. It’s important they understand how to set parameters, so they are safe and respected. They need to know that:
There are also some key safety measures that will help protect them when they embark on online dating. I love reminding my boys of these – fingers crossed they listen!!
I’m a big believer that being proactive is a very worthwhile parenting strategy. So, ‘ripping off the bandaid’ and helping your teens with their online dating strategy is a great way to set them up for a safe and positive experience. We all know from experience that the path to true love isn’t always linear, so there might be a few heartbreaks or dramas along the way. So, remind your teen that you are always available to listen to their concerns and help them troubleshoot a situation. Remember, the more you keep the lines of communication open, the more likely they will be to come to you if there is an issue.
Happy digital parenting!!
Alex x
The post How to Help Your Teens Stay Safe When They Start Dating Online appeared first on McAfee Blog.
Yes, there is a Cyber Grinch. In fact, you’ll find evidence of an entire host of grinches online — the cybercrooks who, with the help of AI, create millions of online scams that crop up just in time to spoil the holiday season. But you can still shop safely, with a sharp eye and the right tools at your side.
This time of year always sees a boost in scams. After all, where shoppers go, scammers follow. Research from our McAfee Labs team found that scam volume ramps up 30% above average this time of year, kicking off in November and carrying over into the first week of the new year.
To gain even more insight into the impact online scams have on consumers, we conducted our inaugural Global Holiday Shopping Scams Study. More than 7,000 adults in seven countries told us how scams have impacted their holidays. They also shared their feelings about the recent onset of AI-driven scams.
The findings offer several significant insights, including the financial impact of scams, and even when and where people shop online (spoiler: that includes purchases made at the dinner table and in the bathtub).
Let’s dig into the findings. From there, we’ll show you several ways you can stay safe while you shop online, so you can send those grinches packing.
For starters, 36% of Americans said they were a victim of an online shopping scam during the holiday season. That’s more than one in three people, making it likely that you know someone who’s been taken in. Of those who fell for holiday scams online, nearly half said it cost them $100 or more. Strikingly, one in four victims said it cost them $1,000 or more.
The top three online scams people reported include:
We looked at those figures more closely and found some trends that show some folks get tangled up in these scams more than others.
Comparing men and women, 65% of men said they place the same level of trust in shopping online as they do in person. Meanwhile, women appear to be a bit more discerning. Only 46% of women said they had the same level of trust. We then found that men were nearly twice as likely to fall for an online holiday scam (46%) than women (26%).
When looking across generations, we found that 64% of Gen Z and 77% of Millennials trust shopping online as much as in person. Likewise, they found themselves victimized by scams more often than older adults. Of the younger set, 49% of Gen Z and 65% of Millennials said they fell for a holiday scam. Compare that to only 12% of people over 50 saying the same thing.
We also got some insight into people’s headspace.
People are as deal conscious as ever, with 1 out of 3 (35%) saying they will likely jump on a bargain when they see it. They also plan to shop around; 85% of people said they will look for the best deal before buying their holiday gifts.
It’s no surprise that 63% planned to shop online during Black Friday and Cyber Monday weekend. However, we found some surprises — namely, where they are when they shop online:
Take all that together and it leaves the Cyber Grinch wringing his hands in delight. Bargain hunting, shopping around, and buying online when you’re somewhat distracted make it easier for scammers to pull off their tricks.
Scammers count on the stress and pressures of holiday shopping. When people are tired or in a hurry, they tend to make mistakes. And now they’re easier to make, no thanks to the scammers who’ve picked up AI tools.
The bad actors out there now have AI-driven tools that help them fire up scams at alarming rates. They make it easier to create compelling fake emails, malicious sites, and text messages. In fact, a new phishing site is created every 11 seconds, and Americans receive an average of 12 fake messages or scams daily.
On top of that, AI has made it harder than ever to tell what’s real from what’s fake. Not only have we seen a deluge of scams, but it’s also a deluge of increasingly sophisticated scams. With AI tools, scammers can make their emails, messages, and texts look and sound more convincing than ever.
People shared their concerns about AI scams:
Despite what we discovered in many of the findings, we have good news to share: there are tools that can help you shop safely.
Think before you click. Cybercriminals use phishing emails or fake sites to lure people into clicking links that might lead to malware. If you receive an email or text message asking you to click on a link, it’s best to avoid interacting with the message altogether. Even if it’s a great-sounding deal or indicates it’ll provide useful info such as a parcel delivery update. Always go direct to the source and interact with reputable companies.
Remember that if it seems too good to be true, it probably is. Many scams are effective because the scammer creates a false sense of urgency or preys on a heightened emotional state. Pause before you rush to interact with any message that is threatening or urgent, especially if it is from an unknown or unlikely sender. The same very much applies for deals and sales online. Scammers will pop up bogus online ads and stores for sought-after gifts, of course with no intention of shipping you anything. Look out for offers that seem priced too low and hard-to-find items that are miraculously in stock at an online store you’ve never heard of. Stick with reputable retailers instead.
Go unlisted. Scammers have to get your contact info from somewhere. Often, they get it from online data brokers and other “people finder” sites. These sites collect and sell massive amounts of personal info to any buyer. You can remove that info from some of the riskiest data brokers with our Personal Data Cleanup service. It can help you remove that info, and with select products it can even manage the removal for you. Likewise, set your social media accounts to “friends and family” only so that your profile info doesn’t show up in search results.
Use AI to beat AI. From blocking dangerous links that appear in text messages, social media, or web browsers, you have AI on your side. McAfee Scam Protection automatically identifies and alerts you if it detects a dangerous URL in your text. No more wondering if a delivery message or bank notification text is real or not. McAfee’s patented AI technology instantaneously detects malicious links to stop you before you click by sending an alert message. It’ll even block risky sites if you accidentally click on a scam link in a text, email, social media, and more. You’ll find it in our online protection plans like our award-winning McAfee+ subscriptions.
One thing that hasn’t changed this year, scammers love the holidays. Just as you’re gearing up for shopping, they’re gearing up for scamming. The hustle and bustle of the holidays, AI-driven scam tools, and malicious messages and websites seemingly play in the favor of scammers. Yet AI-driven protection like ours puts the advantage back squarely in your corner. That, and keeping your guard up for trickery, will help you steer clear of all those grinches out there this year.
The survey, which focused on the topic of scam messages and holiday shopping, was conducted online between September 7 and September 21, 2023. 7,130 adults, age 18+, in 7 countries (US, Australia, India, UK, France, Germany, Japan), participated in the study.
The post How to Shop Safely This Holiday Season appeared first on McAfee Blog.
Short-URL services have emerged as a crucial part of the way we use the Internet. With the increasing use of social media, where the number of characters is limited, short-URL services are a useful tool for reducing a URL’s length. However, this convenience also comes with a potential risk. The anonymity provided by these services can serve as a breeding ground for online threats. This article delves deeper into the potential risks associated with using short-URL services and how you can safeguard yourself from these threats.
Short-URL services are online tools that convert a long URL into a short one. These services are often free and easy to use: you simply enter the long URL you wish to shorten and the service will generate a short URL for you. This can be particularly handy for social media platforms such as Twitter, where character limits can make sharing long URLS impractical.
The short URL does not provide any clues about the destination website – it is a random mix of letters and numbers. This lack of transparency can make it difficult for users to determine the legitimacy of the link before clicking it. Consequently, this has opened a pandora’s box for cyber threats, as ill-intentioned individuals can hide malicious links behind these short URLs.
While the brevity provided by short-URL services is a practical solution in the age of character-limited social media posts, it’s important to understand the accompanying risks. With the shortened URL, the original URL is hidden, which can make it challenging for users to discern whether the link is safe or not. This very feature is exploited by cybercriminals who mask malicious sites with short URLs, intending to trick users into visiting harmful web pages.
Phishing attacks, malware, and other types of online fraud can be hidden behind short URLs. Usually, these URLs are distributed via emails, social media, and instant messaging applications. Once clicked, these malicious links can infect a user’s device with malware or lead them to fake websites where sensitive information is collected. This manipulative tactic is known as ‘spoofing’.
→ Dig Deeper: New Malicious Clicker found in apps installed by 20M+ users
The practice of using short URLs has brought about an increased level of vulnerability in cyberspace. Certain security features that help in identifying a malicious website, such as examining the URL structure or the SSL certificate, are effectively nullified by the use of short URLs. As a result, even experienced internet users can fall prey to these malicious tactics. This marks a significant shift in traditional cybersecurity threats, where the danger is now hidden behind the veil of convenience.
→ Dig Deeper: “This Connection Is Not Private” – What it Means and How to Protect Your Privacy
Even more concerning is the fact that once a short URL is generated, it remains active indefinitely. This means a malicious link can continue to exist and pose a threat long after the original malicious activity has been detected and dealt with. Given the scale at which these short URLs are generated and shared across various digital platforms, the potential for harm is vast and hard to contain.
Given the opacity provided by short-URL services, they have become a popular tool among cybercriminals. A report by the cybersecurity firm Symantec found that 87% of the malicious URLs used in massive cyber-attacks were actually short URLs. This stark statistic illustrates the size of the problem at hand and the urgent need for adequate measures to tackle it.
Short URLs are like a wolf in sheep’s clothing. They appear harmless, but the reality could be contrary. Without the ability to inspect the actual URL, users can unknowingly fall into a trap set by online fraudsters. The success of these threats relies heavily on the victim’s ignorance and the inability to determine the authenticity of the link they are clicking on.
To fully comprehend the risks associated with short URLs, let’s examine a few real-life cases where short URLs were used to spread cyber threats. In one instance, a malicious short URL was used to propagate a Facebook scam that promised users a free gift card if they clicked on the link. Instead of a gift card, the link led users to a phishing site designed to steal personal information.
→ Dig Deeper: Don’t Take a Bite out of that Apple Gift Card Scam
In another instance, an email campaign used a short URL to spread the notorious Locky ransomware. The email contained an invoice with a short URL, which when clicked, downloaded the ransomware onto the user’s device. These two cases underscore the severe risks associated with short URLs and highlight the importance of exercising caution when dealing with such links.
While the threats presented by short URLs are real and potentially damaging, internet users are not entirely helpless against them. There are certain measures that can be taken to avoid falling victim to these threats. Below are some of the ways to ensure safe browsing habits:
Firstly, be wary of any strange or unexpected links, even if they come from trusted sources. Cybercriminals often disguise malicious links to appear as though they are from trusted sources, in a tactic known as ‘spoofing’. However, if an email or a message seems out of character or too good to be true, it’s best to avoid clicking on the link.
Secondly, consider using URL expansion services. These services allow you to enter a shortened URL and then reveal the full URL, enabling you to see where the link will take you before you click on it. This can provide an added layer of security when dealing with unfamiliar links.
Finally, keep your devices and internet security software up to date. This is a simple but effective measure against all forms of online threats, including those hidden in short URLs. By regularly updating your devices and software, you can ensure you have the most recent security patches and protections available.
McAfee Pro Tip: Enhance your online safety and privacy by employing a secure browser. A safe browser incorporates additional security features designed to thwart unauthorized third-party activities during your web surfing sessions. Know more about safe browsing.
While individual users can take steps to protect themselves, institutions also have a role to play in mitigating the threats associated with short URLs. Social media platforms, email providers and companies should all be invested in protecting their users from cyber threats. Implementing stricter URL policies, improving spam filters, and educating users about potential dangers can all help in reducing the risk.
Internet service providers can also have a hand in safeguarding users. For instance, they could monitor and block suspicious short URLs, or provide warnings to users about potential threats. While these measures may not completely eliminate the risk, they can greatly reduce the chances of users falling victim to cyber threats.
Moreover, there’s a growing need for regulatory policies around the usage and creation of short URLs. Instituting thorough checks before a short URL is generated could help in curbing the misuse of these services. Such checks could include verifying the authenticity of the original URL and scanning for potential threats.
Short-URL services undeniably offer a degree of convenience in this age of Twitter-length posts and character-limited updates. However, the potential threats that lurk behind these shortened links cannot be overlooked. Users and institutions need to balance the benefits of these services with the risks, and take appropriate measures to safeguard against potential threats.
While we cannot completely eliminate the risks associated with short URLs, by staying informed, exercising caution, and using tools and resources at our disposal, we can significantly reduce our vulnerability to these threats. In the end, it’s about promoting a safer Internet experience for everyone, where convenience doesn’t come at the cost of security.
Stay informed about the latest online threats plaguing the community today. Explore the insights provided by McAfee to arm yourself with the knowledge needed to protect against evolving cybersecurity challenges.
The post Short-URL Services May Hide Threats appeared first on McAfee Blog.
In the realm of cybersecurity, there is one vulnerability that is often overlooked – the human element. While firewalls, encryption, and other security measures can protect our data to a certain extent, the most sophisticated systems can still be breached by clever manipulations of human psychology. This is where the concept of Social Engineering comes in. Through this article, we aim to provide an overview of social engineering, why it is important, and how it is employed.
Social Engineering, in a cybersecurity context, refers to the techniques used by cybercriminals to manipulate individuals into divulging confidential information that can be used for fraudulent purposes. It is essentially an act of tricking people so that they give away their personal information such as passwords, bank account numbers, social security numbers, or other valuable data. This is often achieved not through technical means, but through human interactions.
Because most people are not aware that they are being targeted until it’s too late, social engineering is considered one of the biggest threats to cybersecurity. The success of a social engineering attack relies heavily on the ability to make the target believe that the attacker is someone they can trust or someone who has a legitimate reason for needing the information being sought. It exploits the natural tendency of a person to trust others and to want to help others, especially those who appear to be in a position of authority or in distress.
There are various types of social engineering attacks, each of which uses different tactics to trick victims. From sophisticated email scams to personalized impersonation, the variety of approaches underscores the need for a comprehensive understanding of these deceptive tactics to fortify defenses against the ever-evolving landscape of cyber threats. Let’s take a look at some of the most common types of social engineering attacks today:
Pretexting:
Vishing (Voice Phishing):
→ Dig Deeper: Artificial Imposters—Cybercriminals Turn to AI Voice Cloning for a New Breed of Scam
Baiting:
Quid Pro Quo:
Impersonation:
→ Dig Deeper: Fighting Mobile Phone Impersonation and Surveillance
Watering Hole Attacks:
Understanding the intricacies of these social engineering tactics is crucial for individuals and organizations alike, empowering them to recognize and thwart these manipulative strategies in an ever-evolving digital landscape.
At its core, social engineering is about exploiting the human element of security. It takes advantage of our ingrained behaviors and tendencies to trust and to want to be helpful. For instance, most people will not suspect a friendly phone call or an email from a co-worker to be a potential threat. As such, cybercriminals use these characteristics to their advantage in executing their attacks.
Psychology plays a crucial role in successful social engineering attacks. By understanding and manipulating human emotions such as fear, curiosity, greed, and the desire to help others, cybercriminals can more effectively trick their victims into falling for their scams. For example, they may send an email posing as the victim’s bank, warning of suspicious account activity and prompting them to verify their account credentials. In fear of losing their hard-earned savings, the victim is likely to comply, thus giving the attacker what they want.
→ Dig Deeper: Social Engineering—The Scammer’s Secret Weapon
In dealing with social engineering, awareness is the first line of defense. Individuals and businesses should ensure that they are familiar with the various types of social engineering attacks and how they operate. They should learn to recognize the common signs of these attacks, such as emails containing spelling and grammatical errors, or emails requesting urgent action or confidential information.
Strong, unique passwords and multi-factor authentication can also serve as deterrents to social engineering attacks. It’s crucial to regularly update and secure your systems, use encryption for sensitive data, and always verify the identity of individuals before divulging any personal or sensitive information. Additionally, organizations should hold regular training sessions to teach employees about social engineering tactics and how to respond to potential threats. It’s better to be safe than sorry – when in doubt, don’t give it out.
→ Dig Deeper: Protect Your Digital Life: Why Strong Passwords Matter
The consequences of falling victim to a social engineering attack can be devastating. Personal consequences may include financial loss, identity theft, and damage to personal reputation. Businesses that fall victim to such attacks can suffer damage to their brand reputation, financial loss from theft or fines due to non-compliance with data protection laws, and loss of customer trust.
Moreover, the information obtained through social engineering attacks can be used for further attacks, making the problem even more severe. For instance, a cybercriminal who has obtained someone’s email password can use it to send out phishing emails to the victim’s contacts, thus spreading the attack even further. The ripple effect of social engineering can therefore, lead to widespread damage, affecting not just individuals, but also the organizations they are a part of.
McAfee Pro Tip: Modern social engineering campaigns bear a striking resemblance to authentic communications from reputable organizations. Meticulously crafted, these campaigns may have grammatical correctness and seamlessly blend into plausible scenarios. Despite their polished appearance, their underlying objective remains consistent – the acquisition of sensitive information. Protect your personal data and identity with McAfee+ to avoid the consequences of social engineering.
It is clear that social engineering poses a significant risk to cybersecurity. This form of manipulation exploits the human vulnerability to trust and help others, leading to the disclosure of confidential information that can be used for fraudulent purposes. Despite advances in technology and security protections, this threat remains prevalent due to the human factor.
Individuals and organizations must stay educated and vigilant against these attacks. Only through awareness and adequate protective measures can the risk of social engineering be mitigated. By understanding the psychology of these attacks, recognizing the common signs, and employing prevention techniques, one can create a strong first line of defense against social engineering. In the realm of cybersecurity, every person should remember that they could potentially be the weakest link, but with adequate precautions, they can also be the strongest asset.
The post What is Social Engineering? appeared first on McAfee Blog.
While the majority of us look forward to Black Friday and Cyber Monday for the best deals, there’s another group that’s also eagerly anticipating these dates – cybercriminals. As the number of online shoppers increases, so do the opportunities for cybercriminals to steal personal and financial information. In this article, we will take a closer look at how these cybercriminals operate, and how you can protect yourself from becoming a victim.
With the advent of technology, more and more consumers are shifting towards online shopping. The COVID-19 pandemic has also forced a lot of people to favor this method of purchasing due to health and safety concerns. However, this shift has also opened up a new avenue for cybercriminals who are now focusing their efforts on gathering personal information from these online transactions. In this part of the article, we delve into how these criminals take advantage of Black Friday online sales to access and steal personal data.
The first step in understanding how to protect ourselves is to understand how cybercriminals operate. Black Friday and Cyber Monday provide the perfect opportunity for these criminals as the surge in online traffic can make their malicious activities less noticeable. They exploit the sense of urgency and excitement around these sales, using various tactics to deceive shoppers and gain access to their personal information.
One of the most common methods used by cybercriminals is phishing. It is a form of fraud where cybercriminals impersonate a legitimate organization in an attempt to steal sensitive data. During the Black Friday sale period, these criminals will send out emails or texts that appear to be from renowned retailers offering fantastic deals. However, these emails and texts are embedded with malicious links that when clicked, lead the shopper to a fake website designed to steal their personal and financial information. The shopper, lured by the enticing deal, unsuspectingly enters their details, giving the cybercriminals exactly what they want.
Another common tactic used by cybercriminals is the use of malware and ransomware. Malware is a type of software that is designed to cause damage to a computer, server, or computer network, while Ransomware is a type of malware that threatens to publish the victim’s data or perpetually block access to it unless a ransom is paid. During Black Friday, cybercriminals increase the distribution of such malicious software. Unsuspecting shoppers may download these onto their devices when they click on links or open attachments in emails offering Black Friday deals.
Once the malware or ransomware is downloaded onto the device, the cybercriminals can steal personal information, lock the device, or even use it to conduct other illegal activities. This type of attack is particularly dangerous as it not only compromises personal and financial information, but can also leave the victim with a non-functional device, adding insult to injury. The aftermath of such an attack could be extensive and costly, especially if valuable data is lost or if the ransom is paid to regain access to the device.
→ Dig Deeper: Online Shopping – How To Avoid The Bad So You Can Enjoy The Good!
Card skimming involves the illegal copying of information from the magnetic stripe of a credit or debit card. It is a serious problem in the brick-and-mortar retail sector, however, a new form of this crime has emerged and is becoming a major threat to online shoppers – E-skimming. E-skimming is a method used by cybercriminals to steal credit card information from online shoppers in real-time.
During the Black Friday period, the criminals may compromise a retailer’s website, typically by injecting malicious code into the site’s checkout process. When the shopper enters their credit card information, the criminals capture it. The information is then either used directly to make fraudulent purchases or sold on the dark web. This method is particularly challenging for retailers to combat as it can be difficult to detect, the e-skimming code may lay dormant until the checkout process is initiated, making it even harder to identify.
Now that we understand the methods used by cybercriminals, let’s explore how to protect our personal and financial information during this high-risk period. Cybersecurity should be everyone’s top priority and there are several measures you can take to ensure you don’t fall victim to these cyber-attacks.
Firstly, be skeptical of emails, texts, or advertisements offering too-good-to-be-true deals. Always double-check the source before clicking any links. It’s safer to directly navigate to the retailer’s website via your browser rather than clicking the link in an email or ad. If you receive an email from a retailer, cross-verify it by visiting their official website or contacting them directly. Avoid clicking on links from unknown or suspicious sources.
→ Dig Deeper: Invisible Adware: Unveiling Ad Fraud Targeting Android Users
Secondly, ensure your devices are equipped with up-to-date antivirus and anti-malware software. These tools can detect and block malicious activities, providing a layer of security. Regularly update your software and operating system to patch any vulnerabilities that cybercriminals might exploit. When shopping online, make sure the website’s URL begins with ‘https’, indicating it is secure and encrypted. Furthermore, regularly monitor your bank and credit card statements for any unauthorized transactions.
McAfee Pro Tip: Have you ever encountered a suspicious charge on your credit card and felt uncertain about the next steps to take? Protect yourself with McAfee’s credit monitoring service! Our tool can help you keep an eye on any unusual credit activity to detect potential signs of identity theft.
Finally, consider using a credit card instead of a debit card for online purchases. Credit cards often have better fraud protection and it’s easier to dispute fraudulent charges. Be mindful of where and how you’re sharing your personal information. Avoid making transactions over public WiFi as these networks can be easily compromised. Instead, use your mobile data or a trustworthy, private WiFi network.
While consumers can take steps to protect themselves, retailers also play a crucial role in ensuring the security of their customers’ data. They need to be proactive in implementing robust security measures and constantly monitoring for any suspicious activities. Regular audits and penetration testing can help identify potential vulnerabilities and fix them before they can be exploited.
Businesses should educate their employees on cybersecurity best practices and how to identify phishing attempts. Regular training can help prevent accidental breaches as well as deliberate insider threats. Employing secure payment systems and encryption are other steps retailers can take to safeguard customer data.
Multi-factor authentication can add an additional layer of security, making it harder for cybercriminals to gain access. Retailers should also have a response plan in place in case of a data breach, to minimize damage and swiftly communicate to affected customers.
Black Friday and Cyber Monday present lucrative opportunities for cybercriminals intent on stealing personal and financial information. However, understanding their tactics and taking proactive measures can significantly reduce the risk of falling victim to these attacks. From phishing and malware to E-skimming, the threats are diverse and evolving, but with caution and cybersecurity measures in place, both consumers and retailers can enjoy the benefits of these sales events safely.
Remember, if a deal seems too good to be true, it probably is. Be vigilant, keep your software updated, and prioritize safe shopping practices. Retailers, on the other hand, need to constantly monitor and update their security systems, educate their employees, and most importantly, ensure transparency with their customers. Together, we can make online shopping safer, not just during Black Friday, but throughout the year.
The post How Cybercriminals Are Shopping for Personal Data This Black Friday appeared first on McAfee Blog.
In a chilling echo of George Orwell’s dystopian novel 1984, it’s possible that Big Brother – or in this case, Big Hacker – might be surveilling you through your own television. Evidence is emerging that Smart TVs can be just as prone to hacking as home computers.
Security analysts Aaron Grattafiori and Josh Yavor from iSEC Partners have spent several months investigating this issue, working alongside Smart TV manufacturers to address potential vulnerabilities. They presented their findings at the recent Black Hat network security conference in Las Vegas. Their demonstration highlighted the worrying tendency of Smart TVs to pry into personal data, whether via web searches, app usage, or even physical surveillance through the built-in camera.
Despite their advanced technology, Smart TVs carry the same risks as their more primitive forebears. The primary culprit is the IP address, which allows these devices to connect with various web apps like Facebook, YouTube, and Skype. The issue is that these apps often run on the same code (such as Javascript or HTML5) as home computers or smartphones, making them susceptible to malware attacks when left unprotected.
While they might look like ordinary TVs, many Smart TVs bear a closer resemblance to laptops, incorporating internet-connected apps, video streaming services, microphones, and even internal cameras. Sure, these features enhance the viewing experience, but they can also present a clear and present danger to your privacy.
Malicious code can easily find its way into your TV through seemingly harmless chat messages or browser searches. Once it’s there, your television is open to several types of spyware. With the right code, a hacker could gain full control over your device, accessing your TV’s cameras and microphones. In essence, they could use your camera to spy on you, turning your own TV into a surveillance device.
Although manufacturers have issued fixes to reinforce the exposed code, no device is 100% secure. The scenario of hackers gaining control over a TV’s cameras and microphones is not just an invasion of privacy but can also lead to potential misuse of personal information. It’s a stark reminder of the importance of protecting our digital presence and understanding the broader implications of IoT devices in our homes. As technology continues to advance, so too must our vigilance in guarding against these emerging threats.
Regular updates are crucial to maintaining the security of your TV and its apps. The digital world is full of bugs waiting for a chance to invade your device, so don’t let outdated apps provide them the perfect entry point. Ensure your apps are updated regularly to maintain your digital fortress.
→ Dig Deeper: Why Software Updates Are So Important
Also, when it comes to Smart TVs, it’s best to use social media sparingly. Video-streaming platforms like Netflix pose less of a threat than social media sites, which are notorious hunting grounds for identity thieves. These criminals often bait their traps with fake offers and tailored “phishing” messages. Whenever possible, restrict social media usage to devices (like your computer, smartphone or tablet) that have comprehensive security protection like McAfee LiveSafe™ service, which safeguards your devices, your identity, and your data.
→ Dig Deeper: Could a Streaming Device Help Hackers Hijack Your TV?
In conclusion, while Smart TVs may be a little too clever for their own good, that doesn’t mean you can’t stay one step ahead. You just need to stay vigilant and informed about potential security threats, so you can enjoy the benefits of your Smart TV without worrying about privacy violations.
With an inbuilt camera and microphone, Smart TVs are capable of providing a stream of surreptitious surveillance data back to both manufacturers as well as potentially unscrupulous cyber criminals. With the right malware code, hackers can turn your TV into a spying device, watching your everyday activities and listening to your private conversations. This is not some fly-by-night conspiracy theory; it is a reality acknowledged by the top security researchers in the world.
It is not just your personal data that is at risk. Smart TVs, due to their inherent connectivity, can also serve as a gateway into your home network. Once hackers infiltrate your Smart TV, they can potentially gain access to your computer, tablet, or smartphone and the personal information within them. This could lead to serious breaches in financial and personal security, making Smart TV hacking a significant threat that should not be taken lightly.
→ Dig Deeper: Are Smart TVs too smart for their own good?
If the thought of your living room turning into a hacker’s surveillance paradise sends a chill down your spine, you’re not alone. The good news is that there are measures you can take to safeguard your privacy and make your Smart TV safe. First and foremost, it’s important to regularly update your TV’s firmware. Manufacturers often release patches that can fix security vulnerabilities, so keeping your TV updated is a crucial step in maintaining your privacy.
Consider disabling certain features on your TV. For instance, if you never use your TV’s camera, it would be prudent to tape it up or disable it entirely in your TV’s settings. Likewise, if your TV has ‘voice recognition’ or ‘motion control’ features, disabling them might be a good idea, as they can potentially be used to spy on you. Remember: the fewer features you activate, the fewer opportunities hackers have to exploit your TV.
One of the best ways to protect yourself is to stay informed about the latest developments in Smart TV security. Attend webinars, read articles, and follow experts in the field to keep abreast of the latest security threats and fixes. By educating yourself, you can stay one step ahead of the hackers and keep your Smart TV safe.
Secondly, make sure to use secure, unique passwords for all of your apps and online accounts. Avoid using personal information that could be easily guessed, such as your name, date of birth, or common phrases. Instead, opt for a mixture of uppercase and lowercase letters, numbers, and special characters to create a strong password. Always remember, a strong password is your first line of defense against cyber attacks.
Today, in the age of hyper-connectivity, even our televisions aren’t just for watching shows anymore; they are portals to the internet, complete with all the associated risks and threats. While Smart TVs offer a myriad of exciting features and functionalities, they also present new avenues for hackers to invade our privacy. But by staying vigilant, regularly updating our devices, using strong passwords, and carefully managing our TV’s features, we can enjoy the benefits of Smart TVs while steering clear of the risks. So, is your Smart TV spying on you? With the right precautions, you can make sure the answer is a resounding ‘No’.
The post Is Your Smart TV Spying on You? appeared first on McAfee Blog.
In recent times, the humble password’s efficacy as a security measure has come under scrutiny. With tendencies to be easily guessed, stolen, or bypassed, passwords have been deemed inadequate for securing sensitive information. Thankfully, more secure alternatives have emerged, with terms such as “two-factor” and “multi-factor” authentication gaining traction.
However, these terms may seem abstract to those unfamiliar with them, potentially leading to confusion about their functions and differences. This article aims to break down these forms of authentication, explaining how they work and how they can enhance online information security.
Before diving into the intricacies of multi-factor and two-factor authentication, it is pertinent to understand their predecessor: single-factor authentication. The simplest form of authentication, single-factor authentication, requires only one factor to verify a user’s identity. Typically, this involves matching a password with a corresponding username, a method used universally for online account logins.
While convenient in its simplicity, single-factor authentication carries glaring security flaws. Easy-to-guess passwords or stolen credentials can lead to unauthorized access, compromising the security of user accounts and confidential information. Hence, it became necessary to introduce additional layers of security to the authentication process, giving rise to two-factor and multi-factor authentication.
→ Dig Deeper: The Optus Data Breach – Steps You Can Take to Protect Yourself
Two-factor authentication augments the simplicity of single-factor authentication with an extra layer of security. Besides providing a password, users are also required to verify their identity with an additional factor that only they possess. This additional factor often takes the form of a unique code sent to the user’s mobile phone.
The rationale behind this method is straightforward: even if a hacker manages to secure a user’s password, they would still require the unique code to gain access. However, it is important to note that this method is not completely foolproof. Crafty hackers able to intercept the unique code or create duplicate websites to steal credentials can still bypass this security measure. Despite these vulnerabilities, the complexities involved in these hacking methods make two-factor authentication considerably safer than its single-factor counterpart.
Also worth mentioning is “true” two-factor authentication, which involves giving users a unique device, such as a security token, that generates a unique code for the user. This code, which changes at set intervals, is matched with a profile in a database, making guessing impossible.
Building upon the concepts of two-factor authentication, multi-factor authentication introduces even more factors for user verification. These factors usually include something that the user possesses and something unique to their physical being, such as a retina or fingerprint scan. Location and time of day can also serve as additional authentication factors.
While the notion of multi-factor authentication may seem like a concept from a science fiction movie, it is already being used extensively, especially by financial institutions. Advancements in camera technology have enabled the implementation of facial recognition as a secure method of recognition, adding another factor to the multi-factor authentication process.
→ Dig Deeper: Banks are Using Biometric Measures to Protect Against Fraud
With the potential vulnerabilities associated with single-factor authentication, implementing two-factor or multi-factor authentication for sensitive online accounts becomes a necessity. These added layers of security help to safeguard your digital information from unscrupulous elements. Two-factor authentication utilizes a password and an extra verification layer, such as a unique code sent to your mobile device, to ensure that you’re indeed the account holder. With multi-factor authentication, additional verification elements are added, such as biometric data or your physical location.
So how do you implement these forms of authentication? Most online service providers now offer two-factor authentication as an option in their security settings. Once you’ve opted for this extra level of security, you’ll be required to input a unique code sent to your mobile device each time you attempt to log in. For multi-factor authentication, the process might require additional steps, such as providing biometric data like facial recognition or fingerprints. However, these extra steps are a small inconvenience compared to the potential risk of your sensitive information being compromised.
→ Dig Deeper: Make a Hacker’s Job Harder with Two-step Verification
Biometric authentication is a subset of multi-factor authentication that relies on unique physical or behavioral traits for verification. Biometric authentication methods include facial recognition, fingerprints, iris scans, voice recognition, and even your typing pattern. These methods are gradually becoming mainstream, with smartphone manufacturers leading the way in implementing fingerprint scanners and facial recognition technology into their devices. Biometric authentication’s edge over traditional passwords lies in its uniqueness; while passwords can be guessed or stolen, biometric traits are unique to each individual.
As with all forms of technology, biometric authentication also has its drawbacks. For instance, it may not always be accurate, as facial features or fingerprints may change over time due to aging or injury. Also, there are valid concerns about privacy and the potential misuse of biometric data if it falls into the wrong hands. However, with proper safeguards and data encryption in place, biometric authentication can be a secure and efficient way to protect online accounts from unauthorized access.
McAfee Pro Tip: Biometric authentication definitely has its strengths and weaknesses, so it’s important to choose the best combination of authentication and security software for your devices and accounts. Learn more about the opportunities and vulnerabilities of biometric authentication.
As our digital footprint grows, so does the need for secure authentication methods. Single-factor authentication, although simple and convenient, is no longer sufficient to protect sensitive online information. Two-factor and multi-factor authentication provide an additional layer of security, significantly reducing the risk of unauthorized access.
Additionally, advancements in biometric technology have introduced a new realm of secure verification methods unique to each individual. Remember, the goal is not to eliminate all risks but to reduce them to a level that’s acceptable and manageable. When setting up your online accounts, always opt for the highest level of security available, whether it’s two-factor, multi-factor, or biometric authentication. Take full advantage of these methods, and ensure you’re doing everything you can to safeguard your digital information.
The post Two-Factor vs. Multi-Factor Authentication: What’s the Difference? appeared first on McAfee Blog.
As we continue to evolve technologically, so do cybercriminals in their never-ending quest to exploit vulnerabilities in our digital lives. The previous years have clearly shown that cybercriminals are increasingly leveraging new technologies and trends to trick their victims. As we move into another year, it’s crucial to be aware of the tried and tested tactics these cyber criminals use and stay prepared against potential threats.
In this article, we delve deeper into one such tactic that remains a favorite among cybercriminals – ‘phishing‘ via emails. We focus on the trickiest and most dangerous email subject lines that have been commonly used in worldwide phishing emails. Recognizing these ‘ baits’ can be your first step towards safeguarding your identity and valuables against cybercriminals. Beware, there are plenty of these ‘phishes’ in the sea, and it helps to be on your guard at all times.
Sending email messages filled with malicious links or infectious attachments remains a dominant strategy among cybercriminals. This strategy, commonly known as ‘phishing,’ is often disguised in a variety of forms. The term ‘Phishing’ is derived from the word ‘Fishing,’ and just like fishing, where bait is thrown in the hope that a fish will bite, phishing is a cyber trick where an email is the bait, and the unsuspecting user is the fish.
Today’s most common phishing scams found by McAfeerevealed that cybercriminals tend to use certain email subject lines more often. Although this does not mean that emails with other subject lines are not harmful, being aware of the most commonly used ones can give you an edge. The key takeaway here is to be vigilant and alert when it comes to all kinds of suspicious emails, not just those with specific subject lines.
Let’s take a look at the top five most commonly used subject lines in worldwide phishing emails. The list will give you an understanding of the varied strategies employed by cybercriminals. The strategies range from social networking invitations to ‘returned mail’ error messages and phony bank notifications. Be aware that these are just the tip of the iceberg and cyber criminals are continuously coming up with new and improved tactics to gain access to your sensitive data.
In the past, cybercriminals used to cast big, untargeted nets in the hopes of trapping as many victims as possible. However, recent trends indicate a shift towards more targeted and custom messages designed to ensnare more victims. A classic example of such a targeted phishing attack is the JP Morgan Chase phishing scam that took place earlier this year.
→ Dig Deeper: Mobile Bankers Beware: A New Phishing Scam Wants Your Money
The fact that phishing scams are still on the rise amplifies the importance of proactive measures to protect our digital assets. As technology advances, these threats continue to evolve, making ongoing vigilance, education, and caution in our online engagements critical in combating the increasing prevalence of such scams.
Phishing emails, often with a guise of urgency or familiarity, cunningly aim to deceive recipients into revealing sensitive information, most commonly, personal identities and financial credentials. These malicious messages are designed to prey on our trust and curiosity, making it crucial to scrutinize each email carefully. Cybercriminals behind phishing schemes are after the keys to both your digital identity and your wallet. They may seek login credentials, credit card details, social security numbers, and other sensitive data, which can lead to identity theft, financial loss, and even broader security breaches. It is essential to exercise caution and rely on best practices for email and internet security to thwart their efforts and safeguard your online presence.
While phishing emails come in a variety of forms, their ultimate goal remains the same: to steal your identity and money. As we move into the New Year, it’s prudent to add a few safety measures to your resolutions list. Protecting yourself from the increasingly sophisticated and customized phishing attacks requires more than awareness.
With an understanding of phishing techniques, the next step is learning how to protect yourself from falling prey to them. Ultimately, you are the first line of defense. If you’re vigilant, you can prevent cyber criminals from stealing your sensitive information. The following are some tips that can help you safeguard your digital life and assets:
First, avoid opening attachments or clicking on links from unknown senders. This is the primary method that cybercriminals use to install malware on your device. If you don’t recognize the sender of an email, or if something seems suspicious, don’t download the attachment or click on the link. Even if you do know the sender, be cautious if the email message seems odd or unexpected. Cybercriminals often hack into email accounts to send malicious links to the victim’s contacts.
Another important practice is to think twice before sharing personal information. If you’re asked for your name, address, banking information, password, or any other sensitive data on a website you accessed from an email, don’t supply this information, as it is likely a phishing attempt. In case of any doubts regarding the authenticity of a request for your information, contact the company directly using a phone number or web address you know to be correct.
Even with the most diligent practices, it’s still possible to fall victim to phishing attacks. Hence, having security nets in place is crucial. Start by being careful on social networks. Cybercriminals often hack into social media accounts and send out phishing links as the account owner. Even if a message appears to come from a friend, be cautious if it looks suspicious, especially if it contains only a link and no text.
Installing comprehensive security software is another essential step. McAfee LiveSafe service, for instance, offers full protection against malware and viruses on multiple devices. This software can be a lifeline if you happen to click a malicious link or download a hazardous attachment from an email.
It’s also a smart idea to regularly update your devices. Updates often contain patches for security vulnerabilities that have been discovered since the last iteration of the software. Cybercriminals are always looking for vulnerabilities to exploit, so keeping your software up-to-date is one of the most effective ways to protect yourself.
McAfee Pro Tip: Always update both your software and devices. First and foremost, software updates often include patches and fixes for vulnerabilities and weaknesses that cybercriminals can exploit. By staying up-to-date, you ensure that you have the latest defenses against evolving threats. Learn more about the importance of software updates.
Phishing attempts are a constant threat in the digital world, and their sophistication continues to evolve. Cybercriminals are relying more on tailored and targeted attacks to deceive their victims. The top five most dangerous email subject lines mentioned above are a clear indicator that criminals are becoming more nuanced in their attempts to trick victims. However, with awareness and vigilance, you can effectively avoid their traps.
Remember, your personal and financial information is valuable. Make sure to protect yourself from phishing attempts by avoiding suspicious links and attachments, thinking twice before sharing your personal information, being cautious on social media, installing comprehensive security software like McAfee+, and keeping all software up-to-date. Being prepared can make all the difference in keeping your digital life secure.
The post Top 5 Most Dangerous Email Subject Lines appeared first on McAfee Blog.
In the last decade, the proliferation of smartphones and mobile devices has revolutionized the way we interact with the digital world. The debate between the mobile web and native apps has become increasingly relevant, with each approach offering unique advantages and disadvantages. The choice between implementing a mobile website or a native app depends largely on your end goals. Each possesses key attributes and functions that can affect not only user experience but also online safety.
This article aims to provide a comprehensive comparison between mobile web and native apps, with a particular emphasis on how each can impact your online safety. The objective here is to arm you with knowledge to make informed decisions regarding your digital path. Let’s delve deeper into these two digital mediums, analyze their features, and look at a critical aspect – online safety in the era of increasing cyber threats.
As smartphones and tablets have proliferated, so has the importance of optimizing web content for these portable platforms. Understanding the mobile web involves delving into the unique challenges and opportunities presented by mobile devices, exploring the ways in which users engage with content on smaller screens, and recognizing the impact of mobile technology on the broader digital landscape.
→ Dig Deeper: How the Proliferation of Mobile Devices is Impacting Consumer Security
The mobile web refers to browser-based internet services accessed from handheld mobile devices, such as smartphones or tablets, through a mobile or other wireless network. Essentially, it’s a website that you access through a web browser on your mobile device. These sites are typically written in HTML5 and can display text content, images, video, and data just like any desktop website.
Mobile websites are designed to work on any device, making them universally accessible. They are responsive by nature, meaning they adjust their layout to fit any screen size. This is a significant advantage to businesses as it allows for a broader audience reach, regardless of the device a consumer uses.
McAfee Pro Tip: While you may be familiar with anti-spyware and antivirus tools that react after a threat emerges, opting for a secure browsing tool is optimal for enhancing your web security. Learn more about safe browsing.
One of the standout features of the mobile web is its universal accessibility. A user can access the mobile web from any device with an internet connection and a web browser. This creates a high level of convenience as there’s no need for downloading or installing anything.
→ Dig Deeper: Celebrate National Download Day With This Safe Downloading Checklist
Another major advantage of mobile web is easy updates. Changes to the content or design of a mobile website can be published instantly and are immediately visible to users. This is a significant boon for businesses that need to make frequent updates to their site, ensuring their audience always has the most current information at their fingertips.
Now, let’s explore what constitutes a native app that lays the foundation for understanding its distinct characteristics, advantages, and limitations compared to mobile apps.
Native apps are applications developed for specific platforms or devices. Because they’re built for a particular operating system, they can take full advantage of all the device features — they can use the camera, the GPS, the accelerometer, the compass, the list of contacts, and so on. They also incorporate gestures – either standard operating-system gestures or new, app-defined gestures.
Besides, native apps can use the device’s notification system and can work offline. They also have direct access to application stores, which makes app distribution easier. As they are tailored to the platform, they have the look and feel of the operating system, leading to better performance and a better user experience overall.
Native apps offer a high degree of reliability and fast performance. They are more efficient as they store their data directly on the device. This leads to a better user experience as users can navigate the app smoothly and without loading delays. Moreover, native apps allow for deeper integration with the device’s system, making maximum use of all the device’s hardware capabilities.
Another key advantage is the ability to work offline. Unlike mobile websites that require an internet connection, native apps can function offline, providing continuous access to their content and features. This can prove useful in situations where connectivity is limited or unavailable.
Taking a closer look at mobile web and native apps, it’s evident that each method caters to different needs and situations. While the mobile web is universally accessible and easy to update, native apps provide a more integrated user experience and the ability to work offline. Depending on the nature of your digital project, you may lean towards one over the other.
It’s essential to consider the nature of your project, target audience, and key objectives before choosing between a mobile website or a native app. In the next section, we will cover a crucial topic that significantly impacts the decision between these two mediums – online safety.
Figuring out whether to go for the Mobile Web or Native Apps is a real head-scratcher. And let’s be real: we’ve all got safety concerns while cruising the digital highway. This dive is about checking out what’s what when it comes to staying safe online with the mobile web and native apps.
When it comes to online safety, the mobile web offers quite a few advantages and some risks as well. Since mobile websites are accessed via browsers, they are generally subject to the same security measures that web browsers employ. Browsers are being updated regularly to fix bugs and respond to new threats, and they also typically include features like pop-up blockers and phishing filters. Moreover, since users don’t need to download anything to use a mobile website, the risk of downloading malicious software is significantly reduced.
However, the mobile web is not exempt from threats. Cybercriminals can create rogue websites that look like legitimate sites to trick users into entering their credentials or personal information. Users might also encounter malicious ads that try to install unwanted software or direct users to harmful websites. Therefore, users must exercise caution when visiting new websites and clicking on links.
Native apps, on the other hand, offer a different set of security considerations. Since they are downloaded from app stores, they generally go through an approval process that aims to remove any malicious software. App stores also often provide user reviews, which can give potential downloaders insight into any potential issues or security concerns. Once downloaded, native apps can function offline, reducing the risk of threats that rely on internet connectivity.
Nonetheless, native apps are not free from risks either. Although app stores have vetting processes, some malicious apps manage to slip through the cracks. Furthermore, users may unintentionally grant permissions to apps that allow them access to sensitive information on the device. Therefore, users need to be careful about what apps they download and what permissions they grant.
Understanding the unique risks and protective measures associated with each app and platform is crucial in empowering users to make informed choices and ensuring the integrity of their digital experiences. Let’s shed light on the considerations that may arise when engaging with the mobile web and native apps in an increasingly interconnected world.
There are several measures users can take to enhance their safety when using the mobile web. First and foremost, it’s crucial to use a secure browser. A secure browser will utilize encryption to protect your data and will receive updates to combat new security threats. Additionally, users should be wary of the websites they visit and the links they click on. Ensuring that the website is using secure HTTPS protocol rather than unsecured HTTP can also enhance safety.
Furthermore, users should be careful with providing personal information. Giving out sensitive information should only be done on secure sites, and only when necessary. Using strong and unique passwords can also help protect your data. Finally, consider using a trusted VPN to encrypt your online activity and shield your data from potential eavesdroppers or hackers.
Just as with the mobile web, there are precautions to take when using native apps. Firstly, download apps only from trusted sources, like official app stores. Even then, be sure to check user ratings and reviews for any red flags. Be cautious of the permissions the app asks for; if an app requests permissions that seem unrelated to its functionality, it’s best to reconsider the download.
It’s also important to keep your apps updated. Updates often include security patches that protect against newly discovered threats. For extra security, consider using a mobile security app. These apps can provide features like virus scanning, remote data wiping, and other security tools. However, similar to other apps, only download security apps from trusted sources.
→ Dig Deeper: Why Software Updates Are So Important
Both the mobile web and native apps offer unique advantages in terms of user experience and accessibility. However, they both also come with their own sets of security considerations. It’s not a matter of which method is inherently safer, but how you use them. By staying informed about potential threats and following safety guidelines, you can enjoy a safe and secure digital experience whether you’re browsing the mobile web or using a native app.
Remember: Keep your browsers and apps updated, be cautious of the websites you visit and the apps you download, pay attention to the information you share and permissions you grant, and consider using additional security tools like secure browsers, VPNs, and security apps. At the end of the day, your online safety is in your hands.
The post The Mobile Web vs. Native Apps appeared first on McAfee Blog.
Imagine this. You’re 15, feeling unsure about yourself in the world, possibly even a little lonely. One day, a pretty girl starts messaging you on Instagram. She’s kind and funny. She has pets and several happy snaps of her friends and family on her profile – so she looks ‘normal’. Messages are running pretty hot for a few days and you’re loving it. You’re getting on well and are so pumped that someone likes you for you. But then she asks for a nude pic of you, including your face. You’re unsure what to do but don’t want to lose the vibe with this great girl. So, you send it. But there’s a big problem. The ‘normal’ looking girl is in fact a scammer.
In 2022, the Australian Centre to Counter Child Exploitation (ACCCE) averaged more than 100 reports of sextortion every month in 2022. But Australian law enforcement authorities believe the real statistics may in fact be much higher with many estimating than less than 25% of cases are reported. Australian Federal Police Commander Hilda Sirec said that data showed more than 90% of victims were male and aged predominantly between 15 and 17 years of age. Police have seen victims as young as 10 years old.
Sextortion or sexual extortion is a form of blackmail where someone threatens to share a nude or sexual image of yourself unless you meet their demands. Often the victim is tricked or coerced into sending the images. Offenders may demand money, more images or in-person sexual favours. Sexual images may also be captured while a young person is on live stream or video. This is known as ‘capping’.
At the risk of stating the obvious, this can be an incredibly stressful process for the victim. Many offenders have mastered the art of manipulation and can make the victim feel like there is no way out of the situation. The constant threat of sharing content with family and friends coupled with the relentless demands can understandably, send many young people into a mental health tailspin. The shame and embarrassment are all consuming. Many victims feel like they have done something wrong and will be punished by parents and/or prosecuted by police if anyone finds out.
The sextortion trend is not isolated to Australia. There is currently a global trend of sextortion targeting teenage boys to send sexual images and threatening to share them unless they pay up. Organised crime syndicates are believed to be behind the trend, having diversified from just targeting adults.
In December 2022, the Australian Federal Police revealed that more than 500 Australian bank accounts, financial services and digital currency accounts linked to sextortion syndicates targeting Aussie teens had been shut down.
If your child is a victim, praise them for being brave and coming to you for help. And be grateful that you have an opportunity to help them! Here is what else I suggest:
The most important thing to do is commit to supporting your teen. Reassure them that you will help them, that they are not in trouble, and that you’ll protect them.
Help your teen collect as much proof as possible. Take screenshots of all interactions. These will be essential to help identify the perpetrator.
Contact your local police station or the Australian Centre to Counter Child Exploitation (ACCCE) and report the incident. Please reassure your teen that they will not be prosecuted despite the fact they shared intimate content. Reporting the crime could prevent other teens becoming victims.
All contact with the person blackmailing your teen needs to stop ASAP.
Under no circumstance should you pay the blackmailer, give them more money or more intimate content – despite their demands.
The ACCCE has developed an online blackmail and sexual exploitation response kit. You can access a copy here.
In my opinion, the best way to get ahead of this disturbing trend is to focus on prevention. So, why not take the time to ensure your teens have the privacy settings on all their social media accounts set to ‘friends only’ or ‘private’? That way, they can’t be contacted by anyone they don’t know. Also, remind your kids that friends they meet online can’t be trusted like real ‘in-person’ friends so no sharing of personal information.
And keep the communication open and regular. If your kids know you are genuinely interested in all aspects of their life – both online and offline – and that you have their back, then they are far more likely to come to you if and when there is a problem. And isn’t that what we are here for? To help them navigate the tricky stuff.
Happy digital parenting
Alex
The post Sextortion – What Every Parent Needs To Know appeared first on McAfee Blog.
This is the final in a series of three articles covering digital wellness programs in the workplace. Here we explore what organizations have to say about online protection and the role that digital wellness plays in their workplace today.
The top three benefits in the workplace today? Healthcare and retirement benefits are easy picks. Yet weighing in a strong third — digital wellness benefits.
HR pros list digital wellness as a top-three benefit in the workplace, ranking only behind healthcare and retirement benefits.
That’s one of the many findings we revealed in our joint research with HR.com, conducted in the first quarter of 2023. We reached out to nearly 250 HR pros who are knowledgeable about benefits, data privacy, and cybersecurity in organizations of 1,000 employees or more. Across the board, they said digital wellness plays an important role in their organization for several reasons. Collectively, they said it’s effective or highly effective at enhancing security (94%), retaining employees (87%), and improving employee safety and wellbeing (86%).
Moreover, 96% of them say that digital wellness in the workplace is more important than ever.
With that, we also gained a sense as to deeply rooted remote and hybrid work have become. We found that 71% of organizations have at least a quarter of their workforce working remotely at least some of the time. Given that 1 in 2 employees worldwide use at least one personal device for work, it makes sense that HR pros have prioritized digital wellness in their organizations.
Yet what does a digital wellness benefit entail?
As shared in our earlier article, we found little consistency between digital wellness offerings. The most common initiative HR pros employ is offering antivirus software, yet even that was reported by only 60% of organizations. The list breaks down as follows from there:
One item on this list particularly stands out. Note how educating employees about phishing scams ranks so low, at 48%. Compare that to the 61% of HR pros who said that human error, such as falling victim to a phishing attack, led to a cybersecurity breach. From there, more than half said that breach led to a financial loss.
So, which of the above provides the underpinnings of a strong digital wellness benefit? The answer to that is “yes to all.” And more.
When it comes to digital wellness, it’s easy to think of things like antivirus, a VPN, and other technology-driven solutions. Certainly, it’s that. Yet it’s much more. A strong digital wellness offering protects more than devices and things. It protects people. Because people are human, and human error can lead to security issues.
Organizations have IT teams tasked with securing networks, data, and devices. They put protections and policies in place to protect technology. To some extent, they factor in the human element as well. Yet to fully factor in the human element, that calls for HR to partner with IT. Together they can build out a digital wellness benefit that complements the protections IT puts in place.
Organizations can often roll out digital wellness initiatives at relatively low cost, yet they require support to get them started. That begins by making the case for digital wellness benefits with leadership.
Throughout this series of articles, we uncovered how the post-pandemic world has transformed the way employees use the internet, the importance they place on digital wellness, and the reasons they welcome it as a benefit. We also pointed out that digital wellness finds itself as a top-three benefit in the wake of this new internet usage. Together, these articles can help you make the overarching case to leadership — illustrating that digital wellness is vital not only for organizational security, but for attracting and retaining talent as well.
From there, working alongside IT can help you make the specific case for your organization, as part of a three-step approach:
1. Partner with IT.
IT leadership and teams in IT will have insight into the ways employees can improve their security habits. Moreover, they’ll have a sense of which employee security issues are the most pressing. By forming these insights into a list, HR can prioritize initiatives. Then it can use its expertise in incentives, training, and communication to create a culture that minimizes security lapses.
IT can assist HR in other ways, such as with auditing. HR teams can gain insight into the number of personal devices used in the organization. With that, we can advocate for initiatives that can protect them while they use those devices, such as offering online protection software.
2. Offer comprehensive online protection software.
Antivirus, personal data cleanup, and a VPN — HR pros mentioned those initiatives and several others on the list we shared above. Comprehensive online protection like ours covers all those initiatives and then some. All in one proverbial box. With deeper features like identity monitoring, transaction monitoring, and cleaning up old online accounts, it can form the cornerstone of a digital wellness benefit. And at relatively low cost per person.
Moreover, comprehensive online protection can help address human error. McAfee Scam Protection uses artificial intelligence (AI) to combat those phishing attacks. It automatically detects scam texts and can block risky links in emails, social media, and more—which often lead to sites that steal sensitive and financial info.
In all, today’s online protection offers far, far more than antivirus. It protects the employee by protecting their devices, privacy, and personal info.
3. Consider making digital wellness part of your core or voluntary benefits.
Organizations that offer digital wellness as part of their benefits tend to be more confident in the security of personal devices. Among the HR pros who said they offer digital wellness as a core benefit, 78% felt that personal devices are very secure, compared to 64% of those with voluntary benefits, and 59% of those with no digital wellness benefits.
At the root of that feeling is knowledge. Knowledge that employees are empirically safer from hacks, attacks, and identity theft because they have comprehensive online protection like ours. And should they become a victim of identity theft, they have a licensed identity restoration expert who can help them resolve it — and reimburse funds stolen per their protection plan. That puts employees in a better place. Which helps put the organization in a better place as well.
Digital wellness can reduce the stress that comes from loss or the unknown, which enables richer, safer, and happier lives. That puts digital wellness in close company with already established mental and financial wellness benefits, making it part of an attractive benefits package overall. Particularly as people spend nearly seven hours online each day on average — conducting sensitive personal and professional matters there at historic highs.
Digital wellness is crucial for organizations as well. As our research uncovered, many breaches occur because of human error, which often leads to disruptions and financial losses.
The case for digital wellness has only become stronger in recent years, and many organizations have taken their first steps to develop it as a benefit. As our research indicates, the organizations that do benefit as well.
The Benefits of Protection – The Case for Digital Wellness in the Workplace
The Benefits of Protection – Why Employees Place a High Value on Digital Wellness
Want to learn more? Visit us at https://www.mcafee.com/en-us/resources/digital-wellness.html or reach out to EmployeeBenefits@mcafee.com.
The post The Benefits of Protection – How Organizations Gain from Digital Wellness appeared first on McAfee Blog.
Sick and tired of scam messages? So are the 54% of Americans who said they’d rather get a root canal than fall for one of those scams.
That’s one of the striking findings we uncovered in our Global Scam Message Study. We surveyed more than 7,000 adults worldwide — including more than 1,000 in the U.S. for their thoughts on scam messages and texts. And just how painful they are.
If it seems like you’re getting more scam messages than before, you’re not alone. We found that Americans receive an average of 11.6 fake messages or scams each day. And it’s getting tougher to tell what’s real and what’s fake. More than 80% of Americans said that it’s harder than ever to spot if a text, email, or social media message is a scam.
What’s driving this fresh flood of increasingly believable scam messages? AI – and if you’ve tuned into our blogs this past year, that likely comes as little surprise.
As we’ve reported, the bad actors out there have supercharged their scams with AI tools. Effectively, AI makes it far easier to spin up their scams in two significant ways:
With that comes the inevitable fallout. Two-thirds (65%) of Americans have clicked or fallen for a scam. Of them, 45% lost money as a result, and 15% of them lost more than $1,000.
Now, about that root canal stat. People who fall victim to online messaging scams really do find it painful. Particularly as the time and money lost to those scams take their toll. Some people found them so painful, they said they’d rather deal with the following instead:
Ouch. You probably have your own answer to this “would you rather” question, but clearly people feel pretty fed up with this deluge of scam messaging.
You can get a little more insight into those feelings by looking at all the time they waste. Our study found that the average American spends more than an hour-and-a-half each week reviewing, verifying, or deciding whether the messages they get are real or fake.
Realistically, that’s the equivalent of watching a short feature film or streaming three shows — or 94 minutes spent doing just about anything else. Add that up, and it amounts to more than two full work weeks each year spent on scam-spotting.
Specifically, we found:
With the increased volume and more advanced appearance of scam messages, only 35% of Americans have avoided clicking on or falling for fake messages in the last year.
This sophisticated trickery takes five common forms. Below, you can see the types of messages people in the U.S. said they received in the past year:
In line with these findings, 65% of survey respondents have believed that one or more scam messages they got were real. The messages they believed the most were:
With scams evolving into increasingly clever forms, 40% of U.S. survey respondents said their trust in digital communications has decreased. Put another way, 55% of people believe they have a better shot at solving the Rubik’s Cube than identifying a scam message. We further found:
In all, AI has made the murky world of online scams that much murkier. And sadly, that’s partly ruined people’s time online. They spend a part of each day trying to decide if what they’re reading is real or fake. However, you can take a few straightforward steps that can spare you the pain — and without having a root canal instead.
Think before you click.
Cybercriminals use phishing emails or fake sites to lure people into clicking links that might lead to malware. If you receive an email or text message asking you to click on a link, it’s best to avoid interacting with the message altogether. Particularly if it’s a great-sounding deal or promises useful info. Always go direct to the source and interact with reputable companies.
Remember that if it seems too good to be true, it probably is.
Many scams are effective because the scammer creates a false sense of urgency or preys on a heightened emotional state. Pause before you rush to interact with any message that is threatening or urgent, especially if it is from an unknown or unlikely sender.
Go “unlisted.”
Scammers have to get your contact info from somewhere. Often, they get it from online data brokers and other “people finder” sites. These sites collect and sell massive amounts of personal info to any buyer. You can remove that info from some of the riskiest data brokers with our Personal Data Cleanup service. It can help you remove that info, and with select products it can even manage the removal for you. Likewise, set your social media accounts to “friends and family” only so that your profile info doesn’t show up in search results.
Use AI to beat AI.
From blocking dangerous links that appear in text messages, social media, or web browsers, you have AI on your side. McAfee Scam Protection automatically identifies and alerts you if it detects a dangerous URL in your text. No more wondering if a delivery message or bank notification text is real or not. McAfee’s patented AI technology instantaneously detects malicious links to stop you before you click by sending an alert message. It’ll even block risky sites if you accidentally click on a scam link in a text, email, social media, and more. You’ll find it in our online protection plans like our award-winning McAfee+ subscriptions.
Root canals and Rubik’s Cubes aside, you can protect yourself against AI messaging scams. Even as these scams look more and more like the real thing, the same protections apply. In fact, you have new AI-driven tools that can keep you safer too. If there’s one thing we’ve talked about in our blogs plenty as of late, it’s how AI works both ways. While scammers have their AI tools for hoodwinking you, you have AI tools that can keep you safer too.
It’s easy to feel a little helpless with all these AI scams floating about. Yet you really can take far more control than you might think. In fact, online protection software like ours is the most sophisticated it’s ever been. It’s truly an all-in-one fix for protecting your devices, privacy, and identity — and for keeping scam messages at bay.
The post Scam Texts Are More Painful Than Getting a Root Canal appeared first on McAfee Blog.
In workplaces around the world, employees agree — they feel strongly about online protection.
Our joint research with Statista puts a figure to that feeling. Worldwide, 80% or more of employees said that online protection was important or very important to them. Based on what we saw in our previous article in the series, that comes as little surprise.
There, we covered how much time they spend online. Nearly seven hours a day on average. What’s more, they’re spending more time doing more important things. They’re managing their finances, doing their shopping, tracking their health, and even visiting their doctors online. And at historically high rates that only continue to climb.
Yet with that increased activity has come increased risk. Our research found that 27% of employees worldwide said they were a victim of cybercrime. A mix of data theft, malware, phishing, and targeted spearphishing attacks led the way. Strikingly, more than half of employees in the U.S. reported the theft of sensitive info (54%).
Of note for organizations, our research found that 1 in 2 employees use one or more personal devices for work as well. Most often that was an Android (60%) or Windows (55%) device. iOS devices featured prominently as well at 33%.
This makes a strong case for offering comprehensive online protection as part of a digital wellness program. Employers gain the confidence that their employees are protected regardless of which device they use. Employees gain the protection they want, and need, to stay safe online in the workplace and across their daily lives. Both benefit.
Just as organizations have protection measures in place to protect employees on business devices, comprehensive online protection does the same for their personal devices. In this way, organizations gain the assurance that their employees are protected across practically every device they use, wherever they use them.
So, what does comprehensive protection look like? Comprehensive online protection like ours goes beyond antivirus. It protects the whole employee, by protecting their devices, their privacy, and their personal info. Within that, it covers the top online protection measures that employees want most. As found in our research with Statista, the top five measures they want include:
It further includes more features that they might not be aware of yet that can benefit them greatly. A few examples:
Comprehensive online protection offers an added layer of protection for employees, whether they work remotely, in a hybrid role, or in the office. Employees see that as a big benefit.
Employers know quite well that attractive benefits packages help attract and retain great employees. Likewise, employees said much the same in our research. Globally, 4 out of 5 employees said that benefits are key to joining and staying with an employer.
Specific to online protection and digital wellness, 55% of employees cited online protection as an important benefit. That puts it in close association with other core benefits. In India, Brazil, and Australia, online protection is closely linked with healthcare and paid leave. In the U.S. and European countries, 2 in 5 employees consider online digital protection tied to core employee benefits such as paid leave and bonuses.
Employees broadly acknowledged that this kind of protection benefits their employers as well. More than half said that they were interested in online protection because it can protect data and networks from unauthorized access (67%). More than half (52%) said that it could help them avoid unknowingly risky behaviors that might endanger their work.
Comprehensive online protection as part of a digital wellness program can benefit employees and employers alike. Employees see the value in it as they increasingly handle sensitive and personal matters online, ranging from their finances to their health and wellness.
With that increased reliance on the internet comes increased risk of hacks, attacks, and scams. Online protection can reduce those risks significantly. It helps prevent cyberattacks that can rob employees of their time and money as they attempt to recover from an attack. And it provides a clear path forward with restorative measures in the event of a data breach or identity theft.
Aside from offering a benefit that employees highly value, organizations can realize benefits of their own when they offer comprehensive online protection. They’ll have employees who’re unburdened and undistracted from disruptive attacks. Moreover, they’ll extend protections to personal devices that their employees use. Devices that half of them use for work and personal purposes.
In our next article, we’ll help you make the business case for online protection and digital wellness programs from an organizational standpoint. Based on interviews with organizations of varying verticals and sizes, we’ll see what they had to say about the role that digital wellness plays in their workplace today.
Editor’s note: Want to learn more? Visit us at https://www.mcafee.com/en-us/resources/digital-wellness.html or reach out to EmployeeBenefits@mcafee.com.
The post The Benefits of Protection – Why Employees Place a High Value on Digital Wellness appeared first on McAfee Blog.
A simple click of a link can’t cause any trouble, right? Wrong.
It doesn’t matter if you quickly close out of a window. It doesn’t matter if you only take a quick peek and don’t touch anything else while you’re on a risky webpage. Often, just clicking on a single link can compromise your device, online privacy, and even your identity.
Here’s everything you need to know to steer clear of malicious links and the viruses, malware and other problems that they may contain.
What Is a Risky Link?
A risky link is any hyperlink that redirects you to an unexpected webpage. Often, these webpages trick visitors into divulging personal information or the webpages download malicious payloads (viruses, malware, spyware, etc.) onto devices. While they often appear in phishing emails and texts, risky links can pop up anywhere: on social media, in comment sections, or on risky websites.
What Happens If You Click on a Risky Link?
A few nasty tricks, viruses, and malware could be lurking behind risky links. All it takes to fall for a cyber scheme is to click on a link. For example, a malicious link could bring you to a fake login page. This is a way for a phisher to steal your username, password, or answers to your security questions. Instead of logging into your bank account or an online shopping account, you’re actually handing your login credentials right to a scammer. From there, they could walk into your accounts, make purchases in your name, or steal your sensitive personally identifiable information (PII) attached to your account.
If a risky link downloads a virus or malware to your device, the effects could vary. Some viruses bring your device to a crawl and seriously limit your computing power. Mobile malware is a vast category of malicious software and it often makes its way onto devices through infected links. Malware can spy on you, watch your keystrokes, attach your device to a botnet, and overall compromise your device and the information it stores.
How Do You Steer Clear of Risky Links?
Avoiding risky links requires that you slow down and think before you click on anything. Scammers and phishers disguise their malicious links to look legitimate making them difficult to spot. Artificial intelligence tools like ChatGPT and Bard are making phishing correspondences more believable than attempts from a few years ago. If you move too fast, you could fall for scams that you’d normally sniff out if you were taking your time.
Here are a few tips that’ll go a long way toward keeping your device and PII out of the hands of cybercriminals.
What Tool Can Give You Peace of Mind?
McAfee Scam Protection fights malicious links with artificial intelligence-powered proactive alerts and automatic protection. The more you use it, the smarter McAfee Scam Protection becomes. When it detects a scam link in your texts, emails, or on social media, McAfee Scam Protection automatically alerts you to it. Additionally, if you accidentally click on a scam link, the app will block the malicious webpage from loading, protecting your device and online privacy from invaders.
Confidence in your ability to avoid or block risky links will go a long way toward lessening any unease you have about navigating the conveniences and entertainment the internet offers.
The post What Are the Risks of Clicking on Malicious Links? appeared first on McAfee Blog.
This is the first in a series of three articles covering digital wellness programs in the workplace. Here we take a broad look at today’s online trends — and reveal why digital wellness is now just as vital as physical, mental, and financial wellness programs.
What once got done in person, now gets done online. And at historic levels. There’s no question that the pandemic transformed face-to-face interactions into face-to-screen interactions. Not to mention that it ushered in the advent of remote work on a massive scale. Yet even with the pandemic behind us and people largely returning to their places of work, that transformation remains squarely in place.
Today, we conduct more of our lives online than ever before. That makes protecting life online more important than ever before.
Yet in a time of data breaches, identity theft, and online scams of all stripes, online protection can seem complicated. That’s why employees welcome digital wellness as a benefit. It can help them fix weak spots in their security, protect their privacy, and put them in control of their personal data.
Simply put, employees welcome the help.
Our research with Statista found that 54% of employees worldwide said that online protection is an important or very important benefit. That should come as no surprise, particularly as we take care of increasingly important things online.
What does that look like?
First, we can look at how we bank and shop online. Projections estimate that more than 3.5 billion people worldwide will bank online by 2024, driven in large part by online-only banks. Global e-commerce sales continue to climb with revenues topping more than $5.7 trillion in U.S. dollars. That growth continues at an estimated compound annual growth rate (CAGR) of 11.34%.
And that’s just for starters.
Increasingly, we track our health and wellness with connected devices too — like workouts on our phones and biometrics on wearable devices. Worldwide, people own more than a billion wearable connected devices. Taking that a step further, we visit the doctor online now as well. The old-fashioned house call has become the modern-day Zoom call. Our recent research found that 75% of people surveyed in early 2023 said they’ve used telehealth services in the past year.
In all, we trust the internet with some of our most important tasks. We even trust our homes to it. More than 300 million households run their day with the assistance of smart devices, like smart speakers, smart appliances, and smart deadbolt locks.
Finally, we can point to the complicated factor of remote and hybrid work. Our joint research with HR.com found that 98% of organizations surveyed have at least one or more employees who work remotely. Additional research cited by Forbes indicates that nearly 13% of full-time employees work remotely, while more than 28% work in a hybrid model. As a result, work devices inevitably get used for some personal purposes — just as personal devices get used for some professional purposes.
That adds up to an average of nearly seven hours a day spent online.
It’s little wonder that so many companies continue to show growing interest in digital wellness programs. People find themselves exposed to plenty of risk as they conduct personal business and professional business across the devices they use throughout the day.
However, what makes up digital wellness and what it offers remains loosely defined.
Where do digital wellness programs stand in the workplace today? They share much with the state of financial wellness programs about ten years ago.
At the time, financial wellness was largely unknown. Further, companies were unsure if or how it played a part underneath the umbrella of “wellbeing.” Then changes came along. People saw how financial activities and planning can have a major impact on a person’s quality of life. Today, financial wellness is just as concrete as physical and mental wellness as benefits in the workplace.
Digital wellness now finds itself in the same evolution cycle that financial wellness entered a decade ago. It’s a concrete pillar underneath “wellbeing” much for the same reasons financial wellness is. Digital wellness reduces stress from loss or the unknown and enables richer, safer, and happier lives.
With that, today’s threats have evolved as well. While viruses and malware remain a problem, today’s bad actors are out for bigger games. Like stealing personal and financial info for identity theft. Or grifting detailed info from data brokers who compile and sell data linked to millions of people — with up to thousands of entries for each person.
We’ve also seen the onset of artificial intelligence (AI) in attacks. Fraudsters have used AI as the capstone of convincing voice, image, and video scams. Hackers now generate malware code using AI tools as well. Combine that with the multitude of ways people spend their time online, it’s clear why today’s online crooks tamper with people’s data, privacy, and identity at unprecedented rates.
HR professionals at organizations are aware of this. Given this climate, 55% of HR professionals said they provide it as part of their organization’s core benefits offerings. Another 36% say it’s part of their organization’s voluntary benefits offerings. Yet their offerings vary greatly.
Our research respondents said that they have five different digital wellness initiatives on average. Yet we found little consistency between them. Only 60% of respondents provided the same initiatives. The top responses: antivirus software, personal data cleanup, protection for work devices, and instruction on digital best practices. This illustrates that digital wellness programs are indeed in those early stages of development.
Digital wellness protects the person. This definition provides the basis for any comprehensive digital wellness offering.
More than offering antivirus or a VPN as a benefit, digital wellness protects the lives that employees live online. It helps prevent the things that can absolutely upend a person’s life online, like hacks, malware attacks, and online scams. And if someone falls victim to a data breach or identity theft, it provides a clear path forward with restorative measures.
People simply want to enjoy their time online without worrying about the risks. Yet if not looked after, gaps in their digital wellness can drive huge financial and mental stresses. For example, consider how identity theft steals more than money. It steals time, robbing a victim of their focus on other parts of their home and work lives as they struggle to recover.
As such, a digital wellness program that provides preventative and restorative measures. Often with comprehensive online protection like ours as a cornerstone offering.
Yet we can extend the definition further. It can also entail a healthy relationship with the internet. Balancing time spent there with other aspects of life, which can help relieve stress and burnout as well. Respondents in our HR.com research found this aspect of digital wellness appealing. Nearly half said that establishing a healthy relationship with technology is a key aspect of digital wellness — recognizing that this requires ongoing education.
Certainly, a comprehensive and successful digital wellness program protects the whole person, not just their devices.
For organizations that want to create this kind of digital wellness program, we offer up this series of articles. Our aim is to load you up with insights that can make the business case for putting one in place. You’ll see how employers and employees agree there’s a real need for it — and that everyone stands to benefit.
Look for our next article in the series.
Want to learn more? Visit us at https://www.mcafee.com/en-us/resources/digital-wellness.html or reach out to EmployeeBenefits@mcafee.com.
The post The Benefits of Protection – The Case for Digital Wellness in the Workplace appeared first on McAfee Blog.
AI is on your side. In fact, it’s kept you safer online for some time now.
Now that scammers and hackers have gotten their hands on AI tools, they understandably get their share of headlines. Rightfully so. AI tools have helped them scale up their attacks while also making them look and feel increasingly sophisticated.
Meanwhile, at McAfee, we’ve used AI as a core component of our protection for years now. As such, it’s done plenty for you over the years. AI has sniffed out viruses, malicious websites, and sketchy content online. It’s helped steer you clear of malicious websites too.
Now we’ve made improvements to our AI-driven protection—and unveiled an all-new feature that takes full advantage of AI, McAfee Scam Protection.
AI is indeed on your side. A quick tour will show you how.
AI-driven protection quashes threats in three ways:
So, what does AI-driven protection look like in the real world?
AI can identify malicious websites and links before you can connect to them. It can prevent new forms of ransomware from encrypting your photos and files. And it can let you know when the link you got in that text is a total fake.
In combination with our security engineers and teams, AI really on your side.
As part of our product launch a few weeks ago, we created advances in one or our AI-driven protections and released an entirely new AI-driven protection as well.
McAfee Next-gen Threat Protection: McAfee’s AI-powered security just got faster and stronger. Our Next-gen Threat Protection takes up less disk space, reduces its background processes by 75%, and scans 3x faster than before. This makes your time online safer without slowing down your browsing, shopping, streaming, and gaming.
As for strength, it offers 100% protection against zero-day threats and 100% against threats released in the past month (AV-TEST results, June 2023). You’ll find it across all our products that have antivirus included.
McAfee Scam Protection: McAfee’s patented and powerful AI technology helps you stay safer amidst the rise in phishing scams. Including phishing scams generated by AI. It detects suspicious URLs in texts before they’re opened or clicked on. No more guessing if that text you just got is real or fake.
And if you accidentally click on a suspicious link in a text, email, social media, or browser search, it blocks the scam site from loading. You’ll find McAfee Scam Protection across our McAfee+ plans.
In addition to AI-driven improvements, we also released several new features. Together they help you protect your privacy, lock down your identity, and set up your McAfee software for the best security.
Hackers might be making headlines as they cook up new attacks with AI, yet maybe it’s time to flip the script this once. AI works for you and can keep you safer online.
Whether hackers try to hit you with ransomware or scammers pepper you with phony messages, AI can help keep you from harm. In conjunction with other advanced features that protect your privacy and identity, AI makes for powerful protection.
The post Advances in Our Use of AI Keep You Even Safer Online appeared first on McAfee Blog.
Every day, life for many consumers has become more “digital” than before—this has made day-to-day tasks easier for many of us, but it also creates new challenges. From online banking to medical records, protecting our private, personal information is imperative.
Too often, the same password is used for multiple online accounts—for instance, you might log in to your online banking site with the same password you use for your personal email account. In a McAfee survey, 34% of people reported that they use the same password for multiple online accounts. Using identical passwords is convenient for us as users, but it’s also convenient for any hacker trying to steal personal information—once a hacker has access to one of your accounts, he can use a recycled password to snoop around at will.
Certainly, using more than one password and passphrases that include a mix of upper and lower case letters, numbers, and symbols and is at least ten characters in length goes a long way towards keeping malicious people at bay, but unfortunately, merely adding variety to your login information doesn’t guarantee security. In The Easiest Ways to Not Get Hacked, author Rebecca Greenfield included this chart showing just how much difference one character in length makes:
One of the most important accounts to keep secure is your primary email account—and here’s why: sooner or later, we all have to use the “I forgot my password” option, which typically sends a password reset email.
A hacker only needs to crack the password for your primary email account, and he’ll be able to access any of your other secure accounts simply by clicking the “forgot password” button when he sees it. This is known as a single point of failure, meaning it’s the one piece in any system that can bring down your whole system.
McAfee Pro Tip: If you’re having trouble remembering all your complex passwords on multiple accounts, a password manager can help you save time and effort while securing your accounts and devices. Learn more about McAfee’s password manager.
Establishing a separate email account for registration is one idea—in other words, your “I forgot my password” emails would all be sent to an account other than your primary email account. But even in that situation, there’s still only one password between a hacker and most of the data you want to keep from a hacker’s hands—from financial accounts and bank access to your weekly grocery delivery service. So the real question, even if you’re savvy enough to have a separate email address for password rescue, is: how do you make any email account more secure?
Two-step verification (often referred to as two-factor authentication) is a system designed to give you an extra layer of security that’s easy to use and indispensable for commercial or highly sensitive accounts. Two-step verification protects your email with not only a password but also by associating your account with a specific device or devices. A recent example of how this works comes from Google. In the case of Google’s two-step verification for Gmail accounts, a user simply re-authorizes the account every 30 days, by providing a numeric code that confirms the account.
→ Dig Deeper: Two-Factor vs. Multi-Factor Authentication: What’s the Difference?
The extra step and learning a new system of security sounds like an enormous hassle, but Google has taken the pain out of the process by allowing you to obtain the code in one of three ways:
This means that a hacker who wants to access your email account can only do so if he has access to your text messages or your landline phone. It might not stop every cybercriminal, but it does make the average hacker’s job a lot harder.
McAfee Pro Tip: Some hackers may go as far as calling your personal numbers, if they have access to them, and ask for your two-factor verification code to access your financial accounts, citing that they need it for their ongoing promotions or measures to improve your account security. This is a social engineering tactic that you should familiarize yourself with. Learn more about social engineering.
This two-factor authentication, while not new, is making major inroads among websites, apps, and services that process critical information. Many corporations have used hardware-based secondary authentication codes for years, but Google and others (including Twitter) are working hard to make this enhanced authentication flow a more practical and accessible part of our working lives.
New biometric verification options, such as a retina or fingerprint scan, are also catching on among security-conscious consumers, and will likely be a feature on more devices in the future. As times change, and more sensitive information flows through these sites, we can be sure to see more of these processes put into place.
→ Dig Deeper: How Virtual Reality and Facebook Photos Helped Researchers Hack Biometric Security
Two-step verification offers multiple benefits in the world of digital security. The key merit is that it presents an extra hurdle for hackers to overcome. If a hacker has breached your password, they still have to pass the second level of verification. As such, two-step verification makes your information harder to access, giving you added peace of mind.
Apart from enhancing security, two-step verification simplifies the recovery process if you ever forget your password. Since you have set up a secondary recovery method, you can use it to reset your password. This reduces the risk of losing access to your account due to forgotten passwords.
→ Dig Deeper: Let’s Make Security Easy
Setting up two-step verification on your accounts is relatively straightforward process. The first step is to go to the account settings of the platform where you want to enable this feature. Once you are there, locate the two-step verification or two-factor authentication option. Click on it, and follow the prompts. Typically, the system will ask for your phone number or an alternative email address to send the verification code to complete the process. Once that is done, you are all set.
From then on, every time you log in, you will need to input not only your password but also a unique code sent to your phone number or alternative email. Remember to choose a method that is convenient for you. For instance, if you are always on your phone, it may be easier to opt for the text message verification code option. This ensures that you can always promptly complete the second step of verification whenever you log in.
→ Dig Deeper: Protect Your Social Passwords with Two-Step Verification
While two-step verification offers an added layer of security, it is not foolproof. One potential challenge is that a hacker could intercept the verification code. Despite its rarity, this type of security breach is possible and has occurred. Furthermore, you might face issues if you lose the device used for verification. For example, if you lose your phone and have set it up for receiving verification codes, you might struggle to access your accounts.
Moreover, two-step verification can be inconvenient for some people. It adds an extra step every time you log in, and if you do not have immediate access to your verification device, you might be locked out of your accounts. Despite these challenges, the benefits of two-step verification far outweigh the potential drawbacks, and it remains a robust and recommended security measure in the digital era.
In conclusion, two-step verification offers a critical layer of security in protecting your digital assets. As life becomes increasingly digitized, and we continue to store more personal and sensitive information online, it is crucial to employ strong security measures like two-step verification. While it might seem like a bit of a hassle at times, the added security it provides, the peace of mind and the protection of your personal information make it a worthwhile endeavor. As the old saying goes, “It’s better to be safe than sorry.”
Therefore, embrace two-step verification and make it harder for hackers to gain access to your information. After all, security in the digital sphere is not a luxury, but a necessity.
To further protect your digital assets, consider McAfee+, our most comprehensive online protection software. Protect your mobile, laptops, computers, and IoT devices with reputable security software.
The post Make a Hacker’s Job Harder with Two-step Verification appeared first on McAfee Blog.
In the last decade, Bitcoin has emerged as a revolutionary form of digital asset, disrupting traditional financial markets along the way. Unlike traditional currencies issued by national governments (fiat money), Bitcoin is a decentralized form of money operated via a peer-to-peer network. This means it is not regulated or controlled by any central authority or government. This, along with many other characteristics, offers a range of benefits but also poses certain risks. In this article, we will examine these advantages and challenges to help you evaluate whether the benefits of Bitcoin outweigh the risks.
Bitcoin was created in 2009 by an anonymous person or group of people using the pseudonym Satoshi Nakamoto. As the first cryptocurrency, Bitcoin introduced a new kind of money that is issued and managed without the need for a central authority. Not only is Bitcoin a single unit of currency (simply referred to as a “bitcoin”), but it is also the decentralized, peer-to-peer network that enables the movement of that currency.
Bitcoin transactions are verified by network nodes through cryptography and recorded on a public ledger called blockchain. A user can access his or her bitcoins from anywhere in the world, as long as they have the private key to their unique Bitcoin address. Now, let’s delve into the inherent benefits and risks associated with Bitcoin.
This digital cryptocurrency has gained immense popularity and continues to capture the imagination of investors, tech enthusiasts, and financial experts alike. As we dive into the world of Bitcoin, let’s also uncover the myriad benefits it brings to the table, from decentralization and security to financial inclusion and innovation.
As a decentralized form of currency, Bitcoin is not subject to control by any government, bank, or financial institution. This ensures that the value of Bitcoin is not affected by monetary policies or economic conditions of any specific country. It also means there is no need for intermediaries, such as banks, to process transactions. As a result, Bitcoin transactions can be faster and cheaper than traditional money transfers, particularly for international transactions.
Furthermore, this decentralization offers potential benefits in regions where the local currency is unstable or access to banking is limited. For those without bank accounts, Bitcoin provides an alternative way to store and transact money. It also provides a safeguard against the risks of government-controlled fiat currency, such as inflation or deflation. This property of Bitcoin has been particularly attractive in countries experiencing hyperinflation, such as Venezuela.
Bitcoin transactions are recorded on a public ledger, the blockchain, which is accessible to anyone. This ensures a high level of transparency, as the flow of Bitcoins and the transactions can be tracked by anyone. Nonetheless, while transactions are public, the identities of the parties involved are pseudonymous. This offers a level of privacy and anonymity to users, as their real-world identities are not directly connected to their Bitcoin addresses, offering more privacy than traditional banking systems.
Moreover, because of its immutable and transparent nature, Bitcoin has potential uses beyond being a currency. The underlying blockchain technology has numerous potential applications, including secure sharing of medical records, supply chain management, and secure transfer of assets like land deeds and other legal documents.
→Dig Deeper: Demystifying Blockchain: Sifting Through Benefits, Examples and Choices
Bitcoin stands as both an enigma and a harbinger of change. Its meteoric rise to prominence has captivated the world, yet it has also garnered its fair share of scrutiny and caution. Now, let’s examine the flip side of the digital coin – the risks that come with it.
Price Volatility
One of the most well-known risks of Bitcoin is its price volatility. The value of a bitcoin can increase or decrease dramatically over a very short period. This volatility can result in significant financial loss. While some traders may enjoy this volatility because it provides exciting opportunities for high-return investments, it can be a risky venture for those seeking stability, particularly for those who intend to use Bitcoin as a regular currency.
The volatility also makes Bitcoin less feasible as a store of value. With traditional currencies, individuals can expect the purchasing power of their money to remain relatively stable over short periods of time. With Bitcoin, however, the purchasing power can fluctuate wildly from day to day.
While the Bitcoin network itself has remained secure since its inception, the ecosystem around it is not entirely secure. Bitcoin wallets and exchanges, which are necessary for users to store and trade Bitcoins, have been the targets of hacking in the past. In some instances, users have lost their entire Bitcoin holdings.
Bitcoin transactions are irreversible. Once a transaction is initiated, it cannot be reversed. If the transaction is fraudulent or a mistake has been made, it cannot be corrected. This risk factor demands a high level of care and caution by Bitcoin users. The anonymity of Bitcoin can also facilitate criminal activities such as money laundering and the buying and selling illegal goods, which can impact users indirectly.
→Dig Deeper: Crypto Scammers Exploit: Elon Musk Speaks on Cryptocurrency
Bitcoin operates in a relatively gray area of law and regulation. While it is not illegal, its status varies widely around the world. Some countries have embraced Bitcoin as a legitimate payment method, while others have banned or restricted it. The variability of regulation creates uncertainty and poses a risk for Bitcoin users. There’s also a risk that future regulation could adversely affect Bitcoin. For instance, if a major government declared Bitcoin use illegal, or one of the world’s largest exchanges was hacked, the value of Bitcoin could plummet.
Due to Bitcoin’s decentralized nature, lawmakers and regulatory bodies may find it difficult to draft and implement effective regulations that do not stifle innovation. The digital nature of Bitcoin also poses challenges with legal protections that are generally applied to traditional instruments, such as the ability to challenge fraudulent transactions.
→Dig Deeper: Cryptohacking: Is Cryptocurrency Losing Its Credibility?
When comparing the benefits and risks of Bitcoin, it becomes clear that this cryptocurrency presents both unique opportunities and challenges. On the positive side, its decentralized and peer-to-peer nature offers a level of independence and flexibility not found in traditional financial systems. Additionally, its underlying blockchain technology offers potential for numerous applications beyond cryptocurrency itself.
However, these benefits must be weighed against the risks they pose, including its high price volatility and security issues, and the potential consequences of an uncertain regulatory environment. These risks underline the need for caution and due diligence before investing in or transacting with Bitcoin.
As the first cryptocurrency, Bitcoin is still in its early stages and will likely continue to evolve. As its regulatory environment becomes clearer and its technology becomes more established, the risks associated with Bitcoin may decrease. However, until then, a balanced perspective on the benefits and risks of Bitcoin is essential for anyone considering participating in its network.
McAfee Pro Tip: Bitcoin’s security issues are one of the main risks you need to consider and watch out for if you wish to invest in Bitcoin. Traditional or cryptocurrency, learn how to protect your finances online.
In a remarkably short time, Bitcoin has evolved from a fringe concept to a global financial phenomenon, challenging conventional notions of currency and decentralization. While its disruptive potential, innovation, and the allure of financial autonomy are undeniable, Bitcoin’s journey is punctuated with volatility, regulatory ambiguities, and security concerns that demand cautious consideration. As it continues to capture the world’s imagination, Bitcoin stands as both a symbol of the digital age’s possibilities and a stark reminder of the complexities and challenges associated with redefining the future of finance. Its ultimate role in the global economy remains uncertain, but its impact on the way we perceive and utilize money is undeniable, solidifying its place in history as a transformative force in the world of finance.
As individuals, it is essential to safeguard your digital assets, traditional financial resources, and online financial dealings to ensure a secure and unrestricted existence in the modern world. That’s why we encourage you to improve your digital security. Check out our McAfee+ and Total Protection to boost your protection.
The post Do the Benefits of Bitcoin Outweigh the Risks? appeared first on McAfee Blog.
If you’re facing issues with your PC’s performance or just want to upkeep it, regular cleaning should be on your to-do list. Cleaning up your PC has several advantages, including speeding up your system and safeguarding your personal information from potential threats. Besides, the process frees up storage space, enabling you to install more programs or store more multimedia files. A monthly clean-up is usually recommended for optimal results. Those who have never cleaned their PC might be in for a pleasant surprise with its much-enhanced speed and improved performance. In this guide, we will explain the ins and outs of PC cleaning to help you on the right path.
Over time, as you store multiple files on your PC, they begin to take up more and more space. Specifically, your C drive might be gradually filling up due to backup files, hidden files, and temporary files. Additionally, even a new PC can benefit from a cleaning since it often comes with pre-installed programs that you might not need. So, what is PC cleaning? Essentially, it involves deleting unneeded files from your system when you want to free up storage space and enhance the overall performance of your PC.
One of the first steps in PC cleaning involves removing unwanted programs. This can be done by accessing the ‘Programs and Features’ section of your control panel. As a necessary measure, go through the list and note down the programs that you don’t use. If you encounter programs you don’t recognize, perform a quick internet search to understand their function before deleting them. Depending on the program’s size, removing them may not take long. Alongside removing unneeded programs, you can also use the disk cleanup utility to remove temporary files, which is another crucial aspect of PC cleaning.
McAfee Pro Tip: You may find Potentially Unwanted Programs (PUP) while cleaning your computer. PUPs are not malware. The big thing to remember is that with PUPs, you’re saying “yes” to the download, even if you’re not fully aware of it because you didn’t read the fine print in the agreements or installation steps. However, Certain PUPs come bundled with spyware like keyloggers and dialers, as well as other software designed to collect your data, putting you at risk of identity theft. On the other hand, some may bombard your device with bothersome advertisements. Learn more about PUPs to avoid downloading them unknowingly.
Temporary files consist of internet cookies and partially downloaded programs that were never installed on your system. Internet cookies store information such as user login credentials and images from websites visited. They primarily identify users and possibly prepare customized web pages or save necessary information. One of the advantages of these cookies is that they save you from entering your login information each time you visit a website. Moreover, web pages and online media you visit are stored in your browser’s cache, speeding up the browsing experience during your next visit.
Your PC automatically stores files from the websites you visit on your hard drive. If not removed, these files accumulate over time and take up a significant amount of space on your PC. People often install programs on their PCs and forget to remove them after use, consuming much more space than they might think. Regular PC cleaning is an effective solution to prevent such issues.
→Dig Deeper: What Is Disk Cleanup And Does It Remove Viruses?
While many believe that deleting files from their hard drive can increase the speed of their PC, the effect might not be as substantial as expected. Your temporary internet files can quicken the speed at which websites load because these files contain images and other media from the websites you visit. Thus, your PC doesn’t have to download them whenever you visit the same websites. However, it’s still a good practice to delete your temporary files occasionally to free up disk space.
Some programs that you download start automatically when you turn your PC on. Although automatic startup processes are beneficial for some programs, having too many can slow down your PC. It’s advisable to manage which apps run automatically during startup to enhance PC performance.
While deleting temporary internet files doesn’t pose much risk, deleting the wrong programs or certain startup items can harm your PC. Start by removing temporary files and reducing startup items to see if there’s a performance improvement. Additionally, when deleting programs, it’s crucial to be fully aware of what you’re deleting to avoid problems later on.
When you delete files from the recycle bin, they remain on your system as the deletion only removes the pointer, not the file itself. Using a file shredder can help you erase such data by overwriting the space with a pattern of 1’s and 0’s. Although this doesn’t necessarily improve performance, it helps ensure compliance with the law and prevents identity theft.
When you own a computer, much like a car, regular maintenance and cleaning are essential. While it might not entirely increase your PC’s speed, it greatly improves efficiency and functionality, making all processes run smoother. This is because each time you visit a webpage, your computer stores all types of files to remember the website and load it faster next time. This cache gets flooded with files over time, slowing down your system. PC cleaning allows your PC to breathe, making it more responsive and liberating the storage space. Significantly, it helps in data management, eliminating all unnecessary data that might be misused or lead to identity theft.
→Dig Deeper: Manage your data this Data Privacy Day
Regular PC cleaning could also potentially save your device from significant damage. Unwanted programs and apps, especially those auto-starting ones, not only consume your system’s resources but also can contain malicious content impacting your PC. Regular cleaning will ensure any potential malware or problematic software is identified and removed promptly, thus adding a layer of protection.
Let’s break down the PC cleaning process to simplify and understand it better. The process commences with uninstalling any unused apps and software. The next step involves clearing out temporary files, such as cache and cookies that accumulate over time and eat up storage space. Some PC cleaning programs also offer registry cleaning, which involves cleaning up the database that holds all the configuration settings for your PC. However, this is not always recommended.
→Dig Deeper: To Disable or Enable Cookies
Startup programs are another key area to look into. Having too many programs that start up when your computer boots can substantially slow down your system. Through PC cleaning, you can manage these programs and ensure only the necessary ones are allowed to auto-start. This will provide a noticeable improvement in your PC’s boot time and overall performance. Lastly, most PC cleaners come equipped with a file shredder that securely deletes sensitive files and ensures they can’t be recovered later. This helps in safeguarding your personal data and optimizing your PC’s performance.
Having a cleaning schedule for your PC enhances its performance over a longer time. A weekly check to scan and remove any threats or malware, monthly cleanup of temporary files, and a deep clean every six months can keep your PC in optimal condition. However, while deleting temporary files and unused applications is generally safe, it’s important to be careful when choosing files or applications to delete since deleting system files or vital applications can cause serious, potentially irreversible, damage to your PC.
It’s advisable to stick to cleaning procedures and tools you understand. Research and be sure of your actions before you delete anything you’re unsure about. Admittedly, this can be a time-consuming and tedious process. Thankfully, dedicated PC cleaning tools can simplify the task, autotomize the process, and eliminate the risk of unwittingly causing damage.
PC cleaning software, like McAfee’s Total Protection, simplifies the process of cleaning your PC. These programs are designed to detect and clear out unnecessary files, manage startup apps, and even clean the registry, often at the press of a button. It’s crucial, though, to choose a reliable and safe PC cleaning software as some can be excessive, doing more harm than good, or even carry malware. Reading reviews and understanding what each feature does is important before using PC cleaning software.
These cleaners usually come with customizable settings to suit your preferences. You can set automatic clean-ups at regular intervals, thus saving time and freeing you from the hassle of remembering to run the cleanup. A good PC cleaner should ideally also come with a file shredder to safely delete sensitive or personal files without leaving a trace.
Cleaning your PC is an essential part of maintaining its performance. While it might not drastically increase your PC’s speed, it contributes to overall efficiency, responsiveness, and longevity. It’s important to approach PC cleaning carefully, deleting with discretion to avoid accidentally removing necessary files or applications. For those who aren’t comfortable doing it manually, reliable PC cleaning software like McAfee Total Protection can simplify the process and save time. Regular cleaning keeps your PC running smoothly, prevents potential threats, and ensures your personal and sensitive information is safe. So, if you haven’t started yet, it’s never too late to begin cleaning your PC and enjoy an optimized computing experience.
The post Does PC Cleaning Improve Performance? appeared first on McAfee Blog.
It is common knowledge that connecting your devices to public Wi-Fi can expose them to potential malware and other security risks. But have you ever considered the dangers that might be lurking within public USB chargers? In a surprising revelation, researchers at Georgia Tech discovered that public iPhone chargers can be a conduit for malicious apps, posing a significant risk to your data security and privacy.
Interestingly, the malicious apps resulting from public iPhone chargers do not require any downloads or visits to the app store. These apps are installed on your iPhone via the compromised USB chargers. Once installed, they function like conventional malware, controlling your device and potentially accessing sensitive information such as banking login details. They can even intercept your phone calls and remotely control your device. The distinctive aspect of these threats is their delivery method—through seemingly innocuous iPhone chargers.
Despite these alarming characteristics, the threat posed by these malicious apps is not widely recognized or understood. Many people continue to casually plug their iPhones into public USB ports casually, little knowing the potential danger they expose their devices to. In contrast to the common belief that devices locked with a PIN or passcode are safe, these malicious apps can still infiltrate your iPhone if it is unlocked even for a moment.
→ Dig Deeper: How Safe Is Your Android PIN Code?
How exactly do these malicious apps find their way into our iPhones? The scheme was demonstrated by researchers from Georgia Tech, who managed to fool Apple’s security team with a dummy Facebook app containing a hidden malware code. Their experiment showed that when an iPhone connected to a compromised charger is unlocked, the faux Facebook app activates, allowing hackers to take control of the device remotely.
These threats, often called “AutoRun” threats, can make calls, view passwords, alter settings, and perform other operations on your device without your knowledge. The alarming thing about them is that they start executing when a corrupted drive is plugged into a device. Clearly, this poses a unique and powerful threat to smartphones, tablets, PCs, and Macs alike. As our dependence on these devices grows, so does the urgency to understand and prevent such attacks.
→ Dig Deeper: Can Apple Macs Get Viruses?
Though the AutoRun threat may sound like a plot straight out of a sci-fi movie, it is disturbingly real. This McAfee Threats Report revealed that the prevalence of these attacks doubled in one year and continues to rise. Such an escalation underscores the need for increased awareness and caution concerning our device usage.
While the threat experiment conducted by Georgia Tech researchers was staged, the potential for its execution by cybercriminals is very real. Cybercriminals are always looking for weak spots in security systems, and public USB chargers are proving to be one such vulnerability. This is made worse because not many people are aware of this weakness, making them easy targets for cybercriminals.
McAfee Pro Tip: Stay informed about less conventional threats, such as malware that may lurk in unexpected places like chargers, by exploring the wealth of cyber resources available in McAfee’s extensive collection of resources. Dive into our informative blogs and in-depth reports to expand your awareness and understanding of these unconventional risks.
Apple responded promptly to the Georgia Tech experiment and released an update to raise a warning when connecting to unfamiliar USB chargers. However, this warning is often ignored and opens the device to potential threats. So, the safest preventive measure is to avoid using public charging stations.
Moreover, it is advisable not to unlock your devices while charging. Unlocking an iPhone, even momentarily, was key to disseminating the malicious app in the Georgia Tech experiment. If you’ve connected to a public USB charger and want to verify that your device hasn’t been compromised, navigate to Settings > General > Profiles. If you see any unfamiliar names, remove them immediately.
→ Dig Deeper: Protecting the Universal Remote Control of Your Life—Your Smartphone
Public charging stations might seem like a convenient solution, but they come with their own set of risks–malware is one, as mentioned. One of the most practical and secure alternatives to public charging stations is carrying a portable charger, commonly known as a power bank. These devices come in various sizes and capacities, making it easy to find one that suits your needs. Another simple yet effective alternative to public charging stations is to carry your own charging cable. Most people use USB cables that can be connected to power sources like laptops, portable chargers, or even wall outlets.
Along with avoiding public charging stations, it is crucial only to download apps from trusted sources. While the malicious app in the experiment was installed via a compromised charger, caution is still paramount when downloading apps, even over Wi-Fi. Stick to official app stores to lessen the risk of downloading malware-laden apps.
Perhaps the most significant measure to protect against cyber threats is installing comprehensive security on all your devices. A complete solution like McAfee LiveSafe not only protects your devices from the latest forms of malware, spyware, and other viruses and safeguards your identity and valuable data. The ever-evolving tactics of cybercriminals require vigilant and robust security measures.
As our reliance on smartphones and other devices grows, so does the sophistication and prevalence of cyber threats. In this high-risk digital era, awareness and caution are the first steps toward protection. The experimental threat posed by public iPhone chargers underscores the hidden dangers we may unknowingly expose ourselves to. By understanding these threats and implementing protective measures, such as using trusted sources for app downloads and comprehensive security software, we can minimize our vulnerability to such attacks. As we continue to live in an increasingly digital world, it is more important than ever to understand potential threats and take steps to protect ourselves and our valuable data.
Safeguarding your devices, especially those that are an integral part of your daily life and constantly require recharging, is paramount in our increasingly interconnected world. McAfee’s cutting-edge software solutions offer a fortified defense against many online perils.
The post US-B Careful: Public iPhone Chargers Lie in Wait appeared first on McAfee Blog.
The eagerly awaited holiday sales such as Black Friday and Cyber Monday are just around the corner. As consumers, we look forward to getting the best deals online, but we’re not the only ones. Hackers are also keenly anticipating these holidays but for different reasons. They use this period to come up with all sorts of shopping scams that can potentially put a dampener on the holiday spirit for unsuspecting shoppers.
This article provides you with ten tips to keep you and your family safe from online shopping scams this season. These tips will not only help you spot a good deal but also help you avoid falling prey to online scams, thereby ensuring that you keep your finances safe during this shopping season.
A common tactic employed by hackers involves the use of malware hidden in email attachments. During the holiday sales season, they often camouflage their malware in emails that claim to contain offers or shipping notifications. It is important to remember that legitimate retailers and shipping companies will not send offers, promo codes, or tracking numbers as email attachments. Instead, they will mention these details in the body of the email.
Therefore, be wary of any email attachments you receive from retailers or shippers. If something seems off, it probably is. Do not download or open suspicious attachments, as this could potentially lead to a malware attack.
→ Dig Deeper: McAfee Protects Against Suspicious Email Attachments
Scammers often employ a tactic known as “typosquatting,” where they create phony email addresses and URLs that look incredibly similar to the legitimate addresses of well-known companies and retailers. These are often sent via phishing emails, and instead of leading you to great deals, these links can direct you to scam websites that extract your login credentials, payment information, or even directly extract funds from your account when you attempt to place an order through them.
Therefore, it is imperative to double-check all email addresses and URLs before clicking on them. Look out for subtle discrepancies in the spelling or arrangement of characters, as these are often indicators of a scam. If a link or email address seems suspicious, do not click on it.
→ Dig Deeper: How Typosquatting Scams Work
In continuation with the previous point, scammers also set up websites that resemble those run by trusted retailers or brands. These websites often advertise special offers or attractive deals on popular holiday items. However, these are nothing more than a ruse to trick unsuspecting shoppers into divulging their personal and financial information.
These scam websites are often spread through social media, email, and other messaging platforms. It’s crucial to exercise skepticism when encountering such links. Instead of clicking on them, it’s always safer to visit the brand’s official website directly and look for the deal there.
→ Dig Deeper: 8 Ways to Know If Online Stores Are Safe and Legit
Using a robust and comprehensive security software suite while shopping can provide you with additional layers of protection against scams. For instance, web browser protection features can block malicious and suspicious links, reducing the risk of falling prey to malware or a financial scam.
Ensure your antivirus software is up to date and your firewall is enabled. At the same time, enable secure browsing options available in your web browser. These simple steps can go a long way in securing your online shopping experience.
Using the same passwords across multiple platforms is akin to giving hackers a free pass. If they manage to hack into one account, they can potentially gain access to others that share the same password. To avoid this, consider using a password manager. These tools can generate complex and unique passwords for each of your accounts and store them securely, saving you the hassle of remembering them all.
By diversifying your passwords and securing them effectively, you can significantly reduce the risk of becoming a victim of a hack or a scam. The importance of this proactive approach cannot be overstated in today’s interconnected world, where our personal and financial information is often just a few clicks away from prying eyes and malicious intent.
→ Dig Deeper: Strong Password Ideas to Keep Your Information Safe
Two-factor authentication (2FA) is an invaluable tool that adds an extra layer of protection to your accounts. When 2FA is enabled, gaining access to your accounts isn’t as simple as just entering your username and password. Instead, you also need to input a unique, one-time-use code that is typically sent to your phone or email. This code acts as a second password, making your account significantly more secure.
If any of your accounts offer 2FA, it’s crucial to take advantage of this feature. While it might initially seem cumbersome, the added security is well worth the slight inconvenience.
Public Wi-Fi networks, such as those found in coffee shops and other public locations, can be dangerous due to their lack of security. If you shop online through a public Wi-Fi network, you’re essentially broadcasting your private information to anyone who cares to look. To prevent this, consider using a virtual private network (VPN).
VPNs encrypt your internet traffic, securing it against any prying eyes. This encryption protects your passwords, credit card numbers, and other sensitive information from being intercepted and misused. If you frequently shop online in public places, using a VPN is a must.
In the U.S., the Fair Credit Billing Act protects against fraudulent charges on credit cards. Under this act, you can dispute any charges over $50 for goods and services that you never received or were billed incorrectly for. Moreover, many credit card companies offer policies that add to the protections provided by the Fair Credit Billing Act.
However, these protections don’t extend to debit cards. When you use a debit card, the money is immediately drawn from your bank account, making it more difficult to recover in case of fraud. So, for online shopping, it’s safer to use a credit card instead of a debit card.
A virtual credit card can provide an extra layer of security for your online purchases. When you use one of these cards, it generates a temporary card number for each transaction, keeping your real card number safe. However, there are potential downsides to be aware of, such as difficulties with returns and refunds.
Before deciding to use a virtual credit card, understand its pros and cons. Research the policies of the issuing company so you can make an informed decision about whether or not it’s the right choice for you.
Given the number of accounts most of us manage and the rampant incidents of data breaches, it’s crucial to monitor your credit reports for any signs of fraud. An unexpected change in your credit score could indicate that someone has taken out a loan or credit card in your name. If you notice any discrepancies, report them immediately to the credit bureau and to the lender who reported the fraudulent information.
In the U.S., you’re entitled to a free credit report from each of the three major credit bureaus every year. Utilize this service and check your reports regularly. Remember, quickly identifying and reporting fraudulent activity is the key to mitigating its impact.
McAfee Pro Tip: Have you encountered a suspicious charge on your credit card and felt uncertain about the next steps? Get a credit monitoring service to monitor any unusual credit-related transactions that may be a potential sign of identity theft.
As we approach Cyber Monday, it’s important to stay vigilant to protect yourself and your family from online scams. By taking simple precautions like verifying email addresses, resorting to 2FA, using a VPN while shopping on public Wi-Fi, and monitoring your credit reports, you can significantly reduce your chances of falling for an online shopping scam. Additionally, consider employing cybersecurity solutions like McAfee+, which offer robust protection against various online threats. Remember, if a deal seems too good to be true, it probably is. Happy and safe shopping!
The post Cyber Monday: Protect Yourself and Your Family from Online Shopping Scams appeared first on McAfee Blog.
As we gear up to feast with family and friends this Thanksgiving, we prepare our wallets for Black Friday and Cyber Monday. Black Friday and Cyber Monday have practically become holidays themselves, as each year, they immediately shift our attention from turkey and pumpkin pie to holiday shopping. Let’s look at these two holidays and how their popularity can impact users’ online security, and grab a great Black Friday holiday deal from McAfee.
You might be surprised that “Black Friday” was first associated with a financial crisis, not sales shopping. The U.S. gold market crashed on Friday, September 24, 1869, leaving Wall Street bankrupt. In the 1950s, Black Friday was associated with holiday shopping when large crowds of tourists and shoppers flocked to Philadelphia for a big football game. Because of all the chaos, traffic jams, and shoplifting opportunities that arose, police officers could not take the day off, coining it Black Friday. It wasn’t until over 50 years later that Cyber Monday came to fruition when Shop.org coined the term as a way for online retailers to participate in the Black Friday shopping frenzy.
In conclusion, the origins of “Black Friday” are indeed surprising and far removed from the image of holiday shopping extravaganzas that we associate with the term today. These historical roots offer a fascinating perspective on the evolution of consumer culture and the significance of these shopping events in modern times.
Since the origination of these two massive shopping holidays, both have seen incredible growth. Global interest in Black Friday has risen year-over-year, with 117% average growth across the last five years. According to Forbes, 2018’s Black Friday brought in $6.2 billion in online sales alone, while Cyber Monday brought in a record $7.9 billion.
While foot traffic seemed to decrease at brick-and-mortar stores during Cyber Week 2018, more shoppers turned their attention to the Internet to participate in holiday bargain hunting. Throughout this week, sales derived from desktop devices came in at 47%, while mobile purchases made up 45% of revenue and tablet purchases made up 8% of revenue.
So, what does this mean for Black Friday and Cyber Monday shopping this holiday season? In 2023, Adobe Analytics anticipates that Cyber Monday will maintain its status as the most significant shopping day of the season and the year, spurring a historic $12 billion in spending, reflecting a year-over-year increase of 6.1%. Online sales on Black Friday are expected to increase by 5.7% year over year, reaching $9.6 billion, while Thanksgiving is projected to grow by 5.5% year over year, amounting to $5.6 billion in spending.
If one thing’s for sure, this year’s Black Friday and Cyber Monday sales are shaping up to be the biggest ones for shoppers looking to snag some seasonal bargains. However, the uptick in online shopping activity provides cybercriminals the perfect opportunity to wreak havoc on users’ holiday fun, potentially disrupting users’ festive experiences and compromising their online security. In light of this, it is crucial to take proactive measures to safeguard your digital presence. One effective way to do so is by investing in top-tier online protection solutions. McAfee, a renowned leader in the field, offers award-winning cybersecurity solutions designed to shield you from the ever-evolving threats in the digital landscape. Explore the features of our McAfee+ Ultimate and Total Protection and be informed of the latest cyber threats with McAfee Labs.
→ Dig Deeper: McAfee 2023 Threat Predictions: Evolution and Exploitation
With the surge in online shopping during Black Friday and Cyber Monday, cybercriminals are also on high alert, crafting sophisticated scams to trick unsuspecting shoppers. One common form of scam you’ll come across during this time is fraudulent websites. These sites masquerade as reputable online retailers, luring customers with too-good-to-be-true deals. Once shoppers enter their personal and financial data, the criminals behind these sites gain access to the sensitive information, paving the way for identity theft.
Phishing emails are another popular mode of scam during these shopping holidays. Shoppers receive emails that appear to be from legitimate stores advertising incredible deals. The emails typically contain links that direct users to a fraudulent website where their information can be stolen. It’s essential to approach every email suspiciously, checking the sender’s information and avoiding clicking on unsolicited links.
→ Dig Deeper: How to Protect Yourself From Phishing Scams
Thankfully, there are steps you can take to protect yourself when shopping online during Black Friday and Cyber Monday. First, always ensure that the website you’re shopping from is legitimate. Check for the padlock icon in the address bar and “https” in the URL, as these are indicators of a secure site. Steer clear of websites that lack these security features or have misspelled domain names, as they could be fraudulent.
McAfee Pro Tip: When browsing a website, there are several essential cues to consider when assessing its safety. As mentioned, one such indicator is the presence of “https” in the website’s URL. But there are also other tell-tale signs, such as fake lock icons, web copy, web speed, and more. Know how to tell whether a website is safe.
Furthermore, never provide personal or financial information in response to an unsolicited email, even if it appears to be from a trusted source. If the offer seems tempting, visit the retailer’s official website and check if the same deal is available there. Finally, consider installing a reputable antivirus and security software, like McAfee, that can provide real-time protection and alert you when you stumble upon a malicious website or receive a phishing email.
Black Friday and Cyber Monday are prime opportunities for consumers to snag once-a-year deals and for cybercriminals to exploit their eagerness to save. However, being aware of the prevalent scams and knowing how to protect yourself can save you from falling prey to these ploys. Always strive to shop smart and stay safe, and remember that if an offer seems too good to be true, it probably is.
The post Secure Your Black Friday & Cyber Monday Purchases appeared first on McAfee Blog.
Hackers love Ryan Gosling. In fact, hackers use his name as bait more than any other celebrity.
With that, the celebrated star of “Barbie” and umpteen other hit films tops our Hacker Celebrity Hot List for 2023. It’s our annual study that reveals which big-name celebrity searches most often link to malware and risky sites. And this year, we’ve evolved the list. It now includes celebs spotted in deepfake and other AI-driven content.
With Gosling’s high profile this year, it comes as little surprise that he ranked so highly. As we reported earlier this year, “Barbie” was a huge hit for cybercriminals as well. They baited consumers with a rash of ticket scams, download scams, and other attacks that capitalized on the summer hit’s hype.
Months later, searches for Gosling remain high. His portrayal of Ken has scored him a first-ever Billboard Hot 100 song with “I’m Just Ken.” Meanwhile, Ken and Barbie outfits rank among the most popular Halloween costumes for 2023.
And if you’re wondering, Margot Robbie, who starred as Barbie to Gosling’s Ken, ranked number eight on our list. The full top ten breaks down as follows:
The hackers behind these celebrity-driven attacks are after two primary things.
Accordingly, they’ll pair celebrity names with terms like audio book, lyrics, deepfake, free ringtone, free movie, free download, MP4, among others—which generate results that lead to sketchy sites.
In all, they target people who want to download something or get a hold of celebrity-related content in some form. Again, think of the “Barbie” movie scams earlier this year that promoted free downloads of the movie — but of course they were malware and identity theft scams.
Searching for a celebrity name alone didn’t necessarily lead to a list of sketchy results. Our own Chief Technology Officer, Steve Grobman, described the risks well. “We know people are seeking out free content, such as movie downloads, which puts them at risk. If it sounds too good to be true, it generally is and deserves a closer look.” Yet hackers know how hungry people are for celebrity content, and unfortunately some people will go ahead and click those links that promise celebrity-filled content, despite the risks.
Further rounding out the list, we found several big names from sports and popular culture.
Argentine soccer player Lionel Messi comes in at number 18 on the list, who recently made the move to Miami’s Major League Soccer team. Recent retiree and all-time American football great Tom Brady clocked in at number 19, and Travis Kelce, American football tight end for the Kansas City Chiefs, came in at number 22. NBA star Steph Curry at number 23, while Aaron Rogers, another American football legend, came in at number 31. And Serena Williams, a dominant force on the court and in culture, ranked at number 32.
Reality and pop culture favorites also made the top 50, with Andy Cohen of “Real Housewives” fame taking the number 11 slot, followed by Kim Kardashian at number 24, and Tom Sandoval at number 40 on the list.
And for the Swifties out there, Taylor Swift ranked 25 on our list this year.
Thanks to readily available AI tools, cybercriminals have increased both the sophistication and volume of their attacks. It’s no different for these celebrity-based attacks.
According to McAfee researchers, one such AI-driven trend is on the rise: deepfakes. For example, Elon Musk. He hit number six on our list, and our researchers found a significant volume of malicious deepfake content tied to his name — often linked with cryptocurrency scams.
Taking a sample set of the top 50 list, McAfee researchers discovered between 25 to 135 deepfake URLs per celebrity search. While there are instances of malicious deepfakes, many celebrity deepfakes fall into recreational or false advertising use cases right now. However, there is growing evidence that future deepfakes could turn deceptive — deliberately passing along disinformation in a public figure’s name.
You have every reason, and every right, to search for and enjoy your celebrity content safely. A mix of a sharp eye and online protection can keep you safe out there.
Hackers and scammers love riding the coattails of celebrities. By hijacking big names like Ryan, J-Lo, and Bad Bunny, they dupe plenty of well-meaning fans into downloading malware or handing over their personal info.
Of course, that’s no reason to stop searching for those celebs. Not at all. Go ahead and enjoy your shows, music, and movies—and all the news, gossip, and tea surrounding them. That’s all part of the fun. Just do it with a sharp eye and the proper protection that has your back.
The post McAfee 2023 Hacker Celebrity Hot List – Why Hackers Love Ryan Gosling so Much appeared first on McAfee Blog.
FreshRSS 