Login
It’s that time of year again – tax season! Whether you’ve already filed in the hopes of an early refund or have yet to start the process, one thing is for sure: cybercriminals will certainly use tax season as a means to get victims to give up their personal and financial information. This time of year is advantageous for malicious actors since the IRS and tax preparers are some of the few people who actually need your personal data. As a result, consumers are targeted with various scams impersonating trusted sources like the IRS or DIY tax software companies. Fortunately, every year the IRS outlines the most prevalent tax scams, such as voice phishing, email phishing, and fake tax software scams. Let’s explore the details of these threats.
So, how do cybercriminals use voice phishing to impersonate the IRS? Voice phishing, a form of criminal phone fraud, uses social engineering tactics to gain access to victims’ personal and financial information. For tax scams, criminals will make unsolicited calls posing as the IRS and leave voicemails requesting an immediate callback. The crooks will then demand that the victim pay a phony tax bill in the form of a wire transfer, prepaid debit card or gift card. In one case outlined by Forbes, victims received emails in their inbox that allegedly contained voicemails from the IRS. The emails didn’t actually contain any voicemails but instead directed victims to a suspicious SharePoint URL. Last year, a number of SharePoint phishing scams occurred as an attempt to steal Office 365 credentials, so it’s not surprising that cybercriminals are using this technique to access taxpayers’ personal data now as well.
In addition to voice phishing schemes, malicious actors are also using email to try and get consumers to give up their personal and financial information. This year alone, almost 400 IRS phishing URLs have been reported. In a typical email phishing scheme, scammers try to obtain personal tax information like usernames and passwords by using spoofed email addresses and stolen logos. In many cases, the emails contain suspicious hyperlinks that redirect users to a fake site or PDF attachments that may download malware or viruses. If a victim clicks on these malicious links or attachments, they can seriously endanger their tax data by giving identity thieves the opportunity to steal their refund. What’s more, cybercriminals are also using subject lines like “IRS Important Notice” and “IRS Taxpayer Notice” and demanding payment or threatening to seize the victim’s tax refund.
Cybercriminals are even going so far as to impersonate trusted brands like TurboTax for their scams. In this case, DIY tax preparers who search for TurboTax software on Google are shown ads for pirated versions of TurboTax. The victims will pay a fee for the software via PayPal, only to have their computer infected with malware after downloading the software. You may be wondering, how do victims happen upon this malicious software through a simple Google search? Unfortunately, scammers have been paying to have their spoofed sites show up in search results, increasing the chances that an innocent taxpayer will fall victim to their scheme.
Money is a prime motivator for many consumers, and malicious actors are fully prepared to exploit this. Many people are concerned about how much they might owe or are predicting how much they’ll get back on their tax refund, and scammers play to both of these emotions. So, as hundreds of taxpayers are waiting for a potential tax return, it’s important that they navigate tax season wisely. Check out the following tips to avoid being spoofed by cybercriminals and identity thieves:
File before cybercriminals do it for you. The easiest defense you can take against tax season schemes is to get your hands on your W-2 and file as soon as possible. The more prompt you are to file, the less likely your data will be raked in by a cybercriminal.
Keep an eye on your credit and your identity. Keeping tabs on your credit report and knowing if your personal information has been compromised in some way can help prevent tax fraud. Together, they can let you know if someone has stolen your identity or if you have personal info on the dark web that could lead to identity theft.
Watch out for spoofed websites. Scammers have extremely sophisticated tools that help disguise phony web addresses for DIY tax software, such as stolen company logos and site designs. To avoid falling for this, go directly to the source. Type the address of a website directly into the address bar of your browser instead of following a link from an email or internet search. If you receive any suspicious links in your email, investigating the domain is usually a good way to tell if the source is legitimate or not.
Protect yourself from scam messages. Scammers also send links to scam sites via texts, social media messages, and email. McAfee Scam Protection can help you spot if the message you got is a fake. It uses AI technology that automatically detects links to scam URLs. If you accidentally click, don’t worry, it can block risky sites if you do.
Clean up your personal info online. Crooks and scammers have to find you before they can contact you. After all, they need to get your phone number or email from somewhere. Sometimes, that’s from “people finder” and online data brokers that gather and sell personal info to any buyer. Including crooks. McAfee Personal Data Cleanup can remove your personal info from the data broker sites scammers use to contact their victims.
Consider an identity theft protection solution. If for some reason your personal data does become compromised, be sure to use an identity theft solution such as McAfee Identity Theft Protection, which allows users to take a proactive approach to protect their identities with personal and financial monitoring and recovery tools to help keep their identities personal and secured.
The post How to Steer Clear of Tax Season Scams appeared first on McAfee Blog.
As we continue to evolve technologically, so do cybercriminals in their never-ending quest to exploit vulnerabilities in our digital lives. The previous years have clearly shown that cybercriminals are increasingly leveraging new technologies and trends to trick their victims. As we move into another year, it’s crucial to be aware of the tried and tested tactics these cyber criminals use and stay prepared against potential threats.
In this article, we delve deeper into one such tactic that remains a favorite among cybercriminals – ‘phishing‘ via emails. We focus on the trickiest and most dangerous email subject lines that have been commonly used in worldwide phishing emails. Recognizing these ‘ baits’ can be your first step towards safeguarding your identity and valuables against cybercriminals. Beware, there are plenty of these ‘phishes’ in the sea, and it helps to be on your guard at all times.
Sending email messages filled with malicious links or infectious attachments remains a dominant strategy among cybercriminals. This strategy, commonly known as ‘phishing,’ is often disguised in a variety of forms. The term ‘Phishing’ is derived from the word ‘Fishing,’ and just like fishing, where bait is thrown in the hope that a fish will bite, phishing is a cyber trick where an email is the bait, and the unsuspecting user is the fish.
Today’s most common phishing scams found by McAfeerevealed that cybercriminals tend to use certain email subject lines more often. Although this does not mean that emails with other subject lines are not harmful, being aware of the most commonly used ones can give you an edge. The key takeaway here is to be vigilant and alert when it comes to all kinds of suspicious emails, not just those with specific subject lines.
Let’s take a look at the top five most commonly used subject lines in worldwide phishing emails. The list will give you an understanding of the varied strategies employed by cybercriminals. The strategies range from social networking invitations to ‘returned mail’ error messages and phony bank notifications. Be aware that these are just the tip of the iceberg and cyber criminals are continuously coming up with new and improved tactics to gain access to your sensitive data.
In the past, cybercriminals used to cast big, untargeted nets in the hopes of trapping as many victims as possible. However, recent trends indicate a shift towards more targeted and custom messages designed to ensnare more victims. A classic example of such a targeted phishing attack is the JP Morgan Chase phishing scam that took place earlier this year.
→ Dig Deeper: Mobile Bankers Beware: A New Phishing Scam Wants Your Money
The fact that phishing scams are still on the rise amplifies the importance of proactive measures to protect our digital assets. As technology advances, these threats continue to evolve, making ongoing vigilance, education, and caution in our online engagements critical in combating the increasing prevalence of such scams.
Phishing emails, often with a guise of urgency or familiarity, cunningly aim to deceive recipients into revealing sensitive information, most commonly, personal identities and financial credentials. These malicious messages are designed to prey on our trust and curiosity, making it crucial to scrutinize each email carefully. Cybercriminals behind phishing schemes are after the keys to both your digital identity and your wallet. They may seek login credentials, credit card details, social security numbers, and other sensitive data, which can lead to identity theft, financial loss, and even broader security breaches. It is essential to exercise caution and rely on best practices for email and internet security to thwart their efforts and safeguard your online presence.
While phishing emails come in a variety of forms, their ultimate goal remains the same: to steal your identity and money. As we move into the New Year, it’s prudent to add a few safety measures to your resolutions list. Protecting yourself from the increasingly sophisticated and customized phishing attacks requires more than awareness.
With an understanding of phishing techniques, the next step is learning how to protect yourself from falling prey to them. Ultimately, you are the first line of defense. If you’re vigilant, you can prevent cyber criminals from stealing your sensitive information. The following are some tips that can help you safeguard your digital life and assets:
First, avoid opening attachments or clicking on links from unknown senders. This is the primary method that cybercriminals use to install malware on your device. If you don’t recognize the sender of an email, or if something seems suspicious, don’t download the attachment or click on the link. Even if you do know the sender, be cautious if the email message seems odd or unexpected. Cybercriminals often hack into email accounts to send malicious links to the victim’s contacts.
Another important practice is to think twice before sharing personal information. If you’re asked for your name, address, banking information, password, or any other sensitive data on a website you accessed from an email, don’t supply this information, as it is likely a phishing attempt. In case of any doubts regarding the authenticity of a request for your information, contact the company directly using a phone number or web address you know to be correct.
Even with the most diligent practices, it’s still possible to fall victim to phishing attacks. Hence, having security nets in place is crucial. Start by being careful on social networks. Cybercriminals often hack into social media accounts and send out phishing links as the account owner. Even if a message appears to come from a friend, be cautious if it looks suspicious, especially if it contains only a link and no text.
Installing comprehensive security software is another essential step. McAfee LiveSafe service, for instance, offers full protection against malware and viruses on multiple devices. This software can be a lifeline if you happen to click a malicious link or download a hazardous attachment from an email.
It’s also a smart idea to regularly update your devices. Updates often contain patches for security vulnerabilities that have been discovered since the last iteration of the software. Cybercriminals are always looking for vulnerabilities to exploit, so keeping your software up-to-date is one of the most effective ways to protect yourself.
McAfee Pro Tip: Always update both your software and devices. First and foremost, software updates often include patches and fixes for vulnerabilities and weaknesses that cybercriminals can exploit. By staying up-to-date, you ensure that you have the latest defenses against evolving threats. Learn more about the importance of software updates.
Phishing attempts are a constant threat in the digital world, and their sophistication continues to evolve. Cybercriminals are relying more on tailored and targeted attacks to deceive their victims. The top five most dangerous email subject lines mentioned above are a clear indicator that criminals are becoming more nuanced in their attempts to trick victims. However, with awareness and vigilance, you can effectively avoid their traps.
Remember, your personal and financial information is valuable. Make sure to protect yourself from phishing attempts by avoiding suspicious links and attachments, thinking twice before sharing your personal information, being cautious on social media, installing comprehensive security software like McAfee+, and keeping all software up-to-date. Being prepared can make all the difference in keeping your digital life secure.
The post Top 5 Most Dangerous Email Subject Lines appeared first on McAfee Blog.
SMiShing, a term from ‘SMS phishing’, is a growing cyber threat that is as dangerous, if not more, than its sibling, “Phishing.” While the terms may seem comical, the repercussions of falling victim to these scams are no laughing matter. In an increasingly digital age, cybercriminals are taking advantage of our reliance on technology to steal personal information and leverage it for malicious purposes. This article provides an in-depth explanation of SMiShing, how it works, and, most importantly, how you can protect yourself from it.
In essence, SMiShing is a deceptive practice where scammers send fraudulent text messages masquerading as reputable institutions, aiming to dupe recipients into clicking on a link, calling a number, or providing sensitive personal information. The risk with SMiShing is that mobile users tend to trust their SMS messages more than their emails, making it an effective scamming tool. The best line of defense is awareness and understanding of what SMiShing is, how it operates, and the protective measures you can take against it.
The term ‘SMiShing’ is a concatenation of ‘SMS’ (short message service) and ‘Phishing’. The latter is a cybercriminal strategy, where scammers send emails that impersonate legitimate organizations with the aim of luring victims into clicking links and/or entering their login data or credentials. The word ‘Phishing’ is a play on the word ‘fishing’, depicting the tactic of baiting victims and fishing for their personal information.
SMiShing is a variant of phishing, a social engineering tactic where scammers resort to sending text messages instead of emails. These messages are engineered to appear as though they’ve been sent by legitimate, trusted organizations, leading the recipient to either click on a link or respond with their personal details. The transition from emails to text messages signals a shift in cybercrime trends, as scammers exploit the trust users place in their text messages, as opposed to their scrutiny of emails.
→ Dig Deeper: What Is Smishing and Vishing, and How Do You Protect Yourself?
Cybercriminals use sophisticated technology that allows them to generate cell phone numbers based on area codes. These phone numbers include a cell carrier’s provided extension, plus the last four random numbers. Once these phone numbers are generated, the scammers utilize mass text messaging services to disseminate their SMiShing bait, much like casting a large fishing net hoping to snare unsuspecting victims. A simple online search for “mass SMS software” will yield numerous free and low-cost programs that facilitate mass texting, revealing the ease with which these scams can be carried out.
→ Dig Deeper: What You Need to Know About the FedEx SMiShing Scam
SMiShing has proven to be effective mainly because most people have been conditioned to trust text messages more than emails. Moreover, unlike emails accessed on a PC, text messages do not allow for easy link previewing, making it risky to click on links embedded within the texts. The links either lead to malicious websites intended to steal data or prompt the download of keyloggers, tools that record every keystroke on your device, facilitating the theft of personal information. Alternatively, some SMiShing texts may trick recipients into calling specific numbers which, when dialed, incur hefty charges on the victim’s phone bill.
The first step towards protecting yourself against SMiShing is recognizing the threat. Cybercriminals often capitalize on the victim’s lack of understanding about how these scams work. They prey on the recipient’s trust in their text messages and their curiosity to view links sent via SMS. By understanding how SMiShing works, you are able to spot potential scams and protect yourself against them.
Typically, SMiShing messages are crafted to impersonate familiar, reputable organizations such as banks, utility companies, or even government institutions. They often induce a sense of urgency, pushing the recipient to act swiftly, leaving little to no time for scrutiny. The messages may alert you of suspicious activity on your account, a pending bill, or offer incredible deals that seem too good to be true. Any SMS message that prompts you to click on a link, call a certain number, or provide personal information should be treated with suspicion.
More often than not, recognizing an SMiShing scam relies on your observational skills and your ability to spot the tell-tale signs. One common red flag is poor grammar and spelling. Although this is not always the case, several SMiShing scams tend to have mistakes that professional communications from reputable institutions would not.
Another sign is that the message is unsolicited. If you didn’t initiate contact or expect a message from the supposed sender, you should treat it with suspicion. Additionally, reputable organizations usually employ a secure method of communication when dealing with sensitive information; they would rarely, if ever, ask for personal data via SMS.
Pay attention to the phone number. A text from a legitimate institution usually comes from a short code number, not a regular ten-digit phone number. Also, check whether the message uses a generic greeting instead of your name. Finally, use your common sense. If an offer seems too good to be true, it probably is. Also, remember that verifying the legitimacy of the text message with the supposed sender can never harm.
Many of these signs can be subtle and easy to overlook. However, staying vigilant and taking the time to scrutinize unusual text messages can save you from falling victim to SMiShing.
→ Dig Deeper: How to Squash the Android/TimpDoor SMiShing Scam
Psychological Manipulation is a critical aspect of this cyber threat, involving the art of exploiting human psychology and trust to trick individuals into revealing sensitive information or engaging in harmful actions. Even individuals with the intelligence to steer clear of scams might become vulnerable if the psychological manipulation is exceptionally compelling.
Smishing attackers employ a range of social engineering techniques that tap into human emotions, including fear, curiosity, and urgency. They often impersonate trusted entities or use personalized information to lower recipients’ guard and establish trust. The use of emotional manipulation and emotional triggers, such as excitement or outrage, further intensifies the impact of these attacks. Recognizing and understanding these psychological tactics is paramount for individuals and organizations in fortifying their defenses against smishing, empowering them to identify and resist such manipulative attempts effectively.
→ Dig Deeper: Social Engineering—The Scammer’s Secret Weapon
Arming yourself with knowledge about SMiShing and its modus operandi is the initial line of defense. Once you comprehend the nature of this scam, you are better equipped to identify it. However, understanding alone is not enough. There are several practical measures that you can adopt to safeguard your personal information from SMiShing scams.
At the top of this list is exercising caution with text messages, especially those from unknown sources. Resist the impulse to click on links embedded within these texts. These links often lead to malicious websites engineered to steal your data or trigger the download of harmful software like keyloggers. Do not respond to text messages that solicit personal information. Even if the message seems to originate from a trusted entity, it is always better to verify through other means before responding.
Furthermore, be wary of text messages that create a sense of urgency or evoke fear. SMiShers often manipulate emotions to spur immediate action, bypassing logical scrutiny. For instance, you may receive a message supposedly from your bank alerting you about a security breach or unauthorized transaction. Instead of panicking and clicking on the provided link, take a moment to contact your bank through their officially listed number for clarification.
There is also the option of using comprehensive mobile security applications. These apps provide an array of features such as text message filtering, antivirus, web protection, and anti-theft measures. Applications like McAfee Mobile Security can significantly enhance your defense against SMiShing attacks and other cyber threats.
McAfee Pro Tip: Try McAfee Mobile Security’s scam protection. It scans the URLs within your text messages to enhance your online safety. If a suspicious or scam link is detected, it will send an alert on Android devices or automatically filter out the problematic text. Additionally, it actively blocks potentially harmful links in emails, text messages, and social media if you happen to click on them by mistake, adding an extra layer of protection to your online experience.
SMiShing is a serious cyber threat that aims to exploit the trust that individuals place in their text messages. By impersonating reputable organizations and creating a sense of urgency, scammers try to trick recipients into providing personal information or clicking on malicious links. Protecting oneself from SMiShing involves understanding what it is, recognizing the threat, and adopting effective protective measures. These include being cautious of unsolicited text messages, refraining from clicking on links within these texts, and using comprehensive mobile security applications. Additionally, being aware of the red flags, such as poor grammar, unsolicited messages, and requests for sensitive information via SMS, can help in detecting potential scams. In an increasingly digital age, staying vigilant and proactive is the best way to protect your personal information from cybercriminals.
The post Understanding and Protecting Yourself from SMiShing appeared first on McAfee Blog.
A cutting-edge utility designed exclusively for web security aficionados, penetration testers, and system administrators. WebSecProbe is your advanced toolkit for conducting intricate web security assessments with precision and depth. This robust tool streamlines the intricate process of scrutinizing web servers and applications, allowing you to delve into the technical nuances of web security and fortify your digital assets effectively.
WebSecProbe is designed to perform a series of HTTP requests to a target URL with various payloads in order to test for potential security vulnerabilities or misconfigurations. Here's a brief overview of what the code does:
Does This Tool Bypass 403 ?
It doesn't directly attempt to bypass a 403 Forbidden status code. The code's purpose is more about testing the behavior of the server when different requests are made, including requests with various payloads, headers, and URL variations. While some of the payloads and headers in the code might be used in certain scenarios to test for potential security misconfigurations or weaknesses, it doesn't guarantee that it will bypass a 403 Forbidden status code.
In summary, this code is a tool for exploring and analyzing a web server's responses to different requests, but whether or not it can bypass a 403 Forbidden status code depends on the specific configuration and security measures implemented by the target server.
FreshRSS 
pip install WebSecProbe
WebSecProbe <URL> <Path>
Example:
WebSecProbe https://example.com admin-login
from WebSecProbe.main import WebSecProbe
if __name__ == "__main__":
url = 'https://example.com' # Replace with your target URL
path = 'admin-login' # Replace with your desired path
probe = WebSecProbe(url, path)
probe.run()In the ever-growing digital age, our mobile devices contain an alarming amount of personal, sensitive data. From emails, social media accounts, banking applications to payment apps, our personal and financial lives are increasingly entwined with the convenience of online, mobile platforms. However, despite the increasing threat to cyber security, it appears many of us are complacent about protecting our mobile devices.
Survey revealed that many mobile users still use easy-to-remember and easy-to-guess passwords. With such an increasing dependence on mobile devices to handle our daily tasks, it seems unimaginable that many of us leave our important personal data unguarded. Theft or loss of an unsecured mobile device can, and often does, result in a catastrophic loss of privacy and financial security.
The unfortunate reality of our digital era is that devices are lost, misplaced, or stolen every day. A mobile device without password protection is a gold mine for anyone with malicious intent. According to a global survey by McAfee and One Poll, many consumers are largely unconcerned about the security of their personal data stored on mobile devices. To illustrate, only one in five respondents had backed up data on their tablet or smartphone. Even more concerning, 15% admitted they saved password information on their phone.
Such statistics are troubling for several reasons. The most obvious is the risk of personal information —including banking details and online login credentials— falling into the wrong hands. A lost or stolen device is not just a device lost— it’s potentially an identity, a bank account, or worse. The lack of urgency in securing data on mobile devices speaks to a broad consumer misunderstanding about the severity of the threats posed by cybercriminals and the ease with which they can exploit an unprotected device.
→ Dig Deeper: McAfee 2023 Consumer Mobile Threat Report
Perhaps one of the most surprising findings of the survey is the difference in mobile security behaviors between men and women. This difference illustrates not just a disparity in the type of personal information each group holds dear, but also the degree of risk each is willing to accept with their mobile devices.
Broadly speaking, men tend to place greater value on the content stored on their devices, such as photos, videos, and contact lists. Women, on the other hand, appear more concerned about the potential loss of access to social media accounts and personal communication tools like email. They are statistically more likely to experience online harassment and privacy breaches. This could explain why they are more concerned about the security of their social media accounts, as maintaining control over their online presence can be a way to protect against harassment and maintain a sense of safety.
The loss of a mobile device, which for many individuals has become an extension of their social identity, can disrupt daily life significantly. This distinction illustrates that the consequences of lost or stolen mobile devices are not just financial, but social and emotional as well.
Despite the differences in what we value on our mobile devices, the survey showed a worrying level of risky behavior from both genders. Over half (55%) of respondents admitted sharing their passwords or PIN with others, including their children. This behavior not only leaves devices and data at risk of unauthorized access but also contributes to a wider culture of complacency around mobile security.
Password protection offers a fundamental layer of security for devices, yet many people still choose convenience over safety. Setting a password or PIN isn’t a failsafe method for keeping your data safe. However, it is a simple and effective starting point in the broader effort to protect our digital lives.
→ Dig Deeper: Put a PIN on It: Securing Your Mobile Devices
While the survey results raise an alarm, the good news is that we can turn things around. It all begins with acknowledging the risks of leaving our mobile devices unprotected. There are simple steps that can be taken to ramp up the security of your devices and protect your personal information.
First and foremost, password-protect all your devices. This means going beyond your mobile phone to include tablets and any other portable, internet-capable devices you may use. And, while setting a password, avoid easy ones like “1234” or “1111”. These are the first combinations a hacker will try. The more complex your password is, the sturdier a barrier it forms against unauthorized access.
Another important step is to avoid using the “remember me” function on your apps or mobile web browser. Although it might seem convenient to stay logged into your accounts for quick access, this considerably amplifies the risk if your device gets stolen or lost. It’s crucial to ensure you log out of your accounts whenever not in use. This includes email, social media, banking, payment apps, and any other accounts linked to sensitive information.
McAfee Pro Tip: If your phone is lost or stolen, employing a combination of tracking your device, locking it remotely, and erasing its data can safeguard both your phone and the information it contains. Learn more tips on how to protect your mobile device from loss and theft.
Sharing your PIN or password is also a risky behavior that should be discouraged. Admittedly, this might be challenging to implement, especially with family members or close friends. But the potential harm it can prevent in the long run far outweighs the temporary convenience it might present.
Having highlighted the importance of individual action towards secure mobile practices, it’s worth noting that investing in reliable security software can also make a world of difference. A mobile security product like McAfee Mobile Security, which offers anti-malware, web protection, and app protection, can provide a crucial extra layer of defense.
With app protection, not only are you alerted if your apps are accessing information on your mobile that they shouldn’t, but in the event that someone does unlock your device, your personal information remains safe by locking some or all of your apps. This means that even if your device falls into the wrong hands, they still won’t be able to access your crucial information.
It’s also critical to stay educated on the latest ways to protect your mobile device. Cyber threats evolve constantly, and awareness is your first line of defense. McAfee has designed a comprehensive approach to make the process of learning about mobile security not just informative but also engaging. Our array of resources includes a rich repository of blogs, insightful reports, and informative guides. These materials are meticulously crafted to provide users with a wealth of knowledge on how to protect their mobile devices, ensuring that the learning experience is not only informative but also engaging and enjoyable.
While the current state of mobile device security may seem concerning, it’s far from hopeless. By incorporating simple security practices such as setting complex passwords and avoiding shared access, we can significantly reduce the risk of unauthorized data access. Additionally, investing in trusted mobile security products like McAfee Mobile Security can provide a robust defense against advancing cyber threats. Remember, our digital lives mirror our real lives – just as we lock and secure our homes, so too must we protect our mobile devices.
The post How to Protect Your Mobile Device From Loss and Theft appeared first on McAfee Blog.
Every day, life for many consumers has become more “digital” than before—this has made day-to-day tasks easier for many of us, but it also creates new challenges. From online banking to medical records, protecting our private, personal information is imperative.
Too often, the same password is used for multiple online accounts—for instance, you might log in to your online banking site with the same password you use for your personal email account. In a McAfee survey, 34% of people reported that they use the same password for multiple online accounts. Using identical passwords is convenient for us as users, but it’s also convenient for any hacker trying to steal personal information—once a hacker has access to one of your accounts, he can use a recycled password to snoop around at will.
Certainly, using more than one password and passphrases that include a mix of upper and lower case letters, numbers, and symbols and is at least ten characters in length goes a long way towards keeping malicious people at bay, but unfortunately, merely adding variety to your login information doesn’t guarantee security. In The Easiest Ways to Not Get Hacked, author Rebecca Greenfield included this chart showing just how much difference one character in length makes:
One of the most important accounts to keep secure is your primary email account—and here’s why: sooner or later, we all have to use the “I forgot my password” option, which typically sends a password reset email.
A hacker only needs to crack the password for your primary email account, and he’ll be able to access any of your other secure accounts simply by clicking the “forgot password” button when he sees it. This is known as a single point of failure, meaning it’s the one piece in any system that can bring down your whole system.
McAfee Pro Tip: If you’re having trouble remembering all your complex passwords on multiple accounts, a password manager can help you save time and effort while securing your accounts and devices. Learn more about McAfee’s password manager.
Establishing a separate email account for registration is one idea—in other words, your “I forgot my password” emails would all be sent to an account other than your primary email account. But even in that situation, there’s still only one password between a hacker and most of the data you want to keep from a hacker’s hands—from financial accounts and bank access to your weekly grocery delivery service. So the real question, even if you’re savvy enough to have a separate email address for password rescue, is: how do you make any email account more secure?
Two-step verification (often referred to as two-factor authentication) is a system designed to give you an extra layer of security that’s easy to use and indispensable for commercial or highly sensitive accounts. Two-step verification protects your email with not only a password but also by associating your account with a specific device or devices. A recent example of how this works comes from Google. In the case of Google’s two-step verification for Gmail accounts, a user simply re-authorizes the account every 30 days, by providing a numeric code that confirms the account.
→ Dig Deeper: Two-Factor vs. Multi-Factor Authentication: What’s the Difference?
The extra step and learning a new system of security sounds like an enormous hassle, but Google has taken the pain out of the process by allowing you to obtain the code in one of three ways:
This means that a hacker who wants to access your email account can only do so if he has access to your text messages or your landline phone. It might not stop every cybercriminal, but it does make the average hacker’s job a lot harder.
McAfee Pro Tip: Some hackers may go as far as calling your personal numbers, if they have access to them, and ask for your two-factor verification code to access your financial accounts, citing that they need it for their ongoing promotions or measures to improve your account security. This is a social engineering tactic that you should familiarize yourself with. Learn more about social engineering.
This two-factor authentication, while not new, is making major inroads among websites, apps, and services that process critical information. Many corporations have used hardware-based secondary authentication codes for years, but Google and others (including Twitter) are working hard to make this enhanced authentication flow a more practical and accessible part of our working lives.
New biometric verification options, such as a retina or fingerprint scan, are also catching on among security-conscious consumers, and will likely be a feature on more devices in the future. As times change, and more sensitive information flows through these sites, we can be sure to see more of these processes put into place.
→ Dig Deeper: How Virtual Reality and Facebook Photos Helped Researchers Hack Biometric Security
Two-step verification offers multiple benefits in the world of digital security. The key merit is that it presents an extra hurdle for hackers to overcome. If a hacker has breached your password, they still have to pass the second level of verification. As such, two-step verification makes your information harder to access, giving you added peace of mind.
Apart from enhancing security, two-step verification simplifies the recovery process if you ever forget your password. Since you have set up a secondary recovery method, you can use it to reset your password. This reduces the risk of losing access to your account due to forgotten passwords.
→ Dig Deeper: Let’s Make Security Easy
Setting up two-step verification on your accounts is relatively straightforward process. The first step is to go to the account settings of the platform where you want to enable this feature. Once you are there, locate the two-step verification or two-factor authentication option. Click on it, and follow the prompts. Typically, the system will ask for your phone number or an alternative email address to send the verification code to complete the process. Once that is done, you are all set.
From then on, every time you log in, you will need to input not only your password but also a unique code sent to your phone number or alternative email. Remember to choose a method that is convenient for you. For instance, if you are always on your phone, it may be easier to opt for the text message verification code option. This ensures that you can always promptly complete the second step of verification whenever you log in.
→ Dig Deeper: Protect Your Social Passwords with Two-Step Verification
While two-step verification offers an added layer of security, it is not foolproof. One potential challenge is that a hacker could intercept the verification code. Despite its rarity, this type of security breach is possible and has occurred. Furthermore, you might face issues if you lose the device used for verification. For example, if you lose your phone and have set it up for receiving verification codes, you might struggle to access your accounts.
Moreover, two-step verification can be inconvenient for some people. It adds an extra step every time you log in, and if you do not have immediate access to your verification device, you might be locked out of your accounts. Despite these challenges, the benefits of two-step verification far outweigh the potential drawbacks, and it remains a robust and recommended security measure in the digital era.
In conclusion, two-step verification offers a critical layer of security in protecting your digital assets. As life becomes increasingly digitized, and we continue to store more personal and sensitive information online, it is crucial to employ strong security measures like two-step verification. While it might seem like a bit of a hassle at times, the added security it provides, the peace of mind and the protection of your personal information make it a worthwhile endeavor. As the old saying goes, “It’s better to be safe than sorry.”
Therefore, embrace two-step verification and make it harder for hackers to gain access to your information. After all, security in the digital sphere is not a luxury, but a necessity.
To further protect your digital assets, consider McAfee+, our most comprehensive online protection software. Protect your mobile, laptops, computers, and IoT devices with reputable security software.
The post Make a Hacker’s Job Harder with Two-step Verification appeared first on McAfee Blog.
The rise in popularity of Internet-connected smart devices has brought about a new era of convenience and functionality for consumers. From Smart TVs and refrigerators to wireless speakers, these devices have transformed the way we live and communicate. However, this advancement in technology is not without its downsides. One of the most notable is the increasing vulnerability to cyber-attacks. In this article, we’ll explore what happened when hundreds of thousands of these devices were roped into an extensive Internet-of-Things (IoT) cyber attack, how it happened, and how you can protect your smart devices to stay safe.
In what has been termed as the first widespread IoT cyber attack, security researchers discovered that over 100,000 smart home devices were manipulated to form a malicious network. This network, dubbed ‘ThingBot,’ was used to launch a massive phishing campaign, sending out approximately 750,000 spam emails over a two-week period.
The key players in this attack were the smart home appliances that many of us use every day. They range from Smart TVs and refrigerators to wireless speakers, all of which were connected to the internet. The attack signified two key developments: the rise of the IoT phenomenon and the substantial security threats posed by these increasingly connected devices.
→ Dig Deeper: LG Smart TVs Leak Data Without Permission
IoT refers to the growing trend of everyday devices becoming more connected to the web. This connection aims to bring added convenience and ease to our daily activities. It ranges from wearable devices like FitBit and Google Glass to smart TVs, thermostats, and computerized cars. While this trend is new and rapidly growing, its implications for security are significant.
The discovery of the IoT botnet in this attack demonstrates just how easily hackers can commandeer these connected smart devices. One would think that security software installed on PCs would provide adequate protection. Unfortunately, that’s not the case. The new generation of connected appliances and wearables does not come with robust security measures. This deficiency is the reason why hackers were able to infect more than 100,000 home devices in a global attack, manipulating these devices to send out their malicious messages.
→ Dig Deeper: The Wearable Future Is Hackable. Here’s What You Need To Know
Cybercriminals will continue to exploit the inherent insecurities in the IoT landscape. With the number of connected or “smart” devices projected to increase exponentially in the coming years (reaching an estimated 200 billion IoT devices by 2020). Here’s a list of those implications users can expect:
Prevention and precaution are the best defense against IoT cyber attacks. The first step is to secure your devices with a password. While it may seem simple and obvious, many consumers disregard this step, leaving their devices vulnerable to attacks. Using unique, complex passwords and frequently updating them can help to safeguard against hacking attempts. Furthermore, consider employing two-step verification for devices that offer this feature for additional security.
One must not forget the importance of software updates. Internet-connected devices such as smart TVs and gaming consoles often come with software that needs regular updating. Manufacturers typically release these updates to patch known security vulnerabilities. Hence, whenever there’s an update, it’s wise to install it promptly. It’s also crucial to exercise caution while browsing the internet on these devices. Avoid clicking links from unknown senders and do not fall for deals that appear too good to be true, as these are common phishing tactics.
→ Dig Deeper: Why Software Updates Are So Important
Before purchasing any IoT device, perform thorough research on the product and the manufacturer. Investigate the company’s security policies and understand the ease with which the product can be updated. In case of any doubts about the security of the device, don’t hesitate to reach out to the manufacturer for clarification. Remember, your security is paramount and deserves this level of attention.
Lastly, it’s vital to protect your mobile devices. Most IoT devices are controlled via smartphones and tablets, making them potential targets for hackers. Ensuring that these devices are secured helps to protect your IoT devices from being compromised. Services like McAfee LiveSafe™ offer comprehensive mobile security that provides real-time protection against mobile viruses, spam, and more, which significantly reduces the chances of a security breach.
McAfee Pro Tip: McAfee LiveSafe doesn’t just protect against mobile viruses. You can safeguard an unlimited number of your personal devices throughout the entire duration of your subscription. So, be sure to connect all your devices for optimal security.
As technology advances and the Internet-of-Things continues to expand, the security challenges associated with it will persist. The first global IoT cyber attack served as a wakeup call for both consumers and manufacturers about the potential security threats that come with the convenience of smart devices. It is essential for individual users to take proactive steps to secure their devices and for manufacturers to continually improve the security features of their products. By working together, we can enjoy the benefits of IoT without compromising our security. And by investing in reliable cybersecurity solutions like McAfee+, Total Protection, and Live Safe, you can enhance your defense against potential attacks and enjoy the benefits of IoT with greater peace of mind.
The post Smart TVs and Refrigerators Used in Internet-of-Things Cyberattack appeared first on McAfee Blog.
In the age of digital data and Internet access, the potential for scams is more significant than ever. These scams often involve leveraging popular search queries to trap unsuspecting netizens into their malicious schemes. Among the top searches in the online world, celebrities hold a prime spot. Through this guide, we aim to shed light on how scammers take advantage of the global fascination with celebrities to target their potential victims.
As digital users, most of us are likely well-acquainted with the phrase “Just Google it.” The search engine has become a go-to source for any information ranging from essential daily needs to entertainment gossip. But it’s crucial to remember that while you’re in pursuit of data, scammers are in search of their next victim.
Scammers have significantly evolved with the advancement of technology. They’ve mastered the art of creating fake or infected websites that can harm your computer systems, extract your financial information, or even steal your identity. Their strategies often include luring victims through popular searches, such as the latest Twitter trends, breaking news stories, major world events, downloads, or even celebrity images and gossip. The higher the popularity of the search, the greater the risk of encountering harmful results.
McAfee has conducted research for six consecutive years on popular celebrities to reveal which ones are riskiest to search for online. For instance, Emma Watson outplaced Heidi Klum as the most dangerous celebrity to look up online. Interestingly, it was the first year that the top 10 list comprised solely of women. Cybercriminals commonly exploit the names of such popular celebrities to lead users to websites loaded with malicious software, consequently turning an innocent search for videos or pictures into a malware-infected nightmare.
→ Dig Deeper: Emma Watson Video Scam: Hackers Use Celeb’s Popularity to Unleash Viruses
Scammers are well aware of the allure the word “free” holds for most Internet users. They cleverly exploit this to get your attention and draw you into their traps. For instance, when you search for “Beyonce” or “Taylor Swift” followed by prompts like “free downloads”, “Beyonce concert photos”, or “Taylor Swift leaked songs”, you expose yourself to potential online threats aiming to steal your personal information. It’s always prudent to maintain a healthy level of skepticism when encountering offers that seem too good to be true, especially those labeled as “free.”
While the internet can be a dangerous playground, it doesn’t mean that you cannot protect yourself effectively. Using common sense, double-checking URLs, utilizing safe search plugins, and having comprehensive security software are some strategies to help ensure your online safety. This guide aims to provide you with insights and tools to navigate the online world without falling prey to its many hidden dangers.
Truth be told, the responsibility for online safety lies primarily with the user. Just as you would not walk into any shady-looking place in real life, it requires a similar instinct to avoid shady sites while browsing online. One important piece of advice – if something appears too good to be true, in all probability, it is. So, take note of these practical tips to help you guard against celebrity scams and other online threats:
→ Dig Deeper: How to Tell Whether a Website Is Safe or Unsafe
→ Dig Deeper: The Big Reason Why You Should Update Your Browser (and How to Do It)
Having comprehensive security software installed on your devices is another crucial step towards preventing scams. Good antivirus software can protect against the latest threats, alert you about unsafe websites, and even detect phishing attempts. Furthermore, always keep your security software and all other software updated. Cybercriminals are known to exploit vulnerabilities in outdated software to infiltrate your devices and steal your data.
Apart from ensuring you have security software, be cautious about what you download on your devices. Trojans, viruses, and malware are often hidden in downloadable files, especially in sites that offer ‘free’ content. Cybercriminals tempting users to download infected files often use popular celebrity names. Therefore, download wisely and from reputed sources.
McAfee Pro Tip: Before committing to a comprehensive security plan, it’s crucial to evaluate your security protection and analyze your requirements. This proactive stance forms the bedrock for crafting strong cybersecurity measures that cater precisely to your unique needs and potential vulnerabilities. For more information about our acclaimed security solutions, explore our range of products.
In the digital world, where information and entertainment are available at our fingertips, it’s crucial to remain vigilant against scams, especially those involving celebrities. By exercising prudent online practices like scrutinizing URLs, using safe search plugins, and installing comprehensive security software, we can significantly reduce our risk of falling prey to these scams.
It’s imperative to understand that the popularity of a search term or trend is directly proportional to the risk it carries. So next time, before you search for your favorite celebrity, remember, the more famous the celebrity, the greater the risk. Together with McAfee, let’s promote safer browsing practices and contribute to a safer online community for all.
The post Celebrities Are Lures For Scammers appeared first on McAfee Blog.
One of the essential aspects of digital security resides in the strength of our passwords. While they are the most convenient and effective way to restrict access to our personal and financial information, the illusion of a fully secure password does not exist. The reality is that we speak in terms of less or more secure passwords. From a practical perspective, we must understand the behind-the-scenes actions that could potentially compromise our passwords and consequently, our digital lives.
Unfortunately, most users frequently overlook this crucial part of their digital existence. They remain largely ignorant of numerous common techniques that hackers employ to crack passwords, leading to the potential loss of personal details, financial information, or even identity theft. Therefore, this blog aims to enlighten readers on how they might be unknowingly making their passwords vulnerable.
Passwords serve as the first line of defense against unauthorized access to our online accounts, be it email, social media, banking, or other sensitive platforms. However, the unfortunate reality is that not all passwords are created equal, and many individuals and organizations fall victim to password breaches due to weak or compromised credentials. Let’s explore the common techniques for cracking passwords, and learn how to stay one step ahead in the ongoing battle for online security.
In the world of cyber-attacks, dictionary attacks are common. This approach relies on using software that plugs common words into the password fields in an attempt to break in. It’s an unfortunate fact that free online tools exist to make this task almost effortless for cybercriminals. This method spells doom for passwords that are based on dictionary words, common misspellings, slang terms, or even words spelled backward. Likewise, using consecutive keyboard combinations such as qwerty or asdfg is equally risky. An excellent practice to deflect this attack is to use unique character combinations that make dictionary attacks futile.
Besides text-based passwords, these attacks also target numeric passcodes. When over 32 million passwords were exposed in a breach, nearly 1% of the victims used ‘123456’ as their password. Close on its heels, ‘12345’ was the next most popular choice, followed by similar simple combinations. The best prevention against such attacks is avoiding predictable and simple passwords.
→ Dig Deeper: Cracking Passwords is as Easy as “123”
While security questions help in password recovery, they also present a potential vulnerability. When you forget your password and click on the ‘Forgot Password’ link, the website generally poses a series of questions to verify your identity. The issue here is that many people use easily traceable personal information such as names of partners, children, other family members, or pets as their answers, some of which can be found on social media profiles with little effort. To sidestep this vulnerability, it’s best not to use easily accessible personal information as the answer to security questions.
McAfee Pro Tip: Exercise caution when sharing content on social media platforms. Avoid making all your personal information publicly accessible to thwart hackers from gathering sensitive details about you. Learn more about the dangers of oversharing on social media here.
A common mistake that many internet users make is reusing the same password for multiple accounts. This practice is dangerous as if one data breach compromises your password, the hackers can potentially gain access to other websites using the same login credentials. According to a report published by LastPass in 2022, a recent breach revealed a shocking password reuse rate of 31% among its victims. Hence, using unique passwords for each of your accounts significantly reduces the risk associated with password reuse.
Moreover, it’s also advisable to keep changing your passwords regularly. While this might seem like a hassle, it is a small price to pay for ensuring your digital security. Using a password manager can help you remember and manage different passwords for different websites.
Social Engineering is a non-technical strategy that cybercriminals use, which relies heavily on human interaction and psychological manipulation to trick people into breaking standard security procedures. They lure their unsuspecting victims into revealing confidential data, especially passwords. Therefore, vigilance and skepticism are invaluable weapons to have in your arsenal to ward off such attacks.
The first step here would be not to divulge your password to anyone, no matter how trustworthy they seem. You should also be wary of unsolicited calls or emails asking for your sensitive information. Remember, legitimate companies will never ask for your password through an email or a phone call.
Despite the vulnerabilities attached to passwords, much can be done to enhance their security. For starters, creating a strong password is the first line of defense. To achieve this, you need to use a combination of uppercase and lowercase letters, numbers, and symbols. Making the password long, at least 12 to 15 characters, significantly improves its strength. It’s also advisable to avoid using common phrases or strings of common words as passwords- they can be cracked through advanced versions of dictionary attacks.
In addition to creating a strong password, adopting multi-factor authentication can greatly enhance your account security. This technology requires more than one form of evidence to verify your identity. It combines something you know (your password), something you have (like a device), and something you are (like your fingerprint). This makes it more difficult for an attacker to gain access even if they have your password.
→ Dig Deeper: 15 Tips To Better Password Security
The future of passwords looks promising. Scientists and tech giants are working relentlessly to develop stronger and more efficient access control tools. Biometrics, dynamic-based biometrics, image-based access, and hardware security tokens are some of the emerging technologies promising to future-proof digital security. With biometrics, users will no longer need to remember complex passwords as access will be based on unique personal features such as fingerprints or facial recognition.
Another promising direction is the use of hardware security tokens, which contain digital certificates to authenticate the user. These tokens can be used in combination with a password to provide two-factor authentication. This makes it more difficult for an attacker to gain access as they would need both your token and your password. While these technologies are still developing, they suggest a future where access control is more secure and user-friendly.
In conclusion, while there’s no such thing as a perfectly secure password, much can be done to enhance their security. Understanding the common techniques for cracking passwords, such as dictionary attacks and security questions’ exploitation, is the first step towards creating more secure passwords. Using unique complex passwords, combined with multi-factor authentication and software tools like McAfee’s True Key, can greatly improve the security of your accounts.
The future of passwords looks promising with the development of biometrics and hardware security tokens. Until then, it’s crucial to adopt the best password practices available to protect your digital life. Remember, your online security is highly dependent on the strength and uniqueness of your passwords, so keep them complex, unique, and secure.
The post What Makes My Passwords Vulnerable? appeared first on McAfee Blog.
It all feels so harmless. Who isn’t even alittle curious which celebrity is their look-a-like or what ’80s song best matches their personality? While some of these fun little quizzes and facial recognition-type games that pop up on social media are advertiser-generated and harmless, others have been carefully designed to steal your data.
According to the Better Business Bureau (BBB) consumers need to beware with the IQ tests, quizzes that require you to trade information. Depending on the goal of the scam, one click could result in a new slew of email or text spam, malicious data mining, or even a monthly charge on your phone bill.
Besides the spammy quizzes, scammers also use click bait, that are headlines designed to get your click and your data. Such headlines often promise juicy info on celebrities and may even legitimate human interest stories that claim, “and you won’t believe what happened next.” While some of those headlines are authored by reputable companies simply trying to sell products and compete for clicks, others are data traps that chip away at your privacy.
The best defense against click bait is knowledge. Similar to the plague of fake news circulating online, click bait is getting more sophisticated and deceptive in appearance, which means that users must be even more sophisticated in understanding how to sidestep these digital traps.
Our digital landscape is peppered with fake news and click bait, which makes it difficult to build trust with individuals and brands who have legitimate messages and products to share. As you become savvy to the kinds of data scams, your discernment and ability to hold onto your clicks will become second nature. Continue to have fun, learn, connect, but guard your heart with every click. Be sure to keep yor devices protected while you do!
The post Are You Getting Caught by Click Bait? appeared first on McAfee Blog.
Fears and phobias. We all have them. But what are your biggest ones? I absolutely detest snakes but spiders don’t worry me at all. Well, new research by McAfee shows that cybercriminals and the fear of being hacked are now the 5th greatest fear among Aussies.
With news of data breaches and hacking crusades filling our news feed on a regular basis, many of us are becoming more aware and concerned about the threats we face in our increasingly digital world. And McAfee’s latest confirms this with hackers making their way into Australia’s Top 10 Fears.
According to research conducted by McAfee, snakes are the top phobia for Aussies followed by spiders, heights and sharks. Cybercriminals and the fear of being hacked come in in 5th place beating the dentist, bees, ghosts, aeroplane travel and clowns!
Aussie Top 10 Fears and Phobias
Fears and phobias develop when we perceive that we are at risk of pain, or worse, still, death. And while almost a third of respondents nominated snakes as their number one fear, there is less than one-in-fifty thousand chance of being bitten badly enough by a snake to warrant going to hospital in Australia, according to research from the Internal Medicine Journal.
In contrast, McAfee’s analysis of more than 108 billion potential online threats between October and December, identified 202 million of these threats as genuine risks. With a global population of 7.5 billion, that means there is approximately a one in 37 chance of being targeted by cybercrime. Now while this is not a life-threatening situation, these statistics show that chance of us being affected by an online threat is very real.
According to the research, 82% of Aussies believe that being hacked is a growing or high concern. And when you look at the sheer number of reported data breaches so far this year, these statistics make complete sense. Data breaches have affected Bunnings staff, Federal Parliament staff, Marriott guests, Victorian Government staff, QLD Fisheries members, Skoolbag app users and Big W customers plus many more.
Almost 1 in 5 (19%) of those interviewed said their top fear at work is doing something that will result in a data security breach, they will leak sensitive information or infect their corporate IT systems.
The fear that we are in the midst of a cyberwar is another big concern for many Aussies. Cyberwar can be explained as a computer or network-based conflict where parties try to disrupt or take ownership of the activities of other parties, often for strategic, military or cyberespionage purposes. 55% of Aussies believe that a cyberwar is happening right now but we just don’t know about it. And a fifth believe cyber warfare is the biggest threat to our nation.
Being proactive about protecting your online life is the absolute best way of reducing the chances of being hacked or being affected by a data breach. Here are my top tips on what you can now to protect yourself:
Using a password manager to create unique and complex passwords for each of your online accounts will definitely improve your online safety. If each on your online accounts has a unique password and you are involved in a breach, the hacker won’t be able to use the stolen password details to log into any of your other accounts.
Storing your financial data within your browser and being able to populate online forms quickly within seconds makes the autofill function very attractive however it is risky. Autofill will automatically fill out all forms on a page regardless of whether you can see all the boxes. You may just think you are automatically entering your email address into an online form however a savvy hacker could easily design an online form with hidden boxes designed to capture your financial information. So remove all your financial information from Autofill. I know this means you will have to manually enter information each time you purchase but your personal data will be better protected.
One of the easiest ways for a cybercriminal to compromise their victim is by using phishing emails to lure consumers into clicking links for products or services that could lead to malware, or a phoney website designed to steal personal information. If the deal seems too good to be true, or the email was not expected, always check directly with the source.
It’s important to put the right security solutions in place in order to surf the web safely. Add an extra layer of security to your browser with McAfee WebAdvisor.
I know public Wi-Fi might seem like a good idea, but if consumers are not careful, they could be unknowingly exposing personal information or credit card details to cybercriminals who are snooping on the network. If you are a regular Wi-Fi user, I recommend investing in a virtual private network or (VPN) such as McAfee Secure VPN which will ensure your connection is completely secure and that your data remains safe.
While it is tempting, putting our head in the sand and pretending hackers and cybercrime don’t exist puts ourselves and our families at even more risk! Facing our fears and making an action plan is the best way of reducing our worry and stress. So, please commit to being proactive about your family’s online security. Draw up a list of what you can do today to protect your tribe. And if you want to receive regular updates about additional ways you can keep your family safe online, check out my blog.
‘till next time.
Alex x
The post Aussies Fear Snakes, Spiders and Getting Hacked appeared first on McAfee Blog.
