Login
I am renowned for getting myself into big messes – particularly in the kitchen when I’m cooking up a storm. And I’m totally fine being alone: chopping, stirring and baking until it’s time to clean up! And that’s when the overwhelm hits – I know I should clean as I cook but I never do! So, what do I do? Rally the troops! Yes siree! There’s nothing like another set of eyes or hands to help one wade through the overwhelm – I’m sure that’s why I had 4 kids!!
Many people tell me that they feel a similar way about their online life. They know they need to be doing more to keep themselves safe, but they are completely overwhelmed at where to start. With so much of our lives lived online, it’s not uncommon for one person to have over a hundred online accounts across multiple devices which makes it very hard to keep track of logins, data breaches, or security software.
And research conducted by McAfee shows that consumers know they need to take steps to protect themselves with 74% of users concerned about keeping information private online and 57% keen to be in more control of their personal information. Not surprisingly, since the pandemic started 47% of online consumers feel unsafe compared to just 29% beforehand.
So, to try and make this very overwhelming task that bit easier, McAfee has developed a new tool that allows you to find your own Protection Score. Think of your Protection Score like your credit score or sleep score except this one is a measure of your security online. The higher the score, the safer you are online. And the best part about the score is that helps users identify exactly where they need to pinpoint their focus to ensure they are as safe as possible online. Think of it as a set of experienced hands to help you wade through the overwhelm.
In less than a minute, the McAfee Protection Score will provide you with a pretty clear understanding of how safe you are online. Participants are given a mark between 0 and 1000 that is based on several factors: whether you have online protection and whether your details have been leaked in a security breach. Now, don’t be alarmed if your score is low because here’s the best bit – you will receive a list of exactly what you need to do to improve it and protect yourself from online threats! Phew – my competitive type A personality wouldn’t have coped if I was unable to fix it!
Let me give you an example, when I signed up, I was alerted to the fact that my email address had been involved in a breach, yes – I’m very human! So, it helped me remedy this by taking me to the appropriate page where I could update my password, and then, bingo, my score (and online safety) improved!!
And just to ensure you remain committed, every time you venture back to the Protection Score page, your results and action plan will be there waiting for you to ensure you stay on track and most importantly, to cut through that overwhelm!
Now, in case you were wondering, McAfee’s Protection Score is a first for the cybersecurity industry but good news – they’ve promised it will continue evolving. They will continue to add more features and opportunities to personalize so you can ensure you are living life to the full online!!
So, if you’re feeling overwhelmed at exactly what you need to do to get your online safety under control then McAfee’s Protection Score is exactly what you need. In less than a minute you’ll be able to get a clear understanding of where your online security sits and a personalized action plan so you can start addressing it right away! How good is that?
Till Next Time,
Alex
The post How To Secure Your Online Life? Find Your Protection Score! appeared first on McAfee Blog.
The humble internet browser. Dutifully taking you the places you want to go online, whether that’s the bank, the store, the movies, or even to work. All the more reason to make sure your browser gets every last bit of protection it can.
It’s easy to fire up your browser without a second thought. Arguably, it’s one of the first things many of us do when we hop on our computers. And because it’s often our literal window into important tasks like managing our finances, making payments, and so forth, hackers will absolutely target browsers in order to conduct their attacks. Whether it’s through vulnerabilities in the code that runs the browser, injecting malicious code into a browser session or any one of several other attack vectors, hackers will try to find a way to compromise computers via the browser.
What’s one of the best ways to keep your browser safe? In a word, update. By updating your browser, you’ll get the latest in features and functionality in addition to security fixes that can keep you safer out there.
Let’s take a closer look at what a safer browser is all about, how to update yours, and check out some additional things you can do to stay safer still.
Just as long as there have been browsers, there have been security vulnerabilities and issues. Among the first documented cases, one of the most noteworthy goes back to 1995 when researchers at the University of California, Berkeley uncovered a security issue with the way the Netscape browser handled online payments. Today, news of potential browser exploits and follow-on security measures to remedy them still make the headlines all across several types of popular browsers.
The reality of the issue is that browsers, humble as they may seem to us, are complex applications made up of myriad smaller applications to handle all manner of tasks that create your overall web browsing experience. And where there’s code, there’s room for error. Errors that hackers will look to exploit until an update comes along and fixes them.
Adding further functionality to your browser, and potentially further opportunities for hackers, are browser plug-ins and extensions. These are small apps that give your browser additional capabilities, like opening and editing documents, blocking ads, finding coupons, and even playing tabletop role-playing games in a browser as well. In short, there are thousands of them, often available in the various stores run by different browser developers.
Likewise, browser plug-ins and extensions can be prone to security issues just like the browser they’re installed in. Errors in their code may lead to exploits that hackers can take advantage of. Further, not all plug-ins and extensions are safe and secure to use. It’s not uncommon for malicious ones to turn up on third-party sites that steal user information, introduce malware, or that end up serving ads on a person’s computer, just to name a few of the nasty things they can do. Even official browser stores have had malicious plug-ins and extensions slip onto their shelves.
Lastly, even seemingly legitimate plug-ins and extensions can introduce privacy issues. Given that they’re on your browser and have been granted permissions to work with it, they could be collecting data—data which the developer may use, share, or resell. And it may be tough to know exactly what’s being collected and what’s being done with it. Yet like many smartphone app stores, browser stores are including links to developer privacy statements on the download page for the plug-ins and extensions they offer, giving people more insight into how their data is used. However, sometimes plug-ins and extensions get sold from one company to another where they not only change owners but privacy policies as well. In other words, that plug-in or extension on your computer may get sold to another company without your knowledge and subsequently decide to use your data in an entirely new way.
Given this landscape, there’s a clear case for updating your browser regularly, along with your plug-ins and extensions as well. Moreover, you might want to take a look at what plug-ins and extensions you’re running as well to ensure they’re secure and that they’re something you actually have use for.
Let’s take a look at how you can do all that.
Set up your browser to update automatically. This is relatively straightforward, and browser developers have pages that show you how it’s done. For example, sampling a few of the browsers out there:
As for updating your extensions, the browser developers have put together quick guides to help you what that too. The good news is that when you update your browser, your browser typically updates its associated plug-ins and extensions as well. However, note that your browser’s update cycle may not be in sync with the update cycle for your various plug-ins and extensions, so you may want to go in and update them on their own. These guides can help:
<h2>Take a look at your browser extensions—and see if you want them in the first place
What extensions am I even running? Now that’s a great question. And it’s not too tough to get the answer. In short, your browser’s menu will have an option that will give you an overview of what you have installed and which ones are enabled for use. Once more, each browser developer has their own way of going about this:
This is a good opportunity to give your extensions a hard look. Are they something you use? Are they something you want? Who developed that extension? What might they be doing with my data? Answering these questions may take a little work on your part—like searching for news, information, or reviews about the various extensions you have installed. If you don’t like what your research turns up, you can simply uninstall the extension in question.
A good general rule is this—the fewer apps and extensions you have, the fewer you have to update. Likewise, that’s ultimately fewer lines of code that may turn up a possible exploit. If it’s something you’re not using, consider getting rid of it.
<h2>Make your browser safer with web protection
Many browser-based attacks find their way to you through sketchy websites and downloads. Even ads that look legit but are not. As said before, hackers will try and find a way. One tool you can use to beat them at their game is browser protection, which helps prevent you from making that one wrong click that leads to malware.
In our case, we offer McAfee WebAdvisor, a lightweight app that helps keep you safe from threats while you browse and search the web. Specifically, it includes three types of protection that can help steer you clear of those sketchy websites and downloads.
It’s a free download, and it’s also included with our comprehensive online protection software. Either way, this provides you with yet another line of defense when it comes to browser-based attacks.
That’s the big reason to update right there. Updates give you one more way to prevent attacks by fixing known security issues. It’s true for your operating systems, your apps, your games, what have you. All of them rely on sometimes complex code, code which can sprout exploits, ones that hackers will use. Count your browser in that mix as well. Updating your browser, plus its plug-ins and extensions will help keep you safer online.
The post The Big Reason Why You Should Update Your Browser (and How to Do It) appeared first on McAfee Blog.
It’s the month of top seeds, big upsets, and Cinderella runs by the underdogs. With March Madness basketball cranking up, a fair share of online betting will sure to follow—along with online betting scams.
Since a U.S. Supreme Court ruling in 2018, individual states can determine their own laws for sports betting. Soon after, states leaped at the opportunity to legalize it in some form or other. Today, 30 states and the District of Columbia have “live and legal” sports betting, meaning that people can bet on single-game sports through a retail or online sportsbook or combination of the two in their state.
If you’re a sports fan, this news has probably been hard to miss. Or at least the outcome of it all has been hard to miss. Commercials and signage in and around games promote several major online betting platforms. Ads have naturally made their way online too, complete with all kinds of promo offers to encourage people to get in on the action. However, that’s also opened the door for scammers who’re looking to take advantage of people looking to make a bet online, according to the Better Business Bureau (BBB). Often through shady or outright phony betting sites.
Let’s take a look at the online sports betting landscape, some of the scams that are cropping up, and some things you can do to make a safer bet this March or any time.
Among the 30 states that have “live and legal” sports betting, 19 offer online betting, a number that will likely grow given various state legislation that’s either been introduced or will be introduced soon.
If you’re curious about what’s available in your state, this interactive map shows the status of sports betting on a state-by-state level. Further, clicking on an individual state on the map will give you yet more specifics, such as the names of retail sportsbooks and online betting services that are legal in the state. For anyone looking to place a bet, this is a good place to start. This is further helpful for people who’re looking to get into online sports betting for the first time and is the sort of homework that the BBB advises people to do before placing a sports bet online. In their words, you can consider these sportsbooks to be “white-labeled” by your state’s gaming commission.
However, the BBB stresses that people should be aware that the terms and conditions associated with online sports betting will vary from service to service, as will the promotions that they offer. The BBB accordingly advises people to closely read these terms, conditions and offers. For one, “Gambling companies can restrict a user’s activity,” meaning that they can freeze accounts and the funds associated with them based on their terms and conditions. Also, the BBB cautions people about those promo offers that are often heavily advertised, “[L]ike any sales pitch, these can be deceptive. Be sure to read the fine print carefully.”
Where do scammers enter the mix? The BBB points to the rise of consumer complaints around bogus betting sites:
“You place a bet, and, at first, everything seems normal. But as soon as you try to cash out your winnings, you find you can’t withdraw a cent. Scammers will make up various excuses. For example, they may claim technical issues or insist on additional identity verification. In other cases, they may require you to deposit even more money before you can withdraw your winnings. Whatever you do, you’ll never be able to get your money off the site. And any personal information you shared is now in the hands of scam artists.”
If there’s a good reason you should stick to the “white labeled” sites that are approved by your state’s gaming commission, this is it. Take a pass on any online ads that promote betting sites, particularly if they roll out big and almost too-good-to-be-true offers. These may lead you to shady or bogus sites. Instead, visit the ones that are approved in your state by typing in their address directly into your browser.
In addition to what we mentioned above, there are several other things you can do to make your betting safer.
In addition to choosing a state-approved option, check out the organization’s BBB listing at BBB.org. Here you can get a snapshot of customer ratings, complaints registered against the organization, and the organization’s response to the complaints, along with its BBB rating, if it has one. Doing a little reading here can be enlightening, giving you a sense of what issues arise and how the organization has historically addressed them. For example, you may see a common complaint and how it’s commonly resolved. You may also see where the organization has simply chosen not to respond, all of which can shape your decision whether to bet with them or not.
Credit cards are a good way to go. One reason why is the Fair Credit Billing Act, which offers protection against fraudulent charges on credit cards by giving you the right to dispute charges over $50 for goods and services that were never delivered or otherwise billed incorrectly. Your credit card companies may have their own policies that improve upon the Fair Credit Billing Act as well. Debit cards don’t get the same protection under the Act.
Comprehensive online protection software will defend you against the latest virus, malware, spyware, and ransomware attacks plus further protect your privacy and identity. In addition to this, it can also provide strong password protection by generating and automatically storing complex passwords to keep your credentials safer from hackers and crooks who may try to force their way into your accounts. And, specific to betting sites, online protection can help prevent you from clicking links to known or suspected malicious sites.
With online betting cropping up in more and more states for more and more people, awareness of how it works and how scammers have set up their presence within it becomes increasingly important. Research is key, such as knowing who the state-approved sportsbooks and services are, what types of betting are allowed, and where. By sticking to these white-label offerings and reading the fine print in terms, conditions, and promo offers, people can make online betting safer and more enjoyable.
Editor’s Note:
If gambling is a problem for you or someone you know, you can seek assistance from a qualified service or professional. Several states have their own helplines, and nationally you can reach out to resources like http://www.gamblersanonymous.org/ or https://www.ncpgambling.org/help-treatment/.
The post How to Protect Yourself from March Madness Scams appeared first on McAfee Blog.
apple-1200
A-list celebrities and social media influencers are now adding their voices to the roar of other cryptocurrency fans asking you to join them in the investments of the future. It’s impossible to deny the grip cryptocurrencies have on the world today, for better or worse. In some industries, they speed the pace of business and for some, it’s a viable way to make ends meet and set up long-term investments. The cryptocurrency realm has also proven to be vulnerable to cybercriminals. For example, the Wormhole hack leaked $320 million, and cybercriminals have targeted crypto platforms with ransomware and mining app scams.
Whether you’re already in the cryptocurrency game or are thinking about taking the plunge, here’s what you need to know about crypto wallets and tips on how to keep yours safe from cybercriminals.
A cryptocurrency wallet, or crypto wallet, is a software product or a physical device that stores the public and private keys to your cryptocurrency accounts. Keys are strings of numbers and letters that encrypt and decrypt crypto transactions and secure crypto accounts. You can think of public keys as the routing and account numbers that appear at the bottom of paper checks. There’s not much a nefarious character can do with that information, and it’s totally normal to give that information to an acquaintance with whom you’re doing business. Private keys are like your online banking password or debit PIN. Those you must guard very closely because in the wrong hands, your hard-earned bank balance could disappear. A crypto wallet also allows you to transfer funds between crypto types and make transactions.
Here are a few basic types of crypto wallets to help you decide which type is right for you.
A non-custodial wallet means that you are the sole keeper of the keys to your crypto assets. If you forget your password, there’s no “forgot your password?” prompt to let you back in. While not having this safety net is a little nerve wracking, noncustodial wallets are considered the more secure option. You don’t have to worry about a security breach of a major corporation leaking your private key. If you’re responsible and confident that you’re prepared to look after your assets by yourself, this may be the best option for you.
A custodial wallet is a little less secure, but you have a third party helping you log in and manage your crypto accounts. Custodial wallets are often web-based, and the biggest tick in their pro column is that they’re generally very easy to use. While reputable custodial wallets take security very seriously, the threat of a breach is always a possibility, especially as crypto accounts are appealing targets to cybercriminals.
Hardware wallets, also known as cold wallets, are devices you can fit in the palm of your hand. Most models are Bluetooth-enabled devices that look like small remote controls or are flash drives. The device is secured by a PIN that you should never write down or share with anyone else. Also, you should designate a safe and private spot to store your hardware wallet. Similar to a noncustodial wallet, you are solely responsible for keeping track of the device and remembering the PIN. If you lose it, your crypto accounts are locked, and there’s no locksmith to open them for you. As long as you keep track of it, hardware wallets are very secure. Most models are equipped with malware- and virus-proofing security features.
Software wallets are downloaded and internet-connected mobile or desktop apps. They allow you to make transactions on the run, as you can access your crypto accounts from your phone. In that sense, they’re more convenient than hardware wallets. Additionally, software wallets have the same safety net as custodial wallets: if you lose your phone, forget your password, or require login assistance, the maker of the software can help you access your accounts. Software wallets are very secure when you enable their two-factor authentication login settings; however, since they connect to the internet, there’s always a chance a cybercriminal could break-in. Thus, hardware wallets are considered more secure than the software variety.
Check out these tips to ensure your assets are safe and secure in your crypto wallet:
Cryptocurrency value is reaching galactic heights like the spaceships depicted in prime-time ads. Don’t feel pressured to hop aboard the crypto rocket, but if you do decide to jump on, make sure you do your research carefully and make the best decisions for your crypto goals.
The post What Is a Crypto Wallet and How to Keep Your Wallet Secure? appeared first on McAfee Blog.
Whether it’s for routine care, a prescription refill, or a simple follow-up, online doctor visits offer tremendous benefits in terms of both convenience and ease of care—all good reasons to help mom and dad get connected with it.
There’s no doubt that more older adults than ever are taking advantage of online doctor visits, more formally known as telemedicine. While usage numbers have risen dramatically across all age groups, it’s particularly so for elders. Pre- and post-pandemic numbers saw a 63-fold increase in Medicare telemedicine use.
However, many older patients are missing out and not using telemedicine for one reason or another. What’s holding them back? Several things, according to research from the University of California, San Francisco:
Moreover, another issue is that many older adults do not know that telemedicine is an option. Research from the University of Michigan showed that 55% of older adults surveyed were unaware if their healthcare provider even offered telemedicine as a service. And perhaps quite telling is that the same survey revealed nearly half of older adults harbored concerns about privacy and did not feel personally connected to their care provider during their visits.
For us as children and grandchildren of older adults, it can be tough knowing that a loved one is missing out on an avenue of care that they could otherwise benefit from. While we absolutely respect what they feel is comfortable and trustworthy for them, there are several other areas where we can help the older loved ones in our lives overcome the issues and concerns they face.
With that, let’s talk about the technology behind telemedicine and how you can help them use it, and address some of those privacy issues as well.
As indicated above, paying a visit to the doctor via telemedicine can be a big jump. Just as the idea of it is new for many of us, it’s yet newer for older adults. There’s a good chance that you’re familiar with video chats and calls already, which gives you a foundation we can work with when it’s time to see the doctor on a screen. That may not be the case for older adults. Add that into the privacy concerns and decades of seeing a doctor in person, you can see why some older adults simply choose to opt-out.
One way you can help is to have a few video chats with your older loved ones. In addition to the regular calls you make, you might want to try having a video chat with them from time to time. It’s an outstanding way to spend time together when you can’t be together in person, and it may develop a comfort level with the technology so that they may be willing to give telemedicine a try. You can check out my earlier article in this series that covers video chats with mom and dad, along with straightforward steps to get them up and running on the technology and how to use it.
One thing your parents will need for their visit is a reliable device that they’re comfortable using. It could be a computer or laptop, or it may be a smartphone or tablet. Note that in some cases their healthcare provider may use a telemedicine solution that has certain requirements as well, so you’ll want to see what those are and ensure that the device mom or dad has is compatible. (For example, the care provider may have an app that’s available through the Apple App Store or Google Play. Others may have an online platform that can be accessed by several different kinds of devices.)
If they’re using a smartphone or tablet, that will likely make things easier because the camera and microphone are already integrated into the device—all set up and ready to go. For a computer or laptop, you can help them get familiar with the setup, like the microphone levels, speaker volume, and camera. For audio, you can see a set of headphones or smartphone earbuds work well for them, which can help prevent audio feedback loops and simply make it easier to hear the caregiver.
If you’re looking for a little assistance with a Windows computer, you can check out this quick article for setting up the audio and this article for setting up the camera. For Macs, check out this article for audio and this article for the video.
If they don’t already have comprehensive online protection software for their devices, look into getting it. This will protect them against malware, viruses, and phishing attacks. They’ll also benefit from other features that help them manage their passwords, protect their identity, safeguard their privacy, and more.
As for privacy in general, medical information is among the most precious information any of us have. For example, here in the U.S., we have HIPPA privacy standards to protect our medical records and conversations. Yet there’s also the issue of eavesdropping, which is a risk in practically any online communication.
To help address privacy issues and concerns, health care providers will often post a set of Frequently Asked Questions (FAQ) as part of their telemedicine service. Within that, you’ll very likely find a section on personal privacy and the technologies in place to protect it. Here’s a good example of a telemedicine FAQ from the University of Washington Medicine and another example from the telemedicine page that Virginia Mason/Franciscan Health designed for its patients.
In all, if your parents have concerns about their privacy, you can absolutely assure them that it’s a valid concern. Consult the provider’s FAQ for guidance. If either of you has further questions, feel free to call the healthcare provider and speak with them.
In addition to digital security, there’s the possibility of physical eavesdropping, somebody actually listening in on their conversation from another room, apartment, or from the street. Help your older loved ones pick a place in their home where they can have some privacy and where they can’t be overheard by neighbors and passers-by. A bedroom is a fine place—or any location that’s familiar and comfortable as well. When choosing a private place, a well-lit location is important as well so that the camera captures a nice and clear image.
Additionally, you can help them prep for their visit by putting together a list of things to discuss during the visit. The U.S. Department of Health and Human Services suggests writing things down:
In addition to the above, there are further measures you can help your parents or older loved one take to further secure their telemedicine visit—and their internet usage in general.
Your telemedicine visit may require setting up a new account and password. When doing so, make sure it’s with a strong, unique password. A password manager can help. Also found in comprehensive online protection software, a password manager can create and securely store strong and unique passwords for your mom and dad, giving them one less thing they need to remember and worry about.
A VPN, or virtual private network, offers a strong layer of additional protection when you’re transmitting health data or simply having a private conversation about your health with a professional. A VPN creates an encrypted tunnel to keep you and your activity anonymous. In effect, your data is scrambled and hidden to anyone outside your VPN tunnel, thus making your private information difficult to collect. Check with the care provider to see if their telemedicine solution uses a VPN. If not, you can always get a VPN as part of your online protection software.
Beyond their devices, securing their internet router is an important step in making a telemedicine visit safe and secure. The data that travels along it is of a highly personal nature already, so make sure the router has a strong and unique password. Also, change the name of their router so it doesn’t give away their address or any other signs of their identity. One more step is to check that your router is using an encryption method, like WPA2, which will keep your signal secure. If you have questions, check with their internet provider—they may even offer up a newer, more secure router to replace an older one.
As with anything concerning their health, have your parents and loved ones consult with their caregivers to ensure that a telemedicine visit is a proper course for them.
So while the technical ins and outs of preparing for a telemedicine visit may have their challenges for some older adults, we should also realize that getting comfortable with the idea of a telemedicine visit in the first place may take some time and effort. Starting with regular video chats with the family may increase familiarity and ease with holding a conversation over video. Likewise, having a conversation with their doctor about telemedicine may put some concerns to rest as well. After all, they will have a relationship with their doctor. Getting the facts from the doctor, face to face may help.
We all want what’s best, particularly when it comes to the care of our parents and older loved ones in our lives, and choosing to try telemedicine is a highly personal decision for them. I hope this article and the resources cited within it will help you enable them to make the choice that’s comfortable, effective, and right for them.
The post Helping Mom & Dad: Online Doctor Visits and Telemedicine appeared first on McAfee Blog.
Who loves tax season besides accountants? Scammers.
Emotions can run high during tax time. Even if you’re pretty sure you did everything right, you may still have a few doubts kicking around. Did I file correctly? Did I claim the right deductions? Will I get audited? As it turns out, these are the very same anxieties that criminals use as the cornerstone of their attacks.
So yes, crooks indeed love tax season. Particularly online. And they’ll bait your digital world with several proven types of scams in an effort to cash in on what can be a somewhat uncertain time.
The good news is that you have plenty of ways to protect yourself from these scams. Let’s look at what scammers typically have in store, along with some practical advice to protect yourself as you file your taxes—things you can do to keep crooks out of your business this tax season. Don’t delay, download McAfee’s tax season security guide to avoid the latest tax scams.
First, know that you’re probably doing a good job with your taxes. Less than 2% of returns get audited and most discrepancies or adjustments can get handled easily if you address them promptly.
Still, the wariness of the IRS and intricate tax laws makes for ripe pickings when it comes to hackers, who prey on people’s fear of audits and penalties. Common scams include fake emails, phone calls from crooks posing as IRS agents, and even robocalls that threaten jail time.
What are crooks looking to do with their scams? Several things:
As if we didn’t have enough to worry about at tax time without crooks in the mix.
Investigating the landscape even more closely, we can turn to the authority itself, as the IRS has published its most recent top 12 tax season scams, a broad list that includes:
|
|
For a comprehensive look at each one of these scams, and for ways, you can steer clear of them, check our Guide to IRS & Tax Season Scams. However, there are some common threads to many of these scams.
For starters, plenty of tax scams involve crooks posing as an IRS employee, perhaps via a phone call or email, to glean personal information from you, or to demand payment—sometimes under the threat of penalties or even jail time. Crooks won’t hesitate to use strong-arm tactics like these and play on your fears. The good news is that such tactics are typically a sign that the contact isn’t legitimate. In fact, a quick way to spot a scam is to know what the IRS won’t do when they contact you. From the IRS.gov website, the IRS will not:
What will the IRS do? Usually, the IRS will first mail a notification to any taxpayer who owes taxes. IRS collection employees might call on the phone or make an unannounced visit to your home or business. If they require payment, the payment will always be to the U.S. Treasury. Read about other ways to know what the IRS won’t do when they contact you.
Scammers won’t limit themselves to posing as the IRS. They’ll act as an imposter in several other ways as well. For example, they may pose as a popular do-it-yourself tax brand, a tax preparer, or even as a phony charitable organization that promises any donations you make are tax-deductible.
Here, they may send you phony emails or direct messages or even ring you up with bogus telemarketing or robocalls designed to steal personal information.
In the cases where the scammers reach you online, the emails and messages they send will vary in their tone and polish—in other words, how authentic they appear. Some will look nearly legitimate and cause even the most hardened of digital skeptics to click on a phony link or download a sketchy attachment. Others, well, will look clearly like spam, complete with spelling and grammatical errors, along with clumsy use of logos, layouts, and design.
Taken together, both are ways that scammers get people to visit sites designed to compromise personal information … or to download malware like keyloggers that skim account passwords and ransomware that encrypt a victim’s files hold them hostage for a price.
Social media attacks also made the IRS Dirty Dozen. In a social media attack, scammers harvest information from social media profiles and turn it against their victims. Per the IRS, because “social media enables anyone to share information with anyone else on the Internet, scammers use that information as ammunition for a wide variety of scams. These include emails where scammers impersonate someone’s family, friends, or co-workers.”
With those personal details gleaned from social media, scammers will send phony links to scam sites, promote bogus charities, or flat-out ask for money or gift cards to “help them out” at tax time.
No question that bogus emails, messages, and phone calls remain a popular way for scammers to steal personal and financial information. Spam emails, messages, and the malicious links associated with them abound this time of year as well. It’s always to keep a critical eye open for these, and it’s particularly true during tax season.
View all emails with attachments and links with suspicion, even if they appear to come from a person, business, or brand you know. Confirm attachments with the people you know before opening. And if you receive a message or alert about an account of yours, visit that company or organization’s website directly to enquire into the status of your account rather than taking a chance by clicking on a link that could send you to a phony website.
One way to protect yourself from an identity thief from claiming a return in your name is to file yours before they do. In fact, many victims of identity theft find out they’ve been scammed when they receive an IRS notification that their tax claim has already been filed. Simply put, file early.
Here’s another tool that can help you fight identity theft. And get this: it’s not only helpful, but it’s also free. Through the Federal Trade Commission, you are entitled to a free copy of your credit report from each of the three major credit reporting companies once every 12 months. In this report, you can find inaccuracies in your credit or evidence of all-out identity theft.
Keep in mind that you get one report from each of the reporting companies each year. That works out to three reports total in one year. Consider this: if you request one report from one credit reporting company every four months, you can spread your free credit report coverage across the whole year.
As with much of the guidance we offer around social media, one of the best ways to prevent such social media tax attacks is to make your profiles private so that only friends and family can see them. That way, scammers will have a far more difficult time reaching you. Moreover, consider paring back the information you share in your social media profiles, like your alma maters, birthday, mother’s maiden name, pet names—any personal information that a scammer may use to compromise your accounts or the security questions associated with them.
Protecting your devices with comprehensive online protection software can help block the phishing emails and suspicious links that make up many of these tax attacks. Likewise, it can further protect you from ransomware attacks like mentioned above. Additionally, our online Protection Score looks for weak spots in your protection and helps you shore them up, such as if discovers that your info was compromised or part of a data breach. From there, it guides you through the steps to correct the problem.
Further, consider online protection software that offers identity theft protection as well. A strong identity theft protection package offers cyber monitoring that scans the dark web to detect misuse of your personal info. With our identity protection service, we help relieve the burden of identity theft if the unfortunate happens to you with $1M coverage for lawyer fees, travel expenses, lost wages, and more.
The IRS offers steps you can take in the event you suspect fraud or theft. Their current resources include:
As mentioned above, you can get even more up to speed on the different tricks hackers are using by downloading our Guide to IRS & Tax Season Scams. It’s free, and it offers more ways you can protect your identity and information this tax season and year ‘round.
The post The IRS “Dirty Dozen” – Top Tax Season Scams to Steer Clear of This Year appeared first on McAfee Blog.
The Domain Name System has provided the fundamental service of mapping internet names to addresses from almost the earliest days of the internet’s history. Billions of internet-connected devices use DNS continuously to look up Internet Protocol addresses of the named resources they want to connect to — for instance, a website such as blog.verisign.com. Once a device has the resource’s address, it can then communicate with the resource using the internet’s routing system.
Just as ensuring that DNS is secure, stable and resilient is a priority for Verisign, so is making sure that the routing system has these characteristics. Indeed, DNS itself depends on the internet’s routing system for its communications, so routing security is vital to DNS security too.
To better understand how these challenges can be met, it’s helpful to step back and remember what the internet is: a loosely interconnected network of networks that interact with each other at a multitude of locations, often across regions or countries.
Packets of data are transmitted within and between those networks, which utilize a collection of technical standards and rules called the IP suite. Every device that connects to the internet is uniquely identified by its IP address, which can take the form of either a 32-bit IPv4 address or a 128-bit IPv6 address. Similarly, every network that connects to the internet has an Autonomous System Number, which is used by routing protocols to identify the network within the global routing system.
The primary job of the routing system is to let networks know the available paths through the internet to specific destinations. Today, the system largely relies on a decentralized and implicit trust model — a hallmark of the internet’s design. No centralized authority dictates how or where networks interconnect globally, or which networks are authorized to assert reachability for an internet destination. Instead, networks share knowledge with each other about the available paths from devices to destination: They route “by rumor.”
Under the Border Gateway Protocol, the internet’s de-facto inter-domain routing protocol, local routing policies decide where and how internet traffic flows, but each network independently applies its own policies on what actions it takes, if any, with data that connects through its network.
BGP has scaled well over the past three decades because 1) it operates in a distributed manner, 2) it has no central point of control (nor failure), and 3) each network acts autonomously. While networks may base their routing policies on an array of pricing, performance and security characteristics, ultimately BGP can use any available path to reach a destination. Often, the choice of route may depend upon personal decisions by network administrators, as well as informal assessments of technical and even individual reliability.
Two prominent types of operational and security incidents occur in the routing system today: route hijacks and route leaks. Route hijacks reroute internet traffic to an unintended destination, while route leaks propagate routing information to an unintended audience. Both types of incidents can be accidental as well as malicious.
Preventing route hijacks and route leaks requires considerable coordination in the internet community, a concept that fundamentally goes against the BGP’s design tenets of distributed action and autonomous operations. A key characteristic of BGP is that any network can potentially announce reachability for any IP addresses to the entire world. That means that any network can potentially have a detrimental effect on the global reachability of any internet destination.
Fortunately, there is a solution already receiving considerable deployment momentum, the Resource Public Key Infrastructure. RPKI provides an internet number resource certification infrastructure, analogous to the traditional PKI for websites. RPKI enables number resource allocation authorities and networks to specify Route Origin Authorizations that are cryptographically verifiable. ROAs can then be used by relying parties to confirm the routing information shared with them is from the authorized origin.
RPKI is standards-based and appears to be gaining traction in improving BGP security. But it also brings new challenges.
Specifically, RPKI creates new external and third-party dependencies that, as adoption continues, ultimately replace the traditionally autonomous operation of the routing system with a more centralized model. If too tightly coupled to the routing system, these dependencies may impact the robustness and resilience of the internet itself. Also, because RPKI relies on DNS and DNS depends on the routing system, network operators need to be careful not to introduce tightly coupled circular dependencies.
Regional Internet Registries, the organizations responsible for top-level number resource allocation, can potentially have direct operational implications on the routing system. Unlike DNS, the global RPKI as deployed does not have a single root of trust. Instead, it has multiple trust anchors, one operated by each of the RIRs. RPKI therefore brings significant new security, stability and resiliency requirements to RIRs, updating their traditional role of simply allocating ASNs and IP addresses with new operational requirements for ensuring the availability, confidentiality, integrity, and stability of this number resource certification infrastructure.
As part of improving BGP security and encouraging adoption of RPKI, the routing community started the Mutually Agreed Norms for Routing Security initiative in 2014. Supported by the Internet Society, MANRS aims to reduce the most common routing system vulnerabilities by creating a culture of collective responsibility towards the security, stability and resiliency of the global routing system. MANRS is continuing to gain traction, guiding internet operators on what they can do to make the routing system more reliable.
Routing by rumor has served the internet well, and a decade ago it may have been ideal because it avoided systemic dependencies. However, the increasingly critical role of the internet and the evolving cyberthreat landscape require a better approach for protecting routing information and preventing route leaks and route hijacks. As network operators deploy RPKI with security, stability and resiliency, the billions of internet-connected devices that use DNS to look up IP addresses can then communicate with those resources through networks that not only share routing information with one another as they’ve traditionally done, but also do something more. They’ll make sure that the routing information they share and use is secure — and route without rumor.
The post Routing Without Rumor: Securing the Internet’s Routing System appeared first on Verisign Blog.
pipe-1200
When Aussie school opened their doors this year, the lifespan of parents around the country drastically improved. The combination of homeschooling, working from home, and not going anywhere has completely drained many Aussie working parents, me included!! Many of us have been in survival mode – just focusing on the basics to get through!
Well, now we’re getting back to some sort of normal and we have a little more time to breathe, it’s time to focus on those overdue jobs and that includes doing an audit of your family’s online safety. Now, I know it might seem boring, but I promise you it’s worth the effort. So, I thought I’d share with you a checklist of what you need to do to ensure your family is as safe as possible when online. Let’s get started:
1. Passwords
Your first task is to ensure every family member has a different password for each of their online accounts. Yes, I know – that sounds completely overwhelming. But hear me out. If you have the same password for all your online accounts and you get hacked, then you could be in a world of pain – as the hacker now has access to all your online accounts!! So, this is very much worth sorting out.
Now, there are many ways of managing a long list of passwords. You could write them down in a special, secret book. You could call on your Mensa level memory and try to remember 50 plus passwords – unfortunately, that’s not me! So, let me give you the best solution – a password manager. Password Managers can both generate and remember super complex passwords that no human could even concoct. Check out McAfee’s True Key – it’s free and a complete no-brainer, my friends!
2. Software Updates
Before my life as Cybermum, I used to think software updates were a massive inconvenience. Something else to add to the never-ending list. But how wrong was I! A software update addresses security flaws or bugs in the current version of the app or program. Their goal is to protect the user. So, if you’re serious about protecting your family, these updates can’t be ignored. The easiest way to manage this is to set updates to be automatic, where possible. You can also do this with apps on your phone – for both Apple and Android devices.
3. Ensure Location Services Are Off
Most apps, networks, and devices have geotagging features which means your whereabouts can be widely communicated if your location’s services are turned on. And don’t forget that digital photos can also give away your location as they contain metadata which is information about the time, date, and GPS coordinates of where the pic was taken. So, your job here is simple – ensure all devices have geotagging turned off. And while you’re at it, ensure your kids understand why it’s critical to keep it that way! Nothing worse than pesky strangers knowing your whereabouts!
4. Security Software
Not having security software installed on your devices is no different from leaving your front door unlocked. It is essential. A top-shelf security software system will detect and shut down security attacks on your system. Many will also have a firewall that constantly filters the data that both enters and leaves your computer and will block and restrict your network from viruses and hackers. It will also keep an alert to malicious software and if detected will remove issues such as viruses, worms, and Trojans. It will also stay alert to spyware that you may unintentionally download onto your system and will block and delete it if found. See what I mean? It’s essential. Check out McAfee’s Total Protection which will give you peace of mind.
Unfortunately, there are no guarantees in life however there are definitely ways to minimize risk. Following the above 4 steps will have a significant positive impact on your family’s online safety and most importantly, means you can enjoy a little peace now the kids are back to school!
Till Next Time
Alex x
The post Kids Back To School – The Perfect Time to Audit Your Family’s Online Safety appeared first on McAfee Blog.
Editor’s Note: This is the first in a series of articles about how we can help our elder parents get the most out of digital life—the ways we can help them look after their finances and health online, along with how they can use the internet to keep connected with friends and family, all safely and simply.
Online banking is for everyone. Or at least it should be.
The benefits of online banking are many for our moms, dads, and grandparents, just as they are for us. Elder adults can deposit checks, pay bills, transfer money to and from investments, and so on, all without needing to leave home. However, our parents and the older people in our lives may face a few hurdles that are holding them back. As a son, daughter, or loved one, there are things you can do to help them clear those hurdles so they can enjoy the convenience of online banking, safely and securely.
What do some of those hurdles look like?
Meanwhile, the digital world continues to evolve apace, particularly with regard to online banking. Between 2018 and 2022, the number of people in the U.S. who use online banking steadily rose to more than 65%, and more than three-quarters of Americans used a mobile device the last time they checked their balance. And as of 2020, nearly two billion people worldwide used online banking, a number that only continues to increase.
This rise in online banking has implications for the elders in our lives. Even if they aren’t active in online banking themselves, their financial information is part of this digital mix. The banks and financial institutions where they keep their savings and funds are digitally connected and digitally accessible. At a minimum, this means that they should take steps to protect themselves and their finances. Yet the upside is here is that we can help them do much more than that—that we can actually help them take advantage of online banking and enjoy its benefits.
Depending on their comfort level, you may want to start by reviewing some basic digital literacy before diving right into online banking. As mentioned above, there’s so much about the internet that we take for granted, and the elders in your life may benefit a little 101-level introduction to the internet.
When you’re both confident that their comfort level with the internet is in the right place, you can move on to the next step—making sure mom and dad have solid online protection in place. This is square one before going online, particularly when you’re banking online. Some basic digital hygiene will help protect their banking and finances. Moreover, it will help protect the other things they do online as well.
The following quick list is a great way to make them far more secure:
That includes the operating system of their computers, smartphones, and tablets, along with the apps that are on them. Many updates include security upgrades and fixes that make it tougher for hackers to launch an attack.
Computers, smartphones, and tablets will have a way of locking them using a PIN, a password, a fingerprint, or the owner’s face. Take advantage of that protection, which is particularly important if that device is lost or stolen.
This is important should they lose their smartphone or believe it’s been stolen. Have them turn on device tracking so that they can locate their phone or even wipe its data and contents remotely if they need to. Apple provides iOS users with a step-by-step guide for remotely wiping devices, and Google offers up a guide for Android users as well.
Protecting your devices with comprehensive online protection software will defend them against the latest virus, malware, spyware and ransomware attacks plus help steer them clear of phishing attacks and malicious websites designed to steal personal and financial information. Also, make sure it offers a password manager like ours does, which can create and store strong, unique passwords for each of their accounts—alleviating the burden of mom and dad remembering them.
With all the personally identifiable information (PII) we create simply by using the internet, tracking and monitoring your PII is essential for preventing identity fraud and theft. The same is true for mom and dad. A strong identity theft protection package will offer cyber monitoring that can detect the misuse of your PII. Our identity protection service takes that protection a step further if the unfortunate happens with $1M coverage for lawyer fees, travel expenses, lost wages, and more.
With their devices and PII more secure, you can move on to the banking portion itself. While there’s so much you can do with online banking, it’s a good idea to take things one at a time. Some elders aren’t sure how to sign up for online banking with their financial institution, so you can start there. Take them through the setup process (using that strong, unique password as mentioned above) and simply get them going.
From there, they can familiarize themselves with the layout of banking site or app they’re using. A straightforward task like checking account balances is a great way to do just that. After their comfort level with the site or app tales root, you can move on to other things they can do online, like pay bills online, deposit a paper check with their phone, and review their statements for any discrepancies.
Another thing that may help put your folks at ease is to let them know you’re there to help. Questions will inevitably come up, and it’ll be a great comfort to them knowing that you’re around to lend them a quick answer as needed.
For example, let’s talk about spotting possible discrepancies in their statements. Some account entries may look a little strange because the name of a business does not always match the way it appears in a bank or credit card statement. This may lead to questions about the purchase—was it something they made? Is it a legitimate charge? These are answers you can help them track down.
Related, online banking provides our parents with a powerful tool against identity theft and fraud. By reviewing account statements closely, they can potentially spot bogus charges and purchases before they become a larger, and more costly, problem. (For a great primer on the topic, read and share this article that covers identity theft and fraud, along with steps to prevent it.)
Several different banks offer resources specifically for elder bankers. The offerings will of course vary from bank to bank, yet you may find that they have videos and information on their websites designed to make online banking easier. Likewise, they may offer special services that mom and dad may qualify for. In all, feel free to lean on their bank for assistance as needed. They’re there to help.
You can also look into independent resources as well, such as the AARP and “Ready, Set, Bank,” which both provide a wealth of videos and articles about online banking.
As kids, grandkids, and younger loved ones, there’s plenty we can do to help the elders in our lives enjoy online banking with confidence. Shoring up their security, starting them easy, and then being there to answer questions can help them clear the hurdles of familiarity and trust they face.
Just as they’ve guided you through the ins and outs of life, here’s a chance to return the favor. What’s more, it’s yet another way you can spend time together, whether in person or over a call. And that’s a good thing.
The post Helping Mom & Dad: Online Banking appeared first on McAfee Blog.
You may hear corporate cybersecurity experts hail the benefits of a VPN, or a virtual private network, to keep company information safe from ransomware attacks and cybercriminals seeking to steal valuable business secrets. It’s unlikely that everyday people, such as yourself, will be targeted by a ransomware scheme, so you may be puzzled about how a VPN can help someone like you be safer online. Luckily, with a VPN being very easy to install and use, you can indeed experience these three everyday benefits to keep your browsing activities safe from eavesdroppers seeking to profit from your online comings and goings.
The most widely known benefit of a VPN for daily use is to safeguard your device when it’s connected to a public Wi-Fi network. Coffee shops, libraries, hotels, transportation hubs, and other public places often provide courtesy internet service to visitors. Shifty characters often lurk on unprotected networks to lift personally identifiable information (PII) from people handling sensitive emails, making banking transactions, or shopping online. Public Wi-Fi eavesdroppers can lift credit card numbers, addresses, birthdays, and Social Insurance Numbers.
When you connect to public Wi-Fi that doesn’t have a lock icon, that’s a sign that you should toggle on your VPN. Also, even if you’re required to enter a password, be wary of any network you share with strangers.
A VPN can also hide your location data. How does this help you protect your browsing history? First, when you scramble your location, you’re likely to confuse ad networks trying to send you targeted ads. This will free your social media feeds and search engines from targeted ads that often are so accurate they seem like an invasion of privacy.
Second, hiding your location can protect you from cybercriminals looking to mine PII. VPNs make it impossible for criminals to discover your IP address. (The internet protocol address is what ties your device to a specific local network.) When they’re visible, criminals can trace IP addresses to reveal home addresses, full names, and phone numbers: all of which are key pieces of PII that, in the wrong hands, can jeopardize your identity.
While Canada and the European Union don’t allow ISPs (internet service providers) to even collect the browsing data of their customers, keep in mind that in some countries, like the U.S., ISPs can collect, store, share, and/or sell customer data. While advertisers are often the buyers of customer data, in the case of a breach, the more places your PII lives, the more likely it may be involved in a security incident. The goal is to limit the extent and number of places where your browsing history is stored.
VPNs can scramble your online movements to the point where not even ISPs can track it. Plus, when you log out, your device doesn’t keep a record of what you did while connected to the VPN. Incognito mode on your internet browser hides your IP address, but the websites you visit still collect cookies and store data about your online whereabouts, meaning that it’s not truly private browsing.
McAfee Safe Connect VPN encrypts your online activity to protect your data from prying eyes. With a premium paid plan, you can protect up to five devices at once with bank-grade Wi-Fi encryption. Feel more confident whenever you hop on the internet across all your connected devices with just one quick and easy step.
The post Why Everyone Needs a VPN appeared first on McAfee Blog.
Quick mental math challenge: How many Apple Watches can you buy with $118 billion dollars? If you guessed around 296 million watches congrats, you’re smarter than the writer of this blog! We had to use a calculator. The point is that’s the predicted size of the US wearable market by 2028 according to a recent report. That means for as much wearable tech as we have in our lives already, even more, is on the way.
If you own a piece of wearable tech it’s easy to understand why it’s so popular. After all, it can track our fitness, provide contextual help in daily life, and, in the case of hearing aids, even do cool things like sync with Bluetooth. As VR and AR gains a foothold who knows what other incredible tech might be headed our way by 2028? However wearable tech also comes with certain risks. The most prominent: cybercriminals potentially gaining access to your data.
The weakest link in the wearables space is your mobile phone, not the actual wearable device itself. That’s because wearables tend to link to your mobile device over a short-range wireless spectrum known as “Bluetooth.” This spectrum is used to send and receive data between your wearable device and your mobile. That makes your mobile a prime target for hackers.
Most commonly, hackers gain access to the data on your mobile through malware-laden apps. These apps are oftentimes designed to look like popular apps, but with enough differences that they don’t flag copyright suspicion.
Hackers can use these malicious apps to do a variety of things from making phone calls without your permission, sending and receiving texts, and extracting personal information—all potentially without your knowledge. They can also, with the help of your wearable, track your location through GPS and record any health issues you’ve entered into your wearable. The point is: once they have permissions to your mobile device, they have a lot of control and a lot of resources.
The hacker can then use this data to conduct varying forms of fraud. Need a special prescription from your doctor that happens to sell well on the black market? Well, so does the hacker. Going out for a jog in the morning? Good information for a burglar to know. These personal details just scratch the surface of information available for the taking on your mobile devices.
These types of threats aren’t limited to wearables, however. The Internet of Things—the phenomenon of devices connected to the Internet for analysis and optimization—encompasses all sorts of other electronic devices such as washing machines and refrigerators that can put your data at risk as well. But these life-changing devices can be secured through education and industry standards. Two things we’re working on day and night.
Of course, securing the weakest link in your wearables environment, your phone will go a long way towards keeping your data safe. But what happens when your computer, where you store backups of your smartphone, is compromised too? We’ve got you covered with McAfee LiveSafe service, our comprehensive security solution that provides protection for your entire online life.
The post The Wearable Future Is Hackable. Here’s What You Need To Know appeared first on McAfee Blog.
We’re excited to bring you the latest edition of the McAfee 2022 Consumer Mobile Threat Report. After all, when you know the challenges you face, it’s easier to be confident online. In this blog, we’ll take a closer look at some leading examples of techniques that cybercriminals are using to trick or defraud you via your mobile phone. These examples are some of the more sophisticated attacks, using real logos, quality graphics, and personalized messages. We hope this provides a useful resource for protecting your digital life, mobile devices, and personal information so that you can enjoy a safe life online with your family.
Cybercriminals are upping their game, using personal information and high-quality graphics to make their malware look like legitimate apps or official messages. Because these attacks are successful at defrauding significant numbers of mobile users out of their money and information, more criminals will jump on this approach or expand their malicious campaigns. Let’s take a look at some of the different techniques being used by scammers to fool mobile users.
Mobile smishing (aka phishing text messages) are attacks using personalized greetings in text messages that pretend to be from legitimate organizations to appear more credible. These messages often link to websites with authentic logos, icons, and other graphics, prompting the user to enter personal information or download an app. Users should be extra careful about text messages from unknown sources and should go directly to the organization’s website to validate requests.
Cheating tools and hacking apps are popular ways to get extra capabilities in mobile games. Criminals are exploiting this by promoting game hacking apps that include malicious code on legitimate messaging channels. If installed, the malware steals account credentials for social media and gaming accounts. Gamers should use caution when installing game hacks, especially if they request superuser permissions.
Cryptocurrencies are providing new opportunities for mobile device attacks. The latest ploy is phony apps that promise to mine coins in the cloud for a monthly fee. Fake reviews and a low cost make them sound too good to be true—and they are. These apps just take the money without doing any coin mining. With no actual malicious code, these apps are hard to detect, so users should be suspicious of being promised hundreds or thousands of dollars of crypto coins for just a few dollars a month.
Another attack uses a variety of fake apps with slick graphics to trick users into premium subscriptions. Hundreds of these apps promise features such as mobile games or photo editing and are supported by plenty of fake five-star reviews. When installed, the apps ask for the user’s phone number and verification PIN and use them to sign up for premium text services that direct payments to the criminals. Users should read reviews looking for vague statements, repetitive wording, and a mix of five-star and one-star ratings. For a deeper dive into the scams, be sure to view full report.
While threat tactics continue to change as criminals adapt and respond to detection and enforcement techniques, there are a few steps users should take to limit their exposure and risk.
While some malicious apps do make it through the app store screening process, most of the attack downloads appear to be coming from social media, fake ads, and other unofficial app sources. Before downloading something to your phone, do some quick research about the source and developer. Many of these scams have been flagged by other people.
Many malicious apps get the access they need by asking the user to grant them permission to use unrelated privileges and settings. When installing a new app, take a few moments to read these requests and deny any that seem unnecessary, especially for superuser access and accessibility services.
Developers are actively working to identify and address security issues. Both operating systems and apps should be frequently updated so that they have the latest fixes and security protections.
Cybercriminals often flood their Google Play apps with fake five-star reviews. Many fake or malicious apps only have a mix of five-star and one-star reviews. The five-star ones typically have vague statements and repetitive wording, giving clues that they are submitted by bots. Compare them to the one-star reviews for insight on the app’s real capabilities.
Devices that are behaving unusually may just have a basic tech issue but it can also be a sign of being hacked. Follow up when something is not quite right, check recent changes or contact tech support from the mobile device vendor or security software provider.
Comprehensive security software across all devices, whether they are computers, tablets, or smartphones, continues to be a strong defensive measure to protect your data and privacy from cyber threats.
We hope this report helps you stay on the lookout for these and other mobile threats so you can safely and confidently enjoy your life online.
The post McAfee 2022 Consumer Mobile Threat Report appeared first on McAfee Blog.
While our tweens and tweens seem to grow into adults right before our eyes, their mobile usage matures into adulthood as well—and in many ways, we don’t see.
Girls and boys hit their mobile stride right about the same point in life, at age 15 where their mobile usage jumps significantly and reaches a level that they carry into adulthood, which is one of the several findings we uncovered in our global survey of parents, tweens, and teens this year.
So, what are tweens and teens up to on their mobile devices as they mature? And where do their parents fit in? We asked parents and kids alike. What we found gives us a look into the mobile lives of tweens and teens behind their lock screens.
For starters, parents and their kids alike say that their mobile device is the most important one in their life. Parents placed mobile in their top two with their mobile device or smartphone at 59% followed their computer or laptop at 42%. Tweens and teens put their mobile device or smartphone at the top of the list as well, yet at a decisive 74% worldwide, followed by their gaming console at 68%.
“Parents and their kids alike say that their mobile device is the most important thing in their life.”
Further, tweens and teens place a higher value on their smartphones to keep them connected with friends and family. Some 59% of parents said mobile was essential in this role, whereas tweens and teens put that figure at 64%. For parents, the runner-up device for keeping connected was the computer or laptop at 42%.
Yet quite interestingly, tweens and teens said their second-most important device for keeping connected with others is their gaming console, at 40%, perhaps indicating gaming’s role in creating and fostering friendships today. Of course, plenty of that gaming is happening on mobile as well, with half of all tweens and teens surveyed worldwide saying that they play games on their smartphones.
Broadly speaking, the activities kids do on their phones match up closely with what their parents think they’re doing on their phones. Yet there’s a fair share of secretive activity that happens within that.
Regarding general activity, parents and their tween- and teen-aged children worldwide see eye to eye when it comes to what parents think are their kids’ favorite activities on mobile are and what kids say they actually are:
However, and perhaps unsurprisingly, tweens and teens say they’ve kept some the things they’re watching, browsing, and streaming from their parents. When asked if they sometimes hide specific online activity from their parents, 59% of tweens and teens worldwide said they have done so in some form or other, including:
Worldwide, monitoring apps rank relatively low when it comes to parents keeping tabs on their children’s mobile usage. Use of parental controls software on smartphones came in at a 27% global average, with India (37%) and France (33%) leading the way, while Japan fell on the low end (12%).
Largely, parents appear to take up this work themselves, citing several other ways they take charge of their children’s time online:
Consistent with other research we recently gathered, families are relying on mobile more and more, yet this hasn’t seen an increase in mobile protection for the smartphones they count on.
Our research published in early 2011 found double-digit increases in mobile activities such as online banking, shopping, finances, and doctor visits, all of which can generate high-value data that are attractive to hackers and cybercriminals. Despite this newfound reliance on mobile, many smartphones worldwide remain unprotected. Children’s phones are less protected than their parents’ phones as well.
Taken together, these security lapses can lead to downloaded malware, data and identity theft, illicit crypto mining apps on the device, and other attacks that can put children and families at risk. For a deeper dive, you can view the full report.
Misconceptions about online protection may play a role in these lax measures. This survey found that 49% of parents think a new phone is more secure than a new computer, and 59% of tweens and teens thought the new phone was more secure—both denying the reality that smartphones, and the people using them, are subject to hacks and attacks just like with any other device that connects to the internet.
Amid this climate, more than 1/3 of families reported that a child in their household had been the victim of a financial information leak and 15% stated that there’d been an attempt to steal a child’s online account or identity. With smartphones providing children with a major onramp to the internet, it follows that stronger mobile security could help prevent such attacks from happening.
Protecting mobile devices and the family members who count on them takes on further importance when we consider that children in some nations rely heavily on their smartphones for online learning.
Although using mobile for online learning was relatively low globally at 23%, parents and children in three nations reported a high rate of attending classes and courses on mobile—with India at 54%, Mexico at 42%, and Brazil at 39%, once again posing the possibility that mobile offers many children the most reliable broadband connection required for such instruction. In other words, there are households where broadband comes by way of mobile, rather than a cable or fiber connection.
Meanwhile, other nations saw significantly lower figures for online learning on mobile, such as Germany at 7%, France at 8%, and Japan at 11%. The U.S., Canada, and the UK all reported rates of 17%.
“With smartphones providing children as a major onramp to the internet, it follows that stronger mobile security could prevent such attacks from happening”
Something we’ve yet to mention here is how much online shopping and banking kids are doing on their mobile devices. No question, tweens and teens are doing those things too at a global rate of 25% and 12% across all age groups respectively. Not surprisingly, those numbers climb as teens approach adulthood. This serves as a reminder that our children are maturing hand-in-hand with their smartphones, which asks a few things of us as parents as they grow and adjust to their mobile world.
As with all things parenting, there are moments of where you have a sense of what’s right for you and your child, yet you’re uncertain how to act on it. That’s definitely the case with smartphones and the internet in general. Despite having grown up alongside the internet over the course of our adult lives, we can still have plenty of questions. New ones. Old ones. Ones we weren’t even aware of until they cropped up.
With that, we’re glad you’re dropping by our blog. And you’re more than invited to visit whenever you can. A big focus of ours is providing you, as a parent, with resources that answer your questions, in addition to articles about online protection in general that simply make for good reading. Our aim is to help you think about what’s best for your family and give you some ideas about how you can see that through, particularly as our children grow in this mobile world of ours.
The post A Look Beyond Their Lock Screens: The Mobile Activity of Tweens and Teens appeared first on McAfee Blog.
Have you ever been online and replied to a comment or post? Maybe it was on Reddit or on an influencer’s Instagram. Did other people reply to you, and were any of them unexpectedly hostile? When you’re online, a little hostility is sadly par for the course, but most people brush it off and move on to enjoy other aspects of life online. But what would you do if that unpleasant interaction went much farther than was reasonable? What if one day you discovered the most important parts of your identity had been maliciously and intentionally revealed online? Let’s talk about doxxing – what it is and how you can avoid becoming a victim of this kind of harassment.
Doxxing, derived from the hacker term “dropping docs”, is internet slang for revealing someone’s identity online for the purposes of harassing them. It usually goes way beyond simply revealing someone’s email address or name and may involve personal information like a home address or workplace, SSN, financial information, phone number, pictures, texts, IP address, and other important details. The tricky thing about doxxing is that aspects of it may not be a crime, depending on what you’ve made publicly available online. However, the context in which doxxing occurs is crucial. Often it’s the first step taken to incite more severe harassment. For instance, the doxxer may not plan on taking action against their target but instead hope that someone else does. When put up against a recent Pew Research report showing that 41% of U.S. web users experience harassment in some form, it’s clear that Doxxing is a dangerous trend online.
Doxxing is a problem that’s grown in scope simply because there’s so much more data about us being kept online. Third-party services, called data brokers, capture our account info, the sites we visit, how long we spent on them, and other kinds of metadata to create profiles they then resell to advertisers. If someone gets access to these troves of data, they can reveal extremely damaging information about an individual, or data that allows a person to be damaged. For instance, with a phone number and a current address, some criminals were able to call in SWAT teams on innocent individuals. Political dissidents are often doxxed by the governments their protesting against. And on a lighter note, the adult website Ashley Madison, which promotes extramarital affairs, had their members’ data leaked online, to the embarrassment of a few public figures.
The response should be very similar to the one you’d take if your wallet was stolen. Move fast, stem the loss, and begin remediation as soon as possible. Here are some broad steps that can be taken.
Of course, not being doxxed in the first place is the ultimate goal of a proactive online protection plan. Here’s what we recommend:
Identity theft protection services help protect your data, monitor your online accounts like emails, SSNs, and more. In addition to online monitoring, they should also offer insurance and even theft remediation if the worst should occur.
Before you tag your location, friends, or workplace in a photo think about who has access to this information. What’s gained or lost by sharing all that info? Also, security questions for your accounts should not use the name of your pet or your first-born child if you have posted those on Facebook.
Public Wi-Fi networks at coffee shops and airports may not be secure against hackers and snooping. That’s why we recommend using a VPN whenever you’re connected online. This powerful tool hides your activity and location whenever you’re online on an unsecured network.
Googling yourself is a great way to see if anyone is using your online identity in bad ways.
Social networks allow you to control who can see your data. Usually, with a few clicks, you can restrict what you show online to a great degree. For instance, makes your payments viewable to other users as a default, but can easily be changed to hide them from the public.
Using long, complex, unique passwords for every account is convenient and maybe the best way to prevent your information from being stolen. Yes, we said convenient because with a password manager you only need to remember one key to create and manage much longer ones for all your most important accounts.
The reality is that the more we live online, the more our identities will too. This does not mean we need to live a restricted life online. In fact, using comprehensive online protection, which features most of the tools above, we can remain free to enjoy life on our terms. Doxxing is something to be aware of, but with great protection, it’s far from anything we need to be worried about as we make the most of our lives online.
The post Doxxing, The Internet, and How You Can Lock Down Your Data appeared first on McAfee Blog.
Companies continue to accelerate their digital transformation and hybrid work strategies with security remaining top of mind. For a growing number of enterprises, the solution has been the deployment of a Security Service Edge (SSE). Introduced as a market category by Gartner, per our view we believe SSE is the consolidation of Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), and Zero Trust Network Access (ZTNA) within a single, cloud-delivered solution for securing access to web, cloud, and private applications from any corner of the world, mitigating user and cloud threats, and protecting sensitive cloud data at rest, in transit, or in use.
Recognizing the significant role SSE is filling in cybersecurity, Gartner® has published its first ever Magic Quadrant report for SSE. We are honored to announce that the McAfee Enterprise SSE Portfolio has been recognized as a Leader for its solution MVISION Unified Cloud Edge (UCE) in the report, positioned rightmost for “Completeness of Vision.” Our cloud-native platform is architected for the SSE market and boasts a next-gen SWG, and the industry’s first data-aware ZTNA solution, empowering our customers in their cloud and network transformations. It was also recognized as a Leader for Gartner Magic Quadrant for Cloud Access Security Brokers Leader for four successive years 2017–2020.
2022 Gartner Magic Quadrant for Security Service Edge (Source: Gartner)
In 2021, McAfee Enterprise SSE made several updates and additions to its MVISION UCE solution, strengthening its position as an industry expert, including:
As a companion report to the Magic Quadrant, Gartner has also published its Critical Capabilities report for SSE, which shares deep insights into the product capabilities of each vendor based on a specific set of use cases. The below use cases are included in this year’s SSE Critical Capabilities Report:
MVISION UCE received the highest score across all four use cases, paving way for the SSE market in features and functionality. We believe our rich heritage in DLP, strong CSPM/SSPM, and deep usage of the MITRE ATT&CK framework have been the key contributors towards our #1 position across use cases in the Critical Capabilities report.
We are extremely proud of the recognition for our vision and product innovation. Our singular goal is to build a more secure world. To learn more about how Gartner assessed the market and the MVISION UCE solution, download your copy of the report here.
You can also join our webinar on March 9, 2022, for a deep dive into why McAfee Enterprise SSE is a Leader in the 2022 Gartner Magic Quadrant for SSE.
Click here for a free demo of the MVISION UCE solution.
Gee Rittenhouse
CEO, McAfee Enterprise SSE Portfolio
Gartner Disclaimer: Gartner does not endorse any vendor, product or service depicted in our research publications, and does not advise technology users to select only those vendors with the highest ratings. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from McAfee.
Gartner and Magic Quadrant are registered trademarks of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.
Gartner “Magic Quadrant for Security Service Edge” (SSE), John Watts, Craig Lawson, Charlie Winckless, Aaron McQuaid, 15 February 2022
Gartner “Critical capabilities for Security Service Edge” (SSE), John Watts, Craig Lawson, Charlie Winckless, Aaron McQuaid, 15 February 2022
As of 28, January 2022, McAfee Enterprise is now the McAfee Enterprise SSE Portfolio.
The post McAfee Enterprise SSE: Named a Leader In 2022 Gartner Magic Quadrant for SSE appeared first on McAfee Blog.
Cryptocurrency has boomed in the last several years, with beginners and experts alike jumping into the industry. It’s proven now to be more than a passing hobby or trend. Cryptocurrency is a way of conducting business and making money for people around the world.
As the intrigue and interaction with crypto grows, cybercriminals are finding new ways to exploit the system. According to CNBC, a recent crypto hack resulted in the loss of over $320 million across two major blockchain networks. Here’s what you need to know about this latest breach, plus some tips on how you can protect your crypto assets.
There’s more than one kind of cryptocurrency, and many users spread out their investments across various currencies and blockchain ecosystems. To link their activities, some crypto users employ a type of bridging software that can easily connect their different accounts. Wormhole is a popular bridge that allows users to freely move their tokens and NFTs between the Solana and Ethereum blockchains.
In this recent crypto hack, a cybercriminal installed a bug that minted 120,000 fake currency on the Solana side of the Wormhole bridge. Then, the criminal transferred 120,000 counterfeit currency to the Ethereum side to claim Ethereum tokens. This resulted in the hacker gaining at least $251 million worth of Ethereum, nearly $47 million in Solana, and upwards of $4 million in USDC, a third type of cryptocurrency.
The Wormhole team offered the hacker $10 million to return the stolen currency and explain how they executed the hack. Wormhole has since tweeted that they’ve restored all stolen funds and that the system is now back to normal. Experts think they have successfully reverse-engineered the exploit and suspect that the attacker gained access through bypassing the verify signature process.
As cryptocurrencies continue to take the world by storm, it’s key that users learn how to engage with this emerging industry safely. Even though the Wormhole breach affected the crypto platforms and not individual users, this incident is a reminder to be diligent about your crypto safety. Check out these tips to help you protect your crypto investments:
Like with any process that involves investing your own, hard-earned money, you should be diligent about researching every cryptocurrency, blockchain, and accompanying software you use. Never trust your money to a product or service that you’re not completely confident in their security protocols. Keep up with national and world news and crypto-specific news outlets to stay on top of the latest security breaches and to gather tips on which system may be the safest option for you. When jumping into cryptocurrency, make sure that any benefits outweigh the risks.
As with all your online accounts, protect your cryptocurrency logins with secure, unique passwords and two-factor authentication. Never reuse passwords, since it’s possible for wily cybercriminals to buy lists of login and password combinations on the dark web. Two-factor authentication often makes it impossible for anyone to break into your account, as it requires a randomly generated passcode for entry. Passcodes are often sent by text or through a smartphone application. Sometimes it’s difficult to remember all your passwords, so consider trusting them to a password manager, such as McAfee True Key. An online account locked behind a secure password and two-factor authentication will likely frustrate a cybercriminal and cause them to move along, keeping your account safe.
Add an extra layer of protection to your crypto assets with a hardware wallet. A hardware wallet stores private keys that are necessary to unlock your blockchain accounts. This device is compatible with various blockchains and helps back up and protect your investments, even if your device is compromised by malware or a phishing attack. Hardware wallets are often protected by PINs and a passphrase, so even if the device is lost or stolen, you can feel confident in the safety of your crypto accounts.
Make it part of your weekly routine to check in on your crypto account to ensure that there are no suspicious transactions. Keep the pulse on the news, so that whenever there’s a breach, you can make a timely report of any losses you may have experienced. Also, consider changing your login credentials to be on the safe side.
The only way to enjoy your cryptocurrency experience is to be confident in it. While the Wormhole loophole was almost impossible for a casual everyday user to predict, as long as you have a contingency plan and safeguards in place, you can be confident in your crypto activities.
The post Latest Crypto Vulnerability Leaks $320 Million: 3 Tips to Boost Your Crypto Confidence appeared first on McAfee Blog.
There’s millions of dollars to be made in social media. For scammers.
New data from the U.S. Federal Trade Commission (FTC) suggests that Americans lost nearly three-quarters of a billion dollars to social media fraud in 2021, signaling that social media may be the most profitable method of scamming victims—marking an 18-fold increase over 2017.
And that’s just cases of reported fraud.
Of the roughly 95,000 cases tallied in 2021, the actual number of reports and losses are arguably much higher because fraud victims infrequently report these crimes to the FTC or other agencies. Likewise, few take advantage of the FTC’s resources for recovering from fraud. Instead, they’ll share the sad news with family or friends if anyone at all.
Despite the rise of these online crimes, there are several things you can do to increase your awareness of social media fraud—what it looks like and how it’s pulled off—along with other ways you can prevent scammers from targeting you and the ones you care about.
Several types of social media fraud abound, yet the FTC reports that three types of scams prevail:
These often involve bogus sites that promote opportunities to mine or invest in cryptocurrencies. Rather than use these sites to trade in legitimate cryptocurrencies, scammers use these as a front to collect funds. The funds are never invested and never returned. Thanks to social media, scammers have a quick and easy way to drive victims to such bogus sites.
By starting up a chat through an unexpected friend request or a message that comes out of the blue, a scammer develops a budding romantic relationship with a victim—and eventually starts asking for money. Public social media profiles are particularly attractive to scammers because they’re loaded with information that scammers can use to win a victim’s confidence or heart.
Using ads on social media, scammers drive victims to phony online stores that will take people’s money but that don’t deliver the goods. They’re simply a way for scammers to harvest cash from unsuspecting shoppers. These sites may impersonate reputable brands and stores or they may sell bogus products altogether. Either way, victims pay and receive nothing in return.
Together, these three types of scams accounted for the overwhelming majority of losses and reports of social media fraud, which are broken down in detail as follows:
As illustrated, investment and romance scams may get reported less frequently, yet they are among the costliest scams going on social media. Meanwhile, online shopping scams on social media are far more common yet rake in fewer dollars overall.
For one, reach. Nearly half of the global population uses social media today. That translates into billions of people who can be made into potential victims. Secondly, social media provides the tools to reach those people through the otherwise legitimate services and features available to the people and businesses that use social media to connect.
In the case of investment and shopping scammers, the ad platforms are of particular use. For romance scammers, direct messaging and profile pages are potential avenues for fraud.
Scammers use the highly targeted ad platform that social media companies use to generate revenue. With millions of detailed user profiles in their data stores, social media companies put that data to work in their ad platforms allow businesses to create ads designed to reach specific age groups, hobbies and interests, past purchases, and so on. Just as easily, a scammer can use the same tools to cook up bogus ads for their bogus products, services, and sites at a relatively low cost.
For example, a scammer could target older females with an interest in investing. From there, the scammer could narrow down that target profile to those who live in areas of the country with a desired average income level, and who have shown interest in investment products before. The scammers would create an ad that takes them to phony website designed to entice that target group into purchasing a bogus product, service, or crypto. The FTC reports that the median loss for an online shopping scam in 2021 was $118, while online investment scams on social media racked up a median loss of $1,800 per victim. These stats make a strong case for sticking to reputable and established retailers and accredited financial services.
In the case of romance scammers on social media, the posts and personal profiles that form the heart of social media offer con artists a treasure trove. With a potential victim’s life a relatively open book, full of birthdays, events, interests, and activities for all to see, scammers have the hooks they need to form a phony romantic relationship online—or at least make the attempt at one.
For example, a scammer reaches out to a potential victim with a friend request. With the profile and posts this romance scammer has at hand, they can spin all manner of intriguing, yet utterly false tales designed to gain the victim’s trust. With that trust established, they can follow up with a similarly intriguing story about needing “a little help” to cover some “unexpected expenses,” often in the form of a gift card or reloadable debit card—sometimes stringing out a series of requests over time. According to the FTC, the median loss for this type of romance scam in 2021 was around $2,000 per victim.
People worldwide spend an average of 145 minutes a day on social media. And with users in the U.S. spending just over two hours on social media a day, that’s a great deal of potential exposure to scams.
Yet, whether you’re using Facebook, Instagram, TikTok, or whatnot, here are several things you can do that can help keep you safe and secure out there:
Passwords mark square one in your protection, with strong and unique passwords across all your accounts forming primary line of defense. Yet with all the accounts we have floating around, juggling dozens of strong and unique passwords can feel like a task—thus the temptation to use (and re-use) simpler passwords. Hackers love this because one password can be the key to several accounts. Instead, try a password manager that can create those passwords for you and safely store them as well. Comprehensive security software will include one.
Social media platforms like Facebook, Instagram, and others give you the option of making your profile and posts visible to friends only. Choosing this setting keeps the broader internet from seeing what you’re doing, saying, and posting, which can help protect your privacy and give a possible scammer much less material to work with.
Be critical of the invitations you receive. Out-and-out strangers could be more than just a stranger, they could be a fake account designed to gather information on users for purposes of fraud. There are plenty of fake accounts too. In fact, in Q3 of 2021 alone, Facebook took action on 1.8 billion fake accounts. Reject such requests.
We’re increasingly accustomed to the warnings about phishing emails, yet phishing attacks happen plenty on social media. The same rules apply. Don’t follow any links you get from strangers by way of instant or direct messages. And keep your personal information close. Don’t pass out your email, address, or other info as well. Even those so-called “quiz” posts and websites can be ruses designed to steal bits and pieces of personal info that can be used as the basis of an attack.
When you’re purchasing online, do some quick research on the company. How long have they been around? Have any complaints been recorded by your attorney general or local consumer protection agency? When you meet someone new, do a reverse image search on their profile pic to see where else it appears. Look up their name in search as well. If the results you find don’t match up with the person’s story, it may be a sign of a scam.
Online protection software can protect you from clicking on malicious links while on social media while steering you clear of other threats like viruses, ransomware, and phishing attacks. It can look out for you as well, by protecting your privacy and monitoring your email, SSN, bank accounts, credit cards, and other personal information. With identity theft a rather commonplace occurrence today, security software is really a must. Additionally, our online protection software can also provide you with an online Protection Score that shows you just how safe you are. From there, it calls out any weak spots and then walks you through the steps to shore it up with personalized guidance.
It’s unfortunate seeing a resource we’ve come to know and love over the past years get taken advantage of this way. Yet taking the steps outlined above can go a long way to prevent it from happening to you or someone you love.
One important note is to strongly consider filing a report if you believe you’ve been a victim of a social media scam. While some of the scammers behind these crimes are small-time operators, there are larger, almost business-like operations that conduct these crimes on a broader and sometimes international scale. So whether filing a report will help you recover some or all your losses, it can provide information to businesses and agencies that can help keep it from happening to others.
For more on online theft and fraud, and how you can spot and report it, check out our article on the topic. Doing so may help you, and someone else as well.
The post The Gold Rush of Fraud: Why Scammers Have Flocked to Social Media appeared first on McAfee Blog.
For years now, the popularity of online dating has been on the rise—and so have the number of online romance scams that leave people with broken hearts and empty wallets.
According to the U.S. Federal Trade Commission (FTC), the reported costs of online romance scams jumped 50% from 2019 to 2020, to the tune of $304 million. And that’s not entirely because 2020 was a pandemic year. From 2016 to 2020, the volume of reported cases tripled, while reported losses nearly quadrupled. Over that period, online romance scams are not only becoming more common, but they’re also becoming more costly.
Dating and romance scams aren’t limited to online dating apps and sites, they’ll happen on social media and in online games as well. However, the FTC reports that the scam usually starts the same way, typically through an unexpected friend request or a message that comes out of the blue.
With that initial introduction made, a chat begins, and a friendship (or more) blossoms from there. Along the way, the scammer will often rely on a mix of somewhat exotic yet believable storytelling to lure the victim in, often involving their job and where they’re working. Reports say that scammers will talk of being workers on an offshore oil rig, members of the military stationed overseas, doctors working with an international organization, or working in the sort of jobs that would prevent them from otherwise easily meeting up in person.
With the phony relationship established, the scammer starts asking for money. The FTC reports that they’ll ask for money for several bogus reasons, usually revolving around some sort of hardship where they need a “little help” so that they can pay:
The list goes on, yet that’s the general gist. Scammers often employ a story with an intriguing complication that seems just reasonable enough, one where the romance scammer makes it sound like they could really use the victim’s financial help.
People who have filed fraud reports say they’ve paid their scammer in a few typical ways.
One is by wiring money, often through a wire transfer company. The benefit of this route, for the scammer anyway, is that this is as good as forking over cash. Once it’s gone, it’s gone. The victim lacks the protections they have with other payment forms, such as a credit card that allows the holder to cancel or contest a charge.
Another way is through gift cards. Scammers of all stripes, not just romance scammers, like these because they effectively work like cash, whether it’s a gift card for a major online retailer or a chain of brick-and-mortar stores. Like a wire transfer, once that gift card is handed over, the money on it is highly difficult to recover, if at all.
One more common payment is through reloadable debit cards. A scammer may make an initial request for such a card and then make several follow-on requests to load it up again.
In all, a romance scammer will typically look for the easiest payment method that’s the most difficult to contest or reimburse, leaving the victim in a financial lurch once the scam ends.
When it comes to meeting new people online, the FTC suggests the following:
Scammers, although arguably heartless, are still human. They make mistakes. The stories they concoct are just that. Stories. They may jumble their details, get their times and dates all wrong, or simply get caught in an apparent lie. Also, keep in mind that some scammers may be working with several victims at once, which is yet another opportunity for them to get confused and slip up.
As mentioned above, some romance scammers troll social media and reach out through a direct message or friend request. With that, there are three things you can do to cut down your chances of getting caught up with a scammer:
Social media platforms like Facebook, Instagram, and others give you the option of making your profile and posts visible to friends only. Choosing this setting keeps the broader internet from seeing what you’re doing, saying, and posting, which can help protect your privacy and give a romance scammer less information to exploit.
Be critical of the invitations you receive. Out-and-out strangers could be more than a romance scammer, they could be a fake account designed to gather information on users for purposes of cybercrime, or they can be an account designed to spread false information. There are plenty of them too. In fact, in Q3 of 2021 alone, Facebook took action on 1.8 billion fake accounts. Reject such requests.
Security software can protect you from clicking on malicious links that a scammer may send you online, while also steering you clear of other threats like viruses, ransomware, and phishing attacks in general. It can look out for your personal information as well, by protecting your privacy and monitoring your email, SSN, bank accounts, credit cards, and other info that a scammer or identity thief may put to use. With identity theft a rather commonplace occurrence today, security software is really a must.
If you suspect that you’re being scammed, put an end to the relationship and report it, as difficult as that may feel.
Notify the FTC at ReportFraud.ftc.gov for support and next steps to help you recover financially as much as possible. Likewise, notify the social media site, app, or service where the scam occurred as well. In some cases, you may want to file a police report, which we cover in our broader article on identity theft and fraud.
If you sent funds via a gift card, the FTC suggests filing a claim with the company as soon as possible. They offer further advice on filing a claim here, along with a list of contact numbers for gift card brands that scammers commonly use.
Lastly, go easy on yourself. If you find yourself a victim of online dating or romance fraud, know that you won’t be the first or last person to be taken advantage of this way. By reporting your case, you in fact may help others from falling victim too.
The post Phony Valentines: Online Dating Scams and How to Spot Them appeared first on McAfee Blog.
The convenience of tapping your phone at the cash register instead of fumbling for loose change in your physical wallet is undeniable. Nearly 40% of Canadians used their mobile wallets more often in 2020 because of the perceived safety of contactless payment, according to one report.1 While digital wallets and tap to pay is becoming more widespread, you may wonder: what exactly is a digital wallet? Are they safe?
A digital wallet, also known as a mobile wallet, is a smartphone app that stores your payment information and enables tap to pay at most point-of-sale terminals. A digital wallet is perfectly safe, as long as you guard your smartphone just as closely as you would your physical wallet.
Here’s why you should secure your digital wallet and three tips to help you do so.
Think about what you store in your physical wallet: credit cards, debit cards, driver’s license, library cards, gift cards, cash. Now, imagine (or if you’ve been unlucky enough to lose your wallet in the past, think back to) the hassle that would ensue if someone stole your wallet or you misplaced it. Not only do you have to cancel your cards, notify your various banks, and wait for replacements, but the niggling worry that a stranger has access to your personally identifiable information (PII) will likely keep you up at night.
Just like you store your wallet in your front pocket when about town and check your seat before leaving a taxi or a plane, look after your smartphone just as closely. Unlike a physical wallet, whose absence is noticed quickly, a digital wallet may be compromised by a cyber pickpocket without you knowing for a while. For example, the BBC reported that researchers found a potential shortcoming in Apple Pay’s Express Transit mode where cyber pickpockets could remotely access mobile wallets.2 Luckily, the researchers’ experiment is unlikely to occur in the real world, but it’s a reminder to everyone to check their monthly bank statements for suspicious transactions. Cybercriminals get smarter and bolder by the day, so it’s not unlikely that they’ll find and exploit a digital wallet shortcoming in the future.
Follow these tips to help you use your digital wallet more confidently.
Always protect your digital wallet with a passcode! This is the best and easiest way to deter cybercriminals. It’s best if this combination of numbers is different than the passcode to your phone. Also, make sure the numbers are random. Birthdays, anniversaries, house addresses, and the last digits of your phone number are all popular combinations and are crackable codes to a resourceful criminal.
Better yet, if your mobile wallet app allows you to protect your account with facial recognition or a fingerprint scan, set it up! If your digital wallet proves difficult or impossible to enter, a cybercriminal may leave it for an easier target, keeping your PII safe.
Another way to secure your digital wallet is to make sure you always download the latest software updates. Developers are constantly finding and patching security holes, so the most up-to-date software is often the most secure. Turn on automatic updates to ensure you never miss a new release.
Before you swap your plastic cards for digital payment methods, make sure you research the digital banking app before downloading. Make sure that any app you download is through the official Apple or Android store or the financial institution’s official website. Then, check out how many downloads and reviews the app has to make sure you’re downloading an official app and not an imposter. While most of the apps on official stores are legitimate, it’s always best practice to check for typos, blurry logos, and unprofessional app descriptions to make sure.
The digital era is an exciting time to make the most of the conveniences technology affords; however, constant vigilance is key to keeping your finances and PII private. Whether you’re looking for additional peace of mind or have lost your wallet, consider signing up for an identity monitoring service like McAfee identity protection. McAfee will monitor your email addresses and bank accounts and alert you to suspicious activities up to 10 months sooner than similar services. Are you curious about how secure your current online habits are? Check your Security Protection Score today and see what steps you can take to live more confidently online.
1Canadian Payment Methods and Trends Report 2021
The post How to Secure Your Digital Wallet appeared first on McAfee Blog.
Let’s face it – we would not be the same people we are today if it wasn’t for the internet. The internet has opened our eyes to so much information that we are privileged to have right at our fingertips. However, it’s important to remember that with so many individuals with access to the web, it can quickly become a place where rumors are spread, cyberattacks are cast, and misinformation arises. At McAfee, we are committed to protecting both you and your family. Together, through education and online protection, we can work together to experience a better internet for everyone. On this Safer Internet Day, here are our top 5 recommendations:
With a connected family, it’s important to pay attention to what your family members are connected to (IoT devices in the home, smartphones, tablets, etc.) and how they interact online. Maybe your son is an avid gamer, or your teenager is a social media mogul who enjoys tweeting and scrolling through TikTok. As a parent, you play a crucial role in setting an example for your children and loved ones. So, it’s important to teach them how to use the internet responsibly. Here are some tips for helping your family stay safe online:
In a time when students are reliant on connectivity to be successful in their education, it’s important that they connect to the internet safely. Ensuring a safe connection can prevent any security hiccups from standing in the way of you and your degree. If you are a college student, follow these tips to help you stay safe in a hybrid or distance learning environment:
Regardless of your industry, you are likely to rely on the internet to do your job. Restaurant workers use online POS systems, bank tellers require access to their customers’ online accounts – the list goes on. With so much of your day spent online, it’s important to keep internet safety best practices top of mind so you can continue to work free from potential cyber interruptions. No matter what career path you are on, following these tips can help you stay safe online and continue to do your job with confidence:
If you can dream it, you can stream it. With so much media at your fingertips, it’s important to remember that cybercriminals tend to focus their threats on trending consumer behaviors. For example, cybercriminals will tend to focus their scams on popular TV shows or movies in the hopes that an unsuspecting user will click on their malicious download. Because streaming has become so popular in recent years, consumers should prioritize the safety of their online streaming platforms like Spotify, Netflix, Hulu, etc. Here are some ways to stay protected while streaming:
As technology has become more advanced, we’ve become accustomed to the many benefits that come with taking our devices with us everywhere we go. For example, we can deposit checks from home with our mobile banking apps and can use vehicle location services on our phones to remind us where we parked. Here’s how you can stay protected while on-the-go:
“There’s no doubt the internet has brought so many benefits to our daily life,” says Alex Merton-McCann, McAfee’s Cyber Safety Ambassador. “I honestly can’t imagine life without it! But in order for us all to continue benefiting from its many pluses, we all have a responsibility to make it a safe and enjoyable place. So, let’s #playitfaironline and commit to being respectful and kind towards each other online to ensure life online is safe and enjoyable for us all!”
Check out #SaferInternetDay and #SID2022 hashtags on social media to be a part of the conversation.
The post How We Can All Work Together For a Better Internet appeared first on McAfee Blog.
apple-1200
Smartphones have become such an integral part of our lives that it’s hard to imagine a time when we didn’t have them. We carry so much of our lives on our devices, from our social media accounts and photos of our pets to our banking information and home addresses. Whether it be just for fun or for occupational purposes, so much of our time and attention is spent on our smartphones.
Because our mobile devices carry so much valuable information, it’s important that we stay educated on the latest cyber schemes so we can be prepared to combat them and keep our data safe. According to Bleeping Computer, researchers have developed a trojan proof of concept tool that fakes a shutdown or reboot of iPhones, preventing malware from being removed and allowing hackers to secretly snoop on microphones and cameras.
Let’s dive into the details of this technique.
Typically, when an iOS device is infected with malware, the solution is as simple as just restarting the device. However, with this new technique researchers are calling “NoReboot,” ridding a device of malware is not quite as simple.
“NoReboot” blocks the shutdown and reboot process from being carried out, preventing the device from actually restarting. Without a proper shutdown and reboot, a malware infection on an iOS device can continue to exist. Because the device appears to be shut off with a dark screen, muted notifications, and a lack of response, it is easy to assume that the device has shut down properly and the problem has been solved. However, the “NoReboot” technique has only simulated a reboot, allowing a hacker to access the device and its functions, such as its camera and microphone. If a hacker has access to these functions, they could record the user without their knowledge and potentially capture private information.
This attack is not one that Apple can fix, as it relies on human-level deception rather than exploiting flaws found on iOS. That’s why it’s important that we know how to use our devices safely and stay protected.
As previously mentioned, smartphone usage takes up a big chunk of our time and attention. Since we are so often on these devices, it is usually fairly easy to tell when something isn’t working quite like it is supposed to. While these things could very well just be technical issues, sometimes they are much more than that, such as malware being downloaded onto your smartphone.
Malware can eat up the system resources or conflict with other apps on your device, causing it to act oddly.
Some possible signs that your device has been hacked include:
A slower device, webpages taking way too long to load, or a battery that never keeps a charge are all things that can be attributed to a device reaching its retirement. However, these things may also be signs that malware has compromised your phone.
Malware running in the background of a device may burn extra computing power, causing your phone to feel hot and overheated. If your device is quick to heat up, it may be due to malicious activity.
If apps you haven’t downloaded suddenly appear on your screen, or if outgoing calls you don’t remember making pop up on your phone bill, that is a definite red flag and a potential sign that your device has been hacked.
Malware may also be the cause of odd or frequent pop-ups, as well as changes made to your home screen. If you are getting an influx of spammy ads or your app organization is suddenly out of order, there is a big possibility that your device has been hacked.
To avoid the hassle of having a hacked phone in the first place, here are some tips that may help.
Promptly updating your phone and apps is a primary way to keep your device safe. Updates often fix bugs and vulnerabilities that hackers rely on to download malware for their attacks.
Apple’s App Store and Google Play have protections in place to help ensure that apps being downloaded are safe. Third-party sites may not have those same protections or may even be purposely hosting malicious apps to scam users. Avoiding these sites altogether can prevent these apps from allowing hackers into your device.
Hackers may use public Wi-Fi to gain access to your device and the information you have inside of it. Using a VPN to ensure that your network is private and only you can access it is a great way to stay protected on the go.
Turning off your Wi-Fi and Bluetooth when you are not actively using them is a simple way to prevent skilled hackers from working their way into your devices.
Some hackers have been known to install malware into public charging stations and hack into devices while they are being charged. Investing in your own personal portable charging packs is an easy way to avoid this type of hack.
Encrypting your phone can protect your calls, messages, and information, while also protecting you from being hacked. iPhone users can check their encryption status by going into Touch ID & Passcode, scrolling to the bottom, and seeing if data protection is enabled.
Although researchers agree that you can never trust a device to be fully off, there are some techniques that can help you determine whether your device was rebooted correctly.2 If you do suspect that your phone was hacked or notice some suspicious activity, restart your device. To do this, press and hold the power button and either volume button until you are prompted to slide the button on the screen to power off. After the device shuts down and restarts, notice if you are prompted to enter your passcode to unlock the device. If not, this is an indicator that a fake reboot just occurred. If this happens, you can wait for the device to run out of battery, although researchers have not verified that this will completely remove the threat.
If you are worried that your device has been hacked, follow these steps:
The post How iOS Malware May Snoop on Our Devices appeared first on McAfee Blog.
Every year we can count on new technology to make our lives easier. Right? As beneficial and convenient as tech can be, it can also pose risks to our online safety and privacy—risks that we should be prepared to handle. Increasingly, we’re seeing governments around the world implementing stricter privacy laws. And even major players like Google are phasing out invasive tracking technology like cookies. However, when it comes to activities like banking, shopping, taxes, and more, the need for broader online privacy protection has never been greater. Let’s take a look at some prominent trends in the way we now live online and how we can protect our data.
Crypto, the blockchain, NFTs, tokens – all of these terms are considered part of what’s being termed Web3. Whereas Web 2.0 described an internet made up of large corporations hosting content and consumers, Web3 is governed by the blockchain. What this means is that applications use a decentralized online ledger to document transactions of all sorts. The most famous example is bitcoin, a blockchain that acts as a digital currency. Another example would be NFTs, which are digital works of art. Web3 may be in its infancy, but it’s important to consider what this means for privacy and data protection. Blockchain affords users anonymity in regards to currencies like bitcoin. Of course that means bitcoin also has a reputation as the currency of choice for money-launderers and other shady enterprises. Still, that means it’s good for privacy, right? Well, maybe. The EU’s GDPR rights to erase or amend data are at odds with transactions on a blockchain, which are essentially unchangeable. So if you’re buying cryptocurrency, NFTs, or interacting with blockchains in other ways, just understand your personal information might be hidden, but the record of your transactions is totally visible.
Tip: If you’re keeping cryptocurrencies in an online wallet, you’ll want to use an identity protection service to monitor those account credentials so you can be warned of breaches and leaks onto the dark web.
Student privacy is a top concern as households turn to remote learning. In a rush to optimize remote learning experiences in the face of a rapidly evolving digital landscape, many educators and remote learners may not realize the hazards that put student privacy at risk.
Since 2020, schools have adopted a range of technologies to optimize the digital classroom, including virtual learning platforms, holistic learning solutions, and even social media applications. However, many of these digital platforms are not designed for child usage, nor do they have privacy policies in place to ensure that the student data gathered is protected. Many learning platforms may even treat student data as consumer data, raising more red flags regarding student data privacy and compliance. Online learning has also garnered the attention of cybercriminals looking to exploit student data, resulting in online bullying, identity theft, and more.
For educators and parents alike, knowledge is the greatest asset to mitigating the risks of remote learning. IT teams and educators must understand the implications of the student data they collect, govern access to it, and control its usage to comply with child privacy regulations. Parents can take proper precautions by discussing the importance of privacy with their children. Keeping learning platforms up to date and monitoring their children to prevent them from downloading suspicious apps or straying to unknown websites are all ways to ensure safer remote learning environments.
Tip: Getting a VPN for the family to use is a great way to safeguard your privacy while your kids are learning online.
Remote work has become commonplace nowadays as more companies permit their employees to work from home long-term and, for some, permanently. In a recent Fenwick poll among HR, privacy, and security professionals across industries, approximately 90% of employees now handle intellectual property, confidential, and personal information in their homes. Endpoint security, or the protection of end-user devices such as our laptops and mobile devices, poses more of a concern as employees trade in office networks for their in-home Wi-Fi. If these devices and networks are unsecured or if the data is not encrypted, employees run the risk of exposing sensitive information to hackers. Those of us working from home can help ensure the safety of our company’s confidential information by boosting our awareness of security threats and prevention measures via company-mandated security training.
Tip: McAfee’s Protection Score is a great way to understand how protected you are online and what you can do to stay more secure
This buzzy term is being used to describe Meta’s (previously Facebook) vision for a fully connected future. Right now it exists as an AR/VR space accessible through Meta’s own VR hardware, Oculus. However, the terminology has caught on as a catch-all for platforms that may contain work, business, gaming, entertainment, social interactions, and more in one easily navigable, immersive online setting. Web3 features, like blockchain, NFTs, and cryptocurrencies are being touted as integral parts of the metaverse. As exciting and futuristic as this is, there are major privacy questions that will have to be answered. This means that as customers you’ll want to think hard about what you choose to share through the metaverse and look into the privacy settings a platform offers you.
Tip: Use comprehensive online protection. McAfee Total Protection secures all aspects of your life online. From identity to online connections to antivirus, a full security suite like Total Protection keeps you and your family safer on all the devices you use and places you go online.
Some of the platforms I use the most allow me to keep track of and manage my finances. Whether it’s my mobile banking app or taking advantage of online tax filing, there is such a convenience in having the ability to pay bills, deposit checks, and more, all with the devices I use every day. But many of us may not realize just how much trust we put into these platforms to protect our online privacy, especially when we don’t have a clear picture of who exactly is on the other end of our online transactions.
While recognizing the signs of online banking and tax-related fraud helps ease the burdens associated with these schemes, there are multiple steps users can take to prevent becoming a victim of these scams in the first place.
Tip: Full-featured identity protection will protect you financially. Services like McAfee Identity Protection Service include credit checks, identity theft restoration, and even stolen fund restoration as benefits.
Digital devices are part of how we live our lives every day, whether we’re taking conference calls on our laptops, tracking the latest mile on our smartwatches, or banking on the go. Although our everyday digital devices make our lives that much more convenient, securing them makes our lives that much safer by minimizing online threats to ourselves and those around us. Safeguarding the digital platforms we use for work, school, finances, you name it, is the first step to ensuring our private information remains just that—private.
The post Privacy in Practice: Securing Your Data in 2022 and Beyond appeared first on McAfee Blog.
When you logged on to your computer this morning, data privacy probably wasn’t the first thing you were thinking about. The same goes for when you opened your phone to catch up on social media and check emails, turned on your smart TV for a family movie night, or all the other ways we routinely use our connected devices in our everyday lives.
Although we live in an increasingly connected world, most of us give little thought to data privacy until after our personal information has been compromised. However, we can take proactive steps to help ourselves and our loved ones navigate this environment in a safe way. On January 28th – better known as Data Privacy Day – we have the perfect opportunity to own our privacy by taking the time to safeguard data. By making data privacy a priority, you and your family can enjoy the freedom of living your connected lives online knowing that your information is safe and sound.
Did you know that there is a difference between data security and data privacy? Although the two are intimately intertwined, there are various characteristics of each that make them different. National Today3 provides a useful analogy to define the two:
At this point, we already know not to share our passwords or PIN numbers with anyone. But what about the data that is collected by companies every time we sign up for an email newsletter or make an online account? Oftentimes, we trust these companies to guard the personal data they collect from us in exchange for the right to use their products and services. However, the personal information collected by companies today is not regarded as private by default, with a few exceptions. For this reason, it’s up to us to take our data privacy into our own hands.
Because we spend so much of our day online, plenty of our information is available on the internet. But what happens if one of your favorite online retailers experiences a data breach? This is the reality of the world we live in today, as data breaches have been on the rise and hackers are continuously finding clever, new ways to access our devices and information.
Thanks to the COVID-19 pandemic, we’ve become more reliant on technology than ever before. Whether it be for distance learning, online shopping, mobile banking, or remote work, we’ve all depended on our devices and the internet to stay connected. But with more time online comes more opportunities for cybercriminals to exploit. For example, with the massive increase in remote work since the onset of the pandemic, hackers have hijacked online meetings through a technique called ‘Zoombombing4.’ This occurred after the online conferencing company shared personal data with Facebook, Google, and LinkedIn. Additionally, the number of patient records breached in the healthcare industry jumped to 21.3 million in the second half of 2020 due to the increase in remote interactions between patients and their providers5.
When it comes to data breaches, any business is a potential target because practically every business is online in some way. When you put this in perspective, it’s important to consider what information is being held by the companies that you buy from. While a gaming service will likely have different information about you than your insurance company, you should remember that all data has value, and you should take steps to protect it like you would money.
Your browsing history and personal information are private, and we at McAfee want to keep it that way. By using McAfee Secure VPN, you can browse confidently knowing that your data is encrypted.
To further take control of your data privacy, monitor the health of your online protection with McAfee’s Protection Score. This tool provides simple steps to improve your security and allows you to know how safe you are online, which is the first step towards a safer, more confident connected life. Check your personal protection score here.
Here are a few more tips to keep you on top of your data privacy game:
1. Update your privacy and security settings. Begin with the websites and apps that you use the most. Check to see if your accounts are marked as private, or if they are open to the public. Also, look to see if your data is being leaked to third parties. You want to select the most secure settings available, while still being able to use these tools correctly.
2. Lock down your logins. Secure your logins by making sure that you are creating long and unique passphrases for all your accounts. Use multi-factor identification, when available.
3. Protect your family and friends. You can make a big difference by encouraging your loved ones to protect their online privacy. By helping others create solid safety habits as they build their digital footprints, it makes all of us more secure.
Follow the conversation this Data Privacy Day by following #PrivacyAware and #DataPrivacyDay on social media.
The post It’s Data Privacy Day: Here’s How to Stay Protected in 2022 appeared first on McAfee Blog.
apple-1200
It’s a long-standing question. Can Apple Macs get viruses?
While Apple does go to great lengths to keep all its devices safe, this doesn’t mean your Mac is immune to all computer viruses. So what does Apple provide in terms of antivirus protection? Let’s take a look along with some signs that your Mac may be hacked and how you can protect yourself from further threats beyond viruses, like identity theft.
Whether hackers physically sneak it onto your device or by tricking you into installing it via a phony app, a sketchy website, or a phishing attack, viruses and malware can create problems for you in a few ways:
Some possible signs of hacking software on your Mac include:
Is your device operating more slowly, are web pages and apps harder to load, or does your battery never seem to keep a charge? These are all signs that you could have malware running in the background, zapping your device’s resources.
Like the performance issues above, malware or mining apps running in the background can burn extra computing power (and data). Aside from sapping performance, malware and mining apps can cause your computer to run hot or even overheat.
If you find apps you haven’t downloaded, along with messages and emails that you didn’t send, that’s a red flag. A hacker may have hijacked your computer to send messages or to spread malware to your contacts. Similarly, if you see spikes in your data usage, that could be a sign of a hack as well.
Malware can also be behind spammy pop-ups, changes to your home screen, or bookmarks to suspicious websites. In fact, if you see any configuration changes you didn’t personally make, this is another big clue that your computer may have been hacked.
Macs contain several built-in features that help protect them from viruses:
Similarly, all apps that wish to be sold on the Apple App Store must go through Apple’s App Review. While not strictly a review for malware, security matters are considered in the process. Per Apple, “We review all apps and app updates submitted to the App Store in an effort to determine whether they are reliable, perform as expected, respect user privacy, and are free of objectionable content.”
There are a couple reasons why Mac users may want to consider additional protection in addition to the antivirus protection that Mac provides out of the box:
In all, Macs are like any other connected device. They’re susceptible to threats and vulnerabilities as well. Looking more broadly, there’s the wider world of threats on the internet, such as phishing attacks, malicious links and downloads, prying eyes on public Wi-Fi, data breaches, identity theft, and so on. It’s for this reason Mac users may think about bolstering their defenses further with online protection software.
Staying safer online follows a simple recipe:
Reading between the lines, that recipe can take a bit of work. However, comprehensive online protection can take care of it for you. In particular, McAfee Total Protection includes an exclusive Protection Score, which checks to see how safe you are online, identifies gaps, and then offers personalized guidance, and helping you know exactly how safe you are.
An important part of this score is privacy and security, which is backed by a VPN that turns on automatically when you’re on an unsecure network and personal information monitoring to help protect you from identity theft—good examples that illustrate how staying safe online requires more than just antivirus.
So, Macs can get viruses and are subject to threats just like any other computer. While Macs have strong protections built into them, they may not offer the full breadth of protection you want, particularly in terms of online identity theft and the ability to protect you from the latest malware threats. Consider the threats you want to keep clear of and then take a look at your options that’ll help keep you safe.
The post Can Apple Macs get Viruses? appeared first on McAfee Blog.
When an outage affects a component of the internet infrastructure, there can often be downstream ripple effects affecting other components or services, either directly or indirectly. We would like to share our observations of this impact in the case of two recent such outages, measured at various levels of the DNS hierarchy, and discuss the resultant increase in query volume due to the behavior of recursive resolvers.
During the beginning of October 2021, the internet saw two significant outages, affecting Facebook’s services and the .club top level domain, both of which did not properly resolve for a period of time. Throughout these outages, Verisign and other DNS operators reported significant increases in query volume. We provided consistent responses throughout, with the correct delegation data pointing to the correct nameservers.
While these higher query rates do not impact Verisign’s ability to respond, they raise a broader operational question – whether the repeated nature of these queries, indicative of a lack of negative caching, might potentially be mistaken for a denial-of-service attack.
On Oct. 4, 2021, Facebook experienced a widespread outage, lasting nearly six hours. During this time most of its systems were unreachable, including those that provide Facebook’s DNS service. The outage impacted facebook.com, instagram.com, whatsapp.net and other domain names.
Under normal conditions, the .com and .net authoritative name servers answer about 7,000 queries per second in total for the three domain names previously mentioned. During this particular outage, however, query rates for these domain names reached upwards of 900,000 queries per second (an increase of more than 100x), as shown in Figure 1 below.
Figure 1: Rate of DNS queries for Facebook’s domain names during the 10/4/21 outage.
During this outage, recursive name servers received no response from Facebook’s name servers – instead, those queries timed out. In situations such as this, recursive name servers generally return a SERVFAIL or “server failure” response, presented to end users as a “this site can’t be reached” error.
Figure 1 shows an increasing query rate over the duration of the outage. Facebook uses relatively low Time-to-Lives (TTLs), a setting that tells DNS resolvers how long to cache an answer on their DNS records before issuing a new query, of from one to five minutes. This in turn means that, five minutes into the outage, all relevant records would have expired from all recursive resolver caches – or at least from those that honor the publisher’s TTLs. It is not immediately clear why the query rate continues to climb throughout the outage, nor whether it would eventually have plateaued had the outage continued.
To get a sense of where the traffic comes from, we group query sources by their autonomous system number. The top five autonomous systems, along with all others grouped together, are shown in Figure 2.
Figure 2: Rate of DNS queries for Facebook’s domain names grouped by source autonomous system.
From Figure 2 we can see that, at their peak, queries for these domain names to Verisign’s .com and .net authoritative name servers from the most active recursive resolvers – those of Google and Cloudflare – increased around 7,000x and 2,000x respectively over their average non-outage rates.
On Oct. 7th, 2021, three days after Facebook’s outage, the .club and .hsbc TLDs also experienced a three-hour outage. In this case, the relevant authoritative servers remained reachable, but responded with SERVFAIL messages. The effect on recursive resolvers was essentially the same: Since they did not receive useful data, they repeatedly retried their queries to the parent zone. During the incident, the Verisign-operated A-root and J-root servers observed an increase in queries for .club domain names of 45x, from 80 queries per second before, to 3,700 queries per second during the outage.
Figure 3: Rate of DNS queries to A and J root servers during the 10/7/2021 .club outage.
Similar to the previous example, this outage also demonstrated an increasing trend in query rate during the duration of the outage. In this case, it might be explained by the fact that the records for .club’s delegation in the root zone use two-day TTLs. However, the theoretical analysis is complicated by the fact that authoritative name server records in child zones use longer TTLs (six days), while authoritative name server address records use shorter TTLs (10 minutes). Here we do not observe a significant amount of query traffic from Google sources; instead, the increased query volume is largely attributable to the long tail of recursive resolvers in “All Others.”
Figure 4: Rate of DNS queries for .club and .hsbc, grouped by source autonomous system.
Earlier this year Verisign implemented a botnet sinkhole and analyzed the received traffic. This botnet utilizes more than 1,500 second-level domain names, likely for command and control. We observed queries from approximately 50,000 clients every day. As an experiment, we configured our sinkhole name servers to return SERVFAIL and REFUSED responses for two of the botnet domain names.
When configured to return a valid answer, each domain name’s query rate peaks at about 50 queries per second. However, when configured to return SERVFAIL, the query rate for a single domain name increases to 60,000 per second, as shown in Figure 5. Further, the query rate for the botnet domain name also increases at the TLD and root name servers, even though those services are functioning normally and data relevant to the botnet domain name has not changed – just as with the two outages described above. Figure 6 shows data from the same experiment (although for a different date), colored by the source autonomous system. Here, we can see that approximately half of the increased query traffic is generated by one organization’s recursive resolvers.
Figure 5: Query rates to name servers for one domain name experimentally configured to return SERVFAIL.
Figure 6: Query rates to botnet sinkhole name servers, grouped by autonomous system, when one domain name is experimentally configured to return SERVFAIL.
These two outages and one experiment all demonstrate that recursive name servers can become unnecessarily aggressive when responses to queries are not received due to connectivity issues, timeouts, or misconfigurations.
In each of these three cases, we observe significant query rate increases from recursive resolvers across the internet – with particular contributors, such as Google Public DNS and Cloudflare’s resolver, identified on each occasion.
Often in cases like this we turn to internet standards for guidance. RFC 2308 is a 1998 Standards Track specification that describes negative caching of DNS queries. The RFC covers name errors (e.g., NXDOMAIN), no data, server failures, and timeouts. Unfortunately, it states that negative caching for server failures and timeouts is optional. We have submitted an Internet-Draft that proposes updating RFC 2308 to require negative caching for DNS resolution failures.
We believe it is important for the security, stability and resiliency of the internet’s DNS infrastructure that the implementers of recursive resolvers and public DNS services carefully consider how their systems behave in circumstances where none of a domain name’s authoritative name servers are providing responses, yet the parent zones are providing proper referrals. We feel it is difficult to rationalize the patterns that we are currently observing, such as hundreds of queries per second from individual recursive resolver sources. The global DNS would be better served by more appropriate rate limiting, and algorithms such as exponential backoff, to address these types of cases we’ve highlighted here. Verisign remains committed to leading and contributing to the continued security, stability and resiliency of the DNS for all global internet users.
This piece was co-authored by Verisign Fellow Duane Wessels and Verisign Distinguished Engineers Matt Thomas and Yannis Labrou.
The post Observations on Resolver Behavior During DNS Outages appeared first on Verisign Blog.
Most parents may find it difficult to relate to today’s form of cyberbullying. That’s because, for many of us, bullying might have come in a series of isolated, fleeting moments such as an overheard rumor, a nasty note passed in class, or a few brief hallway confrontations.
Fast forward a few dozen decades, and the picture is spectacularly different and a world few adults today would eagerly step into.
Cyberbullying includes targeting that is non-stop. It’s delivered digitally in an environment that is often anonymous. It’s a far-reaching, esteem-shattering, emotional assault. And the most traumatic component? The perpetual nature of the internet adds the ever-present threat of unlimited accessibility—kids know bullying can happen to anyone, at any time, and spread like wildfire.
The nature of cyberbullying can make a young victim feel hopeless and powerless. Skipping school doesn’t stop it. Summer vacation doesn’t diminish it. That’s because the internet is ever-present.
According to a 2020 Ditch the Label Cyberbullying Study, youth today reveal that carrying the emotional weight of being “connected all the time” is anything but fun and games. Here’s a snapshot.
While all kids are at risk for cyberbullying, studies reveal that some are more vulnerable than others.
According to the Pew Research Center, females experience more cyberbullying than their male counterparts; 38% of girls compared to 26% of boys. Those most likely to receive a threatening or aggressive text, IM, or email: Girls ages 15-17.
More data from the CDC and American University reveals that more than 28.1 % of LGBTQ teens were cyberbullied in 2019, compared to 14.1% of their heterosexual peers. In addition, Black LGTBQ youth are more likely to face mental health issues linked to cyberbullying and other forms of bullying as compared to non-Black LGTBQ and heterosexual youth.
Another community that can experience high cyberbullying is gamers. If your child spends a lot of time playing online games, consider paying close attention to the tone of conversations, the language used, your child’s demeanor during and after gaming, and, as always, stay aware of the risks. In a competitive gaming environment that often includes a variety of age groups, cyberbullying can quickly get out of control.
Lastly, the reality no parent wants to confront—but one that is critical to the conversation—is that cyberbullying and suicide may be linked in some ways. According to JAMA Pediatrics, approximately 80% of young people who commit suicide have depressive thoughts, and in today’s online environment, cyberbullying often leads to more suicidal thoughts than traditional bullying.
Each new year represents 365 new days and 365 new chances to do things a little bit better than we’ve done them in the past. And while it’s impossible to stop our kids from wandering into the crossfire of hurtful words online, we can do everything possible to reduce their vulnerability and protect their self-esteem.
The post Cyberbullying: Words do Hurt When it Comes to Social Media appeared first on McAfee Blog.
FreshRSS 