Login
Imagine – your favorite brand on Instagram just announced a giveaway. You’ll receive a free gift! All you have to do is provide your credit card information. Sounds easy, right? This is a brand you’ve followed and trusted for a while now. You’ve engaged with them and even purchased some of their items. The link comes directly from their official page, so you don’t think to question it.
This is the same mindset that led to several Bored Ape Yacht Club (BAYC) NFTs being stolen by a cybercriminal who had hacked into the company’s official Instagram account. Let’s dive into the details of this scam.
Bored Ape Yacht Club, the NFT collection, disclosed through Twitter that their Instagram account had been hacked, and advised users not to click on any links or link their crypto wallets to anything. The hacker managed to log into the account and post a phishing link promoting an “airdrop,” or a free token giveaway, to users who connected their MetaMask wallets. Those who linked their wallets before BAYC’s warning lost a combined amount of over $1 million in NFTs.
Despite the large price tag attached to NFTs, they are often held in smartphone wallets rather than more secure alternatives. MetaMask, the crypto wallet application, only allows NFT display through mobile devices and encourages users to use the smartphone app to manage them. While it may be a good method for display purposes, this limitation provides hackers with a new and effective way to easily steal from users’ mobile wallets.
BAYC does not yet know how the hacker was able to gain access to their Instagram account, but they are following security best practices and actively working to contact the users affected.
This scam was conducted through the official BAYC account, making it appear legitimate to BAYC’s followers. It is incredibly important to stay vigilant and know how to protect yourself and your assets from scams like these. Follow the tips below to steer clear of phishing scams and keep your digital assets safe:
A seed phrase is the “open sesame” to your cryptocurrency wallet. The string of words is what grants you access to all your wallet’s assets. Ensuring that your seed phrase is stored away safely and not easily accessible by anyone but yourself is the first step to making sure your wallet is secure.
With all transactional and wallet data publicly available, scammers can pick and choose their targets based on who appears to own valuable assets. To protect your privacy and avoid being targeted, refrain from sharing your personal information on social media sites or using your NFT as a social media avatar.
Phishing scams targeting NFT collectors are becoming increasingly common. Be wary of any airdrops offering free tokens in exchange for your information or other “collectors” doing the same.
Phishing scams tend to get more sophisticated over time, especially in cases like the Bored Ape Yacht Club where the malicious links are coming straight from the official account. It is always best to remain skeptical and cautious, but when in doubt, here are some extra tips to spot phishing scams:
As crypto and NFTs continue to take the world by storm, hackers and scammers are constantly on the prowl for ways to steal and deceive. No matter the source or how trustworthy it may seem at first glance, always exercise caution to keep yourself and your assets safe!
The post Instagram Hack Results in $1 Million Loss in NFTs appeared first on McAfee Blog.
So is your smart speaker really listening in on your conversations?
That’s the crux of a popular privacy topic. Namely, are we giving up some of our privacy in exchange for the convenience of a smart speaker that does our bidding with the sound of our voice? After all, you’re using it to do everything from search for music, order online, and control the lights and temperature in your home.
What is your smart speaker really hearing—and recording?
Let’s take a look at what’s going on inside of your smart speaker, how it processes your requests, and what companies do with the recordings and transcripts of your voice.
More or less, smart speakers are listening to all the time. Each smart speaker has its own “wake word” that it listens for, like Alexa, Siri, or Google. When the device hears that wake word or thinks it hears it, it begins recording and awaits your verbal commands. Unless you have the microphone or listening feature turned off, your device indeed actively listens for that wake word all the time.
Here’s where things get interesting, though. There’s a difference between “listening” and “recording.” The act of listening is passive. Your smart speaker is waiting to hear its name. That’s it. Once it does hear its name, it begins recording for a few seconds to record your command. From there, your spoken command goes into the company’s cloud for processing by way of an encrypted connection.
There are exceptions to when your command may go to the company’s cloud for processing, like Siri on iPhones, which according to Apple, “You don’t sign in with your Apple ID to use Siri, and the audio of your requests is processed entirely on your iPhone.” Also, Google Assistant may process some requests without going to the cloud, like “When a user triggers a smart home Action that has a local fulfillment path, Assistant sends the EXECUTE intent or QUERY intent to the Google Home or Google Nest device rather than the cloud fulfillment.”
In the cases where information does go to the cloud, processing entails a few things. First, it makes sure that the wake word was heard. If it’s determined that the wake word was indeed spoken (or something close enough to it—more on that in a minute), the speaker follows through on the request or command. Depending on your settings, that activity may get stored in your account history, whether as a voice recording, transcript, or both. If the wake word was not detected, processing ends at that point.
Enter the issue of mistaken wake words. While language models and processing technologies used by smart speakers are constantly evolving, there are occasions where a smart speaker acts as if a wake word was heard when it simply wasn’t said. Several studies on the topic have been published in recent years. In the case of research from Northeastern University, it was found that dialogue from popular television shows could be interpreted as wake words that trigger recording. For example, their findings cite:
“We then looked at other shows with a similarly high dialogue density (such as Gilmore Girls and The Office) and found that they also have a high number of activations, which suggests that the number of activations is at least in part related to the density of dialogue. However, we have also noticed that if we consider just the amount of dialogue (in a number of words), Narcos is the one that triggers the most activations, even if it has the lowest dialogue density.”
Of interest is not just the volume of dialogue, but the pronunciation of the dialogue:
“We investigated the actual dialogue that produced Narcos‘ activations and we have seen that it was mostly Spanish dialogue and poorly pronounced English dialogue. This suggests that, in general, words that are not pronounced clearly may lead to more unwanted activations.”
Research such as this suggests that smart speakers at the time had room for improvement when it comes to properly detect wake words, thus leading to parts of conversation being recorded without the owner intending it. If you own a smart speaker, I wouldn’t be too surprised to hear that you’ve had some issues like that from time to time yourself.
As mentioned above, the makers of smart speakers make constant improvements to their devices and services, which may include the review of commands from users to make sure they are interpreted correctly. There are typically two types of review—machine and human. As the names suggest, a machine review is a digital analysis and human reviews entail someone listening to and evaluating a recorded command or reading and evaluating a transcript of a written command.
However, several manufacturers let you exercise some control over that. In fact, you’ll find that they post a fair share of articles about this collection and review process, along with your choices for opting in or out as you wish:
The quickest way to ensure a more private experience with your smart speaker is to disable listening—or turn it off entirely. Depending on the device, you may be able to do this with the push of a button, a voice command, or some combination of the two. This will keep the device from listening for its wake word. Likewise, this makes your smart speaker unresponsive to voice commands until you enable them again. This approach works well if you decide there are certain stretches of the day where your smart speaker doesn’t need to be on call.
Yet let’s face it, the whole idea of a smart speaker is to have it on and ready to take your requests. For those stretches where you leave it on, there’s another step you can take to shore up your privacy.
In addition to making sure you’re opted out of the review process mentioned above, you can also delete your recordings associated with your voice commands.
Managing your voice history like this gives you yet one more way you can take control of your privacy. In many ways, it’s like deleting your search history from your browser. And when you consider just how much activity and how many queries your smart speaker may see over the course of days, weeks, and months, you can imagine just how much information that captures about you and your family. Some of it is undoubtedly personal. Deleting that history can help protect your privacy in the event that information ever gets breached or somehow ends up in the hands of a bad actor.
Lastly, above and beyond these privacy tips for your smart speakers, comprehensive online protection will help you look out for your privacy overall. In the case of ours, we provide a full range of privacy and device protection, along with identity theft protection that includes $1M identity theft coverage, identity monitoring, and identity restoration assistance from recovery pros—and antivirus too, of course. Together, they can make your time spent online far more secure.
You’re the smart one in this relationship
With privacy becoming an increasingly hot topic (rightfully so!), several companies have been taking steps to make the process of managing yours easier and a more prevalent part of their digital experience. As you can see, there are several ways you can take charge of how your smart speaker uses, and doesn’t use, your voice.
It used to be that many of these settings were tucked away deep in menus, rather than something companies would tout on web pages dedicated to privacy. So as far as smart speakers go, the information is out there, and I hope this article helps make the experience with yours more private and secure.
The post Smarter Homes & Gardens: Smart Speaker Privacy appeared first on McAfee Blog.
nas-1200
Cryptocurrency is all the rage these days and it doesn’t seem to be slowing down any time soon. As more people dive into the nitty-gritty of what blockchain is, how NFTs are traded, and the difference between Bitcoin and Ethereum, digital currency developers are finding new ways for people to engage with crypto. But as crypto continues to grow and become more profitable, hackers are simultaneously trying to find ways to get their hands on the coins.
According to Markets Insider, one of the biggest crypto heists in history took place recently, resulting in roughly $625 million stolen.1 Here’s what you need to know about this crypto theft, and how you can stay protected when investing in digital assets.
Ronin, the blockchain underlying the play-to-earn crypto game Axie Infinity, revealed that a hacker stole 173,600 Ethereum (currently worth around $600 million) and 25.2 million USDC (a cryptocurrency pegged to the U.S. dollar), resulting in a loss of about $625 million in cryptocurrency.
On March 29th, Ronin and Axie Infinity operator Sky Mavis revealed the breach and froze transactions on the Ronin bridge, which allows depositing and withdrawing funds from the company’s blockchain. This “side chain” contained nine validator nodes, or proof-of-stake tools, that confirmed and approved each transaction. At least five validator nodes are needed to approve each transaction. Sky Mavis oversaw five, and Axie Decentralized Autonomous Organization (or DAO) controlled four. However, Sky Mavis discontinued its agreement with the DAO in December but failed to revoke the DAO’s permissions. Due to this oversight, the hacker was able to take over the necessary amount of validator nodes to enable access to the cryptocurrency and make a break with it.
According to experts, the use of these side chains rather than native blockchains leads to a rise in cryptocurrency vulnerabilities. Had Sky Mavis abandoned the side chains and stuck to the blockchains, it is likely that an attack of this magnitude could have been avoided. Rather than a cryptocurrency issue, this is more of a cybersecurity issue.
If you are interested in getting into crypto, don’t let cyberattacks like this deter you! As a fairly new phenomenon, there are still many ways in which the crypto world needs to grow, adjust, and adapt to ensure that users can interact with it safely. In the meantime, if you are wanting to dive into the crypto economy but still have reservations, here are some tips to help you stay protected:
Whenever you decide to dive into something new, it’s always important to make sure you are knowledgeable about that thing, especially if it involves investing your money. Before jumping right into the crypto world, research each cryptocurrency, each blockchain, and any software you may use. Keep up with the news to stay informed on security breaches and pick up tips for which system you may want to engage in. Knowing the ins and outs of the crypto economy and its security protocols will solidify your decision of whether you want to join the crypto community and whether the benefits outweigh the risks.
As with all online accounts, it’s important to use secure, unique passwords and two-factor authentication when creating and maintaining cryptocurrency logins. Hackers can access lists of passwords and logins via the dark web, so never reuse your passwords. Two-factor authentication requires a randomly generated passcode for entry that is only accessible to you, so cybercriminals will not be able to access your accounts. If your accounts are a pain for a hacker to try to get through, they will likely move on, keeping your account, your information, and your assets safe.
For some added protection, store your assets in a crypto wallet. A crypto wallet is a software product or physical device that stores the keys to your cryptocurrency accounts. Crypto wallets allow you to transfer funds between crypto types and make transactions while keeping your investments protected. There are various types of cryptocurrency wallets, so do your research to find which one is best for you and your accounts.
Develop a routine of checking in on your crypto accounts to keep an eye on any suspicious transactions. Keep up with news outlets so that if there does happen to be a breach, you can make a timely report of any losses you may have had. For some added security and protection, consider changing your login credentials.
Hackers often use social engineering to enact cyberattacks like these. This includes targeting users’ emails or using phishing to gain access to these accounts. When receiving emails, be wary of addresses that seem slightly off, odd spelling and grammar mistakes, and any links or attachments added to the message. Being cautious and alert when you are online is an important step to ensuring your account safety.
As the world of crypto continues to evolve and more people get involved, cybercriminals are itching to take advantage. However, that is no reason to avoid getting into the crypto economy. If you decide to try your hand at digital currencies, make sure you are doing your research, staying up to date on what is happening in the crypto news, and remaining vigilant when it comes to your online safety.
The post $625 Million Stolen in Latest Crypto Attack: 5 Tips on How to Use Digital Currency Safely appeared first on McAfee Blog.
As an avid internet surfer, you’ve most likely heard of cookies. No, we’re not talking about the ones filled with chocolate chips. We’re talking about the ones that allow you to log in to your favorite websites. Cookies may impact your online security, so check out these tips to manage them and keep your online accounts safe.
Ever wonder how a website saves the items you placed in your shopping cart last week, even though you closed the tab before making the purchase? This is made possible by cookies. According to the Federal Trade Commission, a cookie is information saved by your web browser. When you visit a website, the site may place a cookie on your web browser so it can recognize your device in the future. If you return to that site later, it can read that cookie to remember you from your last visit, keeping track of your activities over time.1
Cookies come in either the first-party or third-party variety. There’s no difference between the two in how they function, but rather in where and how you encountered them. First-party cookies belong to sites you visited first-hand in your browser. Third-party cookies, or “tracking cookies,” generally come from third-party advertising websites.
Although cookies generally function the same, there are technically two different types of cookies. Magic cookies refer to packets of information that are sent and received without changes. Historically, this would be used to log in to a computer database system, such as an internal business network. This concept predates the modern cookie we use today.
HTTP cookies are a repurposed version of the magic cookie built for internet browsing and managing online experiences. HTTP cookies help web developers give you more personalized, convenient website experiences. They allow sites to remember you, your website logins, and shopping carts so you can pick back up where you left off from your last visit. However, cybercriminals can manipulate HTTP cookies to spy on your online activity and steal your personal information.
Cookie hijacking (also known as session hijacking) is typically initiated when a cybercriminal sends you a fake login page. If you click the fake link, the thief can steal the cookie and capture anything you type while on the fraudulent website. Like a phishing attack, cookie hijacking allows a cybercriminal to steal personal information like usernames, passwords, and other important data held within the cookie. If you enter your information while on the fake website, the criminal can then put that cookie in their browser and impersonate you online. They may even change your credentials, locking you out of your account.
Sometimes, criminals initiate cookie hijacking attacks without a fake link. If you’re browsing on an unsecured, public Wi-Fi connection, hackers can easily steal your data that’s traveling through the connection. This can happen even if the site is secure and your username and password are encrypted.
Because the data in cookies doesn’t change, cookies themselves aren’t harmful. They can’t infect computers with viruses or malware. But if your cookies are hijacked as part of a cyberattack, a criminal could gain access to your browsing history and use cookies as the key to enter your locked accounts. For example, a hacker may steal your identity or confidential company information, purchase items in your online shopping carts, or loot your bank account.
Preventing cookie hijacking attacks can allow you to browse the internet with greater peace of mind. Follow these tips to not only safeguard your personal information but to also enhance your browsing experience:
Make it a habit to clear your cookie cache regularly to prevent cookie overload, which could slow your search speeds. Also, almost every browser has the option to enable/disable cookies on your computer. So if you don’t want them at all, your browser’s support section can walk you through how to disable them.
Although it’s convenient to not have to re-type your credentials into a website you frequently visit, autofill features could make it easier for a criminal to extract your data with cookie hijacking. Plus, autofill is risky if your physical device falls into the wrong hands. To browse more securely without having to constantly reenter your passwords, use a password manager like McAfee True Key. True Key makes it so you only have to remember one master password, and it encrypts the rest in a vault protected by one of the most secure encryption algorithms available.
Strong, unique passwords for each of your accounts, updated regularly, offer ample protection against hackers. Multi-factor authentication (MFA) adds yet another layer of security by double-checking your identity beyond your username and password, usually with a texted or emailed code. When your accounts offer MFA, always opt in.
Criminals can hijack your cookies if you’re browsing on an unsecured, public Wi-Fi connection. To prevent a criminal from swiping your data, use a virtual private network (VPN), a service that protects your data and privacy online. A VPN creates an encrypted tunnel that makes you anonymous by masking your IP address while connecting to public Wi-Fi hotspots. This is a great way to shield your information from online spies while you’re banking, shopping, or handling any kind of sensitive information online.
McAfee LiveSafe is an antivirus solution that protects your computer and mobile devices from suspicious web cookies by:
The post What Are Browser Cookies and How Do I Manage Them? appeared first on McAfee Blog.
ruby-1200
What’s worse than a surprise call from a law enforcement official telling you to pay a fine or be forced to serve time? Providing your personal information and paying that fine only to find out that it was all a scam. You didn’t miss jury duty; you didn’t commit a crime — you were just tricked into thinking that you did.
Sound unbelievable? It’s more likely than you’d think.
According to ZDNet1, the FBI released a warning about scammers impersonating government officials or law enforcement agencies to steal personal information and money from unsuspecting people.
After acquiring phone numbers and names from real users, scammers use fake credentials from well-known law enforcement agencies to contact victims. Under the guise of these officials, scammers claim that the user’s identity was used in a crime and ask them to provide their social security number and date of birth for verification. The fraudsters will also call or text about apparently missed jury duty, missed court dates, warrants out for arrest, or other local fines that require payment to be solved.
These criminals demand payment in multiple forms, but the most common are prepaid cards, wire transfers, and cash sent through mail or through cryptocurrency ATMs. If victims do not pay these fines or provide their personal information, the scammers in disguise will threaten them with potential prosecution or arrest.
The FBI states that no law enforcement agency will ever contact you asking for money, but if you’re still unsure whether you’re being scammed, here are a few more phishing tips that can help:
Unsolicited phone calls or texts are best avoided altogether or confirmed with a second source. Verify the caller’s identity with the organization they claim they represent. Ask for a name and position and make it clear you will be following up to verify their identity.
Do not reveal any personal or financial information over the phone, through text, or through a link provided in a text message.
Generic greetings that do not address you by name, especially when asking you to verify your identity or pay a fine, are a definite indicator that you may be being scammed.
Any strange grammar or spelling mistakes in a text message can be signs that this is someone impersonating an official agency, company, or higher-up to scam you.
Although scammers try to trick users over the phone, phishing scams can also happen over email. In addition to the tactics mentioned above, here are some extra tips on how to detect and avoid phishing emails:
Cybercriminals will often impersonate well-known brands or individuals by using fraudulent email addresses with just a few alterations of letters or characters. An example is an email address that appears as “bank0famerica.con.”
If you receive a message or email with a link, hover over the link without clicking on it. This will allow you to see a link preview. If the URL looks suspicious or doesn’t match up with the content in the email, do not interact with it and delete the entire message.
Be cautious of any attachment in an email. Scammers often use attachments as a sneaky way to deliver viruses and malware onto unsuspecting people’s devices.
Phishing scams can be deceitful, especially with the added pressure of a seemingly real (but definitely fake) government official or law enforcement agency accusing you of breaking the law. However, by following the tips outlined above, you’ll be able to spot these scams from a mile away and stay safer online!
The post What the FBI Wants You to Know About the Latest Phishing Scheme appeared first on McAfee Blog.
Outfitting your smart home could get a whole lot easier this year.
A new industry standard called Matter aims to remove a big barrier in smart home technology, one that makes different smart home devices compatible with any smart home platform—something that wasn’t possible until now.
For years, different smart home devices have run on several different competing platforms, such as Amazon Alexa, Apple HomeKit, Google Assistant, or Samsung SmartThings. And put plainly, those different platforms didn’t work with each other. And that was unfortunate. After all, the vision for the smart home was to run everything from lights, appliances, doorbell cameras, and all kinds of connected things in your home from a central set of controls, regardless of device manufacturer or platform.
But that hasn’t been the case, and this lack of compatibility created some headaches for homeowners. They’ve had to choose between one smart home platform over another and then only use smart devices built for that platform. For example, if you’re running a bunch of devices on Apple HomeKit and find a great deal on a new Samsung smart refrigerator with Alexa built-in, you’re pretty much out of luck if you want those devices to all work together as one in your smart home. The result is that consumers have had to check the fine print to see what’s compatible with what when shopping for smart devices. Again, a real headache.
Matter aims to take care of that. It’s hailed as a unifying technology that will make all those devices work together. Right now, the first wave of Matter-enabled devices is on track for a mid-year launch, which means we may finally see that vision of a smart home come true—a place where all your connected stuff works together with just the sound of your voice or a tap on your phone.
With that, let’s take a closer look at the new Matter protocol and what it offers, along with a look at security and privacy for smart home devices in general.
Without getting too technical about it, Matter is designed to create a more energy-efficient, secure, and reliable network for your smart home devices. Additionally, it’s designed to run independently of your internet connection, so if your internet goes out, you can still control your smart devices locally—from the app or device of your choice.
The tech industry looks like they’re very much on board. Matter is led by the Connectivity Standards Alliance, a body of more than 200 technology companies working together to create this new standard. And if you’re wondering Amazon, Apple, Google, and Samsung are among the many members of this alliance. If the launch goes as planned, you can expect to see Matter-enabled devices and the Matter logo on several new products by the middle of the year.
Additionally, several companies have announced that they will provide an upgrade path for existing products so that their existing customers don’t have to scrap their current smart home devices to take advantage of Matter.
In all, the idea is exciting. What remains to be seen is how security and privacy matters are handled, not only by the network but by the devices on it.
As far as security goes, Matter uses a combination of encryption and blockchain technology to secure transmitted data and ensure that only the devices you trust can use the network. Considering that you may be heating your home, warming up your oven, or even locking your front door, security features like these only make sense.
Yet looking beyond Matter and thinking about connected homes more broadly, there are a few question marks when it comes to privacy.
Imagine for a moment what a highly connected home might look like—and all the data those connections will generate. That data will show what time of day your front door tends to unlock and lock when family members go to and from work, school, or what have you. It’ll also show when you tend to turn on your lights, cook your dinner, or turn on the house alarm for the night.
Over time, all this data can piece together a picture of your comings and goings during a typical week. Shy of a bad actor physically casing out your home over several days, data like this simply hasn’t existed until the age of the connected home. If that data goes unprotected or if the devices creating it don’t give you some control over it, the privacy risks will run high.
Moreover, data privacy policies come into play here as well. As consumers like us are very much aware these days, not every company treats your data the same way. Some companies have different policies around what data they may collect and then what they do with that data—like cloud sites for other smart devices, government agencies, insurance companies, law enforcement, data aggregators, data banks, social media sites, and others according to findings published by some industry groups. In a smart home that’s kitted out with devices from five, seven, or even more different manufacturers, that are multiple privacy policies in play—each of which may view and treat your private data in their own way. That’s potentially volumes of your data circulating out there, potentially in ways you aren’t aware of or that give you any control over its use.
Of course, the issue of data privacy is nothing new and certainly not specific to smart devices. Already, the dozens of different apps and services we use as we go about our day have their own data privacy policies as well. Devices in a smart home only add to that mix, which is worth considering in our already highly connected lives.
As I write this, Matter has yet to be released. Yet if you already have some smart devices in your home, you may be wondering how to make your connected home safer. Let’s take a look at a few of the things you can do to protect your smart devices and the home network they’re running on.
Many smart home devices use a smartphone as a sort of remote control, not to mention as a place for gathering, storing, and sharing data. So whether you’re an Android owner or iOS owner, protect your smartphone so you can protect the things it accesses and controls—and the data stored on it too.
Early on when the first sets of smart home devices rolled out, some found themselves open to attack because they come with a default username and password, which hackers often publish on the internet as part of massive listings. (Baby monitors are a classic example.) And it remains an issue today. When you purchase any IoT device, set a fresh password using a strong method of password creation. Likewise, create an entirely new username for additional protection as well.
Another device that needs good password protection is your internet router. Make sure you use a strong and unique password there as well to help prevent hackers from breaking into your home network. (A password manager as part of comprehensive online protection can help.) Also, consider changing the same of your home network so that it doesn’t personally identify you. (I’ve seen some fun alternatives to using your name or address, everything from movie lines like “May the Wi-Fi be with you” to old sitcom references like “Central Perk.”) Also check that your router is using an encryption method, like WPA2, which will keep your signal secure. If you haven’t done this sort of thing before, check the documentation that came with your router or with the internet provider if you rent or purchased it from them.
Online banks, shops, and other services commonly offer multi-factor authentication to help protect your accounts—with the typical combination of your username, password, and a security code sent to another device you own (often a mobile phone). If your IoT device supports multi-factor authentication, consider using it there too. It throws a big barrier in the way hackers simply try and force their way in with a password/username combination, which will make your device tougher to crack.
In addition to fixing the odd bug or adding the occasional new feature, app and device updates often address security gaps. Out-of-date apps and devices may have flaws that hackers can exploit, so regular updating is a must from a security standpoint. If you can set your smart home apps and devices to receive automatic updates, even better.
Smart homes show plenty of promise. Seeing a new and broadly adopted industry standard like Matter on the horizon may make them even more promising. Ideally, Matter will make it easier for people to bring more smart devices in their homes, and in a way that’s reliable and secure. Moreover, there are steps you can take now to help keep your smart home devices, and smart home in general, more secure as well.
Yet when it comes to thinking about a home full of smart devices, questions around privacy remain. Smart home devices offered by different manufacturers will have different privacy policies and thus use people’s data in different ways, which puts consumers like us in a position to understand the terms, conditions, and implications of each one. Yet with data privacy being such a hot topic for consumers, the industry, and regulators already, it remains to be seen what consumer-friendly standards are set for data collection in the years to come—both in and out of the smart home.
The post Smarter Homes & Gardens: Protecting the Smart Devices in Your Home appeared first on McAfee Blog.
If you’re thinking about crypto, one of the first things you’ll want to do is get yourself a good wallet.
Topping the several important things a new cryptocurrency investor needs to think about is security. Rightfully so. Cryptocurrency is indeed subject to all kinds of fraud, theft, and phishing attacks, just like the credentials and accounts we keep online.
But here’s the catch. Lost or stolen cryptocurrency is terrifically difficult to recover. By and large, it doesn’t enjoy the same protections and regulations as traditional currency and financial transactions. For example, you can always call your bank or credit card company to report theft or contest a fraudulent charge. Not the case with crypto. With that, you’ll absolutely need a safe place to secure it. Likewise, in the U.S. many banks are FDIC insured, which protects depositors if the bank fails. Again, not so with crypto.
So, when it comes to cryptocurrency, security is everything.
Cryptocurrency theft offers hackers an immediate payoff. It’s altogether different from, say, hacking the database of a Fortune 500 company. With a data breach, a hacker may round up armloads of personal data and information, yet it takes additional steps for them to translate those stolen records into money. With cryptocurrency theft, the dollars shift from the victim to the crook in milliseconds. It’s like digital pickpocketing. As you can guess, that makes cryptocurrency a big target.
And that’s where your wallet will come in, a place where you store the digital credentials associated with the cryptocurrency you own. The issue is doing it securely. Let’s take a look at the different wallets out there and then talk about how you can secure them.
Broadly, there are two general categories of wallets. First, let’s look at what these wallets store.
A wallet contains public and private “keys” that are used to conduct transactions. The public key often takes the form of an address, one that anyone can see and then use to send cryptocurrency. The private key is exactly that. Highly complex and taking many forms that range from multi-word phrases to strings of code, it’s your unique key that proves your ownership of your cryptocurrency and that allows you to spend and send crypto. Needless to say, never share your private key.
With that, there are two ways to store your keys—in a hot wallet or a cold wallet.
Hot Wallets:
|
Cold Wallets:
|
As you can see, the benefit of a hot wallet is that you can load it up with cryptocurrency, ready for spending. However, it’s the riskiest place to store cryptocurrency because it’s connected to the internet, making it a target for hacks and attacks.
In addition to that, a hot wallet is connected to a cryptocurrency exchange, which makes the transfer of cryptocurrencies possible. The issue with that is all cryptocurrency exchanges are not created equal, particularly when it comes to security. Some of the lesser-established exchanges may not utilize strong protocols, likely making a target for attack. Even the more established and trusted exchanges have fallen victim to attacks—where crooks have walked away with millions or even hundreds of millions of dollars.
While the funds in cold wallets are far less liquid, they’re far more secure because they’re not connected to the internet. In this way, cold wallets are more vault-like and suitable for long-term storage of larger sums of funds. But cold wallets place a great deal of responsibility on the holder. They must be stored in a physically secure place, and be backed up, because if you lose that one device or printout that contains your cryptocurrency info, you lose the cryptocurrency altogether. Within the cold wallet category, there are a few different types:
Several manufacturers make storage devices specifically designed to store cryptocurrency, complete with specific features for security, durability, and compatibility with many (yet not always all) of the different cryptocurrencies on the market. An online search will turn up several options, so doing your homework here will be very important—such as which devices have the best track record for security, which devices are the most reliable overall, and which ones are compatible with the crypto you wish to keep.
Storing cryptocurrency information on a computer or laptop that’s disconnected from the internet (also known as “air-gapped”) is a storage method that’s been in place for some time. However, because computers and laptops are complex devices, they may be less secure than a simpler, purpose-built cryptocurrency device. In short, there are more ways to compromise a computer or laptop with malware that a determined hacker can use to steal information in some rather surprising ways. (Like noise from a compromised computer fan passing information in a sort of Morse Code or generating electromagnetic signals on a compromised computer that nearby devices can use to skim information.)
Ah, good old paper. Write down a code and keep it secure. Simple, right? In truth, creating a paper wallet can be one of the most involved methods of all the cold storage options out there. Bitcoin offers a step-by-step walkthrough of the process that you can see for yourself. Once done, though, you’ll have a piece of paper with a public address for loading cryptocurrency into your paper cold wallet, along with a private key. One note: Bitcoin and others recommend never reusing a paper cold wallet once it’s connected to a hot wallet. You should go through the process of creating a new cold paper wallet each time.
Physical coins are a special case and are relatively new on the scene. They’re a physical coin minted with a tamper-resistant sticker that indicates the actual value of the coin. Like other methods of cold wallet storage, this calls for keeping it in a safe place, because it’s pretty much like a wad of cash. And like cash, if it’s stolen, it’s gone for good. Also note that a cryptocurrency holder must work with a third party to mint and deliver the coin, which has its own costs and risks involved.
With that look at wallets, let’s see what it takes to secure them. It may seem like there’s plenty to do here. That’s because there is, which goes to show just how much responsibility falls on the shoulders of the cryptocurrency holder. Of course, this is your money we’re talking about, so let’s dive into the details.
Whatever form your storage takes, back it up. And back it up again. Cryptocurrency holders should make multiple copies just in case one is lost, destroyed, or otherwise inaccessible. For example, one story that’s made the rounds is of a IT engineer in the UK who accidentally threw away an old hard drive with his cryptocurrency key on it, one that held 7,500 bitcoins, worth millions of dollars. Redundancy is key. Back up the entire wallet right away and then often after that.
With redundant backups in place, store them in places that are physically secure. It’s not uncommon for crypto holders to use fireproof safes and safe deposit boxes at banks for this purpose, which only highlights the earlier point that a wallet is as good as cash in many ways.
This will help prevent malware from stealing crypto, whether or not your device is connected to the internet. Comprehensive online protection software will give you plenty of other benefits as well, including identity theft monitoring and strong password management, two things that can help you protect your investments, and yourself, even further.
Updates often address security issues, ones that hackers will of course try to exploit. Keep everything current and set automatic updates wherever they are available so that you have the latest and greatest.
Just as your bank and other financial accounts offer MFA, do the same here with your crypto. Some extra security-conscious crypto investors will purchase a device for this specific purpose for yet greater protection, such as a separate phone with texting capability. This keeps their crypto transactions separate from the multitude of other things they do on their everyday smartphone, effectively putting up a wall between these two different digital worlds.
Two things fall under this category. One, the less you say about the crypto investments you make, the less word gets around, which can help keep hackers out of the loop. Particularly on social media! Two, consider setting up a unique email account that you only use for crypto. The less you associate your crypto accounts with other financial accounts like your banking and online payment apps, the more difficult it is to compromise several accounts in one fell swoop.
Just like hackers send phishing emails with an eye on accessing your bank accounts, credit cards, and so on, they’ll do much the same to get at your crypto accounts. The target may be different, that being your crypto, but the attack is very much the same. An email will direct you to a hacker’s website, using some sort of phony pretense, get-rich-quick-scheme, or scare tactic. Once there, they’ll ask for private key information and then simply steal the funds. And it’s not just email. Hackers have used online ads to phish for victims as well.
As you can see, these security measures rely almost exclusively on you. If something happens to you, that could make recovering your funds a real problem. Consider reaching out to someone you trust and let them know where you’re storing your wallets and information. That way, you’ll have some assistance ready in the event of an emergency or issue.
The very things that define cryptocurrency—the anonymity of ownership, the lack of banking institutions, the light or non-existent regulation—all have major security implications. Add in the fact that you’re your own safety net here and it’s easy to see that crypto is something that requires plenty of planning and careful through before diving into. Getting knowledgeable about security, how you’ll protect your crypto, should absolutely top your list before investing.
The post Cold Wallets, Hot Wallets: The Basics of Storing Your Crypto Securely appeared first on McAfee Blog.
As a gamer, you love the stuff you’ve racked up over the years—that rare Fortnite skin from six seasons ago, a complete set of Tier 20 armor in World of Warcraft, or a Steam account loaded with your favorite titles. Hackers love it too. Because they can make money off it.
Hackers have been stealing and reselling online gaming accounts for some time now. Yet the recent 400 percent rise in online gaming theft shouldn’t come as a surprise, particularly as so many of us turned to games for entertainment lately. As people leveled up, gathered loot, and filled their libraries with games in the cloud, hackers saw the opportunity.
The opportunity is this: gaming accounts have a street value. The virtual items and perks we acquire through gaming take time, effort, participation, and sometimes just good luck to build up. In a way, we’ve worked hard to earn our fun. Meanwhile, others out there are willing to take a shortcut. There are those who’ll pay for a well-stocked gaming account that someone else has built up, and hackers are more than willing to hijack accounts from innocent victims and sell them online.
Put simply, the virtual goods in your gaming accounts are like any other good. They have value. And just like anything else you value, they’re worth protecting. That’s exactly what we’ll help you do here.
First up, let’s take a quick look at the different ways digital goods get moved and sold out there—just to get a sense of the marketplaces that have cropped up around gaming and where hackers fit into the mix.
And there are several. Over the years we’ve seen all kinds of gaming marketplaces crop up, whether they’re sanctioned marketplaces built inside of online games, gray marketplaces that exist outside of games, and dark marketplaces where stolen accounts and goods are exchanged.
As a gamer, you’re likely familiar with any number of sanctioned auction houses and marketplaces that are built right into online games, all designed and supported by the game’s developers. A classic example is the long-running auction house in World of Warcraft where players can buy and sell items with in-game currency, the World of Warcraft gold piece. And as marketplaces can go, the rarer and more coveted the item, the higher the price the seller can get for it. In fact, there are plenty of articles on how to play the markets for profit, in a quasi-stock market-like fashion, and all within the legitimate boundaries of the game.
In recent years, we’ve also seen the rise of in-game currencies that players can purchase for cash, again by design and with the support of the developer. A couple of examples are the World of Warcraft Tokens and Minecraft tokens and coins. What you can do with such tokens and coins varies from game to game, yet players can use them to acquire in-game currency, items, or paid to play time.
Increasingly common are in-game stores that allow players to purchase items and perks with cash, just like any other online store. Taken together with all the other ways a player can round up items in a game, it’s easy to see how a gamer’s account can grow into something somewhat unique and valuable over time, simply by playing and participating in the game.
With the time it takes for a player to level up a powerful character and acquire the items that can come along with it, there are out-of-game organizations that will, for a fee, do that work for a player in return for payment. Essentially it involves a player starting a gaming account, rolling up a character, and then handing over the account to a “booster” who will play the game on the owner’s behalf. When the agreed-upon level is reached, the booster hands back the character to the owner.
Of course, there are all kinds of potential problems with this. Strictly from a security standpoint, this means an account owner is handing over their credentials to a stranger, with no real guarantee that this stranger simply won’t change the account password, never hand back the account, and simply walk away with any funds that may have been paid upfront.
Further, “boosting” and other similar services may be against the user agreement the player signed when joining up for the game. For example, World of Warcraft recently updated its policy, stating that they now,
[P]rohibit organizations who offer boosting, matchmaking, escrow, or other non-traditional services, including those offered for gold. World of Warcraft accounts found to be in violation of this policy are subject to account actions. These actions can include warnings, account suspensions and, if necessary, permanent closure of the disruptive World of Warcraft account(s).
So while “boosting” services may not be illegal themselves, they can run counter to user agreements and may lead to cases of fraud when a booster service fails to fulfill its commitment or simply locks a player out of their own account.
Then there’s the theft and resale of online game accounts, clear examples of digital goods illegally changing hands. Stolen accounts make their way into dark web marketplaces and ads on chat platforms and social media, thanks to hackers who’ve cracked previously legitimate accounts and then packaged them up for sale. In some instances, cybercriminals will sell entire game collections, such as online gaming platform accounts where gamers may have purchased and have access to dozens and dozens of games stored in the cloud.
The method behind this theft is much like a credit card or bank account hack. Often using credentials lifted from a data breach, hackers will take known usernames and passwords and feed them into a credential stuffing application—which can then attempt to access hundreds, even thousands, of accounts through automated login requests.
Given that many users out there use the same passwords across their accounts makes them an easy target for this practice and can reap a large harvest of cracked accounts. From there, the account can be accessed, have its password changed, and then made ready for advertising and sale, where an account can be resold for a few dollars, or for potentially thousands depending on what the account contains.
There’s plenty you can do. A few simple steps on your part can drop some serious roadblocks in the way of a hacker who’s looking to crack your account or target you for a scam.
Each of your accounts should have its own strong, unique password. No repeats. And if you have some sixty-plus accounts across all the shopping, banking, gaming, and forum posting you do, not to mention your apps, that sounds like a lot of work. Because it is. Although it doesn’t have to be. A password manager can do the work for you by creating and storing strong, unique passwords for you.
Data breaches happen all the time now, striking businesses both large and small. If a business or organization where you have an online account gets breached, change your password right away. Related to the above, make sure the passwords across your other accounts are strong and unique. It’s not uncommon for hackers to try breaching passwords in other accounts, all in the hope that the victim is using the same or a similar password on other accounts as well.
Several gaming services offer multi-factor authentication (MFA) as a means of protecting accounts. In addition to requiring a username and password to log in, MFA further verifies account activity by sending a unique code to the email address or text to a device you own, which makes gaining illegal access that much tougher for hackers. Some gaming platforms even support an authentication app, such as the Battle.net Authenticator, offered by Blizzard. In all, the occasional extra clicks required by MFA can really save you some massive headaches by preventing theft. If you have MFA as an option, strongly consider using it.
Phishing attacks have made the jump from email to bogus ads on social media and in search too. In short, a phishing attack involves the hacker posing as a well-known company or organization with the intent of fooling you into providing your username and password. With that, they can drain your account, whether it’s money from your bank account or goods in your gaming account. Spotting phishing attacks can call for a sharp eye nowadays because some hackers can make the phishing emails and sites they use look like the real thing. Comprehensive online protection software will include web protection that can spot bogus links and sites and warn you away from them, even if they look legit.
Spearphishers are a special sort, in that they make more targeted attacks. While a phisher will send out an email blast or attempt to rope in a high volume of victims with an ad, a spearphisher will send a direct message to specific, potential victims. You may have seen or heard of this in massively multiplayer online games where an otherwise unknown player sends a message to another with a link to a website, complete with the promise of loot, in-game currency, or services to level up characters. Ignore and don’t visit that link. Chances are it’s a scammer, or at least someone who may be breaking the game’s user agreement by offering such services.
Whether you’re downloading a mod, an expansion, or a new game itself, go with a reputable online store or source. Hackers will drop malware into all kinds of files and applications, games included. Given that such malware could log keystrokes that steal login info, inject ransomware code to hold your device and data hostage, or simply wreak havoc on your files and things, it can have implications for more than just your gaming accounts and the virtual assets you have with them.
Hackers know there’s good money in gaming accounts. They wouldn’t bother with them otherwise. Realizing that your gaming account has value is the first step to protecting it.
In addition to taking the steps above, consider comprehensive online protection software. It offers defense in breadth and depth, covering everything from device security, privacy, and identity protection. However, if you want an even faster and safer gaming experience, gamer security is worth looking into. In addition to strong security features, it also offers performance-enhancing technologies that prioritize system resources and keep your gameplay going smooth.
In all, keep in mind that gaming accounts are serious business for hackers. Put up your defenses. Then get out and enjoy yourself, knowing that you have made it far, far tougher for them to ruin your fun.
The post Lock Down & Level Up: Protect Your Online Gaming from Hackers appeared first on McAfee Blog.
android-1200
We’re excited to bring you the latest edition of the McAfee 2022 Consumer Mobile Threat Report. After all, when you know the challenges you face, it’s easier to be confident online. In this blog, we’ll take a closer look at some leading examples of techniques that cybercriminals are using to trick or defraud you via your mobile phone. These examples are some of the more sophisticated attacks, using real logos, quality graphics, and personalized messages. We hope this provides a useful resource for protecting your digital life, mobile devices, and personal information so that you can enjoy a safe life online with your family.
Cybercriminals are upping their game, using personal information and high-quality graphics to make their malware look like legitimate apps or official messages. Because these attacks are successful at defrauding significant numbers of mobile users out of their money and information, more criminals will jump on this approach or expand their malicious campaigns. Let’s take a look at some of the different techniques being used by scammers to fool mobile users.
Mobile smishing (aka phishing text messages) are attacks using personalized greetings in text messages that pretend to be from legitimate organizations to appear more credible. These messages often link to websites with authentic logos, icons, and other graphics, prompting the user to enter personal information or download an app. Users should be extra careful about text messages from unknown sources and should go directly to the organization’s website to validate requests.
Cheating tools and hacking apps are popular ways to get extra capabilities in mobile games. Criminals are exploiting this by promoting game hacking apps that include malicious code on legitimate messaging channels. If installed, the malware steals account credentials for social media and gaming accounts. Gamers should use caution when installing game hacks, especially if they request superuser permissions.
Cryptocurrencies are providing new opportunities for mobile device attacks. The latest ploy is phony apps that promise to mine coins in the cloud for a monthly fee. Fake reviews and a low cost make them sound too good to be true—and they are. These apps just take the money without doing any coin mining. With no actual malicious code, these apps are hard to detect, so users should be suspicious of being promised hundreds or thousands of dollars of crypto coins for just a few dollars a month.
Another attack uses a variety of fake apps with slick graphics to trick users into premium subscriptions. Hundreds of these apps promise features such as mobile games or photo editing and are supported by plenty of fake five-star reviews. When installed, the apps ask for the user’s phone number and verification PIN and use them to sign up for premium text services that direct payments to the criminals. Users should read reviews looking for vague statements, repetitive wording, and a mix of five-star and one-star ratings. For a deeper dive into the scams, be sure to view full report.
While threat tactics continue to change as criminals adapt and respond to detection and enforcement techniques, there are a few steps users should take to limit their exposure and risk.
While some malicious apps do make it through the app store screening process, most of the attack downloads appear to be coming from social media, fake ads, and other unofficial app sources. Before downloading something to your phone, do some quick research about the source and developer. Many of these scams have been flagged by other people.
Many malicious apps get the access they need by asking the user to grant them permission to use unrelated privileges and settings. When installing a new app, take a few moments to read these requests and deny any that seem unnecessary, especially for superuser access and accessibility services.
Developers are actively working to identify and address security issues. Both operating systems and apps should be frequently updated so that they have the latest fixes and security protections.
Cybercriminals often flood their Google Play apps with fake five-star reviews. Many fake or malicious apps only have a mix of five-star and one-star reviews. The five-star ones typically have vague statements and repetitive wording, giving clues that they are submitted by bots. Compare them to the one-star reviews for insight on the app’s real capabilities.
Devices that are behaving unusually may just have a basic tech issue but it can also be a sign of being hacked. Follow up when something is not quite right, check recent changes or contact tech support from the mobile device vendor or security software provider.
Comprehensive security software across all devices, whether they are computers, tablets, or smartphones, continues to be a strong defensive measure to protect your data and privacy from cyber threats.
We hope this report helps you stay on the lookout for these and other mobile threats so you can safely and confidently enjoy your life online.
The post McAfee 2022 Consumer Mobile Threat Report appeared first on McAfee Blog.
apple-1200
The White House recently reissued a warning to American businesses in response to the unprecedented economic sanctions the U.S. has imposed on Russia for the Ukraine invasion, stating, “There is now evolving intelligence that Russia may be exploring options for potential cyberattacks.”
Along with this statement, the White House published a fact sheet outlining the new and ongoing steps the government is taking to protect its infrastructure and technologies, along with steps that private businesses can take to protect themselves from attacks as well.
Of course, any successful attack on government operations and the operations of private businesses could potentially affect households as well—such as in the case of data breaches where data or information is stolen from a system, often the personal data and information of individuals.
Word of potential attacks understandably leaves people feeling uncertain and may further leave them wondering if there’s anything they can do to protect themselves. With regards to data breaches and the cases of identity theft that typically follow, there are several steps people can take to keep safer online.
Let’s break down what a data breach looks like, how it can affect you, and what you can do in advance of a breach to protect yourself.
We’ve certainly seen data breaches make the news over the years, which are often (but not always) associated with malicious hackers or hacker organizations. A quick list of some of the largest and most impactful breaches we’ve seen in recent years:
Healthcare facilities have seen their data breached, along with the operations of popular restaurants. Small businesses find themselves in the crosshairs as well, with one report stating that 43% of data leaks target small businesses. Those may come by way of an attack on where those businesses store their records, a disgruntled employee, or by way of a compromised point-of-sale terminal in their store, office, or location.
What differs with the White House warning is who may end up being behind these potential attacks—a nation-state rather than what are financially motivated hackers or hacking groups. (Some research indicates that nearly 90% of breaches are about the money.) However, the result is the same. Your personal information winds up loose in the world and possibly in the hands of a bad actor.
The fact is that plenty of our information is out there on the internet, simply because we go about so much of our day online, whether that involves shopping, banking, getting results from our doctors, or simply hopping online to play a game once in a while.
Naturally, that means the data in any given breach will vary from service to service and platform to platform involved. Certainly, a gaming service will certainly have different information about you than your insurance company. Yet broadly speaking, there’s a broad range of information about you stored in various places, which could include:
As to what gets exposed and when you might find out about it, that can vary greatly as well. One industry research report found that 60% of breaches were discovered in just days from the initial attack while others could take months or even longer detect. Needless to say, the timeline can get rather stretched before word reaches you, which is a good reason to change your passwords regularly should any of them get swept up in a breach. (An outdated password does a hacker no good—more on that in a bit.)
The answer is plenty. In all, personal information like that listed above has a dollar value to it. In a way, your data and information are a kind of currency because they’re tied to everything from your bank accounts, investments, insurance payments—even tax returns and personal identification like driver’s licenses.
With this information in hand, a crook can commit several types of identity crimes—ranging from fraud to theft. In the case of fraud, that could include running up a bill on one of your credits cards or draining one of your bank accounts. In the case of theft, that could see crooks impersonate you so they can open new accounts or services in your name. Beyond that, they may attempt to claim your tax refund or potentially get an ID issued in your name as well.
Another possibility is that a hacker will simply sell that information on the dark marketplace, perhaps in large clumps or as individual pieces of information that go for a few dollars each. However it gets sold, these dark-market practices allow other fraudsters and thieves to take advantage of your identity for financial or another gain.
The succinct answer is to sign up for an identity protection service. It can monitor dozens of types of personal information and then alert you if any of them are possibly being misused, so you can address any issues right away before they become a potentially much bigger problem.
Further, pairing identity protection with online protection software can protect you even more. With an all-up view of your overall online security—how well you’re protecting yourself and your identity online—it can guide you through steps that can shore up your protection and make you safer still.
When a business, service, or organization falls victim to a breach, it doesn’t always mean that you’re automatically a victim too. Your information may not have been caught up in it. However, it’s best to act as if it was. With that, we strongly suggest you take these immediate steps.
Given the possibility that your password may be in the hands of a bad actor, change it right away. Strong, unique passwords offer one of your best defenses against hackers. Update them regularly as well. As mentioned above, this can protect you in the event a breach occurs and you don’t find out about it until well after it’s happened. You can spare yourself the upkeep that involves a password manager that can keep on top of it all for you. If your account offers two-factor authentication as part of the login process, make use of it as it adds another layer of security that makes hacking tougher.
If you spot unusual or unfamiliar charges or transactions in your account, bank, or debit card statements, follow up immediately. That could indicate improper use. In general, banks, credit card companies, and many businesses have countermeasures to deal with fraud, along with customer support teams that can help you file a claim if needed.
As outlined above, identity protection like ours can monitor a broad set of your personal information and provide you guidance for making it more secure, in addition to getting help from a professional recovery specialist.
For an even closer look at identity theft, we have two articles that can help guide the way if you think you’re a victim, each featuring a series of straightforward steps you can take to set matters right:
No matter how uncertain news of possible cyberattacks may any of us feel, you can take steps to set some of that uncertainty aside. An identity protection service is a strong first move against possible identity theft, as is pairing it with online protection software that keeps you safer online overall. Likewise, knowing the signs of possible identity theft and what you can do to address it right away offer further assurance still—like having the services of a professional recovery specialist to help.
In all, there’s no need to leave yourself wondering at the news from the White House. As an individual, you have it in your power to make yourself and your family safer than they are now.
The post White House Announces Possible Rise in Cyberattacks—What You Can Do to Stay Safe appeared first on McAfee Blog.
Let’s play a game. Go to the Photos app on your phone and look at the total number of videos and images on your device – all those precious memories of family vacations, clips from your favorite concert, and countless snapshots of your furry companion. Next, open your laptop or desktop and check to see how many documents you have saved — perhaps all the research reports you have saved to defend your graduate thesis or an important slideshow you’re presenting to your boss on Monday. If you had to guess, would you say the total number of these various pieces of data is into the thousands? Now imagine if all this data was suddenly gone. What would you do?
You might be thinking, “That will never happen to me.” However, this situation is more common than you think. More than 60 million computers will fail worldwide this year, and over 200,000 smartphones are lost or stolen every year. That’s why we’re celebrating World Backup Day by sharing how you can properly back up your files and find peace of mind knowing that your data is safe and sound.
A backup is a separate copy of your important and sentimental digital files and information. Storing all that data in one place, like a personal computer or smartphone, can prove unsafe. Creating another copy of that data through a backup will ensure that it’s stored and kept safe somewhere else should your device get wiped or stolen.
It’s important to recognize that data loss isn’t something that only happens to huge corporations or unsuspecting victims in spy movies. Everyone is susceptible to data loss or theft and backing up that data is an easy step to protect all your information and prevent cybercriminals from taking what isn’t theirs.
Data is one of the most important assets in the modern world. As we illustrated earlier, people collect countless files that contain valuable information they want to keep safe. Luckily, there are two common and inexpensive ways that a user can store their data and their ever-important backups.
Although “the cloud” became a major buzzword years ago, its definition is still cloudy for some folks. The cloud exists in remote data centers that you can access via the internet. Any data you’ve uploaded to the cloud exists on dedicated servers and storage volumes housed in distant warehouses, often situated on campuses full of such warehouses. Data centers are owned by cloud service providers, who are responsible for keeping the servers up and running.
To keep your data physically safe from theft and destruction, and to make sure it’s available whenever you want to access it, data centers run extensive cooling systems to keep the electronics from overheating and have at least one backup generator in case of power outages. But how do they make sure that this data is secure in the cybersphere? Cloud systems use authentication processes like usernames and passwords to limit access, and data encryption to protect data that is stolen or intercepted. However, it’s important to remember that passwords can be hacked. Typically, the service provider holds the encryption keys to your data, meaning that rogue employees could, theoretically, access it. Likewise, your data could also potentially be searched and seized by government entities.
This begs the question: Trust or don’t trust? Because cloud storage companies live and die by their reputation, you can rest assured knowing that they go to great lengths to use the most advanced security techniques and provide the most reliable service possible. To help ensure the security of your data should you choose to store or back it up to the cloud, keep anything truly sensitive in a private cloud behind a firewall.
With an external hard drive, you can manually back up all your data and files yourself onto a physical device that you can access anytime. These drives are a reliable way to achieve data redundancy. An external hard drive doesn’t rely on internet access like cloud-based services and is an easy fix when transferring data to a new device. However, using external hard drives requires a more hands-on approach to backing up your data. It’s your responsibility to regularly perform backups yourself and store your hard drive in a safe location. While cloud solutions offer huge amounts of storage, storage space on hard drives are limited, so you may have to purchase more than one device. Look for an external drive with at least a terabyte of space to accommodate all your data, which tends to accumulate quickly.
As you’re cleaning out your garage and tidying up your home, take the same care to do some digital spring cleaning this World Backup Day. Give your devices, apps, and online accounts a good decluttering and gain more peace of mind knowing that all your valuable data is stored in a safe, secure place … and that you have a backup in case something goes awry. Remember, proactivity goes a long way toward shoring up your cybersecurity and protecting your information.
The post It’s World Backup Day! Here’s How You Can Preserve Your Files appeared first on McAfee Blog.
We’re excited to announce the release of McAfee’s Personal Data Cleanup, a new feature that finds and removes your personal info from data brokers and people search sites. Now, you can feel more confident by removing personal info from data broker sites and keeping it from being collected, sold, and used to: advertise products to you, fill your email box with spam, and can even give criminals the info they need to steal your identity. Let’s look at why we’re offering McAfee Personal Data Cleanup, how it protects your privacy, and why it’s a great addition to the online protection we already offer.
There’s so much to enjoy when you live a connected life – free email, online stores that remember what you like, social media that connects you to friends and influencers. It’s a world of convenience, opportunity, and incredible content. It’s also a world where your data is constantly collected.
That’s right, companies are collecting your personal data. They’re called data brokers and they make money by selling information that specifically identifies you, like an email address. They sell this information to marketers looking to target you with ads. Criminals can also use it to build profiles in service of stealing your identity and accessing your accounts. This activity takes place behind the scenes and often without consumers’ knowledge. There are also data brokers known as people search sites that compile and sell info like home addresses, emails, phones, court records, employment info, and more. These websites give identity thieves, hackers, stalkers, and other malicious actors easy access to your info. Regardless of how your data is being used, it’s clear that these days a more connected life often comes at the cost of your privacy.
In a recent survey of McAfee customers, we found that 59% have become more protective of their personal data over the past six months. And it’s no wonder. Over the past two years, trends like telehealth, remote working, and increased usage of online shopping and financial services have meant that more of your time is being spent online. Unsurprisingly, more personal data is being made available in the process. This leads us to the most alarming finding of our survey – 95% of consumers whose personal information ends up on data broker sites had it collected without their consent.
We created Personal Data Cleanup to make it easy for you to take back your privacy online. McAfee’s Personal Data Cleanup regularly scans the riskiest data broker sites for info like your home address, date of birth, and names of relatives. After showing where we found your data, you can either remove it yourself or we will work on your behalf to remove it. Here’s how it works:
Ready to take back your personal info online? Personal Data Cleanup is available immediately with most of our online protection plans. If you have an eligible subscription, you can start using this new feature through McAfee Protection Center, or you can get McAfee online protection here.
The post Introducing Personal Data Cleanup appeared first on McAfee Blog.
The recent WannaCry ransomware attack that infected more than 250,000 computers worldwide was a good reminder to everyone about staying vigilant when it comes to internet safety.
After all, many of us stay connected most of the time, whether it’s on our laptops or mobile devices, giving cybercriminals a wide range of opportunities to go after our personal and financial information, as well as our privacy.
The good news is that safeguarding your internet security, and preventing an attack like WannaCry, can be as simple as keeping your software up-to-date, and taking other preventative measures. The key is knowing which threats to look out for, and when you are taking potential risks.
Let’s start by talking about our mobile devices. Although many of us have been taught to look out for viruses and other threats on our computers, we don’t always realize that our mobile devices are just as vulnerable as our desktops.
The truth is dangerous links and downloads can be easily accessed using mobile browsers and email. And, our devices can open us up to new threats like malicious apps or text messages, designed to steal your information.
And if you think you’re protected from many online threats because you are an Apple user, think again. McAfee Labs found in its latest Quarterly Threat Report that malware exploiting the Mac operating system has grown exponentially.
Another instance where we often don’t realize we’re at risk is when we use technology while travelling or away from home. Connecting to public Wi-Fi networks can be dangerous because many of these networks do not take the necessary steps to protect your data from being accessed by cybercrooks. It’s just as risky to use public or shared computers since the bad guys will sometimes infect them with malware or spyware designed to steal your information.
Our heavy use of social media is another area where we face new threats. Although these sites are made for sharing, we tend to share too much of our private information, opening us up to identity theft, or even harassment. That’s why we need to safely guard information such as our home address, employer, phone number, and email. It’s also wise to change your social media privacy settings to “friends only.” When we open our networks up to people who we don’t know in real life, we also open the door to potential scammers.
These scammers love to distribute phishing attacks on social media and via email and text. Their goal is to trick you into revealing personal or financial information. Take, for instance, the recent “Google Docs” attack, in which scammers sent out fake emails that appeared to come from a trusted source, asking recipients to click on a link to open a Google document, with the hopes of gaining access to their email login and contact information.
Account login information is highly valuable to scammers, since it can potentially allow them to login into or guess your banking passwords, and other crucial financial or identity information. This is a good reason to opt for the highest security settings on all your accounts, such as multi-factor authentication. This security measure asks you to provide an additional piece of information other than your password to verify your identity, such as entering a unique code that is sent to your mobile phone.
There are a lot of threats that we all need to be aware of, but by taking basic precautions and staying vigilant about what you share online you will be much better protected from cybercrime.
Tips to keep you safe:
Looking for more mobile security tips and trends? Be sure to follow @McAfee Home on Twitter, and like us on Facebook.
The post Smart Tips for Staying Safer Online appeared first on McAfee Blog.
No one likes the feeling that someone is looking over their shoulder when they work, shop or surf online. But this is just what crooks and scammers do without our knowledge using “spyware.”
Spyware is a piece of software that can covertly gather information on you. It can track the websites you visit and even record what you type on your keyboard, including passwords and credit card numbers.
So, now the bad guys don’t have to steal your wallet to get access to your personal and financial information. All they need to do is trick you into installing spyware on your computer or device. Or they could install it themselves on public or shared computers using a USB drive, or similar device.
One of the more common forms of spyware found on shared computers is called a “keylogger.” It can record everything you type and send it back to the cybercrook. That’s why you should avoid using shared computers in hotels or public libraries, since they can be easily compromised.
Most spyware masquerades as legitimate software, such as free games or mobile apps. In fact, researchers believe that over three years, 1 million Google Play users downloaded a single piece of spyware alone. It appeared to be an official “System Update” application, but actually monitored the users’ location information and text messages without their knowledge.
Spyware can also easily spread online in the form of dangerous links in emails, and on social media or torrent sites, which offer free access to online content. That’s why you need to be careful where you click.
Another common form of spyware is called “adware.” Adware is used to display advertisements on your computer, or redirect your search inquiries to an advertiser’s website. Although this isn’t as harmful as spyware designed to steal your information, it is still invasive and annoying.
Since spyware is so prevalent and potentially harmful, putting both your private information and privacy at risk, it’s important that you take steps to protect yourself.
The post What is Spyware? appeared first on McAfee Blog.
I am renowned for getting myself into big messes – particularly in the kitchen when I’m cooking up a storm. And I’m totally fine being alone: chopping, stirring and baking until it’s time to clean up! And that’s when the overwhelm hits – I know I should clean as I cook but I never do! So, what do I do? Rally the troops! Yes siree! There’s nothing like another set of eyes or hands to help one wade through the overwhelm – I’m sure that’s why I had 4 kids!!
Many people tell me that they feel a similar way about their online life. They know they need to be doing more to keep themselves safe, but they are completely overwhelmed at where to start. With so much of our lives lived online, it’s not uncommon for one person to have over a hundred online accounts across multiple devices which makes it very hard to keep track of logins, data breaches, or security software.
And research conducted by McAfee shows that consumers know they need to take steps to protect themselves with 74% of users concerned about keeping information private online and 57% keen to be in more control of their personal information. Not surprisingly, since the pandemic started 47% of online consumers feel unsafe compared to just 29% beforehand.
So, to try and make this very overwhelming task that bit easier, McAfee has developed a new tool that allows you to find your own Protection Score. Think of your Protection Score like your credit score or sleep score except this one is a measure of your security online. The higher the score, the safer you are online. And the best part about the score is that helps users identify exactly where they need to pinpoint their focus to ensure they are as safe as possible online. Think of it as a set of experienced hands to help you wade through the overwhelm.
In less than a minute, the McAfee Protection Score will provide you with a pretty clear understanding of how safe you are online. Participants are given a mark between 0 and 1000 that is based on several factors: whether you have online protection and whether your details have been leaked in a security breach. Now, don’t be alarmed if your score is low because here’s the best bit – you will receive a list of exactly what you need to do to improve it and protect yourself from online threats! Phew – my competitive type A personality wouldn’t have coped if I was unable to fix it!
Let me give you an example, when I signed up, I was alerted to the fact that my email address had been involved in a breach, yes – I’m very human! So, it helped me remedy this by taking me to the appropriate page where I could update my password, and then, bingo, my score (and online safety) improved!!
And just to ensure you remain committed, every time you venture back to the Protection Score page, your results and action plan will be there waiting for you to ensure you stay on track and most importantly, to cut through that overwhelm!
Now, in case you were wondering, McAfee’s Protection Score is a first for the cybersecurity industry but good news – they’ve promised it will continue evolving. They will continue to add more features and opportunities to personalize so you can ensure you are living life to the full online!!
So, if you’re feeling overwhelmed at exactly what you need to do to get your online safety under control then McAfee’s Protection Score is exactly what you need. In less than a minute you’ll be able to get a clear understanding of where your online security sits and a personalized action plan so you can start addressing it right away! How good is that?
Till Next Time,
Alex
The post How To Secure Your Online Life? Find Your Protection Score! appeared first on McAfee Blog.
The humble internet browser. Dutifully taking you the places you want to go online, whether that’s the bank, the store, the movies, or even to work. All the more reason to make sure your browser gets every last bit of protection it can.
It’s easy to fire up your browser without a second thought. Arguably, it’s one of the first things many of us do when we hop on our computers. And because it’s often our literal window into important tasks like managing our finances, making payments, and so forth, hackers will absolutely target browsers in order to conduct their attacks. Whether it’s through vulnerabilities in the code that runs the browser, injecting malicious code into a browser session or any one of several other attack vectors, hackers will try to find a way to compromise computers via the browser.
What’s one of the best ways to keep your browser safe? In a word, update. By updating your browser, you’ll get the latest in features and functionality in addition to security fixes that can keep you safer out there.
Let’s take a closer look at what a safer browser is all about, how to update yours, and check out some additional things you can do to stay safer still.
Just as long as there have been browsers, there have been security vulnerabilities and issues. Among the first documented cases, one of the most noteworthy goes back to 1995 when researchers at the University of California, Berkeley uncovered a security issue with the way the Netscape browser handled online payments. Today, news of potential browser exploits and follow-on security measures to remedy them still make the headlines all across several types of popular browsers.
The reality of the issue is that browsers, humble as they may seem to us, are complex applications made up of myriad smaller applications to handle all manner of tasks that create your overall web browsing experience. And where there’s code, there’s room for error. Errors that hackers will look to exploit until an update comes along and fixes them.
Adding further functionality to your browser, and potentially further opportunities for hackers, are browser plug-ins and extensions. These are small apps that give your browser additional capabilities, like opening and editing documents, blocking ads, finding coupons, and even playing tabletop role-playing games in a browser as well. In short, there are thousands of them, often available in the various stores run by different browser developers.
Likewise, browser plug-ins and extensions can be prone to security issues just like the browser they’re installed in. Errors in their code may lead to exploits that hackers can take advantage of. Further, not all plug-ins and extensions are safe and secure to use. It’s not uncommon for malicious ones to turn up on third-party sites that steal user information, introduce malware, or that end up serving ads on a person’s computer, just to name a few of the nasty things they can do. Even official browser stores have had malicious plug-ins and extensions slip onto their shelves.
Lastly, even seemingly legitimate plug-ins and extensions can introduce privacy issues. Given that they’re on your browser and have been granted permissions to work with it, they could be collecting data—data which the developer may use, share, or resell. And it may be tough to know exactly what’s being collected and what’s being done with it. Yet like many smartphone app stores, browser stores are including links to developer privacy statements on the download page for the plug-ins and extensions they offer, giving people more insight into how their data is used. However, sometimes plug-ins and extensions get sold from one company to another where they not only change owners but privacy policies as well. In other words, that plug-in or extension on your computer may get sold to another company without your knowledge and subsequently decide to use your data in an entirely new way.
Given this landscape, there’s a clear case for updating your browser regularly, along with your plug-ins and extensions as well. Moreover, you might want to take a look at what plug-ins and extensions you’re running as well to ensure they’re secure and that they’re something you actually have use for.
Let’s take a look at how you can do all that.
Set up your browser to update automatically. This is relatively straightforward, and browser developers have pages that show you how it’s done. For example, sampling a few of the browsers out there:
As for updating your extensions, the browser developers have put together quick guides to help you what that too. The good news is that when you update your browser, your browser typically updates its associated plug-ins and extensions as well. However, note that your browser’s update cycle may not be in sync with the update cycle for your various plug-ins and extensions, so you may want to go in and update them on their own. These guides can help:
<h2>Take a look at your browser extensions—and see if you want them in the first place
What extensions am I even running? Now that’s a great question. And it’s not too tough to get the answer. In short, your browser’s menu will have an option that will give you an overview of what you have installed and which ones are enabled for use. Once more, each browser developer has their own way of going about this:
This is a good opportunity to give your extensions a hard look. Are they something you use? Are they something you want? Who developed that extension? What might they be doing with my data? Answering these questions may take a little work on your part—like searching for news, information, or reviews about the various extensions you have installed. If you don’t like what your research turns up, you can simply uninstall the extension in question.
A good general rule is this—the fewer apps and extensions you have, the fewer you have to update. Likewise, that’s ultimately fewer lines of code that may turn up a possible exploit. If it’s something you’re not using, consider getting rid of it.
<h2>Make your browser safer with web protection
Many browser-based attacks find their way to you through sketchy websites and downloads. Even ads that look legit but are not. As said before, hackers will try and find a way. One tool you can use to beat them at their game is browser protection, which helps prevent you from making that one wrong click that leads to malware.
In our case, we offer McAfee WebAdvisor, a lightweight app that helps keep you safe from threats while you browse and search the web. Specifically, it includes three types of protection that can help steer you clear of those sketchy websites and downloads.
It’s a free download, and it’s also included with our comprehensive online protection software. Either way, this provides you with yet another line of defense when it comes to browser-based attacks.
That’s the big reason to update right there. Updates give you one more way to prevent attacks by fixing known security issues. It’s true for your operating systems, your apps, your games, what have you. All of them rely on sometimes complex code, code which can sprout exploits, ones that hackers will use. Count your browser in that mix as well. Updating your browser, plus its plug-ins and extensions will help keep you safer online.
The post The Big Reason Why You Should Update Your Browser (and How to Do It) appeared first on McAfee Blog.
It’s the month of top seeds, big upsets, and Cinderella runs by the underdogs. With March Madness basketball cranking up, a fair share of online betting will sure to follow—along with online betting scams.
Since a U.S. Supreme Court ruling in 2018, individual states can determine their own laws for sports betting. Soon after, states leaped at the opportunity to legalize it in some form or other. Today, 30 states and the District of Columbia have “live and legal” sports betting, meaning that people can bet on single-game sports through a retail or online sportsbook or combination of the two in their state.
If you’re a sports fan, this news has probably been hard to miss. Or at least the outcome of it all has been hard to miss. Commercials and signage in and around games promote several major online betting platforms. Ads have naturally made their way online too, complete with all kinds of promo offers to encourage people to get in on the action. However, that’s also opened the door for scammers who’re looking to take advantage of people looking to make a bet online, according to the Better Business Bureau (BBB). Often through shady or outright phony betting sites.
Let’s take a look at the online sports betting landscape, some of the scams that are cropping up, and some things you can do to make a safer bet this March or any time.
Among the 30 states that have “live and legal” sports betting, 19 offer online betting, a number that will likely grow given various state legislation that’s either been introduced or will be introduced soon.
If you’re curious about what’s available in your state, this interactive map shows the status of sports betting on a state-by-state level. Further, clicking on an individual state on the map will give you yet more specifics, such as the names of retail sportsbooks and online betting services that are legal in the state. For anyone looking to place a bet, this is a good place to start. This is further helpful for people who’re looking to get into online sports betting for the first time and is the sort of homework that the BBB advises people to do before placing a sports bet online. In their words, you can consider these sportsbooks to be “white-labeled” by your state’s gaming commission.
However, the BBB stresses that people should be aware that the terms and conditions associated with online sports betting will vary from service to service, as will the promotions that they offer. The BBB accordingly advises people to closely read these terms, conditions and offers. For one, “Gambling companies can restrict a user’s activity,” meaning that they can freeze accounts and the funds associated with them based on their terms and conditions. Also, the BBB cautions people about those promo offers that are often heavily advertised, “[L]ike any sales pitch, these can be deceptive. Be sure to read the fine print carefully.”
Where do scammers enter the mix? The BBB points to the rise of consumer complaints around bogus betting sites:
“You place a bet, and, at first, everything seems normal. But as soon as you try to cash out your winnings, you find you can’t withdraw a cent. Scammers will make up various excuses. For example, they may claim technical issues or insist on additional identity verification. In other cases, they may require you to deposit even more money before you can withdraw your winnings. Whatever you do, you’ll never be able to get your money off the site. And any personal information you shared is now in the hands of scam artists.”
If there’s a good reason you should stick to the “white labeled” sites that are approved by your state’s gaming commission, this is it. Take a pass on any online ads that promote betting sites, particularly if they roll out big and almost too-good-to-be-true offers. These may lead you to shady or bogus sites. Instead, visit the ones that are approved in your state by typing in their address directly into your browser.
In addition to what we mentioned above, there are several other things you can do to make your betting safer.
In addition to choosing a state-approved option, check out the organization’s BBB listing at BBB.org. Here you can get a snapshot of customer ratings, complaints registered against the organization, and the organization’s response to the complaints, along with its BBB rating, if it has one. Doing a little reading here can be enlightening, giving you a sense of what issues arise and how the organization has historically addressed them. For example, you may see a common complaint and how it’s commonly resolved. You may also see where the organization has simply chosen not to respond, all of which can shape your decision whether to bet with them or not.
Credit cards are a good way to go. One reason why is the Fair Credit Billing Act, which offers protection against fraudulent charges on credit cards by giving you the right to dispute charges over $50 for goods and services that were never delivered or otherwise billed incorrectly. Your credit card companies may have their own policies that improve upon the Fair Credit Billing Act as well. Debit cards don’t get the same protection under the Act.
Comprehensive online protection software will defend you against the latest virus, malware, spyware, and ransomware attacks plus further protect your privacy and identity. In addition to this, it can also provide strong password protection by generating and automatically storing complex passwords to keep your credentials safer from hackers and crooks who may try to force their way into your accounts. And, specific to betting sites, online protection can help prevent you from clicking links to known or suspected malicious sites.
With online betting cropping up in more and more states for more and more people, awareness of how it works and how scammers have set up their presence within it becomes increasingly important. Research is key, such as knowing who the state-approved sportsbooks and services are, what types of betting are allowed, and where. By sticking to these white-label offerings and reading the fine print in terms, conditions, and promo offers, people can make online betting safer and more enjoyable.
Editor’s Note:
If gambling is a problem for you or someone you know, you can seek assistance from a qualified service or professional. Several states have their own helplines, and nationally you can reach out to resources like http://www.gamblersanonymous.org/ or https://www.ncpgambling.org/help-treatment/.
The post How to Protect Yourself from March Madness Scams appeared first on McAfee Blog.
apple-1200
A-list celebrities and social media influencers are now adding their voices to the roar of other cryptocurrency fans asking you to join them in the investments of the future. It’s impossible to deny the grip cryptocurrencies have on the world today, for better or worse. In some industries, they speed the pace of business and for some, it’s a viable way to make ends meet and set up long-term investments. The cryptocurrency realm has also proven to be vulnerable to cybercriminals. For example, the Wormhole hack leaked $320 million, and cybercriminals have targeted crypto platforms with ransomware and mining app scams.
Whether you’re already in the cryptocurrency game or are thinking about taking the plunge, here’s what you need to know about crypto wallets and tips on how to keep yours safe from cybercriminals.
A cryptocurrency wallet, or crypto wallet, is a software product or a physical device that stores the public and private keys to your cryptocurrency accounts. Keys are strings of numbers and letters that encrypt and decrypt crypto transactions and secure crypto accounts. You can think of public keys as the routing and account numbers that appear at the bottom of paper checks. There’s not much a nefarious character can do with that information, and it’s totally normal to give that information to an acquaintance with whom you’re doing business. Private keys are like your online banking password or debit PIN. Those you must guard very closely because in the wrong hands, your hard-earned bank balance could disappear. A crypto wallet also allows you to transfer funds between crypto types and make transactions.
Here are a few basic types of crypto wallets to help you decide which type is right for you.
A non-custodial wallet means that you are the sole keeper of the keys to your crypto assets. If you forget your password, there’s no “forgot your password?” prompt to let you back in. While not having this safety net is a little nerve wracking, noncustodial wallets are considered the more secure option. You don’t have to worry about a security breach of a major corporation leaking your private key. If you’re responsible and confident that you’re prepared to look after your assets by yourself, this may be the best option for you.
A custodial wallet is a little less secure, but you have a third party helping you log in and manage your crypto accounts. Custodial wallets are often web-based, and the biggest tick in their pro column is that they’re generally very easy to use. While reputable custodial wallets take security very seriously, the threat of a breach is always a possibility, especially as crypto accounts are appealing targets to cybercriminals.
Hardware wallets, also known as cold wallets, are devices you can fit in the palm of your hand. Most models are Bluetooth-enabled devices that look like small remote controls or are flash drives. The device is secured by a PIN that you should never write down or share with anyone else. Also, you should designate a safe and private spot to store your hardware wallet. Similar to a noncustodial wallet, you are solely responsible for keeping track of the device and remembering the PIN. If you lose it, your crypto accounts are locked, and there’s no locksmith to open them for you. As long as you keep track of it, hardware wallets are very secure. Most models are equipped with malware- and virus-proofing security features.
Software wallets are downloaded and internet-connected mobile or desktop apps. They allow you to make transactions on the run, as you can access your crypto accounts from your phone. In that sense, they’re more convenient than hardware wallets. Additionally, software wallets have the same safety net as custodial wallets: if you lose your phone, forget your password, or require login assistance, the maker of the software can help you access your accounts. Software wallets are very secure when you enable their two-factor authentication login settings; however, since they connect to the internet, there’s always a chance a cybercriminal could break-in. Thus, hardware wallets are considered more secure than the software variety.
Check out these tips to ensure your assets are safe and secure in your crypto wallet:
Cryptocurrency value is reaching galactic heights like the spaceships depicted in prime-time ads. Don’t feel pressured to hop aboard the crypto rocket, but if you do decide to jump on, make sure you do your research carefully and make the best decisions for your crypto goals.
The post What Is a Crypto Wallet and How to Keep Your Wallet Secure? appeared first on McAfee Blog.
Whether it’s for routine care, a prescription refill, or a simple follow-up, online doctor visits offer tremendous benefits in terms of both convenience and ease of care—all good reasons to help mom and dad get connected with it.
There’s no doubt that more older adults than ever are taking advantage of online doctor visits, more formally known as telemedicine. While usage numbers have risen dramatically across all age groups, it’s particularly so for elders. Pre- and post-pandemic numbers saw a 63-fold increase in Medicare telemedicine use.
However, many older patients are missing out and not using telemedicine for one reason or another. What’s holding them back? Several things, according to research from the University of California, San Francisco:
Moreover, another issue is that many older adults do not know that telemedicine is an option. Research from the University of Michigan showed that 55% of older adults surveyed were unaware if their healthcare provider even offered telemedicine as a service. And perhaps quite telling is that the same survey revealed nearly half of older adults harbored concerns about privacy and did not feel personally connected to their care provider during their visits.
For us as children and grandchildren of older adults, it can be tough knowing that a loved one is missing out on an avenue of care that they could otherwise benefit from. While we absolutely respect what they feel is comfortable and trustworthy for them, there are several other areas where we can help the older loved ones in our lives overcome the issues and concerns they face.
With that, let’s talk about the technology behind telemedicine and how you can help them use it, and address some of those privacy issues as well.
As indicated above, paying a visit to the doctor via telemedicine can be a big jump. Just as the idea of it is new for many of us, it’s yet newer for older adults. There’s a good chance that you’re familiar with video chats and calls already, which gives you a foundation we can work with when it’s time to see the doctor on a screen. That may not be the case for older adults. Add that into the privacy concerns and decades of seeing a doctor in person, you can see why some older adults simply choose to opt-out.
One way you can help is to have a few video chats with your older loved ones. In addition to the regular calls you make, you might want to try having a video chat with them from time to time. It’s an outstanding way to spend time together when you can’t be together in person, and it may develop a comfort level with the technology so that they may be willing to give telemedicine a try. You can check out my earlier article in this series that covers video chats with mom and dad, along with straightforward steps to get them up and running on the technology and how to use it.
One thing your parents will need for their visit is a reliable device that they’re comfortable using. It could be a computer or laptop, or it may be a smartphone or tablet. Note that in some cases their healthcare provider may use a telemedicine solution that has certain requirements as well, so you’ll want to see what those are and ensure that the device mom or dad has is compatible. (For example, the care provider may have an app that’s available through the Apple App Store or Google Play. Others may have an online platform that can be accessed by several different kinds of devices.)
If they’re using a smartphone or tablet, that will likely make things easier because the camera and microphone are already integrated into the device—all set up and ready to go. For a computer or laptop, you can help them get familiar with the setup, like the microphone levels, speaker volume, and camera. For audio, you can see a set of headphones or smartphone earbuds work well for them, which can help prevent audio feedback loops and simply make it easier to hear the caregiver.
If you’re looking for a little assistance with a Windows computer, you can check out this quick article for setting up the audio and this article for setting up the camera. For Macs, check out this article for audio and this article for the video.
If they don’t already have comprehensive online protection software for their devices, look into getting it. This will protect them against malware, viruses, and phishing attacks. They’ll also benefit from other features that help them manage their passwords, protect their identity, safeguard their privacy, and more.
As for privacy in general, medical information is among the most precious information any of us have. For example, here in the U.S., we have HIPPA privacy standards to protect our medical records and conversations. Yet there’s also the issue of eavesdropping, which is a risk in practically any online communication.
To help address privacy issues and concerns, health care providers will often post a set of Frequently Asked Questions (FAQ) as part of their telemedicine service. Within that, you’ll very likely find a section on personal privacy and the technologies in place to protect it. Here’s a good example of a telemedicine FAQ from the University of Washington Medicine and another example from the telemedicine page that Virginia Mason/Franciscan Health designed for its patients.
In all, if your parents have concerns about their privacy, you can absolutely assure them that it’s a valid concern. Consult the provider’s FAQ for guidance. If either of you has further questions, feel free to call the healthcare provider and speak with them.
In addition to digital security, there’s the possibility of physical eavesdropping, somebody actually listening in on their conversation from another room, apartment, or from the street. Help your older loved ones pick a place in their home where they can have some privacy and where they can’t be overheard by neighbors and passers-by. A bedroom is a fine place—or any location that’s familiar and comfortable as well. When choosing a private place, a well-lit location is important as well so that the camera captures a nice and clear image.
Additionally, you can help them prep for their visit by putting together a list of things to discuss during the visit. The U.S. Department of Health and Human Services suggests writing things down:
In addition to the above, there are further measures you can help your parents or older loved one take to further secure their telemedicine visit—and their internet usage in general.
Your telemedicine visit may require setting up a new account and password. When doing so, make sure it’s with a strong, unique password. A password manager can help. Also found in comprehensive online protection software, a password manager can create and securely store strong and unique passwords for your mom and dad, giving them one less thing they need to remember and worry about.
A VPN, or virtual private network, offers a strong layer of additional protection when you’re transmitting health data or simply having a private conversation about your health with a professional. A VPN creates an encrypted tunnel to keep you and your activity anonymous. In effect, your data is scrambled and hidden to anyone outside your VPN tunnel, thus making your private information difficult to collect. Check with the care provider to see if their telemedicine solution uses a VPN. If not, you can always get a VPN as part of your online protection software.
Beyond their devices, securing their internet router is an important step in making a telemedicine visit safe and secure. The data that travels along it is of a highly personal nature already, so make sure the router has a strong and unique password. Also, change the name of their router so it doesn’t give away their address or any other signs of their identity. One more step is to check that your router is using an encryption method, like WPA2, which will keep your signal secure. If you have questions, check with their internet provider—they may even offer up a newer, more secure router to replace an older one.
As with anything concerning their health, have your parents and loved ones consult with their caregivers to ensure that a telemedicine visit is a proper course for them.
So while the technical ins and outs of preparing for a telemedicine visit may have their challenges for some older adults, we should also realize that getting comfortable with the idea of a telemedicine visit in the first place may take some time and effort. Starting with regular video chats with the family may increase familiarity and ease with holding a conversation over video. Likewise, having a conversation with their doctor about telemedicine may put some concerns to rest as well. After all, they will have a relationship with their doctor. Getting the facts from the doctor, face to face may help.
We all want what’s best, particularly when it comes to the care of our parents and older loved ones in our lives, and choosing to try telemedicine is a highly personal decision for them. I hope this article and the resources cited within it will help you enable them to make the choice that’s comfortable, effective, and right for them.
The post Helping Mom & Dad: Online Doctor Visits and Telemedicine appeared first on McAfee Blog.
Who loves tax season besides accountants? Scammers.
Emotions can run high during tax time. Even if you’re pretty sure you did everything right, you may still have a few doubts kicking around. Did I file correctly? Did I claim the right deductions? Will I get audited? As it turns out, these are the very same anxieties that criminals use as the cornerstone of their attacks.
So yes, crooks indeed love tax season. Particularly online. And they’ll bait your digital world with several proven types of scams in an effort to cash in on what can be a somewhat uncertain time.
The good news is that you have plenty of ways to protect yourself from these scams. Let’s look at what scammers typically have in store, along with some practical advice to protect yourself as you file your taxes—things you can do to keep crooks out of your business this tax season. Don’t delay, download McAfee’s tax season security guide to avoid the latest tax scams.
First, know that you’re probably doing a good job with your taxes. Less than 2% of returns get audited and most discrepancies or adjustments can get handled easily if you address them promptly.
Still, the wariness of the IRS and intricate tax laws makes for ripe pickings when it comes to hackers, who prey on people’s fear of audits and penalties. Common scams include fake emails, phone calls from crooks posing as IRS agents, and even robocalls that threaten jail time.
What are crooks looking to do with their scams? Several things:
As if we didn’t have enough to worry about at tax time without crooks in the mix.
Investigating the landscape even more closely, we can turn to the authority itself, as the IRS has published its most recent top 12 tax season scams, a broad list that includes:
|
|
For a comprehensive look at each one of these scams, and for ways, you can steer clear of them, check our Guide to IRS & Tax Season Scams. However, there are some common threads to many of these scams.
For starters, plenty of tax scams involve crooks posing as an IRS employee, perhaps via a phone call or email, to glean personal information from you, or to demand payment—sometimes under the threat of penalties or even jail time. Crooks won’t hesitate to use strong-arm tactics like these and play on your fears. The good news is that such tactics are typically a sign that the contact isn’t legitimate. In fact, a quick way to spot a scam is to know what the IRS won’t do when they contact you. From the IRS.gov website, the IRS will not:
What will the IRS do? Usually, the IRS will first mail a notification to any taxpayer who owes taxes. IRS collection employees might call on the phone or make an unannounced visit to your home or business. If they require payment, the payment will always be to the U.S. Treasury. Read about other ways to know what the IRS won’t do when they contact you.
Scammers won’t limit themselves to posing as the IRS. They’ll act as an imposter in several other ways as well. For example, they may pose as a popular do-it-yourself tax brand, a tax preparer, or even as a phony charitable organization that promises any donations you make are tax-deductible.
Here, they may send you phony emails or direct messages or even ring you up with bogus telemarketing or robocalls designed to steal personal information.
In the cases where the scammers reach you online, the emails and messages they send will vary in their tone and polish—in other words, how authentic they appear. Some will look nearly legitimate and cause even the most hardened of digital skeptics to click on a phony link or download a sketchy attachment. Others, well, will look clearly like spam, complete with spelling and grammatical errors, along with clumsy use of logos, layouts, and design.
Taken together, both are ways that scammers get people to visit sites designed to compromise personal information … or to download malware like keyloggers that skim account passwords and ransomware that encrypt a victim’s files hold them hostage for a price.
Social media attacks also made the IRS Dirty Dozen. In a social media attack, scammers harvest information from social media profiles and turn it against their victims. Per the IRS, because “social media enables anyone to share information with anyone else on the Internet, scammers use that information as ammunition for a wide variety of scams. These include emails where scammers impersonate someone’s family, friends, or co-workers.”
With those personal details gleaned from social media, scammers will send phony links to scam sites, promote bogus charities, or flat-out ask for money or gift cards to “help them out” at tax time.
No question that bogus emails, messages, and phone calls remain a popular way for scammers to steal personal and financial information. Spam emails, messages, and the malicious links associated with them abound this time of year as well. It’s always to keep a critical eye open for these, and it’s particularly true during tax season.
View all emails with attachments and links with suspicion, even if they appear to come from a person, business, or brand you know. Confirm attachments with the people you know before opening. And if you receive a message or alert about an account of yours, visit that company or organization’s website directly to enquire into the status of your account rather than taking a chance by clicking on a link that could send you to a phony website.
One way to protect yourself from an identity thief from claiming a return in your name is to file yours before they do. In fact, many victims of identity theft find out they’ve been scammed when they receive an IRS notification that their tax claim has already been filed. Simply put, file early.
Here’s another tool that can help you fight identity theft. And get this: it’s not only helpful, but it’s also free. Through the Federal Trade Commission, you are entitled to a free copy of your credit report from each of the three major credit reporting companies once every 12 months. In this report, you can find inaccuracies in your credit or evidence of all-out identity theft.
Keep in mind that you get one report from each of the reporting companies each year. That works out to three reports total in one year. Consider this: if you request one report from one credit reporting company every four months, you can spread your free credit report coverage across the whole year.
As with much of the guidance we offer around social media, one of the best ways to prevent such social media tax attacks is to make your profiles private so that only friends and family can see them. That way, scammers will have a far more difficult time reaching you. Moreover, consider paring back the information you share in your social media profiles, like your alma maters, birthday, mother’s maiden name, pet names—any personal information that a scammer may use to compromise your accounts or the security questions associated with them.
Protecting your devices with comprehensive online protection software can help block the phishing emails and suspicious links that make up many of these tax attacks. Likewise, it can further protect you from ransomware attacks like mentioned above. Additionally, our online Protection Score looks for weak spots in your protection and helps you shore them up, such as if discovers that your info was compromised or part of a data breach. From there, it guides you through the steps to correct the problem.
Further, consider online protection software that offers identity theft protection as well. A strong identity theft protection package offers cyber monitoring that scans the dark web to detect misuse of your personal info. With our identity protection service, we help relieve the burden of identity theft if the unfortunate happens to you with $1M coverage for lawyer fees, travel expenses, lost wages, and more.
The IRS offers steps you can take in the event you suspect fraud or theft. Their current resources include:
As mentioned above, you can get even more up to speed on the different tricks hackers are using by downloading our Guide to IRS & Tax Season Scams. It’s free, and it offers more ways you can protect your identity and information this tax season and year ‘round.
The post The IRS “Dirty Dozen” – Top Tax Season Scams to Steer Clear of This Year appeared first on McAfee Blog.
The Domain Name System has provided the fundamental service of mapping internet names to addresses from almost the earliest days of the internet’s history. Billions of internet-connected devices use DNS continuously to look up Internet Protocol addresses of the named resources they want to connect to — for instance, a website such as blog.verisign.com. Once a device has the resource’s address, it can then communicate with the resource using the internet’s routing system.
Just as ensuring that DNS is secure, stable and resilient is a priority for Verisign, so is making sure that the routing system has these characteristics. Indeed, DNS itself depends on the internet’s routing system for its communications, so routing security is vital to DNS security too.
To better understand how these challenges can be met, it’s helpful to step back and remember what the internet is: a loosely interconnected network of networks that interact with each other at a multitude of locations, often across regions or countries.
Packets of data are transmitted within and between those networks, which utilize a collection of technical standards and rules called the IP suite. Every device that connects to the internet is uniquely identified by its IP address, which can take the form of either a 32-bit IPv4 address or a 128-bit IPv6 address. Similarly, every network that connects to the internet has an Autonomous System Number, which is used by routing protocols to identify the network within the global routing system.
The primary job of the routing system is to let networks know the available paths through the internet to specific destinations. Today, the system largely relies on a decentralized and implicit trust model — a hallmark of the internet’s design. No centralized authority dictates how or where networks interconnect globally, or which networks are authorized to assert reachability for an internet destination. Instead, networks share knowledge with each other about the available paths from devices to destination: They route “by rumor.”
Under the Border Gateway Protocol, the internet’s de-facto inter-domain routing protocol, local routing policies decide where and how internet traffic flows, but each network independently applies its own policies on what actions it takes, if any, with data that connects through its network.
BGP has scaled well over the past three decades because 1) it operates in a distributed manner, 2) it has no central point of control (nor failure), and 3) each network acts autonomously. While networks may base their routing policies on an array of pricing, performance and security characteristics, ultimately BGP can use any available path to reach a destination. Often, the choice of route may depend upon personal decisions by network administrators, as well as informal assessments of technical and even individual reliability.
Two prominent types of operational and security incidents occur in the routing system today: route hijacks and route leaks. Route hijacks reroute internet traffic to an unintended destination, while route leaks propagate routing information to an unintended audience. Both types of incidents can be accidental as well as malicious.
Preventing route hijacks and route leaks requires considerable coordination in the internet community, a concept that fundamentally goes against the BGP’s design tenets of distributed action and autonomous operations. A key characteristic of BGP is that any network can potentially announce reachability for any IP addresses to the entire world. That means that any network can potentially have a detrimental effect on the global reachability of any internet destination.
Fortunately, there is a solution already receiving considerable deployment momentum, the Resource Public Key Infrastructure. RPKI provides an internet number resource certification infrastructure, analogous to the traditional PKI for websites. RPKI enables number resource allocation authorities and networks to specify Route Origin Authorizations that are cryptographically verifiable. ROAs can then be used by relying parties to confirm the routing information shared with them is from the authorized origin.
RPKI is standards-based and appears to be gaining traction in improving BGP security. But it also brings new challenges.
Specifically, RPKI creates new external and third-party dependencies that, as adoption continues, ultimately replace the traditionally autonomous operation of the routing system with a more centralized model. If too tightly coupled to the routing system, these dependencies may impact the robustness and resilience of the internet itself. Also, because RPKI relies on DNS and DNS depends on the routing system, network operators need to be careful not to introduce tightly coupled circular dependencies.
Regional Internet Registries, the organizations responsible for top-level number resource allocation, can potentially have direct operational implications on the routing system. Unlike DNS, the global RPKI as deployed does not have a single root of trust. Instead, it has multiple trust anchors, one operated by each of the RIRs. RPKI therefore brings significant new security, stability and resiliency requirements to RIRs, updating their traditional role of simply allocating ASNs and IP addresses with new operational requirements for ensuring the availability, confidentiality, integrity, and stability of this number resource certification infrastructure.
As part of improving BGP security and encouraging adoption of RPKI, the routing community started the Mutually Agreed Norms for Routing Security initiative in 2014. Supported by the Internet Society, MANRS aims to reduce the most common routing system vulnerabilities by creating a culture of collective responsibility towards the security, stability and resiliency of the global routing system. MANRS is continuing to gain traction, guiding internet operators on what they can do to make the routing system more reliable.
Routing by rumor has served the internet well, and a decade ago it may have been ideal because it avoided systemic dependencies. However, the increasingly critical role of the internet and the evolving cyberthreat landscape require a better approach for protecting routing information and preventing route leaks and route hijacks. As network operators deploy RPKI with security, stability and resiliency, the billions of internet-connected devices that use DNS to look up IP addresses can then communicate with those resources through networks that not only share routing information with one another as they’ve traditionally done, but also do something more. They’ll make sure that the routing information they share and use is secure — and route without rumor.
The post Routing Without Rumor: Securing the Internet’s Routing System appeared first on Verisign Blog.
pipe-1200
When Aussie school opened their doors this year, the lifespan of parents around the country drastically improved. The combination of homeschooling, working from home, and not going anywhere has completely drained many Aussie working parents, me included!! Many of us have been in survival mode – just focusing on the basics to get through!
Well, now we’re getting back to some sort of normal and we have a little more time to breathe, it’s time to focus on those overdue jobs and that includes doing an audit of your family’s online safety. Now, I know it might seem boring, but I promise you it’s worth the effort. So, I thought I’d share with you a checklist of what you need to do to ensure your family is as safe as possible when online. Let’s get started:
1. Passwords
Your first task is to ensure every family member has a different password for each of their online accounts. Yes, I know – that sounds completely overwhelming. But hear me out. If you have the same password for all your online accounts and you get hacked, then you could be in a world of pain – as the hacker now has access to all your online accounts!! So, this is very much worth sorting out.
Now, there are many ways of managing a long list of passwords. You could write them down in a special, secret book. You could call on your Mensa level memory and try to remember 50 plus passwords – unfortunately, that’s not me! So, let me give you the best solution – a password manager. Password Managers can both generate and remember super complex passwords that no human could even concoct. Check out McAfee’s True Key – it’s free and a complete no-brainer, my friends!
2. Software Updates
Before my life as Cybermum, I used to think software updates were a massive inconvenience. Something else to add to the never-ending list. But how wrong was I! A software update addresses security flaws or bugs in the current version of the app or program. Their goal is to protect the user. So, if you’re serious about protecting your family, these updates can’t be ignored. The easiest way to manage this is to set updates to be automatic, where possible. You can also do this with apps on your phone – for both Apple and Android devices.
3. Ensure Location Services Are Off
Most apps, networks, and devices have geotagging features which means your whereabouts can be widely communicated if your location’s services are turned on. And don’t forget that digital photos can also give away your location as they contain metadata which is information about the time, date, and GPS coordinates of where the pic was taken. So, your job here is simple – ensure all devices have geotagging turned off. And while you’re at it, ensure your kids understand why it’s critical to keep it that way! Nothing worse than pesky strangers knowing your whereabouts!
4. Security Software
Not having security software installed on your devices is no different from leaving your front door unlocked. It is essential. A top-shelf security software system will detect and shut down security attacks on your system. Many will also have a firewall that constantly filters the data that both enters and leaves your computer and will block and restrict your network from viruses and hackers. It will also keep an alert to malicious software and if detected will remove issues such as viruses, worms, and Trojans. It will also stay alert to spyware that you may unintentionally download onto your system and will block and delete it if found. See what I mean? It’s essential. Check out McAfee’s Total Protection which will give you peace of mind.
Unfortunately, there are no guarantees in life however there are definitely ways to minimize risk. Following the above 4 steps will have a significant positive impact on your family’s online safety and most importantly, means you can enjoy a little peace now the kids are back to school!
Till Next Time
Alex x
The post Kids Back To School – The Perfect Time to Audit Your Family’s Online Safety appeared first on McAfee Blog.
Editor’s Note: This is the first in a series of articles about how we can help our elder parents get the most out of digital life—the ways we can help them look after their finances and health online, along with how they can use the internet to keep connected with friends and family, all safely and simply.
Online banking is for everyone. Or at least it should be.
The benefits of online banking are many for our moms, dads, and grandparents, just as they are for us. Elder adults can deposit checks, pay bills, transfer money to and from investments, and so on, all without needing to leave home. However, our parents and the older people in our lives may face a few hurdles that are holding them back. As a son, daughter, or loved one, there are things you can do to help them clear those hurdles so they can enjoy the convenience of online banking, safely and securely.
What do some of those hurdles look like?
Meanwhile, the digital world continues to evolve apace, particularly with regard to online banking. Between 2018 and 2022, the number of people in the U.S. who use online banking steadily rose to more than 65%, and more than three-quarters of Americans used a mobile device the last time they checked their balance. And as of 2020, nearly two billion people worldwide used online banking, a number that only continues to increase.
This rise in online banking has implications for the elders in our lives. Even if they aren’t active in online banking themselves, their financial information is part of this digital mix. The banks and financial institutions where they keep their savings and funds are digitally connected and digitally accessible. At a minimum, this means that they should take steps to protect themselves and their finances. Yet the upside is here is that we can help them do much more than that—that we can actually help them take advantage of online banking and enjoy its benefits.
Depending on their comfort level, you may want to start by reviewing some basic digital literacy before diving right into online banking. As mentioned above, there’s so much about the internet that we take for granted, and the elders in your life may benefit a little 101-level introduction to the internet.
When you’re both confident that their comfort level with the internet is in the right place, you can move on to the next step—making sure mom and dad have solid online protection in place. This is square one before going online, particularly when you’re banking online. Some basic digital hygiene will help protect their banking and finances. Moreover, it will help protect the other things they do online as well.
The following quick list is a great way to make them far more secure:
That includes the operating system of their computers, smartphones, and tablets, along with the apps that are on them. Many updates include security upgrades and fixes that make it tougher for hackers to launch an attack.
Computers, smartphones, and tablets will have a way of locking them using a PIN, a password, a fingerprint, or the owner’s face. Take advantage of that protection, which is particularly important if that device is lost or stolen.
This is important should they lose their smartphone or believe it’s been stolen. Have them turn on device tracking so that they can locate their phone or even wipe its data and contents remotely if they need to. Apple provides iOS users with a step-by-step guide for remotely wiping devices, and Google offers up a guide for Android users as well.
Protecting your devices with comprehensive online protection software will defend them against the latest virus, malware, spyware and ransomware attacks plus help steer them clear of phishing attacks and malicious websites designed to steal personal and financial information. Also, make sure it offers a password manager like ours does, which can create and store strong, unique passwords for each of their accounts—alleviating the burden of mom and dad remembering them.
With all the personally identifiable information (PII) we create simply by using the internet, tracking and monitoring your PII is essential for preventing identity fraud and theft. The same is true for mom and dad. A strong identity theft protection package will offer cyber monitoring that can detect the misuse of your PII. Our identity protection service takes that protection a step further if the unfortunate happens with $1M coverage for lawyer fees, travel expenses, lost wages, and more.
With their devices and PII more secure, you can move on to the banking portion itself. While there’s so much you can do with online banking, it’s a good idea to take things one at a time. Some elders aren’t sure how to sign up for online banking with their financial institution, so you can start there. Take them through the setup process (using that strong, unique password as mentioned above) and simply get them going.
From there, they can familiarize themselves with the layout of banking site or app they’re using. A straightforward task like checking account balances is a great way to do just that. After their comfort level with the site or app tales root, you can move on to other things they can do online, like pay bills online, deposit a paper check with their phone, and review their statements for any discrepancies.
Another thing that may help put your folks at ease is to let them know you’re there to help. Questions will inevitably come up, and it’ll be a great comfort to them knowing that you’re around to lend them a quick answer as needed.
For example, let’s talk about spotting possible discrepancies in their statements. Some account entries may look a little strange because the name of a business does not always match the way it appears in a bank or credit card statement. This may lead to questions about the purchase—was it something they made? Is it a legitimate charge? These are answers you can help them track down.
Related, online banking provides our parents with a powerful tool against identity theft and fraud. By reviewing account statements closely, they can potentially spot bogus charges and purchases before they become a larger, and more costly, problem. (For a great primer on the topic, read and share this article that covers identity theft and fraud, along with steps to prevent it.)
Several different banks offer resources specifically for elder bankers. The offerings will of course vary from bank to bank, yet you may find that they have videos and information on their websites designed to make online banking easier. Likewise, they may offer special services that mom and dad may qualify for. In all, feel free to lean on their bank for assistance as needed. They’re there to help.
You can also look into independent resources as well, such as the AARP and “Ready, Set, Bank,” which both provide a wealth of videos and articles about online banking.
As kids, grandkids, and younger loved ones, there’s plenty we can do to help the elders in our lives enjoy online banking with confidence. Shoring up their security, starting them easy, and then being there to answer questions can help them clear the hurdles of familiarity and trust they face.
Just as they’ve guided you through the ins and outs of life, here’s a chance to return the favor. What’s more, it’s yet another way you can spend time together, whether in person or over a call. And that’s a good thing.
The post Helping Mom & Dad: Online Banking appeared first on McAfee Blog.
You may hear corporate cybersecurity experts hail the benefits of a VPN, or a virtual private network, to keep company information safe from ransomware attacks and cybercriminals seeking to steal valuable business secrets. It’s unlikely that everyday people, such as yourself, will be targeted by a ransomware scheme, so you may be puzzled about how a VPN can help someone like you be safer online. Luckily, with a VPN being very easy to install and use, you can indeed experience these three everyday benefits to keep your browsing activities safe from eavesdroppers seeking to profit from your online comings and goings.
The most widely known benefit of a VPN for daily use is to safeguard your device when it’s connected to a public Wi-Fi network. Coffee shops, libraries, hotels, transportation hubs, and other public places often provide courtesy internet service to visitors. Shifty characters often lurk on unprotected networks to lift personally identifiable information (PII) from people handling sensitive emails, making banking transactions, or shopping online. Public Wi-Fi eavesdroppers can lift credit card numbers, addresses, birthdays, and Social Insurance Numbers.
When you connect to public Wi-Fi that doesn’t have a lock icon, that’s a sign that you should toggle on your VPN. Also, even if you’re required to enter a password, be wary of any network you share with strangers.
A VPN can also hide your location data. How does this help you protect your browsing history? First, when you scramble your location, you’re likely to confuse ad networks trying to send you targeted ads. This will free your social media feeds and search engines from targeted ads that often are so accurate they seem like an invasion of privacy.
Second, hiding your location can protect you from cybercriminals looking to mine PII. VPNs make it impossible for criminals to discover your IP address. (The internet protocol address is what ties your device to a specific local network.) When they’re visible, criminals can trace IP addresses to reveal home addresses, full names, and phone numbers: all of which are key pieces of PII that, in the wrong hands, can jeopardize your identity.
While Canada and the European Union don’t allow ISPs (internet service providers) to even collect the browsing data of their customers, keep in mind that in some countries, like the U.S., ISPs can collect, store, share, and/or sell customer data. While advertisers are often the buyers of customer data, in the case of a breach, the more places your PII lives, the more likely it may be involved in a security incident. The goal is to limit the extent and number of places where your browsing history is stored.
VPNs can scramble your online movements to the point where not even ISPs can track it. Plus, when you log out, your device doesn’t keep a record of what you did while connected to the VPN. Incognito mode on your internet browser hides your IP address, but the websites you visit still collect cookies and store data about your online whereabouts, meaning that it’s not truly private browsing.
McAfee Safe Connect VPN encrypts your online activity to protect your data from prying eyes. With a premium paid plan, you can protect up to five devices at once with bank-grade Wi-Fi encryption. Feel more confident whenever you hop on the internet across all your connected devices with just one quick and easy step.
The post Why Everyone Needs a VPN appeared first on McAfee Blog.
Quick mental math challenge: How many Apple Watches can you buy with $118 billion dollars? If you guessed around 296 million watches congrats, you’re smarter than the writer of this blog! We had to use a calculator. The point is that’s the predicted size of the US wearable market by 2028 according to a recent report. That means for as much wearable tech as we have in our lives already, even more, is on the way.
If you own a piece of wearable tech it’s easy to understand why it’s so popular. After all, it can track our fitness, provide contextual help in daily life, and, in the case of hearing aids, even do cool things like sync with Bluetooth. As VR and AR gains a foothold who knows what other incredible tech might be headed our way by 2028? However wearable tech also comes with certain risks. The most prominent: cybercriminals potentially gaining access to your data.
The weakest link in the wearables space is your mobile phone, not the actual wearable device itself. That’s because wearables tend to link to your mobile device over a short-range wireless spectrum known as “Bluetooth.” This spectrum is used to send and receive data between your wearable device and your mobile. That makes your mobile a prime target for hackers.
Most commonly, hackers gain access to the data on your mobile through malware-laden apps. These apps are oftentimes designed to look like popular apps, but with enough differences that they don’t flag copyright suspicion.
Hackers can use these malicious apps to do a variety of things from making phone calls without your permission, sending and receiving texts, and extracting personal information—all potentially without your knowledge. They can also, with the help of your wearable, track your location through GPS and record any health issues you’ve entered into your wearable. The point is: once they have permissions to your mobile device, they have a lot of control and a lot of resources.
The hacker can then use this data to conduct varying forms of fraud. Need a special prescription from your doctor that happens to sell well on the black market? Well, so does the hacker. Going out for a jog in the morning? Good information for a burglar to know. These personal details just scratch the surface of information available for the taking on your mobile devices.
These types of threats aren’t limited to wearables, however. The Internet of Things—the phenomenon of devices connected to the Internet for analysis and optimization—encompasses all sorts of other electronic devices such as washing machines and refrigerators that can put your data at risk as well. But these life-changing devices can be secured through education and industry standards. Two things we’re working on day and night.
Of course, securing the weakest link in your wearables environment, your phone will go a long way towards keeping your data safe. But what happens when your computer, where you store backups of your smartphone, is compromised too? We’ve got you covered with McAfee LiveSafe service, our comprehensive security solution that provides protection for your entire online life.
The post The Wearable Future Is Hackable. Here’s What You Need To Know appeared first on McAfee Blog.
We’re excited to bring you the latest edition of the McAfee 2022 Consumer Mobile Threat Report. After all, when you know the challenges you face, it’s easier to be confident online. In this blog, we’ll take a closer look at some leading examples of techniques that cybercriminals are using to trick or defraud you via your mobile phone. These examples are some of the more sophisticated attacks, using real logos, quality graphics, and personalized messages. We hope this provides a useful resource for protecting your digital life, mobile devices, and personal information so that you can enjoy a safe life online with your family.
Cybercriminals are upping their game, using personal information and high-quality graphics to make their malware look like legitimate apps or official messages. Because these attacks are successful at defrauding significant numbers of mobile users out of their money and information, more criminals will jump on this approach or expand their malicious campaigns. Let’s take a look at some of the different techniques being used by scammers to fool mobile users.
Mobile smishing (aka phishing text messages) are attacks using personalized greetings in text messages that pretend to be from legitimate organizations to appear more credible. These messages often link to websites with authentic logos, icons, and other graphics, prompting the user to enter personal information or download an app. Users should be extra careful about text messages from unknown sources and should go directly to the organization’s website to validate requests.
Cheating tools and hacking apps are popular ways to get extra capabilities in mobile games. Criminals are exploiting this by promoting game hacking apps that include malicious code on legitimate messaging channels. If installed, the malware steals account credentials for social media and gaming accounts. Gamers should use caution when installing game hacks, especially if they request superuser permissions.
Cryptocurrencies are providing new opportunities for mobile device attacks. The latest ploy is phony apps that promise to mine coins in the cloud for a monthly fee. Fake reviews and a low cost make them sound too good to be true—and they are. These apps just take the money without doing any coin mining. With no actual malicious code, these apps are hard to detect, so users should be suspicious of being promised hundreds or thousands of dollars of crypto coins for just a few dollars a month.
Another attack uses a variety of fake apps with slick graphics to trick users into premium subscriptions. Hundreds of these apps promise features such as mobile games or photo editing and are supported by plenty of fake five-star reviews. When installed, the apps ask for the user’s phone number and verification PIN and use them to sign up for premium text services that direct payments to the criminals. Users should read reviews looking for vague statements, repetitive wording, and a mix of five-star and one-star ratings. For a deeper dive into the scams, be sure to view full report.
While threat tactics continue to change as criminals adapt and respond to detection and enforcement techniques, there are a few steps users should take to limit their exposure and risk.
While some malicious apps do make it through the app store screening process, most of the attack downloads appear to be coming from social media, fake ads, and other unofficial app sources. Before downloading something to your phone, do some quick research about the source and developer. Many of these scams have been flagged by other people.
Many malicious apps get the access they need by asking the user to grant them permission to use unrelated privileges and settings. When installing a new app, take a few moments to read these requests and deny any that seem unnecessary, especially for superuser access and accessibility services.
Developers are actively working to identify and address security issues. Both operating systems and apps should be frequently updated so that they have the latest fixes and security protections.
Cybercriminals often flood their Google Play apps with fake five-star reviews. Many fake or malicious apps only have a mix of five-star and one-star reviews. The five-star ones typically have vague statements and repetitive wording, giving clues that they are submitted by bots. Compare them to the one-star reviews for insight on the app’s real capabilities.
Devices that are behaving unusually may just have a basic tech issue but it can also be a sign of being hacked. Follow up when something is not quite right, check recent changes or contact tech support from the mobile device vendor or security software provider.
Comprehensive security software across all devices, whether they are computers, tablets, or smartphones, continues to be a strong defensive measure to protect your data and privacy from cyber threats.
We hope this report helps you stay on the lookout for these and other mobile threats so you can safely and confidently enjoy your life online.
The post McAfee 2022 Consumer Mobile Threat Report appeared first on McAfee Blog.
FreshRSS 