Login
Responding to a recent surge in AI-generated bot accounts, LinkedIn is rolling out new features that it hopes will help users make more informed decisions about with whom they choose to connect. Many LinkedIn profiles now display a creation date, and the company is expanding its domain validation offering, which allows users to publicly confirm that they can reply to emails at the domain of their stated current employer.
LinkedIn’s new “About This Profile” section — which is visible by clicking the “More” button at the top of a profile — includes the year the account was created, the last time the profile information was updated, and an indication of how and whether an account has been verified.
LinkedIn also said it is adding a warning to some LinkedIn messages that include high-risk content, or that try to entice the user into taking the conversation to another platform (like WeChat).
“We may warn you about messages that ask you to take the conversation to another platform because that can be a sign of a scam,” the company said in a blog post. “These warnings will also give you the choice to report the content without letting the sender know.”
In late September 2022, KrebsOnSecurity warned about the proliferation of fake LinkedIn profiles for Chief Information Security Officer (CISO) roles at some of the world’s largest corporations. A follow-up story on Oct. 5 showed how the phony profile problem has affected virtually all executive roles at corporations, and how these fake profiles are creating an identity crisis for the businesses networking site and the companies that rely on it to hire and screen prospective employees.
Reporting here last month also tracked a massive drop in profiles claiming to work at several major technology companies, as LinkedIn apparently took action against hundreds of thousands of inauthentic accounts that falsely claimed roles at these companies.
For example, on October 10, 2022, there were 576,562 LinkedIn accounts that listed their current employer as Apple Inc. The next day, half of those profiles no longer existed. At around the same time, the number of LinkedIn profiles claiming current roles at Amazon fell from roughly 1.25 million to 838,601 in just one day, a 33 percent drop.
For whatever reason, the majority of the phony LinkedIn profiles reviewed by this author were young women with profile photos that appear to have been generated by artificial intelligence (AI) tools.
“We’re seeing rapid advances in AI-based synthetic image generation technology and we’ve created a deep learning model to better catch profiles made with this technology,” LinkedIn’s Oscar Rodriguez wrote. “AI-based image generators can create an unlimited number of unique, high-quality profile photos that do not correspond to real people.”
It remains unclear who or what is behind the recent proliferation of fake executive profiles on LinkedIn, but likely they are from a combination of scams. Cybersecurity firm Mandiant (recently acquired by Google) told Bloomberg that hackers working for the North Korean government have been copying resumes and profiles from leading job listing platforms LinkedIn and Indeed, as part of an elaborate scheme to land jobs at cryptocurrency firms.
Identity thieves have been known to masquerade on LinkedIn as job recruiters, collecting personal and financial information from people who fall for employment scams.
Also, fake profiles also may be tied to so-called “pig butchering” scams, wherein people are lured by flirtatious strangers online into investing in cryptocurrency trading platforms that eventually seize any funds when victims try to cash out.
On Black Friday and Cyber Monday, the deals roll out. So do some of the worst Black Friday and Cyber Monday scams.
Hackers, scammers, and thieves look to cash in this time of year by blending in with the holiday rush, spinning up their own fake shipping notices, phony deals, and even bogus charities that look legitimate at first glance, yet are anything but. Instead, they may be loaded with malware, point you to phishing sites that steal your personal info, or they may simply rip you off.
Classically, many online scams play on emotions by creating a sense of urgency or even fear. And for the holidays, you can throw stress into that mix as well—the stress of time, money, or even the pressure of finding that hard-to-get gift that seems to be out of stock everywhere. The bad actors out there will tailor their attacks around these feelings, hoping that they’ll catch you with your guard down during this busy time of year.
So while knowing how to spot a great gift at a great price is solid skill to have this time of year, so is the ability to spot a scam. Let’s look at some of the worst ones out there, along with what you can do to steer clear of them.
Come this time of year, keeping tabs on all the packages you have in transit can get tricky. You may have an armload of them enroute at any given time, and scammers will look to slip into this mix with phony order confirmations sent to your mailbox or your phone by text. Packed with either an email attachment or a link to a bogus website, they’ll try to get you to download malware or visit a site that attempts to steal your identity.
These messages can look quite legit, so the best way to keep track of your orders is on the sites where you purchased them. Go directly to those sites rather than clicking on any links or attachments you get.
This scam plays out much like the fake order scam, yet in this case the crooks will send a phony package tracking notification, again either as a link or as an attachment. For starters, legitimate retailers won’t send tracking numbers in an attached file. If you see anything like that, it’s surely a scam designed to inject malware onto your device. In the case of a link, the scammers aim to send you to a site that will steal your personal info, just like in the case above.
Once again, the best way to track your packages is to go to the source. Visit the online store where you made your purchase, open your current orders, and get your package tracking information from there.
A classic scammer move is to “typosquat” phony email addresses and URLs that look awfully close to legitimate addresses of legitimate companies and retailers. So close that you may overlook them. They often appear in phishing emails and instead of leading you to a great deal, these can in fact link you to scam sites that can then lift your login credentials, payment info, or even funds should you try to place an order through them.
You can avoid these sites by going to the retailer’s site directly. Be skeptical of any links you receive by email, text, or direct message—it’s best to go to the site yourself by manually typing in the legitimate address yourself and look for the deal there.
At the heart of holiday shopping is scarcity. And scarcity is something scammers love. There’s always some super-popular holiday item that’s tough to find, and scammers will spin up phony websites and offers around those items to lure you in. They may use the typosquatting technique mentioned above to pose as a legitimate retailer, or they may set up a site with their own branding to look legitimate on their own (or at least try). Either way, these scams can hurt you in a couple of ways—one, you’ll pay for the goods and never receive them; and two, the scammers will now have your payment info and address, which they can use to commit further fraud.
If the pricing, availability, or delivery time all look too good to be true for the item in question, it may be a scam designed to harvest your personal info and accounts. Use caution here before you click. If you’re unsure about a product or retailer, read reviews from trusted websites to help see if it’s legitimate. (The Better Business Bureau is a great place to start—more on that in moment.)
In the season of giving, donating to charities in your name or in the name of others makes for a popular holiday gesture. Scammers know this too and will set up phony charities to cash in. Some indications that a phony charity has reached you include an urgent pitch that asks you to “act now.” A proper charity will certainly make their case for a donation, yet they won’t pressure you into it. Moreover, phony charities will outright ask for payment in the form of gift cards, wire transfers (like Western Union), money orders, or even cryptocurrency—because once those funds are sent, they’re nearly impossible to reclaim when you find out you’ve been scammed.
There are plenty of ways to make donations to legitimate charities, and the U.S. Federal Trade Commission (FTC) has a site full of resources so that you can make your donation truly count.
Some of it takes an eagle eye that can spot these scams as they pop up in your inbox, texts, social media feed, and so on. Yet you have further ways you can keep safe while shopping on Black Friday, Cyber Monday, and any time.
This is a great one to start with. Directly typing in the correct address for online stores and retailers is a prime way to avoid scammers online. In the case of retailers that you don’t know much about, the U.S. Better Business Bureau (BBB) asks shoppers to do their research and make sure that retailer has a good reputation. The BBB makes that easier with a listing of retailers you can search simply by typing in their name.
Secure websites begin their address with “https,” not just “http.” That extra “s” in stands for “secure,” which means that it uses a secure protocol for transmitting sensitive info like passwords, credit card numbers, and the like over the internet. It often appears as a little padlock icon in the address bar of your browser, so double-check for that. If you don’t see that it’s secure, it’s best to avoid making purchases on that website.
In the U.S., the Fair Credit Billing Act offers the public protection against fraudulent charges on credit cards, where citizens can dispute charges over $50 for goods and services that were never delivered or otherwise billed incorrectly. Note that many credit card companies have their own policies that improve upon the Fair Credit Billing Act as well. However, debit cards aren’t afforded the same protection under the Act. Avoid using a debit card while shopping online and use your credit card instead.
Two-factor authentication is an extra layer of defense on top of your username and password. It adds in the use of a special one-time-use code to access your account, usually sent to you via email or to your phone by text or a phone call. In all, it combines something you know, like your password, with something you have, like your smartphone. Together, that makes it tougher for a crook to hack your account. If any of your accounts support two-factor authentication, the few extra seconds it takes to set up is more than worth the big boost in protection you’ll get.
Public Wi-Fi in coffee shops and other public locations can expose your private surfing to prying eyes because those networks are open to all. Using a virtual private network (VPN) encrypts your browsing, shopping, and other internet traffic, thus making it secure from attempts at intercepting your data on public Wi-Fi, such as your passwords and credit card numbers.
What’s more, a VPN masks your whereabouts and your IP address, plus uses encryption that helps keep your activities private. As a result, companies and data brokers can potentially learn far less about you, your shopping, your travels, your habits, and any other information that they could possibly collect and otherwise profit from.
Yes, it’s true. Your information gets collected, bought, and solid online. In fact, personal information fuels a global data trading economy estimated at $200 billion U.S. dollars a year. Run by data brokers that keep hundreds and even thousands of data points on billions of people, these sites gather, analyze, buy, and sell this information to other companies as well as to advertisers. Likewise, these data brokers may sell this information to bad actors, such as hackers, spammers, and identity thieves who would twist this information for their own purposes.
Getting your info removed from these sites can seem like a daunting task. (Where do I start, and just how many of these sites are out there?) Our Personal Data Cleanup can help by regularly scanning these high-risk data broker sites for info like your home address, date of birth, and names of relatives. It identifies which sites are selling your data, and depending on your plan, automatically requests removal.
Another place where personal information is bought and sold, stored, and exchanged is the dark web. The problem is that it’s particularly difficult for you to determine what, if any, of your info is on the dark web, stashed away in places where hackers and thieves can get their hands on it. Identity monitoring can help. McAfee’s identity monitoring helps you keep your personal info safe by alerting you if your data is found on the dark web, an average of 10 months before our competitors.
Monitored info can range anywhere from bank account and credit card numbers to your email addresses and government ID number, depending on your location. If your information gets spotted, you’ll get an alert, along with steps you can take to minimize or even prevent damage if the information hasn’t already been put to illegal use.
Identity protection through McAfee takes identity monitoring a step further by offering, depending on your location and plan, identity theft coverage for financial losses and expenses due to identity theft, in addition to hands-on help from a recovery professional to help restore your identity—all in addition to the identity monitoring called out above, again depending on your location and plan.
Keeping an eye on your bills and statements as they come in can help you spot unusual activity on your accounts. A credit monitoring service can do that one better by keeping daily tabs on your credit report. While you can do this manually, there are limitations. First, it involves logging into each bureau and doing some digging of your own. Second, there are limitations as to how many free credit reports you can pull each year. A service does that for you and without impacting your credit score.
Depending on your location and plan, McAfee’s credit monitoring allows you to look after your credit score and the accounts within it to see fluctuations and help you identify unusual activity, all in one place, checking daily for signs of identity theft.
A complete suite of online protection software like McAfee+ can offer layers of extra security while you shop. In addition to the VPN, identity, credit monitoring, and other features mentioned above, it includes web browser protection that can block malicious and suspicious links that could lead you down the road to malware or a phishing scam—along with a password manager that can create strong, unique passwords and store them securely as well. Taken together, McAfee+ offers all-in-one online protection for your identity, privacy, and security that can keep you far safer when you shop online—and as you spend your time online in general.
Even if you take the proper precautions the unexpected can happen. Whether it’s a scam, an identity crime, or flat-out theft, there are steps you can take right away to help minimize the damage.
The first bit of advice is to take a deep breath and get right to work on recovery. From there, you can take the following steps:
Whether you spot a curious charge on your bank statement, discover potentially a fraudulent account when you check credit report, or when you get an alert from your monitoring service, let the bank or organization involved know you suspect fraud or theft. With a visit to their website, you can track down the appropriate number to call and get the investigation process started.
Some businesses will require you to file a local police report and acquire a case number to complete your claim. Beyond that, filing a report is a good idea in itself. Identity theft is still theft and reporting it provides an official record of the incident. Should your case of identity theft lead to someone impersonating you or committing a crime in your name, filing a police report right away can help clear your name down the road. Be sure to save any evidence you have, like statements or documents that are associated with the theft. They can help clean up your record as well.
In the U.S., the identity theft website from the Federal Trade Commission (FTC) is a fantastic resource should you find yourself in need. In addition to keeping records of the theft, the FTC can provide you with a step-by-step recovery plan—and even walk you through the process if you create an account with them. Additionally, reporting theft to the FTC can prove helpful if debtors come knocking to collect on any bogus charges in your name. With a copy of your report, you can ask debtors to stop.
An instance of identity fraud or theft, suspected or otherwise, is a good time to review your options for a credit freeze or lock. As mentioned earlier, see what the credit bureaus in your region offer, along with the terms and conditions of each. With the right decision, a freeze or lock can help minimize and prevent further harm.
Strongly consider using a monitoring service like the one we described earlier to help you continue to keep tabs on your identity. The unfortunate fact of identity theft and fraud is that it can mark the start of a long, drawn-out affair. One instance of theft can possibly lead to another, so even what may appear to be an isolated bad charge on your credit card calls for keeping an eye on your identity all around. Many of the tools you would use up to this point still apply, such as checking up on your credit reports, maintaining fraud alerts as needed, and reviewing your accounts closely—along with utilizing an identity monitoring service.
A recovery service can help you clean up your credit in the wake of fraud or theft, all by working on your behalf. Given the time, money, and stress that can come along with setting your financial record straight, leaning on the expertise of a professional can provide you with much-needed relief on several counts.
Just as it’s always been, hackers, scammers, and thieves want to ruin a good thing. In this case, it’s your spirit of giving and sharing in the holiday season. Yet with this list of top scams and ways you can avoid them, you can keep bad actors like them at bay. Remember, they’re counting on you to be in a hurry this time of year, and maybe a bit stressed and a little disorganized to boot. Take your time while shopping out there and keep an eye out for their tricks. That extra moment can save you far more time and money than you may think.
The post The Worst Black Friday and Cyber Monday Scams – And How to Avoid Them appeared first on McAfee Blog.
Gather around, folks, to learn about some of the ghastliest tricks used by criminals online and how you can avoid security horrors this Halloween and beyond
The post Trick or treat? Stay so cyber‑safe it’s scary – not just on Halloween appeared first on WeLiveSecurity
As package delivery scams that spoof DHL, USPS and other delivery companies soar, here’s how to stay safe not just this shopping season
The post Parcel delivery scams are on the rise: Do you know what to watch out for? appeared first on WeLiveSecurity
With hot-ticket events firmly back on the agenda, scammers selling fake tickets online have also come out in force
The post Don’t get scammed when buying tickets online appeared first on WeLiveSecurity
Fraudsters use various tactics to separate people from their hard-earned cash on Zelle. Here’s how to keep your money safe while using the popular P2P payment service.
The post 10 common Zelle scams – and how to avoid them appeared first on WeLiveSecurity
One of the oldest tricks in the cybercrime playbook is phishing. It first hit the digital scene in 1995, at a time when millions flocked to America Online (AOL) every day. And if we know one thing about cybercriminals, it’s that they tend to follow the masses. In earlier iterations, phishing attempts were easy to spot due to link misspellings, odd link redirects, and other giveaways. However, today’s phishing tricks have become personalized, advanced, and shrouded in new disguises. So, let’s take a look at some of the different types, real-world examples and how you can recognize a phishing lure.
Every day, users get sent thousands of emails. Some are important, but most are just plain junk. These emails often get filtered to a spam folder, where phishing emails are often trapped. But sometimes they slip through the digital cracks, into a main inbox. These messages typically have urgent requests that require the user to input sensitive information or fill out a form through an external link. These phishing emails can take on many personas, such as banking institutions, popular services, and universities. As such, always remember to stay vigilant and double-check the source before giving away any information.
A sort of sibling to email phishing, link manipulation is when a cybercriminal sends users a link to malicious website under the ruse of an urgent request or deadline. After clicking on the deceptive link, the user is brought to the cybercriminal’s fake website rather than a real or verified link and asked to input or verify personal details. This exact scenario happened last year when several universities and businesses fell for a campaign disguised as a package delivery issue from FedEx. This scheme is a reminder that anyone can fall for a cybercriminals trap, which is why users always have to careful when clicking, as well as ensure the validity of the claim and source of the link. To check the validity, it’s always a good idea to contact the source directly to see if the notice or request is legitimate.
Corporate executives have always been high-level targets for cybercriminals. That’s why C-suite members have a special name for when cybercriminals try to phish them – whaling. What sounds like a silly name is anything but. In this sophisticated, as well as personalized attack, a cybercriminal attempts to manipulate the target to obtain money, trade secrets, or employee information. In recent years, organizations have become smarter and in turn, whaling has slowed down. Before the slowdown, however, many companies were hit with data breaches due to cybercriminals impersonating C-suite members and asking lower-level employees for company information. To avoid this pesky phishing attempt, train C-suite members to be able to identify phishing, as well as encourage unique, strong passwords on all devices and accounts.
Just as email spam and link manipulation are phishing siblings, so too are whaling and spear-phishing. While whaling attacks target the C-suite of a specific organization, spear-phishing rather targets lower-level employees of a specific organization. Just as selective and sophisticated as whaling, spear-phishing targets members of a specific organization to gain access to critical information, like staff credentials, intellectual property, customer data, and more. Spear-phishing attacks tend to be more lucrative than a run-of-the-mill phishing attack, which is why cybercriminals will often spend more time crafting and obtaining personal information from these specific targets. To avoid falling for this phishing scheme, employees must have proper security training so they know how to spot a phishing lure when they see one.
With so many things to click on a website, it’s easy to see why cybercriminals would take advantage of that fact. Content spoofing is based on exactly that notion – a cybercriminal alters a section of content on a page of a reliable website to redirect an unsuspecting user to an illegitimate website where they are then asked to enter personal details. The best way to steer clear of this phishing scheme is to check that the URL matches the primary domain name.
When users search for something online, they expect reliable resources. But sometimes, phishing sites can sneak their way into legitimate results. This tactic is called search engine phishing and involves search engines being manipulated into showing malicious results. Users are attracted to these sites by discount offers for products or services. However, when the user goes to buy said product or service, their personal details are collected by the deceptive site. To stay secure, watch out for potentially sketchy ads in particular and when in doubt always navigate to the official site first.
With new technologies come new avenues for cybercriminals to try and obtain personal data. Vishing, or voice phishing, is one of those new avenues. In a vishing attempt, cybercriminals contact users by phone and ask the user to dial a number to receive identifiable bank account or personal information through the phone by using a fake caller ID. For example, just last year, a security researcher received a call from their financial institution saying that their card had been compromised. Instead of offering a replacement card, the bank suggested simply blocking any future geographic-specific transactions. Sensing something was up, the researcher hung up and dialed his bank – they had no record of the call or the fraudulent card transactions. This scenario, as sophisticated as it sounds, reminds users to always double-check directly with businesses before sharing any personal information.
As you can see, phishing comes in all shapes and sizes. This blog only scratches the surface of all the ways cybercriminals lure unsuspecting users into phishing traps. The best way to stay protected is to invest in comprehensive security and stay updated on new phishing scams.
The post The Seven Main Phishing Lures of Cybercriminals appeared first on McAfee Blog.
Have you ever been on the receiving end of a scam or heard of someone whose bank account was emptied by fraudsters?
Unfortunately, these examples are becoming increasingly common. The Better Business Bureau (BBB) shared that they receive about 1,000 scam complaints daily from cash app users. As the number of cash app users increased over the last few years, so did the number of fraudsters on payment apps like Venmo and PayPal. As a result, even the most alert people have found themselves prey to smooth-talking fraudsters.
This article highlights common themes of cash app scams and explains how to protect your financial and personal information from scammers online. Stay tuned to learn more.
With the number of scams rising, it’s important to be more aware and cautious. So, what can you do to protect yourself from being scammed?
Here are four essential safety tips to avoid some common Venmo scams:
Let’s discuss some scam tactics commonly used on money transfer apps like Venmo and how you can quickly recognize and sidestep them.
Spoofing and phishing scams are practices that trick you into revealing sensitive financial or online information, leading you to lose money and face risk identity theft.
Knowing common ways that an online scammer can trick you will help you stay alert. This knowledge might make it easier to recognize a fraudster.
Let’s talk about a few common scam tactic examples, so you know the red flags to look out for when using cash apps like Venmo.
In this type of scam, a scammer will send you a text message, a notification, or an email with a link telling you that you won a cash prize or trending concert tickets on Venmo. The link generally leads to a page that asks you to sign in or provide information about your Venmo account. For example, the text could say something like, “As a long-time user of Venmo, you have received a $20 gift card from Venmo. Sign in to redeem.” Filling in these details can lead to your Venmo account being hacked.
Prevent being scammed this way by never sharing your Venmo login information with any person or third-party website.
A scammer may try to sign in to your Venmo account, requiring them to enter a code sent to your mobile number. They will call you, pretend to be from the Venmo tech support or customer service team, and produce any plausible reason they need you so you’ll share the code you received.
For example, this phone call may sound like, “Hello, we have noticed some unauthorized transactions on your Venmo account. This can lead to your account being blocked. To authorize the transactions, we need to confirm that you are the real owner of this account. For authentication purposes, we sent a code to your phone. Could you share that code with me, please?”
When in the middle of a busy work day, this call might not seem like a big deal and you may share the code without suspecting the caller of smishing. However, this code might be part of multi-factor authentication on Venmo and will give the scammer access to your account.
This can also look a little different. For example, someone who claims to be a Venmo agent might ask you to transfer a sum of money into another account to “verify” your account.
To avoid being scammed this way, keep in mind that a Venmo agent will never ask for a private code or try to gain access to your account. In addition, Venmo will never ask you to install a third-party app, redirect you to a different sign-in page, or ask you to send money to “verify” an account.
As a rule of thumb, never share your Venmo verification code with anyone, no matter who they claim to be.
This scam has a few names, including pyramid scheme, money circle, or cash wheel. Here, a scammer will persuade you to send them a small amount of money to earn back a larger sum within a short period. This is an easy scam to identify because you have no guarantee that the person will pay you back. However, scammers can be extremely convincing, and you may fall for their words.
To avoid this mistake on the cash transfer app, don’t ever send money to strangers on Venmo. Remember, if it sounds too good to be true, it’s probably a scam.
In such a scam, a scammer will attempt to impersonate someone you know. For example, a scammer is impersonating your friend “X.” They use any publicly available information about “X” and create an account using “X’s” name and picture. If “X’s” Venmo account isn’t private, the scammer can access “X’s” transaction history. And, if “X” has transacted with you in the past, the scammer posing as “X” will connect with you and request money. Usually, these requests suggest an urgent need for money. Since you know “X,” you might consider lending them the amount.
Avoid this scam by being wary of any unusual money requests from someone who looks like a friend. Before accepting the payment request, double-check that the person requesting the money is your friend or a family member. Reach out to your friend outside of Venmo through their phone or a credible social media account to verify that it’s not a fake profile asking you for money. In addition, you should always keep your Venmo friend list and transaction history private to avoid giving scammers access to your data.
If you’re selling goods online, a buyer might try to obtain your goods without actually paying for your product. So, they may send you a screenshot of a fake payment to prove they have paid when you haven’t received any money.
Sometimes, a scammer will send a screenshot showing that they accidentally paid you an extra sum of money, and may ask you to pay the money back. However, their payment was fake, and you will end up paying money from your pocket.
Another example involves a seller who sends a message that seems like it’s from Venmo. The message might say that the buyer made a payment, but it will only be fully processed once goods are shipped. Again, this is a red flag to watch out for because Venmo doesn’t offer this feature.
If you’re a buyer online, your seller may convince you to Venmo them the entire payment, and then they may refuse to ship the purchased goods to you.
To be protected from such scams, avoid selling and buying items using Venmo. If you’re buying from strangers on Venmo, ensure it is a Venmo-approved business account so you have purchase protection for any eligible items covered under the user agreement.
As a rule, it’s best not to exchange Venmo payments with strangers. Consider blocking the user if you receive an unsolicited payment or a payment request from a stranger on Venmo.
As transactions become increasingly digital, it’s important to educate yourself about the best practices to protect your financial information online.
Here are some general tips to follow:
Online safety should not be taken lightly, and investing in an advanced tool is a good idea to ensure your cybersafety.
If you’re serious about online safety and security, the McAfee+ Protection package is a great investment. This package gives you a premium level of online security, with full protection from things like identity theft. In addition, you get access to antivirus software for unlimited devices, personal data clean-ups, lost wallet protection, and a secure VPN — among other benefits. Sign up today!
The post How to Identify and Protect Yourself From Venmo Scams and Other Cash App Scams appeared first on McAfee Blog.
rs-1200
An old banking scam has a new look. And it’s making the rounds again.
Recently Bank of America alerted its customers of the “Pay Yourself Scam,” where scammers use phony fraud alerts and trick their victims into giving them access to their online banking accounts. It’s a form of phishing attack, and according to Bank of America it goes something like this:
The good news is that you can avoid this attack rather easily. If you receive a text or call about a possible fraud alert, don’t respond. (Scammers can easily “spoof” or fake caller ID information nowadays. So even if it appears that the number looks legitimate, it may not be after all.) Instead, contact your bank directly using the contact information on your debit or credit card. This way, you’ll know you’re speaking with the proper representatives about the matter.
Of course, this scam isn’t the only scam making the rounds these days. Whether it’s with some form of phishing attack, stealing passwords on public Wi-Fi, or malware that spies on your keystrokes, scammers use plenty of tricks to crack into online bank accounts. Yet with a few precautions and a sharp eye, you have several ways you can protect yourself.
Online protection software today goes far beyond antivirus. It can protect your privacy, identity, and your online accounts as well. McAfee+ Ultimate provides our most comprehensive coverage with features that monitor the dark web and sketchy data broker sites for your personal information, identity theft and ransomware protection, and identity restoration services should the unexpected happen—all along with our award-winning antivirus protection. In all, it protects you, not just your devices. Together, it offers your strongest line of defense in the face of hackers, scammers, and thieves.
Legitimate banks will never pressure, harass, or cajole you into action. If you get a message that strikes an aggressive tone, assume it’s fraudulent. Other things legitimate banks will never do include:
Earlier, I mentioned contacting your bank directly to ensure you’re speaking to a proper representative. Another way you can go directly to the source is to use your bank’s website or app to check up on your accounts. Once again, don’t click any links in a text or email. Just go to your bank’s website or app to check your account. You can make sure you have your bank’s official app by visiting the Google Play or Apple’s App Store and looking at the information section to ensure that it was indeed developed by your bank—not a copycat.
Strong and unique passwords for each of your online accounts can help keep hackers at bay. With data breaches occurring so often, updating them regularly is important too. Yet with all the accounts we keep, that can mean a lot of work. However, a password manager can create those passwords for you and safely store them as well. Comprehensive security software will include one.
Two-factor authentication is an extra layer of defense on top of your username and password. It adds in the use of a special one-time-use code to access your account, usually sent to you via email or to your phone by text or a phone call. In all, it combines something you know, like your password, with something you have, like your smartphone. Together, that makes it tougher for a crook to hack your account. If any of your accounts support two-factor authentication, the few extra seconds it takes to set up is more than worth the big boost in protection you’ll get.
When you log onto public Wi-Fi, potentially anyone can see your internet activity—and that includes things like entering your username and password. For that reason, only log into your bank account with public Wi-Fi if you’re using a virtual private network (VPN). McAfee Secure VPN protects your privacy by turning on automatically for unsecured networks. Your data is encrypted so it can’t be read by prying eyes. The VPN also keeps your online activity and physical location private and secure from advertisers.
Keeping an eye on your bills and statements as they come in can help you spot unusual activity on your accounts. A credit monitoring service can do that one better by keeping daily tabs on changes to your credit report. While you can do this manually, there are limitations. First, it involves logging into each bureau and doing some digging of your own. Second, there are limitations as to how many free credit reports you can pull each year. A service does that for you and without impacting your credit score.
Depending on your location and plan, McAfee’s credit monitoring allows you to look after your credit score and the accounts within it to see fluctuations and help you identify unusual activity, all in one place, checking daily for signs of identity theft.
When a fraud notification pops up on your phone, you can almost feel your stomach drop. Hackers and scammers play off that fear. They use it to get you to act—and to act quickly. Taking a moment to scrutinize these messages and following up directly with your bank can help you steer clear of their tricks. Likewise, putting up a strong defense with comprehensive online protection software can make you safer still. In the meantime, keep your eyes open for this “Pay Yourself Scam” and other scams like it. It’s certainly not the first of its kind, and it won’t be the last.
The post Steer Clear of the “Pay Yourself Scam” That’s Targeting Online Bank Accounts appeared first on McAfee Blog.
Safety has a feeling all its own, and that’s what’s at the heart of McAfee+.
We created McAfee+ so people can not only be safe but feel safe online, particularly in a time when there’s so much concern about identity theft and invasion of our online privacy.
And those concerns have merit. Last year, reported cases of identity theft and fraud in the U.S. shot up to 5.7 million, to the tune of $5.8 billion in losses, a 70% increase over the year prior. Meanwhile, online data brokers continue to buy and sell highly detailed personal profiles with the data cobbled together from websites, apps, smartphones, connected appliances, and more, all as part of a global data-gathering economy estimated at well over $200 billion a year.
Yet despite growing awareness of the ways personal information is collected, bought, sold, and even stolen, it remains a somewhat invisible problem. You simply don’t see it as it happens, let alone know who’s collecting what information about you and toward what ends—whether legal, illegal, or somewhere in between. A recent study we conducted showed that 74% of consumers are concerned about keeping their personal information private online. Yet, most of us have found out the hard way (when we search for our name on the internet) that there is a lot of information about us that has been made public. It is our belief that every individual should have the right to be private, yet we know too many individuals don’t know where to begin. It is this very worry that made us focus our new product line on empowering our users to take charge of their privacy and identity online.
McAfee+ gives you that control.
Now available in the U.S., McAfee+ provides all-in-one online protection for your identity, privacy, and security. With McAfee+, you’ll feel safer online because you’ll have the tools, guidance and support to take the steps to be safer online. Here’s how:
You can see the entire range of features that cover your identity, privacy, and security with a visit to our McAfee+ page.
McAfee+ Ultimate offers our most thorough protection, with which you can lock your credit with a click or put a comprehensive security freeze in place, both to thwart potential identity theft. You can keep tabs on your credit with daily credit monitoring and get an alert when there’s credit activity to spot any irregularities quickly.
You’ll also feel like someone has your back. Even with the most thorough measures in place, identity theft and ransomware attacks can still strike, which can throw your personal and financial life into a tailspin. What do you do? Where do you start? Here, we have you covered. We offer two kinds of coverage that can help you recover your time, money, and good name:
Starting today, customers in the U.S. can purchase McAfee+ online at McAfee.com in Premium, Advanced, and Ultimate plans, in addition to individual and family subscriptions. McAfee+ will also be available online in the U.K., Canada, and Australia in the coming weeks with additional regions coming in the months ahead (features may vary by region).
We are very excited about bringing these new protections to you and we hope you will be too.
The post The Feeling of Safety with McAfee+ appeared first on McAfee Blog.
Are you aware of the perils of the world’s no. 1 social media? Do you know how to avoid scams and stay safe on TikTok?
The post TikShock: Don’t get caught out by these 5 TikTok scams appeared first on WeLiveSecurity
Scammers are using invoices sent through PayPal.com to trick recipients into calling a number to dispute a pending charge. The missives — which come from Paypal.com and include a link at Paypal.com that displays an invoice for the supposed transaction — state that the user’s account is about to be charged hundreds of dollars. Recipients who call the supplied toll-free number to contest the transaction are soon asked to download software that lets the scammers assume remote control over their computer.
KrebsOnSecurity recently heard from a reader who received an email from paypal.com that he immediately suspected was phony. The message’s subject read, “Billing Department of PayPal updated your invoice.”
A copy of the phishing message included in the PayPal.com invoice.
While the phishing message attached to the invoice is somewhat awkwardly worded, there are many convincing aspects of this hybrid scam. For starters, all of the links in the email lead to paypal.com. Hovering over the “View and Pay Invoice” button shows the button indeed wants to load a link at paypal.com, and clicking that link indeed brings up an active invoice at paypal.com.
Also, the email headers in the phishing message (PDF) show that it passed all email validation checks as being sent by PayPal, and that it was sent through an Internet address assigned to PayPal.
Both the email and the invoice state that “there is evidence that your PayPal account has been accessed unlawfully.” The message continues:
“$600.00 has been debited to your account for the Walmart Gift Card purchase. This transaction will appear in the automatically deducted amount on PayPal activity after 24 hours. If you suspect you did not make this transaction, immediately contact us at the toll-free number….”
Here’s the invoice that popped up when the “View and Pay Invoice” button was clicked:
The phony PayPal invoice, which was sent and hosted by PayPal.com.
The reader who shared this phishing email said he logged into his PayPal account and could find no signs of the invoice in question. A call to the toll-free number listed in the invoice was received by a man who answered the phone as generic “customer service,” instead of trying to spoof PayPal or Walmart. Very quickly into the conversation he suggested visiting a site called globalquicksupport[.]com to download a remote administration tool. It was clear then where the rest of this call was going.
I can see this scam tricking a great many people, especially since both the email and invoice are sent through PayPal’s systems — which practically guarantees that the message will be successfully delivered. The invoices appear to have been sent from a compromised or fraudulent PayPal Business account, which allows users to send invoices like the one shown above. Details of this scam were shared Wednesday with PayPal’s anti-abuse (phishing@paypal.com) and media relations teams.
PayPal said in a written statement that phishing attempts are common and can take many forms.
“We have a zero-tolerance policy on our platform for attempted fraudulent activity, and our teams work tirelessly to protect our customers,” PayPal said. “We are aware of this well-known phishing scam and have put additional controls in place to mitigate this specific incident. Nonetheless, we encourage customers to always be vigilant online and to contact Customer Service directly if they suspect they are a target of a scam.”
It’s remarkable how well today’s fraudsters have adapted to hijacking the very same tools that financial institutions have long used to make their customers feel safe transacting online. It’s no accident that one of the most prolific scams going right now — the Zelle Fraud Scam — starts with a text message about an unauthorized payment that appears to come from your bank. After all, financial institutions have spent years encouraging customers to sign up for mobile alerts via SMS about suspicious transactions, and to expect the occasional inbound call about possibly fraudulent transactions.
Also, today’s scammers are less interested in stealing your PayPal login than they are in phishing your entire computer and online life with remote administration software, which seems to be the whole point of so many scams these days. Because why rob just one online account when you can plunder them all?
The best advice to sidestep phishing scams is to avoid clicking on links that arrive unbidden in emails, text messages and other mediums. Most phishing scams invoke a temporal element that warns of dire consequences should you fail to respond or act quickly. If you’re unsure whether the message is legitimate, take a deep breath and visit the site or service in question manually — ideally, using a browser bookmark to avoid potential typosquatting sites.
Email scammers sent an Uber to the home of an 80-year-old woman who responded to a well-timed email scam, in a bid to make sure she went to the bank and wired money to the fraudsters. In this case, the woman figured out she was being scammed before embarking for the bank, but her story is a chilling reminder of how far crooks will go these days to rip people off.
Travis Hardaway is a former music teacher turned app developer from Towson, Md. Hardaway said his mother last month replied to an email she received regarding an appliance installation from BestBuy/GeekSquad. Hardaway said the timing of the scam email couldn’t have been worse: His mom’s dishwasher had just died, and she’d paid to have a new one delivered and installed.
“I think that’s where she got confused, because she thought the email was about her dishwasher installation,” Hardaway told KrebsOnSecurity.
Hardaway said his mom initiated a call to the phone number listed in the phony BestBuy email, and that the scammers told her she owed $160 for the installation, which seemed right at the time. Then the scammers asked her to install remote administration software on her computer so that they could control the machine from afar and assist her in making the payment.
After she logged into her bank and savings accounts with scammers watching her screen, the fraudster on the phone claimed that instead of pulling $160 out of her account, they accidentally transferred $160,000 to her account. They said they they needed her help to make sure the money was “returned.”
“They took control of her screen and said they had accidentally transferred $160,000 into her account,” Hardaway said. “The person on the phone told her he was going to lose his job over this transfer error, that he didn’t know what to do. So they sent her some information about where to wire the money, and asked her to go to the bank. But she told them, ‘I don’t drive,’ and they told her, “No problem, we’re sending an Uber to come help you to the bank.'”
Hardaway said he was out of town when all this happened, and that thankfully his mom eventually grew exasperated and gave up trying to help the scammers.
“They told her they were sending an Uber to pick her up and that it was on its way,” Hardaway said. “I don’t know if the Uber ever got there. But my mom went over to the neighbor’s house and they saw it for what it was — a scam.”
Hardaway said he has since wiped her computer, reinstalled the operating system and changed her passwords. But he says the incident has left his mom rattled.
“She’s really second-guessing herself now,” Hardaway said. “She’s not computer-savvy, and just moved down here from Boston during COVID to be near us, but she’s living by herself and feeling isolated and vulnerable, and stuff like this doesn’t help.”
According to the Federal Bureau of Investigation (FBI), seniors are often targeted because they tend to be trusting and polite. More importantly, they also usually have financial savings, own a home, and have good credit—all of which make them attractive to scammers.
“Additionally, seniors may be less inclined to report fraud because they don’t know how, or they may be too ashamed of having been scammed,” the FBI warned in May. “They might also be concerned that their relatives will lose confidence in their abilities to manage their own financial affairs. And when an elderly victim does report a crime, they may be unable to supply detailed information to investigators.”
In 2021, more than 92,000 victims over the age of 60 reported losses of $1.7 billion to the FBI’s Internet Crime Complaint Center (IC3). The FBI says that represents a 74 percent increase in losses over losses reported in 2020.
The abuse of ride-sharing services to scam the elderly is not exactly new. Authorities in Tampa, Fla. say they’re investigating an incident from December 2021 where fraudsters who’d stolen $700,000 from elderly grandparents used Uber rides to pick up bundles of cash from their victims.
Are you on Tinder? With 75 million monthly active users, you might be able to find the right one. However there are also traps you need to look out for. Read more about catfishing, sextortion, phishing and other practices used by scammers.
The post Don’t get singed by scammers while you’re carrying the torch for Tinder appeared first on WeLiveSecurity
It pays to be careful – here’s how you can stay safe from fake giveaways, money flipping scams and other cons that fraudsters use to trick payment app users out of their hard-earned cash
The post Cash App fraud: 10 common scams to watch out for appeared first on WeLiveSecurity
Scammers don't take the summer off – be on your guard when buying your Crit'Air sticker
The post Driving to France this summer? Watch out for scam websites before you go appeared first on WeLiveSecurity
Here’s what to watch out for when buying or selling stuff on the online marketplace and how to tell if you’re being scammed
The post 8 common Facebook Marketplace scams and how to avoid them appeared first on WeLiveSecurity
In this digital age, communicating online and through our devices has become the norm. From sharing highlights of last night’s game to sending cute animal videos back and forth, so much of our connectedness happens virtually. It’s become so easy to chat with friends and loved ones through social media that we don’t even have to think about it. We know who’s on the other end of the screen, so why would we worry? We know our friends would never send us a malicious link that would steal our information, so why be cautious? Right?
Not necessarily. Though a message or link may seem like it’s coming from a friend, it’s also possible that it was sent without their knowledge. There are many ways for hackers to scam people very believably. The latest Facebook Messenger hack is just one of many examples.
According to PIXM, Facebook users have been conned for several months by a phishing scam that tricks them into handing over their account credentials. Users are shown a fake login page that copies Facebook’s user interface, giving it the illusion of being real. When someone enters their credentials, their password and login combo is sent to the hacker who then sends out the same link and fake login to the user’s friends through Facebook Messenger. Any user who clicks the link is asked to fill out their credentials, and the cycle repeats. PIXM estimates that over 10 million Facebook users have been duped by this scam since 2021.
This hacker was able to utilize a technique to evade Facebook’s security checks. When a user clicks on the link in the Messenger app, the browser redirects to a legitimate app deployment service, then redirects again to the actual phishing pages with advertisements and surveys that accrue revenue for the hacker. Using this legitimate service link prevents Facebook from blocking it without blocking other legitimate apps and links as well. Researchers say that even if Facebook managed to block one of these links, several others are created with new unique IDs every day to replace it.
Phishing scams like these are harder to detect due to the realistic-looking interface on the login pages and that these malicious links are seemingly coming from friends and family. However, there are always key things to look out for when faced with phishing scams.
Scams don’t always come from overtly sketchy emails or text messages from strangers. Sometimes they can (unintentionally) come from people we know personally. This isn’t to say that your friends online can’t be trusted! However, it’s important to always be cautious and keep an eye out for any odd behavior to stay on the safe side. Here are some key things to look out for when faced with potential malicious phishing scams:
When in doubt, just ask! If you’ve received a message and a link from a friend online, simply ask if they meant to send it to you. If they didn’t send it themselves, not only did you dodge a bullet, but your friend is also now aware that they’ve been hacked and can take the necessary precautions to ensure their information is protected. And if they did mean to send it to you, then you can click the link knowing that it’s safe to do so. It’s always best to err on the side of caution when it comes to your online security.
The post Over 10 Million Facebook Users Hacked in Ongoing Phishing Scam appeared first on McAfee Blog.
The lead-up to the Canada Day festivities has brought a tax scam with it
The post Phishing scam poses as Canadian tax agency before Canada Day appeared first on WeLiveSecurity
If the promise of a cash prize in return for answering a few questions sounds like a deal that is too good to be true, that’s because it is
The post Costco 40th anniversary scam targets WhatsApp users appeared first on WeLiveSecurity
The explosion of e-commerce sites has changed how we shop today, providing access to millions of online stores with almost unlimited selections.
Just as you would take basic precautions in a brick-and-mortar store — perhaps hiding your PIN number while paying and making sure the business is legitimate — you should also practice safe shopping habits online.
Here are eight ways you can avoid fake websites and other online scams and ensure that you’re dealing with legitimate companies and safe online stores.
One of the best ways to tell if an online store is legit and avoid debit and credit card scams, domain name and subdomain name takeovers, and other problems is with a free and effective download like McAfee WebAdvisor.
This smart tool helps you surf and shop with confidence, protecting you from malicious sites that can contain:
McAfee WebAdvisor is a free browser extension that downloads quickly and installs easily, working in the background automatically to protect you from malware and phishing as you surf, search, and enjoy online shopping.
McAfee WebAdvisor works with Windows 10, 8.1, 8, and 7 (32- and 64-bit) computers and is compatible with these browsers:
Here are other ways to make sure you know when you’re dealing with scammers online.
When checking an e-commerce site’s credentials, start with the address bar. Often, hackers will use URLs that are very close to the real site’s URL but not quite the same. Look for typos or use Google to see if a search takes you to the same page. Also, look for a padlock icon in the address bar.
Click the padlock and look at the drop-down menu that provides information, such as if the site has a valid certificate like SSL (verifying that the web address belongs to the company), how many cookies are in use, other site settings, and whether your information is safe when sent to this site.
The protection is pretty good but not perfect since some cybercriminals have been able to replicate these padlocks or take over legitimate sites that have them.
Trust seals, such as the TrustedSite certification, are stamps created by a certificate authority (CA) to confirm the legitimacy of a site. A trust seal tells visitors that they are on a safe site and the company that displays the mark prioritizes cybersecurity. Click on it, and you should be taken to a webpage that verifies the authenticity of the trust seal.
Google’s Safe Browsing technology crawls through billions of web addresses every day on the lookout for unsafe websites. The technology discovers thousands daily — often legitimate sites that have been compromised. Warnings for unsafe sites pop up in your browser and on the Google search engine. You can also search specific URLs to see if a site has been compromised.
It’s worth checking a company on social media to see if they appear to have a genuine following and legitimate posts. The Better Business Bureau (BBB) also has suggestions for spotting fake social media accounts, including those on LinkedIn, Facebook, Twitter, and Instagram. You should look for:
Another way to test the legitimacy of an online retail store is to check its contact information. Does it have a physical address, phone number, and email contact? Does the email address on the contact page have the company domain name in it, or is it generic (like a Gmail address)? If you send an email, does it get delivered?
Check to see if the e-commerce site looks as if it has been professionally produced or whether it has been thrown together with slapdash results. Are there typos, grammar errors, poor-quality images, and a sloppy design? Does it have a poorly worded return policy or no return policy at all?
All the things that undermine the professional appearance and authenticity of a site should be red flags and convince you that you’re on a scam website.
If the online company is a legitimate website (not a scam site) and has been around for a while, there should be authentic third-party reviews from previous customers. Review sites include Google My Business, Amazon, and Yelp.
If the reviews are uniformly bad, on the other hand, you have another type of problem to confront.
Since virtual shopping is fast becoming the new norm, it’s important to guard against cybercriminals that are increasingly targeting retailers and their customers. A great way to shop with confidence is to use McAfee WebAdvisor, which is available as a free download.
The web browser extension works tirelessly in the background to protect you as you browse and buy. Think of it as a gift to yourself so you can use the internet to its full potential while keeping your information protected.
The post 8 Ways to Know If Online Stores Are Safe and Legit appeared first on McAfee Blog.
The great thing about the internet is that there’s room for everyone. The not-so-great part? There’s plenty of room for cybercriminals who are hungry to get their hands on our personal information.
Fortunately, internet scams don’t have to be a part of your online experience. In this article, we’ll tell you about some of the most common internet schemes and how you can recognize them to keep your identity safe.
Scams are scary, but you can prevent yourself from falling for one by knowing what to look for. Here are a few tell-tale signs that you’re dealing with a scammer.
If you get a message that you’ve won a big sum of cash in a sweepstakes you don’t remember entering, it’s a scam. Scammers may tell you that all you need to do to claim your prize is send them a small fee or give them your banking information.
When you enter a real sweepstakes or lottery, it’s generally up to you to contact the organizer to claim your prize. Sweepstakes aren’t likely to chase you down to give you money.
Scammers will often ask you to pay them using gift cards, money orders, cryptocurrency (like Bitcoin), or through a particular money transfer service. Scammers need payments in forms that don’t give consumers protection.
Gift card payments, for example, are typically not reversible and hard to trace. Legitimate organizations will rarely, if ever, ask you to pay using a specific method, especially gift cards.
When you have to make online payments, it’s a good idea to use a secure service like PayPal. Secure payment systems can have features to keep you safe, like end-to-end encryption.
Scammers may try to make you panic by saying you owe money to a government agency and you need to pay them immediately to avoid being arrested. Or the criminal might try to tug at your heartstrings by pretending to be a family member in danger who needs money.
Criminals want you to pay them or give them your information quickly — before you have a chance to think about it. If someone tries to tell you to pay them immediately in a text message, phone call, or email, they’re likely a scammer.
Many scammers pretend to be part of government organizations like the Internal Revenue Service (IRS). They’ll claim you owe them money. Criminals can even use technology to make their phone numbers appear legitimate on your caller ID.
If someone claiming to be part of a government organization contacts you, go to that organization’s official site and find an official support number or email. Contact them to verify the information in the initial message.
Scammers may also pretend to be businesses, like your utility company. They’ll likely say something to scare you, like your gas will be turned off if you don’t pay them right away.
Most legitimate organizations will thoroughly proofread any copy or information they send to consumers. Professional emails are well-written, clear, and error-free. On the other hand, scam emails will likely be full of grammar, spelling, and punctuation errors.
It might surprise you to know that scammers write sloppy emails on purpose. The idea is that if the reader is attentive enough to spot the grammatical mistakes, they likely won’t fall for the scam.
There are certain scams that criminals try repeatedly because they’ve worked on so many people. Here are a few of the most common scams you should watch out for.
A phishing scam can be a phone or email scam. The criminal sends a message in which they pretend to represent an organization you know. It directs you to a fraud website that collects your sensitive information, like your passwords, Social Security number (SSN), and bank account data. Once the scammer has your personal information, they can use it for personal gain.
Phishing emails may try anything to get you to click on their fake link. They might claim to be your bank and ask you to log into your account to verify some suspicious activity. Or they could pretend to be a sweepstakes and say you need to fill out a form to claim a large reward.
During the coronavirus pandemic, new phishing scams have emerged, with scammers claiming to be part of various charities and nonprofits. Sites like Charity Navigator can help you discern real groups from fake ones.
These scams also became much more prominent during the pandemic. Let’s say you’re preparing to fly to Paris with your family. A scammer sends you a message offering you an insurance policy on any travel plans you might be making. They’ll claim the policy will compensate you if your travel plans fall through for any reason without any extra charges.
You think it might be a good idea to purchase this type of insurance. Right before leaving for your trip, you have to cancel your plans. You go to collect your insurance money only to realize the insurance company doesn’t exist.
Real travel insurance from a licensed business generally won’t cover foreseeable events (like travel advisories, government turmoil, or pandemics) unless you buy a Cancel for Any Reason (CFAR) addendum for your policy.
Grandparent scams prey on your instinct to protect your family. The scammer will call or send an email pretending to be a family member in some sort of emergency who needs you to wire them money. The scammer may beg you to act right away and avoid sharing their situation with any other family members.
For example, the scammer might call and say they’re your grandchild who’s been arrested in Mexico and needs money to pay bail. They’ll say they’re in danger and need you to send funds now to save them.
If you get a call or an email from an alleged family member requesting money, take the time to make sure they’re actually who they say they are. Never wire transfer money right away or over the phone. Ask them a question that only the family member would know and verify their story with the rest of your family.
You get an email from a prince. They’ve recently inherited a huge fortune from a member of their royal family. Now, the prince needs to keep their money in an American bank account to keep it safe. If you let them store their money in your bank account, you’ll be handsomely rewarded. You just need to send them a small fee to get the money.
There are several versions of this scam, but the prince iteration is a pretty common one. If you get these types of emails, don’t respond or give out your financial information.
Your online experience is rudely interrupted when a pop-up appears telling you there’s a huge virus on your computer. You need to “act fast” and contact the support phone number on the screen. If you don’t, all of your important data will be erased.
When you call the number, a fake tech support worker asks you for remote access to your device to “fix” the problem. If you give the scammer access to your device, they may steal your personal and financial information or install malware. Worse yet, they’ll probably charge you for it.
These scams can be pretty elaborate. A scam pop-up may even appear to be from a reputable software company. If you see this type of pop-up, don’t respond to it. Instead, try restarting or turning off your device. If the device doesn’t start back up, search for the support number for the device manufacturer and contact them directly.
Scammers will often pose as popular e-commerce companies by creating fake websites. The fake webpages might offer huge deals on social media. They’ll also likely have a URL close to the real business’s URL but slightly different.
Sometimes, a criminal is skilled enough to hack the website of a large online retailer. When a scammer infiltrates a retailer’s website, they can redirect where the links on that site lead. This is called formjacking.
For example, you might go to an e-commerce store to buy a jacket. You find the jacket and put it in your online shopping cart. You click “check out,” and you’re taken to a form that collects your credit card information. What you don’t know is that the checkout form is fake. Your credit card number is going directly to the scammers.
Whenever you’re redirected from a website to make a payment or enter in information, always check the URL. If the form is legitimate, it will have the same URL as the site you were on. A fake form will have a URL that’s close to but not exactly the same as the original site.
These scams are similar to tech support scams. However, instead of urging you to speak directly with a fake tech support person, their goal is to get you to download a fake antivirus software product (scareware).
You’ll see a pop-up that says your computer has a virus, malware, or some other problem. The only way to get rid of the problem is to install the security software the pop-up links to. You think you’re downloading antivirus software that will save your computer.
What you’re actually downloading is malicious software. There are several types of malware. The program might be ransomware that locks up your information until you pay the scammers or spyware that tracks your online activity.
To avoid this scam, never download antivirus software from a pop-up. You’ll be much better off visiting the website of a reputable company, like McAfee, to download antivirus software.
Dealing with credit card debt can be extremely stressful. Scammers know this and try to capitalize off it. They’ll send emails posing as credit experts and tell you they can help you fix your credit or relieve some of your debt. They might even claim they can hide harmful details on your credit report.
All you have to do is pay a small fee. Of course, after you pay the fee, the “credit expert” disappears without helping you out with your credit at all. Generally, legitimate debt settlement firms won’t charge you upfront. If a credit relief company charges you a fee upfront, that’s a red flag.
Before you enter into an agreement with any credit service, check out their reputation. Do an online search on the company to see what you can find. If there’s nothing about the credit repair company online, it’s probably fake.
Admitting that you’ve fallen for an online scam can be embarrassing. But reporting a scammer can help stop them from taking advantage of anyone else. If you’ve been the victim of an online scam, try contacting your local police department and filing a report with the Federal Trade Commission (FTC).
Several other law enforcement organizations handle different types of fraud. Here are a few examples of institutions that can help you report scams.
Fraudsters shouldn’t stop you from enjoying your time online. Just by learning to spot an online scam, you can greatly strengthen your immunity to cybercrimes.
For an even greater internet experience, you’ll want the right tools to protect yourself online. McAfee’s Total Protection services can help you confidently surf the web by providing all-in-one protection for your personal info and privacy. This includes identity protection — which comes with 24/7 monitoring of your email addresses and bank accounts — and antivirus software to help safeguard your internet connection.
Get the peace of mind that comes with McAfee having your back.
The post How to Recognize an Online Scammer appeared first on McAfee Blog.
Online banking puts the ability to pay bills, check your balance, or transfer money at your fingertips. Unfortunately, it can also make you vulnerable to scammers who may try to trick you into giving them access to your account.
By remaining vigilant, though, you can avoid common scams. This article discusses mobile banking scams and how to avoid them.
Online banking can be super convenient — for both you and cybercriminals. And hackers may use a variety of tactics to gain access to your accounts. Most of these involve tricking you into giving them your account information.
With this type of online scam, fraudsters may send a text message or email that looks like it’s from your bank. Often, the message will ask for immediate action, such as confirming your information to keep the account from being closed.
The message might even include a link to the bank, but it actually goes to a fraudulent website designed to look like the bank’s website. When you enter your account information, the scammers record it.
Sometimes, the email asks you to call a fake customer service number. If you do, you’ll speak to someone who tries to get you to give over sensitive information, like your date of birth or Social Security number (SSN).
Occasionally, scammers already have some of your personal information. To gain your trust, they might mention personal details like your date of birth or the last four digits of your SSN. They may have learned this information from your social media posts or accessed it in a data breach.
Another way hackers may try to access your bank account is to steal or guess your password. If they can log into your account, they can use your sensitive information for personal gain, otherwise known as identity theft. They can then open credit card accounts in your name, purchase merchandise, or transfer money out of your account.
Cybercriminals use technology to guess billions of passwords per second. However, it’s more difficult to guess long passwords with a combination of letters and numbers.
For example, a computer can instantly guess a password consisting of eight letters. Adding one uppercase letter extends the time it takes to crack a password to 22 minutes. In contrast, a 12-character password with an uppercase letter, a number, and a symbol would take the computer 34,000 years to crack.
When you click a link or attachment in an email or download fake antivirus software, your device can become infected with malicious software or malware. A virus can let hackers view data from your device and use it to access your financial information or bank accounts.
Consider getting antivirus software to help protect your devices, like what’s offered through McAfee Total Protection. Our award-winning antivirus software provides 24/7 real-time threat protection against online threats like malware, viruses, ransomware, and phishing, across Apple and Android systems.
Public Wi-Fi gives you convenient, free access to the internet in restaurants, airports, and department stores. But it can also be easy for hackers to see your private information on an open network that doesn’t require a password.
If you log into your online bank account, your login information could be exposed, making you vulnerable to bank fraud. Shopping online with public Wi-Fi could also expose your credit card information.
Fortunately, you can protect yourself from cybercriminals with sensible precautions and a healthy dose of suspicion. Use the tips below to help safeguard your accounts from online banking scams.
McAfee Total Protection provides all-in-one protection for your personal information and privacy. You’ll have coverage for all of your laptops, tablets, and smartphones on most operating systems — Windows, macOS, Android, or iOS. In addition to premium antivirus software, you get identity monitoring and a secure VPN that shields your data when using public Wi-Fi.
You can better recognize phishing emails once you understand how banks communicate with customers. There are certain things legitimate banks never do. If you get a message like that, assume it’s fraudulent. Some other tips include:
At some point, almost everyone has used the same password for different websites. But this is one of the simplest ways for hackers to get into your accounts. If they figure out the password for one, they can sometimes access your other accounts.
The most common passwords are:
Use unique passwords for each website. They should be 12 characters long and include numbers, lowercase letters, uppercase letters, and symbols. McAfee Total Protection includes a password manager to help generate and store your passwords in a single location.
If you get an email about an issue with your bank account, you can always go directly to your bank’s website. Don’t click any links in a text or email — just go directly to your bank’s website to check your account. Similarly, if you get a phone call, dial your bank directly using the official telephone number.
Use two-factor authentication when logging into websites for your financial institutions. You’ll get a one-time code by text or email to use each time you log into your account.
When you log onto public Wi-Fi, anyone can see your internet activity. For that reason, you shouldn’t log into your bank account with public Wi-Fi unless you’re using a virtual private network (VPN).
McAfee Secure VPN protects your privacy by turning on automatically for unsecured networks. Your data is encrypted so it can’t be read by prying eyes. The VPN also keeps your online activity and physical location private and secure from advertisers.
Review your bank statements carefully each month to ensure there are no unauthorized transactions. Contact your bank immediately if you see any payments or withdrawals that you don’t recognize.
Being vigilant and understanding how scammers work can help you avoid online banking scams. For an additional layer of security, use McAfee Total Protection. Our comprehensive cybersecurity services protect all of your devices with award-winning antivirus, a secure VPN for safe Wi-Fi connections, and advanced identity monitoring. There’s even a team of security experts available to assist you around the clock.
With McAfee, you can bank online with ease knowing your personal data is secure.
The post Types of Online Banking Scams and How to Avoid Them appeared first on McAfee Blog.
The growing number of internet crimes targeting senior adults is mind-blowing.
In 2021, more than 92,000 people over the age of 60 reported losses of $1.7 billion, according to IC3, the FBI’s Internet Crime division. That number reflects a 74 percent increase in losses from 2020.
These numbers tell us a few things. They tell us that scamming the elderly is a multi-billion-dollar business for cybercriminals. It also tells us that regardless of how shoddy or obvious online scams may appear to anyone outside the senior community, they are working.
However, information is power. Senior adults can protect their hard-earned retirement funds and government benefits by staying informed, adopting new behaviors, and putting tools in place designed to stop scammers in their tracks. And, when possible, family, friends, and caregivers can help.
The FBI said confidence fraud and romance scams netted over $281 million in losses.
The top four types of scams targeting seniors: Romance scams (confidence scams), fake online shopping, false utility representatives, and government agent imposters. Here’s how to make a few shifts to mindset and your daily routine and steer clear of digital deception.
Just as the seasons change in our lives, so too must our behaviors when connecting to people and information via our devices. Cybercriminals target older people because they assume they aren’t as informed about schemes or technically savvy as younger people. Senior adults and their loved ones can work daily to change that narrative. With the right mindset, information, and tools, seniors can connect online with confidence and enjoy their golden years without worrying about digital deception.
The post Seniors: How to Keep Your Retirement Safe from Online Scams appeared first on McAfee Blog.
FreshRSS 