Login
It’s common practice to pull down the window shades at night. Homeowners invest in high fences. You may even cover the PIN pad when you type in your secret four-digit code at ATMs. Privacy is key to going about your daily life comfortably in your surroundings. Why shouldn’t privacy also extend to your digital surroundings?
This Data Privacy Day, round out your privacy protection toolbox with McAfee’s help so you can live your best online life safely.
An easy way to instantly boost the privacy of your every online move is to always connect to a virtual private network (VPN). A VPN scrambles your connected device’s internet session, meaning that it’s impossible for a cybercriminal to eavesdrop on your online comings and goings. VPNs are especially crucial for when you connect to public Wi-Fi networks or networks for which you cannot vouch for their security. Cybercriminals often lurk on public Wi-Fi networks at hotels, coffee shops, and libraries and pounce on users who connect their devices without the protection of a VPN.
Digital privacy not only implies remaining hidden from nefarious eyes, but also from the prying eyes of pesky advertisers. A VPN can assist with that too! When you have a VPN enabled, it confuses advertisers and targeted ads. The less information they have, the more privately you can surf online.
To improve your online privacy, it’s important to first know how safe you currently are. When you can identify your weakest digital privacy habits, you can make targeted improvements to them. Luckily, McAfee Protection Score can help you do just that! Protection Score is a helpful privacy tool that rates your current digital safety. Then, based on your score, the tool offers suggestions on how to boost your score.
For instance, Protection Score searches for your personally identifiable information (PII) on the dark web. If it finds a copy of your government ID or your financial records on a dubious site, your score will tank. While it may be alarming to have a low Protection Score, you can feel good that you’re making positive waves, hopefully before a cybercriminal takes advantage of your PII and uses it to steal your identity.
There are several easy ways to boost your score that require very little effort but have a huge payoff. Connecting to a VPN and running an antivirus scan on your device are just two things you can do and each only takes a few seconds. Changing your habits and turning your online safety around doesn’t have to be overwhelming! In some cases, there are services that’ll even do the work for you, like the service we’ll talk about next.
To round out your privacy protection toolbox, consider signing up for McAfee Personal Data Cleanup. This service is a great companion to Protection Score. While Protection Score identifies all the areas where you can improve your security, Personal Data Cleanup is a service that will remove your information from the web’s riskiest sites.
Did you know that, on average, a person has their PII for sale on 31 sites? Plus, 95% of people haven’t even given their permission and have their personal information for sale on data brokerage sites. Data brokerage sites are legal and anyone can buy your information. Online advertisers are the usual clients, but a cybercriminal can jump in and buy valuable PII, as well.
You should care about data privacy every day not just when the calendar reminds you on Data Privacy Day. Take the steps and invest in the right solutions to shore up your online defenses. McAfee+ Ultimate is an all-in-one service that includes unlimited VPN, Protection Score, a full-service Personal Data Cleanup, and 13 other high-quality identity, privacy, and device security tools.
Live your online life more confidently with McAfee, knowing that cybercriminals are less likely to slip by and damage your credit, identity, or online reputation.
The post 3 Tools to Round Out Your Privacy Protection Toolbox appeared first on McAfee Blog.
Authored by Dennis Pang
Online protection software. Antivirus. The two words get used interchangeably often enough. But sure enough, they’re different. And yet directly related when you take a closer look.
The term “antivirus” has been with us for decades now, dating back to the first software that was designed to prevent computers from getting malware—malicious code, like viruses, that would lock up computers, scramble data, or otherwise damage computers and the data on them. Prime examples of these early types of malware include 1999’s “Melissa” virus spreads by infected email attachments and the even more devastating “ILOVEYOU” virus that incurred billions in damages worldwide.
There’s a good reason why people default to the word “antivirus” so easily. Viruses have been on our collective minds for some time. And computer purchases have often been accompanied by the question, “Do you have antivirus for your computer?” By and large, the notion of antivirus has become pretty much engrained.
Yet look ahead to today and you can see how dramatically things have changed since those early days. We still need antivirus, that’s for sure. But it takes far more than that to live life safely online right now. And that’s where online protection software comes in.
Online protection software protects you. It includes antivirus, yet it further protects your identity and privacy in addition to your devices.
The way we use our computers, tablets, and phones nowadays shows the reason why we need such broad protection. We conduct so much of our lives online. We bank, we shop, we plan our finance online. We also run portions of our homes with smart devices and smart speakers. Increasingly, we track our health and wellness with connected devices too—like workouts on our phone and biometrics with consumer-grade and even medical-grade devices.
All of this creates data. Data about who we are, what we’re doing, when we’re doing it, how often, and where. That’s precious information. Private information. Personal information. And understandably, that needs to be protected.
Put simply, today’s threats have evolved. While viruses and malware remain a problem, today’s bad actors are out for the bigger games. Like stealing personal and financial info for identity theft. Moreover, organizations large and small collect data from your devices and the things you do on them, personal data that many share and sell for profit. Some of this data collection gets quite exacting, compiled from a broad range of public sources that can include records like bankruptcies, real estate sales, and birth records—plus private sources that can further include your shopping habits, the people you chat with, and what your daily travels look like based on location information captured from your smartphone.
If you find yourself surprised by this, you’re not alone. Tremendous volumes of data collection activity occur without people’s knowledge or consent.
Now as to why anyone would want any of that kind of data about you, consider the multi-billion-dollar industry of online data brokers. They compile thousands of data points from millions of people and put these vats of data up for sale to anyone who’ll buy them. That could be advertisers, potential employers, private investigators, and background checkers. And it could be bad actors as well who could use your own data to spam, harass, impersonate, or otherwise harm you.
Once, so many of these intrusions on our privacy and identity were difficult to spot, let alone prevent. For example, your personal info gets caught up in a data breach and winds up posted for sale on the dark web. How are you to know that before it’s too late and thief racks up umpteen charges on your debit card? Also, with dozens and dozens of data brokers out there, how do you track down which ones have information posted about you and then request to have it taken down? And what if online identity theft happens to you and you’re faced with the time and dollar costs it involves to set things right?
So just as online threats have evolved, so has online protection software. We go about so much of our day online, and online protection like our own McAfee+ helps you do it more privately and more safely. It’s quite comprehensive, and the various plans for McAfee+ include:
For certain, protections like these remain a primary focus of ours, because they protect you. And that’s who thieves and bad actors are really after—you, your information, your accounts, and even your identity. Expect us to continue to roll out more protections that look after you in this way and more.
So, while antivirus and online protection software are different, they work together. Antivirus provides strong device security, which complements the additional privacy and identity features included with online protection. That reflects how times have changed. Once it was enough to protect our devices from viruses and malware. Now we have to protect ourselves as well. Antivirus alone won’t do it, but antivirus as part of online protection will.
The post The Big Difference Between Online Protection Software and Antivirus appeared first on McAfee Blog.
Are you an online oversharer? Do you give your full birthday to all your online shopping accounts? Have a few companies you have accounts with been breached but you didn’t take any action at the time? If you have bad digital habits, now is an excellent time to reset your digital presence.
In isolation, these small digital transgressions don’t seem like a problem; however, cybercriminals can gather the bits and pieces of information you release into the world and Frankenstein them together to create believable impersonations or entirely new identities.
To protect your identity, here are a few ways to limit the amount of personally identifiable information (PII) you share online, plus a few tools that can help you identify and close your current security holes.
Most digital bad habits seem insignificant; however, the more bad habits you have that pile-up, the more at risk your PII and your identity can be. Check out this list of three common habits that you should consider breaking today and why.
When you sign up for new online shopping accounts, some companies ask for your birthday, your age, your middle name, and primary and secondary phone numbers and email addresses. While it might be nice to receive a special coupon on your birthday, you may want to reconsider volunteering unnecessary private details. To compromise you can sign up with a nickname and leave your birth year blank. That way, if a cybergang ever breaches the company, the criminals won’t get far with your personal details. To steal an identity and ruin someone’s credit, sometimes all it takes it a full name, birthday, and phone number.
Do you post your every thought and movement on social media? While curating the perfect online profile can be fun, it can also be dangerous to your online safety. For instance, posting “get to know you” quizzes are a gold mine for social engineers and cyber criminals, as the results often reveal potential password inspiration, security question answers, and your likes and dislikes. From here, criminals can take educated guesses at your passwords or tailor a social engineering scheme that’s most likely to fool you. Consider setting your social media profiles to private and blocking followers you don’t know personally. Or, just keep parts of your life a mystery to the wider world.
We can all agree that increasingly strict password requirements are leading to longer and more complex passwords that are confusing to cyber criminals and to the rightful account holders, too! It’s tempting to reuse passwords to reduce the burden on your memory, but this puts your valuable PII in danger. Password and username combinations are often information that’s leaked in company breaches. In what’s called a brute force attack, a cybercriminal can plug that same pairing into hundreds of websites and wait for a hit. Since unique passwords for all your dozens of accounts is imperative, entrust their safekeeping to a password manager.
If you’re feeling uneasy about your online habits and the effect they may have had on your online safety, McAfee Protection Score gives you the information you need to take charge and make changes. Protection Score not only tells you how safe (or unsafe) you are, but the tool also offers suggestions on how you can raise your score, and thus be safer online. The service monitors data breaches and indicates when your email was part of a leak. Protection Score also dives into the dark web so you don’t have to. If your government ID or financial information appears, your score will take a large hit.
Protection Score not only tells you how safe (or unsafe) you are, but the tool also offers suggestions on how you can raise your score, and thus be safer online. The sooner you know your weak points, the quicker and more completely you can fortify your defenses and clean up after months (or years) of bad habits. Knowledge is power in the right against cyber criminals, so Protection Score is an excellent partner to help adopt smarter habits on the path to better online security.
With McAfee+ Ultimate, you not only get a Protection Score but a host of other top-rate tools to protect your identity, retain your online privacy, and help you recover from an identity theft. Running an antivirus, connecting to a VPN and installing web protection on your browser are all ways to increase your Protection Score, and these features are available with McAfee’s most thorough privacy, identity, and device protection service.
Make 2023 the year of living online confidently and safely!
The post New Year, New You: Start Fresh With McAfee Protection Score appeared first on McAfee Blog.
Ransomware. Even the name sounds scary.
When you get down to it, ransomware is one of the nastiest attacks a hacker can wage. They target some of our most important and precious things—our files, our photos, and the information stored on our devices. Think about suddenly losing access to all of them and being forced to pay a ransom to get access back. Worse yet, paying the ransom is no guarantee the hacker will return them.
That’s what a ransomware attack does. Broadly speaking, it’s a type of malware that infects a network or a device and then typically encrypts the files, data, and apps stored on it, digitally scrambling them so the proper owners can’t access them. Only a digital key can unlock them—one that the hacker holds.
Nasty for sure, yet you can take several steps that can greatly reduce the risk of it happening to you. Our recently published Ransomware Security Guide breaks them down for you, and in this blog we’ll look at a few reasons why ransomware protection is so vital.
The short answer is pretty bad—to the tune of billions of dollars stolen from victims each year. Ransomware targets people and their families just as explained above. Yet it also targets large organizations, governments, and even companies that run critical stretches of energy infrastructure and the food supply chain. Accordingly, the ransom amounts for these victims climb into millions of dollars.
A few recent cases of large-scale ransomware attacks include:
Who’s behind such attacks? Given the scope and scale of them, it’s often organized hacking groups. Put simply, these are big heists. It demands expertise to pull them off, not to mention further expertise to transfer large sums of cryptocurrency in ways that cover the hackers’ tracks.
As for ransomware attacks on people and their families, the individual dollar amounts of an attack are far lower, typically in the hundreds of dollars. Again, the culprits behind them may be large hacking groups that cast a wider net for individual victims, where hundreds of successful attacks at hundreds of dollars each quickly add up. One example: a hacker group that posed as a government agency and as a major retailer, which mailed out thousands of USB drives infected with malware.
Other ransomware hackers who target people and families are far less sophisticated. Small-time hackers and hacking groups can find the tools they need to conduct such attacks by shopping on the dark web, where ransomware is available for sale or for lease as a service (Ransomware as a Service, or RaaS). In effect, near-amateur hackers can grab a ready-to-deploy attack right off the shelf.
Taken together, hackers will level a ransomware attack at practically anyone or any organization—making it everyone’s concern.
Hackers have several ways of getting ransomware onto one of your devices. Like any other type of malware, it can infect your device via a phishing link or a bogus attachment. It can also end up there by downloading apps from questionable app stores, with a stolen or hacked password, or through an outdated device or network router with poor security measures in place. And as mentioned above, infected storage devices provide another avenue.
Social engineering attacks enter the mix as well, where the hacker poses as someone the victim knows and gets the victim to either download malware or provide the hacker access to an otherwise password-protected device, app, or network.
And yes, ransomware can end up on smartphones as well.
While not a prevalent as other types of malware attacks, smartphone ransomware can encrypt files, photos, and the like on a smartphone, just as it can on computers and networks. Yet other forms of mobile ransomware don’t have to encrypt data to make the phone unusable. The “Lockerpin” ransomware that has struck some Android devices in the past would change the PIN number that locked the phone. Other forms of mobile ransomware paste a window over the phone’s apps, making them unusable without decrypting the ransomware.
Part of avoiding ransomware involves reducing human error—keeping a watchful eye open for those spammy links, malicious downloads, bogus emails, and basically keeping your apps and devices up to date so that they have the latest security measures in place. The remainder relies on a good dose of prevention.
Our Ransomware Security Guide provides a checklist for both.
It gets into the details of what ransomware looks like and how it works, followed by the straightforward things you can do to prevent it, along with the steps to take if the unfortunate ends up happening to you or someone you know.
Ransomware is one of the nastiest attacks going because it targets our files, photos, and information, things we don’t know where we’d be without. Yet it’s good to know you can indeed lower your risk with a few relatively simple steps. Once you have them in place, chances are a good feeling will come over you, the one that comes with knowing you’ve protected what’s precious and important to you.
The post Your Guide to Ransomware—and Preventing It Too appeared first on McAfee Blog.
Hybrid work and hybrid play now merge into hybrid living, but where is the line between the two? Is there one?
The post Hybrid work: Turning business platforms into preferred social spaces appeared first on WeLiveSecurity
It has a way of sneaking up on you. Credit theft and fraud.
Maybe it’s happened to you. Maybe it’s happened to a friend or family member. There’s a call from the bank, a notification in your financial app, or a charge on the statement that’s beyond explanation. Someone else has tapped into your funds. Or worse yet, someone stole your identity and took out a loan in your name. You find out only after it’s happened.
That’s the trick with credit theft and fraud. People typically discover it after the damage is done. Then they’re left picking up the pieces, which can cost both time and money. Not to mention a potential knock to their credit score.
However, you can help keep it from happening to you. Our recently published Credit Protection Security Guide breaks down several ways. Here we’ll get into a quick introduction on the topic and show how you can prevent against credit theft and fraud better than ever before.
It’s an unfortunate reality in the world we live in today. Credit theft and fraud are something we all need to look out for, particularly as we increasingly shop and conduct our finances online, potentially exposing that information to thieves. Some figures estimate that for nearly every $100 in purchases made with debit and credit cards worldwide, somewhere around 7 cents can be stolen or fraudulent. As you can imagine, that figure adds up quickly, to the tune of more than $28 billion globally each year.
The flipside is this: today we have plenty of tools that make protecting our credit far easier than they ever were before. Up until now, that called for a time-consuming and sometimes rather manual process. You had to check credit separately with the different bureaus, place locks and freezes the same way, scan each credit report closely for suspicious activity, and so forth.
Now, online protection software can take much of that work off your hands. Comprehensive protection like McAfee+ has plans that offer credit monitoring, identity monitoring, and even identity theft protection & restoration—all quickly spotting any changes, notifying you if your personal information pops up on the dark web, and providing $1 of coverage toward restoring your credit along with the help of a licensed recovery pro if the unexpected happens to you.
Another thing online protection can do for you removes your personal information from those “people finder” and data broker sites. Identity thieves lean on those sites because they contain valuable information that they can piece together to commit theft and fraud in someone else’s name. If you think about your identity as a big jigsaw puzzle, these sites contain valuable pieces that can help complete the picture—or just enough to take a crack at your credit.
In fact, personal information fuels a global data trading economy estimated at $200 billion U.S. dollars a year. Run by data brokers that keep hundreds and even thousands of data points on billions of people, these sites gather, analyze, buy, and sell this information to other companies as well as to advertisers. Likewise, these data brokers may sell this information to bad actors, such as hackers, spammers, and identity thieves who would twist this information for their own purposes. In short, data brokers don’t discriminate. They’ll sell personal information to anyone.
Getting your info removed from these sites can seem like a daunting task. (Where do I start, and just how many of these sites are out there?) Our Personal Data Cleanup can help by regularly scanning these high-risk data broker sites for you and info associated with you like your home address, date of birth, and names of relatives—along with other detailed information about you that could include marriage licenses, voter registration and motor vehicle records, even real estate records too. It identifies which sites are selling your data, and depending on your plan, automatically requests removal.
How things have changed. Even as thieves have gotten savvier in the digital age, so have we. Collectively, we have a growing arsenal of ways that we can keep on top of our credit and protect ourselves from credit theft and fraud.
Our Credit Protection Security Guide breaks it all down in detail. In it, you’ll learn more about how thieves work, ways you can secure your credit online and off, how to monitor and lock it down, plus protect your mobile wallets too. It’s thorough. Yet you’ll find how straightforward the solution is. A few changes in habits and a few extra protections at your side will go a long way toward prevention—helping you avoid that call, text, or notification that your credit has been compromised.
In all, you can take control of your credit and make sure you’re the only one putting it to good use.
The post Your Guide to Protecting Your Credit appeared first on McAfee Blog.
With many children spending a little too much time playing video games, learn to spot the signs that things may be spinning out of control
The post Gaming: How much is too much for our children? appeared first on WeLiveSecurity
Pledging to follow healthier habits is consistently the most popular new year’s resolution. That January 1st promise looks different to everyone: snacking less often, going to the gym more often, drinking more water, drinking less soda, etc. This year, instead of a juice cleanse subscription, opt for a healthier habit that’s not an unappetizing shade of green: follow this digital detox, instead! In three easy steps, you can make great strides in improving your digital wellness.
There are various aspects of your digital habits that you should consider updating for a more private and safer online life. For starters, update your passwords. Do you reuse the same password for multiple online accounts? Doing so puts your personally identifiable information (PII) at great risk. For example, if a business with which you have an online shopping account is breached by a cybercriminal, your login and password combination could make it on the dark web, through no fault of your own. Then, through a brute force attack, a criminal could use that same password and username combo to walk into your banking or tax filing accounts.
Remembering unique, complicated passwords and passphrases for your dozens of online accounts would be impossible. Luckily, there’s software that remembers them for you! It’s called a password manager, which acts as a vault for all your login information. Just remember one master password, and you can be confident in the security of your accounts and never have to deal with the hassle of forgetting passwords.
Another aspect of updating you should adopt in 2023 is making an effort to always upgrade to the latest software updates on all your devices. The easiest way to do this is to turn on automatic updates. From there, you don’t need to take any further action! Apps and operating systems (like Apple, Android, and Windows) often release updates to patch security vulnerabilities. When you run outdated software, there’s a chance a cybercriminal could take advantage of that security gap.
Finally, make sure that you keep updated on the latest security headlines. Consider setting up news alerts to notify you when a breach occurs at a company that you frequent or have an account with. Speed is often key in making sure that your information remains safe, so it’s best practice to have your finger on the pulse on the security news of the day.
A new year digital detox can be a whole family affair. Connect with your family, anyone connected to your home network, and your elderly relatives to get everyone on the same page with security best practices. Here are some common online security snags people of all ages encounter:
Everyone has an oversharer on their newsfeed. Alert your family members of the dangers of posting too much about their personal life. When someone takes those “get to know you” quizzes and posts their answers, cybercriminals can use that post to take educated guesses at your passwords. Additionally, social engineers can tailor social media scams to specific people in order to increase the chances of tricking someone into sending money or sharing valuable personal or banking details.
While spam filters catch a lot of phishing emails, phishers are getting smarter by the day and are making their attempts more and more believable. Connect with your loved ones and make sure they know how to recognize phishing emails, texts, and social media direct messages. Telltale signs of a phishing message include:
If you’re ever unsure if a message is a phishing attempt, the best course of action is to just delete it. If the “sender” is a well-known institution, follow up with a phone call using the official customer service number listed on their website. The phisher may also claim to be someone you know personally. In that case, give the loved one in question a phone call. It’s a good excuse to reconnect and have a nice conversation!
In the quest for free streams of the latest new show or movie, people often encounter unsafe sites that hide malware, spyware or other types malicious links and programs. Some types of malware can jump from one device to others connected to the same home Wi-Fi network. That’s why it’s important to make sure everyone under your roof practices excellent digital security habits. One wrong click could sink an entire household. Consider signing up your family for a safe browsing extension that can notify you when you stray onto a risky site. So, instead of putting your device at risk during movie night, connect with your friends or loved ones over one copy of a safely and officially purchased version.
As with any new health regimen, immediately zooming from zero to a hundred will likely be overwhelming and result in failure. The same goes for adopting new digital safety habits. If you try to do too much at once, all the security measures you put in place will likely get in the way of your daily online activities. The more inconvenient it is, the more likely you may be to cut corners; thus, negating all the progress you’ve made.
Being cybersafe doesn’t mean you can’t still enjoy your connected devices to the fullest. It just means that you may need to act with more intention and slow down before volunteering personal details online or clicking on links.
To supplement your digital detox, consider signing up for McAfee+ Ultimate to make 2023 the year for a safer online you. McAfee+ Ultimate includes all the tools you need to live your best online life safely and privately, including a password manager, web protection, unlimited VPN and antivirus, and $1 million in identity theft coverage and restoration for peace of mind.
Cheers to a digitally smart 2023!
The post Start the New Year Right With This 3-Step Digital Detox appeared first on McAfee Blog.
Happy Download Day! (Yes, there’s a day for that.) Today is an excellent day to share downloading best practices to keep all your devices safe from malicious content. It’s tempting to download “free” shows, movies, and video games, but the consequences of doing so can be quite expensive. All it takes is for one malicious download to compromise your identity or leak your banking information to cybercriminals.
Luckily, there are a few ways to keep your devices and personally identifiable information (PII) safe. Here’s how!
How many streaming services do you subscribe to? Two? Ten? No matter how many premium entertainment subscriptions you have, the hottest new show always seems to be on the channel you can’t access. This is a common scenario that often drives people to download episodes from websites that claim crystal-clear, safe downloads. In actuality, these sites could harbor malware, spyware, or other types of malware that lurk in the shadows until an unsuspecting person downloads them to their desktop, tablet, or cellphone.
Malware, which stands for malicious software, often hides behind legitimate-looking links or downloadable content. It’s only until it’s on your device that you realize there’s a criminal hiding behind it. For example, earlier in 2022, a ransomware program (a type of malware) disguised itself as a Microsoft system update. The criminal behind the scheme then threatened leaking or permanently deleting sensitive files if the person didn’t pay the ransom.
Once malware infects one device, some malware programs can infect an entire home network and spread to other connected devices.1 From there, the cybercriminal can steal the online shopping, banking, or personal details of a whole household and either sell their findings on the dark web or keep it for themselves.
Before you download anything to any of your devices, go through this checklist to help you determine the safety of most content:
Overall, while downloading entertainment for free is appealing to people on a budget, it’s better to avoid doing so altogether. The risk isn’t worth it. Consider scheduling a watch party with a friend or family member who has the subscription service you’re seeking.
In case you slip up and accidentally download malware, spyware, or ransomware, McAfee+ Ultimate can defend your devices, remove the software, and monitor the dark web to make sure your PII wasn’t compromised. McAfee antivirus is compatible with macOS, iOS, and Android devices and Chromebooks, so you can regularly scan all your devices for programs that shouldn’t be there. If the worst does happen and a cybercriminal gets a grip on your personal information, McAfee can back you up with $1 million in identity theft coverage and restoration and continuous identity monitoring.
Browse confidently and enjoy your devices to the fullest! Just remember these safe downloading tips and partner with McAfee for peace of mind.
1Federal Trade Commission, “Malware from illegal video streaming apps: What to know”
The post Celebrate National Download Day With This Safe Downloading Checklist appeared first on McAfee Blog.
There are no ifs, ands, or buts about it: A stolen identity creates a mess. Once they have a few key pieces of personally identifiable information (PII), an identity thief can open new credit lines, create convincing new identities, and ruin an innocent person’s good credit.
If you suspect you’ve been affected by identity theft, acting quickly is key to stopping the thief and repairing the damage. Here are the definitive five steps of identity remediation, or the process of restoring and protecting the privacy of your identity.
With a stolen identity in hand, thieves can open new lines of credit or apply for large loans using someone else’s excellent credit score for leverage. If undetected, fraudsters can run up huge bills, never pay them, and in turn, ruin the credit score that you spent years perfecting. When you suspect or confirm that your identity has been compromised and you’re in the United States, alert the three major credit bureaus: Equifax, TransUnion, and Experian.
Freezing your credit means that no one (not even you) can open a new credit card or bank account. This prevents criminals from misusing your identity. Initiating a credit freeze is free and it doesn’t affect your credit score.
Once you suspect a criminal has stolen your identity, file a report with the Federal Trade Commission. Its official identity theft website includes a form for you to detail the circumstances. From there, the FTC will investigate.
It’s important to file a report because law enforcement can get involved and hopefully stop the criminal from striking again. Also, an official document from law enforcement or the FTC may help your bank and the credit bureaus resolve the damage.
Whenever a company with which you have an account is breached, the first step you should take is to quickly change your password. The same goes for when your identity is compromised with the added step of getting in touch with your banks and asking their fraud department to issue you new credit and debit cards and put them on alert for possible suspicious charges.
Having unique passwords for all your accounts is crucial to keeping them secure. For instance, if one of your accounts is breached and a cybercriminal lifts that username and password combination, they may then attempt to use it on other sites. To ensure you have strong passwords and passphrases for every site, consider using password manager software. Password managers are incredibly secure and make it so you only have to remember one password ever again.
In addition to freezing your credit, you may have to sync up with each bureau to remedy any damage the identity thief may have done to your credit. Each bureau’s fraud department is very familiar with these scenarios, so their customer service department is experienced and more than willing to help you work through it.
Once you’ve cleaned up the immediate mess made by an identity thief, it’s important to continuously monitor your identity in case the thief is biding their time or pieces of your PII are still circulating on the dark web. Plus, the headache of one compromised identity incident is enough for someone to never want it to happen again. Identity monitoring is a very thorough process that will give you peace of mind that you’ll be protected and can enjoy your online life safely.
These five steps, while important, can be tedious. It may require a lot of patience to sit on hold and sift through all the relevant forms. Luckily, McAfee is an excellent partner who can help you with all your identity remediation needs with just one service: McAfee+ Ultimate. For example, security freeze is an easy way to put a halt on your credit. McAfee’s identity monitoring service monitors up to 60 unique types of personal details. If your PII appears on the dark web, Personal Data Cleanup can remove it.
Recover and move forward confidently after an identity theft with McAfee by your side.
The post Everything You Need to Know About Identity Remediation appeared first on McAfee Blog.
‘It’s the most wonderful time of year’ – we’ve all heard the jingles and read the slogans. But the holiday season can also be a little overwhelming when you’re the one ‘in charge’. Whether it’s prepping for the inevitable influx of new devices, buying the gifts or booking the holiday – there are a lot of online safety considerations to workshop in addition to how you’re going to stuff the turkey and decorate the tree!
So, with the Christmas spirit running through my keyboard, I hereby share with you my top tips to help you keep you and your family safe online this holiday period.
We all know that Santa loves technology so it’s inevitable that your family members may find a new device or two under the tree this year. So, as soon as they have unboxed their shiny new item, I recommend on insisting on a few steps to both protect the device and its new owner:
Getting to the bottom of the Christmas gift list takes time particularly if you are ‘lucky’ enough to get COVID before Christmas, like myself! While there are still some retailers guaranteeing delivery before Christmas – including Amazon until Christmas Eve (phew!) – you might need to focus on gift cards if you don’t want to face the hordes at the shops. Regardless of what you buy, please follow the following online shopping tips to avoid being cyberscrooged this year:
I don’t think there would be anything more disappointing than anticipating a holiday only to have it not happen. Or, to be scammed while preparing for it. With holiday makers having to jump through more hoops thank to COVID requirements, many experts are predicting scammers will be turning their attention to creating fake COVID verification sites, designed purely to extract personal details from unsuspecting holiday makers. So, if you’re booking a holiday, or doing your admin for it, please do the following:
With so many of us busting with excitement to be travelling this holiday season for the first time in a few years, it’s inevitable that we want to share online. But, please think before you post. Checking in to airports or hotels online is really a way of alerting the online world to the fact that your house is likely unattended! And please make sure your kids understand this too. I appreciate there’s a lot of kudos for sharing holidays snaps in the moment but encourage your offspring to wait until you get home before sharing. Here are my top tips:
And if you’re feeling a little overwhelmed, why not make yourself a cuppa and harness the power of technology. Make yourself a to-do list on Todoist or Google Docs, send out ecards if you absolutely can’t disappoint key family and friends – loving the options from Greetings Island, buy some gift cards from Prezee or The Gift Cards Store then design your Christmas Day menu with the help of Taste or RecipeTinEats. And voila you’re done!
PS Just remember to create unique passwords if you choose to set up accounts with any new sites!
Happy Holidays Everyone!!!
Alex xx
The post My Top Tips To Help Your Family Stay Safe Online This Holiday Period appeared first on McAfee Blog.
For many Aussies, identity theft was always something that happened to other people. People on TV, usually. But the recent spate of data breaches at Optus, Medibank and Energy Australia has made many of us pay far more attention than ever to one of the fastest growing crimes in our country.
According to the Department of Home Affairs, 1 in 4 Aussies will be the victim of identity theft over the course of their lives with an annual economic impact of more than $2 billion. And with the financial fallout from the recent data breaches only just starting to be counted, these statistics will no doubt increase dramatically next year.
Identity theft is when a cybercriminal gains access to your personal information to steal money or gain other benefits. Armed with your personal info, they can apply for real identity documents in your name but with another person’s photograph. This enables them to then apply for loans or benefits in your name, sign up for memberships or even apply for credit cards.
And it goes without saying that the financial and emotional fallout from identity theft can be huge. Since the Optus and Medibank hacking stories broke just a few months ago, there has been multiple stories of Aussie families who have had their identities stolen and who are in a world of pain. This Melbourne family who have had over $40,000 stolen from ATM withdrawals alone is just one example.
Your personal information is any piece of information or data that can confirm who you are or how to find you. It may be a single piece of information, or several pieces used together. It’s often referred to as personally identifiable information (PII). So, it includes your name, parents’ name, address, date of birth, phone numbers, email address, usernames/passwords or passphrases, bank account details, school or university attended, location check-ins even RSVPS for events.
Every time you register with a new shopping site or social media platform, you will be asked to share some personally identifiable information. However, what you share may be stolen or even misused – just think about the recent list of Australian companies who had their customers’ private information stolen by hackers. So that’s why you need to ensure you are only sharing your information with trusted online sites and take every possible step to protect your personal information online.
While there are no guarantees in life, there are steps you can take to ensure your online identity is as safe as possible. Here are my top 5 tips:
Multi-Factor Authentication (MFA) or 2 Factor Authentication (2FA) is a no-brainer because it makes a hacker’s life a lot harder. In short, it requires the user to provide two or more verification factors to gain access to an account or app. This might be a text, email or even a code generated by an authentication app. So, even if a hacker has your password and username, they still need that final piece of information before they can get their hands on your account!
Now this may take a bit of work to set up but using a unique and complex password on every account is one of the best things you can do to protect your online identity. And here’s the rationale – if you use the same password on all your accounts and your login details are stolen then hackers have access to all the accounts that are accessed with that password. Yikes!!! So, a unique password for each account is a great measure. I love using a password manager to make this process a little easier. Not only do they generate complex passwords, but they remember them too! All you need to do is remember your Master Password which needs to be extremely complex!!!
Updates are most commonly about addressing security weaknesses. And yes, I know they can be a pain but if you ignore them, you are essentially making it easier for hackers to find their way into your life via weak spots. And don’t forget to ensure your security software remains updated too!
I always recommend keeping a backup of all your important info in case something goes wrong. This should include all your photos, key documents and all your personally identifiable information. A hard drive works well but saving to the cloud is also a good option. I once dropped a hard drive and lost treasured family photos, so the cloud is my personal preference.
We all know knowledge is power so investing in top notch security and identity monitoring software will help keep you ahead of threats. McAfee+, McAfee’s new all in one privacy, identity and device protection solution is a fantastic way for Aussies to protect themselves online. It features identity monitoring and a password manager but also an unlimited VPN, a file shredder, protection score and parental controls. And the Rolls Royce version called McAfee+ Advanced, also offers subscribers additional identity protections including access to licensed restoration experts who can help you repair your identity and credit, in case you’re affected by a data breach. It also gives subscribers access to lost wallet protection which help you cancel and replace your ID, credit cards if they are lost or stolen.
Public, unsecured Wi-Fi can make life so much easier when you’re out and about but it’s also a tried and tested way for scammers to access your personal information. Unsecured Wi-Fi is free Wi-Fi that is available in public places such as libraries, cafes, or shopping centres. So, instead of using Wi-Fi, just use the data in your phone plan. Or alternatively invest in a Virtual Private Network (VPN) that cleverly encrypts everything you share on your device.
About 2 months ago, I embarked on a project to clean up my online life. I’m working through the list of sites I have accounts with and am closing those I no longer use, I’m also doing a huge password audit to ensure they are all unique to each site and are super complex, thanks to my password manager. Now, I’m not quite done yet, but things are in better shape than they were. Why not consider doing the same? With the holiday season fast approaching, why not dedicate a little of your poolside time to practicing a little cyber hygiene.
Till next time, keep those identities safe!
Alex
The post The Best Way To Protect Your Online Identity appeared first on McAfee Blog.
It’s all fun and games over the holidays, but is your young gamer safe from the darker side of the action?
The post ‘Tis the season for gaming: Keeping children safe (and parents sane) appeared first on WeLiveSecurity
Millions of people likely just received an email or snail mail notice saying they’re eligible to claim a class action payment in connection with the 2017 megabreach at consumer credit bureau Equifax. Given the high volume of reader inquiries about this, it seemed worth pointing out that while this particular offer is legit (if paltry), scammers are likely to soon capitalize on public attention to the settlement money.
One reader’s copy of their Equifax Breach Settlement letter. They received a check for $6.97.
In 2017, Equifax disclosed a massive, extended data breach that led to the theft of Social Security Numbers, dates of birth, addresses and other personal information on nearly 150 million people. Following a public breach response perhaps best described as a giant dumpster fire, the big-three consumer credit reporting bureau was quickly hit with nearly two dozen class-action lawsuits.
In exchange for resolving all outstanding class action claims against it, Equifax in 2019 agreed to a settlement that includes up to $425 million to help people affected by the breach.
Affected consumers were eligible to apply for at least three years of credit monitoring via all three major bureaus simultaneously, including Equifax, Experian and TransUnion. Or, if you didn’t want to take advantage of the credit monitoring offers, you could opt for a cash payment of up to $125.
The settlement also offered reimbursement for the time you may have spent remedying identity theft or misuse of your personal information caused by the breach, or purchasing credit monitoring or credit reports. This was capped at 20 total hours at $25 per hour ($500), with total cash reimbursement payments not to exceed $20,000 per consumer.
Those who did file a claim probably started receiving emails or other communications earlier this year from the Equifax Breach Settlement Fund, which has been messaging class participants about methods of collecting their payments.
How much each recipient receives appears to vary quite a bit, but probably most people will have earned a payment on the smaller end of that $125 scale — like less than $10. Those who received higher amounts likely spent more time documenting actual losses and/or explaining how the breach affected them personally.
So far this week, KrebsOnSecurity has received at least 20 messages from readers seeking more information about these notices. Some readers shared copies of letters they got in the mail along with a paper check from the Equifax Breach Settlement Fund (see screenshot above).
Others said they got emails from the Equifax Breach Settlement domain that looked like an animated greeting card offering instructions on how to redeem a virtual prepaid card.
If you received one of these settlement emails and are wary about clicking the included links (good for you, by the way), copy the redemption code and paste it into the search box at myprepaidcenter.com/redeem. Successfully completing the card application requires accepting a prepaid MasterCard agreement (PDF).
The website for the settlement — equifaxbreachsettlement.com — also includes a lookup tool that lets visitors check whether they were affected by the breach; it requires your last name and the last six digits of your Social Security Number.
But be aware that phishers and other scammers are likely to take advantage of increased public awareness of the payouts to snooker people. Tim Helming, security evangelist at DomainTools.com, today flagged several new domains that mimic the name of the real Equifax Breach Settlement website and do not appear to be defensively registered by Equifax, including equifaxbreechsettlement[.]com, equifaxbreachsettlementbreach[.]com, and equifaxsettlements[.]co.
In February 2020, the U.S. Justice Department indicted four Chinese officers of the People’s Liberation Army (PLA) for perpetrating the 2017 Equifax hack. DOJ officials said the four men were responsible for carrying out the largest theft of sensitive personal information by state-sponsored hackers ever recorded.
Equifax surpassed Wall Street’s expectations in its most recent quarterly earnings: The company reported revenues of $1.24 billion for the quarter ending September 2022.
Of course, most of those earnings come from Equifax’s continued legal ability to buy and sell eye-popping amounts of financial and personal data on U.S. consumers. As one of the three major credit bureaus, Equifax collects and packages information about your credit, salary, and employment history. It tracks how many credit cards you have, how much money you owe, and how you pay your bills. Each company creates a credit report about you, and then sells this report to businesses who are deciding whether to give you credit.
Americans currently have no legal right to opt out of this data collection and trade. But you can and also should freeze your credit, which by the way can make your credit profile less profitable for companies like Equifax — because they make money every time some potential creditor wants a peek inside your financial life. Also, it’s probably a good idea to freeze the credit of your children and/or dependents as well. It’s free on both counts.
Give yourself peace of mind and help create a safe online space for your child using Android or iOS parental controls
The post How to set up parental controls on your child’s new smartphone appeared first on WeLiveSecurity
The time has come for your child to receive their first smartphone. Before handing it over, however, make sure to help them use their new gadget safely and responsibly.
The post Help! My kid has asked Santa for a smartphone appeared first on WeLiveSecurity
Microsoft has released its final monthly batch of security updates for 2022, fixing more than four dozen security holes in its various Windows operating systems and related software. The most pressing patches include a zero-day in a Windows feature that tries to flag malicious files from the Web, a critical bug in PowerShell, and a dangerous flaw in Windows 11 systems that was detailed publicly prior to this week’s Patch Tuesday.
The security updates include patches for Azure, Microsoft Edge, Office, SharePoint Server, SysInternals, and the .NET framework. Six of the update bundles earned Microsoft’s most dire “critical” rating, meaning they fix vulnerabilities that malware or malcontents can use to remotely commandeer an unpatched Windows system — with little to no interaction on the part of the user.
The bug already seeing exploitation is CVE-2022-44698, which allows attackers to bypass the Windows SmartScreen security feature. The vulnerability allows attackers to craft documents that won’t get tagged with Microsoft’s “Mark of the Web,” despite being downloaded from untrusted sites.
“This means no Protected View for Microsoft Office documents, making it easier to get users to do sketchy things like execute malicious macros, said Greg Wiseman, product manager at security firm Rapid7. This is the second Mark of the Web flaw Microsoft has patched in as many months; both were first publicly detailed over the past two months on Twitter by security researcher Will Dormann.
Publicly disclosed (but not actively exploited for now) is CVE-2022-44710, which is an elevation of privilege flaw in the DirectX graphics component of Windows 11.
Another notable critical bug is CVE-2022-41076, a remote code execution flaw in PowerShell — a key component of Windows that makes it easier to automate system tasks and configurations.
Kevin Breen at Immersive Labs said while Microsoft doesn’t share much detail about CVE-2022-41076 apart from the designation ‘Exploitation More Likely,’ they also note that successful exploitation requires an attacker to take additional actions to prepare the target environment.
“What actions are required is not clear; however, we do know that exploitation requires an authenticated user level of access,” Breen said. “This combination suggests that the exploit requires a social engineering element, and would likely be seen in initial infections using attacks like MalDocs or LNK files.”
Speaking of malicious documents, Trend Micro’s Zero Day Initiative highlights CVE-2022-44713, a spoofing vulnerability in Outlook for Mac.
“We don’t often highlight spoofing bugs, but anytime you’re dealing with a spoofing bug in an e-mail client, you should take notice,” ZDI’s Dustin Childs wrote. “This vulnerability could allow an attacker to appear as a trusted user when they should not be. Now combine this with the SmartScreen Mark of the Web bypass and it’s not hard to come up with a scenario where you receive an e-mail that appears to be from your boss with an attachment entitled “Executive_Compensation.xlsx”. There aren’t many who wouldn’t open that file in that scenario.”
Microsoft also released guidance on reports that certain software drivers certified by Microsoft’s Windows Hardware Developer Program were being used maliciously in post-exploitation activity.
Three different companies reported evidence that malicious hackers were using these signed malicious driver files to lay the groundwork for ransomware deployment inside victim organizations. One of those companies, Sophos, published a blog post Tuesday detailing how the activity was tied to the Russian ransomware group Cuba, which has extorted an estimated $60 million from victims since 2019.
Of course, not all scary and pressing security threats are Microsoft-based. Also on Tuesday, Apple released a bevy of security updates to iOS, iPadOS, macOS, tvOS and Safari, including a patch for a newly discovered zero-day vulnerability that could lead to remote code execution.
Anyone responsible for maintaining Fortinet or Citrix remote access products probably needs to update, as both are dealing with active attacks on just-patched flaws.
For a closer look at the patches released by Microsoft today (indexed by severity and other metrics) check out the always-useful Patch Tuesday roundup from the SANS Internet Storm Center. And it’s not a bad idea to hold off updating for a few days until Microsoft works out any kinks in the updates: AskWoody.com usually has the lowdown on any patches that may be causing problems for Windows users.
As always, please consider backing up your system or at least your important documents and data before applying system updates. And if you run into any problems with these updates, please drop a note about it here in the comments.
InfraGard, a program run by the U.S. Federal Bureau of Investigation (FBI) to build cyber and physical threat information sharing partnerships with the private sector, this week saw its database of contact information on more than 80,000 members go up for sale on an English-language cybercrime forum. Meanwhile, the hackers responsible are communicating directly with members through the InfraGard portal online — using a new account under the assumed identity of a financial industry CEO that was vetted by the FBI itself.
On Dec. 10, 2022, the relatively new cybercrime forum Breached featured a bombshell new sales thread: The user database for InfraGard, including names and contact information for tens of thousands of InfraGard members.
The FBI’s InfraGard program is supposed to be a vetted Who’s Who of key people in private sector roles involving both cyber and physical security at companies that manage most of the nation’s critical infrastructures — including drinking water and power utilities, communications and financial services firms, transportation and manufacturing companies, healthcare providers, and nuclear energy firms.
“InfraGard connects critical infrastructure owners, operators, and stakeholders with the FBI to provide education, networking, and information-sharing on security threats and risks,” the FBI’s InfraGard fact sheet reads.
In response to information shared by KrebsOnSecurity, the FBI said it is aware of a potential false account associated with the InfraGard Portal and that it is actively looking into the matter.
“This is an ongoing situation, and we are not able to provide any additional information at this time,” the FBI said in a written statement.
KrebsOnSecurity contacted the seller of the InfraGard database, a Breached forum member who uses the handle “USDoD” and whose avatar is the seal of the U.S. Department of Defense.
USDoD’s InfraGard sales thread on Breached.
USDoD said they gained access to the FBI’s InfraGard system by applying for a new account using the name, Social Security Number, date of birth and other personal details of a chief executive officer at a company that was highly likely to be granted InfraGard membership.
The CEO in question — currently the head of a major U.S. financial corporation that has a direct impact on the creditworthiness of most Americans — told KrebsOnSecurity they were never contacted by the FBI seeking to vet an InfraGard application.
USDoD told KrebsOnSecurity their phony application was submitted in November in the CEO’s name, and that the application included a contact email address that they controlled — but also the CEO’s real mobile phone number.
“When you register they said that to be approved can take at least three months,” USDoD said. “I wasn’t expected to be approve[d].”
But USDoD said that in early December, their email address in the name of the CEO received a reply saying the application had been approved (see redacted screenshot to the right). While the FBI’s InfraGard system requires multi-factor authentication by default, users can choose between receiving a one-time code via SMS or email.
“If it was only the phone I will be in [a] bad situation,” USDoD said. “Because I used the person[‘s] phone that I’m impersonating.”
USDoD said the InfraGard user data was made easily available via an Application Programming Interface (API) that is built into several key components of the website that help InfraGard members connect and communicate with each other.
USDoD said after their InfraGard membership was approved, they asked a friend to code a script in Python to query that API and retrieve all available InfraGard user data.
“InfraGard is a social media intelligence hub for high profile persons,” USDoD said. “They even got [a] forum to discuss things.”
To prove they still had access to InfraGard as of publication time Tuesday evening, USDoD sent a direct note through InfraGard’s messaging system to an InfraGard member whose personal details were initially published as a teaser on the database sales thread.
That InfraGard member, who is head of security at a major U.S. technology firm, confirmed receipt of USDoD’s message but asked to remain anonymous for this story.
USDoD acknowledged that their $50,000 asking price for the InfraGard database may be a tad high, given that it is a fairly basic list of people who are already very security-conscious. Also, only about half of the user accounts contain an email address, and most of the other database fields — like Social Security Number and Date of Birth — are completely empty.
“I don’t think someone will pay that price, but I have to [price it] a bit higher to [negotiate] the price that I want,” they explained.
While the data exposed by the infiltration at InfraGard may be minimal, the user data might not have been the true end game for the intruders.
USDoD said they were hoping the imposter account would last long enough for them to finish sending direct messages as the CEO to other executives using the InfraGuard messaging portal. USDoD shared the following redacted screenshot from what they claimed was one such message, although they provided no additional context about it.
A screenshot shared by USDoD showing a message thread in the FBI’s InfraGard system.
USDoD said in their sales thread that the guarantor for the transaction would be Pompompurin, the administrator of the cybercrime forum Breached. By purchasing the database through the forum administrator’s escrow service, would-be buyers can theoretically avoid getting ripped off and ensure the transaction will be consummated to the satisfaction of both parties before money exchanges hands.
Pompompurin has been a thorn in the side of the FBI for years. Their Breached forum is widely considered to be the second incarnation of RaidForums, a remarkably similar English-language cybercrime forum shuttered by the U.S. Department of Justice in April. Prior to its infiltration by the FBI, RaidForums sold access to more than 10 billion consumer records stolen in some of the world’s largest data breaches.
In November 2021, KrebsOnSecurity detailed how Pompompurin abused a vulnerability in an FBI online portal designed to share information with state and local law enforcement authorities, and how that access was used to blast out thousands of hoax email messages — all sent from an FBI email and Internet address.
Update, 10:58 p.m. ET: Updated the story after hearing from the financial company CEO whose identity was used to fool the FBI into approving an InfraGard membership. That CEO said they were never contacted by the FBI.
Update, 11:15 p.m. ET: The FBI just confirmed that it is aware of a potential false account associated with the InfraGard portal. The story now includes their full statement.
This is a developing story. Updates will be noted here with timestamps.
Cybersecurity has changed dramatically since the dawn of firewalls in the 1980s. But despite all the upheaval and innovation, they have stood the test of time. The basic concept of allowing “good” traffic to flow and blocking the bad stuff remains essential. Of course, it looks much different now than in the era of Care Bears and Cabbage Patch Kids.
Today’s workers, data, and applications are everywhere, and firewalls must be as well. There’s no longer just one finite space to defend. With the recent explosion of hybrid work and the rapid transition to multi-cloud environments, it’s imperative that firewalls evolve alongside a business — and be ready for whatever’s next.
So, can your firewall grow with you? Or is it stuck in the age of Hair Bands and He-Man?
The past few years have brought about a keen focus on resilience — remaining strong, yet adaptable in the face of unexpected and even unfathomable challenges. But an organization cannot persevere without security being at the forefront of any resilience strategy.
96% of executives consider security resilience highly important to their business.
– Cisco Security Outcomes Report
Firewalls are a critical foundation for building powerful, resilient security infrastructure. Yet contemporary firewalls have to be and do more than one thing. Cisco Secure Firewall delivers world-class security controls wherever you need them, with unified visibility and consistent policy management and enforcement.
As a worldwide leader in networking and security, Cisco is better positioned than any other vendor to incorporate effective firewall controls into your infrastructure — anywhere your data and applications reside. According to a study conducted on behalf of Cisco by Forrester Research, Cisco Secure Firewall customers can:
Cisco Secure Firewall delivers on several key aspects necessary for security resilience: visibility, flexibility, intelligence, integration, and unified controls. Together, they enable organizations to close gaps, see and detect threats faster, and adapt quickly to change.
Watch video: Cisco Secure Firewall Overview
With most of today’s internet traffic being encrypted, security measures can become obsolete without the ability to see into all traffic, encrypted or not. While decryption is commonplace, it is simply not feasible in many cases, and can have serious impacts on network performance. With its Encrypted Visibility Engine, Cisco Secure Firewall leverages deep packet inspection (DPI) to identify potentially malicious applications in encrypted traffic without offloading to another appliance and degrading performance.
Due to a highly distributed network and workforce, as well as constantly maturing attacks, the ability to see into every corner of your ecosystem is crucial. Cisco Secure Firewall blends multiple technologies to detect and block more threats in more places. By combining traditional firewall capabilities with URL filtering, application visibility and control, malware defense, and Snort 3 intrusion prevention, organizations gain robust protection against even the most sophisticated threats.
Cisco offers a wide variety of firewalls for defending the different areas of your network — including physical, virtual, and cloud-native — as well as cloud-delivered. We can secure businesses and offices of all types and sizes, from the data center to the cloud.
Cisco Secure also provides flexible firewall management options, enabling you to deploy and operate your security architecture in a way that is tailored to the unique requirements of your NetOps, SecOps, and DevOps teams. No matter which firewall models you choose or environments you operate in (physical or virtual), you can use a single, simplified application to manage all your firewalls from one place.
The threat landscape changes every day, and our defenses must change with it. Cisco Talos is one of the largest and most trusted threat intelligence groups in the world. Its in-depth insight into global threats, and advanced research and analysis, enable us to quickly incorporate protections for new threats into our products via hourly updates. That way, Cisco customers are continuously safeguarded from both known and unknown threats.
“When the Log4j vulnerability was discovered, we were protected before we even completed our patching,” said Paul Smith, network administrator at Marian University. “As a result of automated hourly updates from Talos, Cisco Secure Firewall had an early detection signature, so it was already blocking the concerning traffic from infiltrating our network.”
Another differentiator for Cisco Secure Firewall is that it’s part of an integrated security ecosystem. With Cisco SecureX, organizations can correlate data from multiple technologies and unleash XDR capabilities for a centralized, automated response to threats.
“At the end of the day, it’s about protecting the data, and we do that with the integration of [Cisco] Secure Endpoint, Umbrella, and Secure Firewall, which combine to protect the networks, endpoints, workstations, and servers — and all of this can be correlated easily within SecureX.”
– Elliott Bujan, IT Security Manager, Marine Credit Union
The new Cloud-delivered Firewall Management Center leverages the cloud to facilitate agile, simplified operations for a distributed, hybrid network. It provides efficiency at scale by allowing security teams to swiftly deploy and update policies across their environment with just a few clicks, as well as take coordinated actions to prioritize, investigate, and remediate threats within a single pane of glass. And with a cloud-delivered management center, Cisco regularly updates its software behind the scenes, which reduces risk, maintains compliance, and gives your team more time to focus on other priorities.
Additionally, Cisco Secure Firewall dynamically shares policies driven by intelligence from Cisco Secure Workload, which uses microsegmentation to prevent lateral movement of attackers throughout a network. This allows security policies to be harmonized across both the network and application environments, boosting efficacy and fostering collaboration between teams.
These are just some examples of what makes up a comprehensive, modernized firewall. But Cisco is not stopping there. We continue to innovate to meet evolving business needs. For example, the new enterprise-class 3100 Series firewalls are specially designed for hybrid work, supporting more end users with high-performance remote access for increased organizational flexibility.
Additionally, Cisco Secure Firewall serves as a key component of advanced security strategies including XDR, SASE, and zero trust, helping businesses keep pace with accelerating digital transformation. According to Cisco’s most recent Security Outcomes Report, organizations with mature XDR, SASE, and zero trust implementations all boast significantly higher levels of security resilience.
Fuel and energy retailer, Ampol, uses a variety of Cisco technologies, including Secure Firewall, to segment and safeguard its network. “Cisco was an integral part of our success during COVID-19 as we were able to serve customers without interruption in stores,” said Amir Yassa, senior project specialist at Ampol. “Deploying our retail resilience project, mostly comprised of Cisco products, enabled us to reduce our IT-related incidents by 90%, thus enabling us to serve our customers better now and into the future.”
Is your firewall keeping up with future demands, or is it still stuck in the 80s teasing its hair? If it’s the latter, we can help. Visit cisco.com/go/firewall and learn how to refresh your firewall.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
Payment applications make splitting restaurant bills, taxi fares, and household expenses so much easier. Without having to tally totals at the table or fumble with crumpled bills, you and your companions can spend less stress and more time on the fun at hand.
There are various payment apps available, and the company that may first come to mind is PayPal. PayPal is regarded as a safe platform where security and strong encryption are a priority; however, a recent and advanced phishing scam is putting PayPal users at risk of giving up large sums of money and their personally identifiable information (PII).1
Let’s look at this “triple-pronged” PayPal phishing scam and review some tips to help you identify and proceed should you encounter it.
The typical part of this three-sided scam is the phishing email component. According to one source, the phishing email comes from a legitimate-looking PayPal service email address. Luckily, the typos, odd punctuation, extra spaces, and grammar errors in the body of the email give away that it is a phishing attempt. Remember, phishing emails are often worded poorly or have errors. Large companies, especially ones like PayPal, have teams of content experts vetting all automated messages for such mistakes, so several mistakes in an email should set off your alarm bells. Proceed with caution and do not click on any links in the message.
The email also included wording that encouraged the user to act quickly or be charged a lot of money. That’s another trademark of phishing emails: urgency. Take a deep breath and make sure to reread carefully all emails that “require” a quick response. Don’t be scared by dire consequences. Phishers rely on people to rush and not give themselves time to listen to their better judgement.
The PayPal phishing email included a support phone number that claimed it was toll free. In actuality, it was an international phone number. So, if the recipient of the phishing email didn’t quite believe the message but wanted to follow up, the scam could catch them with what’s called a one-ring phone scam.2 This occurs when someone unknowingly calls an international phone number and then gets charged by their phone company for the long-distance call.
The best way to avoid one-ring phone scams is to never call a number you don’t recognize. Always go to an organization’s official website to find their contact information.
The third dimension of this PayPal scam was the international phone number in the phishing email connected the caller directly with the scammer who posed as the PayPal fraud department. The “customer service representative” then asked prying personal and financial questions to glean enough PII to break into a PayPal account or compromise the caller’s identity. This is the most damaging part of the scam. An excellent customer support team may be able to reimburse you your lost money; however, once your personal details are in nefarious hands, you can’t take them back.
In addition to never calling numbers you haven’t verified, never give out passwords and never give out more personal information than you need to. Even in legitimate customer service calls, it’s not rude to ask why the representative requires the information they’re asking for. In a fake call, questions like that may fluster the scammer, so keep an ear tuned to their tone.
Overall, our best advice for handling suspicious emails is to delete them. If it’s truly important, the sender will contact you again. And if a thief somehow stole money from one of your payment apps, the customer service team should be able to walk you through the steps to recover it.
The transfer and handling of large sums of money would make anyone nervous. To give you peace of mind, consider partnering with a service that can help you recover should you ever fall for a scheme and compromise your PII. McAfee+ Ultimate helps you live your best life in private, and the service includes credit monitoring with all three credit bureaus, security freeze, and expert online support to help you navigate any scams you encounter.
Having McAfee+ can protect you from email phishing scams like this. Here are some of the top agencies to report this scam to, if it happens to you: Paypal Fraud Department, Federal Trade Commision , Cybersecurity & Infrastructure Security Agency USA.gov IC3
“Report it. Forward phishing emails to reportphishing@apwg.org (an address used by the Anti-Phishing Working Group, which includes ISPs, security vendors, financial institutions, and law enforcement agencies). Let the company or person that was impersonated know about the phishing scheme.” – FTC.gov
1ZDNET, “Watch out for this triple-pronged PayPal phishing and fraud scam.”
2Federal Communications Commission, “‘One Ring’ Phone Scam.”
The post A PayPal Email Scam Is Making the Rounds: Here’s How to Identify and Avoid It appeared first on McAfee Blog.
Happy National App Day! No, we don’t mean apps of the mozzarella stick and potato skin variety, but your mobile apps that let you order dinner, hail a taxi, stay connected to your friends, and entertain you for hours with silly videos. While they’re undoubtedly useful, mobile apps are also a weak spot in some people’s digital safety. Cybercriminals take every chance they get to trick people through all kinds of technology, and mobile apps are no exception.
To celebrate National App Day, here are a few tips to keep your mobile and your personally identifiable information (PII) safe.
Did you know that there are hundreds of apps on the Android and Apple app stores whose only aim is to steal your passwords? In 2022, Meta identified more than 400 fake apps disguised as various utilities that targeted users to weasel Facebook login and password combinations.1 Malicious apps also regularly masquerade as photo editors and wallpapers but their real purpose is to run malware in the background of the mobile device, such as this Squid Game app from 2021.
Little-known apps aren’t the only ones you have to be wary of either. The biggest companies are also falling to cybercrime. For instance, more details recently came to light about a breach at Uber that leaked the PII of 57 million users. Plus, the popular mobile payment service, Cash App had the personal details of 8.3 million current and former users leaked.2
To keep your cellphone free of malicious software and your PII and password secure, take these five mobile security tips with you into the new year.
The new year is as good a time as any to unload any unnecessary baggage, emotional, literal, or in this case, digital. Go through your phone and delete the apps you haven’t used in the last six months. Make sure to completely delete your account with that app and not just hide it from your homepage. The smaller your digital footprint, the less at risk your PII is of being compromised in a breach.
Before you download any new app, it’s a good idea to conduct some background research on it. How many detailed reviews does it have? Who is the app developer? A phony app usually reveals itself through its lack of reviews. Consider apps with less than 50 reviews fishy. Skim the reviews for specific details and typos. If it’s lacking in detail but brimming with typos and grammatical mistakes, it could signal a fake. This research should take about five minutes, so don’t worry; it shouldn’t be too much of an inconvenience, and that time will be well spent.
Just like it’s a good idea to keep on top of global news, set up news alerts for cybersecurity breaches. If a company falls to a cybercriminal, the alert will give you the valuable time you need to act quickly to either delete your account or change your password.
For every online account, it is essential to create a unique password or passphrase. That way, if you do get hacked through an app or get tricked by a fake one, you don’t have to worry about cybercriminals using that password to walk into your other accounts. Password managers are an excellent way to keep all your passwords secure and free up your brain space for things other than dozens of passwords.
When you sign up for a new app, you can expect to give it a username, a password, and maybe your first name; however, if it has optional fields for your full birthday or your address, consider leaving those blank. The less information the company has about you, the less that can end up in cybercriminals’ hands if the app is breached.
The first step to better cyber habits is arming yourself with the knowledge of the threats that are out there. The best advice here is to slow down, observe and think about your next move every time you download a new app. The signs of a fake are usually not difficult to spot. Then, once you’re confident in its legitimacy, limit the amount of PII you share with it. In this digital world we live in, consider everyone susceptible to a breach.
To give you peace of mind, supplement your great habits with a tool, like McAfee+ Ultimate, that will cover all your bases and be your partner to live your best private life online.
1Tech.co, “Data Breaches That Have Happened in 2022 So Far.”
2Termly, “98 Biggest Data Breaches, Hacks, and Exposures.”
The post 2022’s Top 5 App Security Tips appeared first on McAfee Blog.
Watch ThreatWise TV: Explorations in the spam folder
The spam folder: that dark and disregarded corner of every email account, full of too-good-to-be-true offers, unexpected shipments, and supposedly free giveaways.
You’re right to ignore this folder; few good things come from exploring it. But every once in a while one of these misleading, and sometimes malicious, emails manages to evade the filters that normally siphon them off, landing them in your inbox instead.
Fortunately, it’s easy enough to spot these emails if you know what to look for. We’ve investigated this folder once before, showcasing a variety of scams. With the holiday season in full swing, we thought this would be a good time to revisit how scammers are trying to trick unsuspecting users.
The holiday season is traditionally a time when this type of activity increases, and this year is no different. According to research published by credit reporting agency TransUnion, the average daily number of suspected digital fraud attempts was up 82 percent globally between Thanksgiving and Cyber Monday (Nov 24–Nov 28) compared to the rest of the year (Jan 1–Nov 23) and 127 percent higher for transactions originating in the US.
This level of activity makes it all the more important to be aware of these scams. With that in mind, let’s dive into the spam folder to get a picture of the types of campaigns currently circulating.
While much of the spam circulating is innocuous, many emails are phishing attempts, and some are indeed malicious. To explore these scams, we used a dedicated computer, segmented from the rest of the network, and leveraged Cisco Secure Malware Analytics to safely open the emails before clicking on links or opening attachments. The point being, we do not recommend doing this at home.
By far, the largest category of spam we saw were surveys scams. According to these emails, if you fill out a simple survey you’ll receive “exclusive offers” such as gift cards, smartphones, smart watches, power drills, or even pots and pans.
There are even some campaigns that specifically target the holiday shopping season.
Clicking the links in these emails takes the recipient to sites where they are asked to fill out a survey.
These pages often include fake testimonials that say how easy the survey is and what they did with their free gift.
The surveys are straightforward, comprising 10-20 simple questions that cover demographic information and shopping habits.
After the survey is completed, these sites offer the choice of a handful of rewards. All the recipient must do is pay for shipping. They are then brought to a page where they can fill out shipping and payment information, and the reward is supposedly shipped.
However, the attempts to make payment often appear to fail, or the recipient is informed that the prize is no longer available.
An unsuspecting user may simply give up at this point, disappointed that they won’t be getting their free gift. What they may not be aware of, is that they have just given their credit card details away in a phishing scam.
In their 2021 Internet Crime Report, the Internet Crime Complaint Center (IC3) said that Non-Payment / Non-Delivery scams such as these led to more than $337 million in losses, up from $265 million in 2020. Credit card fraud amounted to $172 million in 2021 and has been climbing continuously at a conservative rate of 15-20 percent since 2019.
According to Cisco Umbrella, many of the sites asking for credit card details are known phishing sites, or worse, host malware.
Another topic that we covered the last time we explored these types of scams was package delivery spam. These continue to circulate today. There are a variety of shipping companies impersonated in these campaigns, and some generic ones as well.
Many of these campaigns claim that a package could not be delivered. If the recipient clicks on a link in an email, they’re brought to a web page that explains that there are outstanding delivery fees that need to be paid.
The recipient is further enticed by suggestions that the package contains a big-ticket item, such as an iPhone or iPad Pro. All the recipient is required to do is enter their credit card details to cover the shipping.
While no outright malicious activity was detected while examining these emails in Secure Malware Analytics, several suspicious behaviors were flagged. Chances are the bad actors behind these campaigns are phishing for credit card details.
Sometimes the simplest approaches can work just as well as the flashiest. This certainly holds true with spam campaigns, given the prominence of plain-text messages.
The topics covered in such emails run the gamut, including medical cures, 419 scams, romance and dating, pharmaceuticals, weight loss, and many of the scam types we’ve already covered. Many of these link to phishing sites, though some attempt to establish a dialog with the recipient, tricking them into sending the scammers money.
The IC3 report says that victims of confidence fraud and romance scams lost $956 million collectively, which is up from $600 million in 2020. Healthcare fraud, such as the miracle pills and prescriptions scams, resulted in $7 million in losses in 2021, but nearly $30 million in 2020. While these types of scams seem generic and easily spotted, they still work, and so it’s important to be aware and avoid them.
Many emails hitting the spam box attempt to trick users of various services into believing that there is a problem with their account. The problems cover all sorts of services, including streaming platforms, email providers, antivirus subscriptions, and even public records.
If the links are clicked, the recipient is presented with landing pages that mimic the respective services. Any details that are entered will likely be phished, leading to account takeover and/or access to personal records. However, some domains encountered in these cases may do more than just steal information, they could deliver malware too.
Another frequently encountered scam surrounds billing. Many of these appear to be unexpected bills for services the recipient never purchased.
These emails include attachments that are designed to look like official invoices. Interestingly, most of the attachments that we looked at this time were harmless. The goal is to get the recipient to call what appears to be a toll-free number.
While we haven’t called any of these numbers, the experience usually unfolds like a standard customer service call. In the end the “agents” simply claim the charges—which never existed in the first place—have been removed. Meanwhile the scammers steal any personal or financial information provided during the call.
While most billing scams we encountered played out as described above, a few did indeed contain malware.
In this example, the email appears to come from an internet service provider, informing us that our monthly bill is ready.
An invoice appears to be attached, stored within a .zip file. If the recipient opens it and double clicks the file within, a command prompt appears.
This may seem unusual to the recipient, especially since no invoice appears, but by this point it’s too late. The file contains a script that launches PowerShell and attempts to download a remote file.
While the remote file was no longer available at the time of analysis, there is a high likelihood it was malicious. But even though we were unable to determine its contents, Secure Malware Analytics flagged the script execution as malicious.
Knowing about prevalent scams, especially during the holiday season, is a first step in guarding against them. Granted the bad actors who distribute these spam campaigns do everything they can to make their scams look legitimate.
Fortunately, there are several things that you can do to identify scams and defend against them:
But even the best of us can be fooled, and when overseeing a large operation it’s more a matter of when, rather than if, someone clicks on the wrong link. There are elements of the Cisco Secure portfolio that can help for when the inevitable happens.
Cisco Secure Malware Analytics is the malware analysis and malware threat intelligence engine behind all products across the Cisco Security Architecture. The system delivers enhanced, in-depth, advanced malware analysis and context-rich intelligence to help better understand and fight malware within your environments. Secure Malware Analytics is available as a standalone solution, as a component in other Cisco Security solutions, and through software-as-a-service (SaaS) in the cloud, on-premises, and hybrid delivery models.
Cisco Secure Email protects against fraudulent senders, malware, phishing links, and spam. Its advanced threat detection capabilities can uncover known, emerging, and targeted threats. In addition, it defends against phishing by using advance machine learning techniques, real time behavior analytics, relationship modeling, and telemetry that protects against identity deception–based threats.
Cisco Umbrella unifies multiple security functions in a single cloud service to secure internet access. By enforcing security at the DNS layer, Umbrella blocks requests to malware before a connection is even established—before they reach your network or endpoints. In addition, the secure web gateway logs and inspects all web traffic for greater transparency, control, and protection, while the cloud-delivered firewall helps to block unwanted traffic.
Cisco Secure Endpoint is a single-agent solution that provides comprehensive protection, detection, response, and user access coverage to defend against threats to your endpoints. The SecureX platform is built into Secure Endpoint, as are Extended Detection and Response (XDR) capabilities. With the introduction of Cisco Secure MDR for Endpoint, we have combined Secure Endpoint’s superior capabilities with security operations to create a comprehensive endpoint security solution that dramatically decreases the mean time to detect and respond to threats while offering the highest level of always-on endpoint protection.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
This time of year, the air not only gets chillier but a bit cheerier for everyone … including online scammers. Holiday scams are a quick way to make a buck, and cybercriminals employ several holiday-themed schemes to weasel money and personally identifiable information (PII) from gift givers.
Here are three common holiday scams to watch out for this year, plus a few tips to help you stay safe online.
Gift cards are a standby present for the people on your list who are difficult to buy for or for people you don’t know too well but want to get them a small something. Whether the gift card is worth $5 or $500, an online scammer can steal the entire value through two techniques: a brute force attack or phishing. Known as gift card cracking, cybercriminals can take wild guesses at gift card codes and cash in the value for themselves by methodically guessing strings of numbers and letters and crossing their fingers for a match. Cybercriminals will also employ phishing emails, texts or social media direct messages to trick people into divulging gift card information.
To avoid gift card cracking, encourage gift receivers to redeem their gift card quickly to shorten the amount of time a scammer has to guess the code correctly. Or, you could opt for a paper gift certificate from a small business that doesn’t require online redeeming at all. To avoid gift card phishing scams, do not engage with any type of correspondence that claims they can double the value of your gift card or claims that there’s a problem with it. Be instantly on alert if anyone asks for the activation code. If the gift card-issuing business really needs to replace your purchase, they’ll issue you a new code. They’ll never ask for your existing one.
Are you a procrastinator? Watch out for last-minute shopping scams that are targeted at people who leave their gift buying until deep in December. As with anything else, if it’s too good to be true, it probably is. Shopping scams often take the form of phishing emails where criminals impersonate a well-known merchant or shipping company.
While sales often have a quick timeline, don’t let that short timeline pressure you into making an impulsive decision. Phishers rely on people’s excitement or inattention to trick them into giving up their credit card or banking information. Phishing emails, when you take the time to inspect them, are usually easy to spot. The logos are often blurry, there are often typos and grammar mistakes, and the tone of the message will seem “off.” Either it will sound very formal and impersonalized or it will sound very informal and seem pushy.
To protect your finances during the holiday season, consider putting a lock on your credit. This is easy to do with McAfee credit lock. You can still use your credit card and shop as you normally would. A credit lock is useful because, in case a criminal gets ahold of your PII, they won’t be able to open lines of credit in your name. This protects your credit score, which is essential to keep in good standing if you hope to buy a house or take out a loan anytime soon.
Just because a “company” has an ad on Facebook or Instagram doesn’t mean that it’s a legitimate establishment. Before buying from an online store you’ve never heard of, do some background research on it and read customer reviews to make sure that it’s real and will deliver you a quality product.
Take note of the online store’s URL before entering it. (You can preview the link by hovering over it with your cursor.) If the URL is a string of letters and numbers, it could be a malware site in disguise. One way to alert you to suspicious sites is McAfee Web Protection. Web Protection color codes links to identify potential malware and phishing sites and alert you to steer clear.
Your mind is already drawn in a bunch of different directions this holiday season (cooking, traveling, shopping, wrapping, tidying) so give yourself a respite from worrying about the safety of your identity and finances. McAfee+ Ultimate includes a VPN, Web Protection, credit lock, antivirus and more to cover all your bases to keep your devices and your PII safe.
The post ‘Tis the Season for Holiday Scams appeared first on McAfee Blog.
Even with the holidays in full swing, scammers won’t let up. In fact, it’s high time for some of their nastiest cons as people travel, donate to charities, and simply try to enjoy their time with friends and family.
Unfortunate as it is, scammers see this time of year as a tremendous opportunity to profit. While people focus giving to others, they focus on taking, propping up all manner of scams that use the holidays as a disguise. So as people move quickly about their day, perhaps with a touch of holiday stress in the mix, they hope to catch people off their guard with scams that wrap themselves in holiday trappings.
Yet once you know what to look for, they’re relatively easy to spot. The same scams roll out every year, sometimes changing in appearance yet remaining the same in substance. With a sharp eye, you can steer clear of them.
With Black Friday and Cyber Monday in the books, we can look forward to what’s next—a wave of post-holiday sales events that will likewise draw in millions of online shoppers. And just like those other big shopping days, bad actors will roll out a host of scams aimed at unsuspecting shoppers. Shopping scams take on several forms, which makes this a topic unto itself, one that we cover thoroughly in our Black Friday & Cyber Monday shopping scams blog. It’s worth a read if you haven’t done so already, as digs into the details of these scams and shows how you can avoid them.
However, the high-level advice for avoiding shopping scams is this: keep your eyes open. Deals that look too good to be true likely are, and shopping with retailers you haven’t heard of before requires a little bit of research to determine if their track record is clean. In the U.S., you can turn to the Better Business Bureau (BBB) for help with a listing of retailers you can search simply by typing in their names. You can also use https://whois.domaintools.com to look up the web address of the shopping site you want to research. There you can see its history and see when it was registered. A site that was registered only recently may be far less reputable than one that’s been registered for some time.
Plenty of new tech makes its way into our homes during the holiday season. And some of that tech can be a little challenging to set up. Be careful when you search for help online. Many scammers will establish phony tech support sites that aim to steal funds and credit card information. Go directly to the product manufacturer for help. Often, manufacturers will offer free support as part of the product warranty, so if you see a site advertising support for a fee, that could be a sign of a scam.
Likewise, scammers will reach out to you themselves. Whether through links from unsolicited emails, pop-up ads from risky sites, or by spammy phone calls, these scammers will pose as tech support from reputable brands. From there, they’ll falsely inform you that there’s something urgently wrong with your device and that you need to get it fixed right now—for a fee. Ignore these messages and don’t click on any links or attachments. Again, if you have concerns about your device, contact the manufacturer directly.
With the holidays comes travel, along with all the online booking and ticketing involved. Scammers will do their part to cash in here as well. Travel scams may include bogus emails that pose as reputable travel sites telling you something’s wrong with your booking. Clicking a link takes you to a similarly bogus site that asks for your credit card information to update the booking—which then passes it along to the scammer so they can rack up charges in your name. Other travel scams involve ads for cut-rate lodging, tours, airfare, and the like, all of which are served up on a phony website that only exists to steal credit card numbers and other personal information.
Some of these scams can look quite genuine, even though they’re not. They’ll use cleverly disguised web addresses that look legitimate, but aren’t, so don’t click any links. If you receive notice about an issue with your holiday travel, contact the company directly to follow up. Also, be wary of ads with unusually deep discounts or that promise availability in an otherwise busy season or time. These could be scams, so stick with reputable booking sites or with the websites maintained by hotels and travel providers themselves.
Donations to an organization or cause that’s close to someone’s heart make for a great holiday gift, just as they offer you a way to give back during the holiday season. And you guessed it, scammers will take advantage of this too. They’ll set up phony charities and apply tactics that pressure you into giving. As with so many scams out there, any time an email, text, direct message, or site urges you into immediate action—take pause. Research the charity. See how long they’ve been in operation, how they put their funds to work, and who truly benefits from them.
Likewise, note that there some charities pass along more money to their beneficiaries than others. As a general rule of thumb, most reputable organizations only keep 25% or less of their funds for operations, while some less-than-reputable organizations keep up to 95% of funds, leaving only 5% for advancing the cause they advocate. In the U.S., the Federal Trade Commission (FTC) has a site full of resources so that you can make your donation truly count. Resources like Charity Watch and Charity Navigator, along with the BBB’s Wise Giving Alliance can also help you identify the best charities.
The holidays also mean a flight of big-time sporting events, and with the advent of online betting in many regions scammers want to cash in. This scam works quite like shopping scams, where bad actors will set up online betting sites that look legitimate. They’ll take your bet, but if you win, they won’t pay out. Per the U.S. Better Business Bureau (BBB), the scam plays out like this:
“You place a bet, and, at first, everything seems normal. But as soon as you try to cash out your winnings, you find you can’t withdraw a cent. Scammers will make up various excuses. For example, they may claim technical issues or insist on additional identity verification. In other cases, they may require you to deposit even more money before you can withdraw your winnings. Whatever you do, you’ll never be able to get your money off the site. And any personal information you shared is now in the hands of scam artists.”
You can avoid these sites rather easily. Stick with the online betting sites that are approved by your regional gambling commission. Even so, be sure to read the fine print on any promo offers that these sites advertise because even legitimate betting sites can freeze accounts and the funds associated with them based on their terms and conditions.
A complete suite of online protection software, such as McAfee+ Ultimate can offer layers of extra security. In addition to more private and secure time online with a VPN, identity monitoring, and password management, it includes web browser protection that can block malicious and suspicious links that could lead you down the road to malware or a phishing scam—which antivirus protection can’t do alone. Additionally, we offer $1M identity theft coverage and support from a recovery pro, just in case.
And because scammers use personal information such as email addresses and cell phone numbers to wage their attacks, other features like our Personal Data Cleanup service can scan high-risk data broker sites for your personal information and then help you remove it, which can help reduce spam, phishing attacks, and deny bad actors the information they need to commit identity theft.
That’s why they enjoy the holidays so much. With all our giving, travel, and charity in play, it’s prime time for their scams. Yet a little insight into their cons, along with some knowledge as to how they play out, you can avoid them.
Remember that they’re playing into the hustle and bustle of the season and that they’re counting on you to lower your guard more than you might during other times of the year. Keep an eye open for the signs, do a little research when it’s called for, and stick with reputable stores, charities, and online services. With a thoughtful pause and a second look, you can spare yourself the grief of a scam and fully enjoy your holidays.
The post Unwrapping Some of the Holiday Season’s Biggest Scams appeared first on McAfee Blog.
Do yourself a favor: Open a new browser tab and head to your search engine of choice. Type in your full name and home address. Then, see what pops up.
Are the results sparking an ember of unease in the back of your brain? Whether you’re a private person online or you’re comfortable sharing your daily life updates on social media, there are likely to be several personal details about you on sites that shouldn’t have that information. Some of these sites may be data brokerage websites.
Data brokerage sites are legal and are mostly used by annoying advertisers, though cybercriminals may also use them maliciously. The average person has their information for sale on 31 data brokerage sites, and 95% of people have their personal information on sale without their permission.
So how do you scrub the internet of your personal details to keep your identity secure? McAfee Personal Data Cleanup is a service that prevents your personal information from being collected and sold online. Here’s why you should consider taking a few easy steps now to give you peace of mind about the security of your personally identifiable information (PII).
Attack surface is a term usually applied to corporate security, but it’s a great visualization for everyday people going about their personal online errands and entertainment. An attack surface is the number of possible entry points a cybercriminal could weasel their way through to get at your valuable and private information. Entry points include your social media profiles, your online shopping accounts, and data brokerage sites. The fewer entry points you have, the harder it is for cybercriminals to find and exploit them.
While Social Security Numbers (SSNs) are generally revered as the piece of PII to guard most closely, a cybercriminal can still damage your identity with just your name and an address, email address, or phone number. For example, they can request new passwords or multifactor authentication one-time passcodes to break their way into online banking or shopping accounts. Security breaches are happening to huge companies all over the world. All it takes is for your SSN to be leaked in one of them, for a cybercriminal to piece together your digital clone and use it to harm your identity or credit.
Personal Data Cleanup minimizes your attack surface by removing as much PII as possible that’s floating around the internet, just waiting for someone to buy it.
When you’re aware of how many unauthorized vendors are selling your PII, it could be the wakeup call you need start adopting more cautious online habits. For instance, oversharing on social media leaks a lot of valuable details that a savvy criminal can then use to take educated guesses at your passwords or craft a social engineering plot catered just to you.
The present is as good a time as any to start protecting your identity for the future; however, getting started is often the most difficult step. It can seem overwhelming to reach out to every data brokerage site individually and request they remove your info. Personal Data Cleanup can be your partner not only in beginning the cleanup process but in monitoring your data security to keep your online presence as minimal as possible. The service scans the internet’s riskiest sites and then, before deleting your information from these sites, runs it by you to confirm. Then, it will continually monitor those same sites, as your information will likely reappear every two to four months.
Do not underestimate the tenacity of a cybercriminal. Even for people who have the attitude that their PII is bound to be somewhere online and that it’s no big deal, McAfee Personal Data Cleanup manages three key steps in the data removal process: scanning, removing, and monitoring. So, even if you’re not convinced that data brokerage sites are a threat, the process is too easy to put off any longer!
For those who are concerned about their online privacy, full-service Personal Data Cleanup is included in McAfee+ Ultimate, which is the complete package to let you live your online life in private. McAfee+ Ultimate also includes identity monitoring and identity theft resolution services, unlimited VPN, credit lock, and much more.
In 2021, more than 1.4 million identity theft complaints were filed to the Federal Trade Commission.1 Identity theft can occur to anyone, so take steps today, starting with data brokerage sites, to live a more secure and more private digital life.
1Federal Trade Commission, “New Data Shows FTC Received 2.8 Million Fraud Reports from Consumers in 2021”
The post McAfee Personal Data Cleanup: Your Partner in Living a More Private Online Life appeared first on McAfee Blog.
Have you ever been browsing online and clicked a link or search result that took you to a site that triggers a “your connection is not private” or “your connection is not secure” error code? If you’re not too interested in that particular result, you may simply move on to another result option. But if you’re tempted to visit the site anyway, you should be sure you understand what the warning means, what the risks are, and how to bypass the error if you need to.
A “your connection is not private” error means that your browser cannot determine with certainty that a website has safe encryption protocols in place to protect your device and data. You can bump into this error on any device connected to the internet — computer, smartphone, or tablet.
So, what exactly is going on when you see the “this connection is not private” error?
For starters, it’s important to know that seeing the error is just a warning, and it does not mean any of your private information is compromised. A “your connection is not private” error means the website you were trying to visit does not have an up-to-date SSL (secure sockets layer) security certificate.
Website owners must maintain the licensing regularly to ensure the site encryption capabilities are up to date. If the website’s SSL certificate is outdated, it means the site owners have not kept their encryption licensing current, but it doesn’t necessarily mean they are up to no good. Even major websites like LinkedIn have had momentary lapses that would throw the error. LinkedIn mistakenly let their subdomain SSL certificates lapse.
In late 2021, a significant provider of SSL certificates, Let’s Encrypt, went out of business. When their root domain officially lapsed, it created issues for many domain names and SSL certificates owned by legitimate companies. The privacy error created problems for unwitting businesses, as many of their website visitors were rightfully concerned about site security.
While it does not always mean a website is unsafe to browse, it should not be ignored. A secure internet connection is critical to protecting yourself online. Many nefarious websites are dangerous to visit, and this SSL certificate error will protect you from walking into them unaware.
SSL certification standards have helped make the web a safer place to transact. It helps ensure online activities like paying bills online, ordering products, connecting to online banking, or keeping your private email accounts safe and secure. Online security continues to improve with a new Transport Layer Security (TLS) standard, which promises to be the successor protocol to SSL.
So be careful whenever visiting sites that trigger the “connection is not private” error, as those sites can potentially make your personal data less secure and make your devices vulnerable to viruses and malware.
Note: The “your connection is not private” error is Google Chrome‘s phrasing. Microsoft Edge or Mozilla Firefox users will instead see a “your connection is not secure” error as the warning message.
If you feel confident that a website or page is safe, despite the warning from your web browser, there are a few things you can do to troubleshoot the error.
Remember, you are taking your chances anytime you ignore an error. As we mentioned, you could leave yourself vulnerable to hackers after your passwords, personal information, and other risks.
Your data and private information are valuable to hackers, so they will continue to find new ways to try and procure it. Here are some ways to protect yourself and your data when browsing online.
As we continue to do more critical business online, we must also do our best to address the risks of the internet’s many conveniences.
A comprehensive cybersecurity tool like McAfee+ Ultimate can help protect you from online scams, identity theft, and phishing attempts, and ensure you always have a secure connection. McAfee helps keep your sensitive information out of the hands of hackers and can help you keep your digital data footprints lighter with personal data cleanup.
With McAfee’s experts on your side, you can enjoy everything the web offers with the confidence of total protection.
The post “This Connection Is Not Private” – What it Means and How to Protect Your Privacy appeared first on McAfee Blog.
It’s important to know that not all websites are safe to visit. In fact, some sites may contain malicious software (malware) that can harm your computer or steal your personal contact information or credit card numbers.
Phishing is another common type of web-based attack where scammers try to trick you into giving them your personal information, and you can be susceptible to this if you visit a suspicious site.
Identity theft is a serious problem, so it’s important to protect yourself when browsing the web. Online security threats can be a big issue for internet users, especially when visiting new websites or following site links.
So how can you tell if you’re visiting a safe website or an unsafe website? You can use a few different methods. This page discusses key things to look for in a website so you can stay safe online.
When you’re visiting a website, a few key indicators can help determine whether the site is safe. This section explores how to check the URL for two specific signs of a secure website.
“Https” in a website URL indicates that the website is safe to visit. The “s” stands for “secure,” and it means that the website uses SSL (Secure Sockets Layer) encryption to protect your information. A verified SSL certificate tells your browser that the website is secure. This is especially important when shopping online or entering personal information into a website.
When you see “https” in a URL, the site is using a protocol that encrypts information before it’s sent from your computer to the website’s server. This helps prevent anyone from intercepting and reading your sensitive information as it’s transmitted.
The padlock icon near your browser’s URL field is another indicator that a webpage is safe to visit. This icon usually appears in the address bar and means the site uses SSL encryption. Security tools and icon and warning appearances depend on the web browser.
Let’s explore the cybersecurity tools on the three major web browsers:
Overall, the ”https” and the locked padlock icon are good signs that your personal data will be safe when you enter it on a website. But you can ensure a website’s security is up to par in other ways. This section will explore five in-depth methods for checking website safety.
McAfee WebAdvisor is a free toolbar that helps keep you safe online. It works with your existing antivirus software to provide an extra layer of protection against online threats. WebAdvisor also blocks unsafe websites and lets you know if a site is known for phishing or other malicious activity. In addition, it can help you avoid online scams and prevent you from accidentally downloading malware. Overall, McAfee WebAdvisor is a useful tool that can help you stay safe while browsing the web.
When you’re browsing the web, it’s important to be able to trust the websites you’re visiting. One way to determine if a website is trustworthy is to look for trust seals. Trust seals are logos or badges that indicate a website is safe and secure. They usually appear on the homepage or checkout page of a website.
There are many types of trust seals, but some of the most common include the Better Business Bureau (BBB) seal, VeriSign secure seal, and the McAfee secure seal. These seals indicate that a third-party organization has verified the website as safe and secure.
While trust seals can help determine whether a website is trustworthy, it’s important to remember that they are not foolproof. Website owners can create a fake trust seal, so it’s always important to do your own research to ensure a website is safe before entering personal information.
Another way to determine if a website is safe to visit is to check for a privacy policy. A privacy policy is a document that outlines how a website collects and uses personal information. It should also state how the site protects your data from being accessed or shared by scammers, hackers, or other unauthorized individuals.
If a website doesn’t have a privacy policy, that’s a red flag that you shouldn’t enter any personal information on the site. Even if a website does have a privacy policy, it’s important to read it carefully so you understand how the site uses your personal data.
It’s important to do some preliminary research before visiting a new website, especially if you’re shopping online or entering personal data like your address, credit card, or phone number. One way to determine if a website is safe and trustworthy is to check third-party reviews. Several websites provide reviews of other websites, so you should be able to find several reviews for any given site.
Trustpilot is one example of a website that provides reviews of other websites.
Look for common themes when reading reviews. If most of the reviews mention that a website is safe and easy to use, it’s likely that the site is indeed safe to visit. However, if a lot of negative reviews mention problems with viruses or malware, you might want to avoid the site.
You can also analyze the website design when deciding whether a website is safe to visit. Look for spelling errors, grammatical mistakes, and anything that appears off. If a website looks like it was made in a hurry or doesn’t seem to be well-designed, that’s usually a red flag that the site might not be safe.
Be especially careful of websites that have a lot of pop-ups. These sites are often spammy or contain malware. Don’t download anything from a website unless you’re absolutely sure it’s safe. These malicious websites rarely show up on the top of search engine results, so consider using a search engine to find what you’re looking for rather than a link that redirects you to an unknown website.
If you’re unsure whether a website is safe to visit, download McAfee WebAdvisor for free. McAfee WebAdvisor is a program that helps protect you from online threats, such as malware and viruses. It also blocks pop-ups and other intrusive ads so you can browse the web without worry. Plus, it’s completely free to download and use.
Download McAfee WebAdvisor now and stay safe while browsing the web.
The post How to Tell Whether a Website Is Safe or Unsafe appeared first on McAfee Blog.
What color jersey will you be sporting this November and December? The World Cup is on its way to television screens around the world, and scores of fans are dreaming of cheering on their team at stadiums throughout Qatar. Meanwhile, cybercriminals are dreaming of stealing the personally identifiable information (PII) of fans seeking last-minute vacation and ticket deals.
Don’t let the threat of phishers and online scammers dampen your team spirit this World Cup tournament. Here are three common schemes cybercriminals will likely employ and a few tips to help you dribble around their clumsy offense and protect your identity, financial information, and digital privacy.
Phishers will be out in full force attempting to capitalize on World Cup fever. People wrapped up in the excitement may jump on offers that any other time of the year they would treat with skepticism. For example, in years past, fake contests and travel deals inundated email inboxes across the world. Some companies do indeed run legitimate giveaways, and cybercriminals slip in their phishing attempts among them.
If you receive an email or text saying that you’re the winner of a ticket giveaway, think back: Did you even enter a contest? If not, treat any “winner” notification with skepticism. It’s very rare for a company to automatically enter people into a drawing. Usually, companies want you to act – subscribe to a newsletter or engage with a social media post, for example – in exchange for your entry into their contest. Also, beware of emails that urge you to respond within a few hours to “claim your prize.” While it’s true that real contest winners must reply promptly, organized companies will likely give you at least a day if not longer to acknowledge receipt.
Traveling is rarely an inexpensive endeavor. Flights, hotels, rental cars, dining costs, and tourist attraction admission fees add up quickly. In the case of this year’s host country, Qatar, there’s an additional cost for American travelers: visas.
If you see package travel deals to the World Cup that seem too good to pass up … pass them up. Fake ads for ultra-cheap flights, hotels, and tickets may appear not only in your email inbox but also on your social media feed. Just because it’s an ad doesn’t mean it comes from a legitimate company. Legitimate travel companies will likely have professional-looking websites with clear graphics and clean website copy. Search for the name of the organization online and see what other people have to say about the company. If no search results appear or the website looks sloppy, proceed with caution or do not approach at all.
Regarding visas, be wary of anyone offering to help you apply for a visa. There are plenty of government-run websites that’ll walk you through the process, which isn’t difficult as long as you leave enough time for processing. Do not send your physical passport to anyone who is not a confirmed government official.
Even fans who’ve given up on watching World Cup matches in person aren’t out of the path of scams. Sites claiming to have crystal clear streams of every game could be malware spreaders in disguise. Malware and ransomware targeting home computers often lurk on sketchy sites. All it takes is a click on one bad link to let a cybercriminal or a virus into your device.
Your safest route to good-quality live game streams is through the official sites of your local broadcasting company or the official World Cup site. You may have to pay a fee, but in the grand scheme of things, that fee could be a lot less expensive than replacing or repairing an infected device.
Here’s an excellent rule to follow with any electronic correspondence: Never send anyone your passwords, routing and account number, passport information, or Social Security Number. A legitimate organization will never ask for your password, and it’s best to communicate any sensitive financial or identifiable information over the phone, not email or text as they can easily fall into the wrong hands. Also, do not wire large sums of money to someone you just met online.
Don’t let scams ruin your enjoyment of this year’s World Cup! With these tips, you should be able to avoid the most common schemes but to boost your confidence in your online presence, consider signing up for McAfee+. Think of McAfee+ as the ultimate goalkeeper who’ll block any cybercriminals looking to score on you. With identity monitoring, credit lock, unlimited VPN and antivirus, and more, you can surf safely and with peace of mind.
The post Watch Out for These 3 World Cup Scams appeared first on McAfee Blog.
Monkey in the middle, the beloved playground staple, extends beyond schoolyards into corporate networks, home desktops, and personal mobile devices in a not-so-fun way. Known as a monkey-in-the-middle or man-in-the-middle attack (MiTM), it’s a type of cybercrime that can happen to anyone.
Here’s everything you need to know about mobile MiTM schemes specifically, how to identify when your mobile device is experiencing one, and how to protect your personally identifiable information (PII) and your device from cybercriminals.
A man-in-the-middle attack, or MiTM attack, is a scheme where a cybercriminal intercepts someone’s online activity and impersonates a trusted person or organization. From there, the criminal may ask personal questions or attempt to get financial information; however, since the mobile device owner thinks they’re communicating with someone with good intentions, they give up these details freely.
MiTM is an umbrella term that includes several cybercrime tactics, such as:
Cybercriminals gain access to mobile devices to carry out MiTM mobile attacks through three main methods: Wi-Fi eavesdropping, malware, or phishing.
The most common giveaway of a MiTM attack is a spotty internet connection. If a cybercriminal has a hold on your device, they may disconnect you from the internet so they can take your place in sessions or steal your username and password combination.
If your device is overheating or the battery life is much shorter than normal, it could indicate that it is running malware in the background.
If you can identify the signs of a MiTM attack, that’s a great first step in protecting your device. Awareness of your digital surroundings is another way to keep your device and PII safe. Steer clear of websites that look sloppy, and do not stream or download content from unofficial sites. Malware is often hidden in links on dubious sites.
To safeguard your Wi-Fi connection, protect your home router with a strong password or passphrase. When connecting to public Wi-Fi, confirm with the hotel or café’s staff their official Wi-Fi network name. Then, make sure to connect to a virtual private network (VPN). A VPN encrypts your online activity, which makes it impossible for someone to digitally eavesdrop.
Finally, a comprehensive antivirus software can clean up your device of malicious programs it might have contracted.
McAfee+ Ultimate includes unlimited VPN and antivirus, plus a whole lot more to keep all your devices safe. It also includes web protection that alerts you to suspicious websites, identity monitoring, and daily credit reports to help you browse safely and keep on top of any threats to your identity or credit.
A cybercriminal’s prize for winning a mobile scheme of monkey in the middle is your personal information. With preparation and excellent digital protection tools on your team, you can make sure you emerge victorious and safe.
The post Everything You Need to Know to Avoid a Man-in-the-Middle Mobile Attack appeared first on McAfee Blog.
FreshRSS 