FreshRSS

🔒
❌ About FreshRSS
There are new available articles, click to refresh the page.
Before yesterdayMcAfee Blogs

How To Secure Your Online Life? Find Your Protection Score!

By Alex Merton-McCann

I am renowned for getting myself into big messes – particularly in the kitchen when I’m cooking up a storm. And I’m totally fine being alone: chopping, stirring and baking until it’s time to clean up! And that’s when the overwhelm hits – I know I should clean as I cook but I never do! So, what do I do? Rally the troops! Yes siree! There’s nothing like another set of eyes or hands to help one wade through the overwhelm – I’m sure that’s why I had 4 kids!! 

Online Life Can Be Messy Too! 

Many people tell me that they feel a similar way about their online life. They know they need to be doing more to keep themselves safe, but they are completely overwhelmed at where to start. With so much of our lives lived online, it’s not uncommon for one person to have over a hundred online accounts across multiple devices which makes it very hard to keep track of logins, data breaches, or security software.  

And research conducted by McAfee shows that consumers know they need to take steps to protect themselves with 74% of users concerned about keeping information private online and 57% keen to be in more control of their personal information. Not surprisingly, since the pandemic started 47% of online consumers feel unsafe compared to just 29% beforehand. 

Where to Start? Your Protection Score! 

So, to try and make this very overwhelming task that bit easier, McAfee has developed a new tool that allows you to find your own Protection Score. Think of your Protection Score like your credit score or sleep score except this one is a measure of your security online. The higher the score, the safer you are online. And the best part about the score is that helps users identify exactly where they need to pinpoint their focus to ensure they are as safe as possible online. Think of it as a set of experienced hands to help you wade through the overwhelm. 

How Does It Work? 

In less than a minute, the McAfee Protection Score will provide you with a pretty clear understanding of how safe you are online. Participants are given a mark between 0 and 1000 that is based on several factors: whether you have online protection and whether your details have been leaked in a security breach. Now, don’t be alarmed if your score is low because here’s the best bit – you will receive a list of exactly what you need to do to improve it and protect yourself from online threats! Phew – my competitive type A personality wouldn’t have coped if I was unable to fix it!  

Let me give you an example, when I signed up, I was alerted to the fact that my email address had been involved in a breach, yes – I’m very human! So, it helped me remedy this by taking me to the appropriate page where I could update my password, and then, bingo, my score (and online safety) improved!!  

And just to ensure you remain committed, every time you venture back to the Protection Score page, your results and action plan will be there waiting for you to ensure you stay on track and most importantly, to cut through that overwhelm! 

Now, in case you were wondering, McAfee’s Protection Score is a first for the cybersecurity industry but good news – they’ve promised it will continue evolving. They will continue to add more features and opportunities to personalize so you can ensure you are living life to the full online!! 

So, if you’re feeling overwhelmed at exactly what you need to do to get your online safety under control then McAfee’s Protection Score is exactly what you need. In less than a minute you’ll be able to get a clear understanding of where your online security sits and a personalized action plan so you can start addressing it right away! How good is that? 

Till Next Time, 

Alex 

The post How To Secure Your Online Life? Find Your Protection Score! appeared first on McAfee Blog.

The Big Reason Why You Should Update Your Browser (and How to Do It)

By McAfee

The humble internet browser. Dutifully taking you the places you want to go online, whether that’s the bank, the store, the movies, or even to work. All the more reason to make sure your browser gets every last bit of protection it can.

It’s easy to fire up your browser without a second thought. Arguably, it’s one of the first things many of us do when we hop on our computers. And because it’s often our literal window into important tasks like managing our finances, making payments, and so forth, hackers will absolutely target browsers in order to conduct their attacks. Whether it’s through vulnerabilities in the code that runs the browser, injecting malicious code into a browser session or any one of several other attack vectors, hackers will try to find a way to compromise computers via the browser.

What’s one of the best ways to keep your browser safe? In a word, update. By updating your browser, you’ll get the latest in features and functionality in addition to security fixes that can keep you safer out there.

Let’s take a closer look at what a safer browser is all about, how to update yours, and check out some additional things you can do to stay safer still.

Browser hacks go way back—and are here to stay

Just as long as there have been browsers, there have been security vulnerabilities and issues. Among the first documented cases, one of the most noteworthy goes back to 1995 when researchers at the University of California, Berkeley uncovered a security issue with the way the Netscape browser handled online payments. Today, news of potential browser exploits and follow-on security measures to remedy them still make the headlines all across several types of popular browsers.

The reality of the issue is that browsers, humble as they may seem to us, are complex applications made up of myriad smaller applications to handle all manner of tasks that create your overall web browsing experience. And where there’s code, there’s room for error. Errors that hackers will look to exploit until an update comes along and fixes them.

Browser plug-ins and extensions add extra features—and potential risks

Adding further functionality to your browser, and potentially further opportunities for hackers, are browser plug-ins and extensions. These are small apps that give your browser additional capabilities, like opening and editing documents, blocking ads, finding coupons, and even playing tabletop role-playing games in a browser as well. In short, there are thousands of them, often available in the various stores run by different browser developers.

Likewise, browser plug-ins and extensions can be prone to security issues just like the browser they’re installed in. Errors in their code may lead to exploits that hackers can take advantage of. Further, not all plug-ins and extensions are safe and secure to use. It’s not uncommon for malicious ones to turn up on third-party sites that steal user information, introduce malware, or that end up serving ads on a person’s computer, just to name a few of the nasty things they can do. Even official browser stores have had malicious plug-ins and extensions slip onto their shelves.

Lastly, even seemingly legitimate plug-ins and extensions can introduce privacy issues. Given that they’re on your browser and have been granted permissions to work with it, they could be collecting data—data which the developer may use, share, or resell. And it may be tough to know exactly what’s being collected and what’s being done with it. Yet like many smartphone app stores, browser stores are including links to developer privacy statements on the download page for the plug-ins and extensions they offer, giving people more insight into how their data is used. However, sometimes plug-ins and extensions get sold from one company to another where they not only change owners but privacy policies as well. In other words, that plug-in or extension on your computer may get sold to another company without your knowledge and subsequently decide to use your data in an entirely new way.

Given this landscape, there’s a clear case for updating your browser regularly, along with your plug-ins and extensions as well. Moreover, you might want to take a look at what plug-ins and extensions you’re running as well to ensure they’re secure and that they’re something you actually have use for.

Let’s take a look at how you can do all that.

So, do you keep your browser and extensions up to date?

Set up your browser to update automatically. This is relatively straightforward, and browser developers have pages that show you how it’s done. For example, sampling a few of the browsers out there:

As for updating your extensions, the browser developers have put together quick guides to help you what that too. The good news is that when you update your browser, your browser typically updates its associated plug-ins and extensions as well. However, note that your browser’s update cycle may not be in sync with the update cycle for your various plug-ins and extensions, so you may want to go in and update them on their own. These guides can help:

<h2>Take a look at your browser extensions—and see if you want them in the first place

What extensions am I even running? Now that’s a great question. And it’s not too tough to get the answer. In short, your browser’s menu will have an option that will give you an overview of what you have installed and which ones are enabled for use. Once more, each browser developer has their own way of going about this:

This is a good opportunity to give your extensions a hard look. Are they something you use? Are they something you want? Who developed that extension? What might they be doing with my data? Answering these questions may take a little work on your part—like searching for news, information, or reviews about the various extensions you have installed. If you don’t like what your research turns up, you can simply uninstall the extension in question.

A good general rule is this—the fewer apps and extensions you have, the fewer you have to update. Likewise, that’s ultimately fewer lines of code that may turn up a possible exploit. If it’s something you’re not using, consider getting rid of it.

<h2>Make your browser safer with web protection

Many browser-based attacks find their way to you through sketchy websites and downloads. Even ads that look legit but are not. As said before, hackers will try and find a way. One tool you can use to beat them at their game is browser protection, which helps prevent you from making that one wrong click that leads to malware.

In our case, we offer McAfee WebAdvisor, a lightweight app that helps keep you safe from threats while you browse and search the web. Specifically, it includes three types of protection that can help steer you clear of those sketchy websites and downloads.

It’s a free download, and it’s also included with our comprehensive online protection software. Either way, this provides you with yet another line of defense when it comes to browser-based attacks.

Protect your browser from hacks and attacks. Update.

That’s the big reason to update right there. Updates give you one more way to prevent attacks by fixing known security issues. It’s true for your operating systems, your apps, your games, what have you. All of them rely on sometimes complex code, code which can sprout exploits, ones that hackers will use. Count your browser in that mix as well. Updating your browser, plus its plug-ins and extensions will help keep you safer online.

The post The Big Reason Why You Should Update Your Browser (and How to Do It) appeared first on McAfee Blog.

How to Protect Yourself from March Madness Scams

By McAfee

It’s the month of top seeds, big upsets, and Cinderella runs by the underdogs. With March Madness basketball cranking up, a fair share of online betting will sure to follow—along with online betting scams. 

Since a U.S. Supreme Court ruling in 2018, individual states can determine their own laws for sports betting. Soon after, states leaped at the opportunity to legalize it in some form or other. Today, 30 states and the District of Columbia have “live and legal” sports betting, meaning that people can bet on single-game sports through a retail or online sportsbook or combination of the two in their state. 

If you’re a sports fan, this news has probably been hard to miss. Or at least the outcome of it all has been hard to miss. Commercials and signage in and around games promote several major online betting platforms. Ads have naturally made their way online too, complete with all kinds of promo offers to encourage people to get in on the action. However, that’s also opened the door for scammers who’re looking to take advantage of people looking to make a bet online, according to the Better Business Bureau (BBB). Often through shady or outright phony betting sites. 

Let’s take a look at the online sports betting landscape, some of the scams that are cropping up, and some things you can do to make a safer bet this March or any time.  

Can I bet on sports in my state, and how? 

Among the 30 states that have “live and legal” sports betting, 19 offer online betting, a number that will likely grow given various state legislation that’s either been introduced or will be introduced soon. 

 

Source: www.americangaming.org
Source: www.americangaming.org

If you’re curious about what’s available in your state, this interactive map shows the status of sports betting on a state-by-state level. Further, clicking on an individual state on the map will give you yet more specifics, such as the names of retail sportsbooks and online betting services that are legal in the state. For anyone looking to place a bet, this is a good place to start. This is further helpful for people who’re looking to get into online sports betting for the first time and is the sort of homework that the BBB advises people to do before placing a sports bet online. In their words, you can consider these sportsbooks to be “white-labeled” by your state’s gaming commission.

Source: www.americangaming.org
Source: www.americangaming.org

However, the BBB stresses that people should be aware that the terms and conditions associated with online sports betting will vary from service to service, as will the promotions that they offer. The BBB accordingly advises people to closely read these terms, conditions and offers. For one, “Gambling companies can restrict a user’s activity,” meaning that they can freeze accounts and the funds associated with them based on their terms and conditions. Also, the BBB cautions people about those promo offers that are often heavily advertised, “[L]ike any sales pitch, these can be deceptive. Be sure to read the fine print carefully.” 

Scammers and online betting 

Where do scammers enter the mix? The BBB points to the rise of consumer complaints around bogus betting sites: 

“You place a bet, and, at first, everything seems normal. But as soon as you try to cash out your winnings, you find you can’t withdraw a cent. Scammers will make up various excuses. For example, they may claim technical issues or insist on additional identity verification. In other cases, they may require you to deposit even more money before you can withdraw your winnings. Whatever you do, you’ll never be able to get your money off the site. And any personal information you shared is now in the hands of scam artists.” 

If there’s a good reason you should stick to the “white labeled” sites that are approved by your state’s gaming commission, this is it. Take a pass on any online ads that promote betting sites, particularly if they roll out big and almost too-good-to-be-true offers. These may lead you to shady or bogus sites. Instead, visit the ones that are approved in your state by typing in their address directly into your browser. 

Ready to place your bet? Keep these things in mind. 

In addition to what we mentioned above, there are several other things you can do to make your betting safer. 

1) Check the rep of the service.

In addition to choosing a state-approved option, check out the organization’s BBB listing at BBB.org. Here you can get a snapshot of customer ratings, complaints registered against the organization, and the organization’s response to the complaints, along with its BBB rating, if it has one. Doing a little reading here can be enlightening, giving you a sense of what issues arise and how the organization has historically addressed them. For example, you may see a common complaint and how it’s commonly resolved. You may also see where the organization has simply chosen not to respond, all of which can shape your decision whether to bet with them or not. 

2) Use a secure payment method other than your debit card.

Credit cards are a good way to go. One reason why is the Fair Credit Billing Act, which offers protection against fraudulent charges on credit cards by giving you the right to dispute charges over $50 for goods and services that were never delivered or otherwise billed incorrectly. Your credit card companies may have their own policies that improve upon the Fair Credit Billing Act as well. Debit cards don’t get the same protection under the Act. 

3) Get online protection.

Comprehensive online protection software will defend you against the latest virus, malware, spyware, and ransomware attacks plus further protect your privacy and identity. In addition to this, it can also provide strong password protection by generating and automatically storing complex passwords to keep your credentials safer from hackers and crooks who may try to force their way into your accounts. And, specific to betting sites, online protection can help prevent you from clicking links to known or suspected malicious sites. 

Make the safe(r) bet 

With online betting cropping up in more and more states for more and more people, awareness of how it works and how scammers have set up their presence within it becomes increasingly important. Research is key, such as knowing who the state-approved sportsbooks and services are, what types of betting are allowed, and where. By sticking to these white-label offerings and reading the fine print in terms, conditions, and promo offers, people can make online betting safer and more enjoyable. 

Editor’s Note: 

If gambling is a problem for you or someone you know, you can seek assistance from a qualified service or professional. Several states have their own helplines, and nationally you can reach out to resources like http://www.gamblersanonymous.org/ or https://www.ncpgambling.org/help-treatment/. 

The post How to Protect Yourself from March Madness Scams appeared first on McAfee Blog.

What Is a Crypto Wallet and How to Keep Your Wallet Secure?

By Vishnu Varadaraj

A-list celebrities and social media influencers are now adding their voices to the roar of other cryptocurrency fans asking you to join them in the investments of the future. It’s impossible to deny the grip cryptocurrencies have on the world today, for better or worse. In some industries, they speed the pace of business and for some, it’s a viable way to make ends meet and set up long-term investments. The cryptocurrency realm has also proven to be vulnerable to cybercriminals. For example, the Wormhole hack leaked $320 million, and cybercriminals have targeted crypto platforms with ransomware and mining app scams. 

Whether you’re already in the cryptocurrency game or are thinking about taking the plunge, here’s what you need to know about crypto wallets and tips on how to keep yours safe from cybercriminals. 

What Is a Crypto Wallet?

A cryptocurrency wallet, or crypto wallet, is a software product or a physical device that stores the public and private keys to your cryptocurrency accounts. Keys are strings of numbers and letters that encrypt and decrypt crypto transactions and secure crypto accounts. You can think of public keys as the routing and account numbers that appear at the bottom of paper checks. There’s not much a nefarious character can do with that information, and it’s totally normal to give that information to an acquaintance with whom you’re doing business. Private keys are like your online banking password or debit PIN. Those you must guard very closely because in the wrong hands, your hard-earned bank balance could disappear. A crypto wallet also allows you to transfer funds between crypto types and make transactions.  

What Are Some Types of Crypto Wallets?  

Here are a few basic types of crypto wallets to help you decide which type is right for you. 

Noncustodial vs. custodial

A non-custodial wallet means that you are the sole keeper of the keys to your crypto assets. If you forget your password, there’s no “forgot your password?” prompt to let you back in. While not having this safety net is a little nerve wracking, noncustodial wallets are considered the more secure option. You don’t have to worry about a security breach of a major corporation leaking your private key. If you’re responsible and confident that you’re prepared to look after your assets by yourself, this may be the best option for you. 

A custodial wallet is a little less secure, but you have a third party helping you log in and manage your crypto accounts. Custodial wallets are often web-based, and the biggest tick in their pro column is that they’re generally very easy to use. While reputable custodial wallets take security very seriously, the threat of a breach is always a possibility, especially as crypto accounts are appealing targets to cybercriminals. 

Hardware vs. software

Hardware wallets, also known as cold wallets, are devices you can fit in the palm of your hand. Most models are Bluetooth-enabled devices that look like small remote controls or are flash drives. The device is secured by a PIN that you should never write down or share with anyone else. Also, you should designate a safe and private spot to store your hardware wallet. Similar to a noncustodial wallet, you are solely responsible for keeping track of the device and remembering the PIN. If you lose it, your crypto accounts are locked, and there’s no locksmith to open them for you. As long as you keep track of it, hardware wallets are very secure. Most models are equipped with malware- and virus-proofing security features. 

Software wallets are downloaded and internet-connected mobile or desktop apps. They allow you to make transactions on the run, as you can access your crypto accounts from your phone. In that sense, they’re more convenient than hardware wallets. Additionally, software wallets have the same safety net as custodial wallets: if you lose your phone, forget your password, or require login assistance, the maker of the software can help you access your accounts. Software wallets are very secure when you enable their two-factor authentication login settings; however, since they connect to the internet, there’s always a chance a cybercriminal could break-in. Thus, hardware wallets are considered more secure than the software variety. 

How to Keep Your Crypto Wallet Safe 

Check out these tips to ensure your assets are safe and secure in your crypto wallet: 

  1. Check your accounts regularly. It’s imperative that you check your crypto wallet regularly to ensure that your accounts look in order and you can catch suspicious activity quickly. Crypto wallets and digital wallets are unlike the physical one you carry in your pocket or your bag, because when your physical wallet goes missing, you’re likely to notice it quickly. “Phone, keys, wallet” is a mantra most of us sing before walking out the door. Plus, everyone knows the immediate steps to take when a physical wallet goes missing: retrace your steps, put a hold on credit and debit cards, file for a new driver’s license. If you think something is amiss with your wallet, cancel any credit cards linked to your account, change your password immediately and set up two-factor authentication if you haven’t already.
  2. Set up two-factor authentication. Speaking of login security, always make sure you enable two-factor authentication. It is one of the best ways to deter a thief. If your device has biometric authentication, that’s even better. This means that only a scan of your face, voice, or fingerprint will open your accounts. 
  3. Know how to identify crypto wallet scams. Watch out for phishers who may be persistent in trying to gain access to your cryptocurrency accounts. If anyone by email, text, phone, or snail mail asks for your private key, ignore the correspondence and go on high alert. Never share your private key with anyone! Phishing attempts often use fear or excitement to trick people into divulging personal information, so don’t fall for messages masquerading as contests or as a crypto company that needs your private key to restore your accounts.

Explore Crypto Safely and Confidently

Cryptocurrency value is reaching galactic heights like the spaceships depicted in prime-time ads. Don’t feel pressured to hop aboard the crypto rocket, but if you do decide to jump on, make sure you do your research carefully and make the best decisions for your crypto goals. 

The post What Is a Crypto Wallet and How to Keep Your Wallet Secure? appeared first on McAfee Blog.

The IRS “Dirty Dozen” – Top Tax Season Scams to Steer Clear of This Year

By McAfee

Who loves tax season besides accountants? Scammers.  

Emotions can run high during tax time. Even if you’re pretty sure you did everything right, you may still have a few doubts kicking around. Did I file correctly? Did I claim the right deductions? Will I get audited? As it turns out, these are the very same anxieties that criminals use as the cornerstone of their attacks.   

So yes, crooks indeed love tax season. Particularly online. And they’ll bait your digital world with several proven types of scams in an effort to cash in on what can be a somewhat uncertain time. 

The good news is that you have plenty of ways to protect yourself from these scams. Let’s look at what scammers typically have in store, along with some practical advice to protect yourself as you file your taxes—things you can do to keep crooks out of your business this tax season. Don’t delay, download McAfee’s tax season security guide to avoid the latest tax scams.

The tax scam landscape 

First, know that you’re probably doing a good job with your taxes. Less than 2% of returns get audited and most discrepancies or adjustments can get handled easily if you address them promptly. 

Still, the wariness of the IRS and intricate tax laws makes for ripe pickings when it comes to hackers, who prey on people’s fear of audits and penalties. Common scams include fake emails, phone calls from crooks posing as IRS agents, and even robocalls that threaten jail time.  

What are crooks looking to do with their scams? Several things: 

  1. Steal account information – Scammers will often try to highjack account or financial information associated with credit cards and banks to steal funds and make purchases with the victim’s accounts. 
  2. File false returns – Scammers will also try and get their hands on personal information like Social Security Numbers, taxpayer ID numbers, and other unique information so that they can file false returns in the victim’s name and claim their refunds. 
  3. Commit identity theft – Scammers may then use this same personal information to open new credit lines and accounts in the victim’s name, as well as commit other forms of identity theft like assuming a victim’s identity to gain employment, housing, insurance, or a driver’s license. 

As if we didn’t have enough to worry about at tax time without crooks in the mix. 

The IRS Dirty Dozen: 12 tax-season scams 

Investigating the landscape even more closely, we can turn to the authority itself, as the IRS has published its most recent top 12 tax season scams, a broad list that includes: 

  • Phishing attacks 
  • Fake charities 
  • Threatening impersonator phone calls 
  • Social media fraud 
  • Refund Theft 
  • Senior Fraud 
  • Fraud targeting non-English speakers 
  • Unscrupulous return preparers 
  • “Offer in Compromise” mills 
  • Fake payments with repayment demands 
  • Payroll and HR scams 
  • Ransomware 

 

For a comprehensive look at each one of these scams, and for ways, you can steer clear of them, check our Guide to IRS & Tax Season Scams. However, there are some common threads to many of these scams. 

For starters, plenty of tax scams involve crooks posing as an IRS employee, perhaps via a phone call or email, to glean personal information from you, or to demand payment—sometimes under the threat of penalties or even jail time. Crooks won’t hesitate to use strong-arm tactics like these and play on your fears. The good news is that such tactics are typically a sign that the contact isn’t legitimate. In fact, a quick way to spot a scam is to know what the IRS won’t do when they contact you. From the IRS.gov website, the IRS will not: 

  • Initiate contact with taxpayers by email, text messages, or social media channels to request personal or financial information. 
  • Call to demand immediate payment using a specific payment method such as a prepaid debit card, gift card, or wire transfer. Mention of prepaid cards or wire transfer as a payment option is a surefire sign of a scam. 
  • Demand that you pay taxes without the opportunity to question or appeal the amount they say you owe. You should also be advised of your rights as a taxpayer. 
  • Threaten to bring in local police, immigration officers, or other law enforcement to have you arrested for not paying. The IRS also cannot revoke your driver’s license, business license, or immigration status. Threats like these are common tactics scam artists use to trick victims into buying into their schemes. 

What will the IRS do? Usually, the IRS will first mail a notification to any taxpayer who owes taxes. IRS collection employees might call on the phone or make an unannounced visit to your home or business. If they require payment, the payment will always be to the U.S. Treasury. Read about other ways to know what the IRS won’t do when they contact you. 

Other types of tax scams that crooks love to use 

Scammers won’t limit themselves to posing as the IRS. They’ll act as an imposter in several other ways as well. For example, they may pose as a popular do-it-yourself tax brand, a tax preparer, or even as a phony charitable organization that promises any donations you make are tax-deductible.  

Here, they may send you phony emails or direct messages or even ring you up with bogus telemarketing or robocalls designed to steal personal information. 

In the cases where the scammers reach you online, the emails and messages they send will vary in their tone and polish—in other words, how authentic they appear. Some will look nearly legitimate and cause even the most hardened of digital skeptics to click on a phony link or download a sketchy attachment. Others, well, will look clearly like spam, complete with spelling and grammatical errors, along with clumsy use of logos, layouts, and design.  

Taken together, both are ways that scammers get people to visit sites designed to compromise personal information … or to download malware like keyloggers that skim account passwords and ransomware that encrypt a victim’s files hold them hostage for a price.  

Social media attacks also made the IRS Dirty Dozen. In a social media attack, scammers harvest information from social media profiles and turn it against their victims. Per the IRS, because “social media enables anyone to share information with anyone else on the Internet, scammers use that information as ammunition for a wide variety of scams. These include emails where scammers impersonate someone’s family, friends, or co-workers.” 

With those personal details gleaned from social media, scammers will send phony links to scam sites, promote bogus charities, or flat-out ask for money or gift cards to “help them out” at tax time.  

Protecting yourself from tax season scams 

Keep your guard up for spammy messages and phishing attacks 

No question that bogus emails, messages, and phone calls remain a popular way for scammers to steal personal and financial information. Spam emails, messages, and the malicious links associated with them abound this time of year as well. It’s always to keep a critical eye open for these, and it’s particularly true during tax season.  

View all emails with attachments and links with suspicion, even if they appear to come from a person, business, or brand you know. Confirm attachments with the people you know before opening. And if you receive a message or alert about an account of yours, visit that company or organization’s website directly to enquire into the status of your account rather than taking a chance by clicking on a link that could send you to a phony website. 

File A.S.A.P. and check your credit report 

One way to protect yourself from an identity thief from claiming a return in your name is to file yours before they do. In fact, many victims of identity theft find out they’ve been scammed when they receive an IRS notification that their tax claim has already been filed. Simply put, file early. 

Here’s another tool that can help you fight identity theft. And get this: it’s not only helpful, but it’s also free. Through the Federal Trade Commission, you are entitled to a free copy of your credit report from each of the three major credit reporting companies once every 12 months. In this report, you can find inaccuracies in your credit or evidence of all-out identity theft.  

Keep in mind that you get one report from each of the reporting companies each year. That works out to three reports total in one year. Consider this: if you request one report from one credit reporting company every four months, you can spread your free credit report coverage across the whole year. 

Keep your social media profiles and posts close to the vest 

As with much of the guidance we offer around social media, one of the best ways to prevent such social media tax attacks is to make your profiles private so that only friends and family can see them. That way, scammers will have a far more difficult time reaching you. Moreover, consider paring back the information you share in your social media profiles, like your alma maters, birthday, mother’s maiden name, pet names—any personal information that a scammer may use to compromise your accounts or the security questions associated with them. 

Security software can protect you from fraud and theft too 

Protecting your devices with comprehensive online protection softwarecan help block the phishing emails and suspicious links that make up many of these tax attacks. Likewise, it can further protect you from ransomware attacks like mentioned above. Additionally, our online Protection Score looks for weak spots in your protection and helps you shore them up, such as if discovers that your info was compromised or part of a data breach. From there, it guides you through the steps to correct the problem. 

Further, consider online protection software that offers identity theft protection as well. A strong identity theft protection package offers cyber monitoring that scans the dark web to detect misuse of your personal info. With our identity protection service, we help relieve the burden of identity theft if the unfortunate happens to you with $1M coverage for lawyer fees, travel expenses, lost wages, and more.  

Think you’ve been a victim of a tax scam? 

The IRS offers steps you can take in the event you suspect fraud or theft. Their current resources include: 

  • Contacting the Treasury Inspector General for Tax Administration to report a phone scam. Use their “IRS Impersonation Scam Reporting” web page. You can also call 800-366-4484. 
  • If the scam relates to your state income taxes, report it to your state Attorney General’s office. 
  • Report phone scams to the Federal Trade Commission as well with the “FTC Complaint Assistant” on FTC.gov. They ask you to add “IRS Telephone Scam” in the notes. 
  • Reporting an unsolicited email claiming to be from the IRS, or an IRS-related component like the Electronic Federal Tax Payment System, to the IRS at phishing@irs.gov. 

Take a deeper dive on the topic of online tax scams 

As mentioned above, you can get even more up to speed on the different tricks hackers are using by downloading our Guide to IRS & Tax Season Scams. It’s free, and it offers more ways you can protect your identity and information this tax season and year ‘round. 

The post The IRS “Dirty Dozen” – Top Tax Season Scams to Steer Clear of This Year appeared first on McAfee Blog.

The Wearable Future Is Hackable. Here’s What You Need To Know

By McAfee

Quick mental math challenge: How many Apple Watches can you buy with $118 billion dollars? If you guessed around 296 million watches congrats, you’re smarter than the writer of this blog! We had to use a calculator. The point is that’s the predicted size of the US wearable market by 2028 according to a recent report. That means for as much wearable tech as we have in our lives already, even more, is on the way. 

If you own a piece of wearable tech it’s easy to understand why it’s so popular. After all, it can track our fitness, provide contextual help in daily life, and, in the case of hearing aids, even do cool things like sync with Bluetooth. As VR and AR gains a foothold who knows what other incredible tech might be headed our way by 2028? However wearable tech also comes with certain risks. The most prominent: cybercriminals potentially gaining access to your data. 

How can criminals gain access to your wearable data? 

The weakest link in the wearables space is your mobile phone, not the actual wearable device itself. That’s because wearables tend to link to your mobile device over a short-range wireless spectrum known as “Bluetooth.” This spectrum is used to send and receive data between your wearable device and your mobile. That makes your mobile a prime target for hackers. 

Most commonly, hackers gain access to the data on your mobile through malware-laden apps. These apps are oftentimes designed to look like popular apps, but with enough differences that they don’t flag copyright suspicion. 

What are they doing with my wearable data?

Hackers can use these malicious apps to do a variety of things from making phone calls without your permission, sending and receiving texts, and extracting personal informationall potentially without your knowledge. They can also, with the help of your wearable, track your location through GPS and record any health issues you’ve entered into your wearable. The point is: once they have permissions to your mobile device, they have a lot of control and a lot of resources. 

The hacker can then use this data to conduct varying forms of fraud. Need a special prescription from your doctor that happens to sell well on the black market? Well, so does the hacker. Going out for a jog in the morning? Good information for a burglar to know. These personal details just scratch the surface of information available for the taking on your mobile devices.

Beyond wearables and into the internet of things

These types of threats aren’t limited to wearables, however. The Internet of Things—the phenomenon of devices connected to the Internet for analysis and optimization—encompasses all sorts of other electronic devices such as washing machines and refrigerators that can put your data at risk as well. But these life-changing devices can be secured through education and industry standards. Two things we’re working on day and night. 

Defend your wearables and your personal information

  • Use a PIN. All of your mobile devices ought to have a personal identification number (PIN). This basic security method is a great way of dissuading casual hackers or thieves from stealing your data. 
  • Limit what you share. Most wearables don’t need access to every piece of information about you. You can lessen the likelihood of your wearable sharing sensitive information by only entering the information your wearable device requires. On the flip side, always double-check the permissions that the wearables app is requesting on your mobile device. Does it really need access to your location, camera roll, and address book? If not, be sure to alter these settings appropriately. 
  • Use identity protection. Identity protection can monitor your accounts online – accounts tied to your wearable – so you can receive alerts if that information has been compromised or found online. If it has, a service like McAfee’s Identity Protection Service may also provide insurance and loss remediation as well.

Of course, securing the weakest link in your wearables environment, your phone will go a long way towards keeping your data safe. But what happens when your computer, where you store backups of your smartphone, is compromised too? We’ve got you covered with McAfee LiveSafe™ service, our comprehensive security solution that provides protection for your entire online life. 

The post The Wearable Future Is Hackable. Here’s What You Need To Know appeared first on McAfee Blog.

Latest Crypto Vulnerability Leaks $320 Million: 3 Tips to Boost Your Crypto Confidence

By Vishnu Varadaraj

Cryptocurrency has boomed in the last several years, with beginners and experts alike jumping into the industry. It’s proven now to be more than a passing hobby or trend. Cryptocurrency is a way of conducting business and making money for people around the world.  

As the intrigue and interaction with crypto grows, cybercriminals are finding new ways to exploit the system. According to CNBC, a recent crypto hack resulted in the loss of over $320 million across two major blockchain networks. Here’s what you need to know about this latest breach, plus some tips on how you can protect your crypto assets. 

Down the Wormhole 

There’s more than one kind of cryptocurrency, and many users spread out their investments across various currencies and blockchain ecosystems. To link their activities, some crypto users employ a type of bridging software that can easily connect their different accounts. Wormhole is a popular bridge that allows users to freely move their tokens and NFTs between the Solana and Ethereum blockchains.  

In this recent crypto hack, a cybercriminal installed a bug that minted 120,000 fake currency on the Solana side of the Wormhole bridge. Then, the criminal transferred 120,000 counterfeit currency to the Ethereum side to claim Ethereum tokens. This resulted in the hacker gaining at least $251 million worth of Ethereum, nearly $47 million in Solana, and upwards of $4 million in USDC, a third type of cryptocurrency. 

The Wormhole team offered the hacker $10 million to return the stolen currency and explain how they executed the hack. Wormhole has since tweeted that they’ve restored all stolen funds and that the system is now back to normal. Experts think they have successfully reverse-engineered the exploit and suspect that the attacker gained access through bypassing the verify signature process. 

Staying Safe From Crypto Losses 

As cryptocurrencies continue to take the world by storm, it’s key that users learn how to engage with this emerging industry safely. Even though the Wormhole breach affected the crypto platforms and not individual users, this incident is a reminder to be diligent about your crypto safety. Check out these tips to help you protect your crypto investments: 

1. Do your research.

Like with any process that involves investing your own, hard-earned money, you should be diligent about researching every cryptocurrency, blockchain, and accompanying software you use. Never trust your money to a product or service that you’re not completely confident in their security protocols. Keep up with national and world news and crypto-specific news outlets to stay on top of the latest security breaches and to gather tips on which system may be the safest option for you. When jumping into cryptocurrency, make sure that any benefits outweigh the risks. 

2. Secure your accounts.

As with all your online accounts, protect your cryptocurrency logins with secure, unique passwords and two-factor authentication. Never reuse passwords, since it’s possible for wily cybercriminals to buy lists of login and password combinations on the dark web. Two-factor authentication often makes it impossible for anyone to break into your account, as it requires a randomly generated passcode for entry. Passcodes are often sent by text or through a smartphone application. Sometimes it’s difficult to remember all your passwords, so consider trusting them to a password manager, such as McAfee True Key. An online account locked behind a secure password and two-factor authentication will likely frustrate a cybercriminal and cause them to move along, keeping your account safe. 

3. Use a hardware wallet.

Add an extra layer of protection to your crypto assets with a hardware wallet. A hardware wallet stores private keys that are necessary to unlock your blockchain accounts. This device is compatible with various blockchains and helps back up and protect your investments, even if your device is compromised by malware or a phishing attack. Hardware wallets are often protected by PINs and a passphrase, so even if the device is lost or stolen, you can feel confident in the safety of your crypto accounts. 

4. Check your accounts regularly.

Make it part of your weekly routine to check in on your crypto account to ensure that there are no suspicious transactions. Keep the pulse on the news, so that whenever there’s a breach, you can make a timely report of any losses you may have experienced. Also, consider changing your login credentials to be on the safe side. 

Boost Your Crypto Confidence 

The only way to enjoy your cryptocurrency experience is to be confident in it. While the Wormhole loophole was almost impossible for a casual everyday user to predict, as long as you have a contingency plan and safeguards in place, you can be confident in your crypto activities. 

The post Latest Crypto Vulnerability Leaks $320 Million: 3 Tips to Boost Your Crypto Confidence appeared first on McAfee Blog.

How to Secure Your Digital Wallet

By Vishnu Varadaraj

The convenience of tapping your phone at the cash register instead of fumbling for loose change in your physical wallet is undeniable. Nearly 40% of Canadians used their mobile wallets more often in 2020 because of the perceived safety of contactless payment, according to one report.1 While digital wallets and tap to pay is becoming more widespread, you may wonder: what exactly is a digital wallet? Are they safe? 

A digital wallet, also known as a mobile wallet, is a smartphone app that stores your payment information and enables tap to pay at most point-of-sale terminals. A digital wallet is perfectly safe, as long as you guard your smartphone just as closely as you would your physical wallet. 

Here’s why you should secure your digital wallet and three tips to help you do so. 

Why You Should Secure Your Digital Wallet 

Think about what you store in your physical wallet: credit cards, debit cards, driver’s license, library cards, gift cards, cash. Now, imagine (or if you’ve been unlucky enough to lose your wallet in the past, think back to) the hassle that would ensue if someone stole your wallet or you misplaced it. Not only do you have to cancel your cards, notify your various banks, and wait for replacements, but the niggling worry that a stranger has access to your personally identifiable information (PII) will likely keep you up at night. 

Just like you store your wallet in your front pocket when about town and check your seat before leaving a taxi or a plane, look after your smartphone just as closely. Unlike a physical wallet, whose absence is noticed quickly, a digital wallet may be compromised by a cyber pickpocket without you knowing for a while. For example, the BBC reported that researchers found a potential shortcoming in Apple Pay’s Express Transit mode where cyber pickpockets could remotely access mobile wallets.2 Luckily, the researchers’ experiment is unlikely to occur in the real world, but it’s a reminder to everyone to check their monthly bank statements for suspicious transactions. Cybercriminals get smarter and bolder by the day, so it’s not unlikely that they’ll find and exploit a digital wallet shortcoming in the future. 

Follow these tips to help you use your digital wallet more confidently.  

Tips to Protect Your Digital Wallet

1. Set a unique passcode

Always protect your digital wallet with a passcode! This is the best and easiest way to deter cybercriminals. It’s best if this combination of numbers is different than the passcode to your phone. Also, make sure the numbers are random. Birthdays, anniversaries, house addresses, and the last digits of your phone number are all popular combinations and are crackable codes to a resourceful criminal.  

Better yet, if your mobile wallet app allows you to protect your account with facial recognition or a fingerprint scan, set it up! If your digital wallet proves difficult or impossible to enter, a cybercriminal may leave it for an easier target, keeping your PII safe. 

2. Update software regularly

Another way to secure your digital wallet is to make sure you always download the latest software updates. Developers are constantly finding and patching security holes, so the most up-to-date software is often the most secure. Turn on automatic updates to ensure you never miss a new release. 

3. Download digital wallet apps directly from official websites 

Before you swap your plastic cards for digital payment methods, make sure you research the digital banking app before downloading. Make sure that any app you download is through the official Apple or Android store or the financial institution’s official website. Then, check out how many downloads and reviews the app has to make sure you’re downloading an official app and not an imposter. While most of the apps on official stores are legitimate, it’s always best practice to check for typos, blurry logos, and unprofessional app descriptions to make sure. 

Be More Confident Online 

The digital era is an exciting time to make the most of the conveniences technology affords; however, constant vigilance is key to keeping your finances and PII private. Whether you’re looking for additional peace of mind or have lost your wallet, consider signing up for an identity monitoring service like McAfee identity protection. McAfee will monitor your email addresses and bank accounts and alert you to suspicious activities up to 10 months sooner than similar services. Are you curious about how secure your current online habits are? Check your Security Protection Score today and see what steps you can take to live more confidently online. 

1Canadian Payment Methods and Trends Report 2021 

2BBC News 

The post How to Secure Your Digital Wallet appeared first on McAfee Blog.

How We Can All Work Together For a Better Internet

By McAfee

Let’s face it – we would not be the same people we are today if it wasn’t for the internet. The internet has opened our eyes to so much information that we are privileged to have right at our fingertips. However, it’s important to remember that with so many individuals with access to the web, it can quickly become a place where rumors are spread, cyberattacks are cast, and misinformation arises. At McAfee, we are committed to protecting both you and your family.  Together, through education and online protection, we can work together to experience a better internet for everyone. On this Safer Internet Day, here are our top 5 recommendations: 

For Parents 

With a connected family, it’s important to pay attention to what your family members are connected to (IoT devices in the home, smartphones, tablets, etc.) and how they interact online. Maybe your son is an avid gamer, or your teenager is a social media mogul who enjoys tweeting and scrolling through TikTok. As a parent, you play a crucial role in setting an example for your children and loved ones. So, it’s important to teach them how to use the internet responsibly. Here are some tips for helping your family stay safe online:  

  • Set up parental controls, if necessary. While your child’s device plays a key role in connecting them to the outside world, that same device can also expose them to cyberbullying, predators, risky behavior, and self-image struggles. If your child has started to ignore their homework and other family responsibilities, they are oversharing online, or they won’t give you their device without a fight, it may be time to consider setting up parental controls.  
  • Make sure your child has a healthy relationship with social media. Any activity in excess can cause harm – social media included. If your child’s screen time is climbing due to excessive social media scrolling, help them to establish new habits like setting a device curfew and educating them on the effects of too much screen time.  
  • Teach your family about best practices for securing their online accounts. Using strong passwords and multi-factor authentication can make your family’s internet experience better, providing protection against common online threats.  

For College Students 

In a time when students are reliant on connectivity to be successful in their education, it’s important that they connect to the internet safely. Ensuring a safe connection can prevent any security hiccups from standing in the way of you and your degree. If you are a college student, follow these tips to help you stay safe in a hybrid or distance learning environment:  

  • Use a VPN when connecting to your university’s Wi-Fi network. Avoid hackers infiltrating your connection by using a VPN, which allows you to send and receive data while encrypting, or scrambling, your information so others can’t read it. VPNs also prevent hackers from gaining access to other devices connected to your Wi-Fi.   
  • Choose an encrypted online conferencing tool. Does the video conferencing tool you’re considering use end-to-end encryption? This ensures that only meeting participants can decrypt secure meeting content. Additionally, be sure to read the privacy policies listed by the video conferencing programs to find the one that is the most secure and fits your needs.    

For Working Professionals 

Regardless of your industry, you are likely to rely on the internet to do your job. Restaurant workers use online POS systems, bank tellers require access to their customers’ online accounts – the list goes on. With so much of your day spent online, it’s important to keep internet safety best practices top of mind so you can continue to work free from potential cyber interruptions. No matter what career path you are on, following these tips can help you stay safe online and continue to do your job with confidence:  

  • Be on the lookout for phishing scams targeting employees and their companies. Hackers will oftentimes target employees with phishing campaigns to access sensitive corporate data. If you receive an email, text, or phone call prompting you to take immediate action and log in to an account, make a payment, confirm personal information, or click on a suspicious link, it’s likely a phishing scam. Send a screenshot of the suspicious message (never forward!) to your company’s IT team to confirm, and then delete the message.  
  • Separate personal and business devices. Set boundaries between your personal and work life, including the technology you use for both. Avoid sharing your company’s devices with family members who are not aware of the best security practices, especially children. Also, keep personal accounts separate from company accounts to prevent sharing information through personal channels. 
  • Adhere to company policies and standards. Ensure you understand your company’s policies and confidentiality agreements when it comes to sharing files, storing documents, and other online communications. Use company-approved cloud applications that follow strict security standards to avoid inadvertently exposing sensitive company information through unsecured means. This measure can also apply when using video conferencing software. Limit the amount of sensitive information shared via video conferencing platforms and through messaging features just in case uninvited hackers are eavesdropping. 

For Entertainment Seekers  

If you can dream it, you can stream it. With so much media at your fingertips, it’s important to remember that cybercriminals tend to focus their threats on trending consumer behaviors. For example, cybercriminals will tend to focus their scams on popular TV shows or movies in the hopes that an unsuspecting user will click on their malicious download. Because streaming has become so popular in recent years, consumers should prioritize the safety of their online streaming platforms like Spotify, Netflix, Hulu, etc. Here are some ways to stay protected while streaming:  

  • Watch what you click. Be cautious and only access entertainment content directly from a reliable source. The safest thing to do is to subscribe to a streaming site that offers the content or download the movie from credible websites, instead of downloading a “free” version from a website that could contain malware. 
  • Refrain from using illegal streaming sites. Many illegal streaming sites are riddled with malware or adware disguised as pirated video files. Do your device a favor and stream the show from a reputable source. 

For Mobile Moguls  

As technology has become more advanced, we’ve become accustomed to the many benefits that come with taking our devices with us everywhere we go. For example, we can deposit checks from home with our mobile banking apps and can use vehicle location services on our phones to remind us where we parked. Here’s how you can stay protected while on-the-go:  

  • Use a mobile security solution. Protect your pocket-sized digital life with a reliable solution like McAfee Mobile Security. It actively shields you from malicious links or websites, unauthorized third-party activities, and even phishing scams. Additionally, it allows you to connect safely with a VPN and regularly scans your device for unwanted threats.  

“There’s no doubt the internet has brought so many benefits to our daily life,” says Alex Merton-McCann, McAfee’s Cyber Safety Ambassador. “I honestly can’t imagine life without it! But in order for us all to continue benefiting from its many pluses, we all have a responsibility to make it a safe and enjoyable place. So, let’s #playitfaironline and commit to being respectful and kind towards each other online to ensure life online is safe and enjoyable for us all!” 

Check out #SaferInternetDay and #SID2022 hashtags on social media to be a part of the conversation. 

The post How We Can All Work Together For a Better Internet appeared first on McAfee Blog.

How iOS Malware May Snoop on Our Devices

By Vishnu Varadaraj

Smartphones have become such an integral part of our lives that it’s hard to imagine a time when we didn’t have them. We carry so much of our lives on our devices, from our social media accounts and photos of our pets to our banking information and home addresses. Whether it be just for fun or for occupational purposes, so much of our time and attention is spent on our smartphones. 

Because our mobile devices carry so much valuable information, it’s important that we stay educated on the latest cyber schemes so we can be prepared to combat them and keep our data safe.  According to Bleeping Computer, researchers have developed a trojan proof of concept tool that fakes a shutdown or reboot of iPhones, preventing malware from being removed and allowing hackers to secretly snoop on microphones and cameras.  

Let’s dive into the details of this technique.  

How “NoReboot” allows hackers to spy on a device 

Typically, when an iOS device is infected with malware, the solution is as simple as just restarting the device. However, with this new technique researchers are calling “NoReboot,” ridding a device of malware is not quite as simple. 

“NoReboot” blocks the shutdown and reboot process from being carried out, preventing the device from actually restarting. Without a proper shutdown and reboot, a malware infection on an iOS device can continue to exist. Because the device appears to be shut off with a dark screen, muted notifications, and a lack of response, it is easy to assume that the device has shut down properly and the problem has been solved. However, the “NoReboot” technique has only simulated a reboot, allowing a hacker to access the device and its functions, such as its camera and microphone. If a hacker has access to these functions, they could record the user without their knowledge and potentially capture private information.  

This attack is not one that Apple can fix, as it relies on human-level deception rather than exploiting flaws found on iOS. That’s why it’s important that we know how to use our devices safely and stay protected. 

How to know if your smartphone has been hacked 

As previously mentioned, smartphone usage takes up a big chunk of our time and attention. Since we are so often on these devices, it is usually fairly easy to tell when something isn’t working quite like it is supposed to. While these things could very well just be technical issues, sometimes they are much more than that, such as malware being downloaded onto your smartphone. 

Malware can eat up the system resources or conflict with other apps on your device, causing it to act oddly. 

Some possible signs that your device has been hacked include: 

Performance issues 

A slower device, webpages taking way too long to load, or a battery that never keeps a charge are all things that can be attributed to a device reaching its retirement. However, these things may also be signs that malware has compromised your phone. 

Your phone feels like it’s running hot 

Malware running in the background of a device may burn extra computing power, causing your phone to feel hot and overheated. If your device is quick to heat up, it may be due to malicious activity. 

Mysterious calls, texts, or apps appear 

If apps you haven’t downloaded suddenly appear on your screen, or if outgoing calls you don’t remember making pop up on your phone bill, that is a definite red flag and a potential sign that your device has been hacked. 

Pop-ups or changes to your screen 

Malware may also be the cause of odd or frequent pop-ups, as well as changes made to your home screen. If you are getting an influx of spammy ads or your app organization is suddenly out of order, there is a big possibility that your device has been hacked. 

Six tips to prevent your phone from being hacked 

To avoid the hassle of having a hacked phone in the first place, here are some tips that may help. 

1. Update your phone and its apps

Promptly updating your phone and apps is a primary way to keep your device safe. Updates often fix bugs and vulnerabilities that hackers rely on to download malware for their attacks. 

2. Avoid downloading from third-party app stores

Apple’s App Store and Google Play have protections in place to help ensure that apps being downloaded are safe. Third-party sites may not have those same protections or may even be purposely hosting malicious apps to scam users. Avoiding these sites altogether can prevent these apps from allowing hackers into your device. 

3. Stay safer on the go with a VPN

Hackers may use public Wi-Fi to gain access to your device and the information you have inside of it. Using a VPN to ensure that your network is private and only you can access it is a great way to stay protected on the go. 

4. Turn off your Wi-Fi and Bluetooth when not in use

Turning off your Wi-Fi and Bluetooth when you are not actively using them is a simple way to prevent skilled hackers from working their way into your devices. 

5. Avoid public charging stations

Some hackers have been known to install malware into public charging stations and hack into devices while they are being charged. Investing in your own personal portable charging packs is an easy way to avoid this type of hack.  

6. Encrypt your phone

Encrypting your phone can protect your calls, messages, and information, while also protecting you from being hacked. iPhone users can check their encryption status by going into Touch ID & Passcode, scrolling to the bottom, and seeing if data protection is enabled.  

7. Determine whether your device rebooted properly

Although researchers agree that you can never trust a device to be fully off, there are some techniques that can help you determine whether your device was rebooted correctly.2 If you do suspect that your phone was hacked or notice some suspicious activity, restart your device. To do this, press and hold the power button and either volume button until you are prompted to slide the button on the screen to power off. After the device shuts down and restarts, notice if you are prompted to enter your passcode to unlock the device. If not, this is an indicator that a fake reboot just occurred. If this happens, you can wait for the device to run out of battery, although researchers have not verified that this will completely remove the threat.  

Stay protected 

If you are worried that your device has been hacked, follow these steps: 

  • Install and run security software on your smartphone if you haven’t already. From there, delete any apps you didn’t download, delete risky texts, and then run your mobile security software again. 
  • If you still have issues, wiping and restoring your phone is an option. Provided you have your photos, contacts, and other vital info backed up in the cloud, it’s a relatively straightforward process. A quick search online can show how to wipe and restore your model of phone. 
  • Lastly, check your accounts and your credit to see if any unauthorized purchases have been made. If so, you can go through the process of freezing those accounts, getting new cards, and credentials issued with the help of McAfee Identity Protection Service. Further, update your passwords for your accounts with a password that is strong and unique

The post How iOS Malware May Snoop on Our Devices appeared first on McAfee Blog.

Privacy in Practice: Securing Your Data in 2022 and Beyond

By McAfee

Every year we can count on new technology to make our lives easier. Right? As beneficial and convenient as tech can be, it can also pose risks to our online safety and privacy—risks that we should be prepared to handle. Increasingly, we’re seeing governments around the world implementing stricter privacy laws. And even major players like Google are phasing out invasive tracking technology like cookies. However, when it comes to activities like banking, shopping, taxes, and more, the need for broader online privacy protection has never been greater. Let’s take a look at some prominent trends in the way we now live online and how we can protect our data.  

Web3

Crypto, the blockchain, NFTs, tokens – all of these terms are considered part of what’s being termed Web3. Whereas Web 2.0 described an internet made up of large corporations hosting content and consumers, Web3 is governed by the blockchain. What this means is that applications use a decentralized online ledger to document transactions of all sorts. The most famous example is bitcoin, a blockchain that acts as a digital currency. Another example would be NFTs, which are digital works of art. Web3 may be in its infancy, but it’s important to consider what this means for privacy and data protection. Blockchain affords users anonymity in regards to currencies like bitcoin. Of course that means bitcoin also has a reputation as the currency of choice for money-launderers and other shady enterprises. Still, that means it’s good for privacy, right? Well, maybe. The EU’s GDPR rights to erase or amend data are at odds with transactions on a blockchain, which are essentially unchangeable. So if you’re buying cryptocurrency, NFTs, or interacting with blockchains in other ways, just understand your personal information might be hidden, but the record of your transactions is totally visible. 

Tip: If you’re keeping cryptocurrencies in an online wallet, you’ll want to use an identity protection service to monitor those account credentials so you can be warned of breaches and leaks onto the dark web. 

 Education

Student privacy is a top concern as households turn to remote learning. In a rush to optimize remote learning experiences in the face of a rapidly evolving digital landscape, many educators and remote learners may not realize the hazards that put student privacy at risk. 

Since 2020, schools have adopted a range of technologies to optimize the digital classroom, including virtual learning platforms, holistic learning solutions, and even social media applications. However, many of these digital platforms are not designed for child usage, nor do they have privacy policies in place to ensure that the student data gathered is protected. Many learning platforms may even treat student data as consumer data, raising more red flags regarding student data privacy and compliance. Online learning has also garnered the attention of cybercriminals looking to exploit student data, resulting in online bullying, identity theft, and more. 

For educators and parents alike, knowledge is the greatest asset to mitigating the risks of remote learning. IT teams and educators must understand the implications of the student data they collect, govern access to it, and control its usage to comply with child privacy regulations. Parents can take proper precautions by discussing the importance of privacy with their children. Keeping learning platforms up to date and monitoring their children to prevent them from downloading suspicious apps or straying to unknown websites are all ways to ensure safer remote learning environments. 

Tip: Getting a VPN for the family to use is a great way to safeguard your privacy while your kids are learning online. 

Work

Remote work has become commonplace nowadays as more companies permit their employees to work from home long-term and, for some, permanently. In a recent Fenwick poll among HR, privacy, and security professionals across industries, approximately 90% of employees now handle intellectual property, confidential, and personal information in their homes. Endpoint security, or the protection of end-user devices such as our laptops and mobile devices, poses more of a concern as employees trade in office networks for their in-home Wi-Fi. If these devices and networks are unsecured or if the data is not encrypted, employees run the risk of exposing sensitive information to hackers. Those of us working from home can help ensure the safety of our company’s confidential information by boosting our awareness of security threats and prevention measures via company-mandated security training.  

Tip: McAfee’s Protection Score is a great way to understand how protected you are online and what you can do to stay more secure 

The Metaverse

This buzzy term is being used to describe Meta’s (previously Facebook) vision for a fully connected future. Right now it exists as an AR/VR space accessible through Meta’s own VR hardware, Oculus. However, the terminology has caught on as a catch-all for platforms that may contain work, business, gaming, entertainment, social interactions, and more in one easily navigable, immersive online setting. Web3 features, like blockchain, NFTs, and cryptocurrencies are being touted as integral parts of the metaverse. As exciting and futuristic as this is, there are major privacy questions that will have to be answered. This means that as customers you’ll want to think hard about what you choose to share through the metaverse and look into the privacy settings a platform offers you.  

Tip: Use comprehensive online protection. McAfee Total Protection secures all aspects of your life online. From identity to online connections to antivirus, a full security suite like Total Protection keeps you and your family safer on all the devices you use and places you go online. 

 Personal Finances

Some of the platforms I use the most allow me to keep track of and manage my finances. Whether it’s my mobile banking app or taking advantage of online tax filing, there is such a convenience in having the ability to pay bills, deposit checks, and more, all with the devices I use every day. But many of us may not realize just how much trust we put into these platforms to protect our online privacy, especially when we don’t have a clear picture of who exactly is on the other end of our online transactions. 

While recognizing the signs of online banking and tax-related fraud helps ease the burdens associated with these schemes, there are multiple steps users can take to prevent becoming a victim of these scams in the first place.  

Tip: Full-featured identity protection will protect you financially. Services like McAfee Identity Protection Service include credit checks, identity theft restoration, and even stolen fund restoration as benefits. 

Digital devices are part of how we live our lives every day, whether we’re taking conference calls on our laptops, tracking the latest mile on our smartwatches, or banking on the go. Although our everyday digital devices make our lives that much more convenient, securing them makes our lives that much safer by minimizing online threats to ourselves and those around us. Safeguarding the digital platforms we use for work, school, finances, you name it, is the first step to ensuring our private information remains just that—private. 

The post Privacy in Practice: Securing Your Data in 2022 and Beyond appeared first on McAfee Blog.

Can Apple Macs get Viruses?

By McAfee

It’s a long-standing question. Can Apple Macs get viruses?

While Apple does go to great lengths to keep all its devices safe, this doesn’t mean your Mac is immune to all computer viruses. So what does Apple provide in terms of antivirus protection? Let’s take a look along with some signs that your Mac may be hacked and how you can protect yourself from further threats beyond viruses, like identity theft.

Signs that your Mac may be hacked

Whether hackers physically sneak it onto your device or by tricking you into installing it via a phony app, a sketchy website, or a phishing attack, viruses and malware can create problems for you in a few ways:

  • Keylogging: In the hands of a hacker, keylogging works like a stalker by snooping information as you type.
  • Trojans: Trojans are type of malware that can be disguised in your computer to extract important data, such as credit card account details or personal information.
  • Cryptominers: Similar to trojans, this software hides on a device. From there, it harnesses the device’s computing power to “mine” cryptocurrencies. While cryptomining is not illegal, “cryptojacking” a device without the owner’s consent is most certainly illegal.

Some possible signs of hacking software on your Mac include:

Performance issues

Is your device operating more slowly, are web pages and apps harder to load, or does your battery never seem to keep a charge? These are all signs that you could have malware running in the background, zapping your device’s resources.

Your computer feels like it’s running hot

Like the performance issues above, malware or mining apps running in the background can burn extra computing power (and data). Aside from sapping performance, malware and mining apps can cause your computer to run hot or even overheat.

Mystery apps or data

If you find apps you haven’t downloaded, along with messages and emails that you didn’t send, that’s a red flag. A hacker may have hijacked your computer to send messages or to spread malware to your contacts. Similarly, if you see spikes in your data usage, that could be a sign of a hack as well.

Pop-ups or changes to your screen

Malware can also be behind spammy pop-ups, changes to your home screen, or bookmarks to suspicious websites. In fact, if you see any configuration changes you didn’t personally make, this is another big clue that your computer may have been hacked.

What kind of antivirus do Macs have?

Macs contain several built-in features that help protect them from viruses:

  • XProtect and Automatic Quarantine: XProtect is Apple’s proprietary antivirus software that’s been included on all Macs since 2009. Functionally, it works the same as any other antivirus, where it scans files and apps for malware by referencing a database of known threats that Apple maintains and updates regularly. From there, suspicious files are quarantined by limiting their access to the Mac’s operating system and other key functions. However, .
  • Malware Removal Tool: To further keep Apple users protected, the Malware Removal Tool (MRT) scans Macs to spot and catch any malware that may have slipped past XProtect. Similar to XProtect, it relies on a set of constantly updated definitions that help identify potential malware. According to Apple, MRT removes malware upon receiving updated information, and it continues to check for infections on restart and login.
  • Notarization, Gatekeeper, and the App Review Process: Another way Apple keeps its users safe across MacOS and iOS devices is its Notarization Apps built to run on Apple devices go through an initial review before they can be distributed and sold outside of Apple’s App Store. When this review turns up no instances of malware, Apple issues a Notarization ticket. That ticket is recognized in another part of the MacOS, Gatekeeper, which verifies the ticket and allows the app to launch. Additionally, if a previously approved app is later to found to be malicious, Apple can revoke its Notarization and prevent it from running.

Similarly, all apps that wish to be sold on the Apple App Store must go through Apple’s App Review. While not strictly a review for malware, security matters are considered in the process. Per Apple, “We review all apps and app updates submitted to the App Store in an effort to determine whether they are reliable, perform as expected, respect user privacy, and are free of objectionable content.”

Do I need to purchase antivirus for my Mac?

There are a couple reasons why Mac users may want to consider additional protection in addition to the antivirus protection that Mac provides out of the box:

  1. Apple’s antivirus may not recognize the latest threats. A component of strong antivirus protection is a current and comprehensive database of virus definitions. As noted above, , leaving Mac owners who solely rely on XProtect and other features susceptible to attack.
  2. Apple’s built-in security measures for Macs largely focus on viruses and malware alone. While protecting yourself from viruses and malware is of utmost importance (and always will be), the reality is that antivirus is not enough. Enjoying the life online today means knowing your privacy and identity are protected as well.

In all, Macs are like any other connected device. They’re susceptible to threats and vulnerabilities as well. Looking more broadly, there’s the wider world of threats on the internet, such as phishing attacks, malicious links and downloads, prying eyes on public Wi-Fi, data breaches, identity theft, and so on. It’s for this reason Mac users may think about bolstering their defenses further with online protection software.

 Further protecting your Mac from viruses and attacks

Staying safer online follows a simple recipe:

  • Being aware of the threats that are out there.
  • Understanding where your gaps in protection are.
  • Taking steps to protecting yourself from those threats and closing any gaps as they arise.

Reading between the lines, that recipe can take a bit of work. However, comprehensive online protection can take care of it for you. In particular, McAfee Total Protection includes an exclusive Protection Score, which checks to see how safe you are online, identifies gaps, and then offers personalized guidance, and helping you know exactly how safe you are.

An important part of this score is privacy and security, which is backed by a VPN that turns on automatically when you’re on an unsecure network and personal information monitoring to help protect you from identity theft—good examples that illustrate how staying safe online requires more than just antivirus.

Consider your security options for your Mac

So, Macs can get viruses and are subject to threats just like any other computer. While Macs have strong protections built into them, they may not offer the full breadth of protection you want, particularly in terms of online identity theft and the ability to protect you from the latest malware threats. Consider the threats you want to keep clear of and then take a look at your options that’ll help keep you safe.

The post Can Apple Macs get Viruses? appeared first on McAfee Blog.

Cyberbullying: Words do Hurt When it Comes to Social Media

By Toni Birdsong

Most parents may find it difficult to relate to today’s form of cyberbullying. That’s because, for many of us, bullying might have come in a series of isolated, fleeting moments such as an overheard rumor, a nasty note passed in class, or a few brief hallway confrontations. 

Fast forward a few dozen decades, and the picture is spectacularly different and a world few adults today would eagerly step into.  

Cyberbullying includes targeting that is non-stop. It’s delivered digitally in an environment that is often anonymous. It’s a far-reaching, esteem-shattering, emotional assault. And the most traumatic component? The perpetual nature of the internet adds the ever-present threat of unlimited accessibility—kids know bullying can happen to anyone, at any time, and spread like wildfire.   

The nature of cyberbullying can make a young victim feel hopeless and powerless. Skipping school doesn’t stop it. Summer vacation doesn’t diminish it. That’s because the internet is ever-present.   

According to a 2020 Ditch the Label Cyberbullying Study, youth today reveal that carrying the emotional weight of being “connected all the time” is anything but fun and games. Here’s a snapshot. 

  • Bullying has increased by 25% each year since the survey’s inception in 2006.   
  • 46 % of the respondents reported being bullied more than once, and 20% reported bullying others on social networking sites. 
  • 33% of young people surveyed said that they believe the behavior of politicians influences how people treat each other at school. 
  • 25% of those surveyed say they feel “lonely all of the time.” (Executive commentary added that since the onset of the pandemic onset, those numbers have increased).  
  • 50% of those bullied felt targeted because of attitudes towards their physical appearance.  
  • 14% of respondents said they never like themselves; 24% said they do but rarely. 
  • 42% of youth respondents revealed they have battled with anxiety. 
  • 25% said they deal with depression; 21% with suicidal thoughts. 
  • Leading mental health stressors include school pressures, exams, body image, feelings of loneliness, and grief.  

Who Is Most Vulnerable? 

While all kids are at risk for cyberbullying, studies reveal that some are more vulnerable than others.  

According to the Pew Research Center, females experience more cyberbullying than their male counterparts; 38% of girls compared to 26% of boys. Those most likely to receive a threatening or aggressive text, IM, or email: Girls ages 15-17.  

More data from the CDC and American University reveals that more than 28.1 % of LGBTQ teens were cyberbullied in 2019, compared to 14.1% of their heterosexual peers. In addition, Black LGTBQ youth are more likely to face mental health issues linked to cyberbullying and other forms of bullying as compared to non-Black LGTBQ and heterosexual youth.  

Another community that can experience high cyberbullying is gamers. If your child spends a lot of time playing online games, consider paying close attention to the tone of conversations, the language used, your child’s demeanor during and after gaming, and, as always, stay aware of the risks. In a competitive gaming environment that often includes a variety of age groups, cyberbullying can quickly get out of control.  

Lastly, the reality no parent wants to confront—but one that is critical to the conversation—is that cyberbullying and suicide may be linked in some ways. According to JAMA Pediatrics, approximately 80% of young people who commit suicide have depressive thoughts, and in today’s online environment, cyberbullying often leads to more suicidal thoughts than traditional bullying.  

5 Things Parents Can Do 

  1. Be a Plugged-In Parent. If you haven’t already, make 2022 the year you double up your attention to your kids’ online activities and how they might be impacting them emotionally. Kids connect with new people online all the time through gaming platforms, group chats, and apps. Engage them. Understand what they like to do online and why. Be aware of shifts in behavior, grades, and sleeping patterns. Know the signs that they may be experiencing online bullying.   
  2. Layer Up Your Power. Kids need help with limits in a world of unlimited content and parents get busy. One remedy for that? Consider allowing technology to be your parenting partner—additional eyes and ears if your will—to help reduce the risk your kids face online. Parental controls on family devices can help you pay closer attention to your child’s social media use and assist you in filtering the content that’s rolling across their screens. Having the insight to connect your child’s mood to the time they spend on specific apps may provide a critical shortcut to improving their overall wellbeing.  
  3. Prioritize Community. Feeling supported and part of a solid offline community can make a significant difference in a child’s life. One survey of teens aged 12-17 found that social connectedness played a substantial role in reducing the impact of cyberbullying. 
  4. Don’t prohibit, limit. If you know your child is having a tough time online, it’s important not to overreact and restrict device use. They need peer connection. It’s their culture. Consider helping them balance their time and content online. Please talk about the pros and cons of specific apps, role play, teach them how to handle conflict, and encourage hobbies and meetups that are not technology dependent.  
  5. Provide Mental Health Support. We are living in unique times. The digital, cultural, social, political, and health concerns encircling our kids remain unmatched. Not all signs of emotional distress will be outward; some will be subtle, and some, even non-existent. That’s why it’s essential to consistently take the time to assess how your child is doing. Talk with your kids daily, and when you notice they may need additional help, be prepared to find resources to help 

Conclusion 

Each new year represents 365 new days and 365 new chances to do things a little bit better than we’ve done them in the past. And while it’s impossible to stop our kids from wandering into the crossfire of hurtful words online, we can do everything possible to reduce their vulnerability and protect their self-esteem.  

The post Cyberbullying: Words do Hurt When it Comes to Social Media appeared first on McAfee Blog.

The Dark Web: A Definitive Guide

By McAfee

The internet has opened up wonderful new possibilities in our world, making life easier on many levels. You can pay your bills, schedule your next family vacation, and order groceries with the click of a button. While the internet offers many positive benefits, it also has some negatives. Although not entirely used for illicit purposes, the dark web is one part of the internet that can be used by criminals for illegal purposes, like selling stolen personal information.

But just what is the dark web? Basically, it’s a part of the internet that isn’t indexed by search engines. As an average internet user, you won’t come across the dark web since you need a special browser to access it. It’s certainly not something you need to stress about in your day-to-day browsing, and you shouldn’t let it scare you off the internet. Unless you actively seek it out, you’ll likely never have any contact with the dark web in your lifetime.

A better understanding of what the dark web is and the possible threats it contains can help you protect yourself, though. This guide provides the essential information you need, explaining the different levels of the web and revealing how you can stay safe. With this knowledge, you can continue to browse online with confidence. Find out more below.

What is the dark web?

The “dark web” refers to websites that aren’t indexed by search engines like Google and Bing. This might seem strange since most people want their websites to be found through specific searches. Practices like search engine optimization (SEO) are specifically implemented to help websites perform well and rank higher in search engine results.

So, why would someone not want their website to be picked up by a search engine? The primary purpose is to preserve privacy and anonymity. The individuals and organizations on the dark web often engage in illegal activities and want to keep their identities hidden — something that is difficult to do with an indexed website.

It’s important to note that the dark web should not be confused with the deep web, which is a part of the internet individuals access regularly. Although the terms are sometimes used interchangeably, they actually refer to different things. Deep web content — which isn’t picked up by search engines, either — includes pages that typically require additional credentials to access. Your online banking accounts and email accounts, for instance, are examples of deep web content.

Different levels of the web

The internet is home to billions of websites — an estimated 1.7 billion to be exact, although that number changes every day as new sites are made and others are deleted. Your daily internet activity likely falls within the publicly available and readily accessible portion of the internet (otherwise known as the surface web). However, there are additional “levels” of the internet beyond that top level. Read on to learn more.

Surface web

The internet you use to search for more information is referred to as the surface web or open web. This is the readily visible part of the internet anyone can access with an internet connection and a normal web browser like Safari, Mozilla Firefox, or Google Chrome. Other terms for the surface web include the visible web, lightnet, or indexed web.

Examples of content you’ll find on the surface web include:

  • Open media websites and news sites like those affiliated with blogs, newspapers, magazines, and other publications. An example would be the home page of a newspaper like The New York Times or a media company like BuzzFeed.
  • Business websites for everything from major corporations to smaller local businesses. An example could be the website for a huge corporation like Bank of America or one for a smaller business like a local bakery.
  • Mainstream social media platforms like Facebook, Instagram, LinkedIn, and Twitter. Although you likely use these tools via an app, they all have dedicated websites.
  • E-commerce sites used for buying goods and services, like Amazon, Walmart, Target, apparel retailers, and beyond. Any company that sells products online can be considered an e-commerce site.

Basically, the sites you use daily — from your favorite news site to a local restaurant — are part of the surface web. What makes these websites part of the surface web is that they can be located via search queries and have recognizable endings like .com, .edu, .gov, or .org. You are able to find websites on the surface web because they are marked as “indexable,” meaning search engines can index and rank them. The sites are readily available on the search engine results pages (SERPs).

Interestingly, the surface web only makes up around 4% of the total internet, meaning the internet is a lot more than what you see on the surface. Think of it as an ocean — there’s the top layer of water you can see and then there’s the vast world beneath. The remainder of the internet is what’s below the surface.

Deep web

The deep web refers to any page on the internet that isn’t indexed by search engines as described above. The deep web is the first level beneath the “surface” of the visible web — and it’s significantly larger than the surface web, accounting for an estimated 96% to 99% of the entire internet.

It’s important to note that just because this type of content isn’t on the surface doesn’t mean it’s nefarious or has ill intent. A lot of the time, this content isn’t indexed because it includes pages that are meant to be hidden to protect consumer privacy, such as those that require login credentials.

Here are some examples of content on the deep web:

  • Fee-based content like news articles that are behind a paywall or membership-only content requiring login credentials are considered part of the deep web. For example, if you pay to access members-only content in a content creator’s fan club, you are using fee-based content.
  • Databases containing protected files that aren’t connected to other areas of the internet. These could be public or private files, like those from government entities or private educational institutions.
  • Intranets for educational institutions, corporate enterprises, and governments are used for exchanging and organizing internal information. Some of it is sensitive and not meant for public dissemination. Intranets usually require a login and are part of the deep web.
  • Secure storage platforms like Dropbox or Google Drive also require you to log in to upload and download files and photos. There are also proprietary data storage solutions used by companies that frequently handle sensitive data, such as law firms, financial institutions, and health care providers. An example might be a patient portal via a hospital or doctor’s office, where you can access your personal medical records.

Essentially, any webpage that requires a login is part of the deep web. That said, deep web content doesn’t necessarily have to fall into any of these categories. Any page that is non-indexable is technically also considered part of the deep web. It doesn’t have to require a login or contain sensitive data. Website creators and managers can mark pages as non-indexable if desired.

It’s worth noting that sometimes a single organization’s website will include elements of both the surface web and the deep web. Take a college or university website, for example. Most schools have a comprehensive website providing information about the school’s history, campus location, student body, available programs of study, extracurricular activities, and more.

However, many schools also have an intranet — sometimes linked from the main university page — that’s accessible only for students or staff. This is where students might sign up for classes and access their school email, for example. Since this is sensitive information and requires a unique login, it doesn’t need to be made publicly available via search engines.

In fact, it’s better in the interest of privacy that these pages aren’t readily visible. It helps to protect the user’s data. From this example, you can see that the “deep web” doesn’t have to be scary, illicit, or illegal. It serves a legitimate and useful purpose. You shouldn’t be afraid of the deep web. It’s further important to distinguish the deep web from the dark web — as the next section explains.

Dark web

As mentioned, the deep web and the dark web sometimes get confused. However, they are distinct. Technically, the dark web is a niche or subsection within the deep web. It consists of websites that aren’t indexable and can’t be readily found online via web search engines. However, the dark web is a carefully concealed portion of the deep web that people go out of their way to keep hidden.

What makes the dark web distinct from the broader deep web is the fact that dark web content can only be accessed via a special browser. The Tor network is often used to access the dark web.

Additionally, the dark web has a unique registry operator and uses security tools like encryption and firewalls, further making it inaccessible via traditional web browsers. Plus, the dark web relies on randomized network infrastructure, creating virtual traffic tunnels. All of these technical details serve to promote anonymity and protect dark web users’ privacy.

Is it illegal to browse the dark web?

The short answer is no, it’s not illegal to browse the dark web. In fact, there are instances where individuals can use it for good. Whistleblowers, for instance, can find the anonymity available through the dark web valuable when working with the FBI or another law enforcement organization.

That said, while it’s not illegal to browse the dark web, it’s also not completely void of criminal activity. Putting yourself in close proximity with illegal activities is rarely a good idea and could heighten your risk of being targeted by a criminal yourself. It’s often best to leave that part of the deep web alone.

There are also many technological threats on the dark web. Malicious software, also known as malware, is a critical concern and can affect unsuspecting users. Even simply browsing the dark web out of curiosity can expose you to such threats, like phishing malware or keyloggers. While an endpoint security program can identify such threats if they end up on your computer, it’s ideal to avoid them altogether.

Further, if you try to buy something on the dark web — even if it’s not illegal — there’s a chance you’ll be scammed. Dark web criminals use a variety of tricks to con people. For example, they may hold money in escrow but then shut down the e-commerce website and take off with the money. Due to the anonymous nature of the dark web, it’s very difficult for law enforcement to find such perpetrators.

How do criminals use the dark web?

Given its anonymous nature, the dark web clearly has an obvious appeal for cybercriminals. But just what do they use it for? The most obvious type of internet activity is the buying and selling of black market goods and services, from illegal drugs to illegal content. Cybercriminals may also run scams when selling such items, for example by taking a person’s money and not delivering the required product.

There are dark websites dedicated to the purchase and sale of illegal products or services (usually using untraceable cryptocurrencies like bitcoin) including:

  • Financial information like cloned credit cards with PIN, credit card details, online bank account logins, and more. People can then use these details to make legitimate purchases, negatively impacting your financial status and ruining your credit score in the process.
  • Account details for hacked accounts like email accounts, eBay accounts, social media accounts, streaming services, and more. For example, a person may buy a reputable eBay seller’s login details and then use their real account to make fake sales, pocketing the money and ruining the seller’s reputation in the process.
  • Personal data that can be used to steal someone’s identity, such as their name, address, Social Security number, and more. Identity theft is a serious problem that can negatively impact everything from your credit score to your private medical data.
  • Illegal services like people claiming to be able to fix credit scores for a fee. Many of these “services” are scams. They may also be law enforcement masquerading as criminals in an attempt to catch people who are up to no good.
  • Illegal goods like unregistered firearms and drugs. Law enforcement is increasingly cracking down on cybercriminals and the dark web.

Browsers like Tor, an open-source and free software, allow people to access dark websites where these goods are available, like a digital marketplace. These websites may look similar to any other surface or deep website you’d encounter. However, they differ in their domain suffix, ending in “.onion” instead of more obvious options like “.com” (Tor is actually short for The Onion Router, which is also where the term “onion routing” comes from — referring to anonymous communication on the dark web).

Onion sites often use scrambled names that make their URLs difficult to remember, minimizing the odds of being reported to authorities. It’s possible to search the dark web using specialized dark web search engines like Grams or link lists like The Hidden Wiki. However, these sources tend to be slow and unreliable, just like the dark web itself.

Some of this information can be extremely valuable on darknet forums. For example, while a Social Security number might go for $2, email credentials could sell for as much as $120,000. Hackers can make a lot of money and do so with less worry that they might get caught. Thanks to the Tor browser’s layers of encryption and IP scrambling, it’s difficult to track people down on this part of the web.

How to protect yourself online

Again, although the dark web isn’t inherently bad, you should still be proactive in preventing your personal information from falling into the wrong hands. Here are a few ways you can help keep you and your family safe online:

  • Protect your devices with passwords and antivirus software: One of the first lines of defense is to protect your devices. With passwords, ensure they’re unique and strong across accounts and keep them in one place, like a password manager. It’s also important to have antivirus software installed on your browsing devices to protect them from malware and other threats (you can even take this a step further by using a virtual private network or VPN).
  • Think before oversharing on social: Social media keeps us connected with our family and friends, but before you click “share,” make sure you’re not revealing any personal information like your home address or something else that could be compromising.
  • Sign up for a monitoring service: Whether it’s reviewing your credit report or an identity protection plan with 24/7 monitoring, additional trusted eyes on your accounts will help them stay protected.

Get a personalized protection plan today

The dark web might sound scary. The fact is, an everyday internet user like yourself likely won’t have any contact with this level of the internet. That said, it’s still important to take as many precautions as you can to keep your family and your technology safe.

McAfee provides everyday internet users with the tools they need to surf safely and confidently. Our award-winning antivirus software protects against threats like phishing, malware, and ransomware, and we also offer identity protection plans that come with a personalized Protection Score to check the health of your online information. Start browsing with confidence by using McAfee.

The post The Dark Web: A Definitive Guide appeared first on McAfee Blog.

The Feeling of Safety

By McAfee

The internet’s greatest feat? Fundamentally shifting how we live. Once a revelation, it quickly set our long-standing beliefs about how we work, play, and connect into a whole new context. 

Today, the shifts come fast. Video meetings once felt alien. Now, they’re part of our routine. We’ve gone from setting doctor’s appointments online to actually seeing the doctor online—and from family visits to seeing everyone in seconds on a screen.  

At McAfee, we’ve seen our share of shifts as well. Looking back across our thirty-plus years, we were among the first to deliver antivirus technology. First to create a biometric password manager. First to give people an intuitive Protection Score, and so much more. And we’re not stopping. We’re protecting people and their ever-changing lives. That means covering all your life online, from security to privacy to identity, in a way that adds to your confidence and enjoyment too. 

Confidence and enjoyment. Those two words mark our next shift in online protection. We’re bringing those feelings to life across the McAfee experience. And it’ll redefine the way you stay safe online.  

Safety has an unmistakable feeling. As we bring that feeling to online protection, you’ll see a remarkable evolution. It will look and act in bold new ways, guide you, reassure you, and most importantly, keep you safe. In all, it’s a new breed of online protection that’s helpful, even thoughtful, in the ways it looks out for you. 

And this evolution is already underway. You’ll find that feeling in everyday moments as we make them simpler, freer, and safer—such as paying your bills at a coffee shop, managing your family’s healthcare from your laptop, and booking flights to catch up with old friends. Across them all, our protection will have your back, and even offer guidance when needed, all while you do you—wherever your day takes you and no matter what “online” looks like next. 

There’s simply so much to see out there. And with us by your side, you’ll feel safe and stay that way. Life online will continue to surprise us. In the best of ways. And people have a right to enjoy every moment of it, confident that they’re safe and secure, in ways they can point to and feel.  

That’s our next big shift. Giving you the unmistakable feeling of safety. You deserve it. More than that, it’s your right. And we’re proud to bring it to you. 

The post The Feeling of Safety appeared first on McAfee Blog.

The Internet is for Everyone to Enjoy—We’re Helping See to It

By McAfee

The internet is meant for all to enjoy. And that’s who we’re looking out for—you and everyone who wants to enjoy life online. 

We believe it’s important that someone has your back like that, particularly where some of today’s hacks and attacks can leave people feeling a little uneasy from time to time. You’ve probably seen stories about data breaches at big companies pop up in your news feed. Or perhaps you or someone you know had their debit or credit card number hacked. Problems like these are out there, unfortunate thorns in the side of the internet we’ve come to love. Yet while these issues persist, there’s plenty you can do to avoid them. 

That’s where we have your back—doing all we can to make life online enjoyable for everyone, with protection that helps people finally feel safe and stay that way. 

The reality is that nobody wants to deal with hackers, malware, and other attacks crop up on the internet. And while it’s important to be aware of those things, we’d rather that you didn’t have to worry about them. Protection should come easy. Whether it’s keeping your banking, shopping, and streaming secure, along with your privacy and personal info too, protection should feel simple and tailored to you. That’s what we strive for. 

So as you think about protecting your life online, take a moment to consider what you’re protecting. As you do, you’ll see that it means far more than protecting your computers, phones, and other devices. Ultimately, it’s about protecting you, and all the important things connected to you. You can think of it in three ways … 

1) Protect what’s precious  

What’s among the top things people say they want to protect? Their photos. Not far behind photos are all manner of digital treasures that people like to keep close, which ranges anywhere from music they’ve downloaded to old voicemails of their children, nieces, and nephews that they’ve saved over the years. Without a doubt, we have plenty of things stored on our computers and phones that we simply couldn’t do without. 

Protecting these things means protecting the devices you use to store and access them. Installing comprehensive online protection software like ours is the first step. In addition to award-winning antivirus software and firewall protection to help keep hackers at bay (and away from your photos and other precious files), it goes a step further.  

Our new Online Protection Score shows you just how safe you are and guides you through simple steps that can seal up gaps and improve your protection overall. In all, it’s a personalized and simple way to make sure you’re protected as possible and continually make improvements as they’re needed. It’s a way of getting expert protection without being an expert. 

2) Protect what’s vital 

There’s also the “Important Stuff” in life, like our financial records, tax returns, and all the banking that we do on our phones and computers. And let’s throw shopping into mix because shopping’s important too! You can protect the important things like this, which can help hackers out of your business. 

For starters, you can protect your important files three ways with our online protection by using a combination of the McAfee® File Lock and Shredder™ features to manage your privacy:  

  • McAfee File Lock allows you to create password-protected encrypted drives on your PC that only appear when you’ve unlocked them, perfect for storing sensitive files like tax returns and financial documents.  
  • And when you’re looking to dispose of sensitive files, McAfee Shredder securely deletes files so that would-be thieves can’t put the pieces back together. 

You can lock down your privacy even further with a VPN that can shield you automatically from snooping attacks online, whether at home or when using public Wi-Fi. It creates an encrypted connection that works like a private tunnel that hides your IP address and the things you’re doing online from cybercrooks. It’s ideal for keeping your sensitive personal information like your financial data, passwords, and browsing history hidden from both hackers and websites. 

And here’s another big help. A password manager. You likely have dozens of passwords, plus a few more that you’ve probably forgotten about. You can protect your passwords and the accounts associated with them with a password manager that creates and securely stores a strong, unique password for each of your accounts. Plus, you can use it to update those passwords on the regular. Few things make it tougher for hackers than strong, unique passwords that get changed often. In a time of data breaches and account theft, a password manager is a great call. 

3) Protect yourself (and your people) 

While it’s important to focus on protecting things like laptops, phones, photos, files, and data, you’re ultimately protecting something far greater You. Your privacy, your personal information, your accounts, all the things that taken together make you—you. The thing is that our lives are more fluid and mobile than ever before. One moment we’re banking on our laptop, the next we’re splitting the cost of dinner with a payment on our phone. The constant here is you. You’re at the center of all this activity regardless of the device you’re using. The same goes for your family and the people you care about.  

That’s why we protect people, not just their devices.  

McAfee Identity Protection Service monitors the dark web for your personal info such as emails and associated passwords, up to 60 different types of critical info. If we detect that your data was stolen, you’ll get immediate alerts on the devices of your choice and guidance on how to secure your info quickly and effectively. In all, you can keep tabs on your identity any time you’re connected to the internet, and if an issue crops up you can click, solve, and carry on. ​ ​ 

Extended identity protection offers up the extra comfort of knowing that you have licensed recovery pros on the case if identity theft does happen to you. This includes monitoring and restoration services, along with identity theft insurance for lawyer fees, travel expenses, lost wages, and more. 

Protection that runs deep 

While that’s just a few of the ways McAfee has your back, we hope it gives you a good sense of what online protection should do—how it should protect you and all the things connected to you. And on today’s internet, that’s quite a bit. There’s so much to experience online today, and we believe you should enjoy all of it, freely and with the confidence that comes from knowing you’re safe. 

The post The Internet is for Everyone to Enjoy—We’re Helping See to It appeared first on McAfee Blog.

So, Your Kids Have Left School. Do You Still Need To Worry About Their Online Safety?

By Alex Merton-McCann

Last week, I waved my 18-year-old off as he embarked on the Aussie school leaver’s rite of passage – Schoolies!! A week spent kicking up your heels and living life to the max without any parental supervision at all! Oh, the sleepless nights many of us parents have had! And once Christmas and New Year celebrations are done, he’ll be heading away to University to ‘live his best life’ away from his dedicated cyber mother! 

And of course, I’m delighted for him, although secretly devastated to be losing my baby boy. But it does prompt the question, am I now done with cyber parenting? Is my work here officially done? 

Do You Ever Stop Being a Parent? 

I remember when my kids were little, my mother shared some words of wisdom with me: ‘Alex, you never stop being a parent. The kids are the same, it’s just the issues that change.’ And she was so right. As our boys have grown up, we’ve been less involved in their day-to-day needs but still very much needed. Whether it’s to help review a work contract, provide advice on an issue with a flatmate or help pick out a suit, the parenting hasn’t stopped instead entered a new chapter. And of course, there’s no doubt that having interested, devoted parents at the end of the telephone – day or night – makes navigating life so much easier! 

And when it comes to their digital lives, it’s the same story. While we have no reason to be involved in their day-to-day online lives, we have definitely been called upon to help them troubleshoot situations from receiving inappropriate messages, identifying potential scams or managing terse exchanges.  And, might I add, I have also proactively offered my advice on the appropriateness of pictures they have shared online – many times!! 

How To Help Your Young Adult Kids Manage Their Cyber Safety? 

So, after having managed 3 kids through this transition to early adulthood with another one currently underway, I thought I’d share with you some of my best strategies for ensuring their digital life is in good shape without micro-managing them! 

1. Stay Friends with Them Online But Don’t Embarrass Them Ever 

Every few days, I’ll check out my boys’ socials. Not only does it give me a ‘feel’ for what’s happening in their lives – where they’ve been and who with – it also allows me to check they are making good decisions about what they share. There have been multiple times during this period where I have sent off a quick text suggesting they remove a photo or perhaps rephrase a comment! And while I know these texts aren’t always warmly received, in nearly all cases, they take my advice! 

And it goes without saying that your ability to provide input to their digital lives will only happen if you don’t cross boundaries! So, never embarrass them. If you see something you don’t like, message them privately – do not workshop it on their Facebook page! And if you want to post a pic or video of them, always get their ‘ok’ first.  

2. Buy Them Security Software for Christmas! 

OK, security software probably won’t be top of their Christmas list, but knowing that they have comprehensive security software like McAfee’s Total Protection on their devices which works hard in the background to minimize threats and issues will give you real peace of mind. This year, I’m buying my older boys an air-fryer and frypans for Christmas. Why not continue the pragmatic theme and invest in some software for them too? 

3. Set Up A Family Messaging Group 

About 4 years ago, I set up a family Messenger Group and it’s now something I absolutely treasure. We share pics of our cats and dog, potential family holiday dates, funny photos, and videos, and relevant news stories – particularly during COVID. But the other thing I like to share is reminders about important ‘tech stuff’, like changing passwords, when to update their Apple software or details about scams that are doing the rounds. Whether it’s Whats AppTelegram, or my personal favorite, Messenger, I strongly recommend establishing a family group chat as an effective way of covering off key issues with your young adult kids. 

4. Don’t Stop Walking About Digital Reputation  

With potential employers, partners, and even friends using Google to conduct their due diligence on you, digital reputation is everything. So, weaving constant reminders into conversations with your adult kids should still be a priority. Now, of course, some kids will instinctively ‘get this’ but others will need a few pointers. According to a  70% of employers use social media to screen candidates during the hiring process, and about 43% of employers use social media to check on current employees. So, why not encourage them to ‘Google’ themselves – and why not do yourself also? How you present online could mean the difference between being employed or unemployed!  

So, if you have a school leaver in your family and you’re not sure whether your job is done, I’m here to confirm that you’ll still be required for a very long time! Whether they know it or not, our big kids will still continue to need a sprinkling of our wisdom and experience for years to come. And even though they may have fled the nest, remember you will always be one of their most influential role models. So, make sure your digital life is in good shape too because as American novelist James Baldwin shares: ‘Children have never been very good at listening to their elders, but they have never failed to imitate them.’ 

Till next time 

Take care 

The post So, Your Kids Have Left School. Do You Still Need To Worry About Their Online Safety? appeared first on McAfee Blog.

New tech for the holidays? Watch out for these tech support scams.

By McAfee

We all know the frustration. A new piece of tech isn’t working the way it should. Or maybe setting it up is simply turning into a royal pain. Grrr, right? Just make sure that when you go on the hunt for some help, you don’t let a tech support scam get the better of you.  

Like so many scams out there, tech support scams play on people’s emotions. Specifically, the frustration you feel when things don’t work right. You want that problem fixed right now. So much so that you may not pay close enough attention to that tech support link you found in a search or came across in an ad. Tech support that looks legitimate but isn’t. 

Tech support scams make good money for bad actors. In fact, the larger tech support scam operations organize and run themselves like a business, with call centers, marketing teams, finance groups, and so forth—and can rack up some serious profits to boot. 

They make their money in several ways. Sometimes they’ll charge large fees to fix a non-existent problem. Other times, they’ll install information-stealing malware under the guise of software that’s supposed to correct an issue. In some cases, they’ll ask for remote access to your computer to perform a diagnosis but access your computer to steal information instead. 

Fortunately, these scams are rather easy to spot. And avoid. If you know what to look for.  

What do tech support scams look like? 

Let’s start with a quick overview of tech support scams. They tend to work in two primary ways.  

First, there are the scams that actively track you down. 

This could be a phone call that comes from someone posing as a rep from “Microsoft” or “Apple.” The scammer on the other end of the line will tell you that there’s something wrong with your computer or device. Something urgently wrong. And then offers a bogus solution to the bogus problem, often at a high cost. Similarly, they may reach you by way of a pop-up ad. Again telling you that your computer or device is in need of urgent repair. These can find you a few different ways: 

  • By clicking on links from unsolicited emails. 
  • From pop-up ads from risky sites. 
  • Via pop-ups from otherwise legitimate sites that have had malicious ads injected. 
  • By way of spammy phone calls made directly to you, whether by robocall or a live operator. 

Second, there are the scams that lie in wait.  

These are phony services and sites that pose as legitimate tech support but are anything but. They’ll place search ads, post other ads in social media, and so forth, ready for you to look up and get in touch with when you have a problem that you need fixed. Examples include: 

  • Online classified ads, forum posts, and blog sites. 
  • Ads on Social media sites such as Facebook, Reddit, YouTube, and Tumblr. 
  • Search results—scammers place paid search ads too! 

Tech support scams target everyone—not just the elderly 

While tech support scammers can and do prey on older computer users, they’re not the only ones. An apparent lack of computer savviness certainly makes older users an attractive target, yet it also seems that an apparent overconfidence in one’s savviness makes younger victims susceptible to tech support scams too. Turns out that the growing majority of victims worldwide are between 18 and 35 years old, a group that has known the internet for most, if not all, of their lives. That’s according to research from Microsoft’s Digital Crimes Unit, which found the 1 in 10 of people between the ages of 18 and 35 who encountered a tech support scam fell for it and lost money.  

Whatever the age group, the U.S. Federal Trade Commission (FTC) says that the reported losses in the U.S. are into the millions, which of course does not account for the assumedly millions more that do not go reported.  

How to spot and avoid tech support scams 

  • With regards to ads and search results, keep an eye open for typos, awkward language, or poor design and logos that looks like they could be a knockoff of a trusted brand. Check out our blog article that offers a field guide of what these ads and search results look like. 
  • Don’t fall for the call. If someone calls you with an offer of “tech support.” Chances are, it’s a scam. And if they ask for payment in gift cards or cryptocurrency like bitcoin, it’s absolutely a scam. Just hang up. 
  • Note that the big tech companies like Apple and Microsoft will not call you with offers of tech support or an alert that “something is wrong with your computer.” Such calls come from imposters. Moreover, in many cases, the company will offer free support as part of your purchase or subscription that you can get on your own when you need it. (For example, that’s the case with our products.) 
  • Don’t click on any links or call any numbers that suddenly appear on your screen and warn you of a computer problem. Again, this a likely sign of an attempted scam. Often, this will happen while browsing. Simply close your browser and open a fresh browser window to clear the ad or link. 
  • Go to the source. Contact the company directly for support, manually type their address into your browser or call the number that came with the packaging or purchase. Don’t search. This will help you avoid imposters that choke up search results with bogus ads. 
  • Protect your browsing. Use a safe browsing extension that can spot malicious sites and help prevent you clicking on them by mistake. Comprehensive online protection software will offer protect your browsing, in addition to protection from malware and viruses. 

Lastly, a good piece of general advice is to keep your devices and apps up to date. Regular updates often include security fixes and improvements that can help keep scammers and hackers at bay. You can set your devices and apps to download them automatically. And if you need to get an update or download it on your own, get it from the company’s official website. Stay away from third-party sites that may host malware. 

What to do if you think you’ve been scammed: 

1. Change your passwords. 

This will provide protection if the scammer was able to access your account passwords in some form. While this can be a big task, it’s a vital one. A password manager that’s part of comprehensive online protection can make it much easier. 

2. Run a malware and virus scan right away. 

Delete files or apps that the software says is an issue. Do the same for other devices on your network too. Experienced and determined scammers can infect them as well simply by gaining access to one device on your network. 

3. Stop payment. 

Contact your bank, credit card company, online payment platform, or wire transfer service immediately to reverse the charges. File a fraud complaint as well. The sooner you act, the better chance you have of recovering some or all your money. (Note that this is a good reason to use credit cards for online purchases, as they afford extra protection that debit cards and other payment services do not.) 

4. Report the scam. 

In the U.S., you can contact https://www.ftc.gov/complaint, which reports the claim to thousands of law enforcement agencies. While they cannot resolve your individual issue, your report can help with broader investigations and build a case against scammers—which can make the internet safer for others. Their list of FAQs is particularly helpful too, answering important questions like “how do I get my money back?” 

Enjoy your stuff! 

Here’s to holiday tech that works. And to quick fixes when things don’t go as planned. In all, if you find yourself staring down a technical issue, go straight to the source for help as we’ve outlined above. As you can see, scammers have burrowed themselves alongside otherwise legitimate ads, search results, and forums online, ready to take advantage of you when you need to get things working right. 

Likewise, keep an eye and ear open for those scammers who’ll reach out to you, particularly this time of year when so many people are getting so many new devices. Realizing that legitimate tech support won’t call you out of the blue is a great place to start. In all, go with the pros you know—the ones you can reach at the companies you trust. 

The post New tech for the holidays? Watch out for these tech support scams. appeared first on McAfee Blog.

What We’ve Learnt From Home Learning During Lockdown

By Alex Merton-McCann

I think it’s fair to say that come to next Australia Day, there needs to be a special award category for parents of young children who survived home learning during the lockdowns. Let’s be honest – it’s been brutal! So many parents had to juggle their own full-time work, running a household, AND supervising a day’s worth of learning for often, multiple children! Research from Macquarie University showed that many parents spent up to 14 hours a week in their role as home learning managers and 9/10 parents reported the experience as, quite understandably, stressful! As a mum of older teens and young adults – who are usually self-sufficient – I’m in awe! 

But the good news is – things are on the improve! Our vaccine rates are amongst the best in the world, so lockdowns have been lifted and, drum roll… kids are back at school! I’ve always been a big fan of trying to find the silver lining of any situation and I think there are many we can take away from our COVID experience, particularly when it comes to digital parenting. I know of so many parents who have completely rethought their approach to managing kids and technology since the pandemic hit because of their home learning experience. 

So, in the spirit of sharing and caring, I thought I’d round up some of the best ‘aha’ moments from parents who were forced to become expert home learning managers over multiple lockdowns. And make sure you take notes because there are some great learnings that we can apply to our digital parenting journey.  

Embrace Technology 

If you have never been ‘all in’ with your kids’ use of technology for both learning and socializing, then you need to get over this ASAP. Technology is the lifeblood of your kids’ lives. It’s how they connect, nurture friendships, and organize their social lives. I also recommend parents try to see technology through the eyes of their kids NOT just through our more ‘mature’ lens. It’s the best way of truly understanding just what a huge role it plays in their day-to-day lives. And don’t forget that technology is almost always used to set up in-person catchups! So, please don’t demonize it, it will only push your kids away. 

Understanding Your Child’s Online Life is a Powerful Way of Connecting 

I totally appreciate that many parents didn’t choose to be home learning ‘managers’ however many have shared with me how they now feel far more involved in their child’s life because of the experience. Seeing first-hand how your child’s day works, overhearing their conversations with teachers and peers (courtesy of Zoom), and being blown away by your offspring’s tech skills has given many parents incredible insight into their child.  

I know of parents who have noticed learning issues and friendship problems all as a result of their home learning manager role! There’s nothing like being able to nip something in the bud before it becomes a big issue! So, stay involved and you’ll reap the rewards! 

Get Your Kids Moving – Encourage Movement and Outdoor Activities Always 

Confession – I have never been one of those parents who proactively organized park visits, bushwalks, and exercise regimes for my kids. But many of the parents who managed young children through a lockdown and resorted to becoming personal trainers reported that it paid dividends. So, now lockdowns are (hopefully!) history, don’t forget about the benefits of getting your kids to move. It’s hard to be on a screen when you are walking the dog, playing a game of family cricket, or bushwalking. I know it’s time-consuming but it’s so worth it!

Take Some Time to Understand & Protect Your Kids’ Devices 

As of 2 years ago, the average Aussie household had 17 internet-connected devices in tow so it’s no wonder keeping abreast of all the devices in your household feels like a full-time job! But with kids continuing to use their devices for both study and socializing, it’s essential that you give each device a ‘once over’ to minimize risks and prevent issues arising down the track.  

Ensuring all their software is up to date is a great place to start. Also check that the default password has been changed and that there is some top-shelf security software installed to protect the device and, most importantly, its user! And while you are there, why not also ensure that each of their online accounts has its own distinct password? If you think they could manage a password manager, then it might be time to introduce them to one? Check out McAfee’s True Key – I couldn’t manage without it! 

I think you’d be hard-pressed to find many parents keen to return to home learning. In fact, I think there may even be a revolt if we had to go back! But, knowing we have picked up some ‘nuggets of gold’ along the way makes it a little feel a little better! So, please embrace technology – it’s a fantastic way of connecting with your kids. But of course, keep your family’s usage in check and minimize the risks by giving each device a once-over.  

Happy Digital Parenting! 

Alex  

The post What We’ve Learnt From Home Learning During Lockdown appeared first on McAfee Blog.

What is the Dark Web? Everything You Need to Know

By Vishnu Varadaraj

You open up your laptop and check the daily news. You see a headline stating that one of your favorite online retailers was breached and that thousands of their customers’ passwords were exposed. Data breaches like this frequently appear in the news, but many consumers don’t realize the implications these breaches have on their personal privacy. When data breaches occur, oftentimes billions of these hacked login credentials become available on the dark web, neatly packaged for criminals to download.1 

Let’s dive into the differences between the deep web and the dark web, how cybercriminals use the dark web, and what you can do to protect your data.  

Deep Web vs. Dark Web: What’s the Difference?  

You’ve probably heard of the deep and dark web but may not be aware of their differences.2 First, let’s start by noting that the dark web is always part of the deep web, but the deep web is not always the dark web.  

The deep web refers to the pages on the internet that are not indexed in search engines, meaning that you can’t find them by performing a simple Google search. To access these pages, you have to know the exact address to the site and access it with specific software. Most personalized and password-protected sites appear on the deep web because they contain information that is not meant to be accessed by the general public. These sites include a user’s Netflix home page, password-protected sites for banking, and the internal sites of companies, organizations, and schools. These are all examples of legitimate areas of the deep web.  

On the other hand, the dark web is the disreputable extension of the deep web. Like the deep web, the dark web also houses sites that are not indexed by search engines, but it also hides a user’s identity and location. It consists mostly of illegal products or content that could be harmful to organizations or the general public. Some examples include stolen credit card numbers, fake IDs, drugs, and hacking tools. To access the dark web, a user needs to download darknet software, the most popular being Tor.  

Tor, which stands for “the onion routing project,” was developed by the U.S. Navy for the government in the mid-1990s. It was open-sourced in 2004, and that’s when it went public. Today, Tor is the dark web browser that the majority of people use to surf the internet anonymously. To do this, Tor hides a user’s IP address (or the unique address that identifies an internet-connected device or network) by bouncing their search request to multiple different locations. These bounces also referred to as relays, make it much harder for people to find users on the dark web.  

How Cybercriminals Use the Dark Web 

Because of its ability to provide anonymity, the dark web is often tied to the world of cybercrime. Scammers frequently use the dark web to find software that allows them to access other people’s computers, banking credentials, Social Insurance Numbers, and credit card information. You may be wondering how all this private information ended up on the dark web in the first place. Oftentimes when a company is breached and their customers’ data is exposed, the hackers behind the breach will upload the stolen database to the dark web. This allows other cybercriminals to purchase the stolen information and use it to target users with other scams. Say that a criminal finds a database on the dark web that contains a bunch of personal email addresses. They can purchase the database and target every email address with a phishing campaign that contains malicious links that spread malware or attempt to trick users into handing over their username and password combinations.  

How to Protect Your Data 

Incorporating cybersecurity best practices into your daily life can help protect your data from hackers looking to take advantage of the data found on the dark web. Follow these tips to bring yourself greater peace of mind:  

1. Use strong, unique passwords  

The chances of a hacker accessing your data are higher if you use the same credentials across different accounts. That’s why it’s important to use a strong, unique password for each of your online profiles. This minimizes the potential damage that could be done if a hacker does gain access to one of your accounts. You can also use a password manager with a built-in generator to make it easier for you to access and manage passwords. Enabling multi-factor authentication will also ensure that hackers cannot access your information using only your login credentials. 

2. Be on the lookout for suspicious emails and text messages 

If you receive an email asking you to take immediate action, stop and think. Criminals often convey urgency in their phishing scams in the hopes that an unsuspecting user will click on a malicious link or hand over their personal details without considering the legitimacy of the message. Examine suspicious emails carefully to check for telltale signs of phishing, such as poor grammar, grainy logos, or bogus links. If an email claims to be from a well-known company or brand and asks for your credentials, claims that you need to update your password, or sends you a “free offer,” go directly to the source. Contact customer service through the company’s website (not the email) and inquire about the urgent request.  

3. Stay informed on recent data breaches  

Be on the lookout for breach notices from relevant companies since they are often the first to know about a data breach impacting their online customers. Create news alerts for companies that have access to your information to stay notified of the latest events.  

Additionally, create notifications for your bank and other financial accounts to monitor suspicious activity, such as unauthorized transactions or a drop in credit score. You will be better prepared to mitigate any cybersecurity threats with the right security software and knowledge of the latest risks.   

4. Use comprehensive security software 

Use a comprehensive security solution like McAfee Total Protection, which includes dark web monitoring for up to 10 email addresses. This software actively monitors the dark web for data breaches and exposed information.  Personal details include but are not limited to your date of birth, email addresses, credit card numbers, and personal identification numbers. It also provides steps for remediation after a data breach to help you regain control and the integrity of your data and privacy. With a security solution like this in place, you can continue to live your connected life confidently.  

The post What is the Dark Web? Everything You Need to Know appeared first on McAfee Blog.

My email has been hacked! What should I do next?

By McAfee

If you find that your email has been hacked, one of your immediate reactions is wondering what you should next.  

The answer: take a deep breath and jump into action. There are five steps can help you prevent or minimize any damage done by a compromised account. 

So why do hackers go after email accounts? Fact is, that email account of yours is a treasure trove. There’s a good chance it contains years of correspondence with friends and family, along with yet more email from banks, online retailers, doctors, contractors, business contacts, and more. In all, your email packs a high volume of personal info in one place, which makes your email account a top prize for hackers.  

Let’s take a look at how you can take back control of your email account, along with some things you can do to keep it from getting hacked in the first place.  

You can’t log into your email account: 

This one speaks for itself. You go to check your email and find that your username and password combination has been rejected. You try again, knowing you’re using the right password, and still no luck. There’s a chance that a hacker has gotten a hold of your password, logged in, and then changed the password—thus locking you out and giving them control of your account. 

One of your contacts asks, “Did this email really come from you?” 

Hackers often compromise email accounts to spread malware on a large scale. By blasting emails to everyone on your hacked contact list, they can reach dozens, even hundreds, of others with a bogus email that may include an attachment that’s infected with malware. And no doubt about it, some of those emails can look a little odd. They don’t sound or read at all like the person they’re trying to impersonate—you—to the extent that some of your contacts may ask if this email really came from you. 

On the flip side, this is a good reason to never open attachments you weren’t expecting. Likewise, if you get a somewhat strange email from a friend or business contact, let them know. You may be the first indication they get that their email has been compromised. 

Slow and erratic device performance: 

A sluggish device could be a sign of malware in general. The thing with malware is that it tends to act like a system and resource hog, which may cause your device to run slowly, to turn off and on again suddenly, or even run hot. In some cases, the malware is logging keystrokes on your computer or taps on your phone to siphon off things like usernames and passwords so that a hacker can take control of the accounts associated with them—such as your email, not to mention your bank accounts. This makes a strong case for antivirus and antimalware protection that’s automatically kept up to date to protect against the latest threats. 

What should I do if my email is hacked? 

1) Change your passwords: 

Change your password for your email account if you can. Make it a strong, unique password—don’t reuse a password from another account. Next, update the passwords for other accounts if you use the same or similar passwords for them. (Hackers count on people using simpler and less unique passwords across their accounts—and on people reusing passwords in general.) A password manager that’s included with comprehensive online protection software can do that work for you. 

2) Use your email provider’s recovery service, if needed: 

In the case where you’ve been locked out of your account because you think the hacker has changed the password, your email provider should have a webpage dedicated to recovering your account in the event of a lost or stolen password. (For example, Google provides this page for users of Gmail and their other services.) This is a good reason to keep your security questions and alternate contact information current with your provider, as this is the primary way to regain control of your account. 

3) Reach out to your email contacts:

As mentioned above, a big part of the hacker’s strategy is to get their hooks into your address book and spread malware to others. As quickly as you can, send a message to all your email contacts and let them know that your email has been compromised. And if you’ve done so, let them know that you’ve reset your password so that your account is secure again. Likewise alert them that they shouldn’t open any emails or attachments from you that were sent during the time your account was compromised.  

4) Scan your device for malware and viruses: 

Also as mentioned above, there are several ways that a hacker can get a hold of your email account information—one of them by using malware. Give your device a thorough virus scan with comprehensive online protection software to ensure your device is free from malware. Set up a regular scan to run automatically if you haven’t already. That will help keep things clean in the long run. 

5) Check your other accounts:

 Sometimes one bad hack leads to another. If someone has access to your email and all the messages in it, they may have what they need to conduct further attacks. Take a look at your other accounts across banking, finances, social media, and other services you use and keep an eye out for any unusual activity. 

The bigger picture: Keep tabs on your identity 

More broadly speaking, your email account is one of the several pieces that make up the big picture of your online identity. Other important pieces include your online banking accounts, online shopping accounts, and so on. No question about it, these are things you want to keep tabs on. 

With that, check your credit report for any signs of strange activity. Your credit report is a powerful tool for spotting identity theft. And in many cases, it’s free to do so. In the U.S., the Fair Credit Reporting Act (FCRA) requires the major credit agencies to provide you with a free credit check at least once every 12 months. Canada provides this service, and the UK has options to receive free reports as well, along with several other nations. It’s a great idea to check your credit report, even if you don’t suspect a problem. 

Beyond keeping tabs on your identity, you can protect it as well. Online identity protection such as ours can provide around-the-clock monitoring of your email addresses and bank accounts with up to $1M of ID theft insurance in the event your identity gets compromised. Additionally, it can put an identity recovery pro on the case if you need assistance in the wake of an attack or breach. Taking a step like this can help keep your email account safer from attack in the first place—along with many others as well. 

The post My email has been hacked! What should I do next? appeared first on McAfee Blog.

Spot Those Black Friday and Cyber Monday Shopping Scams

By McAfee

You’re not the only one looking forward to the big holiday sales like Black Friday and Cyber Monday. Hackers are too. As people flock to retailers big and small in search of the best deals online, hackers have their shopping scams ready. Remember, McAfee frees you to live your connected life safe from threats like viruses, malware, phishing, and more. Download award-winning antivirus that protects your data and devices today.

One aspect of cybercrime that deserves a fair share of attention is the human element. Crooks have always played on our feelings, fears, and misplaced senses of trust. It’s no different online, particularly during the holidays. We all know it can be a stressful time and that we sometimes give into the pressure of finding that hard-to-get gift that’s so hot this year. Crooks know it too, and they’ll tailor their attacks accordingly as we get wrapped up in the rush of the season. 

5 ways to spot an online shopping scam 

So while you already know how to spot a great deal, here are ways you and your family can spot online shopping scams so you can keep your finances safer this shopping season: 

1) Email attachments that pretend to be from legitimate retailers and shippers 

A common scam hackers use is introducing malware via email attachments, and during the holiday sale season, they’ll often send malware under the guise of offering emails and shipping notifications. Know that retailers and shipping companies won’t send things like offers, promo codes, and tracking numbers in attachments. They’ll clearly call those things out in the body of an email instead. 

2) Typosquat trickery 

A classic scammer move is to “typosquat” phony email addresses and URLs that look awfully close to legitimate addresses of legitimate companies and retailers. They often appear in phishing emails and instead of leading you to a great deal, these can in fact link you to scam sites that can then lift your login credentials, payment info, or even funds should you try to place an order through them. You can avoid these sites by going to the retailer’s site directly. Be skeptical of any links you receive by email, text, or direct message—it’s best to go to the site yourself by manually typing in the legitimate address yourself and look for the deal there. 

3) Copycat deals and sites 

A related scammer trick that also uses typosquatting tactics is to set up sites that look like they could be run by a trusted retailer or brand but are not. These sits may tout a special offer, a great deal on a hot holiday item, or whatnot, yet such sites are one more way cybercriminals harvest personal and financial information. A common way for these sites to spread is by social media, email, and other messaging platforms. Again a “close to the real thing” URL is a telltale sign of a copycat, so visit retailers directly. Also, comprehensive online protection software can prevent your browser from loading suspicious sites and warn you of suspicious sites in your search results. 

4) Counterfeit shopping apps 

While the best of them can look practically professional and be tough to spot, one way to avoid counterfeit shopping apps is to go to the source. Hit the retailer’s website on your mobile browser and look for a link to the app from their website. Likewise, stick to the legitimate app stores such as Google Play and Apple’s App Store. Both have measures in place to prevent malicious apps from appearing in their stores. Some can sneak through before being detected though, so look for the publisher’s name in the description and ensure it is legitimate. On a fake app, the name may be close to the retailer you’re looking for, but not quite right. Other signs of a fake will include typos, poor grammar, and design that looks a bit off. 

5) The “too good to be true” offer 

At the heart of holiday shopping is scarcity. Special offers for a limited time, popular holiday items that are tough to find, and just the general preciousness of time during the season to get things done, like shopping. Scammers love this time of year. During the holidays, they’ll play on that scarcity and crunch you’re under in their offers and messaging. Enter the “too good to be true” offer, typically set up on phony sites like the ones mentioned above. If the pricing, availability, or delivery time all look too good to be true, it may be a scam designed to harvest your personal info and accounts. Use caution here before you click. If you’re unsure about a product or retailer, read reviews from trusted websites to help see if it’s legitimate. 

Great tips for shopping online any time 

Apart from spotting scams, there are several things you can do to keep yourself safer while shopping this holiday season. In fact, they can keep you safer when you shop year ‘round as well. Looking for a last minute deal? Download McAfee online protection today.

Look for the lock icon 

This is a great one to start with. Secure websites begin their address with “https,” not just “http.” That extra “s” in stands for “secure,” which means that it uses a secure protocol for transmitting sensitive info like passwords, credit card numbers, and the like over the internet. It often appears as a little padlock icon in the address bar of your browser, so double-check for that. If you don’t see that it’s secure, it’s best to avoid making purchases on that website. 

Use a credit card instead of your debit card 

Specific to the U.S., the Fair Credit Billing Act offers the public protection against fraudulent charges on credit cards, where citizens can dispute charges over $50 for goods and services that were never delivered or otherwise billed incorrectly. Note that many credit card companies have their own policies that improve upon the Fair Credit Billing Act as well. However, debit cards aren’t afforded the same protection under the Act. Avoid using those while shopping online and use your credit card instead. 

Consider getting a virtual credit card 

Another alternative is to set up a virtual credit card, which is a proxy for your actual credit card. With each purchase you make, that proxy changes, which then makes it much more difficult for hackers to exploit. You’ll want to research virtual credit cards further, as there are some possible cons that go along with the pros, such as in the case of returns where a retailer will want to use the same proxy to reimburse a purchase. 

Use protection while you shop 

Using a complete suite of online protection software can offer layers of extra protection while you shop, such as web browser protection and a password manager. Browser protection can block malicious and suspicious links that could lead you down the road to malware or a financial scam. A password manager can create strong, unique passwords and store them securely as well, making it far more difficult for hackers to compromise your accounts. Identity theft protection takes your safety a step further by helping you secure your identity online and restore it should any of your personal info be found in the wrong hands. 

Use two-factor authentication on your accounts 

Two-factor authentication is an extra layer of defense on top of your username and password. It adds in the use of a special one-time-use code to access your account, usually sent to you via email or to your phone by text or a phone call. In all, it combines something you know, like your password, with something you have, like your smartphone. Together, that makes it tougher for a crook to hack your account. If any of your accounts support two-factor authentication, the few extra seconds it takes to set up is more than worth the big boost in protection you’ll get. 

Use a VPN if you’re shopping on public Wi-Fi 

Public Wi-Fi in coffee shops and other public locations can expose your private surfing to prying eyes because those networks are open to all. Using a virtual private network (VPN) encrypts your browsing, shopping, and other internet traffic, thus making it secure from attempts at intercepting your data on public Wi-Fi and harvesting information like your passwords and credit card numbers. 

Keep an eye on your identity and credit reports 

With all the passwords and accounts we keep, this is important. Checking your credit will uncover any inconsistencies or outright instances of fraud. From there, you can then take steps to straighten out any errors or bad charges that you find. In the U.S., you can run a free credit report once a year with the major credit reporting agencies 

Shop happy! (Don’t give in to stress and scarcity.) 

So while you’re shopping online this year, take a deep breath before you dive in. Double-check those deals that may look almost too good to be true. Look closely at those links. And absolutely don’t click on those attachments that look like shipping notices or coupon deals. Hackers are counting on you to be in a bit of a hurry this time of year. Taking an extra moment to spot their tricks can go a long way toward keeping you and your finances safe. Remember, stay ahead of cyber criminals, get an extra layer of protection with McAfee this holiday season.

The post Spot Those Black Friday and Cyber Monday Shopping Scams appeared first on McAfee Blog.

The Ultimate Holiday Shopping Guide

By McAfee

The holidays are almost here! That means it’s time to start making your list and checking it twice. To help prepare you for this year’s holiday shopping spree, McAfee is providing you with the ultimate holiday shopping list for every Tech lover in your family. Here are the devices to keep on your radar this holiday shopping season and what you should use to protect them.  

For the Gaming Guru  

Know someone who enjoys vanquishing aliens, building virtual amusement parks, and online battle royale? There’s a good chance that you do, as online gaming traffic increased 30% from the first to the second quarter of 2020. For the gaming guru in your life, consider gifting them a top-of-the-line gaming laptop so, they don’t have to compromise portability for playability. If they prefer to play in the comfort of their own home, consider giving the gamer in your life a snazzy new gaming monitor. This will allow them to enjoy a crystal-clear resolution, rapid refresh rate, and size to bring their virtual world to life. And to truly immerse your gamer in a new realm, gift them a new gaming console so they can enjoy optimal speed and stellar game lineups.  

When shopping for your gamer, consider how you can empower them to stay secure while they play. A security solution like McAfee Gamer Security not only delivers a faster, quieter, and safer experience, but it can also boost a rig’s performance. This antivirus software detects threats through the cloud and optimizes resources to minimize frame drops. Gamers can even customize which games to boost (or even add other apps they’d like to boost), which background services to pause, and more. This improves your gamer’s experience and also keeps them safe while they play.  

For the Mobile Mastermind 

Does your tech-savvy teen love to browse on the go? Or perhaps you have a college student who likes to bring their online studying and video streaming with them beyond the home. For the mobile mastermind in your family, gift them a new smartphone or tablet this holiday season. These devices will allow your loved ones to access all their favorite apps and surf the web anytime, anywhere.  

With the World Wide Web constantly at their fingertips, enable your family members to surf the internet with confidence by employing the help of a safe browsing solution like McAfee WebAdvisor. This trusty companion, available for free and included in the McAfee Total Protection app for iOS and Android, helps keep users safe from threats like malware and phishing attempts. Web Advisor blocks malicious sites, scans downloads, and alerts the user if a known threat is detected. With comprehensive security on their side, your mobile user will be free to search, stream, and download on the go.  

For the Smart Home Supervisor 

The number of smart households (households that contain connected technology and can interact with other IoT devices) in the U.S. is expected to grow to 77.05 million by 2025. That may not come as a surprise, since IoT devices have upped the convenience of tech users’ lives everywhere. Perhaps your spouse or parents love filling their home with the latest and greatest smart home gadgets. This holiday season, give them the gift of convenience with a smart TV, speaker, thermostat, kitchen appliances, a personal home assistant – the list of smart home devices goes on!  

While these devices can provide greater efficiency to anyone’s life, it’s important to be aware of the potential risks that come with this level of interconnectivity. Many product designers treat security as an afterthought, rushing to get their smart devices to market and consequentially creating an easy access point for criminals to exploit. But fear not! A solution like McAfee Secure Home Platform can automatically secure connected devices through a router with McAfee protection. It can hide your IoT devices from hackers, giving you the confidence that you have a solid line of defense against online threats.  

 For the Fitness Fanatic 

 At the onset of the pandemic, people adjusted their workout routines to accommodate for gym closures and began to rely on other solutions to stay fit. In fact, many turned to IoT devices used for virtual fitness, including wearable fitness trackers and stationary machines equipped with digital interfaces. Sound like someone you know? Consider giving them a stylish new or upgraded smartwatch that allows them to track their daily step count, heart rate, and sleep patterns.

While these devices can be instrumental in tracking users’ activity levels, it’s important to remember that wearable gadgets collect valuable health and location data a criminal could exploit. To keep your fitness fanatic happy and healthy without sweating their security, encourage them to install software updates immediately. This will protect your loved one’s device from reported bugs, enhance functionality, and seal up any security loopholes. 

Secure for the Holidays  

As you plan your holiday shopping list this year, don’t forget about the gift that keeps on giving: the peace of mind that comes with having the right online security! With comprehensive solutions built to safeguard your loved one’s devices, personal data, and everything they do online, they can continue to live their digital lives with confidence.  

The post The Ultimate Holiday Shopping Guide appeared first on McAfee Blog.

Staying Cyber Aware and Safer from Ransomware

By Steve Grobman

Ransomware – A truly frightening cyber security topic

It’s October, and at McAfee we love celebrating spooky season. As McAfee’s Chief Technology Officer, I’m also excited that it’s Cyber Security Awareness Month. And while there are no fun-size candy bars, we do talk about some truly bone-chilling stuff when it comes to cyber safety. So gather round, as I tell you all about one of the scariest threats online, ransomware. 

What is Ransomware?

Ransomware is a form of extortion that happens when cyber criminals demand payment. Recently some high-profile companies have been in the news as victims of major ransomware attacks. However, ransomware also impacts individuals, just like you and me. In the individual’s case, a cybercriminal may demand payment to restore access to your device or data or even to prevent them from dumping sensitive or embarrassing information onto the internet. McAfee defends consumers from tens of thousands of ransomware attacks every month. 

What should I do if I’m a victim of ransomware? 

If the worst should happen, take a deep breath and don’t panic. Calmly assessing the situation now can save you a lot of stress later. Ask yourself: 

What data has been compromised?  

  • Look for things like encrypted files on your computer that you can no longer open. 
  • Did the hacker show you an email you don’t believe they should have access to? 

How valuable is the data?  

  • Can you afford to lose this data? 
  • Ideally, your data is backed up on another device or in the cloud so you can regain anything that the criminals have stolen. 
  • Would this data be publicly damaging to you? 

How to avoid making the problem worse 

  • Never accept unsolicited help. This may be the hacker. 
  • Don’t click on pop-ups, links, or emails offering help, as these may also be affiliated with the ransomware. 

Taking action 

Now that you’ve assessed the situation, we can do something about it. 

  • Update all your passwords to lock criminals out of your online accounts. 
  • Make sure all your system software is up to date. 
  • Check that McAfee security is installed and active on all your devices. 

Don’t negotiate with terrorists   

If you can afford to lose your data, and the personal impact is minimal, we always recommend you don’t pay the criminal. There’s no guarantee that if you pay the ransom, you’ll get your data back, and ultimately, you’re incentivizing the cybercriminal to do it again. The best defense against ransomware is to have great cybersecurity habits that prevent the attack from occurring in the first place. 

So, whether you’re enjoying some creepy lawn decorations, or just surfing the web, remember to stay safe out there this Halloween. 

The post Staying Cyber Aware and Safer from Ransomware appeared first on McAfee Blog.

Organized Cybercrime: The Big Business Behind Hacks and Attacks

By McAfee

There’s a person behind every cybercrime. That’s easy to lose sight of. After all, cybercrime can feel a little anonymous, like a computer is doing the attacking instead of a person. Yet people are indeed behind these attacks, and over the years they’ve been getting organized—where cybercriminals structure and run their operations in ways that darkly mirror the workings of a real business. 

Funny, the notion of hackers running an illegal business just like a regular business. But there you go. What works, apparently works. So, let’s take a closer look at how organized crime goes about its business—and get a little more insight into how we can protect ourselves in the process. 

A classic notion of the cybercriminal is that of a lone hacker, donning a hoodie in a dimly lit room and chipping away at the networks and devices of a business or household. That does happen, such as in the case of the former engineer accused of. Yet increasingly, attacks are orchestrated efforts.  

More and more of today’s cybercrime is a distributed, international affair that relies on several bad actors to see it through. This takes the form of organized crime groups with ringleaders located in one country and developers in others, further supported by operations, marketing, finance, and call center teams in yet other locations—just like a legitimate business, strange as it seems. 

What does that look like in real life? Consider a practical example: an identity theft ring sets up a series of phony websites to hijack personal information. There’s a lot of work that goes into putting up those websites, so let’s start there and see who could be involved. From there, we can work our way up the chain of cybercrime organizations. For starters: 

  • There are the sites themselves. An individual or team codes the site in their location and then hosts them on servers in other locations, often different countries. 
  • There’s a creative team that designed and wrote the sites in such a way that they look convincing enough to potential victims such that they fall for the scam.  
  • Another team takes on a marketing role, where they’re charged with promoting those phony sites to lure in victims through phony emails, ads, and paid search results designed to look like the real thing. 
  • An analytics team determines which lures are the most effective. From there, they share these findings so that the most effective of the phony emails, ads, and search results get used—they may fine-tune the phony websites for performance as well. 

And that’s just for starters. There’s plenty of activity that follows once victims share their personal info on that phony site, spanning yet more business roles: 

  • A data team harvests the stolen data and packages it up for use, whether by the same cybercrime organization or via sale on a dark web marketplace. 
  • A finance team that handles and launders funds as needed—and then pays out partners, employees, and ringleaders of the organization. Plus, it will cover any operational costs like equipment and services used. 
  • A managerial layer may also exist to keep operations running smoothly, coordinating the efforts of all the teams and offering reports to (ring)leadership. 
  • The ringleaders themselves—the ones who conceived this scam, set it in motion, and reap the big dollars from it. Of note, these people may not be technically minded at all. But they are crooks. 

Stepping back and looking at this example, you can see how there are several distinct skillsets at play here. While small groups of hackers could pull off something similar, the most effective of these scams will have a relatively large staff in place to ensure it runs effectively. This is just one broad example, yet it does serve to remind us that sophisticated cybercrime can have a sophisticated organization behind it. 

Other examples include tech support scams that run their own call support centers, corporate ransomware attacks where scammers hijack the company’s social media accounts and shame them into paying. There are yet more examples of bogus call centers, like the ones that will walk individual victims through the process of paying off a ransomware attack with cryptocurrency. Once again, quite an operation. 

Back to the lone hacker in a hoodie for a moment. They’re still out there. In fact, many of them are enabled by larger cybercrime organizations. This can happen in several ways: 

  • Take the phony website example above. The crooks who stole that information may not use it themselves. They may sell it to other cyber crooks for profit instead.  
  • Additionally, larger organizations will sell their malicious code in kits to non-technical and semi-technical hackers so that those crooks can commit crimes of their own.  
  • Some organized cybercrime organizations will simply hire themselves out as a service, unleashing phony website scams like mentioned above, distributed denial of service attacks that flood internet traffic to a halt, and several other types of crime—for the right price.  

It’s a marketplace out there, where our data acts as a kind of currency that’s traded and sold by operators large and small. 

So yes, there’s a person behind every cybercrime. And then there’s you. Along with all things you can do to stop them. 

Earlier this year, I shared how McAfee now solely focuses on people. Organized cybercrime is just one of the many reasons why. While different devices may come and go in our lives, our data always follows us—the very things cybercriminals are after. It’s people who need protection. By protecting you, your identity, and your privacy, along with your devices, we protect you from threats like these, whether they stem from a small-time crook or an organized crime gang. Even lone hackers in hoodies.  

To me, the solution looks something like this: you’re out there enjoying the internet without having to look over your shoulder. You’re just safe. And living your life.  

So as cybercrime becomes more sophisticated, we’re becoming yet more sophisticated at McAfee. And it’s you entirely with you in mind. Online protection should come naturally and give you the confidence to go about your day—protection that is personalized, intelligent, and easier to use so that it adapts based on what you’re doing and what you need at any given moment. That’s our aim. Ease. Freedom. Particularly in a time when criminals are trying their hardest to make you their business as you go about yours. 

The post Organized Cybercrime: The Big Business Behind Hacks and Attacks appeared first on McAfee Blog.

Do your part and #BeCyberSmart with these online safety tips

By McAfee

We hope you’ve enjoyed Cyber Awareness month. This year’s theme asked us all to do our part to stay safer online. The idea is that if we each take steps to secure our lives online, then together we all contribute to creating a safer, more secure internet. Of course, it’s our job to help you #BeCyberSmart. With that in mind, we’ve pulled together all the safety tips we featured in October. From family security to protecting your latest smart home gadgets, they’re all here and organized by theme. So take a look below and let’s all do our part today, tomorrow, and in the year to come! 

#BeCyberSmart at any age 

10 quick tips for keeping the whole family safe 

https://www.mcafee.com/blogs/consumer/family-safety/10-easy-ways-to-build-up-your-familys-online-security/ 

Online security for senior citizens 

https://www.mcafee.com/blogs/consumer/family-safety/7-savvy-ways-senior-adults-can-safeguard-digital-privacy/ 

A quick list of tips for protecting kids on apps and social networking 

https://www.mcafee.com/blogs/consumer/family-safety/more-apps-for-younger-users-emerging-heres-what-parents-need-to-know/ 

How to protect baby’s first digital footprints 

https://www.mcafee.com/blogs/consumer/the-connected-lives-of-babies-protecting-their-first-digital-footprints 

Millennials are major targets for identity theft. Check out this quick guide for protecting identity online 

https://www.mcafee.com/blogs/consumer/consumer-cyber-awareness/guide-protecting-your-digital-identity/ 

Ways for online gamers to #BeCyberSmart.  

https://www.mcafee.com/blogs/consumer/consumer-cyber-awareness/5-online-gaming-tips-to-stay-safe-from-hackers/ 

Fight the Phish! 

#Phishing is a common #scam that pops up in emails, DMs, and texts where crooks try and get you to click sketchy links. Learn how to spot them. 

https://www.mcafee.com/blogs/consumer/consumer-threat-reports/protect-yourself-against-phishing-scams-with-these-security-tips 

#phishing quick tips:

  • A common attack is a fake shipment alert, where a text pretends to come from a legitimate carrier or delivery service. #BeCyberSmart, don’t click on any links. Go to the company’s webpage and follow up there, especially if you weren’t expecting a package! 
  • #Phishing also happens on voicemail. Crooks can pose as IRS agents during tax time or pretend to represent a bank, all to get your Social Security number or other info. #BeCyberSmart, hang up and call the organization in question directly to see if the issue is legit. 
  • With #phishing attacks, something can smell fishy and look fishy too. Spelling errors, clunky designs, and logos that don’t look quite right are often tell-tale signs that an email or message is fake. #BeCyberSmart, if something doesn’t look right, don’t click. 
  • By playing on people’s emotions with fake job offers or deals on hot holiday items, crooks create links to phony sites designed to steal personal info. If it sounds too good to be true, it probably is. #BeCyberSmart, don’t click. 
  • Does the message you just got from a friend or coworker seem a little … off? If so, this may be a #spearphishing attack where hackers pose as people you know to steal personal info from you. When in doubt, don’t click that link.  
  • You won! A weekend getaway! Tickets to opening day! A shopping spree! Or did you? Messages like these, whether online or in voicemails can be #phishing scams. #BeCyberSmart, don’t share your info without seeing if the operation is truly on the up-and-up. 

Explore, Experience, Share 

Securing your mobile phone. 

https://www.mcafee.com/blogs/consumer/mobile-and-iot-security/7-tips-to-protect-your-smartphone-from-getting-hacked/ 

Protecting your #socialmedia accounts from hacks and attacks. 

https://www.mcafee.com/blogs/consumer/consumer-cyber-awareness/protect-your-social-media-accounts-from-hacks-and-attacks 

Keeping the whole family safer 

https://www.mcafee.com/blogs/consumer/consumer-cyber-awareness/a-safer-internet-for-you-your-family-and-others-too 

Spotting fake news and misinformation 

https://www.mcafee.com/blogs/consumer/spot-fake-news-and-misinformation-in-your-social-media-feed 

How to avoid oversharing online. 

https://www.mcafee.com/blogs/consumer/family-safety/is-this-tmi 

Managing your personal photos online safely. 

https://www.mcafee.com/blogs/consumer/entertainment-fromhome-photo-backups-digital-picture-frames-and-more 

Interested in starting a podcast? Here are some tips to get you started. 

https://www.mcafee.com/blogs/consumer/entertainment-fromhome-how-to-start-your-own-podcast 

Check out some tips for keeping your family safe when you hit the road with your phones, tablets, and laptops 

https://www.mcafee.com/blogs/consumer/mobile-and-iot-security/travel-smart-protecting-your-familys-smartphones-while-on-vacation/ 

Have smart home devices like a doorbell or smart lightbulbs? See how you can enjoy it all safely 

https://www.mcafee.com/blogs/consumer/consumer-cyber-awareness/how-to-secure-your-smart-home-a-step-by-step-guide 

Making online protection a priority 

Staying safe while banking online 

https://www.mcafee.com/blogs/consumer/online-banking-simple-steps-to-protect-yourself-from-bank-fraud 

App scams aimed at kids 

https://www.mcafee.com/blogs/consumer/family-safety/9-tips-to-help-kids-avoid-popular-app-scams 

Take a look at some of the ways you can improve your privacy 

https://www.mcafee.com/blogs/consumer/family-safety/15-easy-effective-ways-to-start-winning-back-your-online-privacy 

Using payment apps safely 

https://www.mcafee.com/blogs/consumer/mobile-and-iot-security/avoid-making-costly-mistakes-with-your-mobile-payment-apps 

Protecting kids from identity theft 

https://www.mcafee.com/blogs/consumer/family-safety/15-easy-effective-ways-to-start-winning-back-your-online-privacy 

Let’s talk online shopping and ways you can score some great deals safely during a time of year when hackers break out some of their oldest (yet effective) tricks 

https://www.mcafee.com/blogs/consumer/consumer-threat-reports/cyber-monday-is-coming-10-tips-to-protect-you-from-online-shopping-scams 

Thanks for celebrating Cyber Awareness month with us this October. More importantly, we hope you’re able to take the tips above and not only make your life safer but also the lives of friends and family as well. After all, we all need to do our part to #BeCyberSmart and protected online. 

The post Do your part and #BeCyberSmart with these online safety tips appeared first on McAfee Blog.

5 Online Gaming Tips to Stay Safe From Hackers

By McAfee
antivirus for gaming

For some, vanquishing aliens, building virtual amusement parks, and online battles royale are an excellent stress reliever. As we all know, over the past year there’s been plenty of stress to relieve and more spare time on our hands in which to revel in our hobbies. There was a 30% jump in online gaming traffic from the first to the second quarter of 2020. 

Hackers are taking advantage of highly trafficked online gaming portals to make a profit on the dark web. The next time you log on to your virtual world of choice, consider these recent video game breaches and up your gamer security, which could include an antivirus for gaming.  

Recent Game Hacks

Between 2019 and 2020, web attacks on gaming companies rocketed up 340%, according to Akamai. Hackers have targeted several high-profile gaming companies recently with various motives. First, game source code was stolen from Electronic Arts to sell on the dark web. Developers shopping the dark web use stolen source codes to reverse-engineer popular games or copy the code into their own game. Capcom and CD Projekt Red were hit by ransomware attacks only a few months apart from each other, one attack focused on company financial information and the other on source code. 

“Titan Fall” and “Apex Legends” have both been hacked to the point where the former is unplayable, according to many gamers. To protest “Titanfall’s” developers’ inaction, gamers took to “Apex Legends,” altering in-game messages. The apparent ease with which hackers can walk into online gaming portals requires that game developers and gamers themselves pay more attention to their security. 

Online PC gaming allows players to use real-world money to purchase valuable upgrades to their characters. These characters receive admiration from some fellow players. Others feel greed. Advanced characters can fetch a lot of money on the dark web, so some cybercriminals practice credential stuffing to force their way into player accounts and steal ownership. Credential stuffing is a type of brute force attack where hackers take informed guesses at username and password combinations. A strong password or passphrase is essential to keeping your account and investment safe from a dark web fate. 

Why Are Video Games Hacked?

Based on the above recent hacks, it is clear that gaming companies host a trove of valuable information. Gamers trust these platforms with their payment information and with the safety of their gaming characters on which they spend thousands of hours and hundreds of dollars upgrading, making gaming a lucrative target for hackers. 

Another way cybercriminals target gamers is through malware disguised as an advantage. Cheat software for online games is common as players strive to be the best out of thousands. Advantage seekers for “Call of Duty: Warzone” were targeted by a malware scam. The malware creators advertised the “cheat software” on YouTube with instructions on how to download it. The video received thousands of views and hundreds of comments, which made it look legitimate. 

One of the steps in installing the “cheat software” was that users had to disable antivirus programs and firewalls. Users let the cybercriminals walk right into their device! From there, the device was infected by an aggressive type of fileless malware called a dropper. A dropper doesn’t download a malicious file onto the device; rather, it creates a direct pathway to deliver an additional payload, such as credential-stealing malware. 

Gamer Security Tips

Competitive gaming is, well, competitive. So, if you invest a lot of real money into your characters, be especially vigilant and follow these five important tips to protect your online accounts. 

  1. Do not reveal personal information 

It’s common for gamers to use variations of their real names and birthdates in their public-facing usernames. Don’t use your real name or birthdate in your username. Consider using a nickname or a combination of random numbers instead. Along this same vein, don’t reveal personal details about yourself (phone number, birthday, places you visit regularly) on chats or streams. Lurking cybercriminals can gather these personal details to impersonate you. 

  1. Edit your privacy settings  

On some online PC games, you can join campaigns with gamers from all over the world. While the interconnectivity is great, carefully vet who you allow to follow your online profile. If a stranger sends a friend request out of the blue, be on alert. They could have nefarious motives, such as phishing for valuable personal data. It’s best to customize your privacy settings to make your profile invisible to strangers.  

  1. Don’t pirate games or download cheat software

Developers spend a lot of time creating amazing games, so make sure you purchase games legally and play them as they are intended. Be especially wary of free downloads or pirated versions and cheat software, as they’re likely too good to be true. Instead, go for a challenge and have fun with the game as it’s written.  

  1. Log in with a VPN

virtual private network (VPN) scrambles your online data traffic, making it impossible for hackers to access your IP address and spy on your online browsing. 

  1. Sign up for gaming antivirus software 

Gaming antivirus software not only makes your online gaming experience more secure, but it can boost your rig’s performance! McAfee Gamer Security detects threats through the cloud and optimizes resources to minimize frame drops. 

The post 5 Online Gaming Tips to Stay Safe From Hackers appeared first on McAfee Blogs.

3 Tips to Protect Yourself From XLoader Malware

By Vishnu Varadaraj

Picture this: you open your MacBook and see an email claiming to be from your favorite online store. In the email, there is an attachment with “important information regarding your recent purchase.” Out of curiosity, you open the attachment without checking the recipient’s email address. The next thing you know, your device is riddled with malware.  

Unfortunately, this story is not far from reality. Contrary to popular belief, Apple computers can get viruses, and XLoader has Mac users in their sights.  

Let’s break down XLoader’s ‘s origins and how this malware works.  

Where Did XLoader Come From? 

XLoader originated from FormBook, which has been active for at least five years and is among the most common types of malware. Designed as a malicious tool to steal credentials from different web browsers, collect screenshots, monitor and log keystrokes, and more, FormBook allowed criminals to spread online misfortune on a budget. Its developer, referred to as ng-Coder, charged $49, a relatively cheap price to use the malware, making it easily accessible to cybercriminals.  

Although ng-Coder stopped selling FormBook in 2018, this did not stop cybercriminals from using it. Those who had bought the malware to host on their own servers continued to use it, and in turn, quickly noticed that FormBook had untapped potential. In February 2020, FormBook rebranded to XLoader. XLoader can now target Windows systems and macOS devices.  

How XLoader Works  

Typically, XLoader is spread via fraudulent emails that trick recipients into downloading a malicious file, such as a Microsoft Office document. Once the malware is on the person’s device, an attacker can eavesdrop on the user’s keystrokes and monitors. Once a criminal has collected enough valuable data, they can make fake accounts in the victim’s name, hack their online profiles, and even access their financial information.  

Minimize Your Risk of macOS Malware Attacks 

According to recent data, Apple sold 20 million Mac and MacBook devices in 2020. With macOS’s growing popularity, it is no surprise that cybercriminals have set their sights on targeting Mac users. Check out these tips to safeguard your devices and online data from XLoader and similar hacks:  

1. Avoid suspicious emails and text messages  

Hackers often use phishing emails or text messages to distribute and disguise their malicious code. Do not open suspicious or irrelevant messages, as this can result in malware infection. If the message claims to be from a business or someone you know, reach out to the source directly instead of responding to the message to confirm the sender’s legitimacy.   

2. Avoid sketchy websites.  

Hackers tend to hide malicious code behind the guise of fake websites. Before clicking on an unfamiliar hyperlink, hover over it with your cursor. This will show a preview of the web address. If something seems off (there are strange characters, misspellings, grammatical errors, etc.) do not click the link.  

3. Recruit the help of a comprehensive security solution 

Use a solution like McAfee Total Protection, which can help protect devices against malware, phishing attacks, and other threats. It also includes McAfee WebAdvisor — a tool that identifies malicious websites.  

Regardless of whether you use a PC or a Mac, it is important to realize that both systems are susceptible to cyberthreats that are constantly changing. Do your research on prevalent threats and software bugs to put you in a great position to protect your online safety.   

 Put Your Mind at Ease With Security Best Practices 

XLoader is just the latest example of how the gap between the prevalence of PC versus macOS malware is steadily closing. To better anticipate what threats could be around the corner and how to best combat them, stay updated on all of the latest online safety trends and practice great security habits. This will not only help protect your devices and online accounts but also bring you greater peace of mind.  

The post 3 Tips to Protect Yourself From XLoader Malware appeared first on McAfee Blogs.

The New McAfee: A Bold New World of Protection Online

By Judith Bitterli

This news has been some time in the making, and I’m terrifically excited to share it.  

As of July 27th, we take a decisive step forward, one where McAfee places its sole focus on consumers. People like you. This marks the day we officially divest our enterprise business and dedicate ourselves to protecting people so they can freely enjoy life online. 

McAfee is now focused solely on people. People like you. 

This move reflects years of evolution, time spent re-envisioning what online protection looks like in everyday life—how to make it stronger, easier to use, and most importantly, all the ways it can make you feel safe and help you stay that way.   

In the coming days, you’ll see your experience with us evolve dramatically as well. You’ll see advances in our online protection that look, feel, and act in bold new ways. They will put you in decisive control of your identity and privacy, all in a time where both are so infringed upon. And you’ll also see your protection get simpler, much simpler, than before. 

Today, I’d like to give you a preview of what’s ahead. 

You’re driving big changes 

First, these changes are inspired by you. From feedback, research, interviews, and even having some of you invite us into your homes to show us how you live life online, you’ve made it clear what’s working and what isn’t. You’ve also shared what’s on your mind—your thoughts on technology’s rapid growth, the concerns you have for your children, and the times where life online makes you feel vulnerable.  

We’re here to change things for the better. And here’s why …  

Our lives are more fluid and mobile than ever before. From the palm of our hand, we split the cost of dinner, purchase birthday gifts, dim the lights in our living room, warm up the car on a winter morning, and far more. In many ways, our smartphones are the remote control for our lives. From managing our finances to controlling our surroundings, we’re increasing our use of technology to get things done and make things happen. Could any of us have imagined this when the first smartphones rolled out years ago? 

Without question, we’re still plenty reliant on our computers and laptops too. Our recent research showed that we’re looking forward to using them in addition to our phones for telemedicine, financial planning, and plenty of personal shopping—each representing major upticks in usage than in years before, up to 74 percent more in some cases. 

Yet what’s the common denominator here? You. Whatever device you’re using, at the center of all that activity is you. You’re the one who’s getting things done, making things happen, or simply passing some time with a show. So, while the device remains important, what’s far more important is you—and the way you’re using your device for ever-increasing portions of your life. Safely. Confidently. Easily. 

Security is all about you 

Taken together, the time to squarely focus on protecting people is now. A new kind of online security is called for, one that can protect you as you go online throughout your day in a nearly constant and seamless fashion. We’ve dedicated ourselves to making that happen. And you’ll soon see what that looks like. 

So how can you expect this evolution to take shape? You’ll see it in three significant ways: 

1. Personalized experience. We’re building security that protects you effortlessly wherever your day takes you. From device to device, place to place, and all the experiences online in between. Think of our approach to online protection like Netflix, which used to be a physical service where you waited in queue for that next episodic DVD of Lost to get mailed to you. Now your shows follow you and stream anywhere, no matter what device you’re on. It’s the same thing with our security. It will recognize you and protect you whether you’re at home or by the pool on vacation, on your laptop, or your phone, with one consistent experience. Again, it’s all about you. Keeping you protected as you enjoy every perk and convenience of life online.

2. Intelligent experience. The next evolution builds on personalization and takes it a step further. This is security that understands when you and your personal info is at risk and then takes intelligent steps to protect you. This could be your smartphone automatically connecting to VPN when you’re at the airport, keeping you safe from prying eyes on public networks. It could also be alerts to you if your personal info is compromised so you can take steps to protect it. Or it could be a simple suggestion to help keep you safe while browsing, shopping, or banking online. In all, it’s intelligence that helps you stay safe and make safe choices.

3. Simpler experience. With this personalization and intelligence in place, you can protect everyone in your family far more easily than ever. It becomes practically automatic. Regardless of their age, interests, or how much they know about technology, this simplified approach to online security makes smart choices for you and your family wherever possible, steering them clear of threats and keeping everyone safer as a result. 

What won’t change? 

Us at your side. New and existing customers alike will still benefit from McAfee’s award-winning technology as you always have. Further advances and features will roll out to you as part of the regular updates as they become available for your subscription. In all, you’ll always have the latest and greatest benefits of your product with us 

As for our future, expect more to come. Your confidence in us both fuels and informs these leaps ahead. Thank you as always for choosing us for your protection. It allows us to invest in breakthroughs that keep you safe against new and evolving threats, just as we have as a market leader for years. 

A bold new world of protection online 

The new McAfee is focused on you. It’s a bold new world of protection online, where you are in control of your identity and privacy, where you have intelligence that offers right protection in the right moment, where you can simply feel safe, and where you’re ultimately free to enjoy your life online at every turn. 

Here’s to what’s next. And I can’t wait for you to experience it. 

Stay Updated

To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, subscribe to our newsletter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.  

The post The New McAfee: A Bold New World of Protection Online appeared first on McAfee Blogs.

What is a VPN and Can it Hide My IP Address?

By McAfee

There’s a lot of misinformation about Virtual Private Networks, what they do, and the security benefits they offer. For this article, I’d like to do some myth-busting about how a VPN actually works and why you should use one. 

What is a VPN and how does it protect me? 

VPN is an app that you install on your device to help keep your personal data safe as you browse the internet  

You may have heard that VPN apps live on your device and allow you to connect to the internet securely. What that means is, when you turn your VPN app on, your device makes a secure connection to a specialized computer that routes internet traffic, called a VPN server. You also may have heard that your connection is “wrapped in an encrypted tunnel” which means your device and the server share a secure connection so only you can see what you’re doing on the internet. 

Does a VPN change my IP address? 

Every internet connection (like your cable modem) is assigned a unique set of numbers called an IP address, which is tied to information such as geographic location, ISP, etc. A VPN replaces your actual IP address to make it look like you’ve connected to the internet from a different location: the physical location of the VPN server, rather than your real location. This is just one reason why so many people use VPNs. This can be handy when you want to hide from advertising trackers or protect your search history.  

How to use a VPN to change my IP address 

To change your IP address, you simply open your VPN app, select the server location you’d like to connect to, and you’re done. You’re now browsing with a new IP address. If you’d like to make sure your IP has changed, open up a browser and search for “What’s my IP address” and click on one of the results. 

When should I use a VPN? 

When to use a VPN really depends on what you want it for. For example, 39% of users understand public Wi-Fi is unsafe but still do sensitive things, like banking or shopping on public WiFi, so using a VPN when you’re at the airport, or a café is a great use case. 

As I mentioned before, a lot of people use a VPN for privacy reasons, like stopping advertisers from tracking them. Searches you perform, or websites you visit won’t be trackable, which means you’ll be able to surprise your spouse with a vacation you researched and planned on a computer you both use. Targeted ads could spoil things if your spouse is bombarded with ads for plane tickets and hotels while they browse. 

Can a VPN protect my search history? 

A VPN protects your search history through the secure connection you share. When you search for a website, or type a URL into your navigation bar, your device sends something called a DNS request, which translates the website into the IP address of the web server; this is how your browser can find the website and serve its content to you. By encrypting your DNS requests, a VPN can hide your search habits and history from those that might use that info as part of building a profile of you. This type of info could be used in a wide variety of ways, from legitimately serving targeted ads to nefarious social engineering.  

Can a VPN protect my identity? 

A VPN can protect your identity by blocking online trackers from following you around the internet. With your VPN on, trackers will think all of your browsing is coming from a different device in a different location. This throws off the profile advertisers try to build because they think you’re someone else. 

Another way a VPN can protect your identity is by preventing some types of hacking. Stopping attacks on public WiFi where a bad actor tries to get between you and the website you’re visiting, is just one way VPNs can help. It’s called a Man-in-the-Middle attack, but that’s a subject for another article. 

Does a VPN make me anonymous? 

No, a VPN cannot make you anonymous. They help secure what you’re doing, but your ISP still knows when you’re using the internet. They just can’t see what you’re doing, what sites you visit, or how long you’ve been on a site. 

Do I need a VPN if I use Incognito mode? 

Private browsing modes can help protect your privacy, but they’re useful if you share a device with other people and you don’t want them to see your search history. You can read all about the differences in the article I wrote a little while ago. 

What is Apple Private Relay? 

Apple’s Private Relay is currently in Beta and will be available with an iCloud+ subscription for Safari users on iOS and macOS soon. Private Relay is similar to a VPN in that it changes your IP address so websites you visit can’t tell exactly where you are.  

What does Apple Private Relay do? 

When you turn Private Relay on, your device connects to a server that sends your browsing data to a second server, before it travels through the internet. The reason for the double hop is that first server gives you a new IP address, to make you harder to track, while the second server hides that information from the website you’re browsing. The first server only knows your original IP address, while the second server only knows what you’re browsing, but not your IP. 

How to turn on Apple Private Relay on iPhone 

  1. Tap the iCloud tab in Settings 
  2. Tap Private Relay to turn it On 
  3. Scroll down and tap on Turn On for Safari 
  4. Tap IP Address Location to change Approximate or Broader Location 

How to turn on Apple Private Relay on Mac 

  1. Click on iCloud in the System Preferences menu 
  2. Click on the Private Relay box 
  3. Click on the Options button 
  4. Click on Private Relay for Safari 
  5. Choose your IP Address Location to change Approximate or Broader Location 

Do I need a VPN if I have Apple Private Relay? 

Private Relay only works with Safari on iOS and macOS. Even if you are using an Apple device, a VPN is still a good idea because it will protect the information that your device sends outside of Safari. 

How to get your own VPN 

If you’re already a McAfee Total Protection subscriber, you have access to unlimited VPN usage. Protect your personal information, like your banking information and credit cards, from prying eyes with McAfee Total Protection’s Secure VPN. If you haven’t already signed up, now’s the perfect time. McAfee Total Protection provides security for all your devices, giving you peace of mind while you shop, bank, and browse online. 

What is a VPN

What is a VPN

 

The post What is a VPN and Can it Hide My IP Address? appeared first on McAfee Blogs.

Hybrid Workplace Vulnerabilities: 4 Ways to Promote Online Safety

By Vishnu Varadaraj

Over the past year and a half, workers everywhere have gotten used to working from home. They have adopted an entirely new work from home mindset and diverted their weekly commuting hours to other productive and more enjoyable pursuits. As parts of the world return to a “new normal,” another change is on the way: a gradual return to the office. 

The hybrid working model is met with mixed reviews from employees and business security teams alike. For some employees, a clearer separation between work and home is a welcome change. CTV News reports 66% of Canadian respondents to an International Workplace Group poll say they are looking forward to splitting their working hours between the office and home. 

For business security teams who are just catching their breath after the monumental shift to a remote workforce, they are now gearing up for the new online safety challenges posed by the hybrid work model. According to a VMware Canada Threat Report, 86% of security professionals agree that cyberattacks aimed at their organizations have become more sophisticated since the onset of the pandemic. Additionally, 91% of global respondents cite employees working from home as the cause of cyberattacks. Challenges of the hybrid workforce include the constant back-and-forth of company-issued devices, the lack of control over home office setups, and mixing personal and company devices with company and personal business respectively. For example, if you pay your bills or shop online using your work device, it opens several new avenues for a hacker to walk right onto the corporate network. When your guard is down even a little bit when you are off the clock, you could fall victim to e-skimmers, fake login pages, or phishing scams. 

Best Practices for Mitigating Attacks in the Hybrid Workplace 

No matter how advanced your company’s threat detection system, hackers know where vulnerabilities lie and are on the hunt to exploit them. Check out these tips to ensure you are not the weak link in your organization. 

1. Use a VPN

virtual private network (VPN) is a service that scrambles online browsing data, making it impossible for nefarious characters to decipher your activity. This is an excellent way to deter hackers from tracking your movements and picking up sensitive pieces of information. 

VPNs are essential if you are working in a public area, sharing a wireless network with strangers, or using a Wi-Fi connection that is not password protected. Public Wi-Fi networks are notoriously easy pickings for hackers seeking entry into unsuspecting users’ devices. On the days where you are not in the office, make sure your wireless connection is secure. 

2. Lockaway your passwords 

While a VPN is an excellent tool, security measures and your accounts are vulnerable without a strong and private password or passphrase to protect them. The gigantic Colonial Pipeline hack is being blamed on a hacker gaining entry through an unused VPN that was not secured with multifactor authentication. Multifactor authentication is an online safety measure where more than one method of identity verification is needed to access the valuable information that lies within password-protected accounts. 

Consider using a password manager to organize all your passwords and logins. Password managers remember each pairing so you don’t have to, plus most managers are secured with multifactor authentication. A password manager makes it easier to add variety to your passwords and prevents you from ever having to write them down.

3. Secure work-issued devices 

Professionals who travel between their home and an office are likely transporting their devices back and forth, increasing the number of opportunities for devices to be forgotten at either location or in transit. As convenient as it may be, never use your personal device for official business. Even if you pride yourself on sound online safety habits, your company device likely has more defenses ingrained in its hardware than your personal devices. 

With your personal devices, you should carefully vet everything you download. With your work-issued devices, this vetting process is even more important as company information is at stake. The Information and Privacy Commissioner of Ontario states that employees should never download applications to their work devices without permission from the IT team. Apps and programs often have security vulnerabilities that could open a gateway for hackers. 

4. Practice a personal Zero Trust model 

Zero Trust is a security philosophy that is exactly what it sounds like: trust no one. Businesses are employing Zero Trust models to greatly limit who has access to sensitive data sources. Adopt your own personal Zero Trust philosophy concerning your passwords, logins, and device access. This means never sharing passwords or log in details, especially over email, instant messenger, or over a video conference. Hackers commonly eavesdrop on all three mediums. Also, even your most trusted coworker could mishandle your passwords and login details, such as writing them down and leaving them in a public place.  

A key aspect of the Zero Trust model is only granting employees access to platforms that are vital to their job. Sharing your logins with coworkers who may not be authorized for using that platform undermines all the hard work the IT team does to keep tabs on data access. 

Work Intelligently, Diligently, and Securely 

Every time you turn on the nightly news, another ransomware attack has hit another organization, each one bigger than the last. This heightened prevalence is a reflection on the wiliness of hackers, but also the number of security holes every company must plug.  

There are several vulnerable points of entry in every company, and some of those vulnerabilities are heightened by the hybrid work model. Always heed the advice of your company’s IT team, and make sure to do your part to keep your devices and work information secure. 

The post Hybrid Workplace Vulnerabilities: 4 Ways to Promote Online Safety appeared first on McAfee Blogs.

Guide: Protecting Your Digital Identity

By Lily Saleh

People in their 20s and 30s are losing it online. And by it, I mean money—thanks to digital identity theft. 

In its simplest form, your digital identity is made up of a whole host of things that can be traced back to you and who you are. That can range anywhere from photos you post online to online shopping accounts, email accounts to telephone numbers, and bank accounts to your tax ID.  

In this way, your digital identity is like dozens upon dozens of puzzle pieces made up of different accounts, ID numbers, and so forth. When put together, they create a picture of you. And that’s why those little puzzle pieces of your identity are such attractive targets for hackers. If they get the right combination of them, you can end up a victim of theft or fraud.  

Millennials are major targets for fraud 

Here’s what’s happening: people in their 20s and 30s were twice as likely than people 40 and over to report losing money while shopping online. That’s according to recent figures from the U.S. Federal Trade Commission (FTC), which also found that people in their 20s to 30s are far more likely to report losing money to fraud. What’s more, they’re also 77% more likely than older people to lose it by way of an email scam. 

And it’s no surprise younger adults get targeted this way. They’re far more likely than any other age group to use mobile apps for peer-to-peer payments, transfer money between accounts, deposit checks, and pay bills. In short, there’s a lot of money flowing through the palms of their hands thanks to their phones, as well as their computers. 

Protecting yourself from hackers and fraud means protecting your digital identity. And that can feel like a pretty huge task given all the information your digital identity includes. It can be done, though, especially if you think about your identity like a puzzle. A piece here, another piece there, can complete the picture (or complete it just enough) to give a hacker what they need to separate you from your money. Thus, the way to stay safe is to keep those puzzle pieces out of other people’s hands.  

Six ways you can protect your digital identity from hackers and fraud 

It’s actually not that tough. With a few new habits and a couple of apps to help you out, you can protect yourself from the headaches and flat-out pain of fraud. Here’s a list of straightforward things that you can get started on right away: 

1. Start with the basics—security software  

Protect yourself by protecting your stuff. Installing and using security software on your computers and phones can prevent all kinds of attacks and make you safer while you surf, bank, and shop online. I should emphasize it again—protect your phone. Only about half of people protect their phones even though they use it to hail rides, order food, send money to friends, and more. Going unprotected on your phone means you’re sending all that money on the internet in a way that’s far, far less safe than if you use online protection. 

2. Create strong passwords  

You hear this one all the time and for good reason—strong, unique passwords offer one of your best defenses against hackers. Never re-use them (or slight alterations of them) across the different platforms and services you use. Don’t forget to update them on the regular (that means at least every 60 days)! While that sounds like a lot of work, a password manager can keep on top of it all for you. And if your platform or service offers the use of two-factor authentication, definitely make use of that. It’s a further layer of security that makes hacking tougher for crooks. 

3. Keep up to date with your updates  

Updates have a way of popping up on our phones and computers nearly every day, resist the urge to put them off until later. Aside from making improvements, updates often include important security fixes. So, when you get an alert for your operating system or app on your devices, go ahead and update. Think of it as adding another line of defense from hackers who are looking to exploit old flaws in your apps.   

4. Think twice when you share  

Social media is one place hackers go to harvest personal information because people sometimes have a way of sharing more than they should. With info like your birthday, the name of your first school, your mother’s maiden name, or even the make of your first car, they can answer common security questions that could hack into your accounts. Crank up the privacy settings on your accounts so only friends and family can see your posts—and realize the best defense here is not to post any possibly sensitive info in the first place. Also, steer clear of those “quizzes” that sometimes pop up in your social feeds. Those are other ways that hackers try to gain bits of info that can put your identity at risk. 

5. Shred it  

Even though so many of us have gone paperless with our bills, identity theft by digging through the trash, or “dumpster diving,” is still a thing. Things like medical bills, tax documents, and checks still might make their way to your mailbox. You’ll want to dispose of them properly when you’re through with them. First, invest in paper shredder. Once you’ve online deposited that check or paid that odd bill, shred it so that any personal or account info on there can’t be read (and can be recycled securely). Second, if you’re heading out of town for a bit, have a friend collect your mail or have the post office put a temporary hold on your mail. That’ll prevent thieves from lifting personal info right from your mailbox while you’re away. 

6. Check your credit  

Even if you don’t think there’s a problem, go ahead and check your credit. The thing is, someone could be charging things against your name without you even knowing it. Depending on where you live, different credit reporting agencies keep tabs on people’s credit. In the U.S., the big ones are Equifax, Experian, and TransUnion. Also in the U.S., the Fair Credit Reporting Act (FCRA) requires these agencies to provide you with a free credit check at least once every 12 months. Canada, the UK, and other nations likewise offer ways to get a free credit report. Run down your options—you may be surprised by what you find. 

How do I know if my identity has been stolen?  

As I just mentioned, the quickest way to get sense of what’s happening with your identity is to check your credit. Identity theft goes beyond money. Crooks will steal identities to rent apartments, access medical services, and even get jobs. Things like that can show up on a credit report, such as when an unknown address shows up in a list of your current and former residences or when a company you’ve never worked for shows up as an employer. If you spot anything strange, track it down right away. Many businesses have fraud departments with procedures in place that can help you clear your name if you find a charge or service wrongfully billed under your name. 

Other signs are far more obvious. You may find collection agencies calling or even see tax notices appearing in your mailbox (yikes). Clearly, cases like those are telltale signs that something is really wrong. In that case, report it right away: 

  • If you live in the U.S. and think that someone is using your personal information, visit IdentityTheft.gov. 
  • In Canada, visit antifraudcentre-centreantifraude.ca for help.  
  • And in the UK, check out CIFAS, the UK’s fraud prevention service, at cifas.org.uk. 

Likewise, many nations offer similar government services. A quick search will point you in the right direction. 

Another step you can take is to ask each credit bureau to freeze your credit, which prevents crooks from using your personal information to open new lines of credit or accounts in your name. Fraud alerts offer another line of protection for you as well, and you can learn more about fraud alerts here. 

Keeping your digital identity in your hands 

With so many bits and pieces of information making up your digital identity, a broader way of keeping it safe involves asking yourself a question: what could happen if someone got their hands on this info? Further realizing that even little snippets of unsecured info can lead to fraud or theft in your name helps—even that un-shredded bill or innocuous refund check for a couple of bucks could give a crook the puzzle piece they need. You can keep your digital identity safe by keeping those pieces of info out of other people’s hands.    

The post Guide: Protecting Your Digital Identity appeared first on McAfee Blog.

The Ultimate Guide to Safe Sharing Online

By Jean Treadwell

We live in a world that thrives on digital connectivity. According to We Are Social, Canadians are now spending half a day more a month online than they did a year ago. Also, 33 million Canadians logged on to the internet at least once a month in 2020. As more people every year are spending hours upon hours online, they are knowingly (and sometimes unknowingly) unsafely releasing their personal information into the digital ether, making them vulnerable to all sorts of cybercrimes. The ramifications range anywhere from malware infection to identity fraud. Better understanding the best practices for online sharing will ensure users can navigate online dangers and safely connect with others. 

Here are three ways online users share too much information and how they are placing themselves at risk. 

1. Autosaving and Sharing Personal Details 

Think about how many websites you visit regularly. How many of these have access to your personal information, such as your email, credit card numbers, and shipping address? Before accepting the option to save your information on file for a “faster checkout experience,” consider the following: A Canadian Internet Registration Authority polled 500 IT security professionals, and a quarter of them experienced a breach of customer data in 2020. Online users cannot afford to take liberties with the information they hand over to online companies, especially if they subscribe to numerous sites.  

On a similar note, it is equally inadvisable to hand over information about yourself. Although seemingly harmless, online quizzes may not be as safe as you think. Some quiz questions sound more like security questions such as, “What was the first car you owned?” or “Where did you grow up?” Hackers using spyware can access these answers and anything else you enter on quiz sites to formulate informed guesses at your passwords.  

2. Oversharing on Social Media 

It may seem counterintuitive not to share information on social media, seeing as the purpose of these platforms is to share. However, the problem with social media is that too many people are leaving themselves exposed to hackers due to the specificity of the information they share. More than two-thirds of Canadians are on social media, according to Statista, meaning there are millions of user profiles and newsfeeds brimming with personal information. Specific information such as company details in a new job announcement or your birth date in a celebration post are details hackers can use to impersonate you or break into your accounts. Additionally, cybercriminals can impersonate people in your network or pose as average users and add you as a friend. Hackers will often use this tactic to get close to someone and gather intel to formulate a targeted phishing attempt or identity theft. 

While you can take proper precautions to safeguard your personal information, you cannot guarantee that others will do so with the same vigilance. Many do not realize there is more at stake than a loss of privacy when intentionally sharing information, usually login credentials, with others. If your friend you shared your password with is hacked, then a cybercriminal can now access your information as well as theirs. Cybercriminals can then use this information to break into your accounts, hold your data for ransom, and even steal your identity. 

How to Safely Share Online 

Knowing what is safe to share online and how to protect the information that is not is the first step to safeguarding your online presence. Here are four tips to consider before sharing your personal details on websites, social media, and with others: 

1. Verify website and online security 

Always err on the side of caution whenever you visit unknown sites or download applications on your devices. Be aware of what you click on, the ramifications of clicking on a malicious link, or handing over information on an unsecured website. One way to ensure you are visiting a secure website is to look for the padlock icon in the top left corner of your browser. This icon indicates the site and your connection are secure.  

Take your internet protection one step further and avoid saving your information on file. If possible, use an alternate payment gateway with verified encryption that does not require inputting your credit card information. This way, your data does not become a liability in the event of a company data breach.  

2. Rethink your privacy on social media 

There’s a fine line between sharing too much and sharing just enough on social media. Start taking control of your privacy on social media by adjusting your privacy settings. Unless you are an aspiring social media influencer, it is best to keep your account private and limit your followers to only people you know personally. Do not follow strangers and reject friend requests from strangers. They could turn out to be a hacker.  

Take advantage of platform security controls that allow you to control your visible information. For example, you can disable your activity status or geolocations to block other people from tracking your every move or manage the personal data these platforms are allowed to share. Keep in mind that any third-party app with access to these platforms will have varied privacy policies. Read the fine print on their user agreements, as these policies differ depending on the app.

 3. Use a VPN  

Before hopping online, consider using a virtual private network (VPN) to secure your connection. A VPN allows you to browse the internet with the confidence that your Wi-Fi and any sensitive information you send through this connection is encrypted. In other words, if a hacker intercepts this data, they won’t be able to make any sense of it. 

4. Leverage a reliable authentication system 

Enabling multi-factor authentication adds an extra layer of protection that makes it nearly impossible for hackers to bypass even if they do manage to steal your credentials.  

Also, make sure you create strong passwords or passphrases by following password best practices and ensuring they are long, complex, and varied. Use a password manager with a generator to help you create strong passwords and store them, so you do not have to memorize them. This method also makes it easier and more secure than saving passwords on internet browsers. Further, password managers, like McAfee True Key, make it easy to securely share your credentials with others. 

Prioritize Online Safety and Connectivity 

From social media to work to daily activities, peoples’ lives are centralized around their digital devices and online access. Users must learn to care for their information to the same degree one would manage their physical IDs or credit cards. Only then can they carry on their online activities, confident in the knowledge they are doing so securely.  

The post The Ultimate Guide to Safe Sharing Online appeared first on McAfee Blogs.

Protect Your Social Media Accounts from Hacks and Attacks

By McAfee

Here’s to the hashtags, the likes, the followers, the DMs, and the LOLs—June 30th marks Social Media Day, a time to celebrate and reflect on how social media has changed our lives over the years. 

Started in 2010 by media and entertainment company Mashable, celebrations have taken on all kinds of forms. Meetups, contests, calls to increase your social circle by one meaningful connection have all marked the date in the past. Yet this year feels like an opportunity to consider just how heavily so many of us have leaned upon social media these past months, particularly in a world where nearly 50% of the global population are social media users to some degree or other. 

What’s more, people worldwide spend an average of 145 minutes a day on social media. With users in the Philippines spending three hours and 53 minutes a day and users in the U.S. spending just over two hours a day, that figure can vary widely, yet it’s safe to say that a good portion of our day features time browsing around on social media. 

With that, Social Media Day is also a good day to give your social media settings and habits a closer look, all so that you can get the most out of it with less fuss and worry. Whether you’re using Facebook, Instagram, TikTok, or whatnot, here are several things you can do that can help keep you safe and secure out there: 

1. Go private

Social media platforms like Facebook, Instagram, and others give you the option of making your profile and posts visible to friends only. Choosing this setting keeps the broader internet from seeing what you’re doing, saying, and posting, which can help protect your privacy. 

2. Say “no” to strangers bearing friend requests

Be critical of the invitations you receive. Out-and-out strangers could be more than just a stranger, they could be a fake account designed to gather information on users for purposes of cybercrime, or they can be an account designed to spread false information. There are plenty of them too. In fact, in Q1 of 2021 alone, Facebook took action on 1.3 billion fake accounts. Reject such requests. 

3. Think twice before checking in

Nothing says “there’s nobody at home right now” like that post of you on vacation or sharing your location while you’re out on the town. In effect, such posts announce your whereabouts to a broad audience of followers (even a global audience, if you’re not posting privately, as called out above). Consider sharing photos and stories of your adventures once you’ve returned.  

4. The internet is forever

It’s a famous saying for a reason. Whether your profile is set to private or if you are using an app with “disappearing” messages and posts (like Snapchat), what you post can indeed be saved and shared again. It’s as simple as taking a screenshot. If you don’t want it out there, forever or otherwise, simply don’t post it. 

5. Watch out for phishing scams

We’re increasingly accustomed to the warnings about phishing emails, yet phishing attacks happen plenty on social media. The same rules apply. Don’t follow any links you get from strangers by way of instant or direct messengers. And keep your personal information close. Don’t pass out your email, address, or other info as well. Even those so-called “quiz” posts and websites can be ruses designed to steal bits and pieces of personal info that can be used as the basis of an attack. 

6. Review your tags

Some platforms such as Facebook allow users to review posts that are tagged with their profile names. Check your account settings and give yourself the highest degree of control over how and where your tags are used by others. This will help keep you aware of how you’re being mentioned by others and in what way. 

7. Protect yourself and your devices

Security software can protect you from clicking on malicious links while on social media, strengthen your passwords so your social media account doesn’t get hacked, and boost your online privacy as well. With identity theft a sadly commonplace occurrence today, security software is really a must. 

The post Protect Your Social Media Accounts from Hacks and Attacks appeared first on McAfee Blog.

3 Canadian Real Estate Scams You Should Know About

By Jean Treadwell

Across the country, Canadians are moving out of cities in droves to stretch their legs and call a larger plot of land home. For those embracing the work-from-home lifestyle, they no longer need to live near metro-area offices in expensive shoebox apartments and condos. According to Statistics Canada, 50,000 people moved out of Toronto and nearly 25,000 people migrated from Montréal to suburban areas from July 2019 to July 2020. 

The increased demand for suburban housing is making the Canadian real estate market a mad dash for limited supply. Additionally, some families who are out of work are struggling to keep their homes and are resorting to unsafe measures to keep a roof over their heads. 

Leave it to scammers and identity thieves to pounce on a vulnerable situation. Scammers and identity thieves are increasingly taking advantage of unsuspecting homeowners, and in some cases, selling homes without the rightful owners even realizing it. 

Be on the lookout for these three Canadian real estate scams. 

1. Loan Fraud 

Foreclosure occurs when a homeowner can no longer afford to pay their mortgage, so the lending institution takes over homeownership with the right to sell it. When homeowners are facing the prospect of having to move out, they may seek dubious loans to help them bridge the gap. Loan fraud is when a scammer pretends to extend a gracious loan. In exchange for the loan, the scammer may ask for the title of the home. With the title in hand, the thief may stop sending loan payments to the homeowner and instead resell or remortgage the property.  

Not being able to make mortgage payments is a desperate situation, which causes struggling homeowners to make dramatic decisions. Before agreeing to any type of loan, homeowners must ask themselves if the terms of the loan are too good to be true. In cases of fake loans, they often advertise an incredibly low-interest rate. It is best to trust your financial matters to accredited institutions.

2. Title Fraud

Title fraud is when someone steals the title of the home, usually by impersonating the homeowner. Once they have the title, the thief may attempt to sell the home or apply for a mortgage against it. In March 2021, the Times Colonist reported that a thief impersonated a British Columbian homeowner in order to transfer the home’s title to someone else’s name. Then, the thief tried to sell the home behind the rightful homeowner’s back. It was only when a neighbor alerted the real homeowner about the for-sale sign that they realized that their home could have been sold without their permission. 

The best way to defend against title fraud is to keep your personal information as private as possible. Title fraud is closely related to identity theft, and fraudsters may gain access to your personal information through phishing methods. Phishing is a tactic where cybercriminals trick people into giving up personal details, including full names, birthdays, and financial information. Statistics Canada calculates that 34% of Canadians have experienced a phishing attempt since the beginning of the pandemic. This statistic emphasizes the importance of constant vigilance concerning your most sensitive personal information. 

3. Mortgage Fraud 

Mortgage fraud is a term that can apply to untruthful lenders who attempt to swindle cash from unsuspecting buyers or pitch mortgage terms that fall outside of the buyer’s means. The Financial Services Commission of Ontario lists several warning signs of mortgage fraud. For example, lenders who do not have your best interests in mind may ask for cash fees and upfront payments. 

Again, it is best to only trust accredited financial institutions with your mortgages and loans. Research the institution before signing any contract. If the mortgage terms are too good to be true, it probably is. There are several online mortgage calculators that can give you an idea of the type of mortgage you can afford. Before entering any talks with a lender, conduct some research beforehand so you can spot unreasonable terms.   

Also, an unscrupulous lender may try to hurry you along but also take a long time responding to your calls and emails. If you feel pressured or unsure at any point, remember that there are plenty of fish in the sea. Ask your friends or family for lender recommendations to make sure that you are not tricked into mortgage fraud, the consequences of which could follow you for years. 

How to Protect Your Real Estate Investments

  • Invest in title insurance. To protect yourself from fraud involving the title of your house, consider investing in title insurance. Title insurance usually protects homeowners from the transgressions of past owners, but it also protects against fraud. 
  • Don’t fall for phishing. If you receive a suspicious message that asks for personal details, there are a few ways to determine if it was sent by a phisher aiming to steal your identity. Before clicking on any links, hover over it with your cursor to reveal the full website. If there are typos in the URL or it redirects to anyplace other than where it advertises, do not click on it. Also, phishers often send messages with a tone of urgency, and they try to inspire extreme emotions such as excitement or fear. If an unsolicited email urges you to “act fast!” slow down and evaluate the situation. 
  • Remain calm. Staying cool under pressure is easier said than done concerning matters about your home. Down-on-their-luck homeowners can be too quick to jump at too-good-to-be-true loan offers that turn out to be scams. There is often a time crunch in making mortgage payments, but take your time to review contracts and research the lender to make sure that your home and finances are in competent hands. 
  • Report scams. To prevent others from enduring the same headache and uncertainty of real estate scams, you can report suspicious messages and instances of fraud and other cybercrimes to the Canadian Anti-Fraud Centre. 
  • Sign up for an identity theft alert service. An identity theft alert service warns you about suspicious activity surrounding your personal information, allowing you to jump to action before irreparable damage is done. McAfee Total Protection not only keeps your devices safe from viruses but gives you the added peace of mind that your identity is secure, as well. 

The post 3 Canadian Real Estate Scams You Should Know About appeared first on McAfee Blogs.

5 Ransomware Threats Canadians Need to Know

By Vishnu Varadaraj

Every day you place your personal information in the hands of companies and trust that it will remain safe. However, what happens when external threats jeopardize your personal data security, especially while working remotely? 

The transition to remote work environments and consumers’ online habits have made it more difficult for Canadian employees and consumers to protect their personal information. This challenge is primarily due to ransomware. To protect yourself, you need to first understand how cybercriminals take advantage of users’ online behaviors to launch strategic attacks against employees and consumers through the information they glean from stolen company data. 

How Your Personal Actions Can Impact Corporate Systems 

Ransomware has been on the rise this past year with attacks increasing 62% in 2020 according to Statista. In fact, 78% of Canadian cybersecurity professionals said that attacks increased due to employees working remotely in a recent VMware report. Cybercriminals target remote workers primarily through malicious links sent through phishing emails — in fact, over one third of Canadian respondents in a recent survey said they experienced at least one phishing attempt in the last year.   

Hackers pose as legitimate organizations and prompt individuals to take action: say you decide to check your personal email on your work laptop during your lunch break. You open a message that claims to be from one of your favorite retailers claiming that you just won $500 in shopping credit – all you need to do is click on the link and fill out your banking information. This is an example of a phishing attack that could not only wreak havoc on your personal security, but your company’s as well. If the link in the message downloads a credential-stealing malware on your work laptop, there is a good chance that your organization’s private data or network could be compromised.  

Knowing that many employees will be communicating virtually instead of face-to-face, hackers can take advantage of the remote work environment by posing as employees from finance departments and sending fake invoices for products or services. The goal of these fake invoices is for employees to call a support phone number to investigate, whereby hackers attain credit card numbers or other information they can leverage in spear-phishing scams. Hackers can also spoof phone calls to make it look like it is coming from a legitimate number within the organization. Revealing too much information to an unverified contact is a risk that remote workers must learn to identify and avoid. 

Ransomware is always evolving, making it critical to understand the nature of these threats so you can better avoid them.  

The 5 Most Dangerous Ransomware Scams  

Cybercriminals are constantly finding new ways to automate their attacks and increase their profits. Here is a look at five active ransomware variants cybercriminals use today—and how they deploy them. 

1. CryptoDefense 

By the end of 2020, McAfee Labs observed a 69% increase in new ransomware, which Cryptodefense largely drove. This virus is similar to CryptoLocker, a trojan virus that spreads through email phishing to infiltrate hard drives and files. Both spread ransomware, use high levels of encryption to compromise users’ files, and claim that these files cannot be decrypted without a decryption key.  

2. Maze 

Maze ransomware has been active since November of 2019 and is operated by hackers notorious for leaking victim data upon non-payment. Maze operators first gain access to a network by using valid credentials. It will then scan the network for user devices, check these devices for additional credentials, and compromise user files.  

3. REvil/Sodinokibi 

In a Ransomware Task Force interview with an affiliate of the REvil/Sodinokibi syndicate, the interviewee revealed that companies with cyber insurance are prime targets since the chances of a payout are high. This ransomware spreads through software vulnerabilities, phishing scams, and exploit kits. Once it infiltrates a device, it spreads through escalated privilege to compromise user files and systems.  

4. Ryuk 

Ryuk has been around since August of 2018 and targets large companies, critical infrastructure, and hospitals. This ransomware is almost always spread through a banking trojan called Trickbot, used by hackers to steal financial and banking credentials. The operators behind this ransomware demand higher ransoms compared to other groups. They also use opensource tools and manual hacking techniques to bypass detection and infiltrate private networks. 

5. SamSam 

The operators behind SamSam ransomware gain access through Windows servers using a Microsoft protocol that allows remote connections to other computers. Operators will then elevate their privilege to include admin rights once inside a network to infect servers with malware, requiring no action or authorization on the victim’s part. 

How to Reduce the Risk and Impact of Ransomware 

Ransomware can affect anyone, regardless of whether you are an employee or a customer of a targeted company. Keep these tips in mind to reduce your risk of a ransomware attack and know what steps to take if you fall victim.   

1. Don’t click on malicious links 

Phishing emails are one of the most common methods a hacker will use to infect devices and spread ransomware. They will send links through seemingly legitimate emails to trick users into clicking on them and downloading malicious files. Knowing how to spot one is the first step to prevent infection. If you receive an email you suspect is a phishing scam, start by analyzing its structure: common indicators of a phishing scam may include: 

  • Grammatical errors with poorly written wording 
  • Pressure to take immediate action or confirm personal information 
  • Link addresses that do not match the anchor text in the email body 
  • Inconsistent sender name and email address 
  • Suspicious attachments  

Once you identify a phishing email, don’t click on any links or download attachments. Simply delete it and carry on with your day.  

2. Use multi-factor authentication and strong passwords 

Keep in mind that the cybercriminals behind Maze ransomware gained access to private networks through valid credentials. Hackers typically obtain these credentials through a “password spray” technique where they attempt to log in to accounts using a list of commonly used passwords. However, hackers have a higher chance of guessing valid passwords if they are too short or not complex enough. Additionally, a hacker is more likely to infiltrate multiple accounts if they share the same password. 

Strong passwords help ensure that a hacker cannot access your private network, gain administrative rights to your device, or infect another device you are connected to. Create a password that is strong enough to withstand simple guess-and-check attempts by making them long, difficult, and unique. Multi-phrased passwords or passphrases also help to prevent hackers from breaking into your accounts, such as “P3anutbutter&J3lly.” Avoid reusing passwords across multiple accounts and change them periodically, especially after an account has been breached. Even if a hacker does steal your credentials, multi-factor authentication adds an extra validation layer to prohibit unauthorized sign-in attempts.  

3. Use security software to monitor threats 

Your device is more susceptible to ransomware and viruses without the right security tools to help mitigate the chances of infection. Avoid the risk of a ransomware attack by employing a quality security solution like McAfee Total Protection. A holistic security solution can help you stay vigilant of cyber threats by monitoring for ransomware viruses in addition to malware and spyware. Security software can also monitor your internet connection and network traffic through regular scans to flag malicious activity and provide guidance on how to sidestep these threats. If a hacker attempts to launch an attack on your device, you can rest assured your security software will promptly alert you of the intrusion. 

 4. Regularly update devices 

In addition to social engineering tactics, hackers will leverage vulnerabilities in software to create a back door through which they can infiltrate user devices. A way to keep cyber criminals out is to keep your software applications and devices up to date. This includes the apps on your mobile device as well as apps on your desktop. Regular updates ensure that the proper security patches are implemented, the right bugs are fixed and that hackers cannot exploit these vulnerabilities. 

5. Remediate and restore files and systems 

If worse comes to worst and your device is infected with ransomware, the first thing to do is isolate the device and disconnect from shared networks. Disconnecting the infected device ensures that ransomware cannot spread to other devices on that same network.  

Immediately gather evidence on what type of malware you are dealing with so you can accurately report it to authorities and determine what your options are for remediation. You can then choose to remove it or wipe your system completely which is the most assured way to eliminate ransomware from your device. Afterwards you can reinstall your operating system and, provided you perform regular backups, restore your files to a previous version.  

Defeat Ransomware Threats    

No one is truly out of the danger zone when hackers strike. Ransomware is on the rise, and online users must understand how to bypass these viruses to avoid the ramifications of a compromised device. By understanding online security best practices, users can safeguard their online presence and defend against ransomware threats.  

Stay Updated 

To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, subscribe to our newsletter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.  

The post 5 Ransomware Threats Canadians Need to Know appeared first on McAfee Blogs.

Watch Out for These 3 Online Job Scams

By McAfee

If you recently found yourself looking for a new job, you are far from alone. According to the Institute of Labor Economics, more Canadians were seeking new employment opportunities at the height of the pandemic than during the previous three recessions combined. Job hunters only used to have to worry about the clarity of their cover letters and impressing interviewers. Now, however, a new hurdle is in the mix in the race for a new job: online job scams. 

Here are three online job scams that you may encounter, plus a few tips on how to avoid and report them. 

1. Fake Job Ads

Fake job ads trick employment seekers into giving up their financial information. Fake job ads are more likely to appear on free sites, such as Craigslist, but they could be listed anywhere. So, no matter where you are searching, be wary that not everyone is looking for a talented individual such as yourself. They are on the hunt for sensitive personal details. 

When you are interviewing for jobs, legitimate employers are careful and intentioned about evaluating your fit for the job. For this reason, employers want to make sure they are not interviewing fake candidates, so they are likely going to want to meet you face-to-face or through a video chat. If an employer extends a job offer after a few email exchanges or an instant messenger job interview, request a more formal meeting. If they say that they would like to move fast and hire quickly, be concerned as no real employer would act that quickly. 

Guard your personal and financial information until you are 100% sure of the legitimacy of a job offer. Be on high alert if the “human resources representative” asks for your credit card or banking information to pay for training. Fake employers may also ask for your Social Insurance Number before extending a job offer letter. A great rule of thumb is to never share your SIN with anyone over the phone or over email. 

2. Phishing Emails

Between March and September 2020, 34% of Canadian respondents reported receiving a phishing message, according to a survey by Statistics CanadaPhishing emails often include malicious links that, when clicked, download malware to your device. Online job scams may not only attempt to steal your sensitive information, but they may also be phishing attempts to take over your personal devices. 

Some scammers using job offers as a guise might email people who never applied for a new opportunity. Be careful around these types of messages, urges the University of Calgary. Recruiters will most likely reach out and offer unsolicited interviews through social networking channels rather than email. Also, when you receive emails from people looking to hire you, take note of their email domain name. Is the email domain customized to the company’s name or is it a generic @gmail or @yahoo? Check the spelling of the email domain carefully too. Phishers are notoriously bad spellers and sometimes they use incorrect spelling of domain names to trick people into thinking they are the real company. 

3. Immigration Scams

Immigrating anywhere is a massive and stressful undertaking. Cybercriminals prey upon this stressful, major life event and target immigrants with enticing, but fake, job offers. The Government of Canada advises to never trust someone who says they can guarantee you a job in Canada. Also, keep an eye on the salary. Is it very high? Do your skills not completely align with the job description? Does the job seem very easy? Unfortunately, that may mean that the offer is too good to be true.  

How to Cover Your Bases

The best way to avoid falling for job scams is to know what you are looking for and to take your time when considering a new job. Check out these tips to outsmart scammers and keep your personal information and devices safe. 

1. Verify employers

Most job applications are submitted online, but if an employer is impressed by your resume, they will likely offer a screening call. When a human resources representative calls, make sure to note their name and ask for the website address of the company. Afterwards, search for the company online and the human resources representative who called you. They should show up together on a professional-looking website or a professional networking site. 

2. Read carefully

Inspect all correspondences you get from potential employers. Phishers often use language that inspires strong emotions and urges a speedy response. Strong emotions could include excitement or fear. If the email says you only have a few hours to respond or else the job will go to someone else, be skeptical. Accepting a job is a huge decision that you should be able to take at least a few days to think about. Read carefully, always hover over links to see where they redirect, and keep a level head when making decisions about your next career move. 

3. Report fraudulent activity

When you come across fraudulent activity, it is important that you report it to the correct authorities to stop it from happening to someone else. For immigration and online job scams, contact the Canadian Anti-Fraud Centre. 

4. Install security tools 

Phishers and job scammers may have gotten in contact with you with the aim of downloading malicious software on your computer. A comprehensive suite of security tools will protect you from viruses and malware that may have slipped past your eagle eye. McAfee Total Protection offers premium antivirus software, safe web browsing, and PC optimization. 

The post Watch Out for These 3 Online Job Scams appeared first on McAfee Blog.

Do the Benefits of Bitcoin Outweigh the Risks?

By Vishnu Varadaraj

What do Burger King and the popular “Doge” meme have in common? They both have cryptocurrencies named after their likeliness. WhopperCoin and Dogecoin are just two examples of the thousands of types of cryptocurrencies that have caught users’ attention over the past few years. Cryptocurrencies are digital tokens generated by a computer after solving complex mathematical functions. These functions are used to verify the authenticity of a ledger, or blockchain.  

Bitcoin is the most popular cryptocurrency today, increasing its value by almost 300% in 2020. Today, almost 46 million Americans own at least one share of Bitcoin, illustrating how these cryptocurrencies are the future of tomorrow’s digital payment system — or are they? The same benefits that make them a popular choice with online users have also made them popular amongst online thieves, sparking a wave of ransomware attacks and other cyberattacks more recently. This begs the question: do the benefits of Bitcoin outweigh the risks? 

Bitcoin: Benefits vs. Risks 

Every rose has its thorn, and several Bitcoin benefits seem to be hitched to online security risks. Here are some cryptocurrency characteristics that may seem appealing to users, but also provide cybercriminals with an opportunity to exploit:  

Purchase discretion and user autonomy 

As previously mentioned, cryptocurrency exchanges take place on an online public ledger, or blockchain, to secure online transactions. This means that anybody can observe the exchange online. However, the parties making the transactions are anonymous, disguised with a random number. Bitcoin users can make purchases that are never associated with their identity, similar to a cash transaction.  

While the purchase discretion provided by Bitcoin may be appealing to users who want to remain private, this characteristic could also aid cybercriminals in malicious activity. Due to the anonymity of Bitcoin transactions, there is no way for someone to associate a person with a certain cryptocurrency wallet. Furthermore, a user could have multiple wallets, allowing them to spread their currency from one address to another.  

For a cybercriminal looking to target an individual with ransomware, the purchase discretion and anonymity of Bitcoin provide a favorable solution. In fact, Bitcoin accounts for approximately 98% of ransomware payments today. Say a hacker carries out a ransomware attack and demands that the user pay a large sum in Bitcoin. If the user completes the payment, the hacker can keep moving the currency from one anonymous account to another. That makes it very difficult — though not impossible — to trace if the individual decides to investigate the case and tries to get their money back. 

No more middleman  

Another characteristic that Bitcoin users find appealing is the autonomy offered by digital currencies. In theory, they allow users more autonomy over their own money than government-regulated currencies do. With Bitcoin, users can control how they spend their money without dealing with an intermediary authority like a bank or government. 

This lack of intermediary authority also opens a door for hackers to exploit. Say a user decides that they want to manage their finances using Bitcoin to bypass banking fees and send money to friends and family in different parts of the world. As previously mentioned, a Bitcoin user is assigned an anonymous private key that acts as their security credential. This key is generated and maintained by the user instead of a third-party agency. But what happens if the key isn’t random enough? An attacker could steal the user’s private key, and they will not be able to recover it since the Bitcoin blockchain is not dependent on any centralized third-party institutions. Therefore, it will be very difficult to track the attacker’s behaviors and recover lost funds.  

How Consumers Can Protect Themselves from Cryptocurrency-Driven Attacks 

It is safe to say that Bitcoin has caused a lot of buzz. But do the benefits outweigh the risks? Due to the nature of Bitcoin and most other public blockchains, anyone in the world can perform transactions or cryptographic computations — including cybercriminals. That’s why it is crucial for current cryptocurrency users and those considering cryptocurrency investment to do their research and know what vulnerabilities lie within the world of Bitcoin.  

Follow these tips to help protect yourself from common threats that leverage cryptocurrency:  

 1. Do your homework.  

With blockchain, cryptocurrency, and any new and emerging technology, make sure you always remain a bit skeptical. Do your homework before you embrace the technology — research your options and make note of any known security issues and what you can do to mitigate known risks. 

 2. Don’t pay the ransom.  

If a hacker does target you with ransomware demanding Bitcoin payment, it’s best not to pay the ransom. Although you may feel in the moment that this is the only way to get your encrypted files back, there is no guarantee that the ransomware developers will send a decryption tool once they receive the payment. Paying the ransom also contributes to the development of more ransomware families, so it is best to hold off on making any payments. Furthermore, a recent study found that 80% of businesses that choose to pay a ransom experience a subsequent ransomware attack. While it may feel like your only option in the moment, paying a ransom could show attackers that you’re willing to make the payment, therefore positioning you as an ideal target for yet another attack.   

3. Back up your data.  

If you are targeted with ransomware, it’s crucial that you always have backup copies of your files, preferably in the cloud and on an external hard drive. This way, if you do get a ransomware infection, you can wipe your computer or device and reinstall your files from the backup. Backups protect your data, and you won’t be tempted to reward the hackers by paying a ransom. Backups won’t prevent ransomware, but they can mitigate the risks.  

4. Update your credentials.  

Large organizations often fall prey to ransomware attacks, so take necessary precautions if a company you’ve interacted with becomes compromised from a data leak or a ransomware attack. Immediately change your passwords for all your accounts, ensuring they are strong and unique. You can also employ a password manager to keep track of your credentials and generate secure login keys.  

5. Use a comprehensive security solution 

Add an extra layer of security with a solution such as McAfee® Total Protection, which includes Ransom Guard, to help protect your devices from these cyberthreats and ensure your digital wellness online.  

The emergence of Bitcoin has indeed facilitated a wave of cybercrime that was previously difficult to perceive. In this new age of digital payments, blockchain, and cryptocurrencies, make sure that you do your research and stay vigilant when it comes to protecting your online safety. Remember: Bitcoin worth will continue to fluctuate, but your personal security will always remain invaluable.  

Stay Updated

To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, subscribe to our newsletter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.  

The post Do the Benefits of Bitcoin Outweigh the Risks? appeared first on McAfee Blogs.

The Rise of the Dark Web Gig Economy

By Vishnu Varadaraj

The gig economy has become more prevalent in today’s world with the appeal and necessity of flexible work opportunities. Many take advantage of short-term contracts, side jobs, and freelance work to retain more control over how they spend their day and earn their income. However, the proliferation of these flexible work opportunities has transcended into the dark web, allowing individuals to conduct nefarious activities. Rather than contracting handyman or moving services on the dark web, you can find hackers contracting their website hacking services or buyers placing ads looking for a hacker to hire. These acts pose significant risks to online users, given the amount of stolen personal information on dark websites. Take a look at the activities you can expect to find on the dark web and the steps you can take to safeguard your online privacy.

Watch Out for These Dark Web Criminal Activities 

The dark web is part of the public internet that search engines do not index. In other words, what happens on the dark web, stays on the dark web with no traceable records. Most people don’t realize that the dark web is not illegal despite its association with criminal activities. However, the dark web has retained a criminal reputation since it is challenging to track what goes on. As a result, criminals will often frequent the dark web to conduct a variety of illegal transactions, including hacking services. 

Researchers are discovering an uptick in activity on dark web forums that includes buying and selling black hat hacking services. 90% of the activity on these forums is from people looking to hire hackers to infiltrate websites and steal databases. Additionally, 4% of the people frequenting dark web forums requested hacking services related to website hacking and malicious code injection. 

Another 7% of people on the dark web are hackers contracting out their services and tools. These services and tools include web shells, a file uploaded to a server that an attacker can use to execute operating system commands, as well as access to administrative website interfaces and ready-made exploits. Many of the services offered on these forums range in specialties such as site infiltration to data extraction. As a result, they often attract a variety of customers with numerous requests. 

Further, many of the ads seeking hacking services are aimed at database hacking. Those targeting databases are often financially incentivized hackers and companies out to steal their competitor’s information. Databases remain a popular target for hackers since they contain a significant amount of personal information ranging from first and last names to credit card numbers. Cybercriminals can then use this information to commit numerous crimes such as monetary theft, unemployment and tax relief fraud, and identity theft.

For example, the Canada Revenue Agency (CRA) had to suspend approximately 800,000 accounts after discovering matching credentials for sale on the dark web. In a previous data breach, hackers used login credentials to access taxpayer accounts, apply for COVID-19 relief funds, and reroute the funds into their bank accounts. Taxpayers could not log in to their accounts without first taking the necessary steps to regain safe access.

5 Steps to Take After a Data Breach 

Users must protect their online presence and information as these criminal activities continue to escalate in demand. Here are the five must-dos after discovering a data breach to retain your online security.

1. Leverage security software 

Be one of the first to know about a data breach by leveraging security software such as McAfee Total Protection. A comprehensive security solution that includes dark web monitoring actively monitors the dark web for data breaches and exposed information. This information includes but is not limited to your date of birth, email addresses, credit card numbers, and personal identification numbers. Robust security software also provides steps for remediation after a data breach to guide the user to regain control and integrity of their data and privacy.

2. Stay in the know 

Companies are required to notify their customers of a data breach under the PIPEDA legislature. Be on the lookout for breach notices from relevant companies since they are often the first to know about a data breach impacting their online customers. 

Create news alerts for companies that have access to your information to stay notified of the latest events. Additionally, create notifications for your bank and other financial accounts to monitor for suspicious activity such as unauthorized transactions or a drop in credit score. You will be better prepared to mitigate any cybersecurity threats with the right security software and knowledge of the latest risks.  

3. Change your credentials 

Looking back to the 800,00 taxpayers whose accounts were suspended, they could not regain access without first changing their login credentials. Changing your login credentials such as your usernames, passwords, and security questions is a critical first step to take after any data breach.

Changing your credentials prevents hackers from accessing your personal information and ensures that you regain control over your account security. The chances of a hacker accessing your data are exceptionally high if you use the same credentials across different accounts. Thus, it’s essential to change your usernames and passwords regularly to ensure your information remains secure. 

4. Update your passwords 

Just as important as changing your password regularly is changing your password following best practices. Create stronger passwords by using a combination of the following: 

  • Upper case letters 
  • Lower case letters 
  • Numbers 
  • Symbols 

Long passwords with a minimum of 12 characters are also more effective than shorter passwords since it makes it more difficult for a hacker to guess. In sum, ensure all passwords are long, complex, and only used once. Use a password manager with a built-in generator like the one included in McAfee’s Total Protection solution to make it easier to access and manage passwords. 

5. Enable multifactor authentication 

If your credentials are exposed in a data breach, using multifactor authentication will ensure hackers cannot access your information using only your login credentials. So even if your username and password are exposed, there is still a layer of security that hackers will not be able to bypass. Block out unauthorized login attempts by enabling multifactor authentication wherever applicable.  

Safeguard Against Dark Web Activities  

The dark web continues to be a primary destination for cybercrime. Online users must remain cautious about the information they retain in their online accounts and the websites with access to their personal information. Your data security and privacy are not always a guarantee, but the more precautions you take with your online safety, the better protected you will be.  

Stay Updated 

To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, subscribe to our newsletter, listen to our podcast Hackable?, and ‘Like’ us on Facebook. 

The post The Rise of the Dark Web Gig Economy appeared first on McAfee Blogs.

Is Your Peloton Spinning Up Malware?

By McAfee

[Disclaimer: The McAfee ATR team disclosed this vulnerability to Peloton and promptly started working together to responsibly develop and issue a patch within the disclosure window. The patch was tested and confirmed effective on June 4, 2021.]

Picture this: A hacker enters a gym or fitness center with a Peloton Bike+. They insert a tiny USB key with a boot image file containing malicious code that grants them remote root access. Since the attacker doesn’t need to factory unlock the bike to load the modified image, there is no sign that it was tampered with. With their newfound access, the hacker interferes with the Peloton’s operating system and now has the ability to install and run any programs, modify files, or set up remote backdoor access over the internet. They add malicious apps disguised as Netflix and Spotify to the bike in the hopes that unsuspecting users will enter their login credentials for them to harvest for other cyberattacks. They can enable the bike’s camera and microphone to spy on the device and whoever is using it. To make matters worse, they can also decrypt the bike’s encrypted communications with the various cloud services and databases it accesses, potentially intercepting all kinds of sensitive information. As a result, an unsuspecting gym-goer taking the Peloton Bike+ for a spin could be in danger of having their personal data compromised and their workout unknowingly watched.  

That’s a potential risk that you no longer have to worry about thanks to McAfee’s Advanced Threat Research (ATR) team. The ATR team recently disclosed a vulnerability (CVE-2021-3387) in the Peloton Bike+, which would allow a hacker with either physical access to the Bike+ or access during any point in the supply chain (from construction to delivery), to gain remote root access to the Peloton’s tablet. The hacker could install malicious software, intercept traffic and user’s personal data, and even gain control of the Bike’s camera and microphone over the internet. Further conversations with Peloton confirmed that this vulnerability is also present on Peloton Tread exercise equipment; however, the scope of our research was confined to the Bike+.

As a result of COVID-19, many consumers have looked for in-home exercise solutions, sending the demand for Peloton products soaring. The number of Peloton users grew 22% between September and the end of December 2020, with over 4.4 million members on the platform at year’s end. By combining luxury exercise equipment with high-end technology, Peloton presents an appealing solution to those looking to stay in shape with a variety of classes, all from a few taps of a tablet. Even though in-home fitness products such as Peloton promise unprecedented convenience, many consumers do not realize the risks that IoT fitness devices pose to their online security.  

Under the Hood of the Peloton Bike+  

IoT fitness devices such as the Peloton Bike+ are just like any other laptop or mobile phone that can connect to the internet. They have embedded systems complete with firmware, software, and operating systems. As a result, they are susceptible to the same kind of vulnerabilities, and their security should be approached with a similar level of scrutiny.  

Following the consumer trend in increasing IoT fitness devices, McAfee ATR began poring over the Peloton’s various systems with a critical eye, looking for potential risks consumers might not be thinking about. It was during this exploratory process that the team discovered that the Bike’s system was not verifying that the device’s bootloader was unlocked before attempting to boot a custom image. This means that the bike allowed researchers to load a file that wasn’t meant for the Peloton hardware — a command that should normally be denied on a locked device such as this one. Their first attempt only loaded a blank screen, so the team continued to search for ways to install a valid, but customized boot image, which would start the bike successfully with increased privileges.  

After some digging, researchers were able to download an update package directly from Peloton, containing a boot image that they could modify. With the ability to modify a boot image from Peloton, the researchers were granted root access. Root access means that the ATR team had the highest level of permissions on the device, allowing them to perform functions as an end-user that were not intended by Peloton developers. The Verified Boot process on the Bike failed to identify that the researchers tampered with the boot image, allowing the operating system to start up normally with the modified file. To an unsuspecting user, the Peloton Bike+ appeared completely normal, showing no signs of external modifications or clues that the device had been compromised. In reality, ATR had gained complete control of the Bike’s Android operating system.  

Tips For Staying Secure While Staying Fit 

The McAfee ATR team disclosed this vulnerability to Peloton and promptly started working together to responsibly develop and issue a patch within the disclosure window. The patch was tested and confirmed effective on June 4, 2021. The discovery serves as an important reminder to practice caution when using fitness IoT devices, and it is important that consumers keep these tips in mind to stay secure while staying fit:  

1. Update, update, update! 

Stay on top of software updates from your device manufacturer, especially since they will not always advertise their availability. Visit their website regularly to ensure you do not miss news that may affect you. Additionally, make sure to update mobile apps that pair with your IoT device. Adjust your settings to turn on automatic software updates, so you do not have to update manually and always have the latest security patches.  

2. Do your research  

Do your research before making a significant investment in an IoT device. Ask yourself if these devices are from a reputable vendor. Have they had previous data breaches in the past, or do they have an excellent reputation for providing secure products? Also, take note of the information your IoT device collects, how vendors use this information and what they release to other users or third parties. 

Above all, understand what control you have over your privacy and information usage. It is a good sign if an IoT device allows you to opt-out of having your information collected or lets you access and delete the data it does collect.  

3. Consider an identity theft protection solution 

Protect your data from being compromised by stealthy cybercriminals by using an identity theft solution such as the one included in McAfee Total Protection. This software allows users to take a proactive approach to protecting their identities with personal and financial monitoring, as well as recovery tools.  

Minimize Security Risks  

If you are one of the 4.4 million Peloton members or use other IoT fitness devices, it is important to keep in mind that these gadgets could pose a potential security risk just like any other connected device. To elevate your fitness game while protecting your privacy and data, incorporate cybersecurity best practices into your everyday life so you can confidently enjoy your IoT devices.

Collaboration with Peloton

As stated, McAfee and Peloton worked together closely to address this issue. Adrian Stone, Peloton’s Head of Global Information Security, shared that “this vulnerability reported by McAfee would require direct, physical access to a Peloton Bike+ or Tread. Like with any connected device in the home, if an attacker is able to gain physical access to it, additional physical controls and safeguards become increasingly important. To keep our Members safe, we acted quickly and in coordination with McAfee. We pushed a mandatory update in early June and every device with the update installed is protected from this issue.”

Peloton is always looking for ways to improve products and features, including making new features available to Members through software updates that are pushed to Peloton devices. For a step-by-step guide on how to check for updated software, Peloton Members can visit the Peloton support site.

The post Is Your Peloton Spinning Up Malware? appeared first on McAfee Blogs.

Apple Users: This macOS Malware Could Be Spying on You

By Vishnu Varadaraj

In 2018, Macs accounted for 10% of all active personal computers. Since then, popularity has skyrocketed. In the first quarter of 2021, Macs experienced 115% growth when compared to Q1 2020, putting Apple in fourth place in the global PC market share. It is safe to say that Macs are well-loved and trusted devices by a significant portion of the population — but just how safe are they from a security perspective? 

Many users have historically believed that Macs are untouchable by hackers, giving Apple devices a reputation for being more “secure” than other PCs. However, recent attacks show that this is not the case. According to TechCrunch, a new malware called XCSSET was recently found exploiting a vulnerability that allowed it to access parts of macOS, including the microphone, webcam, and screen recorder — all without consent from the user.  

Let’s dive deeper into how XCSSET works.  

Manipulating Macs with Zero-Day Exploits 

Researchers first discovered XCSSET in 2020. The malware targeted Apple developers and the projects they use to build and code apps. By targeting app development projects, hackers infiltrated apps early in their production, causing developers to unknowingly distribute the malware to their users.  

Once the malware is running on a user’s device, it uses multiple zero-day attacks to alter the machine and spy on the user. These attacks allow the hacker to:   

  • Steal cookies from the Safari browser to gain access to a user’s online accounts. 
  • Quietly install a development version of Safari that allows attackers to modify and snoop on virtually any website. 
  • Secretly take screenshots of the victim’s device.  

XCSSET’s Significance for macOS Users 

While macOS is supposed to ask users for permission before allowing any app to record the screen, access the microphone or webcam, or open the user’s storage, XCSSET can bypass all of these permissions. This allows the malware to sneak in under the radar and inject malicious code into legitimate apps that commonly ask for screen-sharing permissions such as Zoom, WhatsApp, and Slack. By disguising itself among these legitimate apps, XCSSET inherits their permissions across the computer and avoids getting flagged by macOS’s built-in security defenses. As a result, the bug could allow hackers to access the victim’s microphone, webcam, or capture their keystrokes for login credentials or credit card information.  

How to Stay Protected Against macOS Malware 

It is unclear how many devices were affected by XCSSET. Regardless, it is crucial for consumers to understand that Mac’s historical security reputation does not replace the need for users to take online safety precautions. The following tips can help macOS users protect themselves from malware:  

1. Update your software.   

Software developers are continuously working to identify and address security issues. Frequently updating your devices’ operating systems, browsers, and apps is the easiest way to have the latest fixes and security protections. For example, Apple confirmed that it addressed the bug exploited by XCSSET in macOS 11.4, which was made available on May 24th, 2021. 

2. Avoid suspicious emails or text messages from unknown senders.  

Hackers often use phishing emails or text messages as a means to distribute malware by disguising their malicious code in links and attachments. Do not open suspicious or irrelevant messages, as this can result in malware infection. If the message claims to be from a business or someone you know, reach out to the source directly instead of responding to the message. This will allow you to confirm the sender’s legitimacy.  

3. Use a comprehensive security solution. 

Use a solution like McAfee Total Protection, which can help protect devices against malware, phishing attacks, and other threats. It also includes McAfee WebAdvisor — a tool to help identify malicious websites. 

Regardless of whether you are Team PC or Team Mac, it is important to realize that both platforms are susceptible to cyberthreats that are constantly changing. Doing your research on prevalent threats and software bugs puts you in a better position to protect your online safety.  

Stay Updated 

To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, subscribe to our newsletter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.  

The post Apple Users: This macOS Malware Could Be Spying on You appeared first on McAfee Blogs.

8 Tips for Staying Safe from Ransomware Attacks

By McAfee

What is Ransomware?

Over the past year, you may have seen the term ransomware popping up frequently. There’s good reason for that as ransomware is responsible for 21% of all cyberattacks, according to a new report. For enterprising hackers, this tactic has become standard operating procedure because it’s effective and organizations are willing to pay. But what does that mean for you and living a confident life online? Fortunately, there are a number of things individuals can do to avoid ransomware. But first, let’s start with the basics.  

Ransomware is malware that employs encryption to hold a victim’s information at ransom. The hacker uses it to encrypt a user or organization’s critical data so that they cannot access files, databases, or applications. A ransom is then demanded to provide access. It is a growing threat, generating billions of dollars in payments to cybercriminals and inflicting significant damage and expenses for businesses and governmental organizations.  

Why should I care?

McAfee Labs counted a 60% increase in attacks from Q4 2019 to Q1 2020 in the United States alone. Unfortunately, the attacks targeting organizations also impact the consumers who buy from them, as the company’s data consists of its customers’ personal and financial information. That means your data if you’ve done business with the affected company. Fortunately, there are many ways you can protect yourself from ransomware attacks.

How do I know if my information is vulnerable?

When a company is hit with a ransomware attack, they typically are quick to report the incident, even though a full analysis of what was affected and how extensive the breach may have been may take much longer. Once they have the necessary details they may reach out to their customers via email, through updates on their site, social media, or even the press to report what customer data may be at risk. Paying attention to official communications through these various channels is the best way to know if you’ve been affected by a ransomware attack.  

The connection between phishing and ransomware 

The top ransomware infection vectors – a fancy term for the way you get ransomware on your device – are phishing and vulnerability exploits. Of these two, phishing is responsible for a full 41% of ransomware infections. Ironically, this is good news, because phishing is something we can learn to spot and avoid by educating ourselves about how scammers work. Before we get into specific tips, know that phishing can take the form of many types of communications including emails, texts, and voicemails. Also know that scammers are convincingly imitating some of the biggest brands in the world to get you to surrender your credentials or install malware on your device. With that in mind, here are several tips to avoid getting phished. 

1. Be cautious of emails asking you to act  

If you receive an email, call, or text asking you to download software or pay a certain amount of money, don’t click on anything or take any direct action from the message. Instead, go straight to the organization’s website. This will prevent you from downloading malicious content from phishing links or forking over money unnecessarily. 

2. Hover over links to see and verify the URL 

If someone sends you a message with a link, hover over the link without clicking on it. This will allow you to see a link preview. If the URL looks suspicious, don’t interact with it and delete the message altogether. 

3. Go directly to the source 

Instead of clicking on a link in an email or text message, it’s always best to check directly with the source to verify an offer, request, or link. 

4. Browse with caution 

McAfee offers the free McAfee WebAdvisor, which can help identify malicious websites and suspect links that may be associated with phishing schemes. 

Put ransomware fears in your rearview mirror with these tips: 

If you do get ransomware, the story isn’t over. Below are 8 remediation tips that can help get your data back, along with your peace of mind. 

1. Back up your data  

If you get ransomware, you’ll want to immediately disconnect any infected devices from your networks to prevent the spread of it. This means you’ll be locked out of your files by ransomware and be unable to move the infected files. Therefore, it’s crucial that you always have backup copies of them, preferably in the cloud and on an external hard drive. This way, if you do get a ransomware infection, you can wipe your computer or device free and reinstall your files from backup.  Backups protect your data, and you won’t be tempted to reward the malware authors by paying a ransom. Backups won’t prevent ransomware, but they can mitigate the risks.

2. Change your credentials 

If you discover that a data leak or a ransomware attack has compromised a company you’ve interacted with, act immediately and change your passwords for all your accounts. And while you’re at it, go the extra mile and create passwords that are seriously hard to crack with this next tip.

3. Take password protection seriously 

When updating your credentials, you should always ensure that your password is strong and unique. Many users utilize the same password or variations of it across all their accounts. Therefore, be sure to diversify your passcodes to ensure hackers cannot obtain access to all your accounts at once, should one password be compromised. You can also employ a password manager to keep track of your credentials and generate secure login keys.   

4. Enable two-factor or multi-factor authentication 

Two or multi-factor authentication provides an extra layer of security, as it requires multiple forms of verification. For instance, you’ll be asked to verify your identity through another device, such as a phone. This reduces the risk of successful impersonation by hackers.   

5. Browse safely online 

Be careful where you click. Don’t respond to emails and text messages from people you don’t know, and only download applications from trusted sources. This is important since malware authors often use social engineering to get you to install dangerous files. Using a security extension on your web browser is one way to browse more safely.

6. Only use secure networks 

Avoid using public Wi-Fi networks, since many of them are not secure, and cybercriminals can snoop on your internet usage. Instead, consider installing a VPN, which provides you with a secure connection to the internet no matter where you go.    

7. Never pay the ransom 

While it is often large organizations that fall prey to ransomware attacks, you can also be targeted by a ransomware campaign. If this happens, don’t pay the ransom. Although you may feel that this is the only way to get your encrypted files back, there is no guarantee that the ransomware developers will send a decryption tool once they receive the payment. Paying the ransom also contributes to the development of more ransomware families, so it’s best to hold off on making any payments. Thankfully there are free resources devoted to helping you like McAfee’s No More Ransomware initiative McAfee, along with other organizations, created www.nomoreransom.org/ to educate the public about ransomware and, more importantly, to provide decryption tools to help people recover files that have been locked by ransomware. On the site you’ll find decryption tools for many types of ransomware, including the Shade ransomware.

7. Use a comprehensive security solution 

Adding an extra layer of security with a solution such as McAfee® Total Protection, which includes Ransom Guard, can help protect your devices from these cyber threats. In addition, make sure you update your devices’ software (including security software!) early and often, as patches for flaws are typically included in each update. Comprehensive security solutions also include many of the tools we mentioned above and are simply the easiest way to ensure digital wellness online.  

The post 8 Tips for Staying Safe from Ransomware Attacks appeared first on McAfee Blog.

The What, Why, and How of AI and Threat Detection

By Vishnu Varadaraj

There are more online users now than ever before, thanks to the availability of network-capable devices and online services. The internet population in Canada is the highest it has been, topping the charts at 33 million. That number is only expected to increase through the upcoming years. However, this growing number and continued adoption of online services pose increasing cybersecurity risks as cybercriminals take advantage of more online users and exploit vulnerabilities in online infrastructure. This is why we need AI-backed software to provide advanced protection for online users.   

The nature of these online threats is ever-changing, making it difficult for legacy threat detection systems to monitor threat behavior and detect new malicious code. Fortunately, threat detection systems such as McAfee’s Antivirus and Threat Detection Defense adapt to incorporate the latest threat intelligence and artificial intelligence (AI) driven behavioral analysis. Here’s how AI impacts cybersecurity to go beyond traditional methods to protect online users. 

What is AI? 

Most of today’s antivirus and threat detection software leverages behavioral heuristic-based detection based on machine learning models to detect known malicious behavior. Traditional methods rely on data analytics to detect known threat signatures or footprints with incredible accuracy. However, these conventional methods do not account for new malicious code, otherwise known as zero-day malware, for which there is no known information available. AI is mission-critical to cybersecurity since it enables security software and providers to take a more intelligent approach to virus and malware detection. Unlike AI–backed software, traditional methods rely solely on signature-based software and data analytics.  

Similar to human-like reasoning, machine learning models follow a three-stage process to gather input, process it, and generate an output in the form of threat leads. Threat detection software can gather information from threat intelligence to understand known malware using these models. It then processes this data, stores it, and uses it to draw inferences and make decisions and predictions. Behavioral heuristic-based detection leverages multiple facets of machine learning, one of which is deep learning. 

Deep learning employs neural networks to emulate the function of neurons in the human brain. This architecture uses validation algorithms for crosschecking data and complex mathematical equations, which applies an “if this, then that” approach to reasoning. It looks at what occurred in the past and analyzes current and predictive data to reach a conclusion. As the numerous layers in this framework process more data, the more accurate the prediction becomes. 

Many antivirus and detection systems also use ensemble learning. This process takes a layered approach by applying multiple learning models to create one that is more robust and comprehensive. Ensemble learning can boost detection performance with fewer errors for a more accurate conclusion.  

Additionally, today’s detection software leverages supervised learning techniques by taking a “learn by example” approach. This process strives to develop an algorithm by understanding the relationship between a given input and the desired output. 

Machine learning is only a piece of an effective antivirus and threat detection framework. A proper framework combines new data types with machine learning and cognitive reasoning to develop a highly advanced analytical framework. This framework will allow for advanced threat detection, prevention, and remediation.  

How Can AI Help Cybersecurity? 

Online threats are increasing at a staggering pace. McAfee Labs observed an average of 588 malware threats per minuteThese risks exist and are often exacerbated for several reasons, one of which is the complexity and connectivity of today’s world. Threat detection analysts are unable to detect new malware manually due to their high volume. However, AI can identify and categorize new malware based on malicious behavior before they get a chance to affect online users. AIenabled software can also detect mutated malware that attempts to avoid detection by legacy antivirus systems.  

Today, there are more interconnected devices and online usage ingrained into people’s everyday lives. However, the growing number of digital devices creates a broader attack surface. In other words, hackers will have a higher chance of infiltrating a device and those connected to it. 

Additionally, mobile usage is putting online users at significant risk. Over 85% of the Canadian population owns a smartphone. Hackers are noticing the rising number of mobile users and are rapidly taking advantage of the fact to target users with mobile-specific malware. 

The increased online connectivity through various devices also means that more information is being stored and processed online. Nowadays, more people are placing their data and privacy in the hands of corporations that have a critical responsibility to safeguard their users’ data. The fact of the matter is that not all companies can guarantee the safeguards required to uphold this promise, ultimately resulting in data and privacy breaches. 

In response to these risks and the rising sophistication of the online landscape, security companies combine AI, threat intelligence, and data science to analyze and resolve new and complex cyber threats. AI-backed threat protection identifies and learns about new malware using machine learning modelsThis enables AI-backed antivirus software to protect online users more efficiently and reliably than ever before 

Top 3 Benefits of AI-backed Threat Detection Software  

AI addresses numerous challenges posed by increasing malware complexity and volume, making it critical for online security and privacy protection. Here are the top 3 ways AI enhances cybersecurity to better protect online users.  

1. Effective threat detection 

The most significant difference between traditional signature-based threat detection methods and advanced AI-backed methods is the capability to detect zero-day malware. Functioning exclusively from either of these two methods will not result in an adequate level of protection. However, combining theresults in a greater probability of detecting more threats with higher precision. Each method will ultimately play on the other’s strengths for a maximum level of protection. 

2. Enhanced vulnerability management 

AI enables threat detection software to think like a hacker. It can help software identify vulnerabilities that cybercriminals would typically exploit and flag them to the user. It also enables threat detection software to better pinpoint weaknesses in user devices before a threat has even occurred, unlike conventional methods. AI-backed security advances past traditional methods to better predict what a hacker would consider a vulnerability. 

2. Better security recommendations 

AI can help users understand the risks they face daily. An advanced threat detection software backed by AI can provide a more prescriptive solution to identifying risks and how to handle them. A better explanation results in a better understanding of the issue. As a result, users are more aware of how to mitigate the incident or vulnerability in the future.

Take a Smarter Approach to Security 

AI and machine learning are only a piece of an effective threat detection framework. A proper threat detection framework combines new data types with the latest machine learning capabilities to develop a highly advanced analytical framework. This framework will allow for better threat cyber threat detection, prevention, and remediation.

The post The What, Why, and How of AI and Threat Detection appeared first on McAfee Blogs.

A Safer Internet for You, Your Family, and Others Too

By McAfee

With so many of us relying on the internet in ways we simply haven’t before, it follows that a safer internet is more important than ever before too 

June marks Internet Safety Month, a time where we can look back at the past year and realize that the internet was more than just a coping mechanism during the pandemic, it evolved into a survival tool.  

Our research published earlier this year showed how. It found that we relied heavily on the internet for our banking, personal finance, shopping, and even healthcare—not to mention the ways we worked, studied, and kept in touch with each other online during the pandemic. For millions of families globally, the internet was their connection to the rest of the world. 

None of that would have been possible without a safer internet that we can trust. The truth is, part of creating a safer internet rests with us—the people who use it. When we take steps to protect ourselves and our families, we end up helping protect others as well. How we act online, how we secure our data and devices, how we take responsibility for our children, all of it affects others.  

Here are just a few ways you can indeed make a safer internet for your family, and by extension, safer for others too: 

1. Protect all your devices from hacks, attacks, and viruses 

Start with the basics: get strong protection for your computers and laptops. And that means more than basic antivirus. Using a comprehensive suite of security software like McAfee® Total Protection can help defend your entire family from the latest threats and malware, make it safer to browse, help steer you clear of potential fraud, and look out for your privacy too. 

Protecting your smartphones and tablets is a must nowadays as well. We’re using them to send money with payment apps. We’re doing our banking on them. And we’re using them as a “universal remote control” to do things like set the alarm, turn our lights on and off and even see who’s at the front door. Whether you’re an Androidowner or  iOS owner, get security software installed on your smartphones and tablets so you can protect all the things they access and control. 

Another thing that comprehensive security software can do is create and store unique passwords for all your accounts and automatically use them as you surf, shop, and bank. Further, it can keep those passwords safe—unlike when they’re stored in an unprotected file on your computer, which can be subject to a hack or data loss—or sticky notes that can simply get lost. 

2. Check your child’s credit (and yours too) 

With stories of data breaches and identity theft making the news on a regular basis, there’s plenty of focus on thethings we can do to protect ourselves from identity theft. However, children can be targets of identity theft as well. The reason is, they’re high-value targets for hackers. Their credit reports are clean, and it’s often years before parents become aware that their child’s identity was stolen, such as when the child enters adulthood and rents an apartment or applies for their first credit card. 

One way you can spot and even prevent identity theft is by checking your child’s credit report. Doing so will uncover any inconsistencies or outright instances of fraud and put you on the path to set them straight. In the U.S., you can do this for free once a year. Just drop by the FTC website for details on your free credit report. And while you’re at it, you can go and do the same for yourself. 

You can take your protection a step further by freezing your child’s credit.A freeze will prevent access to your child’s report and thus prevent any illicit activity. In the U.S., you’ll need to create a separate freeze with each of the three major credit reporting agencies (Equifax, Experian, and TransUnion). It’s free to do so, yet you’ll have to do a little legwork to prove that you’re indeed the child’s parent or guardian. 

3. Smartphone safety for kids 

Smartphone safety for kids is a blog topic in itself. Several topics, actually—such as when it’s the “right” time to get a child their first smartphone, how they can stay safe while using them, placing limits on their screen time, and so on. 

Taking it from square one, make sure that all your smartphones are protected like we called out above—whether it’s yours or your child’s. From there, there are eight easy steps you can take to hack-proof your family’s smartphones, such as juicing up your passwords, making sure the apps on them are safe and setting your smartphone to automatic updates. 

If you’re on the fence about getting your child their first smartphone, you’re certainly not alone. So many parents are drawn to the idea of being able to get in touch with their children easily, and even track their whereabouts, yet they’re concerned that a smartphone is indeed too much phone for younger children. They simply don’t want to expose their children to the broader internet just yet.  

The good news is that there are plenty of smartphone alternatives for kids. Streamlined flip phones are still a fine option for parents and kids, as are cellular walkie-talkies and new lines of devices designed specifically with kids in mind. 

And if you’re ready to make the jump, check out our tips for keeping your child safe when you purchase their first smartphone. From basic security and parental controls to keeping tabs on your child’s activity and your role in keeping them safe, this primer makes for good reading, and good sharing with other parents too, when you get serious about making that purchase. 

4. Know the signs of cyberbullying 

Cyberbullying is another broad and in-depth topic that we cover in our blogs quite often, and for good reason. Data from the Cyberbullying Research Center shows that an average of more than 27% of kids have experienced cyberbullying over the past 13 years. In 2019, that figure was as high as 36.5%. Without question, it’s a problem. 

What exactly is cyberbullying? Stopbullying.gov defines it as: 

Cyberbullying is bullying that takes place over digital devices like cell phones, computers, and tablets. Cyberbullying can occur through SMS, Text, and apps, or online in social media, forums, or gaming where people can view, participate in, or share content. Cyberbullying includes sending, posting, or sharing negative, harmful, false, or mean content about someone else. It can include sharing personal or private information about someone else causing embarrassment or humiliation. 

Part of the solution is knowing how to spot cyberbullying and likewise taking steps to minimize its impact if you see it happening to your child or someone else’s. The important thing is to act before serious damage sets in or even a criminal act can occur. 

The painful truth is that someone’s child is doing the bullying, and what could be more painful than finding out your child is doing the bullying? If you suspect this is happening, or have seen evidence that it’s indeed happening, act right away. Our article “Could Your Child (Glup) be the One Cyberbullying,” outlines ten steps you can take right away. 

If you’ve taken steps to solve a situation involving cyberbullying and nothing has worked, know there are cyberbullying resources that can help. Likewise, don’t hesitate to contact your child’s school for assistance. Many schools have policies in place that address cyberbullying amongst their students, whether the activity occurred on campus or off. 

5. Internet ethics 

With all the emphasis on technology, it’s easy to forget that behind every attack on the internet, there’s a person. A safer internet relies on how we treat each other and how we carry ourselves on the internet (which can be quite different from how we carry ourselves in face-to-face interactions). 

With that, National Internet Safety Month presents a fine opportunity to pause and consider how we’re acting online. Very Well Family put together an article on internet etiquette for kidswhich covers everything from the online version of “The Golden Rule” to ways you can steer clear of rudeness and drama. 

Granted, we can’t control the behavior of others. Despite your best efforts, you or your children may find themselves targeted by poor or hurtful behavior online. For guidance on how to handle those situations, check out our article oninternet trolls and how to handle themThere’s great advice in there for everyone in the family. 

Internet safety begins with us 

If we didn’t know it already, the past year proved that a safer internet isn’t a “nice to have.” It’s vital—a trusted resource we can’t do without. Take time this month to consider your part in that, what you can do to make your corner of the internet safer and a thriving place that everyone can enjoy. 

The post A Safer Internet for You, Your Family, and Others Too appeared first on McAfee Blogs.

Private browsing vs VPN – Which one is more private?

By McAfee

To enjoy online life to the fullest these days, we often have to give out a certain amount of personal information. That also means the moment you go online you’re giving personal data away. Whether it’s your phone, a game console, or a connected speaker, someone, somewhere, is monitoring your connection. Knowing what data your device sends, and who has access to that information, is an important part of maintaining your online privacy. However, without the right tools, you’re probably giving away a lot more information than you realize. Many believe that one effective way to maintain online privacy is by using a private mode on a browser. 

However, it’s a common misconception that “private browsing” modes–like Google’s Incognito–protect your online privacy. It makes sense, they’re called “private browsing”, what else would they do? Well, if you’ve read the news lately, you may have seen that Google is in a $5 billion lawsuit specifically because of their private browsing mode.  

The thing is, incognito mode is often misunderstood. When you open an incognito window, you’re told that “You’ve gone incognito.” The explanation underneath says that your browsing history, website visits, cookies, and information you put in forms, won’t be saved. This is where the confusion starts. What the incognito explanation doesn’t tell you is that your browsing information isn’t blocked or hidden from advertisers while in incognito mode. So even though your browsing information “won’t be saved” on your device or available after you close the window, that doesn’t stop the internet from seeing everything you’ve been up to while in that session.  

For these reasons, more people use virtual private networks, or VPNs, to protect their browsing history from prying eyes. If you’re new to VPN, this might be the perfect time to learn about what they are, how they work and why you might choose a VPN over private browsing.   

What do virtual private networks do?   

VPN protects your devices by wrapping your internet connection in a secure tunnel that only you can access. This stops people —like those nosey advertisers—from seeing what sites you visit. With a secure connection to the Internet, every search request, every website you browse, is hidden from sight. It’s important to point out that VPN doesn’t make you anonymous; they make it so only you can see what you’re doing online. You can learn even more about VPN in this blog. 

What does incognito mode do?  

Without private browsing, your browser tells websites–and their owners–all kinds of things about you like what device you’re using, where you are, what sites you’ve visited, and when. Websites use this information to serve you relevant ads, but it can also be used to track your location and browsing habits. 

With private browsing, your browser window is isolated from the rest of your operating system. Isolating the browser is supposed to help block websites from seeing who you are, block cookies and prevent access to your browsing history, but even when using private browsing, tests like EFF’s Panopticlick privacy test can see what device you’re on, where you’re connecting, if you can accept cookies, your OS, and many other types personally-identifying information. 

What’s the difference between VPN and private browsing?  

VPN 

  • Encrypt your internet connection  
  • Help hide your browsing from snoops  
  • Help hide your search requests  
  • Help protect your personal information  
  • Can protect multiple devices  
  • Block some types of online tracking  

Private browsing 

  • Deletes personal data when you stop browsing  
  • Only active in one browser window   
  • Hides Internet activity from other users on shared devices  

Use private browsing alongside VPN  

We wouldn’t recommend using incognito mode instead of a VPN, ever. However, Incognito mode has its place in your online security toolkit,  as long as you don’t think of it as a replacement for other types of protection. For instance, if you share a device with other people, like family members, then you might want to use incognito mode to make sure your partner doesn’t accidentally find out how much you spent on their surprise birthday gift. But, if you’re concerned with advertisers tracking you and watching what you do online, then you should consider also using a VPN to protect your privacy.  

Ways to get VPN protection  

If you’re already a McAfee Total Protection subscriber, you have access to unlimited VPN usage. Protect your personal information, like your banking information and credit cards, from prying eyes with McAfee Total Protection’s Secure VPN. If you haven’t already signed up, now’s the perfect time. McAfee Total Protection provides security for all your devices, giving you peace of mind while you shop, bank, and browse online. 

The post Private browsing vs VPN – Which one is more private? appeared first on McAfee Blog.

At Home or On-the-Go: Boost Your Internet Safety this Summer

By Toni Birdsong

Summer is here, which means more sun and more fun for everyoneIt also means more streaming, gaming, and downloading. This seasonal reality reminds us that to enjoy the best of summer, it’s important to stay aware of the digital risks that could sink the fun faster than you can say, “it’s hammock time!” 

Summer Safety at Home 

Emerging from the pandemic, we’re familiar with the increase in online time that came with remote learning. However, shift into summer means the remote learning hours will quickly turn into hours spent gamingTikTok scrolling, and social networking. If you add summer travel plans to those activities, your family also becomes vulnerable to Wi-Fi breaches, viruses, sketchy apps, and device theft.   

Suppose your family’s screen time rules became laxer this year. In that case, summer is the perfect time to start re-establishing healthy digital habits for gamer security, app security, and Wi-Fi security, be it at home or while traveling. Here are just a few tips to get you rolling.  

At home safety tips 

  • Set digital priorities as a family. With the topsy-turvy year everyone’s endured, collaboration and flexibility will be important to setting digital priorities. As a family, consider: What online activities give your kids the most meaningful interaction? What fulfills their social needs? What engages their mind or creativity?How much time will you give online activities vs. outdoor or face-to-face activities?  
    • Note: All screen time is not created equal, which is why sitting down together to discuss priorities will help create a summer media plan everyone can get behind. Every family’s screen time plan will look different, so determine what matters to your family and adjust as the summer progresses. If you are a working parent this summer, you might consider parental controls to support your summer screen time goals. 
  • Stay alert to scams. Long summer days can slowly morph into the summer lazies — attitudes, sleep schedules, and other routines can slowly slip. However, it’s no time to let your digital guard down. Help your family keep scams and bad actors on their radar; since both will find ways to exploit kids online. Coronavirus scams, travel scams, and social scams are everywhere. Meet that threat with consistent dialogue with your family and antivirus software. 
  • Guard against strangers and cyberbullies.Strangers understand that kids spend more time online in the summer months and are out in full force. Also, long summer days and increased boredom create a fruitful environment for cyberbullies. Candidly discuss with your kids the risk of connecting with strangers online and engaging with cyberbullies. Be sure they know where to report inappropriate behavior. 

Study: More Connected, Less Secure 

According to a recent McAfee study 2021 Consumer Security Mindset: Travel Edition, 2 out of 3 Americans plan to travel this summer. However, the study also highlighted a troubling discrepancy: while 68% of Americans confirm they are more digitally connectedsince the onset of COVID-19, only about half of them have implemented additional levels of internet security.  

Chances are someone in your immediate family — perhaps an elderly relative or a younger child — is among those who are more connected since COVID-19 but less secureas they head into the summer months. One way to close that gap is to educate and share family internet security tips. Here are just a few.  

On-the-Go Summer Safety Tips 

  • Connect with caution. Be cautious when connecting to public Wi-Fi while on vacation and ensuring the Wi-Fi is secure and attached to a trusted source. Ensure that you don’t conduct any financial transactions or share any personal details while on public Wi-Fi.  
  • Consider a holistic security solution. Understand what tools are available to you to give you peace of mind that your identity and personal information across all devices are safeguarded this summer travel season. 
  • Update your software. Before you travel, check for any software updates on your devices. Updates often fix security bugs and seal up cracks in the system. 
  • Keep devices protected and close. Distracted vacationers are the perfect target for thieves looking to steal devices- be it a phone, laptop, tablet, or gaming device. Ensure accounts have multi-factor authentication to double-check digital users’ authenticity if the device gets into the wrong hands. 

This summer can unfold seamlessly and be packed with unforgettable family memories. Or, it could be a season you’d rather forget if you wander into a digital danger zone. Remember: Your family’s privacy is as strong as your weakest family member’s security IQ. One vulnerable person exposes the data and security of everyone under your roof. So, taking the time to build up your family’s internet security is a big step in bummer-proofing your summer. Here’s to fun, sunny, safe days ahead! 

The post At Home or On-the-Go: Boost Your Internet Safety this Summer appeared first on McAfee Blogs.

Keep the Change: 3 Tips for Using the Twitter Tip Jar

By Vishnu Varadaraj

When we think of tipping, many don’t see it as anything beyond a display of gratitudeHowever, Twitter’s latest feature is prompting its users to rethink this sentiment. It hasn’t been long since Twitter released their new Tip Jar feature, which allows users on the platform to send tips to designated accounts. However, online users and security experts are already exposing the vulnerabilities in its architecture. 

Twitter’s Tip Jar has sparked concerns over user privacy due to the exposure of user’s shipping address, not to mention concerns over fraudulent payment disputes. Here’s what you need to know about this feature and what it means for your financial and data privacy.  

When Social Media Sharing Crosses a Line 

It was recently revealed that the new  feature may not be as secure as it was believed to be. Users were quick to point out a critical flaw that reveals their shipping address to the recipient when sending money through PayPalShortly after, others also discovered that Twitter Tip Jar could reveal a user’s email address even if no transaction took place. Only a limited number of accounts can receive payments, including creators, journalists, experts, and nonprofits. However, anyone can send tips, making the new feature’s vulnerabilities more concerning.  

The reason why PayPal displays the senders shipping address is because Twitter categorizetipping as a payment transactionTherefore, recipients would receive the sender’s payment and shipping details by default, just like any other vendor would in a typical online transaction.  

While your information inot shared publicly, exposing it to recipients poses increased security risks.  

Picture this: Hackers recognize notable recipients and hack their accounts to steal their information—including your personal address. They then use your information to carry out targeted phishing attacks and ransomware. You lose your data, your device becomes infected and therefore unusable, and you’re even more susceptible to identity fraudall stemming from an attempt to leave a digital tip as a token of goodwill 

Good Intentions Turned Bad 

Twitter Tip Jar is a prime example of a good idea gone awry. Twitter released the feature to support notable members of their communitymany of whom prefer to use Twitter due to the level of anonymity that is allowed by the platform — it does not require your real name, which potentially leads to more anonymous interactions than other social media sites. For this reason, Twitter users are more vulnerable to privacy concerns when using the Tip Jar.  

In addition to privacy concerns, hackers could also misuse the Tip Jar feature through fraudulent payment disputes. If someone tips a Twitter user using the Tip Jar and later files a “dispute” regarding the payment, PayPal requires the recipient pay a $20 dispute charge. Now imagine if a malicious entity does this to a recipient multiple times. The user could quickly accumulate hundreds of dollars in dispute charges instead of tips, causing the direction of money flow to effectively be reversed and financial stress on the recipient.  

Safely Navigate the Social Landscape 

It can be challenging to safely navigate social media from a cybersecurity perspective because sharing is now synonymous with social networking. If you actively participate on social platforms, here are the three tips you should follow to side-step any security gotchas along the way: 

1. Share your gratitude, not your information 

Fortunately, there’s a simple workaround to avoid publicly sharing your shipping address while using the Twitter Tip Jar. When sending a tip using Tip Jar, rather than inputting an address under the shipping address form field, simply defer to the “No address needed” option to keep your address private.  

2. Update your privacy settings 

Double check your privacy settings in both your social apps and your connected third-party payment systems. As you navigate this new feature and any that are upandcoming, take note of the privacy policies that impact how your personal data is being used. (e.g. Twitter has updated its tipping prompt and Help Center to make it clear that other apps, such as PayPal, may share information between people sending and receiving tips) 

3. Turn on automatic software updates 

Security researchers and engineers are constantly working to fix software bugs and vulnerabilities in the background. By turning on automatic updates, you are guaranteed to have all the latest security patches and enhancements for your apps and tools as soon as they become available.   

Practice Caution When Faced With New Features  

It can be tempting to jump on the bandwagon when a shiny, new feature makes its way to the social media platforms you use and love. But taking the time to learn about these features before choosing to participate can save you from a potential privacy headache, especially in the case of the Twitter Tip Jar. By educating yourself on both the benefits and the risks, you’ll be able to take actionable steps that protect your personal information.  

Stay Updated 

To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, subscribe to our newsletter, listen to our podcast Hackable?, and ‘Like’ us on Facebook. 

The post Keep the Change: 3 Tips for Using the Twitter Tip Jar appeared first on McAfee Blogs.

Less Is More: Why One Antivirus Software Is All You Need

By Vishnu Varadaraj
Antivirus Software

Personal devices and the information they carry are incredibly valuable to their owners. It is only natural to want to protect your device like a royal family fortifying a medieval castle. Unlike medieval castles that depended upon layers and layers of protection (moats, drawbridges, spiky gates, etc.), personal devices thrive on just one defense: a devoted guard called antivirus software.  

Increasing your personal device’s security detail with more than one guard, or antivirus software is actually less effective than using a single, comprehensive option. Microsoft operating systems recognize the detriment of running two antivirus software programs simultaneously for real-time protection. Microsoft Windows automatically unregisters additional programs so they do not compete against each other. In theory, if you have a Microsoft device, you could run on-demand or scheduled scans from two different antivirus products without the operating system disabling one of them. But why invest in multiple software where one will do?  

If you do not have a Microsoft device, here is what could happen to your device if you run more than one antivirus program at a time, and why you should consider investing in only one top-notch product.  

Fight over potential viruses  

Antivirus programs want to impress you. Each wants to be the one to catch a virus and present you with the culprit, like a cat with a mouse. When antivirus software captures a virus, it locks it in a secure place to neutralize it. If you have two programs running simultaneously, they could engage in a tussle over who gets to scan, report, and remove the virus. This added activity could cause your computer to crash or use up your device’s memory.  

Report each other as suspicious  

Antivirus software quietly monitors and collects information about how your system runs, which is similar to how viruses operate. One software could mark the other as suspicious because real-time protection software is lurking in the background. So, while one antivirus program is busy blowing the whistle on the other, malicious code could quietly slip by.  

Additionally, users could be buried under a barrage of red flag notifications about each software reporting the other as suspicious. Some users become so distracted by the onslaught of notifications that they deactivate both programs or ignore notifications altogether, leaving the device vulnerable to real threats.  

Drain your battery and slow down your device  

Running one antivirus software does not drain your battery, and it can actually make your device faster. However, two antivirus programs will not double your operating speed. In fact, it will make it run much slower and drain your battery in the process. With two programs running real-time protection constantly in the background, device performance is extremely compromised.  

Antivirus software best practices 

There is no reason to invest in two antivirus programs when one solid software will more than do the trick to protect your device. Here are some best practices to get the most out of your antivirus software:  

1. Back up files regularly 

One habit you should adopt is backing up your files regularly. You never know when malware could hit and corrupt your data. Add it to your weekly routine to sync with the cloud and back up your most important files to an external hard drive.   

2. Keep your software up to date 

Whenever your software prompts you to install an update, do it! New cyber threats are evolving every day, and the best way to protect against them is to allow your software to stay as up-to-date as possible.  

3. Read the results reports    

Always read your antivirus results reports. These reports let you know the suspicious suspects your software was busy rounding up. It will give you a good idea of the threats your devices face and perhaps the schemes that you unknowingly fell into, such as clicking on a link in a phishing email. This information can also help you improve your online safety habits.  

Go with the single strongest antivirus, and more  

Everyone needs strong antivirus. Yet antivirus alone isn’t enough to beat back today’s threats. Hackers, scammers, and thieves rely on far more tricks than viruses and malware to wage their attacks, and data breaches slip billions of personal and financial records into the hands of bad actors. You’ll want to pair antivirus with further protection that covers your privacy and identity as well. 

For example the antivirus included with McAfee+ Ultimate can secure an unlimited number of household devices. Yet it offers far more than antivirus alone with our most comprehensive protection for your privacy, identity, and devices. The full list of features is long, yet you’ll get credit monitoring, dark web monitoring, removal of personal information from risky data broker sites, along with identity theft protection and restoration from a licensed expert if the unexpected happens. In all, it offers a single solution for antivirus, and far more that can protect you from the broad range of threats out there today. 

The post Less Is More: Why One Antivirus Software Is All You Need appeared first on McAfee Blog.

Elevate Your Financial Security: How to Safely Bank Online

By Jean Treadwell
Online Banking

Today’s technology allows you to complete various tasks at the touch of a button wherever you go. As a result, you place trust in online services that make everyday chores more convenient without second-guessing their effects. One such service is online banking. More Canadians are doing their banking virtually with over 76% using online or mobile devices. Despite the extensive measures that banks take to strengthen their online security, no system is fail-safe. It is extremely important to practice proper security habits and be on the lookout for online fraud to ensure the safety of your financial information.  

The Risks of Online and Mobile Banking  

According to the Canadian Bankers Association (CBA), banks in Canada use sophisticated technology and layers of security to help protect customers from fraud when doing their banking online or using a mobile banking app. Although online banking is generally safe, it does provide cybercriminals with a potentially lucrative opportunity. Some scammers turn to phishing techniques to trick people into handing over their sensitive personal information. They call, text, or email you claiming to be a representative from your bank and state that they noticed some unusual activity related to your accountThe imposters then ask you to click on a link in the email or text message to verify your credentials. Unfortunately, this “verification link” is actually a phishing link, and cybercriminals can use the password or credit card details to walk right into your account. 

Once cybercriminals gain access to your password and username, they may then move on to credential stuffing. Credential stuffing occurs when an attacker inserts the username and password for one account into the login page of another online serviceThis tactic capitalizes on the fact that many people reuse the same username and password across multiple accounts. 

Hackers also use phishing to spread malware onto the devices you use to access online banking servicesThese suspicious emails and text messages disguised as notifications from your bank could contain malicious links or attachments that trick you into downloading malware on your deviceFurthermore, attackers mimic banking and money transfer institutions to collect your credentials and access your sensitive information. 

Put Your Privacy First When Online Banking  

The convenience of paying bills and depositing checks without running to the bank or post office is undeniable. Everyone is always rushing about, so if you’re now doing these things online securing your online privacy is not a responsibility to speed through.  

It’s important that you put your privacy first when using online and mobile banking platforms so you can use these convenient services without jeopardizing your financial accountsFollow these tips to enhance your online banking security:  

1. Manage your bank account responsibly 

Review your bank’s terms and conditions to understand your responsibilities as the account owner and the responsibilities of your bank. Check your accounts regularly for transactions you didn’t make and contact your financial provider as soon as you find an error. Most banks have policies that reimburse you for unauthorized purchases if someone uses your credit card without your permission.  

2. Choose a strong, unique password 

Look at the recommendations provided by your bank, for example, CIBC recommends using longer passwords for your bank account that include a combination of uppercase, lowercase, numbers, and special characters. Additionally, do not reuse this password across your other accounts. If a hacker guesses your password for one of your online accounts, it’s likely that they will check for repeat credentials across multiple sites. By using different passwords or passphrases, you can feel secure knowing that the majority of your data is secure if one of your accounts becomes vulnerable. If you’re worried about forgetting your passwords, subscribe to a password management tool that will remember them for you.   

3. Use multi-factor authentication  

Always opt-in for two- or multi-factor authentication if your financial institution offers it. This is a method of signing in that requires not only a username and password but also a one-time code that is sent by text or email. This extra layer of verification makes it much harder for a criminal to access your sensitive accounts.  

4. Vet third-party apps and platforms 

From splitting the check when eating out with friends to dividing the cost of bills, third-party mobile payment apps are an incredibly easy way to share money. Before downloading these appsdo your research. Ensure that the company behind the app or the app itself hasn’t undergone any major security incidents and that they have a history of patching bugs immediately. If you decide to download a mobile payment app, set your account to private and limit the amount of data you share. Additionally, look for the lock icon in your web browser when logging in to online banking platforms. A closed lock or padlock indicates that the website you’re on is secure. 

5. Learn how to recognize phishing 

Phishing scammers often undo their own plans by making simple mistakes that are easy to spot once you know how to recognize them. These mistakes include spelling or grammar errors throughout the email or text message, using a company’s logo with the incorrect aspect ratio or low resolution, and using a URL with typos. For example, phishers may swap an “o” with a zero, or end the address with “.con” instead of “.com.”  If you receive a message with any of these characteristics, do not click on any of the links and delete it immediately.  

6. Connect to a VPN 

Never conduct your banking business on a public or unsecured wi-fi network. Connect to avirtual private network (VPN), which allows you to send and receive data while encrypting your information. When your data traffic is scrambled, it’s shielded from prying eyes, which protects your network and the devices connected to it. 

Invest in Your Digital Security  

While online banking adds a wealth of convenience to your lives, it’s important that you remain invested in your security first and foremost. Cybercriminals often take advantage of your reliance on digital platforms to disguise themselves as bank representatives and trick you into handing over your personal data. To remain secure while online banking, practice good cybersecurity hygiene by using strong, unique passwords, multi-factor authentication, and stay vigilant while looking for signs of phishing. These tips will help elevate your financial security so you can virtually bank with peace of mind.  

Stay Updated 

To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, subscribe to our newsletter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post Elevate Your Financial Security: How to Safely Bank Online appeared first on McAfee Blogs.

3 Tips to a Holistic Online Security Approach

By Vishnu Varadaraj
Cybersecurity

Cybersecurity is often used as a blanket term to address online safety. Cybersecurity can refer to the software used to protect your devices, but it can also refer to the processes you put in place to protect yourself from online threats. Whether you’re implementing best practices, building awareness of security threats, or installing security software, taking a holistic approach to online security is crucial to remain secure and protected at all times. 

Here are three tips for a holistic online security approach. 

1. Safeguard Your Privacy Starting With Your Devices 

Efficient online protection ultimately begins with you, the end-user, and the steps you take to secure your devices 

The first step to ensure your device is secure is never to leave it unattended. Whether you’re at the grocery store or at home, always keep an eye on your devices. All it takes is a few minutes for someone to steal them or for kids to click on a malicious link while your attention is diverted. Make sure you have a contingency plan in case your device is compromised. For example, if someone steals your device, wipe the information on the device remotely. Revert it to the factory setting, so the thief can’t access your personal information. Regularly back up your data in the event of a lost or compromised device to ensure you retain important documents.  

In some instances, you can also recover deleted files at any time given the right toolsRegularly shred unwanted documents for the files that you want permanently deleted. Install security measures across all devices and your networks to protect your data and privacy. Always lock your device before stepping away and layer your device security with multi-factor authentication to ensure you are the only one who can access your sensitive information. 

Passwords are the gateway to your device and play just as critical a role in securing your personal information. Follow password best practices to prevent cybercriminals or mischievous children from infiltrating files and data. Use long and complex passwords and never reuse them across accounts. You can also use a password manager to keep track of your passwords in one centralized and secure location. 

2. Assess Your Awareness and Implement Best Practices 

Strengthen your protection strategy by layering your physical device security with an enhanced awareness of relevant threats. Start by first taking a step back to assess your online persona. In other words, who are you? Are you a college student or a remote working parent who teleconferences frequently? Do you own an iOS device? Understand what your online devices and habits say about you as a person, as this will affect why and how cybercriminals target you. 

For example, if you frequently teleconference for work or medical visits, you need to be aware of the teleconferencing risks of remote work or telehealthRemote workers and telehealth patients face threats such as phishing emails or disrupted video conference calls. As a result, users must know the importance of using a video conferencing tool with end-to-end encryption and not sharing sensitive information through chat features.  

Once you know the risks you face as an online user, consider the specific daily best practices for online safety. One good habit includes regularly updating your devices and software. Updating laptops, mobile devices, and routers ensure that existing bugs are fixed and security flaws are patched. Devices not equipped with the latest software are vulnerable to hackers.  

Additionally, many cybercriminals will use social media to identify victims and target them through social engineering tactics. For example, they will send phishing emails to steal personal information and sell it on the dark web or hold it for ransom. Once you know what to look for, phishing emails are easy to spot. From there, you can send malicious messages straight to your trash folder and sidestep the threats that lie within. Check your privacy settings to control who can view your posts and ensure you receive notifications about suspicious activity on your account. Don’t respond to unknown messages and think twice before revealing sensitive information online. Practice better awareness by keeping up with new viruses and vulnerabilities. Use monitoring tools to check if your email or phone number is released in a recent data breach. Keep an eye on your financial accounts and consider freezing your credit to prevent hackers from taking out loans and opening new accounts in your name. Read reports such as McAfee Labs Threats Report and stay informed through credible news sources to stay one step ahead of the latest threats.  

Also, stay aware of online fraud tactics since they are a significant risk for many Canadians. According to a CPA Canada Fraud Study conducted in January, almost three in four of those surveyed have received fraudulent requests including email and telemarketing requests. Evade online fraud by screening for unknown calls and steering clear of unsecured websites asking for sensitive information such as personal identification numbers and bank information. 

3. Leverage the Right Technology and Resources 

The final component of a holistic security strategy involves implementing a complete security suite, such as McAfee Total Protection, across all your devices. Leveraging software security tools is one of the best ways to protect your devices and personal information from online threats. This software takes a multi-layered approach to security to prevent virus infection, detect vulnerabilities and minimize the risk of viruses.  

For example, tools like a VPN and antivirus software take a preventive approach to online security. A VPN encrypts your data, so even if someone were to get their hands on your information, they would not be able to make much sense of it. Antivirus software guards against malware and monitors online traffic and activities for malware.  

Detection and correction capabilities are also crucial to a well-rounded security suite. Identity theft protection is a critical part of this solution to ensure the integrity of your credit, as well as your court and criminal records, remain intact. Report missing ID cards and conduct a background if you suspect someone is impersonating you. The right security solution will be able to monitor your accounts and notify you when it detects unusual activity. It will also be able to guide you through the remediation process to restore your privacy and identity. 

Champion Your Digital Protection  

Effective cybersecurity requires a multifaceted approach to create a holistic security strategy. This approach should integrate layered protection starting with your devices, expanding to your threat awareness, and ending with the software tools you leverage to enhance your digital security. With a strategic framework in place, you can rest assured knowing that you are well equipped to handle whatever malicious threat comes your way. 

Stay Updated  

To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, subscribe to our newsletter, listen to our podcast Hackable?, and ‘Like’ us on Facebook. 

The post 3 Tips to a Holistic Online Security Approach appeared first on McAfee Blogs.

Seeking Reconnection: Internet Usage and the Return to Travel

By McAfee

Even as the internet kept us connected with family and friends during the pandemic, people remain understandably eager to reconnect in person as vaccines roll out and restrictions ease. In fact, people are making travel plans accordinglyNearly two-thirds (64%) of people worldwide said that they’re planning to travel for leisure this year. And, as always, they’re bringing their devices with them. 

These are a few of the top-line findings from our 2021 Consumer Security Mindset Report: Travel Edition, which garnered responses from more than 11,000 people aged 18 to 75 in eleven countries across North and South America, Europe, Asia, and the South Pacific. More broadly, this survey provides insight into people’s plans and preferences for travel and how they view online security while travelingparticularly after relying heavily on the internet at home during the pandemic for more than a year. 

People are more connected and more protected in 2021 

Indeed, people feel more connected by the internet today than they did prior to the onset of COVID-19 with significant 76% of respondents stating as muchIn light of that increasing reliance on the internet, 61% reported implementing more protection for their devices, connected homes, and online activities in general. This was particularly the case in nations like India (86%), Mexico (79%), and Brazil (68%). However, other nations trended much lower than the average, such as the UK (47%) and France (34%). In the U.S., that figure was lower than the international trend with roughly half of the people implementing more protection. 

Internet security while traveling

People are planning on traveling once again 

Acalled out earlier, people are taking the first steps toward leisure travel once again. Only 12% of people in the U.S said that they were planning on traveling internationally compared to a global average of 16%, while nations like Singapore (30%), the UK (25%), and Germany (24%) trending well above the average. In contrast, the outlook for domestic leisure travel appears exceptionally strong, particularly for respondents in Australia (88%), India (79%) and the U.S. (77%) who plan to travel as such. 

The pandemic has shaped people’s views on where they’d like to stay, with 62% stating that their preference for lodging has changed this yearWell over one-third of respondents in the U.S., Australia, Indonesia, and Canada said that staying with family and friends as their preferred option. Globally speaking, hotel and motel accommodations topped the list at 41%. Vacation home rentals entered the mix as well with roughly 25% of respondents saying a rental was part of their plan. 

Current attitudes on connecting to Wi-Fi while traveling 

Yet how have attitudes changed toward connecting to networks outside of the home, particularly after the past year saw the majority of people improve their security at home? 

For a baseline, we found that 80% of respondents said that they’ve connected a device when visiting a home or place that is not their own. The devices they mentioned most include laptops, streaming devices, Bluetooth speakers, and gaming devices as well. To connect those devicesthey’ll use the home network of the friend’s or rental home where they’re staying (48%) or the network provided by the hotel where they’re staying (48%). And while in-between places, public Wi-Fi remains a popular means of network connection at 50%, along with airport Wi-Fi (41%) plus transit Wi-Fi (31%). Internet security while traveling

As to how secure people feel on those networks, the answer varies greatly. While people expect low risk or no risk at all on their home network (85%) or a friend’s home (73%), they’re far less apt to trust other networks. In general, they see Wi-Fi networks as most vulnerable to cyber threats than any other network or device at 68% and feel most at risk connecting to networks in hotels (25%) and rentals (21%).  

Despite these findings, only 47% people said they take the same online security measures that they take at home when they’re on holiday or vacation. Similarly, just 52% of people check if the network they are joining is secure before they connect. Of that, 22% say they don’t check because they feel the network poses no threat and another 26% say that they simply don’t know how to check. 

Protecting your computers and devices while you’re away 

As travel becomes an actual possibility for people once again, it’s an opportunity to remember just how important security is outside the home. Whether people are at home or away, there will be banking to do, chances to shop online, and moments to stream a few shows while at the airport or on the road. Protecting laptops and mobile devices for travel become extra important when using public, airport, and public Wi-Fi, as those networks can expose people to more threats than their home networks.  

With that, here are five things people can do to protect themselves and others while traveling: 

  1. Connect with caution. Be cautious when connecting to public Wi-Fi while on vacation and make sure the Wi-Fi is secure and attached to a trusted source. Ensure that you don’t conduct any financial transactions or share any personal details while on public Wi-Fi. 
  2. Look into using a virtual private network (VPN). A VPN can provide bank-grade encryption that protects your data while you shop, bank, or simply surf online when connected to public Wi-Fi. 
  3. Consider a holistic security solution. Understand what tools are available to you in order to give you peace of mind that your identity and personal information across all of our devices are safeguarded this summer travel season. 
  4. Update your software. Before you travel, check for any software updates on your devices. Updates often fix security bugs in addition to adding features or providing performance boosts. 
  5. Keep devices protected and close. Distracted vacationers are the perfect target for thieves looking to steal devices—whether that’s a phone, laptop, tablet, or game. Ensure accounts have multi-factor authentication to double-check the authenticity of digital users in case the device gets in the wrong hands.

The post Seeking Reconnection: Internet Usage and the Return to Travel appeared first on McAfee Blogs.

How to Remain Secure While Using Running Apps

By Vishnu Varadaraj
Running App

When gyms were forced to close last year, you likely looked for other ways to get some exercise and stay active during quarantine. From investing in a few pairs of dumbbells or perhaps downloading an app or two to help you track your workouts, you found alternatives to help you break a sweat. As an accessible, easy way to release endorphins, running quickly grew in popularity along with the platforms that help runners stay accountable. According to Runner’s World, there was a 34% uptick in outdoor miles logged by common fitness apps between March and September 2020 compared to the same stretch in 2019. But are these tools potentially endangering your privacy?  

According to TechCrunchrunning apps could potentially threaten your security if the data they collect ends up in the wrong hands. Let’s explore the functionalities of these apps and how they could pose a threat to your online safety.  

 

Running Apps Do Not Have  a Secure Track Record 

Running apps are solid companions for advanced and amateur runners alike, allowing you to track the length of your run and set a pace for yourself. These apps learn a lot about you the more you use them by gathering health data like your height and weight and even your location. But similar to the threats that exist when you overshare on other online platforms, this data could pose a serious threat to your privacy. For example, location data could identify where you live or where you work – information that you definitely wouldn’t want in the hands of a strangerIf a cybercriminal is able to hack into your account, they could exploit this information to commit identity theft or craft a phishing email disguised as your employer.  

Additionally, many of these apps lack basic security measures to prevent hackers from breaking into accounts or from health and fitness data from spilling out. For examplemany popular running apps allow the most basic passwords like “qwerty” and “password.” Oftentimes, hackers automate their attacks by targeting accounts with easy-to-crack passwords like the ones mentioned. This allows them to exploit the most accounts with as little effort as possible. Furthermore, these apps do not have the option to set up two-factor authentication, which creates an additional barrier to prevent hackers from exploiting reused passwords 

 

How Can You Hit Your Security Stride?  

No matter where you are in your fitness journey, it is essential to take the necessary precautions to minimize the risks of the platforms you use to hold yourself accountable – running apps included. If you are looking to hit your stride while keeping security and privacy top of mind, follow these tips:  

1. Use a strong, unique password  

Your password is your first line of defenseso it is important that you use one that is strong and unique to your other account credentials. If a hacker does manage to guess your password for one of your online accounts, it is likely they will check for repeat credentials across multiple sites. By using different passwords or passphrases, you can feel slightly more at ease knowing that the majority of your data is secure if one of your accounts becomes vulnerable.  

You can also use a password managerto help you create strong passwords, remove the hassle of remembering numerous passwords, and log  on to websites automatically. 

2. Update your app’s privacy settings  

Some running apps are configured to publicly share user data by default. After you download an app, spend some time researching how to change these settings so your data is not shared with strangers without your permission. 

3. Turn on automatic software updates 

If your running app of choice does undergo any security updates, make sure that they are installed as soon as possible. Developers actively work to identify and address security issues. Frequently update your operating systems and apps so that they have the latest fixes and security protections. The easiest way to do this is to enable automatic software updates on your mobile device. 

4. Disable unnecessary features  

Next time you go for a run with your location services on, think again about what risks this poses to your virtual security and your physical safety. Enhance your security by only enabling the features that are necessary to optimize your fitness performance. This will help prevent hackers from using your location as a vehicle to invade your privacy.  

 

Reduce the Risk of Running Apps to Stay Secure 

Since the data collected on running apps involves sensitive health and location information, it is worth reviewing the privacy policies for all of the fitness platforms you regularly use to see how your data might be affected. To ensure that you can keep moving toward your fitness goals while protecting your online safety, stay educated on the tools you use to track your progress and implement the necessary security measure to do so with security in mind.  

 

Stay Updated 

To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, subscribe to our email, listen to our podcast Hackable?, and ‘Like’ us on Facebook.  

The post How to Remain Secure While Using Running Apps appeared first on McAfee Blogs.

Beware of Social Media Scams

By Jean Treadwell
Social Media Scams

Social media is a great place to connect with friends and family. Unfortunately, it is also a great place for misinformation to run rampant, and it is a virtual treasure chest for cybercriminals to steal personal information. Over 25 million Canadians own a social media account, and more than 80% of the Canadian population is expected to be on social media by 2025.

Check out this roundup of common social media scams so you can network intelligently, spot misinformation, and stop its spread.

1. Misinformation

The classic saying of “Don’t believe everything you see on TV” applies neatly to “Don’t believe everything you read on social media.” There is a resurgence of false news reports circulating on social media surrounding COVID-19 and the vaccine. For example, 5G aiding the spread of the virus and the preventive properties of garlic are just two of the rumors about COVID-19.

Misinformation leads to chaos and is a major threat to public health. Before you reshare a post or article, it is great to take a few minutes to digest the message, determine if it is true, and ask yourself if friends and family would genuinely benefit if they heard the news it carries.

There are a few tell-tale signs of fake news posts. First, they often try to inspire extreme emotions, such as rage and indignation, to prompt people to share immediately. Next, fake news reports are frequently poorly written and vague about where they received their information. Always try to find the primary source for “facts.” In the case of COVID-19 news, all health tips should be sourced from a licensed medical professional.

If you are ever in doubt about the facts, especially when they deal with public health, do not share the post. Instead, leave the reporting to trained medical professionals. Consult the World Health Organization and the Public Health Agency of Canada or direct your network to #ScienceUpFirst for the latest and most accurate reports about COVID-19 and the vaccine.

2. Data Leaks

There was a recent data leak at Facebook, and the contents of about half a billion accounts were posted on a hacking website, including 3.49 million Canadian accounts. Hackers can get a lot of mileage out of just one social media profile because it contains all the greatest hits of information needed to verify an identity.

Most profiles list your real full name, birthday, your relationship status, your hometown, and contact information. Also, hackers can skim a user’s posting history to find even more personal details. Many social media users have posted at one time or another a “get to know you” post, where they list many revealing facts. These posts are a pot of gold to cybercriminals. They are basically lists of possible answers to security questions: Where did you go to primary school? What was the model of your first car? What is the name of your favorite stuffed animal?

Another recent trend that can make you vulnerable in case of a data leak is posting COVID-19 vaccine cards. Social media users are excited to share the big milestone of getting their first shot. What they might not realize is that vaccine cards contain vital personal information that could be used by malicious actors. There are alternative ways to share the happy news. Instead, post a picture of the fun bandage the nurse put on your arm or take a selfie outside of the vaccination center.

It is a shame that what you share on social media can be turned against you by cybercriminals, but that does not mean you have to stop sharing details about your life. Instead of posting personal details online that could be used maliciously in the event of a data leak, think about creating an exclusive email newsletter or secure group chat for your closest friends and family.

3. Contest Scams

There is a major thrill when you think you have won something; however, if you receive a notification on social media that you have won a contest, reserve your excitement until you have confirmed its legitimacy. Be especially wary if you do not remember entering a contest.

Contest scams are a type of social engineering tactic used by cybercriminals. Social engineering relies on people’s tendency to trust others. Cybercriminals often capitalize upon extreme emotions, like fear, urgency, and in this case excitement, to trick unsuspecting people into hastily giving up sensitive information.

Phishing is also common in contest scams. Social media users may receive a message that they have won a giveaway and to click on a link to claim their prize. Luckily, easy-to-spot signs of a phishing message include poor grammar, misspellings, and a sense of urgency. Always approach these types of messages with caution. Instead of clicking on any of the links, hover your cursor over them to see where they redirect. If the redirect site URL is suspicious and contains misspellings, steer clear.

If you ever receive a notification on social media that you have won a prize, remain skeptical until you have verified the authenticity. Locate the organization’s official social media page (which you can likely find on their website), and direct message them for more details.

How to Network Safely

With all of these common scams floating about and waiting to strike, check out these tips to network safely.

1. Consider how much you share

The joy of social media is sharing your everyday life with your friends and family. It is fun to have dozens of people wish you a happy birthday on your profile, but consider removing the year of your birthday. Also, consider removing your phone number, home address, and email address from your profile. If a friend or family member wants to get in touch with you, they can personally direct message you. Cybercriminals can take your contact information and full birthday and use it to steal your identity, so it is best not to post it online.

2. Confirm the truth before sharing

While you may want to share the latest news with your networks, do not share information that you are not sure is true. According to Statistics Canada, only half of Canadians investigated the accuracy of COVID-19 social media posts before they reshared. Do your due diligence and be a part of the solution, not part of the problem.

3. Protect your devices from viruses and malware

Even if you are a diligent and intelligent social media user, there is a chance that you could accidentally click on a phishing link. In case this happens, you should have a backup plan to safeguard your devices and your personal information from viruses and malware. Protect your devices with a comprehensive antivirus program, such as McAfee Total Protection. You can rest assured that if you or a member of your family accidentally opens a malicious link, your devices will be safe.

The post Beware of Social Media Scams appeared first on McAfee Blogs.

World Password Day: Make Passwords the Strongest Link in Your Online Security

By Baker Nanduru
World Password Day

World Password Day isn’t the most popular day on the calendar, but it’s an important reminder that good password hygiene is essential to staying safe online. This World Password Day, we’d like to talk about improving your password hygiene, how you can help your friends and family improve theirs, and what the future of authentication holds.

Hacking attempts have escalated throughout 2020

The SolarWinds hack in 2020 is one of the most devastating hacks in the history of the internet. Close to 20,000 company’s systems were compromised, losing billions of pieces of data in the process. If you’re one of the 37% of Americans that go long periods of time without updating passwords*, large-scale attacks like SolarWinds can be devastating. By stealing so many login credentials simultaneously, attackers can potentially access exponentially more accounts by reusing leaked credentials on different sites. Unfortunately this is not an isolated event, data breaches from websites and services we frequently use continue to happen through 2021 as well.

According to a recent survey we conducted, 34% of Americans have reused the same, or similar, password more than once. By using the same password for multiple accounts, attackers only need to find one password, creating a domino effect that makes it easier to access more accounts. If that password is weak, it becomes even easier to tip over that first domino.

Current ways to protect your accounts

Our guidance is to create strong, hard-to-guess passwords to protect your accounts. We recommend creating a unique password for every online account, using more than 16 characters, with upper and lower case letters, some numbers, and special symbols, to make a stronger than average password. How are you supposed to remember all of those strong passwords, though?

Well, password managers, especially those included in comprehensive security suites like McAfee® Total Protection, do much of the heavy lifting for you. For instance, McAfee’s integrated password manager not only helps you create stronger passwords and store them, but will also autofill your credentials and log you into websites as well. These convenient features extend beyond just your computer and can be used on other devices like your phone and tablet. Best of all, password managers that are an integrated part of a security suite can be monitored, so you’ll be alerted if your passwords get exposed in a data breach.

You’ve already taken a step towards improving your password hygiene by reading this blog post. But the next step is, have an honest look at your passwords. Do you write them down, use the same for many accounts, or use weak ones? Then it may be time for a change to better protect your accounts and the personal info in those accounts.

If you’re like a certain member of my family—that will remain nameless, Mom—who kept their passwords written down in a notepad, making the change to a password manager (McAfee’s, naturally) was a life-changing moment. Not only did it help her see just how often she was using the same login credentials, she now has an easy way to store, auto-fill, and even generate strong passwords across all her accounts and devices. An intended bonus was that she also realized how many accounts she was no longer using!

Strong passwords are only the start

Now that you know more about what makes a strong password and how to protect them, let’s talk about why strong passwords are just the start of keeping your accounts safe. You’re probably already using Two-Factor Authentication for apps and services, but you may not have heard the term before. Two-Factor Authentication, or 2FA, is the second layer of protection to authenticate or prove you are the owner of this account. If you’ve received a text message or an email to confirm a new account signup, that’s a type of 2FA.

Text messages and email aren’t the only types of 2FA. There are USB keysapps, and even systems built-in to your phone, like facial recognition to open phone apps, for example. Some popular 2FA options are USB keys and Google Authenticator.

The great thing about 2FA is that it helps make your strong passwords even more effective by stopping an attacker from using stolen credentials. If you fell victim to a phishing attack that looked like your bank’s website, the attacker would have your email and password combination. Without 2FA, they could log into your account and pretend they’re you. With 2FA in place, it becomes much harder for an attacker to access your account because they’re missing that last important piece of information.

The future of passwords

Humans are almost always the weakest link when it comes to securing information. But by committing ourselves to better password practices, with help from the latest technology, we can make sure passwords are a strong link in our security chain; one that will only get stronger in the future.

For instance, using a device like a key-fob, new passwordless systems can authenticate a user without entering their login details. Not only does this make logging into your accounts lightning fast, you also never have to remember a complicated password again.

Biometric locks, like FaceID, are another example of passwordless entry. Using your face, or a fingerprint to authenticate yourself makes it much harder for attackers to break into your accounts.

Happy World Password Day

We hope this Password Day post has helped answer some questions about password hygiene and how to take better care of your online accounts. Online security changes from day to day, so staying aware of new technologies and building safe new habits is essential. Perhaps one day this day will no longer need to exist on our calendars, as we look to a future where we might not need passwords at all. While we collectively make strikes towards this future, let’s celebrate this day while it lasts.

 Stay Updated

To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home  on Twitter, subscribe to our email, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post World Password Day: Make Passwords the Strongest Link in Your Online Security appeared first on McAfee Blogs.

The Mothers of Invention: Women Who Blazed the Trail in Technology

By Judith Bitterli

It’s easy to imagine where we would be without women in technology.

We’d be poorer for it.

With Mother’s Day upon us, I couldn’t help but think once more about the stark employment figures I shared in my International Women’s Day blog just a few weeks ago. Millions of women have involuntarily left the workforce at a much higher rate than men during the pandemic—with roughly one third of women in the U.S. aged 25-44 citing that childcare was the reason for that unemployment.

Reflecting on this further, I thought about the women in technology who’ve left their positions during this past year. It’s a loss of talent and capability that’s set back decades of advances by trailblazing women who not only shine in their field yet also do so in male-dominated realms of study, research, and employment.

So as we look ahead to recovery, we should also look back. By celebrating just a few of the women in technology who shaped our world today, women who truly are “mothers of invention,” perhaps we can remember just how vital women are in our field—and how we should double down on our efforts to welcome them back.

Margaret Hamilton—The software that ran the moon landing

Imagine a time when the term “software engineering” wasn’t recognized, even though it was crucial to us landing on the moon.

Such were the days when Margaret Hamilton began her work at Massachusetts Institute of Technology (MIT) as a job to support her family while her husband went to law school at Harvard. This was in 1959 and would introduce her to Edward Lorenz, the father of chaos theory, and put her on the path to help humanity set its first footsteps on the moon.

It was her work and her code that developed a software-driven system that warned astronauts of in-flight emergencies, an advance she credits her young daughter for inspiring, as recounted in this interview:

Often in the evening or at weekends I would bring my young daughter, Lauren, into work with me. One day, she was with me when I was doing a simulation of a mission to the moon. She liked to imitate me – playing astronaut. She started hitting keys and all of a sudden, the simulation started. Then she pressed other keys and the simulation crashed … I thought: my God – this could inadvertently happen in a real mission.

I suggested a program change to prevent a prelaunch program being selected during flight. But the higher-ups at MIT and NASA said the astronauts were too well trained to make such a mistake. Midcourse on the very next mission, Apollo 8, one of the astronauts on board accidentally did exactly what Lauren had done. The Lauren bug! It created much havoc and required the mission to be reconfigured. After that, they let me put the program change in, all right.

Karen Spärck Jones—The intelligence behind search

When you search online, you have this woman to thank.

A true pioneer, Karen Spärck Jones worked at Cambridge, during which time she developed the algorithm for deriving a statistic known as “term frequency–inverse document frequency” (TFIDF). In lay terms, TFIDF determines how important a word is relative to the document or collection of terms in which it is found. Sound familiar? It should, as her work forms the basis of practically every search engine today.

Spärck Jones remained outspoken with regards to what she referred to as “professionalism” in technology. This had two layers: the first being the technical efficacy of a solution, the second being the rationale for even doing it in the first place. In her words,

“[T]o be a proper professional you need to think about the context and motivation and justifications of what you’re doing … You don’t need a fundamental philosophical discussion every time you put finger to keyboard, but as computing is spreading so far into people’s lives you need to think about these things.”

Rear Admiral Grace M. Hopper

Her vision for computing and her hands-on work led to development of COBOL, a programming language still in use today. Driving that vision was the belief that human language could be used as the basis for a programming language, making it more accessible, particularly for business use. The result was the FLOW-MATIC programming language, which was later developed into COBOL, a language that is estimated to be used in 95% of ATM card swipes.

During her time as a naval officer, she helped transform centralized Defense Department systems into smaller, distributed networks akin to the internet we now know and use. At her retirement near the age of 80, she went to work in the private sector where she held the role of full-time senior consultant until her passing at age 85. This 1983 profile of her, aired when she was 76, is certainly worth a watch.

Radia Perlman—Internet Hall-of-Famer

Quite plainly, Perlman’s work paved the way for the routing protocols that underpin the modern internet.

Prior to Perlman’s work, as networks grew and accordingly became more complex, data would often flow into loops that prevented them from reaching their intended destination. Enter her creation of the Spanning Tree Protocol (STP), which can handle large clouds of computers and network devices. While its since evolved, the concept of an adaptive network remains squarely in place.

Another advance of hers was introducing computer programming to young children aged 3 to 5 back in the 1970s. While working at MIT’s LOGO Lab, she created TORTIS (Toddler’s Own Recursive Turtle Interpreter System), which used buttons from programming and allowed for experimentation with a robotic turtle that would follow a toddler’s commands. In the abstract for her paper that documented the work, she emphasized what she felt was a vital point, “Most important of all, it should teach that learning is fun.”

Getting Involved

These women have led and inspired, and likewise it’s on all of us in technology to build on the advances they made possible through both our work and the workplace cultures we foster—particularly as we begin our recovery from this pandemic.

One of the many reasons I’m proud to be a part of McAfee is our Women in Security (WISE) community. It’s truly a forward-thinking program, which we introduced to enrich and support women in the tech sector through mentorship programs and professional development conferences. It’s one of the several, tangible ways we actively strive for a vibrant and diverse culture at McAfee.

Another powerful voice for women in tech is AnitaB.org, which supports women in technical fields, as well as the organizations that employ them and the academic institutions training the next generation. A full roster of programs help women grow, learn, and develop their highest potential.

And for looking forward yet further, there’s Girls Who Code, which is building the next generation of female engineers and technologists. Their data shows why this is so vital. They found that 66 percent of girls aged six to 12 show interest in computing, but that drops to 32 percent for girls aged 13 to 17, and then plummets to only 4 percent for college freshmen. Accordingly, they support several programs for school-aged girls from third grade up through senior year of high school, help educators and communities launch clubs, and advocate for women in their field through their work in public policy and research.

And that’s just for starters. For an overview of yet more organizations where you can get involved, check out this list of 16 organizations for women in tech—all of which help us realize a better world with women in technology.

The post The Mothers of Invention: Women Who Blazed the Trail in Technology appeared first on McAfee Blogs.

Let’s Make Security Easy

By McAfee

You flick through some reels and an ad for “a more private phone” crops up. You scroll through your news feed and catch wind of yet another data breach at a major retailer. You see a post from a friend who says their social media account was hacked. Maybe you don’t think about security every day, but when you do, it can feel … overwhelming. We’re here to solve that. We’re here to make security easy.  

As security providers, we have to offer protection against a wide variety of threats without adding more complexity to your already busy life. Managing your security should be easy, and even enjoyable. 

Enjoyable?  

Yes. We want you to have a sense of accomplishment, both knowledge and a feeling that you’re safer than you were before.  

With these things in mind, we set out to make your security software work better for you. We streamlined the experience to simplify what you see, while still offering robust protection. After all, true security is the security that you benefit from every day, and it’s up to us as providers to make it smooth and easy as possible. 

Smooth setup & a central hub 

Our new setup process now includes easier navigation, fewer screens, and clearer action items and alerts. It smoothly moves you through setting up protection across all the ways you interact online and your compatible devices. This way, you know that we’re helping to keep you safe whether you’re messaging, browsing, or shopping and banking online. 

Another area where we put a lot of focus is the new home screen. This is your home base, where we clearly show you what your current protection status is in the areas that matter the most to you. This includes making it easier to monitor your personal information and strengthen protections you already use, like passwords. 

Home Screen
Home Screen

 

The home screen is also where you come to perform essential tasks, such as running an antivirus scan. It guides you to take actions when needed, giving you proactive protection, and a clear view of your overall security in one convenient place. From here you can access details on the status of your PC, web, and identity protection.

 

PC Protection Category Page    
PC Protection Category Page  

 

      Caption: Web Protection Category Page
Web Protection Category Page

 

Identity Protection Category Page
Identity Protection Category Page

Effective Security, Made Easier

While we’re always focused on helping you feel confident and protected online, we realize that making our tools easy to use is just as important. The digital security landscape will continue to be a complicated one, with more than a million new and unique threats cropping up each day, but we can and are making security simpler, and therefore, more effective. 

With easier setup and protection that turns on automatically at the right moments, we want to make security easier for you so that you can feel safer online. We’ve heard your feedback about how we can improve, and we’ll bring all that goodness in a product that you can use every day. 

You’ll find this interface across our McAfee+ family of products, along with continual upgrades and improvements as we roll out more features that will keep you safer online.   

The post Let’s Make Security Easy appeared first on McAfee Blog.

Myth-busting Antivirus Software Assumptions

By Vishnu Varadaraj

The number of new viruses grows every day. In fact, McAfee registers an average of 1.1 million new malicious programs and potentially unwanted apps (PUA) each day, which contributes to the millions and millions already in existence. While there is no way to know when or how cyberattacks will occur, it’s clear that antivirus software is one of the best ways to ensure you, and your devices, are safe. 

Despite its proven strengths, some long-standing myths question the effectiveness of antivirus. To set the record straight, we’ve debunked five of the most common antivirus software myths, so you can rest assured that you are safely navigating the evolving cyber landscape. 

Myth 1: Antivirus software slows down your device 

We expect a lot from our devices—faster performance every time the latest model is released. As a result, many are reluctant to install apps or software that may jeopardize device performance, including antivirus software. 

Many believe that antivirus software will slow down your devices. However, contrary to popular belief, quality antivirus software can improve device performance by using advanced optimizations. It’s this simple: antivirus software conducts regular system-wide scans to identify and prevent viruses and improve performance without compromising efficacy. 

To run these scans, antivirus software requires system resources, which is where this myth originates. If you download or operate more than one antivirus program or download the wrong version for your system, then yes, your device will slow to a crawl. That is why it is essential to install one high-quality antivirus software that meets all your devices’ system requirements. Additionally, best-in-class antivirus software can be set to run during specific hours to avoid delays during the busiest times of your day. 

Myth 2: Antivirus software only protects against a few viruses 

The number of malware strains and potentially unwanted applications (PUA) increases every year. It is understandable why people might think that antivirus software cannot protect against them all. 

However, antivirus software can provide extensive protection against the majority of malicious programs. It does so in two ways: 

  1. It protects you from existing threats based on an extensive list of known threats, which is updated regularly (a good reason to set your software to update automatically rather than manually). 
  2. It protects you from entirely new threats with behavioral detection and machine learning to detect, isolate, and eliminate zero-day digital threats (brand new threats that haven’t been seen before). This approach integrates deep learning algorithms and artificial intelligence (AI) to emulate human-like reasoning and accurately detect threats. In addition, behavioral heuristic-based detection finds new viruses by assessing known malicious behavior, such as abnormal application demands and instructions.  

Taken together, a known list of threats paired with the unique capabilities of machine learning, data science, and AI for advanced threat detection enable antivirus software to protect against a wide range of existing and evolving threats. 

Myth 3: Independent third-party test results are useless 

Can you imagine grading your own driving test? You could omit the dreaded three-point turn and pass with flying colors, but the result wouldn’t be as accurate as that of an unbiased evaluator. This same concept applies to evaluating the efficacy of computer security.  

It’s easy for a company to set up a test environment where they highlight all the excellent capabilities of their antivirus software and gloss over its shortcomings. It’s equally as easy for a company to commission a third-party to conduct a custom test painting the company in a good light. However, the results will not be as comprehensive or accurate as those from an independent third-party. Additionally, they also will not provide a comparative analysis with other company offerings to help users draw their own conclusions. 

Independent third-party test results offer a more thorough evaluation of antivirus software. They also do a better job at evaluating security features. Furthermore, ISO-certified independent third parties lend transparency and credibility to the techniques used and ensure that evaluations align with industry standards. 

Myth 4: Apple products can’t get viruses 

There is a common belief that Apple products are protected against viruses because cybercriminals often target Windows and Android operating systems. However, Apple devices are just as vulnerable to viruses as any other computer or smartphone. Regardless of your device or operating system—macOS, iOS, Windows, or Android—if it connects to a network, it’s susceptible to viruses. 

Windows and Android have long been the dominant operating systems for computers and smartphones. That’s why macOS and iOS have, up until recently, been the lesser focus for cybercriminals. The problem is that cybercriminals want to spread their viruses to the platforms with the largest customer base which just so happens to be Windows and Android. As Apple products continue to grow in popularity, cybercriminals will continue coming out with more viruses specifically targeting Macs, iPhones, and other iOS devices. 

Myth 5: You are 100% protected if you have antivirus software 

Antivirus software is not a guarantee of protection against all viruses. Some malware can and will slip through. This is where antivirus software’s ability to detect and remove malware comes in. Ours comes with a Virus Protection Pledge, which provides a 100% guarantee we’ll remove viruses on your devices, or we’ll give you your money back, all as part of your automatically renewable subscription. 

However, viruses and malware are just one form of attack that hackers and bad actors will wage on their victims. They’ll also make attempts at identity theft or likewise try to invade your privacy—with the intent of stealing passwords, account information, and personal information, which could drain your debit cards, damage your credit, or otherwise impersonate you for their financial gain. 

In this way, antivirus is just one form of protection. To truly stay safe as possible online, you need online protection software that looks after your identity and privacy as well. McAfee+ Ultimate offers our most comprehensive coverage, with  

Fact vs. Fiction: Know what antivirus software can do for you 

It is necessary to bust common myths about antivirus software to protect yourself and your family from cyberthreats. By educating yourself and selecting a best-in-class antivirus software that’s further bolstered by identity and privacy protection, you will be well on your way to implementing an effective protection strategy. 

The post Myth-busting Antivirus Software Assumptions appeared first on McAfee Blog.

What Is a DDoS Attack and How to Stay Safe from Malicious Traffic Schemes

By McAfee
What is a DDoS attack?

What Is a DDoS Attack and How to Stay Safe from Malicious Traffic Schemes

Imagine you’re driving down a highway to get to work. There are other cars on the road, but by and large everyone is moving smoothly at a crisp, legal speed limit. Then, as you approach an entry ramp, more cars join. And then more, and more, and more until all of the sudden traffic has slowed to a crawl. This illustrates a DDoS attack.

DDoS stands for Distributed Denial of Service, and it’s a method where cybercriminals flood a network with so much malicious traffic that it cannot operate or communicate as it normally would. This causes the site’s normal traffic, also known as legitimate packets, to come to a halt. DDoS is a simple, effective and powerful technique that’s fueled by insecure devices and poor digital habits. Luckily, with a few easy tweaks to your everyday habits, you can safeguard your personal devices against DDoS attacks.

DDoS Attacks Are on the Rise

The expansion of 5G, proliferation of IoT and smart devices, and shift of more industries moving their operations online have presented new opportunities for DDoS attacks. Cybercriminals are taking advantage, and 2020 saw two of the largest DDoS offensives ever recorded. In 2020, ambitious attacks were launched on Amazon and Google. There is no target too big for cybercriminals.

DDoS attacks are one of the more troubling areas in cybersecurity, because they’re incredibly difficult to prevent and mitigate.. Preventing these attacks is particularly difficult because malicious traffic isn’t coming from a single source. There are an estimated 12.5 million devices that are vulnerable to being recruited by a DDoS attacker.

Personal Devices Become DDoS Attack Soldiers

DDoS attacks are fairly simple to create. All it takes are two devices that coordinate to send fake traffic to a server or website. That’s it. Your laptop and your phone, for example, could be programmed to form their own DDoS network (sometimes referred to as a botnet, more below). However, even if two devices dedicate all of their processing power in an attack, it still isn’t enough to take down a website or server. Hundreds and thousands of coordinated devices are required to take down an entire service provider.

To amass a network of that size, cybercriminals create what’s known as a “botnet,” a network of compromised devices that coordinate to achieve a particular task. Botnets don’t always have to be used in a DDoS attack, nor does a DDoS have to have a botnet to work, but more often than not they go together like Bonnie and Clyde. Cybercriminals create botnets through fairly typical means: tricking people into downloading malicious files and spreading malware.

But malware isn’t the only means of recruiting devices. Because a good deal of companies and consumers practice poor password habits, malicious actors can scan the internet for connected devices with known factory credentials or easy-to-guess passwords (“password,” for example). Once logged in, cybercriminals can easily infect and recruit the device into their cyber army.

Why DDoS Launches Are Often Successful

These recruited cyber armies can lie dormant until they’re given orders. This is where a specialized server called a command and control server (typically abbreviated as a “C2”) comes into play. When instructed, cybercriminals will order a C2 server to issue instructions to compromised devices. Those devices will then use a portion of their processing power to send fake traffic to a targeted server or website and, voila! That’s how a DDoS attack is launched.

DDoS attacks are usually successful because of their distributed nature, and the difficulty in discerning between legitimate users and fake traffic. They do not, however, constitute a breach. This is because DDoS attacks overwhelm a target to knock it offline — not to steal from it. Usually DDoS attacks will be deployed as a means of retaliation against a company or service, often for political reasons. Sometimes, however, cybercriminals will use DDoS attacks as a smokescreen for more serious compromises that may eventually lead to a full-blown breach.

3 Ways to Prevent Your Devices from Being Recruited

DDoS attacks are only possible because devices can be easily compromised. Here are three ways you can prevent your devices from participating in a DDoS attack:

  1. Secure your router: Your Wi-Fi router is the gateway to your network. Secure it by changing the default password. If you’ve already thrown out the instructions for your router and aren’t sure how to do this, consult the internet for instructions on how to do it for your specific make and model, or call the manufacturer. And remember, protection can start within your router, too. Solutions such as McAfee Secure Home Platform, which is embedded within select routers, help you easily manage and protect your network.
  2. Change default passwords on IoT devices: Many Internet of Things (IoT) devices, smart objects that connect to the internet for increased functionality and efficiency, come with default usernames and passwords. The very first thing you should do after taking your IoT device out of the box is change those default credentials. If you’re unsure of how to change the default setting on your IoT device, refer to setup instructions or do a bit of research online.
  3. Use comprehensive security: Many botnets are coordinated on devices without any built-in security. Comprehensive security solutions, like McAfee Total Protection, can help secure your most important digital devices from known malware variants. If you don’t have a security suite protecting your devices, take the time to do your research and commit to a solution you trust.

Now that you know what a DDoS attack is and how to protect against it, you’re better equipped to keep your personal devices and safe and secure.

Stay Updated

To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, subscribe to our email, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

 

The post What Is a DDoS Attack and How to Stay Safe from Malicious Traffic Schemes appeared first on McAfee Blogs.

True Security Requires a Holistic Approach

By McAfee
Holistic Security

In the eyes of hackers, scammers, and thieves, your online privacy and identity look like a giant jigsaw puzzle. One that they don’t need every piece to solve. They only need a few bits to do their dirty work, which means protecting every piece you put out there—a sort of holistic view on your personal security. One that protects you, not just your devices.

Here’s what’s at stake: we create and share loads of personal information simply by going about our day online, where each bit of information makes up a piece of that giant jigsaw puzzle. Some pieces directly identify us, like our tax returns, bank account information, or driver’s licenses. Other pieces of information indirectly identify us, like the IP addresses assigned to our computers, tablets, and phones—or device ID numbers, location information, and browsing history. And bad actors only need a few key pieces to do you harm, such as committing identity crime in your name or selling your personal information on sketchy websites or the dark web. 

While people show great concern about their personal information, who has it and what’s done with it, our research shows that 70% of people feel like they have little or no control over the data that’s collected about them. However, you have plenty of ways that you can indeed take control—ways that can prevent, detect, and correct attacks on your privacy and identity. That’s where holistic protection comes in. 

What do we mean by holistic protection? 

You can think of holistic protection as layers of shields that protect you and the devices you use. It gives you three layers in all—a Prevention Layer, Detection Layer, and a Correction Layer. 

A holistic and comprehensive security solution like McAfee+ combines those three layers in a way that protects your personal information and keep your identity private, showing you how it does it along the way, so you can see exactly how safe you are. Let’s take a quick look of some of the protections you’ll find in each layer … 

A holistic approach to security

In the Prevention Layer, you’ll see:  

  • A virtual private network (VPN), allowing you to connect securely on a public Wi-Fi network by encrypting, or scrambling, your data while in transit so no one else sees it. It’ll also make your activity far more private, making it harder for advertisers and data collectors to track. 
  • Safe browsing that warns you if a website is risky before you enter your information and can steer you clear of risky links, while a download scanner can prevent downloads of malware or malicious email attachments. 
  • An integrated password managerthat can create and store strong and unique passwords for each of your accounts. This way if one of your accounts is hacked, your other accounts won’t be at risk. 
  • A security freeze service that can prevent hackers and thieves from opening of new credit, bank, and utility accounts in your name.​ 
  • Real-time antivirus that protects your data and devices. 

In the Detection Layer, you have … 

  • Identity monitoring that keeps tabs on everything from email addresses to IDs and phone numbers for signs of breaches so you can take action to secure your accounts before they’re used for identity theft. 
  • McAfee’s industry-first Protection Score that monitors the health of your online protection and shows you ways you can improve your security and stay safe online. 

In the Correction Layer, several other protections have your back … 

  • Identity theft protection & restoration that aids with many of the costs associated with restoring one’s identity through up to $1 million in coverage—along with the services of a licensed recovery pro to help restore your identity.​ 
  • Personal data cleanup that scans some of the riskiest data broker sites and shows you which ones are selling your personal info so that you can remove it on your own or with our help, depending on your plan. 

These are just a few examples of the protections in each layer. And you’ll find our most comprehensive holistic protection in McAfee+ Ultimate, covering your privacy, identity, and devices. 

A Unified Solution for your Privacy, Identity, and Devices 

While your online privacy and identity may look a jigsaw puzzle, protecting it shouldn’t be as complicated. With a holistic security solution for your personal protection, you can minimize your exposure with layers of security that do much of the work for you. 

Antivirus on your PC is not enough. It has not been enough for many decades now. And this becomes more evident as we continue to spend more time online, with the average person spending 6 hours and 54 minutes online each day, leaving clouds of personal information in their wake. 

While standalone apps like a password manager, a VPN app, and an identity solution from different vendors can be piecemealed together with your device security, these are difficult to keep track of and burdensome to maintain. 

We have combined the important tools you need into a seamless and comprehensive experience because good security software is something that you use daily to feel safer online. This is why we are working on your behalf to redefine security, so you can enjoy your connected life with confidence. 

The post True Security Requires a Holistic Approach appeared first on McAfee Blog.

How 2020 Has Shaped The Way We Live Our Lives

By Cyber Safety Ambassador: Alex Merton-McCann
Digital Wellness

How 2020 Has Shaped The Way We Live Our Lives

I’ve had such a busy morning! I’ve hunted down my favourite foundation, bought a puzzle mat, stocked up on special dog food for our naughty new puppy, ordered the groceries, made a few appointments and chatted with several friends. And guess what? I haven’t left my study – or changed out of my pyjamas!! Ssshhh!! Because it’s all happened online…

Are our 2020 Habits Here to Stay?

Of course, some of us embraced the benefits of the online world long before 2020 but the Pandemic forced almost everyone to replace our in-person activities and routines with online ones. New research from McAfee in their 2021 Consumer Security Mindset Report shows that 72% of Aussies made changes in their online activities last year out of convenience which makes complete sense!

But what’s so interesting is that now we have these super handy new online routines in place – we aren’t that keen to give them up! McAfee’s report shows that 76% of Aussies are planning on continuing with online banking, 59% of us want to keep connecting with friends and family online and 55% of us remain totally committed to online shopping! Hear, hear, I say! I am absolutely staying that course too!!

But What About The Risks?

There’s no doubt that there is a lot of upside to managing our lives online but unfortunately there is also a downside – increased risk! The more time spent online, the greater the chance that we will be exposed to potential risks and threats such as phishing attacks, entering details into malicious websites or even becoming a victim of fraud.

McAfee’s research shows that we are aware of the risks of being online. In fact, 66% of us are concerned about the potential dangers of living our lives online with losing control of our financial data top of the list for the majority of us. And almost 2/3 (65%) of us are also worried about having our social media accounts hacked.

But pandemic life has meant that we are now a lot more comfortable with sharing information online. Whether it’s paperless transaction records, text and email notifications, opting to stay logged in or auto-populating forms with our credit card, this level of online sharing does make life so convenient but it can be a risky business! Why, I hear you ask? Because these conveniences usually only work when you share multiple pieces of your contact details. And the more you share, the greater your chance of being hacked or compromised. But the report was very clear – if we can make our online life more seamless then we are only too happy to share our key contact information! Oh dear!!

‘Why Would Hackers Want My Data?’

In addition to confessing that they don’t always take the necessary security precautions, Aussie consumers in McAfee’s report also admitted that they haven’t thought about why hackers might want their data. I don’t know how many people tell me that they don’t need to really bother with a lot of online precautions because they live a pretty boring life and don’t spend that much time online.

But this is a very dangerous way to think. Your online data is like a pot of gold to hackers. Not only can they use it to possibly steal your identity and try to empty your bank accounts but they can also on-sell it for a profit. But the majority of Aussies don’t stop to consider this with the research showing that 64% of Aussies have never considered just how valuable their online data is worth.

Hackers are ALWAYS on the lookout for new ‘up-to-date’ ways to exploit others for money. Don’t forget how quick they were to conjure up scams around COVID in early 2020 – it was just a matter of weeks before Aussies received phishing emails and malicious text messages with the aim of extracting personal information from vulnerable consumers.

But, encouragingly, 85% of Aussies said they would be far more proactive about managing their data if it could be traded as a currency.

How To Protect Your Digital Life

The good news is that there are ways to secure your online life and minimise the risk of being hacked. Here are my top tips:

1.Always Use Multi-Factor Authentication

Yes, it might take a minute or 2 more, but using multi-factor authentication is an easy way to add an additional layer of security to protect your personal data and information. Commit to using it wherever it is offered!

2.Use a VPN

If you live your life out & about like I do then you’ll be very tempted to use Wi-Fi. Using public Wi-Fi to conduct transactions, particularly financial ones is a big no-no! It takes keen hackers minimal effort to set up a fraudulent wi-fi service which could easily fool a busy person into connecting. Using a Virtual Private Network (or VPN) like McAfee® Safe Connect, is the best way of ensuring everything you share over Wi-Fi is safe and secure.

3.Sign Up For A Site Advisor

Browsing the internet with a tool like the McAfee WebAdvisor is a great way of ensuring dangerous malware is blocked if you click on a malicious link in a phishing email. You’ll have real peace of mind knowing you can manage your online life while someone looks out for you!

With 4 kids, 3 pets, 2 jobs – I know I could never get to the bottom of my ‘to-do’ lists without managing the bulk of it online. I often think I should send the internet an e-card at Christmas!! Of course, I understand why corners are cut and precautions are overlooked when we all feel so stretched for time. But just think about how much more time it would take if you were hacked and had to spend hours on the phone to your bank or if you had to reconfigure all your online accounts and social media platforms!!

So, you know what you need to do! Stay safe online everyone!

 

The post How 2020 Has Shaped The Way We Live Our Lives appeared first on McAfee Blogs.

❌