Login
Authored by Dexter Shin
McAfee’s Mobile Research Team introduced a new Android malware targeting Instagram users who want to increase their followers or likes in the last post. As we researched more about this threat, we found another malware type that uses different technical methods to steal user’s credentials. The target is users who are not satisfied with the default functions provided by Instagram. Various Instagram modification application already exists for those users on the Internet. The new malware we found pretends to be a popular mod app and steals Instagram credentials.
Instander is one of the famous Instagram modification applications available for Android devices to help Instagram users access extra helpful features. The mod app supports uploading high-quality images and downloading posted photos and videos.
The initial screens of this malware and Instander are similar, as shown below.
Figure 1. Instander legitimate app(Left) and Mmalware(Right)
Next, this malware requests an account (username or email) and password. Finally, this malware displays an error message regardless of whether the login information is correct.
Figure 2. Malware requests account and password
The malware steals the user’s username and password in a very unique way. The main trick is to use the Firebase API. First, the user input value is combined with l@gmail.com. This value and static password(=kamalw20051) are then sent via the Firebase API, createUserWithEmailAndPassword. And next, the password process is the same. After receiving the user’s account and password input, this malware will request it twice.
Since we cannot see the dashboard of the malware author, we tested it using the same API. As a result, we checked the user input value in plain text on the dashboard.
According to the Firebase document, createUserWithEmailAndPassword API is to create a new user account associated with the specified email address and password. Because the first parameter is defined as email patterns, the malware author uses the above code to create email patterns regardless of user input values.
It is an API for creating accounts in the Firebase so that the administrator can check the account name in the Firebase dashboard. The victim’s account and password have been requested as Firebase account name, so it should be seen as plain text without hashing or masking.
As an interesting point on the network traffic of the malware, this malware communicates with the Firebase server in Protobuf format in the network. The initial configuration of this Firebase API uses the JSON format. Although the Protobuf format is readable enough, it can be assumed that this malware author intentionally attempts to obfuscate the network traffic through the additional settings. Also, the domain used for data transfer(=www.googleapis.com) is managed by Google. Because it is a domain that is too common and not dangerous, many network filtering and firewall solutions do not detect it.
As mentioned, users should always be careful about installing 3rd party apps. Aside from the types of malware we’ve introduced so far, attackers are trying to steal users’ credentials in a variety of ways. Therefore, you should employ security software on your mobile devices and always keep up to date.
Fortunately, McAfee Mobile Security is able to detect this as Android/InstaStealer and protect you from similar threats. For more information visit McAfee Mobile Security
SHA256:
The post Instagram credentials Stealer: Disguised as Mod App appeared first on McAfee Blog.
The great thing about the internet is that there’s room for everyone. The not-so-great part? There’s plenty of room for cybercriminals who are hungry to get their hands on our personal information.
Fortunately, internet scams don’t have to be a part of your online experience. In this article, we’ll tell you about some of the most common internet schemes and how you can recognize them to keep your identity safe.
Scams are scary, but you can prevent yourself from falling for one by knowing what to look for. Here are a few tell-tale signs that you’re dealing with a scammer.
If you get a message that you’ve won a big sum of cash in a sweepstakes you don’t remember entering, it’s a scam. Scammers may tell you that all you need to do to claim your prize is send them a small fee or give them your banking information.
When you enter a real sweepstakes or lottery, it’s generally up to you to contact the organizer to claim your prize. Sweepstakes aren’t likely to chase you down to give you money.
Scammers will often ask you to pay them using gift cards, money orders, cryptocurrency (like Bitcoin), or through a particular money transfer service. Scammers need payments in forms that don’t give consumers protection.
Gift card payments, for example, are typically not reversible and hard to trace. Legitimate organizations will rarely, if ever, ask you to pay using a specific method, especially gift cards.
When you have to make online payments, it’s a good idea to use a secure service like PayPal. Secure payment systems can have features to keep you safe, like end-to-end encryption.
Scammers may try to make you panic by saying you owe money to a government agency and you need to pay them immediately to avoid being arrested. Or the criminal might try to tug at your heartstrings by pretending to be a family member in danger who needs money.
Criminals want you to pay them or give them your information quickly — before you have a chance to think about it. If someone tries to tell you to pay them immediately in a text message, phone call, or email, they’re likely a scammer.
Many scammers pretend to be part of government organizations like the Internal Revenue Service (IRS). They’ll claim you owe them money. Criminals can even use technology to make their phone numbers appear legitimate on your caller ID.
If someone claiming to be part of a government organization contacts you, go to that organization’s official site and find an official support number or email. Contact them to verify the information in the initial message.
Scammers may also pretend to be businesses, like your utility company. They’ll likely say something to scare you, like your gas will be turned off if you don’t pay them right away.
Most legitimate organizations will thoroughly proofread any copy or information they send to consumers. Professional emails are well-written, clear, and error-free. On the other hand, scam emails will likely be full of grammar, spelling, and punctuation errors.
It might surprise you to know that scammers write sloppy emails on purpose. The idea is that if the reader is attentive enough to spot the grammatical mistakes, they likely won’t fall for the scam.
There are certain scams that criminals try repeatedly because they’ve worked on so many people. Here are a few of the most common scams you should watch out for.
A phishing scam can be a phone or email scam. The criminal sends a message in which they pretend to represent an organization you know. It directs you to a fraud website that collects your sensitive information, like your passwords, Social Security number (SSN), and bank account data. Once the scammer has your personal information, they can use it for personal gain.
Phishing emails may try anything to get you to click on their fake link. They might claim to be your bank and ask you to log into your account to verify some suspicious activity. Or they could pretend to be a sweepstakes and say you need to fill out a form to claim a large reward.
During the coronavirus pandemic, new phishing scams have emerged, with scammers claiming to be part of various charities and nonprofits. Sites like Charity Navigator can help you discern real groups from fake ones.
These scams also became much more prominent during the pandemic. Let’s say you’re preparing to fly to Paris with your family. A scammer sends you a message offering you an insurance policy on any travel plans you might be making. They’ll claim the policy will compensate you if your travel plans fall through for any reason without any extra charges.
You think it might be a good idea to purchase this type of insurance. Right before leaving for your trip, you have to cancel your plans. You go to collect your insurance money only to realize the insurance company doesn’t exist.
Real travel insurance from a licensed business generally won’t cover foreseeable events (like travel advisories, government turmoil, or pandemics) unless you buy a Cancel for Any Reason (CFAR) addendum for your policy.
Grandparent scams prey on your instinct to protect your family. The scammer will call or send an email pretending to be a family member in some sort of emergency who needs you to wire them money. The scammer may beg you to act right away and avoid sharing their situation with any other family members.
For example, the scammer might call and say they’re your grandchild who’s been arrested in Mexico and needs money to pay bail. They’ll say they’re in danger and need you to send funds now to save them.
If you get a call or an email from an alleged family member requesting money, take the time to make sure they’re actually who they say they are. Never wire transfer money right away or over the phone. Ask them a question that only the family member would know and verify their story with the rest of your family.
You get an email from a prince. They’ve recently inherited a huge fortune from a member of their royal family. Now, the prince needs to keep their money in an American bank account to keep it safe. If you let them store their money in your bank account, you’ll be handsomely rewarded. You just need to send them a small fee to get the money.
There are several versions of this scam, but the prince iteration is a pretty common one. If you get these types of emails, don’t respond or give out your financial information.
Your online experience is rudely interrupted when a pop-up appears telling you there’s a huge virus on your computer. You need to “act fast” and contact the support phone number on the screen. If you don’t, all of your important data will be erased.
When you call the number, a fake tech support worker asks you for remote access to your device to “fix” the problem. If you give the scammer access to your device, they may steal your personal and financial information or install malware. Worse yet, they’ll probably charge you for it.
These scams can be pretty elaborate. A scam pop-up may even appear to be from a reputable software company. If you see this type of pop-up, don’t respond to it. Instead, try restarting or turning off your device. If the device doesn’t start back up, search for the support number for the device manufacturer and contact them directly.
Scammers will often pose as popular e-commerce companies by creating fake websites. The fake webpages might offer huge deals on social media. They’ll also likely have a URL close to the real business’s URL but slightly different.
Sometimes, a criminal is skilled enough to hack the website of a large online retailer. When a scammer infiltrates a retailer’s website, they can redirect where the links on that site lead. This is called formjacking.
For example, you might go to an e-commerce store to buy a jacket. You find the jacket and put it in your online shopping cart. You click “check out,” and you’re taken to a form that collects your credit card information. What you don’t know is that the checkout form is fake. Your credit card number is going directly to the scammers.
Whenever you’re redirected from a website to make a payment or enter in information, always check the URL. If the form is legitimate, it will have the same URL as the site you were on. A fake form will have a URL that’s close to but not exactly the same as the original site.
These scams are similar to tech support scams. However, instead of urging you to speak directly with a fake tech support person, their goal is to get you to download a fake antivirus software product (scareware).
You’ll see a pop-up that says your computer has a virus, malware, or some other problem. The only way to get rid of the problem is to install the security software the pop-up links to. You think you’re downloading antivirus software that will save your computer.
What you’re actually downloading is malicious software. There are several types of malware. The program might be ransomware that locks up your information until you pay the scammers or spyware that tracks your online activity.
To avoid this scam, never download antivirus software from a pop-up. You’ll be much better off visiting the website of a reputable company, like McAfee, to download antivirus software.
Dealing with credit card debt can be extremely stressful. Scammers know this and try to capitalize off it. They’ll send emails posing as credit experts and tell you they can help you fix your credit or relieve some of your debt. They might even claim they can hide harmful details on your credit report.
All you have to do is pay a small fee. Of course, after you pay the fee, the “credit expert” disappears without helping you out with your credit at all. Generally, legitimate debt settlement firms won’t charge you upfront. If a credit relief company charges you a fee upfront, that’s a red flag.
Before you enter into an agreement with any credit service, check out their reputation. Do an online search on the company to see what you can find. If there’s nothing about the credit repair company online, it’s probably fake.
Admitting that you’ve fallen for an online scam can be embarrassing. But reporting a scammer can help stop them from taking advantage of anyone else. If you’ve been the victim of an online scam, try contacting your local police department and filing a report with the Federal Trade Commission (FTC).
Several other law enforcement organizations handle different types of fraud. Here are a few examples of institutions that can help you report scams.
Fraudsters shouldn’t stop you from enjoying your time online. Just by learning to spot an online scam, you can greatly strengthen your immunity to cybercrimes.
For an even greater internet experience, you’ll want the right tools to protect yourself online. McAfee’s Total Protection services can help you confidently surf the web by providing all-in-one protection for your personal info and privacy. This includes identity protection — which comes with 24/7 monitoring of your email addresses and bank accounts — and antivirus software to help safeguard your internet connection.
Get the peace of mind that comes with McAfee having your back.
The post How to Recognize an Online Scammer appeared first on McAfee Blog.
The growing number of internet crimes targeting senior adults is mind-blowing.
In 2021, more than 92,000 people over the age of 60 reported losses of $1.7 billion, according to IC3, the FBI’s Internet Crime division. That number reflects a 74 percent increase in losses from 2020.
These numbers tell us a few things. They tell us that scamming the elderly is a multi-billion-dollar business for cybercriminals. It also tells us that regardless of how shoddy or obvious online scams may appear to anyone outside the senior community, they are working.
However, information is power. Senior adults can protect their hard-earned retirement funds and government benefits by staying informed, adopting new behaviors, and putting tools in place designed to stop scammers in their tracks. And, when possible, family, friends, and caregivers can help.
The FBI said confidence fraud and romance scams netted over $281 million in losses.
The top four types of scams targeting seniors: Romance scams (confidence scams), fake online shopping, false utility representatives, and government agent imposters. Here’s how to make a few shifts to mindset and your daily routine and steer clear of digital deception.
Just as the seasons change in our lives, so too must our behaviors when connecting to people and information via our devices. Cybercriminals target older people because they assume they aren’t as informed about schemes or technically savvy as younger people. Senior adults and their loved ones can work daily to change that narrative. With the right mindset, information, and tools, seniors can connect online with confidence and enjoy their golden years without worrying about digital deception.
The post Seniors: How to Keep Your Retirement Safe from Online Scams appeared first on McAfee Blog.
As millions of people around the world practice social distancing and work their office jobs from home, video conferencing has quickly become the new norm. Whether you’re attending regular work meetings, partaking in a virtual happy hour with friends, or catching up with extended family across the globe, video conferencing is a convenient alternative to many of the activities we can no longer do in real life. But as the rapid adoption of video conferencing tools and apps occurs, is security falling by the wayside?
One security vulnerability that has recently made headlines is the ability for uninvited attendees to bombard users’ virtual meetings. How? According to Forbes, many users have posted their meeting invite links on social media sites like Twitter. An attacker can simply click on one of these links and interrupt an important conference call or meeting with inappropriate content.
Online conferencing tools allow users to hold virtual meetings and share files via chat. But according to Security Boulevard, communicating confidential business information quickly and privately can be challenging with these tools. For example, users are not always immediately available, even when working from home. In fact, many parents are simultaneously doubling as working parents and teachers with the recent closure of schools and childcare providers. If a user needs to share private information with a coworker but they are unable to connect by video or phone, they might revert to using a messaging platform that lacks end-to-end encryption, a feature that prevents third-party recipients from seeing private messages. This could lead to leaks or unintended sharing of confidential data, whether personal or corporate. What’s more, the lack of using a secure messaging platform could present a hacker with an opportunity to breach a victim’s data or device. Depending on the severity of this type of breach, a victim could be at risk of identity theft.
With the recent surge of new video conferencing users, privacy policies have been placed under a microscope. According to WIRED, some online conferencing tools have had to update their policies to reflect the collection of user information and meeting content used for advertising or other marketing efforts. Another privacy concern was brought to light by a video conferencing tool’s attention-tracking feature. This alerts the virtual meeting host when an attendee hasn’t had the meeting window in their device foreground for 30 seconds, resulting in users feeling that their privacy has been compromised.
As users become accustomed to working from home, video conferencing tools will continue to become a necessary avenue for virtual communication. But how can users do so while putting their online security first? Follow these tips to help ensure that your virtual meetings are safeguarded:
There are plenty of video conferencing tools available online. Before downloading the first one you see, do your research and check for possible security vulnerabilities around the tools. Does the video conferencing tool you’re considering use end-to-end encryption? This ensures that only meeting participants have the ability to decrypt secure meeting content. Additionally, be sure to read the privacy policies listed by the video conferencing programs to find the one that is the most secure and fits your needs.
To ensure that only invited attendees can access your meeting, make sure they are password protected. For maximum safety, activate passwords for new meetings, instant meetings, personal meetings, and people joining by phone.
To keep users (either welcome or unwelcome) from taking control of your screen while you’re video conferencing, select the option to block everyone except the host (you) from screen sharing.
By turning on automatic updates, you are guaranteed to have all the latest security patches and enhancements for your video conferencing tool as soon as they become available.
The post How Secure Is Video Conferencing? appeared first on McAfee Blog.
Whether you think you might have a virus on your computer or devices, or just want to keep them running smoothly, it’s easy to do a virus scan. How to check for viruses depends on the software and device you have, so we’ll go through everything you need to know to run a scan effectively and keep your computers, phones and tablets in tip-top shape.
First, let’s cover a few of the telltale signs your device might have a virus. Is your computer or device acting sluggish or having a hard time booting up? Have you noticed missing files or a lack of storage space? Have you noticed emails or messages sent from your account that you did not write? Perhaps you’ve noticed changes to your browser homepage or settings? Or maybe, you’re seeing unexpected pop-up windows, or experiencing crashes and other program errors. These are all examples of signs that you may have a virus, but don’t get too worried yet, because many of these issues can be resolved with a virus scan.
Each antivirus program works a little differently, but in general the software will look for known malware that meets a specific set of characteristics. It may also look for variants of these known threats that have a similar code base. Some antivirus software even checks for suspicious behavior. If the software comes across a dangerous program or piece of code, it removes it. In some cases, a dangerous program can be replaced with a clean one from the manufacturer.
The process of checking for viruses depends on the device type and its operating system. Check out these tips to help you scan your computers, phones and tablets.
If you use Windows 10, go into “Settings” and look for the “Updates & Security” tab. From there you can locate a “Scan Now” button.
Of course, many people have invested in more robust antivirus software that has a high accuracy rate and causes less drain on their system resources, such as McAfee Total Protection. To learn how to run a virus scan using your particular antivirus software, search the software’s help menu or look online for instructions.
Mac computers don’t have a built-in antivirus program, so you will have to download security software to do a virus scan. There are some free antivirus applications available online, but we recommend investing in trusted software that can protect you from a variety of threats. Downloading free software and free online virus scans can be risky, since cybercriminals know that this is a good way to spread malware.
Whichever program you choose, follow their step-by-step instructions on how to perform a virus scan, either by searching under “help” or looking it up on their website.
Yes, you can get a virus on your phone or tablet, although they are less common than on computers. However, the wider category of mobile malware is on the rise and your device can get infected if you download a risky app, click on an attachment in a text message, visit a dangerous webpage, or connect to another device that has malware on it.
Fortunately, you can protect your devices with mobile security software. It doesn’t usually come installed, so you will have to download an application and follow the instructions.
Because the Android platform is an open operating system, there are a number of antivirus products for Android devices, that allows you to do a virus scan.
Apple devices are a little different because they have a closed operating system that doesn’t allow third parties to see their code. Although Apple has taken other security precautions to reduce malware risks, such as only allowing the installation of apps from Apple’s official app store, these measures aren’t the same as an antivirus program.
For more robust protection on your Apple devices, you can install mobile security software to protect the private data you have stored on your phone or tablet, such as contacts, photos and messages.
If safeguarding all your computers and devices individually sounds overwhelming, you can opt for a comprehensive security product that protects computers, smartphones and tablets from a central control center, making virus prevention a breeze.
New online threats emerge every day, putting our personal information, money and devices at risk. In the first quarter of 2019 alone McAfee detected 504 new threats per minute, as cybercriminals employed new tactics. That’s why it is essential to stay ahead of these threats by using security software that is constantly monitoring and checking for new known threats, while safeguarding all of your sensitive information. Virus scans are an essential part of this process when it comes to identifying and removing dangerous code.
Most antivirus products are regularly scanning your computer or device in the background, so you will only need to start a manual scan if you notice something suspicious, like crashes or excessive pop-ups. You can also program regular scans on your schedule.
Of course, the best protection is to avoid getting infected in the first place. Here are a few smart tips to sidestep viruses and other malware:
The post How To Do A Virus Scan appeared first on McAfee Blog.
Molding and shaping our kids while we can is every parent’s dream. When kids are young – and sweet! – they are far more inclined to take on board our advice and lovingly imposed rules. Oh, how I miss those days!! And in a nutshell – that’s what a good set of parental controls can do for you and your kids. In my opinion, parental controls can absolutely help you create good habits but it’s essential that they are accompanied by an invested parent who’s keen to help their kids navigate the online world.
With Aussie kids spending at least 5 hours online a day, it’s no secret that they can be exposed to a broad range of people, websites and themes – some potentially quite disturbing. And with most kids sporting an internet-connected phone plus a laptop, there’s no limit to what they can access – and usually when you aren’t around.
I like to think of parental controls as another way of helping establish healthy habits and good decision-making strategies with your kids. For example, if you have told your kids there is no screen time before bed, then you are able to use Parental Controls to make that a reality. And if you have agreed that they are able to use only certain apps or social media platforms then Parental Controls can also make this happen by blocking access if they deviate. I believe that over time, these routines, and boundaries simply become part of your child’s day-to-day life and become good habits.
McAfee’s Parental Controls, called Safe Family, can also let you view your kids’ activity online and let you know where your kids are at all times. How good??
While it’s commonly believed that it takes just 21 days to form a habit, courtesy of Dr Maxwell Maltz in the 1960’s, more up-to-date research shows that it could take considerably longer. In fact, research conducted in 2010 by Health Psychology Researcher Philippa Lally at The University College in London shows that it takes around 2 months or 66 days to be precise to make a new habit stick!
And while I love the idea that we could help our kids adopt new positive habits in just 2 months, I think we need to keep it real. Fear of missing out (FOMO) coupled with the lure of their shiny devices might mean that it takes a little more than 66 days to make a change, particularly if you are trying to modify their current usage as opposed to starting from scratch.
There is no-one that better understands just how time poor parents can be. Having spent the last 20 plus years rearing 4 boys and working, I feel like I’ve earnt the time poor t-shirt! So, understandably, many parents feel like they just don’t have the ‘band with’ to take on much more so digital parenting is often put in the too hard basket. And I totally get it!
But using parental controls without some knowledge of your kids’ digital world, is a little like filling your car with petrol but not worrying about the oil. It will eventually be a problem!
So, I’m going to break it down for you. Digital parenting doesn’t have to be overwhelming, particularly if you break it down. So, in a quest to keep it simple, here are 4 things you can do to up your digital parenting game:
The day your child picks up a device is the day you start talking about cybersafety. If this is when they are 18 months of age, then that’s when you start. Always ensure the messages are age-appropriate and keep them simple. You could start with:
And when your kids get older, weave in more age-appropriate messages, such as:
Knitting cybersafety messages into your family dialogue needs to also become automatic. Talk about it just like you would sun safety or road safety. And why not share stories around the dinner table about your own online experiences or even relevant news stories to engage them in a dialogue.
I love the idea of a clear contract between parents and kids that details your expectations about their online behaviour and technology use. It’s a great way of developing a set of guidelines that will help them navigate the risks associated with being online. Now, this agreement should definitely be a family exercise so ensure your kids are invested in the process too. If you want a starting point, check out this one from The Modern Parent here.
Taking some time to understand how your child spends their time online is the best way of truly understanding the risks and challenges they face. So, join ALL the social media platforms your kids are on, play their games and download their messaging apps. You will develop a better understanding of how to manage privacy settings and the language/online culture that is a big part of your child’s life. And the best part – if they know you understand their world, I have no doubt that you will develop a little ‘tech cred’ which mean that they will be more likely to come to you with any issues or problems that may face online. Awesome!
There is some amazing technology available that makes this digital parenting thing a heck of a lot easier and that includes Parental Controls. McAfee’s Safe Family is a comprehensive parental controls solution that lets you monitor and block apps and websites, manage screen time, see where your kid’s devices are at all times, and more, giving you peace of mind in an ever-mobile world. The perfect partner to an invested parent!
Parental Controls can be an awesome way of helping your kids establish positive habits around their tech use, but they are even more impactful when combined with an invested parent who has got a good handle on the online world. So, by all means, invest in Parental Control software but also commit to ramping up your digital parenting game – it’s the best way to help set up your kids for a safe and positive experience online. And isn’t that every digital parent’s dream!
Take Care
Alex
The post Can Parental Controls Can Help You Create Good Habits? appeared first on McAfee Blog.
While biometric tools like facial ID and fingerprints have become more common when it comes to securing our data and devices, strong passwords still play an essential part in safeguarding our digital lives.
This can be frustrating at times, since many of us have more accounts and passwords than we can possibly remember. This can lead us to dangerous password practices, such as choosing short and familiar passwords, and repeating them across numerous accounts. But password safety doesn’t have to be so hard. Here are some essential tips for creating bulletproof passwords.
Every year surveys find that the most popular passwords are as simple as “1234567” and just “password.” This is great news for the cybercrooks, but really bad news for the safety of our personal and financial information.
When it comes to creating strong passwords, length and complexity matter because it makes them harder to guess, and harder to crack if the cybercriminal is using an algorithm to quickly process combinations. The alarming truth is that passwords that are just 7 characters long take less than a third of a second to crack using these “brute force attack” algorithms.
Tricks:
Passwords that include bits of personal information, such as your name, address, or pet’s name, make them easier to guess. This is especially true when we share a lot of personal information online. But you can use personal preferences that aren’t well known to create strong passphrases.
Tricks:
If you reuse passwords and someone guesses a password for one account, they can potentially use it to get into others. This practice has gotten even riskier over the last several years, due to the high number of corporate data breaches. With just one hack, cybercriminals can get their hands on thousands of passwords, which they can then use to try to access multiple accounts.
Tricks:
If just the thought of creating and managing complex passwords has you overwhelmed, outsource the work to a password manager! These are software programs that can create random and complex passwords for each of your accounts, and store them securely. This means you don’t have to remember your passwords – you can simply rely on the password manager to enter them when needed.
Tricks:
Now that you’ve made sure that your passwords are bulletproof, make sure you have comprehensive security software that can protect you from a wide variety of threats.
Tricks:
The post 5 Tips For Creating Bulletproof Passwords appeared first on McAfee Blog.
So is your smart speaker really listening in on your conversations?
That’s the crux of a popular privacy topic. Namely, are we giving up some of our privacy in exchange for the convenience of a smart speaker that does our bidding with the sound of our voice? After all, you’re using it to do everything from search for music, order online, and control the lights and temperature in your home.
What is your smart speaker really hearing—and recording?
Let’s take a look at what’s going on inside of your smart speaker, how it processes your requests, and what companies do with the recordings and transcripts of your voice.
More or less, smart speakers are listening to all the time. Each smart speaker has its own “wake word” that it listens for, like Alexa, Siri, or Google. When the device hears that wake word or thinks it hears it, it begins recording and awaits your verbal commands. Unless you have the microphone or listening feature turned off, your device indeed actively listens for that wake word all the time.
Here’s where things get interesting, though. There’s a difference between “listening” and “recording.” The act of listening is passive. Your smart speaker is waiting to hear its name. That’s it. Once it does hear its name, it begins recording for a few seconds to record your command. From there, your spoken command goes into the company’s cloud for processing by way of an encrypted connection.
There are exceptions to when your command may go to the company’s cloud for processing, like Siri on iPhones, which according to Apple, “You don’t sign in with your Apple ID to use Siri, and the audio of your requests is processed entirely on your iPhone.” Also, Google Assistant may process some requests without going to the cloud, like “When a user triggers a smart home Action that has a local fulfillment path, Assistant sends the EXECUTE intent or QUERY intent to the Google Home or Google Nest device rather than the cloud fulfillment.”
In the cases where information does go to the cloud, processing entails a few things. First, it makes sure that the wake word was heard. If it’s determined that the wake word was indeed spoken (or something close enough to it—more on that in a minute), the speaker follows through on the request or command. Depending on your settings, that activity may get stored in your account history, whether as a voice recording, transcript, or both. If the wake word was not detected, processing ends at that point.
Enter the issue of mistaken wake words. While language models and processing technologies used by smart speakers are constantly evolving, there are occasions where a smart speaker acts as if a wake word was heard when it simply wasn’t said. Several studies on the topic have been published in recent years. In the case of research from Northeastern University, it was found that dialogue from popular television shows could be interpreted as wake words that trigger recording. For example, their findings cite:
“We then looked at other shows with a similarly high dialogue density (such as Gilmore Girls and The Office) and found that they also have a high number of activations, which suggests that the number of activations is at least in part related to the density of dialogue. However, we have also noticed that if we consider just the amount of dialogue (in a number of words), Narcos is the one that triggers the most activations, even if it has the lowest dialogue density.”
Of interest is not just the volume of dialogue, but the pronunciation of the dialogue:
“We investigated the actual dialogue that produced Narcos‘ activations and we have seen that it was mostly Spanish dialogue and poorly pronounced English dialogue. This suggests that, in general, words that are not pronounced clearly may lead to more unwanted activations.”
Research such as this suggests that smart speakers at the time had room for improvement when it comes to properly detect wake words, thus leading to parts of conversation being recorded without the owner intending it. If you own a smart speaker, I wouldn’t be too surprised to hear that you’ve had some issues like that from time to time yourself.
As mentioned above, the makers of smart speakers make constant improvements to their devices and services, which may include the review of commands from users to make sure they are interpreted correctly. There are typically two types of review—machine and human. As the names suggest, a machine review is a digital analysis and human reviews entail someone listening to and evaluating a recorded command or reading and evaluating a transcript of a written command.
However, several manufacturers let you exercise some control over that. In fact, you’ll find that they post a fair share of articles about this collection and review process, along with your choices for opting in or out as you wish:
The quickest way to ensure a more private experience with your smart speaker is to disable listening—or turn it off entirely. Depending on the device, you may be able to do this with the push of a button, a voice command, or some combination of the two. This will keep the device from listening for its wake word. Likewise, this makes your smart speaker unresponsive to voice commands until you enable them again. This approach works well if you decide there are certain stretches of the day where your smart speaker doesn’t need to be on call.
Yet let’s face it, the whole idea of a smart speaker is to have it on and ready to take your requests. For those stretches where you leave it on, there’s another step you can take to shore up your privacy.
In addition to making sure you’re opted out of the review process mentioned above, you can also delete your recordings associated with your voice commands.
Managing your voice history like this gives you yet one more way you can take control of your privacy. In many ways, it’s like deleting your search history from your browser. And when you consider just how much activity and how many queries your smart speaker may see over the course of days, weeks, and months, you can imagine just how much information that captures about you and your family. Some of it is undoubtedly personal. Deleting that history can help protect your privacy in the event that information ever gets breached or somehow ends up in the hands of a bad actor.
Lastly, above and beyond these privacy tips for your smart speakers, comprehensive online protection will help you look out for your privacy overall. In the case of ours, we provide a full range of privacy and device protection, along with identity theft protection that includes $1M identity theft coverage, identity monitoring, and identity restoration assistance from recovery pros—and antivirus too, of course. Together, they can make your time spent online far more secure.
You’re the smart one in this relationship
With privacy becoming an increasingly hot topic (rightfully so!), several companies have been taking steps to make the process of managing yours easier and a more prevalent part of their digital experience. As you can see, there are several ways you can take charge of how your smart speaker uses, and doesn’t use, your voice.
It used to be that many of these settings were tucked away deep in menus, rather than something companies would tout on web pages dedicated to privacy. So as far as smart speakers go, the information is out there, and I hope this article helps make the experience with yours more private and secure.
The post Smarter Homes & Gardens: Smart Speaker Privacy appeared first on McAfee Blog.
As an avid internet surfer, you’ve most likely heard of cookies. No, we’re not talking about the ones filled with chocolate chips. We’re talking about the ones that allow you to log in to your favorite websites. Cookies may impact your online security, so check out these tips to manage them and keep your online accounts safe.
Ever wonder how a website saves the items you placed in your shopping cart last week, even though you closed the tab before making the purchase? This is made possible by cookies. According to the Federal Trade Commission, a cookie is information saved by your web browser. When you visit a website, the site may place a cookie on your web browser so it can recognize your device in the future. If you return to that site later, it can read that cookie to remember you from your last visit, keeping track of your activities over time.1
Cookies come in either the first-party or third-party variety. There’s no difference between the two in how they function, but rather in where and how you encountered them. First-party cookies belong to sites you visited first-hand in your browser. Third-party cookies, or “tracking cookies,” generally come from third-party advertising websites.
Although cookies generally function the same, there are technically two different types of cookies. Magic cookies refer to packets of information that are sent and received without changes. Historically, this would be used to log in to a computer database system, such as an internal business network. This concept predates the modern cookie we use today.
HTTP cookies are a repurposed version of the magic cookie built for internet browsing and managing online experiences. HTTP cookies help web developers give you more personalized, convenient website experiences. They allow sites to remember you, your website logins, and shopping carts so you can pick back up where you left off from your last visit. However, cybercriminals can manipulate HTTP cookies to spy on your online activity and steal your personal information.
Cookie hijacking (also known as session hijacking) is typically initiated when a cybercriminal sends you a fake login page. If you click the fake link, the thief can steal the cookie and capture anything you type while on the fraudulent website. Like a phishing attack, cookie hijacking allows a cybercriminal to steal personal information like usernames, passwords, and other important data held within the cookie. If you enter your information while on the fake website, the criminal can then put that cookie in their browser and impersonate you online. They may even change your credentials, locking you out of your account.
Sometimes, criminals initiate cookie hijacking attacks without a fake link. If you’re browsing on an unsecured, public Wi-Fi connection, hackers can easily steal your data that’s traveling through the connection. This can happen even if the site is secure and your username and password are encrypted.
Because the data in cookies doesn’t change, cookies themselves aren’t harmful. They can’t infect computers with viruses or malware. But if your cookies are hijacked as part of a cyberattack, a criminal could gain access to your browsing history and use cookies as the key to enter your locked accounts. For example, a hacker may steal your identity or confidential company information, purchase items in your online shopping carts, or loot your bank account.
Preventing cookie hijacking attacks can allow you to browse the internet with greater peace of mind. Follow these tips to not only safeguard your personal information but to also enhance your browsing experience:
Make it a habit to clear your cookie cache regularly to prevent cookie overload, which could slow your search speeds. Also, almost every browser has the option to enable/disable cookies on your computer. So if you don’t want them at all, your browser’s support section can walk you through how to disable them.
Although it’s convenient to not have to re-type your credentials into a website you frequently visit, autofill features could make it easier for a criminal to extract your data with cookie hijacking. Plus, autofill is risky if your physical device falls into the wrong hands. To browse more securely without having to constantly reenter your passwords, use a password manager like McAfee True Key. True Key makes it so you only have to remember one master password, and it encrypts the rest in a vault protected by one of the most secure encryption algorithms available.
Strong, unique passwords for each of your accounts, updated regularly, offer ample protection against hackers. Multi-factor authentication (MFA) adds yet another layer of security by double-checking your identity beyond your username and password, usually with a texted or emailed code. When your accounts offer MFA, always opt in.
Criminals can hijack your cookies if you’re browsing on an unsecured, public Wi-Fi connection. To prevent a criminal from swiping your data, use a virtual private network (VPN), a service that protects your data and privacy online. A VPN creates an encrypted tunnel that makes you anonymous by masking your IP address while connecting to public Wi-Fi hotspots. This is a great way to shield your information from online spies while you’re banking, shopping, or handling any kind of sensitive information online.
McAfee LiveSafe is an antivirus solution that protects your computer and mobile devices from suspicious web cookies by:
The post What Are Browser Cookies and How Do I Manage Them? appeared first on McAfee Blog.
Outfitting your smart home could get a whole lot easier this year.
A new industry standard called Matter aims to remove a big barrier in smart home technology, one that makes different smart home devices compatible with any smart home platform—something that wasn’t possible until now.
For years, different smart home devices have run on several different competing platforms, such as Amazon Alexa, Apple HomeKit, Google Assistant, or Samsung SmartThings. And put plainly, those different platforms didn’t work with each other. And that was unfortunate. After all, the vision for the smart home was to run everything from lights, appliances, doorbell cameras, and all kinds of connected things in your home from a central set of controls, regardless of device manufacturer or platform.
But that hasn’t been the case, and this lack of compatibility created some headaches for homeowners. They’ve had to choose between one smart home platform over another and then only use smart devices built for that platform. For example, if you’re running a bunch of devices on Apple HomeKit and find a great deal on a new Samsung smart refrigerator with Alexa built-in, you’re pretty much out of luck if you want those devices to all work together as one in your smart home. The result is that consumers have had to check the fine print to see what’s compatible with what when shopping for smart devices. Again, a real headache.
Matter aims to take care of that. It’s hailed as a unifying technology that will make all those devices work together. Right now, the first wave of Matter-enabled devices is on track for a mid-year launch, which means we may finally see that vision of a smart home come true—a place where all your connected stuff works together with just the sound of your voice or a tap on your phone.
With that, let’s take a closer look at the new Matter protocol and what it offers, along with a look at security and privacy for smart home devices in general.
Without getting too technical about it, Matter is designed to create a more energy-efficient, secure, and reliable network for your smart home devices. Additionally, it’s designed to run independently of your internet connection, so if your internet goes out, you can still control your smart devices locally—from the app or device of your choice.
The tech industry looks like they’re very much on board. Matter is led by the Connectivity Standards Alliance, a body of more than 200 technology companies working together to create this new standard. And if you’re wondering Amazon, Apple, Google, and Samsung are among the many members of this alliance. If the launch goes as planned, you can expect to see Matter-enabled devices and the Matter logo on several new products by the middle of the year.
Additionally, several companies have announced that they will provide an upgrade path for existing products so that their existing customers don’t have to scrap their current smart home devices to take advantage of Matter.
In all, the idea is exciting. What remains to be seen is how security and privacy matters are handled, not only by the network but by the devices on it.
As far as security goes, Matter uses a combination of encryption and blockchain technology to secure transmitted data and ensure that only the devices you trust can use the network. Considering that you may be heating your home, warming up your oven, or even locking your front door, security features like these only make sense.
Yet looking beyond Matter and thinking about connected homes more broadly, there are a few question marks when it comes to privacy.
Imagine for a moment what a highly connected home might look like—and all the data those connections will generate. That data will show what time of day your front door tends to unlock and lock when family members go to and from work, school, or what have you. It’ll also show when you tend to turn on your lights, cook your dinner, or turn on the house alarm for the night.
Over time, all this data can piece together a picture of your comings and goings during a typical week. Shy of a bad actor physically casing out your home over several days, data like this simply hasn’t existed until the age of the connected home. If that data goes unprotected or if the devices creating it don’t give you some control over it, the privacy risks will run high.
Moreover, data privacy policies come into play here as well. As consumers like us are very much aware these days, not every company treats your data the same way. Some companies have different policies around what data they may collect and then what they do with that data—like cloud sites for other smart devices, government agencies, insurance companies, law enforcement, data aggregators, data banks, social media sites, and others according to findings published by some industry groups. In a smart home that’s kitted out with devices from five, seven, or even more different manufacturers, that are multiple privacy policies in play—each of which may view and treat your private data in their own way. That’s potentially volumes of your data circulating out there, potentially in ways you aren’t aware of or that give you any control over its use.
Of course, the issue of data privacy is nothing new and certainly not specific to smart devices. Already, the dozens of different apps and services we use as we go about our day have their own data privacy policies as well. Devices in a smart home only add to that mix, which is worth considering in our already highly connected lives.
As I write this, Matter has yet to be released. Yet if you already have some smart devices in your home, you may be wondering how to make your connected home safer. Let’s take a look at a few of the things you can do to protect your smart devices and the home network they’re running on.
Many smart home devices use a smartphone as a sort of remote control, not to mention as a place for gathering, storing, and sharing data. So whether you’re an Android owner or iOS owner, protect your smartphone so you can protect the things it accesses and controls—and the data stored on it too.
Early on when the first sets of smart home devices rolled out, some found themselves open to attack because they come with a default username and password, which hackers often publish on the internet as part of massive listings. (Baby monitors are a classic example.) And it remains an issue today. When you purchase any IoT device, set a fresh password using a strong method of password creation. Likewise, create an entirely new username for additional protection as well.
Another device that needs good password protection is your internet router. Make sure you use a strong and unique password there as well to help prevent hackers from breaking into your home network. (A password manager as part of comprehensive online protection can help.) Also, consider changing the same of your home network so that it doesn’t personally identify you. (I’ve seen some fun alternatives to using your name or address, everything from movie lines like “May the Wi-Fi be with you” to old sitcom references like “Central Perk.”) Also check that your router is using an encryption method, like WPA2, which will keep your signal secure. If you haven’t done this sort of thing before, check the documentation that came with your router or with the internet provider if you rent or purchased it from them.
Online banks, shops, and other services commonly offer multi-factor authentication to help protect your accounts—with the typical combination of your username, password, and a security code sent to another device you own (often a mobile phone). If your IoT device supports multi-factor authentication, consider using it there too. It throws a big barrier in the way hackers simply try and force their way in with a password/username combination, which will make your device tougher to crack.
In addition to fixing the odd bug or adding the occasional new feature, app and device updates often address security gaps. Out-of-date apps and devices may have flaws that hackers can exploit, so regular updating is a must from a security standpoint. If you can set your smart home apps and devices to receive automatic updates, even better.
Smart homes show plenty of promise. Seeing a new and broadly adopted industry standard like Matter on the horizon may make them even more promising. Ideally, Matter will make it easier for people to bring more smart devices in their homes, and in a way that’s reliable and secure. Moreover, there are steps you can take now to help keep your smart home devices, and smart home in general, more secure as well.
Yet when it comes to thinking about a home full of smart devices, questions around privacy remain. Smart home devices offered by different manufacturers will have different privacy policies and thus use people’s data in different ways, which puts consumers like us in a position to understand the terms, conditions, and implications of each one. Yet with data privacy being such a hot topic for consumers, the industry, and regulators already, it remains to be seen what consumer-friendly standards are set for data collection in the years to come—both in and out of the smart home.
The post Smarter Homes & Gardens: Protecting the Smart Devices in Your Home appeared first on McAfee Blog.
If you’re thinking about crypto, one of the first things you’ll want to do is get yourself a good wallet.
Topping the several important things a new cryptocurrency investor needs to think about is security. Rightfully so. Cryptocurrency is indeed subject to all kinds of fraud, theft, and phishing attacks, just like the credentials and accounts we keep online.
But here’s the catch. Lost or stolen cryptocurrency is terrifically difficult to recover. By and large, it doesn’t enjoy the same protections and regulations as traditional currency and financial transactions. For example, you can always call your bank or credit card company to report theft or contest a fraudulent charge. Not the case with crypto. With that, you’ll absolutely need a safe place to secure it. Likewise, in the U.S. many banks are FDIC insured, which protects depositors if the bank fails. Again, not so with crypto.
So, when it comes to cryptocurrency, security is everything.
Cryptocurrency theft offers hackers an immediate payoff. It’s altogether different from, say, hacking the database of a Fortune 500 company. With a data breach, a hacker may round up armloads of personal data and information, yet it takes additional steps for them to translate those stolen records into money. With cryptocurrency theft, the dollars shift from the victim to the crook in milliseconds. It’s like digital pickpocketing. As you can guess, that makes cryptocurrency a big target.
And that’s where your wallet will come in, a place where you store the digital credentials associated with the cryptocurrency you own. The issue is doing it securely. Let’s take a look at the different wallets out there and then talk about how you can secure them.
Broadly, there are two general categories of wallets. First, let’s look at what these wallets store.
A wallet contains public and private “keys” that are used to conduct transactions. The public key often takes the form of an address, one that anyone can see and then use to send cryptocurrency. The private key is exactly that. Highly complex and taking many forms that range from multi-word phrases to strings of code, it’s your unique key that proves your ownership of your cryptocurrency and that allows you to spend and send crypto. Needless to say, never share your private key.
With that, there are two ways to store your keys—in a hot wallet or a cold wallet.
Hot Wallets:
|
Cold Wallets:
|
As you can see, the benefit of a hot wallet is that you can load it up with cryptocurrency, ready for spending. However, it’s the riskiest place to store cryptocurrency because it’s connected to the internet, making it a target for hacks and attacks.
In addition to that, a hot wallet is connected to a cryptocurrency exchange, which makes the transfer of cryptocurrencies possible. The issue with that is all cryptocurrency exchanges are not created equal, particularly when it comes to security. Some of the lesser-established exchanges may not utilize strong protocols, likely making a target for attack. Even the more established and trusted exchanges have fallen victim to attacks—where crooks have walked away with millions or even hundreds of millions of dollars.
While the funds in cold wallets are far less liquid, they’re far more secure because they’re not connected to the internet. In this way, cold wallets are more vault-like and suitable for long-term storage of larger sums of funds. But cold wallets place a great deal of responsibility on the holder. They must be stored in a physically secure place, and be backed up, because if you lose that one device or printout that contains your cryptocurrency info, you lose the cryptocurrency altogether. Within the cold wallet category, there are a few different types:
Several manufacturers make storage devices specifically designed to store cryptocurrency, complete with specific features for security, durability, and compatibility with many (yet not always all) of the different cryptocurrencies on the market. An online search will turn up several options, so doing your homework here will be very important—such as which devices have the best track record for security, which devices are the most reliable overall, and which ones are compatible with the crypto you wish to keep.
Storing cryptocurrency information on a computer or laptop that’s disconnected from the internet (also known as “air-gapped”) is a storage method that’s been in place for some time. However, because computers and laptops are complex devices, they may be less secure than a simpler, purpose-built cryptocurrency device. In short, there are more ways to compromise a computer or laptop with malware that a determined hacker can use to steal information in some rather surprising ways. (Like noise from a compromised computer fan passing information in a sort of Morse Code or generating electromagnetic signals on a compromised computer that nearby devices can use to skim information.)
Ah, good old paper. Write down a code and keep it secure. Simple, right? In truth, creating a paper wallet can be one of the most involved methods of all the cold storage options out there. Bitcoin offers a step-by-step walkthrough of the process that you can see for yourself. Once done, though, you’ll have a piece of paper with a public address for loading cryptocurrency into your paper cold wallet, along with a private key. One note: Bitcoin and others recommend never reusing a paper cold wallet once it’s connected to a hot wallet. You should go through the process of creating a new cold paper wallet each time.
Physical coins are a special case and are relatively new on the scene. They’re a physical coin minted with a tamper-resistant sticker that indicates the actual value of the coin. Like other methods of cold wallet storage, this calls for keeping it in a safe place, because it’s pretty much like a wad of cash. And like cash, if it’s stolen, it’s gone for good. Also note that a cryptocurrency holder must work with a third party to mint and deliver the coin, which has its own costs and risks involved.
With that look at wallets, let’s see what it takes to secure them. It may seem like there’s plenty to do here. That’s because there is, which goes to show just how much responsibility falls on the shoulders of the cryptocurrency holder. Of course, this is your money we’re talking about, so let’s dive into the details.
Whatever form your storage takes, back it up. And back it up again. Cryptocurrency holders should make multiple copies just in case one is lost, destroyed, or otherwise inaccessible. For example, one story that’s made the rounds is of a IT engineer in the UK who accidentally threw away an old hard drive with his cryptocurrency key on it, one that held 7,500 bitcoins, worth millions of dollars. Redundancy is key. Back up the entire wallet right away and then often after that.
With redundant backups in place, store them in places that are physically secure. It’s not uncommon for crypto holders to use fireproof safes and safe deposit boxes at banks for this purpose, which only highlights the earlier point that a wallet is as good as cash in many ways.
This will help prevent malware from stealing crypto, whether or not your device is connected to the internet. Comprehensive online protection software will give you plenty of other benefits as well, including identity theft monitoring and strong password management, two things that can help you protect your investments, and yourself, even further.
Updates often address security issues, ones that hackers will of course try to exploit. Keep everything current and set automatic updates wherever they are available so that you have the latest and greatest.
Just as your bank and other financial accounts offer MFA, do the same here with your crypto. Some extra security-conscious crypto investors will purchase a device for this specific purpose for yet greater protection, such as a separate phone with texting capability. This keeps their crypto transactions separate from the multitude of other things they do on their everyday smartphone, effectively putting up a wall between these two different digital worlds.
Two things fall under this category. One, the less you say about the crypto investments you make, the less word gets around, which can help keep hackers out of the loop. Particularly on social media! Two, consider setting up a unique email account that you only use for crypto. The less you associate your crypto accounts with other financial accounts like your banking and online payment apps, the more difficult it is to compromise several accounts in one fell swoop.
Just like hackers send phishing emails with an eye on accessing your bank accounts, credit cards, and so on, they’ll do much the same to get at your crypto accounts. The target may be different, that being your crypto, but the attack is very much the same. An email will direct you to a hacker’s website, using some sort of phony pretense, get-rich-quick-scheme, or scare tactic. Once there, they’ll ask for private key information and then simply steal the funds. And it’s not just email. Hackers have used online ads to phish for victims as well.
As you can see, these security measures rely almost exclusively on you. If something happens to you, that could make recovering your funds a real problem. Consider reaching out to someone you trust and let them know where you’re storing your wallets and information. That way, you’ll have some assistance ready in the event of an emergency or issue.
The very things that define cryptocurrency—the anonymity of ownership, the lack of banking institutions, the light or non-existent regulation—all have major security implications. Add in the fact that you’re your own safety net here and it’s easy to see that crypto is something that requires plenty of planning and careful through before diving into. Getting knowledgeable about security, how you’ll protect your crypto, should absolutely top your list before investing.
The post Cold Wallets, Hot Wallets: The Basics of Storing Your Crypto Securely appeared first on McAfee Blog.
As a gamer, you love the stuff you’ve racked up over the years—that rare Fortnite skin from six seasons ago, a complete set of Tier 20 armor in World of Warcraft, or a Steam account loaded with your favorite titles. Hackers love it too. Because they can make money off it.
Hackers have been stealing and reselling online gaming accounts for some time now. Yet the recent 400 percent rise in online gaming theft shouldn’t come as a surprise, particularly as so many of us turned to games for entertainment lately. As people leveled up, gathered loot, and filled their libraries with games in the cloud, hackers saw the opportunity.
The opportunity is this: gaming accounts have a street value. The virtual items and perks we acquire through gaming take time, effort, participation, and sometimes just good luck to build up. In a way, we’ve worked hard to earn our fun. Meanwhile, others out there are willing to take a shortcut. There are those who’ll pay for a well-stocked gaming account that someone else has built up, and hackers are more than willing to hijack accounts from innocent victims and sell them online.
Put simply, the virtual goods in your gaming accounts are like any other good. They have value. And just like anything else you value, they’re worth protecting. That’s exactly what we’ll help you do here.
First up, let’s take a quick look at the different ways digital goods get moved and sold out there—just to get a sense of the marketplaces that have cropped up around gaming and where hackers fit into the mix.
And there are several. Over the years we’ve seen all kinds of gaming marketplaces crop up, whether they’re sanctioned marketplaces built inside of online games, gray marketplaces that exist outside of games, and dark marketplaces where stolen accounts and goods are exchanged.
As a gamer, you’re likely familiar with any number of sanctioned auction houses and marketplaces that are built right into online games, all designed and supported by the game’s developers. A classic example is the long-running auction house in World of Warcraft where players can buy and sell items with in-game currency, the World of Warcraft gold piece. And as marketplaces can go, the rarer and more coveted the item, the higher the price the seller can get for it. In fact, there are plenty of articles on how to play the markets for profit, in a quasi-stock market-like fashion, and all within the legitimate boundaries of the game.
In recent years, we’ve also seen the rise of in-game currencies that players can purchase for cash, again by design and with the support of the developer. A couple of examples are the World of Warcraft Tokens and Minecraft tokens and coins. What you can do with such tokens and coins varies from game to game, yet players can use them to acquire in-game currency, items, or paid to play time.
Increasingly common are in-game stores that allow players to purchase items and perks with cash, just like any other online store. Taken together with all the other ways a player can round up items in a game, it’s easy to see how a gamer’s account can grow into something somewhat unique and valuable over time, simply by playing and participating in the game.
With the time it takes for a player to level up a powerful character and acquire the items that can come along with it, there are out-of-game organizations that will, for a fee, do that work for a player in return for payment. Essentially it involves a player starting a gaming account, rolling up a character, and then handing over the account to a “booster” who will play the game on the owner’s behalf. When the agreed-upon level is reached, the booster hands back the character to the owner.
Of course, there are all kinds of potential problems with this. Strictly from a security standpoint, this means an account owner is handing over their credentials to a stranger, with no real guarantee that this stranger simply won’t change the account password, never hand back the account, and simply walk away with any funds that may have been paid upfront.
Further, “boosting” and other similar services may be against the user agreement the player signed when joining up for the game. For example, World of Warcraft recently updated its policy, stating that they now,
[P]rohibit organizations who offer boosting, matchmaking, escrow, or other non-traditional services, including those offered for gold. World of Warcraft accounts found to be in violation of this policy are subject to account actions. These actions can include warnings, account suspensions and, if necessary, permanent closure of the disruptive World of Warcraft account(s).
So while “boosting” services may not be illegal themselves, they can run counter to user agreements and may lead to cases of fraud when a booster service fails to fulfill its commitment or simply locks a player out of their own account.
Then there’s the theft and resale of online game accounts, clear examples of digital goods illegally changing hands. Stolen accounts make their way into dark web marketplaces and ads on chat platforms and social media, thanks to hackers who’ve cracked previously legitimate accounts and then packaged them up for sale. In some instances, cybercriminals will sell entire game collections, such as online gaming platform accounts where gamers may have purchased and have access to dozens and dozens of games stored in the cloud.
The method behind this theft is much like a credit card or bank account hack. Often using credentials lifted from a data breach, hackers will take known usernames and passwords and feed them into a credential stuffing application—which can then attempt to access hundreds, even thousands, of accounts through automated login requests.
Given that many users out there use the same passwords across their accounts makes them an easy target for this practice and can reap a large harvest of cracked accounts. From there, the account can be accessed, have its password changed, and then made ready for advertising and sale, where an account can be resold for a few dollars, or for potentially thousands depending on what the account contains.
There’s plenty you can do. A few simple steps on your part can drop some serious roadblocks in the way of a hacker who’s looking to crack your account or target you for a scam.
Each of your accounts should have its own strong, unique password. No repeats. And if you have some sixty-plus accounts across all the shopping, banking, gaming, and forum posting you do, not to mention your apps, that sounds like a lot of work. Because it is. Although it doesn’t have to be. A password manager can do the work for you by creating and storing strong, unique passwords for you.
Data breaches happen all the time now, striking businesses both large and small. If a business or organization where you have an online account gets breached, change your password right away. Related to the above, make sure the passwords across your other accounts are strong and unique. It’s not uncommon for hackers to try breaching passwords in other accounts, all in the hope that the victim is using the same or a similar password on other accounts as well.
Several gaming services offer multi-factor authentication (MFA) as a means of protecting accounts. In addition to requiring a username and password to log in, MFA further verifies account activity by sending a unique code to the email address or text to a device you own, which makes gaining illegal access that much tougher for hackers. Some gaming platforms even support an authentication app, such as the Battle.net Authenticator, offered by Blizzard. In all, the occasional extra clicks required by MFA can really save you some massive headaches by preventing theft. If you have MFA as an option, strongly consider using it.
Phishing attacks have made the jump from email to bogus ads on social media and in search too. In short, a phishing attack involves the hacker posing as a well-known company or organization with the intent of fooling you into providing your username and password. With that, they can drain your account, whether it’s money from your bank account or goods in your gaming account. Spotting phishing attacks can call for a sharp eye nowadays because some hackers can make the phishing emails and sites they use look like the real thing. Comprehensive online protection software will include web protection that can spot bogus links and sites and warn you away from them, even if they look legit.
Spearphishers are a special sort, in that they make more targeted attacks. While a phisher will send out an email blast or attempt to rope in a high volume of victims with an ad, a spearphisher will send a direct message to specific, potential victims. You may have seen or heard of this in massively multiplayer online games where an otherwise unknown player sends a message to another with a link to a website, complete with the promise of loot, in-game currency, or services to level up characters. Ignore and don’t visit that link. Chances are it’s a scammer, or at least someone who may be breaking the game’s user agreement by offering such services.
Whether you’re downloading a mod, an expansion, or a new game itself, go with a reputable online store or source. Hackers will drop malware into all kinds of files and applications, games included. Given that such malware could log keystrokes that steal login info, inject ransomware code to hold your device and data hostage, or simply wreak havoc on your files and things, it can have implications for more than just your gaming accounts and the virtual assets you have with them.
Hackers know there’s good money in gaming accounts. They wouldn’t bother with them otherwise. Realizing that your gaming account has value is the first step to protecting it.
In addition to taking the steps above, consider comprehensive online protection software. It offers defense in breadth and depth, covering everything from device security, privacy, and identity protection. However, if you want an even faster and safer gaming experience, gamer security is worth looking into. In addition to strong security features, it also offers performance-enhancing technologies that prioritize system resources and keep your gameplay going smooth.
In all, keep in mind that gaming accounts are serious business for hackers. Put up your defenses. Then get out and enjoy yourself, knowing that you have made it far, far tougher for them to ruin your fun.
The post Lock Down & Level Up: Protect Your Online Gaming from Hackers appeared first on McAfee Blog.
We’re excited to bring you the latest edition of the McAfee 2022 Consumer Mobile Threat Report. After all, when you know the challenges you face, it’s easier to be confident online. In this blog, we’ll take a closer look at some leading examples of techniques that cybercriminals are using to trick or defraud you via your mobile phone. These examples are some of the more sophisticated attacks, using real logos, quality graphics, and personalized messages. We hope this provides a useful resource for protecting your digital life, mobile devices, and personal information so that you can enjoy a safe life online with your family.
Cybercriminals are upping their game, using personal information and high-quality graphics to make their malware look like legitimate apps or official messages. Because these attacks are successful at defrauding significant numbers of mobile users out of their money and information, more criminals will jump on this approach or expand their malicious campaigns. Let’s take a look at some of the different techniques being used by scammers to fool mobile users.
Mobile smishing (aka phishing text messages) are attacks using personalized greetings in text messages that pretend to be from legitimate organizations to appear more credible. These messages often link to websites with authentic logos, icons, and other graphics, prompting the user to enter personal information or download an app. Users should be extra careful about text messages from unknown sources and should go directly to the organization’s website to validate requests.
Cheating tools and hacking apps are popular ways to get extra capabilities in mobile games. Criminals are exploiting this by promoting game hacking apps that include malicious code on legitimate messaging channels. If installed, the malware steals account credentials for social media and gaming accounts. Gamers should use caution when installing game hacks, especially if they request superuser permissions.
Cryptocurrencies are providing new opportunities for mobile device attacks. The latest ploy is phony apps that promise to mine coins in the cloud for a monthly fee. Fake reviews and a low cost make them sound too good to be true—and they are. These apps just take the money without doing any coin mining. With no actual malicious code, these apps are hard to detect, so users should be suspicious of being promised hundreds or thousands of dollars of crypto coins for just a few dollars a month.
Another attack uses a variety of fake apps with slick graphics to trick users into premium subscriptions. Hundreds of these apps promise features such as mobile games or photo editing and are supported by plenty of fake five-star reviews. When installed, the apps ask for the user’s phone number and verification PIN and use them to sign up for premium text services that direct payments to the criminals. Users should read reviews looking for vague statements, repetitive wording, and a mix of five-star and one-star ratings. For a deeper dive into the scams, be sure to view full report.
While threat tactics continue to change as criminals adapt and respond to detection and enforcement techniques, there are a few steps users should take to limit their exposure and risk.
While some malicious apps do make it through the app store screening process, most of the attack downloads appear to be coming from social media, fake ads, and other unofficial app sources. Before downloading something to your phone, do some quick research about the source and developer. Many of these scams have been flagged by other people.
Many malicious apps get the access they need by asking the user to grant them permission to use unrelated privileges and settings. When installing a new app, take a few moments to read these requests and deny any that seem unnecessary, especially for superuser access and accessibility services.
Developers are actively working to identify and address security issues. Both operating systems and apps should be frequently updated so that they have the latest fixes and security protections.
Cybercriminals often flood their Google Play apps with fake five-star reviews. Many fake or malicious apps only have a mix of five-star and one-star reviews. The five-star ones typically have vague statements and repetitive wording, giving clues that they are submitted by bots. Compare them to the one-star reviews for insight on the app’s real capabilities.
Devices that are behaving unusually may just have a basic tech issue but it can also be a sign of being hacked. Follow up when something is not quite right, check recent changes or contact tech support from the mobile device vendor or security software provider.
Comprehensive security software across all devices, whether they are computers, tablets, or smartphones, continues to be a strong defensive measure to protect your data and privacy from cyber threats.
We hope this report helps you stay on the lookout for these and other mobile threats so you can safely and confidently enjoy your life online.
The post McAfee 2022 Consumer Mobile Threat Report appeared first on McAfee Blog.
The recent WannaCry ransomware attack that infected more than 250,000 computers worldwide was a good reminder to everyone about staying vigilant when it comes to internet safety.
After all, many of us stay connected most of the time, whether it’s on our laptops or mobile devices, giving cybercriminals a wide range of opportunities to go after our personal and financial information, as well as our privacy.
The good news is that safeguarding your internet security, and preventing an attack like WannaCry, can be as simple as keeping your software up-to-date, and taking other preventative measures. The key is knowing which threats to look out for, and when you are taking potential risks.
Let’s start by talking about our mobile devices. Although many of us have been taught to look out for viruses and other threats on our computers, we don’t always realize that our mobile devices are just as vulnerable as our desktops.
The truth is dangerous links and downloads can be easily accessed using mobile browsers and email. And, our devices can open us up to new threats like malicious apps or text messages, designed to steal your information.
And if you think you’re protected from many online threats because you are an Apple user, think again. McAfee Labs found in its latest Quarterly Threat Report that malware exploiting the Mac operating system has grown exponentially.
Another instance where we often don’t realize we’re at risk is when we use technology while travelling or away from home. Connecting to public Wi-Fi networks can be dangerous because many of these networks do not take the necessary steps to protect your data from being accessed by cybercrooks. It’s just as risky to use public or shared computers since the bad guys will sometimes infect them with malware or spyware designed to steal your information.
Our heavy use of social media is another area where we face new threats. Although these sites are made for sharing, we tend to share too much of our private information, opening us up to identity theft, or even harassment. That’s why we need to safely guard information such as our home address, employer, phone number, and email. It’s also wise to change your social media privacy settings to “friends only.” When we open our networks up to people who we don’t know in real life, we also open the door to potential scammers.
These scammers love to distribute phishing attacks on social media and via email and text. Their goal is to trick you into revealing personal or financial information. Take, for instance, the recent “Google Docs” attack, in which scammers sent out fake emails that appeared to come from a trusted source, asking recipients to click on a link to open a Google document, with the hopes of gaining access to their email login and contact information.
Account login information is highly valuable to scammers, since it can potentially allow them to login into or guess your banking passwords, and other crucial financial or identity information. This is a good reason to opt for the highest security settings on all your accounts, such as multi-factor authentication. This security measure asks you to provide an additional piece of information other than your password to verify your identity, such as entering a unique code that is sent to your mobile phone.
There are a lot of threats that we all need to be aware of, but by taking basic precautions and staying vigilant about what you share online you will be much better protected from cybercrime.
Tips to keep you safe:
Looking for more mobile security tips and trends? Be sure to follow @McAfee Home on Twitter, and like us on Facebook.
The post Smart Tips for Staying Safer Online appeared first on McAfee Blog.
I am renowned for getting myself into big messes – particularly in the kitchen when I’m cooking up a storm. And I’m totally fine being alone: chopping, stirring and baking until it’s time to clean up! And that’s when the overwhelm hits – I know I should clean as I cook but I never do! So, what do I do? Rally the troops! Yes siree! There’s nothing like another set of eyes or hands to help one wade through the overwhelm – I’m sure that’s why I had 4 kids!!
Many people tell me that they feel a similar way about their online life. They know they need to be doing more to keep themselves safe, but they are completely overwhelmed at where to start. With so much of our lives lived online, it’s not uncommon for one person to have over a hundred online accounts across multiple devices which makes it very hard to keep track of logins, data breaches, or security software.
And research conducted by McAfee shows that consumers know they need to take steps to protect themselves with 74% of users concerned about keeping information private online and 57% keen to be in more control of their personal information. Not surprisingly, since the pandemic started 47% of online consumers feel unsafe compared to just 29% beforehand.
So, to try and make this very overwhelming task that bit easier, McAfee has developed a new tool that allows you to find your own Protection Score. Think of your Protection Score like your credit score or sleep score except this one is a measure of your security online. The higher the score, the safer you are online. And the best part about the score is that helps users identify exactly where they need to pinpoint their focus to ensure they are as safe as possible online. Think of it as a set of experienced hands to help you wade through the overwhelm.
In less than a minute, the McAfee Protection Score will provide you with a pretty clear understanding of how safe you are online. Participants are given a mark between 0 and 1000 that is based on several factors: whether you have online protection and whether your details have been leaked in a security breach. Now, don’t be alarmed if your score is low because here’s the best bit – you will receive a list of exactly what you need to do to improve it and protect yourself from online threats! Phew – my competitive type A personality wouldn’t have coped if I was unable to fix it!
Let me give you an example, when I signed up, I was alerted to the fact that my email address had been involved in a breach, yes – I’m very human! So, it helped me remedy this by taking me to the appropriate page where I could update my password, and then, bingo, my score (and online safety) improved!!
And just to ensure you remain committed, every time you venture back to the Protection Score page, your results and action plan will be there waiting for you to ensure you stay on track and most importantly, to cut through that overwhelm!
Now, in case you were wondering, McAfee’s Protection Score is a first for the cybersecurity industry but good news – they’ve promised it will continue evolving. They will continue to add more features and opportunities to personalize so you can ensure you are living life to the full online!!
So, if you’re feeling overwhelmed at exactly what you need to do to get your online safety under control then McAfee’s Protection Score is exactly what you need. In less than a minute you’ll be able to get a clear understanding of where your online security sits and a personalized action plan so you can start addressing it right away! How good is that?
Till Next Time,
Alex
The post How To Secure Your Online Life? Find Your Protection Score! appeared first on McAfee Blog.
A-list celebrities and social media influencers are now adding their voices to the roar of other cryptocurrency fans asking you to join them in the investments of the future. It’s impossible to deny the grip cryptocurrencies have on the world today, for better or worse. In some industries, they speed the pace of business and for some, it’s a viable way to make ends meet and set up long-term investments. The cryptocurrency realm has also proven to be vulnerable to cybercriminals. For example, the Wormhole hack leaked $320 million, and cybercriminals have targeted crypto platforms with ransomware and mining app scams.
Whether you’re already in the cryptocurrency game or are thinking about taking the plunge, here’s what you need to know about crypto wallets and tips on how to keep yours safe from cybercriminals.
A cryptocurrency wallet, or crypto wallet, is a software product or a physical device that stores the public and private keys to your cryptocurrency accounts. Keys are strings of numbers and letters that encrypt and decrypt crypto transactions and secure crypto accounts. You can think of public keys as the routing and account numbers that appear at the bottom of paper checks. There’s not much a nefarious character can do with that information, and it’s totally normal to give that information to an acquaintance with whom you’re doing business. Private keys are like your online banking password or debit PIN. Those you must guard very closely because in the wrong hands, your hard-earned bank balance could disappear. A crypto wallet also allows you to transfer funds between crypto types and make transactions.
Here are a few basic types of crypto wallets to help you decide which type is right for you.
A non-custodial wallet means that you are the sole keeper of the keys to your crypto assets. If you forget your password, there’s no “forgot your password?” prompt to let you back in. While not having this safety net is a little nerve wracking, noncustodial wallets are considered the more secure option. You don’t have to worry about a security breach of a major corporation leaking your private key. If you’re responsible and confident that you’re prepared to look after your assets by yourself, this may be the best option for you.
A custodial wallet is a little less secure, but you have a third party helping you log in and manage your crypto accounts. Custodial wallets are often web-based, and the biggest tick in their pro column is that they’re generally very easy to use. While reputable custodial wallets take security very seriously, the threat of a breach is always a possibility, especially as crypto accounts are appealing targets to cybercriminals.
Hardware wallets, also known as cold wallets, are devices you can fit in the palm of your hand. Most models are Bluetooth-enabled devices that look like small remote controls or are flash drives. The device is secured by a PIN that you should never write down or share with anyone else. Also, you should designate a safe and private spot to store your hardware wallet. Similar to a noncustodial wallet, you are solely responsible for keeping track of the device and remembering the PIN. If you lose it, your crypto accounts are locked, and there’s no locksmith to open them for you. As long as you keep track of it, hardware wallets are very secure. Most models are equipped with malware- and virus-proofing security features.
Software wallets are downloaded and internet-connected mobile or desktop apps. They allow you to make transactions on the run, as you can access your crypto accounts from your phone. In that sense, they’re more convenient than hardware wallets. Additionally, software wallets have the same safety net as custodial wallets: if you lose your phone, forget your password, or require login assistance, the maker of the software can help you access your accounts. Software wallets are very secure when you enable their two-factor authentication login settings; however, since they connect to the internet, there’s always a chance a cybercriminal could break-in. Thus, hardware wallets are considered more secure than the software variety.
Check out these tips to ensure your assets are safe and secure in your crypto wallet:
Cryptocurrency value is reaching galactic heights like the spaceships depicted in prime-time ads. Don’t feel pressured to hop aboard the crypto rocket, but if you do decide to jump on, make sure you do your research carefully and make the best decisions for your crypto goals.
The post What Is a Crypto Wallet and How to Keep Your Wallet Secure? appeared first on McAfee Blog.
We’re excited to bring you the latest edition of the McAfee 2022 Consumer Mobile Threat Report. After all, when you know the challenges you face, it’s easier to be confident online. In this blog, we’ll take a closer look at some leading examples of techniques that cybercriminals are using to trick or defraud you via your mobile phone. These examples are some of the more sophisticated attacks, using real logos, quality graphics, and personalized messages. We hope this provides a useful resource for protecting your digital life, mobile devices, and personal information so that you can enjoy a safe life online with your family.
Cybercriminals are upping their game, using personal information and high-quality graphics to make their malware look like legitimate apps or official messages. Because these attacks are successful at defrauding significant numbers of mobile users out of their money and information, more criminals will jump on this approach or expand their malicious campaigns. Let’s take a look at some of the different techniques being used by scammers to fool mobile users.
Mobile smishing (aka phishing text messages) are attacks using personalized greetings in text messages that pretend to be from legitimate organizations to appear more credible. These messages often link to websites with authentic logos, icons, and other graphics, prompting the user to enter personal information or download an app. Users should be extra careful about text messages from unknown sources and should go directly to the organization’s website to validate requests.
Cheating tools and hacking apps are popular ways to get extra capabilities in mobile games. Criminals are exploiting this by promoting game hacking apps that include malicious code on legitimate messaging channels. If installed, the malware steals account credentials for social media and gaming accounts. Gamers should use caution when installing game hacks, especially if they request superuser permissions.
Cryptocurrencies are providing new opportunities for mobile device attacks. The latest ploy is phony apps that promise to mine coins in the cloud for a monthly fee. Fake reviews and a low cost make them sound too good to be true—and they are. These apps just take the money without doing any coin mining. With no actual malicious code, these apps are hard to detect, so users should be suspicious of being promised hundreds or thousands of dollars of crypto coins for just a few dollars a month.
Another attack uses a variety of fake apps with slick graphics to trick users into premium subscriptions. Hundreds of these apps promise features such as mobile games or photo editing and are supported by plenty of fake five-star reviews. When installed, the apps ask for the user’s phone number and verification PIN and use them to sign up for premium text services that direct payments to the criminals. Users should read reviews looking for vague statements, repetitive wording, and a mix of five-star and one-star ratings. For a deeper dive into the scams, be sure to view full report.
While threat tactics continue to change as criminals adapt and respond to detection and enforcement techniques, there are a few steps users should take to limit their exposure and risk.
While some malicious apps do make it through the app store screening process, most of the attack downloads appear to be coming from social media, fake ads, and other unofficial app sources. Before downloading something to your phone, do some quick research about the source and developer. Many of these scams have been flagged by other people.
Many malicious apps get the access they need by asking the user to grant them permission to use unrelated privileges and settings. When installing a new app, take a few moments to read these requests and deny any that seem unnecessary, especially for superuser access and accessibility services.
Developers are actively working to identify and address security issues. Both operating systems and apps should be frequently updated so that they have the latest fixes and security protections.
Cybercriminals often flood their Google Play apps with fake five-star reviews. Many fake or malicious apps only have a mix of five-star and one-star reviews. The five-star ones typically have vague statements and repetitive wording, giving clues that they are submitted by bots. Compare them to the one-star reviews for insight on the app’s real capabilities.
Devices that are behaving unusually may just have a basic tech issue but it can also be a sign of being hacked. Follow up when something is not quite right, check recent changes or contact tech support from the mobile device vendor or security software provider.
Comprehensive security software across all devices, whether they are computers, tablets, or smartphones, continues to be a strong defensive measure to protect your data and privacy from cyber threats.
We hope this report helps you stay on the lookout for these and other mobile threats so you can safely and confidently enjoy your life online.
The post McAfee 2022 Consumer Mobile Threat Report appeared first on McAfee Blog.
For years now, the popularity of online dating has been on the rise—and so have the number of online romance scams that leave people with broken hearts and empty wallets.
According to the U.S. Federal Trade Commission (FTC), the reported costs of online romance scams jumped 50% from 2019 to 2020, to the tune of $304 million. And that’s not entirely because 2020 was a pandemic year. From 2016 to 2020, the volume of reported cases tripled, while reported losses nearly quadrupled. Over that period, online romance scams are not only becoming more common, but they’re also becoming more costly.
Dating and romance scams aren’t limited to online dating apps and sites, they’ll happen on social media and in online games as well. However, the FTC reports that the scam usually starts the same way, typically through an unexpected friend request or a message that comes out of the blue.
With that initial introduction made, a chat begins, and a friendship (or more) blossoms from there. Along the way, the scammer will often rely on a mix of somewhat exotic yet believable storytelling to lure the victim in, often involving their job and where they’re working. Reports say that scammers will talk of being workers on an offshore oil rig, members of the military stationed overseas, doctors working with an international organization, or working in the sort of jobs that would prevent them from otherwise easily meeting up in person.
With the phony relationship established, the scammer starts asking for money. The FTC reports that they’ll ask for money for several bogus reasons, usually revolving around some sort of hardship where they need a “little help” so that they can pay:
The list goes on, yet that’s the general gist. Scammers often employ a story with an intriguing complication that seems just reasonable enough, one where the romance scammer makes it sound like they could really use the victim’s financial help.
People who have filed fraud reports say they’ve paid their scammer in a few typical ways.
One is by wiring money, often through a wire transfer company. The benefit of this route, for the scammer anyway, is that this is as good as forking over cash. Once it’s gone, it’s gone. The victim lacks the protections they have with other payment forms, such as a credit card that allows the holder to cancel or contest a charge.
Another way is through gift cards. Scammers of all stripes, not just romance scammers, like these because they effectively work like cash, whether it’s a gift card for a major online retailer or a chain of brick-and-mortar stores. Like a wire transfer, once that gift card is handed over, the money on it is highly difficult to recover, if at all.
One more common payment is through reloadable debit cards. A scammer may make an initial request for such a card and then make several follow-on requests to load it up again.
In all, a romance scammer will typically look for the easiest payment method that’s the most difficult to contest or reimburse, leaving the victim in a financial lurch once the scam ends.
When it comes to meeting new people online, the FTC suggests the following:
Scammers, although arguably heartless, are still human. They make mistakes. The stories they concoct are just that. Stories. They may jumble their details, get their times and dates all wrong, or simply get caught in an apparent lie. Also, keep in mind that some scammers may be working with several victims at once, which is yet another opportunity for them to get confused and slip up.
As mentioned above, some romance scammers troll social media and reach out through a direct message or friend request. With that, there are three things you can do to cut down your chances of getting caught up with a scammer:
Social media platforms like Facebook, Instagram, and others give you the option of making your profile and posts visible to friends only. Choosing this setting keeps the broader internet from seeing what you’re doing, saying, and posting, which can help protect your privacy and give a romance scammer less information to exploit.
Be critical of the invitations you receive. Out-and-out strangers could be more than a romance scammer, they could be a fake account designed to gather information on users for purposes of cybercrime, or they can be an account designed to spread false information. There are plenty of them too. In fact, in Q3 of 2021 alone, Facebook took action on 1.8 billion fake accounts. Reject such requests.
Security software can protect you from clicking on malicious links that a scammer may send you online, while also steering you clear of other threats like viruses, ransomware, and phishing attacks in general. It can look out for your personal information as well, by protecting your privacy and monitoring your email, SSN, bank accounts, credit cards, and other info that a scammer or identity thief may put to use. With identity theft a rather commonplace occurrence today, security software is really a must.
If you suspect that you’re being scammed, put an end to the relationship and report it, as difficult as that may feel.
Notify the FTC at ReportFraud.ftc.gov for support and next steps to help you recover financially as much as possible. Likewise, notify the social media site, app, or service where the scam occurred as well. In some cases, you may want to file a police report, which we cover in our broader article on identity theft and fraud.
If you sent funds via a gift card, the FTC suggests filing a claim with the company as soon as possible. They offer further advice on filing a claim here, along with a list of contact numbers for gift card brands that scammers commonly use.
Lastly, go easy on yourself. If you find yourself a victim of online dating or romance fraud, know that you won’t be the first or last person to be taken advantage of this way. By reporting your case, you in fact may help others from falling victim too.
The post Phony Valentines: Online Dating Scams and How to Spot Them appeared first on McAfee Blog.
You can feel even more confident that you’ll enjoy life online with us at your side. AV-Comparatives has awarded McAfee as its 2021 Product of the Year.
McAfee makes staying safe simple, and now this endorsement by an independent lab says we protect you best.
Over the course of 2021, AV-Comparatives subjected 17 different online protection products to a series of rigorous tests. Their labs investigated each product’s ability to protect against real-world Internet threats, such as thousands of emerging malicious programs and advanced targeted attacks, along with the ability to provide protection without slowing down the computer.
McAfee topped the field, taking home the award for AV-Comparatives’ Product of the Year thanks to our highest overall scores across the seven different testing periods throughout the year. McAfee further took a Gold Award for the Malware Protection Test, in addition to recognition for its clean, modern, and touch-friendly design and for the way that McAfee Firewall coordinates perfectly with Windows.
“We’re honored by the recognition,” says Chief Technology Officer, Steve Grobman. “The strong reputation that AV-Comparatives carries in the industry cements our place as a leader in online protection.” He goes on to say, “Our work continues. The internet is evolving to be integral to every part of our lives. This creates new opportunities for cybercriminals and drives the evolution of the threat landscape. McAfee is committed to staying one step ahead of these sophisticated threats, ensuring customers can safely utilize the full value of our online world.”
Read the full AV-Comparatives annual report and protect yourself and your family with the year’s top-rated antivirus. Give it a look for yourself with a free 30-day trial of McAfee Total Protection, which includes McAfee’s award-winning anti-malware technology plus identity monitoring, Secure VPN, and safe browsing for an all-in-one online protection.
The post McAfee Wins Product of the Year for Best Online Protection appeared first on McAfee Blog.
Last week, I waved my 18-year-old off as he embarked on the Aussie school leaver’s rite of passage – Schoolies!! A week spent kicking up your heels and living life to the max without any parental supervision at all! Oh, the sleepless nights many of us parents have had! And once Christmas and New Year celebrations are done, he’ll be heading away to University to ‘live his best life’ away from his dedicated cyber mother!
And of course, I’m delighted for him, although secretly devastated to be losing my baby boy. But it does prompt the question, am I now done with cyber parenting? Is my work here officially done?
I remember when my kids were little, my mother shared some words of wisdom with me: ‘Alex, you never stop being a parent. The kids are the same, it’s just the issues that change.’ And she was so right. As our boys have grown up, we’ve been less involved in their day-to-day needs but still very much needed. Whether it’s to help review a work contract, provide advice on an issue with a flatmate or help pick out a suit, the parenting hasn’t stopped instead entered a new chapter. And of course, there’s no doubt that having interested, devoted parents at the end of the telephone – day or night – makes navigating life so much easier!
And when it comes to their digital lives, it’s the same story. While we have no reason to be involved in their day-to-day online lives, we have definitely been called upon to help them troubleshoot situations from receiving inappropriate messages, identifying potential scams or managing terse exchanges. And, might I add, I have also proactively offered my advice on the appropriateness of pictures they have shared online – many times!!
So, after having managed 3 kids through this transition to early adulthood with another one currently underway, I thought I’d share with you some of my best strategies for ensuring their digital life is in good shape without micro-managing them!
Every few days, I’ll check out my boys’ socials. Not only does it give me a ‘feel’ for what’s happening in their lives – where they’ve been and who with – it also allows me to check they are making good decisions about what they share. There have been multiple times during this period where I have sent off a quick text suggesting they remove a photo or perhaps rephrase a comment! And while I know these texts aren’t always warmly received, in nearly all cases, they take my advice!
And it goes without saying that your ability to provide input to their digital lives will only happen if you don’t cross boundaries! So, never embarrass them. If you see something you don’t like, message them privately – do not workshop it on their Facebook page! And if you want to post a pic or video of them, always get their ‘ok’ first.
OK, security software probably won’t be top of their Christmas list, but knowing that they have comprehensive security software like McAfee’s Total Protection on their devices which works hard in the background to minimize threats and issues will give you real peace of mind. This year, I’m buying my older boys an air-fryer and frypans for Christmas. Why not continue the pragmatic theme and invest in some software for them too?
About 4 years ago, I set up a family Messenger Group and it’s now something I absolutely treasure. We share pics of our cats and dog, potential family holiday dates, funny photos, and videos, and relevant news stories – particularly during COVID. But the other thing I like to share is reminders about important ‘tech stuff’, like changing passwords, when to update their Apple software or details about scams that are doing the rounds. Whether it’s Whats App, Telegram, or my personal favorite, Messenger, I strongly recommend establishing a family group chat as an effective way of covering off key issues with your young adult kids.
With potential employers, partners, and even friends using Google to conduct their due diligence on you, digital reputation is everything. So, weaving constant reminders into conversations with your adult kids should still be a priority. Now, of course, some kids will instinctively ‘get this’ but others will need a few pointers. According to a 70% of employers use social media to screen candidates during the hiring process, and about 43% of employers use social media to check on current employees. So, why not encourage them to ‘Google’ themselves – and why not do yourself also? How you present online could mean the difference between being employed or unemployed!
So, if you have a school leaver in your family and you’re not sure whether your job is done, I’m here to confirm that you’ll still be required for a very long time! Whether they know it or not, our big kids will still continue to need a sprinkling of our wisdom and experience for years to come. And even though they may have fled the nest, remember you will always be one of their most influential role models. So, make sure your digital life is in good shape too because as American novelist James Baldwin shares: ‘Children have never been very good at listening to their elders, but they have never failed to imitate them.’
Till next time
Take care
The post So, Your Kids Have Left School. Do You Still Need To Worry About Their Online Safety? appeared first on McAfee Blog.
I think it’s fair to say that come to next Australia Day, there needs to be a special award category for parents of young children who survived home learning during the lockdowns. Let’s be honest – it’s been brutal! So many parents had to juggle their own full-time work, running a household, AND supervising a day’s worth of learning for often, multiple children! Research from Macquarie University showed that many parents spent up to 14 hours a week in their role as home learning managers and 9/10 parents reported the experience as, quite understandably, stressful! As a mum of older teens and young adults – who are usually self-sufficient – I’m in awe!
But the good news is – things are on the improve! Our vaccine rates are amongst the best in the world, so lockdowns have been lifted and, drum roll… kids are back at school! I’ve always been a big fan of trying to find the silver lining of any situation and I think there are many we can take away from our COVID experience, particularly when it comes to digital parenting. I know of so many parents who have completely rethought their approach to managing kids and technology since the pandemic hit because of their home learning experience.
So, in the spirit of sharing and caring, I thought I’d round up some of the best ‘aha’ moments from parents who were forced to become expert home learning managers over multiple lockdowns. And make sure you take notes because there are some great learnings that we can apply to our digital parenting journey.
If you have never been ‘all in’ with your kids’ use of technology for both learning and socializing, then you need to get over this ASAP. Technology is the lifeblood of your kids’ lives. It’s how they connect, nurture friendships, and organize their social lives. I also recommend parents try to see technology through the eyes of their kids NOT just through our more ‘mature’ lens. It’s the best way of truly understanding just what a huge role it plays in their day-to-day lives. And don’t forget that technology is almost always used to set up in-person catchups! So, please don’t demonize it, it will only push your kids away.
I totally appreciate that many parents didn’t choose to be home learning ‘managers’ however many have shared with me how they now feel far more involved in their child’s life because of the experience. Seeing first-hand how your child’s day works, overhearing their conversations with teachers and peers (courtesy of Zoom), and being blown away by your offspring’s tech skills has given many parents incredible insight into their child.
I know of parents who have noticed learning issues and friendship problems all as a result of their home learning manager role! There’s nothing like being able to nip something in the bud before it becomes a big issue! So, stay involved and you’ll reap the rewards!
Confession – I have never been one of those parents who proactively organized park visits, bushwalks, and exercise regimes for my kids. But many of the parents who managed young children through a lockdown and resorted to becoming personal trainers reported that it paid dividends. So, now lockdowns are (hopefully!) history, don’t forget about the benefits of getting your kids to move. It’s hard to be on a screen when you are walking the dog, playing a game of family cricket, or bushwalking. I know it’s time-consuming but it’s so worth it!
As of 2 years ago, the average Aussie household had 17 internet-connected devices in tow so it’s no wonder keeping abreast of all the devices in your household feels like a full-time job! But with kids continuing to use their devices for both study and socializing, it’s essential that you give each device a ‘once over’ to minimize risks and prevent issues arising down the track.
Ensuring all their software is up to date is a great place to start. Also check that the default password has been changed and that there is some top-shelf security software installed to protect the device and, most importantly, its user! And while you are there, why not also ensure that each of their online accounts has its own distinct password? If you think they could manage a password manager, then it might be time to introduce them to one? Check out McAfee’s True Key – I couldn’t manage without it!
I think you’d be hard-pressed to find many parents keen to return to home learning. In fact, I think there may even be a revolt if we had to go back! But, knowing we have picked up some ‘nuggets of gold’ along the way makes it a little feel a little better! So, please embrace technology – it’s a fantastic way of connecting with your kids. But of course, keep your family’s usage in check and minimize the risks by giving each device a once-over.
Happy Digital Parenting!
Alex
The post What We’ve Learnt From Home Learning During Lockdown appeared first on McAfee Blog.
Spyware is tricky. Some types notify users that they’re monitoring activity. Others function in stealth mode and use the information they collect for nefarious purposes. Spyware is a type of software that collects data about online users and reports it to a company or an individual. What just about everyone can agree on is that anonymous browsing is looking more and more appealing and is likely the way of the future.
Here’s more about the types of spyware, which types are legal, and how you can scrub your device and live more confidently online.
Here are a few types of spyware and facts about each:
Is it legal? Definitely not!
What is its purpose? Criminal
Keyloggers are the most intrusive of the spyware variations. It does exactly as its name suggests: It takes note of keyboard strokes, logs them, and reports to the owner of the nefarious software. Once the cybercriminal has digitally looked over your shoulder at your online activity, they make note of your passwords, walk into your online accounts, and pilfer your private personal information. They could use this information to gain entry to your online bank accounts or steal your identity.
Keyloggers are downloaded onto devices (cellphones, tablets, laptops, or desktop computers) without the user’s knowledge. Cybercriminals can hide them within email attachments or in malicious web pages. So, the best way to steer clear of keyloggers is to never download attachments you’re unsure about and don’t visit sites that seem unprofessional. One rule of thumb is to mostly stick to URLs that begin with https and include a lock icon. These sites are almost always secure.
To determine if your device is infected with a keylogger, check your system’s performance. Is your device running slowly? See if there are any spikes in activity or unknown programs running in the background. This could indicate that your device is hosting a malicious program.
Is it legal? Sometimes
What is its purpose? Advertising and criminal
Adware is categorized as a type of spyware. It tracks users’ online activity and spits out targeted pop-up advertisements. If you have the pop-up blocker enabled on your browser, you’ll likely be spared from the annoyance. Additionally, pop-ups can slow your device, so that’s another reason to turn on the pop-up blocking feature. Legitimate adware often asks users to opt into targeted ads.
Adware turns malicious (and illegal) when it contains malware. Sometimes cyber criminals hide malware within pop-ups. It’s easy to accidentally hit a link within a pop-up when you’re aiming quickly for the X to close it.
It’s easy to spot a device with an adware infestation. First, the number of pop-ups will be out of control. Also, the device will crash often, run very slowly, and have a short battery life. An antivirus program will likely be able to identify and remove the culprit. You can also check out your system monitor and end tasks that are draining your device’s power.
Is it legal? Yes
What is its purpose? Advertising
Cookies are delicious, especially to advertisers who use them to better target ads and make profits selling collected user data to third-party companies. Cookies are sometimes categorized as spyware, because they log the websites you visit and report them. You may notice the banners on websites that ask you to accept cookies.
Many users today are uneasy with sharing their online activity with strangers and advertisers. Sometimes the ads that pop up on your social media feed or in sidebars seem a little too targeted and it feels like someone is listening in to your conversations and attempting to make a profit from them.
How to Browse Free of Spyware
To scrub cybercriminals from your devices and confuse advertisers, consider the following steps you can easily add to your daily routine:
The post How to Live a Digital Life Free of Spyware appeared first on McAfee Blog.
What do social media companies really know about you? It’s a fair question. And the quick answer is this: the more you use social media, the more those companies likely know.
The moment you examine the question more closely, the answer takes on greater depth. Consider how much we use social media for things other than connecting with friends. While that was the original intent behind social networks, the role of social media has since evolved into something far more expansive. We use it to get our news, stay up to date on when artists will drop a new release, and sometimes reach out for customer service on a company’s social media page. In some cases, we use our social media accounts to log into other sites and apps or we even make payments through social media.
Taken together, all of those likes, taps, clicks, links, and time spent reading or watching videos can add up and paint a detailed picture of who you are.
Why are they collecting all this information? Largely, it’s for two reasons:
1. To make improvements to their platform, by better understanding your behavior and ways you like to use their service.
2. To create an exacting user profile that advertisers can use for targeting ads that they think will interest you.
That’s the exchange in play here. You use the company’s social media service for free, and in return, they gain rights to gather specific information about you, which you consent to by agreeing to their terms of service.
Let’s get into the details of what social media companies may collect and know about you—along with ways you can limit the data and information they gather.
Different social media platforms have different user agreements that cover what types of information they collect and use. For starters, we’ll speak broadly about social media companies in general, and then we’ll weave in a few specific examples along the way. Generally, they may know:
We collect information about how you use our Products, such as the types of content you view or engage with; the features you use; the actions you take; the people or accounts you interact with; and the time, frequency and duration of your activities.
When you communicate with others by sending or receiving Direct Messages, we will store and process your communications and information related to them. This includes link scanning for malicious content, link shortening to http://t.co URLs, detection of spam, abuse and prohibited images, and use of reported issues. We also use information about whom you have communicated with and when (but not the content of those communications) to better understand the use of our services, to protect the safety and integrity of our platform, and to show more relevant content.
If you use our Products for purchases or other financial transactions (such as when you make a purchase in a game or make a donation), we collect information about the purchase or transaction. This includes payment information, such as your credit or debit card number and other card information; other account and authentication information; and billing, shipping and contact details.
By the way, none of this is secret. What I’ve listed here can be found by simply reading the terms of use posted by various social media companies. Note that these terms of use can and do change. Checking up on them regularly will help you understand what is being collected and how it may be used.
This nearly goes without saying, yet another layer of data and information collection comes by way of the pictures and updates you post. Per Instagram (as of October 2021):
We collect the content, communications and other information you provide when you use our Products, including when you sign up for an account, create or share content, and message or communicate with others. This can include information in or about the content you provide (like metadata), such as the location of a photo or the date a file was created.
Another consideration is how the content you interact with on other sites may be shared with social media companies in return. Some social media companies partner with other third parties to gather this data, which is used to round out your user profile in yet more detail. That information can include purchases you made, how often you visited that third party’s site, and so on.
In the case of Facebook, they refer to this as “Off-Facebook Activity.” In their words:
Off-Facebook activity includes information that businesses and organizations share with us about your interactions with them. Interactions are things like visiting their website or logging into their app with Facebook. Off-Facebook activity does not include customer lists that businesses use to show a unique group of customers relevant ads.
The good news here is that you can take control of the Off-Facebook Activity setting with a few clicks.
No doubt about it, the content you create and interact with, both on the social media sites and sometimes off of them as well, can generate information about you that’s collected by social media companies.
Short of deleting your accounts altogether, there are several things you can do to take control and limit the amount of information you share.
For example, you can visit your Facebook Settings, Instagram Settings, and Twitter Settings, which each gives you options for managing your information—or download it and even delete it from their platform outright if you wish. (Note that this will likely only delete data associated with your account. Content you posted or shared with other people on their accounts will remain.)
As noted above, this isn’t an absolute fix because social media companies can infer your location other ways. Yet taking this step gives them one less piece of exacting information about you.
Each platform will have its own settings and options, so give them a look. Here, you can determine which information advertisers are allowed to use to serve up ads to you, set rules for facial recognition, enable or disable location history, and much more. If possible, do this from your computer or laptop rather than your smartphone. Often, the account controls that you can access from a computer browser are far more comprehensive than the ones in a mobile app.
Using direct messaging on social media platforms may tell social media companies even more about you and who you interact with. When possible, think about using text messaging instead or other means of communication that aren’t tied to a social media company.
Some apps and sites will allow you to use your social media login instead of creating a new one. While convenient, this can provide the social media company with more information about you. Additionally, if your social media account is compromised, it could compromise the other accounts that are tied to it as well. Check your settings and look for “Apps and Websites” to see what’s connected to your social media account, what’s being shared, and how you can disable it.
Protection like ours will include a VPN, which anonymizes your online activity and thus may shield you from certain types of information collection, such as your location. Additionally, using online protection software is simply a good move because it can create and store strong, unique passwords for you, steer you clear of risky sites, protect your identity, and make your time online safer overall.
The very nature of social media is sharing and exchanging. That’s the draw it has—the way it keeps us connected to the people, pastimes, and things we care about. Yet that exchange runs deeper. In return for using these free services, social media companies collect information on us which they use to improve their platforms and generate revenue. It’s all there for you to see in the various terms of use associated with your social media accounts. In short, using social media means sharing information about yourself with social media companies.
Yet you can do several things to reduce the amount of information that social media companies know about you. By spending some time on the account and privacy settings for each of your social media accounts, you can determine what information you’re providing to them and get a much better sense of what social media companies know about you.
The post What Do Social Media Companies Know About You? appeared first on McAfee Blog.
In a world of contact-free pickup and payments, an old hacker’s trick is getting a new look—phony QR code scams.
QR codes have been around for some time. Dating back to industrial use in the 1990s, QR codes pack high volumes of visual information in a relatively compact space. In that way, a QR code shares many similarities with a barcode, yet a QR code can hold more than 300 times the data of a barcode.
With the rise of the smartphone, QR codes have taken on more consumer applications. Especially in the latter days of the pandemic in the form of contact-free conveniences. Now, by pointing your smartphone’s camera at a QR code, you can order food at a restaurant, pay for parking, download coupons from the shelf at your drugstore or several other convenient things.
Yet as it is in places where people, devices, and money meet, hackers are there with a scam ready to go. Enter the QR code scam. By pointing your smartphone’s camera at a bogus QR code and giving it a scan, hackers can lead people to malicious websites and commit other attacks on their phones.
The good news is that there are several ways you can spot these scams, along with several other ways you can avoid them altogether, all so you can get the best out of QR code convenience without the hassle.
In several ways, the QR code scam works much like any other phishing attack. With a few added wrinkles, of course.
Classically, phishing attacks use doctored links that pose as a legitimate website in the hopes you’ll follow them to a hacker’s malicious website. Once there, that site is designed to trick you into providing your personal information, credit card numbers, and so forth, perhaps in the context of a special offer or a phony account alert. Likewise, it could send you to a site that simply infects your device with malware.
It’s much the same with a QR code, yet here’s are a couple of big differences:
Aside from appearing in emails, direct messages, in social media ads, and such, there are plenty of other places phony QR codes can show up. Here are a few that have been making the rounds in particular:
Scanning a QR code may open a notification on your smartphone screen to follow a link. Like other phishing-type scams, hackers will do their best to make that link look legitimate. They may alter a familiar company name so that it looks like it could have come from that company. Also, they may use link shorteners that take otherwise long web addresses and compress them into a short string of characters—the trick there being that you really have no way of knowing where it will send you simply by looking at it.
In this way, there’s more to using QR codes than simply “point and shoot.” A mix of caution and eagle-eyed consideration is called for to spot the legitimate uses from the malicious ones.
Luckily some very basic rules about avoiding QR code attacks. The U.S. Better Business Bureau (BBB) has put together a great list that can help. Their advice is right on the mark, which we’ve paraphrased and added to here:
1. Don’t open links or scan QR codes from strangers. Unsolicited messages with these links or codes could lead you to a scam site or access the functionality of your smartphone in unwanted ways.
2. Some scams will appear to come from legitimate sources. Double-check and see if it indeed is. You can check the official website to confirm, such as by accessing your account or contacting a customer service rep to follow up on the communication sent to you.
3. Try alternative payment methods. If you receive a bill with a QR code for payment, see if there’s another way to pay it—such as on the company’s website or simply through online bill pay to their known, legitimate address. These are less susceptible to fraud. Likewise, check to see if the requested payment is legitimate in the first place.
4. Think twice about following shortened links. As mentioned above, shortened links can be a shortcut to a malicious website. This can particularly be the case with unsolicited communications. And it can still be the case with a friend or family member if their device or account has been hacked.
5. If someone you know sends you a QR code, also confirm before scanning it. Whether you receive a text message from a friend or a message on social media from your workmate, contact that person directly before you scan the QR code to make sure they haven’t been hacked.
6. Watch out for tampering. Hackers have been known to stick their own QR codes over legitimate ones. If you see any sign of altering or placement that looks slapdash, don’t give that code a scan.
7. Install mobile security. Comprehensive online protection software can protect your mobile devices as well as your computers and laptops. In this case, it can detect bad links associated with QR codes and steer you clear of accessing the malicious sites and downloads associated with them.
QR codes have made transactions smoother and accessing helpful content on our phones much quicker, especially in recent months as they’ve seen an uptick in use. And useful as they are like other means of paying or browsing online, keep an eye open when using them. With this advice as a guide, if something doesn’t feel right, keep your smartphone in your pocket and away from that QR code.
The post Be on the Lookout for a New Wave of QR Code Scams appeared first on McAfee Blog.
Take a roll call of all your devices that connect to the internet. These include the obvious ones – laptops, tablets, and your smartphone. But they also include the ones you may not immediately think about, such as routers, smart TVs and thermostats, virtual assistant technology, and connected fitness watches and equipment.
Each of these devices is known as an endpoint to you. To a cybercriminal, they’re an entry point into your online information. It’s important to secure every endpoint so that you can confidently go about your day-to-day without worrying about your security. Here’s the definitive device security checklist to get you on your way confidently and safely.
Laptops and desktops are prime entryways into your online life. Think of all the payment information, passwords, and maybe even tax documents you store on it. The best way to protect the contents of your laptops and desktops is to password-protect your computer with strong passwords or passphrases. Here are a few password and passphrase best practices:
Especially if you work at common spaces like coffee shops, the library, or even your kitchen table, get in the habit of putting your computer to sleep when you step away. Commit the sleep command shortcut to memory to make it less of a hassle. For example, on Mac computers, the keyboard command is command + option + eject, and for Windows, it’s alt + F4.
Speaking of common spaces, whenever you log in from a public Wi-Fi network, always log in with a virtual private network (VPN). A VPN scrambles your data, making it indecipherable to any malicious characters who may be lurking on public networks.
Multifactor authentication is another way to protect your valuable devices and accounts. This means that anyone trying to log in on your device needs to provide at least two forms of identification. Forms of ID could include a text message with a one-time code or a fingerprint or face scan in addition to a correct password.
These two devices are grouped because the security features on them are similar. Just like with computers, put your device to sleep every time you walk away from it. It’s much easier and may already be in your routine to hit the sleep button when you put down your cellphone or tablet.
Always put a passcode on your smartphones and tablets. Choose a collection of numbers that do not have an obvious connection to you, such as important birthdays or parts of your phone number. Even if they’re a random assortment, you’ll get the hang of them quickly. Or to make sure only you can enter your phone, set up a facial or fingerprint ID scan. People have several passwords and account combinations they have to remember. To take the guesswork and trial and error of logging in, consider trusting your passwords to a password manager that can remember them for you!
A great mobile phone and tablet habit you should adopt is backing up your files regularly to the cloud. In the event that you lose your device or if someone steals it, at least it’s valuable — and in some cases, priceless — content is safe. You may be able to remotely “brick” your device to keep a stranger from breaking into your accounts. Bricking a device means remotely wiping a connected device and rendering it unusable.
Your router is the gateway to all the connected devices in your home; thus, it’s key to beef up its security. The best way to do so is to make sure that you customize the router name and password to make it different from the factory settings. Always password-protect your home router! Employing password best practices you use for your online accounts and your devices will prevent strangers from hopping onto your network. Another way to keep your Wi-Fi network out of the hands of strangers is to toggle on the setting to not appear to non-users. While it’s fun seeing the quirky names your neighbors choose for their home networks, it’s best to keep yours completely private.
There have been some unsettling reports about cybercriminals commandeering smart home devices and virtual assistant technology. For example, a cybercriminal hacked a homeowner’s virtual assistant and blasted music through the home’s speakers, and turn the heat up to 90 degrees. The key to securing the connected devices that are responsible for your heating and cooling, shopping lists, and even your home security system is to ensure it is connected to a secure router and protected by a strong password.
Also, keep an eye on software updates, which include security upgrades. If you don’t think you have time to manually update software, set up your devices to automatically update. This will give you peace of mind knowing that you have the latest security patches and bug fixes as soon as they are available.
IoT fitness watches and machines are fun additions to your workout routines. In the case of Peloton bikes, they track your heartbeat and location and offer a huge library of classes. However, cybercriminals may be able to track your workouts if they break their way into your fitness devices. The best way to keep your workouts private is to turn off geolocation and make sure you are up to date with all software releases and protect your accounts with strong passwords.
If you’re looking for a tool to put your mind at ease, consider McAfee Total Protection. It includes antivirus and safe browsing software plus a secure VPN. You can be confident that your personal information is safe, thus allowing you to enjoy the full potential of all your devices.
The post How to Secure All Your Everyday Connected Devices appeared first on McAfee Blog.
The COVID-19 pandemic flipped the world on its head in so many ways. Offices and schools stood empty while living rooms were transformed into classrooms and workspaces. Misinformation ran rampant and made people unsure of what to believe. Cybercriminals took advantage of the confusion and new way of daily life, giving rise to many COVID-19 scams.
Luckily, when armed with the facts, you can sidestep scams and keep your personal information safe from cybercriminals. Here’s a list of the top 10 COVID-19 scams you should keep an eye on plus tips on how to avoid each and help you navigate the current landscape and the future with confidence.
Finally getting your COVID-19 vaccine is an exciting occasion. Many people’s first reaction to exciting news is to share it with their extended networks on social media. There was a trend going around where people were posting pictures of their vaccination cards. Little did they know, vaccination cards hold a trove of valuable information (name, birth dates, vaccination location, and dates) that can be used to create counterfeit vaccination cards.
Additionally, the information on vaccination cards can be paired together with other details from your social media profile to steal your identity. Consider altering the privacy settings on your social media profiles so it is only visible to people you know. If you’d like additional peace of mind that your identity is safe, McAfee Identity Theft Protection Plus provides up to $1 million in identity theft insurance and restoration assistance.
Some of the false claims about COVID-19 circulating on social media are outrageous, such as 5G aiding the spread of the virus and eating garlic as a preventive measure. Cybercriminals might not have been the origin of false claims, but they certainly benefit from the chaos created by misinformation. They capitalize on commonly held fears by swooping in with cure-alls that swindle money from concerned people.
Be a source of truth for your social media following. The Centers for Disease Control and Prevention, the National Health Service, and the World Health Organization can be trusted for up-to-date resources concerning COVID-19, the vaccine, and how to remain healthy.
To firmly and quickly debunk this myth right now: There are no COVID-19 miracle cures. The best way to protect your and your loved one’s health is to receive a CDC-approved vaccination from a medical institution. Any homemade online treatment claiming to cure the disease is a hoax to steal money. Also, healing potions purchased online could be hazardous to your health, as in the case of one fraudulent operation in Florida. A Florida family sold a bleach solution that swindled $1 million and left many people hospitalized.
For the latest news about COVID-19 treatment, preventive measures, and the vaccine, refer to the CDC or WHO.
Various stimulus check scams were swirling around in early 2021. Scammers impersonating government workers contacted citizens by phone, text, and email asking them to verify personal information or to pay fees to receive their checks.
As with other IRS scams, the best way to avoid them is to know how the IRS typically communicates. The IRS will never ask for private personal information over email or over the phone. Never share your Social Security Number over email or the phone. The IRS only gets in touch with people through postal mail or in person.
A new COVID-19 phishing scam is on the rise: proof of vaccination scam. Cybercriminals are sending phishing emails posing as healthcare institutions asking for urgent confirmation of vaccine status. The emails ask for full names, birth dates, Social Security Numbers, and photos of vaccine cards. This scam is dangerous, not only because it asks for sensitive information, but because the request is a believable one. Employers and various other institutions are on the fence about asking people for their vaccine status, and people are unsure to whom they should divulge this information.
Like with other phishing scams, pay close attention to the message and how it’s written. Does it convey urgency and penalties for ignoring it? Phishing emails often use language that causes readers to panic and give up their information quickly without taking the time to determine if the message is real or not. Also, does the email or text have typos and is it poorly written? Never click on links or respond to suspicious emails. Instead, contact the supposed sender through the phone number or email address listed on their official website.
Video conferencing popularity soared as businesses and schools conducted work and learning online. Cybercriminals capitalized on the surge by forcing their way into video conferencing software and spying on meetings and classrooms.
The key to protecting the privacy of your teleconference calls is to always have the most up-to-date software installed. Software upgrades often include security patches. One way to ensure you always have the latest, most secure version installed is to enable automatic updates. Also, be careful about what you share over teleconference. Just in case a cybercriminal is eavesdropping, never say aloud or instant message your Social Security Number or other sensitive personal information. Finally, follow your workplace’s IT team’s cybersecurity policies and use only your company-issued device for work purposes. Company-issued devices often have additional security protections to keep your personal and company information safe from prying eyes.
Unfortunately, many people lost their jobs during the pandemic. Cybercriminals, aware that people without jobs were likely to jump on an employment opportunity due to economic uncertainty, flooded job boards with fake employment ads and sent fraudulent job offer emails. These job scams turned out to be phishing attempts to extract personal and banking details. In some cases, the scammers asked job seekers to wire money for pre-employment training.
If you receive a job offer, make sure that it is for a company you actually applied to. Even though companies are looking to hire people quickly, a reputable institution likely won’t offer a job without interviewing candidates first. Most interviews are happening online, so request a video conference to make sure that the person on the other end of the line is real and has honest intentions. Research the interviewer on professional networking sites to make sure they are who they say they are.
Similar to job scams, the urgency of the real estate market during the pandemic may make people act more impulsively than they would under normal circumstances. The rental and housing markets have been extremely competitive, which is causing people to put deposits down for residences that weren’t even real. Since home tours were moved online due to social distancing requirements, buyers and renters were OK with making a decision based on pictures.
Real estate scams play up the urgency of acting quickly. In their hurry to claim a real estate gem, homebuyers and renters may overlook the most glaring red flag of real estate scams during the pandemic: not viewing the property in person. Additionally, never share your banking information or wire money to someone you have never met in person or cannot verify the accredited real estate agency for which they work.
When a cybercriminal poses as a legitimate organization, it’s more difficult to determine what information to trust. For example, criminals circulated a scam impersonating the CDC that downloaded malware onto users’ devices.
A great tip to thwart cybercriminals hiding behind the name of a credible organization is to always hover your cursor over links in emails and texts. If a link redirects to a URL that looks suspicious, immediately delete the message. A suspicious URL could contain a typo, a variant spelling of the organization its impersonating, or be a string of jumbled letters and numbers. Emails that claim to be from official organizations will often have the organization’s logo somewhere on the message. Check the clarity of the logo and compare it to the organization’s official site. If the logo is blurry or the coloring seems off, that’s a sign that the message is fake.
COVID-19 led to a boom in e-commerce. Shopping that was normally conducted in person moved online, and a pile of packages on the front stoop was a common occurrence. There was a fake delivery notice scam where cybercriminals posed as UPS and Amazon to phish for personal details in order to release a hold on deliveries.
One final phishing avoidance tip is: Consider what the message is asking. Has UPS ever asked for your Social Security Number before? If they had it, what would they use it for? And there’s no reason for Amazon to have your banking information. Don’t let the urgency of the scammer’s message stress you out. A quick phone call with the delivery service in question should solve the problem.
The post Top 10 COVID-19 Scams: How to Stay Protected appeared first on McAfee Blog.
Customers often ask us some version of this question. It’s a good question and in the past, there was no direct answer – only recommendations. For instance, we recommend online protection that goes beyond antivirus to include identity and privacy protection, as well as promoting safety best practices like using multi-factor authentication. We wondered if there was a simpler and easier way to advise customers how to better protect themselves.
A recent survey shows how important online security has become to consumers. We found that 74% of you have concerns about keeping your information private online. 57% want to be more in control of their personal info online. And, since the pandemic started, 47% of online consumers feel unsafe compared to 29%. Simply put, customers are more conscious of their safety online than ever before, and eager to play an active role in their protection.
It’s time for a new approach – meet the Protection Score.
If you’re thinking this looks like a credit, fitness, sleep, or any of the other scores we now use to visualize and quantify aspects of our life, you’re on the right track.
Your personalized Protection Score is a measure of your security online. The higher your score, the safer you are online. Your score will highlight any weaknesses in your security and help you fix them with easy step-by-step instructions. We’ll also let you know which features haven’t been setup so you can get the most out of your protection.
When we developed Protection Score the idea was to give customers a simple solution to better protect themselves and get the most from their subscription, including security tips to protect their identity, privacy, and devices, while also improving their online habits. We wanted it to be easy for anyone to:
Now that we’ve talked about Protection Score generally, let’s look at how it works in practice. Your score is based on a few things, including setting up your McAfee protection, strengthening your security with our safety recommendations, and ensuring your personal info is safely monitored with Identity Protection.
For example, if your information is exposed in a data breach your score may drop, but you can improve it by following our easy-to-follow remediation steps. Once you’ve completed those steps your score will go back up and you can be confident knowing you’re better protected online.
A perfect score does not mean you’re perfectly safe, but it does mean that you’re doing an excellent job of preventing and managing risks.
Your Protection Score is a great way to understand how safe you are at a glance. Additionally, improving your score ensures your life online is being protected by many of the safety features and benefits McAfee has to offer. For instance, the subscriber, John Smith, can see they’re fairly safe based on their score. However, it isn’t a perfect score and there are a few actions they could still take to improve it. In this case, adding their email and phone number to dark web monitoring – a crucial step in protecting their personally identifiable information online.
Protection Score can be easily accessed* from your browser of choice on any device so you can review our guidance and take steps to improve your score from wherever you are. McAfee’s Protection Score is a first for the cybersecurity industry, but we’re not stopping there. We’re going to continue to improve the feature by adding more personalization and accessibility so you can enjoy your life online knowing exactly how protected you are.
*Note that Protection Score is currently live in the US, Canada, Brazil, Australia, New Zealand, Japan, UK, Germany, France, Spain, and Italy.
The post Stay on top of your online security with our Protection Score appeared first on McAfee Blog.
Authored by ChanUng Pak
McAfee’s Mobile Research team recently found a new Android malware, Elibomi, targeting taxpayers in India. The malware steals sensitive financial and private information via phishing by pretending to be a tax-filing application. We have identified two main campaigns that used different fake app themes to lure in taxpayers. The first campaign from November 2020 pretended to be a fake IT certificate application while the second campaign, first seen in May 2021, used the fake tax-filing theme. With this discovery, the McAfee Mobile Research team has been able to update McAfee Mobile Security so that it detects this threat as Android/Elibomi and alerts mobile users if this malware is present in their devices.
During our investigation, we found that in the latest campaign the malware is delivered using an SMS text phishing attack. The SMS message pretends to be from the Income Tax Department in India and uses the name of the targeted user to make the SMS phishing attack more credible and increase the chances of infecting the device. The fake app used in this campaign is designed to capture and steal the victim’s sensitive personal and financial information by tricking the user into believing that it is a legitimate tax-filing app.
We also found that Elibomi exposes the stolen sensitive information to anyone on the Internet. The stolen data includes e-mail addresses, phone numbers, SMS/MMS messages among other financial and personal identifiable information. McAfee has reported the servers exposing the data and at the time of publication of this blog the exposed information is no longer available.
The latest and most recent Elibomi campaign uses a fake tax-filing app theme and pretends to be from the Income Tax Department from the Indian government. They even use the original logo to trick the users into installing the app. The package names (unique app identifiers) of these fake apps consist of a random word + another random string + imobile (e.g. “direct.uujgiq.imobile” and “olayan.aznohomqlq.imobile”). As mentioned before this campaign has been active since at least May 2021.
Figure 1. Fake iMobile app pretending to be from the Income Tax Department and asking SMS permissions
After all the required permissions are granted, Elibomi attempts to collect personal information like e-mail address, phone number and SMS/MMS messages stored in the infected device:
Figure 2. Elibomi stealing SMS messages
Here are our recommendations to avoid being affected by this and other Android threats that use social engineering to convince users to install malware disguised as legitimate apps:
Android/Elibomi is just another example of the effectiveness of personalized phishing attacks to trick users into installing a malicious application even when Android itself prevents that from happening. By pretending to be an “Income Tax” app from the Indian government, Android/Elibomi has been able to gather very sensitive and private personal and financial information from affected users which could be used to perform identify and/or financial fraud. Even more worryingly, the information was not only in cybercriminals’ hands, but it was also unexpectedly exposed on the Internet which could have a greater impact on the victims. As long as social engineering attacks remain effective, we expect that cybercriminals will continue to evolve their campaigns to trick even more users with different fake apps including ones related to financial and tax services.
McAfee Mobile Security detects this threat as Android/Elibomi and alerts mobile users if it is present. For more information about McAfee Mobile Security, visit https://www.mcafeemobilesecurity.com
For those interested in a deeper dive into our research…
During our investigation, we found the main distribution method of the latest campaign in one of the stolen SMS messages exposed in one of the C2 servers. The SMS body field in the screenshot below shows the Smishing attack used to deliver the malware. Interestingly, the message includes the victim’s name in order to make the message more personal and therefore more credible. It also urges the user to click on a suspicious link with the excuse of checking an urgent update regarding the victim’s Income Tax return:
Figure 3. Exposed information includes the SMS phishing attack used to originally deliver the malware
Elibomi not only exposes stolen SMS messages, but it also captures and exposes the list of all accounts logged in the infected devices:
Figure 4. Example of account information exposed in one of the C2 servers
If the targeted user clicks on the link in the text message, a phishing page will be shown pretending to be from the Income Tax Department from the Indian government which addresses the user by its name to make the phishing attack more credible:
Figure 5. Fake e-Filing phishing page pretending to be from the Income Tax Department in India
Each targeted user has a different application. For example in the screenshot below we have the app “cisco.uemoveqlg.imobile” on the left and “komatsu.mjeqls.imobile” on the right:
Figure 6. Different malicious applications for different users
During our investigation, we found that there are several variants of Elibomi for the same iMobile fake Income tax app. For example, some iMobile apps only have the login page while in others have the option to “register” and request a fake tax refund:
Figure 7. Fake iMobile screens designed to capture personal and financial information
The sensitive financial information provided by the tricked user is also exposed on the Internet:
Figure 8. Example of exposed financial information stolen by Elibomi using a fake tax filling app
The first Elibomi campaign pretended to be a fake “IT Certificate” app was found to be distributed in November 2020. In the following figure we can see the similarities in the code between the two malware campaigns:
Figure 9. Code similarity between Elibomi campaigns
The malicious application impersonated an IT certificate management module that is purposedly used to validate the device in a non-existent verification server. Just like the most recent version of Elibomi, this fake ITCertificate app requests SMS permissions but it also requests device administrator privileges, probably to make more difficult its removal. The malicious application also simulates a “Security Scan” but in reality what it is doing in the background is stealing personal information like e-mail, phone number and SMS/MMS messages stored in the infected device:
Figure 10. Fake ITCertificate app pretending to do a security scan while it steals personal data in the background
Just like with the most recent “iMobile” campaign, this fake “ITCertificate” also exposes the stolen data in one of the C2 servers. Here’s an example of a stolen SMS message that uses the same log fields and structure as the “iMobile” campaign:
Figure 11. SMS message is stolen by the fake “ITCertificate” using the same log structure as “iMobile”
The cybercriminals behind these two pieces of malware designed a simple but interesting string obfuscation technique. All strings are decoded by calling different classes and each class has a completely different table value
Figure 12. Calling the de-obfuscation method with different parameters
Figure 13. String de-obfuscation method
Figure 14. String de-obfuscation table
The algorithm is a simple substitution cipher. For example, 35 is replaced with ‘h’ and 80 is replaced with ‘t’ to obfuscate the string.
| Hash | Package name | ||
| 1e8fba3c530c3cd7d72e208e25fbf704ad7699c0a6728ab1b290c645995ddd56 | direct.uujgiq.imobile | ||
| 7f7b0555563e08e0763fe52f1790c86033dab8004aa540903782957d0116b87f |
ferrero.uabxzraglk.imobile
|
||
| 120a51611a02d1d8bd404bb426e07959ef79e808f1a55ce5bff33f04de1784ac |
erni.zbvbqlk.imobile
|
||
| ecbd905c44b1519590df5465ea8acee9d3c155334b497fd86f6599b1c16345ef |
olayan.bxynrqlq.imobile
|
||
| da900a00150fcd608a09dab8a8ccdcf33e9efc089269f9e0e6b3daadb9126231 | foundation.aznohomqlq.imobile | ||
| 795425dfc701463f1b55da0fa4e7c9bb714f99fecf7b7cdb6f91303e50d1efc0 | fresenius.bowqpd.immobile | ||
| b41c9f27c49386e61d87e7fc429b930f5e01038d17ff3840d7a3598292c935d7 | cisco.uemoveqlg.immobile | ||
| 8de8c8c95fecd0b1d7b1f352cbaf839cba1c3b847997c804dfa2d5e3c0c87dfe | komatsu.mjeqls.imobile | ||
| ecbd905c44b1519590df5465ea8acee9d3c155334b497fd86f6599b1c16345ef | olayan.bxynrqlq.imobile | ||
| 326d81ba7a715a57ba7aa2398824b420fff84cda85c0dd143462300af4e0a37a | alstom.zjeubopqf.certificate | ||
| 154cfd0dbb7eb2a4f4e5193849d314fa70dcc3caebfb9ab11b4ee26e98cb08f7 | alstom.zjeubopqf.certificate | ||
| c59ecd344729dac99d9402609e248c80e10d39c4d4d712edef0df9ee460fbd7b | alstom.zjeubopqf.certificate | ||
| 16284cad1b5a36e2d2ea9f67f5c772af01b64d785f181fd31d2e2bec2d98ce98 | alstom.zjeubopqf.certificate | ||
| 98fc0d5f914ae47b61bc7b54986295d86b502a9264d7f74739ca452fac65a179 | alstom.zjeubopqf.certificate | ||
|
32724a3d2a3543cc982c7632f40f9e831b16d3f88025348d9eda0d2dfbb75dfe
|
computer.yvyjmbtlk.transferInstant | ||
The post Phishing Android Malware Targets Taxpayers in India appeared first on McAfee Blog.
An important alert for anyone who uses smart cameras, Wi-Fi baby monitors, and other connected devices that send audio or video over the internet: a recent security advisory indicates millions of these devices may be at risk of remote monitoring or attack.
The root of the concern is an apparent vulnerability in the Software Development Kit (“SDK”) used with the ThroughTek Kalay network. Millions of smart devices use Kalay and its protocols to communicate over the internet.
As mentioned in the security advisory, an attacker could exploit the apparent vulnerability to intercept audio and video signals sent to and from Kalay-enabled devices. This could lead to follow-on attacks that utilize the Kalay-enabled Internet of Things (IoT) platform—such as the smart cameras and baby monitors.
While there is not a comprehensive list of specific devices or manufacturers that may be affected by this alert, millions of devices use the Kalay network and protocols. Given this, people who own these types of devices should strongly consider taking the following steps to protect themselves while ThroughTek and its partners actively address the issue:
1. Update your devices. Manufacturers using the Kalay protocol have been advised to update to its latest version and enable further security features. Updating your devices regularly increases the chances that you’ll receive security improvements soon after they become available.
2. Do not connect to your smart cameras, baby monitors, and other devices through public Wi-Fi. Accessing these devices via a smartphone app from an unprotected network can compromise the security of your devices. Use a VPN or a secure cellular data connection instead.
3. Use strong, unique passwords. Every device of yours should have one, along with a unique username to go along with it. In some cases, connected devices ship with default usernames and passwords, making them that much easier to hack.
With those immediate steps in place, this security advisory offers you a chance to take a fresh look at your network and device security overall. With these straightforward steps in place, you’ll be more protected against such events in the future—not to mention more secure in general.
Our banks, many of the online shopping sites we use, and numerous other accounts use two-factor authentication to help validate that we’re who we say we are when logging in. In short, a username and password combo is an example of one-factor authentication. The second factor in the mix is something you, and only you, own or control, like your mobile phone. Thus, when you log in and get a prompt to enter a security code that’s sent to your mobile phone, you’re taking advantage of two-factor authentication. If your IoT device supports two-factor authentication as part of the login procedure, put it to use and get that extra layer of security.
Your router acts as the internet’s gateway into your home. From there, it works as a hub that connects all your devices—computers, tablets, and phones, along with your IoT devices as well. That means it’s vital to keep your router secure. A quick word about routers: you typically access them via a browser window and a specific address that’s usually printed somewhere on your router. Whether you’re renting your router through your internet provider or have purchased one, the internet provider’s “how to” guide or router documentation can step you through this process.
The first thing to do is change the default password of your router if you haven’t done so already. Again, use a strong method of password creation. Also, change the name of your router. When you choose a new one, go with name that doesn’t give away your address or identity. Something unique and even fun like “Pizza Lovers” or “The Internet Warehouse” are options that mask your identity and are memorable for you too. While you’re making that change, you can also check that your router is using an encryption method, like WPA2, which helps secure communications to and from your router. If you’re unsure what to do, reach out to your internet provider or router manufacturer.
Just as you can offer your human guests secure access that’s separate from your own devices, creating an additional network on your router allows you to keep your computers and smartphones separate from IoT devices. This way, if an IoT device is compromised, a hacker will still have difficulty accessing your other devices, like computers and smartphones, along with the data and info that you have stored on them. You may also want to consider investing in an advanced internet router that has built-in protection and can secure and monitor any device that connects to your network.
We mentioned this above, yet it’s so important that it calls for a second mention: make sure you have the latest software updates for your IoT devices. That will make sure you’re getting the latest functionality from your device, and updates often contain security upgrades. If there’s a setting that lets you receive automatic updates, enable it so that you always have the latest.
You’ve probably seen that you can control a lot of your connected things with your smartphone. We’re using them to set the temperature, turn our lights on and off, and even see who’s at the front door. With that, it seems like we can add the label “universal remote control” to our smartphones—so protecting our phones has become yet more important. Whether you’re an Android or iOS device user, get security software installed on your phone so you can protect all the things it accesses and controls—in addition to you and the phone as well.
While the apparent vulnerability in the Kalay protocol is at issue here, this security advisory stands as a good reminder to protect all of our connected things—notably our computers and laptops. Using a strong suite of security software like McAfee® Total Protection, can help defend your entire family from the latest threats and malware, make it safer to browse, and look out for your privacy too.
The post McAfee Security Alert: Protect Your Smart Cameras and Wi-Fi Baby Monitors appeared first on McAfee Blog.
With the increase in online activities due to the COVID-19 pandemic, consumers are potentially becoming exposed to more online threats, and nearly 1 in 3 Americans are not confident in their ability to prevent a cyberattack. Through a partnership with American Express via the Amex Offers Program, McAfee is delighted to offer eligible American Express Card Members personal online security by providing access to comprehensive solutions that protect online security
“Despite the increase in potential risks, consumers plan to continue conducting more and more personal activities online as the post-pandemic new normal comes to fruition,” said Pedro Gutierrez, SVP Global Consumer Sales & Operations at McAfee. “Investing in personal security solutions to protect your online life is a simple way to think security-first, and we’re ecstatic we can now offer these solutions to add value to American Express Card Members.”
The COVID-19 pandemic has forced many regular activities online, with McAfee’s 2021 Consumer Security Mindset Report finding that internet providers saw household internet usage surge anywhere from 40% to 100% as people worked, studied, shopped and entertained themselves at home. Additionally, McAfee found that of consumers that purchased connected devices in 2020, only 50% acted by purchasing security software and only 1 in 4 checked if their security software is up to date.
Through the Amex Offers program, eligible American Express Card Members can receive a statement credit of up to $15 if they spend $45 or more to purchase personal protection solutions at McAfee.com. The statement credit is available to eligible American Express Card Members until August 24th, 2021 and Card Members should check their offers list for additional details on eligibility, offer redemption instructions and applicable limitations.
The post McAfee Partners with American Express to Provide Best-in-Class Security appeared first on McAfee Blogs.
Equipping and guiding your digitally connected child is one of the toughest challenges you will face as a parent. As your child grows and changes, so too will their online activities. Friend groups, favorite apps, and online interests can shift from one month to the next, which is why parental controls can be a parent’s best friend.
According to a report from Common Sense Media, teens spend an average of seven hours and 22 minutes on their phones a day. Tweens (ages 8 to 12) spend four hours and 44 minutes daily. This is time outside of schoolwork.
That is a lot of time to stroll the streets of cyberspace for entertainment purposes, and it’s only increased since the pandemic.
Striking a balance between screen time and healthy device use is an always-evolving challenge. On the one hand, your child’s device is an essential channel connecting them to their self-identity, peer acceptance, and emotional well-being. On the other hand, that same device is also the door that can bring issues such as cyberbullying, predators, risky behavior, and self-image struggles into your child’s life.
Parental controls are tools that allow parents to set controls on their children’s internet use. Controls include content filters (inappropriate content), usage limits (time controls), and monitoring (tracking activity).
Many of the technology your family already owns or sites your kids visit have basic parental controls (i.e., built-in controls for android and iPhone and social networks such as YouTube). However, another level of parental control comes in software specifically engineered to filter, limit, and track digital activity. These consumer-designed parental controls offer families a higher, more powerful form of protection.
If you are like many parents who land on this blog, you’ve hit a rough patch. You have concerns about your child’s online activity but aren’t sure how to begin restoring balance. Rightly, you want to find the best parental control software and put digital safeguards in place.
Every family dynamic is different, as is every family’s approach to online monitoring. However, most parents can agree that when a negative influence begins to impact the family’s emotional and physical health, exploring new solutions can help get you back on track.
Depending on your child’s age, you may need to consider parental controls if:
1. They don’t respond when you talk to them
If your child is increasingly engrossed in their phone and it’s causing communication issues in your family, you may want to consider software that includes time limits. Connecting with your child during device-free time can improve communication.
2. They’ve started ignoring homework and family responsibilities
There are a lot of reasons grades can plummet, or interests can fade. However, if your child is spending more and more time online, limiting or monitoring what goes on in that time can help restore emotional balance and self-discipline to meet responsibilities.
3. Their browser history shows access to risky content
Innocent online searches can lead to not so innocent results or children may go looking for content simply because they’re curious. Parental controls automatically block age-inappropriate sites and filter websites, apps, and web searches.
4. They won’t give you their device without a fight
If the phone has become the center of your child’s world at the cost of parental respect and family rules, they may be engaged in inappropriate behavior online, connecting with the wrong friends, or struggling with tech balance. With the proper parental controls, a parent can block risky content, view daily activity, and set healthy time limits.
5. They’re losing interest in family outings and other non-digital activities
Poor habits form quietly over time. If your child has dramatically changed their focus in the past three to six months, consider zooming in on why. It may not be technology use, but you may consider an additional layer of protection if it is.
6. They go into another room to respond to a text
While everyone deserves privacy, if constantly sneaking away to communicate with a friend is your child’s new norm, you may consider making some screen time adjustments.
7. They are exhausted
Unbeknownst to parents, kids might be exchanging sleep for screen time. Parental controls can help you nip this unhealthy habit. Setting time limits can help kids experience deeper sleep, better moods, more focus, and more energy.
8. They overshare online
If you browse through your child’s social media and notice their profiles are public instead of private, or if your child tends to overshare personal information, parental controls can help you monitor future activity.
Ideally, we’d all prefer to live in a world where we didn’t need parental controls at all. Unfortunately, that is neither a present nor future reality. So, we recalibrate, keep learning, and keep adding to our parenting skills. As always, we believe the first go-to digital safety tool is investing in consistent open and honest conversation with your child. And the second tool? Yup, reach for the parental controls. While you may hear some hemming and hawing from your kids at first, the peace of mind you gain from having parental controls in place will be worth it.
The post 8 Signs It May Be Time for Parental Controls appeared first on McAfee Blog.
Depending on where your travels take you, you might need a new passport—a COVID-19 vaccine passport.
In an effort to kickstart travel and local economies, these so-called vaccine passports are more accurately a certificate. Such a “passport” can offer proof that the holder has been fully vaccinated against the virus, and there are several of these passports developing in the wings. With all of this in motion, I wanted to give families a look at what’s happening so that they can protect their privacy and identity online.
Broadly speaking, a vaccine passport works like this: information such as name, date of birth, date of vaccination, vaccination type, and vaccination lot number are used to create a digital certificate stored in a smartphone or a physical card. The holder can then offer up that proof of vaccination (or a recent negative test result) to businesses, travel authorities, and the like.
The notion of a vaccine passport has actually been around for a while now, such as the “Yellow Card” issued by the World Health Organization (WHO), which documents vaccination against diseases like cholera and yellow fever for travelers. Note that currently there’s no widely accepted standard for COVID-19 vaccine passports. What’s more, conversations continue around the concerns that come with documenting and sharing vaccine information securely. Understandably, it’s a complex topic.
As of this writing, the European Union has started issuing the “EU Digital Covid Certificate,” which allows its holders to travel throughout the EU freely without quarantine restrictions. The UK has its own version in the works, as do other nations in Asia, along with airline carriers too. In the U.S., “passports” appear to be in development on the state level, rather than on the federal level. For example, the state of New York has its Excelsior Pass program and California has its Digital COVID-19 Vaccine Record available to residents. Private airlines and air travel industry groups have launched their own efforts as well, such as the International Air Travel Association’s IATA Travel Pass.
How these passports are rolled out and how they get used will vary, yet vaccine passports may have an impact on the way people can travel as we recover globally from the pandemic. In some cases, they may even determine if people can attend large events that can help localities reboot their economies and public life in general (i.e., concerts, sporting events, and so on).
The development of vaccine passports and all the rules businesses and local authorities set around them may feel a bit out of our hands. However, in terms of your privacy and your family’s privacy, plenty is still very much in your hands. The common denominator across all these vaccine passports is the exchange of personal information—you and your family’s personal information. And where personal information is shared, hackers are sure to follow. This presents a perfect opportunity for you and your family to review your online privacy practices and close any gaps, whether you plan on traveling or not.
I put together a few things you can do to make sure that you and your family can navigate the future use of these passports with your privacy in mind:
What seems like an innocent celebration of your vaccination could put your personal information at risk. The information captured on these cards varies by nation, region, and locality, with some of the cards containing more information than others. However, even basic info such as birthday, vaccine manufacturer and lot number, location of immunization, or doctor’s name can provide the basis of a scam, such as a phishing email or phishing text message. Likewise, such information could get scooped up by a hacker and used to create phony vaccination credentials. Instead of posting that pic of you and your vaccine card, go with a happy selfie instead. And if you’ve already posted, go ahead and delete the image, better to remove it now and stay safe.
As mentioned above, the uncertainty around vaccine passports, and the general uncertainty around the latter days of the pandemic overall, creates opportunities for hackers and cybercrooks. Just as the early pandemic saw phony offers around miracle cures and today we’re seeing offers for phony vaccination cards, you can bet that scams revolving around vaccine passports will follow. The best advice here is to go to a trusted source for information, like the NHS in the UK or the American Medical Association in the U.S. Granted, cybercrooks will launch their phishing campaigns regardless. Here’s what to do if one heads your way:
In all, if someone is asking for any kind of personal or financial information via an email, text, instant message, or the like, chances are it’s a scam. For more, check out this article on how to spot the warning signs of a phishing attack.
In a time of data breaches large and small, checking your credit regularly is a wise move. Doing so will help you quickly spot issues and help you address them, as companies typically have a clear-cut process for dealing with fraud. You can get a free credit report in the U.S. via the Federal Trade Commission (FTC) and other nations like the UK have similar free offerings as well.
Do the same for your children. They’re targets too. High-value targets at that. Their credit reports are clean, which gives cybercrooks a blank slate to work with. Even more attractive is that child identity theft often goes long unnoticed until years later when the child gets older and rents an apartment or applies for their first credit card.
It’s that simple. Given that these vaccine passports will likely involve a digital certificate stored on a smartphone, app, or possibly other devices, protect them so you can protect yourself. Select comprehensive security software that will protect multiple devices so that everyone in your home is covered.
You can bet that rumors will abound as to who is issuing what “passport”, under what restrictions, and with what implications for traveling, dining out, and visiting shops. All of that amounts to plenty of falsehoods and scams that attempt to rob you of your privacy, identity, and even your money. Turn to trusted news sources known for their even-handed reporting, such as Reuters or the Associated Press, and get your information from there. Knowing what the facts about vaccine passports are in your locality will arm you against fear-based attacks.
A few months back, the FTC posted its own blog about sharing vaccine card photos. It’s a great read, in part because they used a helpful analogy to discuss privacy and identity theft:
Think of it this way — identity theft works like a puzzle, made up of pieces of personal information. You don’t want to give identity thieves the pieces they need to finish the picture.
Likewise, any vaccine passport you acquire will become yet another puzzle piece that you have to protect.
In all, with post-pandemic recovery measures evolving before our eyes, keep an eye on your family’s security. Don’t give away any snippets of info that could be used against you and stay on the lookout for the scams hitting the internet that play on people’s uncertainty and fears. COVID-19 passports may be entirely new, yet they give cybercrooks one more way they can play their old tricks.
The post COVID-19 Vaccine Passports: 5 Security Tips for You and Your Family appeared first on McAfee Blogs.
Today we wrap up Mobile World Congress (MWC) 2021. Whether you joined online or attended the hybrid conference in person, one thing is certain: today’s groundbreaking technology is paving the way for our future connectivity. Fittingly, the theme of this year’s event was Connected Impact, representing the role mobile connectivity plays in an ever-changing world, where flexibility and adaptability are critical. Here are four of the key consumer takeaways from this year’s conference:
COVID-19 truly put the power of online connectivity to the test. While 2020 was supposed to be the year of 5G connectivity, this was put on pause as the world faced social and financial uncertainty. Instead, the spotlight fell on legacy technologies to create a new normal for users. Consumers quickly had to figure out how to live their best lives online — from working from home to distance learning to digitally connecting with loved ones.
To help foster online connectivity for all, 5G must step back into the spotlight. Although publicly available 5G networks have been around for two years, it is unlikely that many users see much of a difference between 5G and LTE. For users to feel the impact of 5G, mobile carriers must expand the frequencies at the low and high ends of the spectrum, which is where 5G networks operate.
Qualcomm led the 5G announcements on Monday with the unveiling of its second-generation Qualcomm 5G RAN Platform for Small Cells (FSM200xx). This platform brings major enhancements to radio frequencies and is designed to take millimeter wave performance to more places: indoors, outdoors, and around the globe. According to Qualcomm, these advancements aim to facilitate greater mobile experiences and accelerate 5G performance and availability to users everywhere— thus reshaping opportunities for homes, hospitals, offices and more.
Technology and connectivity played a crucial role in our daily lives in 2020—and therefore, unsurprisingly, spending on health and wellness tech grew by 18.1%. But now, we must ask ourselves what role technology will play post-lockdown.
While they did not have a physical appearance at MWC this year, Samsung provided a sneak of their new wearables: they introduced the One UI Watch user experience, a new interface designed to make the Galaxy Watch and smartphone experience more deeply connected. Samsung also announced its expanded partnership with Google, promising to deliver better performance, longer battery life, and a larger ecosystem of apps to the Galaxy Watch. Although they did not unveil any hardware at MWC, Samsung did ensure that users can expect to see new devices like the Galaxy Z Fold 3 and the Galaxy Watch 4 at their Galaxy Unpacked event happening in July/August of 2021.
2020 also shone a bright light on the key role technology plays in the consumption and distribution of creative arts and entertainment. Lockdown put an even greater responsibility on streaming platforms — and the devices they are accessed on — to deliver content right to people’s homes.
To help meet entertainment consumption needs, Lenovo announced not one, not two, but five new Android tablets during MWC. Its largest tablet is the Yoga Tab 13, which features a built-in kickstand, 13-inch display with 2,160 x 1,350 resolution, up to 12 hours of battery life, and more. Lenovo is pitching this model as its “portable home cinema,” perfect for streaming on the go. It also unveiled the Yoga Tab 11 and the Tab P11 Plus, which are expected to be available in EMEA in July following the Yoga Tab 13’s June release date. For users hoping for a more compact, budget-friendly device, Lenovo also announced the Lenovo Tab M8 and the Lenovo Tab M7. Whichever model you select, one thing it certain — digital devices have and will continue to be instrumental in consumer entertainment.
These exciting announcements are a great representation of what the future holds for mobile technology and greater connectivity. The advancements in mobile connectivity have already made a positive impact on consumer lifestyles, but the rise in popularity of these devices has also caught the attention of cybercriminals looking to exploit consumers’ reliance on this technology.
More time spent online interacting with various apps and services simultaneously increases your chance of exposure to cybersecurity risks and threats. Unsurprisingly, cybercriminals were quick to take advantage of the increase in connectivity throughout 2020. McAfee Labs saw an average of 375 new threats per minute and a surge of hackers exploiting the pandemic through COVID-19 themed phishing campaigns, malicious apps, malware and more. For users to continue to live a connected life, they will need to take greater care of their online safety and ensure that security is top-of-mind in any given situation. Taking these precautions will provide greater peace of mind in the new mobile-driven world.
The post The Future of Mobile: Trends from Mobile World Congress 2021 appeared first on McAfee Blogs.
What do Burger King and the popular “Doge” meme have in common? They both have cryptocurrencies named after their likeliness. WhopperCoin and Dogecoin are just two examples of the thousands of types of cryptocurrencies that have caught users’ attention over the past few years. Cryptocurrencies are digital tokens generated by a computer after solving complex mathematical functions. These functions are used to verify the authenticity of a ledger, or blockchain.
Bitcoin is the most popular cryptocurrency today, increasing its value by almost 300% in 2020. Today, almost 46 million Americans own at least one share of Bitcoin, illustrating how these cryptocurrencies are the future of tomorrow’s digital payment system — or are they? The same benefits that make them a popular choice with online users have also made them popular amongst online thieves, sparking a wave of ransomware attacks and other cyberattacks more recently. This begs the question: do the benefits of Bitcoin outweigh the risks?
Every rose has its thorn, and several Bitcoin benefits seem to be hitched to online security risks. Here are some cryptocurrency characteristics that may seem appealing to users, but also provide cybercriminals with an opportunity to exploit:
As previously mentioned, cryptocurrency exchanges take place on an online public ledger, or blockchain, to secure online transactions. This means that anybody can observe the exchange online. However, the parties making the transactions are anonymous, disguised with a random number. Bitcoin users can make purchases that are never associated with their identity, similar to a cash transaction.
While the purchase discretion provided by Bitcoin may be appealing to users who want to remain private, this characteristic could also aid cybercriminals in malicious activity. Due to the anonymity of Bitcoin transactions, there is no way for someone to associate a person with a certain cryptocurrency wallet. Furthermore, a user could have multiple wallets, allowing them to spread their currency from one address to another.
For a cybercriminal looking to target an individual with ransomware, the purchase discretion and anonymity of Bitcoin provide a favorable solution. In fact, Bitcoin accounts for approximately 98% of ransomware payments today. Say a hacker carries out a ransomware attack and demands that the user pay a large sum in Bitcoin. If the user completes the payment, the hacker can keep moving the currency from one anonymous account to another. That makes it very difficult — though not impossible — to trace if the individual decides to investigate the case and tries to get their money back.
Another characteristic that Bitcoin users find appealing is the autonomy offered by digital currencies. In theory, they allow users more autonomy over their own money than government-regulated currencies do. With Bitcoin, users can control how they spend their money without dealing with an intermediary authority like a bank or government.
This lack of intermediary authority also opens a door for hackers to exploit. Say a user decides that they want to manage their finances using Bitcoin to bypass banking fees and send money to friends and family in different parts of the world. As previously mentioned, a Bitcoin user is assigned an anonymous private key that acts as their security credential. This key is generated and maintained by the user instead of a third-party agency. But what happens if the key isn’t random enough? An attacker could steal the user’s private key, and they will not be able to recover it since the Bitcoin blockchain is not dependent on any centralized third-party institutions. Therefore, it will be very difficult to track the attacker’s behaviors and recover lost funds.
It is safe to say that Bitcoin has caused a lot of buzz. But do the benefits outweigh the risks? Due to the nature of Bitcoin and most other public blockchains, anyone in the world can perform transactions or cryptographic computations — including cybercriminals. That’s why it is crucial for current cryptocurrency users and those considering cryptocurrency investment to do their research and know what vulnerabilities lie within the world of Bitcoin.
Follow these tips to help protect yourself from common threats that leverage cryptocurrency:
With blockchain, cryptocurrency, and any new and emerging technology, make sure you always remain a bit skeptical. Do your homework before you embrace the technology — research your options and make note of any known security issues and what you can do to mitigate known risks.
If a hacker does target you with ransomware demanding Bitcoin payment, it’s best not to pay the ransom. Although you may feel in the moment that this is the only way to get your encrypted files back, there is no guarantee that the ransomware developers will send a decryption tool once they receive the payment. Paying the ransom also contributes to the development of more ransomware families, so it is best to hold off on making any payments. Furthermore, a recent study found that 80% of businesses that choose to pay a ransom experience a subsequent ransomware attack. While it may feel like your only option in the moment, paying a ransom could show attackers that you’re willing to make the payment, therefore positioning you as an ideal target for yet another attack.
If you are targeted with ransomware, it’s crucial that you always have backup copies of your files, preferably in the cloud and on an external hard drive. This way, if you do get a ransomware infection, you can wipe your computer or device and reinstall your files from the backup. Backups protect your data, and you won’t be tempted to reward the hackers by paying a ransom. Backups won’t prevent ransomware, but they can mitigate the risks.
Large organizations often fall prey to ransomware attacks, so take necessary precautions if a company you’ve interacted with becomes compromised from a data leak or a ransomware attack. Immediately change your passwords for all your accounts, ensuring they are strong and unique. You can also employ a password manager to keep track of your credentials and generate secure login keys.
Add an extra layer of security with a solution such as McAfee® Total Protection, which includes Ransom Guard, to help protect your devices from these cyberthreats and ensure your digital wellness online.
The emergence of Bitcoin has indeed facilitated a wave of cybercrime that was previously difficult to perceive. In this new age of digital payments, blockchain, and cryptocurrencies, make sure that you do your research and stay vigilant when it comes to protecting your online safety. Remember: Bitcoin worth will continue to fluctuate, but your personal security will always remain invaluable.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, subscribe to our newsletter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Do the Benefits of Bitcoin Outweigh the Risks? appeared first on McAfee Blogs.
[Disclaimer: The McAfee ATR team disclosed this vulnerability to Peloton and promptly started working together to responsibly develop and issue a patch within the disclosure window. The patch was tested and confirmed effective on June 4, 2021.]
Picture this: A hacker enters a gym or fitness center with a Peloton Bike+. They insert a tiny USB key with a boot image file containing malicious code that grants them remote root access. Since the attacker doesn’t need to factory unlock the bike to load the modified image, there is no sign that it was tampered with. With their newfound access, the hacker interferes with the Peloton’s operating system and now has the ability to install and run any programs, modify files, or set up remote backdoor access over the internet. They add malicious apps disguised as Netflix and Spotify to the bike in the hopes that unsuspecting users will enter their login credentials for them to harvest for other cyberattacks. They can enable the bike’s camera and microphone to spy on the device and whoever is using it. To make matters worse, they can also decrypt the bike’s encrypted communications with the various cloud services and databases it accesses, potentially intercepting all kinds of sensitive information. As a result, an unsuspecting gym-goer taking the Peloton Bike+ for a spin could be in danger of having their personal data compromised and their workout unknowingly watched.
That’s a potential risk that you no longer have to worry about thanks to McAfee’s Advanced Threat Research (ATR) team. The ATR team recently disclosed a vulnerability (CVE-2021-3387) in the Peloton Bike+, which would allow a hacker with either physical access to the Bike+ or access during any point in the supply chain (from construction to delivery), to gain remote root access to the Peloton’s tablet. The hacker could install malicious software, intercept traffic and user’s personal data, and even gain control of the Bike’s camera and microphone over the internet. Further conversations with Peloton confirmed that this vulnerability is also present on Peloton Tread exercise equipment; however, the scope of our research was confined to the Bike+.
As a result of COVID-19, many consumers have looked for in-home exercise solutions, sending the demand for Peloton products soaring. The number of Peloton users grew 22% between September and the end of December 2020, with over 4.4 million members on the platform at year’s end. By combining luxury exercise equipment with high-end technology, Peloton presents an appealing solution to those looking to stay in shape with a variety of classes, all from a few taps of a tablet. Even though in-home fitness products such as Peloton promise unprecedented convenience, many consumers do not realize the risks that IoT fitness devices pose to their online security.
IoT fitness devices such as the Peloton Bike+ are just like any other laptop or mobile phone that can connect to the internet. They have embedded systems complete with firmware, software, and operating systems. As a result, they are susceptible to the same kind of vulnerabilities, and their security should be approached with a similar level of scrutiny.
Following the consumer trend in increasing IoT fitness devices, McAfee ATR began poring over the Peloton’s various systems with a critical eye, looking for potential risks consumers might not be thinking about. It was during this exploratory process that the team discovered that the Bike’s system was not verifying that the device’s bootloader was unlocked before attempting to boot a custom image. This means that the bike allowed researchers to load a file that wasn’t meant for the Peloton hardware — a command that should normally be denied on a locked device such as this one. Their first attempt only loaded a blank screen, so the team continued to search for ways to install a valid, but customized boot image, which would start the bike successfully with increased privileges.
After some digging, researchers were able to download an update package directly from Peloton, containing a boot image that they could modify. With the ability to modify a boot image from Peloton, the researchers were granted root access. Root access means that the ATR team had the highest level of permissions on the device, allowing them to perform functions as an end-user that were not intended by Peloton developers. The Verified Boot process on the Bike failed to identify that the researchers tampered with the boot image, allowing the operating system to start up normally with the modified file. To an unsuspecting user, the Peloton Bike+ appeared completely normal, showing no signs of external modifications or clues that the device had been compromised. In reality, ATR had gained complete control of the Bike’s Android operating system.
The McAfee ATR team disclosed this vulnerability to Peloton and promptly started working together to responsibly develop and issue a patch within the disclosure window. The patch was tested and confirmed effective on June 4, 2021. The discovery serves as an important reminder to practice caution when using fitness IoT devices, and it is important that consumers keep these tips in mind to stay secure while staying fit:
Stay on top of software updates from your device manufacturer, especially since they will not always advertise their availability. Visit their website regularly to ensure you do not miss news that may affect you. Additionally, make sure to update mobile apps that pair with your IoT device. Adjust your settings to turn on automatic software updates, so you do not have to update manually and always have the latest security patches.
Do your research before making a significant investment in an IoT device. Ask yourself if these devices are from a reputable vendor. Have they had previous data breaches in the past, or do they have an excellent reputation for providing secure products? Also, take note of the information your IoT device collects, how vendors use this information and what they release to other users or third parties.
Above all, understand what control you have over your privacy and information usage. It is a good sign if an IoT device allows you to opt-out of having your information collected or lets you access and delete the data it does collect.
Protect your data from being compromised by stealthy cybercriminals by using an identity theft solution such as the one included in McAfee Total Protection. This software allows users to take a proactive approach to protecting their identities with personal and financial monitoring, as well as recovery tools.
If you are one of the 4.4 million Peloton members or use other IoT fitness devices, it is important to keep in mind that these gadgets could pose a potential security risk just like any other connected device. To elevate your fitness game while protecting your privacy and data, incorporate cybersecurity best practices into your everyday life so you can confidently enjoy your IoT devices.
As stated, McAfee and Peloton worked together closely to address this issue. Adrian Stone, Peloton’s Head of Global Information Security, shared that “this vulnerability reported by McAfee would require direct, physical access to a Peloton Bike+ or Tread. Like with any connected device in the home, if an attacker is able to gain physical access to it, additional physical controls and safeguards become increasingly important. To keep our Members safe, we acted quickly and in coordination with McAfee. We pushed a mandatory update in early June and every device with the update installed is protected from this issue.”
Peloton is always looking for ways to improve products and features, including making new features available to Members through software updates that are pushed to Peloton devices. For a step-by-step guide on how to check for updated software, Peloton Members can visit the Peloton support site.
The post Is Your Peloton Spinning Up Malware? appeared first on McAfee Blogs.
To enjoy online life to the fullest these days, we often have to give out a certain amount of personal information. That also means the moment you go online you’re giving personal data away. Whether it’s your phone, a game console, or a connected speaker, someone, somewhere, is monitoring your connection. Knowing what data your device sends, and who has access to that information, is an important part of maintaining your online privacy. However, without the right tools, you’re probably giving away a lot more information than you realize. Many believe that one effective way to maintain online privacy is by using a private mode on a browser.
However, it’s a common misconception that “private browsing” modes–like Google’s Incognito–protect your online privacy. It makes sense, they’re called “private browsing”, what else would they do? Well, if you’ve read the news lately, you may have seen that Google is in a $5 billion lawsuit specifically because of their private browsing mode.
The thing is, incognito mode is often misunderstood. When you open an incognito window, you’re told that “You’ve gone incognito.” The explanation underneath says that your browsing history, website visits, cookies, and information you put in forms, won’t be saved. This is where the confusion starts. What the incognito explanation doesn’t tell you is that your browsing information isn’t blocked or hidden from advertisers while in incognito mode. So even though your browsing information “won’t be saved” on your device or available after you close the window, that doesn’t stop the internet from seeing everything you’ve been up to while in that session.
For these reasons, more people use virtual private networks, or VPNs, to protect their browsing history from prying eyes. If you’re new to VPN, this might be the perfect time to learn about what they are, how they work and why you might choose a VPN over private browsing.
VPN protects your devices by wrapping your internet connection in a secure tunnel that only you can access. This stops people —like those nosey advertisers—from seeing what sites you visit. With a secure connection to the Internet, every search request, every website you browse, is hidden from sight. It’s important to point out that VPN doesn’t make you anonymous; they make it so only you can see what you’re doing online. You can learn even more about VPN in this blog.
Without private browsing, your browser tells websites–and their owners–all kinds of things about you like what device you’re using, where you are, what sites you’ve visited, and when. Websites use this information to serve you relevant ads, but it can also be used to track your location and browsing habits.
With private browsing, your browser window is isolated from the rest of your operating system. Isolating the browser is supposed to help block websites from seeing who you are, block cookies and prevent access to your browsing history, but even when using private browsing, tests like EFF’s Panopticlick privacy test can see what device you’re on, where you’re connecting, if you can accept cookies, your OS, and many other types personally-identifying information.
We wouldn’t recommend using incognito mode instead of a VPN, ever. However, Incognito mode has its place in your online security toolkit, as long as you don’t think of it as a replacement for other types of protection. For instance, if you share a device with other people, like family members, then you might want to use incognito mode to make sure your partner doesn’t accidentally find out how much you spent on their surprise birthday gift. But, if you’re concerned with advertisers tracking you and watching what you do online, then you should consider also using a VPN to protect your privacy.
If you’re already a McAfee Total Protection subscriber, you have access to unlimited VPN usage. Protect your personal information, like your banking information and credit cards, from prying eyes with McAfee Total Protection’s Secure VPN. If you haven’t already signed up, now’s the perfect time. McAfee Total Protection provides security for all your devices, giving you peace of mind while you shop, bank, and browse online.
The post Private browsing vs VPN – Which one is more private? appeared first on McAfee Blog.
Even as the internet kept us connected with family and friends during the pandemic, people remain understandably eager to reconnect in person as vaccines roll out and restrictions ease. In fact, people are making travel plans accordingly. Nearly two-thirds (64%) of people worldwide said that they’re planning to travel for leisure this year. And, as always, they’re bringing their devices with them.
These are a few of the top-line findings from our 2021 Consumer Security Mindset Report: Travel Edition, which garnered responses from more than 11,000 people aged 18 to 75 in eleven countries across North and South America, Europe, Asia, and the South Pacific. More broadly, this survey provides insight into people’s plans and preferences for travel and how they view online security while traveling—particularly after relying heavily on the internet at home during the pandemic for more than a year.
Indeed, people feel more connected by the internet today than they did prior to the onset of COVID-19 with a significant 76% of respondents stating as much. In light of that increasing reliance on the internet, 61% reported implementing more protection for their devices, connected homes, and online activities in general. This was particularly the case in nations like India (86%), Mexico (79%), and Brazil (68%). However, other nations trended much lower than the average, such as the UK (47%) and France (34%). In the U.S., that figure was lower than the international trend with roughly half of the people implementing more protection.
As called out earlier, people are taking the first steps toward leisure travel once again. Only 12% of people in the U.S said that they were planning on traveling internationally compared to a global average of 16%, while nations like Singapore (30%), the UK (25%), and Germany (24%) trending well above the average. In contrast, the outlook for domestic leisure travel appears exceptionally strong, particularly for respondents in Australia (88%), India (79%) and the U.S. (77%) who plan to travel as such.
The pandemic has shaped people’s views on where they’d like to stay, with 62% stating that their preference for lodging has changed this year. Well over one-third of respondents in the U.S., Australia, Indonesia, and Canada said that staying with family and friends as their preferred option. Globally speaking, hotel and motel accommodations topped the list at 41%. Vacation home rentals entered the mix as well with roughly 25% of respondents saying a rental was part of their plan.
Yet how have attitudes changed toward connecting to networks outside of the home, particularly after the past year saw the majority of people improve their security at home?
For a baseline, we found that 80% of respondents said that they’ve connected a device when visiting a home or place that is not their own. The devices they mentioned most include laptops, streaming devices, Bluetooth speakers, and gaming devices as well. To connect those devices, they’ll use the home network of the friend’s or rental home where they’re staying (48%) or the network provided by the hotel where they’re staying (48%). And while in-between places, public Wi-Fi remains a popular means of network connection at 50%, along with airport Wi-Fi (41%) plus transit Wi-Fi (31%). 
As to how secure people feel on those networks, the answer varies greatly. While people expect low risk or no risk at all on their home network (85%) or a friend’s home (73%), they’re far less apt to trust other networks. In general, they see Wi-Fi networks as most vulnerable to cyber threats than any other network or device at 68% and feel most at risk connecting to networks in hotels (25%) and rentals (21%).
Despite these findings, only 47% people said they take the same online security measures that they take at home when they’re on holiday or vacation. Similarly, just 52% of people check if the network they are joining is secure before they connect. Of that, 22% say they don’t check because they feel the network poses no threat and another 26% say that they simply don’t know how to check.
As travel becomes an actual possibility for people once again, it’s an opportunity to remember just how important security is outside the home. Whether people are at home or away, there will be banking to do, chances to shop online, and moments to stream a few shows while at the airport or on the road. Protecting laptops and mobile devices for travel become extra important when using public, airport, and public Wi-Fi, as those networks can expose people to more threats than their home networks.
With that, here are five things people can do to protect themselves and others while traveling:
The post Seeking Reconnection: Internet Usage and the Return to Travel appeared first on McAfee Blogs.
Cybercriminals go to great lengths to hack personal devices to gather sensitive information about online users. To be more effective, they make significant investments in their technology. Also, cybercriminals are relying on a tactic called social engineering, where they capitalize upon fear and urgency to manipulate unsuspecting device users to hand over their passwords, banking information, or other critical credentials.
One evolving mobile device threat that combines malware and social engineering tactics is called BRATA. BRATA has been recently upgraded by its malicious creators and several strains have already been downloaded thousands of times, according to a McAfee Mobile Research Team report.
Here’s how you can outsmart social engineering mind games and protect your devices and personal information from BRATA and other phishing and malware attacks.
BRATA stands for Brazilian Remote Access Tool Android and is a member of an Android malware family. The malware initially targeted users in Brazil via Google Play and is now making its way through Spain and the United States. BRATA masquerades as an app security scanner that urges users to install fake critical updates to other apps. The apps BRATA prompts the user to update depends on the device’s configured language: Chrome for English speakers, WhatsApp for Spanish speakers, and a non-existent PDF reader for Portuguese speakers.
Once BRATA infects a mobile device, it combines full device control capabilities with the ability to capture screen lock credentials (PIN, password, or pattern), capture keystrokes (keylogger functionality), and record the screen of the compromised device to monitor a user’s actions without their consent.
BRATA can take over certain controls on mobile phones, such as:
BRATA is like a nosy eavesdropper that steals keystrokes and an invisible hand that presses buttons at will on affected devices.
BRATA’s latest update added new phishing and banking Trojan capabilities that make the malware even more dangerous. Once the malware is installed on a mobile device, it displays phishing URLs from financial institutions that trick users into divulging their sensitive financial information. What makes BRATA’s banking impersonations especially effective is that the phishing URLs do not open into a web browser, which makes it difficult for a mobile user to pinpoint it as fraudulent. The phishing URLs instead redirect to fake banking log-in pages that look legitimate.
The choice to impersonate banks is a strategic one. Phishers often impersonate authoritative institutions, such as banks and credit card companies, because they instill fear and urgency.
Social engineering methods work because they capitalize on the fact that people want to trust others. In successful phishing attacks, people hand cybercriminals the keys instead of the cybercriminal having to steal the keys themselves.
Awareness is the best defense against social engineering hacks. When you’re on alert and know what to look for, you will be able to identify and avoid most attempts, and antivirus tools can catch the lures that fall through the cracks.
Here are three tell-tale signs of a social engineering attack and what you should do to avoid it.
Just because an app appears on Google Play or the App Store does not mean it is legitimate. Before downloading any app, check out the number of reviews it has and the quality of the reviews. If it only has a few reviews with vague comments, it could either be because the app is new or it is fake. Also, search the app’s developer and make sure they have a clean history.
Never click on links if you are not sure where they redirect or who sent it. Be especially wary if the message surrounding the link is riddled with typos and grammar mistakes. Phishing attempts often convey urgency and use fear to pressure recipients to panic and respond too quickly to properly inspect the sender’s address or request. If you receive an urgent email or text request concerning your financial or personal information, take a deep breath and investigate if the claim is legitimate. This may require calling the customer service phone number of the institution.
Just like computers, mobile devices can be infected with viruses and malware. Protect your mobile device by subscribing to a mobile antivirus product, such as McAfee Mobile Security. McAfee Mobile Security is an app that is compatible with Android devices and iPhones, and it protects you in various ways, including safe surfing, scanning for malicious apps, and locating your device if it is lost or stolen.
The post Beware of BRATA: How to Avoid Android Malware Attack appeared first on McAfee Blogs.
Something you’ll want to know about all those movies, mp3s, eBooks, air miles, and hotel points you’ve accrued over the years: they’re digital assets that can factor into a divorce settlement.
Understandably, several factors determine the distribution of assets in a divorce. However, when it comes to dividing digital assets, divorce settlements and proceedings are charting new territory. The rate of digital innovation and adoption in recent years has filled our phones, tablets, and computers with all manner of digital assets. What’s more, there are also the funds sitting in our payment apps or possibly further monies kept in the form of cryptocurrencies like bitcoin. Put plainly, the law is catching up with regards to the distribution of these and other digital assets like them.
Yet one thing that the law recognizes is that digital assets can have value and thus can be considered property subject to distribution in a divorce.
In light of this, the following is a checklist of considerations that can help prepare you or someone you know for the distribution of digital assets in a fair and just way.
Nothing offered in this article is legal advice, nor should it be construed as such. For legal advice, you can and should turn to your legal professional for counsel on the best approach for you and the laws in your area.
For starters, let’s get an understanding as to what actually constitutes a digital asset.
Because laws regarding digital assets vary (and continue to evolve), the best answer you can get to this question will come from your legal counsel. However, for purposes of discussion, a digital asset is any text or media in digital form that has value and offers the bearer the right to use it.
To put that in practical terms, let’s look at some real-world examples of what could constitute a digital asset. That list includes, but is not limited to:
However, digital assets can readily expand to further include:
And like any other asset in the case of a divorce, a value will be ascribed to each digital asset and then distributed per the conditions or orders of the settlement.
Arriving at the value of specific digital assets begins with an inventory—listing all the digital assets and accounts you own, just as you would with any other monetary or physical assets like bank accounts, properties, and cars. When you go through this process, chances are you’ll quickly find that you have hundreds if not thousands of dollars of digital assets.
For example, we can look at the research we conducted in 2011 which found that people placed an average value of $37,438 on the digital assets they owned at the time. Now, with the growth of streaming services, digital currency, cloud storage, and more in the past ten years, that figure feels conservative.
Above and beyond preparing for a divorce settlement, taking such an inventory of your digital assets is a wise move. One, it provides you with a clearer vision of the things you own and their worth; two, maintaining such a list gives you a basis for estate planning and determining who you would like to see receive those assets. Likewise, maintain that list on a regular basis and keep it safe. It’s good digital hygiene to do so.
With this inventory, each asset can then have an assessed value ascribed to it. In some instances, a value will easily present itself, such as the cost of a subscription or how much money is sitting in a PayPal account. In other cases, the value will be sentimental, such as the case is with digital photos and videos. Ideally, you and your spouse will simply be able to duplicate and share those photos and videos amicably, yet it is important that you articulate any such agreement to do so. This way, a settlement can call out what is to be shared, how it will be shared, and when.
Not all digital assets are transferrable. Certain digital assets are owned solely in your name. In other words, you may have access to certain digital assets that cannot transfer to someone else because you do not have the rights to do so per your user agreement. This can be the case with things such as digital books, digital music, and digital shows and movies.
In such circumstances, there may be grounds for negotiation and a “limited transfer” in the settlement, where one party exchanges one asset for another rather than splitting it equally. A case in point might be a sizeable eBook library on a device that’s in the name of one spouse. While that library can’t be split or transferred, one spouse may keep the eBook library while another spouse keeps a similarly valued asset or group of assets in return—like say a collection of physical books.
Streaming services will need to be addressed too. Be prepared to either terminate your accounts or simply have them assigned to the person in whose name they are kept. In the case of family accounts, the settlement should determine how that is handled, whether it gets terminated or similarly turned over to one spouse or the other. In all, your settlement will want to specify who takes over what streaming service and when that must occur.
Like dividing up investment accounts where the value of the account can vary daily, digital currencies can present challenges when spouses look to divide the holdings. Cryptocurrency valuation can be quite volatile, thus it can be a challenging asset to settle from a strict dollar standpoint.
What’s more, given the nature of digital currencies, there are instances where an unscrupulous spouse may seek to hide worth in such currency—which is an evolving issue in of itself. This recent article, “Cryptocurrency: What to Know Before and During Divorce,” covers the additional challenges of cryptocurrency in detail, along with an excellent primer on what cryptocurrency is and how it works.
Ultimately, cryptocurrency is indeed an asset, one that your attorney and settlement process will need to address, specifically so that there are no complications later with the transfer or valuation of the awarded currency.
With accounts changing hands, now’s the time to start fresh with a new set of passwords. What’s more, we have a tendency to reuse the same passwords over and over again, which may be known to an ex-spouse and is an inherent security risk in of itself. Change them. Even better, take this opportunity to use a password manager. A password manager can create and securely store strong, unique passwords for you, thus saving you the headache of maintaining dozens of them yourself—not to mention making you far more secure than before.
Again, keep in mind that nothing here is legal advice. Yet, do keep these things in mind when consulting with an attorney. The reality is that we likely have thousands of dollars of what could be considered digital assets. Inventorying them and ascribing a fair market value to them along with your legal professional is the first step in a fair and just settlement.
The post Digital Divorce: Who Gets the Airline Miles and Music Files? appeared first on McAfee Blogs.
In a year where people relied on their digital lives more than ever before and a dramatic uptick in attacks quickly followed, McAfee’s protection stood strong.
We’re proud to announce several awards from independent third-party labs, which recognized our products, protection, and the people behind them over the course of last year.
The Cybersecurity Excellence Awards is an annual competition honoring individuals and companies that demonstrate excellence, innovation, and leadership in information security. We were honored with four awards:
Further recognition came by way of three independent labs known for their testing and evaluation of security products. Once more, this garnered several honors:
As the threat landscape continues to evolve, our products do as well. We’re continually updating them with new features and enhancements, which our subscribers receive as part of automatic product updates. So, if you bought your product one or two years ago, know that you’re still getting the latest award-winning protection with your subscription.
We’d like to acknowledge your part in these awards as well. None of this is possible without the trust you place in us and our products. With the changes in our work, lifestyles, and learning that beset millions of us this past year, your protection and your feeling of security remain our top priority.
With that, as always, thank you for selecting us.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, subscribe to our email, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post McAfee Awarded “Cybersecurity Excellence Awards” appeared first on McAfee Blogs.
Cryptocurrency enthusiasts are flocking to the Wild West of Bitcoin and Monero to cash in on the recent gold rush. Bitcoin’s meteoric rise in value is making coin mining an appealing hobby or even a whole new career. Coin mining software is the main tool in a prospector’s belt.
Some coin miners, also known as cryptocurrency miners, are tempted by the dark side of the industry and resort to nefarious means to harness the immense computing power needed for cryptocurrency profits. Greedy cryptocurrency criminals employ a practice called cryptojacking, stealing the computer power of unsuspecting devices to help them mine faster. Your device could be at risk at being recruited to their efforts.
Let’s dig into how coin mining programs work, why they turn malicious, and how you can stay safe from cryptojackers.
Mining cryptocurrency takes a lot of time and computer processing power. A coin mining home setup requires a graphics processing unit (GPU) or an application-specific integrated circuit (ASIC). Coin mining software then runs off the GPU or ASIC. Each central processing unit (CPU), or the brain of the computer, plus the GPU or ASIC is referred to as a mining rig.
Once the software is installed, the rig is ready to mine, running mathematical calculations to verify and collect new cryptocurrency transactions. Each calculation is known as a hash, and hash rates are the number of calculations that can be run per second.
From there, casual miners may choose to join a mining pool, which is a club of miners who agree to consolidate their computing power and split the profits based on how much work each miner contributed to the output.
Bitcoin rewards miners every 10 minutes for their efforts. Each time miners solve a string of mathematical puzzles, they validate a chain of transactions, thus helping make the entire Bitcoin system more secure. Miners are paid in bitcoin and they also receive a transactional fee.
While coin mining typically starts off as a casual hobby, coin mining programs can turn malicious when cryptocurrency miners want to earn more without investing in boosting their own computing power. Instead, they reroute their targets’ computing power without asking. This is called cryptojacking.
Mining requires incredible amounts of electricity and the more rigs involved; the more cryptocurrency can be mined. Usually, the utility bills and the cost of running coin mining software negates any profit. For example, a casual miner may have one rig devoted to mining. An average rig processes approximately 500 hashes per second on the Monero network (a type of cryptocurrency). However, 500 hashes per second translates to less than a dollar per week in traditional, or fiat, currency.
Greedy cryptocurrency criminals recruit CPU soldiers to their mining army to improve their hash rate. To do so, criminals download coin mining software to a device and then program it to report back to their server. The device’s thinking power is diverted from the owner and funneled straight to the criminal’s server that now controls it. Compromised devices run considerably slower and can overheat, and the strain on the device can eventually destroy it.
Cryptojackers are not your everyday thieves. Their target is your CPU power, and they employ devious methods to funnel it for their own use. Luckily, there are a few easy ways to thwart their efforts:
Personal devices are often infected through phishing within emails and texts. There are many tell-tale signs of a phishing message. For example, they are often poorly written and use language that indicates that the sender wants a hasty response. Also, phishing attempts often charade as official organizations, like banks and credit card companies. If you are ever suspicious of an email or text, do not open any of the links and do not reply. Instead, contact the organization’s customer support to verify the legitimacy of the message.
Another way miners gain access to personal devices is by camouflaging malicious code in pop-up ads. An easy way to avoid being cryptojacked is to simply never click on these ads. Or even better, install an ad blocker to help eliminate the risk.
Public wi-fi and poorly protected networks present a vulnerable entry point for cybercriminals to hack into your devices. Cybercriminals often attempt to download software remotely to your laptop, desktop, or mobile device to reroute its computing power for their own selfish gains. Always connect to a VPN like McAfee Safe Connect VPN to safely surf unsecure networks.
Cryptojacking code is inconspicuous and generally hidden in legitimate code. Antivirus software, such as McAfee Total Protection, is a recommended way to proactively scan for malware and even identify fraudulent websites. McAfee WebAdvisor has a Chrome extension that specifically blocks cryptojackers.
Be aware of the signs your devices have been cryptojacked. For example, monitor any changes in the speed of your devices and check out your utility bills for dramatic spikes. By remaining vigilant with these tips, you will keep your devices safe from cryptocurrency miners gone rogue.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, subscribe to our email, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Why Coin Miners Go Bad & How to Protect Your Tech When They Do appeared first on McAfee Blogs.
Learning environments are not what they used to be, and as educational institutions deploy new technology to facilitate a safe and effective remote learning environment, their cyber vulnerabilities also increase. Canadian schools especially have seen a rise in ransomware attacks with the transition to online learning, opening the door for hackers to exploit student data and sabotage academic research. To combat the rising cybersecurity concerns, educators need to implement new measures to uphold secure and efficient distance learning environments without allowing student data and privacy to hang in the balance.
Limiting disruptions remains a high priority for educators as they discover how to manage their remote classrooms. Although many teachers are familiar with supplemental technologies such as tablets and online programs, it’s another matter entirely to be completely dependent on them to support a fully virtual classroom. When investing in online learning tools, educational institutions should not allow their concern for efficiency to overshadow an equally important requirement: safety.
The education sector has seen its fair share of cybersecurity attacks since the widespread shift to remote classrooms. According to Microsoft, the global education industry has the most malware attacks, even more than prominent industries such as business, finance, and healthcare. K-12 schools especially have experienced an uptick in ransomware and Distributed Denial of Service (DDoS). Many Canadian schools are experiencing cyber security incidents, damaging the integrity of their student data and privacy. With hackers consistently seeking to take advantage of the vulnerabilities in new technology, this prompts further discussion into why education is such a highly targeted industry.
The rapid shift to remote learning is an obvious culprit for the increasing threat level, but higher education institutions were already vulnerable before the pandemic. Many students simply lack the proper security awareness when using their online devices. In Morphisec’s CyberSecurity Threat Index, more than 30% of higher education breaches were caused by students falling victim to email scams, misusing social media, or other careless online activities. Budgetary constraints are also to blame for increasing online attacks, as many schools lack adequate funding to support a robust cybersecurity infrastructure. Cybercriminals recognize the vast amount of student data that schools have on record, and this incentivizes them further to infiltrate their systems.
Many of the new remote learning technologies introduced during the pandemic have exposed the risks associated with a lack of stringent security measures. For example, until recently, Agora’s video conferencing software exhibited a vulnerability that would have allowed hackers to spy on video and audio calls. With a growing number of students accessing remote learning technologies through their schools’ networks, it’s especially critical for schools to re-evaluate their security protocols to safeguard their students.
Schools at all levels need to proactively secure their digital technologies and safeguard their students’ data integrity. With the right approach, students and educators can mitigate the risks of cyber threats. Here are four critical cybersecurity steps that schools should take immediately:
It only takes one person to allow a hacker to infiltrate a school system. Digital security training is a must to ensure that students and faculty can recognize and take the appropriate action for suspicious activities like phishing emails. For example, a common cyber threat is when hackers pose as school officials asking for important information such as tax information or identification information.
Since many of the learning technologies on the market are new to students and staff, it’s especially critical to understand the implications of a security breach and the necessary steps to mitigate risks.
2.User Access Control
The principle of “least privilege” can also help avoid a cyber attack. This principle only allows users access to data and systems on a need-to-know basis and can mitigate data breaches that occur via unauthorized or unnecessary access. Hackers often try to infiltrate lower-level devices and accounts as a way to gain access to higher-value accounts and systems. Schools can take action by optimizing a list of what users have access to, which functions they have access to, and why. Ensuring that users have access to only what they need will limit attacks to smaller areas of the system and help protect the security ecosystem as a whole.
An often overlooked but critical cybersecurity protocol is having a robust password management policy. These policies must also be in accordance with provincial and territorial legislation, which set guidelines and rules that govern how students and faculty use their devices and online learning technologies. Password management policies that encourage strong passwords and multi-factor authentication are essential to prevent password sharing and unrestricted access.
Third-party technology vendors have become an integral component of distance learning, but they are also a vulnerability. Educational institutions need to ensure that they are properly managing their technology vendors so their students’ safety is prioritized above all else. Undergoing a thorough vetting process to evaluate third-party technology, as well as vendors’ terms and conditions, will help identify any security gaps that can create greater issues down the road.
The ascendance of distance learning during the pandemic has given educators, students, and parents new insights into both the opportunities and challenges of not being in a physical classroom. One of the most critical is the importance of creating safe and secure virtual environments to ensure that students are safe. Despite the benefits that education technology provides, without proper training or technical safeguards in place, schools and students are left vulnerable to the dangers of external threats. By enhancing awareness of cyber threats and implementing a strong security strategy, educators and parents can start creating safer learning environments for students to thrive.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, subscribe to our email, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Prioritizing Security in a Remote Learning Environment appeared first on McAfee Blogs.
After much anticipation, you finally get a notification that you’re eligible to receive your COVID-19 vaccine. Upon getting your first dose, you may be eager to celebrate by sharing a picture of your vaccination card on social media. After all, many of your peers have been doing the same. However, these posts could actually put your online privacy and personal information at risk. While you want to share the good news, experts warn that scammers could potentially exploit the information on your card.
With more people becoming eligible to receive the COVID-19 vaccine, there has been a surge in social media posts featuring peoples’ vaccine cards. However, the Better Business Bureau stated that posting photos of your card can give criminals the data they need to create and sell fake vaccination cards. Not only do vaccine cards remind you of when your next appointment is, but they also contain important personal information such as your name, date of birth, and when and where you were vaccinated.
Currently, these cards are the only proof that people have that they’ve been vaccinated. While there is still uncertainty around the next phase of the pandemic and when life will return to “normal,” it’s possible these cards could be what gets you into a restaurant or on an airplane. If you post your vaccination card on social media, scammers could potentially forge your card and use it as their own pass into public places or use it to receive a second dose. Publicly posting medical information could also void your HIPAA protections. Furthermore, cybercriminals could significantly profit from your personal information since health care records sell for more than Social Security and credit card numbers on the dark web.
Your digital wellness is just as important as your physical wellness, so protecting your online data is crucial. It’s a good rule of thumb not to post photos with your name and other identifiable information on the internet. Although it may be tempting to post your vaccination card on social media, consider these tips to help protect your online security:
Think about who you want to share the good news with and what social media platform would be best for this. Create private groups or carefully select which followers can see your posts. Then, verify that you’ve updated your privacy settings accordingly. This will prevent scammers from lurking on your posts and extracting your personal information.
Instead of posting a photo of your vaccine card, share a picture of yourself outside the vaccination center. If your vaccination center provides “I got vaccinated” stickers, you can post a picture of that as well.
Taking steps towards protecting your digital well-being is just as important as taking steps towards protecting your physical health. By following these steps, you can help ensure that your online security will not be jeopardized by celebrating your vaccination.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, subscribe to our email, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Protect Your Digital Wellness: Don’t Post Your Vaccination Card Online appeared first on McAfee Blogs.
In a poll conducted by the Canadian Medical Association, nearly half of Canadians have used telehealth services since the start of the pandemic. Additionally, in a recent McAfee study, we found that 21% of Canadians have used the internet for a doctor visit in 2020, and 28% said that such online visits will become a part of their routine moving forward Telehealth, or virtual care. This includes clinical services delivered remotely via electronic communications, such as videoconferencing, mobile apps and remote patient monitoring technology. Many of us have readily accepted these medical services out of necessity, as COVID have limited in-person hospital visits.
Hackers are taking advantage of the rise in virtual health services and exploiting their vulnerabilities to steal sensitive medical records. These vulnerabilities are the result of bigger issues stemming from obscure patient health information regulations and health care system budgetary constraints.
Understanding the risks associated with telehealth is the first step to securing your online safety during your virtual doctor’s visits.
At the onset of the pandemic, the number of reported Canadian cyberattacks jumped 50% from Q4 2019 to Q1 2020. Health care is one of the most targeted industries for cyberattacks. One attack even compromised the organization that manages Ontario’s medical records. Health care is such a highly targeted industry because it holds a wealth of information that fetches a high price on the dark web. Experts say medical records are more valuable than credit card details due to the amount of vital information stored in them, such as birth dates and patient ID numbers. Hackers can then hold this information for ransom or use it to steal your identity. Further, cybercriminals see health care institutions as easy targets. Canadian health care IT departments have insufficient budgets and are ill-prepared to handle the rising threats.
Canada also does not have federal guidelines governing virtual care and patient health information. Rather, health care providers and virtual care platforms are limited to the broad guidelines outlined by the Personal Information Protection and Electronic Documents Act (PIPEDA). As these are not digital security specific purpose defined guidelines and requirements, it makes it more difficult for health care providers and telehealth companies to protect patient data.
Telehealth makes care accessible to everyone; unfortunately, if you’re not careful, telehealth also opens the door for hackers. Hackers can infiltrate the technology used for online doctor’s appointments, because video conferencing technologies have several security flaws. From there, hackers can disrupt calls, eavesdrop and steal your private health information.
The advent of telehealth services has also prompted an increase in emails. Since patients may be expecting emails from their doctor, they may let their guard down and fall victim to phishers posing as a health care organization.
Prepare for your next virtual doctor’s appointment with these best practices to secure your virtual safety.
Before heading into your next telehealth appointment, ask your health care provider the right questions to online understand what risks you may face. Ascertaining this information will help you understand what actions you need to take to mitigate the risk on your end, like staying alert for eavesdroppers or finding alternative ways to confirm personal information. Here are some questions you can ask:
Phishing is a common tactic hackers use to access private health information and trick users into downloading malware. Beware of seemingly official emails under the guise of your health care provider asking for payment information or prompting you to take immediate action. If the email logo doesn’t look right, the message is poorly written, or the URL displayed doesn’t match the one that’s linked, then it’s likely a phishing scam.
Contact your health care provider before verifying sensitive information online, such as payment details or document transfer methods, to avoid falling victim to phishing. We recommend logging into your healthcare provider’s official website or app to confirm pertinent healthcare information as well. If you accidentally reply to a phishing email, perform a full malware scan on your device to ensure your private information remains secure.
It’s important to keep telehealth applications up to date to benefit from the latest bug fixes and security patches. This includes apps belonging to your IoT devices, such as glucose monitors, blood pressure monitors or other network-enabled diagnostic devices. These devices represent more entry points that hackers can infiltrate, making it especially critical to keep them up to date and close any security loopholes.
Get creative with your telehealth portal password, or better yet, use a security solution that includes a password management system. McAfee Total Protection includes a robust password management system that creates and saves strong passwords across all your accounts in one centralized location.
Ensure you’re using a telehealth platform that leverages multi-factor authentication, so even if a hacker were to acquire your password, there’s an added layer of security they won’t be able to bypass.
It’s always best to use a virtual private network (VPN) when conducting activities online, and medical visits are no exception. Using a VPN like McAfee Safe Connect VPN will ensure your data is encrypted and your private health information stays between you and your doctors. A VPN is especially important if you’re connecting from a network other than your password-protected home Wi-Fi.
Medical services are just one of many activities that have turned virtual due to the pandemic. Keep in mind these new virtual outlets come with elevated risks. Hackers are taking advantage of software vulnerabilities and taking victims unaware through social engineering tactics to steal sensitive personal information. Remember to secure your online health by taking a proactive stance against malicious threats so you can focus on your physical health during your telehealth visits.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, subscribe to our email, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Check up on Your Virtual Safety: Tips for Telehealth Protection appeared first on McAfee Blogs.
Imagine you’re driving down a highway to get to work. There are other cars on the road, but by and large everyone is moving smoothly at a crisp, legal speed limit. Then, as you approach an entry ramp, more cars join. And then more, and more, and more until all of the sudden traffic has slowed to a crawl. This illustrates a DDoS attack.
DDoS stands for Distributed Denial of Service, and it’s a method where cybercriminals flood a network with so much malicious traffic that it cannot operate or communicate as it normally would. This causes the site’s normal traffic, also known as legitimate packets, to come to a halt. DDoS is a simple, effective and powerful technique that’s fueled by insecure devices and poor digital habits. Luckily, with a few easy tweaks to your everyday habits, you can safeguard your personal devices against DDoS attacks.
The expansion of 5G, proliferation of IoT and smart devices, and shift of more industries moving their operations online have presented new opportunities for DDoS attacks. Cybercriminals are taking advantage, and 2020 saw two of the largest DDoS offensives ever recorded. In 2020, ambitious attacks were launched on Amazon and Google. There is no target too big for cybercriminals.
DDoS attacks are one of the more troubling areas in cybersecurity, because they’re incredibly difficult to prevent and mitigate.. Preventing these attacks is particularly difficult because malicious traffic isn’t coming from a single source. There are an estimated 12.5 million devices that are vulnerable to being recruited by a DDoS attacker.
DDoS attacks are fairly simple to create. All it takes are two devices that coordinate to send fake traffic to a server or website. That’s it. Your laptop and your phone, for example, could be programmed to form their own DDoS network (sometimes referred to as a botnet, more below). However, even if two devices dedicate all of their processing power in an attack, it still isn’t enough to take down a website or server. Hundreds and thousands of coordinated devices are required to take down an entire service provider.
To amass a network of that size, cybercriminals create what’s known as a “botnet,” a network of compromised devices that coordinate to achieve a particular task. Botnets don’t always have to be used in a DDoS attack, nor does a DDoS have to have a botnet to work, but more often than not they go together like Bonnie and Clyde. Cybercriminals create botnets through fairly typical means: tricking people into downloading malicious files and spreading malware.
But malware isn’t the only means of recruiting devices. Because a good deal of companies and consumers practice poor password habits, malicious actors can scan the internet for connected devices with known factory credentials or easy-to-guess passwords (“password,” for example). Once logged in, cybercriminals can easily infect and recruit the device into their cyber army.
These recruited cyber armies can lie dormant until they’re given orders. This is where a specialized server called a command and control server (typically abbreviated as a “C2”) comes into play. When instructed, cybercriminals will order a C2 server to issue instructions to compromised devices. Those devices will then use a portion of their processing power to send fake traffic to a targeted server or website and, voila! That’s how a DDoS attack is launched.
DDoS attacks are usually successful because of their distributed nature, and the difficulty in discerning between legitimate users and fake traffic. They do not, however, constitute a breach. This is because DDoS attacks overwhelm a target to knock it offline — not to steal from it. Usually DDoS attacks will be deployed as a means of retaliation against a company or service, often for political reasons. Sometimes, however, cybercriminals will use DDoS attacks as a smokescreen for more serious compromises that may eventually lead to a full-blown breach.
DDoS attacks are only possible because devices can be easily compromised. Here are three ways you can prevent your devices from participating in a DDoS attack:
Now that you know what a DDoS attack is and how to protect against it, you’re better equipped to keep your personal devices and safe and secure.
Stay Updated
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, subscribe to our email, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post What Is a DDoS Attack and How to Stay Safe from Malicious Traffic Schemes appeared first on McAfee Blogs.
Advancements in cloud solutions and collaboration tools in recent years, coupled with the necessity of going remote due to the pandemic, have empowered today’s workforce to choose where they want to work. While the ability to work from anywhere—home, the library, coffee shops or even the beach– gives employees increased flexibility, the shift from the traditional office setting has exposed security and logistical concerns. Remote workers often access sensitive information from unsecured devices and networks, which can result in compromised data and failed privacy compliance. It’s essential for remote workers to practice online safety to minimize the cybersecurity risks to their organizations.
It’s undeniable that the freedom to work from anywhere is an employee perk that organizations must adapt to. Here’s a breakdown of some of the risks of working remotely and what companies can do keep their sensitive information secure, even when outside the safety of their four walls:
Office closures and working-from-home mandates due to COVID-19 permanently changed the way we look at workplace connectivity. A recent Fenwick poll among HR, privacy, and security professionals across industries noted that approximately 90% of employees now handle intellectual property, confidential, and personal information on their in-home Wi-Fi as opposed to in-office networks. Additionally, many are accessing this information on personal and mobile devices that often do not have the same protections as company-owned devices. The elevated number of unprotected devices connected to unsecured networks creates weak areas in a company’s infrastructure, making it harder to protect against hackers.
One technology your organization should be especially diligent about is video conferencing software. Hackers can infiltrate video conferencing software to eavesdrop on private discussions and steal vital information. Many disrupt video calls via brute force, where they scan a list of possible meeting IDs to try and connect to a meeting. Others seek more complex infiltration methods through vulnerabilities in the actual software. Up until recently, Agora’s video conferencing software exhibited these same vulnerabilities.
Hackers will usually try to gain access to these network vulnerabilities by targeting unsuspecting employees through phishing scams which can lead to even greater consequences if they manage to insert malware or hold your data for ransom. Without proper training on how to avoid these threats, many employees wouldn’t know how to handle the impact should they become the target.
Whether you’re connecting from home or from another remote location, it’s critical to practice the same level of care as you would in the office. Here are some quick and essential security safety habits every remote employee should practice.
Phishing is one of the most common methods hackers will deploy to target unsuspecting employees to access sensitive data. In fact, over 63% of Canadian IT executives in a recent poll indicated that ransomware and phishing were the top security concerns for their organizations. Here are some ways you can spot a phishing scam:
Ensure you understand your company’s policies and confidentiality agreements when it comes to sharing files, storing documents, and other online communications. Use company-approved cloud applications that follow strict security standards to avoid inadvertently exposing sensitive company information through unsecured means. This measure can also apply when using video conferencing software. Limit the amount of sensitive information shared via video conferencing platforms and through messaging features just in case uninvited hackers are eavesdropping.
We may have brought work home with us, but nonetheless, we must strive to maintain a work/life balance and set boundaries between our personal and work life. Setting these boundaries makes it easier to separate the technology we use in our life as well. Avoid sharing your company’s devices with family members who are not aware of the best security practices, especially children. Also, keep personal accounts separate from company accounts to prevent sharing information through personal channels.
Given the flexibility to truly work from anywhere, ensure you are connected to a secure network when not connected to your home’s password-protected Wi-Fi. When connecting to an unfamiliar network, always use a VPN to encrypt data and safely share files across the internet, preferably the one your company uses, or check with your IT resource. Take preemptive measures to mitigate exposure by installing antivirus software and firewall protection to scan files and systems and protect against harmful viruses regularly.
While the COVID pandemic has sparked a remote work movement that has changed the way we look at the conventional workplace—introducing greater flexibility and the opportunity to work from anywhere—remote work is well on its way to becoming a permanent fixture in the lives of many. However, the number of employees dispersed across cities and even countries have made it more difficult to secure endpoint devices such as laptops and mobile devices. Moreover, the risk posed by unsecured networks only increases the vulnerabilities of remote workplaces. As more workplaces embrace the benefits of a fully remote workforce, we will need to give more thought to how we can facilitate a secure workplace that is collaborative yet protected. By increasing awareness of potential cyber threats and enhancing security standards for devices and home networks, we can begin to create a safer and more efficient workplace.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, subscribe to our email, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post How to Stay Connected and Protected in a Remote Work Environment appeared first on McAfee Blogs.
Tax return preparation might be a little more complicated this year than usual for many Canadians with millions receiving Canada Emergency Response Benefit (CERB) payments and about 40% of the Canadian labor force turned to self-employment options to help them financially weather the pandemic storm.
Where there’s money and uncertainty, you’re likely to find scammers. After all, scammers tend to capitalize on uncertainty and use it as the entry point for their attacks. Whether it’s through a phishing email with a phony notice of reassessment, a text message threatening arrest, or a fake phone call from the Canada Revenue Agency (CRA), hackers often employ elements of fear in their attacks. McAfee’s 2021 Consumer Security Mindset study revealed that roughly 2 out of 3 Canadians (65%) plan to do their taxes online in 2021, with 12% of them doing so for the first time. With the increase in activities online, consumers are potentially exposed to more digital risks and threats, and knowing how these hackers tend to work doesn’t mean you have to live in fear. To help you identify and avoid potential threats, let’s take a look at some of the most common scams that hackers use during tax season.
Phone scams take one of two primary forms:
Some sophisticated scammers will weave stolen personal or financial data that they purchased on the dark web into their calls, such as bank or social insurance information. They intend to make their phony claims sound legitimate, hoping that an unsuspecting user will hand over their data or make a fraudulent payment.
So, what does a real call from the CRA entail? The CRA clearly outlines the reasons they’d be calling on their 2020 Tax Tips page and ways that you can follow up with the CRA to determine if a call is legitimate.
There are two instances where the CRA may contact you by email. One is during a telephone call or meeting with a legitimate CRA agent. The second is to send you a notification that you have a message or document for your review on a secure CRA site such as My Account, My Business Account, or Represent a Client. Anything else is likely a scam.
The one time where the CRA will send you an email containing links is if you have a call or meeting with an agent, as outlined above. Otherwise, you can be confident that an email with links is a scam.
This one is relatively straightforward: the CRA will never contact you via text, instant messaging, Facebook, WhatsApp, or any similar messaging service. If you receive such a message, delete it, and don’t click on any links embedded within it.
In many cases, hackers will aim to separate you from your money by demanding immediate payment in some form or other. They may request payment in pre-loaded debit cards, gift cards, e-transfer, or even bitcoin. Know that the CRA will never request payment in any of those forms.
When in doubt, ask yourself why this email or phone caller is demanding that you act immediately. Have you filed on time? Have you received written notice from the CRA already? Do you owe an installment payment? If the person contacting you leaves you unsure, you can confirm that the contact was legitimate by calling the CRA.
While recognizing the signs of tax-related fraud can help ease the burdens associated with these schemes, there are multiple steps you can take to prevent becoming a victim of tax scams in the first place. Follow these tips to stay on top of your tax return while securing your digital life:
Devices benefit from physical security. This is as simple as locking your smartphones, tablets, and computers with a PIN or password. Should one of those devices get lost or stolen, a lock provides a barrier for those who might try to access your personal and financial information on them.
Protecting your devices with comprehensive security software can help block the phishing emails and suspicious links that make up many of these tax attacks. Likewise, it can further protect you from ransomware attacks, another type of tax scam on the rise, where crooks hold your data hostage for a price. All in all, security software is always a smart move—tax time or any time.
Consider what’s on your old computer hard drive or stored away on your phone. Old devices tend to contain loads of precious personal and financial information. Look into the e-waste disposal options in your community that will recycle your old technology and do so securely.
While so many of our finances are handled electronically today (taxes included), we’d be remiss if we didn’t talk about physical security as well. Mail and porch theft still occur, which is one more way a thief can steal your personal and financial information to use in a scam. A locking mailbox is a purchase you may want to consider if you don’t have one already.
Recognizing the signs of tax-related fraud could allow you to take action and significantly suppress the repercussions. If you suspect you’ve fallen victim to fraud or believe that you’ve been tricked into giving away personal information as part of a scam, contact your local police service and make a report.
By staying proactive and vigilant, you’ll be in a better position to protect your identity and your data—and live your digital life with safety at the forefront.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, subscribe to our email, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Tax Season is Here: Avoid These Common Scams Targeting Canadians appeared first on McAfee Blogs.
Distance and hybrid learning environments are now the norm, and it remains to be seen if or when this will change. To adapt, many schools have adopted new software to support remote classroom management.
One such platform is Netop Vision Pro, a student monitoring system that helps teachers facilitate remote learning. The software allows teachers to perform tasks remotely on students’ computers, such as locking their devices, blocking web access, remotely controlling their desktops, running applications, and sharing documents. However, the McAfee Advanced Threat Research (ATR) team recently discovered multiple vulnerabilities with Netop Vision Pro that could be exploited by a hacker to gain full control over students’ computers.
Let’s dive into these vulnerabilities and unpack how you can help protect your students in the virtual classroom.
Just like a school science project, our researchers created a simulation to test their hypothesis regarding the potential software bugs. The McAfee ATR team set up the Netop software to mimic a virtual classroom with four devices on a local network. Three devices were appointed as students, and one was designated as the teacher. During the setup, the team noticed that there were different permission levels between student profiles and teacher profiles. They decided to see what would happen if they targeted a student profile, since this would likely be the avenue a hacker would take since they could cause more damage. With their experiment set up, it was time for our researchers to get inside the mind of a cybercriminal.
While observing the virtual classroom, the ATR team discovered that all network traffic — including sensitive information like Windows credentials — was unencrypted with no option to turn encryption on during configuration. They also noticed that a student connecting to a classroom would unknowingly begin sending screenshots to the teacher.
Furthermore, the ATR team noticed that teachers would send students a network packet (a small segment of internet data) prompting them to connect to the classroom. With this information, the team was able to disguise themselves as a teacher by modifying their code. From there, they explored how a hacker could take advantage of the compromised connection.
The McAfee ATR team turned their attention to Netop Vision Pro’s chat function, which allows teachers to send messages or files to a student’s computer, as well as delete files. Any files sent by a teacher are stored in a “work directory,” which the student can open from an instant message (IM) window. Based on the team’s discovery that a hacker could disguise themselves as a teacher, it became clear that hackers could also use this functionality to overwrite existing files or entice an unsuspecting student to click on a malicious file.
Of course, remote learning software is necessary right now to ensure that our children stay on top of their studies. However, it’s important that we educate ourselves on these platforms to help protect our students’ privacy. While the Netop Vision Pro student screen shares may seem like a viable option for holding students accountable in the virtual classroom, it could allow a hacker to spy on the contents of the students’ devices. While the functionality allows teachers to monitor their students in real-time, it also puts their privacy at risk.
If a hacker is able to impersonate a teacher with modified code, they could also send malicious files that contain malware or other phishing links to a student’s computer. Netop Vision Pro student profiles also broadcast their presence on the network every few seconds, allowing an attacker to scale their attacks to an entire school system.
Finally, if a hacker is able to gain full control over all target systems using the vulnerable software, they can equally bridge the gap from a virtual attack to the physical environment. The hacker could enable webcams and microphones on the target system, allowing them to physically observe your child and their surrounding environment.
Our researchers reported all vulnerabilities discovered to Netop and heard back from the company shortly after. In the latest software release 9.7.2, Netop has addressed many of the issues the McAfee ATR team discovered. Students can no longer overwrite system files, which could be used take control of the student machine. Additionally, Windows credentials are now encrypted when being sent over the network. Netop also told McAfee that they have plans to implement full network encryption in a future update, which will prevent an attacker from easily monitoring student’s screens and prevent them from being able to emulate a teacher.
While Netop works to remedy these issues internally, there are some critical steps parents can take to help protect and empower your children in the virtual classroom. Check out the following tips to bring you and your family peace of mind while using third-party education platforms:
If your student is required to use Netop Vision Pro or other third-party software while distance learning, have them use this technology on a device strictly used for educational purposes. If the software contains any bugs, this prevents other important accounts used for online banking, emails, remote work, etc. from becoming vulnerable to the software risks.
It’s important to keep in mind that Netop Vision Pro was never intended to be internet-facing or taken off a school network. Let’s look at this scenario through the eyes of a hacker: they will likely try to take advantage of these vulnerabilities by delivering a malicious payload (parts of cyberattacks that can cause harm) or phishing attempts. To protect your students from these threats, utilize a comprehensive security solution like McAfee® Total Protection, which helps defend your entire family from the latest threats and malware while providing safe web browsing.
Educators want to keep their students’ best interest and safety in mind, so talk to your child’s teacher or principal if you ever have concerns regarding the software they are using for distance learning. If your student is required to use Netop, ensure that the teacher or principal is aware of the vulnerabilities listed above so they can be sure to administer the necessary software updates to keep your child and their classmates safe.
A simple yet affective way to prevent hackers from spying on you and your family is to use a webcam cover for when class is not in session. Instruct your student to place a cover over their camera when they are not using it to bring you and your student greater peace of mind.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, subscribe to our email, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Keep Remote Classes Safe and in Session: What You Need to Know About Netop Vision Pro appeared first on McAfee Blogs.
Technological advancements continually emerge that make our lives easier. Right? As beneficial and convenient as emerging tech is, it can pose serious risks to our online safety and privacy—risks that you might find yourself ill-prepared to handle. In fact, according to our 2021 Consumer Security Mindset research, 45% of Canadian respondents don’t feel very confident about their ability to prevent a cyberattack and believe that they don’t have what they need to ward one off.
With many of us turning to online platforms for things we used to do in-person, activities like banking, shopping, taxes, and more, the need for broader online privacy protection has never been greater. As we continue to integrate technology into our everyday lives, we must learn to recognize the risks they pose and understand how to safeguard our online security.
Telehealth visits have opened the door for many to get the medical care they need when visiting the doctor or going to the hospital isn’t feasible. Digital health platforms have demonstrated many benefits for optimizing time and cost efficiencies for both patients and providers, but at what cost?
Despite efforts to address barriers to virtual healthcare adoption, Canada currently lacks a national framework for governing virtual care. As a result, many healthcare providers are left to act on their best judgements regarding patient data interoperability across provinces and providers. The lack of a pan-Canadian governance framework also makes it difficult for digital health platforms to operate with the assurance of certain security protocols, leaving many of us to wonder how to best protect our data in the face of an ambiguous virtual healthcare system. The risk is made all the more severe when factoring in sensitive biometric data from monitoring devices that can be used for malicious purposes when in the hands of cyber attackers. Those of us who take advantage of digital health devices must understand how to secure our data privacy and control its usage to mitigate further risks.
The first line of defense to ensure your data remains protected is to understand the security policies put in place by your healthcare provider and any third-party digital platforms that they leverage. Additionally, you’ll want to ensure that your healthcare provider uses a telehealth platform that integrates data encryption. Take matters into your own hands by enabling two-factor authentication and use strong passwords across all devices and accounts. Using a VPN and running anti-malware and anti-virus scans can also mitigate the risk of security threats during telehealth visits and while using integrated medical devices.
Student privacy is a top concern as households turn to remote learning. In a rush to optimize remote learning experiences in the face of a rapidly evolving digital landscape, many educators and remote learners may not realize the hazards that put student privacy at risk.
We’re almost a year into distance learning and schools have now adopted a range of technologies to optimize the digital classroom, including virtual learning platforms, holistic learning solutions, and even social media applications. However, many of these digital platforms are not designed for child usage, nor do they have privacy policies in place to ensure that the student data gathered is protected. Many learning platforms may even treat student data as consumer data, raising more red flags regarding student data privacy and compliance. Online learning has also garnered the attention of cybercriminals looking to exploit student data, resulting in online bullying, identity theft, and more.
For educators and parents alike, knowledge is the greatest asset to mitigating the risks of remote learning. IT teams and educators must understand the implications of the student data they collect, govern access to it, and control its usage to comply with child privacy regulations. Parents can take proper precautions by discussing the importance of privacy with their children. Keeping learning platforms up to date and monitoring their children to prevent them from downloading suspicious apps or straying to unknown websites are all ways to ensure safer remote learning environments.
Remote work has become commonplace nowadays as more companies permit their employees to work from home long-term and, for some, permanently. Given the abrupt shift to remote workplaces in the past year, companies have found themselves severely unprepared to handle the security and logistical concerns that accompany a distributed remote workforce.
In a recent Fenwick poll among HR, privacy, and security professionals across industries, approximately 90% of employees now handle intellectual property, confidential, and personal information in their homes. Endpoint security, or the protection of end-user devices such as our laptops and mobile devices, poses more of a concern as employees trade in office networks for their in-home Wi-Fi. If these devices and networks are unsecured or if the data is not encrypted, employees run the risk of exposing sensitive information to hackers. A lack of proper employee security training opens additional opportunities for online threats to take advantage of unsuspecting victims through common phishing scams.
Those of us working from home can help ensure the safety of our company’s confidential information by boosting our awareness of security threats and prevention measures via company-mandated security trainings. Additionally, we can promote a safer remote working environment by practicing basic digital hygiene like keeping all devices and software up to date, using a VPN and a strong password across devices.
With the limited availability of in-person exercise classes, many of us have turned to virtual fitness experiences to augment our personal health regimens. Some have even taken their fitness routines one step further to include and high-tech equipment like at-home spin bikes or other wearable devices to track and monitor progress.
Although these devices create a more engaging experience and connect users across the globe through online sharing, there are risks, too. Wearables and other devices embedded with sensors and software that collect and share data across an interconnected network are considered Internet of Things (IoT) technology. IoT devices don’t have the same stringent security protocols as laptops and mobile devices, making them more susceptible to cyberthreats.
To prevent cyber attackers from infiltrating IoT devices connected to your home network, start by securing your network router. Change the default name and password of your router so hackers can’t identify the make and model. Create an additional layer of security by enabling the highest level of encryption to secure your Wi-Fi network. We also suggest creating a guest network for your IoT devices so that even if someone does infiltrate your IoT device, they won’t be able to access other devices like laptops and mobile devices.
Some of the platforms I use the most allow me to keep track of and manage my finances. Whether it’s my mobile banking app or taking advantage of online tax filing, there is such a convenience in having the ability to pay bills, deposit checks, and more, all with the devices I use every day. But many of us may not realize just how much trust we put into these platforms to protect our online privacy, especially when we don’t have a clear picture of who exactly is on the other end of our online transactions.
While recognizing the signs of online banking and tax-related fraud helps ease the burdens associated with these schemes, there are multiple steps users can take to prevent becoming a victim of these scams in the first place. If you receive a call regarding your taxes, make sure the caller is a CRA employee before handing over money or personal information on the phone. You can also double-check your tax account status and make sure the CRA has your current address and email. This will also show whether you owe a balance if a hacker does try to trick you into paying up. By being mindful of how cybercriminals take advantage of the platforms we use out of convenience, we can better protect against threats to our personal privacy.
Digital devices are part of how we live our lives every day, whether we’re taking conference calls on our laptops, tracking the latest mile on our smartwatches, or banking on the go. Although our everyday digital devices make our lives that much more convenient, securing them makes our lives that much safer by minimizing online threats to ourselves and those around us. Safeguarding the digital platforms we use for work, school, fitness, you name it, is the first step to ensuring our private information remains just that—private.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, subscribe to our email, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Privacy in Practice: Securing Your Data in 2021 and Beyond appeared first on McAfee Blogs.
To live our digital lives to the fullest, we rely on a variety of technologies to support our online activities. And while some apps and devices are meant to make certain tasks more convenient or provide us with greater security, others simply offer a false sense of security and could potentially lead to online misfortune. One such platform is SuperVPN. While users may applaud themselves for using a VPN to protect their privacy, this Android app is unfortunately spilling their secrets without their knowledge.
Let’s unpack how SuperVPN works and its recent involvement in a data breach.
VPNs (virtual private networks) are intended to create a secure tunnel between your device and the internet, offering you privacy and freedom from IP-based tracking. It protects your identity and financial information by encrypting, or scrambling, the data that flows through the tunnel, and can mask your true location, making it appear as though you are connecting from somewhere else. VPN apps have become much more popular in recent years as our awareness around privacy and security has grown. But, such is the case with all apps, it’s important to do your research before you select one to install on your phone.
According to Forbes, critical security warnings around the app SuperVPN surfaced last year. They reported research stating that 105 million people might have had their credit card details stolen, and that hackers could intercept messages between the user and provider. As of last Friday, someone leaked three databases on a popular hacking forum that purportedly contained user credentials and device data stolen from three different Android VPN services: SuperVPN, considered one of the most dangerous VPNs on Google Play with 100 million installs, GeckoVPN (10 million installs), and ChatVPN (50,000 installs). This breach exposed the data of 21 million users, including names, email addresses, usernames, payment data, device information, and even location data logs — a major red flag for a VPN.
Although a free VPN might seem like an ideal solution at first, there are multiple consequences that could potentially put your online safety in jeopardy. Since free VPNs are not making money directly from their users, many make revenue indirectly, through advertising. This means that not only will you be bombarded with ads, but you’re also exposed to tracking and malware. In fact, one study of 283 free VPN providers found that 72% included trackers. Beyond the frustration of ads, slowness, and upgrade prompts is the fact that some free VPN tools include malware that can put your sensitive information at risk. The same study found that 38% of the free VPN applications in the Google Play Store were found to have malware and some even stole the data off of users’ devices, similar to SuperVPN.
If you choose a verified, paid VPN service, however, you’ll enjoy a plethora of benefits including unlimited bandwidth, speedy performance, protection across multiple devices, and much more. Aside from choosing a premium VPN service, following these tips will help you stay secure against SuperVPN and others like it and protect your daily online communications:
Delete SuperVPN from your device as soon as possible. There are at least six other apps like SuperVPN, with identical descriptions and logos from different creators on Google Play Store. Steer clear of downloading these apps altogether to avoid any cyber misfortune.
While some malicious apps do make it through the app store screening process, most attack downloads appear to stem from social media, fake ads, and other unofficial app sources. Before downloading an app to your device, do some quick research about the origin and developer.
Reviews and rankings are still a suitable method of determining whether an app is legitimate. However, watch out for assessments that reuse repetitive or straightforward phrases, as this could be a sign of a fraudulent review.
If you suspect that your data might have been compromised, place a fraud alert on your credit. This not only ensures that any new or recent requests undergo scrutiny, but also allows you to have extra copies of your credit report so you can check for suspicious activity.
A comprehensive security suite like McAfee Total Protection includes our McAfee® Safe Connect standalone VPN with auto-renewal and takes the worry out of connecting, so you can focus on what’s important to you.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, subscribe to our email, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Attention Android Users: This Free VPN App Leaked the Data of 21 Million Users appeared first on McAfee Blogs.
How our new identity & privacy app can help
By this point in the year you may have already broken some of your New Year’s resolutions, but here’s one to keep: better protecting your online privacy.
After all, we are likely to continue to spend more time online in 2021, whether it be for working, learning, or shopping. This makes taking some preventative steps to shield our identity information more important than ever.
That’s why McAfee has been working on a new identity and privacy app for safeguarding your personal information, and we’d love for you to try it if you’re in the U.S.
Here’s a little bit about our approach. We looked at some of the key areas where users’ private information can be vulnerable, and designed a tool that offers easy-to-use, proactive protection for Windows, Android, and iOS devices, with consistent, familiar experiences regardless of the platform.
We know, for instance, that users are vulnerable when using unsecured networks, like public Wi-Fi. This is where a cybercriminal can potentially capture your login credentials and other personal information as it flows over the network, from your laptop to your bank’s website, for example.
So, we made sure to include a Virtual Private Network (VPN) to keep your information protected from prying eyes. It does this easily, and even automatically, by detecting when you’re on a public network and prompting you to turn on your VPN. The VPN then scrambles, or encrypts, your data as it flows over the network. Unlike some VPNs that require advanced settings to shield your data, our app offers seamless security.
Another area of high risk that we want to address is data breaches. Whether one of your personal accounts is hacked–or worse–another website somehow gets ahold of your data and subsequently gets breached, your data may end up on the dark web. This is where cybercriminals buy and sell information.
To detect these dangerous leaks, we included dark web monitoring, which alerts you if your login credentials have been exposed. It can even provide you with a link to the site that uses those credentials when the information is available. This allows you to swiftly reset your passwords, mitigating the risk.
Given that we saw a spike in corporate data breaches in 2020, where 58% of victims had their personal data compromised, I believe this kind of always-on monitoring of your private information is key.
Most importantly, we wanted to make this personal protection app easy to use and available across all your compatible devices. So, whether you’re out with just your phone, or home working at your PC, you have access to your protection, and can even pick up where you left off on a different device.
I know that organizing my digital life gives me one less thing to worry about, and I hope it’s the same for you. Give the app a try, and please let us know what you think since we are always open to your feedback.
Here’s to a happy and secure year!
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, subscribe to our email, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Let’s Commit To Protect Our Privacy This Year appeared first on McAfee Blogs.
Elder scams cost seniors in the U.S. some $3 billion annually. And tax season adds a healthy sum to that appalling figure.
What makes seniors such a prime target for tax scams? The Federal Bureau of Investigation (FBI) states several factors. For one, elders are typically trusting and polite. Additionally, many own their own home, have some manner of savings, and enjoy the benefits of good credit—all of which make for an ideal victim profile.
Also according to the FBI, elders may be less able or willing to report being scammed because they may not know the exact way in which they were scammed, or they may feel a sense of shame over it, or even some combination of the two. Moreover, being scammed may instill fear that family members will lose confidence in their ability to look after their own affairs.
If there’s one thing that we can do for our elders, it’s help them raise their critical hackles so they can spot these scams and stop them in their tracks, particularly around tax time. With that, let’s see how crooks target elders, what those scams look and feel like, along with the things we can do to keep ourselves and our loved ones from getting stung.
The phone rings, and an assertive voice admonishes an elder for non-payment of taxes. The readout on the caller ID shows “Internal Revenue Service” or “IRS,” the person cites an IRS badge number, and the victim is told to pay now via a wire transfer or prepaid gift card. The caller even knows the last four digits of their Social Security Number (SSN). This is a scam.
The caller, and the claim of non-payment, are 100 percent bogus. Even with those last four digits of the SSN attempting to add credibility, it’s still bogus. (Chances are, those last four digits were compromised elsewhere and ended up in the hands of the thieves by way of the black market or dark web so that they could use them in scams just like these.)
Some IRS imposter scams take it a step further. Fraudsters will threaten victims with arrest, deportation, or other legal action, like a lien on funds or the suspension of a driver’s license. They’ll make repeated calls as well, sometimes with additional imposters posing as law enforcement as a means of intimidating elders into payment.
The IRS will never threaten you or someone you know in such a way.
In fact, the IRS will never call you to demand payment. Nor will the IRS ever ask you to wire funds or pay with a gift card or prepaid debit card. And if the IRS claims you do owe funds, you will be notified of your rights as a taxpayer and be given the opportunity to make an appeal. If there’s any question about making payments to the IRS, the IRS has specific guidelines as to how to make a payment properly and safely on their official website.
It’s also helpful to know what the IRS will do in the event you owe taxes. In fact, they have an entire page that spells out how to know it’s really the IRS calling or knocking at your door. It’s a quick read and a worthwhile one at that.
In all, the IRS will contact you by mail or in person. Should you get one of these calls, hang up. Then, report it. I’ll include a list of ways you can file a report at the end of the article.
Whether it’s a disembodied voice generated by a computer or a scripted message that’s been recorded by a person, robocalls provide scammers with another favorite avenue of attack. The approach is often quite like the phone scam outlined above, albeit less personalized because the attack is a canned robocall. However, robocalls allow crooks to cast a much larger net in the hopes of illegally wresting money away from victims. In effect, they can spam hundreds or thousands of people with one message in the hopes of landing a bite.
While perhaps not as personalized as other imposter scams, they can still create that innate sense of unease of being contacted by the IRS and harangue a victim into dialing a phony call center where they are further pressured into paying by wire or with a prepaid card, just like in other imposter scams. As above, your course of action here is to simply hang up and report it.
Here’s another popular attack. An elder gets an unsolicited email from what appears to be the IRS, yet isn’t. The phony email asks them to update or verify their personal or financial information for a payment or refund. The email may also contain an attachment which they are instructed to click and open. Again, all of these are scams.
Going back to what we talked about earlier, that’s not how the IRS will contact you. These are phishing attacks aimed at grifting prized personal and financial information that scammers can use to commit acts of theft or embezzlement. In the case of the attachment, it very well may contain malware that can do further harm to their device, finances, or personal information.
If you receive one of these emails, don’t open it. And certainly don’t open any attachments—which holds true for any unsolicited email you receive with an attachment.
Beyond simply knowing how to spot a possible attack, you can do several things to prevent one from happening in the first place.
First let’s start with some good, old-fashioned physical security. You may also want to look into purchasing a locking mailbox. Mail and porch theft are still prevalent, and it’s not uncommon for thieves to harvest personal and financial information by simply lifting it from your mailbox.
Another cornerstone of physical security is shredding paper correspondence that contains personal or financial information, such as bills, medical documents, bank statements and so forth. I suggest investing a few dollars on an actual paper shredder, which are typically inexpensive if you look for a home model. If you have sensitive paper documents in bulk, such as old tax records that you no longer need to save, consider calling upon a professional service that can drive up to your home and do that high volume of shredding for you.
Likewise, consider the physical security of your digital devices. Make sure you lock your smartphones, tablets, and computers with a PIN or password. Losing a device is a terrible strain enough, let alone knowing that the personal and financial information on them could end up in the hands of a crook. Also see if tracking is available on your device. That way, enabling device tracking can help you locate a lost or stolen item.
There are plenty of things you can do to protect yourself on the digital front too. Step one is installing comprehensive security software on your devices. This will safeguard you in several ways, such as email filters that will protect you from phishing attacks, features that will warn you of sketchy links and downloads, plus further protection for your identity and privacy—in addition to overall protection from viruses, malware, and other cyberattacks.
Additional features in comprehensive security software that can protect you from tax scams include:
And here’s one item that certainly bears mentioning: dispose of your old technology securely. What’s on that old hard drive of yours? That old computer may contain loads of precious personal and financial info on it. Look into the e-waste disposal options in your community. There are services that will dispose of and recycle old technology while doing it in a secure manner so the data and info on your device doesn’t see the light of day again.
As said earlier, don’t let a bad deed go unreported. The IRS offers the following avenues of communication to report scams.
In all, learning to recognize the scams that crooks aim at elders and putting some strong security measures in place can help prevent these crimes from happening to you or a loved one. Take a moment to act. It’s vital, because your personal information has a hefty price tag associated with it—both at tax time and any time.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, subscribe to our email, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post How to Spot, and Prevent, the Tax Scams That Target Elders appeared first on McAfee Blogs.
It’s tax time in the United States, and even if you’re pretty sure you did everything right, you’re worried. Did I file correctly? Did I claim the right deductions? Will I get audited? Unfortunately, tax season brings out scammers eager to take advantage of your anxiety.
First, know that you’re probably doing a good job with your taxes. Less than 2% of returns get audited and most discrepancies or adjustments can get handled easily if you address them promptly.
Still, wariness of the IRS and intricate tax laws makes for ripe pickings when it comes to hackers, who prey on people’s fear of audits and penalties. Common scams include fake emails, phone calls from crooks posing as IRS agents, and even robocalls that threaten jail time. With the information they get from you, hackers can take things a step further by stealing your identity and filing tax claims in your name.
As if we didn’t have enough to worry about at tax time.
The good news is that you have plenty of ways to protect yourself from hackers. Check out these tips to stay safe this tax season.
Straight from the authority itself, the IRS has published its top 12 tax season scams with new warnings brought on by the events of 2020.
For example, new to this year are scams associated with stimulus checks sent out by the government. The IRS says they have seen “… a tremendous increase in phishing schemes utilizing emails, letters, texts and links. These phishing schemes are using keywords such as “coronavirus,” “COVID-19” and “Stimulus” in various ways.”
This is very important: The IRS does not use email. If you get an email from someone saying they are the IRS and they want to talk with you about a problem, it is a scam.
Here’s what the IRS has to say:
The IRS will never initiate contact with taxpayers via email about a tax bill, refund, or Economic Impact Payments. Don’t click on links claiming to be from the IRS. Be wary of emails and websites − they may be nothing more than scams to steal personal information.
Social media attacks also made the IRS Dirty Dozen. In a social media attack, scammers harvest information from social media profiles. Hackers use the information to gain access to your online accounts in social media and beyond, like your bank account. Make it hard for them. Make your social media profiles private so that only friends and family can see them. Also consider so you can be safer from these kinds of crimes.
When a hacker poses as an IRS agent, they try to get personal information from you, like your social security number. They might demand payment, sometimes under the threat of penalties or even jail time. These strong-arm tactics are a dead giveaway that the email or phone call is fake.
What will the IRS do? Usually, the IRS will first mail a bill to any taxpayer who owes taxes. IRS collection employees might call on the phone or make an unannounced visit to your home or business. If they require a payment, the payment will always be to the U.S. Treasury. Read about other ways to know what the IRS won’t do when they contact you.
And remember: the IRS does not use email to contact you about tax problems.
A good defense is a good offense. File early. Protect yourself by filing your claim before they have a chance to file one as you. You don’t want to be one of those identity theft victims who finds out you’ve been scammed when you file your taxes only to get a notice in the mail saying your tax claim has already been filed.
Here’s other tool that can help you fight identity theft. And get this: it’s not only helpful, it’s free. Through the Federal Trade Commission, you are entitled to a free copy of your credit report from each of the three major credit reporting companies once every 12 months. In this report, you can find inaccuracies in your credit or evidence of all-out identity theft.
Keep in mind that you get one report from each of the reporting companies each year. That works out to three reports total in one year. Consider this: if you request one report from one credit reporting company every four months, you can spread you free credit report coverage across the whole year.
The idea is that, just like with your physical wellness, there are lots of steps you can take to protect your digital wellness. We’ve covered some of those steps in this blog. Consider one more: protect your digital life with a holistic security solution like McAfee Total Protection so you can enjoy life online knowing your precious data is protected. Tax time or otherwise, security software is always a smart move.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, subscribe to our email, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Who loves tax season besides accountants? Hackers appeared first on McAfee Blogs.
Tax season is always a high time for scams that put our money and information at risk. But this year securing your data may be more important than ever, due to a spike in unemployment fraud.
Millions of Americans have lost their jobs over the course of the pandemic, and states have seen a surge in unemployment applications, including fake claims using stolen information. In California, authorities report that between $10 billion and $30 billion was recently paid in fraudulent unemployment claims, while in New York authorities identified $5.5 billion in fake jobless claims since March of 2020.
ictims don’t even know that their information was used for a fraudulent claim until they receive an unemployment letter from their state, or a tax form from the IRS. Whether you’re concerned about your personal data, or just want to safely file your IRS return and hopefully get a tax refund, let’s take some steps to protect your private information for this tax season, and beyond.
The first thing to know is that there are a that we see evolving each year – according to the IRS, Criminal Investigation identified $2.3 billion in tax fraud schemes just last year. So, it’s always a good idea to take caution and be skeptical whenever you see something that seems too good to be true, like a free tax filing service you’ve never heard of before.
But recently, with so many people out of work, bad actors have decided to focus their attention on filing fraudulent jobless claims using stolen information from people who were actually employed.
If you’ve received a notice about unemployment benefits that you never applied for, contact your state unemployment agency and submit a claim. Then follow up with the Federal Trade Commission since they can help you by placing a fraud alert on your credit. This lets lenders know that you may be a victim of fraud, prompting them to take extra steps to verify your identity. The good news is that in the U.S. you only have to notify one of the three national credit bureaus and they will transmit your request to the other two.
My colleague Judy has shared some easy ways you can check your credit report and even freeze your credit in a blog post here. Starting 2021, you can also register for a six-digit Identity Protection PIN (IP PIN) with the IRS to add another layer of verification to protect yourself from tax-related identity theft.
Of course, tax season isn’t the only time your data can fall into the wrong hands. Keep your personal information safe by adopting these best practices and robust tools.
• Use comprehensive security software—For protection against the growing range of threats, choose holistic security software that goes beyond traditional antivirus products, by protecting your identity and privacy wherever and however you connect.
Stay Updated
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, subscribe to our email, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Don’t Let Tax Fraud Ruin Your IRS Refund appeared first on McAfee Blogs.
Only 57% of women in the U.S. are working or looking for work right now—the lowest rate since 1988.
That telling data point is just one of several that illustrate a stark contrast in these stark times: of the millions who’ve seen their employment affected by the pandemic, women have been hardest hit.
According to the U.S. Bureau of Labor Statistics (BLS), some 2.3 million women left the workforce between the start of the pandemic and January 2021. Meanwhile, the BLS statistic for the number of men who left the U.S. workforce in that same period was 1.8 million. With International Women’s Day here, it’s time we ask ourselves how we can stem this inordinately sized tide of hard-working and talented women from leaving the workforce.
A broader BLS statistic provides a further perspective: a total of 4,637,000 payroll jobs for women have been lost in total since the pandemic began in the U.S. alone. That ranges from executive roles, jobs in retail, and educators, to work in public service and more. Of those jobs lost, about one third of women aged 25-44 cited that childcare was the reason for that unemployment.
Combine that with the fact that globally women carry out at least two and a half times more unpaid household and care work than men, and a global gender pay gap of 23%, it’s easy to see why millions of women have simply dropped out of the workforce to manage children and home schooling—even in the instances where employment is available.
Not that this should surprise us. For example, just a few years before the pandemic, research showed that few Americans wanted to revert to the traditional roles of women at home and men in the workplace. However, when push came to shove, the Pew Research showed that women most often made compromises when needs at home conflicted with work. And now we’ve seen that sentiment come home to roost. On a massive scale.
Put plainly, when the pandemic pushed, women’s working lives predominantly went over the edge.
Within these facts and figures, I’d like to focus on the women who are working remotely while caring for their families, whether that’s their children, elders in their lives, or even a mix of both. What can we do, as employers, leaders, and co-workers in our businesses to better support them?
As early as June, Forbes reported that women were reducing their working hours at a rate four to five times greater than men, ostensibly to manage a household where everything from daycare, school, elder care, and work all take place under the same roof. The article went on to cite ripple-effect concerns in the wake of such reductions like the tendency to pursue less-demanding work, greater vulnerability to layoffs, and reduced likelihood for promotion. In fact, one study conducted in the U.S. last summer found that 34% of men with children at home say they’ve received a promotion while working remotely, while only 9% of women with children at home say the same.
In an interview with the BBC, Melinda Gates, the Co-Chair of the Bill and Melinda Gates Foundation, stated her views on the situation succinctly: “I hope Covid-19 forces us to confront how unsustainable the current arrangement is—and how much we all miss out on when women’s responsibilities at home limit their ability to contribute beyond it. The solutions lie with governments, employers, and families committed to doing things more equitably.” I agree. This is a problem for us to solve together.
As for the role of employers and leaders in the solution, some thinking presented in The Harvard Business Review caught my eye. The article, “3 Ways Companies Can Retain Working Moms Right Now” focuses on what employers can do to better support the women in their workforce. The three ingredients the authors propose are:
If we think about the stressors we all face, this simple recipe actually reveals some depth. It takes knowing, and engaging with, employees perhaps more greatly than before. One sentence in the conclusion struck me in particular:
“It is no longer an option for managers to pretend that their employees do not have lives outside of their jobs, as these evaporated boundaries between home and work are not going away anytime soon.”
I see this every practically every day when I meet with my team. I’m sure you’ve seen it as well. With our laptop cameras on for sometimes hours a day, we’ve all caught glimpses into our coworker’s lives outside the office, seen that 7am meeting rescheduled for 8am to accommodate a busy breakfast rush with the family, or even kiddos pop into the frame during a call to say “hi.” What we may not see is just how much of a struggle that could be for some in the long haul.
Enter again those notions of providing certainty and clarity, rightsizing job expectations, and showing empathy. While not the end-all-be-all answers, they provide a starting point. As employers and leaders, if we can minimize the x-factors, adapt the workloads, and show compassion as we navigate the road to recovery, we can retain employees—and at least mitigate some of the stressors that are pushing women out of their jobs and careers during this pandemic. Exceptional employers and leaders have always done this. And now, in exceptional times, I believe it must become the norm.
Likewise, for co-workers, it’s absolutely okay to check in with people on your team, your vendors, your clients, and other people in your network and simply ask how they’re doing. I’ve had many meetings where we informally go around the horn and talk about what’s going on outside of work. The shared experience of working remotely has a way of creating new norms, and perhaps starting a meeting with an informal check-in way on occasion is one of them.
This is an opportunity to listen, simply so someone can feel better by being heard, and so that we can pinpoint places where we can come in and offer some support.
Some challenges women are facing are beyond our capacity to help firsthand, yet we can identify them when we see them. If you or someone you know is struggling, here are a few resources in the U.S. that can help:
The Office on Women’s Health, part of the U.S. Department of Health & Human services, offers a wealth of resources on its website, along with a help line that can provide further resources as well.
The National Institute of Mental Health has an extended list of articles, resources, and links to services that can provide immediate help for people who are struggling to cope or who are in crisis.
A Better Balance is a nonprofit legal advocacy group that “uses the power of the law to advance justice for workers, so they can care for themselves and their loved ones without jeopardizing their economic security.” They offer a confidential help line that can provide people with information about their workplace rights.
The National Women’s Law Center offers complementary legal consultations and with questions about accessing paid sick leave and paid leave to care for a child whose school or childcare provider is closed because of COVID-19.
As women leave the workforce worldwide, we’ve seen organizations lose precious talent, and we’ve seen women sacrifice their livelihoods and career paths. As such, the pandemic has exacted hard and human costs, ones that have fallen on women in outsized ways.
A problem of this scope is one for us to solve collectively. Apart from the bigger, broader solutions that may be forthcoming, as the employers and co-workers of women, there’s something we can do right now: reach out, listen, and act. These days call for more empathy and adaptation than ever before, particularly for the hard-working women who are doing it all—and then some.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, subscribe to our email, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Supporting the Women Most Affected by the Pandemic appeared first on McAfee Blogs.
We’ve all come to a realization that we don’t go anywhere without our phone. It’s a utility that helps us navigate our daily lives: directions, schedules, shopping, discounts, banking, and so on. And as our reliance on our smartphone continues to grow, it’s no wonder that hackers have taken notice. This time, it’s another case of an app gone rogue.
With over 10 million downloads, the Barcode Scanner app provided users with a basic QR code reader and barcode generator, useful for things like making purchases and redeeming discounts. Then, most likely in a recent update, the app began to deliver ad-producing malware onto users’ phones – with the malware being traced back to the Android Barcode Scanner app. While Barcode Scanner was previously benign, it is believed that a hacker injected malicious code into the app before the latest update, pushing malware onto Android devices. Once installed, the malware hijacks your default web browsers and redirects you to random advertisements.
In a typical case of malvertising, or malicious advertising, fraudsters submit infected graphic or text ads to legitimate advertisement networks, which often can’t distinguish harmful ads from trustworthy ones. Under the guise of everyday pop-ups, these malicious ads push fake browser updates, free utilities, or antivirus programs in the hope that unsuspecting users will click. Depending on what kind of programs the malicious ads succeed in downloading, hackers might steal your data, encrypt or delete your information, or hijack your computer functions – as is the case with the Barcode Scanner’s malware.
While Google has taken down the Barcode Scanner from its store, it has not been deleted from infected devices. So, if you have the app on your phone, it’s time to uninstall it from your device manually…ASAP.
We all need to reflect on the state of our digital health, especially as hackers continue to target us through the device we use most – our phones. To help protect your data, family, and friends, check out these security tactics to keep sneaky mobile threats out:
While some malicious apps do make it through the app store screening process, most attack downloads appear to stem from social media, fake ads, and other unofficial app sources. Before downloading an app to your device, do some quick research about the origin and developer.
Reviews and rankings are still a suitable method of determining whether an app is legitimate. However, watch out for assessments that reuse repetitive or straightforward phrases, as this could be a sign of a fraudulent review.
Developers are actively working to identify and address security issues. Frequently update your operating systems and apps so that they have the latest fixes and security protections.
Holistic security solutions across all devices continues to be a strong defensive measure to protect your data and privacy from online threats like malware.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, subscribe to our email, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Millions Affected by Malware Attributed to Android Barcode-Scanning App appeared first on McAfee Blogs.
Whether they’re attending regular work meetings or catching up with extended family across the globe, many people leverage video conferencing to better connect with others – a process that will likely continue as our world only becomes more digital. But as the rapid adoption of video conferencing tools and apps occurs, potential threats to online safety emerge.
Agora is one of these tools for connection. The company’s video conferencing software is included in apps like MeetMe, Skout, Nimo TV, temi, Dr. First Backline, and Talkspace, across more than 1.7 billion devices globally. According to McAfee Advanced Threat Research (ATR), Agora’s video software development kit (SDK) until recently included a vulnerability that could have allowed an attacker to spy on ongoing video and audio calls.
In accordance with McAfee’s safe vulnerability disclosure policy, ATR provided Agora with details of its thorough research into the issue so that the software developer could take action to address it with a software update.
But let’s take a look at what a vulnerability like this could mean for users.
So, how exactly could this vulnerability allow others to spy on private calls?
The McAfee ATR team discovered that the Agora vulnerability stemmed from an error of incomplete encryption – the process of converting information or data into seemingly random output to prevent unauthorized access. Agora’s SDK implementation did not allow applications to securely configure the setup of video/audio encryption, thereby leaving a potential for hackers to snoop on them.
Therefore, if exploited, this particular vulnerability could’ve allowed a criminal to launch man-in-the-middle attacks, which occur when a hacker secretly intercepts and possibly alters the communications between two unsuspecting users. Aka, they could spy on users’ private video calls.
The vulnerability discovery and mitigation cooperation between McAfee and Agora illustrates why it’s so important for threat researchers to work closely and constructively with app developers to make our digital lives as safe as possible.
As a consumer, however, it’s important to realize what exactly you’re getting into when downloading applications for video conferencing and other tools that help you stay connected.
While the security community encourages developers to write software code with security in mind, software apps tend to struggle with bugs and vulnerabilities in their early days. Consumers should by all means download and enjoy the hottest new apps, but they should also take steps to protect themselves from any undiscovered issues that might threaten them.
Here are a few tips that can help ensure your safety while connecting with others online:
It’s easy to click “Install later” when software updates pop up on your screen. However, these updates often come with security patches for vulnerabilities like the ones mentioned above. To ensure that your software and apps have the latest security fixes, update them immediately or select the option update automatically if available.
Until a patch is created, you should operate under the assumption that a hacker could compromise your video calls. Avoid using vulnerable apps until developers make a software security update available to help protect your calls from being infiltrated.
In order to protect yourself and your loved ones from potential risks, make sure you have a holistic security solution in place, such as McAfee Total Protection, which can help block risky downloads with McAfee WebAdvisor, protect you from malicious mobile apps, and help update Windows and your apps all in one place with Vulnerability Scanner.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Hang Up on Hackers: Protect Yourself from Mobile App Video Conferencing Vulnerabilities appeared first on McAfee Blogs.
In November last year, we lost our much-loved family dog. We were all so devasted. Harley was a very handsome black and white Cavoodle who died from a paralysis tick bite after giving us 12 years of love. After lots of tears and weeks of sadness, we have decided it’s time to start our search for another fur baby.
But it seems we are not the only ones in the market for a new puppy. Thanks to COVID and our new very home focussed lives, puppies have been in hot demand since early 2020 and they still are. What better way to deal with lockdown loneliness and a home-based existence than a brand-new ball of fluff!
Over the last few weeks, I’ve spoken to multiple breeders from all around Australia who have over 50 families waiting for a puppy! A Portuguese Water Dog breeder told me yesterday that it would be 2023 before she could offer me a puppy!! So,
And this trend hasn’t gone unnoticed by cybercriminals with the Australian Competition and Consumer Commission (ACCC) reporting a four-fold increase in puppy scams in 2020!! In fact, a whopping $1.6 million was scammed from unsuspecting Aussies simply looking for a ball of fur to love between January and October 2020.
So, how do you avoid being caught up in a puppy scam and losing money? Here’s what I’m doing to ensure we don’t get swindled while we search for our new puppy:
Cybercriminals rely on us being in a rush and not doing our homework. A quick google search for popular dog breeds such as Cavoodles, Labradors or Dachshunds will yield pages of results, not all of them legit!
Scammers are very talented at making their sites look genuine. They will copy photos of puppies and breeders from legitimate sites and will even use certificates and identification numbers from these legitimate breeders too. Quite often the only detail that differs is the contact telephone number and email address.
Facebook and Instagram ads are also created using these details too making it very hard to identify what is legitimate and what isn’t.
Doing your due diligence is the best way to prevent becoming a victim of a puppy scam. Even if the person on the end of the phone sounds delightful and the pictures are gorgeous, you owe it to yourself – and your bank account – to ensure you are dealing with a legitimate breeder. Here’s what I recommend you do:
If you are not able to pick up your pet in person, requesting photos and even a video call with the breeder and your potential puppy is essential.
Ask the breeder for multiple photos of the pet with specific items – this help you ascertain that the pet is real and not photoshopped. A recent newspaper is a great item to suggest.
However, a video call is probably the best way of giving you total piece of mind. Yes, it maybe crazy and noisy but there’s nothing like seeing something with your own eyes to satisfy yourself that it is real and not photoshopped!
We all have a 6th sense and now is the time to use it:
I can’t imagine our family without pets. They play such an important, cohesive role and we take such joy in sharing photos of our crazy cats and their weird antics on our family group chat.
Next week, we are going to pickup our new puppy. After much debate about breeds, we have chosen a tri coloured beaglier – male of course! The breeder sounds delightful over the phone and the pictures are gorgeous. But just to ensure total piece of mind, I am driving nearly 7 hours to pick up our new fur baby in person. I’ll be sure to share some photos!
Happy pet shopping!
Alex xx
The post Here’s What I’m Doing to Avoid Being Caught Up in A Puppy Scam appeared first on McAfee Blogs.
Valentine’s Day is nearly upon us – and as couples and singletons alike gear up for a day that’s traditionally all about sharing, when it comes to our digital identities, might we be sharing too much, and how can we protect ourselves? With data showing that past, present and possibly even future lovers are willing to secretly snoop on your online information to find out all about you, it’s safe to say that ill-intentioned online criminals can too.
Living in a digital world has made it far easier to share more than just our hearts with the people we care about – but this can leave us more vulnerable to over sharing, and therefore to fraudsters. Online fraudsters have been known to use Valentine’s Day as an opportunity to take advantage of online dating sites and social media to scam those looking for love. And with many feeling isolated and shut off from friends and family at the moment, online dating can be a way to make connections which are currently lacking – whether that be romantic relationships or friendships. However, this opens up the opportunity for online scammers to make the most of our desire to feel connection with others, and these criminals will know where to look to find out more about you.
Whether you love it or loathe it, Valentine’s Day is going to look a little different this year. If you’re looking for that special someone, the current lockdown, working from home and simply not going out as much as usual will have taken its toll on your social and dating life. It should come as no surprise that as a result of the pandemic, time spent online has surged, with people having either introduced or significantly increased their online activity, including online dating and social media use.
While many believe the risk lies in the dating apps themselves, the information you share across any online entity – known as your digital footprint – is where you need to pay attention, and dating apps can be a safe and enjoyable way to meet new people as long as you take the right precautions. And on a day that is very social media friendly – many can’t help but share photos and post about loved ones online on Valentine’s Day – make sure you are doing so safely. While a lot of people associate online crime with malware or phishing attacks, many aren’t aware of how vulnerable they are when sharing information on social media. If you are not careful potential love interests, and criminals alike, can find information about your family, your home, and your job – all leaving you vulnerable. So it’s worth checking your privacy settings before sharing that photo on Instagram.
The threat of having your personal identity stolen, having your dating profile hacked, or being catfished, are thankfully rare, but every year person can fall victim to these threats, so it’s no wonder that so many don’t feel secure when dating online. In the worst cases, those whose dating profiles are hacked might be extorted for money, and those encountering a catfish could end up handing over personal information which can be used against them.
Not oversharing is not an art – only share information on your profile if you feel comfortable in doing so. This is important from both a personal and security standpoint. If your information is compromised, it could lead to anywhere from identity theft to harassment, so when you use a dating app, keep the sharing to a minimum—and keep your eyes peeled for any suspicious activity across your social media, online accounts, and even your finances.
These things all sound frightening – and of course, they are! But it’s important to remember that they are thankfully rare, and you can still enjoy all the benefits that dating apps and social media have to offer if you take some simple steps. My top tips include:
So whether you’re single and looking for love, or loved up and ready to shout about it online, just remember to bear the above in mind to protect yourself from online scams.
The post Why it’s Best to Stick to Sharing Chocolates and Flowers this Valentine’s Day appeared first on McAfee Blogs.
With Safer Internet Day upon us, it’s time to have “The Talk.” The internet talk, that is.
What’s the internet talk? It’s a candid conversation about how safe we’re really being when we go online, as opposed to how safe we think we’re being. Indeed, there can be a sizable gap between the two, and our 2021 Consumer Security Mindset Report shows us just how significant it is:
I don’t know about you, but I was struck by the fact that only 50% of people are purchasing security software when they buy a new device. If that’s so, then it’s indeed time for the talk.
Whether we have the talk with our kids, our parents, or even have it with ourselves, this is a chance to make sure we’re protecting the things that matter when we go online—our families, our privacy, our finances, our data, and, of course, our stuff too—like our computers, tablets, smartphones, and other connected things too.
Plenty. However, let’s look at Safer Internet Day as a way to take some important first steps by asking a handful of questions that can lead to a much safer you online.
Given that security software statistic mentioned above, let’s start at square one. Holistic security solutions will provide you with strong antivirus protection and much more on top of that. It can steer you clear of malicious downloads and links, intercept phishing emails before they hit your inbox, and protect your privacy as well—just to name a few. Additionally, it can protect your smartphones and tablets too, whether you have an Android or iOS devices. Don’t forget to cover those things too, as chances are you do about half of your browsing on them.
If you’re using simple passwords or repeating the use of the same password with little or no variation, it’s time to make a change. Strong, unique passwords protect you in this age of data breaches and hacks, where passwords are stolen and then sold on the black market. If creating strong and unique passwords for each of your accounts sounds like a lot of work, consider using a password manager to create and securely store passwords for you.
A firewall acts as a digital barrier that blocks unauthorized access to your computers and devices, which is a must these days (and has been for some time now). It’s often included with comprehensive security software (one more reason why having comprehensive security software is far superior to having “just” antivirus).
A virtual private network (VPN) is software that creates a secure connection over the internet, so you can safely connect from anywhere. You may want to use it at home when you’re looking for extra protection while banking or handling finances. And you’ll most certainly want to use it when logged into public Wi-Fi at places like airports, hotels, and cafes because so-called “free Wi-Fi” is often unsecured, making it easier for hackers to access your device or the information you’re sending and receiving.
It may come as surprising, but hackers can piece together a great deal of information about you from social media and use it as the means for all manner of attacks. That includes identity theft, social engineering attacks where they impersonate you or someone you know, and even password theft. Avoid oversharing on social media by keeping details like addresses, school names, and other personally identifying information to yourself. Also, set you profiles to private so that only friends and family can see them.
When you’re shopping, banking, or passing along any sort of sensitive information, make sure the site address starts with “https” instead of “http.” The “s” stands for secure, and many browsers will represent that with a little padlock icon to indicate use of https, which uses encryption to scramble and help secure data from prying eyes.
Another form of protection from malicious sites is McAfee Web Advisor, which can help you steer you clear of adware, spyware, viruses, phishing scams, and sketchy downloads.
Updates do more than keep your apps and software current with the latest features, they often include security improvements as well. When and where possible, set your devices and software to update automatically. And when prompted to update, say yes. The few moments you spend here can prevent major headaches down the road should your app or software open an avenue to an attack.
Now that’s the $50,000 question. And I say that only half-jokingly. Where would you be without your photos, files, tax records, finances, projects, and so on? The answer is probably “a world of hurt.” Losing it could set you back personally and financially. Back up your data. I suggest doing so with a combination of a reputable cloud storage service and a local physical device like an external hard drive that you store in a safe location.
Another option for particularly sensitive data and files is use encrypted storage. For example, our File Lock feature allows you to create password-protected encrypted drives on your PC that only appear when you’ve unlocked them, perfect for storing sensitive files like tax returns and financial documents.
Sometimes asking the right question can set things in motion, and I hope that’s what this little talk does by helping you identify and patch up any gaps you find in your security. Go ahead and set aside some time to have “The Talk.” You and anyone you have it with will be safer for it.
To stay updated on all things McAfee and for more resources on staying secure from home, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Lets Have “The Talk” About the Internet: 7 Conversation-Starters for Staying Safer Online appeared first on McAfee Blogs.
FreshRSS 