Written by James Schmidt
Editor’s Note: We often speak of online scams in our blogs, ones that cost victims hundreds if not thousands of dollars. This account puts a face on one of those scams—along with the personal, financial, and emotional pain that they can leave in their wake. This is the story of “Meredith,” whose aunt “Leslie” fell victim to an emerging form on online elder fraud. Our thanks to James for bringing it forward and to “Meredith’s” family for sharing it, all so others can prevent such scams from happening to them.
“Embarrassing. Simply embarrassing.” She shook her head. “It’s too raw. I can’t talk about it right now. I need time.”
Her aunt had been scammed. To the tune of $100,000 dollars. My colleague—we both work in the security industry—felt a peculiar sense of loss.
“I work in this industry. I thought I’d done everything right. I’ve passed on enough warnings to my family and friends to ensure they’d avoid the fate of the scammed. Simply because I’m in this industry does not imply my circle is always aware of all the threats to them, even if I do my best to teach them.”
“My mental state, recently, borders on shame; this feeling, you know? How could someone working in my industry have something like this happen to a family member?”
I told her many people working in other industries cannot control what happens to people in their families even if people in that industry had knowledge that could have helped them or otherwise avoided a problem altogether.
“I know, but this simply should never have happened! My aunt is one of the smartest, most conscientious people I know, and she fell for this. It’s crazy and I can’t wrap my head around it.”
My colleague, let’s call her Meredith (not her real name as she’s a bit ashamed to know this happened to a family member), told me the beginnings.
Let’s call her aunt Leslie.
Her story unfolds, the overall picture a pastiche of millions of people in the United States today. Her aunt is retired, bored, lonely, and isolated. She feels adrift without something to occupy her time; she was looking for companionship, connections, someone (anyone) to talk to. Her feelings intensified during the pandemic. She morphed into perfect prey for scammers of what is now known as the “Pig Butchering Scam.”
The term “Pig Butchering” has a visceral and raw feel to it, which falls right in line with how brutal this scam can be. It’s a long con game, where the scammer befriends the victim and encourages them to make small investments through the scammer, which get bigger and bigger over time. The scammer builds trust early with what appear to be small investment wins. None of it is legit. The money goes right into the scammer’s pocket, even as the scammer shows the victim phony financial statements and dashboards to show off the bogus returns. Confidence grows. The scammer wrings even larger sums out of the victim. And then disappears.
It was a targeted attack that started innocuously enough with a “fake wrong number”. An SMS arrives. A text conversation starts. The scammer then apologizes but tells Leslie someone gave them the number to initiate the text.
The scammer then uses emotional and psychological techniques to keep Leslie hooked. “How are you, are you having a nice day?” Leslie, being bored and interested, engages willingly.
The scammer asks to talk directly, not via text: and a phone conversation ensues. The scammer proceeds to describe—in very soothing detail—what they are doing, helping people, like Leslie, invest their “hard-earned money” into something that will make them more money, to help them out in retirement.
Of course, it is too good to be true.
“The craziest part of all of this is my aunt refuses—to this day—to believe she’s been scammed!”
She still thinks this scammer is a “friend” even though the entire family is up in arms over this, all of whom beg her aunt to “open her eyes.”
“My aunt still thinks she’d going to see that money again, or even make some money, which is crazy. The scammers are so good at emotional intelligence; really leveraging heartstrings and psychological makeup of the forlorn in society. My aunt finally agreed to stop sending more money to the scammers, but only after the entire family threatened to cut her off from the rest of the family. It took a lot to get her to stop trusting the scammers.”
Meredith feels this is doubly sad as the aunt in question is not someone they’d ever imagine would in this predicament. She was always the upright one, always the diligent and hardworking and the best with money. She is smart and savvy and we could never imagine her to be taken by these people and taken so easily. It boggles the mind.”
She did start to change in the last few years. And the pandemic created a weird situation. Retirement, loneliness from loss of a partner, and the added burden of the pandemic created a perfect storm for her to open herself up to someone willingly, simply for the sake of connection.
“No one deserves this. It has rocked my family to the core. It is not only about the money, but we’ve found family bonds stretched. She believes these random people, these scammers, more than she believes her own family. Have we been neglectful of our aunt? Does she no longer put her faith in people she knows, rather gives money to complete strangers?”
Being a security professional does not provide magical protection. We are more aware of scams and scammers, and how they work, and what to look for, and we try to do all we can to keep our family aware of scams out there in the big wide world, but we are human. We fall short.
Diligence is action. Awareness is action. Education is action.
We need to be better, all of us, at socializing risky things. We need to consistently educate our family and friends to protect themselves, not only via security software (which everyone should have as default) but by providing tips and tricks and warnings for things we all need to be on the lookout. This is not a one-time thing. The cliché holds true: “If you see something say something.” Repetition helps.
In today’s world, the need for protecting people’s security, identity, and privacy is critical to keeping them safe. Scammers long stopped focusing on attacking only your computer. Now focus more than ever on YOU: your identity, your privacy, your trust. If they get you there, they soon get your money.
As for contributing factors to scammers success with their victims, such as loneliness, isolation, and boredom, they all have remedies. Make connections with your loved ones, especially those easily tagged as vulnerable, those you feel might be at risk. Reach out. It may be hard sometimes due to distance and other factors but make it a point to connect. There is a reason these scammers are succeeding. They are stepping into roles of companions to people who are desperate for connection.
Most people are greatly saddened at seeing other people being “taken.” Let’s work together to help stop the scammers.
Look out for each other, and get your people protected!
Editor’s Closing Note:
If you or someone you know suspects elder fraud, the following resources can help:
For further reading on scams and scam prevention, check out the guides in our McAfee Safety Series, which provide in-depth advice on protecting your identity and privacy—and your family from scams. They’re ready to download and share.
The post A Scam in the Family—How a Close Relative Lost $100,000 to an Elder Scam appeared first on McAfee Blog.
Authored by Dennis Pang
Online protection software. Antivirus. The two words get used interchangeably often enough. But sure enough, they’re different. And yet directly related when you take a closer look.
The term “antivirus” has been with us for decades now, dating back to the first software that was designed to prevent computers from getting malware—malicious code, like viruses, that would lock up computers, scramble data, or otherwise damage computers and the data on them. Prime examples of these early types of malware include 1999’s “Melissa” virus spreads by infected email attachments and the even more devastating “ILOVEYOU” virus that incurred billions in damages worldwide.
There’s a good reason why people default to the word “antivirus” so easily. Viruses have been on our collective minds for some time. And computer purchases have often been accompanied by the question, “Do you have antivirus for your computer?” By and large, the notion of antivirus has become pretty much engrained.
Yet look ahead to today and you can see how dramatically things have changed since those early days. We still need antivirus, that’s for sure. But it takes far more than that to live life safely online right now. And that’s where online protection software comes in.
Online protection software protects you. It includes antivirus, yet it further protects your identity and privacy in addition to your devices.
The way we use our computers, tablets, and phones nowadays shows the reason why we need such broad protection. We conduct so much of our lives online. We bank, we shop, we plan our finance online. We also run portions of our homes with smart devices and smart speakers. Increasingly, we track our health and wellness with connected devices too—like workouts on our phone and biometrics with consumer-grade and even medical-grade devices.
All of this creates data. Data about who we are, what we’re doing, when we’re doing it, how often, and where. That’s precious information. Private information. Personal information. And understandably, that needs to be protected.
Put simply, today’s threats have evolved. While viruses and malware remain a problem, today’s bad actors are out for the bigger games. Like stealing personal and financial info for identity theft. Moreover, organizations large and small collect data from your devices and the things you do on them, personal data that many share and sell for profit. Some of this data collection gets quite exacting, compiled from a broad range of public sources that can include records like bankruptcies, real estate sales, and birth records—plus private sources that can further include your shopping habits, the people you chat with, and what your daily travels look like based on location information captured from your smartphone.
If you find yourself surprised by this, you’re not alone. Tremendous volumes of data collection activity occur without people’s knowledge or consent.
Now as to why anyone would want any of that kind of data about you, consider the multi-billion-dollar industry of online data brokers. They compile thousands of data points from millions of people and put these vats of data up for sale to anyone who’ll buy them. That could be advertisers, potential employers, private investigators, and background checkers. And it could be bad actors as well who could use your own data to spam, harass, impersonate, or otherwise harm you.
Once, so many of these intrusions on our privacy and identity were difficult to spot, let alone prevent. For example, your personal info gets caught up in a data breach and winds up posted for sale on the dark web. How are you to know that before it’s too late and thief racks up umpteen charges on your debit card? Also, with dozens and dozens of data brokers out there, how do you track down which ones have information posted about you and then request to have it taken down? And what if online identity theft happens to you and you’re faced with the time and dollar costs it involves to set things right?
So just as online threats have evolved, so has online protection software. We go about so much of our day online, and online protection like our own McAfee+ helps you do it more privately and more safely. It’s quite comprehensive, and the various plans for McAfee+ include:
For certain, protections like these remain a primary focus of ours, because they protect you. And that’s who thieves and bad actors are really after—you, your information, your accounts, and even your identity. Expect us to continue to roll out more protections that look after you in this way and more.
So, while antivirus and online protection software are different, they work together. Antivirus provides strong device security, which complements the additional privacy and identity features included with online protection. That reflects how times have changed. Once it was enough to protect our devices from viruses and malware. Now we have to protect ourselves as well. Antivirus alone won’t do it, but antivirus as part of online protection will.
The post The Big Difference Between Online Protection Software and Antivirus appeared first on McAfee Blog.
Ransomware. Even the name sounds scary.
When you get down to it, ransomware is one of the nastiest attacks a hacker can wage. They target some of our most important and precious things—our files, our photos, and the information stored on our devices. Think about suddenly losing access to all of them and being forced to pay a ransom to get access back. Worse yet, paying the ransom is no guarantee the hacker will return them.
That’s what a ransomware attack does. Broadly speaking, it’s a type of malware that infects a network or a device and then typically encrypts the files, data, and apps stored on it, digitally scrambling them so the proper owners can’t access them. Only a digital key can unlock them—one that the hacker holds.
Nasty for sure, yet you can take several steps that can greatly reduce the risk of it happening to you. Our recently published Ransomware Security Guide breaks them down for you, and in this blog we’ll look at a few reasons why ransomware protection is so vital.
The short answer is pretty bad—to the tune of billions of dollars stolen from victims each year. Ransomware targets people and their families just as explained above. Yet it also targets large organizations, governments, and even companies that run critical stretches of energy infrastructure and the food supply chain. Accordingly, the ransom amounts for these victims climb into millions of dollars.
A few recent cases of large-scale ransomware attacks include:
Who’s behind such attacks? Given the scope and scale of them, it’s often organized hacking groups. Put simply, these are big heists. It demands expertise to pull them off, not to mention further expertise to transfer large sums of cryptocurrency in ways that cover the hackers’ tracks.
As for ransomware attacks on people and their families, the individual dollar amounts of an attack are far lower, typically in the hundreds of dollars. Again, the culprits behind them may be large hacking groups that cast a wider net for individual victims, where hundreds of successful attacks at hundreds of dollars each quickly add up. One example: a hacker group that posed as a government agency and as a major retailer, which mailed out thousands of USB drives infected with malware.
Other ransomware hackers who target people and families are far less sophisticated. Small-time hackers and hacking groups can find the tools they need to conduct such attacks by shopping on the dark web, where ransomware is available for sale or for lease as a service (Ransomware as a Service, or RaaS). In effect, near-amateur hackers can grab a ready-to-deploy attack right off the shelf.
Taken together, hackers will level a ransomware attack at practically anyone or any organization—making it everyone’s concern.
Hackers have several ways of getting ransomware onto one of your devices. Like any other type of malware, it can infect your device via a phishing link or a bogus attachment. It can also end up there by downloading apps from questionable app stores, with a stolen or hacked password, or through an outdated device or network router with poor security measures in place. And as mentioned above, infected storage devices provide another avenue.
Social engineering attacks enter the mix as well, where the hacker poses as someone the victim knows and gets the victim to either download malware or provide the hacker access to an otherwise password-protected device, app, or network.
And yes, ransomware can end up on smartphones as well.
While not a prevalent as other types of malware attacks, smartphone ransomware can encrypt files, photos, and the like on a smartphone, just as it can on computers and networks. Yet other forms of mobile ransomware don’t have to encrypt data to make the phone unusable. The “Lockerpin” ransomware that has struck some Android devices in the past would change the PIN number that locked the phone. Other forms of mobile ransomware paste a window over the phone’s apps, making them unusable without decrypting the ransomware.
Part of avoiding ransomware involves reducing human error—keeping a watchful eye open for those spammy links, malicious downloads, bogus emails, and basically keeping your apps and devices up to date so that they have the latest security measures in place. The remainder relies on a good dose of prevention.
Our Ransomware Security Guide provides a checklist for both.
It gets into the details of what ransomware looks like and how it works, followed by the straightforward things you can do to prevent it, along with the steps to take if the unfortunate ends up happening to you or someone you know.
Ransomware is one of the nastiest attacks going because it targets our files, photos, and information, things we don’t know where we’d be without. Yet it’s good to know you can indeed lower your risk with a few relatively simple steps. Once you have them in place, chances are a good feeling will come over you, the one that comes with knowing you’ve protected what’s precious and important to you.
The post Your Guide to Ransomware—and Preventing It Too appeared first on McAfee Blog.
Whether you’re spending time on the web or working in the office, you want peace of mind knowing that you are in a safe environment. While most of us know to take precautions when online — protecting ourselves from things like phishing attacks and other cyber threats — we should also attend to our physical security.
One concern is tailgating — a social engineering attack where someone gets physical access to a business to take confidential information or do other harm.
Here are some ways to protect yourself from tailgating attacks, such as an unauthorized person following you into a restricted area while on the job.
Tailgating is a type of social engineering attack where an unauthorized person gains physical access to an off-limits location — perhaps a password-protected area — where they might steal sensitive information, damage property, compromise user credentials or even install malware on computers.
“Piggybacking” is closely related to tailgating, but it involves consent from the duped employee. So, while a worker might be unaware that someone has tailgated them into a restricted area with piggybacking, the hacker might convince a worker to provide access because they are posing as, say, a delivery driver.
Companies, particularly at risk of being targeted by tailgating scams, include those:
Generally speaking, companies with robust security systems in place — including using biometrics, badges, or other identity and information security measures — are better protected from tailgating and piggybacking attacks.
But that’s not to say that some smooth-talking fraudster can’t talk someone into letting them in or finding some way around those protections.
Common types of tailgating attacks that you should be aware of on the job include:
Protecting yourself from tailgating attacks is partly a matter of learning about the issue, raising your level of awareness on the job, and depending on your employer, putting in place more effective security systems.
Some solutions include:
Many companies know how to train employees to recognize, avoid, and cope with online security issues but may forget to provide the same diligence to physical security. How to spot and deal with threats should be part of this training, plus cultivating an awareness of surroundings and people who might be out of place.
Management should offer a clearly stated security policy taught to everyone, which might insist that no one be allowed into a secure area without the proper pass or identification. As the security policy is updated, all employees should be aware of changes and additions.
These security measures should be part of an overall protection program, like McAfee+, which includes antivirus software, a firewall, identity monitoring, password management, web protection, and more.
If you have a large business spread over several floors, it can be hard for employees to know who works there and who doesn’t, leaving them susceptible to tailgating and piggybacking attacks. Requiring smart badges and cards to access restricted areas can help cut back on unauthorized intrusions and provide better access control.
Building fully staffed reception areas with dedicated security personnel could also be part of a larger security system.
Biometric scanners are an even more advanced way to provide proper authentication for a worker’s identity. They scan a unique physical or audible feature of a person and compare it to a database for approved personnel.
Examples of biometric security include:
One reason people are vulnerable to physical and cyberattacks is that they lack education on social engineering and the kinds of threats it poses.
Workers need to understand the full range of social engineering techniques and know-how to protect themselves, whether in their social media accounts or physical work environment.
For their part, companies can use simulated phishing emails and tailgating attacks to raise awareness and underline how to follow protocols in dealing with them.
If there are many ways to enter a business, it may make sense to put video surveillance on all entrances. Advanced video surveillance systems can use artificial intelligence (AI) and video analytics to scan the faces of people entering and compare them to a database of employee features.
Whether at work or at home, people want to be secure from attacks by cybercriminals who seek to take personal information.
To add a layer of security to all their connected devices — including computers, smartphones, and tablets — an increasing number of people are turning to the comprehensive coverage of McAfee+
Features range from advanced monitoring of possible threats to your identity, automatic implementation of virtual private networks (VPNs) to deal with unsafe networks, and personal data clean-up, removing your information from high-risk data broker sites.
McAfee protection allows you to work and play online with greater peace of mind.
The post What Are Tailgating Attacks and How to Protect Yourself From Them appeared first on McAfee Blog.
Authored by Dennis Pang
What is antivirus? That’s a good question. What does it really protect? That’s an even better question.
Over the years, I’ve come to recognize that different people define antivirus differently. Some see it as way to keep hackers from crashing their computers. Others see it as a comprehensive set of protections. Neither definition is entirely on the money.
With this blog, I hope to give everyone a clear definition of what antivirus does well, along with what it doesn’t do at all. The fact is that antivirus is just one form of online protection. There are other forms of protection as well, and understanding antivirus’ role in your overall mix of online protection is an important part of staying safer online.
Antivirus software protects your devices against malware and viruses through a combination of prevention, detection, and removal.
For years, people have installed antivirus software on their computers. Today, it can also protect your smartphones and tablets as well. In fact, we recommend installing it on those devices as well because they’re connected, just like a computer—and any device that connects to the internet is a potential target for malware and viruses.
In short, if it’s connected, it must get protected.
One important distinction about antivirus is its name, a name that first came into use decades ago when viruses first appeared on the scene. (More on that in a bit.) However, antivirus protects you from more than viruses. It protects against malware too.
Malware is an umbrella term that covers all types of malicious software regardless of its design, intent, or how its delivered. Viruses are a subset of malicious software that infects devices and then replicates itself so that it can infect yet more devices.
So while we popularly refer to protection software as antivirus, it protects against far more than just viruses. It protects against malware overall.
Now here’s where some confusion may come in. Some antivirus apps are standalone. They offer malware protection and that’s it. Other antivirus apps are part of comprehensive online protection software, which can include several additional far-reaching features that can protect your privacy and your identity.
The reason why antivirus gets paired up with other apps for your privacy and identity is because antivirus alone doesn’t offer these kinds of protections. Yet when paired with things like a password manager, credit monitoring, identity theft coverage, and a VPN, to name a few, you can protect your devices—along with your privacy and identity. All the things you need to stay safer online.
In short, antivirus doesn’t cut it alone.
With that, let’s take a closer look at what malware and viruses really are—how they evolved, and what they look like today, along with how antivirus protects you against them.
Viruses have a long history. And depending on how you define what a virus is, the first one arguably took root in 1971—more than 50 years ago.
It was known as Creeper, and rather than being malicious in nature, it was designed to show how a self-replicating program could identify other connected devices on a network, transfer itself to them, and find yet more devices to repeat the process. Later, the same programmer who created a follow-on version of Creeper developed Reaper, a program that could remove the Creeper program. In a way, Reaper could be considered the first piece of antivirus software.
From there, it wasn’t until the 1980’s that malware started affecting the broader population, a time when computers became more commonplace in businesses and people’s homes.
At first, malware typically spread by infected floppy disks, much like the “Brain” virus in 1986. While recognized today as the first large-scale computer virus, its authors say they never intended it to work that way. Rather they say they created Brain as an anti-piracy measure to protect their proprietary software from theft. However, Brain got loose. It went beyond their software and affected computers worldwide. Although not malicious or destructive in nature, Brain most certainly put the industry, businesses, and consumers on notice.
Computer viruses became a thing.
Another piece of malware that got passed along via floppy disks was the “PC Cyborg” attack that targeted the medical research community in and around 1989. There the malware would lie in wait until the user rebooted their computer for the 90th time. And on that 90th boot, the user was presented with a digital ransom note like the one here:
Along with that note, PC Cyborg encrypted the computer’s files, which would only get unencrypted if the victim paid a fee—making PC Cyborg the first widely recognized form of ransomware.
Shortly thereafter, the internet started connecting computers, which opened millions of doors for hackers as people went online. Among the most noteworthy was 1999’s “Melissa” virus, which spread by way of infected email attachments and overloaded hundreds of corporate and governmental email servers worldwide.
It was quickly followed in 2000 by what’s considered the among the most damaging malware to date—ILOVEYOU, which also spread by way of an attachment, this one posing as a love letter. Specifically, it was a self-replicating worm that installed itself on the victim’s computer where it destroyed some information and stole other information, then spread to other computers. One estimate puts the global cost of ILOVEYOU at $10 billion and further speculated that it infected 10% of the world’s internet-connected computers at the time.
With the advent of the internet, malware quickly established itself as a sad fact of connected life. Today, McAfee registers an average of 1.1 million new malicious programs and potentially unwanted apps (PUA) each day, which contributes to the millions and millions of malicious programs already in existence.
Apart from the sheer volume of malware out there today, another thing that distinguishes today’s malware from early malware attacks—they’re created largely for profit.
We can think of it this way:
Today’s malware is far more than an annoyance or headache. It can lead to follow-on attacks that target your finances, your identity, your privacy, or a mix of all three.
So with a million or so new threats coming online each day, and millions more out there already, how does antivirus protect you from malware? It blocks, detects, and removes malware. And it does so in a couple of ways:
However, as mentioned earlier, antivirus provides only one aspect of online protection today. While it protects your devices and the data that’s on them, your privacy and identity can come under attack as well. So while antivirus alone can protect you from malware, it can’t prevent other forms of online crime like identity theft, phishing attacks designed to steal personal information, or attacks on your accounts, to name a few of the many other types of threats out there.
Yet comprehensive online protection can.
Comprehensive online protection software like ours offers antivirus, along with specific services and features that protect your privacy and identity online as well. It gives you dozens of other features like identity theft coverage & restoration, personal data cleanup, security freezes, and an online protection score that shows you just how safe you are, along with suggestions that can make you safer still.
So while protecting your devices with antivirus is a great start, it’s only one part of staying safer online. Including privacy and identity protection rounds out your protection overall.
The post What is Antivirus and What Does It Really Protect? appeared first on McAfee Blog.
Have you ever been browsing online and clicked a link or search result that took you to a site that triggers a “your connection is not private” or “your connection is not secure” error code? If you’re not too interested in that particular result, you may simply move on to another result option. But if you’re tempted to visit the site anyway, you should be sure you understand what the warning means, what the risks are, and how to bypass the error if you need to.
A “your connection is not private” error means that your browser cannot determine with certainty that a website has safe encryption protocols in place to protect your device and data. You can bump into this error on any device connected to the internet — computer, smartphone, or tablet.
So, what exactly is going on when you see the “this connection is not private” error?
For starters, it’s important to know that seeing the error is just a warning, and it does not mean any of your private information is compromised. A “your connection is not private” error means the website you were trying to visit does not have an up-to-date SSL (secure sockets layer) security certificate.
Website owners must maintain the licensing regularly to ensure the site encryption capabilities are up to date. If the website’s SSL certificate is outdated, it means the site owners have not kept their encryption licensing current, but it doesn’t necessarily mean they are up to no good. Even major websites like LinkedIn have had momentary lapses that would throw the error. LinkedIn mistakenly let their subdomain SSL certificates lapse.
In late 2021, a significant provider of SSL certificates, Let’s Encrypt, went out of business. When their root domain officially lapsed, it created issues for many domain names and SSL certificates owned by legitimate companies. The privacy error created problems for unwitting businesses, as many of their website visitors were rightfully concerned about site security.
While it does not always mean a website is unsafe to browse, it should not be ignored. A secure internet connection is critical to protecting yourself online. Many nefarious websites are dangerous to visit, and this SSL certificate error will protect you from walking into them unaware.
SSL certification standards have helped make the web a safer place to transact. It helps ensure online activities like paying bills online, ordering products, connecting to online banking, or keeping your private email accounts safe and secure. Online security continues to improve with a new Transport Layer Security (TLS) standard, which promises to be the successor protocol to SSL.
So be careful whenever visiting sites that trigger the “connection is not private” error, as those sites can potentially make your personal data less secure and make your devices vulnerable to viruses and malware.
Note: The “your connection is not private” error is Google Chrome‘s phrasing. Microsoft Edge or Mozilla Firefox users will instead see a “your connection is not secure” error as the warning message.
If you feel confident that a website or page is safe, despite the warning from your web browser, there are a few things you can do to troubleshoot the error.
Remember, you are taking your chances anytime you ignore an error. As we mentioned, you could leave yourself vulnerable to hackers after your passwords, personal information, and other risks.
Your data and private information are valuable to hackers, so they will continue to find new ways to try and procure it. Here are some ways to protect yourself and your data when browsing online.
As we continue to do more critical business online, we must also do our best to address the risks of the internet’s many conveniences.
A comprehensive cybersecurity tool like McAfee+ Ultimate can help protect you from online scams, identity theft, and phishing attempts, and ensure you always have a secure connection. McAfee helps keep your sensitive information out of the hands of hackers and can help you keep your digital data footprints lighter with personal data cleanup.
With McAfee’s experts on your side, you can enjoy everything the web offers with the confidence of total protection.
The post “This Connection Is Not Private” – What it Means and How to Protect Your Privacy appeared first on McAfee Blog.
It’s important to know that not all websites are safe to visit. In fact, some sites may contain malicious software (malware) that can harm your computer or steal your personal contact information or credit card numbers.
Phishing is another common type of web-based attack where scammers try to trick you into giving them your personal information, and you can be susceptible to this if you visit a suspicious site.
Identity theft is a serious problem, so it’s important to protect yourself when browsing the web. Online security threats can be a big issue for internet users, especially when visiting new websites or following site links.
So how can you tell if you’re visiting a safe website or an unsafe website? You can use a few different methods. This page discusses key things to look for in a website so you can stay safe online.
When you’re visiting a website, a few key indicators can help determine whether the site is safe. This section explores how to check the URL for two specific signs of a secure website.
“Https” in a website URL indicates that the website is safe to visit. The “s” stands for “secure,” and it means that the website uses SSL (Secure Sockets Layer) encryption to protect your information. A verified SSL certificate tells your browser that the website is secure. This is especially important when shopping online or entering personal information into a website.
When you see “https” in a URL, the site is using a protocol that encrypts information before it’s sent from your computer to the website’s server. This helps prevent anyone from intercepting and reading your sensitive information as it’s transmitted.
The padlock icon near your browser’s URL field is another indicator that a webpage is safe to visit. This icon usually appears in the address bar and means the site uses SSL encryption. Security tools and icon and warning appearances depend on the web browser.
Let’s explore the cybersecurity tools on the three major web browsers:
Overall, the ”https” and the locked padlock icon are good signs that your personal data will be safe when you enter it on a website. But you can ensure a website’s security is up to par in other ways. This section will explore five in-depth methods for checking website safety.
McAfee WebAdvisor is a free toolbar that helps keep you safe online. It works with your existing antivirus software to provide an extra layer of protection against online threats. WebAdvisor also blocks unsafe websites and lets you know if a site is known for phishing or other malicious activity. In addition, it can help you avoid online scams and prevent you from accidentally downloading malware. Overall, McAfee WebAdvisor is a useful tool that can help you stay safe while browsing the web.
When you’re browsing the web, it’s important to be able to trust the websites you’re visiting. One way to determine if a website is trustworthy is to look for trust seals. Trust seals are logos or badges that indicate a website is safe and secure. They usually appear on the homepage or checkout page of a website.
There are many types of trust seals, but some of the most common include the Better Business Bureau (BBB) seal, VeriSign secure seal, and the McAfee secure seal. These seals indicate that a third-party organization has verified the website as safe and secure.
While trust seals can help determine whether a website is trustworthy, it’s important to remember that they are not foolproof. Website owners can create a fake trust seal, so it’s always important to do your own research to ensure a website is safe before entering personal information.
Another way to determine if a website is safe to visit is to check for a privacy policy. A privacy policy is a document that outlines how a website collects and uses personal information. It should also state how the site protects your data from being accessed or shared by scammers, hackers, or other unauthorized individuals.
If a website doesn’t have a privacy policy, that’s a red flag that you shouldn’t enter any personal information on the site. Even if a website does have a privacy policy, it’s important to read it carefully so you understand how the site uses your personal data.
It’s important to do some preliminary research before visiting a new website, especially if you’re shopping online or entering personal data like your address, credit card, or phone number. One way to determine if a website is safe and trustworthy is to check third-party reviews. Several websites provide reviews of other websites, so you should be able to find several reviews for any given site.
Trustpilot is one example of a website that provides reviews of other websites.
Look for common themes when reading reviews. If most of the reviews mention that a website is safe and easy to use, it’s likely that the site is indeed safe to visit. However, if a lot of negative reviews mention problems with viruses or malware, you might want to avoid the site.
You can also analyze the website design when deciding whether a website is safe to visit. Look for spelling errors, grammatical mistakes, and anything that appears off. If a website looks like it was made in a hurry or doesn’t seem to be well-designed, that’s usually a red flag that the site might not be safe.
Be especially careful of websites that have a lot of pop-ups. These sites are often spammy or contain malware. Don’t download anything from a website unless you’re absolutely sure it’s safe. These malicious websites rarely show up on the top of search engine results, so consider using a search engine to find what you’re looking for rather than a link that redirects you to an unknown website.
If you’re unsure whether a website is safe to visit, download McAfee WebAdvisor for free. McAfee WebAdvisor is a program that helps protect you from online threats, such as malware and viruses. It also blocks pop-ups and other intrusive ads so you can browse the web without worry. Plus, it’s completely free to download and use.
Download McAfee WebAdvisor now and stay safe while browsing the web.
The post How to Tell Whether a Website Is Safe or Unsafe appeared first on McAfee Blog.
Smishing and vishing are scams where criminals attempt to get users to click a fraudulent link through a phone text message, email, or voicemail. These scams are becoming increasingly popular as cybercriminals try to take advantage of people who are more likely to fall for them, such as those who aren’t as familiar with technology or who may be experiencing a crisis.
Be aware that cybercrime and hacking can happen to anyone. Criminals are always looking for new ways to exploit people, and they know that others may not be cautious or recognize the warning signs of phishing scams when using the internet. That’s why it’s important to be aware of the different types of cybercrime and how to protect yourself.
This article discusses how to protect yourself from smishing attempts and scams where criminals try to get you to click on a fraudulent link or respond to their voicemail message to steal your personal data.
Most people are familiar with phishing scams, where scammers try to trick you into giving them your personal or financial information by pretending to be a legitimate company or organization. But have you ever heard of smishing or vishing?
Smishing is a type of phishing scam where attackers send SMS messages (or text messages) to trick victims into sharing personal information or installing malware on their devices. Vishing is almost identical to smishing, except cybercriminals use VoIP (Voice over IP) to place phone calls to trick victims instead of SMS (short message service) messages.
Smishing messages often appear to be from a legitimate source, such as a well-known company or government agency. It may even include urgent language or threats in an effort to get victims to act quickly. In some cases, the message may also include a link that directs victims to a fake website where they are prompted to enter personal information or download malware.
Here are some examples of smishing text messages hackers use to steal your personal details:
If you fall for a smishing scam, you could end up giving away your personal information or money. Cybercriminals use smishing messages to get personal and financial information, like your credit card number or access to your financial services.
For example, one type of smishing scam is when you get a text message that looks like it’s from your bank. The message might say there’s been suspicious activity on your account and that you need to click on a link to verify your identity. If you do click on the link, you’ll be taken to a fake website where you’ll be asked to enter your banking information. Once the scammers have your login information, they have access to clean out your account.
Smishing scams can be very difficult to spot, but there are some telltale signs to look for and steps to take to protect yourself.
One of the easiest ways to protect yourself from smishing scams is to be able to recognize the signs of a smishing text message. Here are some tips:
While you can’t avoid smishing attacks altogether, you can block spam text messages you receive on your mobile phone. iPhone and Android have cybersecurity tools like spam filters and phone number blocking to help protect you from phishing attacks and malicious links.
To set up spam filters on your iPhone:
To set up spam filters on your Android mobile device:
McAfee Mobile Security is a mobile security app that helps protect your phone from malware, phishing attacks, and other online threats. McAfee Mobile Security is available for Android and iOS cell phones.
One of the benefits of using McAfee Mobile Security is that it can help detect and block smishing attacks. With identity monitoring, McAfee Mobile Security monitors your sensitive information like email accounts, credit card numbers, phone numbers, Social Security numbers, and more to protect against identity theft. They notify you if they find any security breaches.
Other benefits include:
These days, our lives are more intertwined with our mobile devices than ever. We use them to stay connected with our loved ones on social media, conduct our business, and even access our most personal, sensitive data. It’s no surprise that mobile cybersecurity is becoming increasingly important.
McAfee Mobile Security is a comprehensive security solution that helps protect your device from viruses, malware, and other online threats. It also offers a variety of other features, like a secure VPN to protect your credit card numbers and other personal data.
Whether you’re browsing your favorite website, keeping up with friends on social media, or shopping online at Amazon, McAfee Mobile Security provides the peace of mind that comes from knowing your mobile device is safe and secure.
So why wait? Don‘t let the smishers win. Get started today with McAfee Mobile Security and rest easy knowing your mobile device and sensitive information are protected.
The post What Is Smishing and Vishing, and How Do You Protect Yourself? appeared first on McAfee Blog.
A new ransomware threat is currently sweeping its way across home computers. And what’s making it extra tricky is that it’s disguised as an operating system update.
Be on the lookout for this new ransomware scheme and protect yourself from ransomware with a few of these tips.
Magniber is a new type of ransomware that is disguised at almost every touchpoint until it seemingly pops out of nowhere demanding money. The attack begins when someone visits a fake Windows 10 update website owned by the Magniber cybercriminal group. Once someone clicks on a malicious link on that site, file-encrypting malware downloads onto the device.
Another stealth maneuver of Magniber is that the encryption malware downloads as a JavaScript file straight to the memory of the device, which can often slide under an antivirus’ radar. This malware allows the criminal to view, delete, and encrypt files and gain administrator access of the device. Usually, before the person even knows their device is in danger, Magniber reveals itself and demands a ransom payment in exchange for releasing the documents and giving back control of the computer. If the device owner refuses to pay, the criminal threatens to delete the files forever.1
For the last several years, large companies fell left and right to breaches. Hacker groups infiltrated complex cybersecurity defenses, got ahold of sensitive company or customer information, and threatened to release their findings on the dark web if not paid a hefty ransom. The reasons cybercriminals targeted corporate databases versus personal devices wasn’t just because they could demand multiple millions, but because companies were better equipped to make ransom transactions anonymously. Often, cryptocurrency transactions are untraceable, which allows criminals to remain at large.
Now that more everyday people are proficient in cryptocurrency, ransomware may shift to targeting personal devices. Though the ransom payments won’t be as lucrative, there also won’t be corporate cybersecurity experts hot on the cybercriminal’s tail.
To avoid ransomware schemes similar to Magniber, adopt these three habits to better protect your device and digital privacy:
If a cybercriminal gets in touch with you and demands a ransom, immediately contact your local FBI field office and file a report with the FBI’s Internet Criminal Complaint Center. From there, the authorities will advise you on how to proceed.
Something you can start with now to defend against ransomware is to invest in McAfee+ Ultimate. It provides the most thorough device, privacy, and identity protection, including $25,000 in ransomware coverage.
1ZDNET, “This unusual ransomware attack targets home PCs, so beware”
The post Ransomware Masquerading as Microsoft Update Targets Home Computers appeared first on McAfee Blog.
The joy of purchasing a new device is liberating. Now you can work, learn, and play faster — along with enjoying ample storage space. So, the last thing you’d expect is your apparently safe device being exposed to vulnerabilities, or “bloat.”
Exposure to unwanted software can derail its performance and hog its storage within a few months of usage. In technical terms, such pieces of software are referred to as bloatware. Bloatware has the potential to attack PCs with Microsoft systems and Android devices. It can also attack Apple iPhones and Macs although their systems tend to be built with a bit more protection.
This article defines bloatware, offers common examples, explains how to identify it, and discusses its impact on your computer’s security.
Bloatware, also called Junkware or Potentially Unwanted Programs (PUP), are third-party programs that slow down the performance of your device and lay it bare to cybersecurity risks.
Manufacturers initially introduced bloatware to provide users with more utility, but the programs led to device issues. Software programs that identify as bloatware run in the background, and locating them is not child’s play.
Bloatware finds its way into your device in two ways: it comes pre-installed or through programs downloaded from the internet. Lenovo‘s Superfish bloatware scandal from 2015 explains how bloatware can harm your devices.
Common examples of bloatware apps include:
As a piece of good advice, it is best to uninstall such apps when of no use — whether on your Android smartphone, Windows computer, or an iOS device.
Performance degradation is a common symptom of a device carrying bloatware. Extended boot-up times, clogged storage, and startup delays are common occurrences. Let’s review some programs that may also be bloatware:
Here’s how to identify bloatware:
As mentioned, not all bloatware is a threat to your device. Some may be useful and can be removed easily. But a major chunk of bloatware is known to slow down your computer.
Bloatware eats up a good chunk of the disk space or hard drive as it runs in the background, and it drains the battery life. Bloatware that isn’t removed quickly may clog your device with annoying ads. These ads can pose a security threat or even corrupt your operating system.
Sadly, it can be a challenge to uninstall bloatware because it finds its way back into the device — sometimes even after it has been deleted. In some cases, it may even redirect you to fake bloatware removal websites and offer malicious removal tools. Such websites ask you to install a new program to remove the previous one, trapping your device further. Unfortunately, there are no secret hacks to stop it from finding a way into your system.
Pro tip: Anytime you download a program or software, be sure it’s from an official source (like a secured website, the Google Play Store, or the Apple App Store). Installing a program from a suspicious website can put your device at risk, as the program can download bundles of other programs on the back end without your knowledge.
Windows 10 comes with a special refresh tool to remove any bloatware disguised as user-installed programs. This tool can bring your PC back to a clean slate. It’s important to check your hard drive beforehand, as it can also remove licenses.
Bloatware can be both harmful and annoying. New devices need full-fledged protection so they can last longer. The answer to your bloatware woes is an antivirus program. It safeguards your computer from dangerous security threats and prevents accidental downloads, so malicious bloatware or malware can’t access your device.
Bloatware can compromise your online safety and security. McAfee+’s protection package is the ideal investment for your new device, so you can work without any hassles or doubts.
McAfee+ enables a top-tier level of online security with full protection from pesky software programs like bloatware. Additionally, you get access to antivirus software for unlimited devices, lost wallet protection, a secure VPN, personal data clean-ups, and more. Sign up for McAfee + and rest easy while your devices remain bloatware-free.
The post What Is Bloatware and How Can It Impact Security? appeared first on McAfee Blog.
It’s hard to imagine a world without cellphones. Whether it be a smartphone or a flip phone, these devices have truly shaped the late 20th century and will continue to do so for the foreseeable future. But while users have become accustomed to having almost everything they could ever want at fingertips length, cybercriminals were busy setting up shop. To trick unsuspecting users, cybercriminals have set up crafty mobile threats – some that users may not even be fully aware of. These sneaky cyberthreats include SMSishing, fake networks, malicious apps, and grayware, which have all grown in sophistication over time. This means users need to be equipped with the know-how to navigate the choppy waters that come with these smartphone-related cyberthreats. Let’s get started.
If you use email, then you are probably familiar with what phishing is. And while phishing is commonly executed through email and malicious links, there is a form of phishing that specifically targets mobile devices called SMSishing. This growing threat allows cybercriminals to utilize messaging apps to send unsuspecting users a SMSishing message. These messages serve one purpose – to obtain personal information, such as logins and financial information. With that information, cybercriminals could impersonate the user to access banking records or steal their identity.
While this threat was once a rarity, it’s rise in popularity is two-fold. The first aspect being that users have been educated to distrust email messages and the second being the rise in mobile phone usage throughout the world. Although this threat shows no sign of slowing down, there are ways to avoid a cybercriminal’s SMSishing hooks. Get started with these tips:
Public and free Wi-Fi is practically everywhere nowadays, with some destinations even having city-wide Wi-Fi set up. But that Wi-Fi users are connecting their mobile device to may not be the most secure, given cybercriminals can exploit weaknesses in these networks to intercept messages, login credentials, or other personal information. Beyond exploiting weaknesses, some cybercriminals take it a step further and create fake networks with generic names that trick unsuspecting users into connecting their devices. These networks are called “evil-twin” networks. For help in spotting these imposters, there are few tricks the savvy user can deploy to prevent an evil twin network from wreaking havoc on their mobile device:
Fake apps have become a rampant problem for Android and iPhone users alike. This is mainly in part due to malicious apps hiding in plain sight on legitimate sources, such as the Google Play Store and Apple’s App Store. After users download a faulty app, cybercriminals deploy malware that operates in the background of mobile devices which makes it difficult for users to realize anything is wrong. And while users think they’ve just downloaded another run-of-the-mill app, the malware is hard at work obtaining personal data.
In order to keep sensitive information out of the hands of cybercriminals, here are a few things users can look for when they need to determine whether an app is fact or fiction:
With so many types of malware out in the world, it’s hard to keep track of them all. But there is one in particular that mobile device users need to be keenly aware of called grayware. As a coverall term for software or code that sits between normal and malicious, grayware comes in many forms, such as adware, spyware or madware. While adware and spyware can sometimes operate simultaneously on infected computers, madware — or adware on mobile devices — infiltrates smartphones by hiding within rogue apps. Once a mobile device is infected with madware from a malicious app, ads can infiltrate almost every aspect on a user’s phone. Madware isn’t just annoying; it also is a security and privacy risk, as some threats will try to obtain users’ data. To avoid the annoyance, as well as the cybersecurity risks of grayware, users can prepare their devices with these cautionary steps:
The post Cybercrime’s Most Wanted: Four Mobile Threats that Might Surprise You appeared first on McAfee Blog.
Happy Cybersecurity Awareness Month!
Every October, the National Cybersecurity Alliance selects a theme around which to publish extensive awareness resources and practical tips to help you improve your cybersecurity.1 This year’s theme is “It’s easy to stay safe online.” With the number of cyberthreats and breaches dominating the headlines, it can seem like a Herculean task to cover all your bases; however, with just four easy habits, you can actually protect yourself against a large percentage of these threats!
Don’t be scared of hackers, phishers, or cybercriminals this month. Leave that to the ghosts, ghouls, and your upcoming holiday social calendar.
Multifactor authentication (MFA) is an excellent way to frustrate cybercriminals attempting to break into your online accounts. MFA means that you need more than a username and password to log in, such as a one-time code sent to by email, text, or through an authentication app or a face or fingerprint scan. This adds an extra layer of security, because a thief would have to have access to your device, your email, or be able to trick a biometric reader to get into your online account.
Most online sites offer the option to turn on MFA. While it may add an extra few seconds to the login process, it’s well worth it. Username and password combinations can be up for sale on the dark web following a breach. With these in hand, a cybercriminal could then help themselves to your online bank account, online medical records, and possibly your identity. When an account is secured with MFA, a criminal may quickly move on to another target that’s easier to crack.
Most sites won’t even let you proceed with creating an account if you don’t have a strong enough password. A strong password is one with a mix of capital and lowercase letters, numbers, and special characters. What also makes for an excellent password is one that’s unique. Reusing passwords can be just as risky as using “password123” or your pet’s name plus your birthday as a password. A reused password can put all your online accounts at risk, due to a practice called credential stuffing. Credential stuffing is a tactic where a cybercriminal attempts to input a stolen username and password combination in dozens of random websites and to see which doors it opens.
Remembering a different password for each of your online accounts is almost an impossible task. Luckily, password managers make it so you only have to remember one password ever again! Password managers, like the one available in McAfee+. safeguard all your passwords in one secure desktop extension or cellphone app that you can use anywhere. McAfee+ is secured with one of the most secure encryption algorithms available, and multifactor authentication is always standard.
It’s best to create passwords or passphrases that have a secret meaning that only you know. Stay away from using significant dates, names, or places, because those are easier to guess. You can also leave it up to your password manager to randomly generate a password for you. The resulting unintelligible jumble of numbers, letters, and symbols is virtually impossible for anyone to guess.
Software update notifications always seem ping on the outskirts of your desktop and mobile device at the most inconvenient times. What’s more inconvenient though is having your device hacked. Another easy tip to improve your cybersecurity is to update your device software whenever upgrades are available. Most software updates include security patches that smart teams have created to foil cybercriminals. The more outdated your apps or operating system is, the more time criminals have had to work out ways to infiltrate them.
Consider enabling automatic updates on all your devices. Many major updates occur in the early hours of the morning, meaning that you’ll never know your devices were offline. You’ll just wake up to new, secure software!
You’ve likely already experienced a phishing attempt, whether you were aware of it or not. Phishing is a common tactic used to eke personal details from unsuspecting or trusting people. Phishers often initiate contact through texts, emails, or social media direct messages, and they aim to get enough information to hack into your online accounts or to impersonate you.
Luckily, it’s usually easy to identify a phisher. Here are a few tell-tale signs for be on the lookout for:
Never engage with a phishing attempt. Do not forward the message or respond to them and never click on any links included in their message. The links could direct to malicious sites that could infect your device with malware or spyware.
Before you delete the message, block the sender, mark the message as junk, and report the phisher. Reporting can go a long way toward hopefully preventing the phisher from targeting someone else.
The best complement to your newfound excellent cyberhabits is a toolbelt of excellent services to patch any holes in your defense. McAfee+ includes all the services you need to boost your peace of mind about your online identity and privacy. You can surf public Wi-Fis safely with its secure VPN, protect your device with antivirus software, scan risky sites for your personally identifiable information, and more!
This October, make a commitment to improving your cybersecurity with the guidance of the National Cybersecurity Alliance and McAfee.
1National Cybersecurity Alliance, “Cybersecurity Awareness Month”
The post 4 Easy Things You Can Do Today to Improve Your Cybersecurity appeared first on McAfee Blog.
Malicious software, or “malware,” refers to any program designed to infect and disrupt computer systems and networks. The risks associated with a malware infection can range from poor device performance to stolen data.
However, thanks to their closed ecosystem, built-in security features, and strict policies on third-party apps, Apple devices tend to be less prone to malware infections compared to their Android counterparts. But it’s important to note that they’re not completely without vulnerabilities.
Several iPhone viruses could infect your smartphone and affect its functionality, especially if you jailbreak your iPhone (that is, opening your iOS to wider features, apps, and themes).
This article covers how you can detect malware infections and how to remove viruses from your device so you can get back to enjoying the digital world.
Malware can affect your iPhone in a variety of ways. Here are a few telltale signs that your iPhone might have an unwelcome visitor.
If you notice any of the signs above, it’s a good idea to check for malware. Here are some steps you can take.
If you’ve confirmed malware on your iPhone, don’t worry. There’s still time to protect yourself and your data. Below is an action plan you can follow to remove malware from your device.
In many cases, hackers exploit outdated versions of iOS to launch malware attacks. If you don’t have the latest version of your operating system, it’s a good idea to update iOS to close this potential vulnerability. Just follow these steps:
It might sound simple, but restarting your device can fix certain issues. The system will restart on its own when updating the iOS. If you already have the latest version, restart your iPhone now.
If updating the iOS and restarting your device didn’t fix the issue, try clearing your phone’s browsing history and data. If you’re using Safari, follow these steps:
Keep in mind that the process is similar for Google Chrome and most other popular web browsers.
Malicious software, such as spyware and ransomware, often end up on phones by masquerading as legitimate apps. To err on the side of caution, delete any apps that you don’t remember downloading or installing.
The option to restore to a previous backup is one of the most valuable features found on the iPhone and iPad. Essentially, this allows you to restore your device to an iCloud backup made before the malware infection.
Here’s how:
If none of the steps above solves the problem, a factory reset might be the next order of business. Restoring your phone to factory settings will reset it to its out-of-factory configuration, deleting all of your apps, content, and settings in the process and replacing them with original software only.
To factory reset your iPhone, follow these steps:
The best way to protect your iOS device is to avoid malware in the first place. Follow these security measures to safeguard your device:
If you have an iPhone and are like most other people, you probably use your device for almost everything you do online. And while it’s amazing to have the internet in the palm of your hands, it’s also important to be aware of online threats like malware, which can put your digital life at risk.
The good news is that McAfee has your back with our award-winning and full-scale mobile security app. McAfee Mobile Security provides full protection against various types of malware targeting the Apple ecosystem. With safe browsing features, a secure VPN, and antivirus software, McAfee Security for iOS delivers protection against emerging threats, so you can continue to use your iPhone with peace of mind.
Download the McAfee Security app today and get all-in-one protection.
The post A Guide to Remove Malware From Your iPhone appeared first on McAfee Blog.
With “See Yourself in Cyber” as the theme for this year’s Cybersecurity Awareness Month, the focus is on you with a look at several quick ways you can quickly get safer online.
Now in its 21st year, Cybersecurity Awareness Month marks a long-standing collaboration between the U.S. government and private industry. It’s aim, empower people to protect themselves from digital forms of crime. And that stands as a good reminder. Phishing attacks, malware, and the other threats we regularly talk about in our blog are indeed forms of crime. And where there’s crime, there’s a person behind it.
It can be easy to lose sight of that, particularly as the crook on the other end of the attack is hiding behind a computer. Cybercrime can feel anonymous that way, yet it’s anything but. Whether a single bad actor or as part of a large crime organization, people power cybercrime.
Yet just as you secure your home to prevent yourself from becoming a victim of a criminal, you can also secure your digital life to prevent yourself from becoming a victim of cybercriminal.
You have plenty of places where you can start, and they’re all good ones. Even a handful of the simplest measures can significantly decrease your risk. Better yet, several take far less time to put into place than you might think, while yet more work automatically once you implement them—making them a sort of “set it and forget it” security measure.
With that, this five-step list can get you going:
Strong, unique passwords offer another primary line of defense. Yet with all the accounts we have floating around, juggling dozens of strong and unique passwords can feel like a task—thus the temptation to use (and re-use) simpler passwords. Hackers love this because one password can be the key to several accounts. Instead, try a password manager that can create those passwords for you and safely store them as well. Comprehensive security software will include one, and McAfee also offers a free service with True Key.
Updates do all kinds of great things for gaming, streaming, and chatting apps, like add more features and functionality over time. Updates do something else—they make those apps more secure. Hackers will hammer away at apps to find or create vulnerabilities, which can steal personal info or compromise the device itself. Updates will often include security improvements, in addition to performance improvements.
For your computers and laptops:
For your smartphones:
For your smartphone apps:
Often overlooked is the humble browser. Yet if you think about it, the browser is one of the apps we use most often. Particularly on our desktops. It takes us shopping, to shows, the bank, and even work. Hackers realize that, which is why they love targeting browsers. Whether it’s through vulnerabilities in the code that runs the browser, injecting malicious code into a browser session, or any one of several other attack vectors, hackers will try to find a way to compromise computers via the browser.
One of the best ways to keep your browser safe is to keep it updated. By updating your browser, you’ll get the latest in features and functionality in addition to security fixes that can prevent attacks from hackers. It’s a straightforward process, and this article will show you can set your browser to automatically update.
Whether they come by way of an email, text, direct message, or as bogus ads on social media and in search, phishing attacks remain popular with cybercriminals. Across their various forms, the intent remains the same—to steal personal or account information by posing as a well-known company, organization, or even someone the victim knows. And depending on the information that gets stolen, it can result in a drained bank account, a hijacked social media profile, or any number of different identity crimes. What makes some phishing attacks so effective is how some hackers can make the phishing emails and sites they use look like the real thing, so learning how to spot phishing attacks has become a valuable skill nowadays. Additionally, comprehensive online protection software will include web protection that can spot bogus links and sites and warn you away from them, even if they look legit.
Some signs of a phishing attack include:
Email addresses that slightly alter the address of a trusted brand name so it looks close at first glance.
Again, this can take a sharp eye to spot. When you get emails like these, take a moment to scrutinize them and certainly don’t click on any links.
Another way you can fight back against crooks who phish is to report them. Check out ReportFraud.ftc.gov, which shares reports of phishing and other fraud with law enforcement. Taken together with other reports, your information can aid an investigation and help bring charges on a cybercriminal or an organized ring.
Chances are you’re using multi-factor authentication (MFA) on a few of your accounts already, like with your bank or financial institutions. MFA provides an additional layer of protection that makes it much more difficult for a hacker or bad actor to compromise your accounts even if they know your password and username. It’s quite common nowadays, where an online account will ask you to use an email or a text to your smartphone to as part of your logon process. If you have MFA as an option when logging into your accounts, strongly consider using it.
This list can get you started, and you can take even more steps now that you’re rolling. Keep dropping by our blog for more ways you can make yourself safer, such as on social media, your smartphone, in app stores, and more. Visit us any time!
The post See Yourself in Cyber – Five Quick Ways You Can Quickly Get Safer Online appeared first on McAfee Blog.
In the fall of 2021, cryptocurrency value skyrocketed. Ethereum and Bitcoin had their highest values ever, causing a huge stir in interest in online currencies from experts, hobbyists and newbies alike … and in cybercriminals seeking huge paydays. Since then, cryptocurrency value has cooled, as has the public’s opinion about whether it’s worth the risk. Huge cryptohacking events dominate the headlines, leaving us to wonder: Is cryptocurrency losing its credibility?
In this article, you’ll learn about recent unfortunate crypto hacks and a few cryptocurrency security tips to help you avoid a similar misfortune.
A crypto wallet is the software or the physical device that stores the public and private keys to your cryptocurrency. A public key is the string of letters and numbers that people swap with each other in crypto transactions. It’s ok to share a public key with someone you trust. Your private key, however, must remain private — think of it like the password that secures your online bank account. Just like your actual wallet, if it falls into the wrong hands, you can lose a lot of money.
A malware called Mars Stealer infiltrated several crypto wallet browser extensions, including the popular MetaMask. The malware stole private keys and then erased its tracks to mask that it had ever gained entry to the wallet.1
One way to completely avoid a breach to your software crypto wallet is to opt for a hardware wallet. A hardware wallet is a physical device that can only be opened with a PIN. But there is some risk involved with a hardware wallet: if you drop it down the drain, all your crypto is gone. If you forget your wallet PIN, there is no customer service chatbot that can help you remember it. You are solely responsible for keeping track of it. For those who are confident in their hardware’s hiding spot and their personal organizational skills, they can benefit from its added security.
For anyone less sure of their ability to keep track of a hardware wallet, a software wallet is a fine alternative, though always been on alert of software wallet hacks. Keep an eye on crypto news and be ready to secure your software at a moment’s notice. Measures include un-downloading browser extensions, changing passwords, or transferring your crypto assets to another software wallet.
In the case of the Mars Stealer malware that affected MetaMask, being careful about visiting secure sites and only clicking on trustworthy links could’ve helped prevent it. Mars Stealer made its way onto people’s devices after they clicked on an infected link or visited a risky website. Stick to websites you know you can trust and consider springing for well-known streaming services and paying for software instead of torrenting from free sources.
Cryptocurrency enthusiasts often spread their crypto investments across various currency types and blockchain environments. Software known as a bridge can link numerous accounts and types, making it easier to send currency.
The cross-chain bridge Horizon experienced was on its Harmony blockchain, where a hacker stole about $100 million in Ethereum and tokens. The hacker stole two private keys, with which they could then validate this huge transaction into their own wallet. To hopefully prevent this from happening in the future, Horizon now requires more than just two validators.2
According to one report, in 2022, 69% of all cryptocurrency losses have occurred in bridge attacks.3 If you exchange cryptocurrencies with other users and have various accounts, it’s almost inevitable that you’ll use bridge software. To keep your assets safe, make sure to extensively research any bridge before trusting it. Take a look at their security protocols and how they’ve responded to past breaches, if applicable.
In the case of Horizon, the stolen private keys were encrypted with a passphrase and with a key management service, which follows best practices. Make sure that you always defend your private keys and all your cryptocurrency-related accounts with multi-factor authentication. Even though it may not 100% protect your assets, it’ll foil a less persistent cybercriminal.
Phishing attacks on bridge companies in conjunction with software hacks are also common. In this scenario, there’s unfortunately not much you can control. What you can control is how quickly and completely you respond to the cybercrime event. Remove the bridge software from your devices, transfer all your assets to a hardware wallet, and await further instructions from the bridge company on how to proceed.
Decentralized finance, or DeFi, is now one of the riskiest aspects of cryptocurrency. DeFi is a system without governing bodies. Some crypto traders like the anonymity and autonomy of being able to make transactions without a bank or institution tracking their assets. The drawback is that the code used in smart contracts isn’t bulletproof and has been at the center of several costly cybercrimes. Smart contracts are agreed upon by crypto buyers and sellers, and they contain code that programs crypto to perform certain financial transactions.
Three multi-million-dollar heists – Wormhole, Beanstalk Farms and Ronin bridge – occurred in quick succession, and smart contracts were at the center of each.4 In the case of Wormhole, a cybercriminal minted 120,000 in one currency and then traded them for Ethereum without putting up the necessary collateral. In the end, the hacker cashed out with $320 million. Beanstalk Farms lost $182 million when a hacker discovered a loophole in the stablecoin’s flash loan smart contract. Axie Infinity’s Ronin bridge was hit for $625 million when a hacker took control over and signed five of the nine validator nodes through a smart contract hole.4
To be safe, conduct all crypto transactions on well-known and trustworthy software, applications, bridges, and wallets that are backed by a governing body. What you lose in anonymity you gain in security by way of regulated protocols. Hackers are targeting smart contracts because they do not have to depend on large-scale phishing schemes to get the information they need. Instead, they can infiltrate the code themselves and steal assets from the smartest and most careful crypto users. Because there’s almost no way you can predict the next smart contract hack, the best path forward is to always remain on your toes and be ready to react should one occur.
Don’t let these costly hacks be what stops you from exploring crypto! Crypto is great as a side hustle if you’re committed to security and are strategic in your investments. Make sure you follow the best practices outlined and arm all your devices (mobile included!) with top-notch security, such as antivirus software, a VPN, and a password manager, all of which are included in McAfee +.
Privacy, excellent security habits, and an eagle eye can help you enjoy the most out of cryptocurrency and sidestep its costly pitfalls. Now, go forth confidently and prosper in the crypto realm!
1Cointelegraph, “Hodlers, beware! New malware targets MetaMask and 40 other crypto wallets”
2Halborn, “Explained: The Harmony Horizon Bridge Hack”
3Chainalysis, “Vulnerabilities in Cross-chain Bridge Protocols Emerge as Top Security Risk”
4Protocol, “Crypto is crumbling, and DeFi hacks are getting worse”
5Cointelegraph, “Beanstalk Farms loses $182M in DeFi governance exploit”
The post Cryptohacking: Is Cryptocurrency Losing Its Credibility? appeared first on McAfee Blog.
Our all-new ransomware coverage is now available, ready to help just in case—all backed by expert advice to help you find the quickest and best possible path to recovery.
Ransomware coverage from McAfee can reimburse you up to $25,000 for losses resulting from a ransomware threat, including financial losses and ransom fees. You’ll find this ransomware coverage included with our McAfee+ Ultimate plan.
As well as eligibility for ransomware reimbursement, our team of experts can help you:
However, it’s important to realize that ransomware is unlike any other attack. When ransomware locks someone out of their device or encrypts their data and files so they can’t use them, a demand is usually made for money. Sometimes, paying the ransom results in the device being made accessible again or the files being decrypted. Yet like any ransom case, this result is not always guaranteed. There are plenty of cases where people pay the ransom but never get their data or access to their devices back.
Again, our coverage includes guidance from our expert advisers to help walk you through your options should the worst happen to you. You won’t be in it alone—particularly as you look to recover from what can be a complicated attack.
As the name implies, ransomware is a type of malware that holds your device or information for ransom. It may lock your computer or smartphone entirely or it may you out of your files by encrypting them so that you can’t access them. Whether it’s a hacker or a cybercrime organization behind the attack, the bad actor involved holds the key to unlock those files—and promises to do so. For a price. And as mentioned above, sometimes that doesn’t happen, even if you pay.
Ransomware can infect your devices several different ways:
Ransomware has seen quite the evolution over the years. Its origins date back to the late 1980s, where malware-loaded floppy disks were sent to users who installed them under false pretenses. There the malware would lie in wait until the user rebooted their computer for the 90th time and presented with a digital ransom note.
From there, ransomware attacks on individuals became more sophisticated, and more lucrative, with the advent of the internet and the millions of everyday users who flocked to it. Using phishing emails, malware downloads from phony sites, and compromised software and networks, hackers rapidly expanded their ransomware reach.
However, yet more lucrative for hackers and organized cybercriminals were public and private organizations. Shifting their attacks to so-called “big game” targets, hackers and organized cybercriminals have used ransomware to extort money from hospitals, city governments, financial institutions, and key energy infrastructure companies, to name just a few. Seeing further opportunity, ransomware attackers then began targeting smaller and mid-sized businesses as well. While the ransom demands account for lower amounts, these organizations often lack dedicated cybersecurity teams and the protections that come along with them, making these organizations easier to victimize.
Meanwhile, the body of malicious code and attack packages used to launch ransomware attacks has only grown. As a result, small-time hackers and hacking groups can find the tools they need to conduct an attack for sale or for lease as a service (Ransomware as a Service, or RaaS). In effect, these bad actors can simply access a dark web marketplace and figuratively pull a ready-to-deploy attack off the shelf.
As a result, ransomware remains a concern for individuals, even as businesses and governmental bodies of all sizes deal with its threat.
What makes ransomware so damaging is just how much effort it can take to undo. Setting aside the sophisticated attacks on businesses and governments for a moment, even those “off-the-shelf” attacks that some hackers will launch against individuals go beyond the average user’s ability to undo. For example, there are some known attacks with known methods of decrypting the data, however, that requires knowing specifically which attack was used. Attempting to undo the encryption with the wrong solution can potentially encrypt that data even more.
So without question, the best defense against ransomware is prevention. Comprehensive online protection software gives you the tools you need to help avoid becoming a ransomware victim. A few include:
Moreover, you can protect yourself further by backing up your files and data. A cloud storage solution,121cwdv 1765ujb n4yh that’s secured with a strong and unique password, offers one path. Likewise, you can back up your files on an external disk or drive, making sure to keep it disconnected from your network and stored in a safe place.
Also as mentioned in the bullets above, keep your operating system and apps current with the latest updates. Beyond making improvements in your operating system and apps, updates often also address security issues that hackers often use to compromise devices and apps.
Lastly, stay alert. Keep an eye out for sketchy links, attachments, websites, and messages. Bad actors will pull all kinds of phishing tricks to lure you their way, places where they try to compromise you, your devices, and data.
Taken together, the combination of online protection software and a few preventative steps can greatly reduce the chance that you’ll fall victim to ransomware. From there, you also have the assurance of our ransomware coverage, ready to get on the path to recovery, just in case.
The post All-New Ransomware Coverage Opens Up the Path to Recovery appeared first on McAfee Blog.
The social network TikTok is chockfull of interesting, fun, laugh-out-loud videos shared by creators worldwide. Kids, as well as parents, can easily spend hours glued to the platform. But as with most popular platforms, the fun can eventually turn dark, even deadly, when viral challenges make their rounds.
The latest viral challenge, the “blackout challenge,” first became popular online in 2008 and made its unfortunate comeback in 2021. Before this second round, the CDC attributed nearly 80 deaths to the dangerous online game. In the past month, authorities are attributing the tragic, high-profile deaths of Archie Battersbee, 12, and Leon Brown, 14 to the challenge.
The blackout challenge is a choking game that involves intentionally trying to choke oneself or another to obtain a brief euphoric state or “high.” Death or serious injury can result if strangulation is prolonged. Those doing the challenge do it privately or broadcast their attempt to friends or followers. The CDC also found that most deaths occurred when a child engaged in the choking game alone and that most parents were unaware of the game before their child’s death.
It’s easy to look at a challenge like this and dismiss it thinking your child would never be involved in such a dangerous game. However, in a recent post from HealthyChildren.org on why kids participate in online dares, pediatricians point to the reality that the teen brain is still developing. The part of the brain that processes rational thought, the prefrontal cortex, is not fully developed until a person’s mid-20s. This physiological reality means teens are naturally impulsive and can do things without stopping to consider the consequences.
Another lure that entices teens is that social media’s fast-moving, impulsive environment rewards outrageous behavior—the more outrageous the content, the bigger the bragging rights. The fear of losing out (FOMO is natural for teens.
According to the CDC, signs that a child may be engaging in the blackout challenge include:
Viral challenges will continue to emerge and shock us. There’s no way to anticipate them or control them. However, staying informed about dangerous online trends and keeping the lines of communication with your child open and honest is a big step toward equipping them to live a safe, balanced digital life.
The post Deadly Digital Dares: The Blackout Challenge on TikTok appeared first on McAfee Blog.
Safety has a feeling all its own, and that’s what’s at the heart of McAfee+.
We created McAfee+ so people can not only be safe but feel safe online, particularly in a time when there’s so much concern about identity theft and invasion of our online privacy.
And those concerns have merit. Last year, reported cases of identity theft and fraud in the U.S. shot up to 5.7 million, to the tune of $5.8 billion in losses, a 70% increase over the year prior. Meanwhile, online data brokers continue to buy and sell highly detailed personal profiles with the data cobbled together from websites, apps, smartphones, connected appliances, and more, all as part of a global data-gathering economy estimated at well over $200 billion a year.
Yet despite growing awareness of the ways personal information is collected, bought, sold, and even stolen, it remains a somewhat invisible problem. You simply don’t see it as it happens, let alone know who’s collecting what information about you and toward what ends—whether legal, illegal, or somewhere in between. A recent study we conducted showed that 74% of consumers are concerned about keeping their personal information private online. Yet, most of us have found out the hard way (when we search for our name on the internet) that there is a lot of information about us that has been made public. It is our belief that every individual should have the right to be private, yet we know too many individuals don’t know where to begin. It is this very worry that made us focus our new product line on empowering our users to take charge of their privacy and identity online.
McAfee+ gives you that control.
Now available in the U.S., McAfee+ provides all-in-one online protection for your identity, privacy, and security. With McAfee+, you’ll feel safer online because you’ll have the tools, guidance and support to take the steps to be safer online. Here’s how:
You can see the entire range of features that cover your identity, privacy, and security with a visit to our McAfee+ page.
McAfee+ Ultimate offers our most thorough protection, with which you can lock your credit with a click or put a comprehensive security freeze in place, both to thwart potential identity theft. You can keep tabs on your credit with daily credit monitoring and get an alert when there’s credit activity to spot any irregularities quickly.
You’ll also feel like someone has your back. Even with the most thorough measures in place, identity theft and ransomware attacks can still strike, which can throw your personal and financial life into a tailspin. What do you do? Where do you start? Here, we have you covered. We offer two kinds of coverage that can help you recover your time, money, and good name:
Starting today, customers in the U.S. can purchase McAfee+ online at McAfee.com in Premium, Advanced, and Ultimate plans, in addition to individual and family subscriptions. McAfee+ will also be available online in the U.K., Canada, and Australia in the coming weeks with additional regions coming in the months ahead (features may vary by region).
We are very excited about bringing these new protections to you and we hope you will be too.
The post The Feeling of Safety with McAfee+ appeared first on McAfee Blog.
“Congratulations, you’re a winner!”
“Did you know this public figure is trying to make your life worse? Click here for what they don’t want you to know.”
“Save thousands today with just one click!”
Spam and bot accounts on social media are everywhere. You’ve likely encountered messages like these that attempt to get you to click on links or to stir your emotions in a frenzy. While bot accounts are usually more of an annoyance than anything, when they’re allowed to run rampant, they can quickly become dangerous to your personally identifiable information (PII) and create an emotionally charged mob mentality.
Here’s what you should know about bot accounts, including how to steer clear of menacing ones, plus a reminder to watch what you share on (and with) social media sites.
Bot accounts are software-automated accounts that try to blend in and act like a real user. They post updates and follow other users, though there isn’t a real person behind the account. A spam account is a type of bot account that attempts to gain financially from its automated posts. Everyday people should be wary of social media bot accounts because they can be used to disseminate false information or phishing scams.
One whistleblower of a social media giant recently divulged that the platform isn’t prioritizing deactivating bot accounts.1 This apathy sparks concerns about the company’s commitment to the security of its users. In the whistleblower’s same report, he stated that the social media site isn’t taking the necessary steps to protect itself from potential inside threats and it had fallen victim to at least 20 breaches in 2020 without reporting the incidents to the proper authorities.
Some bot accounts aren’t malicious (merely an annoying tactic by companies to spread the word about their business), but it’s best to give all of them a wide berth and never click on any links in their posts. Those links could direct to unsecured outside sites laden with malware or drop you in the middle of a phishing scheme.
You can often spot a malicious bot account by the tone of its messages. They’ll often try to inspire intense emotions, such as excitement, sadness, or rage, and attempt to get users to act or share the post. Do not engage with them, not even to argue their points. When you engage or share these posts with your network, it spreads false information and could dangerously manipulate public opinion.2
Here are a few ways you can take your cybersecurity into your own hands when you can’t be sure that social media sites are looking out for the safety of users’ information:
You can’t trust every company to look out for the safety of your personal information, but one organization you can trust is McAfee. McAfee Total Protection is a comprehensive identity and privacy protection solution for your digital life. Great social media habits go a long way toward keeping you safe online, and you can rest assured knowing that McAfee can fill in the gaps. McAfee Total Protection offers antivirus, identity monitoring, and security freeze in the case your information is leaked in a breach or a bot account gets ahold of key details.
Keep on sharing your life’s milestones with your closest friends and family online. The next time you update your status, flag any suspicious accounts you come across, so everyone can enjoy social media confidently!
1NBC News, “Twitter whistleblower alleges major security issues”
2Journal of Information Technology & Politics, “Harass, mislead & polarize: An analysis of Twitter political bots’ tactics in targeting the immigration debate before the 2018 U.S. midterm election”
The post Here’s How to Steer Clear of Bot Accounts on Social Media appeared first on McAfee Blog.
Whether using the internet for play or work, you want to spend your time online enjoying the peace of mind that comes with having a secure network.
You don’t want to contend with someone taking your personal data — whether it’s credit card information, passwords, or bank account details — via malware or a data breach on your Android, Windows, or Apple iOS device.
Fortunately, with some sensible precautions and simple steps, you can use your connected devices productively without worrying about cybercriminals and malicious software. This article explains how to stop hackers from getting access to your sensitive data.
You can take steps to protect your different computing and mobile devices and operating systems. These steps can be divided into technological solutions and the right awareness and information to provide a comforting measure of self-protection.
It’s like learning karate for self-defense, giving you confidence as you negotiate the wider world (and hoping that you never have to use it).
When it comes to identity protection software, McAfee provides a proven solution with our identity protection and privacy services. The protection includes alerts if your sensitive information is found on the dark web (up to 10 months sooner than other providers), personal data cleanup from sites gathering and selling your information, and an unlimited virtual public network (VPN) service that protects your privacy as you use public Wi-Fi networks.
You’ll also get up to $1 million in identity theft coverage and hands-on restoration support to help you reclaim your identity.
Simple, obvious passwords and passcodes (like your street address, your birthday, your kids’ or pets’ names, or “1234” or “abcd”) are easy for cybercriminals to crack, giving them unwanted access to your private data.
The stronger your password, the better your protection. Some best password practices include:
It’s important not to be a standing target. Just as you should use different passwords for everything, you should regularly change your passwords. You should do this a few times a year (although some cyber experts say this might not be necessary if you have a long and very complicated password).
If you have a number of passwords that you update often, it might be worth getting a password manager like McAfee True Key to keep track of them. Not only will you not be faced with remembering all your different passwords or writing them down (also a no-no), but it can also help you create and store unique passwords.
The software uses the strongest encryption algorithms available to protect your passwords, scrambling them so no one else can access them. It’ll also suggest new passwords and automatically log you into your online accounts with just one master password.
Another important line of defense is multi-factor authentication (sometimes known as two-factor authentication). This system uses a password and a second piece of verification — often an SMS message sent to your Android device or iPhone — to authenticate your identity.
This provides hard-to-beat protection even if a hacker has your password. Besides receiving SMS codes, there are also code-generating apps and physical security keys.
Thinking before you click on an email or text is a very important defense against phishing scams. Your bank won’t send you an email or text notifying you that there’s been suspicious activity on your account.
Does getting a large refund from your phone company sound too good to be true? It is. Similarly, the Internal Revenue Service (IRS) won’t text to tell you that you owe them money, and princes aren’t going to give you a fortune out of the blue.
Internet users beware: If you’re not absolutely certain that the text message you received is from a legitimate and trusted source, delete it. You can always contact the business or person directly to confirm that the message is legit.
Any operating system or app you use is open to malicious cyberattacks. This is why you should keep all your software up to date with the latest versions. Software developers are continually fixing holes in their products and offering cybersecurity patches to make them as safe and hacker-proof as possible.
Make sure your software, firmware, and security settings are up to date on your home’s Wi-Fi router, as well. You can often change your settings to allow for automatic updates.
Sure, who doesn’t like to go to a cafe, library, or hotel lobby to use the free Wi-Fi? But security is often weak in these public networks. If you open your online banking account or access personal information, you may unwittingly be giving a personal invitation to eavesdropping cybercriminals.
This is where the bank-grade level of protection of McAfee Secure VPN comes in, which automatically turns on when you need it and keeps you safe on public Wi-Fi networks.
Even if your device does get hacked, you can protect vital information on your Windows or macOS system with an encryption program like BitLocker or FileVault. You can protect any hard drive you use, including portable ones and USB keys.
It’s also a good idea to only shop at encrypted websites marked with the prefix “HTTPS” in their URLs.
One of the best ways to surf the web in comfort while keeping hackers at bay is with the comprehensive solutions provided by McAfee Total Protection.
Your protection includes proactive measures (meaning we’ll guide you to the best choices for prevention), early detection, and expert identity theft support.
This means you’ll get identity monitoring, up to $1 million in identity theft coverage, lost wallet protection, premium antivirus software, a secure VPN, and personal data removal. In particular, our Personal Data Cleanup service will help find and remove your personal information from data broker websites and people search sites.
With McAfee, you don’t have to be afraid of hackers. Let us deal with them.
The post How to Stay One Step Ahead of Hackers appeared first on McAfee Blog.
Authored by Dexter Shin
McAfee’s Mobile Research Team introduced a new Android malware targeting Instagram users who want to increase their followers or likes in the last post. As we researched more about this threat, we found another malware type that uses different technical methods to steal user’s credentials. The target is users who are not satisfied with the default functions provided by Instagram. Various Instagram modification application already exists for those users on the Internet. The new malware we found pretends to be a popular mod app and steals Instagram credentials.
Instander is one of the famous Instagram modification applications available for Android devices to help Instagram users access extra helpful features. The mod app supports uploading high-quality images and downloading posted photos and videos.
The initial screens of this malware and Instander are similar, as shown below.
Figure 1. Instander legitimate app(Left) and Mmalware(Right)
Next, this malware requests an account (username or email) and password. Finally, this malware displays an error message regardless of whether the login information is correct.
Figure 2. Malware requests account and password
The malware steals the user’s username and password in a very unique way. The main trick is to use the Firebase API. First, the user input value is combined with l@gmail.com. This value and static password(=kamalw20051) are then sent via the Firebase API, createUserWithEmailAndPassword. And next, the password process is the same. After receiving the user’s account and password input, this malware will request it twice.
Since we cannot see the dashboard of the malware author, we tested it using the same API. As a result, we checked the user input value in plain text on the dashboard.
According to the Firebase document, createUserWithEmailAndPassword API is to create a new user account associated with the specified email address and password. Because the first parameter is defined as email patterns, the malware author uses the above code to create email patterns regardless of user input values.
It is an API for creating accounts in the Firebase so that the administrator can check the account name in the Firebase dashboard. The victim’s account and password have been requested as Firebase account name, so it should be seen as plain text without hashing or masking.
As an interesting point on the network traffic of the malware, this malware communicates with the Firebase server in Protobuf format in the network. The initial configuration of this Firebase API uses the JSON format. Although the Protobuf format is readable enough, it can be assumed that this malware author intentionally attempts to obfuscate the network traffic through the additional settings. Also, the domain used for data transfer(=www.googleapis.com) is managed by Google. Because it is a domain that is too common and not dangerous, many network filtering and firewall solutions do not detect it.
As mentioned, users should always be careful about installing 3rd party apps. Aside from the types of malware we’ve introduced so far, attackers are trying to steal users’ credentials in a variety of ways. Therefore, you should employ security software on your mobile devices and always keep up to date.
Fortunately, McAfee Mobile Security is able to detect this as Android/InstaStealer and protect you from similar threats. For more information visit McAfee Mobile Security
SHA256:
The post Instagram credentials Stealer: Disguised as Mod App appeared first on McAfee Blog.
If you’re like most people, you probably use your computer for most of your online activities. It’s amazing what the internet can do to make our lives easier. But if you’ve spent any time online, you know the internet also comes with some risks.
Malware (or malicious software) is one risk of living a connected life. Whether it comes from infected websites, innocent-looking email attachments, or applications and tools you think you can trust, malware can expose your private information to cybercriminals who may use it for personal gain.
If you suspect that malicious software has infected your device, it’s important to remove it quickly to protect yourself.
Though dealing with malware can be scary, there are a few things you can do. This article will explain how malware can infect devices and how you can remove it from them.
There are many types of malware, which do their work in different ways. They can include viruses, worms, Trojans, spyware, adware, ransomware, and more.
Some common ways that Windows PCs, Macs, tablets, and smartphones can get infected include:
Malware can affect you in a variety of ways. For example, malware can allow hackers to steal your private information, uncover passwords, cause financial issues for you or your company, delete files, and render your device unusable.
Malware can also move from your computer to other devices, so you may unwittingly infect friends, family, or co-workers. It can gobble up your computer’s memory, slow its operation to a snail’s pace, and more.
For these reasons, it’s a good idea to find out how to remove malware and learn to protect yourself from it in the first place.
The Federal Trade Commission (FTC) Consumer Information points out some ways to know if malware has infected your device, including if it:
If you think your computer, smartphone or tablet has been infected by malware, the first step is to stop shopping, banking, and doing other things online that involve usernames, passwords, or other sensitive information until you have the problem resolved.
If you don’t have an antivirus program on your device, it’s a good idea to get one. McAfee’s antivirus software provides award-winning protection for your data and devices. It’s important to get antivirus software from a trusted name because some malware can even masquerade as security software.
It’s also important to make sure that your operating system for your different devices and applications are up to date. Older programs and apps might not have the latest security features — cybercriminals are constantly devising new ways to get people’s information — and outdated software can have a harder time fighting off infection.
Once your cybersecurity software is in place, you should:
If you have a PC with Windows 10 or 11, you already benefit from free virus threat protection with Microsoft Windows Defender. Windows Defender, or built-in Microsoft security, compares new files and programs against a database of known malware. It keeps an eye out for signs that an attack is underway, such as the encryption of key files.
Defender can run in active, passive, and disabled mode. In active mode, it’s the primary antivirus app on the device. This means the program will scan files, remedy any threats, and show detected threats in your organization’s security reports and in the Windows Security app.
Microsoft Defender will automatically turn off if you have another antivirus app installed and turned on. Microsoft Defender will turn back on automatically if you uninstall the other app.
In passive mode, Microsoft Defender isn’t used as the primary antivirus app on the device. It’ll scan files and report any threats but it won’t remedy those threats. Finally, Microsoft Windows can’t detect or address threats if it is disabled or uninstalled.
You can run quick and advanced scans in Windows Security. If you’re worried that a specific file or folder has been compromised, you can also run a manual scan by:
You’ll see the scan results and options for dealing with any potential threats.
Microsoft Defender is also available to protect Android smartphones from viruses and malware. It can also help against phishing and phishing and scans your Android device automatically to track and identify potentially unwanted, and dangerous, applications on your device.
Apple users, as well, have built-in antivirus software to help detect and fight off malware. Malware is commonly distributed across macOS systems by being embedded in a harmless-looking app.
Luckily, settings in Security & Privacy preferences allow you to designate the sources of software installed on your Mac. Just follow these steps:
Apple iPads and iPhones have strong built-in security and privacy protections, so it is up to the user on whether or not they want to install antivirus for additional malware protections. Apple boasts a “walled-garden” approach–meaning that their operating system is closed to outside apps and games not affiliated with their official app store unless you jailbreak the device.
Remember that while cybersecurity features built into devices are a great starting point, they’re not always comprehensive. That’s where antivirus software, like McAfee Total Protection, can help. It offers continuous protection against malware, viruses, phishing, ransomware, and other online threats. It also automatically updates so you don’t need to worry about manual upgrades.
The security software also includes alerts before you connect to risky websites and offers one-click fixes to help you stay safe online.
Antivirus software like McAfee works to block malware from infecting your computer, smartphone, or tablet. If malware somehow does get through, it can act as a powerful malware scanner by searching every file on your device for infections.
It can troubleshoot, look for vulnerabilities, and compile a list of infected software that can be quarantined (or isolated) to prevent it from doing harm and deleted at the end of the virus scan using removal tools.
McAfee’s anti-malware software updates its virus database by using an automatic web crawler that scans the internet, identifies online threats like malicious software, and figures out how to delete them.
McAfee antivirus uses this data to automatically update your device’s protective set-upl, providing strong protection so nothing harmful gets in.
Besides desktop computers, McAfee provides mobile security for both Android and Apple devices. For example, when you use your iPhone or Android phone on a public Wi-Fi system, McAfee’s Wi-Fi privacy protection (VPN) in effect turns the public network into a private one, where you can surf safely. Of course, its antivirus app regularly scans for threats and malware while actively blocking them in real time, keeping your mobile devices protected.
McAfee offers a variety of plans tailored to fit your needs and budget so your computer and other devices — including Android smartphones, Apple iPhones, and various tablets — are protected from malware and other online threats.
McAfee is a leader in consumer security, and our antivirus software is used on more than 6 million devices. It’s easy to install and use, provides 24/7 real-time threat protection, and comes with a Virus Pledge — a money-back guarantee that it’ll remove all viruses from your protected devices.
You can get antivirus software as part of McAfee’s Total Protection services. This includes all-in-one protection for your personal info and privacy, with identity restoration assistance and up to $1 million of identity theft coverage for data breaches. You also have access to identity monitoring, safe browsing, and a secure VPN.
With McAfee, you can turn apprehension about malware into the peace of mind that comes from proper protection.
The post How to Quickly Remove Malware in 2022 appeared first on McAfee Blog.
The growing number of internet crimes targeting senior adults is mind-blowing.
In 2021, more than 92,000 people over the age of 60 reported losses of $1.7 billion, according to IC3, the FBI’s Internet Crime division. That number reflects a 74 percent increase in losses from 2020.
These numbers tell us a few things. They tell us that scamming the elderly is a multi-billion-dollar business for cybercriminals. It also tells us that regardless of how shoddy or obvious online scams may appear to anyone outside the senior community, they are working.
However, information is power. Senior adults can protect their hard-earned retirement funds and government benefits by staying informed, adopting new behaviors, and putting tools in place designed to stop scammers in their tracks. And, when possible, family, friends, and caregivers can help.
The FBI said confidence fraud and romance scams netted over $281 million in losses.
The top four types of scams targeting seniors: Romance scams (confidence scams), fake online shopping, false utility representatives, and government agent imposters. Here’s how to make a few shifts to mindset and your daily routine and steer clear of digital deception.
Just as the seasons change in our lives, so too must our behaviors when connecting to people and information via our devices. Cybercriminals target older people because they assume they aren’t as informed about schemes or technically savvy as younger people. Senior adults and their loved ones can work daily to change that narrative. With the right mindset, information, and tools, seniors can connect online with confidence and enjoy their golden years without worrying about digital deception.
The post Seniors: How to Keep Your Retirement Safe from Online Scams appeared first on McAfee Blog.
Molding and shaping our kids while we can is every parent’s dream. When kids are young – and sweet! – they are far more inclined to take on board our advice and lovingly imposed rules. Oh, how I miss those days!! And in a nutshell – that’s what a good set of parental controls can do for you and your kids. In my opinion, parental controls can absolutely help you create good habits but it’s essential that they are accompanied by an invested parent who’s keen to help their kids navigate the online world.
With Aussie kids spending at least 5 hours online a day, it’s no secret that they can be exposed to a broad range of people, websites and themes – some potentially quite disturbing. And with most kids sporting an internet-connected phone plus a laptop, there’s no limit to what they can access – and usually when you aren’t around.
I like to think of parental controls as another way of helping establish healthy habits and good decision-making strategies with your kids. For example, if you have told your kids there is no screen time before bed, then you are able to use Parental Controls to make that a reality. And if you have agreed that they are able to use only certain apps or social media platforms then Parental Controls can also make this happen by blocking access if they deviate. I believe that over time, these routines, and boundaries simply become part of your child’s day-to-day life and become good habits.
McAfee’s Parental Controls, called Safe Family, can also let you view your kids’ activity online and let you know where your kids are at all times. How good??
While it’s commonly believed that it takes just 21 days to form a habit, courtesy of Dr Maxwell Maltz in the 1960’s, more up-to-date research shows that it could take considerably longer. In fact, research conducted in 2010 by Health Psychology Researcher Philippa Lally at The University College in London shows that it takes around 2 months or 66 days to be precise to make a new habit stick!
And while I love the idea that we could help our kids adopt new positive habits in just 2 months, I think we need to keep it real. Fear of missing out (FOMO) coupled with the lure of their shiny devices might mean that it takes a little more than 66 days to make a change, particularly if you are trying to modify their current usage as opposed to starting from scratch.
There is no-one that better understands just how time poor parents can be. Having spent the last 20 plus years rearing 4 boys and working, I feel like I’ve earnt the time poor t-shirt! So, understandably, many parents feel like they just don’t have the ‘band with’ to take on much more so digital parenting is often put in the too hard basket. And I totally get it!
But using parental controls without some knowledge of your kids’ digital world, is a little like filling your car with petrol but not worrying about the oil. It will eventually be a problem!
So, I’m going to break it down for you. Digital parenting doesn’t have to be overwhelming, particularly if you break it down. So, in a quest to keep it simple, here are 4 things you can do to up your digital parenting game:
The day your child picks up a device is the day you start talking about cybersafety. If this is when they are 18 months of age, then that’s when you start. Always ensure the messages are age-appropriate and keep them simple. You could start with:
And when your kids get older, weave in more age-appropriate messages, such as:
Knitting cybersafety messages into your family dialogue needs to also become automatic. Talk about it just like you would sun safety or road safety. And why not share stories around the dinner table about your own online experiences or even relevant news stories to engage them in a dialogue.
I love the idea of a clear contract between parents and kids that details your expectations about their online behaviour and technology use. It’s a great way of developing a set of guidelines that will help them navigate the risks associated with being online. Now, this agreement should definitely be a family exercise so ensure your kids are invested in the process too. If you want a starting point, check out this one from The Modern Parent here.
Taking some time to understand how your child spends their time online is the best way of truly understanding the risks and challenges they face. So, join ALL the social media platforms your kids are on, play their games and download their messaging apps. You will develop a better understanding of how to manage privacy settings and the language/online culture that is a big part of your child’s life. And the best part – if they know you understand their world, I have no doubt that you will develop a little ‘tech cred’ which mean that they will be more likely to come to you with any issues or problems that may face online. Awesome!
There is some amazing technology available that makes this digital parenting thing a heck of a lot easier and that includes Parental Controls. McAfee’s Safe Family is a comprehensive parental controls solution that lets you monitor and block apps and websites, manage screen time, see where your kid’s devices are at all times, and more, giving you peace of mind in an ever-mobile world. The perfect partner to an invested parent!
Parental Controls can be an awesome way of helping your kids establish positive habits around their tech use, but they are even more impactful when combined with an invested parent who has got a good handle on the online world. So, by all means, invest in Parental Control software but also commit to ramping up your digital parenting game – it’s the best way to help set up your kids for a safe and positive experience online. And isn’t that every digital parent’s dream!
Take Care
Alex
The post Can Parental Controls Can Help You Create Good Habits? appeared first on McAfee Blog.
Whether it was bush fires, Covid, floods, or the Ukraine conflict, the news agenda over the last two years has been jam-packed. So, when McAfee released the findings of their first Global Connected Family Study, it was clear to me that connecting safely online needs to make it back into the news.
Over 15,000 parents and 12,000 children aged 10-18 from 10 countries (including Australia) were interviewed for the study with the goal of finding out how families both connect and protect themselves online. So, let me share with you the results that need to spring us into action.
I’m the first to admit that being a digital parent can be incredibly overwhelming. Staying abreast of the latest trends, apps and social media platforms can seem like a full-time job! And let’s not forget the latest threats and risks too. But findings, like the ones above, do have a way of shaking up priorities and do serve to provide clarity on where we need to focus our attention as parents.
So, let’s break it down into 5 steps that you can take to ensure you are minimising the negativity and risks your kids may experience online:
Without a doubt, one of the best things you can do for your family is create a culture where honest and genuine communication is a feature of everyday life. If your kids know they can confide in you, no matter what the problem is, then they are far more likely to come to you before a problem such as cyberbullying can feel unsolvable.
It’s impossible to set boundaries and appreciate the risks in the digital world, if you don’t really know what your kids are dealing with. You may have little natural interest in joining Kik, Snapchat or Instagram but if you kids use it – then you know what you need to do! And if your kids can see that you are more actively involved online and using similar platforms, they will be more likely to come to you if they experience a problem.
In my opinion, one of the biggest causes of issues online is the fact that children are given internet-enabled devices that require adult levels of maturity and problem-solving skills. But let’s keep it real – that horse has bolted – most of our kids have phones in their pockets! So, the best way of managing this is to introduce a family technology contract.
Now this can be as simple or complex as you feel is necessary for your tribe. You may want to insist on just a few rules such as not sharing passwords with friends, seeking permission before downloading apps, and always being kind online. You could simply write these on a piece of paper and have your kids sign it. Whatever works for you but remember, the research is showing that our kids are looking to us to help keep them safe online, so include as much here as you think your kids need. And of course, these need to be age-appropriate. I love this one for under 5’s from our eSafety Commissioner and this one is great for tweens and teens from The Modern Parent.
Bullying has existed long before the internet was even a word so unfortunately, it isn’t going anywhere. But coupled with the intensity and very public nature of the online world, it can be devastating. In my opinion, the key to cyberbullying is prevention. So, ensuring your kids know they can come to you with any problem, having a tight connection with your child so you can pick when things are ‘off’ and arming them with a basic cyber safety toolkit (not sharing passwords, privacy settings on, being kind online & having time away from devices) is essential.
One of the ways we can also keep our kids from making mistakes online is by teaching them empathy. If kids haven’t developed empathy, then they make decisions based solely on their own desires – without any consideration for others. Many experts believe that it is the absence of empathy that leads directly to bullying.
So, be a role model and start weaving the good old saying ‘do unto others as you would like them to do to you’ into your family dialogue.
The research findings are very clear: our kids want us to take charge of their online safety. So, let’s get technology working for us so we can keep them safe.
Parental controls are not the silver bullet but when they are used in conjunction with proactive parenting then they can be transformative. McAfee’s Safe Family offers parents the ability to monitor device activity, limit screentime, block apps, and filter websites. This is a great way of teaching boundaries and limits while also giving yourself peace of mind that your kids are as safe as possible.
Investing in comprehensive protection software for your (and your kid’s) devices is another way of adding a layer of protection to their online world. Comprehensive security software like McAfee’s Total Protection will protect against dangerous downloads, viruses, malware, online threats, and visits to risky websites. It will also encrypt the files on your computer and help manage your passwords! A complete no-brainer!!
So, please don’t be overwhelmed and don’t even aim to be the perfect digital parent! Break it down and do the best you can because protecting our kids online needs to be a top priority. So, as soon as possible – check your family communication, take some time to understand your kids’ online world, put a digital contract in place, talk a little, and use some parental controls. But please do not forget about the power of role modeling. As parents, we are our kids’ biggest influencers so it might just be time for you to up your own digital safety game too!!
Till next time.
Stay safe everyone!
The post Aussie Children Have 2nd Highest Rate of Cyberbullying, Time To Focus on Digital Parenting appeared first on McAfee Blog.
Like most things in life, online privacy is a 2-way street. As consumers, we expect the companies we deal with online to manage and safeguard our data to a super professional level however we also have a role to play here too. So, this Privacy Awareness Week (PAW), let’s focus on what we can do to ensure our personal information is kept as secure, and private as possible.
There’s nothing like a dedicated ‘week’ to renew our focus and in my opinion, this year’s PAW does just that. This year’s theme is – The Foundation of Trust – we all have a role to play, a great reminder of how it’s up to all of us to ensure we manage online privacy. There’s no doubt that managing our privacy is low on the to-do list for many. And I get it – we’re all strapped for time, and we don’t ever think privacy breaches will affect us. Well, my friends, I’m here to tell you that privacy breaches do happen. Identity theft is a reality of living life online. In fact, in 2020/21, nearly 155,000 Aussies had their identities stolen and they were the cases that were reported. But the good news is that if you take a proactive approach, you can minimise the risk of this ever happening.
Believe it or not, most of your privacy action plan involves small steps that are, I promise, relatively painless. The most important thing here is that you need to commit to doing them. The last thing you want is to spend months dealing with the fallout from having your identity stolen. It’s exhausting, stressful, and absolutely worth avoiding.
Without further ado, here’s your action plan:
Strong and complex passwords are essential to keeping your online information tight. Ideally, a password should have between 8-10 characters and be a combination of letters – both lower and uppercase, numbers and symbols. Each online account should also have its own password too – which is a very overwhelming concept! Consider using a password manager such as McAfee’s TrueKey to help generate and manage passwords.
Ensure all the family checks their social media accounts to ensure they are set to private. This will mean that only their chosen friends can see their private information. Each social media platform will have its own ‘help’ page which provides specific steps on how to do this.
If you are serious about your online privacy, then you need to use public Wi-Fi sparingly. Unsecured public Wi-Fi is a very risky business. Anything you share could easily find its way into the hands of cybercriminals. So, avoid sharing any sensitive or personal information while using public Wi-Fi. If you travel regularly, consider investing in a VPN. A VPN (Virtual Private Network) encrypts your activity which means your login details and other sensitive information is protected. A great insurance policy!
Adding an additional layer of security to protect yourself when accessing your online accounts is another great way of guarding your online privacy. Turn on two-factor authentication for Google, Dropbox, Facebook and whatever other site offers it. For those new to this option, this means that in addition to your password, you will need to provide another form of identification to ensure you are who you say you are. Most commonly, this is a code sent to your mobile phone or generated by a smartphone app.
Most web surfers rely on Google for their searching but why not use a search engine that doesn’t collect and store the information? And there are loads of more ‘privacy focussed’ options to choose from. Check out DuckDuckGo, that doesn’t profile users or track or sell your information to third parties.
Comprehensive security protection software is an easy way to help firm up your online privacy too as it does a great job of keeping malicious software (malware) at bay. Malware can wreak absolute havoc: from installing pop ups to scanning for personal information. And if you’re likely to click dodgy links (we’re all human after all), then this is a no brainer! Super-duper security software will also guard you against viruses and online threats, direct you away from risky websites and dangerous downloads and protect your smartphones and tablets too, it can also back up your files. McAfee’s LiveSafe protection software comes with a 100% guarantee to protect you against viruses.
So, this Privacy Awareness week, please take the time to ensure you are doing all you can to nail your online privacy. And of course, please get your kids involved too. Do your research and find some stories of ‘real life’ people who have had their identity stolen to share around the dinner table because identity theft can absolutely happen to anyone!
Till next time,
Stay Safe!
Alex
The post Are You Playing A Role In Protecting Your Online Privacy? appeared first on McAfee Blog.
So is your smart speaker really listening in on your conversations?
That’s the crux of a popular privacy topic. Namely, are we giving up some of our privacy in exchange for the convenience of a smart speaker that does our bidding with the sound of our voice? After all, you’re using it to do everything from search for music, order online, and control the lights and temperature in your home.
What is your smart speaker really hearing—and recording?
Let’s take a look at what’s going on inside of your smart speaker, how it processes your requests, and what companies do with the recordings and transcripts of your voice.
More or less, smart speakers are listening to all the time. Each smart speaker has its own “wake word” that it listens for, like Alexa, Siri, or Google. When the device hears that wake word or thinks it hears it, it begins recording and awaits your verbal commands. Unless you have the microphone or listening feature turned off, your device indeed actively listens for that wake word all the time.
Here’s where things get interesting, though. There’s a difference between “listening” and “recording.” The act of listening is passive. Your smart speaker is waiting to hear its name. That’s it. Once it does hear its name, it begins recording for a few seconds to record your command. From there, your spoken command goes into the company’s cloud for processing by way of an encrypted connection.
There are exceptions to when your command may go to the company’s cloud for processing, like Siri on iPhones, which according to Apple, “You don’t sign in with your Apple ID to use Siri, and the audio of your requests is processed entirely on your iPhone.” Also, Google Assistant may process some requests without going to the cloud, like “When a user triggers a smart home Action that has a local fulfillment path, Assistant sends the EXECUTE intent or QUERY intent to the Google Home or Google Nest device rather than the cloud fulfillment.”
In the cases where information does go to the cloud, processing entails a few things. First, it makes sure that the wake word was heard. If it’s determined that the wake word was indeed spoken (or something close enough to it—more on that in a minute), the speaker follows through on the request or command. Depending on your settings, that activity may get stored in your account history, whether as a voice recording, transcript, or both. If the wake word was not detected, processing ends at that point.
Enter the issue of mistaken wake words. While language models and processing technologies used by smart speakers are constantly evolving, there are occasions where a smart speaker acts as if a wake word was heard when it simply wasn’t said. Several studies on the topic have been published in recent years. In the case of research from Northeastern University, it was found that dialogue from popular television shows could be interpreted as wake words that trigger recording. For example, their findings cite:
“We then looked at other shows with a similarly high dialogue density (such as Gilmore Girls and The Office) and found that they also have a high number of activations, which suggests that the number of activations is at least in part related to the density of dialogue. However, we have also noticed that if we consider just the amount of dialogue (in a number of words), Narcos is the one that triggers the most activations, even if it has the lowest dialogue density.”
Of interest is not just the volume of dialogue, but the pronunciation of the dialogue:
“We investigated the actual dialogue that produced Narcos‘ activations and we have seen that it was mostly Spanish dialogue and poorly pronounced English dialogue. This suggests that, in general, words that are not pronounced clearly may lead to more unwanted activations.”
Research such as this suggests that smart speakers at the time had room for improvement when it comes to properly detect wake words, thus leading to parts of conversation being recorded without the owner intending it. If you own a smart speaker, I wouldn’t be too surprised to hear that you’ve had some issues like that from time to time yourself.
As mentioned above, the makers of smart speakers make constant improvements to their devices and services, which may include the review of commands from users to make sure they are interpreted correctly. There are typically two types of review—machine and human. As the names suggest, a machine review is a digital analysis and human reviews entail someone listening to and evaluating a recorded command or reading and evaluating a transcript of a written command.
However, several manufacturers let you exercise some control over that. In fact, you’ll find that they post a fair share of articles about this collection and review process, along with your choices for opting in or out as you wish:
The quickest way to ensure a more private experience with your smart speaker is to disable listening—or turn it off entirely. Depending on the device, you may be able to do this with the push of a button, a voice command, or some combination of the two. This will keep the device from listening for its wake word. Likewise, this makes your smart speaker unresponsive to voice commands until you enable them again. This approach works well if you decide there are certain stretches of the day where your smart speaker doesn’t need to be on call.
Yet let’s face it, the whole idea of a smart speaker is to have it on and ready to take your requests. For those stretches where you leave it on, there’s another step you can take to shore up your privacy.
In addition to making sure you’re opted out of the review process mentioned above, you can also delete your recordings associated with your voice commands.
Managing your voice history like this gives you yet one more way you can take control of your privacy. In many ways, it’s like deleting your search history from your browser. And when you consider just how much activity and how many queries your smart speaker may see over the course of days, weeks, and months, you can imagine just how much information that captures about you and your family. Some of it is undoubtedly personal. Deleting that history can help protect your privacy in the event that information ever gets breached or somehow ends up in the hands of a bad actor.
Lastly, above and beyond these privacy tips for your smart speakers, comprehensive online protection will help you look out for your privacy overall. In the case of ours, we provide a full range of privacy and device protection, along with identity theft protection that includes $1M identity theft coverage, identity monitoring, and identity restoration assistance from recovery pros—and antivirus too, of course. Together, they can make your time spent online far more secure.
You’re the smart one in this relationship
With privacy becoming an increasingly hot topic (rightfully so!), several companies have been taking steps to make the process of managing yours easier and a more prevalent part of their digital experience. As you can see, there are several ways you can take charge of how your smart speaker uses, and doesn’t use, your voice.
It used to be that many of these settings were tucked away deep in menus, rather than something companies would tout on web pages dedicated to privacy. So as far as smart speakers go, the information is out there, and I hope this article helps make the experience with yours more private and secure.
The post Smarter Homes & Gardens: Smart Speaker Privacy appeared first on McAfee Blog.
As an avid internet surfer, you’ve most likely heard of cookies. No, we’re not talking about the ones filled with chocolate chips. We’re talking about the ones that allow you to log in to your favorite websites. Cookies may impact your online security, so check out these tips to manage them and keep your online accounts safe.
Ever wonder how a website saves the items you placed in your shopping cart last week, even though you closed the tab before making the purchase? This is made possible by cookies. According to the Federal Trade Commission, a cookie is information saved by your web browser. When you visit a website, the site may place a cookie on your web browser so it can recognize your device in the future. If you return to that site later, it can read that cookie to remember you from your last visit, keeping track of your activities over time.1
Cookies come in either the first-party or third-party variety. There’s no difference between the two in how they function, but rather in where and how you encountered them. First-party cookies belong to sites you visited first-hand in your browser. Third-party cookies, or “tracking cookies,” generally come from third-party advertising websites.
Although cookies generally function the same, there are technically two different types of cookies. Magic cookies refer to packets of information that are sent and received without changes. Historically, this would be used to log in to a computer database system, such as an internal business network. This concept predates the modern cookie we use today.
HTTP cookies are a repurposed version of the magic cookie built for internet browsing and managing online experiences. HTTP cookies help web developers give you more personalized, convenient website experiences. They allow sites to remember you, your website logins, and shopping carts so you can pick back up where you left off from your last visit. However, cybercriminals can manipulate HTTP cookies to spy on your online activity and steal your personal information.
Cookie hijacking (also known as session hijacking) is typically initiated when a cybercriminal sends you a fake login page. If you click the fake link, the thief can steal the cookie and capture anything you type while on the fraudulent website. Like a phishing attack, cookie hijacking allows a cybercriminal to steal personal information like usernames, passwords, and other important data held within the cookie. If you enter your information while on the fake website, the criminal can then put that cookie in their browser and impersonate you online. They may even change your credentials, locking you out of your account.
Sometimes, criminals initiate cookie hijacking attacks without a fake link. If you’re browsing on an unsecured, public Wi-Fi connection, hackers can easily steal your data that’s traveling through the connection. This can happen even if the site is secure and your username and password are encrypted.
Because the data in cookies doesn’t change, cookies themselves aren’t harmful. They can’t infect computers with viruses or malware. But if your cookies are hijacked as part of a cyberattack, a criminal could gain access to your browsing history and use cookies as the key to enter your locked accounts. For example, a hacker may steal your identity or confidential company information, purchase items in your online shopping carts, or loot your bank account.
Preventing cookie hijacking attacks can allow you to browse the internet with greater peace of mind. Follow these tips to not only safeguard your personal information but to also enhance your browsing experience:
Make it a habit to clear your cookie cache regularly to prevent cookie overload, which could slow your search speeds. Also, almost every browser has the option to enable/disable cookies on your computer. So if you don’t want them at all, your browser’s support section can walk you through how to disable them.
Although it’s convenient to not have to re-type your credentials into a website you frequently visit, autofill features could make it easier for a criminal to extract your data with cookie hijacking. Plus, autofill is risky if your physical device falls into the wrong hands. To browse more securely without having to constantly reenter your passwords, use a password manager like McAfee True Key. True Key makes it so you only have to remember one master password, and it encrypts the rest in a vault protected by one of the most secure encryption algorithms available.
Strong, unique passwords for each of your accounts, updated regularly, offer ample protection against hackers. Multi-factor authentication (MFA) adds yet another layer of security by double-checking your identity beyond your username and password, usually with a texted or emailed code. When your accounts offer MFA, always opt in.
Criminals can hijack your cookies if you’re browsing on an unsecured, public Wi-Fi connection. To prevent a criminal from swiping your data, use a virtual private network (VPN), a service that protects your data and privacy online. A VPN creates an encrypted tunnel that makes you anonymous by masking your IP address while connecting to public Wi-Fi hotspots. This is a great way to shield your information from online spies while you’re banking, shopping, or handling any kind of sensitive information online.
McAfee LiveSafe is an antivirus solution that protects your computer and mobile devices from suspicious web cookies by:
The post What Are Browser Cookies and How Do I Manage Them? appeared first on McAfee Blog.
Finding someone who hasn’t heard of TikTok in 2022 would be quite the achievement. As one of the most popular social media platforms of the moment, it is not only being used by our tweens, teens and even grownups to connect but also as a crucial way to tell important stories amidst a backdrop of natural disasters and even war.
As parents, we know we need to keep up with the latest social media platforms but let’s be real – we don’t always have enough time. So, I’m going to do the hard work for you. Here’s my overview of TikTok – what it is, the risks, and most importantly, how you can help your kids (or yourself) stay safe while using it. You’re welcome!!
Tik Tok is a social media platform that can be downloaded on any smartphone via an app. Once you’ve signed up to the app and become a user, you can create and then share short videos of 15 seconds in length on any topic.
The app started life as Musical.ly, a super popular video streaming app that also allowed users to make funny 15-second videos, many of which focussed on lip-syncing. By mid-2017, the app had over 200 million registered users. In 2018, the app was taken over by Chinese company ByteDance and all of its users (and their content) were moved to TikTok.
According to Hootsuite, TikTok is the 6th most used social media platform in the world. As of late September 2021, TikTok had over a billion monthly users and as of August last year, it overtook Facebook to become the world’s most downloaded app. Facebook does, however, have more monthly users, reporting a massive 2.74 billion users as of August 2021.
It appears TikTok is used by females (57%) more than males (43%) however its user base is very diverse and cuts across all age categories – yes, even us parents! But brands hoping to reach younger female audiences are without a doubt using TikTok to showcase their wares. What is interesting is that although we all think that TikTok dominates the Gen Z market, research shows that it doesn’t rank as the top choice for younger users – in fact only 4.3% of users name it as their favorite platform. Users between 16 and 24 nominate Instagram as their top choice!
Unlike other social media platforms, there is no minimum age requirement when using TikTok. The company says that it adjusts a user’s privacy settings based on the birthday entered when setting up the account. If a user is under the age of 13, they will automatically be directed into the TikTok for Younger Users program which has additional privacy and safety protections. Of course, anyone can lie about their age, but TikTok has said publicly that it has moderators trained to predict when a user is suspected of being underage.
As you would know, there are risks associated with using all social media platforms and TikTok is no exception. However, in my opinion the majority of these can be managed with a combination of critical thinking, parental controls, and preparation – more about these later.
But let’s go worst-case scenario for one moment. Here are the potential risks that your child could encounter:
Unfortunately, it isn’t possible to keep our tweens and teens in a bubble – I know, so disappointing! So, the best and only option is to prepare them for challenges online and arm them with tools to navigate the tricky stuff. Here’s my advice on how to best help them manage TikTok:
Knowledge is power, my friends. So, download the app and have a play so you better understand it. Then, why not ask your experienced in-house ‘TikTokers’ to show you how it works. Use this as an opportunity to ask them what they do when they see something that concerns them, or how they would manage approaches from people they don’t know. Why not weave in reminders about the importance of online privacy and the permanence of their digital footprint? Commit to making these conversations regular.
Helping your kids become critical thinkers is, without doubt, one of the best ways of helping them prepare for life’s challenges – both online and offline. Being able to rigorously question ideas and assumptions rather than accepting them at face value is your kids’ golden ticket! So, if they are approached by friendly (but ill-intentioned) strangers online or sent a link to a super compelling offer online, they will have the ‘smarts’ to realise that all is not as it seems and to hit delete!
If the horse has already bolted and your tween or teen has been using TikTok for a while, then introducing boundaries might be tricky but don’t give up! TikTok has a Family Pairing feature which allows parents to link their TikTok account to their teen’s account so they can control the settings remotely. This might be a good option if your child is younger or just starting out on TikTok. This gives parents the power to turn on Restricted Mode, screen time limits, and also turn off the direct message option.
If your child has been using TikTok for some time and you want to pull things back, then why not work with them to set up their privacy and safety features. I find kids always respond best when you explain why you are doing something so assure them you are just wanting to keep them safe. TikTok has a long list of features you can enable that will make your offspring’s experience that much safer. From turning off downloads, filtering comments to introducing screen time limits, there is a great range of ways of making the TikTok experience much less risky. Check out the full list from TikTok here.
So, next time you hear your kids reference TikTok, don’t immediately feel a pang of guilt that you don’t really know what they are talking about. You’ve got this! Download the app, take a look around, read this post a few more times, and you’ll be fine! And remember, our kids don’t expect us to be experts straight away, or even at all. They just need to know that we’re interested in all parts of their life and respect just how important their digital life is to them.
You’ve got this!!
Take care all
Alex xx
The post A Parent’s Guide to TikTok appeared first on McAfee Blog.
It’s fun to jump on our favorite social media sites such as Facebook, Instagram, or LinkedIn and know we can quickly check in with friends and family, discover interesting content, and instantly connect with colleagues worldwide. The last thing on most of our minds when tapping our way into these familiar online communities is being the target of cybercrime.
But it’s happening more and more.
Last month, The Federal Trade Commission (FTC) described popular social media sites as “goldmines” for malicious attacks. The FTC revealed that more than one in four people who reported losing money to fraud in 2021 said it started on social media with an ad, a post, or a message. More than 95,000 people reported about $770 million in losses to fraud initiated on social media platforms in 2021. According to the FTC, those losses account for about 25 percent of all reported losses to fraud in 2021 and represent a stunning eighteenfold increase over 2017 reported losses.
The social environment is a magnet for bad actors because people of every age and country flock there each day. The constant flow of conversation and content—and more importantly, the climate of trust—makes social networks juicy targets for cybercrime.
The biggest motivation? The emerging digital security threat of cryptojacking (aka illegal cryptomining). Cryptojacking is illegally accessing another person’s computer power to mine cryptocurrency. Cybercriminals do this by getting a victim to click on a malicious link delivered via direct message, a news story, or an ad. Once clicked, that link loads crypto mining code on the victim’s computer or leads them to an infected website or online ad with JavaScript code that auto-executes once it’s loaded in the victim’s browser. Often the malware goes undetected, and the only way a victim might know their system has been compromised is that it may start performing more slowly.
While bad actors use social media platforms to distribute cryptomining malware, they also spread other malware types such as advertisements, faulty plug-ins, and apps that draw users in by offering “too good to be true” deals. Once clicked on, the malware allows cybercriminals to access data, create keyloggers, release ransomware, and monitor social media accounts for future scamming opportunities.
Be sure your kids understand the risks and responsibilities associated with device ownership. Consider putting time aside each week to discuss crucial digital literacy topics and ongoing threats such as cryptomining malware. Consider a “device check-in” that requires each person in your family to “check off” the following security guidelines.
To help protect your family devices from viruses, malware, spyware, and other digital threats entering social media sites, consider adding extra security to your family devices with McAfee Total Protection.
Avoid posting home addresses, full birth dates, employer information, school information, as well as exact location details of where you are.
Install software updates so that attackers cannot take advantage of the latest security loopholes.
Select passwords that will be difficult for bad actors to guess and use different passwords for different programs and devices.
For a virus to solve cryptographic calculations required to mine cryptocurrency requires an enormous amount of computer processing power (CPUs). Cryptojacking secretly consumes a victim’s processing power, battery life, and computer or device memory. Look out for a decline in device processing speed.
Be careful when accepting friend requests, direct messages, or clicking on links sent by someone you don’t know personally. This is one of the most popular ways cybercriminals gain access.
Be discerning even when a known friend sends you a second friend request claiming they’ve been hacked. Search known names on the platform for multiple accounts. Cybercriminals have been known to gather personal details of individuals, pose as that person, then connect with friend lists using familiar information to build trust with more potential victims.
Be sure to report any fraudulent activity you encounter on social platforms to help stop the threat from spreading to other accounts, including friends and family who may be connected back to you.
New scams and more sophisticated ways to steal data—and computer processing power for illegal cryptomining—surface daily. Staying in front of those threats and folding them into your family dynamic is one of the most powerful ways to give your kids the skills and security habits they will need to thrive in today’s digital world.
The post Social Media: How to Steer Your Family Clear of Cryptomining Malware appeared first on McAfee Blog.
Smartphones have become such an integral part of our lives that it’s hard to imagine a time when we didn’t have them. We carry so much of our lives on our devices, from our social media accounts and photos of our pets to our banking information and home addresses. Whether it be just for fun or for occupational purposes, so much of our time and attention is spent on our smartphones.
Because our mobile devices carry so much valuable information, it’s important that we stay educated on the latest cyber schemes so we can be prepared to combat them and keep our data safe. According to Bleeping Computer, researchers have developed a trojan proof of concept tool that fakes a shutdown or reboot of iPhones, preventing malware from being removed and allowing hackers to secretly snoop on microphones and cameras.
Let’s dive into the details of this technique.
Typically, when an iOS device is infected with malware, the solution is as simple as just restarting the device. However, with this new technique researchers are calling “NoReboot,” ridding a device of malware is not quite as simple.
“NoReboot” blocks the shutdown and reboot process from being carried out, preventing the device from actually restarting. Without a proper shutdown and reboot, a malware infection on an iOS device can continue to exist. Because the device appears to be shut off with a dark screen, muted notifications, and a lack of response, it is easy to assume that the device has shut down properly and the problem has been solved. However, the “NoReboot” technique has only simulated a reboot, allowing a hacker to access the device and its functions, such as its camera and microphone. If a hacker has access to these functions, they could record the user without their knowledge and potentially capture private information.
This attack is not one that Apple can fix, as it relies on human-level deception rather than exploiting flaws found on iOS. That’s why it’s important that we know how to use our devices safely and stay protected.
As previously mentioned, smartphone usage takes up a big chunk of our time and attention. Since we are so often on these devices, it is usually fairly easy to tell when something isn’t working quite like it is supposed to. While these things could very well just be technical issues, sometimes they are much more than that, such as malware being downloaded onto your smartphone.
Malware can eat up the system resources or conflict with other apps on your device, causing it to act oddly.
Some possible signs that your device has been hacked include:
A slower device, webpages taking way too long to load, or a battery that never keeps a charge are all things that can be attributed to a device reaching its retirement. However, these things may also be signs that malware has compromised your phone.
Malware running in the background of a device may burn extra computing power, causing your phone to feel hot and overheated. If your device is quick to heat up, it may be due to malicious activity.
If apps you haven’t downloaded suddenly appear on your screen, or if outgoing calls you don’t remember making pop up on your phone bill, that is a definite red flag and a potential sign that your device has been hacked.
Malware may also be the cause of odd or frequent pop-ups, as well as changes made to your home screen. If you are getting an influx of spammy ads or your app organization is suddenly out of order, there is a big possibility that your device has been hacked.
To avoid the hassle of having a hacked phone in the first place, here are some tips that may help.
Promptly updating your phone and apps is a primary way to keep your device safe. Updates often fix bugs and vulnerabilities that hackers rely on to download malware for their attacks.
Apple’s App Store and Google Play have protections in place to help ensure that apps being downloaded are safe. Third-party sites may not have those same protections or may even be purposely hosting malicious apps to scam users. Avoiding these sites altogether can prevent these apps from allowing hackers into your device.
Hackers may use public Wi-Fi to gain access to your device and the information you have inside of it. Using a VPN to ensure that your network is private and only you can access it is a great way to stay protected on the go.
Turning off your Wi-Fi and Bluetooth when you are not actively using them is a simple way to prevent skilled hackers from working their way into your devices.
Some hackers have been known to install malware into public charging stations and hack into devices while they are being charged. Investing in your own personal portable charging packs is an easy way to avoid this type of hack.
Encrypting your phone can protect your calls, messages, and information, while also protecting you from being hacked. iPhone users can check their encryption status by going into Touch ID & Passcode, scrolling to the bottom, and seeing if data protection is enabled.
Although researchers agree that you can never trust a device to be fully off, there are some techniques that can help you determine whether your device was rebooted correctly.2 If you do suspect that your phone was hacked or notice some suspicious activity, restart your device. To do this, press and hold the power button and either volume button until you are prompted to slide the button on the screen to power off. After the device shuts down and restarts, notice if you are prompted to enter your passcode to unlock the device. If not, this is an indicator that a fake reboot just occurred. If this happens, you can wait for the device to run out of battery, although researchers have not verified that this will completely remove the threat.
If you are worried that your device has been hacked, follow these steps:
The post How iOS Malware May Snoop on Our Devices appeared first on McAfee Blog.
Last week, I waved my 18-year-old off as he embarked on the Aussie school leaver’s rite of passage – Schoolies!! A week spent kicking up your heels and living life to the max without any parental supervision at all! Oh, the sleepless nights many of us parents have had! And once Christmas and New Year celebrations are done, he’ll be heading away to University to ‘live his best life’ away from his dedicated cyber mother!
And of course, I’m delighted for him, although secretly devastated to be losing my baby boy. But it does prompt the question, am I now done with cyber parenting? Is my work here officially done?
I remember when my kids were little, my mother shared some words of wisdom with me: ‘Alex, you never stop being a parent. The kids are the same, it’s just the issues that change.’ And she was so right. As our boys have grown up, we’ve been less involved in their day-to-day needs but still very much needed. Whether it’s to help review a work contract, provide advice on an issue with a flatmate or help pick out a suit, the parenting hasn’t stopped instead entered a new chapter. And of course, there’s no doubt that having interested, devoted parents at the end of the telephone – day or night – makes navigating life so much easier!
And when it comes to their digital lives, it’s the same story. While we have no reason to be involved in their day-to-day online lives, we have definitely been called upon to help them troubleshoot situations from receiving inappropriate messages, identifying potential scams or managing terse exchanges. And, might I add, I have also proactively offered my advice on the appropriateness of pictures they have shared online – many times!!
So, after having managed 3 kids through this transition to early adulthood with another one currently underway, I thought I’d share with you some of my best strategies for ensuring their digital life is in good shape without micro-managing them!
Every few days, I’ll check out my boys’ socials. Not only does it give me a ‘feel’ for what’s happening in their lives – where they’ve been and who with – it also allows me to check they are making good decisions about what they share. There have been multiple times during this period where I have sent off a quick text suggesting they remove a photo or perhaps rephrase a comment! And while I know these texts aren’t always warmly received, in nearly all cases, they take my advice!
And it goes without saying that your ability to provide input to their digital lives will only happen if you don’t cross boundaries! So, never embarrass them. If you see something you don’t like, message them privately – do not workshop it on their Facebook page! And if you want to post a pic or video of them, always get their ‘ok’ first.
OK, security software probably won’t be top of their Christmas list, but knowing that they have comprehensive security software like McAfee’s Total Protection on their devices which works hard in the background to minimize threats and issues will give you real peace of mind. This year, I’m buying my older boys an air-fryer and frypans for Christmas. Why not continue the pragmatic theme and invest in some software for them too?
About 4 years ago, I set up a family Messenger Group and it’s now something I absolutely treasure. We share pics of our cats and dog, potential family holiday dates, funny photos, and videos, and relevant news stories – particularly during COVID. But the other thing I like to share is reminders about important ‘tech stuff’, like changing passwords, when to update their Apple software or details about scams that are doing the rounds. Whether it’s Whats App, Telegram, or my personal favorite, Messenger, I strongly recommend establishing a family group chat as an effective way of covering off key issues with your young adult kids.
With potential employers, partners, and even friends using Google to conduct their due diligence on you, digital reputation is everything. So, weaving constant reminders into conversations with your adult kids should still be a priority. Now, of course, some kids will instinctively ‘get this’ but others will need a few pointers. According to a 70% of employers use social media to screen candidates during the hiring process, and about 43% of employers use social media to check on current employees. So, why not encourage them to ‘Google’ themselves – and why not do yourself also? How you present online could mean the difference between being employed or unemployed!
So, if you have a school leaver in your family and you’re not sure whether your job is done, I’m here to confirm that you’ll still be required for a very long time! Whether they know it or not, our big kids will still continue to need a sprinkling of our wisdom and experience for years to come. And even though they may have fled the nest, remember you will always be one of their most influential role models. So, make sure your digital life is in good shape too because as American novelist James Baldwin shares: ‘Children have never been very good at listening to their elders, but they have never failed to imitate them.’
Till next time
Take care
The post So, Your Kids Have Left School. Do You Still Need To Worry About Their Online Safety? appeared first on McAfee Blog.
The malware landscape is growing more complex by the minute, which means that no device under your family’s roof—be it Android, iPhone, PC, or Mac—is immune to an outside attack. This reality makes it possible that one or more of your devices may have already been infected. But would you know it?
According to 2021 statistics from the Identity Theft Resource Center (ITRC), the number of data breaches reported has soared by 17 percent over last year. In addition, as reported by McAfee, cybercriminals have been quick to take advantage of the increase in pandemic connectivity throughout 2020. McAfee Labs saw an average of 375 new threats per minute and a surge of hackers exploiting the pandemic through COVID-19 themed phishing campaigns, malicious apps, malware, and more. With Black Friday and Cyber Monday now at hand, we can count on even more new threats.
Often, if your device has been compromised, you know it. Things get wonky. However, with the types of malware and viruses now circulating, there’s a chance you may not even realize it. The malware or virus may be working in the background sending usage details or sensitive information to a third party without disrupting other functions. So, be on the lookout for these tell-tale signs.
If you discover a family device has been compromised, there are several things you can do. 1) Install security software that will help you identify the malware so you can clean your device and protect yourself in the future. 2) Delete any apps you didn’t download, delete risky texts, delete browsing history and empty your cache. 3) In some situations, malware warrants that you wipe and restore your device (Apple or Android) to its original settings. Before doing so, however, do your research and be sure you’ve backed up any photos and critical documents to the cloud. 4) Once you’ve cleaned up your devices, be sure to change your passwords.
The surge in malware attacks brings with it a clear family mandate that if we want to continue to live and enjoy the fantastic benefits of a connected life, we must also work together at home to make online safety and privacy a daily priority.
The post 5 Signs Your Device May be Infected with Malware or a Virus appeared first on McAfee Blog.
Spyware is tricky. Some types notify users that they’re monitoring activity. Others function in stealth mode and use the information they collect for nefarious purposes. Spyware is a type of software that collects data about online users and reports it to a company or an individual. What just about everyone can agree on is that anonymous browsing is looking more and more appealing and is likely the way of the future.
Here’s more about the types of spyware, which types are legal, and how you can scrub your device and live more confidently online.
Here are a few types of spyware and facts about each:
Is it legal? Definitely not!
What is its purpose? Criminal
Keyloggers are the most intrusive of the spyware variations. It does exactly as its name suggests: It takes note of keyboard strokes, logs them, and reports to the owner of the nefarious software. Once the cybercriminal has digitally looked over your shoulder at your online activity, they make note of your passwords, walk into your online accounts, and pilfer your private personal information. They could use this information to gain entry to your online bank accounts or steal your identity.
Keyloggers are downloaded onto devices (cellphones, tablets, laptops, or desktop computers) without the user’s knowledge. Cybercriminals can hide them within email attachments or in malicious web pages. So, the best way to steer clear of keyloggers is to never download attachments you’re unsure about and don’t visit sites that seem unprofessional. One rule of thumb is to mostly stick to URLs that begin with https and include a lock icon. These sites are almost always secure.
To determine if your device is infected with a keylogger, check your system’s performance. Is your device running slowly? See if there are any spikes in activity or unknown programs running in the background. This could indicate that your device is hosting a malicious program.
Is it legal? Sometimes
What is its purpose? Advertising and criminal
Adware is categorized as a type of spyware. It tracks users’ online activity and spits out targeted pop-up advertisements. If you have the pop-up blocker enabled on your browser, you’ll likely be spared from the annoyance. Additionally, pop-ups can slow your device, so that’s another reason to turn on the pop-up blocking feature. Legitimate adware often asks users to opt into targeted ads.
Adware turns malicious (and illegal) when it contains malware. Sometimes cyber criminals hide malware within pop-ups. It’s easy to accidentally hit a link within a pop-up when you’re aiming quickly for the X to close it.
It’s easy to spot a device with an adware infestation. First, the number of pop-ups will be out of control. Also, the device will crash often, run very slowly, and have a short battery life. An antivirus program will likely be able to identify and remove the culprit. You can also check out your system monitor and end tasks that are draining your device’s power.
Is it legal? Yes
What is its purpose? Advertising
Cookies are delicious, especially to advertisers who use them to better target ads and make profits selling collected user data to third-party companies. Cookies are sometimes categorized as spyware, because they log the websites you visit and report them. You may notice the banners on websites that ask you to accept cookies.
Many users today are uneasy with sharing their online activity with strangers and advertisers. Sometimes the ads that pop up on your social media feed or in sidebars seem a little too targeted and it feels like someone is listening in to your conversations and attempting to make a profit from them.
How to Browse Free of Spyware
To scrub cybercriminals from your devices and confuse advertisers, consider the following steps you can easily add to your daily routine:
The post How to Live a Digital Life Free of Spyware appeared first on McAfee Blog.
It’s October, and at McAfee we love celebrating spooky season. As McAfee’s Chief Technology Officer, I’m also excited that it’s Cyber Security Awareness Month. And while there are no fun-size candy bars, we do talk about some truly bone-chilling stuff when it comes to cyber safety. So gather round, as I tell you all about one of the scariest threats online, ransomware.
Ransomware is a form of extortion that happens when cyber criminals demand payment. Recently some high-profile companies have been in the news as victims of major ransomware attacks. However, ransomware also impacts individuals, just like you and me. In the individual’s case, a cybercriminal may demand payment to restore access to your device or data or even to prevent them from dumping sensitive or embarrassing information onto the internet. McAfee defends consumers from tens of thousands of ransomware attacks every month.
If the worst should happen, take a deep breath and don’t panic. Calmly assessing the situation now can save you a lot of stress later. Ask yourself:
Now that you’ve assessed the situation, we can do something about it.
If you can afford to lose your data, and the personal impact is minimal, we always recommend you don’t pay the criminal. There’s no guarantee that if you pay the ransom, you’ll get your data back, and ultimately, you’re incentivizing the cybercriminal to do it again. The best defense against ransomware is to have great cybersecurity habits that prevent the attack from occurring in the first place.
So, whether you’re enjoying some creepy lawn decorations, or just surfing the web, remember to stay safe out there this Halloween.
The post Staying Cyber Aware and Safer from Ransomware appeared first on McAfee Blog.
We hope you’ve enjoyed Cyber Awareness month. This year’s theme asked us all to do our part to stay safer online. The idea is that if we each take steps to secure our lives online, then together we all contribute to creating a safer, more secure internet. Of course, it’s our job to help you #BeCyberSmart. With that in mind, we’ve pulled together all the safety tips we featured in October. From family security to protecting your latest smart home gadgets, they’re all here and organized by theme. So take a look below and let’s all do our part today, tomorrow, and in the year to come!
10 quick tips for keeping the whole family safe
Online security for senior citizens
A quick list of tips for protecting kids on apps and social networking
How to protect baby’s first digital footprints
Millennials are major targets for identity theft. Check out this quick guide for protecting identity online
Ways for online gamers to #BeCyberSmart.
#Phishing is a common #scam that pops up in emails, DMs, and texts where crooks try and get you to click sketchy links. Learn how to spot them.
Securing your mobile phone.
Protecting your #socialmedia accounts from hacks and attacks.
Keeping the whole family safer
Spotting fake news and misinformation
https://www.mcafee.com/blogs/consumer/spot-fake-news-and-misinformation-in-your-social-media-feed
How to avoid oversharing online.
https://www.mcafee.com/blogs/consumer/family-safety/is-this-tmi
Managing your personal photos online safely.
Interested in starting a podcast? Here are some tips to get you started.
https://www.mcafee.com/blogs/consumer/entertainment-fromhome-how-to-start-your-own-podcast
Check out some tips for keeping your family safe when you hit the road with your phones, tablets, and laptops
Have smart home devices like a doorbell or smart lightbulbs? See how you can enjoy it all safely
Staying safe while banking online
App scams aimed at kids
https://www.mcafee.com/blogs/consumer/family-safety/9-tips-to-help-kids-avoid-popular-app-scams
Take a look at some of the ways you can improve your privacy
Using payment apps safely
Protecting kids from identity theft
Let’s talk online shopping and ways you can score some great deals safely during a time of year when hackers break out some of their oldest (yet effective) tricks
Thanks for celebrating Cyber Awareness month with us this October. More importantly, we hope you’re able to take the tips above and not only make your life safer but also the lives of friends and family as well. After all, we all need to do our part to #BeCyberSmart and protected online.
The post Do your part and #BeCyberSmart with these online safety tips appeared first on McAfee Blog.
The latest gadget on the tech and fashion streets is Ray-Ban Stories, a sunglasses collaboration between Facebook and Ray-Ban. These pair of shades feature two cameras that capture video, audio, and photos and sync to a mobile app. Social media fanatics are excited about this new ability to capture and share hands-free content.
Do gadgets like Ray-Ban Stories make you immediately think, “Cool, but what about the security and privacy red flags?” If so, you may be suited to a career in cybersecurity. Everyone benefits from implementing cybersecurity best practices into their daily lives, and those who enjoy a career in the field experience many benefits.
Check out these four benefits of a career in cybersecurity and discover if this might be the path for you.
One of the best things about working in cybersecurity is you go to work every day knowing that you’re helping people. Nightly news broadcasts are littered with reports of major disruptions caused by cyberattacks, such as the Colonial Pipeline incident. Sometimes, even people’s lives are at stake in the cybersecurity realm, as in the case of connected pacemaker security vulnerabilities.
Cybersecurity professionals can feel good that their work gives people the confidence to go about their daily lives without worrying. The fear of identity theft, phishing, and malware stop people from enjoying their connected devices and the internet to the fullest. Technology is capable of incredible feats, and everyone should be able to use it enthusiastically.
Saving the world from cybercriminals is financially rewarding as well as personally rewarding. Cybersecurity professionals are in high demand as nearly every business in every sector is at risk of a breach, DDoS, or ransomware attack at any time. Average entry-level positions begin over $80k CDN. Seasoned professionals can make six figures. Additionally, cybersecurity professionals are in high demand, so you will likely enjoy solid job security.
3. Work in a Global Industry
Another benefit of a career in cybersecurity is the opportunity to work in a global industry. You’ll get to meet coworkers and clients all over the world. The diversity of outlooks and backgrounds can make every day a learning experience.
If you’re a keen traveler, working in cybersecurity allows you to explore the world. First, much of the work you would be completing can be done remotely. As long as you have a secure and strong internet connection and are OK with time zone differences, you may be able to work from anywhere. Also, there are opportunities for trips to international conferences and meetups with satellite offices or clients.
Working in a global industry means that you can be a cybersecurity ambassador for your home country. For example, if your home country has devised an innovative new technology, you may have the opportunity to teach others abroad. Or, if another country has developed an exciting new technology, you can learn about it and perhaps tailor it to your location.
Cybersecurity is a highly specialized field, which means there is definitely a branch of it that plays to your strengths and interests you. Also, if you get tired of one aspect of the field, you can likely stay with your same company but move to a different department.
Here are a few areas of cybersecurity specializations that may speak to you:
McAfee can help you achieve your cybersecurity career aspirations. It’s an exciting, fast-paced field, and McAfee is at the forefront of new innovations. Check out current McAfee career openings and embark on your new career today!
The post How to Start a Career in Cybersecurity appeared first on McAfee Blogs.
When it comes to crime, what do people worry about most? Having their car stolen? A break-in while they’re not at home? Good answers, but not the top answer by a long shot. In this U.S.-based survey, hacker-related crime weighed in at 72%, with a home burglary at 35% and auto theft at 34%, indicating that people’s concerns about cybercrime are very much front and center.
The good news is that plenty of cybercrime can be prevented, or at least made less likely, provided you protect yourself online, much in the same way you take steps to protect your car or home. And that’s the focus of this year’s Cybersecurity Awareness Month. With the theme of “Do Your Part. #BeCyberSmart,” it reminds us of how we can take charge of our own safety—the ways we can look out for ourselves and others as we enjoy our time online.
Throughout October, we’re participating in Cybersecurity Month here on our blogs and across our social media channels, posting a host of ways that you can help keep cybercrooks away from your digital doorstep. Each week, we’ll tackle a different aspect of online protection:
Maybe it comes as no surprise to hear it, yet one recent study shows the average person spends nearly eight hours a day online. With that, we’re taking this week to focus on the family, how they spend their time online and how they can be safer when they do.
Whether they come by email, text, or DM, phishing attacks account for the most common types of reported cybercrime, according to the FBI Internet Crime Complaint Center. This week, we’ll show you how you can indeed fight the phish!
This sentiment sums up the best of the internet in so many ways. Getting out there, discovering, catching up with friends online. Our focus this week is helping you enjoy it all without any of the bad apples out there spoiling your fun.
We wrap it up with a look at some of the top priorities so everyone in the family can #BeCyberSmart—online banking, app scams, privacy, identity theft, and more—along with plenty of straightforward tips that can help you stay safer.
We hope our posts throughout Cybersecurity Awareness Month help you get a little sharper and feel a little safer so you can enjoy your time online, free from hassles or headaches. Look for more from us throughout October!
The post Cybersecurity Awareness Month: Taking Charge of Your Safety Online appeared first on McAfee Blog.
The COVID-19 pandemic flipped the world on its head in so many ways. Offices and schools stood empty while living rooms were transformed into classrooms and workspaces. Misinformation ran rampant and made people unsure of what to believe. Cybercriminals took advantage of the confusion and new way of daily life, giving rise to many COVID-19 scams.
Luckily, when armed with the facts, you can sidestep scams and keep your personal information safe from cybercriminals. Here’s a list of the top 10 COVID-19 scams you should keep an eye on plus tips on how to avoid each and help you navigate the current landscape and the future with confidence.
Finally getting your COVID-19 vaccine is an exciting occasion. Many people’s first reaction to exciting news is to share it with their extended networks on social media. There was a trend going around where people were posting pictures of their vaccination cards. Little did they know, vaccination cards hold a trove of valuable information (name, birth dates, vaccination location, and dates) that can be used to create counterfeit vaccination cards.
Additionally, the information on vaccination cards can be paired together with other details from your social media profile to steal your identity. Consider altering the privacy settings on your social media profiles so it is only visible to people you know. If you’d like additional peace of mind that your identity is safe, McAfee Identity Theft Protection Plus provides up to $1 million in identity theft insurance and restoration assistance.
Some of the false claims about COVID-19 circulating on social media are outrageous, such as 5G aiding the spread of the virus and eating garlic as a preventive measure. Cybercriminals might not have been the origin of false claims, but they certainly benefit from the chaos created by misinformation. They capitalize on commonly held fears by swooping in with cure-alls that swindle money from concerned people.
Be a source of truth for your social media following. The Centers for Disease Control and Prevention, the National Health Service, and the World Health Organization can be trusted for up-to-date resources concerning COVID-19, the vaccine, and how to remain healthy.
To firmly and quickly debunk this myth right now: There are no COVID-19 miracle cures. The best way to protect your and your loved one’s health is to receive a CDC-approved vaccination from a medical institution. Any homemade online treatment claiming to cure the disease is a hoax to steal money. Also, healing potions purchased online could be hazardous to your health, as in the case of one fraudulent operation in Florida. A Florida family sold a bleach solution that swindled $1 million and left many people hospitalized.
For the latest news about COVID-19 treatment, preventive measures, and the vaccine, refer to the CDC or WHO.
Various stimulus check scams were swirling around in early 2021. Scammers impersonating government workers contacted citizens by phone, text, and email asking them to verify personal information or to pay fees to receive their checks.
As with other IRS scams, the best way to avoid them is to know how the IRS typically communicates. The IRS will never ask for private personal information over email or over the phone. Never share your Social Security Number over email or the phone. The IRS only gets in touch with people through postal mail or in person.
A new COVID-19 phishing scam is on the rise: proof of vaccination scam. Cybercriminals are sending phishing emails posing as healthcare institutions asking for urgent confirmation of vaccine status. The emails ask for full names, birth dates, Social Security Numbers, and photos of vaccine cards. This scam is dangerous, not only because it asks for sensitive information, but because the request is a believable one. Employers and various other institutions are on the fence about asking people for their vaccine status, and people are unsure to whom they should divulge this information.
Like with other phishing scams, pay close attention to the message and how it’s written. Does it convey urgency and penalties for ignoring it? Phishing emails often use language that causes readers to panic and give up their information quickly without taking the time to determine if the message is real or not. Also, does the email or text have typos and is it poorly written? Never click on links or respond to suspicious emails. Instead, contact the supposed sender through the phone number or email address listed on their official website.
Video conferencing popularity soared as businesses and schools conducted work and learning online. Cybercriminals capitalized on the surge by forcing their way into video conferencing software and spying on meetings and classrooms.
The key to protecting the privacy of your teleconference calls is to always have the most up-to-date software installed. Software upgrades often include security patches. One way to ensure you always have the latest, most secure version installed is to enable automatic updates. Also, be careful about what you share over teleconference. Just in case a cybercriminal is eavesdropping, never say aloud or instant message your Social Security Number or other sensitive personal information. Finally, follow your workplace’s IT team’s cybersecurity policies and use only your company-issued device for work purposes. Company-issued devices often have additional security protections to keep your personal and company information safe from prying eyes.
Unfortunately, many people lost their jobs during the pandemic. Cybercriminals, aware that people without jobs were likely to jump on an employment opportunity due to economic uncertainty, flooded job boards with fake employment ads and sent fraudulent job offer emails. These job scams turned out to be phishing attempts to extract personal and banking details. In some cases, the scammers asked job seekers to wire money for pre-employment training.
If you receive a job offer, make sure that it is for a company you actually applied to. Even though companies are looking to hire people quickly, a reputable institution likely won’t offer a job without interviewing candidates first. Most interviews are happening online, so request a video conference to make sure that the person on the other end of the line is real and has honest intentions. Research the interviewer on professional networking sites to make sure they are who they say they are.
Similar to job scams, the urgency of the real estate market during the pandemic may make people act more impulsively than they would under normal circumstances. The rental and housing markets have been extremely competitive, which is causing people to put deposits down for residences that weren’t even real. Since home tours were moved online due to social distancing requirements, buyers and renters were OK with making a decision based on pictures.
Real estate scams play up the urgency of acting quickly. In their hurry to claim a real estate gem, homebuyers and renters may overlook the most glaring red flag of real estate scams during the pandemic: not viewing the property in person. Additionally, never share your banking information or wire money to someone you have never met in person or cannot verify the accredited real estate agency for which they work.
When a cybercriminal poses as a legitimate organization, it’s more difficult to determine what information to trust. For example, criminals circulated a scam impersonating the CDC that downloaded malware onto users’ devices.
A great tip to thwart cybercriminals hiding behind the name of a credible organization is to always hover your cursor over links in emails and texts. If a link redirects to a URL that looks suspicious, immediately delete the message. A suspicious URL could contain a typo, a variant spelling of the organization its impersonating, or be a string of jumbled letters and numbers. Emails that claim to be from official organizations will often have the organization’s logo somewhere on the message. Check the clarity of the logo and compare it to the organization’s official site. If the logo is blurry or the coloring seems off, that’s a sign that the message is fake.
COVID-19 led to a boom in e-commerce. Shopping that was normally conducted in person moved online, and a pile of packages on the front stoop was a common occurrence. There was a fake delivery notice scam where cybercriminals posed as UPS and Amazon to phish for personal details in order to release a hold on deliveries.
One final phishing avoidance tip is: Consider what the message is asking. Has UPS ever asked for your Social Security Number before? If they had it, what would they use it for? And there’s no reason for Amazon to have your banking information. Don’t let the urgency of the scammer’s message stress you out. A quick phone call with the delivery service in question should solve the problem.
The post Top 10 COVID-19 Scams: How to Stay Protected appeared first on McAfee Blog.
Written by: Lakshya Mathur
Excel-based malware has been around for decades and has been in the limelight in recent years. During the second half of 2020, we saw adversaries using Excel 4.0 macros, an old technology, to deliver payloads to their victims. They were mainly using workbook streams via the XLSX file format. In these streams, adversaries were able to enter code straight into cells (that’s why they were called macro-formulas). Excel 4.0 also used API level functions like downloading a file, creation of files, invocation of other processes like PowerShell, cmd, etc.
With the evolution of technology, AV vendors started to detect these malicious Excel documents effectively and so to have more obfuscation and evasion routines attackers began to shift to the XLSM file format. In the first half of 2021, we have seen a surge of XLSM malware delivering different family payloads (as shown in below infection chart). In XLSM adversaries make use of Macrosheets to enter their malicious code directly into the cell formulas. XLSM structure is the same as XLSX, but XLSM files support VBA macros which are more advanced technology of Excel 4.0 macros. Using these macrosheets, attackers were able to access powerful windows functionalities and since this technique is new and highly obfuscated it can evade many AV detections.
Excel 4.0 and XLSM are both known to download other malware payloads like ZLoader, Trickbot, Qakbot, Ursnif, IcedID, etc.
The above figure shows the Number of samples weekly detected by the detected name “Downloader-FCEI” which specifically targets XLSM macrosheet based malware.
XLSM Structure
XLSM files are spreadsheet files that support macros. A macro is a set of instructions that performs a record of steps repeatedly. XLSM files are based upon Open XLM formats that were introduced in Microsoft Office 2007. These file types are like XLSX but in addition, they support macros.
Talking about the XLSM structure when we unzip the file, we see four basic contents of the file, these are shown below.
We will focus more on the “xl” folder contents. This folder contains all the excel file main contents like all the worksheets, media files, styles.xml file, sharedStrings.xml file, workbook.xml file, etc. All these files and folders have data related to different aspects of the excel file. But for XLSM files we will focus on one unique folder called macrosheets.
These XLSM files contain macrosheets as shown in figure-2 which are nothing but XML sheet files that can support macros. These sheets are not available in other Excel file formats. In the past few months, we have seen a huge surge in XLSM file-type malware in which attackers store malicious strings hidden within these macrosheets. We will see more details about such malware in this blog.
To explain further how attackers uses XLSM files we have taken a Qakbot sample with SHA 91a1ba70132139c99efd73ca21c4721927a213bcd529c87e908a9fdd71570f1e.
The infection chain for both Excel 4.0 Qakbot and XLSM Qakbot is similar. They both downloads dll and execute it using rundll32.exe with DllResgisterServer as the export function.
On opening the XLSM file there is an image that prompts the user to enable the content. To look legitimate and clean malicious actors use a very official-looking template as shown below.
On digging deeper, we see its internal workbook.xml file.
Now as we can see in the workbook.xml file (Figure-5), there is a total of 6 sheets and their state is hidden. Also, two cells have a predefined name and one of them is Sheet2323!$A$1 defined as “_xlnm.Auto_Open” which is similar to Sub Auto_Open() as we generally see in macro files. It automatically runs the macros when the user clicks on Enable Content.
As we saw in Figure-3 on opening the file, we only see the enable content image. Since the state of sheets was hidden, we can right-click on the main sheet tab and we will see unhide option there, then we can select each sheet to unhide it. On hiding the sheet and change the font color to red we saw some random strings as seen in figure 6.
These hidden sheets contain malicious strings in an obfuscated manner. So, on analyzing more we observed that sheets inside the macrosheets folder contain these malicious strings.
Now as we can in figure-7 different tags are used in this XML sheet file. All the malicious strings are present in two tags <f> and <v> tags inside <sheetdata> tags. Now let’s look more in detail about these tags.
<v> (Cell Value) tags are used to store values inside the cell. <f> (Cell Formula) tags are used to store formulas inside the cell. Now in the above sheet <v> tags contain the cached formula value based on the last time formula was calculated. Formula cells contain formulas like “GOTO(Sheet2!H13)”, now as we can see here attackers can store different formulas while referencing cells from different sheets. These operations are done to produce more and more obfuscated sheets and evade AV signatures.
When the user clicks on the enable content button the execution starts from the Auto_Open cell, after which each sheet formula will start to execute one by one. The final deobfuscated string is shown below.
Here the URLDownloadToFIleA API is used to download the payload and the string “JJCCBB” is used to specify data types to call the API. There are multiple URI’s and from one of them, the DLL payload gets downloaded and saved as ..\\lertio.cersw. This DLL payload is then executed using rundll32. All these malicious activities get carried out using various excel based formulas like REGISTER, EXEC, etc.
McAfee’s Endpoint products detect this variant of malware as below:
The main malicious document with SHA256 (91a1ba70132139c99efd73ca21c4721927a213bcd529c87e908a9fdd71570f1e) is detected as “Downloader-FCEI” with current DAT files.
Additionally, with the help of McAfee’s Expert rule feature, customers can add a custom behavior rule, specific to this infection pattern.
Rule {
Process {
Include OBJECT_NAME { -v “EXCEL.exe” }
}
Target {
Match PROCESS {
Include OBJECT_NAME { -v “rundll32.exe” }
Include PROCESS_CMD_LINE { -v “* ..\\*.*,DllRegisterServer” }
Include -access “CREATE”
}
}
}
McAfee advises all users to avoid opening any email attachments or clicking any links present in the mail without verifying the identity of the sender. Always disable the Macro execution for Office files. We advise everyone to read our blog on these types of malicious XLSM files and their obfuscation techniques to understand more about the threat.
Different techniques & tactics are used by the malware to propagate, and we mapped these with the MITRE ATT&CK platform.
XLSM malware has been seen delivering many malware families. Many major families like Trickbot, Gozi, IcedID, Qakbot are using these XLSM macrosheets in high quantity to deliver their payloads. These attacks are still evolving and keep on using various obfuscated strings to exploit various windows utilities like rundll32, regsvr32, PowerShell, etc.
Due to security concerns, macros are disabled by default in Microsoft Office applications. We suggest it is only safe to enable them when the document received is from a trusted source and macros serve an expected purpose.
The post XLSM Malware with MacroSheets appeared first on McAfee Blogs.
Picture this: you open your MacBook and see an email claiming to be from your favorite online store. In the email, there is an attachment with “important information regarding your recent purchase.” Out of curiosity, you open the attachment without checking the recipient’s email address. The next thing you know, your device is riddled with malware.
Unfortunately, this story is not far from reality. Contrary to popular belief, Apple computers can get viruses, and XLoader has Mac users in their sights.
Let’s break down XLoader’s ‘s origins and how this malware works.
Where Did XLoader Come From?
XLoader originated from FormBook, which has been active for at least five years and is among the most common types of malware. Designed as a malicious tool to steal credentials from different web browsers, collect screenshots, monitor and log keystrokes, and more, FormBook allowed criminals to spread online misfortune on a budget. Its developer, referred to as ng-Coder, charged $49, a relatively cheap price to use the malware, making it easily accessible to cybercriminals.
Although ng-Coder stopped selling FormBook in 2018, this did not stop cybercriminals from using it. Those who had bought the malware to host on their own servers continued to use it, and in turn, quickly noticed that FormBook had untapped potential. In February 2020, FormBook rebranded to XLoader. XLoader can now target Windows systems and macOS devices.
Typically, XLoader is spread via fraudulent emails that trick recipients into downloading a malicious file, such as a Microsoft Office document. Once the malware is on the person’s device, an attacker can eavesdrop on the user’s keystrokes and monitors. Once a criminal has collected enough valuable data, they can make fake accounts in the victim’s name, hack their online profiles, and even access their financial information.
According to recent data, Apple sold 20 million Mac and MacBook devices in 2020. With macOS’s growing popularity, it is no surprise that cybercriminals have set their sights on targeting Mac users. Check out these tips to safeguard your devices and online data from XLoader and similar hacks:
Hackers often use phishing emails or text messages to distribute and disguise their malicious code. Do not open suspicious or irrelevant messages, as this can result in malware infection. If the message claims to be from a business or someone you know, reach out to the source directly instead of responding to the message to confirm the sender’s legitimacy.
Hackers tend to hide malicious code behind the guise of fake websites. Before clicking on an unfamiliar hyperlink, hover over it with your cursor. This will show a preview of the web address. If something seems off (there are strange characters, misspellings, grammatical errors, etc.) do not click the link.
Use a solution like McAfee Total Protection, which can help protect devices against malware, phishing attacks, and other threats. It also includes McAfee WebAdvisor — a tool that identifies malicious websites.
Regardless of whether you use a PC or a Mac, it is important to realize that both systems are susceptible to cyberthreats that are constantly changing. Do your research on prevalent threats and software bugs to put you in a great position to protect your online safety.
XLoader is just the latest example of how the gap between the prevalence of PC versus macOS malware is steadily closing. To better anticipate what threats could be around the corner and how to best combat them, stay updated on all of the latest online safety trends and practice great security habits. This will not only help protect your devices and online accounts but also bring you greater peace of mind.
The post 3 Tips to Protect Yourself From XLoader Malware appeared first on McAfee Blogs.
Equipping and guiding your digitally connected child is one of the toughest challenges you will face as a parent. As your child grows and changes, so too will their online activities. Friend groups, favorite apps, and online interests can shift from one month to the next, which is why parental controls can be a parent’s best friend.
According to a report from Common Sense Media, teens spend an average of seven hours and 22 minutes on their phones a day. Tweens (ages 8 to 12) spend four hours and 44 minutes daily. This is time outside of schoolwork.
That is a lot of time to stroll the streets of cyberspace for entertainment purposes, and it’s only increased since the pandemic.
Striking a balance between screen time and healthy device use is an always-evolving challenge. On the one hand, your child’s device is an essential channel connecting them to their self-identity, peer acceptance, and emotional well-being. On the other hand, that same device is also the door that can bring issues such as cyberbullying, predators, risky behavior, and self-image struggles into your child’s life.
Parental controls are tools that allow parents to set controls on their children’s internet use. Controls include content filters (inappropriate content), usage limits (time controls), and monitoring (tracking activity).
Many of the technology your family already owns or sites your kids visit have basic parental controls (i.e., built-in controls for android and iPhone and social networks such as YouTube). However, another level of parental control comes in software specifically engineered to filter, limit, and track digital activity. These consumer-designed parental controls offer families a higher, more powerful form of protection.
If you are like many parents who land on this blog, you’ve hit a rough patch. You have concerns about your child’s online activity but aren’t sure how to begin restoring balance. Rightly, you want to find the best parental control software and put digital safeguards in place.
Every family dynamic is different, as is every family’s approach to online monitoring. However, most parents can agree that when a negative influence begins to impact the family’s emotional and physical health, exploring new solutions can help get you back on track.
Depending on your child’s age, you may need to consider parental controls if:
1. They don’t respond when you talk to them
If your child is increasingly engrossed in their phone and it’s causing communication issues in your family, you may want to consider software that includes time limits. Connecting with your child during device-free time can improve communication.
2. They’ve started ignoring homework and family responsibilities
There are a lot of reasons grades can plummet, or interests can fade. However, if your child is spending more and more time online, limiting or monitoring what goes on in that time can help restore emotional balance and self-discipline to meet responsibilities.
3. Their browser history shows access to risky content
Innocent online searches can lead to not so innocent results or children may go looking for content simply because they’re curious. Parental controls automatically block age-inappropriate sites and filter websites, apps, and web searches.
4. They won’t give you their device without a fight
If the phone has become the center of your child’s world at the cost of parental respect and family rules, they may be engaged in inappropriate behavior online, connecting with the wrong friends, or struggling with tech balance. With the proper parental controls, a parent can block risky content, view daily activity, and set healthy time limits.
5. They’re losing interest in family outings and other non-digital activities
Poor habits form quietly over time. If your child has dramatically changed their focus in the past three to six months, consider zooming in on why. It may not be technology use, but you may consider an additional layer of protection if it is.
6. They go into another room to respond to a text
While everyone deserves privacy, if constantly sneaking away to communicate with a friend is your child’s new norm, you may consider making some screen time adjustments.
7. They are exhausted
Unbeknownst to parents, kids might be exchanging sleep for screen time. Parental controls can help you nip this unhealthy habit. Setting time limits can help kids experience deeper sleep, better moods, more focus, and more energy.
8. They overshare online
If you browse through your child’s social media and notice their profiles are public instead of private, or if your child tends to overshare personal information, parental controls can help you monitor future activity.
Ideally, we’d all prefer to live in a world where we didn’t need parental controls at all. Unfortunately, that is neither a present nor future reality. So, we recalibrate, keep learning, and keep adding to our parenting skills. As always, we believe the first go-to digital safety tool is investing in consistent open and honest conversation with your child. And the second tool? Yup, reach for the parental controls. While you may hear some hemming and hawing from your kids at first, the peace of mind you gain from having parental controls in place will be worth it.
The post 8 Signs It May Be Time for Parental Controls appeared first on McAfee Blog.
Every day you place your personal information in the hands of companies and trust that it will remain safe. However, what happens when external threats jeopardize your personal data security, especially while working remotely?
The transition to remote work environments and consumers’ online habits have made it more difficult for Canadian employees and consumers to protect their personal information. This challenge is primarily due to ransomware. To protect yourself, you need to first understand how cybercriminals take advantage of users’ online behaviors to launch strategic attacks against employees and consumers through the information they glean from stolen company data.
Ransomware has been on the rise this past year with attacks increasing 62% in 2020 according to Statista. In fact, 78% of Canadian cybersecurity professionals said that attacks increased due to employees working remotely in a recent VMware report. Cybercriminals target remote workers primarily through malicious links sent through phishing emails — in fact, over one third of Canadian respondents in a recent survey said they experienced at least one phishing attempt in the last year.
Hackers pose as legitimate organizations and prompt individuals to take action: say you decide to check your personal email on your work laptop during your lunch break. You open a message that claims to be from one of your favorite retailers claiming that you just won $500 in shopping credit – all you need to do is click on the link and fill out your banking information. This is an example of a phishing attack that could not only wreak havoc on your personal security, but your company’s as well. If the link in the message downloads a credential-stealing malware on your work laptop, there is a good chance that your organization’s private data or network could be compromised.
Knowing that many employees will be communicating virtually instead of face-to-face, hackers can take advantage of the remote work environment by posing as employees from finance departments and sending fake invoices for products or services. The goal of these fake invoices is for employees to call a support phone number to investigate, whereby hackers attain credit card numbers or other information they can leverage in spear-phishing scams. Hackers can also spoof phone calls to make it look like it is coming from a legitimate number within the organization. Revealing too much information to an unverified contact is a risk that remote workers must learn to identify and avoid.
Ransomware is always evolving, making it critical to understand the nature of these threats so you can better avoid them.
Cybercriminals are constantly finding new ways to automate their attacks and increase their profits. Here is a look at five active ransomware variants cybercriminals use today—and how they deploy them.
By the end of 2020, McAfee Labs observed a 69% increase in new ransomware, which Cryptodefense largely drove. This virus is similar to CryptoLocker, a trojan virus that spreads through email phishing to infiltrate hard drives and files. Both spread ransomware, use high levels of encryption to compromise users’ files, and claim that these files cannot be decrypted without a decryption key.
Maze ransomware has been active since November of 2019 and is operated by hackers notorious for leaking victim data upon non-payment. Maze operators first gain access to a network by using valid credentials. It will then scan the network for user devices, check these devices for additional credentials, and compromise user files.
In a Ransomware Task Force interview with an affiliate of the REvil/Sodinokibi syndicate, the interviewee revealed that companies with cyber insurance are prime targets since the chances of a payout are high. This ransomware spreads through software vulnerabilities, phishing scams, and exploit kits. Once it infiltrates a device, it spreads through escalated privilege to compromise user files and systems.
Ryuk has been around since August of 2018 and targets large companies, critical infrastructure, and hospitals. This ransomware is almost always spread through a banking trojan called Trickbot, used by hackers to steal financial and banking credentials. The operators behind this ransomware demand higher ransoms compared to other groups. They also use opensource tools and manual hacking techniques to bypass detection and infiltrate private networks.
The operators behind SamSam ransomware gain access through Windows servers using a Microsoft protocol that allows remote connections to other computers. Operators will then elevate their privilege to include admin rights once inside a network to infect servers with malware, requiring no action or authorization on the victim’s part.
Ransomware can affect anyone, regardless of whether you are an employee or a customer of a targeted company. Keep these tips in mind to reduce your risk of a ransomware attack and know what steps to take if you fall victim.
Phishing emails are one of the most common methods a hacker will use to infect devices and spread ransomware. They will send links through seemingly legitimate emails to trick users into clicking on them and downloading malicious files. Knowing how to spot one is the first step to prevent infection. If you receive an email you suspect is a phishing scam, start by analyzing its structure: common indicators of a phishing scam may include:
Once you identify a phishing email, don’t click on any links or download attachments. Simply delete it and carry on with your day.
Keep in mind that the cybercriminals behind Maze ransomware gained access to private networks through valid credentials. Hackers typically obtain these credentials through a “password spray” technique where they attempt to log in to accounts using a list of commonly used passwords. However, hackers have a higher chance of guessing valid passwords if they are too short or not complex enough. Additionally, a hacker is more likely to infiltrate multiple accounts if they share the same password.
Strong passwords help ensure that a hacker cannot access your private network, gain administrative rights to your device, or infect another device you are connected to. Create a password that is strong enough to withstand simple guess-and-check attempts by making them long, difficult, and unique. Multi-phrased passwords or passphrases also help to prevent hackers from breaking into your accounts, such as “P3anutbutter&J3lly.” Avoid reusing passwords across multiple accounts and change them periodically, especially after an account has been breached. Even if a hacker does steal your credentials, multi-factor authentication adds an extra validation layer to prohibit unauthorized sign-in attempts.
Your device is more susceptible to ransomware and viruses without the right security tools to help mitigate the chances of infection. Avoid the risk of a ransomware attack by employing a quality security solution like McAfee Total Protection. A holistic security solution can help you stay vigilant of cyber threats by monitoring for ransomware viruses in addition to malware and spyware. Security software can also monitor your internet connection and network traffic through regular scans to flag malicious activity and provide guidance on how to sidestep these threats. If a hacker attempts to launch an attack on your device, you can rest assured your security software will promptly alert you of the intrusion.
In addition to social engineering tactics, hackers will leverage vulnerabilities in software to create a back door through which they can infiltrate user devices. A way to keep cyber criminals out is to keep your software applications and devices up to date. This includes the apps on your mobile device as well as apps on your desktop. Regular updates ensure that the proper security patches are implemented, the right bugs are fixed and that hackers cannot exploit these vulnerabilities.
If worse comes to worst and your device is infected with ransomware, the first thing to do is isolate the device and disconnect from shared networks. Disconnecting the infected device ensures that ransomware cannot spread to other devices on that same network.
Immediately gather evidence on what type of malware you are dealing with so you can accurately report it to authorities and determine what your options are for remediation. You can then choose to remove it or wipe your system completely which is the most assured way to eliminate ransomware from your device. Afterwards you can reinstall your operating system and, provided you perform regular backups, restore your files to a previous version.
No one is truly out of the danger zone when hackers strike. Ransomware is on the rise, and online users must understand how to bypass these viruses to avoid the ramifications of a compromised device. By understanding online security best practices, users can safeguard their online presence and defend against ransomware threats.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, subscribe to our newsletter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post 5 Ransomware Threats Canadians Need to Know appeared first on McAfee Blogs.
[Disclaimer: The McAfee ATR team disclosed this vulnerability to Peloton and promptly started working together to responsibly develop and issue a patch within the disclosure window. The patch was tested and confirmed effective on June 4, 2021.]
Picture this: A hacker enters a gym or fitness center with a Peloton Bike+. They insert a tiny USB key with a boot image file containing malicious code that grants them remote root access. Since the attacker doesn’t need to factory unlock the bike to load the modified image, there is no sign that it was tampered with. With their newfound access, the hacker interferes with the Peloton’s operating system and now has the ability to install and run any programs, modify files, or set up remote backdoor access over the internet. They add malicious apps disguised as Netflix and Spotify to the bike in the hopes that unsuspecting users will enter their login credentials for them to harvest for other cyberattacks. They can enable the bike’s camera and microphone to spy on the device and whoever is using it. To make matters worse, they can also decrypt the bike’s encrypted communications with the various cloud services and databases it accesses, potentially intercepting all kinds of sensitive information. As a result, an unsuspecting gym-goer taking the Peloton Bike+ for a spin could be in danger of having their personal data compromised and their workout unknowingly watched.
That’s a potential risk that you no longer have to worry about thanks to McAfee’s Advanced Threat Research (ATR) team. The ATR team recently disclosed a vulnerability (CVE-2021-3387) in the Peloton Bike+, which would allow a hacker with either physical access to the Bike+ or access during any point in the supply chain (from construction to delivery), to gain remote root access to the Peloton’s tablet. The hacker could install malicious software, intercept traffic and user’s personal data, and even gain control of the Bike’s camera and microphone over the internet. Further conversations with Peloton confirmed that this vulnerability is also present on Peloton Tread exercise equipment; however, the scope of our research was confined to the Bike+.
As a result of COVID-19, many consumers have looked for in-home exercise solutions, sending the demand for Peloton products soaring. The number of Peloton users grew 22% between September and the end of December 2020, with over 4.4 million members on the platform at year’s end. By combining luxury exercise equipment with high-end technology, Peloton presents an appealing solution to those looking to stay in shape with a variety of classes, all from a few taps of a tablet. Even though in-home fitness products such as Peloton promise unprecedented convenience, many consumers do not realize the risks that IoT fitness devices pose to their online security.
IoT fitness devices such as the Peloton Bike+ are just like any other laptop or mobile phone that can connect to the internet. They have embedded systems complete with firmware, software, and operating systems. As a result, they are susceptible to the same kind of vulnerabilities, and their security should be approached with a similar level of scrutiny.
Following the consumer trend in increasing IoT fitness devices, McAfee ATR began poring over the Peloton’s various systems with a critical eye, looking for potential risks consumers might not be thinking about. It was during this exploratory process that the team discovered that the Bike’s system was not verifying that the device’s bootloader was unlocked before attempting to boot a custom image. This means that the bike allowed researchers to load a file that wasn’t meant for the Peloton hardware — a command that should normally be denied on a locked device such as this one. Their first attempt only loaded a blank screen, so the team continued to search for ways to install a valid, but customized boot image, which would start the bike successfully with increased privileges.
After some digging, researchers were able to download an update package directly from Peloton, containing a boot image that they could modify. With the ability to modify a boot image from Peloton, the researchers were granted root access. Root access means that the ATR team had the highest level of permissions on the device, allowing them to perform functions as an end-user that were not intended by Peloton developers. The Verified Boot process on the Bike failed to identify that the researchers tampered with the boot image, allowing the operating system to start up normally with the modified file. To an unsuspecting user, the Peloton Bike+ appeared completely normal, showing no signs of external modifications or clues that the device had been compromised. In reality, ATR had gained complete control of the Bike’s Android operating system.
The McAfee ATR team disclosed this vulnerability to Peloton and promptly started working together to responsibly develop and issue a patch within the disclosure window. The patch was tested and confirmed effective on June 4, 2021. The discovery serves as an important reminder to practice caution when using fitness IoT devices, and it is important that consumers keep these tips in mind to stay secure while staying fit:
Stay on top of software updates from your device manufacturer, especially since they will not always advertise their availability. Visit their website regularly to ensure you do not miss news that may affect you. Additionally, make sure to update mobile apps that pair with your IoT device. Adjust your settings to turn on automatic software updates, so you do not have to update manually and always have the latest security patches.
Do your research before making a significant investment in an IoT device. Ask yourself if these devices are from a reputable vendor. Have they had previous data breaches in the past, or do they have an excellent reputation for providing secure products? Also, take note of the information your IoT device collects, how vendors use this information and what they release to other users or third parties.
Above all, understand what control you have over your privacy and information usage. It is a good sign if an IoT device allows you to opt-out of having your information collected or lets you access and delete the data it does collect.
Protect your data from being compromised by stealthy cybercriminals by using an identity theft solution such as the one included in McAfee Total Protection. This software allows users to take a proactive approach to protecting their identities with personal and financial monitoring, as well as recovery tools.
If you are one of the 4.4 million Peloton members or use other IoT fitness devices, it is important to keep in mind that these gadgets could pose a potential security risk just like any other connected device. To elevate your fitness game while protecting your privacy and data, incorporate cybersecurity best practices into your everyday life so you can confidently enjoy your IoT devices.
As stated, McAfee and Peloton worked together closely to address this issue. Adrian Stone, Peloton’s Head of Global Information Security, shared that “this vulnerability reported by McAfee would require direct, physical access to a Peloton Bike+ or Tread. Like with any connected device in the home, if an attacker is able to gain physical access to it, additional physical controls and safeguards become increasingly important. To keep our Members safe, we acted quickly and in coordination with McAfee. We pushed a mandatory update in early June and every device with the update installed is protected from this issue.”
Peloton is always looking for ways to improve products and features, including making new features available to Members through software updates that are pushed to Peloton devices. For a step-by-step guide on how to check for updated software, Peloton Members can visit the Peloton support site.
The post Is Your Peloton Spinning Up Malware? appeared first on McAfee Blogs.
In 2018, Macs accounted for 10% of all active personal computers. Since then, popularity has skyrocketed. In the first quarter of 2021, Macs experienced 115% growth when compared to Q1 2020, putting Apple in fourth place in the global PC market share. It is safe to say that Macs are well-loved and trusted devices by a significant portion of the population — but just how safe are they from a security perspective?
Many users have historically believed that Macs are untouchable by hackers, giving Apple devices a reputation for being more “secure” than other PCs. However, recent attacks show that this is not the case. According to TechCrunch, a new malware called XCSSET was recently found exploiting a vulnerability that allowed it to access parts of macOS, including the microphone, webcam, and screen recorder — all without consent from the user.
Let’s dive deeper into how XCSSET works.
Researchers first discovered XCSSET in 2020. The malware targeted Apple developers and the projects they use to build and code apps. By targeting app development projects, hackers infiltrated apps early in their production, causing developers to unknowingly distribute the malware to their users.
Once the malware is running on a user’s device, it uses multiple zero-day attacks to alter the machine and spy on the user. These attacks allow the hacker to:
While macOS is supposed to ask users for permission before allowing any app to record the screen, access the microphone or webcam, or open the user’s storage, XCSSET can bypass all of these permissions. This allows the malware to sneak in under the radar and inject malicious code into legitimate apps that commonly ask for screen-sharing permissions such as Zoom, WhatsApp, and Slack. By disguising itself among these legitimate apps, XCSSET inherits their permissions across the computer and avoids getting flagged by macOS’s built-in security defenses. As a result, the bug could allow hackers to access the victim’s microphone, webcam, or capture their keystrokes for login credentials or credit card information.
It is unclear how many devices were affected by XCSSET. Regardless, it is crucial for consumers to understand that Mac’s historical security reputation does not replace the need for users to take online safety precautions. The following tips can help macOS users protect themselves from malware:
Software developers are continuously working to identify and address security issues. Frequently updating your devices’ operating systems, browsers, and apps is the easiest way to have the latest fixes and security protections. For example, Apple confirmed that it addressed the bug exploited by XCSSET in macOS 11.4, which was made available on May 24th, 2021.
Hackers often use phishing emails or text messages as a means to distribute malware by disguising their malicious code in links and attachments. Do not open suspicious or irrelevant messages, as this can result in malware infection. If the message claims to be from a business or someone you know, reach out to the source directly instead of responding to the message. This will allow you to confirm the sender’s legitimacy.
Use a solution like McAfee Total Protection, which can help protect devices against malware, phishing attacks, and other threats. It also includes McAfee WebAdvisor — a tool to help identify malicious websites.
Regardless of whether you are Team PC or Team Mac, it is important to realize that both platforms are susceptible to cyberthreats that are constantly changing. Doing your research on prevalent threats and software bugs puts you in a better position to protect your online safety.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, subscribe to our newsletter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Apple Users: This macOS Malware Could Be Spying on You appeared first on McAfee Blogs.
Over the past year, you may have seen the term ransomware popping up frequently. There’s good reason for that as ransomware is responsible for 21% of all cyberattacks, according to a new report. For enterprising hackers, this tactic has become standard operating procedure because it’s effective and organizations are willing to pay. But what does that mean for you and living a confident life online? Fortunately, there are a number of things individuals can do to avoid ransomware. But first, let’s start with the basics.
Ransomware is malware that employs encryption to hold a victim’s information at ransom. The hacker uses it to encrypt a user or organization’s critical data so that they cannot access files, databases, or applications. A ransom is then demanded to provide access. It is a growing threat, generating billions of dollars in payments to cybercriminals and inflicting significant damage and expenses for businesses and governmental organizations.
McAfee Labs counted a 60% increase in attacks from Q4 2019 to Q1 2020 in the United States alone. Unfortunately, the attacks targeting organizations also impact the consumers who buy from them, as the company’s data consists of its customers’ personal and financial information. That means your data if you’ve done business with the affected company. Fortunately, there are many ways you can protect yourself from ransomware attacks.
When a company is hit with a ransomware attack, they typically are quick to report the incident, even though a full analysis of what was affected and how extensive the breach may have been may take much longer. Once they have the necessary details they may reach out to their customers via email, through updates on their site, social media, or even the press to report what customer data may be at risk. Paying attention to official communications through these various channels is the best way to know if you’ve been affected by a ransomware attack.
The top ransomware infection vectors – a fancy term for the way you get ransomware on your device – are phishing and vulnerability exploits. Of these two, phishing is responsible for a full 41% of ransomware infections. Ironically, this is good news, because phishing is something we can learn to spot and avoid by educating ourselves about how scammers work. Before we get into specific tips, know that phishing can take the form of many types of communications including emails, texts, and voicemails. Also know that scammers are convincingly imitating some of the biggest brands in the world to get you to surrender your credentials or install malware on your device. With that in mind, here are several tips to avoid getting phished.
If you receive an email, call, or text asking you to download software or pay a certain amount of money, don’t click on anything or take any direct action from the message. Instead, go straight to the organization’s website. This will prevent you from downloading malicious content from phishing links or forking over money unnecessarily.
If someone sends you a message with a link, hover over the link without clicking on it. This will allow you to see a link preview. If the URL looks suspicious, don’t interact with it and delete the message altogether.
Instead of clicking on a link in an email or text message, it’s always best to check directly with the source to verify an offer, request, or link.
McAfee offers the free McAfee WebAdvisor, which can help identify malicious websites and suspect links that may be associated with phishing schemes.
If you do get ransomware, the story isn’t over. Below are 8 remediation tips that can help get your data back, along with your peace of mind.
If you get ransomware, you’ll want to immediately disconnect any infected devices from your networks to prevent the spread of it. This means you’ll be locked out of your files by ransomware and be unable to move the infected files. Therefore, it’s crucial that you always have backup copies of them, preferably in the cloud and on an external hard drive. This way, if you do get a ransomware infection, you can wipe your computer or device free and reinstall your files from backup. Backups protect your data, and you won’t be tempted to reward the malware authors by paying a ransom. Backups won’t prevent ransomware, but they can mitigate the risks.
If you discover that a data leak or a ransomware attack has compromised a company you’ve interacted with, act immediately and change your passwords for all your accounts. And while you’re at it, go the extra mile and create passwords that are seriously hard to crack with this next tip.
When updating your credentials, you should always ensure that your password is strong and unique. Many users utilize the same password or variations of it across all their accounts. Therefore, be sure to diversify your passcodes to ensure hackers cannot obtain access to all your accounts at once, should one password be compromised. You can also employ a password manager to keep track of your credentials and generate secure login keys.
Two or multi-factor authentication provides an extra layer of security, as it requires multiple forms of verification. For instance, you’ll be asked to verify your identity through another device, such as a phone. This reduces the risk of successful impersonation by hackers.
Be careful where you click. Don’t respond to emails and text messages from people you don’t know, and only download applications from trusted sources. This is important since malware authors often use social engineering to get you to install dangerous files. Using a security extension on your web browser is one way to browse more safely.
Avoid using public Wi-Fi networks, since many of them are not secure, and cybercriminals can snoop on your internet usage. Instead, consider installing a VPN, which provides you with a secure connection to the internet no matter where you go.
While it is often large organizations that fall prey to ransomware attacks, you can also be targeted by a ransomware campaign. If this happens, don’t pay the ransom. Although you may feel that this is the only way to get your encrypted files back, there is no guarantee that the ransomware developers will send a decryption tool once they receive the payment. Paying the ransom also contributes to the development of more ransomware families, so it’s best to hold off on making any payments. Thankfully there are free resources devoted to helping you like McAfee’s No More Ransomware initiative McAfee, along with other organizations, created www.nomoreransom.org/ to educate the public about ransomware and, more importantly, to provide decryption tools to help people recover files that have been locked by ransomware. On the site you’ll find decryption tools for many types of ransomware, including the Shade ransomware.
Adding an extra layer of security with a solution such as McAfee® Total Protection, which includes Ransom Guard, can help protect your devices from these cyber threats. In addition, make sure you update your devices’ software (including security software!) early and often, as patches for flaws are typically included in each update. Comprehensive security solutions also include many of the tools we mentioned above and are simply the easiest way to ensure digital wellness online.
The post 8 Tips for Staying Safe from Ransomware Attacks appeared first on McAfee Blog.
Personal devices and the information they carry are incredibly valuable to their owners. It is only natural to want to protect your device like a royal family fortifying a medieval castle. Unlike medieval castles that depended upon layers and layers of protection (moats, drawbridges, spiky gates, etc.), personal devices thrive on just one defense: a devoted guard called antivirus software.
Increasing your personal device’s security detail with more than one guard, or antivirus software is actually less effective than using a single, comprehensive option. Microsoft operating systems recognize the detriment of running two antivirus software programs simultaneously for real-time protection. Microsoft Windows automatically unregisters additional programs so they do not compete against each other. In theory, if you have a Microsoft device, you could run on-demand or scheduled scans from two different antivirus products without the operating system disabling one of them. But why invest in multiple software where one will do?
If you do not have a Microsoft device, here is what could happen to your device if you run more than one antivirus program at a time, and why you should consider investing in only one top-notch product.
Antivirus programs want to impress you. Each wants to be the one to catch a virus and present you with the culprit, like a cat with a mouse. When antivirus software captures a virus, it locks it in a secure place to neutralize it. If you have two programs running simultaneously, they could engage in a tussle over who gets to scan, report, and remove the virus. This added activity could cause your computer to crash or use up your device’s memory.
Antivirus software quietly monitors and collects information about how your system runs, which is similar to how viruses operate. One software could mark the other as suspicious because real-time protection software is lurking in the background. So, while one antivirus program is busy blowing the whistle on the other, malicious code could quietly slip by.
Additionally, users could be buried under a barrage of red flag notifications about each software reporting the other as suspicious. Some users become so distracted by the onslaught of notifications that they deactivate both programs or ignore notifications altogether, leaving the device vulnerable to real threats.
Running one antivirus software does not drain your battery, and it can actually make your device faster. However, two antivirus programs will not double your operating speed. In fact, it will make it run much slower and drain your battery in the process. With two programs running real-time protection constantly in the background, device performance is extremely compromised.
There is no reason to invest in two antivirus programs when one solid software will more than do the trick to protect your device. Here are some best practices to get the most out of your antivirus software:
One habit you should adopt is backing up your files regularly. You never know when malware could hit and corrupt your data. Add it to your weekly routine to sync with the cloud and back up your most important files to an external hard drive.
Whenever your software prompts you to install an update, do it! New cyber threats are evolving every day, and the best way to protect against them is to allow your software to stay as up-to-date as possible.
Always read your antivirus results reports. These reports let you know the suspicious suspects your software was busy rounding up. It will give you a good idea of the threats your devices face and perhaps the schemes that you unknowingly fell into, such as clicking on a link in a phishing email. This information can also help you improve your online safety habits.
Everyone needs strong antivirus. Yet antivirus alone isn’t enough to beat back today’s threats. Hackers, scammers, and thieves rely on far more tricks than viruses and malware to wage their attacks, and data breaches slip billions of personal and financial records into the hands of bad actors. You’ll want to pair antivirus with further protection that covers your privacy and identity as well.
For example the antivirus included with McAfee+ Ultimate can secure an unlimited number of household devices. Yet it offers far more than antivirus alone with our most comprehensive protection for your privacy, identity, and devices. The full list of features is long, yet you’ll get credit monitoring, dark web monitoring, removal of personal information from risky data broker sites, along with identity theft protection and restoration from a licensed expert if the unexpected happens. In all, it offers a single solution for antivirus, and far more that can protect you from the broad range of threats out there today.
The post Less Is More: Why One Antivirus Software Is All You Need appeared first on McAfee Blog.
When you open your laptop or your mobile device, what is the first thing you do? Do you head to your favorite social media site to skim the latest news, or do you place your weekly grocery delivery order? No matter what your daily online habits are, even the slightest degree of caution can go a long way in staying secure online.
That’s because hackers are experts at hiding malware in your everyday online routines, or even infiltrating your cookies to steal login information and learn about your personal preferences.
According to a StatsCan Canadian internet use survey, six out of ten internet users reported experiencing a cybersecurity incident. There are many hoops to jump through when navigating the digital landscape. By taking the necessary steps to remedy vulnerabilities in your digital activity, you can dramatically improve your online protection.
Cybercriminals take advantage of online users through routine avenues you would not expect. Here are three common ways that cybercriminals eavesdrop on online users.
Adware, or advertising-supported software, generates ads in the user interface of a person’s device. Adware is most often used to generate revenue for the developer by targeting unsuspecting online users with personalized ads paid by third parties. These third parties usually pay per view, click, or application installation.
Though not always malicious, adware crosses into dangerous territory when it is downloaded without a user’s consent and has nefarious intent. In this case, the adware becomes known as a potentially unwanted application (PUA) that can remain undetected on users’ devices for long periods of time. According to a report by the Cybersecure Policy Exchange, an unintentionally installed or downloaded computer virus or piece of malware is one of the top five cybercrimes that Canadians experience. The PUA can then create issues like frequent crashes and slow performance.
Users unknowingly download adware onto their device when they download a free ad-supported program or visit a non-secure site that does not use the Hypertext Transfer Protocol Secure (HTTPS) to encrypt online communication.
Hackers also use invasive tactics known as ad injections, where they inject ads with malicious code for increased monetary gain. This is a practice known as “malvertising.” If a user clicks on a seemingly legitimate and well-placed ad, they risk exposing themselves to numerous online threats. These ads can be infected with malware such as viruses or spyware. For example, hackers can exploit browser vulnerabilities to download malware, steal information about the device system, and gain control over its operations. Hackers can also use malvertising to run fraudulent tech support scams, steal cookie data, or sell information to third-party ad networks.
Another vulnerability that many may not realize is their browser’s built-in autofill functions. As tempting as it is to use your browser’s autofill function to populate a long form, this shortcut may not be safe. Cybercriminals have found ways to capture credentials by inserting fake login boxes onto a web page that users cannot see. So, when you accept the option to autofill your username and password, you are also populating these fake boxes.
Take a proactive approach to your digital protection the next time you are browsing the internet by reassessing your online habits. Check out these five tips to ensure you are staying as safe as possible online.
Cookie data can contain anything from login information to credit card numbers. Cybercriminals looking to exploit this information can hijack browser sessions to pose as legitimate users and steal cookies as they travel across networks and servers. As a result, it is essential for online users to regularly clear out their cookies to better protect their information from falling into the wrong hands. Navigate to your browser’s history, where you can wipe the data associated with each browser session, including your cookies.
Clearing your browser’s cookie data will also remove your saved logins, which is why leveraging a password manager can make it easier to access regularly visited online accounts.
Many browsers come with a built-in password generator and manager; however, it is better to entrust your logins and password to a reputable password manager. Browser password managers are not as secure as password managers, because anyone who has access to your device will also access your online information. A password manager, provides a more secure solution since it requires you to log in with a separate master password. A password manager also works across various browsers and can generate stronger passwords than those created by your browser.
In addition to clearing cookie data, users should adjust their browser settings to ensure their online sessions remain private.
Another option is to access the internet in Private Browsing Mode to automatically block third-party tracking, making it a quick and easy option to ensure private browsing. Users can also enable the “do not track” function of their browser to prevent third-party tracking by advertisers and websites. Additionally, you can adjust your browser settings to block pop-up ads and control site permissions, such as access to cameras and locations.
Ad blockers suppress unwanted and potentially malicious ads to ensure a safer browsing experience. Ad blockers can also make it easier to view page layout by removing distracting ads and optimizing page load speed. Additionally, they prevent websites from tracking your information that third parties can sell.
Deploying a security solution like McAfee+ Ultimate ensures the safest internet browsing experience through a holistic approach for threat detection, protection, and remediation. Equipped with a password manager, antivirus software, and firewall protection, users can effectively sidestep online threats while browsing the internet. Moreover, it includes comprehensive privacy and identity protection, such as our Personal Data Cleanup, dark web monitoring, credit monitoring, along with ways you can quickly Lock or freeze your credit file to help prevent accounts from being opened in your name.
Your online behavior can say a lot about you so make sure you safeguard your internet protection. Whether it is through malvertising or invisible forms, hackers can glean information to paint a picture of who you are to target you through deceptive tactics. Cybercriminals are always looking for vulnerabilities which is why assessing your online habits sooner rather than later is a critical first step to smarter online browsing.
The post 5 Ways to Protect Your Online Privacy appeared first on McAfee Blog.
Google’s Android operating system has been a boon for the average consumer. No other operating system has given so much freedom to developers and hardware manufacturers to make quality devices at reasonable prices. The number of Android phones in the world is astounding. That success comes with a price, however.
A recent report from our own McAfee Mobile Research team has found malicious apps with hundreds of thousands of downloads in the Google Play store. This round of apps poses as simple wallpaper, camera filters, and picture editing, but they hide their nature till after they’ve been installed on your device.
Figure 1. Infected Apps on Google Play
On the bright side, Google Play performs a review for every app to ensure that they are legitimate, safe, and don’t contain malware before they’re allowed on the Play store. However, enterprising criminals regularly find ways to sneak malware past Google’s security checks.
Figure 2. Negative reviews on Google Play
When developers upload their apps to the Play store for approval, they have to send supporting documents that tell Google what the app is, what it does and what age group it’s intended for. By sending Google a “clean” version of their app, attackers can later get their malicious code into the store via a future update where it sits and waits for someone to download it. Once installed, the app contacts a remote server, controlled by the attackers, so it can download new parts of the app that Google has never seen. You can think of it as a malware add-on pack that installs itself on your device without you realizing it. By contacting their own server for the malware files, attackers sneak around Google security checks and can put anything they want on your device.
The current round of malware we’re seeing hijack your SMS messages so they can make purchases through your device, without your knowledge. Through a combination of hidden functionality and abuse of permissions like the ability to read notifications, that simple looking wallpaper app can send subscription requests and confirm them as if it were you. These apps will regularly run up large bills through purchasing subscriptions to premium rate services. The more troubling part is how they can read any message that you receive, possibly exposing your personal information to attackers.
To start, a comprehensive and cross-platform solution like McAfee Total Protection can help detect threats like malware and alerts you if your devices have been infected. I’d also like to share some tips our Research team has shared with me.
Before you hit that install button, take a good look at an app’s reviews. Do they look like they were written by real people? Do the account names of the reviewers make sense? Are people leaving real feedback, or are the majority of comments things like, “Works great. Loved it.” with no other information?
Scammers can easily generate fake reviews for an app to make it look like people are engaging with the developers. Look out for vague reviews that don’t mention the app or what it does, nothing but five-star reviews, and generic sounding account names like, “girl345834”. They’re probably bots, so be wary.
Search for the app developers’ company and see if they have a website. Having a website doesn’t guarantee an app is legitimate, but it’s another good indicator of how trustworthy a company’s app is. Through their website, you should be able to find out where their team is based, or at least some personal information about the company. If they’re hiding that information, or there’s no site at all, that might be a good sign to try a different app.
A lot of malicious apps offer features that your phone already provides, like a flashlight or photo viewer. Unless there’s a very specific reason why you need a separate app to do something your device already does, it’s not recommended to use a third-party app. Especially if it’s free.
App permissions must be clearly stated on the app’s page in order to get into the Google Play store. They’re found near the bottom of the page, along with developer information. Check the permissions every app asks for before you install it and ask yourself if they make sense. For example, a photo editor doesn’t need access to your contacts list, and wallpapers don’t need to have access to your location data. If the permissions don’t make sense for the type of app, steer clear.
Mobile devices are vulnerable to malware and viruses, just like your computer. By installing McAfee protection to your mobile device, you can secure your mobile data, protect your privacy, and even find lost devices.
Android is one of the most popular operating systems on the planet, which means the rewards for creating malware for Android devices are well worth it. It’s unlikely that Android malware is going away any time soon, so staying safe means being cautious with the things you install on your devices.
You can protect yourself by installing McAfee Total Protection on your mobile device and reading the permissions apps ask for when you install them. There’s no good reason for a wallpaper app to have SMS permissions, but that request should ring some alarm bells that something isn’t right and stop you from installing it.
The post Fraudulent Apps that Automatically Charge you Money Spotted in Google Play appeared first on McAfee Blogs.
Cybercriminals go to great lengths to hack personal devices to gather sensitive information about online users. To be more effective, they make significant investments in their technology. Also, cybercriminals are relying on a tactic called social engineering, where they capitalize upon fear and urgency to manipulate unsuspecting device users to hand over their passwords, banking information, or other critical credentials.
One evolving mobile device threat that combines malware and social engineering tactics is called BRATA. BRATA has been recently upgraded by its malicious creators and several strains have already been downloaded thousands of times, according to a McAfee Mobile Research Team report.
Here’s how you can outsmart social engineering mind games and protect your devices and personal information from BRATA and other phishing and malware attacks.
BRATA stands for Brazilian Remote Access Tool Android and is a member of an Android malware family. The malware initially targeted users in Brazil via Google Play and is now making its way through Spain and the United States. BRATA masquerades as an app security scanner that urges users to install fake critical updates to other apps. The apps BRATA prompts the user to update depends on the device’s configured language: Chrome for English speakers, WhatsApp for Spanish speakers, and a non-existent PDF reader for Portuguese speakers.
Once BRATA infects a mobile device, it combines full device control capabilities with the ability to capture screen lock credentials (PIN, password, or pattern), capture keystrokes (keylogger functionality), and record the screen of the compromised device to monitor a user’s actions without their consent.
BRATA can take over certain controls on mobile phones, such as:
BRATA is like a nosy eavesdropper that steals keystrokes and an invisible hand that presses buttons at will on affected devices.
BRATA’s latest update added new phishing and banking Trojan capabilities that make the malware even more dangerous. Once the malware is installed on a mobile device, it displays phishing URLs from financial institutions that trick users into divulging their sensitive financial information. What makes BRATA’s banking impersonations especially effective is that the phishing URLs do not open into a web browser, which makes it difficult for a mobile user to pinpoint it as fraudulent. The phishing URLs instead redirect to fake banking log-in pages that look legitimate.
The choice to impersonate banks is a strategic one. Phishers often impersonate authoritative institutions, such as banks and credit card companies, because they instill fear and urgency.
Social engineering methods work because they capitalize on the fact that people want to trust others. In successful phishing attacks, people hand cybercriminals the keys instead of the cybercriminal having to steal the keys themselves.
Awareness is the best defense against social engineering hacks. When you’re on alert and know what to look for, you will be able to identify and avoid most attempts, and antivirus tools can catch the lures that fall through the cracks.
Here are three tell-tale signs of a social engineering attack and what you should do to avoid it.
Just because an app appears on Google Play or the App Store does not mean it is legitimate. Before downloading any app, check out the number of reviews it has and the quality of the reviews. If it only has a few reviews with vague comments, it could either be because the app is new or it is fake. Also, search the app’s developer and make sure they have a clean history.
Never click on links if you are not sure where they redirect or who sent it. Be especially wary if the message surrounding the link is riddled with typos and grammar mistakes. Phishing attempts often convey urgency and use fear to pressure recipients to panic and respond too quickly to properly inspect the sender’s address or request. If you receive an urgent email or text request concerning your financial or personal information, take a deep breath and investigate if the claim is legitimate. This may require calling the customer service phone number of the institution.
Just like computers, mobile devices can be infected with viruses and malware. Protect your mobile device by subscribing to a mobile antivirus product, such as McAfee Mobile Security. McAfee Mobile Security is an app that is compatible with Android devices and iPhones, and it protects you in various ways, including safe surfing, scanning for malicious apps, and locating your device if it is lost or stolen.
The post Beware of BRATA: How to Avoid Android Malware Attack appeared first on McAfee Blogs.
In a poll conducted by the Canadian Medical Association, nearly half of Canadians have used telehealth services since the start of the pandemic. Additionally, in a recent McAfee study, we found that 21% of Canadians have used the internet for a doctor visit in 2020, and 28% said that such online visits will become a part of their routine moving forward Telehealth, or virtual care. This includes clinical services delivered remotely via electronic communications, such as videoconferencing, mobile apps and remote patient monitoring technology. Many of us have readily accepted these medical services out of necessity, as COVID have limited in-person hospital visits.
Hackers are taking advantage of the rise in virtual health services and exploiting their vulnerabilities to steal sensitive medical records. These vulnerabilities are the result of bigger issues stemming from obscure patient health information regulations and health care system budgetary constraints.
Understanding the risks associated with telehealth is the first step to securing your online safety during your virtual doctor’s visits.
At the onset of the pandemic, the number of reported Canadian cyberattacks jumped 50% from Q4 2019 to Q1 2020. Health care is one of the most targeted industries for cyberattacks. One attack even compromised the organization that manages Ontario’s medical records. Health care is such a highly targeted industry because it holds a wealth of information that fetches a high price on the dark web. Experts say medical records are more valuable than credit card details due to the amount of vital information stored in them, such as birth dates and patient ID numbers. Hackers can then hold this information for ransom or use it to steal your identity. Further, cybercriminals see health care institutions as easy targets. Canadian health care IT departments have insufficient budgets and are ill-prepared to handle the rising threats.
Canada also does not have federal guidelines governing virtual care and patient health information. Rather, health care providers and virtual care platforms are limited to the broad guidelines outlined by the Personal Information Protection and Electronic Documents Act (PIPEDA). As these are not digital security specific purpose defined guidelines and requirements, it makes it more difficult for health care providers and telehealth companies to protect patient data.
Telehealth makes care accessible to everyone; unfortunately, if you’re not careful, telehealth also opens the door for hackers. Hackers can infiltrate the technology used for online doctor’s appointments, because video conferencing technologies have several security flaws. From there, hackers can disrupt calls, eavesdrop and steal your private health information.
The advent of telehealth services has also prompted an increase in emails. Since patients may be expecting emails from their doctor, they may let their guard down and fall victim to phishers posing as a health care organization.
Prepare for your next virtual doctor’s appointment with these best practices to secure your virtual safety.
Before heading into your next telehealth appointment, ask your health care provider the right questions to online understand what risks you may face. Ascertaining this information will help you understand what actions you need to take to mitigate the risk on your end, like staying alert for eavesdroppers or finding alternative ways to confirm personal information. Here are some questions you can ask:
Phishing is a common tactic hackers use to access private health information and trick users into downloading malware. Beware of seemingly official emails under the guise of your health care provider asking for payment information or prompting you to take immediate action. If the email logo doesn’t look right, the message is poorly written, or the URL displayed doesn’t match the one that’s linked, then it’s likely a phishing scam.
Contact your health care provider before verifying sensitive information online, such as payment details or document transfer methods, to avoid falling victim to phishing. We recommend logging into your healthcare provider’s official website or app to confirm pertinent healthcare information as well. If you accidentally reply to a phishing email, perform a full malware scan on your device to ensure your private information remains secure.
It’s important to keep telehealth applications up to date to benefit from the latest bug fixes and security patches. This includes apps belonging to your IoT devices, such as glucose monitors, blood pressure monitors or other network-enabled diagnostic devices. These devices represent more entry points that hackers can infiltrate, making it especially critical to keep them up to date and close any security loopholes.
Get creative with your telehealth portal password, or better yet, use a security solution that includes a password management system. McAfee Total Protection includes a robust password management system that creates and saves strong passwords across all your accounts in one centralized location.
Ensure you’re using a telehealth platform that leverages multi-factor authentication, so even if a hacker were to acquire your password, there’s an added layer of security they won’t be able to bypass.
It’s always best to use a virtual private network (VPN) when conducting activities online, and medical visits are no exception. Using a VPN like McAfee Safe Connect VPN will ensure your data is encrypted and your private health information stays between you and your doctors. A VPN is especially important if you’re connecting from a network other than your password-protected home Wi-Fi.
Medical services are just one of many activities that have turned virtual due to the pandemic. Keep in mind these new virtual outlets come with elevated risks. Hackers are taking advantage of software vulnerabilities and taking victims unaware through social engineering tactics to steal sensitive personal information. Remember to secure your online health by taking a proactive stance against malicious threats so you can focus on your physical health during your telehealth visits.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, subscribe to our email, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Check up on Your Virtual Safety: Tips for Telehealth Protection appeared first on McAfee Blogs.
The number of new viruses grows every day. In fact, McAfee registers an average of 1.1 million new malicious programs and potentially unwanted apps (PUA) each day, which contributes to the millions and millions already in existence. While there is no way to know when or how cyberattacks will occur, it’s clear that antivirus software is one of the best ways to ensure you, and your devices, are safe.
Despite its proven strengths, some long-standing myths question the effectiveness of antivirus. To set the record straight, we’ve debunked five of the most common antivirus software myths, so you can rest assured that you are safely navigating the evolving cyber landscape.
We expect a lot from our devices—faster performance every time the latest model is released. As a result, many are reluctant to install apps or software that may jeopardize device performance, including antivirus software.
Many believe that antivirus software will slow down your devices. However, contrary to popular belief, quality antivirus software can improve device performance by using advanced optimizations. It’s this simple: antivirus software conducts regular system-wide scans to identify and prevent viruses and improve performance without compromising efficacy.
To run these scans, antivirus software requires system resources, which is where this myth originates. If you download or operate more than one antivirus program or download the wrong version for your system, then yes, your device will slow to a crawl. That is why it is essential to install one high-quality antivirus software that meets all your devices’ system requirements. Additionally, best-in-class antivirus software can be set to run during specific hours to avoid delays during the busiest times of your day.
The number of malware strains and potentially unwanted applications (PUA) increases every year. It is understandable why people might think that antivirus software cannot protect against them all.
However, antivirus software can provide extensive protection against the majority of malicious programs. It does so in two ways:
Taken together, a known list of threats paired with the unique capabilities of machine learning, data science, and AI for advanced threat detection enable antivirus software to protect against a wide range of existing and evolving threats.
Can you imagine grading your own driving test? You could omit the dreaded three-point turn and pass with flying colors, but the result wouldn’t be as accurate as that of an unbiased evaluator. This same concept applies to evaluating the efficacy of computer security.
It’s easy for a company to set up a test environment where they highlight all the excellent capabilities of their antivirus software and gloss over its shortcomings. It’s equally as easy for a company to commission a third-party to conduct a custom test painting the company in a good light. However, the results will not be as comprehensive or accurate as those from an independent third-party. Additionally, they also will not provide a comparative analysis with other company offerings to help users draw their own conclusions.
Independent third-party test results offer a more thorough evaluation of antivirus software. They also do a better job at evaluating security features. Furthermore, ISO-certified independent third parties lend transparency and credibility to the techniques used and ensure that evaluations align with industry standards.
There is a common belief that Apple products are protected against viruses because cybercriminals often target Windows and Android operating systems. However, Apple devices are just as vulnerable to viruses as any other computer or smartphone. Regardless of your device or operating system—macOS, iOS, Windows, or Android—if it connects to a network, it’s susceptible to viruses.
Windows and Android have long been the dominant operating systems for computers and smartphones. That’s why macOS and iOS have, up until recently, been the lesser focus for cybercriminals. The problem is that cybercriminals want to spread their viruses to the platforms with the largest customer base which just so happens to be Windows and Android. As Apple products continue to grow in popularity, cybercriminals will continue coming out with more viruses specifically targeting Macs, iPhones, and other iOS devices.
Antivirus software is not a guarantee of protection against all viruses. Some malware can and will slip through. This is where antivirus software’s ability to detect and remove malware comes in. Ours comes with a Virus Protection Pledge, which provides a 100% guarantee we’ll remove viruses on your devices, or we’ll give you your money back, all as part of your automatically renewable subscription.
However, viruses and malware are just one form of attack that hackers and bad actors will wage on their victims. They’ll also make attempts at identity theft or likewise try to invade your privacy—with the intent of stealing passwords, account information, and personal information, which could drain your debit cards, damage your credit, or otherwise impersonate you for their financial gain.
In this way, antivirus is just one form of protection. To truly stay safe as possible online, you need online protection software that looks after your identity and privacy as well. McAfee+ Ultimate offers our most comprehensive coverage, with
It is necessary to bust common myths about antivirus software to protect yourself and your family from cyberthreats. By educating yourself and selecting a best-in-class antivirus software that’s further bolstered by identity and privacy protection, you will be well on your way to implementing an effective protection strategy.
The post Myth-busting Antivirus Software Assumptions appeared first on McAfee Blog.
We’ve all come to a realization that we don’t go anywhere without our phone. It’s a utility that helps us navigate our daily lives: directions, schedules, shopping, discounts, banking, and so on. And as our reliance on our smartphone continues to grow, it’s no wonder that hackers have taken notice. This time, it’s another case of an app gone rogue.
With over 10 million downloads, the Barcode Scanner app provided users with a basic QR code reader and barcode generator, useful for things like making purchases and redeeming discounts. Then, most likely in a recent update, the app began to deliver ad-producing malware onto users’ phones – with the malware being traced back to the Android Barcode Scanner app. While Barcode Scanner was previously benign, it is believed that a hacker injected malicious code into the app before the latest update, pushing malware onto Android devices. Once installed, the malware hijacks your default web browsers and redirects you to random advertisements.
In a typical case of malvertising, or malicious advertising, fraudsters submit infected graphic or text ads to legitimate advertisement networks, which often can’t distinguish harmful ads from trustworthy ones. Under the guise of everyday pop-ups, these malicious ads push fake browser updates, free utilities, or antivirus programs in the hope that unsuspecting users will click. Depending on what kind of programs the malicious ads succeed in downloading, hackers might steal your data, encrypt or delete your information, or hijack your computer functions – as is the case with the Barcode Scanner’s malware.
While Google has taken down the Barcode Scanner from its store, it has not been deleted from infected devices. So, if you have the app on your phone, it’s time to uninstall it from your device manually…ASAP.
We all need to reflect on the state of our digital health, especially as hackers continue to target us through the device we use most – our phones. To help protect your data, family, and friends, check out these security tactics to keep sneaky mobile threats out:
While some malicious apps do make it through the app store screening process, most attack downloads appear to stem from social media, fake ads, and other unofficial app sources. Before downloading an app to your device, do some quick research about the origin and developer.
Reviews and rankings are still a suitable method of determining whether an app is legitimate. However, watch out for assessments that reuse repetitive or straightforward phrases, as this could be a sign of a fraudulent review.
Developers are actively working to identify and address security issues. Frequently update your operating systems and apps so that they have the latest fixes and security protections.
Holistic security solutions across all devices continues to be a strong defensive measure to protect your data and privacy from online threats like malware.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, subscribe to our email, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Millions Affected by Malware Attributed to Android Barcode-Scanning App appeared first on McAfee Blogs.
The holidays have come and gone, and students returned to the virtual classroom. But according to the FBI, cyberattacks are likely to disrupt online learning in the new year. As of December 2020, the FBI, Cybersecurity and Infrastructure Security Agency (CISA), and MS-ISAC continue to receive reports from K-12 educational institutions about the disruptions caused by cyberthreats, primarily ransomware and Distributed Denial of Service (DDoS). To protect their education and digital lives, distance learners will need to stay vigilant when it comes to ransomware and DDoS attacks. Let’s dive into the impact these threats have on the K-12 education system now that more people are plugged in as a result of distance learning.
Of all the attacks plaguing K-12 schools this year, ransomware has been a particularly aggressive threat. Ransomware attacks typically block access to a computer system or files until the victim pays a certain amount of money or “ransom.” The FBI and the CISA issued a warning that showed a nearly 30% increase in ransomware attacks against schools. In August and September, 57% of ransomware incidents involved K-12 schools, compared to 28% of all reported ransomware incidents from January through July. And it’s unlikely that hackers will let up anytime soon. Baltimore County’s school system was recently shut down by a ransomware attack that hit all of its network systems and closed schools for several days for about 111,000 students. It wasn’t until last week that school officials could finally regain access to files they feared were lost forever, including student transcripts, first-quarter grades, and vital records for children in special education programs.
According to to ZDNet, the five most active ransomware groups targeting K-12 schools are Ryuk, Maze, Nefilim, AKO, and Sodinokibi/REvil. Furthermore, all five of these ransomware families are known to run “leak sites,” where they dump data from victims who don’t pay the ransom. This creates a particularly dangerous problem of having student data published online. To prevent distance learning disruption, students and educators need to understand the effects of ransomware on school systems and take steps to prevent the damage caused by this threat.
An increase in ransomware attacks isn’t the only problem that K-12 schools are facing. The CISA and the FBI warned those participating in distance learning to protect themselves against other forms of cyberattacks such as Distributed Denial of Service (DDoS). DDoS is a method where hackers flood a network with so much traffic that it cannot operate or communicate as it normally would.
According to Dark Reading, Miami-Dade County Public Schools experienced significant disruptions during their first three days of distance learning for the 2020-2021 school year, thanks to a series of DDoS attacks. The school system stated it had already experienced more than a dozen DDoS attacks since the start of the school year. Sandwich Public Schools in Massachusetts were also knocked offline by a DDoS attack. When school systems fall victim to DDoS attacks, students can lose access to essential documents, files, or online platforms that they need to complete assignments. And with many students relying heavily on distance learning systems, losing access could put them behind.
In an effort to create a standardized framework for dealing with ransomware attacks across verticals – including education – McAfee has teamed up with Microsoft to lead the Ransomware Task Force, along with 17 other security firms, tech companies, and non-profits. And while we’re taking critical actions to decrease the threat of ransomware attacks, there are other steps you can take to prevent ransomware and DDoS attacks from interrupting your distance learning experience. Follow these tips to take charge of your education and live your digital life free from worry:
Many ransom notes seem convincing, and many only request small, seemingly doable amounts of money. Nevertheless, you should never pay the ransom. Paying does not promise you’ll get your information back, and many victims often don’t. So, no matter how desperate you are for your files, hold off on paying up.
With ransomware attacks locking away crucial data, it’s important to back up your files on all your machines. If a device becomes infected with ransomware, there’s no promise you’ll get that data back. Ensure you cover all your bases and have your data stored on an external hard drive or in the cloud.
Use decryption tools
No More Ransom – an initiative that teams up security firms, including McAfee, and law enforcement – provides tools to free your data, each tailored for a specific type of ransomware. If your device gets held for ransom, start by researching what type of ransomware it is. Then, check out No More Ransom’s decryption tools and see if one is available for your specific strain.
Your Wi-Fi router is the gateway to your network. Secure it by changing the default password. If you aren’t sure how to do this, consult the internet for instructions on how to do it for your specific make and model, or call the manufacturer. Solutions like McAfee Secure Home Platform, which is embedded within select routers, can help you easily manage and protect your network from DDoS attacks and more.
A lot of internet of things (IoT) devices come with default usernames and passwords. After taking your IoT device out of the box, the first thing you should do is change those default credentials. If you’re unsure of how to change the default setting on your IoT device, refer to setup instructions or do a bit of research online.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Ransomware and DDoS is on the Rise: Tips for Distance Learning in 2021 appeared first on McAfee Blogs.
Every few weeks, there seems to be breaking news about large-scale data breaches that affect millions – but what about the lesser-known threats that lurk quietly in the shadows? Oftentimes, these are the scams that could wreak havoc on our day-to-day digital lives.
Adrozek malware is just that: a new strain that affects web browsers, stealthily stealing credentials through “drive-by downloads,” or a download that happens without your knowledge.
Let’s unpack how this malware works, who it targets, and what we can do to protect our browsers from this sneaky threat.
According to Threatpost, Adrozek is infecting several web browsers (including Google Chrome, Microsoft Edge, Mozilla Firefox, and Yandex) on Windows machines with the help of a browser modifier that hijacks search results. To find its way onto our devices, the malware uses “drive-by downloads” once you load one of its several malicious web pages. In fact, a huge, global infrastructure supports Adrozek – one that is made up of 159 unique domain names, each hosting an average of 17,300 unique URLs, which in turn hosts more than 15,300 unique malware samples.
Once it makes its way onto your machine, the malware changes the device’s browser settings to allow Adrozek to insert fake ads over real ones. If you do happen to click on one of these fraudulent ads, the scammers behind this threat earn affiliate advertising dollars for each user they deceive. This not only takes money away from advertisers who are unaware that malware is increasing their traffic, but it also pays cybercriminals for their crimes. What’s more, the malware extracts data from the infected device and sends it to a remote server for future exploitation. In some cases, it even steals saved passwords from Firefox. These features allow the cybercriminals behind Adrozek to capitalize on the initial threat by collecting data that could be used against everyday users like you and me when we least expect it.
Aside from being supported by a vast infrastructure, Adrozek is powerful for another reason: it’s difficult to spot. Adrozek is a type of polymorphic malware, or malware that is programmed to constantly shift and change its code to avoid detection. As a result, it can be tricky to find and root out once it’s infected your browser.
To help protect your devices from falling victim to the latest theats, follow these tips to help protect your online security:
Software developers are actively working to identify and address security issues. Frequently update your browsers, operating systems, and apps so that they have the latest fixes and security protections.
Because Adrozek actively steals saved passwords from Firefox, it’s crucial to practice good password hygiene. When updating your credentials, you should always ensure that your password is strong and unique. Many users utilize the same password or variations of it across all their accounts. Therefore, be sure to diversify your passcodes to ensure hackers cannot obtain access to all your accounts at once, should one password be compromised. You can also employ a password manager to keep track of your credentials.
You can typically get rid of browser-hijacking malware by resetting the browser. But because Adrozek will hide itself on your device, extra measures should be taken to get rid of it. If you suspect that Adrozek may have found its way onto your device, delete your browsers, run a malware scan, and reboot your device. Run the malware scan a second time and reinstall your browsers.
Use a solution like McAfee Total Protection, which can help protect devices against malware, phishing attacks, and other threats. It includes McAfee WebAdvisor, which can help identify malicious websites.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Adrozek Malware is Wreaking Havoc on Web Browsers: How to Stay Protected appeared first on McAfee Blogs.
There are few situations more personal than a distressed family member calling to ask for financial help. But personal is precisely the angle bad actors are taking these days in scams that target both the young and old.
Called “The Grandparent Scam,” this con usually begins with a simple, “Hi, Grandma!” from a criminal posing as the victim’s grandchild who claims to be in trouble. Then comes the ask — that the loving (and worried) Grandparent wire money for bail, airfare, a collision, or some other emergency. Some scammers have even managed to spoof the incoming caller ID to read “U.S. District Court.”
Safe Family Tips: 1) Ask the caller to prove who they are and call the child’s parent or another relative to verify the situation. 2) Never wire money, gift cards, or send cash by courier. 3) Be skeptical of “urgent” requests and tearful pleas for cash or personal information.
While it’s hard to imagine being duped by this kind of phone call, you might be surprised to learn that it’s younger people falling hardest for scams. The Federal Trade Commission reports that Millennials (20-30-year-olds) are most likely to lose money to online fraud. The top 5 scams targeting Millennials include online shopping, business imposters, government imposters, fake check scams, and romance scams.
Safe Family Tips: Be skeptical when shopping online. Cybercriminals have created countless look-a-like merchant sites to gain access to your credit card and other personal information. Confirm the seller’s physical address and phone number before you make a purchase. Consider putting security software on your family’s devices that protect against malware, viruses, and provide families with Virtual Private Network (VPN) encryption for safe shopping.
With many school districts operating on a hybrid virtual and in-class education model, the digital gap between teachers and remote students has given bad actors a new channel to launch ransomware, phishing, and social engineering scams against exposed IT infrastructures. According to the FBI, “cyber actors are likely to increase targeting of K-12 schools during the COVID-19 pandemic.”
Too, a recent Microsoft Security Intelligence study found that 61 percent of the 7.7 million malware over the previous month targeted education, a number far higher than other sectors. Scams include malware attacks on e-learning platform ransomware attacks on larger districts.
Safe Family Tips: Inquire about on-site security measures in place at your child’s school. Look into software to protect your home network and personal devices against cyberattacks launched through email, school networks, or social media sites.
Your best defense against a scam — should it come via phone, email, or a website — is a solid offense. Consider boosting your cyber hygiene routine by using strong passwords, a VPN, and staying informed about the latest scams. By now, we know the bad actors online don’t discriminate based on age; they are out to steal data and dollars from anyone who lets down their guard.
The post Cruel Ghouls: New Digital Scams Target Every Age Group appeared first on McAfee Blogs.
Spooky season is among us, and ghosts and goblins aren’t the only things hiding in the shadows. Online threats are also lurking in the darkness, preparing to haunt devices and cause some hocus pocus for unsuspecting users. This Halloween season, researchers have found virtual zombies and witches among us – a new trojan that rises from the dead no matter how many times it’s deleted and malicious code that casts an evil spell to steal users’ credit card data.
Let’s unlock the mystery of these threats so you can avoid cyber-scares and continue to live your online life free from worry.
Just like zombies, malware can be a challenge to destroy. Oftentimes, it requires a user to completely wipe their device by backing up files, reinstalling the operating system, and starting from scratch. But what if this isn’t enough to stop the digital walking dead from wreaking havoc on your device?
Recently, a new type of Trojan has risen from the dead to haunt users no matter how many times it’s deleted. This zombie-like malware attaches itself to a user’s Windows 10 startup system, making it immune to system wipes since the malware can’t be found on the device’s hard drive. This stealthy malware hides on the device’s motherboard and creates a Trojan file that reinstalls the malware if the user tries to remove it. Once it sets itself up in the darkness, the malware scans for users’ private documents and sends them to an unknown host, leaving the user’s device in a ghoulish state.
A malware misfortune isn’t the only thing that users should beware of this Halloween. Cybercriminals have also managed to inject malicious code into a wireless provider’s web platform, casting an evil spell to steal users’ credit card data. The witches and warlocks allegedly responsible for casting this evil spell are part of a Magecart spin-off group that’s known for its phishing prowess. To pull off this attack, they plated a credit card skimmer onto the wireless provider’s checkout page. This allowed the hackers to exfiltrate users’ credit card data whenever they made a purchase – a spell that’s difficult to break.
While these threats might seem like just another Halloween trick, there are other forces at play. According to McAfee’s Quarterly Threats Report from July 2020, threats like malware phishing and trojans have proven opportunistic for cybercriminals as users spend more and more time online – whether it be working from home, distance learning, or connecting with friends and loved ones. In fact, McAfee Labs observed 375 threats per minute in Q1 2020 alone.
So, as hackers continue to adapt their techniques to take advantage of users spending more time online, it’s important that people educate themselves on emerging threats so they can take necessary precautions and live their digital lives free from worry.
Fortunately, there are a number of steps you can take to prevent these threats from haunting your digital life. Follow these tips to keep cybersecurity tricks at bay this spooky season:
Zombie malware is easily spread by phishing, which is when scammers try to trick you out of your private information or money. If you receive an email from an unknown user, it’s best to proceed with caution. Don’t click on any links or open any attachments in the email and delete the message altogether.
Look over your credit card accounts and bank statements often to check whether someone is fraudulently using your financial data – you can even sign up for transaction alerts that your bank or credit card company may provide. If you see any charges that you did not make, report it to the authorities immediately.
Add an extra layer of protection with a security solution like McAfee® Total Protection to help safeguard your digital life from malware and other threats. McAfee Total Protection also includes McAfee® WebAdvisor – web protection that enables users to sidestep attacks before they happen with clear warnings of risky websites, links, and files.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Trick or Treat: Avoid These Spooky Threats This Halloween appeared first on McAfee Blogs.
October is Cybersecurity Awareness Month, which is led by the U.S. government’s Cybersecurity and Infrastructure Security Agency (CISA) in conjunction with the National Cyber Security Alliance (NCSA)—a national non-profit focused on cybersecurity education & awareness. McAfee is pleased to announce that we’re a proud participant.
Imagine it’s 20 years ago and someone at a dinner party predicts that one day you could pop down to the appliance store and buy an internet-connected fridge. Your year 2000 self might have shook that off and then then asked, “Why would someone ever do that?”
Yet here we are.
Today, so much is getting connected. Our appliances, security systems, and even our coffeemakers too. So far this month, we’ve talked about protecting these connected things and securing these new digital frontiers as Internet of Things (IoT) devices transform not only our homes, but businesses and communities as well.
To wrap up Cybersecurity Awareness Month, let’s take a look ahead at how the next wave of connected devices could take shape by taking a look at the network that billions of them will find themselves on: 5G networks.
You’ve no doubt seen plenty of commercials from the big mobile carriers as they tout the rollout of their new, more powerful 5G networks. And more powerful they are. For starters, 5G is expected to operate roughly 10 times faster than the 4G LTE networks many of us enjoy now—with the potential to get yet faster than that over time.
While mention of faster speeds continues to be the top selling point in ads and the like, 5G offers another pair of big benefits: greater bandwidth and lower latency. Taken together, that means 5G networks can host more devices than before and with a near-instantaneous response time.
The implication of these advances is that billions and billions of new devices will connect to mobile networks directly, at terrific speeds, rather than to Wi-Fi networks. Of those, many billions will be IoT devices. And that means more than just phones.
What will those devices look like?
One answer is plenty more of what we’re already starting to see today—such as commercial and industrial devices that track fleet vehicles, open locks on tractor trailer deliveries based on location, monitor heating and air conditioning systems, oversee supply chains. We’ll also see more devices that manage traffic, meter utilities, and connect devices used in healthcare, energy, and agriculture. That’s in addition to the ones we’ll own ourselves, like wearables and even IoT tech in our cars.
All together, we’ll add about 15 billion new IoT devices to the 26 billion IoT devices already in play today for a total of an expected 41 billion IoT devices in 2025.
Citing those examples of IoT applications underscores the critical need for safety and security in the new 5G networks. This is a network we will count on in numerous ways. Businesses will trust their operations to the IoT devices that operate on it. Cities will run their infrastructure on 5G IoT devices. And we, as people, will use 5G networks for everything from entertainment to healthcare. Not only will IoT devices themselves need protection, yet the networks will need to be hardened for protection as well. And you can be certain that increased network security, and security in general, is a part of our future forecast.
The GSMA, an industry group representing more than 750 operators in the mobile space, calls out the inherent need for security for 5G networks in their 5G Reference Guide for Operators. In their words, “New threats will be developed as attackers are provided live service environment to develop their techniques. 5G is the first generation that recognizes this threat and has security at its foundation.” When you consider the multitude of devices and the multitude of applications that will find their way onto 5G, a “square one” emphasis on security makes absolute sense. It’s a must.
While standards and architectures are taking shape and in their first stages of implementation, we can expect operators to put even more stringent defenses in place, like improved encryption, ways of authenticating devices to ensure they’re not malicious, creating secure “slices” of the network, and more, which can all improve security.
Another consideration for security beyond the oncoming flood of emerging devices and services that’ll find their way onto 5G networks is the sheer volume of traffic and data they’ll generate. One estimate puts that figure of 5G traffic at 79.4 zettabytes (ZB) of data in 2025. (What’s a zettabyte? Imagine a 10 followed by 21 zeroes.) This will call for an evolution in security that makes further use of machine learning and AI to curb a similarly increased volume of threats—with technologies much like you see in our McAfee security products today.
“Siri/Alexa/Cortana/Google, play Neko Case I Wish I Was the Moon.”
We’ve all gotten increasingly comfy with the idea of connected devices in our homes, like our smart assistants. Just in 2018, Juniper Research estimated that there’d be some 8 billion digital voice assistants globally by 2023, thanks in large part to things like smart TVs and other devices for the home. Expect to see more IoT devices like those available for use in and around your house.
What shape and form might they take? Aside from the voice-activated variety, plenty of IoT devices will help us automate our homes more and more. For example, you might have smart sensors in your garden that can tell when your tomatoes are thirsty and activate your soaker hoses for a drink—or other smart sensors placed near your water heater that will text you when they detect a leak.
Beyond that, we’re already purchasing connected lights and smart thermostats, yet how about connecting these things all together to create presets for your home? Imagine a setting called “Movie Night,” where just a simple voice command draws the shades, lowers the lights, turns on the gas fireplace, and fires up the popcorn maker. All you need to do is get your slippers.
Next, add in a degree of household AI, which can learn your preferences and habits. Aspects of your home may run themselves and predict things for you, like the fact that you like your coffee piping hot at 5:30am on Tuesdays. Your connected coffeemaker will have it ready for you.
These scenarios were once purely of the George Jetson variety (remember him?), yet more and more people will get to indulge in these comforts and conveniences as the technology becomes more pervasive and affordable.
One point of consideration with any emerging technology like the IoT on 5G is access.
This year drove home a hard reality: access to high-speed internet, whether via mobile device or a home network is no longer a luxury. It’s a utility. Like running water. We need it to work. We need it to study. We need it to bank, shop, and simply get things done.
Yet people in underserved and rural communities in the U.S. still have no access to broadband internet in their homes. Nearly 6 in 10 of U.S. parents with lower incomes say their child may face digital obstacles in schoolwork because of reduced access to devices and quality internet service. And I’ve heard anecdotes from educators about kids taking classes online who have to pull into their school’s parking lot to get proper Wi-Fi, simply because they don’t have a quality connection at home.
The point is this: as these IoT innovations continue to knit their way into our lives and the way the world works, we can’t forget that there’s still a digital divide that will take years of effort, investment, and development before that gap gets closed. And I see us closing that gap in partnership, as people and communities, businesses and governments, all stand to benefit when access to technology increases.
So as we look to the future, my hope is that we all come to see high-speed internet connections for what they are—an absolute essential—and take the steps needed to deliver on it. That’s an advance I’d truly embrace.
To stay updated on all things McAfee and for more resources on staying secure from home, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post 5G and the IoT: A Look Ahead at What’s Next for Your Home and Community appeared first on McAfee Blogs.
October is Cybersecurity Awareness Month, which is led by the U.S. government’s Cybersecurity and Infrastructure Security Agency (CISA) in conjunction with the National Cyber Security Alliance (NCSA)—a national non-profit focused on cybersecurity education & awareness. McAfee is pleased to announce that we’re a proud participant.
Fitness trackers worn on the wrist, glucose monitors that test blood sugar without a prick, and connected toothbrushes that let you know when you’ve missed a spot—welcome to internet-connected healthcare. It’s new realm of care with breakthroughs big and small. Some you’ll find in your home, some you’ll find inside your doctor’s office, yet all of them are connected. Which means they all need to be protected. After all, they’re not tracking any old data. They’re tracking our health data, one of the most precious things we own.
Internet-connected healthcare, also known as connected medicine, is a broad topic. On the consumer side, it covers everything from smart watches that track health data to wireless blood pressure monitors that you can use at home. On the practitioner side, it accounts for technologies ranging from electronic patient records, network-enabled diagnostic devices, remote patient monitoring in the form of wearable devices, apps for therapy, and even small cameras that can be swallowed in the form of a pill to get a view of a patient’s digestive system.
Additionally, it also includes telemedicine visits, where you can get a medical issue diagnosed and treated remotely via your smartphone or computer by way of a video conference or a healthcare provider’s portal—which you can read about more in one of my blogs from earlier this year. In all, big digital changes are taking place in healthcare—a transformation that’s rapidly taking shape to the tune of a global market expected to top USD 534.3 billion by 2025.
Advances in digital healthcare have come more slowly compared to other aspects of our lives, such as consumer devices like phones and tablets. Security is a top reason why. Not only must a healthcare device go through a rigorous design and approval process to ensure it’s safe, sound, and effective, it also held to similar rigorous degrees of regulation when it comes to medical data privacy. For example, in the U.S., we have the Health Insurance Portability and Accountability Act of 1996 (HIPAA), which sets privacy and security standards for certain health information.
Taken together, this requires additional development time for any connected medical device or solution, in addition to the time it takes to develop one with the proper efficacy. Healthcare device manufacturers cannot simply move as quickly as, say, a smartphone manufacturer can. And rightfully so.
However, for this blog, we’ll focus on the home and personal side of the equation, with devices like fitness trackers, glucose monitors, smart watches, and wearable devices in general—connected healthcare devices that more and more of us are purchasing on our own. To be clear, while these devices may not always be categorized as healthcare devices in the strictest (and regulatory) sense, they are gathering your health data, which you should absolutely protect. Here are some straightforward steps you can take:
Many medical IoT devices use a smartphone as an interface, and as a means of gathering, storing, and sharing health data. So whether you’re an Android owner or iOS owner, get security software installed on your phone so you can protect all the things it accesses and controls. Additionally, installing it will protect you and your phone in general as well.
Some IoT devices have found themselves open to attack because they come with a default username and password—which are often published on the internet. When you purchase any IoT device, set a fresh password using a strong method of password creation. And keep those passwords safe. Instead of keeping them on a notebook or on sticky notes, consider using a password manager.
You’ve probably come across two-factor authentication while banking, shopping, or logging into any other number of accounts. Using a combination of your username, password, and a security code sent to another device you own (typically a mobile phone) makes it tougher for hackers to crack your device. If your IoT device supports two-factor authentication, use it for extra security.
This is vital. Make sure you have the latest updates so that you get the latest functionality from your device. Equally important is that updates often contain security upgrades. If you can set your device to receive automatic updates, do so.
Your medical IoT device will invariably use your home Wi-Fi network to connect to the internet, just like your other devices. All the data that travels on there is personal and private use already, and that goes double for any health data that passes along it. Make sure you use a strong and unique password. Also change the name of your router so it doesn’t give away your address or identity. One more step is to check that your router is using an encryption method, like WPA2, which will keep your signal secure. You may also want to consider investing in an advanced internet router that has built-in protection, which can secure and monitor any device that connects to your network.
Similar to the above, another way you can further protect the health data you send over the internet is to use a virtual private network, or VPN. A VPN uses an encrypted connection to send and receive data, which shields it from prying eyes. A hacker attempting to eavesdrop on your session will effectively see a mish-mash of garbage data, which helps keep your health data secure.
One recent study found that 25% of U.S. homeowners with broadband internet expect to purchase a new connected consumer health or fitness device within the next year. Just be sure yours is secure. Read up on reviews and comments about the devices you’re interested in, along with news articles about their manufacturers. See what their track record is on security, such as if they’ve exposed data or otherwise left their users open to attack.
Bottom line, when we speak of connected healthcare, we’re ultimately speaking about one of the most personal things you own: your health data. That’s what’s being collected. And that’s what’s being transmitted by your home network. Take these extra measures to protect your devices, data, and yourself as you enjoy the benefits of the connected care you bring into your life and home.
The post Seven Tips for Protecting Your Internet-Connected Healthcare Devices appeared first on McAfee Blog.
These days, work and home mean practically the same thing. Our house is now an office space or a classroom, so that means a lot of our day-to-day happens online. We check emails, attend virtual meetings, help our children distance learn, use social media platforms to check in on our friends and family – our entire lives are digital! This increase in connectivity could mean more exposure to threats – but it doesn’t have to. That’s why this National Cybersecurity Awareness Month (NCSAM) you should learn what it means to be cyber smart.
In our third blog for this NCSAM this year, we examine what that entails. Let’s dive in.
Stay Secure While Working Remote
According to Stanford research, almost twice as many employees work from home than at the office in the U.S. in response to the COVID-19 pandemic. And this new work-from-home economy is probably only going to expand in the future. Your pets and children will continue to make surprise guest appearances on work calls, or you may continue your new job hunt from the kitchen table. But as you work on juggling your work life and personal life at home base, this doesn’t mean that you should have to juggle security threats too.
The new WFH landscape has also brought about increased risk from . Unlike corporate offices – which usually have IT staff responsible for making any necessary network security updates and patches – users’ home network security is in their own hands. This means users must ensure that their Wi-Fi connections are private and locked with a complex password or employ the help of a VPN to prevent hackers from infiltrating your work.
Be Cybersmart While Distance Learning
Work isn’t the only element of consumers’ lives that’s recently changed – school is also being conducted out of many students’ homes as they adapt to distance learning. As a result, parents are now both professionals and teachers, coaching students through new online learning obstacles. But as more students continue their curriculum from home and online activity increases, so does the possibility of exposure to inappropriate content or other threats.
For instance, the transition to distance learning has led to an increase in online students to lose valuable time meant to be spent on their education.
To help ensure that learning from home goes as smoothly as possible, parents must stay updated on the threats that could be lurking around the corner of their children’s online classrooms. Take the time to secure all the devices that power your kids’ learning with a comprehensive security solution.
Of course, everyone needs to find a balance between work, school, and play! These days, that means scavenging the internet for new content to help keep entertained at home. In fact, according to Nielson, there was an 85% increase in American streaming rates in the first three weeks of March this year compared to March 2019 reports. However, causing users to turn to other less secure alternatives such as illegal downloads and links to “free” content riddled with malware. This could open consumers up to a whole host of threats.
Users looking to stream the latest TV show or movie should be cautious and only access entertainment content directly from a reliable source. The safest thing to do is to subscribe to a streaming site that offers the content or download the movie from credible websites, instead of downloading a “free” version from a website that could contain malware.
We all need to be cybersmart and aware of the threats that come with our lifestyle changes. By following these pointers, you can block threats from impacting your new day-to-day and ensure security is one less thing to worry about. When looking ahead to the future, incorporate the aforementioned pointers into your digital life so that you are prepared to take on whatever the evolving security landscape brings – now that’s being cybersmart!
Stay Updated
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, look out for our other National Cybersecurity Awareness Month blogs, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Stay Connected and Protected During Work, School, and Play appeared first on McAfee Blogs.