Login
Happy Cybersecurity Awareness Month!
Every October, the National Cybersecurity Alliance selects a theme around which to publish extensive awareness resources and practical tips to help you improve your cybersecurity.1 This year’s theme is “It’s easy to stay safe online.” With the number of cyberthreats and breaches dominating the headlines, it can seem like a Herculean task to cover all your bases; however, with just four easy habits, you can actually protect yourself against a large percentage of these threats!
Don’t be scared of hackers, phishers, or cybercriminals this month. Leave that to the ghosts, ghouls, and your upcoming holiday social calendar.
Multifactor authentication (MFA) is an excellent way to frustrate cybercriminals attempting to break into your online accounts. MFA means that you need more than a username and password to log in, such as a one-time code sent to by email, text, or through an authentication app or a face or fingerprint scan. This adds an extra layer of security, because a thief would have to have access to your device, your email, or be able to trick a biometric reader to get into your online account.
Most online sites offer the option to turn on MFA. While it may add an extra few seconds to the login process, it’s well worth it. Username and password combinations can be up for sale on the dark web following a breach. With these in hand, a cybercriminal could then help themselves to your online bank account, online medical records, and possibly your identity. When an account is secured with MFA, a criminal may quickly move on to another target that’s easier to crack.
Most sites won’t even let you proceed with creating an account if you don’t have a strong enough password. A strong password is one with a mix of capital and lowercase letters, numbers, and special characters. What also makes for an excellent password is one that’s unique. Reusing passwords can be just as risky as using “password123” or your pet’s name plus your birthday as a password. A reused password can put all your online accounts at risk, due to a practice called credential stuffing. Credential stuffing is a tactic where a cybercriminal attempts to input a stolen username and password combination in dozens of random websites and to see which doors it opens.
Remembering a different password for each of your online accounts is almost an impossible task. Luckily, password managers make it so you only have to remember one password ever again! Password managers, like the one available in McAfee+. safeguard all your passwords in one secure desktop extension or cellphone app that you can use anywhere. McAfee+ is secured with one of the most secure encryption algorithms available, and multifactor authentication is always standard.
It’s best to create passwords or passphrases that have a secret meaning that only you know. Stay away from using significant dates, names, or places, because those are easier to guess. You can also leave it up to your password manager to randomly generate a password for you. The resulting unintelligible jumble of numbers, letters, and symbols is virtually impossible for anyone to guess.
Software update notifications always seem ping on the outskirts of your desktop and mobile device at the most inconvenient times. What’s more inconvenient though is having your device hacked. Another easy tip to improve your cybersecurity is to update your device software whenever upgrades are available. Most software updates include security patches that smart teams have created to foil cybercriminals. The more outdated your apps or operating system is, the more time criminals have had to work out ways to infiltrate them.
Consider enabling automatic updates on all your devices. Many major updates occur in the early hours of the morning, meaning that you’ll never know your devices were offline. You’ll just wake up to new, secure software!
You’ve likely already experienced a phishing attempt, whether you were aware of it or not. Phishing is a common tactic used to eke personal details from unsuspecting or trusting people. Phishers often initiate contact through texts, emails, or social media direct messages, and they aim to get enough information to hack into your online accounts or to impersonate you.
Luckily, it’s usually easy to identify a phisher. Here are a few tell-tale signs for be on the lookout for:
Never engage with a phishing attempt. Do not forward the message or respond to them and never click on any links included in their message. The links could direct to malicious sites that could infect your device with malware or spyware.
Before you delete the message, block the sender, mark the message as junk, and report the phisher. Reporting can go a long way toward hopefully preventing the phisher from targeting someone else.
The best complement to your newfound excellent cyberhabits is a toolbelt of excellent services to patch any holes in your defense. McAfee+ includes all the services you need to boost your peace of mind about your online identity and privacy. You can surf public Wi-Fis safely with its secure VPN, protect your device with antivirus software, scan risky sites for your personally identifiable information, and more!
This October, make a commitment to improving your cybersecurity with the guidance of the National Cybersecurity Alliance and McAfee.
1National Cybersecurity Alliance, “Cybersecurity Awareness Month”
The post 4 Easy Things You Can Do Today to Improve Your Cybersecurity appeared first on McAfee Blog.
Social media has become a part of our everyday lives. Each day millions of people log on to Facebook, Twitter, and other social sites and engage with friends and family. We share our lives more freely and publicly than ever before, and connect with people around the world more easily than our ancestors could have dreamed of.
While many beautiful things come from sharing online, most of us have experienced discord with other internet users while being social online. In some cases, exchanges can become hostile, with the aggrieved party becoming threatening or malicious. Doxxers also target popular online influencers, movie and tv stars, or anyone they don’t agree with, as a way to seek revenge, bully, shame, or intimidate them.
One way someone may attempt to retaliate is to release sensitive personal private information about the person to the broader internet. This kind of online harassment is known as “doxxing.”
This article explains what doxxing is and how to prevent it from happening to you.
Doxxing (or “doxing”) is the practice of revealing another individual’s personal information (home address, full name, phone number, place of work, and more) in an online public space without the person’s consent.
The term “doxxing” comes from the hacker world and references the act of “dropping dox” (as in “docs”) with malicious intent to the victim. The severity of the personal data leak may also go beyond phone numbers and addresses to include releasing private photos, Social Security numbers (SSNs), financial details, personal texts, and other more invasive attacks.
One of the first incidents of doxxing took place back in the late 1990s when users of the online forum Usenet circulated a list of suspected neo-Nazis. The list included the suspected individuals’ email accounts, phone numbers, and addresses.
In 2021, rapper Kanye West famously doxxed Drake when he tweeted the star’s home address.
While doxxing can hurt people, it’s not necessarily a crime. In some cases, a doxxer finds publicly available information and shares it broadly. Since the data is public record, it’s not illegal to share it. A doxxer might invite others to visit the home or workplace of their target rather than taking a specific action.
That said, it is illegal to hack a device or computer without permission from the owner — even if the information collected is never used. The legality of doxxing must be taken on a case-by-case basis, and law enforcement must build its case based on existing applicable laws.
For example, if the doxxer attempted to apply for a credit card using your private data, they could be prosecuted for fraud or identity theft.
You can follow a few critical practices to help protect yourself from doxxing. Start by limiting what you share online, using strong passwords, and taking advantage of secure technologies like virtual private networks (VPNs).
Limiting the amount of personal information you share online is one of the best ways to protect yourself from doxxing. Avoid oversharing personal details of your life (like your child’s name, pet’s name, or place of work) and maintain the highest possible privacy settings for any social media app or website.
You should also take caution when tagging friends, locations, and photos, as this may give doxxers more access to your data. Check out our Ultimate Guide to Safely Sharing Online to learn more.
Data brokers are companies that mine the internet and public records for financial and credit reports, social media accounts, and more. They then sell that data to advertisers, companies, or even individuals who may use it to doxx somebody.
You might be surprised to see the amount of sensitive information available to anyone who wants it with an online search. Data brokers often have contact information, including real names, current and former addresses, birth dates, phone numbers, social media profiles, political affiliations, and other information that most consider private.
While you can remove your private information from many data broker sites, they tend to make the process tedious and frustrating. McAfee® Personal Data Cleanup makes the process much easier. All you have to do is enter your name, date of birth, and home address, and we’ll scan it across high-risk data broker sites. We’ll then help you remove it.
Having strong passwords can make you less vulnerable to hackers and doxxers. Keep yourself more secure by following a few simple rules.
Make password management much easier by using a password manager and generator tool like True Key from McAfee. True Key uses the strongest encryption available to decrypt your existing passwords and can help generate new strong passwords.
When browsing on public Wi-Fi networks like those at airports and coffee shops, your data is at greater risk of being compromised by cybercriminals who may lift sensitive information for personal gain.
A virtual private network (VPN) service (like the one found in McAfee+) gives you an additional layer of protection by hiding your IP address and browsing activities when you’re on an unsecured network.
Scammers, doxxers, and hackers work hard to get personal information every day. With McAfee Total Protection, you can use the internet with confidence knowing you have the support of award-winning antivirus software to keep you and your family members safe online.
Get real-time threat protection through malware detection, quarantine, and removal, and schedule real-time or on-demand file and application scanning. You’ll also benefit from an advanced firewall for home network security.
We all increasingly rely on the internet to manage our lives. As a result, it’s important to address the risks that come with the rewards.
Comprehensive cybersecurity tools like those that come with McAfee+ can help you avoid scams, doxxing attacks, identity theft, phishing, and malware. We can also help keep your sensitive information off the dark web with our Personal Data Cleanup.
With McAfee’s experts on your side, you can enjoy everything the web offers with the confidence of total protection.
The post What is Doxxing? appeared first on McAfee Blog.
Internet security is a broad term that refers to a wide range of tactics that aim to protect activities conducted over the internet. Implementing internet security measures helps protect users from different online threats like types of malware, phishing attacks, scams, and even unauthorized access by hackers.
In this article, we highlight the importance of internet security in safeguarding your computer network and outline what you can do to have a comprehensive computer security system in place.
As the internet expands and becomes an even bigger part of our lives, cyberthreats continue to grow both in scope and sophistication. According to Forbes, data breaches and cyberattacks saw an increase of 15.1% in 2021 compared to the previous year. These security threats come in different forms and vary in terms of complexity and detectability.
Some common online threats people face today include:
While these internet security threats may seem overwhelming at first glance, safeguarding your computer or mobile devices from them is relatively easy. Below is a detailed look at some security solutions available to you.
As we stated above, setting up an internet security system is a relatively straightforward process. Here are some basic network security measures you can implement right away.
The first step in making sure you have internet security is installing antivirus software. These programs are designed to prevent, search for, detect, and get rid of viruses and other types of malicious software.
Antivirus software can run automatic scans to make sure no network or data breach has occurred and scan specific files or directories for any malicious activity or patterns.
There are plenty of options to choose from when it comes to antivirus software, however, few programs offer the comprehensive level of protection the antivirus software included in McAfee® Total Protection provides to its users.
McAfee’s antivirus software comes with a wide selection of features, including malware detection, quarantine, and removal, different options for scanning files and applications, and an advanced firewall for home network security.
While this may sound obvious, it’s important to create strong and unique passwords for all your online accounts and devices. A significant percentage of data breaches occur as a result of simple password guessing.
Some tips to follow when creating a password include:
It can also be a good idea to use a password manager, as this will help reduce the risk of your passwords getting leaked or lost. McAfee’s password manager, is particularly convenient thanks to its advanced encryption and multi-factor authentication.
A firewall is a network security system built into your operating system. It monitors incoming and outgoing network traffic to prevent unauthorized access to your network. For it to be able to identify and block these threats, you’ll want to make sure your firewall is enabled on your device. If you’re unsure if your device comes with a firewall, you can benefit from one included in McAfee Total Protection.
Multi-factor authentication (MFA) is an authentication method that requires at least two pieces of evidence before granting access to an app or website. Using this method as much as possible can add another layer of security to your applications and reduce the likelihood of a data breach.
Your choice of browser is an important part of implementing internet security measures. In fact, web browsers vary widely in terms of the security features that they offer, with some offering just the basics and others providing a more complete range of features. Ideally, you should opt for a web browser that offers the following security features:
As children grow older, their internet use becomes more extensive. This can also increase their exposure to various security threats. To keep them safe online, educate them about the risks associated with web browsing and introduce them to some of the best practices for avoiding online threats like not sharing passwords.
Explain which information should be shared and which information should be kept private and instruct them to never click on links from unknown sources.
You should also take a more active approach to protect your children by setting parental controls on certain websites. For instance, you can use YouTube’s parental controls to filter any inappropriate content and keep a child-friendly interface.
The following tips can help you stay on the safe side in regard to internet security.
While malware attacks are common, their prevalence shouldn’t deter you from browsing the internet as usual. Adhering to the internet security best practices outlined in this article can help keep you safe from the majority of security threats that you might encounter online.
For added security, consider using an all-in-one antivirus solution like McAfee+. This is one of the most effective ways to safeguard your devices from online threats.
Let McAfee handle your security while you focus on enjoying the web.
The post What Is Internet Security? appeared first on McAfee Blog.
The internet has changed our lives in more ways than we can count. These days, anything we desire — whether it’s knowledge, career opportunities, or consumer products — is seemingly just a few clicks away from us.
And while it’s safe to say the impact of the internet has been an overall net positive, it’s also worth mentioning that its widespread adoption has introduced a number of new challenges we haven’t had to tackle before. Chiefly among them is the need to safeguard our personal data from the prying eyes of uninvited strangers.
These external threats on our data come in the form of malicious software, such as Trojan horses. Trojans are a type of malware that relies on social engineering to infect the device of an unsuspecting target. They get their name from the story of Odysseus when he hid his Greek soldiers inside a wooden horse to get inside the city of Troy.
Basically, Trojans infiltrate computer systems by masquerading as legitimate programs that are unwittingly downloaded and installed by the users. Hackers often use trojans to steal sensitive data such as medical, personal, or financial information. They are one of the most common types of malicious programs and can pose a threat to computer systems if left undetected.
In this article, we go over how to detect a Trojan infection and discuss some of the most effective ways to check for a Trojan on a Windows PC.
Like any computer virus infection, a system that’s infected with a Trojan horse can display a wide range of symptoms. Here are the main signs you should look out for.
Now that you’re familiar with some of the common symptoms of a Trojan infection, let’s delve into how you can check for it on your PC.
The first step you should consider is scanning your PC using an antivirus program. These anti-malware programs are an integral component of cybersecurity and should be the first thing you turn to when you’re trying to detect and remove Trojans.
There are plenty of malware scan options to choose from, with antivirus software included in McAfee® Total Protection being one of the most comprehensive and functional security software you can use.
It offers real-time protection from all types of malicious software threats, including viruses, rootkits, spyware, adware, ransomware, backdoors, and, last but not least, Trojans. McAfee virus protection comes with several valuable features, such as on-demand and scheduled scanning of files and apps, an advanced firewall for home network security, and compatibility with Windows, MacOS, Android, and iOS devices.
The next option you should explore is to search for Trojans in “safe mode.” This is an effective method of Trojan detection since safe mode only runs the basic programs needed for Microsoft Windows operation, making it easy to spot any unfamiliar or suspicious programs.
Here’s how you can search for Trojans in safe mode:
A simple yet effective way to detect unfamiliar applications or suspicious activity in your system is to check the processes in Windows Task Manager. This will allow you to see if there are any unauthorized malicious programs running in the background.
To check a list of all the active processes that are currently running on your PC, press Ctrl+Alt+Del and click on the “Processes” tab. Check the list of active applications and disable the process of apps without verified publishers or ones you don’t remember downloading and installing.
Another method you can try is to scan your PC using built-in Windows virus and threat protection tools. Microsoft Defender (called Windows Defender Security Center in older versions of Windows 10) can perform virus scans and detect various types of malware.
A dedicated antivirus software like McAfee virus protection can also detect and remove malware. Our program comes with a full range of features that are specifically designed to recognize and remove all forms of threats from your system.
Computer security shouldn’t be something you lose sleep over. As long as you’re using a complete virus protection tool like McAfee antivirus software, you can enjoy a stress-free browsing experience.
McAfee virus protection software is especially effective when it comes to scanning for Trojans and other types of malware and removing them before they can cause any damage to your computer system. With real-time, on-demand, and scheduled scanning of files and applications at your disposal, we’ll help you detect any emerging threat in a timely manner.
See how McAfee Total Protection can make your digital life that much more rewarding and check out our Personal Data Cleanup service, which regularly scans some of the riskiest data broker sites to help remove your personal information from the net and protect your identity from theft.
The post Best Ways to Check for a Trojan on Your PC appeared first on McAfee Blog.
A virtual private network (VPN) is a tool that enables users to protect their privacy while using an internet connection. VPNs create an encrypted tunnel — a private link between your device and the VPN server.
Essentially, this private link or tunnel keeps external influences out and allows your data to travel in an encrypted manner, enhancing security. The network’s privacy also makes sure your Internet Protocol (IP) address and browsing history is hidden online.
[Text Wrapping Break]VPNs use several VPN protocols like OpenVPN, IPSec/IKEv2, PPTP, SSTP, and WireGuard to protect you. In particular, McAfee® Safe Connect VPN supports the OpenVPN protocol, which is an open-source and highly secure protocol running on TCP or UDP internet protocol and used by many VPN providers globally. [Text Wrapping Break][Text Wrapping Break]Read on to know more about how VPNs work and learn to install one.
The best way to stay secure online is to minimize your digital footprint. A good VPN service allows you to do exactly this, acting as an additional layer of protection for your online activities.
The primary function of a VPN is encryption. Most websites and online browsers already have some form of encryption. For example, when you purchase something on Amazon, you have to enter your credit card details and address. Encryption creates a private tunnel for data transmission between your device and Amazon to make sure no one else can watch what you’re doing.
A VPN app does the same thing with an added level of security. The data that you pass to a VPN server is anonymized before it goes to the internet. In short, your device establishes an encrypted connection with the VPN server instead of connecting directly through the internet. So, the encryption protects your data and digital footprint from anyone outside the “private tunnel” between you and the secure VPN server.
Additionally, VPNs allow you to change or hide your IP address. An IP address is a number linked to a particular computer and network. Changing your IP address can trick the servers into thinking you’re connecting from a different geographical location. This can help improve security and provide additional benefits discussed below.
You can also use a VPN to hide your IP address. This may be helpful if you’re trying to access content from other countries (for example, Netflix may have different content in different countries) or trying to keep your internet search history away from the prying eyes of a third-party like your internet service provider or a government.
Using a VPN can help improve your online security. Nearly every internet activity — website and social media browsing, paying bills, online shopping, data sharing, and more — can be tracked by others. [Text Wrapping Break][Text Wrapping Break]Read on to learn about who typically uses a VPN and understand whether you should consider installing one.
Given the extra security that VPN connections provide, you can gain something from using a VPN client. So, if you’re an individual concerned about your online privacy or just want to browse online anonymously — consider using a VPN. A VPN enables you to use the internet without third parties seeing your identity or identifying you via your search history since they don’t know what you were searching about or using the internet for.
Big tech has had a long history of tracking private data for their gains. These companies regularly bundle data into coherent profiles and sell it to third parties. Additionally, they use private data to demonstrate targeted advertisements or manipulative content that makes you more likely to purchase their products. [Text Wrapping Break][Text Wrapping Break]So, it’s worthwhile to use a VPN if you regularly shop online or bank online. A VPN gives you that additional protection that can help prevent hackers or malicious third parties from accessing your information.[Text Wrapping Break][Text Wrapping Break]VPNs are excellent mechanisms for you to protect your privacy online. And you should consider your personal context and conduct thorough research to find the best VPN for your needs.
VPNs are particularly helpful if you travel a lot, either for business or for leisure. While traveling, it’s inevitable that you connect to random or unknown Wifi networks and it may be the case that these networks are spying on you. However, if you’re using a VPN to browse the web, these WiFi networks can’t track you or your search history. This ensures you maintain anonymity and are safe while using the internet.
Yes, an additional layer of protection to your online activities is always good practice. A VPN allows individuals using a personal computer to stay vigilant, protect their data, and maintain anonymity while allowing them to still enjoy their online experience.
VPNs provide more benefits than just serving as an additional layer for cybercriminals to pass through.
Depending on the VPN you’re using, it can be a straightforward process to connect a VPN to your Mac, Windows, iPhone, or Android mobile device. McAfee’s VPN works with multiple platforms and operating systems, including Microsoft Windows, macOS, Android, and iOS.
Use this guide to quickly set up a VPN with your device in a few simple steps.
With McAfee +, you can minimize your digital footprint through a secure connection channel without compromising your browsing experience. Connect to public networks, make financial transactions online, and keep your personal data safe with McAfee.
With our bank-grade AES-256 bit encryption technology and automatic protection, McAfee VPN protection can help safeguard all your online activities — allowing you to enjoy the internet the way it was meant to be enjoyed.
Explore our full suite of cybersecurity tools included in McAfee +, including our newest service, Personal Data Cleanup. We can help find and remove your personal data on some of the riskiest data broker sites.
The post What’s the Meaning of VPN? VPN Defined appeared first on McAfee Blog.
Malicious software, or “malware,” refers to any program designed to infect and disrupt computer systems and networks. The risks associated with a malware infection can range from poor device performance to stolen data.
However, thanks to their closed ecosystem, built-in security features, and strict policies on third-party apps, Apple devices tend to be less prone to malware infections compared to their Android counterparts. But it’s important to note that they’re not completely without vulnerabilities.
Several iPhone viruses could infect your smartphone and affect its functionality, especially if you jailbreak your iPhone (that is, opening your iOS to wider features, apps, and themes).
This article covers how you can detect malware infections and how to remove viruses from your device so you can get back to enjoying the digital world.
Malware can affect your iPhone in a variety of ways. Here are a few telltale signs that your iPhone might have an unwelcome visitor.
If you notice any of the signs above, it’s a good idea to check for malware. Here are some steps you can take.
If you’ve confirmed malware on your iPhone, don’t worry. There’s still time to protect yourself and your data. Below is an action plan you can follow to remove malware from your device.
In many cases, hackers exploit outdated versions of iOS to launch malware attacks. If you don’t have the latest version of your operating system, it’s a good idea to update iOS to close this potential vulnerability. Just follow these steps:
It might sound simple, but restarting your device can fix certain issues. The system will restart on its own when updating the iOS. If you already have the latest version, restart your iPhone now.
If updating the iOS and restarting your device didn’t fix the issue, try clearing your phone’s browsing history and data. If you’re using Safari, follow these steps:
Keep in mind that the process is similar for Google Chrome and most other popular web browsers.
Malicious software, such as spyware and ransomware, often end up on phones by masquerading as legitimate apps. To err on the side of caution, delete any apps that you don’t remember downloading or installing.
The option to restore to a previous backup is one of the most valuable features found on the iPhone and iPad. Essentially, this allows you to restore your device to an iCloud backup made before the malware infection.
Here’s how:
If none of the steps above solves the problem, a factory reset might be the next order of business. Restoring your phone to factory settings will reset it to its out-of-factory configuration, deleting all of your apps, content, and settings in the process and replacing them with original software only.
To factory reset your iPhone, follow these steps:
The best way to protect your iOS device is to avoid malware in the first place. Follow these security measures to safeguard your device:
If you have an iPhone and are like most other people, you probably use your device for almost everything you do online. And while it’s amazing to have the internet in the palm of your hands, it’s also important to be aware of online threats like malware, which can put your digital life at risk.
The good news is that McAfee has your back with our award-winning and full-scale mobile security app. McAfee Mobile Security provides full protection against various types of malware targeting the Apple ecosystem. With safe browsing features, a secure VPN, and antivirus software, McAfee Security for iOS delivers protection against emerging threats, so you can continue to use your iPhone with peace of mind.
Download the McAfee Security app today and get all-in-one protection.
The post A Guide to Remove Malware From Your iPhone appeared first on McAfee Blog.
A data broker (also known as an information product company) is an organization that makes money by collecting your personal information, analyzing it, and licensing it out to be used by other companies for things like marketing purposes.
Data providers gather data from many different sources to create a profile of who you are. This profile includes things like your interests, hobbies, demographics, and even the products you use.
Generally, data broker companies only deal with customers to collect information. A few of the top data brokerage companies are Epsilon, Acxiom, and Experian, but there are many data brokerages worldwide that make a hefty profit from aggregating and distributing consumers’ personal data.
This article explains everything you need to know about data brokers, including what they do, how they get your information, and what you can do to limit the data they can access from you.
There are several ways information brokers can get your information — both online and offline.
Generally, it’s legal for data brokers to get your information through public sources. However, different locations have different protections in place for consumers and different rules for how data brokers must operate.
Many countries have laws to protect consumers from having their information shared without their consent. For example, the European Union has the General Data Protection Regulation (GDPR) to protect data privacy. The GDPR says data brokers need to get consent from consumers before sharing their information. The law also gives consumers the right to demand that companies delete any personal information that they have stored.
On the other hand, the United States doesn’t have federal privacy laws protecting consumer information from data brokers. It’s up to the states to make their own laws. Some states prioritize consumer privacy more than others. For example, California has the Consumer Privacy Act, which gives customers the right to see what data a broker company has and the ability to delete it.
Typically, companies ask for consent to share your information through the fine print of their agreements. You might not be aware of how much of your personal information you’ve allowed organizations to share.
Data brokering is a huge industry. In fact, data brokers around the world bring in hundreds of billions of dollars a year. Here are some of the largest data brokerage companies that may collect your information.
By using various sources, data brokers can aggregate a lot of information about you. This information can be used to create user categories that businesses can market to. For instance, if you visit websites that sell baby products, the broker might put you into a category like “new parents.”
Some of the information that brokers collect might be things you’d like to keep private. For example, a broker might collect sensitive data about health issues, past bankruptcies, or legal issues.
Sometimes, brokers may place you in the wrong category. Let’s say you’re buying a new cookware set as a birthday gift for your mother. You check out several cooking sites before purchasing your set. If the broker sees that you’ve visited cooking sites and purchased cooking products, they may place you in a category like “cooking enthusiasts” even though you brought the gift for your mother.
Here are some personal details that a broker can collect to create a consumer profile of you:
Businesses are always looking for useful consumer information. Purchasing consumer data from brokers helps them tailor marketing campaigns to the demographics that are most likely to buy their products.
Let’s say you’re a fan of virtual reality (VR) gaming. You’ve watched countless YouTube videos about the subject, and you’ve searched Amazon for VR headsets multiple times. You’d likely be an ideal consumer for a company that manufactures VR headsets or a company that creates VR games.
Other companies might use your data for risk mitigation. For example, a bank might use your personal financial history to determine whether you’re likely to default on a mortgage loan.
There are a variety of public records and sources that data brokers can use to gather information about you. The good news is that there are some things you can do to limit the amount of personal information they can access:
There are also a few organizations you can join to protect your information:
Data brokers are always looking for ways to get their hands on your personal information. Many reasons businesses want access to your personal data aren’t malicious. They simply want to provide you with a targeted advertising experience and introduce you to products you might like.
However, the more your personal information gets shared online, the more chances cybercriminals have to get their hands on it. There might also be some sensitive information you don’t want to share with businesses in general. If you’re careful about what you post and take steps to protect your cybersecurity, you’ll greatly reduce the amount of data that a broker can collect from you.
With McAfee’s Total Protection services, you can get a secure online experience for your whole family. Our all-in-one protection suite comes with features like a secure VPN, premium antivirus software, identity monitoring, and up to $1 million in identity insurance and restoration.
McAfee can help you safeguard data like financial records and health care information so you can have less stress online. You’re meant to enjoy the internet — and we’re here to help make that a reality.
The post What Is a Data Broker? appeared first on McAfee Blog.
With “See Yourself in Cyber” as the theme for this year’s Cybersecurity Awareness Month, the focus is on you with a look at several quick ways you can quickly get safer online.
Now in its 21st year, Cybersecurity Awareness Month marks a long-standing collaboration between the U.S. government and private industry. It’s aim, empower people to protect themselves from digital forms of crime. And that stands as a good reminder. Phishing attacks, malware, and the other threats we regularly talk about in our blog are indeed forms of crime. And where there’s crime, there’s a person behind it.
It can be easy to lose sight of that, particularly as the crook on the other end of the attack is hiding behind a computer. Cybercrime can feel anonymous that way, yet it’s anything but. Whether a single bad actor or as part of a large crime organization, people power cybercrime.
Yet just as you secure your home to prevent yourself from becoming a victim of a criminal, you can also secure your digital life to prevent yourself from becoming a victim of cybercriminal.
You have plenty of places where you can start, and they’re all good ones. Even a handful of the simplest measures can significantly decrease your risk. Better yet, several take far less time to put into place than you might think, while yet more work automatically once you implement them—making them a sort of “set it and forget it” security measure.
With that, this five-step list can get you going:
Strong, unique passwords offer another primary line of defense. Yet with all the accounts we have floating around, juggling dozens of strong and unique passwords can feel like a task—thus the temptation to use (and re-use) simpler passwords. Hackers love this because one password can be the key to several accounts. Instead, try a password manager that can create those passwords for you and safely store them as well. Comprehensive security software will include one, and McAfee also offers a free service with True Key.
Updates do all kinds of great things for gaming, streaming, and chatting apps, like add more features and functionality over time. Updates do something else—they make those apps more secure. Hackers will hammer away at apps to find or create vulnerabilities, which can steal personal info or compromise the device itself. Updates will often include security improvements, in addition to performance improvements.
For your computers and laptops:
For your smartphones:
For your smartphone apps:
Often overlooked is the humble browser. Yet if you think about it, the browser is one of the apps we use most often. Particularly on our desktops. It takes us shopping, to shows, the bank, and even work. Hackers realize that, which is why they love targeting browsers. Whether it’s through vulnerabilities in the code that runs the browser, injecting malicious code into a browser session, or any one of several other attack vectors, hackers will try to find a way to compromise computers via the browser.
One of the best ways to keep your browser safe is to keep it updated. By updating your browser, you’ll get the latest in features and functionality in addition to security fixes that can prevent attacks from hackers. It’s a straightforward process, and this article will show you can set your browser to automatically update.
Whether they come by way of an email, text, direct message, or as bogus ads on social media and in search, phishing attacks remain popular with cybercriminals. Across their various forms, the intent remains the same—to steal personal or account information by posing as a well-known company, organization, or even someone the victim knows. And depending on the information that gets stolen, it can result in a drained bank account, a hijacked social media profile, or any number of different identity crimes. What makes some phishing attacks so effective is how some hackers can make the phishing emails and sites they use look like the real thing, so learning how to spot phishing attacks has become a valuable skill nowadays. Additionally, comprehensive online protection software will include web protection that can spot bogus links and sites and warn you away from them, even if they look legit.
Some signs of a phishing attack include:
Email addresses that slightly alter the address of a trusted brand name so it looks close at first glance.
Again, this can take a sharp eye to spot. When you get emails like these, take a moment to scrutinize them and certainly don’t click on any links.
Another way you can fight back against crooks who phish is to report them. Check out ReportFraud.ftc.gov, which shares reports of phishing and other fraud with law enforcement. Taken together with other reports, your information can aid an investigation and help bring charges on a cybercriminal or an organized ring.
Chances are you’re using multi-factor authentication (MFA) on a few of your accounts already, like with your bank or financial institutions. MFA provides an additional layer of protection that makes it much more difficult for a hacker or bad actor to compromise your accounts even if they know your password and username. It’s quite common nowadays, where an online account will ask you to use an email or a text to your smartphone to as part of your logon process. If you have MFA as an option when logging into your accounts, strongly consider using it.
This list can get you started, and you can take even more steps now that you’re rolling. Keep dropping by our blog for more ways you can make yourself safer, such as on social media, your smartphone, in app stores, and more. Visit us any time!
The post See Yourself in Cyber – Five Quick Ways You Can Quickly Get Safer Online appeared first on McAfee Blog.
How do hackers hack phones? Several ways. Just as there are several ways you can prevent it from happening to you.
The thing is that our phones are like little treasure chests. They’re loaded with plenty of personal data, and we use them to shop, bank, and take care of other personal and financial matters—all of which are of high value to identity thieves.
However, you can protect yourself and your phone by knowing what to look out for and by taking a few simple steps. Let’s break it down by first taking a look at some of the more common attacks.
Whether hackers sneak it onto your phone by physically accessing your phone or by tricking you into installing it via a phony app, a sketchy website, or a phishing attack, hacking software can create problems for you in a couple of ways:
Some possible signs of hacking software on your phone include:
In all, hacking software can eat up system resources, create conflicts with other apps, and use your data or internet connection to pass along your personal information into the hands of hackers—all of which can lead to some of the symptoms listed above.
These are a classic form of attack. In fact, hackers have leveled them at our computers for years now too. Phishing is where hackers impersonate a company or trusted individual to get access to your accounts or personal info or both. And these attacks take many forms, like emails, texts, instant messages, and so forth, some of which can look really legitimate. Common to them are links to bogus sites that attempt to trick you into handing over that info or that install malware to wreak havoc on your device or likewise steal information. Learning how to spot a phishing attack is one way to keep yourself from falling victim to one.
Professional hackers can use dedicated technologies that search for vulnerable mobile devices with an open Bluetooth connection. Hackers can pull off these attacks when they are range of your phone, up to 30 feet away, usually in a populated area. When hackers make a Bluetooth connection to your phone, they can possibly access your data and info, yet that data and info must be downloaded while the phone is within range. As you probably gathered, this is a more sophisticated attack given the effort and technology involved.
In August of 2019, the CEO of Twitter had his SIM card hacked by SIM card swapping scam. SIM card swapping occurs when a hacker contacts your phone provider, pretends to be you, and then asks for a replacement SIM card. Once the provider sends the new SIM to the hacker, the old SIM card will be deactivated, and your phone number will be effectively stolen. This means the hacker has taken control of your phone calls, messages, and so forth. This method of hacking requires the seemingly not-so-easy task of impersonating someone else, yet clearly, it happened to the CEO of a major tech company. Protecting your personal info and identity online can help prevent hackers from impersonating you to pull off this and other crimes.
While there are several ways a hacker can get into your phone and steal personal and critical information, here are a few tips to keep that from happening:
The post How Do Hackers Hack Phones and How Can I Prevent It? appeared first on McAfee Blog.
McAfee’s Secure VPN now supports the WireGuard protocol, which gives you faster connection speeds plus enhanced stability and security.
WireGuard is the latest standard in Virtual Private Network (VPN) technology, and we’re rolling it out across McAfee Secure VPN for Windows which is included in our comprehensive online protection plans. And just as before, it offers smart protection that can be set to automatically turn on when you need it, so you can stay more private and more secure online.
If you’re new to using a VPN, let’s take a quick look at two of the big things a VPN can do for you.
The bank-grade encryption used by a strong VPN shields your data and information while it’s in transit, which makes it difficult for hackers to spy on your connection. (Think of your data and information traveling through a tunnel that no one else can use or see into.) In that way, a VPN makes all kinds of online activities more secure—like banking, shopping, and checking up on your finances, even using your apps.
By masking your whereabouts and your IP address, along with encryption that helps keep your activities private, a VPN reduces the personal information that others can collect and track. That includes internet service providers, social media companies, businesses, app developers, websites, and others who gather your data for marketing purposes or for resale to third parties.
A quick word about what WireGuard is in slightly more detail. It’s a VPN protocol, which is a series of technical rules that govern how your device can securely reach the VPN servers, validate your access to the requests you make online, and encrypt your browsing traffic so that only you can see what you are doing over the internet. WireGuard is one of several protocols that we support, such as the OpenVPN and IKEv2 protocols. While WireGuard improves upon OpenVPN and IKEv2 in many ways, both are still secure and safe ways in which a VPN can connect.
Now with the latest WireGuard standard in place, our VPN for Windows that comes with all our all-in-one plans offers faster speeds and improved stability compared to what previous standards offered. This gives you the security of a VPN with similar performance as if you were on a fully open connection—along with the added benefit of keeping your browsing and other activities private.
Taken together, the improved speed and stability give privacy-conscious people a further reason to use a VPN more often than before. Because a VPN can minimize the exposure of data as it transmits to and from your devices, companies and data brokers can potentially learn far less about you, your shopping, your travels, your habits, and any other information that they could possibly collect and otherwise profit from. The more often you use a VPN, the less they can potentially gather.
For more about VPNs and how ours can keep you more private and secure online, give us a visit here any time.
The post McAfee Secure VPN: Now with WireGuard for Faster Speeds and Enhanced Stability appeared first on McAfee Blog.
Optus, one of Australia’s largest telecommunications carriers, reported news of a data breach that may have compromised the information of current and former customers.
As of this writing, the company has not stated how many customers may have been affected, citing their ongoing investigation in conjunction with law enforcement and Australian government officials
According to Optus, the breach may have included the following:
“Information which may have been exposed includes customers’ names, dates of birth, phone numbers, email addresses, and, for a subset of customers, addresses, ID document numbers such as driver’s license or passport numbers. Payment detail and account passwords have not been compromised.”
Optus is currently notifying customers who may have been affected by this breach with SMS and email messages. However, the company makes an important distinction here:
“We are not sending links in SMS or emails. If customers receive an email or SMS with a link claiming to be from Optus, they are advised that this is not a communication from Optus. Please do not click on any links.”
Often in the wake of such breaches, cybercriminals will send out phony communications that use the name of the company affected. These can include phishing attacks over email and SMS that solicit personal and account information or other tactics that attempt to capitalize on the announced breach.
Optus continues to keep its customers up to date on the latest developments on its website, which includes a comprehensive FAQ that details what happened, what steps are being taken, and what customers can do in the wake of this announcement.
Any time a data breach occurs, your exposed personal information may be used by those trying to commit identity fraud or theft. Different pieces of personal information can be more useful to them than others.
Some information is directly useful, such as a driver’s license or credit card information because they identify you right away. Others are indirectly helpful, like device IDs, browsing history, geolocation information, and internet protocol addresses. While they don’t identify you on their own, a cybercriminal could piece together your identity if they have enough indirect information about you.
In light of this, there are a few steps you can take to protect yourself in the aftermath of a data breach, which involve a combination of preventative steps and some monitoring on your part.
If you become the victim of fraud or theft after a data breach, a licensed recovery pro can help you restore your credit and identity. If you’ve ever dealt with fraud or theft before, or know someone who has, recovery can be a time-consuming and stressful process if you undertake it alone. With McAfee+ Advanced, you have around-the-clock support from a restoration expert with limited power of attorney who can take the steps that can help restore your credit and identity.
Working with an expert can lend you extra peace of mind, particularly in a time where there’s plenty of uncertainty. First, you’ll know that a professional is working on your case—a person who knows exactly where to start and what needs to happen for the best possible outcome. Second, you’ll get precious time back, time you’d otherwise have to spend if you took on the process yourself.
As mentioned above, with some personal information in hand, cybercriminals may seek out more. They may follow up a breach with rounds of phishing attacks that direct you to bogus sites designed to steal your personal information—either by tricking you into providing it or by stealing it without your knowledge. So, it’s always wise to keep a skeptical eye open for unsolicited messages or phone calls that ask you for information in some form or other, often in ways that urge or pressure you into acting.
An identity monitoring service can monitor your information from email addresses to IDs and phone numbers for signs of breaches so you can take action to secure your accounts before they’re used for identity theft. Personal information harvested from data breaches can end up on dark web marketplaces where it’s bought by other cyber criminals so they can launch their own attacks. McAfee monitors the dark web for your personal info and provides early alerts if your data is found, an average of 10 months ahead of similar services. We also provide guidance to help you act if your information is found.
While it does not appear that login information was affected, a password update is still a strong security move. Strong and unique passwords are best, which means never reusing your passwords across different sites and platforms. Using a password manager will help you keep on top of it all, while also storing your passwords securely. Moreover, changing your passwords regularly may make a stolen password worthless because it’s out of date.
While a strong and unique password is a good first line of defense, enabling two-factor authentication across your accounts will help your cause by providing an added layer of security. It’s increasingly common to see nowadays where banks and all manner of online services will only allow access to your accounts after you’ve provided a one-time passcode sent to your email or smartphone. If your accounts support two-factor authentication, enable it.
Mentioned earlier, information stolen in a data breach may indirectly identify you. Yet when pieced together with other information, it can then directly identify you. One way cybercriminals complete this identity picture puzzle is with information provided by data brokers that buy and sell personal information online. However, you can take some control over this. Our Personal Data Cleanup service scans high-risk data broker sites for your personal information and then helps you remove it—which denies cybercriminals the information they may need to commit identity theft.
When personal information gets released, there’s a chance that a hacker, scammer, or thief will put it to use. This may include committing fraud, where they draw funds from existing accounts, and theft, where they create new accounts in a victim’s name.
Even though it’s believed that no payment information was involved in this breach, customers should still take steps to monitor their statements and their overall credit report so that they can spot and address any unusual activity. Optus has announced that it will offer affected customers 12 months of credit and identity monitoring through Equifax, one of the major global credit agencies, at no cost.
Another step that customers can take is to place a credit freeze on their credit reports with the major credit agencies in Australia— Equifax, illion, and Experian. This will help prevent cybercriminals from opening new lines of credit or taking out loans in a victim’s name by “freezing” their credit report so that potential creditors cannot pull it for reference. Terms of freezing a credit report will vary, so check with each agency for details.
A complete suite of online protection software can offer layers of extra security for future protection. In addition to more private and secure time online with a VPN, identity monitoring, and password management, protection like McAfee+ Advanced includes web browser protection that can block malicious and suspicious links that could lead you down the road to malware or a phishing scam—which antivirus protection can’t do alone.
Per Optus, a subset of those affected may have had their driver’s license and/or passport ID number affected by the breach. Given that license and passport ID numbers are such unique pieces of personally identifiable information, anyone notified by Optus that theirs may have been affected should strongly consider changing them.
The process for replacing either document will vary depending on your state or territory. Given the scope of the attack, some states and territories have proposed making exceptions to the rules for attack victims. As of this writing, that picture continues to evolve, so look to your local government for guidance.
Not all data breaches make the news. Businesses and organizations, large and small, have all fallen victim to them, and with regularity. The measures you can take here are measures you can take even if you don’t believe you were caught up in the Optus breach. As you can see, several of them are preventative, which is important because word of data breaches tend to reach customers days, weeks, or even months after they’ve been discovered—leaving cybercriminals plenty of opportunity to commit all kinds of identity crime in the meantime.
In this case, the breach certainly made the news due to its apparent size and scale. And as Optus works with law enforcement and government officials, more details into the attack and who has been affected will arise.
However, you have every reason to act now rather than wait for additional news. Staying on top of our credit and identity has always been important, but given all the devices, apps, and accounts we keep these days leaves us more exposed than ever, making protecting ourselves a must.
The post The Optus Data Breach – Steps You Can Take to Protect Yourself appeared first on McAfee Blog.
Are you hoping to buy a house or apply for a car, personal, or business loan at some point? A great credit score helps to achieve all those things. You never know the twists and turns life might take you, so even if these financial milestones aren’t on your radar now, it’s nice to know that a great credit score will open many doors for you when you’re ready. The better your credit score, the more likely you are to get the loan you want at the best interest rate. People spend years (even decades!) working to improve their credit scores to unlock numerous opportunities. In the blink of an eye though, a credit fraudster can erase all that hard work and inflict long-term credit damage. It can cost huge sums to repair and take years to correct.
Many people feel lost on how to prevent these problems or what to do if they suspect identity theft. Luckily, new McAfee services called credit lock and security freeze, which includes credit freeze, are great tools to add to your credit protection toolbelt. They’ll help protect your most personal information from thieves, and both services will help give you the peace of mind you need to confidently go about your day.
Keep reading to learn more about McAfee’s credit lock and security freeze and find out how you can use them to help you from the negative consequences of identity theft.
Credit fraud is a type of identity theft where a criminal uses your information to borrow money, open a new credit or debit card, or uses your card to make purchases that they never intend to pay off. Then, when the loan defaults and the bills stack up, the victim is often left with their credit score in shambles.
According to the FTC, credit fraud is the most common type of identity theft in 2020 and 2021, receiving nearly 18,000 reports from people saying that someone used their information to gain illegal access to their credit card accounts.1
To make sure we’re all on the same page, here are quick definitions of McAfee’s credit lock and security freeze services.
A credit lock and a credit freeze both stop companies from accessing your credit information without your consent when an application for a loan or credit card is submitted. The main difference lies in their speed and credit bureau coverage. By toggling a switch in the McAfee Protection Center, turning on a credit lock is almost instantaneous. A credit freeze can take up to a day to enable or remove; however, it may offer stronger financial loss protection in most U.S. states if an unauthorized line of credit goes through while all three credit bureaus are frozen. Also, McAfee’s credit lock stops one credit bureau from accessing your account, while a credit freeze enables you to halt all three.
Just make sure that you unlock and unfreeze your credit before you do the following:
These are all situations where a bank or creditor will need to access your credit files. Luckily, with significant purchases and financing opportunities like these, you usually plan ahead, so you should have plenty to time to enable access to your credit. To unlock your credit, just click the credit lock toggle. To unlock a freeze, use the same provided links, sign into your account, and follow the instructions from there.
To further help you decide which service may be best for your needs, here are the situations where credit lock and credit freeze would be most helpful.
McAfee credit lock lets you simply toggle on and off one credit bureau’s ability to access your credit report. Usually, filing a lock on your credit with a bureau requires filling out forms and remembering a PIN to apply or remove a lock. Not with McAfee’s credit lock! You can turn a lock on and off at will through the McAfee Protection Center.
Convenience and blazing speed are ideal in situations where you’re worried that a criminal has your personal information and may use it to open accounts in your name that could then damage your well-earned great credit. Some people may choose to always have the credit lock enabled and only unlock it when they’re applying for a credit card or loan. That way, they can feel better about the safety of their credit score.
Credit freeze provides protection and peace of mind just like credit lock; however it enables you to freeze your account at all three major credit bureaus. When creditors check your credit score, they could do so with any credit bureau. If you only freeze one bureau’s access to your information, that still leaves the other two to make inquiries, so it’s important to set up a freeze for each one to cover all your bases.
As mentioned, a credit freeze is just one type of security freeze offered by McAfee. If you’re worried about an identity thief opening not just credit cards, but also utility and/or bank accounts in your name, McAfee’s utility freeze and bank freeze may be additional services for you. Security freeze helps stop unauthorized fraud attempts by giving you quick links and phone numbers. Having all these contact details in one place really speeds up the process and takes the guesswork out of if you’re contacting the correct offices.
Dealing with identity theft or credit fraud is a scary and stressful situation. That’s why McAfee is here with tools that help you protect you. Credit lock and credit freeze may help you feel calmer in a situation of suspected or real identity theft and gives you peace of mind to help prevent credit fraud from happening in the first place. Speed is of the utmost importance when foiling a criminal, so both solutions are easy to use with intuitive design so you’re not wasting time trying to figure out how they work. Plus, neither will affect your credit score. They just stop creditors from looking at your credit files, while you continue to boost your credit with your smart habits.
With both credit lock or credit freeze in your back pocket, you can feel more secure knowing you’re better protected from credit fraud.
1Fortunly, “20 Worrying Identity Theft Statistics for 2022”
The post Credit Lock and Credit Freeze: Which Service Is Best for You? Both! appeared first on McAfee Blog.
In the fall of 2021, cryptocurrency value skyrocketed. Ethereum and Bitcoin had their highest values ever, causing a huge stir in interest in online currencies from experts, hobbyists and newbies alike … and in cybercriminals seeking huge paydays. Since then, cryptocurrency value has cooled, as has the public’s opinion about whether it’s worth the risk. Huge cryptohacking events dominate the headlines, leaving us to wonder: Is cryptocurrency losing its credibility?
In this article, you’ll learn about recent unfortunate crypto hacks and a few cryptocurrency security tips to help you avoid a similar misfortune.
A crypto wallet is the software or the physical device that stores the public and private keys to your cryptocurrency. A public key is the string of letters and numbers that people swap with each other in crypto transactions. It’s ok to share a public key with someone you trust. Your private key, however, must remain private — think of it like the password that secures your online bank account. Just like your actual wallet, if it falls into the wrong hands, you can lose a lot of money.
A malware called Mars Stealer infiltrated several crypto wallet browser extensions, including the popular MetaMask. The malware stole private keys and then erased its tracks to mask that it had ever gained entry to the wallet.1
One way to completely avoid a breach to your software crypto wallet is to opt for a hardware wallet. A hardware wallet is a physical device that can only be opened with a PIN. But there is some risk involved with a hardware wallet: if you drop it down the drain, all your crypto is gone. If you forget your wallet PIN, there is no customer service chatbot that can help you remember it. You are solely responsible for keeping track of it. For those who are confident in their hardware’s hiding spot and their personal organizational skills, they can benefit from its added security.
For anyone less sure of their ability to keep track of a hardware wallet, a software wallet is a fine alternative, though always been on alert of software wallet hacks. Keep an eye on crypto news and be ready to secure your software at a moment’s notice. Measures include un-downloading browser extensions, changing passwords, or transferring your crypto assets to another software wallet.
In the case of the Mars Stealer malware that affected MetaMask, being careful about visiting secure sites and only clicking on trustworthy links could’ve helped prevent it. Mars Stealer made its way onto people’s devices after they clicked on an infected link or visited a risky website. Stick to websites you know you can trust and consider springing for well-known streaming services and paying for software instead of torrenting from free sources.
Cryptocurrency enthusiasts often spread their crypto investments across various currency types and blockchain environments. Software known as a bridge can link numerous accounts and types, making it easier to send currency.
The cross-chain bridge Horizon experienced was on its Harmony blockchain, where a hacker stole about $100 million in Ethereum and tokens. The hacker stole two private keys, with which they could then validate this huge transaction into their own wallet. To hopefully prevent this from happening in the future, Horizon now requires more than just two validators.2
According to one report, in 2022, 69% of all cryptocurrency losses have occurred in bridge attacks.3 If you exchange cryptocurrencies with other users and have various accounts, it’s almost inevitable that you’ll use bridge software. To keep your assets safe, make sure to extensively research any bridge before trusting it. Take a look at their security protocols and how they’ve responded to past breaches, if applicable.
In the case of Horizon, the stolen private keys were encrypted with a passphrase and with a key management service, which follows best practices. Make sure that you always defend your private keys and all your cryptocurrency-related accounts with multi-factor authentication. Even though it may not 100% protect your assets, it’ll foil a less persistent cybercriminal.
Phishing attacks on bridge companies in conjunction with software hacks are also common. In this scenario, there’s unfortunately not much you can control. What you can control is how quickly and completely you respond to the cybercrime event. Remove the bridge software from your devices, transfer all your assets to a hardware wallet, and await further instructions from the bridge company on how to proceed.
Decentralized finance, or DeFi, is now one of the riskiest aspects of cryptocurrency. DeFi is a system without governing bodies. Some crypto traders like the anonymity and autonomy of being able to make transactions without a bank or institution tracking their assets. The drawback is that the code used in smart contracts isn’t bulletproof and has been at the center of several costly cybercrimes. Smart contracts are agreed upon by crypto buyers and sellers, and they contain code that programs crypto to perform certain financial transactions.
Three multi-million-dollar heists – Wormhole, Beanstalk Farms and Ronin bridge – occurred in quick succession, and smart contracts were at the center of each.4 In the case of Wormhole, a cybercriminal minted 120,000 in one currency and then traded them for Ethereum without putting up the necessary collateral. In the end, the hacker cashed out with $320 million. Beanstalk Farms lost $182 million when a hacker discovered a loophole in the stablecoin’s flash loan smart contract. Axie Infinity’s Ronin bridge was hit for $625 million when a hacker took control over and signed five of the nine validator nodes through a smart contract hole.4
To be safe, conduct all crypto transactions on well-known and trustworthy software, applications, bridges, and wallets that are backed by a governing body. What you lose in anonymity you gain in security by way of regulated protocols. Hackers are targeting smart contracts because they do not have to depend on large-scale phishing schemes to get the information they need. Instead, they can infiltrate the code themselves and steal assets from the smartest and most careful crypto users. Because there’s almost no way you can predict the next smart contract hack, the best path forward is to always remain on your toes and be ready to react should one occur.
Don’t let these costly hacks be what stops you from exploring crypto! Crypto is great as a side hustle if you’re committed to security and are strategic in your investments. Make sure you follow the best practices outlined and arm all your devices (mobile included!) with top-notch security, such as antivirus software, a VPN, and a password manager, all of which are included in McAfee +.
Privacy, excellent security habits, and an eagle eye can help you enjoy the most out of cryptocurrency and sidestep its costly pitfalls. Now, go forth confidently and prosper in the crypto realm!
1Cointelegraph, “Hodlers, beware! New malware targets MetaMask and 40 other crypto wallets”
2Halborn, “Explained: The Harmony Horizon Bridge Hack”
3Chainalysis, “Vulnerabilities in Cross-chain Bridge Protocols Emerge as Top Security Risk”
4Protocol, “Crypto is crumbling, and DeFi hacks are getting worse”
5Cointelegraph, “Beanstalk Farms loses $182M in DeFi governance exploit”
The post Cryptohacking: Is Cryptocurrency Losing Its Credibility? appeared first on McAfee Blog.
Our all-new ransomware coverage is now available, ready to help just in case—all backed by expert advice to help you find the quickest and best possible path to recovery.
Ransomware coverage from McAfee can reimburse you up to $25,000 for losses resulting from a ransomware threat, including financial losses and ransom fees. You’ll find this ransomware coverage included with our McAfee+ Ultimate plan.
As well as eligibility for ransomware reimbursement, our team of experts can help you:
However, it’s important to realize that ransomware is unlike any other attack. When ransomware locks someone out of their device or encrypts their data and files so they can’t use them, a demand is usually made for money. Sometimes, paying the ransom results in the device being made accessible again or the files being decrypted. Yet like any ransom case, this result is not always guaranteed. There are plenty of cases where people pay the ransom but never get their data or access to their devices back.
Again, our coverage includes guidance from our expert advisers to help walk you through your options should the worst happen to you. You won’t be in it alone—particularly as you look to recover from what can be a complicated attack.
As the name implies, ransomware is a type of malware that holds your device or information for ransom. It may lock your computer or smartphone entirely or it may you out of your files by encrypting them so that you can’t access them. Whether it’s a hacker or a cybercrime organization behind the attack, the bad actor involved holds the key to unlock those files—and promises to do so. For a price. And as mentioned above, sometimes that doesn’t happen, even if you pay.
Ransomware can infect your devices several different ways:
Ransomware has seen quite the evolution over the years. Its origins date back to the late 1980s, where malware-loaded floppy disks were sent to users who installed them under false pretenses. There the malware would lie in wait until the user rebooted their computer for the 90th time and presented with a digital ransom note.
From there, ransomware attacks on individuals became more sophisticated, and more lucrative, with the advent of the internet and the millions of everyday users who flocked to it. Using phishing emails, malware downloads from phony sites, and compromised software and networks, hackers rapidly expanded their ransomware reach.
However, yet more lucrative for hackers and organized cybercriminals were public and private organizations. Shifting their attacks to so-called “big game” targets, hackers and organized cybercriminals have used ransomware to extort money from hospitals, city governments, financial institutions, and key energy infrastructure companies, to name just a few. Seeing further opportunity, ransomware attackers then began targeting smaller and mid-sized businesses as well. While the ransom demands account for lower amounts, these organizations often lack dedicated cybersecurity teams and the protections that come along with them, making these organizations easier to victimize.
Meanwhile, the body of malicious code and attack packages used to launch ransomware attacks has only grown. As a result, small-time hackers and hacking groups can find the tools they need to conduct an attack for sale or for lease as a service (Ransomware as a Service, or RaaS). In effect, these bad actors can simply access a dark web marketplace and figuratively pull a ready-to-deploy attack off the shelf.
As a result, ransomware remains a concern for individuals, even as businesses and governmental bodies of all sizes deal with its threat.
What makes ransomware so damaging is just how much effort it can take to undo. Setting aside the sophisticated attacks on businesses and governments for a moment, even those “off-the-shelf” attacks that some hackers will launch against individuals go beyond the average user’s ability to undo. For example, there are some known attacks with known methods of decrypting the data, however, that requires knowing specifically which attack was used. Attempting to undo the encryption with the wrong solution can potentially encrypt that data even more.
So without question, the best defense against ransomware is prevention. Comprehensive online protection software gives you the tools you need to help avoid becoming a ransomware victim. A few include:
Moreover, you can protect yourself further by backing up your files and data. A cloud storage solution,121cwdv 1765ujb n4yh that’s secured with a strong and unique password, offers one path. Likewise, you can back up your files on an external disk or drive, making sure to keep it disconnected from your network and stored in a safe place.
Also as mentioned in the bullets above, keep your operating system and apps current with the latest updates. Beyond making improvements in your operating system and apps, updates often also address security issues that hackers often use to compromise devices and apps.
Lastly, stay alert. Keep an eye out for sketchy links, attachments, websites, and messages. Bad actors will pull all kinds of phishing tricks to lure you their way, places where they try to compromise you, your devices, and data.
Taken together, the combination of online protection software and a few preventative steps can greatly reduce the chance that you’ll fall victim to ransomware. From there, you also have the assurance of our ransomware coverage, ready to get on the path to recovery, just in case.
The post All-New Ransomware Coverage Opens Up the Path to Recovery appeared first on McAfee Blog.
When it comes to passwords, most of us would love nothing more than to set it and forget it. But that’s exactly what hackers are hoping for — in fact, it makes their job a lot easier. This means the best line of defense is frequent password changes.
But how often should you create new passwords? Cybersecurity experts recommend changing your password every three months. There may even be situations where you should change your password immediately, especially if a cybercriminal has access to your account.
This article explores those exact situations and covers some of the best password practices you can use to help safeguard these important combinations of letters and numbers.
There are some situations where you’ll want to change your password immediately.
If you think someone has hacked your account, it’s important to act fast and change your password. Did everyone in your address book get a strange email that looks like it’s from you? Change your email password. Are your Facebook friends getting a new friend request from you? Something’s not right, so you’ll want to change your password.
This can help limit the amount of time a cybercriminal has access to your account.
If there’s a password breach at work or within a company you do business with, you’ll want to change the password for any affected accounts. If you use that password for any other websites, you’ll definitely want to change your password to those accounts. If hackers get access to your password, they may try it on multiple websites to see what else they can steal.
As much as possible, try to avoid logging into your secure accounts on public Wi-Fi, such as at a library or cafe. Generally, an unsecure network means your online activity is public. If you need to use an unsecure network, change your password once you’re on a secure network.
It can also be a good idea to look into a smart VPN like McAfee Secure VPN, which automatically turns on to protect your personal data and credit card information even if you need to use public Wi-Fi.
Your personal information could be at risk if malware infects your computer. If you have quality antivirus software (like what’s included in McAfee Total Protection) and it detects malware, you’ll want to change your passwords from another device.
If you no longer have contact with someone, there’s no need for them to remain on your Netflix or Amazon account. There’s also no need for an ex to share a bank account or have mobile app access. Create new passwords when you’re no longer sharing an account with someone.
You may have an account you haven’t used in a year, such as from an online retailer. Change old passwords for seldom-used accounts and close the account if you don’t intend to use it again.
A good password can make it more difficult for hackers to access your accounts. But what exactly makes a strong password? Here are a few criteria.
A cybercriminal may use a variety of strategies to access your passwords. Here are some of their most common tactics.
When it comes to keeping your data secure, password complexity is just the beginning. Here are a few additional tips for keeping your passwords safe.
Review the passwords for all of your accounts. Make sure you’re not using any for multiple websites. See if your passwords are guessable. Do they include personal information like birthdays or addresses? If you find passwords that are weak or repeated, change those first.
Set up multi-factor authentication for important accounts, such as with financial institutions. Logging into a website with two-factor authentication requires you to enter a code sent by text or email in addition to a username and password.
Some accounts require multi-factor authentication with biometric factors for added security, such as a thumbprint or face scan. Using multi-factor authentication with long, complicated passwords can make an account more secure.
A password manager like McAfee True Key can help prevent unauthorized access to your online accounts by protecting your passwords with strong encryption. It also comes with a password generator to help you create complex passwords while storing them safely.
If you have old or weak passwords or use them on multiple sites, a password manager can generate new ones. It’ll then keep track of them and sign you in to apps and websites — with you only having to remember one master password.
Let McAfee True Key help you defend your personal data. The password management software makes dealing with passwords secure and easy.
McAfee True Key stores your passwords on your device using the strongest encryption available. Once you use a master password to log into True Key, it’ll auto-fill your passwords for any apps or websites you visit. For added convenience, True Key securely syncs your information across all of your devices so you can access it wherever you need it.
While McAfee manages your secure passwords, you can continue enjoying the internet the way it was intended — free from hackers.
The post How Often Should You Change Your Passwords? appeared first on McAfee Blog.
An old banking scam has a new look. And it’s making the rounds again.
Recently Bank of America alerted its customers of the “Pay Yourself Scam,” where scammers use phony fraud alerts and trick their victims into giving them access to their online banking accounts. It’s a form of phishing attack, and according to Bank of America it goes something like this:
The good news is that you can avoid this attack rather easily. If you receive a text or call about a possible fraud alert, don’t respond. (Scammers can easily “spoof” or fake caller ID information nowadays. So even if it appears that the number looks legitimate, it may not be after all.) Instead, contact your bank directly using the contact information on your debit or credit card. This way, you’ll know you’re speaking with the proper representatives about the matter.
Of course, this scam isn’t the only scam making the rounds these days. Whether it’s with some form of phishing attack, stealing passwords on public Wi-Fi, or malware that spies on your keystrokes, scammers use plenty of tricks to crack into online bank accounts. Yet with a few precautions and a sharp eye, you have several ways you can protect yourself.
Online protection software today goes far beyond antivirus. It can protect your privacy, identity, and your online accounts as well. McAfee+ Ultimate provides our most comprehensive coverage with features that monitor the dark web and sketchy data broker sites for your personal information, identity theft and ransomware protection, and identity restoration services should the unexpected happen—all along with our award-winning antivirus protection. In all, it protects you, not just your devices. Together, it offers your strongest line of defense in the face of hackers, scammers, and thieves.
Legitimate banks will never pressure, harass, or cajole you into action. If you get a message that strikes an aggressive tone, assume it’s fraudulent. Other things legitimate banks will never do include:
Earlier, I mentioned contacting your bank directly to ensure you’re speaking to a proper representative. Another way you can go directly to the source is to use your bank’s website or app to check up on your accounts. Once again, don’t click any links in a text or email. Just go to your bank’s website or app to check your account. You can make sure you have your bank’s official app by visiting the Google Play or Apple’s App Store and looking at the information section to ensure that it was indeed developed by your bank—not a copycat.
Strong and unique passwords for each of your online accounts can help keep hackers at bay. With data breaches occurring so often, updating them regularly is important too. Yet with all the accounts we keep, that can mean a lot of work. However, a password manager can create those passwords for you and safely store them as well. Comprehensive security software will include one.
Two-factor authentication is an extra layer of defense on top of your username and password. It adds in the use of a special one-time-use code to access your account, usually sent to you via email or to your phone by text or a phone call. In all, it combines something you know, like your password, with something you have, like your smartphone. Together, that makes it tougher for a crook to hack your account. If any of your accounts support two-factor authentication, the few extra seconds it takes to set up is more than worth the big boost in protection you’ll get.
When you log onto public Wi-Fi, potentially anyone can see your internet activity—and that includes things like entering your username and password. For that reason, only log into your bank account with public Wi-Fi if you’re using a virtual private network (VPN). McAfee Secure VPN protects your privacy by turning on automatically for unsecured networks. Your data is encrypted so it can’t be read by prying eyes. The VPN also keeps your online activity and physical location private and secure from advertisers.
Keeping an eye on your bills and statements as they come in can help you spot unusual activity on your accounts. A credit monitoring service can do that one better by keeping daily tabs on changes to your credit report. While you can do this manually, there are limitations. First, it involves logging into each bureau and doing some digging of your own. Second, there are limitations as to how many free credit reports you can pull each year. A service does that for you and without impacting your credit score.
Depending on your location and plan, McAfee’s credit monitoring allows you to look after your credit score and the accounts within it to see fluctuations and help you identify unusual activity, all in one place, checking daily for signs of identity theft.
When a fraud notification pops up on your phone, you can almost feel your stomach drop. Hackers and scammers play off that fear. They use it to get you to act—and to act quickly. Taking a moment to scrutinize these messages and following up directly with your bank can help you steer clear of their tricks. Likewise, putting up a strong defense with comprehensive online protection software can make you safer still. In the meantime, keep your eyes open for this “Pay Yourself Scam” and other scams like it. It’s certainly not the first of its kind, and it won’t be the last.
The post Steer Clear of the “Pay Yourself Scam” That’s Targeting Online Bank Accounts appeared first on McAfee Blog.
I can’t tell you how many times over my 25 years of parenting that I’ve just wanted to wrap my boys in cotton wool and protect them from all the tricky stuff that life can throw our way. But unfortunately, that’s never been an option. Whether it’s been friendship issues in the playground, dramas on a messaging app or dealing with broken hearts, it can be really hard watching your kids experience hardship.
But one thing I have learnt from years of mothering is that if you spend some time getting ahead of a potentially challenging situation then you’ve got a much better chance of minimising it. Or better still preventing it – and this absolutely applies to cyberbullying.
In early 2022, McAfee interviewed over 15,000 parents and 12,000 children worldwide with the goal of finding out how families both connect and protect themselves online. And what they found was astounding: Aussie kids reported the 2nd highest rate of cyberbullying (24%) out of the 10 countries surveyed. American children reported the highest rate. The average for all countries was 17%. Check out my post here with all the details.
So, to dig deeper into this issue of cyberbullying, McAfee commissioned additional research in August this year to better understand what cyberbullying looks like, where it happens and who the perpetrators are. And the biggest takeaways for Aussie kids:
You can check out my post here with all the details.
So, if you need to grab a cuppa and digest all this, I don’t blame you! It’s a lot. But, as mentioned before, I honestly believe that if we get ahead of the challenges, we have a greater chance of minimising the fall out. So, without further ado – here is my advice on what you can do NOW to minimise the chance of your kids being involved in cyberbullying – either as the victim or the perpetrator.
As soon as your kids move on from just watching movies and playing games on their devices, you need to talk about the importance of ‘being nice’ online. A more natural way around this is to extend your parenting advice to include the online world too. For example:
And don’t forget the importance of role-modelling this too!
One of the best things you can do is to create a family culture where honest and genuine two-way communication is a feature of family life. If your kids know they can confide in you, that nothing is off-limits and that you won’t overreact – then they are more likely to open-up about a problem before it becomes overwhelming and ‘unsolvable’.
Parents who have a comprehensive understanding of their child’s life will be better able to detect when things aren’t going well. Knowing who your kid’s friends are, who they ‘sit with’ at lunchtime, their favourite music and their boyfriend or girlfriend needs to be a big priority. I also encourage parents to establish relationships with teachers or mentors at school so they can keep their ‘ear to the ground’. When a child’s behaviour and interests change, it can often mean that all isn’t well and that some detective work is required!
Cyberbullying can have a variety of definitions which can often cause confusion. In McAfee’s research, they used the definition by StopBullying.Gov:
Cyberbullying is bullying that takes place over digital devices like cell phones, computers, and tablets. Cyberbullying can occur through SMS, Text, and apps, or online in social media, forums, or gaming where people can view, participate in, or share content. Cyberbullying includes sending, posting, or sharing negative, harmful, false, or mean content about someone else. It can include sharing personal or private information about someone else causing embarrassment or humiliation. Some cyberbullying crosses the line into unlawful or criminal behaviour.
McAfee’s definition was then expanded to include specific acts of cyberbullying, such as:
Along with other acts, including:
Now, I appreciate that reading your children several minutes of definitions may not be very helpful. So, instead, keep it simple and amend the above to make it age appropriate for your kids. You may choose to say that it is when someone is being mean online, if your kids are very young. But if you have tweens in the house then I think more details would be important. The goal here is for them to understand at what point they shouldn’t accept bad behaviour online.
As soon as your kids are actively engaged with others online, they need to have an action plan in case things go awry – probably around 6-7 years of age. In fact, I consider this to be a golden time in parenting – a time when your kids are receptive to your advice and often keen to please. So, this is when you need to help them establish good practices and habits that will hold them in good stead. This is what I would instil:
Now, of course not all bad behaviour online will be defined as cyberbullying – remember we all see the world through different lenses. However, what’s important here is that your kids ask for help when they experience something that makes them feel uncomfortable. And while we all hope that it is unlikely that you will need to escalate any interactions to the police or the eSafety Commissioner, knowing what the course of action is in case things get out of hand is essential.
There is so much research on the connection between the lack of empathy and bullying behaviours. In her book Unselfie, Parenting expert Michelle Borba explains that we are in the midst of an ‘empathy crisis’ which is contributing to bullying behaviour. She believes teens today are far less empathetic than they were 30 years ago. Teaching your kids to ‘walk in someone’s else’s shoes’, consider how others feel and have a focus on compassion will go a long way to developing an empathetic lens. You can read more about helping develop empathy in your child here.
There is no doubt that cyberbullying is one of the biggest parenting challenges of our generation and, unfortunately, it isn’t going to disappear anytime soon. So, get ahead of the problem – teach your kids about kindness from a young age, create an open family communication culture, make empathy a priority in your family and give them an action plan in case things get tricky online. But most importantly, always listen to your gut. If you think things aren’t right with your kids – if they don’t want to go to school, seem emotional after using their devices or their behaviour suddenly changes, then do some digging. My gut has never let me down!
Take care
Alex
The post What You Do Now To Protect Your Child From Cyberbullying appeared first on McAfee Blog.
*TW: Mentions Suicide
Our passion for protecting people doesn’t stop with online safety. We deeply care for our people, their families and friends, and our communities.
To recognize World Suicide Prevention on Sept. 10 and help normalize and encourage conversations about mental health year-round, we recently hosted a discussion with McAfee colleagues and suicide prevention activist and owner of The Jordan Legacy, Steve Phillip. During this session Steve discussed his own personal lived experience of suicide and what he’s learned since establishing The Jordan Legacy when it comes to creating an open and safe environment for all.
“I established The Jordan Legacy in 2020, following the suicide of my 34-year-old son, Jordan, in December 2019. It’s a registered not-for-profit Community Interest Company (CIC), whose mission is to raise awareness about suicide, open the conversation, help remove the stigma surrounding this topic and importantly, engage with communities and workplaces to discuss and identify practical solutions which will help prevent suicide.”
“#WSPD is important in highlighting the biggest killer of men and women under the age of 35. According to the W.H.O, we lose 700,000 people globally to suicide every year – that’s one person every 45 seconds. On average, each suicide will impact 135 other people. This means that more than 95 million people are impacted by suicide annually! And while #WSPD is an important day to highlight, it’s fundamental that we recognize that suicide awareness needs to happen 365 days a year.”
“There are several reasons why stigmas surrounding mental health and suicide exist. Generally, it’s due to a lack of understanding and people making assumptions – such as those with a mental health illness could be dangerous, unreliable or unemployable. Cultural backgrounds also play a part in creating stigma – certain cultures see mental illness and suicide as a taboo subject. The language used around mental health and suicide can also create stigma. In the UK, the act of attempting suicide was decriminalized in 1961 and yet the term ‘committed suicide’ is still frequently used, in the same way as commit murder or commit assault.”
“It’s important to ask people how they are with a genuine intent to listen to and understand their reply. Most people who are struggling with their mental health don’t necessarily want you to fix them, but they do want to feel that they’re being listened to. Ask open-ended questions, such as ‘tell me how are you really feeling?’, ‘explain to me how this is impacting on you?’, ‘describe to me, how this is making you feel?”
“We need to become a kinder and more compassionate society by recognizing that everyone can, at some point in their lives, struggle with poor mental health. Understanding this, would hopefully cause people to be less frustrated with others who don’t behave as they expect they might. We also need to check-in with family members, friends and colleagues more frequently and ask them ‘how are you really doing?”
“I am one of those individuals who probably works too hard and for too long! However, road cycling is a big escape for me and getting out in the fresh air in the countryside is a huge help. As is my part-time hobby of playing the drums – you can lose a lot of pent-up stress whilst playing along to Nirvana!! It’s so important that you make sure to look after yourself. So, my advice is to find out what works for you – whether that’s going for a walk, talking to a friend, speaking to a counsellor, joining a local group or seeing what resources are available to you through your company’s EAP. And remember most importantly to be kind to yourself.”
If you or someone you know is struggling, please call or text 988 to get support. And remember, you are not alone.
Together we can prevent suicide
The post #WSPD Creating hope through action with The Jordan Legacy appeared first on McAfee Blog.
The social network TikTok is chockfull of interesting, fun, laugh-out-loud videos shared by creators worldwide. Kids, as well as parents, can easily spend hours glued to the platform. But as with most popular platforms, the fun can eventually turn dark, even deadly, when viral challenges make their rounds.
The latest viral challenge, the “blackout challenge,” first became popular online in 2008 and made its unfortunate comeback in 2021. Before this second round, the CDC attributed nearly 80 deaths to the dangerous online game. In the past month, authorities are attributing the tragic, high-profile deaths of Archie Battersbee, 12, and Leon Brown, 14 to the challenge.
The blackout challenge is a choking game that involves intentionally trying to choke oneself or another to obtain a brief euphoric state or “high.” Death or serious injury can result if strangulation is prolonged. Those doing the challenge do it privately or broadcast their attempt to friends or followers. The CDC also found that most deaths occurred when a child engaged in the choking game alone and that most parents were unaware of the game before their child’s death.
It’s easy to look at a challenge like this and dismiss it thinking your child would never be involved in such a dangerous game. However, in a recent post from HealthyChildren.org on why kids participate in online dares, pediatricians point to the reality that the teen brain is still developing. The part of the brain that processes rational thought, the prefrontal cortex, is not fully developed until a person’s mid-20s. This physiological reality means teens are naturally impulsive and can do things without stopping to consider the consequences.
Another lure that entices teens is that social media’s fast-moving, impulsive environment rewards outrageous behavior—the more outrageous the content, the bigger the bragging rights. The fear of losing out (FOMO is natural for teens.
According to the CDC, signs that a child may be engaging in the blackout challenge include:
Viral challenges will continue to emerge and shock us. There’s no way to anticipate them or control them. However, staying informed about dangerous online trends and keeping the lines of communication with your child open and honest is a big step toward equipping them to live a safe, balanced digital life.
The post Deadly Digital Dares: The Blackout Challenge on TikTok appeared first on McAfee Blog.
Authored by SangRyol Ryu and Yukihiro Okutomi
McAfee’s Mobile Research team recently analyzed new malware targeting NTT DOCOMO users in Japan. The malware which was distributed on the Google Play store pretends to be a legitimate mobile security app, but it is in fact a payment fraud malware stealing passwords and abusing reverse proxy targeting NTT DOCOMO mobile payment service users. McAfee researchers notified Google of the malicious apps, スマホ安心セキュリティ, or ‘Smartphone Anshin Security’, package name ‘com.z.cloud.px.app’ and ‘com.z.px.appx’. The applications are no longer available on Google Play. Google Play Protect has also taken steps to protect users by disabling the apps and providing a warning. McAfee Mobile Security products detect this threat as Android/ProxySpy and protect you from malware. For more information, to get fully protected, visit McAfee Mobile Security.
The malware actor continues to publish malicious apps on the Google Play Store with various developer accounts. According to the information posted on Twitter by Yusuke Osumi, Security Researcher at Yahoo! Japan, the attacker sends SMS messages from overseas with a Google Play link to lure users to install the malware. To attract more users, the message entices users to update security software.
A SMS message from France (from Twitter post by Yusuke)
Malware on Google Play
The Mobile Research team also found that the malware actor uses Google Drive to distribute the malware. In contrast to installing an application after downloading an APK file, Google Drive allows users to install APK files without leaving any footprint and makes the installation process simpler. Once the user clicks the link, there are only a few more touches required to run the application. Only three clicks are enough if users have previously allowed the installation of unknown apps on Google Drive.
Following notification from McAfee researchers, Google has removed known Google Drive files associated with the malware hashes listed in this blog post.
When an NTT DOCOMO network user installs and launches this malware, it asks for the Network password. Cleverly, the malware shows incorrect password messages to collect more precise passwords. Of course, it does not matter whether the password is correct or not. It is a way of getting the Network password.
The Network password is used for the NTT DOCOMO payment service which provides easy online payments. NTT DOCOMO mobile network users can start this payment service by just setting 4-digits password called a Network password. The charge will be paid along with the mobile phone bill. When you need to pay online, you can simply do the payment process by entering the 4-digits password.
After the password activity, the malware shows a fake mobile security screen. Interestingly, the layout of the activity is similar to our old McAfee Mobile Security. All buttons look genuine, but these are all fake.
There is a native library named ‘libmyapp.so’ loaded during the app execution written in Golang. The library, when loaded, tries to connect to the C2 server using a Web Socket. Web Application Messaging Protocol (WAMP) is used to communicate and process Remote Procedure Calls (RPC). When the connection is made, the malware sends out network information along with the phone number. Then, it registers the client’s procedure commands described in the table below. The web socket connection is kept alive and takes the corresponding action when the command is received from the server like an Agent. And the socket is used to send the Network password out to the attacker when the user enters the Network password on the activity.
| RPC Function name | Description |
| connect_to | Create reverse proxy and connect to remote server |
| disconnect | Disconnect the reverse proxy |
| get_status | Send the reverse proxy status |
| get_info | Send line number, connection type, operator, and so on |
| toggle_wifi | Set the Wi-Fi ON/OFF |
| show_battery_opt | Show dialog to exclude battery optimization for background work |
Registered RPC functions description
To make a fraudulent purchase by using leaked information, the attacker needs to use the victim’s mobile network. The RPC command ‘toggle_wifi’ can switch the Wi-Fi connection status of the victim, and ‘connect_to’ will provide a reverse proxy to the attacker. A reverse proxy can allow connecting the host behind a NAT (Network Address Translation) or a firewall. Via the proxy, the attacker can send purchase requests via the victim’s mobile network.
It is interesting that the malware uses a reverse proxy to steal the user’s network and implement an Agent service with WAMP. McAfee Mobile Research Team will continue to find this kind of threat and protect our customers from mobile threats. It is recommended to be more careful when entering a password or confidential information into untrusted applications.
193[.]239[.]154[.]23
91[.]204[.]227[.]132
ruboq[.]com
| SHA256 | Package Name | Distribution |
| 5d29dd12faaafd40300752c584ee3c072d6fc9a7a98a357a145701aaa85950dd | com.z.cloud.px.app | Google Play |
| e133be729128ed6764471ee7d7c36f2ccb70edf789286cc3a834e689432fc9b0 | com.z.cloud.px.app | Other |
| e7948392903e4c8762771f12e2d6693bf3e2e091a0fc88e91b177a58614fef02 | com.z.px.appx | Google Play |
| 3971309ce4a3cfb3cdbf8abde19d46586f6e4d5fc9f54c562428b0e0428325ad | com.z.cloud.px.app2 | Other |
| 2ec2fb9e20b99f60a30aaa630b393d8277949c34043ebe994dd0ffc7176904a4 | com.jg.rc.papp | Google Drive |
| af0d2e5e2994a3edd87f6d0b9b9a85fb1c41d33edfd552fcc64b43c713cdd956 | com.de.rc.seee | Google Drive |
The post Fake Security App Found Abuses Japanese Payment System appeared first on McAfee Blog.
Safety has a feeling all its own, and that’s what’s at the heart of McAfee+.
We created McAfee+ so people can not only be safe but feel safe online, particularly in a time when there’s so much concern about identity theft and invasion of our online privacy.
And those concerns have merit. Last year, reported cases of identity theft and fraud in the U.S. shot up to 5.7 million, to the tune of $5.8 billion in losses, a 70% increase over the year prior. Meanwhile, online data brokers continue to buy and sell highly detailed personal profiles with the data cobbled together from websites, apps, smartphones, connected appliances, and more, all as part of a global data-gathering economy estimated at well over $200 billion a year.
Yet despite growing awareness of the ways personal information is collected, bought, sold, and even stolen, it remains a somewhat invisible problem. You simply don’t see it as it happens, let alone know who’s collecting what information about you and toward what ends—whether legal, illegal, or somewhere in between. A recent study we conducted showed that 74% of consumers are concerned about keeping their personal information private online. Yet, most of us have found out the hard way (when we search for our name on the internet) that there is a lot of information about us that has been made public. It is our belief that every individual should have the right to be private, yet we know too many individuals don’t know where to begin. It is this very worry that made us focus our new product line on empowering our users to take charge of their privacy and identity online.
McAfee+ gives you that control.
Now available in the U.S., McAfee+ provides all-in-one online protection for your identity, privacy, and security. With McAfee+, you’ll feel safer online because you’ll have the tools, guidance and support to take the steps to be safer online. Here’s how:
You can see the entire range of features that cover your identity, privacy, and security with a visit to our McAfee+ page.
McAfee+ Ultimate offers our most thorough protection, with which you can lock your credit with a click or put a comprehensive security freeze in place, both to thwart potential identity theft. You can keep tabs on your credit with daily credit monitoring and get an alert when there’s credit activity to spot any irregularities quickly.
You’ll also feel like someone has your back. Even with the most thorough measures in place, identity theft and ransomware attacks can still strike, which can throw your personal and financial life into a tailspin. What do you do? Where do you start? Here, we have you covered. We offer two kinds of coverage that can help you recover your time, money, and good name:
Starting today, customers in the U.S. can purchase McAfee+ online at McAfee.com in Premium, Advanced, and Ultimate plans, in addition to individual and family subscriptions. McAfee+ will also be available online in the U.K., Canada, and Australia in the coming weeks with additional regions coming in the months ahead (features may vary by region).
We are very excited about bringing these new protections to you and we hope you will be too.
The post The Feeling of Safety with McAfee+ appeared first on McAfee Blog.
Have you ever said something you wish you could take back? Maybe it was a comment muttered in the heat of the moment that hurt someone’s feelings. Or maybe you just had a night out full of silly antics that you wouldn’t want your boss or grandma to see.
These are completely normal occurrences that happen all the time. We’re human! We make mistakes and letting loose every now and again is good for us. When these scenarios happen in person, we’re able to apologize or explain ourselves; however, the social media age complicates things. High-def cameras and video recorders are in everyone’s pocket, meaning that in-person slip-ups or lapses in judgement can come back to haunt you in a cyberscheme known as doxing.
Doxing can be harmful to one’s reputation and can cost someone their job, their friends, or their privacy. Here are five things you should know about doxing, plus some tips on how to prevent it from happening to you.
The term doxing originated from the phrase “dropping documents/docs.” It refers to a situation where an enemy or a rival seeks to tarnish the reputation of someone else by releasing documents (aka dropping docs) about them. These documents often contain personally identifiable information (PII) – like full names, birthdates, addresses, employment details, financial information, phone numbers, email addresses – and private correspondences or embarrassing videos or photos. The doxer – or the person dropping the documents – will publish these private details online, whether that’s on a forum, on social media, or a blog.
Doxing is considered cyberbullying because it is a form of online harassment. The doxer often does so with the intent of drumming up widespread hate about the victim and having the release of these private details negatively affect the victim’s life, such as getting them fired from their job or breaking up a relationship.
Doxing happens most frequently to public figures, such as celebrities, politicians, streamers, and journalists. It is also a prevalent practice in the hacking community, where hackers reveal the identities of the real people behind forum usernames. However, anyone is susceptible to having their PII or sensitive photos or videos widely released on the internet for the sake of reputation sabotage. All it takes is for one scorned partner, a disgruntled coworker, or a disagreement to set a doxer on a warpath.
When the saboteur doesn’t have to dig into your past via the dark web or through hacking a personal device, doxing isn’t illegal. It’s malicious and can be emotionally damaging, but there is no law stopping a doxer from publishing the private details of someone else. Doxing crosses the line into a crime when it is accompanied by threats.
So, if a doxer didn’t hack a personal device or buy the PII off the dark web, where did they find these details? Oftentimes, people incriminate themselves with their social media footprint. What seems like ancient history in your social media timeline is again front and center after just a few minutes of scrolling.
Check out these tips that can lessen the chances of doxing happening to you:
In addition to the above tips, McAfee can help you fill in the gaps in your defense. McAfee Total Protection is an all-in-one privacy and identity protection service that includes all the tools you need to secure your PII and help you recover if identity theft occurs after a doxing incident. Personal Data Cleanup scans 40 risky data broker sites for your information. If you appear on any of those sites, McAfee will help you remove it to keep your PII out of a doxer’s hands.
The post 5 Things About Doxing You Should Know appeared first on McAfee Blog.
Password protection is one of the most common security protocols available. By creating a unique password, you are both proving your identity and keeping your personal information safer. However, when every account you have requires a separate password, it can be an overwhelming task. While you should be concerned about the safety of your data, you also want to avoid the frustration of forgetting your password and being blocked from the information you need. However, the benefits of using strong, unique passwords outweigh the occasional inconvenience.
The main benefit of a strong password is security. Hackers work quickly when they are trying to access accounts. They want to steal as much information as they can in as short a time as possible. This makes an account with a strong password less inviting because cracking the code is much more involved.
A strong password also limits the damage that hackers can do to your personal accounts. A common strategy involves cracking the passwords of less secure sites with limited personal information. The hackers hope that they can use the password from your gym membership app to access information in your online banking account. Strong password protection prevents this situation.
When someone is registering an online account, it can be tempting to blaze through the password process. In order to move quickly, there are several poor password practices that people employ.
A password is considered strong when it is difficult for a hacker to crack it quickly. Sophisticated algorithms can run through many password combinations in a short time. A password that is long, complex and unique will discourage attempts to break into your accounts.
If you want a password that is memorable but strong, you can easily turn a phrase into a layered, complex password. In this process, it is important to note that you should not use personal information that is available online as part of your phrase.
Now, you have a password that you can remember while challenging the algorithms hackers use.
When you consider the number of accounts you need to protect, coming up with a properly layered password is a time-consuming task. Even if you are able to decide on a memorable phrase, there are just too many accounts that need passwords. A password manager is a helpful tool to keep you safe while you are online. It acts as a database for all of your passwords. Each time you create a new code, it stores it so that you can automatically enter it later. You only need to remember a single password to access the tools of your manager.
Most managers can also do the work of creating complex, layered passwords for your accounts. These will be a string of random numbers, letters and characters. They will not be memorable, but you are relying on the manager to do the memorizing. These machine-generated passwords are especially helpful for accounts you rarely access or that do not hold significant information.
For critical accounts like your bank account or a work-related account, it can be helpful to keep an offline list of your passwords. Complex passwords are meant to be difficult to remember. You may recall the phrase but not all the detailed changes that make it layered. Keeping a document on a zip drive or even in a physical paper file or journal will allow you to access your information if your hardware fails or you are switching to a new system.
Cracking passwords is just one of the strategies hackers use to steal information. In addition to using strong passwords, it is important to employ comprehensive security software. Strong passwords will help protect your online accounts. Strong overall security will keep your hardware and network safe from danger.
The post Strong Password Ideas to Keep Your Information Safe appeared first on McAfee Blog.
It’s too bad cybercriminals don’t funnel their creativity into productive pursuits because they’re constantly coming up with nefarious new ways to eke out money and information from unsuspecting people. One of their newest schemes is called synthetic identity theft, a type of identity theft that can happen to anyone. Luckily, there are ways to lower the chance of it happening to you. And if it does happen to you, there are a few preventive measures you can take. Plus when you’re able to identify the early signs, you can minimize its damage to your finances and your credit.
Here’s everything you need to know about synthetic identity theft in order to keep your and your family’s information safe.
Synthetic identity theft occurs when a cybercriminal steals a real Social Security Number (SSN) but fabricates the rest of the details that are associated with that SSN, such as the full name and birthdate. With this valid SSN, they’re able to create an entirely new identity and use it to take out loans, apply for credit cards, or even purchase a house.
This form of identity theft is more difficult than traditional identity theft to detect. When a criminal steals someone’s entire identity – their name, birthdate, address, and SSN – there are more flags that could raise the alarm that something is amiss. Additionally, in some cases of synthetic identity theft, cybercriminals play the long game, meaning that they build up excellent credit with their new fake identity for months or even years. Then, once they’ve squeezed as much as they can from that great credit, they rack up huge charges against that credit and flee. It is only then when creditors demand payment that the rightful owner of the SSN finds out their identity was compromised.
Synthetic identity theft can severely damage the credit or finances of the person to whom the SSN truly belongs. It most often occurs to people who don’t closely monitor their credit, such as children, people in jail, or the elderly, but it can happen to anyone.
The signs of synthetic identity theft are a bit different than the signs of regular identity theft. In traditional identity theft, you may receive bills to your address either with someone else’s name on them or for organizations with which you don’t have an account. However, in the case of synthetic identity theft, since the thief makes up an entirely new name and address, you’re unlikely to accidentally get their mail.
The major red flag is if your credit score is drastically lower (or higher) than you remember it being. Did you know that you can request one free credit report per year from each major credit bureau? Get in the habit of ordering reports regularly to keep tabs on your credit and confirm that there are no new accounts that you didn’t create.
Check out these tips on how to protect your identity online to hopefully prevent it from ever happening to you:
McAfee Identity Protection is a comprehensive identity monitoring service that protects your identity and privacy from the fastest-growing financial crimes in America. McAfee can scan risky websites to see if your information was leaked in a recent breach. Additionally, with the new security freeze feature, you can deny access to your credit report, which stops fraudsters from opening new credit cards or bank or utility accounts in your name. Finally, if the worst does happen, McAfee Identity Protection offers up to $1 million in identity theft coverage and restoration.
If you don’t do so already, commit to a routine of monitoring your credit and financial accounts. It only takes a few minutes every month. To fill in the gaps, trust McAfee!
The post What Is Synthetic Identity Theft? appeared first on McAfee Blog.
Wouldn’t it be nice if, along with grades for English, Science, and Algebra this year, our child’s report card included quarterly feedback on their mental health?
Recently, actor Tom Holland of Spider-Man fame reported on his mental health publicly by deleting several of his social media accounts. The actor stated that his social media accounts had become “detrimental” to his mental state and that he “spirals” when he reads things about himself online. He used words like “overstimulating” and “overwhelming.”
And parents were likely “overjoyed” giving cyber high fives all around with Holland’s transparency in talking so publicly about social media’s link to mental health. Because if you are a parent you know.
As we head into a new school year with high hopes in tow, Holland’s decision also challenges us to pay closer attention to how social media could potentially impact our kids’ mental health.
Every child’s maturity and cognitive ability to handle online challenges will differ, so a one-size-fits-all digital wellbeing plan isn’t likely to work. Here are a few insights and tips that may be helpful as you shape the method that works for your family.
Explore healthy social media limits.
Any way you slice it, many unknowns come with every new school year, especially if you have tweens or teens. Social media adds a layer of complexity to those unknowns. However, with some forethought and follow-through, you can navigate those risks one day at a time.
The post Back-to-School: Balancing Social Media & Mental Health appeared first on McAfee Blog.
Welcome back to part 2 of my Metaverse series. If you are after tips and strategies to help your kids navigate the Metaverse safely then you’re in the right place. In this post I’ll share with you how your kids are likely already accessing the Metaverse, the benefits plus how to ensure they have a safe and positive experience. Now, if you’d like a refresher on exactly what the Metaverse is before we get underway, then check out part one here.
If your kids have played Roblox, Fortnite or Minecraft then they have already taken the step into this new virtual frontier. Yes, it’s that easy! But how many kids are playing on these platforms?
So, if you’ve got a couple of kids, tweens or teens in your house, then chances are they have probably already had a Metaverse experience! Or, if not yet, then it won’t be long…
There are actually a lot of similarities between online video games and the Metaverse including the use of avatars and the availability of items to purchase eg a horse in a game or an NFT (non-fungible token) in the Metaverse. However, the biggest difference is that the Metaverse is not just about gaming – it is so much more. In the Metaverse, there are no limitations to the number of participants nor on the type of activity – you can attend meetings, concerts, socialise without the gaming aspect, even undertake study!
There are so many good things about the Metaverse for our kids, particularly from an educational perspective. As a mum of 4, I am really excited at the possibilities the Metaverse will offer our kids. Imagine being able to experience a country in virtual reality – walk around, see the sights, its geographical features. I have no doubt that would enthuse even the most reluctant learners. And a recent US study confirmed this. It found that taking students on a Virtual Reality field trip to Greenland to learn about climate change resulted in higher interest, enjoyment and retention than students who simply watched a traditional 2-D video. How good!
Taking care of my family’s mental health has always been a huge focus of my parenting approach and I am really excited at the great options the Metaverse can offer in the area. As a family, we’ve spent multiple hours using apps like Calm and Headspace to help us meditate and practice mindfulness. But the thought of being able to don a VR headset and be transported to the actual rainforest or the roaring fire that I often listen to, is even more appealing! One of the best parts of the VR experience is that it completely blocks out the ‘real world’ which would make it easier to stay in the flow. Very appealing!
And while we’re talking benefits, let’s not gloss over the potential role the Metaverse can play in fostering empathy and promoting understanding between communities. There is a growing group of digital creators who are designing Metaverse experiences to do this using Virtual Reality. Homeless Realities is a project from the University of Southern California (USC) where students use virtual reality to tell stories, usually of marginalized communities that have been overlooked by traditional journalism. So powerful!
As parents, it’s essential that we add the Metaverse to our list of things to get our head around so we can keep our kids safe. Here are my top tips:
While I very much appreciate you reading this post, it’s important that you take action and get involved – particularly if your kids are already. If your kids are using Minecraft, Fortnite or Roblox – sign up and understand yourself how it all works. If your kids have a VR headset and you’re not sure how it works – ask them for a turn and a lesson. Only by experiencing it for yourself, will you truly understand the attraction but also the pitfalls and risks.
As the Metaverse is still evolving and very much a work in progress, there are very minimal protections in place for users. However, the 3 platforms that tend to attract younger players (Roblox, Minecraft and Fortnite) all have parental control features. So, please direct them here – if you can – as you’ll be able to have more control over their online safety.
Minecraft and Fortnite allow parents to disable chat functions which means your kids can’t communicate with people they don’t know. Roblox will automatically apply certain safety settings depending on the age group of their account. But regardless of what their platform of choice is, always protect your credit card details!! I know Fortnite will only allow kids to make ‘in game’ purchases if these supply credit card details in the checkout.
If your kids are older, it’s likely, you’ll have far less say over where they spend their time in the Metaverse so that’s when your kids will need to rely on their cyber safety skills to help them make safe decisions. Now, don’t assume that your child’s school has ticked the cyber safety box and it’s all been taken care of. Cybersafety needs to be weaved into your family’s dialogue and spoken about regularly. Even from the age of 5, your kids should know that they shouldn’t talk to strangers online or offline, if they see something that makes them upset online then they need to talk to a parent asap and, that they should never share their name or anything that could identify them online.
The goal of this is to make safe online behaviour part of their routine so that when they are faced with a challenging situation anywhere online, they automatically know how to respond. And of course, as kids get older, the advice becomes appropriate to their age.
Most kids are busting to get access to a VR headset but please take some time to do your research to work out which headsets are more suitable for your kids and your lounge room! There are 2 basic types: some that require a ‘tethered’ connection to a PC or standalone models with built-in computing power. The tethered headsets have traditionally delivered a more immersive user experience due to the extra computational power the PC provides however experts predict it won’t be long before standalone headsets are just as good. The biggest selling VR headset, Occulus Quest 2, can in fact connect wirelessly to your PC with the option to connect via a cable in case the game or experience needs extra oomph!
Regardless of which type you choose, it’s important that there is a safe play area in which to use the headset. VR headsets completely removes any visual of the real world so please remove special vases and keepsakes and ensure the dog isn’t roaming around.
‘Cybersickness’ aka motion sickness can be a real issue for some VR users. When you don the headset and are immersed in a different time and space, your body can get very confused. If your brain thinks you are moving (based on what you are seeing through the headset) but in fact you’re standing still, it creates a disconnect that causes enough confusion to make you feel nauseous. If this happens to your kids, consider reducing the time they spend with the headset, having fewer but smaller sessions to get your ‘VR legs’ and checking the VR headset is being worn correctly.
So, it’s over to you now parents: it’s time to get involved and understand this Metaverse once and for all. Always start with the games and experiences your kids spend their time on but when you’re ready, make sure you check out some of the more adult places such as Decentraland or The Sandbox. Who knows, you might just become a virtual real estate tycoon or set up a business that becomes quite the side hustle! The sky is the limit in the Metaverse!
Till next time!
Alex
The post A Parent’s Guide To The Metaverse – Part Two appeared first on McAfee Blog.
Most every parent loves a new school year. Most likely because the beloved milestone offers us a clean slate and a chance to do things better, shape new habits, and close those digital safety gaps.
The hope that fuels change is a powerful thing. However, if you want to ensure your new habits stick, there’s some science you might consider. Psychologists suggest that to make a new change permanent, you should start with smaller, micro-size choices that will lead to sustainable patterns and habits. Micro habits allow you to take safe steps that are too small to fail but effective enough to generate long-term change.
Breaking down the task online safety into bite-sized pieces is a great approach for parents eager to put better habits into play this year. Establishing new ground rules doesn’t have to include restrictions, tantrums, or tears. You can start small, commit to work together, and build your new habits over time.
So often in this blog we offer a combination of practical digital tips proven to work such as robust password protocols, privacy settings, parental controls, smart phone protection, and social network/app safety.
Today, however, we will flip that approach and give you some foundations that will no doubt support and amplify your family’s daily online safety efforts. Ready? Here we go!
We’re all connected 24/7 but to what? Equipping kids to make wise decisions online begins with intentional, face-to-face connection at home with a parent or caregiver. When the parent-child relationship is strong, trust grows, and conversation flows. If and when a challenge arises, your child is more likely to turn to you.
Micro-habit: If your family doesn’t eat dinner together, start with one night a week (stay consistent with the day). Make the dinner table a no-phone zone and spend that time together listening and connecting. Build from there.
The new school year is a chance to get more involved with your child’s day-to-day communities (on and offline), including their teachers, friend groups, or hobbies. If you’ve been on the sidelines in the past, taking a few steps into their world can give you an exceptional understanding of their online life. Knowing where they go and who they know online has never been more critical, as outlined in our recent Connected Family Report.
Micro-habit: Does your child have a favorite app? Download it, look around, and understand the culture.
Summer—coupled with extra time online (often unmonitored)—can wreak havoc on a child’s sleep patterns, which, in turn, wreaks havoc on a family. If you have a tween or teen, ensuring they get the required hours of sleep is a significant way to keep them safe online. Think about it. Fatigue can impair judgment, increase anxiety, impact grades, and magnify moodiness, putting a child’s physical and emotional wellbeing at risk online and off.
Micro-habit: Think about setting a phone curfew that everyone agrees on. Giving your child input into the curfew makes it less of a restriction and more of a health or lifestyle shift. Remember, your child’s device is their lifeline to their peers so cutting them off isn’t a long-term solution.
With kids spending so much time on apps like TikTok, Instagram, Snapchat, and YouTube, those platforms inevitably influence your child more than just about anyone. Be on the lookout for behavior changes in your child that may be connected to digital risks such as cyberbullying, sextortion, gaming addiction, inappropriate content, or connecting with strangers.
Micro-habit: Consider setting time limits that allow your child to enjoy their online hangouts without being consumed or overly influenced by the wrong voices. Apply limits in small blocks at first and grow from there.
Balancing your online life with face-to-face activities and relationships is a must for your child’s physical and emotional wellbeing. But sometimes, striving for that balance can feel overwhelming. Being too stringent can cause big plans to collapse, sending our behaviors in the opposite direction. Balance requires constant re-calibration and pausing to take those small bites.
Micro-habit: Commit to one family outdoor activity together a month. Take a hike, learn to fish, take up tennis. Make the outings phone-free zones. Be consistent with your monthly micro-habit and build from there.
It’s been proven that any change you attempt to make ignites a degree of friction. And prolonged friction can discourage your efforts to stick to new habits. Ignore that noise and keep moving forward. Stay the course parents because this is the year your best intentions take shape.
The post Kicking Off a New School Year with New Online Habits appeared first on McAfee Blog.
“But everyone else has one.”
Those are familiar words to a parent, especially if you’re having the first smartphone conversation with your tween or pre-teen. In their mind, everyone else has a smartphone so they want a one too. But does “everyone” really have one? Well, your child isn’t wrong.
Our recent global study found that 76% of children aged 10 to 14 reported using a smartphone or mobile device, with Brazil leading the way at 95% and the U.S. trailing the global average at 65%.
Our figures show that younger children with smartphones and mobile devices make up a decisive majority of younger children overall.
Of course, just because everyone else has smartphone doesn’t mean that it’s necessarily right for your child and your family. After all, with a smartphone comes access to a wide and practically unfettered world of access to the internet, apps, social media, instant messaging, texting, and gaming, all within nearly constant reach. Put plainly, some tweens and pre-teens simply aren’t ready for that just yet, whether in terms of their maturity, habits, or ability to care for and use a device like that responsibly.
Yet from a parent’s standpoint, a first smartphone holds some major upsides. One of the top reasons parents give a child a smartphone is “to stay in touch,” and that’s understandable. There’s something reassuring knowing that your child is a call or text away—and that you can keep tabs on their whereabouts with GPS tracking. Likewise, it’s good to know that they can reach you easily too. Arguably, that may be a reason why some parents end up giving their children a smartphone a little sooner than they otherwise would.
However, you don’t need a smartphone to do to text, track, and talk with your child. You have alternatives.
One way to think about the first smartphone is that it’s something you ease into. In other words, if the internet is a pool, your child should learn to navigate the shallows with some simpler devices before diving into the deep end with a smartphone.
Introducing technology and internet usage in steps can build familiarity and confidence for them while giving you control. You can oversee their development, while establishing rules and expectations along the way. Then, when the time is right, they can indeed get their first smartphone.
But how to go about that?
It seems a lot of parents have had the same idea and device manufacturers have listened. They’ve come up with smartphone alternatives that give kids the chance to wade into the mobile internet, allowing them to get comfortable with device ownership and safety over time without making the direct leap to a fully featured smartphone. Let’s look at some of those options, along with a few other long-standing alternatives.
These small and ruggedly designed devices can clip to a belt loop, backpack, or simply fit in a pocket, giving you the ability to see your child’s location. In all, it’s quite like the “find my” functionality we have on our smartphones. When it comes to GPS trackers for kids, you’ll find a range of options and form factors, along with different features such as an S.O.S. button, “geofencing” that can send you an alert when your child enters or leaves a specific area (like home or school), and how often it sends an updated location (to regulate battery life).
Whichever GPS tracker you select, make sure it’s designed specifically for children. So-called “smart tags” designed to locate things like missing keys and wallets are just that—trackers designed to locate things, not children.
With GPS tracking and many other communication-friendly features for families, smart watches can give parents the reassurance they’re looking for while giving kids a cool piece of tech that they can enjoy. The field of options is wide, to say the least. Smart watches for kids can range anywhere from devices offered by mobile carriers like Verizon, T-Mobile, and Vodaphone to others from Apple, Explora, and Tick Talk. Because of that, you’ll want to do a bit of research to determine the right choice for you and your child.
Typical features include restricted texting and calling, and you’ll find that some devices are more durable and more water resistant than others, while yet others have cameras and simple games. Along those lines, you can select a smart watch that has a setting for “school time” so that it doesn’t become a distraction in class. Also, you’ll want to look closely at battery life, as some appear to do a better job of holding a charge than others.
Another relatively recent entry on the scene are smartphones designed specifically for children, which offer a great step toward full-blown smartphone ownership. These devices look, feel, and act like a smartphone, but without web browsing, app stores, and social media. Again, features will vary, yet there are ways kids can store and play music, stream it via Bluetooth to headphones or a speaker, and install apps that you approve of.
Some are paired with a parental control app that allows you to introduce more and more features over time as your child as you see fit—and that can screen texts from non-approved contacts before they reach your child. Again, a purchase like this one calls for some research, yet names like Gabb wireless and the Pinwheel phone offer a starting point.
The old reliable. Rugged and compact, and typically with a healthy battery life to boot, flip phones do what you need them to—help you and your child keep in touch. They’re still an option, even if your child may balk at the idea of a phone that’s “not as cool as a smartphone.” However, if we’re talking about introducing mobile devices and the mobile internet to our children in steps, the flip phone remains in the mix.
Some are just phones and nothing else, while other models can offer more functionality like cameras and slide-out keyboards for texting. And in keeping with the theme here, you’ll want to consider your options so you can pick the phone that has the features you want (and don’t want) for your child.
Despite what your younger tween or pre-teen might think, there’s no rush to get that first smartphone. And you know it too. You have time. Time to take eventual smartphone ownership in steps, with a device that keeps you in touch and that still works great for your child.
By easing into that first smartphone, you’ll find opportunities where you can monitor and guide their internet usage. You’ll also find plenty of moments to help your child start forming healthy habits around device ownership and care, etiquette, and safety online. In all, this approach can help you build a body of experience that will come in handy when that big day finally comes—first smartphone day.
The post Smartphone Alternatives: Ease Your Way into Your Child’s First Phone appeared first on McAfee Blog.
Fears and phobias. We all have them. But what are your biggest ones? I absolutely detest snakes but spiders don’t worry me at all. Well, new research by McAfee shows that cybercriminals and the fear of being hacked are now the 5th greatest fear among Aussies.
With news of data breaches and hacking crusades filling our news feed on a regular basis, many of us are becoming more aware and concerned about the threats we face in our increasingly digital world. And McAfee’s latest confirms this with hackers making their way into Australia’s Top 10 Fears.
According to research conducted by McAfee, snakes are the top phobia for Aussies followed by spiders, heights and sharks. Cybercriminals and the fear of being hacked come in in 5th place beating the dentist, bees, ghosts, aeroplane travel and clowns!
Aussie Top 10 Fears and Phobias
Fears and phobias develop when we perceive that we are at risk of pain, or worse, still, death. And while almost a third of respondents nominated snakes as their number one fear, there is less than one-in-fifty thousand chance of being bitten badly enough by a snake to warrant going to hospital in Australia, according to research from the Internal Medicine Journal.
In contrast, McAfee’s analysis of more than 108 billion potential online threats between October and December, identified 202 million of these threats as genuine risks. With a global population of 7.5 billion, that means there is approximately a one in 37 chance of being targeted by cybercrime. Now while this is not a life-threatening situation, these statistics show that chance of us being affected by an online threat is very real.
According to the research, 82% of Aussies believe that being hacked is a growing or high concern. And when you look at the sheer number of reported data breaches so far this year, these statistics make complete sense. Data breaches have affected Bunnings staff, Federal Parliament staff, Marriott guests, Victorian Government staff, QLD Fisheries members, Skoolbag app users and Big W customers plus many more.
Almost 1 in 5 (19%) of those interviewed said their top fear at work is doing something that will result in a data security breach, they will leak sensitive information or infect their corporate IT systems.
The fear that we are in the midst of a cyberwar is another big concern for many Aussies. Cyberwar can be explained as a computer or network-based conflict where parties try to disrupt or take ownership of the activities of other parties, often for strategic, military or cyberespionage purposes. 55% of Aussies believe that a cyberwar is happening right now but we just don’t know about it. And a fifth believe cyber warfare is the biggest threat to our nation.
Being proactive about protecting your online life is the absolute best way of reducing the chances of being hacked or being affected by a data breach. Here are my top tips on what you can now to protect yourself:
Using a password manager to create unique and complex passwords for each of your online accounts will definitely improve your online safety. If each on your online accounts has a unique password and you are involved in a breach, the hacker won’t be able to use the stolen password details to log into any of your other accounts.
Storing your financial data within your browser and being able to populate online forms quickly within seconds makes the autofill function very attractive however it is risky. Autofill will automatically fill out all forms on a page regardless of whether you can see all the boxes. You may just think you are automatically entering your email address into an online form however a savvy hacker could easily design an online form with hidden boxes designed to capture your financial information. So remove all your financial information from Autofill. I know this means you will have to manually enter information each time you purchase but your personal data will be better protected.
One of the easiest ways for a cybercriminal to compromise their victim is by using phishing emails to lure consumers into clicking links for products or services that could lead to malware, or a phoney website designed to steal personal information. If the deal seems too good to be true, or the email was not expected, always check directly with the source.
It’s important to put the right security solutions in place in order to surf the web safely. Add an extra layer of security to your browser with McAfee WebAdvisor.
I know public Wi-Fi might seem like a good idea, but if consumers are not careful, they could be unknowingly exposing personal information or credit card details to cybercriminals who are snooping on the network. If you are a regular Wi-Fi user, I recommend investing in a virtual private network or (VPN) such as McAfee Secure VPN which will ensure your connection is completely secure and that your data remains safe.
While it is tempting, putting our head in the sand and pretending hackers and cybercrime don’t exist puts ourselves and our families at even more risk! Facing our fears and making an action plan is the best way of reducing our worry and stress. So, please commit to being proactive about your family’s online security. Draw up a list of what you can do today to protect your tribe. And if you want to receive regular updates about additional ways you can keep your family safe online, check out my blog.
‘till next time.
Alex x
The post Aussies Fear Snakes, Spiders and Getting Hacked appeared first on McAfee Blog.
Using a VPN on your smartphone can boost your privacy in a big way, particularly with all the data tracking that’s happening out there today.
For some time now, we’ve recommended a VPN when using public Wi-Fi in airports, libraries, hotels, and coffee shops. Given that these are public networks, a determined hacker can snoop on the other devices transmitting data on it. With a VPN, any connection becomes a secure connection, which includes public Wi-Fi. That advice still holds true. Yet there’s a good reason to use it on your smartphone all the time—for your privacy.
Let’s start with a quick look at the two big things a VPN does for you.
The bank-grade encryption used by a strong VPN shields your data and information while it’s in transit, which makes it terrifically difficult for hackers to spy on your connection. (Think of your data and information traveling through a tunnel that no one else can use or see into.) In that way, at VPN makes all kinds of online activities more secure—like banking, shopping, and checking up on your finances.
By masking your whereabouts and your IP address, along with encryption that helps keep your activities private, a VPN reduces the personal information that others can collect and track. That includes internet service providers, social media companies, businesses, app developers, websites, and others who gather your data for marketing purposes or for resale to third parties.
As far as your privacy is concerned, a VPN on a smartphone can be a smart move. There are a couple of reasons for that: first, because of the way smartphones have additional tracking technologies built in, and second, because of all the trackable data we create when using smartphones as frequently as we do—up to six hours per day for some.
As for how your smartphone is built, data collectors can harvest your personal information that reveals what you’re doing, when you’re doing it, and where you’re doing it as well. Several technologies allow them to pinpoint where you are at any given time, such as GPS and location services, along with Bluetooth connectivity and location tracking based on which cell phone tower you’re connected to. Even scanning a QR code with your phone can reveal location information. It can all get rather precise, which is of interest to advertisers, businesses, and even governments.
Next, think about all the activities you do on your phone, with a special emphasis on the apps you use and the data they create, about your health, your shopping habits, your travels, who you’re chatting with, and what content you’re posting online—just to name a few things. Once again, that information in of itself is valuable to data collectors. It becomes even more valuable when they know where you do these things.
Taken together, data broker companies readily gather this information from millions of devices, generating billions of data points, and create massive lists of targeted information. And that information gets quite specific. With some data brokers collecting hundreds and into the thousands of data points per person, they can provide interested buyers with a high-resolution snapshot of who you are, where you live, who’s in your family, your income, where you shop, what you like to buy—right on down to your favorite shampoo. And that’s just for starters.
It’s little surprise that all this data brokering activity fuels a global business estimated at $200 billion U.S. dollars a year.
How’s this happening? In large part by way of the privacy policies you may or may not have read.
Within those policies, device manufacturers, social media companies, app developers, and so on will detail what data they collect, under what conditions, what they do with it, and if they share or resell that data to other parties. However, if you’ve ever taken a dive into the fine print of a privacy policy, what’s stated there isn’t always clear. Now consider all the apps you have on your phone and the privacy policies associated with each one—your personal data privacy picture gets even less clear.
With digital data and information collection baked into so much of what we do online, it’s little wonder that more than 70% of people feel like their data privacy is out of their control.
Yet there are things you can do.
Using a VPN on your smartphone can make you far more anonymous online. A VPN can minimize the data that gets exposed as it transmits to and from your smartphone. As a result, companies and data brokers can potentially learn far less about you, your shopping, your travels, your habits, and any other information that they could possibly collect and otherwise profit from.
While you have free VPN options available, I suggest steering clear of them. As with many “free” services, there’s going to be some catch, often involving data collection. For example, some so-called “free VPNs” have served up tracking malware or actually collected private data and information for sale—the very things you want a VPN to prevent.
Given that this is your privacy we’re talking about, do a little background check. Has the VPN you’re considering been independently audited for security? The technology that powers ours undergoes a thorough audit every year. Search news articles and see if the VPN you’re looking at has a track record of collecting and selling data in any way. Again, with our VPN technology, we don’t log or track what you do online so your online activity remains private.
What about the information that’s already out there? Our Personal Data Cleanup can help you remove your personal information from high-risk data broker sites, so you can prevent it from being further collected and sold online. If you’re unsure if your data and information are out there, consider what one major data brokers has touted in the past—a reach of over 62 countries and the ability to reach over 2.5 billion consumers globally. With 5 billion internet users today, that accounts for half of the world’s online population. And that’s just one data broker alone.
Moreover, consider that data brokers acquire plenty of information from places other than your smartphone and other connected devices. They skim and collate public records associated with you, information purchased from retailers with loyalty card programs, not to mention census data, court records, and motor vehicle records. And that’s just a few of the many sources. Using our Personal Data Cleanup can help remove those sorts of records too.
Together, the combination of a VPN and Personal Data Cleanup can help you become far more private than before. With so much of our digital lives getting collected, tracked, and tabulated, often without our knowledge thanks to confusing privacy policies, taking control of your privacy makes sense and only gets easier to do thanks to the tools and services available to you.
The post Privacy, please! Why a VPN on your smartphone may be a smart move for you. appeared first on McAfee Blog.
Authored by Oliver Devane and Vallabh Chole
September 9, 2022 Update: Since the original publication of this blog on August 29, 2022, the Flipshope browser extension was updated in the Chrome Store on September 6, 2022 with a version that no longer contains the potentially harmful features originally discussed in this blog.
September 30, 2022 Update: Since the original publication of this blog on August 29, 2022, the AutoBuy browser extension was updated in the Chrome Store on September 17, 2022 with a version that no longer contains the potentially harmful features originally discussed in this blog.
A few months ago, we blogged about malicious extensions redirecting users to phishing sites and inserting affiliate IDs into cookies of eCommerce sites. Since that time, we have investigated several other malicious extensions and discovered 5 extensions with a total install base of over 1,400,000
The extensions offer various functions such as enabling users to watch Netflix shows together, website coupons, and taking screenshots of a website. The latter borrows several phrases from another popular extension called GoFullPage
Apart from offering the intended functionality, the extensions also track the user’s browsing activity. Every website visited is sent to servers owned by the extension creator. They do this so that they can insert code into eCommerce websites being visited. This action modifies the cookies on the site so that the extension authors receive affiliate payment for any items purchased.
The users of the extensions are unaware of this functionality and the privacy risk of every site being visited being sent to the servers of the extension authors.
The 5 extensions are
| Name | Extension ID | Users |
| Netflix Party | mmnbenehknklpbendgmgngeaignppnbe | 800,000 |
|
Netflix Party 2 |
flijfnhifgdcbhglkneplegafminjnhn | 300,000 |
|
FlipShope – Price Tracker Extension
|
adikhbfjdbjkhelbdnffogkobkekkkej | 80,000 |
|
Full Page Screenshot Capture – Screenshotting
|
pojgkmkfincpdkdgjepkmdekcahmckjp | 200,000 |
| AutoBuy Flash Sales | gbnahglfafmhaehbdmjedfhdmimjcbed | 20,000 |
This section contains the technical analysis of the malicious chrome extension ‘mmnbenehknklpbendgmgngeaignppnbe’. All 5 extensions perform similar behavior.
The manifest.json sets the background page as bg.html. This HTML file loads b0.js and this is responsible for sending the URL being visited and injecting code into the eCommerce sites.
The b0.js script contains many functions. This blog will focus on the functions which are responsible for sending the visited URLs to the server and processing the response.
Chrome extensions work by subscribing to events which they then use as triggers to perform a certain activity. The extensions analyzed subscribe to events coming from chrome.tabs.onUpdated. chrome.tabs.onUpdated will trigger when a user navigates to a new URL within a tab.
Once this event triggers, the extension will set a variable called curl with the URL of the tab by using the tab.url variable. It creates several other variables which are then sent to d.langhort.com. The POST data is in the following format:
| Variable | Description |
| Ref | Base64 encoded referral URL |
| County | The county of the device |
| City | The city of the device |
| Zip | The zip code of the device |
| Apisend | A random ID generated for the user. |
| Name | Base64 encoded URL being visited |
| ext_name | The name of the chrome extensions |
The random ID is created by selecting 8 random characters in a character set. The code is shown below:
The country, city, and zip are gathered using ip-api.com. The code is shown below:
Upon receiving the URL, langhort.com will check if it matches a list of websites that it has an affiliate ID for, and If it does, it will respond to the query. An example of this is shown below:
The data returned is in JSON format. The response is checked using the function below and will invoke further functions depending on what the response contains.
Two of the functions are detailed below:
If the result is ‘c’ such as the one in this blog, the extension will query the returned URL. It will then check the response and if the status is 200 or 404, it will check if the query responded with a URL. If it did, it would insert the URL that is received from the server as an Iframe on the website being visited.
If the result is ‘e’, the extension would insert the result as a cookie. We were unable to find a response of ‘e’ during our analysis, but this would enable the authors to add any cookie to any website as the extensions had the correct ‘cookie’ permissions.
The images below show the step-by-step flow of events while navigating to the BestBuy website.
Here is a video of the events
We discovered an interesting trick in a few of the extensions that would prevent malicious activity from being identified in automated analysis environments. They contained a time check before they would perform any malicious activity. This was done by checking if the current date is > 15 days from the time of installation.
This blog highlights the risk of installing extensions, even those that have a large install base as they can still contain malicious code.
McAfee advises its customers to be cautious when installing Chrome extensions and pay attention to the permissions that they are requesting.
The permissions will be shown by Chrome before the installation of the extension. Customers should take extra steps to verify the authenticity if the extension is requesting permissions that enable it to run on every website you visit such as the one detailed in this blog
McAfee customers are protected against the malicious sites detailed in this blog as they are blocked with McAfee WebAdvisor as shown below.
The Malicious code within the extension is detected as JTI/Suspect. Please perform a ‘Full’ scan via the product.
| Type | Value | Product | Detected |
| Chrome Extension | Netflix Party – mmnbenehknklpbendgmgngeaignppnbe | Total Protection and LiveSafe | JTI/Suspect |
| Chrome Extension | FlipShope – Price Tracker Extension – Version 3.0.7.0 – adikhbfjdbjkhelbdnffogkobkekkkej | Total Protection and LiveSafe | JTI/Suspect |
| Chrome Extension |
Full Page Screenshot Capture
pojgkmkfincpdkdgjepkmdekcahmckjp |
Total Protection and LiveSafe | JTI/Suspect |
| Chrome Extension | Netflix Party 2 – flijfnhifgdcbhglkneplegafminjnhn | Total Protection and LiveSafe | JTI/Suspect |
| Chrome Extension | AutoBuy Flash Sales gbnahglfafmhaehbdmjedfhdmimjcbed | Total Protection and LiveSafe | JTI/Suspect |
| URL | www.netflixparty1.com | McAfee WebAdvisor | Blocked |
| URL | netflixpartyplus.com | McAfee WebAdvisor | Blocked |
| URL | goscreenshotting.com | McAfee WebAdvisor | Blocked |
| URL | langhort.com | McAfee WebAdvisor | Blocked |
| URL | Unscart.in | McAfee WebAdvisor | Blocked |
| URL | autobuyapp.com | McAfee WebAdvisor | Blocked |
The post Malicious Cookie Stuffing Chrome Extensions with 1.4 Million Users appeared first on McAfee Blog.
“Congratulations, you’re a winner!”
“Did you know this public figure is trying to make your life worse? Click here for what they don’t want you to know.”
“Save thousands today with just one click!”
Spam and bot accounts on social media are everywhere. You’ve likely encountered messages like these that attempt to get you to click on links or to stir your emotions in a frenzy. While bot accounts are usually more of an annoyance than anything, when they’re allowed to run rampant, they can quickly become dangerous to your personally identifiable information (PII) and create an emotionally charged mob mentality.
Here’s what you should know about bot accounts, including how to steer clear of menacing ones, plus a reminder to watch what you share on (and with) social media sites.
Bot accounts are software-automated accounts that try to blend in and act like a real user. They post updates and follow other users, though there isn’t a real person behind the account. A spam account is a type of bot account that attempts to gain financially from its automated posts. Everyday people should be wary of social media bot accounts because they can be used to disseminate false information or phishing scams.
One whistleblower of a social media giant recently divulged that the platform isn’t prioritizing deactivating bot accounts.1 This apathy sparks concerns about the company’s commitment to the security of its users. In the whistleblower’s same report, he stated that the social media site isn’t taking the necessary steps to protect itself from potential inside threats and it had fallen victim to at least 20 breaches in 2020 without reporting the incidents to the proper authorities.
Some bot accounts aren’t malicious (merely an annoying tactic by companies to spread the word about their business), but it’s best to give all of them a wide berth and never click on any links in their posts. Those links could direct to unsecured outside sites laden with malware or drop you in the middle of a phishing scheme.
You can often spot a malicious bot account by the tone of its messages. They’ll often try to inspire intense emotions, such as excitement, sadness, or rage, and attempt to get users to act or share the post. Do not engage with them, not even to argue their points. When you engage or share these posts with your network, it spreads false information and could dangerously manipulate public opinion.2
Here are a few ways you can take your cybersecurity into your own hands when you can’t be sure that social media sites are looking out for the safety of users’ information:
You can’t trust every company to look out for the safety of your personal information, but one organization you can trust is McAfee. McAfee Total Protection is a comprehensive identity and privacy protection solution for your digital life. Great social media habits go a long way toward keeping you safe online, and you can rest assured knowing that McAfee can fill in the gaps. McAfee Total Protection offers antivirus, identity monitoring, and security freeze in the case your information is leaked in a breach or a bot account gets ahold of key details.
Keep on sharing your life’s milestones with your closest friends and family online. The next time you update your status, flag any suspicious accounts you come across, so everyone can enjoy social media confidently!
1NBC News, “Twitter whistleblower alleges major security issues”
2Journal of Information Technology & Politics, “Harass, mislead & polarize: An analysis of Twitter political bots’ tactics in targeting the immigration debate before the 2018 U.S. midterm election”
The post Here’s How to Steer Clear of Bot Accounts on Social Media appeared first on McAfee Blog.
In this career-journey series, Internal Audit Manager Chris shares his recent journey joining the McAfee finance team and why he is always learning something new in his role.
I’m an Internal Audit Manager. Essentially, I work with my McAfee colleagues to understand the processes we follow and run tests to confirm everything is happening as it should.
Sometimes people find audits intimidating, but I do my best to reassure people that there are no hidden tricks and I respect their time. We’re just making sure things are going according to plan and we’re fulfilling our responsibilities.
In a typical day, I have three priorities: Dad, Work, Gym.
I’m normally up at 6 a.m. to cook breakfast for my son and myself, and then drop him off at school. His favorite is bacon and eggs! Since I work with people around the world, I catch up on emails and then review the day’s work and catch up with my team. From there, most of my day is spent in meetings with McAfee colleagues or external auditors.
Somewhere in the day I get in a one-hour workout. It’s tough to do sometimes, but I’d say I get to the gym 90% of the time. It’s a great reset for me: a time where I can focus on me and putting my body to the test.
And, of course, I pick up my son from school and have Dad Time! That’s really my day in repeat. It seems like the same thing but feels different every day. I’m always meeting new people and puzzling through different problems. Every day is a fresh challenge.
After interviewing with my future co-workers, I was excited to join the company. I thought, “Oh, this company is fun!” The culture seemed to be a place where not only do you get to come for work, but also have sense of community within it.
Also, it was a chance to work for a great boss. I knew she was a great boss because I worked for her before. She gives you the vision, then gives you the freedom to explore and get the work done. You really get to own your work. I appreciate that.
At McAfee, employees are a top priority. You’re not just a robot who has to work-work-work. It’s okay to have fun and take 10 minutes out to see how others are doing.
I like the way the company comes together to have contests and other fun activities. In Finance, we recently had a scavenger hunt with 70 people. It was great seeing the faces of people you’ve only talked to on the phone.
Another way we engage each other is with a recognition program called Bravo! You can write a letter to someone saying hey, I appreciate you. That makes you feel more valued as an employee.
I also like the quarterly updates we get from leaders. At other companies, I’ve seen that done once a year. It’s nice to hear from the CEO every quarter about what’s going on in the organization.
There are two parts that make my role so rewarding. The first is I enjoy interacting with people and have a passion for learning. In this job, you hear so many cool stories, and I’m exposed to so many different areas and processes in across the business. There’s always something new to learn. It makes every day different.
Secondly, at McAfee I’m part of the McAfee African Heritage Community (MAHC). We get together and talk about things we want to share with other Community members and the rest of McAfee. I’ve met people I never would run into otherwise. That’s important to me as someone who’s fairly new to McAfee plus having worked remote all this time. It’s very cool to be part of a company that supports having communities.
Honestly, my job is always outside my comfort zone. There’s always a new problem to be solved. But I like that. The way I see it, if you’re comfortable, you aren’t growing. You need to do something you haven’t done before to move to the next level.
As an auditor, I’m always helping others understand the audit process and how to provide solid information, so the audit goes well.
One of the most helpful skills I have developed during my career is communication. I need to establish a rapport quickly in my work so we can work well together. Everybody is different, right? Some are more direct, some are more indirect, and some people are more casual than others. You always need to adjust when you meet people. Good communication skills help prevent misunderstandings, which is especially important in a global company like McAfee with so many different cultures.
Embrace change! Change is just another way to grow, learn, and realize potential you didn’t know you had. Look at it as an opportunity. Raise your hand up when problems arise and take on that tough problem. The person who fixes the problem is the person everyone remembers.
The post Embrace change! Chris’s McAfee Journey appeared first on McAfee Blog.
Data brokers are companies that collect your information from a variety of sources to sell or license it out to other businesses. Before they can pass your data along, brokers analyze it to put you into specific consumer profiles. Consumer profiles help businesses suggest products you might like and create targeted marketing campaigns based on your interests.
Companies who buy data from brokers use it for things like marketing or risk mitigation. For example, if you’re a guitarist, a guitar manufacturer might try to reach you with an ad for their instruments. If you’re in the market for car insurance, insurance providers might use your personal information to do a background check so they can assess the risk that you’ll be in a car accident.
While businesses don’t typically use your information maliciously, there are risks involved with having your personal data spread online. There might be certain details you don’t want to share with the world, like health or criminal records or financial issues.
Having your data featured online can also expose it to cybercriminals who might use it for identity theft. Sometimes, hackers can even breach information that’s stored in an information broker’s database. When a criminal has your data, they might be able to access your financial accounts, use your credit to secure a loan, or even use your insurance to receive medical care.
This article shows you how to remove your information from data broker sites and protect your data privacy online.
There are various ways for a data broker to access your personal information. Some of these information sources are offline. For example, a broker can peruse public records to view your voter registration information.
Other information sources that brokers use are online. For instance, a broker might track your buying history to see which products you’re likely interested in.
Below are some of the top sources data brokers use to collect consumer information.
Data brokering is a worldwide industry that brings in around $200 billion annually. An estimated 4,000 data broker companies exist. The largest data broker companies include organizations like Acxiom, Experian, and Epsilon.
Most data broker sites will give you the ability to have your personal information removed from their database — but don’t expect it to be easy.
You might have to follow a multi-step process to opt out of a broker site. Even after your information is removed, you may have to repeat the process periodically.
Different regions have different laws when it comes to protecting consumer data. The European Union has the General Data Protection Regulation (GDPR), which gives consumers the right to request that a company deletes any personal information they have stored.
In the United States, states have to create their own laws to safeguard consumer privacy. States like Colorado and California have enacted laws that allow consumers to have their personal information removed from data broker sites.
The next few sections go over steps you can follow to get your information removed from various data broker sites. Many broker sites allow you to opt out of their data collection and advertising programs.
Opting out can prevent brokers from collecting and sharing your information and help you avoid intrusive ads for things like pre-approved credit cards.
The first thing you’ll have to do is visit each data broker’s site that has your information. Some of the biggest data broker sites that might have your information include:
While these are some of the largest data broker sites around, this list is by no means exhaustive. There’s a large number of data-sharing sites out there. For example, people-search sites like PeekYou, Spokeo, and Whitepages, let average consumers search through databases of personal information.
It may seem counterintuitive to sign up for an account with a broker when all you want is to delete your information from their site, but most data brokers require you to register with them to opt out of data collection.
You’ll likely have to create an account with every data broker you want to opt out of. Unfortunately, this will require you to give the brokers some personal information, like your name, email address, and possibly a picture of your driver’s license. Cross out your license number if you have to send a photo of your ID.
After creating an account with a broker, you’ll likely have to visit their portal to find out whether they have your personal information listed. Checking to see what every data broker has listed about you can be a time-consuming process.
Services like DeleteMe and Kanary will delete your information from data brokers. However, most of these sites charge a fee, and they only delete your information from a select number of sites. For example, DeleteMe removes your information from 36 different data broker sites.
You should also be aware that some data broker sites don’t allow third parties to request for information to be deleted on behalf of consumers.
You’ll have to make a separate removal request for every data broker site you want to opt out of. Some data brokers make the process more difficult than others. Remember that data companies are always collecting records, so you may need to repeat the process of removing your information from data broker sites annually.
Here’s how to opt out of some of the largest data brokering companies we mentioned earlier:
The data broker industry is enormous. A data brokerage can collect a wealth of information about you from a huge number of sources, and provide that information to businesses that use it to do things like design targeted marketing campaigns for their ideal consumers.
Brokers can share sensitive information that you want to keep private, like medical data. Having your personal information floating around the internet makes it easier for cybercriminals to use it for personal gain.
By opting out of information-sharing programs, you can protect your online privacy, reduce the number of intrusive advertisements and emails you receive, and make it less likely that identity thieves will target you.
One of the best ways to protect yourself online is to use quality security software. When you sign up for McAfee’s Total Protection services, you’ll get features like award-winning antivirus software, 24/7 account monitoring, a secure virtual private network (VPN), and up to $1 million in identity theft coverage and restoration.
When it comes to protecting your privacy online, McAfee has your back.
The post How to Remove Personal Information From Data Broker Sites appeared first on McAfee Blog.
Our phones store a lot of personal data, including contacts, social media account details, and bank account logins. We use our smartphones for everything under the sun, from work-related communication to online shopping.
However, like computer viruses, our phones can be vulnerable to malware. Viruses are a type of malware that replicate themselves and spread throughout the entire system. They can affect your phone’s performance or, worse, compromise your sensitive information so that hackers can benefit monetarily.
In this article, we give you a rundown of viruses that can infect your phone and how you can identify and eliminate them. We also provide some tips for protecting your phone from viruses in the first place.
iPhones and Android devices run on different operating systems. So, there are differences in the viruses that affect each type of mobile device and how resistant each operating system is to viruses.
Viruses have a harder time penetrating iOS because of its design (although iOS hacks can still happen). By restricting interactions between apps, Apple’s operating system limits the movement of an iPhone virus across the device. However, if you jailbreak your iPhone or iPad to unlock tweaks or install third-party apps, then the security restrictions set by Apple’s OS won’t work. This exposes iPhone users to vulnerabilities that cybercriminals can exploit.
While Android phones are also designed with cybersecurity in mind, their reliance on open-source code makes them an easier target for hackers. Android devices allow users to access third-party apps not available in the Google Play Store.
Cybercriminals today are sophisticated and can launch a variety of cyberattacks on your smartphone. Some viruses that can infect your phone include:
Smartphones and computers get viruses in a similar way. The most common include:
Now that you know how your phone could be the target of a virus, look out for these seven signs to determine if your device has been infected with malicious software.
Most pop-up ads don’t carry viruses but are only used as marketing tools. However, if you find yourself shutting pop-up ads more often than usual, it might indicate a virus on your phone.
Don’t open any apps in your library that you don’t remember installing. Instead, uninstall them immediately. These apps tend to carry malware that’s activated when the app is opened or used.
Your phone isn’t built to support malware. When you accidentally download apps that contain malware, the device has to work harder to continue functioning. In this case, your phone might be overheating.
If your contacts receive unsolicited scam emails or messages on social media from your account, especially those containing suspicious links, a virus may have accessed your contact list. It’s best to let all the recipients know that your phone has been hacked so that they don’t download any malware themselves or forward those links to anybody else.
An unusually slow-performing device is a hint of suspicious activity on your phone. The device may slow down because it needs to work harder to support the downloaded virus. Alternatively, unfamiliar apps might be taking up storage space and running background tasks, causing your phone to run slowly.
Be sure to follow up on charges on your credit card or transactions in your banking statements that you don’t recognize. It could be an unfamiliar app or malware making purchases through your account without your knowledge.
A sudden rise in your data usage or phone bill can be suspicious. A virus might be running background processes or using your internet connection to transfer data out of your device for malicious purposes.
An unusually quick battery drain may also cause concern. Your phone will be trying to meet the energy requirements of the virus, so this problem is likely to persist for as long as the virus is on the device.
You may have an inkling that a virus is housed inside your phone, but the only way to be sure is to check.
An easy way to do this is by downloading a trustworthy antivirus app. The McAfee Mobile Security app scans for threats regularly and blocks them in real time. It prevents suspicious apps from attaching themselves to your phone and secures any public connections you might be using.
If you detect a virus on your iPhone or Android device, there are several things you can do.
It’s never too late to start caring for your phone. Follow these tips to stay safe online and help reduce the risk of your phone getting a virus.
McAfee Mobile Security is committed to keeping your mobile phone secure, whether it’s an iPhone or Android device. In addition to regularly scanning your phone to track suspicious activity, our technology responds to threats in real time. Our comprehensive tools also secure your internet connections and let you browse peacefully. Using our app makes sure that your phone and data are protected at all times.
So, what are you waiting for? Download McAfee Mobile Security today!
The post 7 Signs Your Phone Has a Virus and What You Can Do appeared first on McAfee Blog.
Today, we publish our annual Impact Report. In our 2021 report, we highlight initiatives and share stories about our progress in creating a more inclusive workplace, supporting our communities, and protecting the planet.
Reflecting on 2021, it’s easy to see it was a monumental year for McAfee. Our business underwent an incredible transformation — we divested our Enterprise business and McAfee emerged as a worldwide leader for online protection, empowering individuals and families to live a safer life online. We also kicked off our journey to become a privately held company.
As we accelerate our journey as a dedicated consumer business and I evaluate our strides since our first report in 2018, I am humbled by our progress. In the last year, we’ve seen our representation for women reach 30.9% overall and for underrepresented professionals reach 14.8 percent. In addition, we’ve seen a 40% increase in the proportion of women promoted to director and above in the last year.
We maintained pay parity for women globally and underrepresented professionals in the U.S with our most recent audit revealing no disparities. We rolled out a new inclusion and awareness training and were recognized as the best company for multicultural women and dads. We prioritized our people’s well-being with a rollout of the Calm app, fitness challenges, and a week focused on wellness.
All the while, McAfee rose to meet the increased needs of our community with laptop donation programs and employee giving campaigns. We also made progress for sustainability redefining how and where we work.
However, it’s not lost on me that 2021 followed a year fraught with challenges that didn’t disappear with the end of 2020. And today, we continue to live and work against the backdrop of a global pandemic, respond to acts of racial injustice, and hear undeniable lived experiences of hate and intolerance.
It’s fueled our desire to do better. We know there is so much work to do and our responsibility to create an equitable workplace and world has never been greater. It’s the right thing to do and a business imperative—we rely on the fresh ideas and unique perspectives of the people of McAfee. Truthfully, it’s their tenacity and resiliency that inspire me.
Whether it’s showing up for one another during a COVID-19 surge, asking for more resources to become a better ally, or rallying around each other to prioritize health, our people are exceptional.
As we progress in 2022, grow as a consumer-focused business, and welcome our new President and CEO Greg Johnson, we will have the opportunity to take all we’ve learned and help turn our aspirations into reality. We will invest in our people, our community, and our planet, but also ask what we can do better.
I invite you to read our 2021 Impact Report to see our progress and our commitment.
The post McAfee launches Impact Report: How we’re doing and the opportunities ahead appeared first on McAfee Blog.
Many people opt for encrypted messaging services because they like the additional layers of privacy they offer. They allow users to message their closest friends, family, and business partners without worrying about a stranger digitally eavesdropping on their conversation. The same people who message over encrypted services and apps are likely also diligent with securing their internet connections and using a VPN.
Despite all those safeguards, everyday people are left in the lurch when the companies with which they entrust their information are victims of cyberattacks. That was the case for users of the encrypted messaging app, Signal. Due to a phishing attack and subsequent leak of customer phone numbers, people are looking to identify potential consequences, protect themselves from SIM swapping, monitor their identity, and take measures to make sure their information is safe in the future.
A recent cyberattack targeted Signal, an end-to-end encrypted messaging service.1 The attackers exposed about 1,900 phone numbers belonging to Signal users. While other personally identifiable information (PII), message history, and contact lists were spared, valid phone numbers in the hands of a cybercriminal can be enough to wreak havoc on affected users.
It is likely that another recent and successful phishing scheme at Twilio was the entry point for the Signal hackers. (Signal partners with Twilio to send SMS verification codes to people registering for the Signal app.) At Twilio, phishers tricked employees into divulging their credentials.
To rectify the situation and protect users, Signal is contacting affected users and asking them to re-register their devices. Also, the company is urging all users to enable registration lock, which is an additional security measure that requires a unique PIN to register a phone with Signal.
There are many lessons not only companies but everyday people can learn from the Signal and Twilio hacks. Here are some ways you can take action at the first signs of a compromised phone number and to help prevent cyber-events like this from happening to you.
SIM swapping occurs when a cybercriminal gets ahold of your cellphone number and a few other pieces of your PII and registers your phone number to a device and a new SIM card that isn’t yours. If they successfully reregister your phone number, they can then access your data, change account passwords, and lock you out of your most important accounts.
Luckily, since most of us use our phones every day, SIM swapping is usually detected quickly. If your phone isn’t connecting to the network and you’re not receiving calls and texts, it could be a sign that your wireless provider may have reassigned your number to an impersonator. In this case, contact your wireless provider immediately.
To make SIM swapping nearly impossible, always turn on multifactor authentication. Also known as MFA, multifactor authentication is a method many online accounts use to ensure that only the authorized user can gain entry. This could entail sending a one-time code by email or text, prompting security questions, or scanning for fingerprint or facial recognition in addition to asking for the account password. MFA is an additional layer of security that’s quick to implement. The extra few seconds it takes to type in a code or stand still for a facial scan is well worth the frustration is causes cybercriminals.
These days, everyone has dozens of online accounts for everything from banking and shopping to streaming services and gaming. Since you can’t predict which company is going to be breached next, limit the number of possible doors a cybercriminal could break through to access your PII. In the Signal hack, it was their third-party vendor that was likely the cause of the leaked phone numbers. This unpredictability means it’s best to limit sharing your PII with as few accounts as possible. A great practice is to regularly organize your online accounts and deactivate the ones you no longer use.
A phishing attack seems to have been the first domino to fall in the Twilio and Signal incident. It could’ve been prevented if everyone followed this absolute rule: Never share your password! Your employer nor your bank nor the IRS, for example, will ever ask you for your password to an online account. If you receive correspondence asking you to share your password, no matter how official it looks, do not comply.
Phishers often lace their electronic correspondences with an urgent or authoritarian tone, threatening severe consequences if they don’t receive a response within a short timeframe. This is a ploy to get people to act too quickly without thinking through the request. If you receive a message that outlines dire consequences for seemingly small infractions, step away from the message for at least 15 minutes and think it through. Stay calm and follow up through official channels, such as a listed phone number on the organization’s website or a customer service chat room, to iron out the alleged situation instead.
Diligent cybersecurity habits go a long way toward keeping you and your family’s PII out of the hands of malicious characters. However, in the case you trust a company with your information but it’s leaked in a breach, McAfee Total Protection can give you peace of mind. McAfee Total Protection offers premium security in various areas including antivirus, identity monitoring, secure VPN, Protection Score, and Personal Data Cleanup. Its advanced monitoring abilities are faster and offer broader detection for your identity. Plus, McAfee Total Protection can cover you up to $1 million in identity theft restoration.
Keep your eyes peeled for cybersecurity news and breaches that may have affected your PII. From there, take action and leverage McAfee services to help you fill in the gaps.
1The Hacker News, “Nearly 1,900 Signal Messenger Accounts Potentially Compromised in Twilio Hack”
The post Encrypted Messaging Service Hack Exposes Phone Numbers appeared first on McAfee Blog.
We’ve all heard about the Metaverse. And there’s no doubt it has certainly captured the attention of the world’s biggest companies: Facebook has changed its name to Meta, Hyundai has partnered up with Roblox to offer virtual test drives, Nike has bought a virtual shoe company and Coca-Cola is selling NFT’s there too. (Non-Fungible Tokens – think digital assets).
But if you are confused about exactly what this all means and most importantly, what the metaverse actually is, then you are not alone. I’m putting together a 2-part series for parents that will help us get a handle on exactly what this new digital frontier promises and what we need to know to keep our kids safe. It will also ensure we don’t feel like dinosaurs! So, let’s get started.
I think the best way of describing the Metaverse is that it’s a network of online 3D virtual worlds that mimic the real world. Once users have chosen their digital avatar, they can meet people, play games, do business, design fashion items, buy real estate, attend events, earn money, rear a pet – in fact, almost anything they can do in the ‘real’ world! And of course, all transactions are via cryptocurrencies.
If you are an avid Science Fiction reader, then you may have already come across the term in the 1992 novel ‘Snow Crash’ by Neal Stephenson. In the book, Stephenson envisions a virtual reality-based evolution of the internet in which his characters use digital avatars of themselves to explore the online world. Sounds eerily familiar, doesn’t it?
Still confused? Check out either the book or Steven Spielberg’s movie adaption of Ernest Cline’s Ready Player One. Set in 2045, the book tells the story of people living in a war-ravaged world on the brink of collapse who turn to OASIS, a massively multiplayer online simulation game that has its own virtual world and currency. In the OASIS, they engage with each other, shop, play games and be transported to different locations.
The best and most immersive way to access the metaverse is using a Virtual Reality (VR) headset and your internet connection, of course. VR headsets completely take over users’ vision and replace the outside world with a virtual one. Now, this maybe a game or a movie but VR headsets have their own set of apps which once downloaded, allows users to meditate, learn piano, work out at the gym or even attend a live concert in the metaverse!
Now access to the Metaverse is not just limited to those who own expensive headsets. Anyone with a computer or a smartphone (that is internet connected) can also have a metaverse experience. Of course, it won’t be as intense or immersive as the VR headset experience but it’s still a commonly used route to access the metaverse. Some of these ‘worlds’ suggest users can access their world using smartphones however experienced users don’t think this is a good idea as phones don’t have the necessary computational power to explore the metaverse properly.
As some of the most popular metaverse worlds can be accessed using your computer, why not check out Decentraland, The Sandbox, Somnium or even Second Life. In most of these worlds, users don’t have to create an account or spend money to start exploring however if you want the full experience then you’ll need to do so.
Entering the metaverse doesn’t cost anything, just like going on the internet doesn’t cost anything – apart from your internet connection and hardware, of course! And don’t forget that if you want a truly immersive 3D experience, then you might want to consider investing in a VR headset.
But, if you do want to access some of the features of the metaverse and invest in some virtual real estate or perhaps buy yourself a Gucci handbag, then you will need to put your hand into your virtual pocket and spend some of your virtual dollars. But the currency you will need depends entirely on the metaverse you are in.
Decentraland’s currency MANA is considered to be the most commonly used currency in the metaverse and also one of the best to invest in, according to some experts. MANA can be used to buy land, purchase avatars, names, wearables, and other items in the Decentraland marketplace.
The Sandbox has a different currency, SAND, which is also used to buy items from The Sandbox marketplace. This is the second most popular currency however be prepared to buy the currency of the world you choose to spend your time in.
Now, I totally appreciate that the whole concept of the Metaverse is a lot to get your head around. But if you have a tribe of kids, then chances are they are going to want to be part of it so don’t put it in the too-hard basket. Take some time to get your head around it: do some more reading, talk to your friends about it and check out some of the metaverses that you can access from your PC. Nothing beats experiencing it for yourself!
In Part 2, I will be sharing my top tips and strategies to help us, parents, successfully guide our kids through the challenges and risks of the metaverse. So watch out for that.
Till, next time – keep researching!
Alex x
The post A Parent’s Guide To The Metaverse – Part One appeared first on McAfee Blog.
The first day of school is right around the corner. The whole family is gearing up for a return to the routine: waking up to alarm clocks at dawn, rushed mornings, learning all day, and after-school activities and homework all night.
Even though everyone is in a frenzied state, now is a great time to slow down and discuss important topics that may arise during the school year. Parents and guardians know their children are tech savvy, just by looking at their thumbs fly across keyboards; however, that doesn’t necessarily mean that they’re cyber-savvy.
To make sure we’re all on the same page, here are our definitions of tech savvy and cyber savvy:
According to McAfee research, children cited that their parents are best suited to teach them about being safe online when compared to their teachers and online resources. Here are common scenarios your child, tween, or teen will likely encounter during the school year, plus some tips and tools you can share to make sure they are safe online.
It’s now common practice for school systems to communicate with students and their guardians over email, whether that’s through a school-issued email address or a personal one. Your student should know that phishers often impersonate institutions with authority, such as the IRS, banks, and in their case, a school. Put your children on alert to the most common signs of a cybercriminal phishing for valuable personally identifiable information (PII). These signs include:
If your child ever receives a suspicious-looking or -sounding email, they should start an entirely new email chain with the supposed sender and confirm that they sent the message. Do not reply to the suspicious email and don’t click on any links within the message.
An excellent nugget of wisdom you can impart is the following: Never divulge your Social Security Number over online channels and never give out passwords. If someone needs your SSN for official purposes, they can follow up in a method other than email. And no one ever needs to know your password.
With a return to the school year routine comes a flood of back-to-school social media posts and catching up electronically with friends. If your child owns a social media profile (or several!), alert them to the various social media engineering tactics that are common to each platform. Similar to phishing schemes, social media scams are usually “time sensitive” and attempt to inspire strong emotions in readers, whether that’s excitement, fear, sadness, or anger.
Alert your child that not everything they read on social media is true. Photos can be doctored and stories can be fabricated in order to prompt people to click on links to “donate” or “sign a petition.” You don’t have to discourage your child from taking a stand for causes they believe in; rather, urge them to follow up through official channels. For instance, if they see a social media post about contributing to save the rainforest, instead of donating through the post, contact a well-known organization, such as the World Wildlife Fund and inquire how to make a difference.
More and more school systems are entrusting school-issued connected devices to students to use in the classroom and to bring home. Other districts have BYOD (or bring your own device) policies where students can use personal family devices for school activities. In either case, device security is key to keeping their information safe and maintaining the integrity of the school system’s network. Families don’t want to be the weakest link in the school system and are responsible for a town-wide education network breach.
Here are three ways to protect any device connected to the school network:
These conversations are great to start at the dinner table or on long, boring car rides where you’re most likely to get your child’s undivided attention. Don’t focus so much on the fearful consequences or punishment that could result from poor cyberhabits. Instead, emphasize how easy these steps and tools are to use, so it would be silly not to follow or use them.
The post Back to School: Tech Savvy vs. Cyber Savvy appeared first on McAfee Blog.
Earlier this year, our global Connected Family Study revealed the online habits of parents and their children. What we found called for a closer look.
One finding that leaped out, in particular, is—cyberbullying occurs far more often than parents think. And in many cases, children are keeping it from their parents.
Now with our follow-on research, we set out to answer many of the questions families have about cyberbullying. Where it happens most, who’s most affected, and are children cyberbullying others without even knowing it?
Our report, “Hidden in Plain Sight: More Dangers of Cyberbullying Emerge,” provides insights into these questions and several more. We’ll cover the top findings here in this blog, while you can get the full story by downloading the report here.
Even as stay-at-home mandates in 2020 and 2021 saw children exposed to more cyberbullying while they spent more time online, our ten-country survey found that concerns about cyberbullying in 2022 are even higher today:
And just as the level of concern is high, the findings show us why. Families reported alarming rates of racially motivated cyberbullying, along with high rates of attacks on the major social media and messaging platforms.
Additionally, children shared insights into who’s doing the bullying (it’s largely people who know them) and more than half are the ones doing the bullying—and they don’t even realize it.
Further findings include:
Our research further revealed how the face of cyberbullying takes on different form around the globe. From nation to nation, the influences of polarized politics, racial relations, and different traditions in parent-child relationships shape and re-shape the forms of cyberbullying that children see.
Each of our ten nations surveyed set themselves apart with trends of their own, some of them including:
These new findings reflect the concerns of parents and children alike—cyberbullying remains a pervasive and potentially harmful fact of life online, particularly as racism and other severe forms of cyberbullying take rise.
Without question, cyberbullying endures as a persistent growing pain that the still relatively young internet has yet to shake.
The solution is arguably just as complex as the factors that give cyberbullying its shape—cultural, regional, technological, societal, even governmental. Addressing one factor alone won’t curb it. Significantly curtailing cyberbullying for an internet that’s far safer than it is today requires addressing those factors in concert.
While we recognize that tall order for what it is, and as a leader in online protection, we remain committed to it.
With these findings, and continued research to come, our aim is to further an understanding of cyberbullying for all—whether that’s educators, technology innovators, policymakers, and of course parents. With this understanding, programs, platforms, and legislation can put protections in place that still allow for companies to innovate and create platforms that people love to use. Safely and securely.
The post More Dangers of Cyberbullying Emerge—Our Latest Connected Family Report appeared first on McAfee Blog.
Let’s be honest – many of us parents aren’t big fans of gaming. In fact, some of us have probably even been known to roll our eyes or groan when we think about just how long our kids spend playing online games. But if there is one thing I’ve learned after 25 years of parenting, it’s that taking the time to look at a stressful family situation from the perspective of my children, can be very powerful. In fact, it can almost always fast track finding a mutually agreeable work-around for everyone – and gaming is the perfect example.
We have all read about how online gaming can provide players with regular hits of dopamine – a neurotransmitter in the brain that becomes active when you participate in fun and pleasurable activities. Now I am not disputing this for a moment – I’ve witnessed it firsthand! However, it is important to remember that dopamine increases whenever we do anything enjoyable – pop a square of chocolate in our mouth or watch our favorite sporting team win – not just when we play online games.
Many online games have cleverly designed built-in reward systems, and many experts believe that it is the combination of dopamine and reward that probably best explains why our kids are such gaming fans. Now, these reward systems are intentionally unpredictable so players are aware they will eventually get a reward, but they have no idea as to when or how often it is coming – so they are compelled to keep playing! Very clever!
In my opinion, gaming also fills several other needs in our children – the need to belong, to feel competent and be independent. And while we may have had these needs addressed very differently in the 70’s and 80’s – hanging at the bus stop, mastering the Rubix cube and not being helicopter parented, our batch of digital natives will often use gaming as their go-to solution.
When many of us parents think about our kids’ online gaming, our initial thought is ‘how do we make our kids stop’. But I can you this isn’t the right approach. Online gaming isn’t going anywhere. So, taking the time to see gaming from your child’s perspective and understand why it is such a big part of their life is where you need to focus your energy. I guarantee this will further strengthen your relationship with your child and help you introduce rules that they will better respect.
Let’s take a moment to channel the great Atticus Finch from To Kill a Mockingbird and focus on his words of inspiration for us all: ‘“You never really understand a person until you consider things from his point of view…until you climb into his skin and walk around in it.” Ah yes – very wise words!
So, if you are keen to stop gaming being a negative issue in your family, here are my top tips to help you get it under control and stop it causing family tension:
1. Change Your Thinking
If you find yourself thinking ‘how do I get my kids to stop gaming’, you’re barking up the wrong tree. Gaming isn’t going anywhere and as parents, we don’t want to drive an unnecessary wedge between ourselves and our kids. Instead, commit to having an open mind. Think ’Ok, let’s give this gaming thing a go’.
When the time is right, ask your kids what their favourite games are and why. Your aim is to get them talking. You could even do your research in advance and drop in the names of a few popular games to ask them about. ‘My work friend’s son plays Roblox, do you know much about that?’
Even if you aren’t that interested, I promise, playing along will open your eyes. You’ll better understand how the game’s reward system works and what it feels like to get a shot of digital dopamine! And most importantly, it will be great for your relationship with your child. By taking the time to play with them, you are showing that you are interested in their life and their hobbies.
4. Educate Yourself About All Thing Gaming
When your kids started their social media journey, chances are you spent a little time familiarising yourself with the various platforms they joined. Well, you need to adopt the same approach with their gaming life too. Here are a few areas to focus on:
5. Introduce Fair, Age-Appropriate Rules Around Gaming
Once you’ve taken the time to understand your child’s gaming life, cleared your mind of any unnecessary negative gaming thoughts and done your research, why not put together a set of family rules for gaming? You may like to consider a family tech agreement and have a separate section for gaming. Or you may prefer to keep it more casual and have the rules written on the fridge or shared in the family group chat. Regardless of what you choose, ensure that you introduce these boundaries when everyone is calm and in a good head space NOT when you’re in the middle of a verbal stoush!
You could choose to give your children a set amount of time they can use each week on gaming and then let them choose when to use it or you allocate a small time everyday once they’ve completed homework and chores. When my boys were younger, I didn’t allow gaming Monday – Thursday but after school Friday was always quite the gaming fest – a reward for getting through the school week. Do what works for your family!
There’s no question that this digital parenting gig is complicated. Trying to help your kids find the right balance between embracing the online world and offline world can often feel hard to get right. But if you’re ever in doubt about whether you’re on track when it comes to managing your kids’ gaming, always ask yourself – have I kept an open mind? Have I taken the time to talk to my kids and understand their gaming life? Are the gaming rules fair? And, if you have answered yes, then I have every confidence that you have the right approach to ensuring gaming is a positive part of your family’s life.
The post How To Get Your Head Around Your Kids’ Online Gaming Life appeared first on McAfee Blog.
Here’s one way you can help reduce your chances of identity theft: remove your personal information from the internet.
And chances are, you have more personal information posted online than you think.
According to the U.S. Federal Trade Commission (FTC), consumers registered 1.4 million identity theft complaints in 2021, all part of a year where consumers reported losing $5.8 billion to fraud overall—a 70% increase over the year prior.
What fuels all this theft and fraud? Access to personal information.
Scammers and thieves can get a hold of personal information in several ways, such as through phishing attacks that lure you into handing it over, malware that steals it from your devices, by purchasing your information on dark web marketplaces, or as a result of information leaked in data breaches, just to name a few.
However, scammers and thieves have other resources to help them commit theft and fraud—data broker sites, places where personal information is posted online for practically anyone to see. Which makes removing your info from them so important, from both an identity and privacy standpoint.
Think of data broker sites as huge repositories of personal information. Search your name and address online and you’ll see. You’ll likely find dozens of sites that turn up information about you, some of which offer a few pieces for free and others that offer far more information for a price.
Data brokers collect and then aggregate personal information from several sources, including:
Data brokers also buy personal information from other data brokers. As a result, some data brokers have thousands of pieces of data for billions of individuals worldwide.
What could that look like? A broker may know how much you paid for your home, your education level, where you’ve lived over the years and who your lived with, your driving record, and possibly your political leanings. A broker may also know your favorite flavor of ice cream and your preferred over-the-counter allergy medicine thanks to information from loyalty cards. Further, they may also have health-related information from fitness apps. The amount of personal information can run that broadly, and that deeply.
With information at this potential level of detail, it’s no wonder that data brokers rake in an estimated at $200 billion U.S. dollars worldwide every year.
On the legitimate side, it’s used by advertisers to create targeted ad campaigns. With information sold by data brokers, they can generate lists based on highly specific criteria, such as shopping histories, personal interests, and even political leanings as mentioned above. Likely without you being aware of it—and likely with no way to contest that information if it’s incorrect.
Other legitimate uses include using these sites for background checks. Law enforcement, reporters, and employers will use data brokers as a starting point for research because the leg work has largely been done for them. Namely, data brokers have aggregated a person’s information already, which is an otherwise time-consuming process.
If this seems a little shady, it’s still legal. As of now, the U.S. has no federal laws that regulate data brokers or require data them to remove personal information if requested. A few states, such as Nevada, Vermont, and California, have legislation in place aimed at protecting consumers. Meanwhile, the General Data Protection Regulation (GDPR) in the European Union has stricter rules about what information can be collected and what can be done with it. Still, the data broker economy thrives.
On the darker side, scammers and thieves use personal information for identity theft and fraud. With enough personal information gathered from enough sources, they can create a high-fidelity profile of their victims. One that gives them enough information to open new accounts in their name.
So, from the standpoint of both privacy and identity, cleaning up your personal information online makes a great deal of sense.
Let’s review some ways you can remove your personal information from data brokers and other sources on the internet.
The process starts with finding the sites that have your information. From there, you can request to have it removed. Yet as mentioned above, there are dozens and dozens of these sites. Knowing where to start is a challenge in of itself, as is manually making the requests once you have identified the sites that post and sell information about you.
Our Personal Data Cleanup can do the work for you. Personal Data Cleanup scans some of the riskiest data broker sites and shows you which ones are selling your personal info. It also provides guidance on how you can remove your data from those sites and can even manage the removal for you depending on your plan. It also monitors those sites, so if your info gets posted again, you can request its removal again.
As of September 2022, Google accounts for just over 92% of search engine market share worldwide. Aside from being a search engine, Google offers a myriad of other services and applications, such as Gmail and Google Maps. While Google offers plenty of tools for productivity, travel, work, and play for free, they still come at a cost—the gathering and analysis of your personal information.
You can limit the data Google associates with you by removing your name from Google search results with a removal request. This will disable anyone online from getting any results if they search your name. (Note that this will not remove your information from the original sites and sources where it’s posted.) Moreover, Google collects all your browsing data continuously. You have the option to turn on “Auto Delete” in your privacy settings to ensure that the data is deleted regularly and help limit the amount of time your sensitive data stays vulnerable.
You can also occasionally delete your cookies or use your browser in incognito mode to prevent websites from being tracked back to you. Go to your Google Chrome settings to clear your browser and cookie history.
As discussed above, data brokers can collect information from public social media profiles. You can minimize your presence on social media to the bare minimum. Make a list of the ones you use or have used in the past. If there are old accounts that you no longer use or websites that have gone by the wayside like Myspace or Tumblr, you may want to deactivate them or consider deleting them entirely.
For social media platforms that you still may use regularly, like Facebook and Instagram, consider adjusting your privacy settings to ensure that your personal information on these social media platforms is the bare minimum. For example, on Facebook you can lock your profile, while on Instagram you can stay private.
If you’ve ever published articles, written blogs, or created any content online, it might be a good time to consider taking it down if it is no longer serving a purpose. Depending on what you’ve posted, you may have shared personal details about your life. Additionally, you might be mentioned by other people in various social media posts, articles, or blogs. It is worth reaching out to these people to request them to take down posts with sensitive information.
Social media and online articles that host your personal information are often used when businesses or hackers are doing “internet scrapes” to find better ways to use your targeted information. Asking your friends or third-party sites to remove that information can help protect your privacy.
Another way you can tidy up your digital footprint online involves deleting all the unnecessary phone apps that you no longer need or use. Even when apps are not open or in use, they may be able to track personal information such as your real-time location and even your payment details if you have a paid subscription to the app.
Some apps even sell this data as it can be extremely advantageous to other companies, which they use to target certain consumer segments and profiles for advertising. Try to share as little information with apps as possible if you’re looking to minimize your online footprint, and provide them access to your photos, contacts, and location only on as-needed basis and only when the app is in use. Your phone’s app and location services settings will give you the tools to do it.
In addition to the steps above, comprehensive online protection software can keep you more private and minimize your risk of cybercrime. It can include:
So while it may seem like all this rampant collecting and selling of personal information is out of your hands, there’s plenty you can do to take control. With the steps outlined above and strong online protection software at your back, you can keep your personal information more private and secure.
The post 5 Steps to Removing Your Personal Information From the Internet appeared first on McAfee Blog.
Whether using the internet for play or work, you want to spend your time online enjoying the peace of mind that comes with having a secure network.
You don’t want to contend with someone taking your personal data — whether it’s credit card information, passwords, or bank account details — via malware or a data breach on your Android, Windows, or Apple iOS device.
Fortunately, with some sensible precautions and simple steps, you can use your connected devices productively without worrying about cybercriminals and malicious software. This article explains how to stop hackers from getting access to your sensitive data.
You can take steps to protect your different computing and mobile devices and operating systems. These steps can be divided into technological solutions and the right awareness and information to provide a comforting measure of self-protection.
It’s like learning karate for self-defense, giving you confidence as you negotiate the wider world (and hoping that you never have to use it).
When it comes to identity protection software, McAfee provides a proven solution with our identity protection and privacy services. The protection includes alerts if your sensitive information is found on the dark web (up to 10 months sooner than other providers), personal data cleanup from sites gathering and selling your information, and an unlimited virtual public network (VPN) service that protects your privacy as you use public Wi-Fi networks.
You’ll also get up to $1 million in identity theft coverage and hands-on restoration support to help you reclaim your identity.
Simple, obvious passwords and passcodes (like your street address, your birthday, your kids’ or pets’ names, or “1234” or “abcd”) are easy for cybercriminals to crack, giving them unwanted access to your private data.
The stronger your password, the better your protection. Some best password practices include:
It’s important not to be a standing target. Just as you should use different passwords for everything, you should regularly change your passwords. You should do this a few times a year (although some cyber experts say this might not be necessary if you have a long and very complicated password).
If you have a number of passwords that you update often, it might be worth getting a password manager like McAfee True Key to keep track of them. Not only will you not be faced with remembering all your different passwords or writing them down (also a no-no), but it can also help you create and store unique passwords.
The software uses the strongest encryption algorithms available to protect your passwords, scrambling them so no one else can access them. It’ll also suggest new passwords and automatically log you into your online accounts with just one master password.
Another important line of defense is multi-factor authentication (sometimes known as two-factor authentication). This system uses a password and a second piece of verification — often an SMS message sent to your Android device or iPhone — to authenticate your identity.
This provides hard-to-beat protection even if a hacker has your password. Besides receiving SMS codes, there are also code-generating apps and physical security keys.
Thinking before you click on an email or text is a very important defense against phishing scams. Your bank won’t send you an email or text notifying you that there’s been suspicious activity on your account.
Does getting a large refund from your phone company sound too good to be true? It is. Similarly, the Internal Revenue Service (IRS) won’t text to tell you that you owe them money, and princes aren’t going to give you a fortune out of the blue.
Internet users beware: If you’re not absolutely certain that the text message you received is from a legitimate and trusted source, delete it. You can always contact the business or person directly to confirm that the message is legit.
Any operating system or app you use is open to malicious cyberattacks. This is why you should keep all your software up to date with the latest versions. Software developers are continually fixing holes in their products and offering cybersecurity patches to make them as safe and hacker-proof as possible.
Make sure your software, firmware, and security settings are up to date on your home’s Wi-Fi router, as well. You can often change your settings to allow for automatic updates.
Sure, who doesn’t like to go to a cafe, library, or hotel lobby to use the free Wi-Fi? But security is often weak in these public networks. If you open your online banking account or access personal information, you may unwittingly be giving a personal invitation to eavesdropping cybercriminals.
This is where the bank-grade level of protection of McAfee Secure VPN comes in, which automatically turns on when you need it and keeps you safe on public Wi-Fi networks.
Even if your device does get hacked, you can protect vital information on your Windows or macOS system with an encryption program like BitLocker or FileVault. You can protect any hard drive you use, including portable ones and USB keys.
It’s also a good idea to only shop at encrypted websites marked with the prefix “HTTPS” in their URLs.
One of the best ways to surf the web in comfort while keeping hackers at bay is with the comprehensive solutions provided by McAfee Total Protection.
Your protection includes proactive measures (meaning we’ll guide you to the best choices for prevention), early detection, and expert identity theft support.
This means you’ll get identity monitoring, up to $1 million in identity theft coverage, lost wallet protection, premium antivirus software, a secure VPN, and personal data removal. In particular, our Personal Data Cleanup service will help find and remove your personal information from data broker websites and people search sites.
With McAfee, you don’t have to be afraid of hackers. Let us deal with them.
The post How to Stay One Step Ahead of Hackers appeared first on McAfee Blog.
Your digital footprint grows with every internet account you make. While your old Tumblr account may be fun for reminiscing, dormant accounts are actually one of the most significant sources of user data on the internet. These accounts can be used by data brokers or third parties to access your personal information.
To improve your data security, it’s good practice to remove public-facing information by deleting unused accounts. Simply put, having less personal data stored on the internet reduces the risk of theft and/or non-consensual data usage.
Deleting, canceling, unsubscribing, or removing your account can be a long process, depending on the service. This article will walk you through the simplest ways to delete unwanted accounts from various social media platforms.
Deleting unwanted accounts protects your information and prevents the monetization of your data. Your internet accounts often hold personal information like your name, age, email, or home address. What’s more alarming is that some platforms may even have credit card details, phone numbers, and bank account information.
When left unattended, internet accounts become vulnerable to being suspended or taken over by the platform. This means that if your accounts are left inactive for too long, you might be handing some or all of your data over to the tech platform.
For example, even if you believe an old Google account doesn’t have any sensitive information stored, it may be linked to other platforms you use (like Amazon or Google services like Gmail and Google Play). This exposes all of these accounts to several data privacy vulnerabilities.
Moreover, a recent survey found that 70% of surveyed adults admitted using the same password for more than one service. People who don’t use password managers or reuse passwords are at a greater security risk than others, as multiple accounts can become compromised at once. Whether the platform is now out of service or you are cutting down on your app usage, deleting dormant accounts will minimize security threats and safeguard your data.
Every platform has a different process for deleting accounts: Some take only a few clicks to complete and others are a little longer. Companies usually don’t want a user to stop using their services, so account deletion pages are often hidden in a complex web of tabs that you have to navigate.
In addition, some subscription services might require that you send an email to customer support to close your account. You can go to justdelete.me, an online directory that lets you access direct links to account deletion pages of various web services.
Remember to download your personal information and data before pulling the plug on your account. Most platforms let you download your data before initiating a deletion request, which saves you from losing important details and files. It is also important to check whether your Google account is used for your YouTube channel or connected to other online accounts.
To help you get rid of accounts you no longer use, we’ve broken down deleting accounts from some of the most popular social networks. The steps described below are for a desktop browser and may not apply to Android or iOS devices (unless specified).
Facebook’s user privacy policy enables it to store a large amount of user information, including personal messages, posts, search history, name, age, birthdate, and even metadata from posted photos and videos.
Follow these simple steps to delete your Facebook account:
LinkedIn collects information on users and uses it for targeted advertising. As a result, it amasses quite a lot of your data, from professional details to personal preferences and even your online behavior trail.
Follow these simple steps from your desktop to delete your account:
It’s simple to delete your Twitter account, but you’ll have to wait 30 days for your data and tweets to clear. To delete your account, you first need to deactivate it.
Once you’ve decided to delete your account from the micro-blogging site, follow these steps from your desktop:
Remember to revoke third-party access to your Twitter account to avoid having your account reactivated in the 30 days following deactivation.
Since Facebook and Instagram are both owned by Meta, they share a lot of data for targeted advertising. You can adjust the privacy settings of your Instagram account from the mobile app, but you will need to log in from a web browser like Chrome to delete your account.
To delete your Instagram account:
Your information and data will be permanently deleted after 30 days and you won’t be able to retrieve it. However, completing a deletion process may take up to 90 days.
Tumblr has a fairly simple process to delete your account:
Follow these steps to delete your account from the popular picture-sharing platform:
Pinterest servers continue to store your data after deletion, but your information won’t be visible to other users.
There are different steps to deleting your email account depending on which email service you use. Backing up email data usually takes more time because of the sheer volume of data a mail account can hold.
Complete the following steps to delete your Google account:
Here’s what you need to do to delete your Yahoo email account:
Deleting your Yahoo account also deletes the linked information from Yahoo’s other services.
Follow these steps to delete your Microsoft account on Outlook 2010, 2013, or 2016:
Leaving old information scattered across the internet makes you susceptible to identity theft. There are multiple ways to keep your identity and data secure online, including McAfee’s Total Protection plan.
Total Protection lets you choose from multiple affordable subscription models that provide comprehensive security against identity theft and potential data breaches and offers web protection and several related benefits. In addition, having access to 24/7 online security experts and a 30-day money-back guarantee make the Total Protection plan an easy, reliable, and safe choice. You can also have peace of mind with McAfee’s Personal Data Cleanup feature where our teams will work to find your personal information online and assist in removing it.
The post How to Delete Old Accounts Containing Personal Information appeared first on McAfee Blog.
Private tech companies gather tremendous amounts of user data. These companies can afford to let you use social media platforms free of charge because it’s paid for by your data, attention, and time.
Big tech derives most of its profits by selling your attention to advertisers — a well-known business model. Various documentaries (like Netflix’s “The Social Dilemma”) have attempted to get to the bottom of the complex algorithms that big tech companies employ to mine and analyze user data for the benefit of third-party advertisers.
This article will help you better understand what information is being collected by tech companies, how it’s being used, and how you can protect your privacy online.
Tech companies benefit from personal information by being able to provide personalized ads. When you click “yes” at the end of a terms and conditions agreement found on some web pages, you may be allowing the companies to collect the following data:
For someone unfamiliar with privacy issues, it is important to understand the extent of big tech’s tracking and data collection. Once these companies collect data, all this information can be supplied to third-party businesses or used to improve user experience.
The problem with this is that big tech has blurred the line between collecting customer data and violating user privacy in some cases. While tracking what content you interact with can be justified under the garb of personalizing the content you see, big tech platforms have been known to go too far. Prominent social networks like Facebook and LinkedIn have faced past legal trouble for accessing personal user data like private messages and saved photos.
The information you provide helps build an accurate character profile and turns it into knowledge that gives actionable insights to businesses. Private data usage can be classified into three cases: selling it to data brokers, using it to improve marketing, or enhancing customer experience.
Along with big data, another industry has seen rapid growth: data brokers. Data brokers buy, analyze, and package your data. Companies that collect large amounts of data on their users stand to profit from this service. Selling data to brokers is an important revenue stream for big tech companies.
Advertisers and businesses benefit from increased information on their consumers, creating a high demand for your information. The problem here is that companies like Facebook and Alphabet (Google’s parent company) have been known to mine massive amounts of user data for the sake of their advertisers.
Marketing can be highly personalized thanks to the availability of large amounts of consumer data. Tracking your response to marketing campaigns can help businesses alter or improve certain aspects of their campaign to drive better results.
The problem is that most AI-based algorithms are incapable of assessing when they should stop collecting or using your information. After a point, users run the risk of being constantly subjected to intrusive ads and other unconsented marketing campaigns that pop up frequently.
Analyzing consumer behavior through reviews, feedback, and recommendations can help improve customer experience. Businesses have access to various facets of data that can be analyzed to show them how to meet consumer demands. This could help improve any part of a consumer’s interaction with the company, from designing special offers and discounts to improving customer relationships.
For most social media platforms, the goal is to curate a personalized feed that appeals to the users and allows them to spend more time on the app. When left unmonitored, the powerful algorithms behind these social media platforms can repeatedly subject you to the same kind of content from different creators.
Here are the big tech companies that collect and mine the most user data.
Users need a comprehensive data privacy solution to tackle the rampant, large-scale data mining carried out by big tech platforms. While targeted advertisements and easily found items are beneficial, many of these companies collect and mine user data through several channels simultaneously, exploiting them in many different ways.
It’s important to make sure your personal information is protected. Protection solutions like McAfee’s Personal Data Cleanup feature can help. With this feature, our teams scour the web for traces of your personal information and assist in getting it removed to enhance your online privacy.
McAfee’s Total Protection provides antivirus software for all of your digital devices and a secure VPN connection to avoid exposure to malicious third parties while browsing the internet. Our identity monitoring and personal data removal solutions further remove gaps in your devices’ security systems.
With our airtight data protection and custom guidance (complete with a protection score for each platform and tips to keep you safer), you can be sure that your internet identity is protected.
The post What Personal Data Do Companies Track? appeared first on McAfee Blog.
Authored by Oliver Devane
Technical Support Scams have been targeting computer users for many years. Their goal is to make victims believe they have issues needing to be fixed, and then charge exorbitant fees, which unfortunately some victims pay. This blog post covers a number of example actions, that scammers will go through when they are performing their scams. Our goal is to educate consumers on the signs to look out for, and what to do if they believe they are being scammed.
For a tech support scammer to reach their victims, they need to first find them (or be found by them). One technique we see includes scammers creating Twitter or other social media accounts that post messages claiming to be from the official technical support site. For example, a Twitter account will post a tweet with the hashtags #McAfee and #McAfeeLogin to drive traffic to the tweet and make victims believe the links are legitimate and safe to click.
Scammers behind tech support scams can create very convincing websites which mimic the official ones.
Some fraudulent websites use the McAfee logo or other company logos to try trick individuals. They often invite clicking on a ‘LOGIN’ or ‘ACTIVATE’ link with a similar color scheme to official sites to appear legitimate.
These sites may then ask the victim to enter their real username, password, and phone number. Upon entering these details, websites will usually show an error message to make the victim believe there is an issue with their account.
The error message will usually contain a link that upon clicking will load a chat box where the scammers will initiate a conversation with the victim. At this point, the scammers will have the phone number and email address associated with the victim. They will use this to contact them and make them believe they are an official technical support employee.
The scammer’s next objective is often to gain access to the victim’s computer. They do this so that they can trick the victim into believing there is an issue with their computer and that they need their support services to fix it.
The scammers will do this by either asking the victim to enter a URL that will result in the download of a remote access tool or by providing them with a link in the chat window if they are still speaking to them on the fake support website.
A remote access tool will enable the scammer to take complete control of the victim’s machine. With this, they will be able to remove or install software, access personal data such as documents and cryptocurrency wallets as well as dump passwords from the web browsers so they can then access all the victim’s accounts.
It is vital to not provide remote access to your computer to unknown and unverified individuals, as there could be a big risk to your personal data. Some examples of remote access tools that have legitimate uses but are often used to perpetrate fraud are:
If the scammers are given access to the victim’s machine, they will often make use of the command filename cmd.exe to perform some visual activity on the computer screen which is done to attempt to trick the individual into believing that some malicious activity is occurring on their computer or network. Most people will be unaware of the filename cmd.exe and the actions being used,and thus will be none the wiser to the scammer’s actions.
Here are some examples we have seen scammers use:
Changing the title of cmd.exe to ‘network scanner’ or ‘file scanner’ to make the victim believe they are running a security tool on their machine.
Scammers will make use of standard functions within the cmd.exe file, to make their victims believe they are performing lots of activity. One of these functions is ‘dir’ which will display all the files for a specific directory. For example, if you have a folder called ‘school work’ and have 2 word documents in there, a ‘dir’ query of that folder will appear like this:
What the scammers will do is make use of ‘dir’ and the title function to make you believe they are scanning your machine. Here is an example of running ‘dir’ on the all the files on a machine with the cmd.exe title set to ‘File Scanner’:
A similar function to ‘dir’ called ‘tree’ may also be used. The ‘tree’ function will display directory paths and will generate lots of events on the screen:
Some scammers will also add their phone number to the taskbar of the victim’s machine. They do this by creating a new folder with the phone number as the name and adding it as a toolbar. This is shown in the image below
Scammers may install other software on the victim’s machine or make them believe that they have installed additional software which they will then be charged for.
For example, some scammers may add programs to the desktop of victims which have no purpose, but the scammers insist they are legitimate security tools such as firewalls or network scanners.
Some example filenames are:
The scammers will usually perform some activity on your machine before asking for payment. This is done to build confidence in their work and make you believe they have done some activity and therefore deserve some sort of payment. Do not be fooled by scammers who have not performed any useful activity. As detailed in the previous sections, be careful not to fall victim to fake social media accounts or websites.
This section contains a few signs to look out for which may indicate that you are interacting with a scammer.
Some scammers will become rude and very short with you if you start questioning what they are doing. They may say that you are not technical and do not understand what is occurring. This would not be the behavior of a legitimate technical support operative.
Scammers will encourage you to leave the machine and remote connection on even if you need to go out and leave it unattended. Do not under any circumstances do this as they would then be free to do any activity they wish on your machine and network.
Some files added to your machine by the scammer may be detected by the AV security software. They may act like this is an error and the file is innocent. If you have initiated a remote connection and the controller creates a file on your machine which is detected by the security software, we recommend ceasing the interaction as detailed below.
The following steps should be performed if you believe you are being scammed as part of a tech support scam.
If the machine is connected via a network cable, the easiest way is to unplug it. If the machine is connected via Wi-Fi, there may be a physical switch that can be used to disconnect it. If there is no physical switch, turn off Wi-Fi through the settings or the computer. It can be powered down by pressing the power button.
Hang up the phone (or end the chat) and do not answer any more calls from that number. The scammer will try to make you believe that the call is legitimate and ask you to reconnect the remote-control software.
If the scammer was controlling your machine, the remote-control software will need to be removed. If the computer was powered down, it can be powered back up, but if a popup is shown asking for permission to allow remote access, do not grant it.
The remote software can usually be removed by using the control panel and add/remove programs. To do this, press the Windows key and then perform a search for ‘remove’ and click on ‘Add or remove programs’.
Sort the programs by install date as shown below and then remove the remote software by clicking on the ‘Uninstall’ button. Keep in mind that the software installed on your computer may appear by a different name, but if you look at what was installed on the same day as the scammer initiated the remote control session, you should be able to identify it.
Some scammers may add exclusions for the files they create on your computer so that they are not detected by the security software. We recommend checking the exclusions and if any are present which were not added by yourself to remove them.
A guide for McAfee customers is available here
After removing any software which was installed, we recommend updating your security software and performing a full scan. This will identify any malicious files created by the scammer such as password stealers and keyloggers.
After performing a full scan, we recommend changing all of your passwords as the scammer may have gathered your credentials while they had access to your computer. It is recommended to do this after performing a full scan as the scammers may have placed a password stealer on the computer and any new passwords you enter may also be stolen.
This blog post contains a number of examples that scammers may use to trick consumers into believing that they may have issues with their devices. If you are experiencing issues with your computer and want to speak to official McAfee support, please reach out via the official channel which is https://service.mcafee.com/.
The McAfee support pages can also be accessed directly via the McAfee Total Protection screen as shown below:
McAfee customers utilizing web protection (including McAfee Web Advisor) are protected from known malicious sites.
The post Technical Support Scams – What to look out for appeared first on McAfee Blog.
Our personal and professional lives are becoming increasingly intertwined with the online world. Regular internet usage has made us all prone to cyber-security risks. You leave a digital footprint every time you use the internet, which is a trace of all your online activities.
When you create new accounts or subscribe to different websites, you give them explicit (or implicit, through their family of apps or subsidiary websites) access to your personal and credit card information. In other cases, websites might track basic information without your knowledge, such as your location and search history.
There is an industry of data brokers specifically dedicated to keeping track of user data, packaging it, and supplying it to tech companies who use it to run targeted ads and enhance on-platform user experience. Given the widespread use of the internet and exponential improvements in technology, data has become a valuable commodity — creating a need for the sale and purchase of user data.
This article discusses how data brokers sell your personal information and how you can minimize risk.
Data brokers are companies that aggregate user information from various sources on the internet. They collect, collate, package, and sometimes even analyze this data to create a holistic and coherent version of you online. This data is then supplied to tech companies to fuel their third-party advertising-centered business models.
Companies interested in buying data include but are not limited to:
These companies and social media platforms use your data to better understand target demographics and the content with which they interact. While the practice isn’t unethical in and of itself (personalizing user experiences and creating more convenient UIs are usually cited as the primary reasons for it), it does make your data vulnerable to malicious attacks targeted toward big-tech servers.
Most of your online activities are related. Devices like your phone, laptop, tablets, and even fitness watches are linked to each other. Moreover, you might use one email ID for various accounts and subscriptions. This online interconnectedness makes it easier for data brokers to create a cohesive user profile.
Mobile phone apps are the most common way for data brokerage firms to collect your data. You might have countless apps for various purposes, such as financial transactions, health and fitness, or social media.
A number of these apps usually fall under the umbrella of the same or subsidiary family of apps, all of which work toward collecting and supplying data to big tech platforms. Programs like Google’s AdSense make it easier for developers to monetize their apps in exchange for the user information they collect.
Data brokers also collect data points like your home address, full name, Social Security number, phone number, and date of birth. They have automated scraping tools to quickly collect relevant information from public profiles.[Text Wrapping Break]
Lastly, data brokers can gather data from other third parties that track your cookies or even place trackers or cookies on your browsers. Cookies are small data files that track your online activities when visiting different websites. They track your IP address and browsing history, which third parties can exploit. Cookies are also the reason you see personalized ads and products.
Data brokers collate your private information into one package and sell it to “people search” websites like Spokeo or TruePeopleSearch. You or a tech business can use these websites to search for people and get extensive consumer data. People search sites also contain public records like voter registration information, marriage records, and birth certificates. This data is used for consumer research and large-scale data analysis.
Next, marketing and sales firms are some of data brokers’ biggest clients. These companies purchase massive data sets from data brokers to research your data profile. They have advanced algorithms to segregate users into various consumer groups and target you specifically. Their predictive algorithms can suggest personalized ads and products to generate higher lead generation and conversation percentages for their clients.
We tend to accept the terms and conditions that various apps ask us to accept without thinking twice or reading the fine print. You probably cannot proceed without letting the app track certain data or giving your personal information. To a certain extent, we trade some of our privacy for convenience. This becomes public information, and apps and data brokers collect, track, and use our data however they please while still complying with the law.
There is no comprehensive privacy law in the U.S. on a federal level. This allows data brokers to collect personal information and condense it into marketing insights. While not all methods of gathering private data are legal, it is difficult to track the activities of data brokers online (especially on the dark web). As technology advances, there are also easier ways to harvest and exploit data.
Vermont and California have already enacted laws to regulate the data brokerage industry. In 2018, Vermont passed the country’s first data broker legislation. This requires data brokers to register annually with the Secretary of State and provide information about their data collection activities, opt-out policies, purchaser credentialing practices, and data breaches.
California has passed similar laws to make data brokering a more transparent industry. For risk mitigation of data brokerage, the Federal Trade Commission (FTC) has published reports and provided recommendations to Congress to reduce the engagement of data broker firms. Giving individuals the right to opt-out of the sale of their personal data is a step toward a more rigorous law regarding data privacy.
Some data brokers let you remove your information from their websites. There are also extensive guides available online that list the method by which you can opt-out of some of the biggest data brokering firms. For example, a guide by Griffin Boyce, the systems administrator at Harvard University’s Berkman Klein Center for Internet and Society, provides detailed information on how to opt-out of a long list of data broker companies.
Acxiom, LLC is one of the largest data brokering firms and has collected data for approximately 68% of people who have an online presence. You can opt-out of their data collection either through their website or by calling them directly.
Epsilon Data Management is another big player in the data broker industry that operates as a marketing service and marketing analytics company. You can opt-out of their website through various methods such as by email, phone, and mail. Credit rating agencies like Experian and Equifax are also notorious for collecting your data. Similarly, you can opt-out through their websites or by calling them.
McAfee is a pioneer in providing online and offline data protection to its customers. We offer numerous cybersecurity services for keeping your information private and secure.
With regard to data brokers, we enable users to do a personal data clean-up. Cleaning up your personal data online may be a difficult task, as it requires you to reach out to multiple data brokers and opt out. Instead, sign up for McAfee’s Personal Data Cleanup feature to do a convenient and thorough personal data clean-up. We will search for traces of your personal data and assist in getting it removed.
The post How Data Brokers Sell Your Identity appeared first on McAfee Blog.
The World Wide Web, invented in 1989 by Tim Berners-Lee, has undoubtedly made our lives more convenient in so many ways.
For example, family road trips looked a lot different than they do today. Preteens were designated backseat navigators, with huge atlases spread across their laps, yelling “Turn left here! No wait, right!” Then, when you finally arrived at your destination, what was there to do? Time to poll the hotel concierge, gas station attendants, and grocery store clerks about the best places to visit and directions on how to get there.
Now, your car and phone can speak to you in a calm voice, guide you where you need to go, and tell you what to do once you get there. Life changing!
However, the Web also has made our lives more complicated in several ways. The number of cybercrimes — in variety and prevalence — seem to rise every day. Luckily, what has also become more sophisticated are our available tools to combat cybercriminals and protect our online information, privacy, and identity.
Here’s a look back at the evolution of cyberthreats and cyber-protection to commemorate World Wide Web Day and share some tips on how to use the Web safely and with confidence.
In the early days of the Web, viruses and malware caused many a desktop computer to fall into disrepair. Though, whenever anyone caught a virus of the cyber variety, they were never too surprised. That was usually the cost of illegally downloading music or videos or clicking on pop-ups from sites that were notorious for spreading malicious software.
Fast forward to today and viruses and malware have been disguised by phishing, a tactic where malicious software is hidden within legitimate-looking electronic correspondences (email, text, or direct message). People are now wise to which sketchy websites to avoid, so, to spread their malicious software, cybercriminals use false authority and play on people’s emotions to get them to click on dangerous links and divulge valuable personal information. Phishing can result in huge financial losses. One study calculates that companies lose $15 million annually to phishing.1 Here are a few tips to avoid falling for a phishing attempt and keep your family’s personal information safe:
In the 1990s, portable phones weren’t in everyone’s pockets. And the cellphones that were available to the public at a reasonable price certainly didn’t connect to the Web. The average person was concerned primarily with their desktop security. As long as users steered clear of malicious software, subscribed to an antivirus, and didn’t leave their password on a sticky note on their desk, they were likely to remain in the clear.
Today, homes have multiple connected devices, all of which require that people protect them with great cyber-habits, passwords, and technology. Even your smart home assistants are vulnerable to cyberthreats. Don’t worry though, there are plenty of easy things you can do every day to keep your family’s information and devices safe.
Starting with passwords: The best passwords and passphrases are the ones you don’t have to remember. Apple is actually trying to eliminate the need for typing in passwords, instead relying on biometric security measures, such as face facial recognition and fingerprint scanning.2 If your device doesn’t have these scanning capabilities, a password manager is an excellent way to safeguard your passwords to all your accounts. McAfee True Key guards your passwords with one of the strongest encryption algorithms available. On top of that, multi-factor authentication is another layer of security that stops thieves from stealing your passwords and trading them on the dark Web. With a password manager, you’ll never have to write down, reuse, or worry about forgetting your password and username combinations.
Next, a VPN for your mobile devices and desktop is another great shield against cybercriminals. A virtual private network hides your location data and makes it extremely difficult for public wi-fi eavesdroppers to track your movements on the Web. It’s a great practice to never connect any device to a public wi-fi connection without a VPN, especially if you’re online shopping, handling sensitive information, or banking online.
Finally, another key tool in ensuring your mobile and desktop security is knowing where you stand: How protected are you? What are some habits you should improve? How can you constantly monitor your safety and be in the know when your status changes? The answer: McAfee Protection Score. This unique service scans your wi-fi connection, the dark Web, and data breach records for threats to your personally identifiable information (PII) and connected device. Then, the software recommends ways to improve your security, in turn boosting your score. It’s a quick and visual way to evaluate your habits and make sure you’re doing everything you can to protect your connected family.
In the infancy of the World Wide Web, identity theft via the internet wasn’t really a thing. Mostly, identities and PII were stolen through discarded mail, overheard conversations, or stealing someone’s physical wallet.
Identity theft is a major concern. Cybercriminals are becoming smarter and more determined to release PII on the dark Web for profit. Phishing, social media snooping, data breaches, and hacking are common modern ways criminals steal valuable personal information, in addition to low-tech dumpster diving and wallet theft. With your full name, birthdate, and Social Security Number, criminals can cause severe damage to your credit that could take years and a large investment to repair.
Some tips to avoid being a victim of identity theft is to improve your phishing detection skills, avoid oversharing on social media, delete old accounts you don’t use anymore and know how to identify the signs of identity theft. An identity monitoring service, like McAfee Advanced Protection, is your all-in-one privacy and identity protection service for your digital life. It covers you for $1 million in identity theft coverage and restoration. Plus, the service includes all the important tools outlined above: antivirus, VPN, password manager, and Protection Score.
The Web, not to be confused with the internet, is the collection of pages that one can access using the internet. You likely use it every day, thus it’s key to navigate it safely and with confidence. The Web has come a long way, and in a decade, it’s likely to look completely different than it does right now. The key is to be adaptable and careful and have the right tools to help you fill in the gaps.
1Ponemon Institute, “The 2021 Cost of Phishing Study”
2CNET, “Apple Is Trying to Kill Passwords With Passkeys Using Touch ID and Face ID”
The post Celebrate World Wide Web Day: The Evolution of Web Safety appeared first on McAfee Blog.
If you’re the parent of a tween or teen, chances are they’re not the only ones going back to school. Their smartphones are going back too.
Our recent global research showed just how many tweens and teens use a smartphone. Plenty. Depending on the age band, that figure ranges anywhere from 76% to 93%, with some noteworthy variations between countries.
One of the top reasons parents give their child a phone is to stay in touch, so it likely follows that those phones will likely make their way into the classroom. Whether or not that’s the case for your child, back-to-school time is still a great time to help your child stay safer on their phone—and keep their phones safer too in the event of loss or theft.
Comprehensive online protection software can protect your phone in the same way that it protects your laptops and computers. Unfortunately, while many people use it on their laptops and computers, far fewer people use it on their phones—only about 42% of tweens and teens worldwide use it on their smartphones according to our most recent research.
Installing it can protect their privacy, keep them safe from attacks on public Wi-Fi, and automatically block unsafe websites and links, just to name a few things it can do. You can find our smartphone apps in both Google Play and the Apple App Store.
Updates do all kinds of great things for gaming, streaming, and chatting apps, such as adding more features and functionality over time. Updates do something else—they make those apps more secure. Hackers will hammer away at apps to find or create vulnerabilities, which can steal personal info or compromise the device itself. Updates will often include security improvements, in addition to performance improvements.
iPhones update apps automatically by default, yet you can learn how to turn them back on here if they’ve been set to manual updates. For Android phones, this article can help you set apps to auto-update if they aren’t set that way already.
Much the same goes for the operating system on smartphones too. Updates can bring more features and more security. iOS users can learn how to update their phones automatically in this article. Likewise, Android users can refer to this article about automatic updates for their phones.
Another finding from our latest global research is just how few people use a lock screen on their phones. Only 56% of parents said that they protect their smartphone with a password or passcode, and only 42% said they do the same for their child’s smartphone—a further 14% drop between parents and kids.
The issue here is clear. If an unlocked phone gets lost or stolen, all the information on it is an open book to a potential hacker, scammer, or thief. Enabling a lock screen if you haven’t already. It’s a simple feature found in both iOS and Android devices.
Preventing the actual theft of your phone is important too, as some hacks happen simply because a phone falls into the wrong hands. This is a good case for password or PIN protecting your phone, as well as turning on device tracking so that you can locate your phone or even wipe it remotely if you need to. Apple provides iOS users with a step-by-step guide for remotely wiping devices, and Google offers up a guide for Android users as well.
Strong, unique passwords offer another primary line of defense. Yet with all the accounts we have floating around, juggling dozens of strong and unique passwords can feel like a task—thus the temptation to use (and re-use) simpler passwords. Hackers love this because one password can be the key to several accounts. Instead, try a password manager that can create those passwords for you and safely store them as well. Comprehensive security software will include one, and McAfee also offers a free service with True Key.
Google Play and Apple’s App Store have measures in place to review and vet apps to help ensure that they are safe and secure. Third-party sites may not have that process in place. In fact, some third-party sites may intentionally host malicious apps as part of a broader scam. Granted, cybercriminals have found ways to work around Google and Apple’s review process, yet the chances of downloading a safe app from them are far greater than anywhere else. Furthermore, both Google and Apple are quick to remove malicious apps once discovered, making their stores that much safer.
One way that crooks can hack their way into your phone is via public Wi-Fi, such as at coffee shops, libraries, and other places on the go. These networks are public, meaning that your activities are exposed to others on the network—your banking, your password usage, all of it. One way to make a public network private is with a VPN, which can keep you and all you do protect from others on that Wi-Fi hotspot. Note that our VPN can turn on automatically for public Wi-Fi, protecting account credentials, search habits, and other activities online.
The same advice applies for these devices as well—strong online protection software, password management, VPN usage, and so on. What’s good for a smartphone is good for laptops and desktops too.
For laptops in particular, you can track these devices as well, just like a smartphone. The process differs from smartphones, yet it’s still quite straightforward. Windows and Mac users can enable the following settings—and you can click the links below for complete instructions from the source:
Putting these same protections in place on your laptops and desktops will help make your child, and your whole family, safer than before.
Note that on school-issued devices, your school district will likely have technology teams who manage them. As part of that, they typically have policies and restrictions in place to help keep them running safe and sound. If you have any questions about what kind of protections are in place on these school-issued devices, contact your school district.
While we’ve largely focused on protecting the phone itself, there’s also the importance of protecting the person who’s using it. In this case, your child—what they see, do, and experience on the internet. Device security is only part of the equation there.
Parents of tweens and teens know the concerns that come along with smartphone usage, ranging anywhere from cyberbullying, too much screen time, and simply wanting to know what their child is up to on their phone.
As you can imagine, each of these topics deserves its own treatment. The “Family Safety” section of our blog offers parents and their kids alike plenty of resources, and the list below can get you started on a few of the most pressing issues:
Without a doubt, while a child may get their first smartphone to “keep in touch,” that ownership blossoms into something far greater. And quite quickly. As they dive into the world of apps, social media, messaging, and gaming, take an interest, take it as an opportunity to spend time talking about their day and what it was like online.
By asking if they grabbed any cool pictures, what their favorite games are, and how their friends are when your child is texting them, questions like these can open a look into a world that would otherwise remain closed. This way, talking about the phone and what they’re doing on it becomes part of normal, everyday conversation. This can reap benefits down the road when your child encounters the inevitable bumps along the way, whether they’re dealing with a technical issue or something as difficult as cyberbullying or harassment. Talking about their life online on a regular basis may make them more apt to come forward when there’s a problem than they otherwise might.
In all, think of the smartphone as a fast pass into adulthood, thanks to how it puts the entirety of the internet right in your child’s hand. Protecting the device and the kid who’s using it will help ensure they get the absolute best out of all that potential.
The post Getting Your Kids Ready for School—And Their Smartphones Too appeared first on McAfee Blog.
Authored by Dexter Shin
McAfee’s Mobile Research Team has identified new malware on the Google Play Store. Most of them are disguising themselves as cleaner apps that delete junk files or help optimize their batteries for device management. However, this malware hides and continuously show advertisements to victims. In addition, they run malicious services automatically upon installation without executing the app.
They exist on Google Play even though they have malicious activities, so the victim can search for the following apps to optimize their device.
Users may generally think installing the app without executing it is safe. But you may have to change your mind because of this malware. When you install this malware on your device, it is executed without interaction and executes a malicious service.
In addition, they try to hide themselves to prevent users from noticing and deleting apps. Change their icon to a Google Play icon that users are familiar with and change its name to ‘Google Play’ or ‘Setting.’
Automatically executed services constantly display advertisements to victims in a variety of ways.
These services also induce users to run an app when they install, uninstall, or update apps on their devices.
To promote these apps to new users, the malware authors created advertising pages on Facebook. Because it is the link to Google Play distributed through legitimate social media, users will download it without a doubt.
This malware uses the Contact Provider. The Contact Provider is the source of data you see in the device’s contacts application, and you can also access its data in your own application and transfer data between the device and online services. For this, Google provides ContactsContract class. ContactsContract is the contract between the Contacts Provider and applications. In ContactsContract, there is a class called Directory. A Directory represents a contacts corpus and is implemented as a Content Provider with its unique authority. So, developers can use it if they want to implement a custom directory. The Contact Provider can recognize that the app is using a custom directory by checking special metadata in the manifest file.
The important thing is the Contact Provider automatically interrogates newly installed or replaced packages. Thus, installing a package containing special metadata will always call the Contact Provider automatically.
The first activity defined in the application tag in the manifest file is executed as soon as you install it just by declaring the metadata. The first activity of this malware will create a permanent malicious service for displaying advertisements.
In addition, the service process will generate immediately even if it is forced to kill.
Next, they change their icons and names using the <activity-alias> tag to hide.
It is confirmed that users have already installed these apps from 100K to 1M+. Considering that the malware works when it is installed, the installed number is reflected as the victim’s number. According to McAfee telemetry data, this malware and its variants affect a wide range of countries, including South Korea, Japan, and Brazil:
This malware is auto-starting malware, so as soon as the users download it from Google Play, they are infected immediately. And it is still constantly developing variants that are published by different developer accounts. Therefore, it is not easy for users to notice this type of malware.
We already disclosed this threat to Google and all reported applications were removed from the Play Store. Also, McAfee Mobile Security detects this threat as Android/HiddenAds and protects you from this type of malware. For more information about McAfee Mobile Security, visit https://www.mcafeemobilesecurity.com
| App Name | Package Name | Downloads |
| Junk Cleaner | cn.junk.clean.plp | 1M+ |
| EasyCleaner | com.easy.clean.ipz | 100K+ |
| Power Doctor | com.power.doctor.mnb | 500K+ |
| Super Clean | com.super.clean.zaz | 500K+ |
| Full Clean -Clean Cache | org.stemp.fll.clean | 1M+ |
| Fingertip Cleaner | com.fingertip.clean.cvb | 500K+ |
| Quick Cleaner | org.qck.cle.oyo | 1M+ |
| Keep Clean | org.clean.sys.lunch | 1M+ |
| Windy Clean | in.phone.clean.www | 500K+ |
| Carpet Clean | og.crp.cln.zda | 100K+ |
| Cool Clean | syn.clean.cool.zbc | 500K+ |
| Strong Clean | in.memory.sys.clean | 500K+ |
| Meteor Clean | org.ssl.wind.clean | 100K+ |
SHA256:
Domains:
The post New HiddenAds malware affects 1M+ users and hides on the Google Play Store appeared first on McAfee Blog.
We all love to spend time surfing the web — whether we’re shopping, paying bills, or reacting to funny memes. The internet has also allowed many of us to keep working from home even during the pandemic.
The internet is great, but the best way to keep enjoying it is to know where and how bad actors can pop up in our computer systems.
One way is through the use of ransomware, which is a type of malware that threatens users with blocked access or doxing (exposing personal information) if they don’t pay money to the cybercriminals who sent the malicious software.
We’ll explain what ransomware is, how it works, and how to defend against it so you can stay one step ahead and continue enjoying life online.
Ransomware is malware that uses encryption to hold your information at ransom. This might mean you can’t access critical data in files, databases, or applications. The cybercriminal will then usually demand a ransom to provide access.
Often, ransomware includes a deadline to add a sense of urgency to the threat. Typical ransomware attacks might suggest that your data will be lost or published on the web for the world to see if you don’t pay. Ransom demands generally ask for payment in Bitcoin or some other form of cryptocurrency, where transactions are less regulated and traceable.
Unfortunately, ransomware is often designed to spread across a network and target database and file servers — quickly paralyzing an entire organization. Ransomware attacks represent a growing problem, generating billions of dollars in payments to cybercriminals and inflicting damage and expenses for businesses and governmental organizations.
However, if you have a basic understanding of how ransomware works, you can take steps to protect yourself.
Ransomware uses asymmetric encryption, which uses a mixture of symmetric and asymmetric encryption methods to make it more difficult to decrypt ransomed data files. Put simply, cybercriminals using asymmetric encryption generate a public key to encrypt files and a separate but private key to decrypt the same files. As a result, the victim has to rely on the hacker for the decryption key — for a price, of course — because the private key to decrypt the files is stored on the attacker’s server.
The attacker then makes the private key available to the victim only after the ransom is paid, although this isn’t always the case, as seen in recent ransomware campaigns. Without access to the private key, it can be difficult to decrypt the files being held for ransom.
Many forms of ransomware exist. Often, ransomware (and other malware) is distributed using email spam campaigns or through targeted attacks. Malware needs an attack vector, which is how a cybercriminal gains access to a device to deliver malicious software. This might take the form of an email attachment, webpage, pop-up window, or even instant message. After malware establishes its presence, though, it’ll stay on the system until it finishes its task.
After a successful exploit, ransomware drops and executes a malicious binary on the infected system. This binary then searches and encrypts valuable files, such as Microsoft Word documents, images, databases, and so on. The ransomware may also exploit system and network vulnerabilities to spread to other systems and possibly across entire organizations.
Once files are encrypted, ransomware prompts the user for a ransom to be paid within 24 to 48 hours to decrypt the files, or they’ll be lost forever. If a data backup is unavailable or those backups are encrypted, the victim might have to pay the ransom to recover their personal files.
Cyberattacks, including different types of ransomware, occur and evolve all the time, but there are several ways to avoid them.
It all starts with looking to the past to protect your sensitive data in the future. In the next few sections, we’ll cover how hackers have engaged in extortion across computer systems over the years.
CryptoLocker was one of the earliest adopters of this type of malware — demanding a ransom payment in cryptocurrency for a user to get their data back. In fact, it was probably the first time many people had heard the term “ransomware.”
In 2013, CryptoLocker attacked through an email attachment that looked like the tracking notifications of shipping companies like UPS and FedEx. It resulted in more than 250,000 infected computer systems and up to $27 million in extorted money.
Although a decryption key has existed for CryptoLocker since 2014, it can still cause problems for users who may not recognize the presence of the ransomware before opening the attachment.
In 2017, Wannacry took the “worm” approach to ransomware, spreading across Windows PCs through shared networks. At the time, the ransomware turned everything on the computer into encrypted data, with the hackers threatening not to return the data until the ransom was paid (in this case, cryptocurrency). Estimates point to over 200,000 computers being infected around the world.
A killswitch was created to help operating systems infected with WannaCry, but the hacking group is still out there posing new threats.
The Kaseya ransomware attacks occurred on July 2, 2021, and led to an FBI response because this represented a global cybercrime event. In this instance, though, the ransomware group REvil made damaging use of vulnerabilities found in the on-premises software of Kaseya VSA. The hackers then demanded $70 million in Bitcoin.
The company managed many service providers, so the attack affected all of the downstream customers of those service providers. In fact, the malware attack may have affected around 1,500 organizations across the world.
The good news is that patches have now been developed for affected servers.
You might not immediately think of the world’s largest meat supplier as being one of the victims of ransomware, but that’s exactly what happened to JBS Foods.
Threatening to disrupt the food supply chain in May 2021, organized cybersecurity attacks by REvil targeted JBS’s North American and Australian plants, encrypting data that was then ransomed for over $11 million worth of Bitcoin by the company.
On May 7, 2021, hackers made malicious use of a single leaked password belonging to a virtual private network (VPN) account associated with the Colonial Pipeline Company.
Even though the breached account had been dormant for some time, it was still successfully used as an entry point to the Colonial network. The password to this account was linked to a batch of compromised passwords on the dark web, leading officials to believe it could have been an employee who re-used the same password for other accounts.
This major cybersecurity event showcases the ways that ransomware can set up camp inside computer systems without the use of phishing.
Being proactive is one of the best things you can do to safeguard against ransomware attacks. This means thinking ahead to what vulnerabilities may exist in your current computer network setup and addressing them before they’re used for cyber extortion.
There are several ways you can help reduce your exposure to cybercriminals by simply being alert to where they usually get in. The following sections offer information on how to set up the best possible defense against ransomware.
The best way to avoid the threat of being locked out of your critical files is to ensure that you always have backup copies of them, preferably in the cloud and on an external hard drive. This way, if you do get a ransomware infection, you can wipe your computer or device free and reinstall your files from backup. This protects your data, and you won’t be tempted to reward the malware authors by paying a ransom. Backups won’t prevent ransomware but they can help mitigate the risks.
Make sure your backup data isn’t accessible for modification or deletion from the systems where the data resides. Ransomware will look for data backups and encrypt or delete them so they can’t be recovered, so it’s important to use backup systems that don’t allow direct access to backup files.
Make sure all of your computers and devices are protected with comprehensive security software and keep all of your software up to date. Make sure you update your devices’ software early and often, as patches for flaws are typically included in each update.
Be careful where you click. Don’t respond to emails and text messages from people you don’t know and only download applications from trusted sources. This is important since malware authors often use social engineering to try to get you to install dangerous files.[Text Wrapping Break]
Avoid using public Wi-Fi networks since many of them aren’t secure and cybercriminals can snoop on your internet usage. Instead, consider installing a VPN like McAfee Secure VPN, which provides you with a secure connection to the internet no matter where you go.[Text Wrapping Break]
Keep current on the latest ransomware threats so you know what to look out for. In the case that you do get a ransomware infection and haven’t backed up all of your files, know that some decryption tools are made available by tech companies to help victims.
Ransomware attacks don’t have to spell disaster if you catch them in time and know what to do. If you suspect you’ve been hit with a ransomware attack, it’s important to act quickly.
Fortunately, there are several steps you can take to address ransomware issues quickly and have your computer systems return to business as usual in no time.
We’ve all spent more time online recently in the wake of the pandemic, and no one needs cybersecurity issues on their plates during this or any other time. The good news is that antivirus software is evolving rapidly and there are plenty of steps you can take to shield your computer systems from needless attacks like ransomware.
One surefire way to get peace of mind against hacker groups is to put your trust in the expert care of Total Protection services from McAfee. All of our plans come with a private VPN, antivirus protection, and safe-browsing features. This means you can live your connected life free from threats like ransomware, malware, and more.
With multiple affordable plans, there’s a McAfee protection plan for every person. It’s a small price to pay for staying one step ahead of ransomware attacks.
The post What Are Ransomware Attacks? An In-Depth Guide appeared first on McAfee Blog.
Ever hear of a crime called skimming? It may not be as dramatic a crime as assault or Ponzi schemes, but it can cause significant problems to you as your savings account can be wiped out in a flash.
Picture a scrawny nerd tampering with an automated teller machine (ATM)—the machine you use with your debit card to get cash. The thief places a device over the slot through which you slide your debit card. You have no idea it’s there. You swipe your card, and the device “skims” or reads your card’s information. In the middle of the night, the thief creeps back, removes the skimming device, downloads your data, burns it to a blank ATM card, makes a fat withdrawal and goes home with the loot. Or they could download your information from the skimmer and then use your information to make online purchases or access your account. Either way, they could clean you out before you wake up next morning!
Now, to be successful, the criminal not only needs a skimming device, they also need to attach a tiny wireless camera to capture your PIN. These cameras are usually concealed in the lighting fixture above the keypad, in a brochure near the machine, or attached directly to the ATM.
To protect yourself from being skimmed, and generally staying safe when using your debit or credit cards, follow these tips:
Stay safe from skimming!
The post What is ATM Skimming? appeared first on McAfee Blog.
Smartphones and personal computers have enhanced our lives in so many ways that it can be hard to even imagine a world without them. The internet is an awesome place with endless opportunities and possibilities, but it’s also home to some seedy characters that can expose us to certain risks, like malvertising.
Malvertising, which is short for malicious advertising, attacks and compromises systems by spreading advertisements injected with malicious code. Legitimate advertising networks can then display these malicious advertisements without even knowing they’re infected.
In this article, we’ll take a closer look at what malvertising is and what you can do to secure your data and keep your information safe online. We’ll also provide some examples so you can fully understand how malvertising might be used.
Having a thorough understanding of malvertising is the first step toward keeping the internet a safe place for you and your family.
Since malvertising disguises malicious code inside legitimate online advertising, ad networks may find it hard to stop malvertising from appearing as legitimate ads.
Viewing malvertisements can put your personal information at risk, such as your identification information, contact details, and financial data. It can also alter or delete your information, hijack your computer functions, spy on your computer activities, and steal your data. And this all can happen without your knowledge.
The type of risk, though, depends on the programs that the malvertising successfully downloads onto your device. These programs can include:
Cybercriminals use various methods to inject infected code into online ads. Below are some examples of the types of malvertising that can pose a risk to your cybersecurity and exploit vulnerabilities on your devices.
Even highly reputable and popular websites, such as The New York Times, the BBC, Spotify, and AOL, have been targeted in the past by malicious ads, putting billions of visitors at risk. Any website can become a target.
Malvertising is often confused with ad malware. Both are forms of malware and involve infected advertisements, but they’re fundamentally different.
Malvertising uses malicious code that can cause harm to anyone viewing the infected advertisement, while adware is used to target individuals by forcing ads onto their devices to generate clicks. Users can get bombarded with pop-up ads, which can affect their devices. Adware also collects browsing information to sell to advertisers. This is often referred to as browser hijacking.
How to avoid malvertising as a web user
Taking the necessary steps to protect your online activities and personal identifying information can help shield you from malvertising attacks. Massive volumes of online ads are displayed every day, so it’s never been more important to safeguard yourself against any shady activity on the internet.
Taking a few steps can help you avoid malvertising and minimize your risk of identity theft.
With so much sensitive information being shared online, it’s never been more important to take the necessary steps to help keep your data and privacy safe.
McAfee Total Protection services can help increase cybersecurity on your devices and keep your identity private from hackers. We offer all-in-one protection so you can get the peace of mind you deserve while enjoying the internet.
All products include identity monitoring, automated privacy using a virtual private network (VPN), a password manager, a firewall, and much more. We also offer identity restoration assistance and up to $1 million in identity theft coverage to help relieve the burden of data breaches.
Get comprehensive identity protection from McAfee and get back to surfing the internet with confidence.
The post What Is Malvertising and How Do You Avoid It? appeared first on McAfee Blog.
Sextortion is something no parent wants to think could happen to their child, nor a topic most of us would ever imagine we’d need to discuss in our homes. However, according to the latest FBI reports, sextortion is a digital threat to children that, woefully, is on the rise.
According to the FBI, there has been a considerable increase lately in sextortion cases involving children and teens being coerced by adults online.
A sextortion scenario can emerge in several ways. Most often, it occurs when an adult (posing as a peer) engages in casual conversation with an underage child, gains their trust through online conversation, then pressures or threatens the child into sharing sexual photos or videos of themselves.
In some cases, the initial contact with the criminal will be a threat. The person may claim to already have a revealing picture or video of a child that they threaten to share if the victim does not send more pictures.
According to the FBI, this crime more often starts when young people believe they are communicating with someone their age who is interested in a relationship or with someone who is offering something of value. This catfish (false profile) relationship usually involves the predator using gifts, money, flattery, lies, or other methods to get a young person to produce an image.
These dangerous conversations can be initiated through text, a social or chat app, a gaming site, or any number of digital connection points.
After a criminal successfully obtains a photo or video from their victim, the threats can escalate to promises to publish the content or even hurt the child if they don’t send more. This emotionally harrowing situation can ignite shame, fear, and confusion in children who may be too embarrassed to ask for help or report the abuse.
While these criminals rarely request to meet their victims face-to-face, the emotional and physical impact of sextortion can be devastating to a child. According to the FBI, some victims report abusers who become vicious with non-stop harassment and threats. Victims can feel scared, alone, embarrassed, and increasingly desperate. Sadly, as reported in the news, this type of crime can leave some children feeling like they have no way out of the situation.
If you are a parent or caregiver, explain to your child how sextortion can happen to anyone online and why it’s important to only connect with known friends and family. Parents: Consider boosting your device security with parental controls that filter content, report your child’s online activity, and reveal potential problems.
Some essential safety protocols kids should follow online are worthy of repeating. They are:
1) Make social accounts private, don’t share personal information, and only connect with known friends
2) Ignore and block messages from strangers
3) Keep your guard up. People can pretend to be anyone online, and photos can be altered
4) Be suspect if anyone asks you to message or text with them privately
5) Never share risky photos with anyone online—even a trusted friend
6) Tell someone immediately if someone is threatening you online.
With your child, go through their apps, social networks, chats, gaming communities, and friend groups and do some editing, defriending, and blocking. Make sure both you and your child know and trust all their online connections. Remember: Open communication and an honest relationship with your child are the most powerful tools you have to keep your child safe online.
A sextortion situation for a child can be incredibly confusing and cause them to isolate and avoid telling anyone about it. Remind and be clear with your child that they would never be in trouble for coming to you with any problem. Let them know that sextortion is a crime for the perpetrator and that they have not broken any laws by sending photos (despite what an abuser might have told them).
Victims of sextortion should go to a parent or trusted adult and tell them they need help. While doing this can feel terrifying, it’s crucial for victims to know people understand and want to help. For parents and caregivers, contact the FBI at 1-800-CALL-FBI or report the crime online at tips.fbi.gov.
While the bad actors online are out to exploit and ruin our digital spaces, it’s important to maintain a healthy perspective rather than responding with fear. Remind your kids that there’s an army of people even more dedicated than the criminals; people like the FBI who are out to stop online crime and keep the internet safe for families. Additionally, as a parent or caregiver, your commitment to helping your family stay informed, equipped, and empowered online is how we all win.
The post Sextortion: What Your Kids Need to Know appeared first on McAfee Blog.
Our How I Got Here series spotlights the stories of team members who have successfully grown their career here at McAfee. This journey features Gayatri who kicked off her second career at McAfee after leaving her role and returning to further education.
McAfee truly kicked off my second career journey! I previously worked as a Software Engineer before I joined the McAfee Pre-sales Operations team as a summer intern as part of my business graduate program. One thing led to another, and I joined McAfee full-time as a Technical Project Analyst after I graduated later that year!
I’ve always believed in having a growth mindset, I embrace learning and looking for ways to build on my achievements. I’m proud to be part of an organization that nurtures this and helps you pursue your passions. For example, in 2019 I moved from a team focused on products and services for large businesses to a team focused on individual consumers. The needs of consumers versus big businesses are very different, so the business operations work supporting that focus are very different as well. It was a steep learning curve, but I felt supported every step of the way, and since then have grown so much!
Back in 2011, I was a software engineer spending my days doing programming and web development. While I was happy doing that, it was after working on many client-facing projects that I aspired to work at the intersection of business and technology. So, I left engineering and went to business school.
Taking a break from my full-time job to pursue formal business education in a new country was a big step outside my comfort zone. It was challenging to find balance, but the journey was worth it!
Today, I am a Sales Enablement and Operations Manager supporting sales teams all over the world. My focus areas include managing platforms and tools like Salesforce, Power BI, and SharePoint Sales Portal, as well as our department’s training and enablement programs – in other words, technology and professional development that help our team members be successful. Plus, I’m a key team member for an array of programs and projects that are pushing the business forward.
My work is highly collaborative, and I really enjoy working on projects with colleagues across different departments all over the world. I get to see the bigger picture, better understand the business context, and see the WHY behind the initiatives we drive.
From business projects to being a part of the McAfee WISE (Women in Security) Board, it’s the people, culture, and opportunity that sets McAfee apart. I love working with the amazing people at McAfee!
Underlying it all: Working at McAfee matters because ultimately what we do helps protect lives of millions of people online.
I have come to realize that the pain of staying the same is greater than the pain of changing and growing. Develop a growth mindset to keep moving forward!
The post Kicking off my Second Career: Gayatri’s McAfee Journey appeared first on McAfee Blog.
There’s no denying that the internet fills a big part of our days. Whether playing, working, or studying, we rely on staying connected. But just as there’s a lot of good that comes with the internet, it can also make us susceptible to cybercriminals.
This is especially true if you’re using your phone on public Wi-Fi. Anyone with access to the public network can see your online activity, including hackers.
Fortunately, by keeping your personal information and data secure, you can continue to live your best life online. Advanced security and privacy tools like virtual private networks (VPNs) can shield your identity online, allowing you to browse online without worrying about hackers.
In this article, we’ll show you how to set up a VPN on your Android device manually or use a VPN app like McAfee’s Safe Connect VPN.
Using a VPN with your Android phone can be a smart move that allows you to live a fully connected life without risking catching the eyes of cybercriminals.
A VPN essentially hides your online presence and encrypts your information so that no one can steal sensitive data, like credit card details and passwords. It maximizes privacy and safety by sending your encrypted information through a tunnel to VPN servers in various locations globally. It’s so effective that not even your internet provider, search engine, or other third parties can take a peek at your data.
If you like video streaming on your smartphone but often run into geo-restricted content, you’ll also find a VPN useful. It changes your IP address, allowing you to access blocked content on platforms like YouTube and Netflix.
If you have an Android smartphone, you can use its built-in VPN client or legacy VPN. The integrated VPN uses several protocol suites, including PPTP, L2TP, and IPSec, to deliver a secure internet connection.
However, you’ll have to configure the built-in VPN manually, which can be hard. So, if you’re not that tech-savvy, a VPN app can be a good option. McAfee Security for Mobile is one such app available on the Google Play Store.
You might also want to opt for an app when:
Depending on your connection requirements and tech skills, we’ll walk you through how to set up your VPN manually or through an app.
Setting up a VPN manually by adjusting the VPN settings is one way to get the job done. This approach allows you to connect your device to a VPN server by entering configuration details.
You can set up the VPN manually via the user interface (UI) on your Android phone. The UI plays a big role in setting up and controlling the VPN solution. When the VPN is active, your mobile device system notifies you through the home screen.
To get your VPN up and running on your Android operating system, you’ll need to find the “Settings” menu on your device.
If you want to set up a VPN quickly and easily, your best bet is to install a VPN app on your mobile device. For instance, you can simply download McAfee’s Mobile Security app from the Google Play Store and register an account, allowing you to log in and start enjoying full protection.
Once you choose a VPN provider and sign up for a subscription plan (if paid), you’re ready to set up your VPN using the Android app. While the setup process can differ slightly depending on the VPN, here’s the process for setting up McAfee’s Safe Connect VPN app:
Now that you know about various steps to install a VPN on an Android device, consider investing in the award-winning McAfee Mobile Security App. This service comes with useful security tools for browsing the net on mobile devices and privacy protection for your Wi-Fi network. You can count on the award-winning software to secure your phone and the data it sends over the internet.
In addition to keeping your connection private, the software detects unwanted visitors and malicious apps. McAfee Mobile Security integrates an antivirus VPN that scans your device for cyberthreats and neutralizes them. The software delivers robust protection against evolving threats and gives you peace of mind.
Start protecting your digital life and securing your network traffic by signing up for McAfee Security for Mobile today.
The post How to Set Up a VPN on an Android in 2022 appeared first on McAfee Blog.
Your smartphone comes with built-in location services, which are useful if you lose it or if you use an app that needs to know your location. But what if you don’t want your phone to be tracked? Can the phone be located if you turn off location services? The answer is yes, it’s possible to track mobile phones even if location services are turned off.
Turning off the location service on your phone can help conceal your location. This is important if you don’t want third parties knowing where you are or being able to track your movement. However, a smartphone can still be tracked through other techniques that reveal its general location.
This article explains how your phone can be tracked and what you can do to enhance your mobile security.
Whether you have an iOS or Android phone, there are ways it can be tracked even if location services are turned off. You may have used some of these yourself to find a lost or stolen phone. For example, the Find My iPhone app uses Bluetooth to help you find an iPhone even if it’s offline.
If you have an Android phone and the Find My Device app, you can log in to your Google account and use Google Maps to check your phone’s location history.
Here are four ways that your phone could be tracked:
The United States has more than 307,000 cell towers. When you use your phone, signals travel back and forth to the nearest cell tower. Cell carriers can calculate the general area of your phone by measuring the time it takes for a signal to travel back and forth.
Carriers use cell tower triangulation for a more accurate reading, which combines location data from three cell towers. This technology was developed to help 911 operators locate callers. It pinpoints the phone’s location within a 300-meter area.
A smartphone that has Wi-Fi enabled communicates with nearby Wi-Fi networks even if it’s not connected to one. Your device automatically scans Wi-Fi access points nearby and notes the signal strength.
When using public Wi-Fi, the provider commonly asks you to agree to location tracking. That Wi-Fi provider will then record your location whenever you’re in range of one of its hot spots.
To use public Wi-Fi while protecting your privacy, it’s a good idea to connect with a VPN like McAfee’s Safe Connect VPN. This software protects your data using bank-grade encryption to keep your online activity private. The VPN also keeps your IP address and physical location private.
Cell site simulators — otherwise known as stingrays— mimic cellphone towers. They trick your phone into pinging it, transmitting its location, and identifying information. Stingrays cause cellphones to connect to them rather than to legitimate cell towers by transmitting a stronger signal than that from the cell towers.
Law enforcement officers often use stingrays to locate and track the movement of potential suspects. While attempting to connect to a specific individual, stingrays connect data from all phones in the vicinity of the device.
A device that is infected with malware or spyware can track your location even if your location settings are turned off. Malware can also record your online activities, allow cybercriminals to steal personal information, or slow down your operating system.
To help protect your mobile device, consider getting a comprehensive security tool like McAfee Security for Mobile. It works for both Android and iOS devices and comes with an antivirus app that scans for threats and malware and blocks them in real-time.
While many reasons for tracking a phone’s location information are benign — such as seeing where a loved one might be — scammers and hackers may track phones in an attempt to steal personal data.
Luckily, some telltale signs can help you spot whether your phone is being tracked.
When your phone has spyware, the program continuously runs in the background and drains your battery. A battery that is losing power faster than normal is either due to an old battery or spyware.
Check your battery health to see if it is still strong. If you use an iPhone, follow these steps to check battery health. You’ll see a maximum capacity score that shows your battery power compared to when it was new. An older phone with a battery capacity of 75% could explain why your battery loses power throughout the day. If your battery capacity is 95% or 100% and it drains quickly, however, a virus could be to blame.
It’s a slightly different process to check the battery health on an Android device. Depending on the phone brand, you may need to download an app.
Using apps with high processing demands can cause your mobile device to heat up. A spyware app that tracks your device’s location will use GPS, which causes the phone to work harder and overheat. If you’re using your smartphone normally and it overheats, it could be a sign of malware.
If there are unfamiliar apps on your phone, someone may have tampered with it. The mystery app could be spyware.
If your phone launches activities that you didn’t initiate, an app might be running in the background. In some cases, malware needs to reboot your phone to install updates or change the phone’s settings.
A phone that automatically restarts lights up for no reason or makes noises during calls or texts could be infected with malware.
Here are answers to some common questions about phone tracking.
A phone that is turned off is difficult to track because it stops sending signals to cell towers. However, the service provider or internet provider can show the last location once it’s switched back on.
Even without cell service, Android devices and iPhones can be tracked. Your phone’s mapping apps can track your phone’s location without an internet connection.
The GPS works in two ways: It uses Assisted GPS or A-GPS when you have a data connection. This uses the locations of cellphone towers and known Wi-Fi networks to figure out where you are. It also uses data from GPS satellites for more precise information. The A-GPS needs data service to work, but the GPS radio can receive satellite information without data service.
Yes, your phone can be tracked when it’s in airplane mode. While it does turn off Wi-Fi and cellular services, airplane mode doesn’t turn off GPS (a different technology that sends and receives signals from GPS satellites). You’ll have to disable GPS on your device and turn on airplane mode to prevent your phone from being tracked.
Understanding how your phone can be tracked can help you protect your privacy. For greater peace of mind, though, it can help to have a mobile security tool like McAfee Security for Mobile to keep your Android or Apple device free from spyware.
Our all-inclusive mobile security tool safeguards your digital life by offering safe browsing, a secure VPN, and antivirus software. It actively protects you from malicious apps, like spyware, and unwanted visitors.
With a dedicated mobile security app, you can use your phone the way you want without worrying about cybercriminals tracking your information.
The post Can My Phone Be Tracked If Location Services Are Off? appeared first on McAfee Blog.
Our How I Got Here series spotlights the stories of team members who have successfully grown their careers here at McAfee. This journey features Jeremy whose passion for learning has seen him grow his career in our Technology Services Team.
In 2015, I started as a contract worker to help manage network cabling in McAfee’s buildings. While I was doing that, I was also asked to help manage our voice network (think of this as phones and conference lines) for North and South America. A year after working in both of those roles, I was asked to focus on voice network engineering. After a couple of years, I began training as an engineer for our audio-visual workspace, which helps bring efficiency and centralization to our conference room communications and collaboration tools. And today, I am a Unified Communications Engineer!
My other role within McAfee is Co-President of the McAfee Veterans Community. I absolutely love the community of veterans from around the globe and our community allies. It’s a wonderful group of people who are always willing to serve their local communities. We have hosted inspiring guest speakers, and volunteer events, and continue to hold monthly virtual Coffee Talks and Happy Hours.
I don’t believe that I’ve ever had a typical workday. One moment I’m entering new employees into our systems, and the next I’m providing backend call-center support. I also help run our big Microsoft Teams live events. And, of course, I troubleshoot communications issues as they arise.
I truly enjoy working with the Technology Services team and especially the Voice and Video Team. Being able to collaborate with such wonderful teams is a really rewarding part of my role.
For about a decade in my previous role, I managed a team doing general upkeep in computer systems and I felt really comfortable doing that! I joined McAfee to do a similar role, but shortly afterward I was asked to pivot to more of an engineering role. It was a bit overwhelming at first, but luckily the team I was with was very helpful and supportive of my learning curve. Even though it was out of my comfort zone, I’m so glad I was given the opportunity – it has blessed mine and my family’s life!
To never stop learning. There is ALWAYS something to learn and someone who can mentor you. I believe that if you are surrounded by smart people (and pay attention), you can’t help but learn and grow! I absolutely love to learn, so this has been one of top of the reasons why I have loved my job since my very first day.
The post Don’t Stop Learning! Jeremy’s McAfee Journey appeared first on McAfee Blog.
A virtual private network (VPN) is a tool that hides your geolocation and protects your privacy while you’re online. It does this by creating an encrypted tunnel from your home network to a VPN provider’s server.
When you buy an internet plan, your internet service provider (ISP) gives your equipment (like your router and modem) an Internet Protocol (IP) address. Your IP address helps you communicate with the broader internet by letting a website you’re on know where data is coming from and where to send it.
In other words, your IP address lets online companies know where you are. Most online businesses store IP addresses for data analysis, but cybercriminals can use your IP to track your activity online, steal your personal information, and target you for scams.
A VPN reroutes your internet through a server address with a different IP than your own. That way, no one online can trace your internet activity back to you. A VPN also encrypts your internet data to protect your personal information.
VPNs aren’t just for desktop computers, though. All sorts of devices — from iPads to smart TVs — can benefit from a VPN connection. If you’re the type of person who handles your finances or does business online using a mobile device, it’s wise to get a VPN to protect yourself.
This article will show you how to choose and install a VPN on your iPhone.
Here are a few of the main ways getting a VPN like McAfee Safe Connect VPN can benefit you:
The best VPN for you depends on your situation and what you plan to do online.
You’ll need a VPN that’s compatible with all of your devices. Many VPNs work with Windows, Android, macOS, Linux, and iOS. However, not all VPNs are compatible with every operating system. For instance, if you have an iPhone but someone else in your home has an Android, it’s important to choose a provider with an app in the Apple App Store and the Google Play Store.
Consider which features you’ll need:
Be careful when choosing a VPN service, though. Some free VPN services will still pass along your information to ad agencies. If online privacy is your main goal, you’ll want to find a VPN that doesn’t store logs of your internet activity or pass along your data.
VPN protocols also matter, and they vary in speed and security. For example, Point-to-Point Tunneling Protocol (PPTP) is a fast protocol, but it’s not as secure as other protocols like OpenVPN or Wireguard. Some VPN providers will let you use multiple protocols.
Finally, look for a VPN that’s easy to use. Some VPNs have convenient features like virtual setup and intuitive interfaces that make using them easier. Some providers will even give you a free trial to test out the VPN before committing to it. Be sure your VPN network also has a reliable support team to help you if you ever have problems.
We’ll show you how to complete VPN setup on your iPhone in the next few sections.
Go to the Apple App store on your iPhone and find an app for the VPN provider you’ve chosen. Tap “Get” and “Install” or double-check to install the app on your phone.
Open the VPN app. Create an account with the VPN provider. Sign up for the service.
You’ll have to enter your passcode after creating your account to allow a change in your phone’s VPN settings and enable the VPN.
You might have to manually configure your VPN if you need access to a private network at a business or school. Here’s how to manually enable a VPN to work on your iPhone:
After you’ve enabled the VPN on your iPhone settings, you’ll have to activate it when you want to use it. Here’s how you can make your VPN active:
Be sure to turn off your VPN whenever you’re not using it so it doesn’t use up your battery. It’s especially important to turn off your VPN if you’re on a limited plan from your provider.
A VPN is a great tool for keeping your internet connection private. When you install a VPN on your iPhone, you can enjoy the internet from anywhere knowing that your personal information has an extra layer of protection against advertisers and hackers.
Whether you use an Android or an iOS device, though, McAfee can help you stay safe online. With McAfee Security for Mobile, you can access quality security tools like a VPN and safe browsing.
Our award-winning app allows you to connect safely and seamlessly to the digital world while keeping unwanted visitors from entering your digital space. Enjoy one of our most comprehensive security technologies while living your best life online.
The post How to Set Up a VPN on an iPhone in 2022 appeared first on McAfee Blog.
So much of our personal and professional lives are online — from online banking to connecting with friends and family to unwinding after a long day with our favorite movies and shows. The internet is a pretty convenient place to be! Unfortunately, it can also be a convenient place for cybercriminals and identity theft.
One way these scammers may try to take advantage of someone is by trying to convince them to give up their personal information or click on links that download things like malware. They might try to appear as a trustworthy source or someone you personally know. This fake online communication is called “phishing.”
As we’ve all heard before, knowledge is power. By understanding what phishing is, how it works, and the signs to look for, you can help minimize your risk and get back to enjoying the internet the way it was intended. Here’s what you should know.
You’ve probably heard of the term “phishing,” but maybe you don’t know what it means. Here’s a quick overview of how it works.
Phishing is a type of cybercrime where scammers send communications that appear to be from trusted sources like a major corporation — basically, they’re trying to play off people’s trust through what is known as social engineering. They might request sensitive information like passwords, banking information, and credit card numbers. Hackers may then use this information to access your credit cards or bank accounts.
The thing with phishing attacks, though, is that they can come through several platforms, including:
We’ve mentioned that phishers are looking to get sensitive information, but what exactly are they after? The kind of information phishing scams are after might include:
Phishing scams can come in many forms, but understanding the common types of phishing attacks can help you keep identity thieves at bay. Here are some to be aware of:
A phishing email is a fraudulent email made to look like it’s from a legitimate company or person. It may ask you to provide personal information or click on a link that downloads malware. For example, an email allegedly from Bank of America notes that due to suspicious activity, you should log into your bank account to verify your information.
Fortunately, there are ways to spot a phishing cyberattack like this.
While some phishing emails are sent to a broad audience, spear phishing emails target specific individuals or businesses. This allows the scammers to research the recipient and customize the message to make it look more authentic.
Examples of spear phishing emails include:
One of the best defenses against spear phishing is to contact the source of an email to verify the request. Call the colleague who’s asking you to do a wire transfer or log onto your Amazon account to check for messages.
For this highly customized scam, scammers duplicate a legitimate email you might have previously received and add attachments or malicious links to a fake website. The email then claims to be a resend of the original. Clicking a malicious link can give spammers access to your contact list. Your contacts can then receive a fake email that appears to be from you.
While clone phishing emails look authentic, there are ways to spot them. They include:
Through vishing or voice phishing, scammers call you and try to persuade you to provide sensitive data. They might use caller ID spoofing to make the call appear to be from a local business or even your own telephone number. Vishing calls are usually robocalls that leave a voicemail or prompt you to push buttons for an operator. The intent is to steal credit card information or personal and financial information to be used in identity theft.
Fortunately, there are signs that give away these attacks. They include:
If you’d like to avoid vishing calls, there are several things you can do. When you don’t recognize the number, don’t answer the phone. Let the call go to voicemail, then block it if it isn’t legitimate. Use a call-blocking app to filter calls coming to your cellphone. To block calls on a landline, check with your service provider regarding the services offered.
Dealing with a cybercriminal is no time to be polite. If you do answer a vishing call, hang up as soon as you realize it. Don’t answer any questions, even with a yes or no. Your voice could be recorded and used for identity theft. If they ask you to push a button to be removed from a call list, don’t do it. You’ll just receive more calls.
If you receive a voicemail and are unsure if it’s legitimate, call the company directly using the phone number on the company website. Don’t call the number in the voicemail.
If you’ve ever received a text pretending to be from Amazon or FedEx, you’ve experienced smishing. Scammers use smishing (SMS phishing) messages to get people to click on malicious links with their smartphones. Some examples of common fraudulent text messages include:
If you receive a smishing text, don’t respond because it’ll cause you to receive more texts. Instead, delete the text and block the number.
Pop-up phishing occurs when you’re on a website and a fake pop-up ad appears. It encourages you to click a link or call a number to resolve the issue. Some of these reload repeatedly when you try to close them or freeze your browser.
Common pop-up scams include:
If you see a scam pop-up ad, don’t click on the ad or try to click the close button within the ad. Instead, close out of the browser window. If your browser is frozen, use the task manager to close the program on a PC. On a Mac, click the Apple icon and choose Force Quit.
Being online makes us visible to a lot of other people, including scammers. Fortunately, there are things you can do if you become a victim of phishing — allowing you to get back to enjoying the digital world. They include:
You deserve to live online freely. But that might mean taking steps to protect yourself from phishing attempts. Here are some ways you can improve your cybersecurity and keep scammers at bay:
You don’t have to stop enjoying the internet just because of phishing attempts. McAfee’s identity theft protection services, including antivirus software, make it possible to enjoy your digital world while staying safe from scammers and identity thieves.
With 24/7 active monitoring of your sensitive data, including up to 60 unique types of personal information, McAfee is all about proactive protection. This means you’ll be alerted 10 months sooner than our competitors — so you can take action before your data is used illegally. We also provide up to $1 million of ID theft coverage and hands-on restoration service in the case of a data breach.
The best part is that you can customize a package to meet your needs, including virus protection, identity theft monitoring, and coverage for multiple devices. We make it safer to surf the net.
The post What Is Phishing? appeared first on McAfee Blog.
FreshRSS 