Login
Your phone is likely a daily companion, giving you access to work emails, chats with friends, weather reports, and more — all in the palm of your hand. You can also use your phone for browsing online, looking up everything from your favorite recipes to your most-read media webpages.
While being able to browse whenever and wherever you want is convenient, you might prefer that your phone doesn’t save all your online searches. For example, if you frequently let other people use your phone, you may not want them to have access to a history of your Google searches. In this case, you can use private browsing or “incognito mode.”
This allows you to browse online without leaving any trace of your browsing activity on your mobile phone. Configuring your phone to use incognito mode can give you greater confidence while surfing online, as you’ll enjoy the peace of mind that comes with knowing your browser history isn’t recorded on your device.
This article explains what incognito mode is and how you can set it up on your mobile phone.
Incognito mode allows you to browse online without leaving certain data on the device you’re using. Also referred to as private browsing mode, it makes sure there’s no record of your search engine history, websites you visited, and even login details (and related passcodes) on that device.
As soon as you close the incognito web browser window, any cookies are erased and all these details disappear instead of being saved.
That said, if you leave an incognito browser window open on your phone — and then hand your phone to someone else — they’ll be able to see the activity. So, if you want to make the most of incognito mode, make sure to close the browser window after every surfing session.
Further, if you actively bookmark a page, it will be saved — even if you’re in incognito mode. Read on for some more caveats surrounding incognito mode and the extent of privacy it gives you.
It’s important to note that incognito mode or private browsing mode is a device-specific privacy measure. It makes sure that your search and web browsing history isn’t visible on the device itself.
However, your traffic and activity are both still visible to third parties beyond your device, such as your network admin, internet service provider (ISP), and the websites and search engines that you visit.
Viewing in private or incognito mode also won’t disguise your unique IP address from these parties. Incognito mode further doesn’t secure your device against cyberthreats like hackers.
That said, there are plenty of other tools you can use to safeguard your device against cybercriminals. For example, McAfee+ helps to secure your Wi-Fi connection, shield you from malicious websites or links, and detect malware.
You may already be familiar with incognito mode through your computer. For example, many people set up incognito mode through browsers like Mozilla Firefox, Google Chrome, Safari, Microsoft Edge, or Internet Explorer.
However, incognito mode isn’t just for computers — you can also use it on your phone’s web browsing apps.
The steps to setting up incognito mode are fairly straightforward. That said, it depends largely on which type of device you have.
Setting up private browsing or incognito mode for an Android isn’t the same as setting it up for iOS. Read on to learn how to go incognito whether you’ve got an Apple iPhone or an Android phone like Samsung.
The process for setting up incognito mode also varies based on the browser you’re using. Here’s how to set it up in the Google Chrome browser for your Android (note that the Google Chrome app is the default browser for most Android phones):
Remember, for Google Chrome’s incognito mode to do the trick, you need to close your browsing session after each use. If you leave the tab open and someone else uses your phone, they can see your activity.
For iPhones, the default browser is Safari. Here’s how to set up private browsing in Safari for your iPhone:
Again, remember to close your browser’s private tabs when you’re done surfing. This makes sure that cookies are deleted and the private session is safely hidden from your device’s history.
The above steps can help you set up incognito mode on your Apple or Android phone’s browser. However, you probably use your phone for much more than browsing.
You might have apps for watching videos, getting driving directions, listening to music, and more. And the tips above will only protect your privacy when using the phone’s browser — not apps.
That said, some apps offer their very own in-app incognito mode. Examples include YouTube, Google Maps, Spotify, and Instagram. Other apps simply offer the option of private sessions, requiring you to log in with a dedicated username and password if you’re going to use the app. These include Whatsapp, Dropbox, Amazon, PayPal, and Evernote.
Some of these apps can even be configured so they’re only unlockable with touch ID or face ID.
Browsing in incognito or private mode on your phone allows you to surf online without leaving any trace of your search history on that specific device. However, it doesn’t block third parties like your internet service provider or network administrator from seeing what websites you’ve visited. Only your phone is affected.
Incognito mode also doesn’t protect you against potential cyberthreats, like malware. To stay safe and browse with confidence, consider McAfee Mobile Security. It includes Wi-Fi privacy protection, browsing safeguards, shields against unauthorized third-party activities, and more — and it works for Android and iOS devices. Find out more.
The post How to Browse Privately on Your Phone appeared first on McAfee Blog.
Happy National App Day! No, we don’t mean apps of the mozzarella stick and potato skin variety, but your mobile apps that let you order dinner, hail a taxi, stay connected to your friends, and entertain you for hours with silly videos. While they’re undoubtedly useful, mobile apps are also a weak spot in some people’s digital safety. Cybercriminals take every chance they get to trick people through all kinds of technology, and mobile apps are no exception.
To celebrate National App Day, here are a few tips to keep your mobile and your personally identifiable information (PII) safe.
Did you know that there are hundreds of apps on the Android and Apple app stores whose only aim is to steal your passwords? In 2022, Meta identified more than 400 fake apps disguised as various utilities that targeted users to weasel Facebook login and password combinations.1 Malicious apps also regularly masquerade as photo editors and wallpapers but their real purpose is to run malware in the background of the mobile device, such as this Squid Game app from 2021.
Little-known apps aren’t the only ones you have to be wary of either. The biggest companies are also falling to cybercrime. For instance, more details recently came to light about a breach at Uber that leaked the PII of 57 million users. Plus, the popular mobile payment service, Cash App had the personal details of 8.3 million current and former users leaked.2
To keep your cellphone free of malicious software and your PII and password secure, take these five mobile security tips with you into the new year.
The new year is as good a time as any to unload any unnecessary baggage, emotional, literal, or in this case, digital. Go through your phone and delete the apps you haven’t used in the last six months. Make sure to completely delete your account with that app and not just hide it from your homepage. The smaller your digital footprint, the less at risk your PII is of being compromised in a breach.
Before you download any new app, it’s a good idea to conduct some background research on it. How many detailed reviews does it have? Who is the app developer? A phony app usually reveals itself through its lack of reviews. Consider apps with less than 50 reviews fishy. Skim the reviews for specific details and typos. If it’s lacking in detail but brimming with typos and grammatical mistakes, it could signal a fake. This research should take about five minutes, so don’t worry; it shouldn’t be too much of an inconvenience, and that time will be well spent.
Just like it’s a good idea to keep on top of global news, set up news alerts for cybersecurity breaches. If a company falls to a cybercriminal, the alert will give you the valuable time you need to act quickly to either delete your account or change your password.
For every online account, it is essential to create a unique password or passphrase. That way, if you do get hacked through an app or get tricked by a fake one, you don’t have to worry about cybercriminals using that password to walk into your other accounts. Password managers are an excellent way to keep all your passwords secure and free up your brain space for things other than dozens of passwords.
When you sign up for a new app, you can expect to give it a username, a password, and maybe your first name; however, if it has optional fields for your full birthday or your address, consider leaving those blank. The less information the company has about you, the less that can end up in cybercriminals’ hands if the app is breached.
The first step to better cyber habits is arming yourself with the knowledge of the threats that are out there. The best advice here is to slow down, observe and think about your next move every time you download a new app. The signs of a fake are usually not difficult to spot. Then, once you’re confident in its legitimacy, limit the amount of PII you share with it. In this digital world we live in, consider everyone susceptible to a breach.
To give you peace of mind, supplement your great habits with a tool, like McAfee+ Ultimate, that will cover all your bases and be your partner to live your best private life online.
1Tech.co, “Data Breaches That Have Happened in 2022 So Far.”
2Termly, “98 Biggest Data Breaches, Hacks, and Exposures.”
The post 2022’s Top 5 App Security Tips appeared first on McAfee Blog.
Without doubt, the biggest criticism we all have of social media is that everyone always looks fabulous! And while we all know that everyone is only sharing the best version of themselves, let’s be honest – it can be a little wearing. Well, there’s a new social media platform that is determined to uproot our online curated lives by having users post very real pictures of themselves – with no time to stage or add filters!
Developed in France in 2020, BeReal is where Aussie teenagers are currently spending their time and energy online. And to be honest, I can totally see why. It’s all about sharing random, authentic pics without having to spend time and energy making them look beautiful. In fact, my 19-year-old tells me that the uglier and weirder the photo, the better! How refreshing!!!
Once you’ve signed up, the app will send all users a notification at a random time throughout the day that it’s ‘time to BeReal’. As soon as the user opens the app to share a pic, they have just 2 minutes to take a picture of whatever they’re doing at that particular moment whether they’re on the bus, at the gym or chilling at home in trackies. The app will take 2 pictures using the front and back cameras so that your followers can see what you look like and where you are.
Now, if you don’t manage to post in 2 minutes, you’re officially late and your friends will know. In fact, there’s a small amount of shame for being tardy – as if on some level you’re not committed to being authentic. But don’t let this worry you too much – we can’t wait around all day awaiting the notification to post!
When you have uploaded your daily snap, your friends can comment, respond to your pic with ‘RealMojis’ and even see where you are in the world with the map feature. Users can also choose to upload their pics to the public feed where other users can leave “RealMoji’ reactions but no comments. But in order to access either the public feed or your friends’ photos, users will need to take their own picture too.
Now for my favourite parts of this app – this app has NO filters, NO option to ‘like’ anything, NO follower counts and NO private messaging!! How liberating!!
Like all social media platforms, there are a few risks however with a bit of strategy and a few smarts, users should be able to have a safe and positive experience. And when compared to platforms where follower counts and likes are public, influencers dominate and comments are allowed, BeReal is definitely a great choice.
Here are my top tips to keep the experience safe and positive:
1. Disable Your Location To Avoid Being ‘Discoverable’
Before you share your pics, ensure you disable your location to avoid the app sharing your exact location on the map. You don’t want an ill-intentioned follower knowing your exact whereabouts!
2. Think (Quickly) Before You Post
The very brief 2-minute posting window may result in rushed decisions about what to post and potentially oversharing of personal information. So, ensure you (and your kids) know not to share anything that can identify their location, any identifiable numbers such as passports or licences or, their computer screens that may display confidential information.
3. Don’t Feel Pressures to Post If You Can’t
Accept that there will be times when you just can’t post within the 2-minute time frame. You may be driving, sleeping or doing something far more important. You can absolutely still post late.
4. Know How To Report Bad Behaviour
If you see a post that is inappropriate, then report it immediately. It’s an investment in keeping the BeReal community as safe as possible. Simply tap the three dots at the top right of the post. A report button should appear. You will then have the option to flag the post as undesirable or inappropriate.
5. Be Aware of the Comparison Trap!
Like all social media platforms, users may compare their posts with others. They may think their lives are boring and predictable, particularly if their friends are doing more exciting things. If a young person is prone to anxiety or low mood, this may not be helpful. As a parent, reminding your kids that perception is not reality, and that one photo does not define a person may be required. But if it all gets too much, a digital detox might be just the thing!
So, if your kids have embraced BeReal then your homework is pretty easy – join up too! It’s impossible to understand your kids’ online world if you don’t take some time to step inside it. And for what it’s worth – I think you’ll really like this one. The fact that there is no public like count, follower tally, filters or private messaging makes the Mama Bear in me very happy!!
The post BeReal – The Newest Kid On The Social Media Block appeared first on McAfee Blog.
Monkey in the middle, the beloved playground staple, extends beyond schoolyards into corporate networks, home desktops, and personal mobile devices in a not-so-fun way. Known as a monkey-in-the-middle or man-in-the-middle attack (MiTM), it’s a type of cybercrime that can happen to anyone.
Here’s everything you need to know about mobile MiTM schemes specifically, how to identify when your mobile device is experiencing one, and how to protect your personally identifiable information (PII) and your device from cybercriminals.
A man-in-the-middle attack, or MiTM attack, is a scheme where a cybercriminal intercepts someone’s online activity and impersonates a trusted person or organization. From there, the criminal may ask personal questions or attempt to get financial information; however, since the mobile device owner thinks they’re communicating with someone with good intentions, they give up these details freely.
MiTM is an umbrella term that includes several cybercrime tactics, such as:
Cybercriminals gain access to mobile devices to carry out MiTM mobile attacks through three main methods: Wi-Fi eavesdropping, malware, or phishing.
The most common giveaway of a MiTM attack is a spotty internet connection. If a cybercriminal has a hold on your device, they may disconnect you from the internet so they can take your place in sessions or steal your username and password combination.
If your device is overheating or the battery life is much shorter than normal, it could indicate that it is running malware in the background.
If you can identify the signs of a MiTM attack, that’s a great first step in protecting your device. Awareness of your digital surroundings is another way to keep your device and PII safe. Steer clear of websites that look sloppy, and do not stream or download content from unofficial sites. Malware is often hidden in links on dubious sites.
To safeguard your Wi-Fi connection, protect your home router with a strong password or passphrase. When connecting to public Wi-Fi, confirm with the hotel or café’s staff their official Wi-Fi network name. Then, make sure to connect to a virtual private network (VPN). A VPN encrypts your online activity, which makes it impossible for someone to digitally eavesdrop.
Finally, a comprehensive antivirus software can clean up your device of malicious programs it might have contracted.
McAfee+ Ultimate includes unlimited VPN and antivirus, plus a whole lot more to keep all your devices safe. It also includes web protection that alerts you to suspicious websites, identity monitoring, and daily credit reports to help you browse safely and keep on top of any threats to your identity or credit.
A cybercriminal’s prize for winning a mobile scheme of monkey in the middle is your personal information. With preparation and excellent digital protection tools on your team, you can make sure you emerge victorious and safe.
The post Everything You Need to Know to Avoid a Man-in-the-Middle Mobile Attack appeared first on McAfee Blog.
Smishing and vishing are scams where criminals attempt to get users to click a fraudulent link through a phone text message, email, or voicemail. These scams are becoming increasingly popular as cybercriminals try to take advantage of people who are more likely to fall for them, such as those who aren’t as familiar with technology or who may be experiencing a crisis.
Be aware that cybercrime and hacking can happen to anyone. Criminals are always looking for new ways to exploit people, and they know that others may not be cautious or recognize the warning signs of phishing scams when using the internet. That’s why it’s important to be aware of the different types of cybercrime and how to protect yourself.
This article discusses how to protect yourself from smishing attempts and scams where criminals try to get you to click on a fraudulent link or respond to their voicemail message to steal your personal data.
Most people are familiar with phishing scams, where scammers try to trick you into giving them your personal or financial information by pretending to be a legitimate company or organization. But have you ever heard of smishing or vishing?
Smishing is a type of phishing scam where attackers send SMS messages (or text messages) to trick victims into sharing personal information or installing malware on their devices. Vishing is almost identical to smishing, except cybercriminals use VoIP (Voice over IP) to place phone calls to trick victims instead of SMS (short message service) messages.
Smishing messages often appear to be from a legitimate source, such as a well-known company or government agency. It may even include urgent language or threats in an effort to get victims to act quickly. In some cases, the message may also include a link that directs victims to a fake website where they are prompted to enter personal information or download malware.
Here are some examples of smishing text messages hackers use to steal your personal details:
If you fall for a smishing scam, you could end up giving away your personal information or money. Cybercriminals use smishing messages to get personal and financial information, like your credit card number or access to your financial services.
For example, one type of smishing scam is when you get a text message that looks like it’s from your bank. The message might say there’s been suspicious activity on your account and that you need to click on a link to verify your identity. If you do click on the link, you’ll be taken to a fake website where you’ll be asked to enter your banking information. Once the scammers have your login information, they have access to clean out your account.
Smishing scams can be very difficult to spot, but there are some telltale signs to look for and steps to take to protect yourself.
One of the easiest ways to protect yourself from smishing scams is to be able to recognize the signs of a smishing text message. Here are some tips:
While you can’t avoid smishing attacks altogether, you can block spam text messages you receive on your mobile phone. iPhone and Android have cybersecurity tools like spam filters and phone number blocking to help protect you from phishing attacks and malicious links.
To set up spam filters on your iPhone:
To set up spam filters on your Android mobile device:
McAfee Mobile Security is a mobile security app that helps protect your phone from malware, phishing attacks, and other online threats. McAfee Mobile Security is available for Android and iOS cell phones.
One of the benefits of using McAfee Mobile Security is that it can help detect and block smishing attacks. With identity monitoring, McAfee Mobile Security monitors your sensitive information like email accounts, credit card numbers, phone numbers, Social Security numbers, and more to protect against identity theft. They notify you if they find any security breaches.
Other benefits include:
These days, our lives are more intertwined with our mobile devices than ever. We use them to stay connected with our loved ones on social media, conduct our business, and even access our most personal, sensitive data. It’s no surprise that mobile cybersecurity is becoming increasingly important.
McAfee Mobile Security is a comprehensive security solution that helps protect your device from viruses, malware, and other online threats. It also offers a variety of other features, like a secure VPN to protect your credit card numbers and other personal data.
Whether you’re browsing your favorite website, keeping up with friends on social media, or shopping online at Amazon, McAfee Mobile Security provides the peace of mind that comes from knowing your mobile device is safe and secure.
So why wait? Don‘t let the smishers win. Get started today with McAfee Mobile Security and rest easy knowing your mobile device and sensitive information are protected.
The post What Is Smishing and Vishing, and How Do You Protect Yourself? appeared first on McAfee Blog.
One of the oldest tricks in the cybercrime playbook is phishing. It first hit the digital scene in 1995, at a time when millions flocked to America Online (AOL) every day. And if we know one thing about cybercriminals, it’s that they tend to follow the masses. In earlier iterations, phishing attempts were easy to spot due to link misspellings, odd link redirects, and other giveaways. However, today’s phishing tricks have become personalized, advanced, and shrouded in new disguises. So, let’s take a look at some of the different types, real-world examples and how you can recognize a phishing lure.
Every day, users get sent thousands of emails. Some are important, but most are just plain junk. These emails often get filtered to a spam folder, where phishing emails are often trapped. But sometimes they slip through the digital cracks, into a main inbox. These messages typically have urgent requests that require the user to input sensitive information or fill out a form through an external link. These phishing emails can take on many personas, such as banking institutions, popular services, and universities. As such, always remember to stay vigilant and double-check the source before giving away any information.
A sort of sibling to email phishing, link manipulation is when a cybercriminal sends users a link to malicious website under the ruse of an urgent request or deadline. After clicking on the deceptive link, the user is brought to the cybercriminal’s fake website rather than a real or verified link and asked to input or verify personal details. This exact scenario happened last year when several universities and businesses fell for a campaign disguised as a package delivery issue from FedEx. This scheme is a reminder that anyone can fall for a cybercriminals trap, which is why users always have to careful when clicking, as well as ensure the validity of the claim and source of the link. To check the validity, it’s always a good idea to contact the source directly to see if the notice or request is legitimate.
Corporate executives have always been high-level targets for cybercriminals. That’s why C-suite members have a special name for when cybercriminals try to phish them – whaling. What sounds like a silly name is anything but. In this sophisticated, as well as personalized attack, a cybercriminal attempts to manipulate the target to obtain money, trade secrets, or employee information. In recent years, organizations have become smarter and in turn, whaling has slowed down. Before the slowdown, however, many companies were hit with data breaches due to cybercriminals impersonating C-suite members and asking lower-level employees for company information. To avoid this pesky phishing attempt, train C-suite members to be able to identify phishing, as well as encourage unique, strong passwords on all devices and accounts.
Just as email spam and link manipulation are phishing siblings, so too are whaling and spear-phishing. While whaling attacks target the C-suite of a specific organization, spear-phishing rather targets lower-level employees of a specific organization. Just as selective and sophisticated as whaling, spear-phishing targets members of a specific organization to gain access to critical information, like staff credentials, intellectual property, customer data, and more. Spear-phishing attacks tend to be more lucrative than a run-of-the-mill phishing attack, which is why cybercriminals will often spend more time crafting and obtaining personal information from these specific targets. To avoid falling for this phishing scheme, employees must have proper security training so they know how to spot a phishing lure when they see one.
With so many things to click on a website, it’s easy to see why cybercriminals would take advantage of that fact. Content spoofing is based on exactly that notion – a cybercriminal alters a section of content on a page of a reliable website to redirect an unsuspecting user to an illegitimate website where they are then asked to enter personal details. The best way to steer clear of this phishing scheme is to check that the URL matches the primary domain name.
When users search for something online, they expect reliable resources. But sometimes, phishing sites can sneak their way into legitimate results. This tactic is called search engine phishing and involves search engines being manipulated into showing malicious results. Users are attracted to these sites by discount offers for products or services. However, when the user goes to buy said product or service, their personal details are collected by the deceptive site. To stay secure, watch out for potentially sketchy ads in particular and when in doubt always navigate to the official site first.
With new technologies come new avenues for cybercriminals to try and obtain personal data. Vishing, or voice phishing, is one of those new avenues. In a vishing attempt, cybercriminals contact users by phone and ask the user to dial a number to receive identifiable bank account or personal information through the phone by using a fake caller ID. For example, just last year, a security researcher received a call from their financial institution saying that their card had been compromised. Instead of offering a replacement card, the bank suggested simply blocking any future geographic-specific transactions. Sensing something was up, the researcher hung up and dialed his bank – they had no record of the call or the fraudulent card transactions. This scenario, as sophisticated as it sounds, reminds users to always double-check directly with businesses before sharing any personal information.
As you can see, phishing comes in all shapes and sizes. This blog only scratches the surface of all the ways cybercriminals lure unsuspecting users into phishing traps. The best way to stay protected is to invest in comprehensive security and stay updated on new phishing scams.
The post The Seven Main Phishing Lures of Cybercriminals appeared first on McAfee Blog.
Your phone buzzes. You hope it’s a reply from last night’s date, but instead you get an entirely different swooping feeling: It’s an alarming SMS text alerting you about suspicious activity on your bank account and that immediate action is necessary.
Take a deep breath and make sure to read the message carefully. Luckily, your assets could be completely safe. It could just be a smisher.
Smishing, or phishing over SMS, is a tactic where cybercriminals impersonate reputable organizations or people and trick people into handing over their PII or financial details. Sometimes they can seem very credible with the information they have, and you may have even been expecting a correspondence of a similar nature.
So how can you tell when an SMS text is real and requires your attention? And how should you deal with a smisher to keep your identity safe?
Like email phishing and social media phishing,
SMS text phishing often tries to use a strong emotion – like fear, anger, guilt, or excitement – to get you to respond immediately and without thinking through the request completely.
In the case of one coordinated smishing attack, cybercriminals not only impersonated financial institutions but collected PII on their targets ahead of time. The criminals then used these personal details – like old addresses and Social Security Numbers – to convince people that they were legitimate bank employees.1 But since when does a bank try to prove itself to the customer? Usually, it’s the other way around, where they’ll ask you to confirm your identity. Be wary of anyone who texts or calls you and has your PII. If you’re ever suspicious of a caller or texter claiming they’re a financial official, contact your bank through verified channels (chat, email, or phone) you find on the bank’s website to make sure.
Smishers often keep up with current events and attempt to impersonate well-known companies that have a reason to reach out to their customers. This adds false legitimacy to their message. For example, in the summer of 2022, Rogers Communications, a Canadian telecommunications provider, experienced an extended loss of service and told customers they could expect a reimbursement. Smishers jumped on the opportunity and sent a barrage of fake texts requesting banking details in order to carry out the reimbursement.2 However, Rogers credited customers directly to their Rogers accounts.
If you receive a suspicious text, go through these three steps to determine if you should follow up with the organization in question or simply delete and report the text.
Do you have text alerts enabled for your bank and utility accounts? If not, disregard any text claiming to be from those organizations. Companies will only contact you through the channels you have approved. Also, in the case of the Rogers smishing scheme, be aware of how a company plans to follow up with customers regarding reimbursements. You can find information like this on their official website and verified social channels.
If the tone of the text urges you to act quickly or proposes a dire consequence of ignoring the message, be on alert. While suspicious activity on your credit card is serious, your bank will likely reimburse you for charges you didn’t make, so you have time to check your bank account and see recent activities. Official correspondence from financial institutions will always be professional, typo-free, and will try to put you at ease, not make you panic.
Whenever you get a text from someone you don’t know, it’s a good practice to do an internet search for the number to see with whom it’s associated. If it’s a legitimate number, it should appear on the first page of the search results and direct to an official bank webpage.
Once you’ve identified a fake SMS alert, do not engage with it. Never click on any links in the message, as they can redirect you to risky sites or download malware to your device. If you have McAfee Safe Browsing on your mobile, it can be your backup if you accidentally open a malicious link.
Also, don’t reply to the text. A reply lets the criminal on the other end know that they reached a valid phone number, which may cause them to redouble their efforts. Finally, block the number and report it as spam.
A great absolute rule to always follow is to never give out your Social Security Number, banking information, usernames, or passwords over text.
To give you peace of mind in cases where you think a malicious actor has access to your PII, you can count on McAfee+. McAfee+ offers a comprehensive suite of identity and privacy protection services to help you feel more confident in your digital life.
1PC Mag, “Scammers Are Using Fake SMS Bank Fraud Alerts to Phish Victims, FBI Says”
2Daily Hive, “Rogers scam alert: Texts offering credit after outage are fake”
The post What Is Smishing? Here’s How to Spot Fake Texts and Keep Your Info Safe appeared first on McAfee Blog.
It’s hard to imagine a world without cellphones. Whether it be a smartphone or a flip phone, these devices have truly shaped the late 20th century and will continue to do so for the foreseeable future. But while users have become accustomed to having almost everything they could ever want at fingertips length, cybercriminals were busy setting up shop. To trick unsuspecting users, cybercriminals have set up crafty mobile threats – some that users may not even be fully aware of. These sneaky cyberthreats include SMSishing, fake networks, malicious apps, and grayware, which have all grown in sophistication over time. This means users need to be equipped with the know-how to navigate the choppy waters that come with these smartphone-related cyberthreats. Let’s get started.
If you use email, then you are probably familiar with what phishing is. And while phishing is commonly executed through email and malicious links, there is a form of phishing that specifically targets mobile devices called SMSishing. This growing threat allows cybercriminals to utilize messaging apps to send unsuspecting users a SMSishing message. These messages serve one purpose – to obtain personal information, such as logins and financial information. With that information, cybercriminals could impersonate the user to access banking records or steal their identity.
While this threat was once a rarity, it’s rise in popularity is two-fold. The first aspect being that users have been educated to distrust email messages and the second being the rise in mobile phone usage throughout the world. Although this threat shows no sign of slowing down, there are ways to avoid a cybercriminal’s SMSishing hooks. Get started with these tips:
Public and free Wi-Fi is practically everywhere nowadays, with some destinations even having city-wide Wi-Fi set up. But that Wi-Fi users are connecting their mobile device to may not be the most secure, given cybercriminals can exploit weaknesses in these networks to intercept messages, login credentials, or other personal information. Beyond exploiting weaknesses, some cybercriminals take it a step further and create fake networks with generic names that trick unsuspecting users into connecting their devices. These networks are called “evil-twin” networks. For help in spotting these imposters, there are few tricks the savvy user can deploy to prevent an evil twin network from wreaking havoc on their mobile device:
Fake apps have become a rampant problem for Android and iPhone users alike. This is mainly in part due to malicious apps hiding in plain sight on legitimate sources, such as the Google Play Store and Apple’s App Store. After users download a faulty app, cybercriminals deploy malware that operates in the background of mobile devices which makes it difficult for users to realize anything is wrong. And while users think they’ve just downloaded another run-of-the-mill app, the malware is hard at work obtaining personal data.
In order to keep sensitive information out of the hands of cybercriminals, here are a few things users can look for when they need to determine whether an app is fact or fiction:
With so many types of malware out in the world, it’s hard to keep track of them all. But there is one in particular that mobile device users need to be keenly aware of called grayware. As a coverall term for software or code that sits between normal and malicious, grayware comes in many forms, such as adware, spyware or madware. While adware and spyware can sometimes operate simultaneously on infected computers, madware — or adware on mobile devices — infiltrates smartphones by hiding within rogue apps. Once a mobile device is infected with madware from a malicious app, ads can infiltrate almost every aspect on a user’s phone. Madware isn’t just annoying; it also is a security and privacy risk, as some threats will try to obtain users’ data. To avoid the annoyance, as well as the cybersecurity risks of grayware, users can prepare their devices with these cautionary steps:
The post Cybercrime’s Most Wanted: Four Mobile Threats that Might Surprise You appeared first on McAfee Blog.
Malicious software, or “malware,” refers to any program designed to infect and disrupt computer systems and networks. The risks associated with a malware infection can range from poor device performance to stolen data.
However, thanks to their closed ecosystem, built-in security features, and strict policies on third-party apps, Apple devices tend to be less prone to malware infections compared to their Android counterparts. But it’s important to note that they’re not completely without vulnerabilities.
Several iPhone viruses could infect your smartphone and affect its functionality, especially if you jailbreak your iPhone (that is, opening your iOS to wider features, apps, and themes).
This article covers how you can detect malware infections and how to remove viruses from your device so you can get back to enjoying the digital world.
Malware can affect your iPhone in a variety of ways. Here are a few telltale signs that your iPhone might have an unwelcome visitor.
If you notice any of the signs above, it’s a good idea to check for malware. Here are some steps you can take.
If you’ve confirmed malware on your iPhone, don’t worry. There’s still time to protect yourself and your data. Below is an action plan you can follow to remove malware from your device.
In many cases, hackers exploit outdated versions of iOS to launch malware attacks. If you don’t have the latest version of your operating system, it’s a good idea to update iOS to close this potential vulnerability. Just follow these steps:
It might sound simple, but restarting your device can fix certain issues. The system will restart on its own when updating the iOS. If you already have the latest version, restart your iPhone now.
If updating the iOS and restarting your device didn’t fix the issue, try clearing your phone’s browsing history and data. If you’re using Safari, follow these steps:
Keep in mind that the process is similar for Google Chrome and most other popular web browsers.
Malicious software, such as spyware and ransomware, often end up on phones by masquerading as legitimate apps. To err on the side of caution, delete any apps that you don’t remember downloading or installing.
The option to restore to a previous backup is one of the most valuable features found on the iPhone and iPad. Essentially, this allows you to restore your device to an iCloud backup made before the malware infection.
Here’s how:
If none of the steps above solves the problem, a factory reset might be the next order of business. Restoring your phone to factory settings will reset it to its out-of-factory configuration, deleting all of your apps, content, and settings in the process and replacing them with original software only.
To factory reset your iPhone, follow these steps:
The best way to protect your iOS device is to avoid malware in the first place. Follow these security measures to safeguard your device:
If you have an iPhone and are like most other people, you probably use your device for almost everything you do online. And while it’s amazing to have the internet in the palm of your hands, it’s also important to be aware of online threats like malware, which can put your digital life at risk.
The good news is that McAfee has your back with our award-winning and full-scale mobile security app. McAfee Mobile Security provides full protection against various types of malware targeting the Apple ecosystem. With safe browsing features, a secure VPN, and antivirus software, McAfee Security for iOS delivers protection against emerging threats, so you can continue to use your iPhone with peace of mind.
Download the McAfee Security app today and get all-in-one protection.
The post A Guide to Remove Malware From Your iPhone appeared first on McAfee Blog.
How do hackers hack phones? Several ways. Just as there are several ways you can prevent it from happening to you.
The thing is that our phones are like little treasure chests. They’re loaded with plenty of personal data, and we use them to shop, bank, and take care of other personal and financial matters—all of which are of high value to identity thieves.
However, you can protect yourself and your phone by knowing what to look out for and by taking a few simple steps. Let’s break it down by first taking a look at some of the more common attacks.
Whether hackers sneak it onto your phone by physically accessing your phone or by tricking you into installing it via a phony app, a sketchy website, or a phishing attack, hacking software can create problems for you in a couple of ways:
Some possible signs of hacking software on your phone include:
In all, hacking software can eat up system resources, create conflicts with other apps, and use your data or internet connection to pass along your personal information into the hands of hackers—all of which can lead to some of the symptoms listed above.
These are a classic form of attack. In fact, hackers have leveled them at our computers for years now too. Phishing is where hackers impersonate a company or trusted individual to get access to your accounts or personal info or both. And these attacks take many forms, like emails, texts, instant messages, and so forth, some of which can look really legitimate. Common to them are links to bogus sites that attempt to trick you into handing over that info or that install malware to wreak havoc on your device or likewise steal information. Learning how to spot a phishing attack is one way to keep yourself from falling victim to one.
Professional hackers can use dedicated technologies that search for vulnerable mobile devices with an open Bluetooth connection. Hackers can pull off these attacks when they are range of your phone, up to 30 feet away, usually in a populated area. When hackers make a Bluetooth connection to your phone, they can possibly access your data and info, yet that data and info must be downloaded while the phone is within range. As you probably gathered, this is a more sophisticated attack given the effort and technology involved.
In August of 2019, the CEO of Twitter had his SIM card hacked by SIM card swapping scam. SIM card swapping occurs when a hacker contacts your phone provider, pretends to be you, and then asks for a replacement SIM card. Once the provider sends the new SIM to the hacker, the old SIM card will be deactivated, and your phone number will be effectively stolen. This means the hacker has taken control of your phone calls, messages, and so forth. This method of hacking requires the seemingly not-so-easy task of impersonating someone else, yet clearly, it happened to the CEO of a major tech company. Protecting your personal info and identity online can help prevent hackers from impersonating you to pull off this and other crimes.
While there are several ways a hacker can get into your phone and steal personal and critical information, here are a few tips to keep that from happening:
The post How Do Hackers Hack Phones and How Can I Prevent It? appeared first on McAfee Blog.
“But everyone else has one.”
Those are familiar words to a parent, especially if you’re having the first smartphone conversation with your tween or pre-teen. In their mind, everyone else has a smartphone so they want a one too. But does “everyone” really have one? Well, your child isn’t wrong.
Our recent global study found that 76% of children aged 10 to 14 reported using a smartphone or mobile device, with Brazil leading the way at 95% and the U.S. trailing the global average at 65%.
Our figures show that younger children with smartphones and mobile devices make up a decisive majority of younger children overall.
Of course, just because everyone else has smartphone doesn’t mean that it’s necessarily right for your child and your family. After all, with a smartphone comes access to a wide and practically unfettered world of access to the internet, apps, social media, instant messaging, texting, and gaming, all within nearly constant reach. Put plainly, some tweens and pre-teens simply aren’t ready for that just yet, whether in terms of their maturity, habits, or ability to care for and use a device like that responsibly.
Yet from a parent’s standpoint, a first smartphone holds some major upsides. One of the top reasons parents give a child a smartphone is “to stay in touch,” and that’s understandable. There’s something reassuring knowing that your child is a call or text away—and that you can keep tabs on their whereabouts with GPS tracking. Likewise, it’s good to know that they can reach you easily too. Arguably, that may be a reason why some parents end up giving their children a smartphone a little sooner than they otherwise would.
However, you don’t need a smartphone to do to text, track, and talk with your child. You have alternatives.
One way to think about the first smartphone is that it’s something you ease into. In other words, if the internet is a pool, your child should learn to navigate the shallows with some simpler devices before diving into the deep end with a smartphone.
Introducing technology and internet usage in steps can build familiarity and confidence for them while giving you control. You can oversee their development, while establishing rules and expectations along the way. Then, when the time is right, they can indeed get their first smartphone.
But how to go about that?
It seems a lot of parents have had the same idea and device manufacturers have listened. They’ve come up with smartphone alternatives that give kids the chance to wade into the mobile internet, allowing them to get comfortable with device ownership and safety over time without making the direct leap to a fully featured smartphone. Let’s look at some of those options, along with a few other long-standing alternatives.
These small and ruggedly designed devices can clip to a belt loop, backpack, or simply fit in a pocket, giving you the ability to see your child’s location. In all, it’s quite like the “find my” functionality we have on our smartphones. When it comes to GPS trackers for kids, you’ll find a range of options and form factors, along with different features such as an S.O.S. button, “geofencing” that can send you an alert when your child enters or leaves a specific area (like home or school), and how often it sends an updated location (to regulate battery life).
Whichever GPS tracker you select, make sure it’s designed specifically for children. So-called “smart tags” designed to locate things like missing keys and wallets are just that—trackers designed to locate things, not children.
With GPS tracking and many other communication-friendly features for families, smart watches can give parents the reassurance they’re looking for while giving kids a cool piece of tech that they can enjoy. The field of options is wide, to say the least. Smart watches for kids can range anywhere from devices offered by mobile carriers like Verizon, T-Mobile, and Vodaphone to others from Apple, Explora, and Tick Talk. Because of that, you’ll want to do a bit of research to determine the right choice for you and your child.
Typical features include restricted texting and calling, and you’ll find that some devices are more durable and more water resistant than others, while yet others have cameras and simple games. Along those lines, you can select a smart watch that has a setting for “school time” so that it doesn’t become a distraction in class. Also, you’ll want to look closely at battery life, as some appear to do a better job of holding a charge than others.
Another relatively recent entry on the scene are smartphones designed specifically for children, which offer a great step toward full-blown smartphone ownership. These devices look, feel, and act like a smartphone, but without web browsing, app stores, and social media. Again, features will vary, yet there are ways kids can store and play music, stream it via Bluetooth to headphones or a speaker, and install apps that you approve of.
Some are paired with a parental control app that allows you to introduce more and more features over time as your child as you see fit—and that can screen texts from non-approved contacts before they reach your child. Again, a purchase like this one calls for some research, yet names like Gabb wireless and the Pinwheel phone offer a starting point.
The old reliable. Rugged and compact, and typically with a healthy battery life to boot, flip phones do what you need them to—help you and your child keep in touch. They’re still an option, even if your child may balk at the idea of a phone that’s “not as cool as a smartphone.” However, if we’re talking about introducing mobile devices and the mobile internet to our children in steps, the flip phone remains in the mix.
Some are just phones and nothing else, while other models can offer more functionality like cameras and slide-out keyboards for texting. And in keeping with the theme here, you’ll want to consider your options so you can pick the phone that has the features you want (and don’t want) for your child.
Despite what your younger tween or pre-teen might think, there’s no rush to get that first smartphone. And you know it too. You have time. Time to take eventual smartphone ownership in steps, with a device that keeps you in touch and that still works great for your child.
By easing into that first smartphone, you’ll find opportunities where you can monitor and guide their internet usage. You’ll also find plenty of moments to help your child start forming healthy habits around device ownership and care, etiquette, and safety online. In all, this approach can help you build a body of experience that will come in handy when that big day finally comes—first smartphone day.
The post Smartphone Alternatives: Ease Your Way into Your Child’s First Phone appeared first on McAfee Blog.
Fears and phobias. We all have them. But what are your biggest ones? I absolutely detest snakes but spiders don’t worry me at all. Well, new research by McAfee shows that cybercriminals and the fear of being hacked are now the 5th greatest fear among Aussies.
With news of data breaches and hacking crusades filling our news feed on a regular basis, many of us are becoming more aware and concerned about the threats we face in our increasingly digital world. And McAfee’s latest confirms this with hackers making their way into Australia’s Top 10 Fears.
According to research conducted by McAfee, snakes are the top phobia for Aussies followed by spiders, heights and sharks. Cybercriminals and the fear of being hacked come in in 5th place beating the dentist, bees, ghosts, aeroplane travel and clowns!
Aussie Top 10 Fears and Phobias
Fears and phobias develop when we perceive that we are at risk of pain, or worse, still, death. And while almost a third of respondents nominated snakes as their number one fear, there is less than one-in-fifty thousand chance of being bitten badly enough by a snake to warrant going to hospital in Australia, according to research from the Internal Medicine Journal.
In contrast, McAfee’s analysis of more than 108 billion potential online threats between October and December, identified 202 million of these threats as genuine risks. With a global population of 7.5 billion, that means there is approximately a one in 37 chance of being targeted by cybercrime. Now while this is not a life-threatening situation, these statistics show that chance of us being affected by an online threat is very real.
According to the research, 82% of Aussies believe that being hacked is a growing or high concern. And when you look at the sheer number of reported data breaches so far this year, these statistics make complete sense. Data breaches have affected Bunnings staff, Federal Parliament staff, Marriott guests, Victorian Government staff, QLD Fisheries members, Skoolbag app users and Big W customers plus many more.
Almost 1 in 5 (19%) of those interviewed said their top fear at work is doing something that will result in a data security breach, they will leak sensitive information or infect their corporate IT systems.
The fear that we are in the midst of a cyberwar is another big concern for many Aussies. Cyberwar can be explained as a computer or network-based conflict where parties try to disrupt or take ownership of the activities of other parties, often for strategic, military or cyberespionage purposes. 55% of Aussies believe that a cyberwar is happening right now but we just don’t know about it. And a fifth believe cyber warfare is the biggest threat to our nation.
Being proactive about protecting your online life is the absolute best way of reducing the chances of being hacked or being affected by a data breach. Here are my top tips on what you can now to protect yourself:
Using a password manager to create unique and complex passwords for each of your online accounts will definitely improve your online safety. If each on your online accounts has a unique password and you are involved in a breach, the hacker won’t be able to use the stolen password details to log into any of your other accounts.
Storing your financial data within your browser and being able to populate online forms quickly within seconds makes the autofill function very attractive however it is risky. Autofill will automatically fill out all forms on a page regardless of whether you can see all the boxes. You may just think you are automatically entering your email address into an online form however a savvy hacker could easily design an online form with hidden boxes designed to capture your financial information. So remove all your financial information from Autofill. I know this means you will have to manually enter information each time you purchase but your personal data will be better protected.
One of the easiest ways for a cybercriminal to compromise their victim is by using phishing emails to lure consumers into clicking links for products or services that could lead to malware, or a phoney website designed to steal personal information. If the deal seems too good to be true, or the email was not expected, always check directly with the source.
It’s important to put the right security solutions in place in order to surf the web safely. Add an extra layer of security to your browser with McAfee WebAdvisor.
I know public Wi-Fi might seem like a good idea, but if consumers are not careful, they could be unknowingly exposing personal information or credit card details to cybercriminals who are snooping on the network. If you are a regular Wi-Fi user, I recommend investing in a virtual private network or (VPN) such as McAfee Secure VPN which will ensure your connection is completely secure and that your data remains safe.
While it is tempting, putting our head in the sand and pretending hackers and cybercrime don’t exist puts ourselves and our families at even more risk! Facing our fears and making an action plan is the best way of reducing our worry and stress. So, please commit to being proactive about your family’s online security. Draw up a list of what you can do today to protect your tribe. And if you want to receive regular updates about additional ways you can keep your family safe online, check out my blog.
‘till next time.
Alex x
The post Aussies Fear Snakes, Spiders and Getting Hacked appeared first on McAfee Blog.
Using a VPN on your smartphone can boost your privacy in a big way, particularly with all the data tracking that’s happening out there today.
For some time now, we’ve recommended a VPN when using public Wi-Fi in airports, libraries, hotels, and coffee shops. Given that these are public networks, a determined hacker can snoop on the other devices transmitting data on it. With a VPN, any connection becomes a secure connection, which includes public Wi-Fi. That advice still holds true. Yet there’s a good reason to use it on your smartphone all the time—for your privacy.
Let’s start with a quick look at the two big things a VPN does for you.
The bank-grade encryption used by a strong VPN shields your data and information while it’s in transit, which makes it terrifically difficult for hackers to spy on your connection. (Think of your data and information traveling through a tunnel that no one else can use or see into.) In that way, at VPN makes all kinds of online activities more secure—like banking, shopping, and checking up on your finances.
By masking your whereabouts and your IP address, along with encryption that helps keep your activities private, a VPN reduces the personal information that others can collect and track. That includes internet service providers, social media companies, businesses, app developers, websites, and others who gather your data for marketing purposes or for resale to third parties.
As far as your privacy is concerned, a VPN on a smartphone can be a smart move. There are a couple of reasons for that: first, because of the way smartphones have additional tracking technologies built in, and second, because of all the trackable data we create when using smartphones as frequently as we do—up to six hours per day for some.
As for how your smartphone is built, data collectors can harvest your personal information that reveals what you’re doing, when you’re doing it, and where you’re doing it as well. Several technologies allow them to pinpoint where you are at any given time, such as GPS and location services, along with Bluetooth connectivity and location tracking based on which cell phone tower you’re connected to. Even scanning a QR code with your phone can reveal location information. It can all get rather precise, which is of interest to advertisers, businesses, and even governments.
Next, think about all the activities you do on your phone, with a special emphasis on the apps you use and the data they create, about your health, your shopping habits, your travels, who you’re chatting with, and what content you’re posting online—just to name a few things. Once again, that information in of itself is valuable to data collectors. It becomes even more valuable when they know where you do these things.
Taken together, data broker companies readily gather this information from millions of devices, generating billions of data points, and create massive lists of targeted information. And that information gets quite specific. With some data brokers collecting hundreds and into the thousands of data points per person, they can provide interested buyers with a high-resolution snapshot of who you are, where you live, who’s in your family, your income, where you shop, what you like to buy—right on down to your favorite shampoo. And that’s just for starters.
It’s little surprise that all this data brokering activity fuels a global business estimated at $200 billion U.S. dollars a year.
How’s this happening? In large part by way of the privacy policies you may or may not have read.
Within those policies, device manufacturers, social media companies, app developers, and so on will detail what data they collect, under what conditions, what they do with it, and if they share or resell that data to other parties. However, if you’ve ever taken a dive into the fine print of a privacy policy, what’s stated there isn’t always clear. Now consider all the apps you have on your phone and the privacy policies associated with each one—your personal data privacy picture gets even less clear.
With digital data and information collection baked into so much of what we do online, it’s little wonder that more than 70% of people feel like their data privacy is out of their control.
Yet there are things you can do.
Using a VPN on your smartphone can make you far more anonymous online. A VPN can minimize the data that gets exposed as it transmits to and from your smartphone. As a result, companies and data brokers can potentially learn far less about you, your shopping, your travels, your habits, and any other information that they could possibly collect and otherwise profit from.
While you have free VPN options available, I suggest steering clear of them. As with many “free” services, there’s going to be some catch, often involving data collection. For example, some so-called “free VPNs” have served up tracking malware or actually collected private data and information for sale—the very things you want a VPN to prevent.
Given that this is your privacy we’re talking about, do a little background check. Has the VPN you’re considering been independently audited for security? The technology that powers ours undergoes a thorough audit every year. Search news articles and see if the VPN you’re looking at has a track record of collecting and selling data in any way. Again, with our VPN technology, we don’t log or track what you do online so your online activity remains private.
What about the information that’s already out there? Our Personal Data Cleanup can help you remove your personal information from high-risk data broker sites, so you can prevent it from being further collected and sold online. If you’re unsure if your data and information are out there, consider what one major data brokers has touted in the past—a reach of over 62 countries and the ability to reach over 2.5 billion consumers globally. With 5 billion internet users today, that accounts for half of the world’s online population. And that’s just one data broker alone.
Moreover, consider that data brokers acquire plenty of information from places other than your smartphone and other connected devices. They skim and collate public records associated with you, information purchased from retailers with loyalty card programs, not to mention census data, court records, and motor vehicle records. And that’s just a few of the many sources. Using our Personal Data Cleanup can help remove those sorts of records too.
Together, the combination of a VPN and Personal Data Cleanup can help you become far more private than before. With so much of our digital lives getting collected, tracked, and tabulated, often without our knowledge thanks to confusing privacy policies, taking control of your privacy makes sense and only gets easier to do thanks to the tools and services available to you.
The post Privacy, please! Why a VPN on your smartphone may be a smart move for you. appeared first on McAfee Blog.
Our phones store a lot of personal data, including contacts, social media account details, and bank account logins. We use our smartphones for everything under the sun, from work-related communication to online shopping.
However, like computer viruses, our phones can be vulnerable to malware. Viruses are a type of malware that replicate themselves and spread throughout the entire system. They can affect your phone’s performance or, worse, compromise your sensitive information so that hackers can benefit monetarily.
In this article, we give you a rundown of viruses that can infect your phone and how you can identify and eliminate them. We also provide some tips for protecting your phone from viruses in the first place.
iPhones and Android devices run on different operating systems. So, there are differences in the viruses that affect each type of mobile device and how resistant each operating system is to viruses.
Viruses have a harder time penetrating iOS because of its design (although iOS hacks can still happen). By restricting interactions between apps, Apple’s operating system limits the movement of an iPhone virus across the device. However, if you jailbreak your iPhone or iPad to unlock tweaks or install third-party apps, then the security restrictions set by Apple’s OS won’t work. This exposes iPhone users to vulnerabilities that cybercriminals can exploit.
While Android phones are also designed with cybersecurity in mind, their reliance on open-source code makes them an easier target for hackers. Android devices allow users to access third-party apps not available in the Google Play Store.
Cybercriminals today are sophisticated and can launch a variety of cyberattacks on your smartphone. Some viruses that can infect your phone include:
Smartphones and computers get viruses in a similar way. The most common include:
Now that you know how your phone could be the target of a virus, look out for these seven signs to determine if your device has been infected with malicious software.
Most pop-up ads don’t carry viruses but are only used as marketing tools. However, if you find yourself shutting pop-up ads more often than usual, it might indicate a virus on your phone.
Don’t open any apps in your library that you don’t remember installing. Instead, uninstall them immediately. These apps tend to carry malware that’s activated when the app is opened or used.
Your phone isn’t built to support malware. When you accidentally download apps that contain malware, the device has to work harder to continue functioning. In this case, your phone might be overheating.
If your contacts receive unsolicited scam emails or messages on social media from your account, especially those containing suspicious links, a virus may have accessed your contact list. It’s best to let all the recipients know that your phone has been hacked so that they don’t download any malware themselves or forward those links to anybody else.
An unusually slow-performing device is a hint of suspicious activity on your phone. The device may slow down because it needs to work harder to support the downloaded virus. Alternatively, unfamiliar apps might be taking up storage space and running background tasks, causing your phone to run slowly.
Be sure to follow up on charges on your credit card or transactions in your banking statements that you don’t recognize. It could be an unfamiliar app or malware making purchases through your account without your knowledge.
A sudden rise in your data usage or phone bill can be suspicious. A virus might be running background processes or using your internet connection to transfer data out of your device for malicious purposes.
An unusually quick battery drain may also cause concern. Your phone will be trying to meet the energy requirements of the virus, so this problem is likely to persist for as long as the virus is on the device.
You may have an inkling that a virus is housed inside your phone, but the only way to be sure is to check.
An easy way to do this is by downloading a trustworthy antivirus app. The McAfee Mobile Security app scans for threats regularly and blocks them in real time. It prevents suspicious apps from attaching themselves to your phone and secures any public connections you might be using.
If you detect a virus on your iPhone or Android device, there are several things you can do.
It’s never too late to start caring for your phone. Follow these tips to stay safe online and help reduce the risk of your phone getting a virus.
McAfee Mobile Security is committed to keeping your mobile phone secure, whether it’s an iPhone or Android device. In addition to regularly scanning your phone to track suspicious activity, our technology responds to threats in real time. Our comprehensive tools also secure your internet connections and let you browse peacefully. Using our app makes sure that your phone and data are protected at all times.
So, what are you waiting for? Download McAfee Mobile Security today!
The post 7 Signs Your Phone Has a Virus and What You Can Do appeared first on McAfee Blog.
Many people opt for encrypted messaging services because they like the additional layers of privacy they offer. They allow users to message their closest friends, family, and business partners without worrying about a stranger digitally eavesdropping on their conversation. The same people who message over encrypted services and apps are likely also diligent with securing their internet connections and using a VPN.
Despite all those safeguards, everyday people are left in the lurch when the companies with which they entrust their information are victims of cyberattacks. That was the case for users of the encrypted messaging app, Signal. Due to a phishing attack and subsequent leak of customer phone numbers, people are looking to identify potential consequences, protect themselves from SIM swapping, monitor their identity, and take measures to make sure their information is safe in the future.
A recent cyberattack targeted Signal, an end-to-end encrypted messaging service.1 The attackers exposed about 1,900 phone numbers belonging to Signal users. While other personally identifiable information (PII), message history, and contact lists were spared, valid phone numbers in the hands of a cybercriminal can be enough to wreak havoc on affected users.
It is likely that another recent and successful phishing scheme at Twilio was the entry point for the Signal hackers. (Signal partners with Twilio to send SMS verification codes to people registering for the Signal app.) At Twilio, phishers tricked employees into divulging their credentials.
To rectify the situation and protect users, Signal is contacting affected users and asking them to re-register their devices. Also, the company is urging all users to enable registration lock, which is an additional security measure that requires a unique PIN to register a phone with Signal.
There are many lessons not only companies but everyday people can learn from the Signal and Twilio hacks. Here are some ways you can take action at the first signs of a compromised phone number and to help prevent cyber-events like this from happening to you.
SIM swapping occurs when a cybercriminal gets ahold of your cellphone number and a few other pieces of your PII and registers your phone number to a device and a new SIM card that isn’t yours. If they successfully reregister your phone number, they can then access your data, change account passwords, and lock you out of your most important accounts.
Luckily, since most of us use our phones every day, SIM swapping is usually detected quickly. If your phone isn’t connecting to the network and you’re not receiving calls and texts, it could be a sign that your wireless provider may have reassigned your number to an impersonator. In this case, contact your wireless provider immediately.
To make SIM swapping nearly impossible, always turn on multifactor authentication. Also known as MFA, multifactor authentication is a method many online accounts use to ensure that only the authorized user can gain entry. This could entail sending a one-time code by email or text, prompting security questions, or scanning for fingerprint or facial recognition in addition to asking for the account password. MFA is an additional layer of security that’s quick to implement. The extra few seconds it takes to type in a code or stand still for a facial scan is well worth the frustration is causes cybercriminals.
These days, everyone has dozens of online accounts for everything from banking and shopping to streaming services and gaming. Since you can’t predict which company is going to be breached next, limit the number of possible doors a cybercriminal could break through to access your PII. In the Signal hack, it was their third-party vendor that was likely the cause of the leaked phone numbers. This unpredictability means it’s best to limit sharing your PII with as few accounts as possible. A great practice is to regularly organize your online accounts and deactivate the ones you no longer use.
A phishing attack seems to have been the first domino to fall in the Twilio and Signal incident. It could’ve been prevented if everyone followed this absolute rule: Never share your password! Your employer nor your bank nor the IRS, for example, will ever ask you for your password to an online account. If you receive correspondence asking you to share your password, no matter how official it looks, do not comply.
Phishers often lace their electronic correspondences with an urgent or authoritarian tone, threatening severe consequences if they don’t receive a response within a short timeframe. This is a ploy to get people to act too quickly without thinking through the request. If you receive a message that outlines dire consequences for seemingly small infractions, step away from the message for at least 15 minutes and think it through. Stay calm and follow up through official channels, such as a listed phone number on the organization’s website or a customer service chat room, to iron out the alleged situation instead.
Diligent cybersecurity habits go a long way toward keeping you and your family’s PII out of the hands of malicious characters. However, in the case you trust a company with your information but it’s leaked in a breach, McAfee Total Protection can give you peace of mind. McAfee Total Protection offers premium security in various areas including antivirus, identity monitoring, secure VPN, Protection Score, and Personal Data Cleanup. Its advanced monitoring abilities are faster and offer broader detection for your identity. Plus, McAfee Total Protection can cover you up to $1 million in identity theft restoration.
Keep your eyes peeled for cybersecurity news and breaches that may have affected your PII. From there, take action and leverage McAfee services to help you fill in the gaps.
1The Hacker News, “Nearly 1,900 Signal Messenger Accounts Potentially Compromised in Twilio Hack”
The post Encrypted Messaging Service Hack Exposes Phone Numbers appeared first on McAfee Blog.
If you’re the parent of a tween or teen, chances are they’re not the only ones going back to school. Their smartphones are going back too.
Our recent global research showed just how many tweens and teens use a smartphone. Plenty. Depending on the age band, that figure ranges anywhere from 76% to 93%, with some noteworthy variations between countries.
One of the top reasons parents give their child a phone is to stay in touch, so it likely follows that those phones will likely make their way into the classroom. Whether or not that’s the case for your child, back-to-school time is still a great time to help your child stay safer on their phone—and keep their phones safer too in the event of loss or theft.
Comprehensive online protection software can protect your phone in the same way that it protects your laptops and computers. Unfortunately, while many people use it on their laptops and computers, far fewer people use it on their phones—only about 42% of tweens and teens worldwide use it on their smartphones according to our most recent research.
Installing it can protect their privacy, keep them safe from attacks on public Wi-Fi, and automatically block unsafe websites and links, just to name a few things it can do. You can find our smartphone apps in both Google Play and the Apple App Store.
Updates do all kinds of great things for gaming, streaming, and chatting apps, such as adding more features and functionality over time. Updates do something else—they make those apps more secure. Hackers will hammer away at apps to find or create vulnerabilities, which can steal personal info or compromise the device itself. Updates will often include security improvements, in addition to performance improvements.
iPhones update apps automatically by default, yet you can learn how to turn them back on here if they’ve been set to manual updates. For Android phones, this article can help you set apps to auto-update if they aren’t set that way already.
Much the same goes for the operating system on smartphones too. Updates can bring more features and more security. iOS users can learn how to update their phones automatically in this article. Likewise, Android users can refer to this article about automatic updates for their phones.
Another finding from our latest global research is just how few people use a lock screen on their phones. Only 56% of parents said that they protect their smartphone with a password or passcode, and only 42% said they do the same for their child’s smartphone—a further 14% drop between parents and kids.
The issue here is clear. If an unlocked phone gets lost or stolen, all the information on it is an open book to a potential hacker, scammer, or thief. Enabling a lock screen if you haven’t already. It’s a simple feature found in both iOS and Android devices.
Preventing the actual theft of your phone is important too, as some hacks happen simply because a phone falls into the wrong hands. This is a good case for password or PIN protecting your phone, as well as turning on device tracking so that you can locate your phone or even wipe it remotely if you need to. Apple provides iOS users with a step-by-step guide for remotely wiping devices, and Google offers up a guide for Android users as well.
Strong, unique passwords offer another primary line of defense. Yet with all the accounts we have floating around, juggling dozens of strong and unique passwords can feel like a task—thus the temptation to use (and re-use) simpler passwords. Hackers love this because one password can be the key to several accounts. Instead, try a password manager that can create those passwords for you and safely store them as well. Comprehensive security software will include one, and McAfee also offers a free service with True Key.
Google Play and Apple’s App Store have measures in place to review and vet apps to help ensure that they are safe and secure. Third-party sites may not have that process in place. In fact, some third-party sites may intentionally host malicious apps as part of a broader scam. Granted, cybercriminals have found ways to work around Google and Apple’s review process, yet the chances of downloading a safe app from them are far greater than anywhere else. Furthermore, both Google and Apple are quick to remove malicious apps once discovered, making their stores that much safer.
One way that crooks can hack their way into your phone is via public Wi-Fi, such as at coffee shops, libraries, and other places on the go. These networks are public, meaning that your activities are exposed to others on the network—your banking, your password usage, all of it. One way to make a public network private is with a VPN, which can keep you and all you do protect from others on that Wi-Fi hotspot. Note that our VPN can turn on automatically for public Wi-Fi, protecting account credentials, search habits, and other activities online.
The same advice applies for these devices as well—strong online protection software, password management, VPN usage, and so on. What’s good for a smartphone is good for laptops and desktops too.
For laptops in particular, you can track these devices as well, just like a smartphone. The process differs from smartphones, yet it’s still quite straightforward. Windows and Mac users can enable the following settings—and you can click the links below for complete instructions from the source:
Putting these same protections in place on your laptops and desktops will help make your child, and your whole family, safer than before.
Note that on school-issued devices, your school district will likely have technology teams who manage them. As part of that, they typically have policies and restrictions in place to help keep them running safe and sound. If you have any questions about what kind of protections are in place on these school-issued devices, contact your school district.
While we’ve largely focused on protecting the phone itself, there’s also the importance of protecting the person who’s using it. In this case, your child—what they see, do, and experience on the internet. Device security is only part of the equation there.
Parents of tweens and teens know the concerns that come along with smartphone usage, ranging anywhere from cyberbullying, too much screen time, and simply wanting to know what their child is up to on their phone.
As you can imagine, each of these topics deserves its own treatment. The “Family Safety” section of our blog offers parents and their kids alike plenty of resources, and the list below can get you started on a few of the most pressing issues:
Without a doubt, while a child may get their first smartphone to “keep in touch,” that ownership blossoms into something far greater. And quite quickly. As they dive into the world of apps, social media, messaging, and gaming, take an interest, take it as an opportunity to spend time talking about their day and what it was like online.
By asking if they grabbed any cool pictures, what their favorite games are, and how their friends are when your child is texting them, questions like these can open a look into a world that would otherwise remain closed. This way, talking about the phone and what they’re doing on it becomes part of normal, everyday conversation. This can reap benefits down the road when your child encounters the inevitable bumps along the way, whether they’re dealing with a technical issue or something as difficult as cyberbullying or harassment. Talking about their life online on a regular basis may make them more apt to come forward when there’s a problem than they otherwise might.
In all, think of the smartphone as a fast pass into adulthood, thanks to how it puts the entirety of the internet right in your child’s hand. Protecting the device and the kid who’s using it will help ensure they get the absolute best out of all that potential.
The post Getting Your Kids Ready for School—And Their Smartphones Too appeared first on McAfee Blog.
Authored by Dexter Shin
McAfee’s Mobile Research Team introduced a new Android malware targeting Instagram users who want to increase their followers or likes in the last post. As we researched more about this threat, we found another malware type that uses different technical methods to steal user’s credentials. The target is users who are not satisfied with the default functions provided by Instagram. Various Instagram modification application already exists for those users on the Internet. The new malware we found pretends to be a popular mod app and steals Instagram credentials.
Instander is one of the famous Instagram modification applications available for Android devices to help Instagram users access extra helpful features. The mod app supports uploading high-quality images and downloading posted photos and videos.
The initial screens of this malware and Instander are similar, as shown below.
Figure 1. Instander legitimate app(Left) and Mmalware(Right)
Next, this malware requests an account (username or email) and password. Finally, this malware displays an error message regardless of whether the login information is correct.
Figure 2. Malware requests account and password
The malware steals the user’s username and password in a very unique way. The main trick is to use the Firebase API. First, the user input value is combined with l@gmail.com. This value and static password(=kamalw20051) are then sent via the Firebase API, createUserWithEmailAndPassword. And next, the password process is the same. After receiving the user’s account and password input, this malware will request it twice.
Since we cannot see the dashboard of the malware author, we tested it using the same API. As a result, we checked the user input value in plain text on the dashboard.
According to the Firebase document, createUserWithEmailAndPassword API is to create a new user account associated with the specified email address and password. Because the first parameter is defined as email patterns, the malware author uses the above code to create email patterns regardless of user input values.
It is an API for creating accounts in the Firebase so that the administrator can check the account name in the Firebase dashboard. The victim’s account and password have been requested as Firebase account name, so it should be seen as plain text without hashing or masking.
As an interesting point on the network traffic of the malware, this malware communicates with the Firebase server in Protobuf format in the network. The initial configuration of this Firebase API uses the JSON format. Although the Protobuf format is readable enough, it can be assumed that this malware author intentionally attempts to obfuscate the network traffic through the additional settings. Also, the domain used for data transfer(=www.googleapis.com) is managed by Google. Because it is a domain that is too common and not dangerous, many network filtering and firewall solutions do not detect it.
As mentioned, users should always be careful about installing 3rd party apps. Aside from the types of malware we’ve introduced so far, attackers are trying to steal users’ credentials in a variety of ways. Therefore, you should employ security software on your mobile devices and always keep up to date.
Fortunately, McAfee Mobile Security is able to detect this as Android/InstaStealer and protect you from similar threats. For more information visit McAfee Mobile Security
SHA256:
The post Instagram credentials Stealer: Disguised as Mod App appeared first on McAfee Blog.
Authored by Jyothi Naveen and Kiran Raj
McAfee Labs have been observing a spike in phishing campaigns that utilize Microsoft office macro capabilities. These malicious documents reach victims via mass spam E-mail campaigns and generally invoke urgency, fear, or similar emotions, leading unsuspecting users to promptly open them. The purpose of these spam operations is to deliver malicious payloads to as many people as possible.
A recent spam campaign was using malicious word documents to download and execute the Ursnif trojan. Ursnif is a high-risk trojan designed to record various sensitive information. It typically archives this sensitive data and sends it back to a command-and-control server.
This blog describes how attackers use document properties and a few other techniques to download and execute the Ursnif trojan.
The malware arrives through a phishing email containing a Microsoft Word document as an attachment. When the document is opened and macros are enabled, Word downloads a DLL (Ursnif payload). The Ursnif payload is then executed using rundll32.exe
Macros are disabled by default and the malware authors are aware of this and hence present an image to entice the victims into enabling them.
Analyzing the sample statically with ‘oleId’ and ‘olevba’ indicates the suspicious vectors..
The VBA Macro is compatible with x32 and x64 architectures and is highly obfuscated as seen in Figure-5
To get a better understanding of the functionality, we have de-obfuscated the contents in the 2 figures shown below.
An interesting characteristic of this sample is that some of the strings like CLSID, URL for downloading Ursnif, and environment variables names are stored in custom document properties in reverse. As shown in Figure-7, VBA function “ActiveDocument.CustomDocumentProperties()” is used to retrieve the properties and uses “StrReverse” to reverse the contents.
We can see the document properties in Figure-8
The malicious macro retrieves hidden shellcode from a custom property named “Company” using the “cdec” function that converts the shellcode from string to decimal/hex value and executes it. The shellcode is shown below.
The shellcode is written to memory and the access protection is changed to PAGE_EXECUTE_READWRITE.
After adding the shellcode in memory, the environment variable containing the malicious URL of Ursnif payload is created. This Environment variable will be later used by the shellcode.
The shellcode is executed with the use of the SetTimer API. SetTimer creates a timer with the specified time-out value mentioned and notifies a function when the time is elapsed. The 4th parameter used to call SetTimer is the pointer to the shellcode in memory which will be invoked when the mentioned time is elapsed.
The shellcode downloads the file from the URL stored in the environmental variable and stores it as ” y9C4A.tmp.dll ” and executes it with rundll32.exe.
| URL | hxxp://docmasterpassb.top/kdv/x7t1QUUADWPEIQyxM6DT3vtrornV4uJcP4GvD9vM/ |
| CMD | rundll32 “C:\Users\user\AppData\Local\Temp\y9C4A.tmp.dll”,DllRegisterServer |
After successful execution of the shellcode, the environment variable is removed.
| TYPE | VALUE | PRODUCT | DETECTION NAME |
| Main Word Document | 6cf97570d317b42ef8bfd4ee4df21d217d5f27b73ff236049d70c37c5337909f | McAfee LiveSafe and Total Protection | X97M/Downloader.CJG |
| Downloaded dll | 41ae907a2bb73794bb2cff40b429e62305847a3e1a95f188b596f1cf925c4547 | McAfee LiveSafe and Total Protection | Ursnif-FULJ |
| URL to download dll | hxxp://docmasterpassb.top/kdv/x7t1QUUADWPEIQyxM6DT3vtrornV4uJcP4GvD9vM/ | WebAdvisor | Blocked |
| Technique ID | Tactic | Technique Details | Description |
| T1566.001 | Initial Access | Spear phishing Attachment | Manual execution by user |
| T1059.005 | Execution | Visual Basic | Malicious VBA macros |
| T1218.011 | Defense Evasion | Signed binary abuse | Rundll32.exe is used |
| T1027 | Defense Evasion | Obfuscation techniques | VBA and powershell base64 executions |
| T1086 | Execution | Powershell execution | PowerShell command abuse |
Macros are disabled by default in Microsoft Office applications, we suggest keeping it that way unless the document is received from a trusted source. The infection chain discussed in the blog is not limited to Word or Excel. Further threats may use other live-off-the-land tools to download its payloads.
McAfee customers are protected against the malicious files and sites detailed in this blog with McAfee LiveSafe/Total Protection and McAfee Web Advisor.
The post Phishing Campaigns featuring Ursnif Trojan on the Rise appeared first on McAfee Blog.
While biometric tools like facial ID and fingerprints have become more common when it comes to securing our data and devices, strong passwords still play an essential part in safeguarding our digital lives.
This can be frustrating at times, since many of us have more accounts and passwords than we can possibly remember. This can lead us to dangerous password practices, such as choosing short and familiar passwords, and repeating them across numerous accounts. But password safety doesn’t have to be so hard. Here are some essential tips for creating bulletproof passwords.
Every year surveys find that the most popular passwords are as simple as “1234567” and just “password.” This is great news for the cybercrooks, but really bad news for the safety of our personal and financial information.
When it comes to creating strong passwords, length and complexity matter because it makes them harder to guess, and harder to crack if the cybercriminal is using an algorithm to quickly process combinations. The alarming truth is that passwords that are just 7 characters long take less than a third of a second to crack using these “brute force attack” algorithms.
Tricks:
Passwords that include bits of personal information, such as your name, address, or pet’s name, make them easier to guess. This is especially true when we share a lot of personal information online. But you can use personal preferences that aren’t well known to create strong passphrases.
Tricks:
If you reuse passwords and someone guesses a password for one account, they can potentially use it to get into others. This practice has gotten even riskier over the last several years, due to the high number of corporate data breaches. With just one hack, cybercriminals can get their hands on thousands of passwords, which they can then use to try to access multiple accounts.
Tricks:
If just the thought of creating and managing complex passwords has you overwhelmed, outsource the work to a password manager! These are software programs that can create random and complex passwords for each of your accounts, and store them securely. This means you don’t have to remember your passwords – you can simply rely on the password manager to enter them when needed.
Tricks:
Now that you’ve made sure that your passwords are bulletproof, make sure you have comprehensive security software that can protect you from a wide variety of threats.
Tricks:
The post 5 Tips For Creating Bulletproof Passwords appeared first on McAfee Blog.
Imagine – your favorite brand on Instagram just announced a giveaway. You’ll receive a free gift! All you have to do is provide your credit card information. Sounds easy, right? This is a brand you’ve followed and trusted for a while now. You’ve engaged with them and even purchased some of their items. The link comes directly from their official page, so you don’t think to question it. Don’t fall prey to crypto scams, download reputable mobile security protection.
This is the same mindset that led to several Bored Ape Yacht Club (BAYC) NFTs being stolen by a cybercriminal who had hacked into the company’s official Instagram account. Let’s dive into the details of this scam.
Bored Ape Yacht Club, the NFT collection, disclosed through Twitter that their Instagram account had been hacked, and advised users not to click on any links or link their crypto wallets to anything. The hacker managed to log into the account and post a phishing link promoting an “airdrop,” or a free token giveaway, to users who connected their MetaMask wallets. Those who linked their wallets before BAYC’s warning lost a combined amount of over $1 million in NFTs.
Despite the large price tag attached to NFTs, they are often held in smartphone wallets rather than more secure alternatives. MetaMask, the crypto wallet application, only allows NFT display through mobile devices and encourages users to use the smartphone app to manage them. While it may be a good method for display purposes, this limitation provides hackers with a new and effective way to easily steal from users’ mobile wallets.
BAYC does not yet know how the hacker was able to gain access to their Instagram account, but they are following security best practices and actively working to contact the users affected.
This scam was conducted through the official BAYC account, making it appear legitimate to BAYC’s followers. It is incredibly important to stay vigilant and know how to protect yourself and your assets from scams like these. Follow the tips below to steer clear of phishing scams and keep your digital assets safe:
A seed phrase is the “open sesame” to your cryptocurrency wallet. The string of words is what grants you access to all your wallet’s assets. Ensuring that your seed phrase is stored away safely and not easily accessible by anyone but yourself is the first step to making sure your wallet is secure.
With all transactional and wallet data publicly available, scammers can pick and choose their targets based on who appears to own valuable assets. To protect your privacy and avoid being targeted, refrain from sharing your personal information on social media sites or using your NFT as a social media avatar.
Phishing scams targeting NFT collectors are becoming increasingly common. Be wary of any airdrops offering free tokens in exchange for your information or other “collectors” doing the same.
Phishing scams tend to get more sophisticated over time, especially in cases like the Bored Ape Yacht Club where the malicious links are coming straight from the official account. It is always best to remain skeptical and cautious, but when in doubt, here are some extra tips to spot phishing scams:
As crypto and NFTs continue to take the world by storm, hackers and scammers are constantly on the prowl for ways to steal and deceive. No matter the source or how trustworthy it may seem at first glance, always exercise caution to keep yourself and your assets safe!
The post Instagram Hack Results in $1 Million Loss in NFTs appeared first on McAfee Blog.
Imagine – your favorite brand on Instagram just announced a giveaway. You’ll receive a free gift! All you have to do is provide your credit card information. Sounds easy, right? This is a brand you’ve followed and trusted for a while now. You’ve engaged with them and even purchased some of their items. The link comes directly from their official page, so you don’t think to question it.
This is the same mindset that led to several Bored Ape Yacht Club (BAYC) NFTs being stolen by a cybercriminal who had hacked into the company’s official Instagram account. Let’s dive into the details of this scam.
Bored Ape Yacht Club, the NFT collection, disclosed through Twitter that their Instagram account had been hacked, and advised users not to click on any links or link their crypto wallets to anything. The hacker managed to log into the account and post a phishing link promoting an “airdrop,” or a free token giveaway, to users who connected their MetaMask wallets. Those who linked their wallets before BAYC’s warning lost a combined amount of over $1 million in NFTs.
Despite the large price tag attached to NFTs, they are often held in smartphone wallets rather than more secure alternatives. MetaMask, the crypto wallet application, only allows NFT display through mobile devices and encourages users to use the smartphone app to manage them. While it may be a good method for display purposes, this limitation provides hackers with a new and effective way to easily steal from users’ mobile wallets.
BAYC does not yet know how the hacker was able to gain access to their Instagram account, but they are following security best practices and actively working to contact the users affected.
This scam was conducted through the official BAYC account, making it appear legitimate to BAYC’s followers. It is incredibly important to stay vigilant and know how to protect yourself and your assets from scams like these. Follow the tips below to steer clear of phishing scams and keep your digital assets safe:
A seed phrase is the “open sesame” to your cryptocurrency wallet. The string of words is what grants you access to all your wallet’s assets. Ensuring that your seed phrase is stored away safely and not easily accessible by anyone but yourself is the first step to making sure your wallet is secure.
With all transactional and wallet data publicly available, scammers can pick and choose their targets based on who appears to own valuable assets. To protect your privacy and avoid being targeted, refrain from sharing your personal information on social media sites or using your NFT as a social media avatar.
Phishing scams targeting NFT collectors are becoming increasingly common. Be wary of any airdrops offering free tokens in exchange for your information or other “collectors” doing the same.
Phishing scams tend to get more sophisticated over time, especially in cases like the Bored Ape Yacht Club where the malicious links are coming straight from the official account. It is always best to remain skeptical and cautious, but when in doubt, here are some extra tips to spot phishing scams:
As crypto and NFTs continue to take the world by storm, hackers and scammers are constantly on the prowl for ways to steal and deceive. No matter the source or how trustworthy it may seem at first glance, always exercise caution to keep yourself and your assets safe!
The post Instagram Hack Results in $1 Million Loss in NFTs appeared first on McAfee Blog.
We’re excited to bring you the latest edition of the McAfee 2022 Consumer Mobile Threat Report. After all, when you know the challenges you face, it’s easier to be confident online. In this blog, we’ll take a closer look at some leading examples of techniques that cybercriminals are using to trick or defraud you via your mobile phone. These examples are some of the more sophisticated attacks, using real logos, quality graphics, and personalized messages. We hope this provides a useful resource for protecting your digital life, mobile devices, and personal information so that you can enjoy a safe life online with your family.
Cybercriminals are upping their game, using personal information and high-quality graphics to make their malware look like legitimate apps or official messages. Because these attacks are successful at defrauding significant numbers of mobile users out of their money and information, more criminals will jump on this approach or expand their malicious campaigns. Let’s take a look at some of the different techniques being used by scammers to fool mobile users.
Mobile smishing (aka phishing text messages) are attacks using personalized greetings in text messages that pretend to be from legitimate organizations to appear more credible. These messages often link to websites with authentic logos, icons, and other graphics, prompting the user to enter personal information or download an app. Users should be extra careful about text messages from unknown sources and should go directly to the organization’s website to validate requests.
Cheating tools and hacking apps are popular ways to get extra capabilities in mobile games. Criminals are exploiting this by promoting game hacking apps that include malicious code on legitimate messaging channels. If installed, the malware steals account credentials for social media and gaming accounts. Gamers should use caution when installing game hacks, especially if they request superuser permissions.
Cryptocurrencies are providing new opportunities for mobile device attacks. The latest ploy is phony apps that promise to mine coins in the cloud for a monthly fee. Fake reviews and a low cost make them sound too good to be true—and they are. These apps just take the money without doing any coin mining. With no actual malicious code, these apps are hard to detect, so users should be suspicious of being promised hundreds or thousands of dollars of crypto coins for just a few dollars a month.
Another attack uses a variety of fake apps with slick graphics to trick users into premium subscriptions. Hundreds of these apps promise features such as mobile games or photo editing and are supported by plenty of fake five-star reviews. When installed, the apps ask for the user’s phone number and verification PIN and use them to sign up for premium text services that direct payments to the criminals. Users should read reviews looking for vague statements, repetitive wording, and a mix of five-star and one-star ratings. For a deeper dive into the scams, be sure to view full report.
While threat tactics continue to change as criminals adapt and respond to detection and enforcement techniques, there are a few steps users should take to limit their exposure and risk.
While some malicious apps do make it through the app store screening process, most of the attack downloads appear to be coming from social media, fake ads, and other unofficial app sources. Before downloading something to your phone, do some quick research about the source and developer. Many of these scams have been flagged by other people.
Many malicious apps get the access they need by asking the user to grant them permission to use unrelated privileges and settings. When installing a new app, take a few moments to read these requests and deny any that seem unnecessary, especially for superuser access and accessibility services.
Developers are actively working to identify and address security issues. Both operating systems and apps should be frequently updated so that they have the latest fixes and security protections.
Cybercriminals often flood their Google Play apps with fake five-star reviews. Many fake or malicious apps only have a mix of five-star and one-star reviews. The five-star ones typically have vague statements and repetitive wording, giving clues that they are submitted by bots. Compare them to the one-star reviews for insight on the app’s real capabilities.
Devices that are behaving unusually may just have a basic tech issue but it can also be a sign of being hacked. Follow up when something is not quite right, check recent changes or contact tech support from the mobile device vendor or security software provider.
Comprehensive security software across all devices, whether they are computers, tablets, or smartphones, continues to be a strong defensive measure to protect your data and privacy from cyber threats.
We hope this report helps you stay on the lookout for these and other mobile threats so you can safely and confidently enjoy your life online.
The post McAfee 2022 Consumer Mobile Threat Report appeared first on McAfee Blog.
Quick mental math challenge: How many Apple Watches can you buy with $118 billion dollars? If you guessed around 296 million watches congrats, you’re smarter than the writer of this blog! We had to use a calculator. The point is that’s the predicted size of the US wearable market by 2028 according to a recent report. That means for as much wearable tech as we have in our lives already, even more, is on the way.
If you own a piece of wearable tech it’s easy to understand why it’s so popular. After all, it can track our fitness, provide contextual help in daily life, and, in the case of hearing aids, even do cool things like sync with Bluetooth. As VR and AR gains a foothold who knows what other incredible tech might be headed our way by 2028? However wearable tech also comes with certain risks. The most prominent: cybercriminals potentially gaining access to your data.
The weakest link in the wearables space is your mobile phone, not the actual wearable device itself. That’s because wearables tend to link to your mobile device over a short-range wireless spectrum known as “Bluetooth.” This spectrum is used to send and receive data between your wearable device and your mobile. That makes your mobile a prime target for hackers.
Most commonly, hackers gain access to the data on your mobile through malware-laden apps. These apps are oftentimes designed to look like popular apps, but with enough differences that they don’t flag copyright suspicion.
Hackers can use these malicious apps to do a variety of things from making phone calls without your permission, sending and receiving texts, and extracting personal information—all potentially without your knowledge. They can also, with the help of your wearable, track your location through GPS and record any health issues you’ve entered into your wearable. The point is: once they have permissions to your mobile device, they have a lot of control and a lot of resources.
The hacker can then use this data to conduct varying forms of fraud. Need a special prescription from your doctor that happens to sell well on the black market? Well, so does the hacker. Going out for a jog in the morning? Good information for a burglar to know. These personal details just scratch the surface of information available for the taking on your mobile devices.
These types of threats aren’t limited to wearables, however. The Internet of Things—the phenomenon of devices connected to the Internet for analysis and optimization—encompasses all sorts of other electronic devices such as washing machines and refrigerators that can put your data at risk as well. But these life-changing devices can be secured through education and industry standards. Two things we’re working on day and night.
Of course, securing the weakest link in your wearables environment, your phone will go a long way towards keeping your data safe. But what happens when your computer, where you store backups of your smartphone, is compromised too? We’ve got you covered with McAfee LiveSafe service, our comprehensive security solution that provides protection for your entire online life.
The post The Wearable Future Is Hackable. Here’s What You Need To Know appeared first on McAfee Blog.
We’re excited to bring you the latest edition of the McAfee 2022 Consumer Mobile Threat Report. After all, when you know the challenges you face, it’s easier to be confident online. In this blog, we’ll take a closer look at some leading examples of techniques that cybercriminals are using to trick or defraud you via your mobile phone. These examples are some of the more sophisticated attacks, using real logos, quality graphics, and personalized messages. We hope this provides a useful resource for protecting your digital life, mobile devices, and personal information so that you can enjoy a safe life online with your family.
Cybercriminals are upping their game, using personal information and high-quality graphics to make their malware look like legitimate apps or official messages. Because these attacks are successful at defrauding significant numbers of mobile users out of their money and information, more criminals will jump on this approach or expand their malicious campaigns. Let’s take a look at some of the different techniques being used by scammers to fool mobile users.
Mobile smishing (aka phishing text messages) are attacks using personalized greetings in text messages that pretend to be from legitimate organizations to appear more credible. These messages often link to websites with authentic logos, icons, and other graphics, prompting the user to enter personal information or download an app. Users should be extra careful about text messages from unknown sources and should go directly to the organization’s website to validate requests.
Cheating tools and hacking apps are popular ways to get extra capabilities in mobile games. Criminals are exploiting this by promoting game hacking apps that include malicious code on legitimate messaging channels. If installed, the malware steals account credentials for social media and gaming accounts. Gamers should use caution when installing game hacks, especially if they request superuser permissions.
Cryptocurrencies are providing new opportunities for mobile device attacks. The latest ploy is phony apps that promise to mine coins in the cloud for a monthly fee. Fake reviews and a low cost make them sound too good to be true—and they are. These apps just take the money without doing any coin mining. With no actual malicious code, these apps are hard to detect, so users should be suspicious of being promised hundreds or thousands of dollars of crypto coins for just a few dollars a month.
Another attack uses a variety of fake apps with slick graphics to trick users into premium subscriptions. Hundreds of these apps promise features such as mobile games or photo editing and are supported by plenty of fake five-star reviews. When installed, the apps ask for the user’s phone number and verification PIN and use them to sign up for premium text services that direct payments to the criminals. Users should read reviews looking for vague statements, repetitive wording, and a mix of five-star and one-star ratings. For a deeper dive into the scams, be sure to view full report.
While threat tactics continue to change as criminals adapt and respond to detection and enforcement techniques, there are a few steps users should take to limit their exposure and risk.
While some malicious apps do make it through the app store screening process, most of the attack downloads appear to be coming from social media, fake ads, and other unofficial app sources. Before downloading something to your phone, do some quick research about the source and developer. Many of these scams have been flagged by other people.
Many malicious apps get the access they need by asking the user to grant them permission to use unrelated privileges and settings. When installing a new app, take a few moments to read these requests and deny any that seem unnecessary, especially for superuser access and accessibility services.
Developers are actively working to identify and address security issues. Both operating systems and apps should be frequently updated so that they have the latest fixes and security protections.
Cybercriminals often flood their Google Play apps with fake five-star reviews. Many fake or malicious apps only have a mix of five-star and one-star reviews. The five-star ones typically have vague statements and repetitive wording, giving clues that they are submitted by bots. Compare them to the one-star reviews for insight on the app’s real capabilities.
Devices that are behaving unusually may just have a basic tech issue but it can also be a sign of being hacked. Follow up when something is not quite right, check recent changes or contact tech support from the mobile device vendor or security software provider.
Comprehensive security software across all devices, whether they are computers, tablets, or smartphones, continues to be a strong defensive measure to protect your data and privacy from cyber threats.
We hope this report helps you stay on the lookout for these and other mobile threats so you can safely and confidently enjoy your life online.
The post McAfee 2022 Consumer Mobile Threat Report appeared first on McAfee Blog.
While our tweens and tweens seem to grow into adults right before our eyes, their mobile usage matures into adulthood as well—and in many ways, we don’t see.
Girls and boys hit their mobile stride right about the same point in life, at age 15 where their mobile usage jumps significantly and reaches a level that they carry into adulthood, which is one of the several findings we uncovered in our global survey of parents, tweens, and teens this year.
So, what are tweens and teens up to on their mobile devices as they mature? And where do their parents fit in? We asked parents and kids alike. What we found gives us a look into the mobile lives of tweens and teens behind their lock screens.
For starters, parents and their kids alike say that their mobile device is the most important one in their life. Parents placed mobile in their top two with their mobile device or smartphone at 59% followed their computer or laptop at 42%. Tweens and teens put their mobile device or smartphone at the top of the list as well, yet at a decisive 74% worldwide, followed by their gaming console at 68%.
“Parents and their kids alike say that their mobile device is the most important thing in their life.”
Further, tweens and teens place a higher value on their smartphones to keep them connected with friends and family. Some 59% of parents said mobile was essential in this role, whereas tweens and teens put that figure at 64%. For parents, the runner-up device for keeping connected was the computer or laptop at 42%.
Yet quite interestingly, tweens and teens said their second-most important device for keeping connected with others is their gaming console, at 40%, perhaps indicating gaming’s role in creating and fostering friendships today. Of course, plenty of that gaming is happening on mobile as well, with half of all tweens and teens surveyed worldwide saying that they play games on their smartphones.
Broadly speaking, the activities kids do on their phones match up closely with what their parents think they’re doing on their phones. Yet there’s a fair share of secretive activity that happens within that.
Regarding general activity, parents and their tween- and teen-aged children worldwide see eye to eye when it comes to what parents think are their kids’ favorite activities on mobile are and what kids say they actually are:
However, and perhaps unsurprisingly, tweens and teens say they’ve kept some the things they’re watching, browsing, and streaming from their parents. When asked if they sometimes hide specific online activity from their parents, 59% of tweens and teens worldwide said they have done so in some form or other, including:
Worldwide, monitoring apps rank relatively low when it comes to parents keeping tabs on their children’s mobile usage. Use of parental controls software on smartphones came in at a 27% global average, with India (37%) and France (33%) leading the way, while Japan fell on the low end (12%).
Largely, parents appear to take up this work themselves, citing several other ways they take charge of their children’s time online:
Consistent with other research we recently gathered, families are relying on mobile more and more, yet this hasn’t seen an increase in mobile protection for the smartphones they count on.
Our research published in early 2011 found double-digit increases in mobile activities such as online banking, shopping, finances, and doctor visits, all of which can generate high-value data that are attractive to hackers and cybercriminals. Despite this newfound reliance on mobile, many smartphones worldwide remain unprotected. Children’s phones are less protected than their parents’ phones as well.
Taken together, these security lapses can lead to downloaded malware, data and identity theft, illicit crypto mining apps on the device, and other attacks that can put children and families at risk. For a deeper dive, you can view the full report.
Misconceptions about online protection may play a role in these lax measures. This survey found that 49% of parents think a new phone is more secure than a new computer, and 59% of tweens and teens thought the new phone was more secure—both denying the reality that smartphones, and the people using them, are subject to hacks and attacks just like with any other device that connects to the internet.
Amid this climate, more than 1/3 of families reported that a child in their household had been the victim of a financial information leak and 15% stated that there’d been an attempt to steal a child’s online account or identity. With smartphones providing children with a major onramp to the internet, it follows that stronger mobile security could help prevent such attacks from happening.
Protecting mobile devices and the family members who count on them takes on further importance when we consider that children in some nations rely heavily on their smartphones for online learning.
Although using mobile for online learning was relatively low globally at 23%, parents and children in three nations reported a high rate of attending classes and courses on mobile—with India at 54%, Mexico at 42%, and Brazil at 39%, once again posing the possibility that mobile offers many children the most reliable broadband connection required for such instruction. In other words, there are households where broadband comes by way of mobile, rather than a cable or fiber connection.
Meanwhile, other nations saw significantly lower figures for online learning on mobile, such as Germany at 7%, France at 8%, and Japan at 11%. The U.S., Canada, and the UK all reported rates of 17%.
“With smartphones providing children as a major onramp to the internet, it follows that stronger mobile security could prevent such attacks from happening”
Something we’ve yet to mention here is how much online shopping and banking kids are doing on their mobile devices. No question, tweens and teens are doing those things too at a global rate of 25% and 12% across all age groups respectively. Not surprisingly, those numbers climb as teens approach adulthood. This serves as a reminder that our children are maturing hand-in-hand with their smartphones, which asks a few things of us as parents as they grow and adjust to their mobile world.
As with all things parenting, there are moments of where you have a sense of what’s right for you and your child, yet you’re uncertain how to act on it. That’s definitely the case with smartphones and the internet in general. Despite having grown up alongside the internet over the course of our adult lives, we can still have plenty of questions. New ones. Old ones. Ones we weren’t even aware of until they cropped up.
With that, we’re glad you’re dropping by our blog. And you’re more than invited to visit whenever you can. A big focus of ours is providing you, as a parent, with resources that answer your questions, in addition to articles about online protection in general that simply make for good reading. Our aim is to help you think about what’s best for your family and give you some ideas about how you can see that through, particularly as our children grow in this mobile world of ours.
The post A Look Beyond Their Lock Screens: The Mobile Activity of Tweens and Teens appeared first on McAfee Blog.
The convenience of tapping your phone at the cash register instead of fumbling for loose change in your physical wallet is undeniable. Nearly 40% of Canadians used their mobile wallets more often in 2020 because of the perceived safety of contactless payment, according to one report.1 While digital wallets and tap to pay is becoming more widespread, you may wonder: what exactly is a digital wallet? Are they safe?
A digital wallet, also known as a mobile wallet, is a smartphone app that stores your payment information and enables tap to pay at most point-of-sale terminals. A digital wallet is perfectly safe, as long as you guard your smartphone just as closely as you would your physical wallet.
Here’s why you should secure your digital wallet and three tips to help you do so.
Think about what you store in your physical wallet: credit cards, debit cards, driver’s license, library cards, gift cards, cash. Now, imagine (or if you’ve been unlucky enough to lose your wallet in the past, think back to) the hassle that would ensue if someone stole your wallet or you misplaced it. Not only do you have to cancel your cards, notify your various banks, and wait for replacements, but the niggling worry that a stranger has access to your personally identifiable information (PII) will likely keep you up at night.
Just like you store your wallet in your front pocket when about town and check your seat before leaving a taxi or a plane, look after your smartphone just as closely. Unlike a physical wallet, whose absence is noticed quickly, a digital wallet may be compromised by a cyber pickpocket without you knowing for a while. For example, the BBC reported that researchers found a potential shortcoming in Apple Pay’s Express Transit mode where cyber pickpockets could remotely access mobile wallets.2 Luckily, the researchers’ experiment is unlikely to occur in the real world, but it’s a reminder to everyone to check their monthly bank statements for suspicious transactions. Cybercriminals get smarter and bolder by the day, so it’s not unlikely that they’ll find and exploit a digital wallet shortcoming in the future.
Follow these tips to help you use your digital wallet more confidently.
Always protect your digital wallet with a passcode! This is the best and easiest way to deter cybercriminals. It’s best if this combination of numbers is different than the passcode to your phone. Also, make sure the numbers are random. Birthdays, anniversaries, house addresses, and the last digits of your phone number are all popular combinations and are crackable codes to a resourceful criminal.
Better yet, if your mobile wallet app allows you to protect your account with facial recognition or a fingerprint scan, set it up! If your digital wallet proves difficult or impossible to enter, a cybercriminal may leave it for an easier target, keeping your PII safe.
Another way to secure your digital wallet is to make sure you always download the latest software updates. Developers are constantly finding and patching security holes, so the most up-to-date software is often the most secure. Turn on automatic updates to ensure you never miss a new release.
Before you swap your plastic cards for digital payment methods, make sure you research the digital banking app before downloading. Make sure that any app you download is through the official Apple or Android store or the financial institution’s official website. Then, check out how many downloads and reviews the app has to make sure you’re downloading an official app and not an imposter. While most of the apps on official stores are legitimate, it’s always best practice to check for typos, blurry logos, and unprofessional app descriptions to make sure.
The digital era is an exciting time to make the most of the conveniences technology affords; however, constant vigilance is key to keeping your finances and PII private. Whether you’re looking for additional peace of mind or have lost your wallet, consider signing up for an identity monitoring service like McAfee identity protection. McAfee will monitor your email addresses and bank accounts and alert you to suspicious activities up to 10 months sooner than similar services. Are you curious about how secure your current online habits are? Check your Security Protection Score today and see what steps you can take to live more confidently online.
1Canadian Payment Methods and Trends Report 2021
The post How to Secure Your Digital Wallet appeared first on McAfee Blog.
Something’s not right. Maybe your phone is losing its charge way too quickly. Or one day it suddenly starts turning itself off and on again. Perhaps it’s running hot, so hot it’s hard to hold. Likewise, you might see outgoing calls that you never dialed or strange spikes in your data usage. Signs like these could mean that your smartphone’s been hacked. Learn how to protect your smartphone with McAfee Mobile Security
Several signs of a potential smartphone hack can look like a technical issue, at least on the surface. Yet the fact is that these issues may be a symptom of a deeper problem, such as malware installed on your smartphone. Malware can eat up system resources or conflict with other apps and your operating system, all of which can cause your phone to act sluggish or erratically.
Yet, in a way, that’s good news. Because malware can run inefficiently on your phone and create hiccups both large and small, it can tip you off to its presence. And with all the important information we carry in the palms of our hands nowadays, that’s good news twice over. Knowing the signs, subtle or otherwise can alert you to an otherwise largely invisible problem.
Whether hackers physically sneak it onto your phone or by tricking you into installing it via a phony app, a sketchy website, or a phishing attack, hacking software can create problems for you in a couple of ways:
Some possible signs of hacking software on your phone include:
Maybe you’ve seen some of the signs we mentioned earlier. Is your device operating slower, are web pages and apps harder to load, or does your battery never seem to keep a charge? These are all signs that you could have malware running in the background, zapping your phone’s resources.
Like the performance issues above, malware or mining apps running in the background can burn extra computing power (and data). Aside from sapping performance, malware and mining apps can cause your phone to run hot or even overheat.
If you find apps you haven’t downloaded, or calls, texts, and emails that you didn’t send, that’s a red flag. A hacker may have hijacked your phone to send premium-rate calls or messages or to spread malware to your contacts. Similarly, if you see spikes in your data usage, that could be a sign of a hack as well.
Malware can also be behind spammy pop-ups, changes to your home screen, or bookmarks to suspicious websites. In fact, if you see any configuration changes you didn’t personally make, this is another big clue that your smartphone has been hacked.
While there are several ways a hacker can get into your phone and steal personal and critical information, here are a few tips to keep that from happening:
The post How To Tell If Your Smartphone Has Been Hacked appeared first on McAfee Blog.
How do you connect online these days? I’ll give you an example from my own life: From my 15-year old son to my 80-year-old mother, not one of us leaves the house without our phone. And today, there isn’t a single thing you can’t do on your phone. It’s the minicomputer that goes where you go.
This trend in the way we connect is reflected in recent data too. In fact, we’ve found that the average consumer spends 6 hours and 55 min online per day, split between mobile (52%) and desktop (48%). Whether you’re a Boomer, Gen X, a Millennial, or Gen Z, the way you connect online is diverse and specific to you.
As for what we’re doing online? It’s just about everything. After all, we spend an average of 7 hours per day on connected devices and the pandemic has forced us to do even more online. The downside to this rapid change in the way we live is that we are opening ourselves up to more risk which leaves consumers feeling highly concerned about their ability to keep their personal info secure or private. We need new protection for this new normal.
What all these changes mean is that you’re able to have the same online experience regardless of where you are, what you’re doing, or what device you’re using. Your favorite streaming service is a great example – you can just as easily find a movie on a tablet as you can on your laptop. In fact, you can pause the movie you’re watching on that tablet and pick up where you left off on your laptop. Your experience with online security should offer the same convenience and familiarity. More importantly, online protection should give you a feeling of confidence however or wherever you choose to connect.
This means knowing your personal info is secure even when accessing an unsecured network, your browsing habits remain private, and you can take necessary actions should your information be compromised. To put it another way, YOU are what we’re focused on protecting and we do that by making sure everything you connect with is also secure.
A phone is the remote control for your life. From the palm of your hand, you’re able to shop, browse, stream, and create – everything you do online you can now do from your phone. So, it’s crucial that your phone be a major focus of our online protection. The new mobile app makes it easier to get robust protection for your identity, privacy, and phone. Let’s look at a few of the capabilities offered by the new mobile app.
Think about all the online accounts you’ve created in the past year. How many of them do you use regularly? Sometimes I think I have more food delivery apps on my phone than I do restaurants to use them on. Regardless of how often you use an account (or if you no longer use it at all!), any personal information (like emails, addresses, credit cards) added to it is available online and vulnerable to breaches. McAfee Security comes with identity protection, a feature that monitors your personal information and then notifies you when there’s a risk of your data being compromised. What this means is that if we detect that your data was stolen, you’ll be alerted an average of 10 months earlier than similar services, so you can act before your data is used illegally or shows up on the dark web.
Let’s say you’re about to use the free internet at your favorite café for a speedier connection. Time to flip on your virtual private network (VPN). Forget about digging through a sea of menus to find your VPN. The new mobile app offers a seamless VPN experience so you can keep your activity hidden on less-than-secure Wi-Fi. Or, better yet, you can set up a Secure VPN to automatically turn on for unsecured Wi-Fi networks. Whatever you choose, Secure VPN keeps your personal data and location private anywhere you go with unlimited data and bank-grade Wi-Fi encryption.
At the end of the day, phones are devices and they’re vulnerable to viruses, malware, and, increasingly, malicious apps. The new McAfee Mobile app offers an antivirus scan for Android phones and system scans to see if your passcode is strong enough and that your OS is up to date on iOS devices.
Most importantly, the app is part of McAfee’s total online protection, so the experience on your phone is the same as on your PC. It’s protection that goes where you go – at home on your PC, or on the go with your mobile.
If you’re an existing McAfee subscriber using McAfee Total Protection or McAfee LiveSafe, you can get the app right now. And, if you’ve already got the app installed, just make sure it’s up-to-date and you’ll be all set with the new look and features.
Interested in trying the app out? You can buy or get a free trial of McAfee Total Protection here and get started today.
The post Reimagining mobile security for the way we live our lives today, tomorrow, and beyond. appeared first on McAfee Blog.
You consider yourself a responsible person when it comes to taking care of your physical possessions. You’ve never left your wallet in a taxi or lost an expensive ring down the drain. You never let your smartphone out of your sight, yet one day you notice it’s acting oddly.
Did you know that your device can fall into cybercriminals’ hands without ever leaving yours? SIM swapping is a method that allows criminals to take control of your smartphone and break into your online accounts.
Don’t worry: there are a few easy steps you can take to safeguard your smartphone from prying eyes and get back to using your devices confidently.
First off, what exactly is a SIM card? SIM stands for subscriber identity module, and it is a memory chip that makes your phone truly yours. It stores your phone plan and phone number, as well as all your photos, texts, contacts, and apps. In most cases, you can pop your SIM card out of an old phone and into a new one to transfer your photos, apps, etc.
Unlike what the name suggests, SIM swapping doesn’t require a cybercriminal to get access to your physical phone and steal your SIM card. SIM swapping can happen remotely. A cybercriminal, with a few important details about your life in hand, can answer security questions correctly, impersonate you, and convince your mobile carrier to reassign your phone number to a new SIM card. At that point, the criminal can get access to your phone’s data and start changing your account passwords to lock you out of your online banking profile, email, and more.
SIM swapping was especially relevant right after the T-Mobile data breach.1 Cybercriminals stole millions of phone numbers and the users’ associated personal details. Criminals could later use these details to SIM swap, allowing them to receive users’ text or email two-factor authentication codes and gain access to their personal accounts.
The most glaring sign that your phone number was reassigned to a new SIM card is that your current phone no longer connects to the cell network. That means you won’t be able to make calls, send texts, or surf the internet when you’re not connected to Wi-Fi. Since most people use their smartphones every day, you’ll likely find out quickly that your phone isn’t functioning as it should.
Additionally, when a SIM card is no longer active, the carrier will often send a notification text. If you receive one of these texts but didn’t deactivate your SIM card, use someone else’s phone or landline to contact your wireless provider.
Check out these tips to keep your device and personal information safe from SIM swapping.
With just a few simple steps, you can feel better about the security of your smartphone, cellphone number, and online accounts. If you’d like extra peace of mind, consider signing up for an identity theft protection service like McAfee Identity Protection Service. McAfee, on average, detects suspicious activity ten months earlier than similar monitoring services. Time is of the essence in cases of SIM swapping and other identity theft schemes. An identity protection partner can restore your confidence in your online activities.
1“T-Mobile data breach and SIM-swap scam: How to protect your identity”
The post What Is SIM Swapping? 3 Ways to Protect Your Smartphone appeared first on McAfee Blog.
The malware landscape is growing more complex by the minute, which means that no device under your family’s roof—be it Android, iPhone, PC, or Mac—is immune to an outside attack. This reality makes it possible that one or more of your devices may have already been infected. But would you know it?
According to 2021 statistics from the Identity Theft Resource Center (ITRC), the number of data breaches reported has soared by 17 percent over last year. In addition, as reported by McAfee, cybercriminals have been quick to take advantage of the increase in pandemic connectivity throughout 2020. McAfee Labs saw an average of 375 new threats per minute and a surge of hackers exploiting the pandemic through COVID-19 themed phishing campaigns, malicious apps, malware, and more. With Black Friday and Cyber Monday now at hand, we can count on even more new threats.
Often, if your device has been compromised, you know it. Things get wonky. However, with the types of malware and viruses now circulating, there’s a chance you may not even realize it. The malware or virus may be working in the background sending usage details or sensitive information to a third party without disrupting other functions. So, be on the lookout for these tell-tale signs.
If you discover a family device has been compromised, there are several things you can do. 1) Install security software that will help you identify the malware so you can clean your device and protect yourself in the future. 2) Delete any apps you didn’t download, delete risky texts, delete browsing history and empty your cache. 3) In some situations, malware warrants that you wipe and restore your device (Apple or Android) to its original settings. Before doing so, however, do your research and be sure you’ve backed up any photos and critical documents to the cloud. 4) Once you’ve cleaned up your devices, be sure to change your passwords.
The surge in malware attacks brings with it a clear family mandate that if we want to continue to live and enjoy the fantastic benefits of a connected life, we must also work together at home to make online safety and privacy a daily priority.
The post 5 Signs Your Device May be Infected with Malware or a Virus appeared first on McAfee Blog.
It’s safe to say that many Americans are obsessed with Squid Game. According to Business Insider, the Korean drama series has driven the newest engagers to a Netflix title of any Netflix series over the last three years. And while word-of-mouth buzz has played a big part in the show’s success, TV watchers aren’t the only ones taking note. Cybercriminals are also formulating ways to profit off the show’s popularity. According to the New York Post, a malicious app based on Squid Game was recently found on the Google Play Store, infecting users’ devices with malware.
The app in question, called “Squid Game Wallpaper 4K HD,” was one of the 200 Squid Game-related apps on the Google Play Store. This particular app masqueraded as a place to download cool Squid Game backgrounds for Android devices. However, once a user downloaded the app, it infected their smartphone with a strain of Joker malware. Joker malware is a type of billing fraud malware that usually disguises itself as a messenger, photo editor, camera, or in this case, wallpaper apps.
You may wonder how an app like this even ends up on a legitimate app purchasing store. In order to bypass Google Play’s app review process, Joker malware hides its malicious payload during the review process. This means that when the app is published in the Google Play Store, there’s no sign of malware. It’s only when a user installs the app that the malware downloads the malicious payload. Once the malware successfully installs itself, it secretly signs the user up for premium subscriptions, intercepts all their SMS messages, and can upload all their contacts to the malware operators.
The “Squid Game Wallpaper 4K HD” app received 5,000 downloads before it was removed from the Google Play Store. It’s likely that cybercriminals will continue to use the show’s popularity to exploit its fans and make a profit, whether that be through malicious apps disguised as a place where viewers can watch the show or fraudulent websites selling Squid Game merchandise. But fear not! There are steps you can take to help ensure that you steer clear of malware:
Unlike Google Play and Apple’s App Store, which have measures in place to review and vet apps to help ensure that they are safe, third-party sites may not have that process in place. In fact, some third-party sites may intentionally host malicious apps as part of a broader scam. However, cybercriminals have found ways to work around Google and Apple’s review process (such as with “Squid Game Wallpaper 4K HD”), but the chances of downloading a safe app from these stores are far greater than anywhere else. Additionally, Google and Apple are quick to remove malicious apps once discovered.
Before you download a new app, do some quick research. Check out the developer. Have they published several other apps with many downloads and good reviews? A legit app typically has several reviews, whereas malicious apps may have only a handful of fake five-star reviews. Lastly, look for typos and grammatical errors in both the app description and screenshots. They could be a sign that a hacker slapped the app together and quickly deployed it.
Certain types of malware strains operate stealthily behind the scenes, commandeering login credentials or banking information right under a user’s nose. Check your accounts every so often and if you notice any suspicious activity, report it and change your passwords. You can also use ID monitoring tools, which will notify you of uncharacteristic changes or actions.
Just like you secure your computers and laptops, it’s important to secure the minicomputer in your pocket—your smartphone! For the strongest protection, use comprehensive security software that shields your device from malware and risky websites, links, and files. With a few key steps, you can boost your confidence in the safety of your devices and personal information and enjoy your favorite binge-worthy shows to the fullest!
The post Squid Game App or Mobile Malware in Disguise? appeared first on McAfee Blog.
In a world of contact-free pickup and payments, an old hacker’s trick is getting a new look—phony QR code scams.
QR codes have been around for some time. Dating back to industrial use in the 1990s, QR codes pack high volumes of visual information in a relatively compact space. In that way, a QR code shares many similarities with a barcode, yet a QR code can hold more than 300 times the data of a barcode.
With the rise of the smartphone, QR codes have taken on more consumer applications. Especially in the latter days of the pandemic in the form of contact-free conveniences. Now, by pointing your smartphone’s camera at a QR code, you can order food at a restaurant, pay for parking, download coupons from the shelf at your drugstore or several other convenient things.
Yet as it is in places where people, devices, and money meet, hackers are there with a scam ready to go. Enter the QR code scam. By pointing your smartphone’s camera at a bogus QR code and giving it a scan, hackers can lead people to malicious websites and commit other attacks on their phones.
The good news is that there are several ways you can spot these scams, along with several other ways you can avoid them altogether, all so you can get the best out of QR code convenience without the hassle.
In several ways, the QR code scam works much like any other phishing attack. With a few added wrinkles, of course.
Classically, phishing attacks use doctored links that pose as a legitimate website in the hopes you’ll follow them to a hacker’s malicious website. Once there, that site is designed to trick you into providing your personal information, credit card numbers, and so forth, perhaps in the context of a special offer or a phony account alert. Likewise, it could send you to a site that simply infects your device with malware.
It’s much the same with a QR code, yet here’s are a couple of big differences:
Aside from appearing in emails, direct messages, in social media ads, and such, there are plenty of other places phony QR codes can show up. Here are a few that have been making the rounds in particular:
Scanning a QR code may open a notification on your smartphone screen to follow a link. Like other phishing-type scams, hackers will do their best to make that link look legitimate. They may alter a familiar company name so that it looks like it could have come from that company. Also, they may use link shorteners that take otherwise long web addresses and compress them into a short string of characters—the trick there being that you really have no way of knowing where it will send you simply by looking at it.
In this way, there’s more to using QR codes than simply “point and shoot.” A mix of caution and eagle-eyed consideration is called for to spot the legitimate uses from the malicious ones.
Luckily some very basic rules about avoiding QR code attacks. The U.S. Better Business Bureau (BBB) has put together a great list that can help. Their advice is right on the mark, which we’ve paraphrased and added to here:
1. Don’t open links or scan QR codes from strangers. Unsolicited messages with these links or codes could lead you to a scam site or access the functionality of your smartphone in unwanted ways.
2. Some scams will appear to come from legitimate sources. Double-check and see if it indeed is. You can check the official website to confirm, such as by accessing your account or contacting a customer service rep to follow up on the communication sent to you.
3. Try alternative payment methods. If you receive a bill with a QR code for payment, see if there’s another way to pay it—such as on the company’s website or simply through online bill pay to their known, legitimate address. These are less susceptible to fraud. Likewise, check to see if the requested payment is legitimate in the first place.
4. Think twice about following shortened links. As mentioned above, shortened links can be a shortcut to a malicious website. This can particularly be the case with unsolicited communications. And it can still be the case with a friend or family member if their device or account has been hacked.
5. If someone you know sends you a QR code, also confirm before scanning it. Whether you receive a text message from a friend or a message on social media from your workmate, contact that person directly before you scan the QR code to make sure they haven’t been hacked.
6. Watch out for tampering. Hackers have been known to stick their own QR codes over legitimate ones. If you see any sign of altering or placement that looks slapdash, don’t give that code a scan.
7. Install mobile security. Comprehensive online protection software can protect your mobile devices as well as your computers and laptops. In this case, it can detect bad links associated with QR codes and steer you clear of accessing the malicious sites and downloads associated with them.
QR codes have made transactions smoother and accessing helpful content on our phones much quicker, especially in recent months as they’ve seen an uptick in use. And useful as they are like other means of paying or browsing online, keep an eye open when using them. With this advice as a guide, if something doesn’t feel right, keep your smartphone in your pocket and away from that QR code.
The post Be on the Lookout for a New Wave of QR Code Scams appeared first on McAfee Blog.
Take a roll call of all your devices that connect to the internet. These include the obvious ones – laptops, tablets, and your smartphone. But they also include the ones you may not immediately think about, such as routers, smart TVs and thermostats, virtual assistant technology, and connected fitness watches and equipment.
Each of these devices is known as an endpoint to you. To a cybercriminal, they’re an entry point into your online information. It’s important to secure every endpoint so that you can confidently go about your day-to-day without worrying about your security. Here’s the definitive device security checklist to get you on your way confidently and safely.
Laptops and desktops are prime entryways into your online life. Think of all the payment information, passwords, and maybe even tax documents you store on it. The best way to protect the contents of your laptops and desktops is to password-protect your computer with strong passwords or passphrases. Here are a few password and passphrase best practices:
Especially if you work at common spaces like coffee shops, the library, or even your kitchen table, get in the habit of putting your computer to sleep when you step away. Commit the sleep command shortcut to memory to make it less of a hassle. For example, on Mac computers, the keyboard command is command + option + eject, and for Windows, it’s alt + F4.
Speaking of common spaces, whenever you log in from a public Wi-Fi network, always log in with a virtual private network (VPN). A VPN scrambles your data, making it indecipherable to any malicious characters who may be lurking on public networks.
Multifactor authentication is another way to protect your valuable devices and accounts. This means that anyone trying to log in on your device needs to provide at least two forms of identification. Forms of ID could include a text message with a one-time code or a fingerprint or face scan in addition to a correct password.
These two devices are grouped because the security features on them are similar. Just like with computers, put your device to sleep every time you walk away from it. It’s much easier and may already be in your routine to hit the sleep button when you put down your cellphone or tablet.
Always put a passcode on your smartphones and tablets. Choose a collection of numbers that do not have an obvious connection to you, such as important birthdays or parts of your phone number. Even if they’re a random assortment, you’ll get the hang of them quickly. Or to make sure only you can enter your phone, set up a facial or fingerprint ID scan. People have several passwords and account combinations they have to remember. To take the guesswork and trial and error of logging in, consider trusting your passwords to a password manager that can remember them for you!
A great mobile phone and tablet habit you should adopt is backing up your files regularly to the cloud. In the event that you lose your device or if someone steals it, at least it’s valuable — and in some cases, priceless — content is safe. You may be able to remotely “brick” your device to keep a stranger from breaking into your accounts. Bricking a device means remotely wiping a connected device and rendering it unusable.
Your router is the gateway to all the connected devices in your home; thus, it’s key to beef up its security. The best way to do so is to make sure that you customize the router name and password to make it different from the factory settings. Always password-protect your home router! Employing password best practices you use for your online accounts and your devices will prevent strangers from hopping onto your network. Another way to keep your Wi-Fi network out of the hands of strangers is to toggle on the setting to not appear to non-users. While it’s fun seeing the quirky names your neighbors choose for their home networks, it’s best to keep yours completely private.
There have been some unsettling reports about cybercriminals commandeering smart home devices and virtual assistant technology. For example, a cybercriminal hacked a homeowner’s virtual assistant and blasted music through the home’s speakers, and turn the heat up to 90 degrees. The key to securing the connected devices that are responsible for your heating and cooling, shopping lists, and even your home security system is to ensure it is connected to a secure router and protected by a strong password.
Also, keep an eye on software updates, which include security upgrades. If you don’t think you have time to manually update software, set up your devices to automatically update. This will give you peace of mind knowing that you have the latest security patches and bug fixes as soon as they are available.
IoT fitness watches and machines are fun additions to your workout routines. In the case of Peloton bikes, they track your heartbeat and location and offer a huge library of classes. However, cybercriminals may be able to track your workouts if they break their way into your fitness devices. The best way to keep your workouts private is to turn off geolocation and make sure you are up to date with all software releases and protect your accounts with strong passwords.
If you’re looking for a tool to put your mind at ease, consider McAfee Total Protection. It includes antivirus and safe browsing software plus a secure VPN. You can be confident that your personal information is safe, thus allowing you to enjoy the full potential of all your devices.
The post How to Secure All Your Everyday Connected Devices appeared first on McAfee Blog.
Some scams can make a telltale sound—rinnng, rinnng! Yup, the dreaded robocall. Not only are they annoying, but they can also hit you in the pocketbook.
In the U.S., unwanted calls rank as the top consumer complaint reported to the Federal Communications Commission (FCC), partly because scammers have made good use of spoofing technologies that serve up phony caller ID numbers. As a result, that innocent-looking phone number may not be innocent at all.
Whether the voice on the other end of the smartphone is recorded or an actual person, the intent behind the call is likely the same—to scam you out of your personal information, money, or both. Callers such as these may impersonate banks, government agencies, insurance companies, along with any number of other organizations that give them an excuse to demand payment, financial information, or ID numbers.
And some of those callers can sound rather convincing. Others, well, they’ll just get downright aggressive or threatening. One of the most effective tools these scam calls use is a sense of urgency and fear, telling you that there’s a problem right now and they need your information immediately to resolve whatever bogus issue they’ve come up with. That right there is a sign you should take pause and determine what’s really happening before responding or taking any action.
Whatever form these unwanted calls take, there are things you can do to protect yourself and even keep you from getting them in the first place. These five tips will get you started:
Okay, maybe you can file this one under “obviously.” Yet be aware that scammers excel at spoofing. They can make a call look like it’s local or just familiar enough. If you get caught off guard and answer a spammy call, hang up immediately. If you’re unsure about the number, you’re better off letting your voicemail screen the call for you. Picking up the phone to determine if a call is legit or not could help a scammer verify that you have a valid line, which could lead to more nuisance calls down the road.
So, let’s say you let an unknown call go through to voicemail. The call sounds like it’s from a bank or business with news of an urgent matter. If you feel the need to follow up, get a legitimate customer service number from a statement, bill, or website of the bank or business in question so you can verify the situation for yourself. Calling back the number captured by your phone or left in voicemail could play right into the hands of a scammer.
As you can see, scammers love to play the role of an imposter and will tell you there’s something wrong with your taxes, your account, or your bank statement. Some of them can be quite convincing, so if you find yourself in a conversation where you don’t feel comfortable with what’s being said or how it’s being said, hang up and follow up bank or business as called out above. In all, look out for pressure or scare tactics and keep your info to yourself.
Several nations provide such a service, effectively a list that legitimate telemarketers will reference before making their calls. While this may not prevent scammers from ringing you up, it can cut down on unsolicited calls in general. For example, the U.S., Canada, and the UK each offer do not call registries.
Many mobile carriers provide additional apps and services that can block unwanted calls, often as part of your smartphone’s service plan. There are third-party apps that do this as well. Yet do your research. You’ll want to see if those apps are legitimate and if they can effectively let “good” calls through without blocking them.
While security software and apps won’t block robocalls, they increase the security of your phone overall, which can protect both you and your data. You have a couple of options here. You can grab comprehensive security software that protects all of your devices or pick up an app in Google Play or Apple’s App Store. This way, you’ll have malware, web, and device security that’ll help you stay safe on your phone in general.
Taken together, these steps can help you beat or outright block unwanted calls like robocalls—and be safer (and maybe less annoyed) as a result.
The post Smartphone Security: Five Steps Beating and Blocking Robocalls appeared first on McAfee Blog.
You may have heard the news that more than 300,000 Android users unknowingly downloaded banking trojan apps from the Google Play Store, malicious apps which bypassed the store’s security detections to install malware.
This news comes from a security report that found these trojans cleverly posed as apps that people commonly search for, such as QR code scanners, fitness apps, and a bevy of other popular types of utilities. In fact, these phony apps contain trojans that are designed to steal banking information, harvest keystrokes as you enter account info, and even grab screenshots of what you’re doing on your phone.
The trick with this malware is that it only activates after it is installed, which may or may not be apparent to the user. For the malware to activate, it requires an extra step, such as an in-app update (not through the Play Store), which then downloads the payload of malware onto the phone. In many cases, the bogus apps force users to make this update once the app is downloaded.
So, while the apps that appeared in the Play Store may not have contained malware, they deliver the payload onto the user’s phone post-purchase from other servers, which is a reason why these malicious apps have not been readily flagged.
All of this is just one more way hackers have found to infect smartphones with malware.
It’s no wonder that they target smartphones. They’re loaded with personal info and photos, in addition to credentials for banking and payment apps, all of which are valuable to loot or hold for ransom. Add in other powerful smartphone features like cameras, microphones, and GPS, and a compromised phone may allow a hacker to:
All of that adds up to one thing—a great, big “no thanks!”
So how do these sorts of malicious apps work? By posing as legitimate apps, they can end up on your phone and gain broad, powerful permissions to files, photos, and functionality—or sneak in code that allows cybercriminals to gather personal info. As a result, that can lead to all kinds of headaches, ranging from a plague of popup ads to costly identity theft.
Here are a few recent examples of malicious apps in the news:
Again, “no thanks!” So, let’s see about steering clear of malicious apps like these.
The good news is that there are ways you can spot these imposters. Major app marketplaces like Google Play and Apple’s App Store do their part to keep their virtual shelves free of malware, as reported by Google and Apple themselves. Still, cybercriminals can find ways around these efforts. (That’s what they do, after all!) So, a little extra precaution on your part will help you stay safer. These steps can help:
Another way cyber criminals weasel their way into your device is by getting permissions to access things like your location, contacts, and photos—and they’ll use sketchy apps to do it. (Consider the long-running free flashlight app scams mentioned above that requested up to more than 70 different permissions, such as the right to record audio, video, and access contacts.) So, pay close attention to what permissions the app is requesting when you’re installing it. If it’s asking for way more than you bargained for, like a simple game wanting access to your camera or microphone, it may be a scam. Delete the app and find a legitimate one that doesn’t ask for invasive permissions like that.
Additionally, you can check to see what permissions an app may request before downloading the app. In Google Play, scroll down the app listing and find “About this app.” From there, click “App permissions,” which will provide you with an informative list. In the iOS App Store, scroll down to “App Privacy” and tap “See Details” for a similar list. If you’re curious about permissions for apps that are already on your phone, iPhone users can learn how to allow or revoke app permissions here, and Android can do the same here.
While some apps (like games) rely on downloadable content from within the app, look out for apps that prompt you for an immediate update directly from the app. For the most part, the app you download from the store should be the most recent version and not require an update. Likewise, update your phone through the app store, not the app itself, which can help you avoid malware-based attacks like these.
As with so many attacks, cybercriminals rely on people clicking links or tapping “download” without a second thought. Before you download, take time to do some quick research, which may uncover a few signs that the app is malicious. Check out the developer—have they published several other apps with many downloads and good reviews? A legit app typically has quite a few reviews, whereas malicious apps may have only a handful of (phony) five-star reviews. Lastly, look for typos and poor grammar in both the app description and screenshots. They could be a sign that a hacker slapped the app together and quickly deployed it.
Even better than combing through user reviews yourself is getting a recommendation from a trusted source, like a well-known publication or from app store editors. In this case, much of the vetting work has been done for you by an established reviewer. A quick online search like “best fitness apps” or “best apps for travelers” should turn up articles from legitimate sites that can suggest good options and describe them in detail before you download.
Unlike Google Play and Apple’s App Store, which have measures in place to review and vet apps to help ensure that they are safe and secure, third-party sites may not have that process in place. In fact, some third-party sites may intentionally host malicious apps as part of a broader scam. Granted, cybercriminals have found ways to work around Google and Apple’s review process, yet the chances of downloading a safe app from them are far greater than anywhere else. Furthermore, both Google and Apple are quick to remove malicious apps once discovered, making their stores that much safer.
With all that we do on our phones, it’s important to get security software installed on them, just like we do on our computers and laptops. Whether you go with comprehensive security software that protects all of your devices or pick up an app in Google Play or Apple’s iOS App Store, you’ll have malware, web, and device security that’ll help you stay safe on your phone.
Hand-in-hand with installing security software is keeping your phone’s operating system up to date. Updates can fix vulnerabilities that cybercriminals rely on to pull off their malware-based attacks—it’s another tried and true method of keeping yourself safe and your phone running in tip-top shape.
Here are a few more things you can do:
Lastly, you can always ask yourself, “Do I really need this app?” One way to avoid malicious mobile apps is to download fewer apps overall. If you’re unsure if that free game is on the up-and-up or if the offer for that productivity app sounds a little too good, skip it. Look for a better option or pass on the idea altogether. As said earlier, cybercriminals really rely on us clicking and downloading without thinking. Staying on guard against mobile malware will cost you a few moments of your time, which is minimal compared to the potential costs of a hacked phone.
The post Before You Download: Steer Clear of Malicious Android Apps appeared first on McAfee Blog.
“My phone’s been hacked!” Words you probably don’t want to hear or say. Ever.
Your phone gets to be like an old friend after a while. You have things laid out the way you like, your favorite apps are at the ready, and you have the perfect home screen and wallpaper all loaded up. So, if you unlock your phone one day and notice that something is a little … off, you’ll know pretty quickly. And it could be a sign that your phone may be hacked.
It’s often pretty easy to tell when a piece of your tech isn’t working quite right. The performance is off, things crash, and so on. While there are several cases where there’s a legitimate technical issue behind that, it could also be the sign of a hacked device.
Many hacks and attacks involve the installation of malware on the device, which eats up system resources, creates conflicts with other apps, and uses your data or internet connection to pass along your personal information—all of which can make your smartphone feel a little off.
A few examples follow. Note that these may be signs of a hacked phone, yet not always.
A suddenly sluggish phone or one that simply can’t hold a charge anymore are often attributed to phones that are getting a little old (these things happen). Yet, those same behaviors can also be signs of a compromised phone. For example, malicious bitcoin miners can run in the background and cause all types of performance issues because they eat up battery life and take up resources that your phone could otherwise normally use. In a way, it’s like having a second person using your phone at the same time you are.
Similar to the performance issues mentioned above, malware or mining apps running in the background can burn extra computing power, battery life, and data. Aside from a performance hit, they can cause your phone to physically run hot or even overheat. So if your phone feels like it’s been sitting in the sun, this could be a sign that malware is present.
If you’re seeing more popup ads than usual or seeing them for the first time, it could be a sign that your phone has been hit with adware—a type of malicious app that hackers use to generate revenue by distributing ads without the consent of the user. Furthermore, those ads may be malicious in nature as well (which is a good reminder to never click on them). Such ads may lead to bogus products and services or pages designed to steal personal information. All in all, malicious adware is what hackers prop up to make money off unsuspecting people.
A potential telltale sign that your phone has been hacked is the appearance of new apps that you didn’t download, along with spikes in data usage that you can’t account for. Likewise, if you see calls in your phone bill that you didn’t make, that’s a warning as well.
Big red flag here. Like seeing an unknown charge or payment in your bank statement, this is a possible sign that a hacker has hijacked your phone and is using it to transfer data, make purchases, send messages, or make calls via your phone.
To help keep your phone from getting hacked in the first place, there are a few relatively easy steps you can take. Inside of a few minutes, you can find yourself much safer than you were before.
1. Use comprehensive security software on your phone. Over the years, we’ve gotten into the good habit of using this on our computers and laptops. Our phones? Not so much. Installing security software on your smartphone gives you the first line of defense against attacks, plus several of the additional security features mentioned below.
2. Stay safer on the go with a VPN. One way that crooks can hack their way into your phone is via public Wi-Fi, such as at airports, hotels, and even libraries. These networks are public, meaning that your activities are exposed to others on the network—your banking, your password usage, all of it. One way to make a public network private is with a VPN, which can keep you and all you do protected from others on that Wi-Fi hotspot.
3. Use a password manager. Strong, unique passwords offer another primary line of defense. Yet with all the accounts we have floating around, juggling dozens of strong and unique passwords can feel like a task—thus the temptation to use (and re-use) simpler passwords. Hackers love this because one password can be the key to several accounts. Instead, try a password manager that can create those passwords for you and safely store them as well. Comprehensive security software will include one.
4. Avoid public charging stations. Charging up at a public station seems so simple and safe. However, some hackers have been known to “juice jack” by installing malware into the charging station. While you “juice up,” they “jack” your passwords and personal info. So what to do about power on the road? You can look into a portable power pack that you can charge up ahead of time or run on AA batteries. They’re pretty inexpensive and can prevent malware from a public charging station.
5. Keep your eyes on your phone. Preventing the actual theft of your phone is important too, as some hacks happen simply because a phone falls into the wrong hands. This is a good case for password or PIN protecting your phone, as well as turning on device tracking so that you can locate your phone or even wipe it remotely if you need to. Apple provides iOS users with a step-by-step guide for remotely wiping devices and Google offers up a guide for Android users as well.
A phone that’s acting a little funny may indicate a run-of-the-mill tech issue, yet it could also be a tell-tale sign of a hack. At a minimum, following up on your gut instinct that something isn’t quite right can take care of a nagging tech issue. But in the event of a possible hack, it can save you the far greater headache of unauthorized charges and purchases, and even identity theft. If you spot a problem, it absolutely pays to take a closer look. Follow up with tech support for help, whether that’s through your device manufacturer, retailer, or your antivirus providers. They’ll help pinpoint the issue and get you on your way.
The post Help! I Think My Phone’s Been Hacked appeared first on McAfee Blog.
Mobile phones have gone through an incredible transformation since their inception in the 1970s. Now, the sheer number of applications is dizzying, as are their privacy policies; however, smartphone apps can bring hours of fun and belly laughs, and occasionally, a viral app captures the world’s attention. Don’t let potential risks to your personal information safety ruin all smartphone apps for you. All you need to share and play safely is a few tips to help you identify which apps are OK to use and how to navigate them intelligently.
Check out these four viral apps that may be putting your personal information at risk, plus a few tips that’ll help you enjoy smartphone apps safely.
Voilà AI Artist is a trending app that reimagines your face as a cartoon, caricature, or model of fine Renaissance art. Users can snap a selfie with the app or allow the app to access their photo library. According to WIRED, the app says it deletes users’ photos from its database in 24 to 48 hours, though it’s difficult to confirm that they aren’t stored.
Approach any app that could potentially use and store your likeness with caution. Deepfake technology is becoming more sophisticated and common by the day. Deepfakes are fabricated videos, images, or sound clips of every day or famous people based on real videos and images. Fake media impacts the victims whose likenesses are used because often the media is demeaning or incendiary. Voilà AI Artist hasn’t been suspected of any wrongdoing, but it’s best to be aware of how your face could be used to endorse something you don’t agree with.
Another face-altering app that could pose a risk to users’ privacy is FaceApp. Similar to Voilà AI Artist, it’s unclear what the app does with your likeness once you allow it to take your picture. FaceApp’s terms of use agreement outline that the selfies uploaded to the app belong to the app. From there, the app is free “to use, reproduce, modify, adapt, create derivative works from, distribute, perform, and display your User Content.” This line of fine print should make users pause. Again, users’ faces could be used in ways they wouldn’t normally agree to.
While the Pokémon Go craze of 2016 has greatly subsided, the next viral app that sweeps the world could replicate the security vulnerabilities the premise presents. Pokémon Go uses augmented reality, which is the kind of technology that makes it look like a Pokémon is strolling across your living room. The app can access your camera, as well as your contacts, pictures, chats, and location. It’s a blast exploring your neighborhood looking for animated critters and seeing nearby strangers’ profiles pop up on your map; however, be wary of sharing location data and images of the inside of your home with people you don’t know in real life.
TikTok may pose a risk to users’ data privacy. TikTok is under suspicion for using data mining tactics. Data mining is a practice where corporations harvest personal details from user-profiles and share them with advertising, marketing, and analytics companies. According to Business Insider, TikTok collects more than 50 kinds of data from users as young as 13 years old, including age, gender, location, and online habits. These facts are often used to create targeted ads that sometimes border on an invasion of privacy.
Check out these tips to make sure you’re prepared to use apps safely or help you decide to skip trends entirely.
The post 4 Viral Apps Risking Your Personal & Smartphone Security appeared first on McAfee Blog.
We’ve all been there. It’s the middle of the night and you wake up to a sad and sniffly kiddo shuffling into your room. Yup, looks like someone has a temperature. You phone the on-call doctor to make sure it’s nothing serious and then set an alarm so you can make an appointment when the office opens. Yet this time that doctor’s visit could go a little differently. It may not take place in the office at all. You may be offered a chance to see the doctor with a telemedicine visit.
Telemedicine has been in use for some time. For several years now, it’s connected patients to health care services using live video and sometimes special diagnostic tools that pass along information via the internet. Overall, it’s a way of going to the doctor without actually going to the doctor’s office. Historically, it’s done a great job of caring for people who live in remote locations and for people with ongoing conditions that need long-term monitoring.
That all changed last year. Telemedicine visits saw a big spike during the early days of the pandemic, partly to help keep the spread of the virus in check and to protect vulnerable patients. Even though that spike has since tapered off, one study found that about 40 percent of consumers in the U.S. say they’ll use telemedicine moving forward—and our own research from earlier this year put that worldwide figure at nearly 30 percent. Telemedicine seems to be taking root.
While telemedicine leaves many families with more healthcare options, it may leave them with a few more questions about their security as well. After all, our health data is a precious thing. In the U.S., HIPPA privacy standards protect our information and consultations with healthcare professionals. However, online visits add an entirely new dimension to that.
If your health care provider recommends a telemedicine visit for you or your child, it can be both a convenient and safe experience with a little prep on your part. With a few straightforward security measures lined up (some of which you may already have in place), you can make sure that everyone’s private health information will be safe and secure during your virtual visit.
A great first step for a safer telemedicine visit is to protect your devices with comprehensive security software. Like security software protecting you while you manage your finances, file your taxes online, and so forth, it will help protect you while sharing your private health information. Plus, it will give you plenty of other features that can help you manage your passwords, protect your identity, safeguard your privacy in general, and more.
Be sure to protect your tablets and smartphones while you’re at it, even if you’re not using them for telemedicine. With all the shopping and banking we do on those devices, it’s a smart move to protect them in addition to laptops and computers.
Your telemedicine visit may require setting up a new account and password, one that will add to your growing list considering all the banking, social media, and payment apps you probably use. Plus, there are the umpteen other passwords you have for your online shopping accounts, your children’s school records, your taxes, and so on. Don’t give into the temptation of re-using an old password or making a simple one. Hackers count on that, where stealing one password means stealing several—and gaining access to multiple accounts in one blow.
When you set up your account, use a strong, unique password. This may also be a good time to get a handle on all your passwords with a password manager. Also found in comprehensive security software, a password manager can create and securely store strong and unique passwords for you, which can keep you safe and make your day a little easier too.
A VPN, or virtual private network, offers a strong layer of additional protection when you’re transmitting health data or simply having a private conversation about your health with a professional. A VPN creates an encrypted tunnel to keep you and your activity anonymous. In effect, your data is scrambled and hidden to anyone outside your VPN tunnel, thus making your private information difficult to collect.
Like many of the security steps, we’re talking about here, using a VPN offers benefits beyond telemedicine. A VPN is a must when using public Wi-Fi, like at airports and cafes, because it makes a public connection private (and safe from prying eyes). Additionally, it’s also great for use at home when taking care of sensitive business like your banking or finances.
If you’re searching for a telemedicine provider online, keep an eye out for sketchy links and scams. The sad thing with the increased use of telemedicine is that hackers have clued in and are looking for targets. One way you can stay safer is to use a web advisor with your browser that can identify potentially hazardous links and sites. Anti-phishing technologies in your security software can help as well by preventing email-based scams from reaching your inbox in the first place.
Even better than searching online, consider contacting your pediatrician or doctor’s office for a recommendation, as they can point out the best healthcare options for you and your concerns—and let you know if a telemedicine visit is the best course of action for you in the first place. This way, you can get comfortable with what your visit will look like, find out what special apps (if any) are used, and how your care provider will protect your privacy. Also, you can decide which device you will use and where you’ll use it so that you feel at ease during your virtual visit.
A reputable care provider will likely put all this pre-appointment information together for you on their website or “frequently asked questions” (FAQ) page, which will include helpful links and numbers to call if you need help or have questions. For an example of what that could look like, check out the telemedicine page that Virginia Mason/Franciscan Health designed for its patients.
We’ve talked plenty about digital security, yet there’s the old-fashioned issue of physical eavesdropping to think about too. When it’s time for your actual appointment, pick a place in your home where you can assure yourself some privacy. (Of course, don’t go online for your virtual appointment in a public place.) Look for a space where you can’t be overheard by neighbors and passers-by—preferably someplace like your bedroom where you can be comfortable as well. If your child has an appointment, let them know that this is like any other doctor’s visit and help them keep their voice down so they can keep their info private.
With telemedicine becoming more and more of an option for families, it’s just one of the many tools your doctor or pediatrician can use to keep you and your family well. So as always, if you have a health concern, call your doctor or pediatrician’s office for guidance. They’ll know the best path forward.
In the meantime, there are some great resources out there that can help you make the best decision about telehealth if the time comes. One really helpful article from the American Academy of Pediatrics helps parents get up to speed on telemedicine and outlines a few cases where a telemedicine visit might be right for your child.
With the sniffles, fevers, and plenty of, “Mom, I don’t feel so good …” comments that come along with parenthood, it’s nice to know that telemedicine gives us another tool we can use to keep our families well—one that’s ultimately up to you and your doctor to choose if it’s right for your child.
The post 6 Tips for a Safer and Easier Telemedicine Visit appeared first on McAfee Blog.
Depending on where your travels take you, you might need a new passport—a COVID-19 vaccine passport.
In an effort to kickstart travel and local economies, these so-called vaccine passports are more accurately a certificate. Such a “passport” can offer proof that the holder has been fully vaccinated against the virus, and there are several of these passports developing in the wings. With all of this in motion, I wanted to give families a look at what’s happening so that they can protect their privacy and identity online.
Broadly speaking, a vaccine passport works like this: information such as name, date of birth, date of vaccination, vaccination type, and vaccination lot number are used to create a digital certificate stored in a smartphone or a physical card. The holder can then offer up that proof of vaccination (or a recent negative test result) to businesses, travel authorities, and the like.
The notion of a vaccine passport has actually been around for a while now, such as the “Yellow Card” issued by the World Health Organization (WHO), which documents vaccination against diseases like cholera and yellow fever for travelers. Note that currently there’s no widely accepted standard for COVID-19 vaccine passports. What’s more, conversations continue around the concerns that come with documenting and sharing vaccine information securely. Understandably, it’s a complex topic.
As of this writing, the European Union has started issuing the “EU Digital Covid Certificate,” which allows its holders to travel throughout the EU freely without quarantine restrictions. The UK has its own version in the works, as do other nations in Asia, along with airline carriers too. In the U.S., “passports” appear to be in development on the state level, rather than on the federal level. For example, the state of New York has its Excelsior Pass program and California has its Digital COVID-19 Vaccine Record available to residents. Private airlines and air travel industry groups have launched their own efforts as well, such as the International Air Travel Association’s IATA Travel Pass.
How these passports are rolled out and how they get used will vary, yet vaccine passports may have an impact on the way people can travel as we recover globally from the pandemic. In some cases, they may even determine if people can attend large events that can help localities reboot their economies and public life in general (i.e., concerts, sporting events, and so on).
The development of vaccine passports and all the rules businesses and local authorities set around them may feel a bit out of our hands. However, in terms of your privacy and your family’s privacy, plenty is still very much in your hands. The common denominator across all these vaccine passports is the exchange of personal information—you and your family’s personal information. And where personal information is shared, hackers are sure to follow. This presents a perfect opportunity for you and your family to review your online privacy practices and close any gaps, whether you plan on traveling or not.
I put together a few things you can do to make sure that you and your family can navigate the future use of these passports with your privacy in mind:
What seems like an innocent celebration of your vaccination could put your personal information at risk. The information captured on these cards varies by nation, region, and locality, with some of the cards containing more information than others. However, even basic info such as birthday, vaccine manufacturer and lot number, location of immunization, or doctor’s name can provide the basis of a scam, such as a phishing email or phishing text message. Likewise, such information could get scooped up by a hacker and used to create phony vaccination credentials. Instead of posting that pic of you and your vaccine card, go with a happy selfie instead. And if you’ve already posted, go ahead and delete the image, better to remove it now and stay safe.
As mentioned above, the uncertainty around vaccine passports, and the general uncertainty around the latter days of the pandemic overall, creates opportunities for hackers and cybercrooks. Just as the early pandemic saw phony offers around miracle cures and today we’re seeing offers for phony vaccination cards, you can bet that scams revolving around vaccine passports will follow. The best advice here is to go to a trusted source for information, like the NHS in the UK or the American Medical Association in the U.S. Granted, cybercrooks will launch their phishing campaigns regardless. Here’s what to do if one heads your way:
In all, if someone is asking for any kind of personal or financial information via an email, text, instant message, or the like, chances are it’s a scam. For more, check out this article on how to spot the warning signs of a phishing attack.
In a time of data breaches large and small, checking your credit regularly is a wise move. Doing so will help you quickly spot issues and help you address them, as companies typically have a clear-cut process for dealing with fraud. You can get a free credit report in the U.S. via the Federal Trade Commission (FTC) and other nations like the UK have similar free offerings as well.
Do the same for your children. They’re targets too. High-value targets at that. Their credit reports are clean, which gives cybercrooks a blank slate to work with. Even more attractive is that child identity theft often goes long unnoticed until years later when the child gets older and rents an apartment or applies for their first credit card.
It’s that simple. Given that these vaccine passports will likely involve a digital certificate stored on a smartphone, app, or possibly other devices, protect them so you can protect yourself. Select comprehensive security software that will protect multiple devices so that everyone in your home is covered.
You can bet that rumors will abound as to who is issuing what “passport”, under what restrictions, and with what implications for traveling, dining out, and visiting shops. All of that amounts to plenty of falsehoods and scams that attempt to rob you of your privacy, identity, and even your money. Turn to trusted news sources known for their even-handed reporting, such as Reuters or the Associated Press, and get your information from there. Knowing what the facts about vaccine passports are in your locality will arm you against fear-based attacks.
A few months back, the FTC posted its own blog about sharing vaccine card photos. It’s a great read, in part because they used a helpful analogy to discuss privacy and identity theft:
Think of it this way — identity theft works like a puzzle, made up of pieces of personal information. You don’t want to give identity thieves the pieces they need to finish the picture.
Likewise, any vaccine passport you acquire will become yet another puzzle piece that you have to protect.
In all, with post-pandemic recovery measures evolving before our eyes, keep an eye on your family’s security. Don’t give away any snippets of info that could be used against you and stay on the lookout for the scams hitting the internet that play on people’s uncertainty and fears. COVID-19 passports may be entirely new, yet they give cybercrooks one more way they can play their old tricks.
The post COVID-19 Vaccine Passports: 5 Security Tips for You and Your Family appeared first on McAfee Blogs.
Among the many major shifts in lifestyle during the COVID-19 pandemic, the way we used healthcare was one of the most significant. Providers limited in-person visits, elective procedures were delayed, and we avoided hospitals. In response, we went online and started using telehealth and other virtual solutions in ways we never had before.
Our latest consumer mindset survey confirms this was more than a passing trend, showing an almost 50% rise since the beginning of the pandemic in the use of PCs and Mobile devices to access health information, meet virtually with health care providers, and manage prescriptions. Survey respondents also showed they adapted by increasing their usage of smart fitness devices, like Fitbits, to track their personal health.
Navigating the healthcare system and accessing more of our services through the web means more of our personal information is now online. From patient intake forms to test results, a great deal of data about our health, including confidential information like vaccination records, is potentially available. Survey respondents confirmed that they shared and accessed their personal health information across the internet, despite 1/3 or more of respondents having concerns for their privacy and security of their personal information.
This trend hasn’t gone unnoticed by cybercriminals. In fact, the US Department of Health and Human Services is currently investigating nearly 800 health-related data breaches impacting nearly 60 million individuals. All of which is to say that telehealth advances may help us avoid sitting in a doctor’s office, but we need to be more mindful about our security when using these new online services.
Despite the adoption of many telehealth and online health services, security was still a concern for many of our survey respondents. A majority said the primary reason they do not use smart devices for their personal health was because of privacy and security concerns. Fortunately, just as there is preventive medicine, there are also preventive cybersecurity measures we can take to keep our personal data safer online. Here are a few we recommend:
The shift to managing our health online comes with a few safety considerations, but by following the steps above, we can enjoy convenience and access to a healthier life online and off.
The post How to Make Telehealth Safer for a More Convenient Life Online appeared first on McAfee Blogs.
The COVID-19 pandemic forced many of us to quickly adjust to the new normal — case and point, admitted that they switched to digital activities like online banking, social networking, and online shopping in 2020 out of convenience. Research now shows that consumers’ reliance on this technology is here to stay. PwC found that 44% of global consumers now shop more using their smartphones compared to when COVID-19 began. While having the world at your fingertips is convenient, how does this digital lifestyle change expose users to cyber threats, especially attacks on mobile devices?
It’s no secret that cybercriminals tend to manipulate their attacks based on the current trends set by technology users. As you reflect on how increased connectivity affected your everyday life, it’s important to ask yourself what could be lurking in the shadows while using your mobile devices. With more of us relying on our devices there’s plenty of opportunities for hackers. This begs the question, what does mobile security look like in a post-pandemic world?
In addition to the increased adoption of digital devices, we had to figure out how to live our best lives online – from working from home to distance learning to digitally connecting with loved ones. And according to McAfee’s 2021 Consumer Security Mindset Report, these online activities will remain a key part of consumers’ post-pandemic routines. But more time spent online interacting with various apps and services simultaneously increases your chance of exposure to cybersecurity risks and threats. Unsurprisingly, cybercriminals were quick to take advantage of this increase in connectivity. McAfee Labs saw an average of 375 new threats per minute and a surge of cybercriminals exploiting the pandemic through COVID-19 themed phishing campaigns, malicious apps, malware, and more. New mobile malware also increased by 71%, with total malware growing nearly 12% from July 2019 to July 2020. As consumers continue to rely on their mobile devices to complete various tasks, they will also need to adapt their security habits to accommodate for more time spent online.
Here at McAfee, we recognize that the way you and your family live your digital lives has changed. We want to help empower you to protect your online security in your hyper-connected lifestyle. To help provide greater peace of mind while using your mobile devices, follow these tips to help safeguard your security.
When setting up a new device or online account, always change the default credentials to a password or passphrase that is strong and unique. Using different passwords or passphrases for each of your online accounts helps protect the majority of your data if one of your accounts becomes vulnerable. If you are worried about forgetting your passwords, subscribe to a password management tool that will remember them for you.
Remember to physically lock your mobile devices with a security code or using facial recognition as well. This prevents a criminal from unlocking your device and uncovering your personally identifiable information in the event that your phone or laptop is stolen.
Multi-factor authentication provides an extra layer of security, as it requires multiple forms of verification like texting or emailing a secure code to verify your identity. Most popular online sites like Gmail, Dropbox, LinkedIn, Facebook, etc. offer multi-factor authentication, and it takes just a few minutes to set it up. This reduces the risk of successful impersonation by hackers who may have uncovered your credentials.
Hackers tend to lurk in the shadows on public Wi-Fi networks to catch unsuspecting users looking for free internet access on their mobile devices. If you have to conduct transactions on a public Wi-Fi network, use a virtual private network (VPN) like McAfee® Safe Connect to help keep you safe while you’re online.
Be skeptical of text messages claiming to be from companies with peculiar asks or information that seems too good to be true. Instead of clicking on a link within the text, it’s best to go straight to the organization’s website to check your account status or contact customer service.
Some cybercriminals send texts from internet services to hide their identities. Combat this by using the feature on your mobile device that blocks texts sent from the internet or unknown users. For example, you can disable all potential spam messages from the Messages app on an Android device by navigating to Settings, clicking on “Spam protection,” and turning on the “Enable spam protection” switch. Learn more about how you can block robotexts and spam messages on your device.
Prepare your mobile devices for any threat coming their way. To do just that, cover these devices with an extra layer of protection via a mobile security solution, such as McAfee Mobile Security.
COVID-19 changed our relationships with our digital devices, but that does not mean we have to compromise our online security for convenience. Incorporating these tips into your everyday life can help ward off mobile cyber threats and stay a step ahead of hackers.
The post The Future of Mobile in a Post-COVID World & How to Stay Secure appeared first on McAfee Blogs.
Families are hitting the road again. And it’s absolutely no surprise that they’re taking their smartphones with them. Perhaps what is surprising is that so many of them may be hitting the road without any digital or mobile protection.
Our recent research shows that 68% of people in the U.S. said that they’re planning to travel for leisure this year, slightly higher than the international average of 64%.1 However, our research also discovered that nearly half of them don’t use mobile security software to protect themselves or their smartphones.
That lack of protection is a concern, particularly as our April 2021 Threats Report detected a more than 100% increase in attacks aimed at mobile devices. It makes sense that such is the case, as the pandemic led to increased adoption of online activities like banking, shopping, and even doctor visits via telemedicine—often straight from our smartphones.
However, our smartphones can be as vulnerable as any other device (like our computers). Accordingly, with the volumes of valuable data that those activities create on our smartphones, cyber crooks were sure to follow.
The good news is that you can indeed enjoy all of that mobile convenience without worry, even on vacation. No doubt many travelers will do some online banking or even some online food ordering while they’re out and about. Likewise, their kids will be online for stretches of that time too, whether it’s on chat apps like Snapchat, social media like Instagram and TikTok, games like Fortnite and Among Us, or streaming videos. Go ahead, do it all. Just make sure you’re protected before you hit the road.
With that, add mobile protection to your packing list. I’ve put together a shortlist of straightforward things you can do that will help you and your kids stay safe online while on the road this summer.
While the tips above are great for the whole family, the following additional steps are what you can take to protect your children even further:
Tracking your child’s smartphone not only allows you to find it easily if it’s lost or stolen but can also put you at ease by knowing where your child is. Yet it’s important to use location tracking selectively. Not every app needs location tracking to work as intended, even though many apps ask for permission to enable it. Go into the phone’s settings and disable the location features on an app-by-app basis. For example, a weather app doesn’t need your child’s second-by-second location information to work properly, nor should a gaming app need it at all. Likewise, photos taken on a phone can embed location information that can be easily read when shared, revealing plenty about when and where it was taken. In all, enable the location services for only the most necessary of apps like maps.
Use travel as a time to reset
Recent research shows that tweens spend nearly five hours on their screens each day, while teenagers push that up to more than seven hours a day. Some staycation time is a good time to pare back those hours and enjoy the local scenery, even if for a short stretch. You can use your travel time as well to re-establish your phone rules. That way, vacation stays entertaining but doesn’t affect the habits you set into effect back home.
Above and beyond security settings and software, there’s you. Get in the habit of talking with your child for a sense of what they’re doing online. As a mom, I like to ask them about their favorite games, share some funny TikTok clips or cute photos with them, and generally make it a point to be a part of their digital lives. It’s great, because it gives you peace of mind knowing what types of things they are doing or interactions they are having online.
For those of you hitting the road in the coming weeks, enjoy your travels, wherever they take you!
The post Travel Smart: Protecting Your Family’s Smartphones While on Vacation appeared first on McAfee Blogs.
Today we wrap up Mobile World Congress (MWC) 2021. Whether you joined online or attended the hybrid conference in person, one thing is certain: today’s groundbreaking technology is paving the way for our future connectivity. Fittingly, the theme of this year’s event was Connected Impact, representing the role mobile connectivity plays in an ever-changing world, where flexibility and adaptability are critical. Here are four of the key consumer takeaways from this year’s conference:
COVID-19 truly put the power of online connectivity to the test. While 2020 was supposed to be the year of 5G connectivity, this was put on pause as the world faced social and financial uncertainty. Instead, the spotlight fell on legacy technologies to create a new normal for users. Consumers quickly had to figure out how to live their best lives online — from working from home to distance learning to digitally connecting with loved ones.
To help foster online connectivity for all, 5G must step back into the spotlight. Although publicly available 5G networks have been around for two years, it is unlikely that many users see much of a difference between 5G and LTE. For users to feel the impact of 5G, mobile carriers must expand the frequencies at the low and high ends of the spectrum, which is where 5G networks operate.
Qualcomm led the 5G announcements on Monday with the unveiling of its second-generation Qualcomm 5G RAN Platform for Small Cells (FSM200xx). This platform brings major enhancements to radio frequencies and is designed to take millimeter wave performance to more places: indoors, outdoors, and around the globe. According to Qualcomm, these advancements aim to facilitate greater mobile experiences and accelerate 5G performance and availability to users everywhere— thus reshaping opportunities for homes, hospitals, offices and more.
Technology and connectivity played a crucial role in our daily lives in 2020—and therefore, unsurprisingly, spending on health and wellness tech grew by 18.1%. But now, we must ask ourselves what role technology will play post-lockdown.
While they did not have a physical appearance at MWC this year, Samsung provided a sneak of their new wearables: they introduced the One UI Watch user experience, a new interface designed to make the Galaxy Watch and smartphone experience more deeply connected. Samsung also announced its expanded partnership with Google, promising to deliver better performance, longer battery life, and a larger ecosystem of apps to the Galaxy Watch. Although they did not unveil any hardware at MWC, Samsung did ensure that users can expect to see new devices like the Galaxy Z Fold 3 and the Galaxy Watch 4 at their Galaxy Unpacked event happening in July/August of 2021.
2020 also shone a bright light on the key role technology plays in the consumption and distribution of creative arts and entertainment. Lockdown put an even greater responsibility on streaming platforms — and the devices they are accessed on — to deliver content right to people’s homes.
To help meet entertainment consumption needs, Lenovo announced not one, not two, but five new Android tablets during MWC. Its largest tablet is the Yoga Tab 13, which features a built-in kickstand, 13-inch display with 2,160 x 1,350 resolution, up to 12 hours of battery life, and more. Lenovo is pitching this model as its “portable home cinema,” perfect for streaming on the go. It also unveiled the Yoga Tab 11 and the Tab P11 Plus, which are expected to be available in EMEA in July following the Yoga Tab 13’s June release date. For users hoping for a more compact, budget-friendly device, Lenovo also announced the Lenovo Tab M8 and the Lenovo Tab M7. Whichever model you select, one thing it certain — digital devices have and will continue to be instrumental in consumer entertainment.
These exciting announcements are a great representation of what the future holds for mobile technology and greater connectivity. The advancements in mobile connectivity have already made a positive impact on consumer lifestyles, but the rise in popularity of these devices has also caught the attention of cybercriminals looking to exploit consumers’ reliance on this technology.
More time spent online interacting with various apps and services simultaneously increases your chance of exposure to cybersecurity risks and threats. Unsurprisingly, cybercriminals were quick to take advantage of the increase in connectivity throughout 2020. McAfee Labs saw an average of 375 new threats per minute and a surge of hackers exploiting the pandemic through COVID-19 themed phishing campaigns, malicious apps, malware and more. For users to continue to live a connected life, they will need to take greater care of their online safety and ensure that security is top-of-mind in any given situation. Taking these precautions will provide greater peace of mind in the new mobile-driven world.
The post The Future of Mobile: Trends from Mobile World Congress 2021 appeared first on McAfee Blogs.
Over the last year, our relationship with digital technology has changed completely, and probably irrevocably. The pandemic has been bruising in many different ways, but it has been clear from the very start how important the internet has been as a tool to help us through it. Even just a few years ago, the behavioural shifts it enabled would not have been possible. From offices running on videoconferencing, to essential retail moving online, to digitally-delivered healthcare, many online tools that were once seen as promising growth areas or quality-of-life improving luxuries have come into their own as vital parts of everyday life.
Every big change in how we use technology, however, is followed sooner or later by a development in how we approach security and safety. This was true when the emergence of personal computers and ATMs led to education campaigns around the importance of PIN and password vigilance. It was true when the commoditisation of internet access created the need for consumer antivirus protection. It was even true when the automobile was first introduced, with cities rushing to introduce traffic signaling to manage that new high-speed flow.
Soon, then, we should expect to see another step in our collective attitude to security and privacy. What will that look like? For me, it should rest on a new sense of what is being protected, and new expectations about how that protection happens.
To explain why, it’s worth understanding what the process of finding and fixing cybersecurity issues looks like. The first line of defence against attacks always happens during product development, when coders and engineers try to ensure that what they are creating is not vulnerable. The nature of cybersecurity, however, is that some problems will inevitably occur in finished products. That’s why there are also teams of people who analyse these products, independently testing whether they are truly safe.
At McAfee, our enterprise Advanced Threat Research (ATR) team has a long history and a strong track record of doing this testing. Often, the ATR team’s work is very similar to what people might imagine when they think of a ‘cybersecurity researcher’: it’s unpicking highly complex systems and tracing international criminal organisations responsible for attacks.
A lot of this work is much closer to home, though, and increasingly it deals with finding vulnerabilities not just in apps and computers, but in devices that few would think of as being a potential risk. The rise of the smart home means that many household items, from luxuries like exercise machines to basics like wall clocks, can also be internet-connected computers, tapping into the network to make life easier and better in a myriad of ways.
The ‘internet of things’, or IoT, has been a tech catchphrase for a long time, but it’s now a daily consumer reality too, with thermostats and air conditioners, security cameras and door locks, fridges and coffee machines all offering enhanced experiences through online connectivity. The security challenge lies in the fact that most people would view items like these just as a thermostat or as a door lock – not as a computer which requires protection. How, after all, do you install an antivirus service on a fridge?
Combined with the increase of online activity we’ve all experienced over the last year, this requires more than widening consumers’ current thinking about security to include more devices. It requires a whole new approach. When the average household had one or two computers, it made sense to think of cybersecurity in terms of protecting the device. When any item in a home could also be an internet access point, we need to start thinking instead in terms of protecting people and families.
A big part of that will be expecting more of the companies who design and supply these devices. When the ATR team – or another threat research team – finds a flaw in a consumer device, step one is always to contact the manufacturer and work with them to fix it before malicious actors spot the opportunity. Many businesses behave responsibly, responding openly and collaboratively, developing a solution, and rolling it out as quickly as possible. Not all businesses are so conscientious. How businesses react to security problems should be a much bigger part of how we choose what to purchase.
Going back to the car, the traffic light was not the final safety innovation we saw. Over the last century, growing regulations and awareness led to a situation where, today, purchasers are likely to inspect a vehicle’s safety ratings before handing over their cash. In just the same way, attitudes to cybersecurity need to keep evolving – and soon, we may even be asking car manufacturers about how they respond to vulnerability disclosures.
The pandemic was a leap forward in how far digitalised our lives have become. Companies and customers alike now need to think carefully about what we need to talk about when we talk about making our online lives safe, secure, and private.
The post Homes, Not Just Devices: The New Consumer Cybersecurity appeared first on McAfee Blogs.
There’s little rest for your hard-working smartphone. If you’re like many professionals today, you use it for work, play, and a mix of personal business in between. Now, what if something went wrong with that phone, like loss or theft? Worse yet, what if your smartphone got hacked? Let’s try and keep that from happening to you.
Globally, plenty of people pull double duty with their smartphones. In Spain, one survey found that 55% of people use the same phone for a mix of personal and and work activity. The same survey showed that up to half of people interviewed in Japan, Australia, and the U.S. do so as well, while nations like the UK and Germany trailed at 31% and 23% respectively.
Whether these figures trend on the low or high end, the security implications remain constant. A smartphone loaded with business and personal data makes for a desirable target. Hackers target smartphones because they’re often unprotected, which gives hackers an easy “in” to your personal information and to any corporate networks you may use. It’s like two hacks with one stone.
Put simply, as a working professional with a smartphone, you’re a high-value target.
As both a parent and a professional, I put together a few things you can do to protect your smartphone from hacks so that you can keep your personal and work life safe:
First up, the basics. Locking your phone with facial ID, a fingerprint, pattern or a pin is your most basic form of protection, particularly in the event of loss or theft. (Your options will vary depending on the device, operating system, and manufacturer.) Take it a step further for even more protection. Secure the accounts on your phone with strong passwords and use two-factor authentication on the apps that offer it, which doubles your line of defense.
Or, put another way, don’t hop onto public Wi-Fi networks without protection. A VPN masks your connection from hackers allowing you to connect privately when you are on unsecure public networks at airports, cafes, hotels, and the like. With a VPN connection, you’ll know that your sensitive data, documents, and activities you do are protected from snooping, which is definitely a great feeling given the amount of personal and professional business we manage with our smartphones.
Both Google Play and Apple’s App Store have measures in place to help prevent potentially dangerous apps from making it into their stores. Malicious apps are often found outside of the app stores, which can run in the background and compromise your personal data like passwords, credit card numbers, and more—practically everything that you keep on your phone. Further, when you are in the app stores, look closely at the descriptions and reviews for apps before you download them. Malicious apps and counterfeits can still find their way into stores, and here are a few ways you can keep those bad apps from getting onto your phone.
Backing up your phone is always a good idea for two reasons:
Both iPhones and Android phones have straightforward ways of backing up your phone regularly.
Worst case scenario—your phone is gone. Really gone. Either it’s hopelessly lost or got stolen. What now? Lock it remotely or even wipe its data entirely. While that last bit about wiping the phone seems like a drastic move, if you maintain regular backups as mentioned above, your data is secure in the cloud—ready for you to restore. In all, this means that hackers won’t be able to access you, or your company’s, sensitive information—which can keep you out of trouble and your professional business safe. Apple provides iOS users with a step-by-step guide for remotely wiping devices, and Google offers up a guide for Android users as well.
We all download apps, use them once, and then forget they are on our phone. Take a few moments to swipe through your screen and see which ones you’re truly done with and delete them along with their data. Some apps have an account associated with them that may store data off your phone as well. Take the extra step and delete those accounts so any off-phone data is deleted.
The reason for this is that every extra app is another app that needs updating or that may have a security issue associated with it. In a time of data breaches and vulnerabilities, deleting old apps is a smart move. As for the ones you keep, update them regularly and turn on auto-updates if that’s an option. Updates not only introduce new features to apps, but they also often address security issues too.
With so much of your life on your phone, getting security software installed on it can protect you and the things you keep on your phone. Whether you’re an Android owner or iOS owner, mobile security software can keep your data, your shopping, and payments secure.
The post 7 Tips to Protect Your Smartphone from Getting Hacked appeared first on McAfee Blog.
[Disclaimer: The McAfee ATR team disclosed this vulnerability to Peloton and promptly started working together to responsibly develop and issue a patch within the disclosure window. The patch was tested and confirmed effective on June 4, 2021.]
Picture this: A hacker enters a gym or fitness center with a Peloton Bike+. They insert a tiny USB key with a boot image file containing malicious code that grants them remote root access. Since the attacker doesn’t need to factory unlock the bike to load the modified image, there is no sign that it was tampered with. With their newfound access, the hacker interferes with the Peloton’s operating system and now has the ability to install and run any programs, modify files, or set up remote backdoor access over the internet. They add malicious apps disguised as Netflix and Spotify to the bike in the hopes that unsuspecting users will enter their login credentials for them to harvest for other cyberattacks. They can enable the bike’s camera and microphone to spy on the device and whoever is using it. To make matters worse, they can also decrypt the bike’s encrypted communications with the various cloud services and databases it accesses, potentially intercepting all kinds of sensitive information. As a result, an unsuspecting gym-goer taking the Peloton Bike+ for a spin could be in danger of having their personal data compromised and their workout unknowingly watched.
That’s a potential risk that you no longer have to worry about thanks to McAfee’s Advanced Threat Research (ATR) team. The ATR team recently disclosed a vulnerability (CVE-2021-3387) in the Peloton Bike+, which would allow a hacker with either physical access to the Bike+ or access during any point in the supply chain (from construction to delivery), to gain remote root access to the Peloton’s tablet. The hacker could install malicious software, intercept traffic and user’s personal data, and even gain control of the Bike’s camera and microphone over the internet. Further conversations with Peloton confirmed that this vulnerability is also present on Peloton Tread exercise equipment; however, the scope of our research was confined to the Bike+.
As a result of COVID-19, many consumers have looked for in-home exercise solutions, sending the demand for Peloton products soaring. The number of Peloton users grew 22% between September and the end of December 2020, with over 4.4 million members on the platform at year’s end. By combining luxury exercise equipment with high-end technology, Peloton presents an appealing solution to those looking to stay in shape with a variety of classes, all from a few taps of a tablet. Even though in-home fitness products such as Peloton promise unprecedented convenience, many consumers do not realize the risks that IoT fitness devices pose to their online security.
IoT fitness devices such as the Peloton Bike+ are just like any other laptop or mobile phone that can connect to the internet. They have embedded systems complete with firmware, software, and operating systems. As a result, they are susceptible to the same kind of vulnerabilities, and their security should be approached with a similar level of scrutiny.
Following the consumer trend in increasing IoT fitness devices, McAfee ATR began poring over the Peloton’s various systems with a critical eye, looking for potential risks consumers might not be thinking about. It was during this exploratory process that the team discovered that the Bike’s system was not verifying that the device’s bootloader was unlocked before attempting to boot a custom image. This means that the bike allowed researchers to load a file that wasn’t meant for the Peloton hardware — a command that should normally be denied on a locked device such as this one. Their first attempt only loaded a blank screen, so the team continued to search for ways to install a valid, but customized boot image, which would start the bike successfully with increased privileges.
After some digging, researchers were able to download an update package directly from Peloton, containing a boot image that they could modify. With the ability to modify a boot image from Peloton, the researchers were granted root access. Root access means that the ATR team had the highest level of permissions on the device, allowing them to perform functions as an end-user that were not intended by Peloton developers. The Verified Boot process on the Bike failed to identify that the researchers tampered with the boot image, allowing the operating system to start up normally with the modified file. To an unsuspecting user, the Peloton Bike+ appeared completely normal, showing no signs of external modifications or clues that the device had been compromised. In reality, ATR had gained complete control of the Bike’s Android operating system.
The McAfee ATR team disclosed this vulnerability to Peloton and promptly started working together to responsibly develop and issue a patch within the disclosure window. The patch was tested and confirmed effective on June 4, 2021. The discovery serves as an important reminder to practice caution when using fitness IoT devices, and it is important that consumers keep these tips in mind to stay secure while staying fit:
Stay on top of software updates from your device manufacturer, especially since they will not always advertise their availability. Visit their website regularly to ensure you do not miss news that may affect you. Additionally, make sure to update mobile apps that pair with your IoT device. Adjust your settings to turn on automatic software updates, so you do not have to update manually and always have the latest security patches.
Do your research before making a significant investment in an IoT device. Ask yourself if these devices are from a reputable vendor. Have they had previous data breaches in the past, or do they have an excellent reputation for providing secure products? Also, take note of the information your IoT device collects, how vendors use this information and what they release to other users or third parties.
Above all, understand what control you have over your privacy and information usage. It is a good sign if an IoT device allows you to opt-out of having your information collected or lets you access and delete the data it does collect.
Protect your data from being compromised by stealthy cybercriminals by using an identity theft solution such as the one included in McAfee Total Protection. This software allows users to take a proactive approach to protecting their identities with personal and financial monitoring, as well as recovery tools.
If you are one of the 4.4 million Peloton members or use other IoT fitness devices, it is important to keep in mind that these gadgets could pose a potential security risk just like any other connected device. To elevate your fitness game while protecting your privacy and data, incorporate cybersecurity best practices into your everyday life so you can confidently enjoy your IoT devices.
As stated, McAfee and Peloton worked together closely to address this issue. Adrian Stone, Peloton’s Head of Global Information Security, shared that “this vulnerability reported by McAfee would require direct, physical access to a Peloton Bike+ or Tread. Like with any connected device in the home, if an attacker is able to gain physical access to it, additional physical controls and safeguards become increasingly important. To keep our Members safe, we acted quickly and in coordination with McAfee. We pushed a mandatory update in early June and every device with the update installed is protected from this issue.”
Peloton is always looking for ways to improve products and features, including making new features available to Members through software updates that are pushed to Peloton devices. For a step-by-step guide on how to check for updated software, Peloton Members can visit the Peloton support site.
The post Is Your Peloton Spinning Up Malware? appeared first on McAfee Blogs.
There used to be a time when one roommate split the cost of rent with another by writing a check. Who still owns a checkbook these days? Of course, those days are nearly long gone, in large part thanks to “peer to peer” (P2P) mobile payment apps, like Venmo, Zelle, or Cash App. Now with a simple click on an app, you can transfer your friend money for brunch before you even leave the table. Yet for all their convenience, P2P mobile payment apps could cost you a couple of bucks or more if you’re not on the lookout for things like fraud. The good news is that there are some straightforward ways to protect yourself.
You likely have one of these apps on your phone already. If so, you’re among the many. It’s estimated that 70% of adults in the U.S. use mobile payment apps like these. And chances are that you have more than just the one. Only 25% of adults in the U.S. use just a single payment app.
Yet with all those different apps come different policies and protections associated with them. So, if you ever get stuck with a bum charge, it may not always be so easy to get your money back.
With that, here are seven quick tips for using your P2P mobile payment apps safely.
In addition to securing your account with a strong password, go into your settings and set up your app to use a PIN code, facial ID, or fingerprint ID. (And make sure you’re locking your phone the same way too.) This provides an additional layer of protection in the event your phone is stolen or lost and someone, other than you, tries to make a payment with it.
What’s worse than sending money to the wrong person? When paying a friend for the first time, have them make a payment request for you. This way, you can be sure that you’re sending money to the right person. With the freedom to create account names however one likes, a small typo can end up as a donation to a complete stranger. To top it off, that money could be gone for good!
Another option is to make a test payment. Sending a small amount to that new account lets both of you know that the routing is right and that a full payment can be made with confidence.
Bye, bye, bye! Unlike some other payment methods, new mobile payment apps don’t have a way to dispute a charge, cancel a payment, or otherwise use some sort of recall or retrieval feature. If anything, this reinforces the thought above—be sure that you’re absolutely making the payment to the right person.
Credit cards offer a couple of clear advantages over debit cards when using them in association with mobile payment apps (and online shopping for that matter too). Essentially, they can protect you better from fraud:
Report any activity like this immediately to your financial institution. Timing can be of the essence in terms of limiting your liabilities and losses. For additional info, check out this article from the Federal Trade Commission (FTC) that outlines what to do if your debit or credit card is stolen and what your liabilities are.
Also, note the following guidance from the FTC on payment apps:
“New mobile apps and forms of payment may not provide these same protections. That means it might not always be easy to get your money back if something goes wrong. Make sure you understand the protections and assurances your payment services provider offers with their service.”
It’s sad but true. Crooks are setting up all kinds of scams that use mobile payment apps. A popular one involves creating fake charities or posing as legitimate ones and then asking for funds by mobile payment. To avoid getting scammed, check and see if the charity is legit. The FTC suggests researching resources like Better Business Bureau’s Wise Giving Alliance, Charity Navigator, Charity Watch or, GuideStar.
Overall, the FTC further recommends the following to keep yourself from getting scammed:
With so much of your life on your phone, getting security software installed on your it can protect you and the things you keep on your phone. Whether you’re an Android owner or iOS owner, mobile security software can keep your data, shopping, and payments secure.
The post Avoid Making Costly Mistakes with Your Mobile Payment Apps appeared first on McAfee Blogs.
In 2018, Macs accounted for 10% of all active personal computers. Since then, popularity has skyrocketed. In the first quarter of 2021, Macs experienced 115% growth when compared to Q1 2020, putting Apple in fourth place in the global PC market share. It is safe to say that Macs are well-loved and trusted devices by a significant portion of the population — but just how safe are they from a security perspective?
Many users have historically believed that Macs are untouchable by hackers, giving Apple devices a reputation for being more “secure” than other PCs. However, recent attacks show that this is not the case. According to TechCrunch, a new malware called XCSSET was recently found exploiting a vulnerability that allowed it to access parts of macOS, including the microphone, webcam, and screen recorder — all without consent from the user.
Let’s dive deeper into how XCSSET works.
Researchers first discovered XCSSET in 2020. The malware targeted Apple developers and the projects they use to build and code apps. By targeting app development projects, hackers infiltrated apps early in their production, causing developers to unknowingly distribute the malware to their users.
Once the malware is running on a user’s device, it uses multiple zero-day attacks to alter the machine and spy on the user. These attacks allow the hacker to:
While macOS is supposed to ask users for permission before allowing any app to record the screen, access the microphone or webcam, or open the user’s storage, XCSSET can bypass all of these permissions. This allows the malware to sneak in under the radar and inject malicious code into legitimate apps that commonly ask for screen-sharing permissions such as Zoom, WhatsApp, and Slack. By disguising itself among these legitimate apps, XCSSET inherits their permissions across the computer and avoids getting flagged by macOS’s built-in security defenses. As a result, the bug could allow hackers to access the victim’s microphone, webcam, or capture their keystrokes for login credentials or credit card information.
It is unclear how many devices were affected by XCSSET. Regardless, it is crucial for consumers to understand that Mac’s historical security reputation does not replace the need for users to take online safety precautions. The following tips can help macOS users protect themselves from malware:
Software developers are continuously working to identify and address security issues. Frequently updating your devices’ operating systems, browsers, and apps is the easiest way to have the latest fixes and security protections. For example, Apple confirmed that it addressed the bug exploited by XCSSET in macOS 11.4, which was made available on May 24th, 2021.
Hackers often use phishing emails or text messages as a means to distribute malware by disguising their malicious code in links and attachments. Do not open suspicious or irrelevant messages, as this can result in malware infection. If the message claims to be from a business or someone you know, reach out to the source directly instead of responding to the message. This will allow you to confirm the sender’s legitimacy.
Use a solution like McAfee Total Protection, which can help protect devices against malware, phishing attacks, and other threats. It also includes McAfee WebAdvisor — a tool to help identify malicious websites.
Regardless of whether you are Team PC or Team Mac, it is important to realize that both platforms are susceptible to cyberthreats that are constantly changing. Doing your research on prevalent threats and software bugs puts you in a better position to protect your online safety.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, subscribe to our newsletter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Apple Users: This macOS Malware Could Be Spying on You appeared first on McAfee Blogs.
Today’s technology allows you to complete various tasks at the touch of a button wherever you go. As a result, you place trust in online services that make everyday chores more convenient without second-guessing their effects. One such service is online banking. More Canadians are doing their banking virtually with over 76% using online or mobile devices. Despite the extensive measures that banks take to strengthen their online security, no system is fail-safe. It is extremely important to practice proper security habits and be on the lookout for online fraud to ensure the safety of your financial information.
According to the Canadian Bankers Association (CBA), banks in Canada use sophisticated technology and layers of security to help protect customers from fraud when doing their banking online or using a mobile banking app. Although online banking is generally safe, it does provide cybercriminals with a potentially lucrative opportunity. Some scammers turn to phishing techniques to trick people into handing over their sensitive personal information. They call, text, or email you claiming to be a representative from your bank and state that they noticed some unusual activity related to your account. The imposters then ask you to click on a link in the email or text message to verify your credentials. Unfortunately, this “verification link” is actually a phishing link, and cybercriminals can use the password or credit card details to walk right into your account.
Once cybercriminals gain access to your password and username, they may then move on to credential stuffing. Credential stuffing occurs when an attacker inserts the username and password for one account into the login page of another online service. This tactic capitalizes on the fact that many people reuse the same username and password across multiple accounts.
Hackers also use phishing to spread malware onto the devices you use to access online banking services. These suspicious emails and text messages disguised as notifications from your bank could contain malicious links or attachments that trick you into downloading malware on your device. Furthermore, attackers mimic banking and money transfer institutions to collect your credentials and access your sensitive information.
The convenience of paying bills and depositing checks without running to the bank or post office is undeniable. Everyone is always rushing about, so if you’re now doing these things online securing your online privacy is not a responsibility to speed through.
It’s important that you put your privacy first when using online and mobile banking platforms so you can use these convenient services without jeopardizing your financial accounts. Follow these tips to enhance your online banking security:
Review your bank’s terms and conditions to understand your responsibilities as the account owner and the responsibilities of your bank. Check your accounts regularly for transactions you didn’t make and contact your financial provider as soon as you find an error. Most banks have policies that reimburse you for unauthorized purchases if someone uses your credit card without your permission.
Look at the recommendations provided by your bank, for example, CIBC recommends using longer passwords for your bank account that include a combination of uppercase, lowercase, numbers, and special characters. Additionally, do not reuse this password across your other accounts. If a hacker guesses your password for one of your online accounts, it’s likely that they will check for repeat credentials across multiple sites. By using different passwords or passphrases, you can feel secure knowing that the majority of your data is secure if one of your accounts becomes vulnerable. If you’re worried about forgetting your passwords, subscribe to a password management tool that will remember them for you.
Always opt-in for two- or multi-factor authentication if your financial institution offers it. This is a method of signing in that requires not only a username and password but also a one-time code that is sent by text or email. This extra layer of verification makes it much harder for a criminal to access your sensitive accounts.
From splitting the check when eating out with friends to dividing the cost of bills, third-party mobile payment apps are an incredibly easy way to share money. Before downloading these apps, do your research. Ensure that the company behind the app or the app itself hasn’t undergone any major security incidents and that they have a history of patching bugs immediately. If you decide to download a mobile payment app, set your account to private and limit the amount of data you share. Additionally, look for the lock icon in your web browser when logging in to online banking platforms. A closed lock or padlock indicates that the website you’re on is secure.
Phishing scammers often undo their own plans by making simple mistakes that are easy to spot once you know how to recognize them. These mistakes include spelling or grammar errors throughout the email or text message, using a company’s logo with the incorrect aspect ratio or low resolution, and using a URL with typos. For example, phishers may swap an “o” with a zero, or end the address with “.con” instead of “.com.” If you receive a message with any of these characteristics, do not click on any of the links and delete it immediately.
Never conduct your banking business on a public or unsecured wi-fi network. Connect to a virtual private network (VPN), which allows you to send and receive data while encrypting your information. When your data traffic is scrambled, it’s shielded from prying eyes, which protects your network and the devices connected to it.
While online banking adds a wealth of convenience to your lives, it’s important that you remain invested in your security first and foremost. Cybercriminals often take advantage of your reliance on digital platforms to disguise themselves as bank representatives and trick you into handing over your personal data. To remain secure while online banking, practice good cybersecurity hygiene by using strong, unique passwords, multi-factor authentication, and stay vigilant while looking for signs of phishing. These tips will help elevate your financial security so you can virtually bank with peace of mind.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, subscribe to our newsletter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Elevate Your Financial Security: How to Safely Bank Online appeared first on McAfee Blogs.
Many have seamlessly transitioned their fitness regimens out of the gym and into the living room since the start of the COVID-19 pandemic, thanks in part to the use of IoT devices. IoT (Internet of Things) denotes the web of interconnected physical devices embedded with sensors and software to collect and share information via the internet. The most common IoT devices used for virtual fitness include wearable fitness trackers and stationary machines equipped with digital interfaces. As effective as these devices are for facilitating a great workout, many do not realize the risks they pose for their online security. According to McAfee Labs Threats Report, new IoT malware increased by 7% at the start of the pandemic. There are various steps that users can take to continue using these devices securely without compromising performance. But first, it’s essential to understand why these devices are vulnerable to cyber-attacks.
IoT devices are just like any other laptop or mobile phone that can connect to the internet. They have embedded systems complete with firmware, software, and operating systems. As a result, they are exposed to the same vulnerabilities, namely malware and cyber-attacks.
One reason why IoT devices are so vulnerable is due to their update structure, or lack thereof. IoT devices lack the stringent security updates afforded to laptops or mobile phones. Because they do not frequently receive updates—and in some cases, never—they do not receive the necessary security patches to remain consistently secure.
What’s worse, if the developer goes out of business, there is no way to update the existing technology vulnerabilities. Alternatively, as newer models become available, older devices become less of a priority for developers and will not receive as many updates as their more contemporary counterparts.
Without these updates, cybercriminals can hack into these devices and taking advantage of the hardware components that make them a significant risk to users. For example, they can track someone’s location through a device’s GPS, or eavesdrop on private conversations through a video camera or audio technology.
IoT devices with unpatched vulnerabilities also present an easy entry point through which hackers can penetrate home networks and reach other devices. If these devices do not encrypt their data transmission between different devices and servers, hackers can intercept it to spoof communications. Spoofing is when a hacker impersonates a legitimate source, the back-end server or the IoT device in this case, to transmit false information. For instance, hackers can spoof communications between a wearable fitness tracker and the server to manipulate the tracking data to display excessive physical activity levels. They can then use this data for monetary gain by providing it to insurance companies and 3rd party websites with financial incentive programs.
Hackers can also exploit device vulnerabilities to spread malware to other devices on the same network to create a botnet or a web of interconnected devices programmed to execute automated tasks. They can then leverage this botnet to launch Distributed Denial of Service (DDoS) or Man in the Middle attacks.
Whether you own an IoT device to monitor your health or physical performance, it is essential to take the necessary precautions to minimize the risks they present to digital security. Here are a few tips to keep in mind when incorporating your device into your fitness routine.
Default names and passwords are low-hanging fruit for hackers and should be the first thing you address when securing your router. Default router names often include the make or model of the manufacturer. Changing it will reduce a hacker’s chance of infiltrating your home network by making the router model unidentifiable. Further, follow password best practices to ensure your router password is long, complex, and unique.
Next, make sure you enable the highest level of encryption which includes Wi-Fi Protected Access 2 (WPA2) or higher. Routers with older encryption protocols such as WPA or Wired Equivalent Privacy (WEP) are more susceptible to brute force attacks, where hackers will attempt to guess a person’s username and password through trial and error. WPA2 and higher encryption methods ensure that only authorized users can use your same network.
Lastly, create a guest network to segment your IoT devices from your more critical devices like laptops and mobile phones. If a hacker infiltrates your IoT devices, the damage is contained to the devices on that specific network.
Updates are critical because they go beyond regular bug fixes and algorithmic tweaks to adjust device software vulnerabilities.
Make it a point to stay on top of updates from your device manufacturer, especially since they will not always advertise their availability. Visit their website regularly to ensure you do not miss pertinent news or information that may impact you. Additionally, make sure to update the app corresponding to your IoT device. Go into your settings and schedule regular updates automatically, so you do not have to update manually.
Do your research before making a significant investment in an IoT device. Ask yourself if these devices are from a reputable vendor. Have they had previous data breaches in the past, or do they have a grade A track record for providing high-security products?
Also, take note of the information your IoT device collects, how vendors use this information and what they release to other users or third parties. Do they have privacy policies in place to protect their users’ data under PIPEDA regulation?
Above all, understand what control you have over your privacy and information usage. It is a good sign if an IoT device allows you to opt-out of having your information collected or lets you access and delete the data it does collect
Next time you go for a run with geolocation activated on your smartwatch, think again about what risks this poses to your virtual security and even your physical safety. Enhance your security by only enabling the features that are necessary to optimize your fitness performance. In doing so, you ensure that hackers cannot utilize them as a foothold to invade your privacy.
IoT devices have made in-home exercise routines possible, given their increase in availability and ease of use. However, despite their capabilities for optimizing the fitness experience, the nature of these devices has made them one of many threats to personal privacy and online safety. For an elevated fitness experience beyond a great workout, start securing your IoT devices to integrate them into your everyday exercise routine safely.
The post Don’t Sweat Your Security: How to Safely Incorporate IoT Into Your Fitness Routine appeared first on McAfee Blogs.
When gyms were forced to close last year, you likely looked for other ways to get some exercise and stay active during quarantine. From investing in a few pairs of dumbbells or perhaps downloading an app or two to help you track your workouts, you found alternatives to help you break a sweat. As an accessible, easy way to release endorphins, running quickly grew in popularity along with the platforms that help runners stay accountable. According to Runner’s World, there was a 34% uptick in outdoor miles logged by common fitness apps between March and September 2020 compared to the same stretch in 2019. But are these tools potentially endangering your privacy?
According to TechCrunch, running apps could potentially threaten your security if the data they collect ends up in the wrong hands. Let’s explore the functionalities of these apps and how they could pose a threat to your online safety.
Running apps are solid companions for advanced and amateur runners alike, allowing you to track the length of your run and set a pace for yourself. These apps learn a lot about you the more you use them by gathering health data like your height and weight and even your location. But similar to the threats that exist when you overshare on other online platforms, this data could pose a serious threat to your privacy. For example, location data could identify where you live or where you work – information that you definitely wouldn’t want in the hands of a stranger. If a cybercriminal is able to hack into your account, they could exploit this information to commit identity theft or craft a phishing email disguised as your employer.
Additionally, many of these apps lack basic security measures to prevent hackers from breaking into accounts or from health and fitness data from spilling out. For example, many popular running apps allow the most basic passwords like “qwerty” and “password.” Oftentimes, hackers automate their attacks by targeting accounts with easy-to-crack passwords like the ones mentioned. This allows them to exploit the most accounts with as little effort as possible. Furthermore, these apps do not have the option to set up two-factor authentication, which creates an additional barrier to prevent hackers from exploiting reused passwords.
No matter where you are in your fitness journey, it is essential to take the necessary precautions to minimize the risks of the platforms you use to hold yourself accountable – running apps included. If you are looking to hit your stride while keeping security and privacy top of mind, follow these tips:
Your password is your first line of defense, so it is important that you use one that is strong and unique to your other account credentials. If a hacker does manage to guess your password for one of your online accounts, it is likely they will check for repeat credentials across multiple sites. By using different passwords or passphrases, you can feel slightly more at ease knowing that the majority of your data is secure if one of your accounts becomes vulnerable.
You can also use a password manager to help you create strong passwords, remove the hassle of remembering numerous passwords, and log on to websites automatically.
Some running apps are configured to publicly share user data by default. After you download an app, spend some time researching how to change these settings so your data is not shared with strangers without your permission.
If your running app of choice does undergo any security updates, make sure that they are installed as soon as possible. Developers actively work to identify and address security issues. Frequently update your operating systems and apps so that they have the latest fixes and security protections. The easiest way to do this is to enable automatic software updates on your mobile device.
Next time you go for a run with your location services on, think again about what risks this poses to your virtual security and your physical safety. Enhance your security by only enabling the features that are necessary to optimize your fitness performance. This will help prevent hackers from using your location as a vehicle to invade your privacy.
Since the data collected on running apps involves sensitive health and location information, it is worth reviewing the privacy policies for all of the fitness platforms you regularly use to see how your data might be affected. To ensure that you can keep moving toward your fitness goals while protecting your online safety, stay educated on the tools you use to track your progress and implement the necessary security measure to do so with security in mind.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, subscribe to our email, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post How to Remain Secure While Using Running Apps appeared first on McAfee Blogs.
Social media is a great place to connect with friends and family. Unfortunately, it is also a great place for misinformation to run rampant, and it is a virtual treasure chest for cybercriminals to steal personal information. Over 25 million Canadians own a social media account, and more than 80% of the Canadian population is expected to be on social media by 2025.
Check out this roundup of common social media scams so you can network intelligently, spot misinformation, and stop its spread.
The classic saying of “Don’t believe everything you see on TV” applies neatly to “Don’t believe everything you read on social media.” There is a resurgence of false news reports circulating on social media surrounding COVID-19 and the vaccine. For example, 5G aiding the spread of the virus and the preventive properties of garlic are just two of the rumors about COVID-19.
Misinformation leads to chaos and is a major threat to public health. Before you reshare a post or article, it is great to take a few minutes to digest the message, determine if it is true, and ask yourself if friends and family would genuinely benefit if they heard the news it carries.
There are a few tell-tale signs of fake news posts. First, they often try to inspire extreme emotions, such as rage and indignation, to prompt people to share immediately. Next, fake news reports are frequently poorly written and vague about where they received their information. Always try to find the primary source for “facts.” In the case of COVID-19 news, all health tips should be sourced from a licensed medical professional.
If you are ever in doubt about the facts, especially when they deal with public health, do not share the post. Instead, leave the reporting to trained medical professionals. Consult the World Health Organization and the Public Health Agency of Canada or direct your network to #ScienceUpFirst for the latest and most accurate reports about COVID-19 and the vaccine.
There was a recent data leak at Facebook, and the contents of about half a billion accounts were posted on a hacking website, including 3.49 million Canadian accounts. Hackers can get a lot of mileage out of just one social media profile because it contains all the greatest hits of information needed to verify an identity.
Most profiles list your real full name, birthday, your relationship status, your hometown, and contact information. Also, hackers can skim a user’s posting history to find even more personal details. Many social media users have posted at one time or another a “get to know you” post, where they list many revealing facts. These posts are a pot of gold to cybercriminals. They are basically lists of possible answers to security questions: Where did you go to primary school? What was the model of your first car? What is the name of your favorite stuffed animal?
Another recent trend that can make you vulnerable in case of a data leak is posting COVID-19 vaccine cards. Social media users are excited to share the big milestone of getting their first shot. What they might not realize is that vaccine cards contain vital personal information that could be used by malicious actors. There are alternative ways to share the happy news. Instead, post a picture of the fun bandage the nurse put on your arm or take a selfie outside of the vaccination center.
It is a shame that what you share on social media can be turned against you by cybercriminals, but that does not mean you have to stop sharing details about your life. Instead of posting personal details online that could be used maliciously in the event of a data leak, think about creating an exclusive email newsletter or secure group chat for your closest friends and family.
There is a major thrill when you think you have won something; however, if you receive a notification on social media that you have won a contest, reserve your excitement until you have confirmed its legitimacy. Be especially wary if you do not remember entering a contest.
Contest scams are a type of social engineering tactic used by cybercriminals. Social engineering relies on people’s tendency to trust others. Cybercriminals often capitalize upon extreme emotions, like fear, urgency, and in this case excitement, to trick unsuspecting people into hastily giving up sensitive information.
Phishing is also common in contest scams. Social media users may receive a message that they have won a giveaway and to click on a link to claim their prize. Luckily, easy-to-spot signs of a phishing message include poor grammar, misspellings, and a sense of urgency. Always approach these types of messages with caution. Instead of clicking on any of the links, hover your cursor over them to see where they redirect. If the redirect site URL is suspicious and contains misspellings, steer clear.
If you ever receive a notification on social media that you have won a prize, remain skeptical until you have verified the authenticity. Locate the organization’s official social media page (which you can likely find on their website), and direct message them for more details.
With all of these common scams floating about and waiting to strike, check out these tips to network safely.
The joy of social media is sharing your everyday life with your friends and family. It is fun to have dozens of people wish you a happy birthday on your profile, but consider removing the year of your birthday. Also, consider removing your phone number, home address, and email address from your profile. If a friend or family member wants to get in touch with you, they can personally direct message you. Cybercriminals can take your contact information and full birthday and use it to steal your identity, so it is best not to post it online.
While you may want to share the latest news with your networks, do not share information that you are not sure is true. According to Statistics Canada, only half of Canadians investigated the accuracy of COVID-19 social media posts before they reshared. Do your due diligence and be a part of the solution, not part of the problem.
Even if you are a diligent and intelligent social media user, there is a chance that you could accidentally click on a phishing link. In case this happens, you should have a backup plan to safeguard your devices and your personal information from viruses and malware. Protect your devices with a comprehensive antivirus program, such as McAfee Total Protection. You can rest assured that if you or a member of your family accidentally opens a malicious link, your devices will be safe.
The post Beware of Social Media Scams appeared first on McAfee Blogs.
Google’s Android operating system has been a boon for the average consumer. No other operating system has given so much freedom to developers and hardware manufacturers to make quality devices at reasonable prices. The number of Android phones in the world is astounding. That success comes with a price, however.
A recent report from our own McAfee Mobile Research team has found malicious apps with hundreds of thousands of downloads in the Google Play store. This round of apps poses as simple wallpaper, camera filters, and picture editing, but they hide their nature till after they’ve been installed on your device.
Figure 1. Infected Apps on Google Play
On the bright side, Google Play performs a review for every app to ensure that they are legitimate, safe, and don’t contain malware before they’re allowed on the Play store. However, enterprising criminals regularly find ways to sneak malware past Google’s security checks.
Figure 2. Negative reviews on Google Play
When developers upload their apps to the Play store for approval, they have to send supporting documents that tell Google what the app is, what it does and what age group it’s intended for. By sending Google a “clean” version of their app, attackers can later get their malicious code into the store via a future update where it sits and waits for someone to download it. Once installed, the app contacts a remote server, controlled by the attackers, so it can download new parts of the app that Google has never seen. You can think of it as a malware add-on pack that installs itself on your device without you realizing it. By contacting their own server for the malware files, attackers sneak around Google security checks and can put anything they want on your device.
The current round of malware we’re seeing hijack your SMS messages so they can make purchases through your device, without your knowledge. Through a combination of hidden functionality and abuse of permissions like the ability to read notifications, that simple looking wallpaper app can send subscription requests and confirm them as if it were you. These apps will regularly run up large bills through purchasing subscriptions to premium rate services. The more troubling part is how they can read any message that you receive, possibly exposing your personal information to attackers.
To start, a comprehensive and cross-platform solution like McAfee Total Protection can help detect threats like malware and alerts you if your devices have been infected. I’d also like to share some tips our Research team has shared with me.
Before you hit that install button, take a good look at an app’s reviews. Do they look like they were written by real people? Do the account names of the reviewers make sense? Are people leaving real feedback, or are the majority of comments things like, “Works great. Loved it.” with no other information?
Scammers can easily generate fake reviews for an app to make it look like people are engaging with the developers. Look out for vague reviews that don’t mention the app or what it does, nothing but five-star reviews, and generic sounding account names like, “girl345834”. They’re probably bots, so be wary.
Search for the app developers’ company and see if they have a website. Having a website doesn’t guarantee an app is legitimate, but it’s another good indicator of how trustworthy a company’s app is. Through their website, you should be able to find out where their team is based, or at least some personal information about the company. If they’re hiding that information, or there’s no site at all, that might be a good sign to try a different app.
A lot of malicious apps offer features that your phone already provides, like a flashlight or photo viewer. Unless there’s a very specific reason why you need a separate app to do something your device already does, it’s not recommended to use a third-party app. Especially if it’s free.
App permissions must be clearly stated on the app’s page in order to get into the Google Play store. They’re found near the bottom of the page, along with developer information. Check the permissions every app asks for before you install it and ask yourself if they make sense. For example, a photo editor doesn’t need access to your contacts list, and wallpapers don’t need to have access to your location data. If the permissions don’t make sense for the type of app, steer clear.
Mobile devices are vulnerable to malware and viruses, just like your computer. By installing McAfee protection to your mobile device, you can secure your mobile data, protect your privacy, and even find lost devices.
Android is one of the most popular operating systems on the planet, which means the rewards for creating malware for Android devices are well worth it. It’s unlikely that Android malware is going away any time soon, so staying safe means being cautious with the things you install on your devices.
You can protect yourself by installing McAfee Total Protection on your mobile device and reading the permissions apps ask for when you install them. There’s no good reason for a wallpaper app to have SMS permissions, but that request should ring some alarm bells that something isn’t right and stop you from installing it.
The post Fraudulent Apps that Automatically Charge you Money Spotted in Google Play appeared first on McAfee Blogs.
It’s easy to imagine where we would be without women in technology.
We’d be poorer for it.
With Mother’s Day upon us, I couldn’t help but think once more about the stark employment figures I shared in my International Women’s Day blog just a few weeks ago. Millions of women have involuntarily left the workforce at a much higher rate than men during the pandemic—with roughly one third of women in the U.S. aged 25-44 citing that childcare was the reason for that unemployment.
Reflecting on this further, I thought about the women in technology who’ve left their positions during this past year. It’s a loss of talent and capability that’s set back decades of advances by trailblazing women who not only shine in their field yet also do so in male-dominated realms of study, research, and employment.
So as we look ahead to recovery, we should also look back. By celebrating just a few of the women in technology who shaped our world today, women who truly are “mothers of invention,” perhaps we can remember just how vital women are in our field—and how we should double down on our efforts to welcome them back.
Imagine a time when the term “software engineering” wasn’t recognized, even though it was crucial to us landing on the moon.
Such were the days when Margaret Hamilton began her work at Massachusetts Institute of Technology (MIT) as a job to support her family while her husband went to law school at Harvard. This was in 1959 and would introduce her to Edward Lorenz, the father of chaos theory, and put her on the path to help humanity set its first footsteps on the moon.
It was her work and her code that developed a software-driven system that warned astronauts of in-flight emergencies, an advance she credits her young daughter for inspiring, as recounted in this interview:
Often in the evening or at weekends I would bring my young daughter, Lauren, into work with me. One day, she was with me when I was doing a simulation of a mission to the moon. She liked to imitate me – playing astronaut. She started hitting keys and all of a sudden, the simulation started. Then she pressed other keys and the simulation crashed … I thought: my God – this could inadvertently happen in a real mission.
I suggested a program change to prevent a prelaunch program being selected during flight. But the higher-ups at MIT and NASA said the astronauts were too well trained to make such a mistake. Midcourse on the very next mission, Apollo 8, one of the astronauts on board accidentally did exactly what Lauren had done. The Lauren bug! It created much havoc and required the mission to be reconfigured. After that, they let me put the program change in, all right.
When you search online, you have this woman to thank.
A true pioneer, Karen Spärck Jones worked at Cambridge, during which time she developed the algorithm for deriving a statistic known as “term frequency–inverse document frequency” (TFIDF). In lay terms, TFIDF determines how important a word is relative to the document or collection of terms in which it is found. Sound familiar? It should, as her work forms the basis of practically every search engine today.
Spärck Jones remained outspoken with regards to what she referred to as “professionalism” in technology. This had two layers: the first being the technical efficacy of a solution, the second being the rationale for even doing it in the first place. In her words,
“[T]o be a proper professional you need to think about the context and motivation and justifications of what you’re doing … You don’t need a fundamental philosophical discussion every time you put finger to keyboard, but as computing is spreading so far into people’s lives you need to think about these things.”
Her vision for computing and her hands-on work led to development of COBOL, a programming language still in use today. Driving that vision was the belief that human language could be used as the basis for a programming language, making it more accessible, particularly for business use. The result was the FLOW-MATIC programming language, which was later developed into COBOL, a language that is estimated to be used in 95% of ATM card swipes.
During her time as a naval officer, she helped transform centralized Defense Department systems into smaller, distributed networks akin to the internet we now know and use. At her retirement near the age of 80, she went to work in the private sector where she held the role of full-time senior consultant until her passing at age 85. This 1983 profile of her, aired when she was 76, is certainly worth a watch.
Quite plainly, Perlman’s work paved the way for the routing protocols that underpin the modern internet.
Prior to Perlman’s work, as networks grew and accordingly became more complex, data would often flow into loops that prevented them from reaching their intended destination. Enter her creation of the Spanning Tree Protocol (STP), which can handle large clouds of computers and network devices. While its since evolved, the concept of an adaptive network remains squarely in place.
Another advance of hers was introducing computer programming to young children aged 3 to 5 back in the 1970s. While working at MIT’s LOGO Lab, she created TORTIS (Toddler’s Own Recursive Turtle Interpreter System), which used buttons from programming and allowed for experimentation with a robotic turtle that would follow a toddler’s commands. In the abstract for her paper that documented the work, she emphasized what she felt was a vital point, “Most important of all, it should teach that learning is fun.”
These women have led and inspired, and likewise it’s on all of us in technology to build on the advances they made possible through both our work and the workplace cultures we foster—particularly as we begin our recovery from this pandemic.
One of the many reasons I’m proud to be a part of McAfee is our Women in Security (WISE) community. It’s truly a forward-thinking program, which we introduced to enrich and support women in the tech sector through mentorship programs and professional development conferences. It’s one of the several, tangible ways we actively strive for a vibrant and diverse culture at McAfee.
Another powerful voice for women in tech is AnitaB.org, which supports women in technical fields, as well as the organizations that employ them and the academic institutions training the next generation. A full roster of programs help women grow, learn, and develop their highest potential.
And for looking forward yet further, there’s Girls Who Code, which is building the next generation of female engineers and technologists. Their data shows why this is so vital. They found that 66 percent of girls aged six to 12 show interest in computing, but that drops to 32 percent for girls aged 13 to 17, and then plummets to only 4 percent for college freshmen. Accordingly, they support several programs for school-aged girls from third grade up through senior year of high school, help educators and communities launch clubs, and advocate for women in their field through their work in public policy and research.
And that’s just for starters. For an overview of yet more organizations where you can get involved, check out this list of 16 organizations for women in tech—all of which help us realize a better world with women in technology.
The post The Mothers of Invention: Women Who Blazed the Trail in Technology appeared first on McAfee Blogs.
Cybercriminals go to great lengths to hack personal devices to gather sensitive information about online users. To be more effective, they make significant investments in their technology. Also, cybercriminals are relying on a tactic called social engineering, where they capitalize upon fear and urgency to manipulate unsuspecting device users to hand over their passwords, banking information, or other critical credentials.
One evolving mobile device threat that combines malware and social engineering tactics is called BRATA. BRATA has been recently upgraded by its malicious creators and several strains have already been downloaded thousands of times, according to a McAfee Mobile Research Team report.
Here’s how you can outsmart social engineering mind games and protect your devices and personal information from BRATA and other phishing and malware attacks.
BRATA stands for Brazilian Remote Access Tool Android and is a member of an Android malware family. The malware initially targeted users in Brazil via Google Play and is now making its way through Spain and the United States. BRATA masquerades as an app security scanner that urges users to install fake critical updates to other apps. The apps BRATA prompts the user to update depends on the device’s configured language: Chrome for English speakers, WhatsApp for Spanish speakers, and a non-existent PDF reader for Portuguese speakers.
Once BRATA infects a mobile device, it combines full device control capabilities with the ability to capture screen lock credentials (PIN, password, or pattern), capture keystrokes (keylogger functionality), and record the screen of the compromised device to monitor a user’s actions without their consent.
BRATA can take over certain controls on mobile phones, such as:
BRATA is like a nosy eavesdropper that steals keystrokes and an invisible hand that presses buttons at will on affected devices.
BRATA’s latest update added new phishing and banking Trojan capabilities that make the malware even more dangerous. Once the malware is installed on a mobile device, it displays phishing URLs from financial institutions that trick users into divulging their sensitive financial information. What makes BRATA’s banking impersonations especially effective is that the phishing URLs do not open into a web browser, which makes it difficult for a mobile user to pinpoint it as fraudulent. The phishing URLs instead redirect to fake banking log-in pages that look legitimate.
The choice to impersonate banks is a strategic one. Phishers often impersonate authoritative institutions, such as banks and credit card companies, because they instill fear and urgency.
Social engineering methods work because they capitalize on the fact that people want to trust others. In successful phishing attacks, people hand cybercriminals the keys instead of the cybercriminal having to steal the keys themselves.
Awareness is the best defense against social engineering hacks. When you’re on alert and know what to look for, you will be able to identify and avoid most attempts, and antivirus tools can catch the lures that fall through the cracks.
Here are three tell-tale signs of a social engineering attack and what you should do to avoid it.
Just because an app appears on Google Play or the App Store does not mean it is legitimate. Before downloading any app, check out the number of reviews it has and the quality of the reviews. If it only has a few reviews with vague comments, it could either be because the app is new or it is fake. Also, search the app’s developer and make sure they have a clean history.
Never click on links if you are not sure where they redirect or who sent it. Be especially wary if the message surrounding the link is riddled with typos and grammar mistakes. Phishing attempts often convey urgency and use fear to pressure recipients to panic and respond too quickly to properly inspect the sender’s address or request. If you receive an urgent email or text request concerning your financial or personal information, take a deep breath and investigate if the claim is legitimate. This may require calling the customer service phone number of the institution.
Just like computers, mobile devices can be infected with viruses and malware. Protect your mobile device by subscribing to a mobile antivirus product, such as McAfee Mobile Security. McAfee Mobile Security is an app that is compatible with Android devices and iPhones, and it protects you in various ways, including safe surfing, scanning for malicious apps, and locating your device if it is lost or stolen.
The post Beware of BRATA: How to Avoid Android Malware Attack appeared first on McAfee Blogs.
Over the last 12 months, technology has featured in our lives in a way I don’t think any of us would have predicted. Whether you were in lockdown, choosing to stay home to stay well or quite simply, out of other option – technology saved the day. It helped us work and learn from home, stay connected with friends and family, entertain ourselves, shop and essentially, live our lives.
For many parents, this was a real ‘aha’ moment. A moment when technology went from being an annoying distraction to incredibly critical to the functioning of our day to day lives. Of course, many of us had always considered technology to be useful to help us order groceries and check Facebook but to experience first-hand that technology meant life could go on during a worldwide pandemic was a real game changer.
Whether it was downloading video calling apps like Zoom or Facetime, setting up a Twitter account to get updates from the Health Department, using Google Doc to work collaboratively or experiencing what online gaming really is via a few sessions on the Xbox, 2020 means many parents had to get up to date, real fast! And you know what – that’s a good thing! I’ve had so many parents remark to me that they know finally understand why their kids are so enamoured with technology. There really is nothing like walking in someone’s shoes to experience their world!
I’m a big believer in parents taking the time to truly understand the world in which their kids exist. For years, I’ve advised parents to download and use the apps and games their kids play so they can understand the attraction and complexity of their kids’ digital life. Well, it may have taken a global pandemic, but I am delighted to report that, anecdotally at this stage, more parents are now embracing their kids’ online world.
When we first become enamoured with something, we often enter the ‘honeymoon’ phase. As a married woman of 28 years, this was many years ago for me!! The honeymoon phase is when everything is wonderful and rosy, and negatives are not always considered. And our relationship with technology can be much the same. And I’ve been there – there’s nothing quite so wonderful as discovering a new app or piece of software and almost being joyous at just how transformational it could be for your life. And this often means we gloss over or even ignore the risks because we are in love!!!
So, as Cybermum, I’m here to cheer you on and pat you on the back for embracing and using new apps and software. Yes, I’m very proud! But I also want to share with you just a few steps that you need to take to ensure you are not taking on any unnecessary risks with your new favourite app. Here are my top tips:
1. Passwords
Every app, online account or piece of software needs it own individual password. Yes, I know that it is a real pain, but it is one of the most important things you will do to protect yourself online. I’m a big fan of password managers that not only generate the most incredibly complex passwords for each of your accounts but remember them for you. McAfee’s password manager, True Key, is a free option which has completely helped me manage my 80 plus collection of passwords!! Very grateful!
2. Software Updates
The main purpose of a software update is to protect the user from security threats. Yes, you may also get some new features and possibly have a glitch or 2 removed but it is all about the user’s safety. So, if you don’t update your software, it’s a little like leaving windows open when you go out. And the longer you leave between updates – the more windows you leave open!
So, automate these updates if you can or schedule them in your diary. Why not earmark the first day of the month to check and see what you need to download to protect yourself? And don’t forget about your operating system on your phone or laptop too!
3. Be Wi-Fi Wary
Dodgy wi-fi is where so many people come unstuck. Regardless of what app or software you are using, anything you share via unsecured wi-fi could be intercepted by a hacker. So, if you find yourself using wi-fi regularly, you might want to consider a Virtual Private Network or VPN. A VPN creates an encrypted tunnel so anything you share via Wi-Fi cannot be intercepted. Genius, really! Check out McAfee’s Safe Connect for peace of mind.
So, please keep going! Keep exploring new ways technology can work for you in our new COVID world. But remember to take a break too. There is no doubt that technology has saved the day and has ensure we can all still function but there must be a balance too. So, walk the dog, play a board game or having a cuppa outside. Remember you manage the technology; it doesn’t manage you!
Till next time
Stay safe online.
Alex xx
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, subscribe to our email, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post How 2020 Helped Parents Understand Their Kids’ Digital Lives appeared first on McAfee Blogs.
I’ve had such a busy morning! I’ve hunted down my favourite foundation, bought a puzzle mat, stocked up on special dog food for our naughty new puppy, ordered the groceries, made a few appointments and chatted with several friends. And guess what? I haven’t left my study – or changed out of my pyjamas!! Ssshhh!! Because it’s all happened online…
Of course, some of us embraced the benefits of the online world long before 2020 but the Pandemic forced almost everyone to replace our in-person activities and routines with online ones. New research from McAfee in their 2021 Consumer Security Mindset Report shows that 72% of Aussies made changes in their online activities last year out of convenience which makes complete sense!
But what’s so interesting is that now we have these super handy new online routines in place – we aren’t that keen to give them up! McAfee’s report shows that 76% of Aussies are planning on continuing with online banking, 59% of us want to keep connecting with friends and family online and 55% of us remain totally committed to online shopping! Hear, hear, I say! I am absolutely staying that course too!!
There’s no doubt that there is a lot of upside to managing our lives online but unfortunately there is also a downside – increased risk! The more time spent online, the greater the chance that we will be exposed to potential risks and threats such as phishing attacks, entering details into malicious websites or even becoming a victim of fraud.
McAfee’s research shows that we are aware of the risks of being online. In fact, 66% of us are concerned about the potential dangers of living our lives online with losing control of our financial data top of the list for the majority of us. And almost 2/3 (65%) of us are also worried about having our social media accounts hacked.
But pandemic life has meant that we are now a lot more comfortable with sharing information online. Whether it’s paperless transaction records, text and email notifications, opting to stay logged in or auto-populating forms with our credit card, this level of online sharing does make life so convenient but it can be a risky business! Why, I hear you ask? Because these conveniences usually only work when you share multiple pieces of your contact details. And the more you share, the greater your chance of being hacked or compromised. But the report was very clear – if we can make our online life more seamless then we are only too happy to share our key contact information! Oh dear!!
In addition to confessing that they don’t always take the necessary security precautions, Aussie consumers in McAfee’s report also admitted that they haven’t thought about why hackers might want their data. I don’t know how many people tell me that they don’t need to really bother with a lot of online precautions because they live a pretty boring life and don’t spend that much time online.
But this is a very dangerous way to think. Your online data is like a pot of gold to hackers. Not only can they use it to possibly steal your identity and try to empty your bank accounts but they can also on-sell it for a profit. But the majority of Aussies don’t stop to consider this with the research showing that 64% of Aussies have never considered just how valuable their online data is worth.
Hackers are ALWAYS on the lookout for new ‘up-to-date’ ways to exploit others for money. Don’t forget how quick they were to conjure up scams around COVID in early 2020 – it was just a matter of weeks before Aussies received phishing emails and malicious text messages with the aim of extracting personal information from vulnerable consumers.
But, encouragingly, 85% of Aussies said they would be far more proactive about managing their data if it could be traded as a currency.
The good news is that there are ways to secure your online life and minimise the risk of being hacked. Here are my top tips:
Yes, it might take a minute or 2 more, but using multi-factor authentication is an easy way to add an additional layer of security to protect your personal data and information. Commit to using it wherever it is offered!
If you live your life out & about like I do then you’ll be very tempted to use Wi-Fi. Using public Wi-Fi to conduct transactions, particularly financial ones is a big no-no! It takes keen hackers minimal effort to set up a fraudulent wi-fi service which could easily fool a busy person into connecting. Using a Virtual Private Network (or VPN) like McAfee® Safe Connect, is the best way of ensuring everything you share over Wi-Fi is safe and secure.
Browsing the internet with a tool like the McAfee WebAdvisor is a great way of ensuring dangerous malware is blocked if you click on a malicious link in a phishing email. You’ll have real peace of mind knowing you can manage your online life while someone looks out for you!
With 4 kids, 3 pets, 2 jobs – I know I could never get to the bottom of my ‘to-do’ lists without managing the bulk of it online. I often think I should send the internet an e-card at Christmas!! Of course, I understand why corners are cut and precautions are overlooked when we all feel so stretched for time. But just think about how much more time it would take if you were hacked and had to spend hours on the phone to your bank or if you had to reconfigure all your online accounts and social media platforms!!
So, you know what you need to do! Stay safe online everyone!
The post How 2020 Has Shaped The Way We Live Our Lives appeared first on McAfee Blogs.
I’m pleased to report that I’ve achieved a number of personal bests in 2020 but the one I’m most proud about is my achievement in the highly skilled arena of online shopping. I’ve shopped online like I’m competing in the Olympics: groceries, homewares, clothing – even car parts! And my story is not unique. Living with a pandemic has certainly meant we’ve had to adapt – but when it came to ramping up my online shopping so we could stay home and stay safe – I was super happy to adapt!
And research from McAfee shows that I am not alone. In fact, over 40% of Aussies are buying more online since the onset of COVID-19 according to the 2020 Holiday Season: State of Today’s Digital e-Shopper survey. But this where it gets really interesting as the survey also shows that nearly 1/3 of us (29%) are shopping online 3-5 days a week, and over one in ten consumers (11%) are even shopping online daily!! But with many online retailers offering such snappy delivery, it has just made perfect sense to stay safe and stay home!
With just over a month till Santa visits, it will come as no surprise that many of us are starting to prepare for the Holiday season by purchasing gifts already. Online shopping events such as Click Frenzy or the Black Friday/Cyber Monday events are often very compelling times to buy. But some Aussies have decided they want to get in early to secure gifts for their loved ones in response to warnings from some retailers warning that some items may sell out before Christmas due to COVID-19 related supply chain issues. In fact, McAfee’s research shows that 48% of Aussies will be hitting the digital links to give gifts and cheer this year, despite 49% feeling cyber scams become more prevalent during the holiday season.
McAfee’s research shows very clearly that the bulk of us Aussies are absolutely aware of the risks and scams associated with online shopping but that we still plan to do more shopping online anyway. And with many of us still concerned about our health and staying well, it makes complete sense. However, if there was ever a time to take proactive steps to ensure you are minimizing risks online – it is now!
McAfee’s specialist online threat team (the Advanced Threat Research team) recently found evidence that online cybercrime is on increase this year, with McAfee Labs observing 419 threats per minute between April to June 2020 – an increase of almost 12% over the previous quarter.
And with many consumers gearing up to spend up big online in preparation for the Holiday season, many experts are worried that consumers are NOT taking these threats as seriously as they should. McAfee’s research showed that between April to June 2020, 41% of 18-24 year olds have fallen victim to an online scam and over 50% of the same age group are aware of the risks but have made no change to their online habits.
At the risk of sounding dramatic, I want you to channel your James Bond when you shop online this holiday period. Do your homework, think with your head and NOT your heart and always have your wits about you. Here are my top tips that I urge you to follow to ensure you don’t have any unnecessary drama this Christmas:
Click on random, unsafe links is the best way of falling victim to a phishing scam. Who wants their credit card details stolen? – no one! And Christmas is THE worst time for this to happen! If something looks too good to be true – it probably is. If you aren’t sure – check directly at the source – manually enter the online store address yourself to avoid those potentially nasty links!
This is a no-brainer – where possible, turn this on as it adds another lay of protection to your personal data and accounts. Yes, it will add another 10 seconds to the log-in process but it’s absolutely worth it.
If you have a VPN (or Virtual Private Network) on your laptop, you can use Wi-Fi without any concern – perfect for online purchases on the go! A VPN creates an encrypted tunnel between your device and the router which means anything you share is protected and safe! Check out McAfee’s Safe Connect which includes bank-grade encryption and private browsing services.
Ensuring all your devices are kitted out with comprehensive security software which will protect against viruses, phishing attacks and malicious website is key. Think of it as having a guardian cyber angel on your shoulder. McAfee’s Total Protection software does all that plus it has a password manager, a shredder and encrypted storage – and the Family Pack includes the amazing Safe Family app – which is lifechanging if you have tweens and teens!
So, yes – please make your list and check it twice BUT before you dive in and start spending please take a moment to ask yourself whether you are doing all you can to minimise the risks when online shopping this year. And don’t forget to remind your kids too – they may very well have their eye on a large gift for you too!
Happy Christmas Everyone
Alex xx
The post Christmas Shopping 2020 appeared first on McAfee Blogs.
2020 has certainly been the year for online entertainment. With many Aussies staying home to stay well, the internet and all its offerings have provided the perfect way for us all to pass time. From free movies and TV shows to the latest celebrity news, many of us have devoured digital content to entertain ourselves. But our love affair with online entertainment certainly hasn’t gone unnoticed by cybercriminals who have ‘pivoted’ in response and cleverly adapted their scams to adjust to our insatiable desire for content.
Cybercriminals are fully aware that we love searching for online entertainment and celebrity news and so devise their plans accordingly. Many create fake websites that promise users free content from a celebrity of the moment to lure unsuspecting Aussies in. But these malicious websites are purpose-built to trick consumers into sharing their personal information in exchange for the promised free content – and this is where many come unstuck!
McAfee, the world’s leading cybersecurity company, has researched which famous names generate the riskiest search results that could potentially trigger consumers to unknowingly install malware on their devices or unwillingly share their private information with cybercriminals.
And in 2020, English singer-songwriter Adele takes out the top honours as her name generates the most harmful links online. Adele is best known for smashing the music charts since 2008 with hit songs including ‘Rolling in the Deep’ and ‘Someone Like You’. In addition to her award-winning music, Adele is also loved for her funny and relatable personality, as seen on her talk show appearances (such as her viral ‘Carpool Karaoke’ segment) and concert footage. Most recently, her weight-loss and fitness journey have received mass media attention, with many trying to get to the bottom of her ‘weight-loss’ secrets.
Trailing Adele as the second most dangerous celebrity is actress and star of the 2020 hit show Stan ‘Love Life’ Anna Kendrick, followed by rapper Drake (no. 3), model and actress Cara Delevingne (no. 4), US TikTok star Charli D’Amelio (no. 5) and singer-songwriter Alicia Keys (no. 6). Rounding out the top ten are ‘Sk8r Boi’ singer Avril Lavigne (No. 7), New Zealand rising music star, Benee (no. 8), songstress Camila Cabello (no. 9), and global superstar, singer and actress Beyonce (no. 10).
Whether it was boredom or the fact that we just love a stickybeak, our love of celebrity news reached new heights this year with our many of us ‘needing’ to stay up to date with the latest gossip from our favourite public figures. Adele’s weight-loss journey (no.1), Drake’s first photos of ‘secret son’ Adonis (no. 4), and Cara Delevingne’s breakup with US actress Ashley Benson (no. 5), all had us Aussie fans flocking to the internet to search for the latest developments on these celebrity stories.
With many of us burning through catalogues of available movies and TV shows amid advice to stay at home, new release titles have definitely been the hottest ticket in town to stay entertained.
Rising to fame following her roles in ‘Twilight’ and musical comedy ‘Pitch Perfect’, Anna Kendrick (no. 2) starred in HBO Max series ‘Love Life’ which was released during the peak of COVID-19 in Australia, as well as the 2020 children’s film ‘Trolls World Tour’. R&B and pop megastar Beyonce (no. 10) starred in the 2019 remake of Disney cult classic ‘The Lion King’ and released a visual album ‘Black Is King’ in 2020.
While live concerts and festivals came to a halt earlier this year, many of us are still seeking music – both old and new – to help us navigate these unprecedented times. In fact, musicians make up 50% of the top 10 most dangerous celebrities – hailing from all genres, backgrounds and generations.
Canadian rapper Drake (No. 2) sparked fan interest by dropping his ‘Dark Lanes Demo Tapes’ album including hit songs ‘Chicago Freestyle’ and ‘Tootsie Slide’ that went massively viral on TikTok. New Zealand singer Benee also came out of the woodwork with viral sensations Supalonely and Glitter topping charts and reaching global popularity on TikTok.
Known for her enormously successful R&B/Soul music in the early 2000s, Alicia Keys (no. 6) released a string of new singles in 2020. Camila Cabello’s ‘Senorita’ duet with Canadian singer and now boyfriend Shawn Mendes, was Spotify’s most streamed song of 2019. The couple continued to attract copious attention as fans followed stories reporting on the lovebirds self-isolating together in Miami earlier this year.
Please don’t feel that getting caught by an ill-intentioned cybercrime is inevitable. If you follow these few simple tips, you can absolutely continue your love of online entertainment and all things celebrity:
If you are looking for new release music, movies or TV shows or even an update on your favourite celebrity then ALWAYS be cautious and only click on links to reliable sources. Avoid ‘dodgy’ looking websites that promise free content – I guarantee these sites will gift you a big dose of malware. The safest thing is to wait for official releases, use only legitimate streaming sites and visit reputable news sites.
Yes, illegal downloads are free but they are usually riddled with malware or adware disguised as mp3 files. Be safe and use only legitimate music streaming platforms – even if it costs a few bucks! Imagine how devastating it would be to lose access to everything on your computer thanks to a nasty piece of malware?
One of the best ways of safeguarding yourself (and your family) from cybercriminals is by investing in an comprehensive cybersecurity solution like McAfee’s Total Protection. This Rolls Royce cybersecurity package will protect you from malware, spyware, ransomware and phishing attacks. An absolute no brainer!
Kids love celebrities too! Parental control software allows you to introduce limits to your kids’ viewing which will help minimise their exposure to potentially malicious or inappropriate websites when they are searching for the latest new on TikTok star Charlie D’Amelio or go to download the latest Benee track.
I don’t know how my family of 6 would have survived this year without online entertainment. We’ve devoured the content from three different streaming services, listened to a record number of hours on Spotify and filled our heads with news courtesy of online news sites. And while things are looking up, it will be a while before life returns to normal. So, please take a little time to educate your family on the importance of ‘thinking before you click’ and the perils of illegal downloading. Let’s not make 2020 any more complicated!!
Stay safe everyone!
Alex x
The post How Searching For Your Favourite Celebrity May Not End Well appeared first on McAfee Blogs.
During COVID-19, people stuck inside have scoured the internet for content to consume – often searching for free entertainment (movies, TV shows, and music) to avoid any extra costs. As these habits increase, so do the potential cyber threats associated with free internet content – making our fourteenth Most Dangerous Celebrities study more relevant than ever.
To conduct our Most Dangerous Celebrities 2020 study, McAfee researched famous individuals to reveal which celebrities generate the most “dangerous” results – meaning those whose search results bring potentially malicious content to expose fans’ personal information. Owing to his international popularity and fan following that well resonates in India, Cristiano Ronaldo takes the top spot on the India edition of McAfee’s 2020 Most Dangerous Celebrities list.
Ronaldo is popular not only for his football skills, but also for his lifestyle, brand endorsements, yearly earnings, and large social media following, with fans devotedly tracking his every movement. This year, Ronaldo’s transfer to Juventus from Real Madrid for a reported £105M created quite a buzz, grabbing attention from football enthusiasts worldwide. Within the Top 10 list, Ronaldo is closely followed by veteran actress Tabu (No. 2) and leading Bollywood actresses, Taapsee Pannu, (No. 3) Anushka Sharma at (No. 4) and Sonakshi Sinha (No. 5). Also making the top ten is Indian singer Armaan Malik (No. 6), and young and bubbly actor Sara Ali Khan (No. 7). Rounding out the rest of the top ten are Indian actress Kangana Ranaut (No. 8), followed by popular TV soap actress Divyanka Tripathi (No. 9) and lastly, the King of Bollywood, Shah Rukh Khan (No. 10).
Many consumers don’t realize that simple internet searches of their favorite celebrities could potentially lead to malicious content, as cybercriminals often leverage these popular searches to entice fans to click on dangerous links. This year’s study emphasizes that consumers are increasingly searching for content, especially as they look for new forms of entertainment to stream amidst a global pandemic.
With a greater emphasis on streaming culture, consumers could potentially be led astray to malicious websites while looking for new shows, sports, and movies to watch. For example, Ronaldo is strongly associated with malicious search terms, as fans are constantly seeking news on his personal life, as well as searching for news on his latest deals with football clubs. In addition, users may be streaming live football matches through illegal streaming platforms to avoid subscription fees. If an unsuspecting user clicks on a malicious link while searching for their favorite celebrity related news, their device could suddenly become plagued with adware or malware.
Whether you and your family are checking out your new favorite actress in her latest film or streaming a popular singer’s new album, it’s important to ensure that your searches aren’t potentially putting your online security at risk. Follow these tips so you can be a proactive fan while safeguarding your digital life:
Users looking for information on their favorite celebrities should be cautious and only click on links to reliable sources for downloads. The safest thing to do is to wait for official releases instead of visiting third-party websites that could contain malware.
Refrain from using illegal streaming sites
When it comes to dangerous online behavior, using illegal streaming sites could wreak havoc on your device. Many illegal streaming sites are riddled with malware or adware disguised as pirated video files. Do yourself a favor and stream the show from a reputable source.
Protect your online safety with a cybersecurity solution
Safeguard yourself from cybercriminals with a comprehensive security solution like McAfee Total Protection. This can help protect you from malware, phishing attacks, and other threats.
Use a website reputation tool
Use a website reputation tool such as McAfee WebAdvisor, which alerts users when they are about to visit a malicious site.
Use parental control software
Kids are fans of celebrities too, so ensure that limits are set for your child on their devices and use parental control software to help minimize exposure to potentially malicious or inappropriate websites.
Stay Updated
To stay updated on all things McAfee and for more resources on staying secure from home, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Cristiano Ronaldo tops McAfee India’s Most Dangerous Celebrity 2020 List appeared first on McAfee Blogs.
FreshRSS 