Login
Are you hoping to buy a house or apply for a car, personal, or business loan at some point? A great credit score helps to achieve all those things. You never know the twists and turns life might take you, so even if these financial milestones aren’t on your radar now, it’s nice to know that a great credit score will open many doors for you when you’re ready. The better your credit score, the more likely you are to get the loan you want at the best interest rate. People spend years (even decades!) working to improve their credit scores to unlock numerous opportunities. In the blink of an eye though, a credit fraudster can erase all that hard work and inflict long-term credit damage. It can cost huge sums to repair and take years to correct.
Many people feel lost on how to prevent these problems or what to do if they suspect identity theft. Luckily, new McAfee services called credit lock and security freeze, which includes credit freeze, are great tools to add to your credit protection toolbelt. They’ll help protect your most personal information from thieves, and both services will help give you the peace of mind you need to confidently go about your day.
Keep reading to learn more about McAfee’s credit lock and security freeze and find out how you can use them to help you from the negative consequences of identity theft.
Credit fraud is a type of identity theft where a criminal uses your information to borrow money, open a new credit or debit card, or uses your card to make purchases that they never intend to pay off. Then, when the loan defaults and the bills stack up, the victim is often left with their credit score in shambles.
According to the FTC, credit fraud is the most common type of identity theft in 2020 and 2021, receiving nearly 18,000 reports from people saying that someone used their information to gain illegal access to their credit card accounts.1
To make sure we’re all on the same page, here are quick definitions of McAfee’s credit lock and security freeze services.
A credit lock and a credit freeze both stop companies from accessing your credit information without your consent when an application for a loan or credit card is submitted. The main difference lies in their speed and credit bureau coverage. By toggling a switch in the McAfee Protection Center, turning on a credit lock is almost instantaneous. A credit freeze can take up to a day to enable or remove; however, it may offer stronger financial loss protection in most U.S. states if an unauthorized line of credit goes through while all three credit bureaus are frozen. Also, McAfee’s credit lock stops one credit bureau from accessing your account, while a credit freeze enables you to halt all three.
Just make sure that you unlock and unfreeze your credit before you do the following:
These are all situations where a bank or creditor will need to access your credit files. Luckily, with significant purchases and financing opportunities like these, you usually plan ahead, so you should have plenty to time to enable access to your credit. To unlock your credit, just click the credit lock toggle. To unlock a freeze, use the same provided links, sign into your account, and follow the instructions from there.
To further help you decide which service may be best for your needs, here are the situations where credit lock and credit freeze would be most helpful.
McAfee credit lock lets you simply toggle on and off one credit bureau’s ability to access your credit report. Usually, filing a lock on your credit with a bureau requires filling out forms and remembering a PIN to apply or remove a lock. Not with McAfee’s credit lock! You can turn a lock on and off at will through the McAfee Protection Center.
Convenience and blazing speed are ideal in situations where you’re worried that a criminal has your personal information and may use it to open accounts in your name that could then damage your well-earned great credit. Some people may choose to always have the credit lock enabled and only unlock it when they’re applying for a credit card or loan. That way, they can feel better about the safety of their credit score.
Credit freeze provides protection and peace of mind just like credit lock; however it enables you to freeze your account at all three major credit bureaus. When creditors check your credit score, they could do so with any credit bureau. If you only freeze one bureau’s access to your information, that still leaves the other two to make inquiries, so it’s important to set up a freeze for each one to cover all your bases.
As mentioned, a credit freeze is just one type of security freeze offered by McAfee. If you’re worried about an identity thief opening not just credit cards, but also utility and/or bank accounts in your name, McAfee’s utility freeze and bank freeze may be additional services for you. Security freeze helps stop unauthorized fraud attempts by giving you quick links and phone numbers. Having all these contact details in one place really speeds up the process and takes the guesswork out of if you’re contacting the correct offices.
Dealing with identity theft or credit fraud is a scary and stressful situation. That’s why McAfee is here with tools that help you protect you. Credit lock and credit freeze may help you feel calmer in a situation of suspected or real identity theft and gives you peace of mind to help prevent credit fraud from happening in the first place. Speed is of the utmost importance when foiling a criminal, so both solutions are easy to use with intuitive design so you’re not wasting time trying to figure out how they work. Plus, neither will affect your credit score. They just stop creditors from looking at your credit files, while you continue to boost your credit with your smart habits.
With both credit lock or credit freeze in your back pocket, you can feel more secure knowing you’re better protected from credit fraud.
1Fortunly, “20 Worrying Identity Theft Statistics for 2022”
The post Credit Lock and Credit Freeze: Which Service Is Best for You? Both! appeared first on McAfee Blog.
Earlier this year, our global Connected Family Study revealed the online habits of parents and their children. What we found called for a closer look.
One finding that leaped out, in particular, is—cyberbullying occurs far more often than parents think. And in many cases, children are keeping it from their parents.
Now with our follow-on research, we set out to answer many of the questions families have about cyberbullying. Where it happens most, who’s most affected, and are children cyberbullying others without even knowing it?
Our report, “Hidden in Plain Sight: More Dangers of Cyberbullying Emerge,” provides insights into these questions and several more. We’ll cover the top findings here in this blog, while you can get the full story by downloading the report here.
Even as stay-at-home mandates in 2020 and 2021 saw children exposed to more cyberbullying while they spent more time online, our ten-country survey found that concerns about cyberbullying in 2022 are even higher today:
And just as the level of concern is high, the findings show us why. Families reported alarming rates of racially motivated cyberbullying, along with high rates of attacks on the major social media and messaging platforms.
Additionally, children shared insights into who’s doing the bullying (it’s largely people who know them) and more than half are the ones doing the bullying—and they don’t even realize it.
Further findings include:
Our research further revealed how the face of cyberbullying takes on different form around the globe. From nation to nation, the influences of polarized politics, racial relations, and different traditions in parent-child relationships shape and re-shape the forms of cyberbullying that children see.
Each of our ten nations surveyed set themselves apart with trends of their own, some of them including:
These new findings reflect the concerns of parents and children alike—cyberbullying remains a pervasive and potentially harmful fact of life online, particularly as racism and other severe forms of cyberbullying take rise.
Without question, cyberbullying endures as a persistent growing pain that the still relatively young internet has yet to shake.
The solution is arguably just as complex as the factors that give cyberbullying its shape—cultural, regional, technological, societal, even governmental. Addressing one factor alone won’t curb it. Significantly curtailing cyberbullying for an internet that’s far safer than it is today requires addressing those factors in concert.
While we recognize that tall order for what it is, and as a leader in online protection, we remain committed to it.
With these findings, and continued research to come, our aim is to further an understanding of cyberbullying for all—whether that’s educators, technology innovators, policymakers, and of course parents. With this understanding, programs, platforms, and legislation can put protections in place that still allow for companies to innovate and create platforms that people love to use. Safely and securely.
The post More Dangers of Cyberbullying Emerge—Our Latest Connected Family Report appeared first on McAfee Blog.
We’re excited to bring you the latest edition of the McAfee 2022 Consumer Mobile Threat Report. After all, when you know the challenges you face, it’s easier to be confident online. In this blog, we’ll take a closer look at some leading examples of techniques that cybercriminals are using to trick or defraud you via your mobile phone. These examples are some of the more sophisticated attacks, using real logos, quality graphics, and personalized messages. We hope this provides a useful resource for protecting your digital life, mobile devices, and personal information so that you can enjoy a safe life online with your family.
Cybercriminals are upping their game, using personal information and high-quality graphics to make their malware look like legitimate apps or official messages. Because these attacks are successful at defrauding significant numbers of mobile users out of their money and information, more criminals will jump on this approach or expand their malicious campaigns. Let’s take a look at some of the different techniques being used by scammers to fool mobile users.
Mobile smishing (aka phishing text messages) are attacks using personalized greetings in text messages that pretend to be from legitimate organizations to appear more credible. These messages often link to websites with authentic logos, icons, and other graphics, prompting the user to enter personal information or download an app. Users should be extra careful about text messages from unknown sources and should go directly to the organization’s website to validate requests.
Cheating tools and hacking apps are popular ways to get extra capabilities in mobile games. Criminals are exploiting this by promoting game hacking apps that include malicious code on legitimate messaging channels. If installed, the malware steals account credentials for social media and gaming accounts. Gamers should use caution when installing game hacks, especially if they request superuser permissions.
Cryptocurrencies are providing new opportunities for mobile device attacks. The latest ploy is phony apps that promise to mine coins in the cloud for a monthly fee. Fake reviews and a low cost make them sound too good to be true—and they are. These apps just take the money without doing any coin mining. With no actual malicious code, these apps are hard to detect, so users should be suspicious of being promised hundreds or thousands of dollars of crypto coins for just a few dollars a month.
Another attack uses a variety of fake apps with slick graphics to trick users into premium subscriptions. Hundreds of these apps promise features such as mobile games or photo editing and are supported by plenty of fake five-star reviews. When installed, the apps ask for the user’s phone number and verification PIN and use them to sign up for premium text services that direct payments to the criminals. Users should read reviews looking for vague statements, repetitive wording, and a mix of five-star and one-star ratings. For a deeper dive into the scams, be sure to view full report.
While threat tactics continue to change as criminals adapt and respond to detection and enforcement techniques, there are a few steps users should take to limit their exposure and risk.
While some malicious apps do make it through the app store screening process, most of the attack downloads appear to be coming from social media, fake ads, and other unofficial app sources. Before downloading something to your phone, do some quick research about the source and developer. Many of these scams have been flagged by other people.
Many malicious apps get the access they need by asking the user to grant them permission to use unrelated privileges and settings. When installing a new app, take a few moments to read these requests and deny any that seem unnecessary, especially for superuser access and accessibility services.
Developers are actively working to identify and address security issues. Both operating systems and apps should be frequently updated so that they have the latest fixes and security protections.
Cybercriminals often flood their Google Play apps with fake five-star reviews. Many fake or malicious apps only have a mix of five-star and one-star reviews. The five-star ones typically have vague statements and repetitive wording, giving clues that they are submitted by bots. Compare them to the one-star reviews for insight on the app’s real capabilities.
Devices that are behaving unusually may just have a basic tech issue but it can also be a sign of being hacked. Follow up when something is not quite right, check recent changes or contact tech support from the mobile device vendor or security software provider.
Comprehensive security software across all devices, whether they are computers, tablets, or smartphones, continues to be a strong defensive measure to protect your data and privacy from cyber threats.
We hope this report helps you stay on the lookout for these and other mobile threats so you can safely and confidently enjoy your life online.
The post McAfee 2022 Consumer Mobile Threat Report appeared first on McAfee Blog.
We’re excited to bring you the latest edition of the McAfee 2022 Consumer Mobile Threat Report. After all, when you know the challenges you face, it’s easier to be confident online. In this blog, we’ll take a closer look at some leading examples of techniques that cybercriminals are using to trick or defraud you via your mobile phone. These examples are some of the more sophisticated attacks, using real logos, quality graphics, and personalized messages. We hope this provides a useful resource for protecting your digital life, mobile devices, and personal information so that you can enjoy a safe life online with your family.
Cybercriminals are upping their game, using personal information and high-quality graphics to make their malware look like legitimate apps or official messages. Because these attacks are successful at defrauding significant numbers of mobile users out of their money and information, more criminals will jump on this approach or expand their malicious campaigns. Let’s take a look at some of the different techniques being used by scammers to fool mobile users.
Mobile smishing (aka phishing text messages) are attacks using personalized greetings in text messages that pretend to be from legitimate organizations to appear more credible. These messages often link to websites with authentic logos, icons, and other graphics, prompting the user to enter personal information or download an app. Users should be extra careful about text messages from unknown sources and should go directly to the organization’s website to validate requests.
Cheating tools and hacking apps are popular ways to get extra capabilities in mobile games. Criminals are exploiting this by promoting game hacking apps that include malicious code on legitimate messaging channels. If installed, the malware steals account credentials for social media and gaming accounts. Gamers should use caution when installing game hacks, especially if they request superuser permissions.
Cryptocurrencies are providing new opportunities for mobile device attacks. The latest ploy is phony apps that promise to mine coins in the cloud for a monthly fee. Fake reviews and a low cost make them sound too good to be true—and they are. These apps just take the money without doing any coin mining. With no actual malicious code, these apps are hard to detect, so users should be suspicious of being promised hundreds or thousands of dollars of crypto coins for just a few dollars a month.
Another attack uses a variety of fake apps with slick graphics to trick users into premium subscriptions. Hundreds of these apps promise features such as mobile games or photo editing and are supported by plenty of fake five-star reviews. When installed, the apps ask for the user’s phone number and verification PIN and use them to sign up for premium text services that direct payments to the criminals. Users should read reviews looking for vague statements, repetitive wording, and a mix of five-star and one-star ratings. For a deeper dive into the scams, be sure to view full report.
While threat tactics continue to change as criminals adapt and respond to detection and enforcement techniques, there are a few steps users should take to limit their exposure and risk.
While some malicious apps do make it through the app store screening process, most of the attack downloads appear to be coming from social media, fake ads, and other unofficial app sources. Before downloading something to your phone, do some quick research about the source and developer. Many of these scams have been flagged by other people.
Many malicious apps get the access they need by asking the user to grant them permission to use unrelated privileges and settings. When installing a new app, take a few moments to read these requests and deny any that seem unnecessary, especially for superuser access and accessibility services.
Developers are actively working to identify and address security issues. Both operating systems and apps should be frequently updated so that they have the latest fixes and security protections.
Cybercriminals often flood their Google Play apps with fake five-star reviews. Many fake or malicious apps only have a mix of five-star and one-star reviews. The five-star ones typically have vague statements and repetitive wording, giving clues that they are submitted by bots. Compare them to the one-star reviews for insight on the app’s real capabilities.
Devices that are behaving unusually may just have a basic tech issue but it can also be a sign of being hacked. Follow up when something is not quite right, check recent changes or contact tech support from the mobile device vendor or security software provider.
Comprehensive security software across all devices, whether they are computers, tablets, or smartphones, continues to be a strong defensive measure to protect your data and privacy from cyber threats.
We hope this report helps you stay on the lookout for these and other mobile threats so you can safely and confidently enjoy your life online.
The post McAfee 2022 Consumer Mobile Threat Report appeared first on McAfee Blog.
While our tweens and tweens seem to grow into adults right before our eyes, their mobile usage matures into adulthood as well—and in many ways, we don’t see.
Girls and boys hit their mobile stride right about the same point in life, at age 15 where their mobile usage jumps significantly and reaches a level that they carry into adulthood, which is one of the several findings we uncovered in our global survey of parents, tweens, and teens this year.
So, what are tweens and teens up to on their mobile devices as they mature? And where do their parents fit in? We asked parents and kids alike. What we found gives us a look into the mobile lives of tweens and teens behind their lock screens.
For starters, parents and their kids alike say that their mobile device is the most important one in their life. Parents placed mobile in their top two with their mobile device or smartphone at 59% followed their computer or laptop at 42%. Tweens and teens put their mobile device or smartphone at the top of the list as well, yet at a decisive 74% worldwide, followed by their gaming console at 68%.
“Parents and their kids alike say that their mobile device is the most important thing in their life.”
Further, tweens and teens place a higher value on their smartphones to keep them connected with friends and family. Some 59% of parents said mobile was essential in this role, whereas tweens and teens put that figure at 64%. For parents, the runner-up device for keeping connected was the computer or laptop at 42%.
Yet quite interestingly, tweens and teens said their second-most important device for keeping connected with others is their gaming console, at 40%, perhaps indicating gaming’s role in creating and fostering friendships today. Of course, plenty of that gaming is happening on mobile as well, with half of all tweens and teens surveyed worldwide saying that they play games on their smartphones.
Broadly speaking, the activities kids do on their phones match up closely with what their parents think they’re doing on their phones. Yet there’s a fair share of secretive activity that happens within that.
Regarding general activity, parents and their tween- and teen-aged children worldwide see eye to eye when it comes to what parents think are their kids’ favorite activities on mobile are and what kids say they actually are:
However, and perhaps unsurprisingly, tweens and teens say they’ve kept some the things they’re watching, browsing, and streaming from their parents. When asked if they sometimes hide specific online activity from their parents, 59% of tweens and teens worldwide said they have done so in some form or other, including:
Worldwide, monitoring apps rank relatively low when it comes to parents keeping tabs on their children’s mobile usage. Use of parental controls software on smartphones came in at a 27% global average, with India (37%) and France (33%) leading the way, while Japan fell on the low end (12%).
Largely, parents appear to take up this work themselves, citing several other ways they take charge of their children’s time online:
Consistent with other research we recently gathered, families are relying on mobile more and more, yet this hasn’t seen an increase in mobile protection for the smartphones they count on.
Our research published in early 2011 found double-digit increases in mobile activities such as online banking, shopping, finances, and doctor visits, all of which can generate high-value data that are attractive to hackers and cybercriminals. Despite this newfound reliance on mobile, many smartphones worldwide remain unprotected. Children’s phones are less protected than their parents’ phones as well.
Taken together, these security lapses can lead to downloaded malware, data and identity theft, illicit crypto mining apps on the device, and other attacks that can put children and families at risk. For a deeper dive, you can view the full report.
Misconceptions about online protection may play a role in these lax measures. This survey found that 49% of parents think a new phone is more secure than a new computer, and 59% of tweens and teens thought the new phone was more secure—both denying the reality that smartphones, and the people using them, are subject to hacks and attacks just like with any other device that connects to the internet.
Amid this climate, more than 1/3 of families reported that a child in their household had been the victim of a financial information leak and 15% stated that there’d been an attempt to steal a child’s online account or identity. With smartphones providing children with a major onramp to the internet, it follows that stronger mobile security could help prevent such attacks from happening.
Protecting mobile devices and the family members who count on them takes on further importance when we consider that children in some nations rely heavily on their smartphones for online learning.
Although using mobile for online learning was relatively low globally at 23%, parents and children in three nations reported a high rate of attending classes and courses on mobile—with India at 54%, Mexico at 42%, and Brazil at 39%, once again posing the possibility that mobile offers many children the most reliable broadband connection required for such instruction. In other words, there are households where broadband comes by way of mobile, rather than a cable or fiber connection.
Meanwhile, other nations saw significantly lower figures for online learning on mobile, such as Germany at 7%, France at 8%, and Japan at 11%. The U.S., Canada, and the UK all reported rates of 17%.
“With smartphones providing children as a major onramp to the internet, it follows that stronger mobile security could prevent such attacks from happening”
Something we’ve yet to mention here is how much online shopping and banking kids are doing on their mobile devices. No question, tweens and teens are doing those things too at a global rate of 25% and 12% across all age groups respectively. Not surprisingly, those numbers climb as teens approach adulthood. This serves as a reminder that our children are maturing hand-in-hand with their smartphones, which asks a few things of us as parents as they grow and adjust to their mobile world.
As with all things parenting, there are moments of where you have a sense of what’s right for you and your child, yet you’re uncertain how to act on it. That’s definitely the case with smartphones and the internet in general. Despite having grown up alongside the internet over the course of our adult lives, we can still have plenty of questions. New ones. Old ones. Ones we weren’t even aware of until they cropped up.
With that, we’re glad you’re dropping by our blog. And you’re more than invited to visit whenever you can. A big focus of ours is providing you, as a parent, with resources that answer your questions, in addition to articles about online protection in general that simply make for good reading. Our aim is to help you think about what’s best for your family and give you some ideas about how you can see that through, particularly as our children grow in this mobile world of ours.
The post A Look Beyond Their Lock Screens: The Mobile Activity of Tweens and Teens appeared first on McAfee Blog.
We all know the frustration. A new piece of tech isn’t working the way it should. Or maybe setting it up is simply turning into a royal pain. Grrr, right? Just make sure that when you go on the hunt for some help, you don’t let a tech support scam get the better of you.
Like so many scams out there, tech support scams play on people’s emotions. Specifically, the frustration you feel when things don’t work right. You want that problem fixed right now. So much so that you may not pay close enough attention to that tech support link you found in a search or came across in an ad. Tech support that looks legitimate but isn’t.
Tech support scams make good money for bad actors. In fact, the larger tech support scam operations organize and run themselves like a business, with call centers, marketing teams, finance groups, and so forth—and can rack up some serious profits to boot.
They make their money in several ways. Sometimes they’ll charge large fees to fix a non-existent problem. Other times, they’ll install information-stealing malware under the guise of software that’s supposed to correct an issue. In some cases, they’ll ask for remote access to your computer to perform a diagnosis but access your computer to steal information instead.
Fortunately, these scams are rather easy to spot. And avoid. If you know what to look for.
Let’s start with a quick overview of tech support scams. They tend to work in two primary ways.
This could be a phone call that comes from someone posing as a rep from “Microsoft” or “Apple.” The scammer on the other end of the line will tell you that there’s something wrong with your computer or device. Something urgently wrong. And then offers a bogus solution to the bogus problem, often at a high cost. Similarly, they may reach you by way of a pop-up ad. Again telling you that your computer or device is in need of urgent repair. These can find you a few different ways:
These are phony services and sites that pose as legitimate tech support but are anything but. They’ll place search ads, post other ads in social media, and so forth, ready for you to look up and get in touch with when you have a problem that you need fixed. Examples include:
While tech support scammers can and do prey on older computer users, they’re not the only ones. An apparent lack of computer savviness certainly makes older users an attractive target, yet it also seems that an apparent overconfidence in one’s savviness makes younger victims susceptible to tech support scams too. Turns out that the growing majority of victims worldwide are between 18 and 35 years old, a group that has known the internet for most, if not all, of their lives. That’s according to research from Microsoft’s Digital Crimes Unit, which found the 1 in 10 of people between the ages of 18 and 35 who encountered a tech support scam fell for it and lost money.
Whatever the age group, the U.S. Federal Trade Commission (FTC) says that the reported losses in the U.S. are into the millions, which of course does not account for the assumedly millions more that do not go reported.
Lastly, a good piece of general advice is to keep your devices and apps up to date. Regular updates often include security fixes and improvements that can help keep scammers and hackers at bay. You can set your devices and apps to download them automatically. And if you need to get an update or download it on your own, get it from the company’s official website. Stay away from third-party sites that may host malware.
This will provide protection if the scammer was able to access your account passwords in some form. While this can be a big task, it’s a vital one. A password manager that’s part of comprehensive online protection can make it much easier.
Delete files or apps that the software says is an issue. Do the same for other devices on your network too. Experienced and determined scammers can infect them as well simply by gaining access to one device on your network.
Contact your bank, credit card company, online payment platform, or wire transfer service immediately to reverse the charges. File a fraud complaint as well. The sooner you act, the better chance you have of recovering some or all your money. (Note that this is a good reason to use credit cards for online purchases, as they afford extra protection that debit cards and other payment services do not.)
In the U.S., you can contact https://www.ftc.gov/complaint, which reports the claim to thousands of law enforcement agencies. While they cannot resolve your individual issue, your report can help with broader investigations and build a case against scammers—which can make the internet safer for others. Their list of FAQs is particularly helpful too, answering important questions like “how do I get my money back?”
Here’s to holiday tech that works. And to quick fixes when things don’t go as planned. In all, if you find yourself staring down a technical issue, go straight to the source for help as we’ve outlined above. As you can see, scammers have burrowed themselves alongside otherwise legitimate ads, search results, and forums online, ready to take advantage of you when you need to get things working right.
Likewise, keep an eye and ear open for those scammers who’ll reach out to you, particularly this time of year when so many people are getting so many new devices. Realizing that legitimate tech support won’t call you out of the blue is a great place to start. In all, go with the pros you know—the ones you can reach at the companies you trust.
The post New tech for the holidays? Watch out for these tech support scams. appeared first on McAfee Blog.
In the hands of a thief, your Social Security Number is the master key to your identity.
With a Social Security Number (SSN), a thief can unlock everything from credit history and credit line to tax refunds and medical care. In extreme cases, thieves can use it to impersonate others. So, if you suspect your number is lost or stolen, it’s important to report identity theft to Social Security right away.
Part of what makes an SSN so powerful in identity theft is that there’s only one like it. Unlike a compromised credit card, you can’t hop on the phone and get a replacement. No question, the theft of your SSN has serious implications. If you suspect it, report it. So, let’s take a look at how it can happen and how you can report identity theft to Social Security if it does.
Yes. Sort of. The Social Security Administration can assign a new SSN in a limited number of cases. However, per the SSA, “When we assign a different Social Security number, we do not destroy the original number. We cross-refer the new number with the original number to make sure the person receives credit for all earnings under both numbers.”
In other words, your SSN is effectively forever, which means if it’s stolen, you’re still faced with clearing up any of the malicious activity associated with the theft potentially for quite some time. That’s yet another reason why the protection of your SSN deserves particular attention.
There are several ways an SSN can end up with a thief. Some involve physical theft, and others can take the digital route. To what extent are SSNs at risk? Notably, there was the Equifax breach of 2017, which exposed some 147 million SSNs. Yet just because an SSN has been potentially exposed does not mean that an identity crime has been committed with it.
So, let’s start with the basics: how do SSNs get stolen or exposed?
That’s quite the list. Broadly speaking, the examples above give good reasons for keeping your SSN as private and secure as possible. With that, it’s helpful to know that there are only a handful of situations where your SSN is required for legitimate purposes, which can help you can make decisions about how and when to give it out. The list of required cases is relatively short, such as:
You’ll notice that places like doctor’s offices and other businesses are not listed here, though they’ll often request an SSN for identification purposes. While there’s no law preventing them from asking you for that information, they may refuse to work with you if you do not provide that info. In such cases, ask what the SSN would be used for and if there is another form of identification that they can use instead. In all, your SSN is uniquely yours, so be extremely cautious in order to minimize its potential exposure to theft.
Let’s say you spot something unusual on your credit report or get a notification that someone has filed a tax return on your behalf without your knowledge. These are possible signs that your identity, if not your SSN, is in jeopardy, which means it’s time to act right away using the steps below:
File a police report and a Federal Trade Commission (FTC) Identity Theft Report. This will help in case someone uses your Social Security number to commit fraud, since it will provide a legal record of the theft. The FTC can also assist by guiding you through the identity theft recovery process as well. Their site really is an excellent resource.
Get in touch with the fraud department at each of the businesses where you suspect theft has taken place, let them know of your situation, and follow the steps they provide. With your police and FTC reports, you will already have a couple of vital pieces of information that can help you clear your name.
Check your Social Security account to see if someone has gotten a job and used your SSN for employment purposes. Reviewing earnings associated with your SSN can uncover fraudulent use. You can also contact the Social Security Fraud Hotline at (800) 269-0271 or reach out to your local SSA office for further, ongoing assistance. Likewise, contact the Internal Revenue Service at (800) 908-4490 to report the theft and help prevent someone from submitting a tax return in your name.
As we’ve talked about in some of my other blog posts, identity theft can be a long-term problem where follow-up instances of theft can crop up over time. However, there are a few steps you can take to minimize the damage and ensure it doesn’t happen again. I cover several of those steps in detail in this blog here, yet let’s take a look at a few of the top items as they relate to SSN theft:
By placing a fraud alert, you can make it harder for thieves to open accounts in your name. Place it with one of the three major credit bureaus (Experian, TransUnion, Equifax), and they will notify the other two. During the year-long fraud alert period, it will require businesses to verify your identity before issuing new credit in your name.
A full credit freeze is in place until you lift it and will prohibit creditors from pulling your credit report altogether. This can help stop thieves dead in their tracks since approving credit requires pulling a report. However, this applies to legitimate inquires, including any that you make, like opening a new loan or signing up for a credit card. If that’s the case, you’ll need to take extra steps as directed by the particular institution or lender. Unlike the fraud alert, you’ll need to notify each of the three major credit bureaus (Experian, TransUnion, Equifax) when you want the freeze lifted.
Once every 12 months, you can access a free credit report from Experian, TransUnion, and Equifax. (And as of this writing during the pandemic, this can be done for free on a weekly basis, which is great news.) Doing so will allow you to spot any future discrepancies and offer you options for correcting them.
Using a service to help protect your identity can monitor several types of personally identifiable information and alert you of potentially unauthorized use. Our own Identity Protection Service will do all this and more, like offering guided help to neutralize threats and prevent theft from happening again. You can set it up on your computers and smartphone to stay in the know, address issues immediately, and keep your identity secured.
Of all the forms of identity theft, the theft of a Social Security Number is certainly one of the most potentially painful because it can unlock so many vital aspects of your life. It’s uniquely you, even more than your name alone – at least in the eyes of creditors, banks, insurance companies, criminal records, etc. Your SSN calls for extra protection, and if you have any concerns that it may have been lost or stolen, don’t hesitate to spring into action.
The post How to Report Identity Theft to Social Security appeared first on McAfee Blog.
When it comes to identity theft, trust your gut when something doesn’t feel right. Follow up. What you’re seeing could be a problem.
A missing bill or a mysterious charge on your credit card could be the tip of an identity theft iceberg, one that can run deep if left unaddressed. Here, we’ll look at several signs of identity theft that likely need some investigation and the steps you can take to take charge of the situation.
Unfortunately, it can happen in several ways.
In the physical world, it can happen simply because you lost your wallet or debit card. However, there are also cases where someone gets your information by going through your mail or trash for bills and statements. In other more extreme cases, theft can happen by someone successfully registering a change of address form in your name (although the U.S. Postal Service has security measures in place that make this difficult).
In the digital world, that’s where the avenues of identity theft blow wide open. It could come by way of a data breach, a thief “skimming” credit card information from a point-of-sale terminal, or by a dedicated crook piecing together various bits of personal information that have been gathered from social media, phishing attacks, or malware designed to harvest information. Additionally, thieves may eavesdrop on public Wi-Fi and steal information from people who’re shopping or banking online without the security of a VPN.
Regardless of how crooks pull it off, identity theft is on the rise. According to the Federal Trade Commission (FTC), identity theft claims jumped up from roughly 650,000 claims in 2019 to nearly 1.4 million in 2020—practically double. Of the reported fraud cases where a dollar loss was reported, the FTC calls out the following top three contact methods for identity theft:
However, phone calls, texts, and email remain the most preferred contact methods that fraudsters use, even if they are less successful in creating dollar losses than malicious websites, ads, and social media.
Identity thieves leave a trail. With your identity in hand, they can charge things to one or more of your existing accounts—and if they have enough information about you, they can even create entirely new accounts in your name. Either way, once an identity thief strikes, you’re probably going to notice that something is wrong. Possible signs include:
As you can see, the signs of possible identity theft can run anywhere from, “Well, that’s strange …” to “OH NO!” However, the good news is that there are several ways to check if someone is using your identity before it becomes a problem – or before it becomes a big problem that gets out of hand.
The point is that if you suspect fraud, you need to act right away. With identity theft becoming increasingly commonplace, many businesses, banks, and organizations have fraud reporting mechanisms in place that can assist you should you have any concerns. With that in mind, here are some immediate steps you can take:
Whether you spot a curious charge on your bank statement or you discover what looks like a fraudulent account when you get your free credit report, let the bank or business involved know you suspect fraud. With a visit to their website, you can track down the appropriate number to call and get the investigation process started.
Some businesses will require you to file a local police report to acquire a case number to complete your claim. Even beyond a business making such a request, filing a report is still a good idea. Identity theft is still theft and reporting it provides an official record of the incident. Should your case of identity theft lead to someone impersonating you or committing a crime in your name, filing a police report right away can help clear your name down the road. Be sure to save any evidence you have, like statements or documents that are associated with the theft. They can help clean up your record as well.
The FTC’s identity theft website is a fantastic resource should you find yourself in need. Above and beyond simply reporting the theft, the FTC can provide you with a step-by-step recovery plan—and even walk you through the process if you create an account with them. Additionally, reporting theft to the FTC can prove helpful if debtors come knocking to collect on any bogus charges in your name. You can provide them with a copy of your FTC report and ask them to stop.
You can place a free one-year fraud alert with one of the major credit bureaus (Experian, TransUnion, Equifax), and they will notify the other two. A fraud alert will make it tougher for thieves to open accounts in your name, as it requires businesses to verify your identity before issuing new credit in your name.
A credit freeze goes a step further. As the name implies, a freeze prohibits creditors from pulling your credit report, which is needed to approve credit. Such a freeze is in place until you lift it, and it will also apply to legitimate queries as well. Thus, if you intend to get a loan or new credit card while a freeze is in place, you’ll likely need to take extra measures to see that through. Contact each of the major credit bureaus (Experian, TransUnion, Equifax) to put a freeze in place or lift it when you’re ready.
This can run the gamut from closing any false accounts that were set up in your name, removing bogus charges, and correcting information in your credit report such as phony addresses or contact information. With your FTC report, you can dispute these discrepancies and have the business correct the record. Be sure to ask for written confirmation and keep a record of all documents and conversations involved.
If you receive a notice from the IRS that someone used your identity to file a tax return in your name, follow the information provided by the IRS in the notice. From there, you can file an identity theft affidavit with the IRS. If the notice mentions that you were paid from an employer you don’t know, contact that employer as well and let them know of possible fraud—namely that someone has stolen your identity and that you don’t truly work for them.
Also, be aware that the IRS has specific guidelines as to how and when they will contact you. As a rule, they will most likely contact you via physical mail delivered by the U.S. Postal Service. (They won’t call or apply harassing pressure tactics—only scammers do that.) Identity-based tax scams are a topic all of their own, and for more on it, you can check out this article on tax scams and how to avoid them.
Another downside of identity theft is that it can mark the start of a long, drawn-out affair. One instance of theft can possibly lead to another, so even what may appear to be an isolated bad charge on your credit card calls for keeping an eye on your identity. Many of the tools you would use up to this point still apply, such as checking up on your credit reports, maintaining fraud alerts as needed, and reviewing your accounts closely.
With all the time we spend online as we bank, shop, and simply surf, we create and share all kinds of personal information—information that can get collected and even stolen. The good news is that you can prevent theft and fraud with online protection software, such as McAfee+ Ultimate.
With McAfee+ Ultimate you can:
In all, it’s our most comprehensive privacy, identity, and device protection plan, built for a time when we rely so heavily on the internet to go about our day, whether that’s work, play, or simply getting things done.
Realizing that you’ve become a victim of identity theft carries plenty of emotion with it, which is understandable—the thief has stolen a part of you to get at your money, information, and even reputation. Once that initial rush of anger and surprise has passed, it’s time to get clinical and get busy. Think like a detective who’s building – and closing – a case. That’s exactly what you’re doing. Follow the steps, document each one, and build up your case file as you need. Staying cool, organized, and ready with an answer for any questions you’ll face in the process of restoring your identity will help you see things through.
Once again, this is a good reminder that vigilance is the best defense against identity theft from happening in the first place. While there’s no absolute, sure-fire protection against it, there are several things you can do to lower the odds in your favor. And at the top of the list is keeping consistent tabs on what’s happening across your credit reports and accounts.
The post Top Signs of Identity Theft appeared first on McAfee Blog.
After much anticipation, you finally get a notification that you’re eligible to receive your COVID-19 vaccine. Upon getting your first dose, you may be eager to celebrate by sharing a picture of your vaccination card on social media. After all, many of your peers have been doing the same. However, these posts could actually put your online privacy and personal information at risk. While you want to share the good news, experts warn that scammers could potentially exploit the information on your card.
With more people becoming eligible to receive the COVID-19 vaccine, there has been a surge in social media posts featuring peoples’ vaccine cards. However, the Better Business Bureau stated that posting photos of your card can give criminals the data they need to create and sell fake vaccination cards. Not only do vaccine cards remind you of when your next appointment is, but they also contain important personal information such as your name, date of birth, and when and where you were vaccinated.
Currently, these cards are the only proof that people have that they’ve been vaccinated. While there is still uncertainty around the next phase of the pandemic and when life will return to “normal,” it’s possible these cards could be what gets you into a restaurant or on an airplane. If you post your vaccination card on social media, scammers could potentially forge your card and use it as their own pass into public places or use it to receive a second dose. Publicly posting medical information could also void your HIPAA protections. Furthermore, cybercriminals could significantly profit from your personal information since health care records sell for more than Social Security and credit card numbers on the dark web.
Your digital wellness is just as important as your physical wellness, so protecting your online data is crucial. It’s a good rule of thumb not to post photos with your name and other identifiable information on the internet. Although it may be tempting to post your vaccination card on social media, consider these tips to help protect your online security:
Think about who you want to share the good news with and what social media platform would be best for this. Create private groups or carefully select which followers can see your posts. Then, verify that you’ve updated your privacy settings accordingly. This will prevent scammers from lurking on your posts and extracting your personal information.
Instead of posting a photo of your vaccine card, share a picture of yourself outside the vaccination center. If your vaccination center provides “I got vaccinated” stickers, you can post a picture of that as well.
Taking steps towards protecting your digital well-being is just as important as taking steps towards protecting your physical health. By following these steps, you can help ensure that your online security will not be jeopardized by celebrating your vaccination.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, subscribe to our email, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Protect Your Digital Wellness: Don’t Post Your Vaccination Card Online appeared first on McAfee Blogs.
In a poll conducted by the Canadian Medical Association, nearly half of Canadians have used telehealth services since the start of the pandemic. Additionally, in a recent McAfee study, we found that 21% of Canadians have used the internet for a doctor visit in 2020, and 28% said that such online visits will become a part of their routine moving forward Telehealth, or virtual care. This includes clinical services delivered remotely via electronic communications, such as videoconferencing, mobile apps and remote patient monitoring technology. Many of us have readily accepted these medical services out of necessity, as COVID have limited in-person hospital visits.
Hackers are taking advantage of the rise in virtual health services and exploiting their vulnerabilities to steal sensitive medical records. These vulnerabilities are the result of bigger issues stemming from obscure patient health information regulations and health care system budgetary constraints.
Understanding the risks associated with telehealth is the first step to securing your online safety during your virtual doctor’s visits.
At the onset of the pandemic, the number of reported Canadian cyberattacks jumped 50% from Q4 2019 to Q1 2020. Health care is one of the most targeted industries for cyberattacks. One attack even compromised the organization that manages Ontario’s medical records. Health care is such a highly targeted industry because it holds a wealth of information that fetches a high price on the dark web. Experts say medical records are more valuable than credit card details due to the amount of vital information stored in them, such as birth dates and patient ID numbers. Hackers can then hold this information for ransom or use it to steal your identity. Further, cybercriminals see health care institutions as easy targets. Canadian health care IT departments have insufficient budgets and are ill-prepared to handle the rising threats.
Canada also does not have federal guidelines governing virtual care and patient health information. Rather, health care providers and virtual care platforms are limited to the broad guidelines outlined by the Personal Information Protection and Electronic Documents Act (PIPEDA). As these are not digital security specific purpose defined guidelines and requirements, it makes it more difficult for health care providers and telehealth companies to protect patient data.
Telehealth makes care accessible to everyone; unfortunately, if you’re not careful, telehealth also opens the door for hackers. Hackers can infiltrate the technology used for online doctor’s appointments, because video conferencing technologies have several security flaws. From there, hackers can disrupt calls, eavesdrop and steal your private health information.
The advent of telehealth services has also prompted an increase in emails. Since patients may be expecting emails from their doctor, they may let their guard down and fall victim to phishers posing as a health care organization.
Prepare for your next virtual doctor’s appointment with these best practices to secure your virtual safety.
Before heading into your next telehealth appointment, ask your health care provider the right questions to online understand what risks you may face. Ascertaining this information will help you understand what actions you need to take to mitigate the risk on your end, like staying alert for eavesdroppers or finding alternative ways to confirm personal information. Here are some questions you can ask:
Phishing is a common tactic hackers use to access private health information and trick users into downloading malware. Beware of seemingly official emails under the guise of your health care provider asking for payment information or prompting you to take immediate action. If the email logo doesn’t look right, the message is poorly written, or the URL displayed doesn’t match the one that’s linked, then it’s likely a phishing scam.
Contact your health care provider before verifying sensitive information online, such as payment details or document transfer methods, to avoid falling victim to phishing. We recommend logging into your healthcare provider’s official website or app to confirm pertinent healthcare information as well. If you accidentally reply to a phishing email, perform a full malware scan on your device to ensure your private information remains secure.
It’s important to keep telehealth applications up to date to benefit from the latest bug fixes and security patches. This includes apps belonging to your IoT devices, such as glucose monitors, blood pressure monitors or other network-enabled diagnostic devices. These devices represent more entry points that hackers can infiltrate, making it especially critical to keep them up to date and close any security loopholes.
Get creative with your telehealth portal password, or better yet, use a security solution that includes a password management system. McAfee Total Protection includes a robust password management system that creates and saves strong passwords across all your accounts in one centralized location.
Ensure you’re using a telehealth platform that leverages multi-factor authentication, so even if a hacker were to acquire your password, there’s an added layer of security they won’t be able to bypass.
It’s always best to use a virtual private network (VPN) when conducting activities online, and medical visits are no exception. Using a VPN like McAfee Safe Connect VPN will ensure your data is encrypted and your private health information stays between you and your doctors. A VPN is especially important if you’re connecting from a network other than your password-protected home Wi-Fi.
Medical services are just one of many activities that have turned virtual due to the pandemic. Keep in mind these new virtual outlets come with elevated risks. Hackers are taking advantage of software vulnerabilities and taking victims unaware through social engineering tactics to steal sensitive personal information. Remember to secure your online health by taking a proactive stance against malicious threats so you can focus on your physical health during your telehealth visits.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, subscribe to our email, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Check up on Your Virtual Safety: Tips for Telehealth Protection appeared first on McAfee Blogs.
Imagine you’re driving down a highway to get to work. There are other cars on the road, but by and large everyone is moving smoothly at a crisp, legal speed limit. Then, as you approach an entry ramp, more cars join. And then more, and more, and more until all of the sudden traffic has slowed to a crawl. This illustrates a DDoS attack.
DDoS stands for Distributed Denial of Service, and it’s a method where cybercriminals flood a network with so much malicious traffic that it cannot operate or communicate as it normally would. This causes the site’s normal traffic, also known as legitimate packets, to come to a halt. DDoS is a simple, effective and powerful technique that’s fueled by insecure devices and poor digital habits. Luckily, with a few easy tweaks to your everyday habits, you can safeguard your personal devices against DDoS attacks.
The expansion of 5G, proliferation of IoT and smart devices, and shift of more industries moving their operations online have presented new opportunities for DDoS attacks. Cybercriminals are taking advantage, and 2020 saw two of the largest DDoS offensives ever recorded. In 2020, ambitious attacks were launched on Amazon and Google. There is no target too big for cybercriminals.
DDoS attacks are one of the more troubling areas in cybersecurity, because they’re incredibly difficult to prevent and mitigate.. Preventing these attacks is particularly difficult because malicious traffic isn’t coming from a single source. There are an estimated 12.5 million devices that are vulnerable to being recruited by a DDoS attacker.
DDoS attacks are fairly simple to create. All it takes are two devices that coordinate to send fake traffic to a server or website. That’s it. Your laptop and your phone, for example, could be programmed to form their own DDoS network (sometimes referred to as a botnet, more below). However, even if two devices dedicate all of their processing power in an attack, it still isn’t enough to take down a website or server. Hundreds and thousands of coordinated devices are required to take down an entire service provider.
To amass a network of that size, cybercriminals create what’s known as a “botnet,” a network of compromised devices that coordinate to achieve a particular task. Botnets don’t always have to be used in a DDoS attack, nor does a DDoS have to have a botnet to work, but more often than not they go together like Bonnie and Clyde. Cybercriminals create botnets through fairly typical means: tricking people into downloading malicious files and spreading malware.
But malware isn’t the only means of recruiting devices. Because a good deal of companies and consumers practice poor password habits, malicious actors can scan the internet for connected devices with known factory credentials or easy-to-guess passwords (“password,” for example). Once logged in, cybercriminals can easily infect and recruit the device into their cyber army.
These recruited cyber armies can lie dormant until they’re given orders. This is where a specialized server called a command and control server (typically abbreviated as a “C2”) comes into play. When instructed, cybercriminals will order a C2 server to issue instructions to compromised devices. Those devices will then use a portion of their processing power to send fake traffic to a targeted server or website and, voila! That’s how a DDoS attack is launched.
DDoS attacks are usually successful because of their distributed nature, and the difficulty in discerning between legitimate users and fake traffic. They do not, however, constitute a breach. This is because DDoS attacks overwhelm a target to knock it offline — not to steal from it. Usually DDoS attacks will be deployed as a means of retaliation against a company or service, often for political reasons. Sometimes, however, cybercriminals will use DDoS attacks as a smokescreen for more serious compromises that may eventually lead to a full-blown breach.
DDoS attacks are only possible because devices can be easily compromised. Here are three ways you can prevent your devices from participating in a DDoS attack:
Now that you know what a DDoS attack is and how to protect against it, you’re better equipped to keep your personal devices and safe and secure.
Stay Updated
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, subscribe to our email, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post What Is a DDoS Attack and How to Stay Safe from Malicious Traffic Schemes appeared first on McAfee Blogs.
Distance and hybrid learning environments are now the norm, and it remains to be seen if or when this will change. To adapt, many schools have adopted new software to support remote classroom management.
One such platform is Netop Vision Pro, a student monitoring system that helps teachers facilitate remote learning. The software allows teachers to perform tasks remotely on students’ computers, such as locking their devices, blocking web access, remotely controlling their desktops, running applications, and sharing documents. However, the McAfee Advanced Threat Research (ATR) team recently discovered multiple vulnerabilities with Netop Vision Pro that could be exploited by a hacker to gain full control over students’ computers.
Let’s dive into these vulnerabilities and unpack how you can help protect your students in the virtual classroom.
Just like a school science project, our researchers created a simulation to test their hypothesis regarding the potential software bugs. The McAfee ATR team set up the Netop software to mimic a virtual classroom with four devices on a local network. Three devices were appointed as students, and one was designated as the teacher. During the setup, the team noticed that there were different permission levels between student profiles and teacher profiles. They decided to see what would happen if they targeted a student profile, since this would likely be the avenue a hacker would take since they could cause more damage. With their experiment set up, it was time for our researchers to get inside the mind of a cybercriminal.
While observing the virtual classroom, the ATR team discovered that all network traffic — including sensitive information like Windows credentials — was unencrypted with no option to turn encryption on during configuration. They also noticed that a student connecting to a classroom would unknowingly begin sending screenshots to the teacher.
Furthermore, the ATR team noticed that teachers would send students a network packet (a small segment of internet data) prompting them to connect to the classroom. With this information, the team was able to disguise themselves as a teacher by modifying their code. From there, they explored how a hacker could take advantage of the compromised connection.
The McAfee ATR team turned their attention to Netop Vision Pro’s chat function, which allows teachers to send messages or files to a student’s computer, as well as delete files. Any files sent by a teacher are stored in a “work directory,” which the student can open from an instant message (IM) window. Based on the team’s discovery that a hacker could disguise themselves as a teacher, it became clear that hackers could also use this functionality to overwrite existing files or entice an unsuspecting student to click on a malicious file.
Of course, remote learning software is necessary right now to ensure that our children stay on top of their studies. However, it’s important that we educate ourselves on these platforms to help protect our students’ privacy. While the Netop Vision Pro student screen shares may seem like a viable option for holding students accountable in the virtual classroom, it could allow a hacker to spy on the contents of the students’ devices. While the functionality allows teachers to monitor their students in real-time, it also puts their privacy at risk.
If a hacker is able to impersonate a teacher with modified code, they could also send malicious files that contain malware or other phishing links to a student’s computer. Netop Vision Pro student profiles also broadcast their presence on the network every few seconds, allowing an attacker to scale their attacks to an entire school system.
Finally, if a hacker is able to gain full control over all target systems using the vulnerable software, they can equally bridge the gap from a virtual attack to the physical environment. The hacker could enable webcams and microphones on the target system, allowing them to physically observe your child and their surrounding environment.
Our researchers reported all vulnerabilities discovered to Netop and heard back from the company shortly after. In the latest software release 9.7.2, Netop has addressed many of the issues the McAfee ATR team discovered. Students can no longer overwrite system files, which could be used take control of the student machine. Additionally, Windows credentials are now encrypted when being sent over the network. Netop also told McAfee that they have plans to implement full network encryption in a future update, which will prevent an attacker from easily monitoring student’s screens and prevent them from being able to emulate a teacher.
While Netop works to remedy these issues internally, there are some critical steps parents can take to help protect and empower your children in the virtual classroom. Check out the following tips to bring you and your family peace of mind while using third-party education platforms:
If your student is required to use Netop Vision Pro or other third-party software while distance learning, have them use this technology on a device strictly used for educational purposes. If the software contains any bugs, this prevents other important accounts used for online banking, emails, remote work, etc. from becoming vulnerable to the software risks.
It’s important to keep in mind that Netop Vision Pro was never intended to be internet-facing or taken off a school network. Let’s look at this scenario through the eyes of a hacker: they will likely try to take advantage of these vulnerabilities by delivering a malicious payload (parts of cyberattacks that can cause harm) or phishing attempts. To protect your students from these threats, utilize a comprehensive security solution like McAfee® Total Protection, which helps defend your entire family from the latest threats and malware while providing safe web browsing.
Educators want to keep their students’ best interest and safety in mind, so talk to your child’s teacher or principal if you ever have concerns regarding the software they are using for distance learning. If your student is required to use Netop, ensure that the teacher or principal is aware of the vulnerabilities listed above so they can be sure to administer the necessary software updates to keep your child and their classmates safe.
A simple yet affective way to prevent hackers from spying on you and your family is to use a webcam cover for when class is not in session. Instruct your student to place a cover over their camera when they are not using it to bring you and your student greater peace of mind.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, subscribe to our email, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Keep Remote Classes Safe and in Session: What You Need to Know About Netop Vision Pro appeared first on McAfee Blogs.
To live our digital lives to the fullest, we rely on a variety of technologies to support our online activities. And while some apps and devices are meant to make certain tasks more convenient or provide us with greater security, others simply offer a false sense of security and could potentially lead to online misfortune. One such platform is SuperVPN. While users may applaud themselves for using a VPN to protect their privacy, this Android app is unfortunately spilling their secrets without their knowledge.
Let’s unpack how SuperVPN works and its recent involvement in a data breach.
VPNs (virtual private networks) are intended to create a secure tunnel between your device and the internet, offering you privacy and freedom from IP-based tracking. It protects your identity and financial information by encrypting, or scrambling, the data that flows through the tunnel, and can mask your true location, making it appear as though you are connecting from somewhere else. VPN apps have become much more popular in recent years as our awareness around privacy and security has grown. But, such is the case with all apps, it’s important to do your research before you select one to install on your phone.
According to Forbes, critical security warnings around the app SuperVPN surfaced last year. They reported research stating that 105 million people might have had their credit card details stolen, and that hackers could intercept messages between the user and provider. As of last Friday, someone leaked three databases on a popular hacking forum that purportedly contained user credentials and device data stolen from three different Android VPN services: SuperVPN, considered one of the most dangerous VPNs on Google Play with 100 million installs, GeckoVPN (10 million installs), and ChatVPN (50,000 installs). This breach exposed the data of 21 million users, including names, email addresses, usernames, payment data, device information, and even location data logs — a major red flag for a VPN.
Although a free VPN might seem like an ideal solution at first, there are multiple consequences that could potentially put your online safety in jeopardy. Since free VPNs are not making money directly from their users, many make revenue indirectly, through advertising. This means that not only will you be bombarded with ads, but you’re also exposed to tracking and malware. In fact, one study of 283 free VPN providers found that 72% included trackers. Beyond the frustration of ads, slowness, and upgrade prompts is the fact that some free VPN tools include malware that can put your sensitive information at risk. The same study found that 38% of the free VPN applications in the Google Play Store were found to have malware and some even stole the data off of users’ devices, similar to SuperVPN.
If you choose a verified, paid VPN service, however, you’ll enjoy a plethora of benefits including unlimited bandwidth, speedy performance, protection across multiple devices, and much more. Aside from choosing a premium VPN service, following these tips will help you stay secure against SuperVPN and others like it and protect your daily online communications:
Delete SuperVPN from your device as soon as possible. There are at least six other apps like SuperVPN, with identical descriptions and logos from different creators on Google Play Store. Steer clear of downloading these apps altogether to avoid any cyber misfortune.
While some malicious apps do make it through the app store screening process, most attack downloads appear to stem from social media, fake ads, and other unofficial app sources. Before downloading an app to your device, do some quick research about the origin and developer.
Reviews and rankings are still a suitable method of determining whether an app is legitimate. However, watch out for assessments that reuse repetitive or straightforward phrases, as this could be a sign of a fraudulent review.
If you suspect that your data might have been compromised, place a fraud alert on your credit. This not only ensures that any new or recent requests undergo scrutiny, but also allows you to have extra copies of your credit report so you can check for suspicious activity.
A comprehensive security suite like McAfee Total Protection includes our McAfee® Safe Connect standalone VPN with auto-renewal and takes the worry out of connecting, so you can focus on what’s important to you.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, subscribe to our email, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Attention Android Users: This Free VPN App Leaked the Data of 21 Million Users appeared first on McAfee Blogs.
Elder scams cost seniors in the U.S. some $3 billion annually. And tax season adds a healthy sum to that appalling figure.
What makes seniors such a prime target for tax scams? The Federal Bureau of Investigation (FBI) states several factors. For one, elders are typically trusting and polite. Additionally, many own their own home, have some manner of savings, and enjoy the benefits of good credit—all of which make for an ideal victim profile.
Also according to the FBI, elders may be less able or willing to report being scammed because they may not know the exact way in which they were scammed, or they may feel a sense of shame over it, or even some combination of the two. Moreover, being scammed may instill fear that family members will lose confidence in their ability to look after their own affairs.
If there’s one thing that we can do for our elders, it’s help them raise their critical hackles so they can spot these scams and stop them in their tracks, particularly around tax time. With that, let’s see how crooks target elders, what those scams look and feel like, along with the things we can do to keep ourselves and our loved ones from getting stung.
The phone rings, and an assertive voice admonishes an elder for non-payment of taxes. The readout on the caller ID shows “Internal Revenue Service” or “IRS,” the person cites an IRS badge number, and the victim is told to pay now via a wire transfer or prepaid gift card. The caller even knows the last four digits of their Social Security Number (SSN). This is a scam.
The caller, and the claim of non-payment, are 100 percent bogus. Even with those last four digits of the SSN attempting to add credibility, it’s still bogus. (Chances are, those last four digits were compromised elsewhere and ended up in the hands of the thieves by way of the black market or dark web so that they could use them in scams just like these.)
Some IRS imposter scams take it a step further. Fraudsters will threaten victims with arrest, deportation, or other legal action, like a lien on funds or the suspension of a driver’s license. They’ll make repeated calls as well, sometimes with additional imposters posing as law enforcement as a means of intimidating elders into payment.
The IRS will never threaten you or someone you know in such a way.
In fact, the IRS will never call you to demand payment. Nor will the IRS ever ask you to wire funds or pay with a gift card or prepaid debit card. And if the IRS claims you do owe funds, you will be notified of your rights as a taxpayer and be given the opportunity to make an appeal. If there’s any question about making payments to the IRS, the IRS has specific guidelines as to how to make a payment properly and safely on their official website.
It’s also helpful to know what the IRS will do in the event you owe taxes. In fact, they have an entire page that spells out how to know it’s really the IRS calling or knocking at your door. It’s a quick read and a worthwhile one at that.
In all, the IRS will contact you by mail or in person. Should you get one of these calls, hang up. Then, report it. I’ll include a list of ways you can file a report at the end of the article.
Whether it’s a disembodied voice generated by a computer or a scripted message that’s been recorded by a person, robocalls provide scammers with another favorite avenue of attack. The approach is often quite like the phone scam outlined above, albeit less personalized because the attack is a canned robocall. However, robocalls allow crooks to cast a much larger net in the hopes of illegally wresting money away from victims. In effect, they can spam hundreds or thousands of people with one message in the hopes of landing a bite.
While perhaps not as personalized as other imposter scams, they can still create that innate sense of unease of being contacted by the IRS and harangue a victim into dialing a phony call center where they are further pressured into paying by wire or with a prepaid card, just like in other imposter scams. As above, your course of action here is to simply hang up and report it.
Here’s another popular attack. An elder gets an unsolicited email from what appears to be the IRS, yet isn’t. The phony email asks them to update or verify their personal or financial information for a payment or refund. The email may also contain an attachment which they are instructed to click and open. Again, all of these are scams.
Going back to what we talked about earlier, that’s not how the IRS will contact you. These are phishing attacks aimed at grifting prized personal and financial information that scammers can use to commit acts of theft or embezzlement. In the case of the attachment, it very well may contain malware that can do further harm to their device, finances, or personal information.
If you receive one of these emails, don’t open it. And certainly don’t open any attachments—which holds true for any unsolicited email you receive with an attachment.
Beyond simply knowing how to spot a possible attack, you can do several things to prevent one from happening in the first place.
First let’s start with some good, old-fashioned physical security. You may also want to look into purchasing a locking mailbox. Mail and porch theft are still prevalent, and it’s not uncommon for thieves to harvest personal and financial information by simply lifting it from your mailbox.
Another cornerstone of physical security is shredding paper correspondence that contains personal or financial information, such as bills, medical documents, bank statements and so forth. I suggest investing a few dollars on an actual paper shredder, which are typically inexpensive if you look for a home model. If you have sensitive paper documents in bulk, such as old tax records that you no longer need to save, consider calling upon a professional service that can drive up to your home and do that high volume of shredding for you.
Likewise, consider the physical security of your digital devices. Make sure you lock your smartphones, tablets, and computers with a PIN or password. Losing a device is a terrible strain enough, let alone knowing that the personal and financial information on them could end up in the hands of a crook. Also see if tracking is available on your device. That way, enabling device tracking can help you locate a lost or stolen item.
There are plenty of things you can do to protect yourself on the digital front too. Step one is installing comprehensive security software on your devices. This will safeguard you in several ways, such as email filters that will protect you from phishing attacks, features that will warn you of sketchy links and downloads, plus further protection for your identity and privacy—in addition to overall protection from viruses, malware, and other cyberattacks.
Additional features in comprehensive security software that can protect you from tax scams include:
And here’s one item that certainly bears mentioning: dispose of your old technology securely. What’s on that old hard drive of yours? That old computer may contain loads of precious personal and financial info on it. Look into the e-waste disposal options in your community. There are services that will dispose of and recycle old technology while doing it in a secure manner so the data and info on your device doesn’t see the light of day again.
As said earlier, don’t let a bad deed go unreported. The IRS offers the following avenues of communication to report scams.
In all, learning to recognize the scams that crooks aim at elders and putting some strong security measures in place can help prevent these crimes from happening to you or a loved one. Take a moment to act. It’s vital, because your personal information has a hefty price tag associated with it—both at tax time and any time.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, subscribe to our email, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post How to Spot, and Prevent, the Tax Scams That Target Elders appeared first on McAfee Blogs.
It’s tax time in the United States, and even if you’re pretty sure you did everything right, you’re worried. Did I file correctly? Did I claim the right deductions? Will I get audited? Unfortunately, tax season brings out scammers eager to take advantage of your anxiety.
First, know that you’re probably doing a good job with your taxes. Less than 2% of returns get audited and most discrepancies or adjustments can get handled easily if you address them promptly.
Still, wariness of the IRS and intricate tax laws makes for ripe pickings when it comes to hackers, who prey on people’s fear of audits and penalties. Common scams include fake emails, phone calls from crooks posing as IRS agents, and even robocalls that threaten jail time. With the information they get from you, hackers can take things a step further by stealing your identity and filing tax claims in your name.
As if we didn’t have enough to worry about at tax time.
The good news is that you have plenty of ways to protect yourself from hackers. Check out these tips to stay safe this tax season.
Straight from the authority itself, the IRS has published its top 12 tax season scams with new warnings brought on by the events of 2020.
For example, new to this year are scams associated with stimulus checks sent out by the government. The IRS says they have seen “… a tremendous increase in phishing schemes utilizing emails, letters, texts and links. These phishing schemes are using keywords such as “coronavirus,” “COVID-19” and “Stimulus” in various ways.”
This is very important: The IRS does not use email. If you get an email from someone saying they are the IRS and they want to talk with you about a problem, it is a scam.
Here’s what the IRS has to say:
The IRS will never initiate contact with taxpayers via email about a tax bill, refund, or Economic Impact Payments. Don’t click on links claiming to be from the IRS. Be wary of emails and websites − they may be nothing more than scams to steal personal information.
Social media attacks also made the IRS Dirty Dozen. In a social media attack, scammers harvest information from social media profiles. Hackers use the information to gain access to your online accounts in social media and beyond, like your bank account. Make it hard for them. Make your social media profiles private so that only friends and family can see them. Also consider so you can be safer from these kinds of crimes.
When a hacker poses as an IRS agent, they try to get personal information from you, like your social security number. They might demand payment, sometimes under the threat of penalties or even jail time. These strong-arm tactics are a dead giveaway that the email or phone call is fake.
What will the IRS do? Usually, the IRS will first mail a bill to any taxpayer who owes taxes. IRS collection employees might call on the phone or make an unannounced visit to your home or business. If they require a payment, the payment will always be to the U.S. Treasury. Read about other ways to know what the IRS won’t do when they contact you.
And remember: the IRS does not use email to contact you about tax problems.
A good defense is a good offense. File early. Protect yourself by filing your claim before they have a chance to file one as you. You don’t want to be one of those identity theft victims who finds out you’ve been scammed when you file your taxes only to get a notice in the mail saying your tax claim has already been filed.
Here’s other tool that can help you fight identity theft. And get this: it’s not only helpful, it’s free. Through the Federal Trade Commission, you are entitled to a free copy of your credit report from each of the three major credit reporting companies once every 12 months. In this report, you can find inaccuracies in your credit or evidence of all-out identity theft.
Keep in mind that you get one report from each of the reporting companies each year. That works out to three reports total in one year. Consider this: if you request one report from one credit reporting company every four months, you can spread you free credit report coverage across the whole year.
The idea is that, just like with your physical wellness, there are lots of steps you can take to protect your digital wellness. We’ve covered some of those steps in this blog. Consider one more: protect your digital life with a holistic security solution like McAfee Total Protection so you can enjoy life online knowing your precious data is protected. Tax time or otherwise, security software is always a smart move.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, subscribe to our email, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Who loves tax season besides accountants? Hackers appeared first on McAfee Blogs.
We’ve all come to a realization that we don’t go anywhere without our phone. It’s a utility that helps us navigate our daily lives: directions, schedules, shopping, discounts, banking, and so on. And as our reliance on our smartphone continues to grow, it’s no wonder that hackers have taken notice. This time, it’s another case of an app gone rogue.
With over 10 million downloads, the Barcode Scanner app provided users with a basic QR code reader and barcode generator, useful for things like making purchases and redeeming discounts. Then, most likely in a recent update, the app began to deliver ad-producing malware onto users’ phones – with the malware being traced back to the Android Barcode Scanner app. While Barcode Scanner was previously benign, it is believed that a hacker injected malicious code into the app before the latest update, pushing malware onto Android devices. Once installed, the malware hijacks your default web browsers and redirects you to random advertisements.
In a typical case of malvertising, or malicious advertising, fraudsters submit infected graphic or text ads to legitimate advertisement networks, which often can’t distinguish harmful ads from trustworthy ones. Under the guise of everyday pop-ups, these malicious ads push fake browser updates, free utilities, or antivirus programs in the hope that unsuspecting users will click. Depending on what kind of programs the malicious ads succeed in downloading, hackers might steal your data, encrypt or delete your information, or hijack your computer functions – as is the case with the Barcode Scanner’s malware.
While Google has taken down the Barcode Scanner from its store, it has not been deleted from infected devices. So, if you have the app on your phone, it’s time to uninstall it from your device manually…ASAP.
We all need to reflect on the state of our digital health, especially as hackers continue to target us through the device we use most – our phones. To help protect your data, family, and friends, check out these security tactics to keep sneaky mobile threats out:
While some malicious apps do make it through the app store screening process, most attack downloads appear to stem from social media, fake ads, and other unofficial app sources. Before downloading an app to your device, do some quick research about the origin and developer.
Reviews and rankings are still a suitable method of determining whether an app is legitimate. However, watch out for assessments that reuse repetitive or straightforward phrases, as this could be a sign of a fraudulent review.
Developers are actively working to identify and address security issues. Frequently update your operating systems and apps so that they have the latest fixes and security protections.
Holistic security solutions across all devices continues to be a strong defensive measure to protect your data and privacy from online threats like malware.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, subscribe to our email, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Millions Affected by Malware Attributed to Android Barcode-Scanning App appeared first on McAfee Blogs.
Whether they’re attending regular work meetings or catching up with extended family across the globe, many people leverage video conferencing to better connect with others – a process that will likely continue as our world only becomes more digital. But as the rapid adoption of video conferencing tools and apps occurs, potential threats to online safety emerge.
Agora is one of these tools for connection. The company’s video conferencing software is included in apps like MeetMe, Skout, Nimo TV, temi, Dr. First Backline, and Talkspace, across more than 1.7 billion devices globally. According to McAfee Advanced Threat Research (ATR), Agora’s video software development kit (SDK) until recently included a vulnerability that could have allowed an attacker to spy on ongoing video and audio calls.
In accordance with McAfee’s safe vulnerability disclosure policy, ATR provided Agora with details of its thorough research into the issue so that the software developer could take action to address it with a software update.
But let’s take a look at what a vulnerability like this could mean for users.
So, how exactly could this vulnerability allow others to spy on private calls?
The McAfee ATR team discovered that the Agora vulnerability stemmed from an error of incomplete encryption – the process of converting information or data into seemingly random output to prevent unauthorized access. Agora’s SDK implementation did not allow applications to securely configure the setup of video/audio encryption, thereby leaving a potential for hackers to snoop on them.
Therefore, if exploited, this particular vulnerability could’ve allowed a criminal to launch man-in-the-middle attacks, which occur when a hacker secretly intercepts and possibly alters the communications between two unsuspecting users. Aka, they could spy on users’ private video calls.
The vulnerability discovery and mitigation cooperation between McAfee and Agora illustrates why it’s so important for threat researchers to work closely and constructively with app developers to make our digital lives as safe as possible.
As a consumer, however, it’s important to realize what exactly you’re getting into when downloading applications for video conferencing and other tools that help you stay connected.
While the security community encourages developers to write software code with security in mind, software apps tend to struggle with bugs and vulnerabilities in their early days. Consumers should by all means download and enjoy the hottest new apps, but they should also take steps to protect themselves from any undiscovered issues that might threaten them.
Here are a few tips that can help ensure your safety while connecting with others online:
It’s easy to click “Install later” when software updates pop up on your screen. However, these updates often come with security patches for vulnerabilities like the ones mentioned above. To ensure that your software and apps have the latest security fixes, update them immediately or select the option update automatically if available.
Until a patch is created, you should operate under the assumption that a hacker could compromise your video calls. Avoid using vulnerable apps until developers make a software security update available to help protect your calls from being infiltrated.
In order to protect yourself and your loved ones from potential risks, make sure you have a holistic security solution in place, such as McAfee Total Protection, which can help block risky downloads with McAfee WebAdvisor, protect you from malicious mobile apps, and help update Windows and your apps all in one place with Vulnerability Scanner.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Hang Up on Hackers: Protect Yourself from Mobile App Video Conferencing Vulnerabilities appeared first on McAfee Blogs.
Meet ShinyHunters, a hacker who recently leaked 10 new databases this past month from companies including:
• Pixlr.com
• Bonobos.com
• Wognai.com
• Tesspring.com
• Tunedglobal.com
• Buyucoin.com
• Wappalyzer.com
• Chqbook.com
• Rooter.io
• MeetMindful.com
But this isn’t the first time they’ve made headlines. It all started in May of 2020 when ShinyHunters attempted to sell several stolen databases on the Dark Web. They also leaked several other databases between April and July. In October, they proceeded to leak the database of the meal kit delivery company, HomeChef. Not one to be easily satisfied, ShinyHunters continued their antics by exposing sixteen other databases in November, where personal user records and information were publicly shared. Prominent companies who fell victim to this wave of data breaches include gaming site Animal Jam, online marketplace Minted, and coupon company ShopBack, among others.
Personal data released ranges from contact information and addresses, dates of birth, passwords, and financial information. Not including the latest data breach, a total of 129,406,564 user records were exposed. Given the alarming size of the exposure, this gives way to rising concerns for when ShinyHunters will strike again. What’s more, this group seeks notoriety from their misdeeds, hoping to claim credibility for the number of attacks they can execute—a troubling thought for everyday users like you and me.
You never know when or if a breach will occur, which is why we must take precautions to protect our data in the case of a security breach. In the past year alone, we have seen a record number of data breaches, posing unforeseen security concerns and bringing light to new priorities for data protection. That’s why we must learn from these occurrences by proactively protecting our private information in 2021 and beyond.
There’s no way of knowing whether your personal information will fall into the wrong hands or that it will be used maliciously, but ShinyHunters has indicated that they are on the lookout for opportunities to expose more databases, so we must take the necessary steps to protect our personal information before the damage is done.
Not knowing what data was stolen can make it significantly more difficult to pinpoint what threats you may become subject to. If you realize a company you buy from fell victim to a data breach, start investigating. Use this tool to see if the breach affects you.
Great passwords are usually the first line of defense against personal data exposures, so it’s important to update them as soon as they are compromised. Additionally, use different passwords or passphrases for each of your online accounts which helps protect the majority of your data if one of your accounts becomes vulnerable. One route you can take is to use a password manager that not only lets you create strong passwords but can let you manage them efficiently with added security and peace of mind.
On top of updating your credentials, you’ll want to secure your log-in process by enabling 2-Factor Authentication. So, if a hacker has access to your stolen passwords, they’ll still have to bypass an added security layer that is time sensitive. This makes it even more difficult for them to access your information.
Like regular phishing attempts, spear-phishing attempts will try to steal your information by posing as an authentic entity to target unsuspecting victims. However, spear phishing attempts can be harder to spot because the attempt is modified to target a specific individual, often in the form of a personalized email. If you receive an email, call, or text asking you to download software, app, or pay a certain amount of money, do not click or take any direct action from the message. Instead, go straight to the organization’s website. This will prevent you from downloading malicious content from phishing links or forking over money unnecessarily.
If you find that your credit card information has been exposed, keep an eye on your bank records and validate each transaction. In the above cases for a site like MeetMindful, where Facebook authentication tokens and user IDs were stolen, it’s always best to keep an eye on other social accounts for fraudulent activity.
For maximum financial protection, freeze your credit to prevent hackers from opening new accounts in your name. Placing a freeze on your credit is free for consumers and won’t affect your credit score. Simply contact the three major credit bureaus—Equifax, Experian, and TransUnion—to set up a freeze to secure your credit file until you decide to lift it.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post ShinyHunters Exposes Over 125 Million Online Credentials appeared first on McAfee Blogs.
2020 was a year unlike any other. We transitioned from the corporate office to the home office, participated in distance learning, and figured out how to communicate with one another from afar. We sought out new forms of entertainment by streaming countless movies and TV shows and found new ways to stay active with at-home workouts. But none of this would’ve been possible without our devices and the technology we rapidly adopted. In fact, data shows that we accelerated five years forward in digital adoption during the first two months of the pandemic alone. And according to findings from our 2021 Consumer Security Mindset Report , online alternatives will continue to replace activities in people’s lives and routines that were once in-person.
In the past year, many of us started to use or increased our use of various online tools. For example, online banking usage increased from 22% in 2020, online fitness classes increased by 7%, and virtual doctor’s appointments increased by 9%. We’ve adapted to the convenience of these online alternatives and have used them to replace activities that were once primarily in-person. Additionally, 77% of survey respondents indicated that they now use or have adopted common features designed for convenience, such as text and email notifications, web or mobile applications versus desktop sites, and more.
Online alternatives will continue to replace activities in people’s lives that were once in-person. According to our survey, the top digital activities that will remain part of our routines even as social distancing and stay-at-home restrictions lift include online banking, social engagements, and personal shopping. But as we continue to rely on technology to complete these tasks, how are we adapting our security habits to greater time spent online?
The more time we spend online interacting with various apps and services, the greater our exposure is to potential cybersecurity risks and threats. So, as we continue to adapt to and embrace our new digital world, hackers are simultaneously taking notes. Survey results show that 71% of respondents are most concerned about their financial data being stolen or compromised, while 68% are concerned that their personal information could get hacked.
A heightened sense of security is of the utmost importance so we can continue to live our digital lives free from worry. But 29% of survey respondents don’t feel very confident about their ability to prevent a cyberattack and believe that they don’t have what they need to prevent one. And while another 40% is confident in their ability to prevent an attack, they think they could better understand how to identify or combat threats.
Even with these concerns, there still appears to be a discrepancy between our perceptions around online security versus our actions. While 70% of respondents stated that they purchased at least one connected device in 2020, only 50% bought security software, and only a quarter admitted that they check if their security software is up to date. But to preserve our digital wellness as we adopt new technology into our lives, we must upgrade our security habits in tandem. After all, it’s better to prevent a problem than be in a position of having to fix it.
To help prevent a hacker from striking, it helps to think about why they would want your data in the first place. However, over half of U.S. respondents admitted that they never considered how much their online data is worth. Hackers are always looking for ways to exploit others for money. By scavenging and stealing our personally identifiable information over the internet, hackers can piece together our identities – a valuable asset and can be sold for a lot of cash.
To stay one step ahead of hackers and protect your digital wellness into the new year and beyond, continue to work on your own online habits and follow these security tips:
Two or multi-factor authentication provides an extra layer of security, as it requires multiple forms of verification like texting or emailing a secure code to verify your identity. Most popular online sites like Gmail, Dropbox, LinkedIn, Facebook, etc. offer multi-factor authentication, and it takes just a few minutes to set it up. This reduces the risk of successful impersonation by criminals who may have uncovered your information by keyboard snooping.
Hackers tend to lurk in the shadows on public Wi-Fi networks to catch unsuspecting users looking for free internet access. If you have to conduct transactions on a public Wi-Fi network, use a virtual private network (VPN) like McAfee® Safe Connect to help keep you safe while you’re online.
Use a comprehensive security solution, like McAfee Total Protection, which can help protect devices against malware, phishing attacks, and other threats. It includes McAfee WebAdvisor, which can help identify malicious websites.
When using third-party tools like video conferencing platforms, adjust your security settings by password protecting your meetings and blocking other meeting attendees from sharing their screens. You can also adjust your device’s app permissions to only access your location when actively in use, or enable safe browsing options to protect you from malicious websites.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post New Year, New Digital You: Consumer Security Findings from McAfee’s Latest Report appeared first on McAfee Blogs.
The holidays have come and gone, and students returned to the virtual classroom. But according to the FBI, cyberattacks are likely to disrupt online learning in the new year. As of December 2020, the FBI, Cybersecurity and Infrastructure Security Agency (CISA), and MS-ISAC continue to receive reports from K-12 educational institutions about the disruptions caused by cyberthreats, primarily ransomware and Distributed Denial of Service (DDoS). To protect their education and digital lives, distance learners will need to stay vigilant when it comes to ransomware and DDoS attacks. Let’s dive into the impact these threats have on the K-12 education system now that more people are plugged in as a result of distance learning.
Of all the attacks plaguing K-12 schools this year, ransomware has been a particularly aggressive threat. Ransomware attacks typically block access to a computer system or files until the victim pays a certain amount of money or “ransom.” The FBI and the CISA issued a warning that showed a nearly 30% increase in ransomware attacks against schools. In August and September, 57% of ransomware incidents involved K-12 schools, compared to 28% of all reported ransomware incidents from January through July. And it’s unlikely that hackers will let up anytime soon. Baltimore County’s school system was recently shut down by a ransomware attack that hit all of its network systems and closed schools for several days for about 111,000 students. It wasn’t until last week that school officials could finally regain access to files they feared were lost forever, including student transcripts, first-quarter grades, and vital records for children in special education programs.
According to to ZDNet, the five most active ransomware groups targeting K-12 schools are Ryuk, Maze, Nefilim, AKO, and Sodinokibi/REvil. Furthermore, all five of these ransomware families are known to run “leak sites,” where they dump data from victims who don’t pay the ransom. This creates a particularly dangerous problem of having student data published online. To prevent distance learning disruption, students and educators need to understand the effects of ransomware on school systems and take steps to prevent the damage caused by this threat.
An increase in ransomware attacks isn’t the only problem that K-12 schools are facing. The CISA and the FBI warned those participating in distance learning to protect themselves against other forms of cyberattacks such as Distributed Denial of Service (DDoS). DDoS is a method where hackers flood a network with so much traffic that it cannot operate or communicate as it normally would.
According to Dark Reading, Miami-Dade County Public Schools experienced significant disruptions during their first three days of distance learning for the 2020-2021 school year, thanks to a series of DDoS attacks. The school system stated it had already experienced more than a dozen DDoS attacks since the start of the school year. Sandwich Public Schools in Massachusetts were also knocked offline by a DDoS attack. When school systems fall victim to DDoS attacks, students can lose access to essential documents, files, or online platforms that they need to complete assignments. And with many students relying heavily on distance learning systems, losing access could put them behind.
In an effort to create a standardized framework for dealing with ransomware attacks across verticals – including education – McAfee has teamed up with Microsoft to lead the Ransomware Task Force, along with 17 other security firms, tech companies, and non-profits. And while we’re taking critical actions to decrease the threat of ransomware attacks, there are other steps you can take to prevent ransomware and DDoS attacks from interrupting your distance learning experience. Follow these tips to take charge of your education and live your digital life free from worry:
Many ransom notes seem convincing, and many only request small, seemingly doable amounts of money. Nevertheless, you should never pay the ransom. Paying does not promise you’ll get your information back, and many victims often don’t. So, no matter how desperate you are for your files, hold off on paying up.
With ransomware attacks locking away crucial data, it’s important to back up your files on all your machines. If a device becomes infected with ransomware, there’s no promise you’ll get that data back. Ensure you cover all your bases and have your data stored on an external hard drive or in the cloud.
Use decryption tools
No More Ransom – an initiative that teams up security firms, including McAfee, and law enforcement – provides tools to free your data, each tailored for a specific type of ransomware. If your device gets held for ransom, start by researching what type of ransomware it is. Then, check out No More Ransom’s decryption tools and see if one is available for your specific strain.
Your Wi-Fi router is the gateway to your network. Secure it by changing the default password. If you aren’t sure how to do this, consult the internet for instructions on how to do it for your specific make and model, or call the manufacturer. Solutions like McAfee Secure Home Platform, which is embedded within select routers, can help you easily manage and protect your network from DDoS attacks and more.
A lot of internet of things (IoT) devices come with default usernames and passwords. After taking your IoT device out of the box, the first thing you should do is change those default credentials. If you’re unsure of how to change the default setting on your IoT device, refer to setup instructions or do a bit of research online.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Ransomware and DDoS is on the Rise: Tips for Distance Learning in 2021 appeared first on McAfee Blogs.
2020 was unexpectedly defined by a global pandemic. Throughout the year, we have all had to figure out how to best live our lives online – from working from home to distance learning to digitally connecting with loved ones. As 2020 comes to a close, we must ask: will this new normal continue into 2021, and how will it affect how we connect – both with each other and with our online world?
McAfee assessed the cybersecurity landscape as we head into the New Year, highlighting the key takeaways we should keep in mind to help protect our digital lives:
Home is a safe space – or is it? With more consumers living and working from home, we have seen an increase in connected devices within the home. In fact, since the onset of the coronavirus pandemic, McAfee Secure Home Platform device monitoring shows a 22% increase in the number of connected home devices globally and a 60% increase in the U.S. These trends are also carrying over into mobile shopping habits. Almost 80% of shoppers have found themselves using their IoT devices to make more purchases since the beginning of the pandemic. The evolving world of the connected lifestyle gives hackers more potential entry points to homes and consumers information- through devices, apps and web services- and in 2021, we will be monitoring how this trend evolves.
With more of us working remotely, distance learning, and seeking online entertainment, cybercriminals will look to exploit our vulnerabilities. For example, remote employees are more likely to use personal devices while working and log onto home networks that are not fully secured. What’s more, many of the systems behind consumer networks have not had their passwords changed from the default settings since it was first introduced into the home . If a criminal can use the default credentials to hack the consumer’s network infrastructure, they may also gain access to other network devices – whether they are used for school, work, or leisure.
Touchless solutions for payments are becoming more popular as we all navigate the curveballs of COVID-19. Mobile payment apps provide the convenience of both paying for services and receiving payments without the hazards of touching cases or credit and debit cards. However, fraudsters are also following the money to mobile, as research by RSA’s Fraud and Risk Intelligence team shows that 72% of cyber fraud activity involved mobile in the fourth quarter of 2019. McAfee predicts an increase in “receive”-based exploits in 2021, since they provide a quick and easily entry for fraudsters to scam unsuspicious consumers by combining phishing with payment URLs.
Imagine receiving an email stating that you’re receiving a refund for a concert that was canceled due to COVID-19. The email instructs you to click on the URL in the next message, fill in your bank information, and “accept the refund.” But instead of getting your money back, you find that you’ve handed over your financial data to scammers. As we continue to adopt mobile payment methods in 2021, it’s important to remember that hackers will likely take advantage of these convenient touchless systems.
With the pandemic, more industries have QR codes to make our lives easier- with Statista reporting that over 11 million US households are expected to scan QR codes by 2020. From restaurants to personal care salons to fitness studies, QR codes help limit direct contact with consumers – you easily scan the code, see services/items offered, and select and purchase your desired items. But do you stop and think about how this might be putting your personal data at risk? As it turns out, QR codes provide scammers with a new avenue for disguising themselves as legitimate businesses and spreading malicious links.
Scammers are quick to exploit popular or new technology for their malicious tricks, and QR codes are no different. In fact, McAfee predicts that hackers will find opportunities to use social engineering to gain access to our personal data in a single scan. Take restaurant owners looking to make QR codes that give us quick access to their menus. Knowing that these business owners are looking to download apps that generate QR codes, bad actors are predicted to entice them into downloading malicious apps that pretend to do the same.
But instead of generating a code, the app will steal the owner’s data, which scammers could then use to trick loyal diners like you and me. Once a hacker gains access to the restaurant’s customer database, they can use this information to launch phishing scams under the guise of our favorite local eateries.
To help ensure that you are one step ahead of cybercriminals in the upcoming year, make a resolution to adopt the following online security practices and help protect your digital life:
If you receive an email, call, or text asking you to download software, app, or pay a certain amount of money, do not click or take any direct action from the message. Instead, go straight to the organization’s website. This will prevent you from downloading malicious content from phishing links or forking over money unnecessarily.
If someone sends you a message with a link, hover over the link without clicking. This will allow you to see a link preview and check for any typos or grammatical errors – both of which are typical signs of a phishing link. If the URL looks suspicious, don’t interact with it and delete the message altogether.
When setting up a new IoT device, network, or online account, always change the default credentials to a password or passphrase that is strong and unique. Using different passwords or passphrases for each of your online accounts helps protect the majority of your data if one of your accounts becomes vulnerable.
Use a comprehensive security solution, like McAfee Total Protection, which can help protect devices against malware, phishing attacks, and other threats. It includes McAfee WebAdvisor, which can help identify malicious websites.
Stay Updated
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Top Security Threats to Look Out for in 2021 appeared first on McAfee Blogs.
Every few weeks, there seems to be breaking news about large-scale data breaches that affect millions – but what about the lesser-known threats that lurk quietly in the shadows? Oftentimes, these are the scams that could wreak havoc on our day-to-day digital lives.
Adrozek malware is just that: a new strain that affects web browsers, stealthily stealing credentials through “drive-by downloads,” or a download that happens without your knowledge.
Let’s unpack how this malware works, who it targets, and what we can do to protect our browsers from this sneaky threat.
According to Threatpost, Adrozek is infecting several web browsers (including Google Chrome, Microsoft Edge, Mozilla Firefox, and Yandex) on Windows machines with the help of a browser modifier that hijacks search results. To find its way onto our devices, the malware uses “drive-by downloads” once you load one of its several malicious web pages. In fact, a huge, global infrastructure supports Adrozek – one that is made up of 159 unique domain names, each hosting an average of 17,300 unique URLs, which in turn hosts more than 15,300 unique malware samples.
Once it makes its way onto your machine, the malware changes the device’s browser settings to allow Adrozek to insert fake ads over real ones. If you do happen to click on one of these fraudulent ads, the scammers behind this threat earn affiliate advertising dollars for each user they deceive. This not only takes money away from advertisers who are unaware that malware is increasing their traffic, but it also pays cybercriminals for their crimes. What’s more, the malware extracts data from the infected device and sends it to a remote server for future exploitation. In some cases, it even steals saved passwords from Firefox. These features allow the cybercriminals behind Adrozek to capitalize on the initial threat by collecting data that could be used against everyday users like you and me when we least expect it.
Aside from being supported by a vast infrastructure, Adrozek is powerful for another reason: it’s difficult to spot. Adrozek is a type of polymorphic malware, or malware that is programmed to constantly shift and change its code to avoid detection. As a result, it can be tricky to find and root out once it’s infected your browser.
To help protect your devices from falling victim to the latest theats, follow these tips to help protect your online security:
Software developers are actively working to identify and address security issues. Frequently update your browsers, operating systems, and apps so that they have the latest fixes and security protections.
Because Adrozek actively steals saved passwords from Firefox, it’s crucial to practice good password hygiene. When updating your credentials, you should always ensure that your password is strong and unique. Many users utilize the same password or variations of it across all their accounts. Therefore, be sure to diversify your passcodes to ensure hackers cannot obtain access to all your accounts at once, should one password be compromised. You can also employ a password manager to keep track of your credentials.
You can typically get rid of browser-hijacking malware by resetting the browser. But because Adrozek will hide itself on your device, extra measures should be taken to get rid of it. If you suspect that Adrozek may have found its way onto your device, delete your browsers, run a malware scan, and reboot your device. Run the malware scan a second time and reinstall your browsers.
Use a solution like McAfee Total Protection, which can help protect devices against malware, phishing attacks, and other threats. It includes McAfee WebAdvisor, which can help identify malicious websites.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Adrozek Malware is Wreaking Havoc on Web Browsers: How to Stay Protected appeared first on McAfee Blogs.
You wake up, log in to your Outlook, and find an email waiting in your inbox from support@irs.gov. Much to your confusion, the email claims that you have an outstanding account balance that you must pay immediately, or you will face legal charges.
As it turns out, you’re not the only one to receive this message. According to Bleeping Computer, a phishing campaign was recently discovered impersonating the IRS, with 70,000 spoofed emails reaching users’ inboxes. Let’s unpack how this scheme works.
This scam targets Microsoft 365 users and threatens to press legal charges unless the recipient settles an outstanding account balance. And while some of the telltale signs of a phishing scam are grammar errors and misspellings throughout the body and address of the email, this threat is a little more sophisticated. To make this threat appear more credible, scammers use the email support@irs.gov, causing recipients to believe that the email actually did originate from the IRS. The email also appears to have no spelling errors at first glance, further increasing its legitimacy to an unsuspecting user.
This scam is not foolproof, however. Upon further investigation, a recipient would see that the email’s header reveals the real sending domain: shoesbagsall.com. What’s more, the reply-to field redirects the replies to legal.cc@outlook.com instead of the IRS support mailing address.
To further entice users into falling for this scheme, scammers threaten arrest or other legal charges and tell recipients that they will forward the emails to their employer to withhold the fake outstanding amounts from their wages. Additionally, the emails also instruct the targets to immediately reply with payment details to avoid having their credit affected.
The best way to stay protected from phishing scams? Knowing how to spot them! Follow these security tips and best practices to prevent falling for fraudsters’ tricks:
Be skeptical of emails or text messages claiming to be from organizations with peculiar asks or information that seems too good to be true. Instead of clicking on a link within the email or text, it’s best to go straight to the organization’s website or contact customer service.
If you receive an email or text asking you to download software or pay a certain amount of money, don’t click on anything within the message. Instead, go straight to the organization’s website. This will prevent you from downloading malicious content from phishing links or forking over money unnecessarily.
If someone sends you a message with a link, hover over the link without actually clicking on it. This will allow you to see a link preview. If the URL looks suspicious, don’t interact with it and delete the message altogether.
If you accidentally respond to a phishing email with your personal data, change the passwords to any accounts you suspect may have been impacted. Make sure your new credentials are strong and unique from your other logins. For tips on how to create a more secure password, read our blog on common password habits and how to safeguard your accounts.
A solution like McAfee Identify Theft Protection will help you to monitor your accounts and alert you of any suspicious activity.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post 70,000 Phishing Emails Sent Impersonating the IRS: How to Stay Protected appeared first on McAfee Blogs.
You’re not the only one looking forward to the big holiday sales like Black Friday and Cyber Monday. Hackers are too. As people flock to retailers big and small in search of the best deals online, hackers have their shopping scams ready.
So while you already know how to spot a great deal, here are ways you and your family can steer clear of online scams so you can keep your finances safer this shopping season:
A common scam hackers use is introducing malware via email attachments, and during the holiday sale season, they’ll often send malware under the guise of offer emails and shipping notifications. Know that retailers and shipping companies won’t send things like offers, promo codes, and tracking numbers in attachments. They’ll clearly call those things out in the body of an email instead.
A classic scammer move is to “typosquat” phony email addresses and URLs that look awfully close to legitimate addresses of legitimate companies and retailers. They often appear in phishing emails and instead of leading you to a great deal, these can in fact link you to scam sites that can then lift your login credentials, payment info, or even funds should you try to place an order through them.
A related scammer trick that also uses typosquatting tactics is to set up sites that look like they could be run by a trusted retailer or brand but are not. These sits may tout a special offer, a great deal on a hot holiday item or whatnot, yet such sites are one more way cybercriminals harvest personal and financial information. A common way for these sites to spread is by social media, email, and other messaging platforms. Be skeptical of any links you see there—it’s best to go to the site directly and look for the deal there.
Using a complete security software suite can offer layers of extra protection while you shop, such as web browser protection that will block malicious and suspicious links that could lead you down the road to malware or a financial scam.
Using the same narrow set of passwords only helps hackers. If they hack one account, they can then hack others—simply because that same password is in use over and over. Use a password manager that can create strong passwords and store them securely as well. That’ll save you some hassle and keep you safer in the process.
Two-factor authentication is an extra layer of defense on top of your username and password. It adds in the use of a special one-time-use code to access your account, usually sent to you via email or to your phone by text or a phone call. In all, it combines something you know, like your password, with something you have, like your smartphone. Together, that makes it tougher for a crook to hack your account. If any of your accounts support two-factor authentication, put it into place.
Public Wi-Fi in coffee shops and other public locations can expose your private surfing to prying eyes because those networks are open to all. Using a virtual private network (VPN) encrypts your browsing, shopping, and other internet traffic, thus making it secure from attempts at intercepting your data on public Wi-Fi and harvesting information like your passwords and credit card numbers.
Specific to the U.S., the Fair Credit Billing Act offers the public protection against fraudulent charges on credit cards, where citizens can dispute charges over $50 for goods and services that were never delivered or otherwise billed incorrectly. Note that many credit card companies have their own policies that improve upon the Fair Credit Billing Act as well. However, debit cards aren’t afforded the same protection under the Act. Avoid using those while shopping online and use your credit card instead.
Another alternative is to set up a virtual credit card, which is a proxy for your actual credit card. With each purchase you make, that proxy changes, which then makes it much more difficult for hackers to exploit. You’ll want to research virtual credit cards further, as there are some possible cons that go along with the pros, such as in the case of returns where a retailer will want to use the same proxy to reimburse a purchase.
With all the passwords and accounts we keep, this is important. Checking your credit will uncover any inconsistencies or outright instances of fraud. From there, you can then take steps to straighten out any errors or bad charges that you find. In the U.S., you can run a free credit report once a year with the major credit reporting agencies. Just drop by the Federal Trade Commission (FTC) website for details on your free credit report.
One aspect of cybercrime that deserves a fair share of attention is the human element. Crooks have always played on our feelings, fears, and misplaced senses of trust. It’s no different online, particularly during the holidays. We all know it can be a stressful time and that we sometimes give into the pressure of finding that hard-to-get gift that’s so hot this year. Crooks do too, and they’ll tailor their attacks around those.
So, while you’re shopping online this year, take a deep breath before you dive in. Double-check those deals that may look almost too good to be true. They may be a scam waiting to spring—and indeed be too good to be true after all.
To stay updated on all things McAfee and for more resources on staying secure from home, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Cyber Monday is Coming – 10 Tips to Protect You From Online Shopping Scams appeared first on McAfee Blogs.
Video conferencing has really taken off this year. With more people working and learning from home than ever before, video calling has rapidly become the mainstream method for remote communication, allowing users to stay connected. But very few may realize that they might be giving away their passwords on video calls through their body language. According to Tom’s Guide, call participants can guess a user’s passwords through the arm and shoulder movements they make while they type.
Let’s unpack how this threat works so you can continue to connect via video calls worry-free.
Keyboard snooping, or a keyboard interference threat, occurs when an attacker is present on a video call and observes the target’s body and physiological features to infer what they are typing. To pull off this attack, the hacker would need to record the meeting or video stream and feed it through a computer program. This program eliminates the visual background and measures the user’s arm and shoulder movements relative to their face. From there, the program analyzes the user’s actions to guess which keys they are hitting on the keyboard – including passwords and other sensitive information.
So, how accurate is this program, anyway? While this shows that the program was only correct 20% of the time when subjects were on their own devices in an uncontrolled environment, the program’s accuracy increased to 75% if their password was one of the one million most commonly used passwords. And suppose the program already knew their email address or name. In that case, it could decipher when the target was typing this information during the video call (and when their password would immediately follow) 90% of the time. The less complex the target makes their password, the easier it is for the program to guess what they’re typing.
Keystroke inference attacks can have potentially dangerous effects, since the text typed can often contain sensitive or private information even beyond passwords, like credit card numbers, authentication codes, and physical addresses. It’s also important to note that any video conferencing tool or videos obtained from public video sharing/streaming platforms are susceptible to this attack.
Therefore, to prevent your meeting attendees from snooping on what you’re typing, follow these tips for greater peace-of-mind:
Avoid giving keyboard snoopers the upper hand by making your password or passphrase as unique as the information it’s protecting. If a hacker does manage to guess your password for one of your online accounts, they will likely check for repeat credentials across multiple sites. By using different passwords or passphrases for your online accounts, you can remain calm and collected knowing that the majority of your data is secure if one of your accounts becomes vulnerable.
Two or multi-factor authentication provides an extra layer of security, as it requires multiple forms of verification like texting or emailing a secure code to verify your identity. Most popular online sites like Gmail, Dropbox, LinkedIn, Facebook, etc. offer multi-factor authentication, and it takes just a few minutes to set it up. This reduces the risk of successful impersonation by criminals who may have uncovered your information by keyboard snooping.
Take your security to the next level with a password manager, like the one included in McAfee Total Protection. A password manager can help you create strong passwords, remove the hassle of remembering numerous passwords, and log you on to websites automatically.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post How to Prevent Keyboard Snooping Attacks on Video Calls appeared first on McAfee Blogs.
Where would we be without our internet this year?
We’ve shopped, worked, studied and taught, job hunted, and cared for each other online this year in ways we haven’t before—not to mention entertained ourselves plenty too. As so many of us have faced challenges and outright adversity this year, it’s difficult to imagine what this year would have been like without the support of a reliable broadband internet connection. So much so, you can argue that it’s become a necessity.
For that, I’m thankful—and recognize that we have a long way to go before all of us can share in those same thanks. As I’ve mentioned in earlier blogs, fixed broadband internet access at home remains elusive for many. In the U.S. alone, one analysis shows that more than 150 million people do not use the internet at broadband speeds, which is practically half of the U.S. population.
A good question to ask here is what exactly constitutes “broadband?” The Federal Communications Commission (FCC) defines broadband speeds as 25 Megabits per second (Mbps) of download speed and 3 Mbps of upload speed. (Note that the FCC estimates only 21 million people in the U.S. are without broadband, a number widely considered to be low.)
Put in everyday terms, 25 Megabits per second of download speed is baseline figure that should provide a family of two to four people with enough capacity to engage in bandwidth-hungry activities like working from home, schooling online, or even receiving medical care through telemedicine, along with streaming to stay entertained and informed too.
As we look at that figure of 150 million underserved people, we see people who live in remote areas that simply aren’t wired for broadband yet, representing millions of rural residents and people living on tribal lands. Additionally, it also includes people in urban areas who potentially have access to a broadband connection, yet their income levels impact their ability to subscribe to it.
Obviously, a major hurdle in rolling out broadband nationwide is the 1.9 billion acres that makes up our country. The physical, technological, and financial efforts associated with building fixed broadband access across rural and remote terrain are substantial to say the least. Additionally, there are regulatory matters as well, like the rules that govern access to existing utility poles and conduits needed for broadband deployment.
Ultimately, we’re talking about connecting not just homes, but entire communities—people, businesses, libraries, granges, local government, and more. Getting them access to broadband isn’t just a commercial interest, it’s a matter of infrastructure as well. Just as water and electricity are utilities, we can argue that the internet, broadband internet, has long since evolved into a utility. The reasons are clear: education, economic growth, employment and even access to healthcare all stand to improve when broadband is available to a community, as has been seen in communities such as Chattanooga, Tennessee and in Delta County, Colorado. Thus it makes sense that connecting them has become a joint endeavor by the public and private sector.
Meanwhile, last summer, the lack of adequate broadband across Nebraska during the pandemic prompted the state’s governor and legislature to allocate pandemic relief funds and pass bills that would speed the deployment of broadband across the state. As reported by the Omaha World-Herald, one of Nebraska’s rural power district managers said of fixed broadband service, “It goes beyond economic development, it goes beyond watching Netflix, there’s some real business implications here.”
However, even in communities where broadband is physically available, pockets of low-speed connectivity exist as well. According to the Pew Research Center, only 53 percent of adults with an income under $30,000 had broadband access at home. For those with an income of between $30,000 and $100,000, that figure takes a major leap up to 81%. Instead, lower-income Americans turn to their smartphones for all their internet access. From the findings:
“As of early 2019, 26% of adults living in households earning less than $30,000 a year are “smartphone-dependent” internet users–meaning they own a smartphone but do not have broadband internet at home. In contrast, only 5% of those living in households earning $100,000 or more fall into this category in 2019.”
What does a smartphone-only internet life might look like? Pew Research Center put that into perspective in a survey where respondents were asked about job hunting on the internet. Some 32% of people with a reported household income of under $30,000 said that they submitted a job application by phone. For those households making more than $75,000, that figure was just 7%. (Cost is certainly a factor, yet it is encouraging to see that the reported average cost of broadband in the U.S. is dropping—down to $50 a month from just over $67 a month a year ago.)
That’s just one example of a smartphone-only internet, yet you can imagine how difficult it must be to create a resume, complete schoolwork, or work remotely when your internet experience is limited to the small screen of a phone. Contrast that with this year’s need to work and study at home. A low-income household that’s dependent on smartphones misses out. Their internet is a less useful and less productive internet experience. They simply can’t work, learn, and train at home like fully connected households can.
My hope in sharing this issue with you is so that we can all gain a bit of perspective. Far fewer people have access to a broadband internet experience than we might initially think, which results in a lack of connectivity that stunts the benefits and opportunities they and their communities can realize.
Granted, the solution for increasing broadband access largely rests with state-level broadband offices, budgeting and legislation at the federal government level, along with public partnerships and interest groups who are all pushing for improved broadband access. (And, in the states which allow it, municipal broadband solutions.) However, as individuals, we can let this reality shape some of our decision-making on a local level.
When library funding measures come up for approval in your community, consider giving them your “yes” vote, as they may present an opportunity to fund library locations and services where people can access free broadband. Likewise, give school levies your consideration, they may help get a computer in the hands of a student who doesn’t have one. (An 11% increase in PC, Mac, and Chromebook sales this year was largely driven by the education market, which needed to supply computers for in-home learning.) These are just a couple of ways that we can “think global, act local” and help others get access to a full broadband internet experience.
So as Thanksgiving approaches, let’s indeed say thanks for the connectivity and internet experience so many of us enjoy—and how vital that was this year. Likewise, let’s remember that our country and the communities within it still have a way to go before the overwhelming majority of us can benefit from that same experience—so that they can enjoy and be thankful for it too.
Stay Updated
To stay updated on all things McAfee and for more resources on staying secure from home, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Thankful for broadband internet, and hopeful for much more appeared first on McAfee Blogs.
In the early days of the COVID-19 pandemic, another pandemic of sorts took root—this one an “infodemic.” Whether designed to mislead, instill fear, capitalize on crank remedies, or push phony cures that caused harm or worse, millions of outright false stories about COVID-19 proliferated across the internet. And continue to do so.
Now, with our upcoming election in the U.S., there’s concern that this infodemic of misinformation about COVID-19 will keep people away from the polls or from working at them. Particularly elders.
With this blog, my aim is to point you toward trustworthy resources online that can help you get your vote cast and counted safely.
First, a word about COVID-19 misinformation in general.
Since the initial outbreak, we’ve monitored online threats and scams related to COVID-19. As shown in our July 2020 Threat Report, the first three months saw the number of malicious and scam websites related to COVID-19 jump from 1,600 to more than 39,000, along with a wave of spam emails and posts that peddled bogus sites for protective gear, masks, and cures. Now, in mid-September, our threat detection team has uncovered three million online threats related to COVID-19 and counting. (See the daily tally here for the latest figures.)
Elsewhere, global and national public health officials have worked diligently to counter these waves of misinformation, such as the World Health Organization’s COVID-19 “mythbuster” site, in addition to further mythbusting from major news outlets around the world and yet more mythbusting from respected science publications. However, instances of misinformation, both big and small, persist and can lead to negative health consequences for those who buy into such misinformation.
Whether you’ll vote in person or by mail, these links provide a mix of trustworthy information about voting and the latest verified information about the virus:
Be aware that our collective understanding of COVID-19 continues to evolve. The pandemic isn’t even a year old at this time, and new research continues to reveal more about its nature. Be sure to check with these resources along with your local public health resources for the latest on the virus and how to stay safe.
If you’re considering voting by mail, the following is for you. Published by U.S. News and World Report, this article breaks down how you can vote by mail in your state. While all 50 states allow for mail-in voting in some form or fashion, specifics vary, and some states make it easier to do than others. (For example, a handful of states like Texas, Indiana, and Louisiana currently do not allow COVID-19 concerns as a valid reason for requesting a mail-in ballot.)
Note that this article was published at the end of August, so be sure to follow the links for your state as published in the article for the absolute latest information. Yet don’t wait to look into your absentee or mail-in options. As noted above, each state has its terms and deadlines, so it’s best to review your options now.
Meanwhile, five states— Colorado, Hawaii, Oregon, Washington state, and Utah already conduct their elections entirely by mail. Such practices have proven to be successful alternatives to voting in person, they have slightly increased voter turnout while minimizing the risks of voter fraud.
Get your vote out safely. Whether it’s by visiting the polls following the safety guidelines or by way of mail as also allowed by your state, it can be done—particularly when you have trusted information sources at hand.
To stay updated on all things McAfee and for more resources on staying secure from home, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post U.S. Election 2020 – Don’t Let COVID-19 Misinformation Suppress Your Vote appeared first on McAfee Blogs.
FreshRSS 