Login
As technology weaves itself into our lives in new and unexpected ways, some of it will get quite personal and close to home. That made itself clear at CES this year, which makes a strong case for your security.
The more things we connect, the more data we create. Data about ourselves that companies and others collect, share, and sell—where we are and what we’re doing, along with what we buy, watch, and search for. And today, we’re creating more of it and in more exacting detail.
We connect our homes with smart devices that create data about our comings and goings, and we connect ourselves with smart glasses and watches, rings, and things that track our health, our sleep, and wellness overall. Meanwhile, we have virtual reality and augmented reality hardware companies that want a place on your face with headsets and experiences that will take you into the metaverse.
Walking the floor of this year’s CES, you’ll see all these things, and plenty more. Yet central to it all is one thing—you. Specifically, your privacy and identity.
As technology evolves so rapidly and brings new ways of experiencing our world, it’s an exciting time. It’s also a somewhat uncertain time. What data will these devices create? Who’ll collect it? What will they do with it? And importantly, what can you do to protect yourself? Questions about your security are very much on our minds, and they’re on yours too. You’ve told us as much.
And unsurprisingly, protection is very much on your mind as well.
And that’s where we come in. Just as the floor of CES showcases the evolution of life online, we’re evolving online protection as well. McAfee+ represents that next step—a product line that gives you a full slate of online protection that covers your privacy, identity, and devices so you can enjoy life online with confidence.
At the center of that online life is you, and our definition of online protection has become quite expansive as a result. We see how it can help you monitor your credit, your identity, and where your personal information crops up online. We see how it can prevent the wrong people from getting their hands on data and info too. And we see how our industry-first Protection Score can show you how safe you are—and offer guidance that can make you safer still. In all, we see it as an online companion, one that removes uncertainty and gives you a feeling of security. Because you truly are secure.
In all, protection today demands this comprehensive approach because we go about so much of our day online. McAfee+ reflects that reality. And with that, the various plans for McAfee+ include:
And that list will only continue to grow. As the year takes shape, we’ll roll out yet more protections that will give you even more control of your privacy and identity. Particularly as you and your household rely on life online more and more.
As is true any year at CES, we see all manner of potential. New ways to make the day easier, more enjoyable, and more productive thanks to life online. Yet amidst it all, we see you. We see how you’ll use these new technologies, what the privacy, identity, and security implications are, and how we can protect you so you can benefit from these advances in technology, safely.
Like you, we’re excited for what’s next, and we’ll see to it that you can enjoy it—with protection that looks after you, your household, and your family.
The post The Case for Your Security at CES 2023 appeared first on McAfee Blog.
Ransomware. Even the name sounds scary.
When you get down to it, ransomware is one of the nastiest attacks a hacker can wage. They target some of our most important and precious things—our files, our photos, and the information stored on our devices. Think about suddenly losing access to all of them and being forced to pay a ransom to get access back. Worse yet, paying the ransom is no guarantee the hacker will return them.
That’s what a ransomware attack does. Broadly speaking, it’s a type of malware that infects a network or a device and then typically encrypts the files, data, and apps stored on it, digitally scrambling them so the proper owners can’t access them. Only a digital key can unlock them—one that the hacker holds.
Nasty for sure, yet you can take several steps that can greatly reduce the risk of it happening to you. Our recently published Ransomware Security Guide breaks them down for you, and in this blog we’ll look at a few reasons why ransomware protection is so vital.
The short answer is pretty bad—to the tune of billions of dollars stolen from victims each year. Ransomware targets people and their families just as explained above. Yet it also targets large organizations, governments, and even companies that run critical stretches of energy infrastructure and the food supply chain. Accordingly, the ransom amounts for these victims climb into millions of dollars.
A few recent cases of large-scale ransomware attacks include:
Who’s behind such attacks? Given the scope and scale of them, it’s often organized hacking groups. Put simply, these are big heists. It demands expertise to pull them off, not to mention further expertise to transfer large sums of cryptocurrency in ways that cover the hackers’ tracks.
As for ransomware attacks on people and their families, the individual dollar amounts of an attack are far lower, typically in the hundreds of dollars. Again, the culprits behind them may be large hacking groups that cast a wider net for individual victims, where hundreds of successful attacks at hundreds of dollars each quickly add up. One example: a hacker group that posed as a government agency and as a major retailer, which mailed out thousands of USB drives infected with malware.
Other ransomware hackers who target people and families are far less sophisticated. Small-time hackers and hacking groups can find the tools they need to conduct such attacks by shopping on the dark web, where ransomware is available for sale or for lease as a service (Ransomware as a Service, or RaaS). In effect, near-amateur hackers can grab a ready-to-deploy attack right off the shelf.
Taken together, hackers will level a ransomware attack at practically anyone or any organization—making it everyone’s concern.
Hackers have several ways of getting ransomware onto one of your devices. Like any other type of malware, it can infect your device via a phishing link or a bogus attachment. It can also end up there by downloading apps from questionable app stores, with a stolen or hacked password, or through an outdated device or network router with poor security measures in place. And as mentioned above, infected storage devices provide another avenue.
Social engineering attacks enter the mix as well, where the hacker poses as someone the victim knows and gets the victim to either download malware or provide the hacker access to an otherwise password-protected device, app, or network.
And yes, ransomware can end up on smartphones as well.
While not a prevalent as other types of malware attacks, smartphone ransomware can encrypt files, photos, and the like on a smartphone, just as it can on computers and networks. Yet other forms of mobile ransomware don’t have to encrypt data to make the phone unusable. The “Lockerpin” ransomware that has struck some Android devices in the past would change the PIN number that locked the phone. Other forms of mobile ransomware paste a window over the phone’s apps, making them unusable without decrypting the ransomware.
Part of avoiding ransomware involves reducing human error—keeping a watchful eye open for those spammy links, malicious downloads, bogus emails, and basically keeping your apps and devices up to date so that they have the latest security measures in place. The remainder relies on a good dose of prevention.
Our Ransomware Security Guide provides a checklist for both.
It gets into the details of what ransomware looks like and how it works, followed by the straightforward things you can do to prevent it, along with the steps to take if the unfortunate ends up happening to you or someone you know.
Ransomware is one of the nastiest attacks going because it targets our files, photos, and information, things we don’t know where we’d be without. Yet it’s good to know you can indeed lower your risk with a few relatively simple steps. Once you have them in place, chances are a good feeling will come over you, the one that comes with knowing you’ve protected what’s precious and important to you.
The post Your Guide to Ransomware—and Preventing It Too appeared first on McAfee Blog.
Authored by Vonny Gamot
The official 40th birthday of the internet serves as a timely reminder that while it is a fantastic place, we must practice good digital hygiene to safeguard our privacy and identity so we can protect ourselves from the latest threats.
Since its widely recognized creation on January 1st 1983, the internet has since transformed economies and the everyday lives of people. From social media, memes, and viral videos to smart homes, online shopping and even cloud computing, the internet entertains, educates, and connects us. Above all, it will continue to play a crucial role in human civilization for many generations to come.
Yet with the good comes the not-so-good. Wherever people gather, cyberthieves gather too. The internet is no exception. As the evolution of the internet continues, cybercriminals are evolving in tandem, looking for new and inventive ways, such as using Artificial Intelligence to exploit its features. With over five billion people accessing and using the Internet in 2022, that’s over 60% of the world’s population potentially at risk.
So, while we celebrate the internet’s 40th birthday, it’s also a good reminder to take stock of the latest online threats and ensure our digital hygiene is up to scratch for the year ahead. When we do this, we can take full advantage of the incredible opportunities the internet affords us.
The new year is a great moment to reflect, reset, and consider your personal online safety and protection. Stay vigilant against the latest threats and scams and use dedicated and robust online protection software such as our newly released McAfee+ plans—which comes with important features like identity monitoring that can spot your personal info on the dark web and personal data cleanup that can help remove your personal info from data broker sites that will sell it to companies and crooks alike.
It’s also a time to keep a fresh eye out for scams and phishing attacks. If that email, text, or message you received looks too good to be true, or you feel that the sender is trying to pressure you into doing sharing info or sending money, it’s always best to double check that the source is legitimate. These are often indicators that a scam is afoot.
Beyond using online protection software and keeping your guard up, you can take several other steps that can make you immediately safer than you were before. Here are four strong suggestions that will get you started:
MFA is an excellent way to frustrate cybercriminals attempting to break into online accounts. MFA means that users need more than a username and password to log in, for example, a one-time code sent to private email, text, or through an authentication app utilizing face or fingerprint scans. This adds an extra layer of security as the cybercriminal has to access the device, email, or biometric reader to get into someone’s online account.
Strong, unique passwords for each of your online accounts are a must. It’s always important for people to understand that reusing passwords is just as risky as using “password123” and puts online accounts at risk. A tactic known as “credential stuffing” is where a cybercriminal attempts to input stolen usernames and password combinations in dozens of random websites to see which door it opens. It is also important to consider using password managers which can create and safeguard all passwords in one secure desktop extension or mobile phone app.
Updating software is vital to the security of a device. These updates include security patches that cyber experts have created to foil cybercriminals. The more outdated the software is, the more time criminals have had to work out ways to infiltrate and steal information within them. Moreover, updates often include new and improved features, which makes a strong case for keeping things current.
Phishing is when a scammer sends texts or emails that appear to be from trusted sources like your favourite online clothing store, employer or, as we’re seeing during the cost-of-living crisis, energy firms, or banks. They do this to encourage people to share personal information.
Once a phishing attempt has been recognised it is vital that they are not engaged with, links are left unopened, and the potential scam email is not forwarded along to another person. Before the message is deleted, it is vital that the sender is blocked and that the message is marked as junk and reported.
If you think that you have entered your credit card details onto a phishing website, contact your bank or credit card issuing company immediately. Report your personal information as stolen, and you may want to request that your existing card be canceled depending on the circumstances.
Online protection is part mindset, part prevention, and part action. While the steps above mark a start, they’re just that. There’s plenty more you can do, and when taken in batches, the steps you take can really add up to an exceptional level of protection. The question is, where to start?
Our McAfee Safety Series can get you moving in the right direction. It’s a set of guides that cover a range of important security topics and that show you several straightforward things you can do that will make you safer. They range from phishing and privacy to online shopping and safer online media. In all, they can help you spot scams, hacks, and attacks—and potentially prevent them in the first place.
I encourage you to grab the first one that looks interesting to you. What you learn can put you several steps ahead of the hackers, scammers, and thieves out there.
The post 40 Years of the Internet – Tips for Staying Safe Online in 2023 appeared first on McAfee Blog.
It’s been a particularly busy and colourful week, scam-wise in our household. Between 4 family members, we’ve received almost 20 texts or emails that we’ve identified as scams. And the range was vast: from poorly written emails offering ‘must have’ shopping deals to terse text messages reprimanding us for overdue tolls plus the classic ‘Dear mum, I’ve smashed my phone’ and everything in between.
There’s no doubt that scammers are dedicated opportunists who can pivot fast. They can pose as health authorities during a pandemic, charities after a flood or even your next big love on an online dating platform. And it’s this chameleon ability that means we need to always be on red alert!
According to the Australian Competition and Consumer Commission (ACCC), Aussies lost a record amount of more than $2 billion in scams in 2021. And that was with record levels of intervention from the government, law enforcement agencies and the private sector. The most lucrative scams were investment scams ($701 million) followed by payment redirection scams ($227 million) and then romance scams which netted a whopping $142 million.
But the psychological trauma that is often experienced by victims can be equally as devastating. Many individuals will require extensive counselling and support in order to move on from the emotional scarring from being a victim of hacking.
So, with scammers putting so much energy into trying to lure us into their web, how can we stay one step ahead of these online schemers and ensure we don’t become a victim?
While there are no guarantees in life, there are a few steps you can take so that you can quickly recognise an online scam.
If you’ve received a text message, email or call that you think is a scam, don’t respond. Take your time. Slow down and pause. If it’s a call, and you’re not sure – hang up! Or if it’s a text or email – delete it! But if you are concerned that it might be legitimate, call the company directly using the contact information from their official website or through their secure apps.
If you are being asked to share your personal information or pay money either via a text or phone call, take some time to think. Does it feel legitimate? Do you have a relationship with this organisation? Remember, scammers are very talented at pretending they are from organisations you know and trust. If in doubt, contact the company directly via their official communication channels. Or ask a trusted friend or family member for their input. But remember, NEVER click on any links in messages from people or organisations you don’t know – no exceptions!!
Do not hesitate to take action if something feels wrong. If there are any transactions on your credit card or bank statements that don’t look right, call your bank immediately. If you think you may have given personal information to scammers, then act fast. I recommend calling ID Care – Australia and New Zealand’s national identity and cyber support service. They are a not-for-profit charity that provides support to individuals affected by identity and cyber security issues.
ReportCyber is another way of notifying authorities of a scam. An initiative of the Australian Government and the Australian Cyber Security Centre, it helps authorities investigate and shut down scams. It’s also a good idea to report the scam to Scamwatch – the dedicated scam arm of the Australian Competition and Consumer Commission (ACCC).
We’ve all heard that ‘prevention is better than a cure’ so taking some time to protect yourself before a scammer comes your way is a no-brainer. Here are my top 5 things to do:
Please don’t think smart people don’t get caught up in scams because they do!! Scammers are very adept at looking legitimate and creating a sense of urgency. With many of us living busy lives and not taking the time to think critically, it’s inevitable that some of us will become victims. And remember if you’re offered a deal that just seems too good to be true, then it’s likely a scam! Hang up or press delete!!
The post How To Recognize An Online Scam appeared first on McAfee Blog.
The smarts behind a smart home come from you. At least when it comes to keeping it more private and secure.
Without question, smart home devices have truly stormed the marketplace. We’ve gone from a handful of relatively straightforward things like connected lights, outlets, and cameras to a wide range of fully connected household appliances like refrigerators, stoves, and laundry machines. You can even water your garden with smart devices, which check for soil moisture, weather reports, and for what you’re watering.
Further new technologies like the Matter protocol aim to make them all work more reliably and easily—with a new networking standard that allows different devices from different platforms to work together. Something they couldn’t do before and something that likely kept people from adding to their connected home because of compatibility issues. No more.
It’s exciting, as it should be. Yet the security and privacy measures for these devices hasn’t quite kept up with all this rapid development and expansion. Not across the board, anyway. Security isn’t always built into these devices. In some cases, it’s so poorly handled that it makes some devices prone to attack.
However, you can absolutely enjoy a smart home and all the comforts and conveniences that come along with it. Safely. Just a little extra effort from you makes it possible. And you don’t need to be any kind of whiz to pull it off.
For starters, the old security adage holds true for smart homes and devices: “If it’s connected, it must be protected.” Any connected device can provide a hacker with an inroad to your home network and the data and devices on it. So even that seemingly innocent smart wall outlet that you use to run your living room lamps could be a target.
In fact, we’ve seen instances where a little outlet created a big security issue, such as one report where an unsecure plug used poor factory passwords and didn’t use secure encryption to communicate with the household router. The result—hackers could obtain login credentials to a victim’s entire home network.
Another old security adage is that your home network is only as secure as your weakest device. In the above case, that was a poorly designed smart outlet—at least from a security standpoint.
Now consider a highly connected smart home with a dozen or so smart devices. Maybe some of those have great security built in and are backed by manufacturers that update them regularly for ongoing security. And maybe some of those other devices, not so much. Again, just one poorly secured device in that mix could jeopardize your connected things, along with the data you keep on them.
On the topic of data, we often talk about privacy policies and how they’re not all created equal. Depending on the app, device, and operating system—along with any settings you have control over too—may determine what information a company collects, keeps, and shares about you and your usage. Moreover, it may determine what they or other third parties might do with that data as well.
Put simply, not every company treats your personal data the same way. Some may sell it to data brokers for profit or share it with third parties like insurance companies, government agencies, law enforcement, and others according to findings published by some industry groups.
Still others may not sell that data, yet they will share it with third parties for analysis or use it to fuel their own advertising campaigns or advertising platforms they own. And of course, there are others who collect and analyze the bare minimum and keep that data to themselves.
Consider once more that smart home filled with a dozen or so smart devices. That likely means several different data privacy policies are in play as well, each handing the data created by that home in different ways. And in ways that you may or may not be fully aware of, given that privacy policies are often notoriously long reads, sometimes filled with legalese.
Without question, privacy is another consideration for your smart home.
You can do plenty of things that can make your smart devices more private and more secure than they were when they came out of the box. And as mentioned above, the steps are all rather straightforward. Our Smart Home Security Guide lays it out for you.
It’s part of the McAfee Security Guide Series, and in it you’ll get a closer look at how you can protect a smart wall outlet, along with that smart coffeemaker, door lock, refrigerator and more. It covers the basics of protection, how to shop for more private and secure smart devices, plus a section that talks specifically about smart speakers and protecting your privacy while using them.
In all, our Smart Home Security Guide is here to help. The truth is that security isn’t always included with smart home devices. Not right out of the box anyway. Just like with your computers, smartphones, and other devices, the best security relies on you. With a handful of steps, you can enjoy your smart home with confidence.
The post The Smart Home Security Guide appeared first on McAfee Blog.
Your phone is likely a daily companion, giving you access to work emails, chats with friends, weather reports, and more — all in the palm of your hand. You can also use your phone for browsing online, looking up everything from your favorite recipes to your most-read media webpages.
While being able to browse whenever and wherever you want is convenient, you might prefer that your phone doesn’t save all your online searches. For example, if you frequently let other people use your phone, you may not want them to have access to a history of your Google searches. In this case, you can use private browsing or “incognito mode.”
This allows you to browse online without leaving any trace of your browsing activity on your mobile phone. Configuring your phone to use incognito mode can give you greater confidence while surfing online, as you’ll enjoy the peace of mind that comes with knowing your browser history isn’t recorded on your device.
This article explains what incognito mode is and how you can set it up on your mobile phone.
Incognito mode allows you to browse online without leaving certain data on the device you’re using. Also referred to as private browsing mode, it makes sure there’s no record of your search engine history, websites you visited, and even login details (and related passcodes) on that device.
As soon as you close the incognito web browser window, any cookies are erased and all these details disappear instead of being saved.
That said, if you leave an incognito browser window open on your phone — and then hand your phone to someone else — they’ll be able to see the activity. So, if you want to make the most of incognito mode, make sure to close the browser window after every surfing session.
Further, if you actively bookmark a page, it will be saved — even if you’re in incognito mode. Read on for some more caveats surrounding incognito mode and the extent of privacy it gives you.
It’s important to note that incognito mode or private browsing mode is a device-specific privacy measure. It makes sure that your search and web browsing history isn’t visible on the device itself.
However, your traffic and activity are both still visible to third parties beyond your device, such as your network admin, internet service provider (ISP), and the websites and search engines that you visit.
Viewing in private or incognito mode also won’t disguise your unique IP address from these parties. Incognito mode further doesn’t secure your device against cyberthreats like hackers.
That said, there are plenty of other tools you can use to safeguard your device against cybercriminals. For example, McAfee+ helps to secure your Wi-Fi connection, shield you from malicious websites or links, and detect malware.
You may already be familiar with incognito mode through your computer. For example, many people set up incognito mode through browsers like Mozilla Firefox, Google Chrome, Safari, Microsoft Edge, or Internet Explorer.
However, incognito mode isn’t just for computers — you can also use it on your phone’s web browsing apps.
The steps to setting up incognito mode are fairly straightforward. That said, it depends largely on which type of device you have.
Setting up private browsing or incognito mode for an Android isn’t the same as setting it up for iOS. Read on to learn how to go incognito whether you’ve got an Apple iPhone or an Android phone like Samsung.
The process for setting up incognito mode also varies based on the browser you’re using. Here’s how to set it up in the Google Chrome browser for your Android (note that the Google Chrome app is the default browser for most Android phones):
Remember, for Google Chrome’s incognito mode to do the trick, you need to close your browsing session after each use. If you leave the tab open and someone else uses your phone, they can see your activity.
For iPhones, the default browser is Safari. Here’s how to set up private browsing in Safari for your iPhone:
Again, remember to close your browser’s private tabs when you’re done surfing. This makes sure that cookies are deleted and the private session is safely hidden from your device’s history.
The above steps can help you set up incognito mode on your Apple or Android phone’s browser. However, you probably use your phone for much more than browsing.
You might have apps for watching videos, getting driving directions, listening to music, and more. And the tips above will only protect your privacy when using the phone’s browser — not apps.
That said, some apps offer their very own in-app incognito mode. Examples include YouTube, Google Maps, Spotify, and Instagram. Other apps simply offer the option of private sessions, requiring you to log in with a dedicated username and password if you’re going to use the app. These include Whatsapp, Dropbox, Amazon, PayPal, and Evernote.
Some of these apps can even be configured so they’re only unlockable with touch ID or face ID.
Browsing in incognito or private mode on your phone allows you to surf online without leaving any trace of your search history on that specific device. However, it doesn’t block third parties like your internet service provider or network administrator from seeing what websites you’ve visited. Only your phone is affected.
Incognito mode also doesn’t protect you against potential cyberthreats, like malware. To stay safe and browse with confidence, consider McAfee Mobile Security. It includes Wi-Fi privacy protection, browsing safeguards, shields against unauthorized third-party activities, and more — and it works for Android and iOS devices. Find out more.
The post How to Browse Privately on Your Phone appeared first on McAfee Blog.
Happy National App Day! No, we don’t mean apps of the mozzarella stick and potato skin variety, but your mobile apps that let you order dinner, hail a taxi, stay connected to your friends, and entertain you for hours with silly videos. While they’re undoubtedly useful, mobile apps are also a weak spot in some people’s digital safety. Cybercriminals take every chance they get to trick people through all kinds of technology, and mobile apps are no exception.
To celebrate National App Day, here are a few tips to keep your mobile and your personally identifiable information (PII) safe.
Did you know that there are hundreds of apps on the Android and Apple app stores whose only aim is to steal your passwords? In 2022, Meta identified more than 400 fake apps disguised as various utilities that targeted users to weasel Facebook login and password combinations.1 Malicious apps also regularly masquerade as photo editors and wallpapers but their real purpose is to run malware in the background of the mobile device, such as this Squid Game app from 2021.
Little-known apps aren’t the only ones you have to be wary of either. The biggest companies are also falling to cybercrime. For instance, more details recently came to light about a breach at Uber that leaked the PII of 57 million users. Plus, the popular mobile payment service, Cash App had the personal details of 8.3 million current and former users leaked.2
To keep your cellphone free of malicious software and your PII and password secure, take these five mobile security tips with you into the new year.
The new year is as good a time as any to unload any unnecessary baggage, emotional, literal, or in this case, digital. Go through your phone and delete the apps you haven’t used in the last six months. Make sure to completely delete your account with that app and not just hide it from your homepage. The smaller your digital footprint, the less at risk your PII is of being compromised in a breach.
Before you download any new app, it’s a good idea to conduct some background research on it. How many detailed reviews does it have? Who is the app developer? A phony app usually reveals itself through its lack of reviews. Consider apps with less than 50 reviews fishy. Skim the reviews for specific details and typos. If it’s lacking in detail but brimming with typos and grammatical mistakes, it could signal a fake. This research should take about five minutes, so don’t worry; it shouldn’t be too much of an inconvenience, and that time will be well spent.
Just like it’s a good idea to keep on top of global news, set up news alerts for cybersecurity breaches. If a company falls to a cybercriminal, the alert will give you the valuable time you need to act quickly to either delete your account or change your password.
For every online account, it is essential to create a unique password or passphrase. That way, if you do get hacked through an app or get tricked by a fake one, you don’t have to worry about cybercriminals using that password to walk into your other accounts. Password managers are an excellent way to keep all your passwords secure and free up your brain space for things other than dozens of passwords.
When you sign up for a new app, you can expect to give it a username, a password, and maybe your first name; however, if it has optional fields for your full birthday or your address, consider leaving those blank. The less information the company has about you, the less that can end up in cybercriminals’ hands if the app is breached.
The first step to better cyber habits is arming yourself with the knowledge of the threats that are out there. The best advice here is to slow down, observe and think about your next move every time you download a new app. The signs of a fake are usually not difficult to spot. Then, once you’re confident in its legitimacy, limit the amount of PII you share with it. In this digital world we live in, consider everyone susceptible to a breach.
To give you peace of mind, supplement your great habits with a tool, like McAfee+ Ultimate, that will cover all your bases and be your partner to live your best private life online.
1Tech.co, “Data Breaches That Have Happened in 2022 So Far.”
2Termly, “98 Biggest Data Breaches, Hacks, and Exposures.”
The post 2022’s Top 5 App Security Tips appeared first on McAfee Blog.
As 2022 draws to a close, the Threat Research Team at McAfee Labs takes a look forward—offering their predictions for 2023 and how its threat landscape may take shape.
This year saw the continued evolution of scams, which is unlikely to slow down, as well as greater adoption of Chrome as an operating system. It also saw the introduction of AI tools that are easy and accessible to virtually anyone with a phone or laptop, which will continue to have significant implications, as will the fluctuating popularity of cryptocurrency and the emergence of “Web3.”
Advances such as these have set the stage for 2023, which will continue to reshape our interactions with technology—advances that bad actors will try to exploit, and in turn, us.
Yet as the threat landscape continues to evolve, so do the ways we can protect ourselves. With that, we share McAfee’s threat predictions for 2023, along with insights and advice that can help us enjoy the advances to come with confidence.
By Steve Grobman, Chief Technology Officer
Humans have been fascinated by artificial intelligence (AI) for almost as long as we’ve been using computers. And in some cases, even fearful of it. Depictions in pop culture range from HAL, the sentient computer from 2001: A Space Odyssey to Skynet, the self-aware neural network at the center of the Terminator franchise. The reality of current AI technologies is both more complicated and less autonomous than either of these. While AI is rapidly evolving, humans remain at the heart of it, and whether it’s put to beneficial or nefarious use.
Within the last few months, creating AI-generated images, videos, and even voices are no longer strictly left to professionals. Now anyone with a phone or computer can take advantage of the technology using publicly available applications like Open AI’s Dall-E or stability.ai’s Stable Diffusion. Google has even made creating AI-generated videos easier than ever.
What does this mean for the future? It means the next generation of content creation is becoming available to the masses and will only continue to evolve. People both at work and at home will have the ability to create the AI-generated content in minutes. Just as desktop publishing, photo editing, and inexpensive photorealistic home printers created major advances that empowered individuals to create content that previously required a professional designer, these technologies will enable sophisticated outputs with minimal expertise or effort.
Advances in desktop publishing and consumer printing also provided benefits to criminals, enabling better counterfeiting and more realistic manipulation of images. Similarly, these emerging next-generation content tools will also be used by a range of bad actors. From cybercriminals to those seeking to falsely influence public opinion, these tools will empower scammers and propagandists to take their tradecraft to the next level with more realistic results and significantly improved efficiency.
This is especially likely to ramp up in 2023 as the U.S. begins the 2024 presidential election cycle in earnest. Globally, the political environment is polarized. The confluence of the emergence of accessible next-generation generative AI tools and what is sure to be a highly contested 2024 election season is a perfect storm for creating and distributing disinformation for political and monetary gain.
We’ll all need to be more mindful of the content we consume and the sources that it originates from. Fact-checking images, videos, and news content, something that’s already on the rise, will continue to be a necessary and valuable part of media consumption.
By Oliver Devane, Security Researcher
Cryptocurrency scams
In 2022 we saw several online scams making use of existing content to make crypto scams more believable. One such example was the double your money cryptocurrency scam that used an old Elon Musk video as a lure. We expect such scams to evolve in 2023 and make use of deep fake videos, as well as audio, to trick victims into parting ways with their hard-earned money.
The financial outlook of 2023 remains uncertain for many people. During these times, people often look for ways to make some extra money and this can lead them vulnerable to social media messages and online ads that offer huge financial gains for little investment.
According to the IC3 2021 report, the losses for financial scams increased from $336,469,000 in 2020 to $1,455,943,193 in 2021, this shows that this type of scam is growing by an enormous amount, and we expect this to continue.
Unfortunately, scammers will often target the most vulnerable people. Fake loan scams are one such scam where the scammers know that the victims are desperate for the loan and therefore are less likely to react to warning signs such as asking for an upfront fee. McAfee predicts that there will be a large increase in these types of scams in 2023. When looking for a loan, always use a trusted provider and be careful of clicking on online ads.
Metaverses such as Facebook’s Horizon enable their users to explore an online world that was previously unimaginable. When these platforms are in the early stages, malicious actors will usually attempt to exploit the lack of understanding of how they work and use this to scam people. We have observed phishing campaigns targeting users of these platforms in 2022 and we expect this to increase dramatically in 2023 as more and more users sign up for the platforms.
By Craig Schmugar, McAfee Senior Principal Engineer
More than 25 years ago, Windows 95 became the platform of choice not just for millions of users around the globe, but for malware authors targeting those users. Over the years, Windows has evolved, as has the threat landscape. Today, Windows 10 and 11 make up the majority of the desktop PC market, but thanks to the rise of the mobile Internet, device diversity has greatly evolved since the advent of Windows 95.
Over five years ago, Android overtook Windows as the world’s most popular OS and with this shift bad actors have been pursing alternative methods of attack. The ultimate vectors are those which impact users across a spectrum of devices. Email and web-based scams (some of which are outlined in the blog above) are as prolific as ever as these technologies are ubiquitous across desktop and mobile devices.
Meanwhile, other technologies span across desktop and mobile experiences as well. For Google, such cross-platform capabilities are highlighted by increased adoption of ChromeOS and a few underlying technologies. This includes 270 million active Android users and a 270% increase in Progressive Web Application (PWA) installations [https://chromeos.dev]. ChromeOS’ ability to run Android applications, combined with its wide-spread adoption, provides the climate for increased attention by those with ill intentions.
Similarly, adoption of PWAs provide bad actors with additional incentive to deliver deceptive and imposter attacks through this multi-OS channel, including ChromeOS, iOS, MacOS, and Windows.
Finally, on the heels of COVID restrictions that impacted schools in various countries, Google reported 50 million students and educators worldwide [https://chromeos.dev] using ChromeOS. Many users will be unaware of malicious Chrome extensions lurking in the Chrome Web Store.
All of this means that the stage is set for a marked increase in threats impacting Chromebook in the year to come. In 2023, we can expect to see Chromebook users among millions of unsuspecting victims that download and run malicious content, whether from malicious Android Apps, Progressive Web Apps, or Chrome Web Store extensions, users should be leery of popups and push notifications urging them to install untrusted apps.
By Fernando Ruiz, Senior Security Researcher
Editor’s Note: Web3? FOMO? If you’re already lost, you’re not alone. Web3 is a term some use to encompass decentralized internet services, technologies like Bitcoin and Non-Fungible Tokens (digital art that collectors can purchase with cryptocurrency). Still confused? A lot of people are. This New York Times article is a good primer on what is currently considered Web3.
As for FOMO, that’s just an acronym meaning the “Fear of Missing Out.” That nagging feeling, most often felt by extroverts, that others are out there having more fun than them and that they’re missing the party.
Whether you invest in cryptocurrency or just see the headlines on Twitter, no doubt you’ve seen that the price of cryptocurrency has sharply declined during 2022. These fluctuations are becoming more normal as crypto becomes even more mainstream. It’s very likely that the value of crypto will rise again.
When the last upturn in valuation happened near the start of the pandemic, the hype about crypto also skyrocketed. Suddenly Bitcoin and other cryptocurrencies were everywhere. Out of that, rose the concept of Web3, with more companies investing in new applications over blockchain (the technology that is the backbone of cryptocurrency).
McAfee predicts that the popularity of cryptocurrency will rise again, and consumers will hear much more about Web3 concepts like decentralized finance (DeFi), decentralized autonomous organizations (DAOs), self-sovereign identity (SSI) and more.
Some amateur investors, remembering the rapid rise of the value of Bitcoin earlier this decade, won’t want to miss out on what they think will be a great opportunity to get rich quick. It’s this group that bad actors will seek to exploit, offering up links or applications that play on these users’ crypto/Web3 FOMO.
As crypto bounces back and initial awareness of decentralization grows in the general population, consumers will begin to explore these Web3 offerings without fully understanding what they mean or what dangers they should be aware of, leaving them open to scams as they invest time and money into crypto or creating their own NFT content. These scams could entice users to click on a link or download an app that appears to legitimately interact with some blockchains, but in actuality:
Additionally, when consumers DO hold crypto, NFT, digital land, or other blockchain financial assets they are going to be targeted for more sophisticated threats that can drain their funds: smart contracts, exchanges, digital wallets, and synchronization services can all be associated with hidden authorizations that allow a third party (potentially a bad actor) to take control of the assets. It’s important that users read the terms and conditions of any app they download, especially those that will be accessing ANY type of financial institution or currency, whether traditional or crypto.
Social engineering will also continue to be a top entry point for cybercriminals. The complexity of the attacks will evolve as the technology does, which will require more preparation and understanding of how Web3 applications and tools work in order to safely interact with them.
What has emerged from the world of Web3 thus far, while exciting, has also expanded attack surfaces and vectors, which we expect to see grow throughout 2023 as Web3 evolves.
The post McAfee 2023 Threat Predictions: Evolution and Exploitation appeared first on McAfee Blog.
Without doubt, the biggest criticism we all have of social media is that everyone always looks fabulous! And while we all know that everyone is only sharing the best version of themselves, let’s be honest – it can be a little wearing. Well, there’s a new social media platform that is determined to uproot our online curated lives by having users post very real pictures of themselves – with no time to stage or add filters!
Developed in France in 2020, BeReal is where Aussie teenagers are currently spending their time and energy online. And to be honest, I can totally see why. It’s all about sharing random, authentic pics without having to spend time and energy making them look beautiful. In fact, my 19-year-old tells me that the uglier and weirder the photo, the better! How refreshing!!!
Once you’ve signed up, the app will send all users a notification at a random time throughout the day that it’s ‘time to BeReal’. As soon as the user opens the app to share a pic, they have just 2 minutes to take a picture of whatever they’re doing at that particular moment whether they’re on the bus, at the gym or chilling at home in trackies. The app will take 2 pictures using the front and back cameras so that your followers can see what you look like and where you are.
Now, if you don’t manage to post in 2 minutes, you’re officially late and your friends will know. In fact, there’s a small amount of shame for being tardy – as if on some level you’re not committed to being authentic. But don’t let this worry you too much – we can’t wait around all day awaiting the notification to post!
When you have uploaded your daily snap, your friends can comment, respond to your pic with ‘RealMojis’ and even see where you are in the world with the map feature. Users can also choose to upload their pics to the public feed where other users can leave “RealMoji’ reactions but no comments. But in order to access either the public feed or your friends’ photos, users will need to take their own picture too.
Now for my favourite parts of this app – this app has NO filters, NO option to ‘like’ anything, NO follower counts and NO private messaging!! How liberating!!
Like all social media platforms, there are a few risks however with a bit of strategy and a few smarts, users should be able to have a safe and positive experience. And when compared to platforms where follower counts and likes are public, influencers dominate and comments are allowed, BeReal is definitely a great choice.
Here are my top tips to keep the experience safe and positive:
1. Disable Your Location To Avoid Being ‘Discoverable’
Before you share your pics, ensure you disable your location to avoid the app sharing your exact location on the map. You don’t want an ill-intentioned follower knowing your exact whereabouts!
2. Think (Quickly) Before You Post
The very brief 2-minute posting window may result in rushed decisions about what to post and potentially oversharing of personal information. So, ensure you (and your kids) know not to share anything that can identify their location, any identifiable numbers such as passports or licences or, their computer screens that may display confidential information.
3. Don’t Feel Pressures to Post If You Can’t
Accept that there will be times when you just can’t post within the 2-minute time frame. You may be driving, sleeping or doing something far more important. You can absolutely still post late.
4. Know How To Report Bad Behaviour
If you see a post that is inappropriate, then report it immediately. It’s an investment in keeping the BeReal community as safe as possible. Simply tap the three dots at the top right of the post. A report button should appear. You will then have the option to flag the post as undesirable or inappropriate.
5. Be Aware of the Comparison Trap!
Like all social media platforms, users may compare their posts with others. They may think their lives are boring and predictable, particularly if their friends are doing more exciting things. If a young person is prone to anxiety or low mood, this may not be helpful. As a parent, reminding your kids that perception is not reality, and that one photo does not define a person may be required. But if it all gets too much, a digital detox might be just the thing!
So, if your kids have embraced BeReal then your homework is pretty easy – join up too! It’s impossible to understand your kids’ online world if you don’t take some time to step inside it. And for what it’s worth – I think you’ll really like this one. The fact that there is no public like count, follower tally, filters or private messaging makes the Mama Bear in me very happy!!
The post BeReal – The Newest Kid On The Social Media Block appeared first on McAfee Blog.
This time of year, the air not only gets chillier but a bit cheerier for everyone … including online scammers. Holiday scams are a quick way to make a buck, and cybercriminals employ several holiday-themed schemes to weasel money and personally identifiable information (PII) from gift givers.
Here are three common holiday scams to watch out for this year, plus a few tips to help you stay safe online.
Gift cards are a standby present for the people on your list who are difficult to buy for or for people you don’t know too well but want to get them a small something. Whether the gift card is worth $5 or $500, an online scammer can steal the entire value through two techniques: a brute force attack or phishing. Known as gift card cracking, cybercriminals can take wild guesses at gift card codes and cash in the value for themselves by methodically guessing strings of numbers and letters and crossing their fingers for a match. Cybercriminals will also employ phishing emails, texts or social media direct messages to trick people into divulging gift card information.
To avoid gift card cracking, encourage gift receivers to redeem their gift card quickly to shorten the amount of time a scammer has to guess the code correctly. Or, you could opt for a paper gift certificate from a small business that doesn’t require online redeeming at all. To avoid gift card phishing scams, do not engage with any type of correspondence that claims they can double the value of your gift card or claims that there’s a problem with it. Be instantly on alert if anyone asks for the activation code. If the gift card-issuing business really needs to replace your purchase, they’ll issue you a new code. They’ll never ask for your existing one.
Are you a procrastinator? Watch out for last-minute shopping scams that are targeted at people who leave their gift buying until deep in December. As with anything else, if it’s too good to be true, it probably is. Shopping scams often take the form of phishing emails where criminals impersonate a well-known merchant or shipping company.
While sales often have a quick timeline, don’t let that short timeline pressure you into making an impulsive decision. Phishers rely on people’s excitement or inattention to trick them into giving up their credit card or banking information. Phishing emails, when you take the time to inspect them, are usually easy to spot. The logos are often blurry, there are often typos and grammar mistakes, and the tone of the message will seem “off.” Either it will sound very formal and impersonalized or it will sound very informal and seem pushy.
To protect your finances during the holiday season, consider putting a lock on your credit. This is easy to do with McAfee credit lock. You can still use your credit card and shop as you normally would. A credit lock is useful because, in case a criminal gets ahold of your PII, they won’t be able to open lines of credit in your name. This protects your credit score, which is essential to keep in good standing if you hope to buy a house or take out a loan anytime soon.
Just because a “company” has an ad on Facebook or Instagram doesn’t mean that it’s a legitimate establishment. Before buying from an online store you’ve never heard of, do some background research on it and read customer reviews to make sure that it’s real and will deliver you a quality product.
Take note of the online store’s URL before entering it. (You can preview the link by hovering over it with your cursor.) If the URL is a string of letters and numbers, it could be a malware site in disguise. One way to alert you to suspicious sites is McAfee Web Protection. Web Protection color codes links to identify potential malware and phishing sites and alert you to steer clear.
Your mind is already drawn in a bunch of different directions this holiday season (cooking, traveling, shopping, wrapping, tidying) so give yourself a respite from worrying about the safety of your identity and finances. McAfee+ Ultimate includes a VPN, Web Protection, credit lock, antivirus and more to cover all your bases to keep your devices and your PII safe.
The post ‘Tis the Season for Holiday Scams appeared first on McAfee Blog.
Authored by Dennis Pang
What is antivirus? That’s a good question. What does it really protect? That’s an even better question.
Over the years, I’ve come to recognize that different people define antivirus differently. Some see it as way to keep hackers from crashing their computers. Others see it as a comprehensive set of protections. Neither definition is entirely on the money.
With this blog, I hope to give everyone a clear definition of what antivirus does well, along with what it doesn’t do at all. The fact is that antivirus is just one form of online protection. There are other forms of protection as well, and understanding antivirus’ role in your overall mix of online protection is an important part of staying safer online.
Antivirus software protects your devices against malware and viruses through a combination of prevention, detection, and removal.
For years, people have installed antivirus software on their computers. Today, it can also protect your smartphones and tablets as well. In fact, we recommend installing it on those devices as well because they’re connected, just like a computer—and any device that connects to the internet is a potential target for malware and viruses.
In short, if it’s connected, it must get protected.
One important distinction about antivirus is its name, a name that first came into use decades ago when viruses first appeared on the scene. (More on that in a bit.) However, antivirus protects you from more than viruses. It protects against malware too.
Malware is an umbrella term that covers all types of malicious software regardless of its design, intent, or how its delivered. Viruses are a subset of malicious software that infects devices and then replicates itself so that it can infect yet more devices.
So while we popularly refer to protection software as antivirus, it protects against far more than just viruses. It protects against malware overall.
Now here’s where some confusion may come in. Some antivirus apps are standalone. They offer malware protection and that’s it. Other antivirus apps are part of comprehensive online protection software, which can include several additional far-reaching features that can protect your privacy and your identity.
The reason why antivirus gets paired up with other apps for your privacy and identity is because antivirus alone doesn’t offer these kinds of protections. Yet when paired with things like a password manager, credit monitoring, identity theft coverage, and a VPN, to name a few, you can protect your devices—along with your privacy and identity. All the things you need to stay safer online.
In short, antivirus doesn’t cut it alone.
With that, let’s take a closer look at what malware and viruses really are—how they evolved, and what they look like today, along with how antivirus protects you against them.
Viruses have a long history. And depending on how you define what a virus is, the first one arguably took root in 1971—more than 50 years ago.
It was known as Creeper, and rather than being malicious in nature, it was designed to show how a self-replicating program could identify other connected devices on a network, transfer itself to them, and find yet more devices to repeat the process. Later, the same programmer who created a follow-on version of Creeper developed Reaper, a program that could remove the Creeper program. In a way, Reaper could be considered the first piece of antivirus software.
From there, it wasn’t until the 1980’s that malware started affecting the broader population, a time when computers became more commonplace in businesses and people’s homes.
At first, malware typically spread by infected floppy disks, much like the “Brain” virus in 1986. While recognized today as the first large-scale computer virus, its authors say they never intended it to work that way. Rather they say they created Brain as an anti-piracy measure to protect their proprietary software from theft. However, Brain got loose. It went beyond their software and affected computers worldwide. Although not malicious or destructive in nature, Brain most certainly put the industry, businesses, and consumers on notice.
Computer viruses became a thing.
Another piece of malware that got passed along via floppy disks was the “PC Cyborg” attack that targeted the medical research community in and around 1989. There the malware would lie in wait until the user rebooted their computer for the 90th time. And on that 90th boot, the user was presented with a digital ransom note like the one here:
Along with that note, PC Cyborg encrypted the computer’s files, which would only get unencrypted if the victim paid a fee—making PC Cyborg the first widely recognized form of ransomware.
Shortly thereafter, the internet started connecting computers, which opened millions of doors for hackers as people went online. Among the most noteworthy was 1999’s “Melissa” virus, which spread by way of infected email attachments and overloaded hundreds of corporate and governmental email servers worldwide.
It was quickly followed in 2000 by what’s considered the among the most damaging malware to date—ILOVEYOU, which also spread by way of an attachment, this one posing as a love letter. Specifically, it was a self-replicating worm that installed itself on the victim’s computer where it destroyed some information and stole other information, then spread to other computers. One estimate puts the global cost of ILOVEYOU at $10 billion and further speculated that it infected 10% of the world’s internet-connected computers at the time.
With the advent of the internet, malware quickly established itself as a sad fact of connected life. Today, McAfee registers an average of 1.1 million new malicious programs and potentially unwanted apps (PUA) each day, which contributes to the millions and millions of malicious programs already in existence.
Apart from the sheer volume of malware out there today, another thing that distinguishes today’s malware from early malware attacks—they’re created largely for profit.
We can think of it this way:
Today’s malware is far more than an annoyance or headache. It can lead to follow-on attacks that target your finances, your identity, your privacy, or a mix of all three.
So with a million or so new threats coming online each day, and millions more out there already, how does antivirus protect you from malware? It blocks, detects, and removes malware. And it does so in a couple of ways:
However, as mentioned earlier, antivirus provides only one aspect of online protection today. While it protects your devices and the data that’s on them, your privacy and identity can come under attack as well. So while antivirus alone can protect you from malware, it can’t prevent other forms of online crime like identity theft, phishing attacks designed to steal personal information, or attacks on your accounts, to name a few of the many other types of threats out there.
Yet comprehensive online protection can.
Comprehensive online protection software like ours offers antivirus, along with specific services and features that protect your privacy and identity online as well. It gives you dozens of other features like identity theft coverage & restoration, personal data cleanup, security freezes, and an online protection score that shows you just how safe you are, along with suggestions that can make you safer still.
So while protecting your devices with antivirus is a great start, it’s only one part of staying safer online. Including privacy and identity protection rounds out your protection overall.
The post What is Antivirus and What Does It Really Protect? appeared first on McAfee Blog.
Have you ever been browsing online and clicked a link or search result that took you to a site that triggers a “your connection is not private” or “your connection is not secure” error code? If you’re not too interested in that particular result, you may simply move on to another result option. But if you’re tempted to visit the site anyway, you should be sure you understand what the warning means, what the risks are, and how to bypass the error if you need to.
A “your connection is not private” error means that your browser cannot determine with certainty that a website has safe encryption protocols in place to protect your device and data. You can bump into this error on any device connected to the internet — computer, smartphone, or tablet.
So, what exactly is going on when you see the “this connection is not private” error?
For starters, it’s important to know that seeing the error is just a warning, and it does not mean any of your private information is compromised. A “your connection is not private” error means the website you were trying to visit does not have an up-to-date SSL (secure sockets layer) security certificate.
Website owners must maintain the licensing regularly to ensure the site encryption capabilities are up to date. If the website’s SSL certificate is outdated, it means the site owners have not kept their encryption licensing current, but it doesn’t necessarily mean they are up to no good. Even major websites like LinkedIn have had momentary lapses that would throw the error. LinkedIn mistakenly let their subdomain SSL certificates lapse.
In late 2021, a significant provider of SSL certificates, Let’s Encrypt, went out of business. When their root domain officially lapsed, it created issues for many domain names and SSL certificates owned by legitimate companies. The privacy error created problems for unwitting businesses, as many of their website visitors were rightfully concerned about site security.
While it does not always mean a website is unsafe to browse, it should not be ignored. A secure internet connection is critical to protecting yourself online. Many nefarious websites are dangerous to visit, and this SSL certificate error will protect you from walking into them unaware.
SSL certification standards have helped make the web a safer place to transact. It helps ensure online activities like paying bills online, ordering products, connecting to online banking, or keeping your private email accounts safe and secure. Online security continues to improve with a new Transport Layer Security (TLS) standard, which promises to be the successor protocol to SSL.
So be careful whenever visiting sites that trigger the “connection is not private” error, as those sites can potentially make your personal data less secure and make your devices vulnerable to viruses and malware.
Note: The “your connection is not private” error is Google Chrome‘s phrasing. Microsoft Edge or Mozilla Firefox users will instead see a “your connection is not secure” error as the warning message.
If you feel confident that a website or page is safe, despite the warning from your web browser, there are a few things you can do to troubleshoot the error.
Remember, you are taking your chances anytime you ignore an error. As we mentioned, you could leave yourself vulnerable to hackers after your passwords, personal information, and other risks.
Your data and private information are valuable to hackers, so they will continue to find new ways to try and procure it. Here are some ways to protect yourself and your data when browsing online.
As we continue to do more critical business online, we must also do our best to address the risks of the internet’s many conveniences.
A comprehensive cybersecurity tool like McAfee+ Ultimate can help protect you from online scams, identity theft, and phishing attempts, and ensure you always have a secure connection. McAfee helps keep your sensitive information out of the hands of hackers and can help you keep your digital data footprints lighter with personal data cleanup.
With McAfee’s experts on your side, you can enjoy everything the web offers with the confidence of total protection.
The post “This Connection Is Not Private” – What it Means and How to Protect Your Privacy appeared first on McAfee Blog.
It’s important to know that not all websites are safe to visit. In fact, some sites may contain malicious software (malware) that can harm your computer or steal your personal contact information or credit card numbers.
Phishing is another common type of web-based attack where scammers try to trick you into giving them your personal information, and you can be susceptible to this if you visit a suspicious site.
Identity theft is a serious problem, so it’s important to protect yourself when browsing the web. Online security threats can be a big issue for internet users, especially when visiting new websites or following site links.
So how can you tell if you’re visiting a safe website or an unsafe website? You can use a few different methods. This page discusses key things to look for in a website so you can stay safe online.
When you’re visiting a website, a few key indicators can help determine whether the site is safe. This section explores how to check the URL for two specific signs of a secure website.
“Https” in a website URL indicates that the website is safe to visit. The “s” stands for “secure,” and it means that the website uses SSL (Secure Sockets Layer) encryption to protect your information. A verified SSL certificate tells your browser that the website is secure. This is especially important when shopping online or entering personal information into a website.
When you see “https” in a URL, the site is using a protocol that encrypts information before it’s sent from your computer to the website’s server. This helps prevent anyone from intercepting and reading your sensitive information as it’s transmitted.
The padlock icon near your browser’s URL field is another indicator that a webpage is safe to visit. This icon usually appears in the address bar and means the site uses SSL encryption. Security tools and icon and warning appearances depend on the web browser.
Let’s explore the cybersecurity tools on the three major web browsers:
Overall, the ”https” and the locked padlock icon are good signs that your personal data will be safe when you enter it on a website. But you can ensure a website’s security is up to par in other ways. This section will explore five in-depth methods for checking website safety.
McAfee WebAdvisor is a free toolbar that helps keep you safe online. It works with your existing antivirus software to provide an extra layer of protection against online threats. WebAdvisor also blocks unsafe websites and lets you know if a site is known for phishing or other malicious activity. In addition, it can help you avoid online scams and prevent you from accidentally downloading malware. Overall, McAfee WebAdvisor is a useful tool that can help you stay safe while browsing the web.
When you’re browsing the web, it’s important to be able to trust the websites you’re visiting. One way to determine if a website is trustworthy is to look for trust seals. Trust seals are logos or badges that indicate a website is safe and secure. They usually appear on the homepage or checkout page of a website.
There are many types of trust seals, but some of the most common include the Better Business Bureau (BBB) seal, VeriSign secure seal, and the McAfee secure seal. These seals indicate that a third-party organization has verified the website as safe and secure.
While trust seals can help determine whether a website is trustworthy, it’s important to remember that they are not foolproof. Website owners can create a fake trust seal, so it’s always important to do your own research to ensure a website is safe before entering personal information.
Another way to determine if a website is safe to visit is to check for a privacy policy. A privacy policy is a document that outlines how a website collects and uses personal information. It should also state how the site protects your data from being accessed or shared by scammers, hackers, or other unauthorized individuals.
If a website doesn’t have a privacy policy, that’s a red flag that you shouldn’t enter any personal information on the site. Even if a website does have a privacy policy, it’s important to read it carefully so you understand how the site uses your personal data.
It’s important to do some preliminary research before visiting a new website, especially if you’re shopping online or entering personal data like your address, credit card, or phone number. One way to determine if a website is safe and trustworthy is to check third-party reviews. Several websites provide reviews of other websites, so you should be able to find several reviews for any given site.
Trustpilot is one example of a website that provides reviews of other websites.
Look for common themes when reading reviews. If most of the reviews mention that a website is safe and easy to use, it’s likely that the site is indeed safe to visit. However, if a lot of negative reviews mention problems with viruses or malware, you might want to avoid the site.
You can also analyze the website design when deciding whether a website is safe to visit. Look for spelling errors, grammatical mistakes, and anything that appears off. If a website looks like it was made in a hurry or doesn’t seem to be well-designed, that’s usually a red flag that the site might not be safe.
Be especially careful of websites that have a lot of pop-ups. These sites are often spammy or contain malware. Don’t download anything from a website unless you’re absolutely sure it’s safe. These malicious websites rarely show up on the top of search engine results, so consider using a search engine to find what you’re looking for rather than a link that redirects you to an unknown website.
If you’re unsure whether a website is safe to visit, download McAfee WebAdvisor for free. McAfee WebAdvisor is a program that helps protect you from online threats, such as malware and viruses. It also blocks pop-ups and other intrusive ads so you can browse the web without worry. Plus, it’s completely free to download and use.
Download McAfee WebAdvisor now and stay safe while browsing the web.
The post How to Tell Whether a Website Is Safe or Unsafe appeared first on McAfee Blog.
Lorem ipsum dolor sit amet..
Lorem ipsum dolor sit amet..
Lorem ipsum dolor sit amet..
Lorem ipsum dolor sit amet..
Lorem ipsum dolor sit amet..
Lorem ipsum dolor sit amet..
THis is test data lorem ipsum..
!@#$%^&*()_+{}|[]\-=:”;'<>?
The post Test delete article – 17-11-2022 appeared first on McAfee Blog.
Monkey in the middle, the beloved playground staple, extends beyond schoolyards into corporate networks, home desktops, and personal mobile devices in a not-so-fun way. Known as a monkey-in-the-middle or man-in-the-middle attack (MiTM), it’s a type of cybercrime that can happen to anyone.
Here’s everything you need to know about mobile MiTM schemes specifically, how to identify when your mobile device is experiencing one, and how to protect your personally identifiable information (PII) and your device from cybercriminals.
A man-in-the-middle attack, or MiTM attack, is a scheme where a cybercriminal intercepts someone’s online activity and impersonates a trusted person or organization. From there, the criminal may ask personal questions or attempt to get financial information; however, since the mobile device owner thinks they’re communicating with someone with good intentions, they give up these details freely.
MiTM is an umbrella term that includes several cybercrime tactics, such as:
Cybercriminals gain access to mobile devices to carry out MiTM mobile attacks through three main methods: Wi-Fi eavesdropping, malware, or phishing.
The most common giveaway of a MiTM attack is a spotty internet connection. If a cybercriminal has a hold on your device, they may disconnect you from the internet so they can take your place in sessions or steal your username and password combination.
If your device is overheating or the battery life is much shorter than normal, it could indicate that it is running malware in the background.
If you can identify the signs of a MiTM attack, that’s a great first step in protecting your device. Awareness of your digital surroundings is another way to keep your device and PII safe. Steer clear of websites that look sloppy, and do not stream or download content from unofficial sites. Malware is often hidden in links on dubious sites.
To safeguard your Wi-Fi connection, protect your home router with a strong password or passphrase. When connecting to public Wi-Fi, confirm with the hotel or café’s staff their official Wi-Fi network name. Then, make sure to connect to a virtual private network (VPN). A VPN encrypts your online activity, which makes it impossible for someone to digitally eavesdrop.
Finally, a comprehensive antivirus software can clean up your device of malicious programs it might have contracted.
McAfee+ Ultimate includes unlimited VPN and antivirus, plus a whole lot more to keep all your devices safe. It also includes web protection that alerts you to suspicious websites, identity monitoring, and daily credit reports to help you browse safely and keep on top of any threats to your identity or credit.
A cybercriminal’s prize for winning a mobile scheme of monkey in the middle is your personal information. With preparation and excellent digital protection tools on your team, you can make sure you emerge victorious and safe.
The post Everything You Need to Know to Avoid a Man-in-the-Middle Mobile Attack appeared first on McAfee Blog.
Lorem ipsum dolor sit amet…
Lorem ipsum dolor sit amet…
Lorem ipsum dolor sit amet…
Lorem ipsum dolor sit amet…
Lorem ipsum dolor sit amet…
!@#$%^&*()_+{}[]-=;’:”,./<>?
The post Test article delete – 16-11-2022 appeared first on McAfee Blog.
Hackers have posted another batch of stolen health records on the dark web—following a breach that could potentially affect nearly 8 million Australian Medibank customers, along with nearly 2 million more international customers.
The records were stolen in October’s reported breach at Medibank, one of Australia’s largest private health insurance providers. Given Australia’s population of almost 26 million people, close to a third of the population could find themselves affected.
The hackers subsequently issued ransomware demands with the threat of releasing the records. With their demands unmet, the hackers then started posting the records in batches, the first on November 8th and the latest dropping on November 14th.
According to Medibank, the records and information could include diagnoses, a list of conditions, and further information such as:
“[P]ersonal data such as names, addresses, dates of birth, phone numbers, email addresses, Medicare numbers for AHM customers (not expiry dates), in some cases passport numbers for our international students (not expiry dates), and some health claims data.”
Medibank continues to keep its customers up to date on the latest developments on its website and further states they will contact customers, via email and post, to clarify what has been stolen and what has been published on the dark web.
Any time a data breach occurs, it means that your personal information could end up in the hands of a bad actor. In the case of Medibank, the hackers posted the stolen information on the dark web, which unfortunately means that the likelihood of a potential scammer or thief obtaining this information is a near certainty.
In light of this, there are a few steps you can take to protect yourself in the aftermath of a data breach, which involves a combination of preventative steps and some monitoring on your part.
Home Affairs Minister Clare O’Neil called for Australians to “Contact Services Australia if you believe there has been unauthorised activity in your Medicare account.” Further, Australians can take the following additional steps to protect themselves in the wake of identity theft.
With some personal information in hand, bad actors may seek out more. They may follow up a breach with rounds of phishing attacks that direct you to bogus sites designed to steal your personal information—either by tricking you into providing it or by stealing it without your knowledge. So as it’s always wise to keep a skeptical eye open for unsolicited messages that ask you for information in some form or other, often in ways that urge or pressure you into acting. Always look out for phishing attacks, particularly after breaches.
If you are contacted by Medibank, make certain the communication is legitimate. Bad actors may pose as Medibank to steal personal information. Do not click on links sent in emails, texts, or messages. Instead, go straight to the Medibank website or contact them by phone directly.
While it does not appear that login information was affected, a password update is still a strong security move. Strong and unique passwords are best, which means never reusing your passwords across different sites and platforms. Using a password manager will help you keep on top of it all, while also storing your passwords securely. Moreover, changing your passwords regularly can reduce your risk in the event of a data breach. Namely, a breached password is no good to a hacker if you’ve changed it.
While a strong and unique password is a good first line of defense, enabling two-factor authentication across your accounts will help your cause by providing an added layer of security. It’s increasingly common to see nowadays, where banks and all manner of online services will only allow access to your accounts after you’ve provided a one-time passcode sent to your email or smartphone. If your accounts support two-factor authentication, enable it.
An identity monitoring service can monitor everything from email addresses to credit cards, bank account numbers and phone numbers for signs of breaches so you can take action to secure your accounts before they’re used for identity theft. Personal information harvested from data breaches can end up on dark web marketplaces where it’s bought by other bad actors so they can launch their own attacks. McAfee’s identity monitoring service helps you keep an eye on your personal info and provides alerts if your data is found, averaging 10 months ahead of similar services.
When personal information gets released, there’s a chance that a hacker, scammer, or thief will put it to use. This may include committing fraud, where they draw funds from existing accounts, and theft, where they create new accounts in your name. This may include identity theft, where someone pretends to be you, generally to gain access to more information or services, and may escalate to identity fraud, where funds are stolen from your account.
Another step that customers can take is to place a credit freeze on their credit reports with the major credit agencies in Australia— Equifax, illion, and Experian. This will help prevent bad actors from opening new lines of credit or take out loans in your name by “freezing” your credit report so that potential creditors cannot pull it for reference. Terms of freezing a credit report will vary, so check with each agency for details.
A complete suite of online protection software can offer layers of extra security. Identity thieves generally focus on easy targets to save time. Elevated security across the majority of your data can make you a far more difficult target. In addition to more private and secure time online with a VPN, identity monitoring, and password management, this includes web browser protection that can block malicious and suspicious links that could lead you down the road to malware or a phishing scam—which antivirus protection can’t do alone. Additionally, McAfee offers support from a licensed recovery pro who can help you restore your credit, just in case.
Per Medibank, some victims of the breach may have had their driver’s licence number exposed. Given that a licence number is such a unique piece of personally identifiable information, anyone notified by Medibank that theirs may have been affected should strongly consider changing them. The process for replacing a licence document will vary depending on your state or territory.
The recent Optus breach of September 2022 saw some states and territories propose making exceptions to the rules for attack victims, so look to your local government for guidance.
Not all data breaches make the news. Businesses and organizations, large and small, have all fallen victim to them, and with regularity. The measures you can take here are measures you can take even if you don’t believe you were caught up in the Medibank breach.
However, you have every reason to act now rather than wait for additional news. Staying on top of our credit and identity has always been important, but given all the devices, apps, and accounts we keep these days leaves us more exposed than ever, which makes protection a must.
The post The Medibank Data Breach – Steps You Can Take to Protect Yourself appeared first on McAfee Blog.
Smishing and vishing are scams where criminals attempt to get users to click a fraudulent link through a phone text message, email, or voicemail. These scams are becoming increasingly popular as cybercriminals try to take advantage of people who are more likely to fall for them, such as those who aren’t as familiar with technology or who may be experiencing a crisis.
Be aware that cybercrime and hacking can happen to anyone. Criminals are always looking for new ways to exploit people, and they know that others may not be cautious or recognize the warning signs of phishing scams when using the internet. That’s why it’s important to be aware of the different types of cybercrime and how to protect yourself.
This article discusses how to protect yourself from smishing attempts and scams where criminals try to get you to click on a fraudulent link or respond to their voicemail message to steal your personal data.
Most people are familiar with phishing scams, where scammers try to trick you into giving them your personal or financial information by pretending to be a legitimate company or organization. But have you ever heard of smishing or vishing?
Smishing is a type of phishing scam where attackers send SMS messages (or text messages) to trick victims into sharing personal information or installing malware on their devices. Vishing is almost identical to smishing, except cybercriminals use VoIP (Voice over IP) to place phone calls to trick victims instead of SMS (short message service) messages.
Smishing messages often appear to be from a legitimate source, such as a well-known company or government agency. It may even include urgent language or threats in an effort to get victims to act quickly. In some cases, the message may also include a link that directs victims to a fake website where they are prompted to enter personal information or download malware.
Here are some examples of smishing text messages hackers use to steal your personal details:
If you fall for a smishing scam, you could end up giving away your personal information or money. Cybercriminals use smishing messages to get personal and financial information, like your credit card number or access to your financial services.
For example, one type of smishing scam is when you get a text message that looks like it’s from your bank. The message might say there’s been suspicious activity on your account and that you need to click on a link to verify your identity. If you do click on the link, you’ll be taken to a fake website where you’ll be asked to enter your banking information. Once the scammers have your login information, they have access to clean out your account.
Smishing scams can be very difficult to spot, but there are some telltale signs to look for and steps to take to protect yourself.
One of the easiest ways to protect yourself from smishing scams is to be able to recognize the signs of a smishing text message. Here are some tips:
While you can’t avoid smishing attacks altogether, you can block spam text messages you receive on your mobile phone. iPhone and Android have cybersecurity tools like spam filters and phone number blocking to help protect you from phishing attacks and malicious links.
To set up spam filters on your iPhone:
To set up spam filters on your Android mobile device:
McAfee Mobile Security is a mobile security app that helps protect your phone from malware, phishing attacks, and other online threats. McAfee Mobile Security is available for Android and iOS cell phones.
One of the benefits of using McAfee Mobile Security is that it can help detect and block smishing attacks. With identity monitoring, McAfee Mobile Security monitors your sensitive information like email accounts, credit card numbers, phone numbers, Social Security numbers, and more to protect against identity theft. They notify you if they find any security breaches.
Other benefits include:
These days, our lives are more intertwined with our mobile devices than ever. We use them to stay connected with our loved ones on social media, conduct our business, and even access our most personal, sensitive data. It’s no surprise that mobile cybersecurity is becoming increasingly important.
McAfee Mobile Security is a comprehensive security solution that helps protect your device from viruses, malware, and other online threats. It also offers a variety of other features, like a secure VPN to protect your credit card numbers and other personal data.
Whether you’re browsing your favorite website, keeping up with friends on social media, or shopping online at Amazon, McAfee Mobile Security provides the peace of mind that comes from knowing your mobile device is safe and secure.
So why wait? Don‘t let the smishers win. Get started today with McAfee Mobile Security and rest easy knowing your mobile device and sensitive information are protected.
The post What Is Smishing and Vishing, and How Do You Protect Yourself? appeared first on McAfee Blog.
Authored by: Christy Crimmins and Oliver Devane
Football (or Soccer as we call it in the U.S.) is the most popular sport in the world, with over 3.5 billion fans across the globe. On November 20th, the men’s World Cup kicks off (pun intended) in Qatar. This event, a tournament played by 32 national teams every four years, determines the sport’s world champion. It will also be one of the most-watched sporting events of at least the last four years (since the previous World Cup).
An event with this level of popularity and interest also attracts fraudsters and cyber criminals looking to capitalize on fans’ excitement. Here’s how to spot these scams and stay penalty-free during this year’s tournament.
Phishing is a tool that cybercriminals have used for years now. Most of us are familiar with the telltale signs—misspelled words, poor grammar, and a sender email whose email address makes no sense or whose phone number is unknown. But excitement and anticipation can cloud our judgment. What football fan wouldn’t be tempted to win a free trip to see their home team participate in the ultimate tournament? Cybercriminals are betting that this excitement will cloud fans’ judgment, leading them to click on nefarious links that ultimately download malware or steal personal information.
It’s important to realize that these messages can come via a variety of channels, including email, text messages, (also known as smishing) and other messaging channels like WhatsApp and Telegram. No matter what the source is, it’s essential to remain vigilant and pause to think before clicking links or giving out personal or banking information.
For more information on phishing and how to spot a phisher, see McAfee’s “What is Phishing?” blog.
According to ActionFraud, the UK’s national reporting center for fraud and cybercrime, thousands of people were victims of ticket fraud in 2019—and that’s just in the UK. Ticket fraud is when someone advertises tickets for sale, usually through a website or message board, collects the payment and then disappears, without the buyer ever receiving the ticket.
The World Cup is a prime (and lucrative) target for this type of scam, with fans willing to pay thousands of dollars to see their teams compete. Chances are most people have their tickets firmly in hand (or digital wallet) by now, but if you’re planning to try a last-minute trip, beware of this scam and make sure that you’re using a legitimate, reputable ticket broker. To be perfectly safe, stick with well-known ticket brokers and those who offer consumer protection. Also beware of sites that don’t accept debit or credit cards and only accept payment in the form of bitcoin or wire transfers such as the one on the fake ticket site below:
The red box on the right image shows that the ticket site accepts payment via Bitcoin.
Other red flags to look out for are websites that ask you to contact them to make payment and the only contact information is via WhatsApp.
Let’s be realistic—most of us are going to have to settle for watching the World Cup from the comfort of our own home, or the pub down the street. If you’re watching the tournament online, be sure that you’re using a legitimate streaming service. A quick Google of “FIFA World Cup 2022 Official Streaming” along with your country should get you the information you need to safely watch the event through official channels. The FIFA site itself is also a good source of information.
Illegal streaming sites usually contain deceptive ads and malware which can cause harm to your device.
In countries or regions where sports betting is legal, the 2022 World Cup is expected to drive an increase in activity. There’s no shortage of things to bet on, from a simple win/loss to the exact minute a goal will be scored by a particular player. Everything is subject to wager.
As with our previous examples, this increase in legitimate gambling brings with it an increase in deceptive activity. Online betting scams often start when users are directed to or search for gambling site and end up on a fraudulent one. After placing their bets and winning, users realize that while they may have “won” money, they are unable to withdraw it and are even sometimes asked to deposit even more money to make winnings available, and even then, they still won’t be. By the end of this process, the bettor has lost all their initial money (and then some, potentially) as well as any personal information they shared on the site.
Like other scams, users should be wary of sites that look hastily put together or are riddled with errors. Your best bet (yes, again, pun intended) is to look for an established online service that is approved by your government or region’s gaming commission. Finally, reading the fine print on incentives or bonuses is always a good idea. If something sounds too good to be true, it’s best to double-check.
For more on how you can bet online safely, and for details on how legalized online betting works in the U.S., check out our blog on the topic.
Using a free public Wi-Fi connection is risky. User data on these networks is unprotected, which makes it vulnerable to cyber criminals. Whether you’re traveling to Qatar for a match or watching the them with friends at your favorite pub, if you’re connecting to a public Wi-Fi connection, make sure you use a trusted VPN connection.
For more information on scams, visit our scam education page. Hopefully, with these tips, you’ll be able to enjoy and participate in some of the World Cup festivities, after all, fun is the goal!
The post Don’t Get Caught Offsides with These World Cup Scams appeared first on McAfee Blog.
A new ransomware threat is currently sweeping its way across home computers. And what’s making it extra tricky is that it’s disguised as an operating system update.
Be on the lookout for this new ransomware scheme and protect yourself from ransomware with a few of these tips.
Magniber is a new type of ransomware that is disguised at almost every touchpoint until it seemingly pops out of nowhere demanding money. The attack begins when someone visits a fake Windows 10 update website owned by the Magniber cybercriminal group. Once someone clicks on a malicious link on that site, file-encrypting malware downloads onto the device.
Another stealth maneuver of Magniber is that the encryption malware downloads as a JavaScript file straight to the memory of the device, which can often slide under an antivirus’ radar. This malware allows the criminal to view, delete, and encrypt files and gain administrator access of the device. Usually, before the person even knows their device is in danger, Magniber reveals itself and demands a ransom payment in exchange for releasing the documents and giving back control of the computer. If the device owner refuses to pay, the criminal threatens to delete the files forever.1
For the last several years, large companies fell left and right to breaches. Hacker groups infiltrated complex cybersecurity defenses, got ahold of sensitive company or customer information, and threatened to release their findings on the dark web if not paid a hefty ransom. The reasons cybercriminals targeted corporate databases versus personal devices wasn’t just because they could demand multiple millions, but because companies were better equipped to make ransom transactions anonymously. Often, cryptocurrency transactions are untraceable, which allows criminals to remain at large.
Now that more everyday people are proficient in cryptocurrency, ransomware may shift to targeting personal devices. Though the ransom payments won’t be as lucrative, there also won’t be corporate cybersecurity experts hot on the cybercriminal’s tail.
To avoid ransomware schemes similar to Magniber, adopt these three habits to better protect your device and digital privacy:
If a cybercriminal gets in touch with you and demands a ransom, immediately contact your local FBI field office and file a report with the FBI’s Internet Criminal Complaint Center. From there, the authorities will advise you on how to proceed.
Something you can start with now to defend against ransomware is to invest in McAfee+ Ultimate. It provides the most thorough device, privacy, and identity protection, including $25,000 in ransomware coverage.
1ZDNET, “This unusual ransomware attack targets home PCs, so beware”
The post Ransomware Masquerading as Microsoft Update Targets Home Computers appeared first on McAfee Blog.
It’s Diwali, a time of light, a time of togetherness, and, of course, a time of celebration. Along with Diwali comes the traditional acts of dana and seva, as well as gift-giving to the friends and family members they honor and love. However, it’s also a time when thieves get busy—where they hop online and take advantage of all that goodwill with all manner of scams.
It’s unfortunate yet true. Thieves flock to where the money is, and plenty of money gets exchanged online during Diwali. As you shop online for that thoughtful gift or to donate online to a cause you care about, keep an eye out for the scams that these thieves set. Because they’re out there.
Yet you have several ways you can spot their scams, along with several ways you can protect yourself further from them. The thing is, online thieves tend to use the same old tricks, which means a sharp eye and a little prevention on your part can keep you far safer during Diwali.
For starters, let’s look at some of the most common scams out there.
A classic scammer move is to “typosquat” phony email addresses and URLs that look awfully close to legitimate addresses of legitimate companies and retailers. So close that you may overlook them. They often appear in phishing emails and instead of leading you to a great deal, these can in fact link you to scam sites that can then lift your login credentials, payment info, or even funds should you try to place an order through them.
You can avoid these sites by going to the retailer’s site directly. Be skeptical of any links you receive by email, text, or direct message—it’s best to go to the site yourself by manually typing in the legitimate address yourself and looking for the deal there.
In some cases, thieves will set up shopping websites that offer a popular or hard-to-find item at a great price. Yet if the pricing, availability, or delivery time all look too good to be true for the item in question, it may be a scam designed to harvest your personal info and accounts—because, surprise, they don’t have the item at all. The site will take your payment, yet you’ll never receive the item. What’s more, the scammers will have your payment info and address, which they can use to cause further harm.
Use caution here before you click. If you’re unsure about a product or retailer, read reviews from trusted websites to help see if it’s legitimate. You can also use a service like Who.Is and see how recently the site was created. If the site was only put up very recently, it could be a sign of a scam.
In the spirit of dana, donating to charities makes for a popular Diwali gesture. Scammers know this too and will set up phony charities to cash in. Some indications that a phony charity has reached you include an urgent pitch that asks you to “act now.” A proper charity will certainly make their case for a donation, yet they won’t pressure you into it. Moreover, phony charities will outright ask for payment in the form of gift cards, wire transfers, money orders, or even cryptocurrency—because once those funds are sent, they’re nearly impossible to reclaim when you find out you’ve been scammed.
There are plenty of ways to make donations to legitimate charities, and the NGO Darpan site offers resources that can help you make an informed choice.
Whether they come to you by email, direct message, or text message, scammers will blast out phoney prize and gift notifications during Diwali. And of course, there’s a catch. To claim your “prize” or “gift,” the scammers require you to fill out a questionnaire. Once again, there’s no gift or prize in play here. Just a thief on the other end attempting to steal your personal information to commit other fraud down the road.
Look out for these scams, as many have URLs that end in .cn (the Chinese domain). Both .xyz, and .top are popular URL domains for these scams. Several can look quite legitimate, yet if you haven’t entered in a legitimate contest, drawing, or lottery yourself, there’s a very good chance this is a scam.
Aside from knowing how to spot scams, you can take several other preventative measures that can keep you safe as you shop, donate, or simply spend time online.
This is a great one to start with. Directly typing in the correct address for online stores and retailers is a prime way to avoid scammers online. As mentioned in the bogus website scam and the prize scams above, thieves will often create web addresses that look nearly identical to legitimate addresses of well-known companies hoping that you won’t look closely at them, then click or tap that bad link.
If you get an offer sent to you via email, text, or any other message, don’t click the link. Visit the site directly and look for the offer there.
Secure websites begin their address with “https,” not just “http.” That extra “s” in stands for “secure,” which means that it uses a secure protocol for transmitting sensitive info like passwords, credit card numbers, and the like over the internet. It often appears as a little padlock icon in the address bar of your browser, so double-check for that. If you don’t see that it’s secure, it’s best to avoid making purchases on that website.
Public Wi-Fi in coffee shops and other public locations can expose your private surfing to prying eyes because those networks are open to all. Using a virtual private network (VPN) encrypts your browsing, shopping, and other internet traffic, thus making it secure from attempts at intercepting your data on public Wi-Fi, such as your passwords and credit card numbers.
What’s more, a VPN masks your whereabouts and your IP address, plus uses encryption that helps keep your activities private. As a result, companies and data brokers can potentially learn far less about you, your shopping, your travels, your habits, and any other information that they could possibly collect and otherwise profit from.
A complete suite of online protection software like McAfee can offer layers of extra security while you shop. In addition to the VPN, identity, credit monitoring, and other features mentioned above, it includes web browser protection that can block malicious and suspicious links that could lead you down the road to malware or a phishing scam—along with a password manager that can create strong, unique passwords and store them securely as well. Taken together, McAfee offers all-in-one online protection for your identity, privacy, and security that can keep you far safer when you shop online—and as you spend your time online in general.
If celebrating Diwali takes you online in any way, keep an eye open for the scams that typically pop up this time of year. Sadly, they’re out there, because it’s such a prime time of year for online shopping, gift-giving, and donations.
As you can see, thieves use several types of common scams that simply dress themselves up in different ways. Taking a moment to pause and consider what you’re seeing before you click or buy can help you spot those scams.
Further, using online protection software can help you stay safer still with features that make your time online more private and secure while also preventing you from clicking on any of those malicious links or attachments that crop up during Diwali—and any time of year.
The post Protect yourself from scams this Diwali appeared first on McAfee Blog.
Have you ever been browsing online and clicked a link or search result that took you to a site that triggers a “your connection is not private” or “your connection is not secure” error code? If you’re not too interested in that particular result, you may simply move on to another result option. But if you’re tempted to visit the site anyway, you should be sure you understand what the warning means, what the risks are, and how to bypass the error if you need to.
A “your connection is not private” error means that your browser cannot determine with certainty that a website has safe encryption protocols in place to protect your device and data. You can bump into this error on any device connected to the internet — computer, smartphone, or tablet.
So, what exactly is going on when you see the “this connection is not private” error?
For starters, it’s important to know that seeing the error is just a warning, and it does not mean any of your private information is compromised. A “your connection is not private” error means the website you were trying to visit does not have an up-to-date SSL (secure sockets layer) security certificate.
Website owners must maintain the licensing regularly to ensure the site encryption capabilities are up to date. If the website’s SSL certificate is outdated, it means the site owners have not kept their encryption licensing current, but it doesn’t necessarily mean they are up to no good. Even major websites like LinkedIn have had momentary lapses that would throw the error. LinkedIn mistakenly let their subdomain SSL certificates lapse.
In late 2021, a significant provider of SSL certificates, Let’s Encrypt, went out of business. When their root domain officially lapsed, it created issues for many domain names and SSL certificates owned by legitimate companies. The privacy error created problems for unwitting businesses, as many of their website visitors were rightfully concerned about site security.
While it does not always mean a website is unsafe to browse, it should not be ignored. A secure internet connection is critical to protecting yourself online. Many nefarious websites are dangerous to visit, and this SSL certificate error will protect you from walking into them unaware.
SL certification standards have helped make the web a safer place to transact. It helps ensure online activities like paying bills online, ordering products, connecting to online banking, or keeping your private email accounts safe and secure. Online security continues to improve with a new Transport Layer Security (TLS) standard, which promises to be the successor protocol to SSL.
So be careful whenever visiting sites that trigger the “connection is not private” error, as those sites can potentially make your personal data less secure and make your devices vulnerable to viruses and malware.
Note: The “your connection is not private” error is Google Chrome’s phrasing. Microsoft Edge or Mozilla Firefox users will instead see a “your connection is not secure” error as the warning message.
If you feel confident that a website or page is safe, despite the warning from your web browser, there are a few things you can do to troubleshoot the error.
Remember, you are taking your chances anytime you ignore an error. As we mentioned, you could leave yourself vulnerable to hackers after your passwords, personal information, and other risks.
Your data and private information are valuable to hackers, so they will continue to find new ways to try and procure it. Here are some ways to protect yourself and your data when browsing online.
As we continue to do more critical business online, we must also do our best to address the risks of the internet’s many conveniences.
A comprehensive cybersecurity tool like McAfee+ Ultimate can help protect you from online scams, identity theft, and phishing attempts, and ensure you always have a secure connection. McAfee helps keep your sensitive information out of the hands of hackers and can help you keep your digital data footprints lighter with personal data cleanup.
With McAfee’s experts on your side, you can enjoy everything the web offers with the confidence of total protection.
The post “This Connection Is Not Private” – What it Means and How to Protect Your Privacy appeared first on McAfee Blog.
Smishing and vishing are scams where criminals attempt to get users to click a fraudulent link through a phone text message, email, or voicemail. These scams are becoming increasingly popular as cybercriminals try to take advantage of people who are more likely to fall for them, such as those who aren’t as familiar with technology or who may be experiencing a crisis.
Be aware that cybercrime and hacking can happen to anyone. Criminals are always looking for new ways to exploit people, and they know that others may not be cautious or recognize the warning signs of phishing scams when using the internet. That’s why it’s important to be aware of the different types of cybercrime and how to protect yourself.
This article discusses how to protect yourself from smishing attempts and scams where criminals try to get you to click on a fraudulent link or respond to their voicemail message to steal your personal data.
Most people are familiar with phishing scams, where scammers try to trick you into giving them your personal or financial information by pretending to be a legitimate company or organization. But have you ever heard of smishing or vishing?
Smishing is a type of phishing scam where attackers send SMS messages (or text messages) to trick victims into sharing personal information or installing malware on their devices. Vishing is almost identical to smishing, except cybercriminals use VoIP (Voice over IP) to place phone calls to trick victims instead of SMS (short message service) messages.
Smishing messages often appear to be from a legitimate source, such as a well-known company or government agency. It may even include urgent language or threats in an effort to get victims to act quickly. In some cases, the message may also include a link that directs victims to a fake website where they are prompted to enter personal information or download malware.
Here are some examples of smishing text messages hackers use to steal your personal details:
If you fall for a smishing scam, you could end up giving away your personal information or money. Cybercriminals use smishing messages to get personal and financial information, like your credit card number or access to your financial services.
For example, one type of smishing scam is when you get a text message that looks like it’s from your bank. The message might say there’s been suspicious activity on your account and that you need to click on a link to verify your identity. If you do click on the link, you’ll be taken to a fake website where you’ll be asked to enter your banking information. Once the scammers have your login information, they have access to clean out your account.
Smishing scams can be very difficult to spot, but there are some telltale signs to look for and steps to take to protect yourself.
One of the easiest ways to protect yourself from smishing scams is to be able to recognize the signs of a smishing text message. Here are some tips:
While you can’t avoid smishing attacks altogether, you can block spam text messages you receive on your mobile phone. iPhone and Android have cybersecurity tools like spam filters and phone number blocking to help protect you from phishing attacks and malicious links.
To set up spam filters on your iPhone:
To set up spam filters on your Android mobile device:
McAfee Mobile Security is a mobile security app that helps protect your phone from malware, phishing attacks, and other online threats. McAfee Mobile Security is available for Android and iOS cell phones.
One of the benefits of using McAfee Mobile Security is that it can help detect and block smishing attacks. With identity monitoring, McAfee Mobile Security monitors your sensitive information like email accounts, credit card numbers, phone numbers, Social Security numbers, and more to protect against identity theft. They notify you if they find any security breaches.
Other benefits include:
These days, our lives are more intertwined with our mobile devices than ever. We use them to stay connected with our loved ones on social media, conduct our business, and even access our most personal, sensitive data. It’s no surprise that mobile cybersecurity is becoming increasingly important.
McAfee Mobile Security is a comprehensive security solution that helps protect your device from viruses, malware, and other online threats. It also offers a variety of other features, like a secure VPN to protect your credit card numbers and other personal data.
Whether you’re browsing your favorite website, keeping up with friends on social media, or shopping online at Amazon, McAfee Mobile Security provides the peace of mind that comes from knowing your mobile device is safe and secure.
So why wait? Don‘t let the smishers win. Get started today with McAfee Mobile Security and rest easy knowing your mobile device and sensitive information are protected.
The post What Is Smishing and Vishing, and How Do You Protect Yourself appeared first on McAfee Blog.
Whether you’re spending time on the web or working in the office, you want peace of mind knowing that you are in a safe environment. While most of us know to take precautions when online — protecting ourselves from things like phishing attacks and other cyber threats — we should also attend to our physical security.
One concern is tailgating — a social engineering attack where someone gets physical access to a business to take confidential information or do other harm.
Here are some ways to protect yourself from tailgating attacks, such as an unauthorized person following you into a restricted area while on the job.
Tailgating is a type of social engineering attack where an unauthorized person gains physical access to an off-limits location — perhaps a password-protected area — where they might steal sensitive information, damage property, compromise user credentials or even install malware on computers.
“Piggybacking” is closely related to tailgating, but it involves consent from the duped employee. So, while a worker might be unaware that someone has tailgated them into a restricted area with piggybacking, the hacker might convince a worker to provide access because they are posing as, say, a delivery driver.
Companies, particularly at risk of being targeted by tailgating scams, include those:
Whether you’re spending time on the web or working in the office, you want peace of mind knowing that you are in a safe environment. While most of us know to take precautions when online — protecting ourselves from things like phishing attacks and other cyber threats — we should also attend to our physical security.
One concern is tailgating — a social engineering attack where someone gets physical access to a business to take confidential information or do other harm.
Here are some ways to protect yourself from tailgating attacks, such as an unauthorized person following you into a restricted area while on the job.
Tailgating is a type of social engineering attack where an unauthorized person gains physical access to an off-limits location — perhaps a password-protected area — where they might steal sensitive information, damage property, compromise user credentials or even install malware on computers.
“Piggybacking” is closely related to tailgating, but it involves consent from the duped employee. So, while a worker might be unaware that someone has tailgated them into a restricted area with piggybacking, the hacker might convince a worker to provide access because they are posing as, say, a delivery driver.
Companies, particularly at risk of being targeted by tailgating scams, include those:
Generally speaking, companies with robust security systems in place — including using biometrics, badges, or other identity and information security measures — are better protected from tailgating and piggybacking attacks.
But that’s not to say that some smooth-talking fraudster can’t talk someone into letting them in or finding some way around those protections.
Common types of tailgating attacks that you should be aware of on the job include:
Protecting yourself from tailgating attacks is partly a matter of learning about the issue, raising your level of awareness on the job, and depending on your employer, putting in place more effective security systems.
Some solutions include:
Many companies know how to train employees to recognize, avoid, and cope with online security issues but may forget to provide the same diligence to physical security. How to spot and deal with threats should be part of this training, plus cultivating an awareness of surroundings and people who might be out of place.
Management should offer a clearly stated security policy taught to everyone, which might insist that no one be allowed into a secure area without the proper pass or identification. As the security policy is updated, all employees should be aware of changes and additions.
These security measures should be part of an overall protection program, like McAfee® Total Protection, which includes antivirus software, a firewall, identity monitoring, password management, web protection, and more.
If you have a large business spread over several floors, it can be hard for employees to know who works there and who doesn’t, leaving them susceptible to tailgating and piggybacking attacks. Requiring smart badges and cards to access restricted areas can help cut back on unauthorized intrusions and provide better access control.
Building fully staffed reception areas with dedicated security personnel could also be part of a larger security system.
Biometric scanners are an even more advanced way to provide proper authentication for a worker’s identity. They scan a unique physical or audible feature of a person and compare it to a database for approved personnel.
Examples of biometric security include:
One reason people are vulnerable to physical and cyberattacks is that they lack education on social engineering and the kinds of threats it poses.
Workers need to understand the full range of social engineering techniques and know-how to protect themselves, whether in their social media accounts or physical work environment.
For their part, companies can use simulated phishing emails and tailgating attacks to raise awareness and underline how to follow protocols in dealing with them.
If there are many ways to enter a business, it may make sense to put video surveillance on all entrances. Advanced video surveillance systems can use artificial intelligence (AI) and video analytics to scan the faces of people entering and compare them to a database of employee features.
Whether at work or at home, people want to be secure from attacks by cybercriminals who seek to take personal information.
To add a layer of security to all their connected devices — including computers, smartphones, and tablets — an increasing number of people are turning to the comprehensive coverage of McAfee® Total Protection.
Features range from advanced monitoring of possible threats to your identity, automatic implementation of virtual private networks (VPNs) to deal with unsafe networks, and personal data clean-up, removing your information from high-risk data broker sites.
McAfee protection allows you to work and play online with greater peace of mind.
The post What Are Tailgating Attacks and How to Protect Yourself From Them appeared first on McAfee Blog.
It’s important to know that not all websites are safe to visit. In fact, some sites may contain malicious software (malware) that can harm your computer or steal your personal contact information or credit card numbers.
Phishing is another common type of web-based attack where scammers try to trick you into giving them your personal information, and you can be susceptible to this if you visit a suspicious site.
Identity theft is a serious problem, so it’s important to protect yourself when browsing the web. Online security threats can be a big issue for internet users, especially when visiting new websites or following site links.
So how can you tell if you’re visiting a safe website or an unsafe website? You can use a few different methods. This page discusses key things to look for in a website so you can stay safe online.
When you’re visiting a website, a few key indicators can help determine whether the site is safe. This section explores how to check the URL for two specific signs of a secure website.
“Https” in a website URL indicates that the website is safe to visit. The “s” stands for “secure,” and it means that the website uses SSL (Secure Sockets Layer) encryption to protect your information. A verified SSL certificate tells your browser that the website is secure. This is especially important when shopping online or entering personal information into a website.
When you see “https” in a URL, the site is using a protocol that encrypts information before it’s sent from your computer to the website’s server. This helps prevent anyone from intercepting and reading your sensitive information as it’s transmitted.
The padlock icon near your browser’s URL field is another indicator that a webpage is safe to visit. This icon usually appears in the address bar and means the site uses SSL encryption. Security tools and icon and warning appearances depend on the web browser.
Let’s explore the cybersecurity tools on the three major web browsers:
Overall, the ”https” and the locked padlock icon are good signs that your personal data will be safe when you enter it on a website. But you can ensure a website’s security is up to par in other ways. This section will explore five in-depth methods for checking website safety.
McAfee WebAdvisor is a free toolbar that helps keep you safe online. It works with your existing antivirus software to provide an extra layer of protection against online threats. WebAdvisor also blocks unsafe websites and lets you know if a site is known for phishing or other malicious activity. In addition, it can help you avoid online scams and prevent you from accidentally downloading malware. Overall, McAfee WebAdvisor is a useful tool that can help you stay safe while browsing the web.
When you’re browsing the web, it’s important to be able to trust the websites you’re visiting. One way to determine if a website is trustworthy is to look for trust seals. Trust seals are logos or badges that indicate a website is safe and secure. They usually appear on the homepage or checkout page of a website.
There are many types of trust seals, but some of the most common include the Better Business Bureau (BBB) seal, VeriSign secure seal, and the McAfee secure seal. These seals indicate that a third-party organization has verified the website as safe and secure.
While trust seals can help determine whether a website is trustworthy, it’s important to remember that they are not foolproof. Website owners can create a fake trust seal, so it’s always important to do your own research to ensure a website is safe before entering personal information.
Another way to determine if a website is safe to visit is to check for a privacy policy. A privacy policy is a document that outlines how a website collects and uses personal information. It should also state how the site protects your data from being accessed or shared by scammers, hackers, or other unauthorized individuals.
If a website doesn’t have a privacy policy, that’s a red flag that you shouldn’t enter any personal information on the site. Even if a website does have a privacy policy, it’s important to read it carefully so you understand how the site uses your personal data.
It’s important to do some preliminary research before visiting a new website, especially if you’re shopping online or entering personal data like your address, credit card, or phone number. One way to determine if a website is safe and trustworthy is to check third-party reviews. Several websites provide reviews of other websites, so you should be able to find several reviews for any given site.
Trustpilot is one example of a website that provides reviews of other websites.Look for common themes when reading reviews. If most of the reviews mention that a website is safe and easy to use, it’s likely that the site is indeed safe to visit. However, if a lot of negative reviews mention problems with viruses or malware, you might want to avoid the site.
You can also analyze the website design when deciding whether a website is safe to visit. Look for spelling errors, grammatical mistakes, and anything that appears off. If a website looks like it was made in a hurry or doesn’t seem to be well-designed, that’s usually a red flag that the site might not be safe.
Be especially careful of websites that have a lot of pop-ups. These sites are often spammy or contain malware. Don’t download anything from a website unless you’re absolutely sure it’s safe. These malicious websites rarely show up on the top of search engine results, so consider using a search engine to find what you’re looking for rather than a link that redirects you to an unknown website.
If you’re unsure whether a website is safe to visit, download McAfee WebAdvisor for free. McAfee WebAdvisor is a program that helps protect you from online threats, such as malware and viruses. It also blocks pop-ups and other intrusive ads so you can browse the web without worry. Plus, it’s completely free to download and use.
Download McAfee WebAdvisor now and stay safe while browsing the web.
The post How to Tell Whether a Website Is Safe or Unsafe appeared first on McAfee Blog.
One of the oldest tricks in the cybercrime playbook is phishing. It first hit the digital scene in 1995, at a time when millions flocked to America Online (AOL) every day. And if we know one thing about cybercriminals, it’s that they tend to follow the masses. In earlier iterations, phishing attempts were easy to spot due to link misspellings, odd link redirects, and other giveaways. However, today’s phishing tricks have become personalized, advanced, and shrouded in new disguises. So, let’s take a look at some of the different types, real-world examples and how you can recognize a phishing lure.
Every day, users get sent thousands of emails. Some are important, but most are just plain junk. These emails often get filtered to a spam folder, where phishing emails are often trapped. But sometimes they slip through the digital cracks, into a main inbox. These messages typically have urgent requests that require the user to input sensitive information or fill out a form through an external link. These phishing emails can take on many personas, such as banking institutions, popular services, and universities. As such, always remember to stay vigilant and double-check the source before giving away any information.
A sort of sibling to email phishing, link manipulation is when a cybercriminal sends users a link to malicious website under the ruse of an urgent request or deadline. After clicking on the deceptive link, the user is brought to the cybercriminal’s fake website rather than a real or verified link and asked to input or verify personal details. This exact scenario happened last year when several universities and businesses fell for a campaign disguised as a package delivery issue from FedEx. This scheme is a reminder that anyone can fall for a cybercriminals trap, which is why users always have to careful when clicking, as well as ensure the validity of the claim and source of the link. To check the validity, it’s always a good idea to contact the source directly to see if the notice or request is legitimate.
Corporate executives have always been high-level targets for cybercriminals. That’s why C-suite members have a special name for when cybercriminals try to phish them – whaling. What sounds like a silly name is anything but. In this sophisticated, as well as personalized attack, a cybercriminal attempts to manipulate the target to obtain money, trade secrets, or employee information. In recent years, organizations have become smarter and in turn, whaling has slowed down. Before the slowdown, however, many companies were hit with data breaches due to cybercriminals impersonating C-suite members and asking lower-level employees for company information. To avoid this pesky phishing attempt, train C-suite members to be able to identify phishing, as well as encourage unique, strong passwords on all devices and accounts.
Just as email spam and link manipulation are phishing siblings, so too are whaling and spear-phishing. While whaling attacks target the C-suite of a specific organization, spear-phishing rather targets lower-level employees of a specific organization. Just as selective and sophisticated as whaling, spear-phishing targets members of a specific organization to gain access to critical information, like staff credentials, intellectual property, customer data, and more. Spear-phishing attacks tend to be more lucrative than a run-of-the-mill phishing attack, which is why cybercriminals will often spend more time crafting and obtaining personal information from these specific targets. To avoid falling for this phishing scheme, employees must have proper security training so they know how to spot a phishing lure when they see one.
With so many things to click on a website, it’s easy to see why cybercriminals would take advantage of that fact. Content spoofing is based on exactly that notion – a cybercriminal alters a section of content on a page of a reliable website to redirect an unsuspecting user to an illegitimate website where they are then asked to enter personal details. The best way to steer clear of this phishing scheme is to check that the URL matches the primary domain name.
When users search for something online, they expect reliable resources. But sometimes, phishing sites can sneak their way into legitimate results. This tactic is called search engine phishing and involves search engines being manipulated into showing malicious results. Users are attracted to these sites by discount offers for products or services. However, when the user goes to buy said product or service, their personal details are collected by the deceptive site. To stay secure, watch out for potentially sketchy ads in particular and when in doubt always navigate to the official site first.
With new technologies come new avenues for cybercriminals to try and obtain personal data. Vishing, or voice phishing, is one of those new avenues. In a vishing attempt, cybercriminals contact users by phone and ask the user to dial a number to receive identifiable bank account or personal information through the phone by using a fake caller ID. For example, just last year, a security researcher received a call from their financial institution saying that their card had been compromised. Instead of offering a replacement card, the bank suggested simply blocking any future geographic-specific transactions. Sensing something was up, the researcher hung up and dialed his bank – they had no record of the call or the fraudulent card transactions. This scenario, as sophisticated as it sounds, reminds users to always double-check directly with businesses before sharing any personal information.
As you can see, phishing comes in all shapes and sizes. This blog only scratches the surface of all the ways cybercriminals lure unsuspecting users into phishing traps. The best way to stay protected is to invest in comprehensive security and stay updated on new phishing scams.
The post The Seven Main Phishing Lures of Cybercriminals appeared first on McAfee Blog.
Your phone buzzes. You hope it’s a reply from last night’s date, but instead you get an entirely different swooping feeling: It’s an alarming SMS text alerting you about suspicious activity on your bank account and that immediate action is necessary.
Take a deep breath and make sure to read the message carefully. Luckily, your assets could be completely safe. It could just be a smisher.
Smishing, or phishing over SMS, is a tactic where cybercriminals impersonate reputable organizations or people and trick people into handing over their PII or financial details. Sometimes they can seem very credible with the information they have, and you may have even been expecting a correspondence of a similar nature.
So how can you tell when an SMS text is real and requires your attention? And how should you deal with a smisher to keep your identity safe?
Like email phishing and social media phishing,
SMS text phishing often tries to use a strong emotion – like fear, anger, guilt, or excitement – to get you to respond immediately and without thinking through the request completely.
In the case of one coordinated smishing attack, cybercriminals not only impersonated financial institutions but collected PII on their targets ahead of time. The criminals then used these personal details – like old addresses and Social Security Numbers – to convince people that they were legitimate bank employees.1 But since when does a bank try to prove itself to the customer? Usually, it’s the other way around, where they’ll ask you to confirm your identity. Be wary of anyone who texts or calls you and has your PII. If you’re ever suspicious of a caller or texter claiming they’re a financial official, contact your bank through verified channels (chat, email, or phone) you find on the bank’s website to make sure.
Smishers often keep up with current events and attempt to impersonate well-known companies that have a reason to reach out to their customers. This adds false legitimacy to their message. For example, in the summer of 2022, Rogers Communications, a Canadian telecommunications provider, experienced an extended loss of service and told customers they could expect a reimbursement. Smishers jumped on the opportunity and sent a barrage of fake texts requesting banking details in order to carry out the reimbursement.2 However, Rogers credited customers directly to their Rogers accounts.
If you receive a suspicious text, go through these three steps to determine if you should follow up with the organization in question or simply delete and report the text.
Do you have text alerts enabled for your bank and utility accounts? If not, disregard any text claiming to be from those organizations. Companies will only contact you through the channels you have approved. Also, in the case of the Rogers smishing scheme, be aware of how a company plans to follow up with customers regarding reimbursements. You can find information like this on their official website and verified social channels.
If the tone of the text urges you to act quickly or proposes a dire consequence of ignoring the message, be on alert. While suspicious activity on your credit card is serious, your bank will likely reimburse you for charges you didn’t make, so you have time to check your bank account and see recent activities. Official correspondence from financial institutions will always be professional, typo-free, and will try to put you at ease, not make you panic.
Whenever you get a text from someone you don’t know, it’s a good practice to do an internet search for the number to see with whom it’s associated. If it’s a legitimate number, it should appear on the first page of the search results and direct to an official bank webpage.
Once you’ve identified a fake SMS alert, do not engage with it. Never click on any links in the message, as they can redirect you to risky sites or download malware to your device. If you have McAfee Safe Browsing on your mobile, it can be your backup if you accidentally open a malicious link.
Also, don’t reply to the text. A reply lets the criminal on the other end know that they reached a valid phone number, which may cause them to redouble their efforts. Finally, block the number and report it as spam.
A great absolute rule to always follow is to never give out your Social Security Number, banking information, usernames, or passwords over text.
To give you peace of mind in cases where you think a malicious actor has access to your PII, you can count on McAfee+. McAfee+ offers a comprehensive suite of identity and privacy protection services to help you feel more confident in your digital life.
1PC Mag, “Scammers Are Using Fake SMS Bank Fraud Alerts to Phish Victims, FBI Says”
2Daily Hive, “Rogers scam alert: Texts offering credit after outage are fake”
The post What Is Smishing? Here’s How to Spot Fake Texts and Keep Your Info Safe appeared first on McAfee Blog.
Have you ever been on the receiving end of a scam or heard of someone whose bank account was emptied by fraudsters?
Unfortunately, these examples are becoming increasingly common. The Better Business Bureau (BBB) shared that they receive about 1,000 scam complaints daily from cash app users. As the number of cash app users increased over the last few years, so did the number of fraudsters on payment apps like Venmo and PayPal. As a result, even the most alert people have found themselves prey to smooth-talking fraudsters.
This article highlights common themes of cash app scams and explains how to protect your financial and personal information from scammers online. Stay tuned to learn more.
With the number of scams rising, it’s important to be more aware and cautious. So, what can you do to protect yourself from being scammed?
Here are four essential safety tips to avoid some common Venmo scams:
Let’s discuss some scam tactics commonly used on money transfer apps like Venmo and how you can quickly recognize and sidestep them.
Spoofing and phishing scams are practices that trick you into revealing sensitive financial or online information, leading you to lose money and face risk identity theft.
Knowing common ways that an online scammer can trick you will help you stay alert. This knowledge might make it easier to recognize a fraudster.
Let’s talk about a few common scam tactic examples, so you know the red flags to look out for when using cash apps like Venmo.
In this type of scam, a scammer will send you a text message, a notification, or an email with a link telling you that you won a cash prize or trending concert tickets on Venmo. The link generally leads to a page that asks you to sign in or provide information about your Venmo account. For example, the text could say something like, “As a long-time user of Venmo, you have received a $20 gift card from Venmo. Sign in to redeem.” Filling in these details can lead to your Venmo account being hacked.
Prevent being scammed this way by never sharing your Venmo login information with any person or third-party website.
A scammer may try to sign in to your Venmo account, requiring them to enter a code sent to your mobile number. They will call you, pretend to be from the Venmo tech support or customer service team, and produce any plausible reason they need you so you’ll share the code you received.
For example, this phone call may sound like, “Hello, we have noticed some unauthorized transactions on your Venmo account. This can lead to your account being blocked. To authorize the transactions, we need to confirm that you are the real owner of this account. For authentication purposes, we sent a code to your phone. Could you share that code with me, please?”
When in the middle of a busy work day, this call might not seem like a big deal and you may share the code without suspecting the caller of smishing. However, this code might be part of multi-factor authentication on Venmo and will give the scammer access to your account.
This can also look a little different. For example, someone who claims to be a Venmo agent might ask you to transfer a sum of money into another account to “verify” your account.
To avoid being scammed this way, keep in mind that a Venmo agent will never ask for a private code or try to gain access to your account. In addition, Venmo will never ask you to install a third-party app, redirect you to a different sign-in page, or ask you to send money to “verify” an account.
As a rule of thumb, never share your Venmo verification code with anyone, no matter who they claim to be.
This scam has a few names, including pyramid scheme, money circle, or cash wheel. Here, a scammer will persuade you to send them a small amount of money to earn back a larger sum within a short period. This is an easy scam to identify because you have no guarantee that the person will pay you back. However, scammers can be extremely convincing, and you may fall for their words.
To avoid this mistake on the cash transfer app, don’t ever send money to strangers on Venmo. Remember, if it sounds too good to be true, it’s probably a scam.
In such a scam, a scammer will attempt to impersonate someone you know. For example, a scammer is impersonating your friend “X.” They use any publicly available information about “X” and create an account using “X’s” name and picture. If “X’s” Venmo account isn’t private, the scammer can access “X’s” transaction history. And, if “X” has transacted with you in the past, the scammer posing as “X” will connect with you and request money. Usually, these requests suggest an urgent need for money. Since you know “X,” you might consider lending them the amount.
Avoid this scam by being wary of any unusual money requests from someone who looks like a friend. Before accepting the payment request, double-check that the person requesting the money is your friend or a family member. Reach out to your friend outside of Venmo through their phone or a credible social media account to verify that it’s not a fake profile asking you for money. In addition, you should always keep your Venmo friend list and transaction history private to avoid giving scammers access to your data.
If you’re selling goods online, a buyer might try to obtain your goods without actually paying for your product. So, they may send you a screenshot of a fake payment to prove they have paid when you haven’t received any money.
Sometimes, a scammer will send a screenshot showing that they accidentally paid you an extra sum of money, and may ask you to pay the money back. However, their payment was fake, and you will end up paying money from your pocket.
Another example involves a seller who sends a message that seems like it’s from Venmo. The message might say that the buyer made a payment, but it will only be fully processed once goods are shipped. Again, this is a red flag to watch out for because Venmo doesn’t offer this feature.
If you’re a buyer online, your seller may convince you to Venmo them the entire payment, and then they may refuse to ship the purchased goods to you.
To be protected from such scams, avoid selling and buying items using Venmo. If you’re buying from strangers on Venmo, ensure it is a Venmo-approved business account so you have purchase protection for any eligible items covered under the user agreement.
As a rule, it’s best not to exchange Venmo payments with strangers. Consider blocking the user if you receive an unsolicited payment or a payment request from a stranger on Venmo.
As transactions become increasingly digital, it’s important to educate yourself about the best practices to protect your financial information online.
Here are some general tips to follow:
Online safety should not be taken lightly, and investing in an advanced tool is a good idea to ensure your cybersafety.
If you’re serious about online safety and security, the McAfee+ Protection package is a great investment. This package gives you a premium level of online security, with full protection from things like identity theft. In addition, you get access to antivirus software for unlimited devices, personal data clean-ups, lost wallet protection, and a secure VPN — among other benefits. Sign up today!
The post How to Identify and Protect Yourself From Venmo Scams and Other Cash App Scams appeared first on McAfee Blog.
The joy of purchasing a new device is liberating. Now you can work, learn, and play faster — along with enjoying ample storage space. So, the last thing you’d expect is your apparently safe device being exposed to vulnerabilities, or “bloat.”
Exposure to unwanted software can derail its performance and hog its storage within a few months of usage. In technical terms, such pieces of software are referred to as bloatware. Bloatware has the potential to attack PCs with Microsoft systems and Android devices. It can also attack Apple iPhones and Macs although their systems tend to be built with a bit more protection.
This article defines bloatware, offers common examples, explains how to identify it, and discusses its impact on your computer’s security.
Bloatware, also called Junkware or Potentially Unwanted Programs (PUP), are third-party programs that slow down the performance of your device and lay it bare to cybersecurity risks.
Manufacturers initially introduced bloatware to provide users with more utility, but the programs led to device issues. Software programs that identify as bloatware run in the background, and locating them is not child’s play.
Bloatware finds its way into your device in two ways: it comes pre-installed or through programs downloaded from the internet. Lenovo‘s Superfish bloatware scandal from 2015 explains how bloatware can harm your devices.
Common examples of bloatware apps include:
As a piece of good advice, it is best to uninstall such apps when of no use — whether on your Android smartphone, Windows computer, or an iOS device.
Performance degradation is a common symptom of a device carrying bloatware. Extended boot-up times, clogged storage, and startup delays are common occurrences. Let’s review some programs that may also be bloatware:
Here’s how to identify bloatware:
As mentioned, not all bloatware is a threat to your device. Some may be useful and can be removed easily. But a major chunk of bloatware is known to slow down your computer.
Bloatware eats up a good chunk of the disk space or hard drive as it runs in the background, and it drains the battery life. Bloatware that isn’t removed quickly may clog your device with annoying ads. These ads can pose a security threat or even corrupt your operating system.
Sadly, it can be a challenge to uninstall bloatware because it finds its way back into the device — sometimes even after it has been deleted. In some cases, it may even redirect you to fake bloatware removal websites and offer malicious removal tools. Such websites ask you to install a new program to remove the previous one, trapping your device further. Unfortunately, there are no secret hacks to stop it from finding a way into your system.
Pro tip: Anytime you download a program or software, be sure it’s from an official source (like a secured website, the Google Play Store, or the Apple App Store). Installing a program from a suspicious website can put your device at risk, as the program can download bundles of other programs on the back end without your knowledge.
Windows 10 comes with a special refresh tool to remove any bloatware disguised as user-installed programs. This tool can bring your PC back to a clean slate. It’s important to check your hard drive beforehand, as it can also remove licenses.
Bloatware can be both harmful and annoying. New devices need full-fledged protection so they can last longer. The answer to your bloatware woes is an antivirus program. It safeguards your computer from dangerous security threats and prevents accidental downloads, so malicious bloatware or malware can’t access your device.
Bloatware can compromise your online safety and security. McAfee+’s protection package is the ideal investment for your new device, so you can work without any hassles or doubts.
McAfee+ enables a top-tier level of online security with full protection from pesky software programs like bloatware. Additionally, you get access to antivirus software for unlimited devices, lost wallet protection, a secure VPN, personal data clean-ups, and more. Sign up for McAfee + and rest easy while your devices remain bloatware-free.
The post What Is Bloatware and How Can It Impact Security? appeared first on McAfee Blog.
Until recently, people had little control over how companies used their online data. But, with data privacy now a human right, people are pickier about who can access their data and how they use it.
Every time you visit a website by typing its address on the address bar, your browser history holds a record of information like the name of the site, its location, and when you visited it. Unfortunately, third parties can access this data, leaving you vulnerable to identity theft and data misuse. Simply deleting your Internet Explorer browser history is not enough to safeguard your data.
This article explains how to keep your internet activities private and delete your web browser history for good.
Most people don’t know that clearing your browsing history doesn’t actually delete it.
Even after you’ve clicked on the “clear browsing history” option in your selected browser, there’s still a record of every Google search from the beginning of time. This information can be accessed by third parties like your internet service provider, the websites you visit, and advertisers. So, clearing your browsing history is not enough to safeguard your data.
While clearing your browser history has benefits like better application efficiency, you should invest in useful online tools like McAfee’s identity theft protection and you better protect your data online. to help you truly protect your data online. to help you truly protect your data online.
Before diving into how to clear your browser history, let’s talk about why you should give importance to deleting your data for good.
Just like you have to clear out the dust from your vacuum cleaner to continue cleaning, you should clear the data on your browser so it remains speedy and efficient.
Your browsing history records are cluttered with cache files, cookies, search history, and autofill data. All this digital clutter fills up your Random Access Memory (or RAM), slowing your PC, Apple iOS device, or Android device’s functioning.
You might see pop-ups on websites telling you that they use cookies. Without giving it much thought, you might click the “OK” or “Accept cookies” button and continue browsing the site. But do you know how these cookies are used?
Cookies are temporary internet files that store browsing data and preferences to make your future online experiences easier. For example, this helps you personalize your search results to an extent. The cache stores parts of pages, websites, or images you visit, enabling the pages to load faster the next time you open them.
These types of files sound like they help you have a better internet experience, so why should you delete them?
Here are some reasons to clear your browsing history, cache, and cookies:
However, simply clearing cache and cookies is not enough. This method will clear space on your device and erase some references, but the data is still saved on your device as free space. You should use tools to permanently delete your browsing data from the hard drive because:
So, it’s crucial to properly wipe your data if you’re serious about protecting your privacy online.
Many people switch to incognito mode when making an embarrassing Google search because it seemingly leaves no trace of the search on your device. But, does useing incognito mode or a private browsing window protect your data and ensure your privacy & security?
When you use incognito or private browsing mode, the tracking cookies on the websites you visit are blocked by default, and your cookie data and search history are deleted from the browser as soon as you close the window. Essentially, it auto-deletes your browser history as soon as you close the window.
However, your browser actions are still visible to the websites you have visited and your internet service provider (ISP). In addition, data from your browsing activity is saved to any accounts you’re logged into (like your Google account), even when using incognito mode.
Your internet service provider and other third parties have easy access to your browser activity irrespective of whether you’re in private browsing mode. This means using incognito mode is not enough to protect your online privacy.
If you’re worried about what someone might see on your laptop or you notice your applications slowing down, we’re here to help. We’ll show you how to quickly clear your device’s browser history from some commonly used internet options.
There’s no fixed or recommended time for deleting your browsing history, cache, and cookies. It’s all relative to your system’s storage space and personal preferences. Refer to this step-by-step guide whenever you feel like it’s time to clear junk from your browsers.
To delete your browser history on Google Chrome:
Some of your settings might be deleted when clearing your browser history. For example, you might have to re-sign into your accounts.
If you want to delete cookies and cache for a specific site, you can learn how to change more cookie settings in Chrome.
To delete your browsing, search, and download history on Mozilla Firefox, follow these steps:
Now, you have quickly deleted your browser history on Mozilla Firefox.
To clear your Microsoft Edge browsing data from just the device you are currently using, turn off sync before clearing the data. The selected data will be deleted across all of your synced devices if sync is turned on.
Follow these steps to turn off sync:
To clear browsing data on Microsoft Edge:
This is how to clear your browsing data on Microsoft Edge in a few simple steps.
Here are simple steps to clear browser cache and cookies on Safari 8.0 through 10.0. These steps apply to your Apple laptop running macOS, but an iPad or iPhone might have slightly different steps.
That’s all! You’ve now deleted your browser history on Safari.
To clear cache and browser history in Opera:
There you have it! It’s simple and free to erase your browser history, cache, and cookies, and you should regularly do so.
Now you know how to delete your browser history to keep your device running smoothly and limit how much data advertisers and companies can collect about you.
However, you may be concerned about the identity traces still being captured without your knowledge.
If you’re serious about maintaining complete privacy with your online data, invest in advanced tools to safeguard your online information and prevent identity theft.
McAfee helps keep your digital data private and protected from identity theft. Access various tools to safeguard your online spaces by investing in the McAfee privacy and protection service. This service includes antivirus software for unlimited devices, complete data cleanup from your hard drive and browser, and much more. In addition, this product comes with a 30-day money-back guarantee.
Easily keep your digital spaces safe and your online data private with McAfee+.
The post The Expert’s Guide to Deleting Your Browser History for Good appeared first on McAfee Blog.
It’s hard to imagine a world without cellphones. Whether it be a smartphone or a flip phone, these devices have truly shaped the late 20th century and will continue to do so for the foreseeable future. But while users have become accustomed to having almost everything they could ever want at fingertips length, cybercriminals were busy setting up shop. To trick unsuspecting users, cybercriminals have set up crafty mobile threats – some that users may not even be fully aware of. These sneaky cyberthreats include SMSishing, fake networks, malicious apps, and grayware, which have all grown in sophistication over time. This means users need to be equipped with the know-how to navigate the choppy waters that come with these smartphone-related cyberthreats. Let’s get started.
If you use email, then you are probably familiar with what phishing is. And while phishing is commonly executed through email and malicious links, there is a form of phishing that specifically targets mobile devices called SMSishing. This growing threat allows cybercriminals to utilize messaging apps to send unsuspecting users a SMSishing message. These messages serve one purpose – to obtain personal information, such as logins and financial information. With that information, cybercriminals could impersonate the user to access banking records or steal their identity.
While this threat was once a rarity, it’s rise in popularity is two-fold. The first aspect being that users have been educated to distrust email messages and the second being the rise in mobile phone usage throughout the world. Although this threat shows no sign of slowing down, there are ways to avoid a cybercriminal’s SMSishing hooks. Get started with these tips:
Public and free Wi-Fi is practically everywhere nowadays, with some destinations even having city-wide Wi-Fi set up. But that Wi-Fi users are connecting their mobile device to may not be the most secure, given cybercriminals can exploit weaknesses in these networks to intercept messages, login credentials, or other personal information. Beyond exploiting weaknesses, some cybercriminals take it a step further and create fake networks with generic names that trick unsuspecting users into connecting their devices. These networks are called “evil-twin” networks. For help in spotting these imposters, there are few tricks the savvy user can deploy to prevent an evil twin network from wreaking havoc on their mobile device:
Fake apps have become a rampant problem for Android and iPhone users alike. This is mainly in part due to malicious apps hiding in plain sight on legitimate sources, such as the Google Play Store and Apple’s App Store. After users download a faulty app, cybercriminals deploy malware that operates in the background of mobile devices which makes it difficult for users to realize anything is wrong. And while users think they’ve just downloaded another run-of-the-mill app, the malware is hard at work obtaining personal data.
In order to keep sensitive information out of the hands of cybercriminals, here are a few things users can look for when they need to determine whether an app is fact or fiction:
With so many types of malware out in the world, it’s hard to keep track of them all. But there is one in particular that mobile device users need to be keenly aware of called grayware. As a coverall term for software or code that sits between normal and malicious, grayware comes in many forms, such as adware, spyware or madware. While adware and spyware can sometimes operate simultaneously on infected computers, madware — or adware on mobile devices — infiltrates smartphones by hiding within rogue apps. Once a mobile device is infected with madware from a malicious app, ads can infiltrate almost every aspect on a user’s phone. Madware isn’t just annoying; it also is a security and privacy risk, as some threats will try to obtain users’ data. To avoid the annoyance, as well as the cybersecurity risks of grayware, users can prepare their devices with these cautionary steps:
The post Cybercrime’s Most Wanted: Four Mobile Threats that Might Surprise You appeared first on McAfee Blog.
Happy Cybersecurity Awareness Month!
Every October, the National Cybersecurity Alliance selects a theme around which to publish extensive awareness resources and practical tips to help you improve your cybersecurity.1 This year’s theme is “It’s easy to stay safe online.” With the number of cyberthreats and breaches dominating the headlines, it can seem like a Herculean task to cover all your bases; however, with just four easy habits, you can actually protect yourself against a large percentage of these threats!
Don’t be scared of hackers, phishers, or cybercriminals this month. Leave that to the ghosts, ghouls, and your upcoming holiday social calendar.
Multifactor authentication (MFA) is an excellent way to frustrate cybercriminals attempting to break into your online accounts. MFA means that you need more than a username and password to log in, such as a one-time code sent to by email, text, or through an authentication app or a face or fingerprint scan. This adds an extra layer of security, because a thief would have to have access to your device, your email, or be able to trick a biometric reader to get into your online account.
Most online sites offer the option to turn on MFA. While it may add an extra few seconds to the login process, it’s well worth it. Username and password combinations can be up for sale on the dark web following a breach. With these in hand, a cybercriminal could then help themselves to your online bank account, online medical records, and possibly your identity. When an account is secured with MFA, a criminal may quickly move on to another target that’s easier to crack.
Most sites won’t even let you proceed with creating an account if you don’t have a strong enough password. A strong password is one with a mix of capital and lowercase letters, numbers, and special characters. What also makes for an excellent password is one that’s unique. Reusing passwords can be just as risky as using “password123” or your pet’s name plus your birthday as a password. A reused password can put all your online accounts at risk, due to a practice called credential stuffing. Credential stuffing is a tactic where a cybercriminal attempts to input a stolen username and password combination in dozens of random websites and to see which doors it opens.
Remembering a different password for each of your online accounts is almost an impossible task. Luckily, password managers make it so you only have to remember one password ever again! Password managers, like the one available in McAfee+. safeguard all your passwords in one secure desktop extension or cellphone app that you can use anywhere. McAfee+ is secured with one of the most secure encryption algorithms available, and multifactor authentication is always standard.
It’s best to create passwords or passphrases that have a secret meaning that only you know. Stay away from using significant dates, names, or places, because those are easier to guess. You can also leave it up to your password manager to randomly generate a password for you. The resulting unintelligible jumble of numbers, letters, and symbols is virtually impossible for anyone to guess.
Software update notifications always seem ping on the outskirts of your desktop and mobile device at the most inconvenient times. What’s more inconvenient though is having your device hacked. Another easy tip to improve your cybersecurity is to update your device software whenever upgrades are available. Most software updates include security patches that smart teams have created to foil cybercriminals. The more outdated your apps or operating system is, the more time criminals have had to work out ways to infiltrate them.
Consider enabling automatic updates on all your devices. Many major updates occur in the early hours of the morning, meaning that you’ll never know your devices were offline. You’ll just wake up to new, secure software!
You’ve likely already experienced a phishing attempt, whether you were aware of it or not. Phishing is a common tactic used to eke personal details from unsuspecting or trusting people. Phishers often initiate contact through texts, emails, or social media direct messages, and they aim to get enough information to hack into your online accounts or to impersonate you.
Luckily, it’s usually easy to identify a phisher. Here are a few tell-tale signs for be on the lookout for:
Never engage with a phishing attempt. Do not forward the message or respond to them and never click on any links included in their message. The links could direct to malicious sites that could infect your device with malware or spyware.
Before you delete the message, block the sender, mark the message as junk, and report the phisher. Reporting can go a long way toward hopefully preventing the phisher from targeting someone else.
The best complement to your newfound excellent cyberhabits is a toolbelt of excellent services to patch any holes in your defense. McAfee+ includes all the services you need to boost your peace of mind about your online identity and privacy. You can surf public Wi-Fis safely with its secure VPN, protect your device with antivirus software, scan risky sites for your personally identifiable information, and more!
This October, make a commitment to improving your cybersecurity with the guidance of the National Cybersecurity Alliance and McAfee.
1National Cybersecurity Alliance, “Cybersecurity Awareness Month”
The post 4 Easy Things You Can Do Today to Improve Your Cybersecurity appeared first on McAfee Blog.
Internet security is a broad term that refers to a wide range of tactics that aim to protect activities conducted over the internet. Implementing internet security measures helps protect users from different online threats like types of malware, phishing attacks, scams, and even unauthorized access by hackers.
In this article, we highlight the importance of internet security in safeguarding your computer network and outline what you can do to have a comprehensive computer security system in place.
As the internet expands and becomes an even bigger part of our lives, cyberthreats continue to grow both in scope and sophistication. According to Forbes, data breaches and cyberattacks saw an increase of 15.1% in 2021 compared to the previous year. These security threats come in different forms and vary in terms of complexity and detectability.
Some common online threats people face today include:
While these internet security threats may seem overwhelming at first glance, safeguarding your computer or mobile devices from them is relatively easy. Below is a detailed look at some security solutions available to you.
As we stated above, setting up an internet security system is a relatively straightforward process. Here are some basic network security measures you can implement right away.
The first step in making sure you have internet security is installing antivirus software. These programs are designed to prevent, search for, detect, and get rid of viruses and other types of malicious software.
Antivirus software can run automatic scans to make sure no network or data breach has occurred and scan specific files or directories for any malicious activity or patterns.
There are plenty of options to choose from when it comes to antivirus software, however, few programs offer the comprehensive level of protection the antivirus software included in McAfee® Total Protection provides to its users.
McAfee’s antivirus software comes with a wide selection of features, including malware detection, quarantine, and removal, different options for scanning files and applications, and an advanced firewall for home network security.
While this may sound obvious, it’s important to create strong and unique passwords for all your online accounts and devices. A significant percentage of data breaches occur as a result of simple password guessing.
Some tips to follow when creating a password include:
It can also be a good idea to use a password manager, as this will help reduce the risk of your passwords getting leaked or lost. McAfee’s password manager, is particularly convenient thanks to its advanced encryption and multi-factor authentication.
A firewall is a network security system built into your operating system. It monitors incoming and outgoing network traffic to prevent unauthorized access to your network. For it to be able to identify and block these threats, you’ll want to make sure your firewall is enabled on your device. If you’re unsure if your device comes with a firewall, you can benefit from one included in McAfee Total Protection.
Multi-factor authentication (MFA) is an authentication method that requires at least two pieces of evidence before granting access to an app or website. Using this method as much as possible can add another layer of security to your applications and reduce the likelihood of a data breach.
Your choice of browser is an important part of implementing internet security measures. In fact, web browsers vary widely in terms of the security features that they offer, with some offering just the basics and others providing a more complete range of features. Ideally, you should opt for a web browser that offers the following security features:
As children grow older, their internet use becomes more extensive. This can also increase their exposure to various security threats. To keep them safe online, educate them about the risks associated with web browsing and introduce them to some of the best practices for avoiding online threats like not sharing passwords.
Explain which information should be shared and which information should be kept private and instruct them to never click on links from unknown sources.
You should also take a more active approach to protect your children by setting parental controls on certain websites. For instance, you can use YouTube’s parental controls to filter any inappropriate content and keep a child-friendly interface.
The following tips can help you stay on the safe side in regard to internet security.
While malware attacks are common, their prevalence shouldn’t deter you from browsing the internet as usual. Adhering to the internet security best practices outlined in this article can help keep you safe from the majority of security threats that you might encounter online.
For added security, consider using an all-in-one antivirus solution like McAfee+. This is one of the most effective ways to safeguard your devices from online threats.
Let McAfee handle your security while you focus on enjoying the web.
The post What Is Internet Security? appeared first on McAfee Blog.
Malicious software, or “malware,” refers to any program designed to infect and disrupt computer systems and networks. The risks associated with a malware infection can range from poor device performance to stolen data.
However, thanks to their closed ecosystem, built-in security features, and strict policies on third-party apps, Apple devices tend to be less prone to malware infections compared to their Android counterparts. But it’s important to note that they’re not completely without vulnerabilities.
Several iPhone viruses could infect your smartphone and affect its functionality, especially if you jailbreak your iPhone (that is, opening your iOS to wider features, apps, and themes).
This article covers how you can detect malware infections and how to remove viruses from your device so you can get back to enjoying the digital world.
Malware can affect your iPhone in a variety of ways. Here are a few telltale signs that your iPhone might have an unwelcome visitor.
If you notice any of the signs above, it’s a good idea to check for malware. Here are some steps you can take.
If you’ve confirmed malware on your iPhone, don’t worry. There’s still time to protect yourself and your data. Below is an action plan you can follow to remove malware from your device.
In many cases, hackers exploit outdated versions of iOS to launch malware attacks. If you don’t have the latest version of your operating system, it’s a good idea to update iOS to close this potential vulnerability. Just follow these steps:
It might sound simple, but restarting your device can fix certain issues. The system will restart on its own when updating the iOS. If you already have the latest version, restart your iPhone now.
If updating the iOS and restarting your device didn’t fix the issue, try clearing your phone’s browsing history and data. If you’re using Safari, follow these steps:
Keep in mind that the process is similar for Google Chrome and most other popular web browsers.
Malicious software, such as spyware and ransomware, often end up on phones by masquerading as legitimate apps. To err on the side of caution, delete any apps that you don’t remember downloading or installing.
The option to restore to a previous backup is one of the most valuable features found on the iPhone and iPad. Essentially, this allows you to restore your device to an iCloud backup made before the malware infection.
Here’s how:
If none of the steps above solves the problem, a factory reset might be the next order of business. Restoring your phone to factory settings will reset it to its out-of-factory configuration, deleting all of your apps, content, and settings in the process and replacing them with original software only.
To factory reset your iPhone, follow these steps:
The best way to protect your iOS device is to avoid malware in the first place. Follow these security measures to safeguard your device:
If you have an iPhone and are like most other people, you probably use your device for almost everything you do online. And while it’s amazing to have the internet in the palm of your hands, it’s also important to be aware of online threats like malware, which can put your digital life at risk.
The good news is that McAfee has your back with our award-winning and full-scale mobile security app. McAfee Mobile Security provides full protection against various types of malware targeting the Apple ecosystem. With safe browsing features, a secure VPN, and antivirus software, McAfee Security for iOS delivers protection against emerging threats, so you can continue to use your iPhone with peace of mind.
Download the McAfee Security app today and get all-in-one protection.
The post A Guide to Remove Malware From Your iPhone appeared first on McAfee Blog.
With “See Yourself in Cyber” as the theme for this year’s Cybersecurity Awareness Month, the focus is on you with a look at several quick ways you can quickly get safer online.
Now in its 21st year, Cybersecurity Awareness Month marks a long-standing collaboration between the U.S. government and private industry. It’s aim, empower people to protect themselves from digital forms of crime. And that stands as a good reminder. Phishing attacks, malware, and the other threats we regularly talk about in our blog are indeed forms of crime. And where there’s crime, there’s a person behind it.
It can be easy to lose sight of that, particularly as the crook on the other end of the attack is hiding behind a computer. Cybercrime can feel anonymous that way, yet it’s anything but. Whether a single bad actor or as part of a large crime organization, people power cybercrime.
Yet just as you secure your home to prevent yourself from becoming a victim of a criminal, you can also secure your digital life to prevent yourself from becoming a victim of cybercriminal.
You have plenty of places where you can start, and they’re all good ones. Even a handful of the simplest measures can significantly decrease your risk. Better yet, several take far less time to put into place than you might think, while yet more work automatically once you implement them—making them a sort of “set it and forget it” security measure.
With that, this five-step list can get you going:
Strong, unique passwords offer another primary line of defense. Yet with all the accounts we have floating around, juggling dozens of strong and unique passwords can feel like a task—thus the temptation to use (and re-use) simpler passwords. Hackers love this because one password can be the key to several accounts. Instead, try a password manager that can create those passwords for you and safely store them as well. Comprehensive security software will include one, and McAfee also offers a free service with True Key.
Updates do all kinds of great things for gaming, streaming, and chatting apps, like add more features and functionality over time. Updates do something else—they make those apps more secure. Hackers will hammer away at apps to find or create vulnerabilities, which can steal personal info or compromise the device itself. Updates will often include security improvements, in addition to performance improvements.
For your computers and laptops:
For your smartphones:
For your smartphone apps:
Often overlooked is the humble browser. Yet if you think about it, the browser is one of the apps we use most often. Particularly on our desktops. It takes us shopping, to shows, the bank, and even work. Hackers realize that, which is why they love targeting browsers. Whether it’s through vulnerabilities in the code that runs the browser, injecting malicious code into a browser session, or any one of several other attack vectors, hackers will try to find a way to compromise computers via the browser.
One of the best ways to keep your browser safe is to keep it updated. By updating your browser, you’ll get the latest in features and functionality in addition to security fixes that can prevent attacks from hackers. It’s a straightforward process, and this article will show you can set your browser to automatically update.
Whether they come by way of an email, text, direct message, or as bogus ads on social media and in search, phishing attacks remain popular with cybercriminals. Across their various forms, the intent remains the same—to steal personal or account information by posing as a well-known company, organization, or even someone the victim knows. And depending on the information that gets stolen, it can result in a drained bank account, a hijacked social media profile, or any number of different identity crimes. What makes some phishing attacks so effective is how some hackers can make the phishing emails and sites they use look like the real thing, so learning how to spot phishing attacks has become a valuable skill nowadays. Additionally, comprehensive online protection software will include web protection that can spot bogus links and sites and warn you away from them, even if they look legit.
Some signs of a phishing attack include:
Email addresses that slightly alter the address of a trusted brand name so it looks close at first glance.
Again, this can take a sharp eye to spot. When you get emails like these, take a moment to scrutinize them and certainly don’t click on any links.
Another way you can fight back against crooks who phish is to report them. Check out ReportFraud.ftc.gov, which shares reports of phishing and other fraud with law enforcement. Taken together with other reports, your information can aid an investigation and help bring charges on a cybercriminal or an organized ring.
Chances are you’re using multi-factor authentication (MFA) on a few of your accounts already, like with your bank or financial institutions. MFA provides an additional layer of protection that makes it much more difficult for a hacker or bad actor to compromise your accounts even if they know your password and username. It’s quite common nowadays, where an online account will ask you to use an email or a text to your smartphone to as part of your logon process. If you have MFA as an option when logging into your accounts, strongly consider using it.
This list can get you started, and you can take even more steps now that you’re rolling. Keep dropping by our blog for more ways you can make yourself safer, such as on social media, your smartphone, in app stores, and more. Visit us any time!
The post See Yourself in Cyber – Five Quick Ways You Can Quickly Get Safer Online appeared first on McAfee Blog.
How do hackers hack phones? Several ways. Just as there are several ways you can prevent it from happening to you.
The thing is that our phones are like little treasure chests. They’re loaded with plenty of personal data, and we use them to shop, bank, and take care of other personal and financial matters—all of which are of high value to identity thieves.
However, you can protect yourself and your phone by knowing what to look out for and by taking a few simple steps. Let’s break it down by first taking a look at some of the more common attacks.
Whether hackers sneak it onto your phone by physically accessing your phone or by tricking you into installing it via a phony app, a sketchy website, or a phishing attack, hacking software can create problems for you in a couple of ways:
Some possible signs of hacking software on your phone include:
In all, hacking software can eat up system resources, create conflicts with other apps, and use your data or internet connection to pass along your personal information into the hands of hackers—all of which can lead to some of the symptoms listed above.
These are a classic form of attack. In fact, hackers have leveled them at our computers for years now too. Phishing is where hackers impersonate a company or trusted individual to get access to your accounts or personal info or both. And these attacks take many forms, like emails, texts, instant messages, and so forth, some of which can look really legitimate. Common to them are links to bogus sites that attempt to trick you into handing over that info or that install malware to wreak havoc on your device or likewise steal information. Learning how to spot a phishing attack is one way to keep yourself from falling victim to one.
Professional hackers can use dedicated technologies that search for vulnerable mobile devices with an open Bluetooth connection. Hackers can pull off these attacks when they are range of your phone, up to 30 feet away, usually in a populated area. When hackers make a Bluetooth connection to your phone, they can possibly access your data and info, yet that data and info must be downloaded while the phone is within range. As you probably gathered, this is a more sophisticated attack given the effort and technology involved.
In August of 2019, the CEO of Twitter had his SIM card hacked by SIM card swapping scam. SIM card swapping occurs when a hacker contacts your phone provider, pretends to be you, and then asks for a replacement SIM card. Once the provider sends the new SIM to the hacker, the old SIM card will be deactivated, and your phone number will be effectively stolen. This means the hacker has taken control of your phone calls, messages, and so forth. This method of hacking requires the seemingly not-so-easy task of impersonating someone else, yet clearly, it happened to the CEO of a major tech company. Protecting your personal info and identity online can help prevent hackers from impersonating you to pull off this and other crimes.
While there are several ways a hacker can get into your phone and steal personal and critical information, here are a few tips to keep that from happening:
The post How Do Hackers Hack Phones and How Can I Prevent It? appeared first on McAfee Blog.
McAfee’s Secure VPN now supports the WireGuard protocol, which gives you faster connection speeds plus enhanced stability and security.
WireGuard is the latest standard in Virtual Private Network (VPN) technology, and we’re rolling it out across McAfee Secure VPN for Windows which is included in our comprehensive online protection plans. And just as before, it offers smart protection that can be set to automatically turn on when you need it, so you can stay more private and more secure online.
If you’re new to using a VPN, let’s take a quick look at two of the big things a VPN can do for you.
The bank-grade encryption used by a strong VPN shields your data and information while it’s in transit, which makes it difficult for hackers to spy on your connection. (Think of your data and information traveling through a tunnel that no one else can use or see into.) In that way, a VPN makes all kinds of online activities more secure—like banking, shopping, and checking up on your finances, even using your apps.
By masking your whereabouts and your IP address, along with encryption that helps keep your activities private, a VPN reduces the personal information that others can collect and track. That includes internet service providers, social media companies, businesses, app developers, websites, and others who gather your data for marketing purposes or for resale to third parties.
A quick word about what WireGuard is in slightly more detail. It’s a VPN protocol, which is a series of technical rules that govern how your device can securely reach the VPN servers, validate your access to the requests you make online, and encrypt your browsing traffic so that only you can see what you are doing over the internet. WireGuard is one of several protocols that we support, such as the OpenVPN and IKEv2 protocols. While WireGuard improves upon OpenVPN and IKEv2 in many ways, both are still secure and safe ways in which a VPN can connect.
Now with the latest WireGuard standard in place, our VPN for Windows that comes with all our all-in-one plans offers faster speeds and improved stability compared to what previous standards offered. This gives you the security of a VPN with similar performance as if you were on a fully open connection—along with the added benefit of keeping your browsing and other activities private.
Taken together, the improved speed and stability give privacy-conscious people a further reason to use a VPN more often than before. Because a VPN can minimize the exposure of data as it transmits to and from your devices, companies and data brokers can potentially learn far less about you, your shopping, your travels, your habits, and any other information that they could possibly collect and otherwise profit from. The more often you use a VPN, the less they can potentially gather.
For more about VPNs and how ours can keep you more private and secure online, give us a visit here any time.
The post McAfee Secure VPN: Now with WireGuard for Faster Speeds and Enhanced Stability appeared first on McAfee Blog.
Optus, one of Australia’s largest telecommunications carriers, reported news of a data breach that may have compromised the information of current and former customers.
As of this writing, the company has not stated how many customers may have been affected, citing their ongoing investigation in conjunction with law enforcement and Australian government officials
According to Optus, the breach may have included the following:
“Information which may have been exposed includes customers’ names, dates of birth, phone numbers, email addresses, and, for a subset of customers, addresses, ID document numbers such as driver’s license or passport numbers. Payment detail and account passwords have not been compromised.”
Optus is currently notifying customers who may have been affected by this breach with SMS and email messages. However, the company makes an important distinction here:
“We are not sending links in SMS or emails. If customers receive an email or SMS with a link claiming to be from Optus, they are advised that this is not a communication from Optus. Please do not click on any links.”
Often in the wake of such breaches, cybercriminals will send out phony communications that use the name of the company affected. These can include phishing attacks over email and SMS that solicit personal and account information or other tactics that attempt to capitalize on the announced breach.
Optus continues to keep its customers up to date on the latest developments on its website, which includes a comprehensive FAQ that details what happened, what steps are being taken, and what customers can do in the wake of this announcement.
Any time a data breach occurs, your exposed personal information may be used by those trying to commit identity fraud or theft. Different pieces of personal information can be more useful to them than others.
Some information is directly useful, such as a driver’s license or credit card information because they identify you right away. Others are indirectly helpful, like device IDs, browsing history, geolocation information, and internet protocol addresses. While they don’t identify you on their own, a cybercriminal could piece together your identity if they have enough indirect information about you.
In light of this, there are a few steps you can take to protect yourself in the aftermath of a data breach, which involve a combination of preventative steps and some monitoring on your part.
If you become the victim of fraud or theft after a data breach, a licensed recovery pro can help you restore your credit and identity. If you’ve ever dealt with fraud or theft before, or know someone who has, recovery can be a time-consuming and stressful process if you undertake it alone. With McAfee+ Advanced, you have around-the-clock support from a restoration expert with limited power of attorney who can take the steps that can help restore your credit and identity.
Working with an expert can lend you extra peace of mind, particularly in a time where there’s plenty of uncertainty. First, you’ll know that a professional is working on your case—a person who knows exactly where to start and what needs to happen for the best possible outcome. Second, you’ll get precious time back, time you’d otherwise have to spend if you took on the process yourself.
As mentioned above, with some personal information in hand, cybercriminals may seek out more. They may follow up a breach with rounds of phishing attacks that direct you to bogus sites designed to steal your personal information—either by tricking you into providing it or by stealing it without your knowledge. So, it’s always wise to keep a skeptical eye open for unsolicited messages or phone calls that ask you for information in some form or other, often in ways that urge or pressure you into acting.
An identity monitoring service can monitor your information from email addresses to IDs and phone numbers for signs of breaches so you can take action to secure your accounts before they’re used for identity theft. Personal information harvested from data breaches can end up on dark web marketplaces where it’s bought by other cyber criminals so they can launch their own attacks. McAfee monitors the dark web for your personal info and provides early alerts if your data is found, an average of 10 months ahead of similar services. We also provide guidance to help you act if your information is found.
While it does not appear that login information was affected, a password update is still a strong security move. Strong and unique passwords are best, which means never reusing your passwords across different sites and platforms. Using a password manager will help you keep on top of it all, while also storing your passwords securely. Moreover, changing your passwords regularly may make a stolen password worthless because it’s out of date.
While a strong and unique password is a good first line of defense, enabling two-factor authentication across your accounts will help your cause by providing an added layer of security. It’s increasingly common to see nowadays where banks and all manner of online services will only allow access to your accounts after you’ve provided a one-time passcode sent to your email or smartphone. If your accounts support two-factor authentication, enable it.
Mentioned earlier, information stolen in a data breach may indirectly identify you. Yet when pieced together with other information, it can then directly identify you. One way cybercriminals complete this identity picture puzzle is with information provided by data brokers that buy and sell personal information online. However, you can take some control over this. Our Personal Data Cleanup service scans high-risk data broker sites for your personal information and then helps you remove it—which denies cybercriminals the information they may need to commit identity theft.
When personal information gets released, there’s a chance that a hacker, scammer, or thief will put it to use. This may include committing fraud, where they draw funds from existing accounts, and theft, where they create new accounts in a victim’s name.
Even though it’s believed that no payment information was involved in this breach, customers should still take steps to monitor their statements and their overall credit report so that they can spot and address any unusual activity. Optus has announced that it will offer affected customers 12 months of credit and identity monitoring through Equifax, one of the major global credit agencies, at no cost.
Another step that customers can take is to place a credit freeze on their credit reports with the major credit agencies in Australia— Equifax, illion, and Experian. This will help prevent cybercriminals from opening new lines of credit or taking out loans in a victim’s name by “freezing” their credit report so that potential creditors cannot pull it for reference. Terms of freezing a credit report will vary, so check with each agency for details.
A complete suite of online protection software can offer layers of extra security for future protection. In addition to more private and secure time online with a VPN, identity monitoring, and password management, protection like McAfee+ Advanced includes web browser protection that can block malicious and suspicious links that could lead you down the road to malware or a phishing scam—which antivirus protection can’t do alone.
Per Optus, a subset of those affected may have had their driver’s license and/or passport ID number affected by the breach. Given that license and passport ID numbers are such unique pieces of personally identifiable information, anyone notified by Optus that theirs may have been affected should strongly consider changing them.
The process for replacing either document will vary depending on your state or territory. Given the scope of the attack, some states and territories have proposed making exceptions to the rules for attack victims. As of this writing, that picture continues to evolve, so look to your local government for guidance.
Not all data breaches make the news. Businesses and organizations, large and small, have all fallen victim to them, and with regularity. The measures you can take here are measures you can take even if you don’t believe you were caught up in the Optus breach. As you can see, several of them are preventative, which is important because word of data breaches tend to reach customers days, weeks, or even months after they’ve been discovered—leaving cybercriminals plenty of opportunity to commit all kinds of identity crime in the meantime.
In this case, the breach certainly made the news due to its apparent size and scale. And as Optus works with law enforcement and government officials, more details into the attack and who has been affected will arise.
However, you have every reason to act now rather than wait for additional news. Staying on top of our credit and identity has always been important, but given all the devices, apps, and accounts we keep these days leaves us more exposed than ever, making protecting ourselves a must.
The post The Optus Data Breach – Steps You Can Take to Protect Yourself appeared first on McAfee Blog.
Are you hoping to buy a house or apply for a car, personal, or business loan at some point? A great credit score helps to achieve all those things. You never know the twists and turns life might take you, so even if these financial milestones aren’t on your radar now, it’s nice to know that a great credit score will open many doors for you when you’re ready. The better your credit score, the more likely you are to get the loan you want at the best interest rate. People spend years (even decades!) working to improve their credit scores to unlock numerous opportunities. In the blink of an eye though, a credit fraudster can erase all that hard work and inflict long-term credit damage. It can cost huge sums to repair and take years to correct.
Many people feel lost on how to prevent these problems or what to do if they suspect identity theft. Luckily, new McAfee services called credit lock and security freeze, which includes credit freeze, are great tools to add to your credit protection toolbelt. They’ll help protect your most personal information from thieves, and both services will help give you the peace of mind you need to confidently go about your day.
Keep reading to learn more about McAfee’s credit lock and security freeze and find out how you can use them to help you from the negative consequences of identity theft.
Credit fraud is a type of identity theft where a criminal uses your information to borrow money, open a new credit or debit card, or uses your card to make purchases that they never intend to pay off. Then, when the loan defaults and the bills stack up, the victim is often left with their credit score in shambles.
According to the FTC, credit fraud is the most common type of identity theft in 2020 and 2021, receiving nearly 18,000 reports from people saying that someone used their information to gain illegal access to their credit card accounts.1
To make sure we’re all on the same page, here are quick definitions of McAfee’s credit lock and security freeze services.
A credit lock and a credit freeze both stop companies from accessing your credit information without your consent when an application for a loan or credit card is submitted. The main difference lies in their speed and credit bureau coverage. By toggling a switch in the McAfee Protection Center, turning on a credit lock is almost instantaneous. A credit freeze can take up to a day to enable or remove; however, it may offer stronger financial loss protection in most U.S. states if an unauthorized line of credit goes through while all three credit bureaus are frozen. Also, McAfee’s credit lock stops one credit bureau from accessing your account, while a credit freeze enables you to halt all three.
Just make sure that you unlock and unfreeze your credit before you do the following:
These are all situations where a bank or creditor will need to access your credit files. Luckily, with significant purchases and financing opportunities like these, you usually plan ahead, so you should have plenty to time to enable access to your credit. To unlock your credit, just click the credit lock toggle. To unlock a freeze, use the same provided links, sign into your account, and follow the instructions from there.
To further help you decide which service may be best for your needs, here are the situations where credit lock and credit freeze would be most helpful.
McAfee credit lock lets you simply toggle on and off one credit bureau’s ability to access your credit report. Usually, filing a lock on your credit with a bureau requires filling out forms and remembering a PIN to apply or remove a lock. Not with McAfee’s credit lock! You can turn a lock on and off at will through the McAfee Protection Center.
Convenience and blazing speed are ideal in situations where you’re worried that a criminal has your personal information and may use it to open accounts in your name that could then damage your well-earned great credit. Some people may choose to always have the credit lock enabled and only unlock it when they’re applying for a credit card or loan. That way, they can feel better about the safety of their credit score.
Credit freeze provides protection and peace of mind just like credit lock; however it enables you to freeze your account at all three major credit bureaus. When creditors check your credit score, they could do so with any credit bureau. If you only freeze one bureau’s access to your information, that still leaves the other two to make inquiries, so it’s important to set up a freeze for each one to cover all your bases.
As mentioned, a credit freeze is just one type of security freeze offered by McAfee. If you’re worried about an identity thief opening not just credit cards, but also utility and/or bank accounts in your name, McAfee’s utility freeze and bank freeze may be additional services for you. Security freeze helps stop unauthorized fraud attempts by giving you quick links and phone numbers. Having all these contact details in one place really speeds up the process and takes the guesswork out of if you’re contacting the correct offices.
Dealing with identity theft or credit fraud is a scary and stressful situation. That’s why McAfee is here with tools that help you protect you. Credit lock and credit freeze may help you feel calmer in a situation of suspected or real identity theft and gives you peace of mind to help prevent credit fraud from happening in the first place. Speed is of the utmost importance when foiling a criminal, so both solutions are easy to use with intuitive design so you’re not wasting time trying to figure out how they work. Plus, neither will affect your credit score. They just stop creditors from looking at your credit files, while you continue to boost your credit with your smart habits.
With both credit lock or credit freeze in your back pocket, you can feel more secure knowing you’re better protected from credit fraud.
1Fortunly, “20 Worrying Identity Theft Statistics for 2022”
The post Credit Lock and Credit Freeze: Which Service Is Best for You? Both! appeared first on McAfee Blog.
In the fall of 2021, cryptocurrency value skyrocketed. Ethereum and Bitcoin had their highest values ever, causing a huge stir in interest in online currencies from experts, hobbyists and newbies alike … and in cybercriminals seeking huge paydays. Since then, cryptocurrency value has cooled, as has the public’s opinion about whether it’s worth the risk. Huge cryptohacking events dominate the headlines, leaving us to wonder: Is cryptocurrency losing its credibility?
In this article, you’ll learn about recent unfortunate crypto hacks and a few cryptocurrency security tips to help you avoid a similar misfortune.
A crypto wallet is the software or the physical device that stores the public and private keys to your cryptocurrency. A public key is the string of letters and numbers that people swap with each other in crypto transactions. It’s ok to share a public key with someone you trust. Your private key, however, must remain private — think of it like the password that secures your online bank account. Just like your actual wallet, if it falls into the wrong hands, you can lose a lot of money.
A malware called Mars Stealer infiltrated several crypto wallet browser extensions, including the popular MetaMask. The malware stole private keys and then erased its tracks to mask that it had ever gained entry to the wallet.1
One way to completely avoid a breach to your software crypto wallet is to opt for a hardware wallet. A hardware wallet is a physical device that can only be opened with a PIN. But there is some risk involved with a hardware wallet: if you drop it down the drain, all your crypto is gone. If you forget your wallet PIN, there is no customer service chatbot that can help you remember it. You are solely responsible for keeping track of it. For those who are confident in their hardware’s hiding spot and their personal organizational skills, they can benefit from its added security.
For anyone less sure of their ability to keep track of a hardware wallet, a software wallet is a fine alternative, though always been on alert of software wallet hacks. Keep an eye on crypto news and be ready to secure your software at a moment’s notice. Measures include un-downloading browser extensions, changing passwords, or transferring your crypto assets to another software wallet.
In the case of the Mars Stealer malware that affected MetaMask, being careful about visiting secure sites and only clicking on trustworthy links could’ve helped prevent it. Mars Stealer made its way onto people’s devices after they clicked on an infected link or visited a risky website. Stick to websites you know you can trust and consider springing for well-known streaming services and paying for software instead of torrenting from free sources.
Cryptocurrency enthusiasts often spread their crypto investments across various currency types and blockchain environments. Software known as a bridge can link numerous accounts and types, making it easier to send currency.
The cross-chain bridge Horizon experienced was on its Harmony blockchain, where a hacker stole about $100 million in Ethereum and tokens. The hacker stole two private keys, with which they could then validate this huge transaction into their own wallet. To hopefully prevent this from happening in the future, Horizon now requires more than just two validators.2
According to one report, in 2022, 69% of all cryptocurrency losses have occurred in bridge attacks.3 If you exchange cryptocurrencies with other users and have various accounts, it’s almost inevitable that you’ll use bridge software. To keep your assets safe, make sure to extensively research any bridge before trusting it. Take a look at their security protocols and how they’ve responded to past breaches, if applicable.
In the case of Horizon, the stolen private keys were encrypted with a passphrase and with a key management service, which follows best practices. Make sure that you always defend your private keys and all your cryptocurrency-related accounts with multi-factor authentication. Even though it may not 100% protect your assets, it’ll foil a less persistent cybercriminal.
Phishing attacks on bridge companies in conjunction with software hacks are also common. In this scenario, there’s unfortunately not much you can control. What you can control is how quickly and completely you respond to the cybercrime event. Remove the bridge software from your devices, transfer all your assets to a hardware wallet, and await further instructions from the bridge company on how to proceed.
Decentralized finance, or DeFi, is now one of the riskiest aspects of cryptocurrency. DeFi is a system without governing bodies. Some crypto traders like the anonymity and autonomy of being able to make transactions without a bank or institution tracking their assets. The drawback is that the code used in smart contracts isn’t bulletproof and has been at the center of several costly cybercrimes. Smart contracts are agreed upon by crypto buyers and sellers, and they contain code that programs crypto to perform certain financial transactions.
Three multi-million-dollar heists – Wormhole, Beanstalk Farms and Ronin bridge – occurred in quick succession, and smart contracts were at the center of each.4 In the case of Wormhole, a cybercriminal minted 120,000 in one currency and then traded them for Ethereum without putting up the necessary collateral. In the end, the hacker cashed out with $320 million. Beanstalk Farms lost $182 million when a hacker discovered a loophole in the stablecoin’s flash loan smart contract. Axie Infinity’s Ronin bridge was hit for $625 million when a hacker took control over and signed five of the nine validator nodes through a smart contract hole.4
To be safe, conduct all crypto transactions on well-known and trustworthy software, applications, bridges, and wallets that are backed by a governing body. What you lose in anonymity you gain in security by way of regulated protocols. Hackers are targeting smart contracts because they do not have to depend on large-scale phishing schemes to get the information they need. Instead, they can infiltrate the code themselves and steal assets from the smartest and most careful crypto users. Because there’s almost no way you can predict the next smart contract hack, the best path forward is to always remain on your toes and be ready to react should one occur.
Don’t let these costly hacks be what stops you from exploring crypto! Crypto is great as a side hustle if you’re committed to security and are strategic in your investments. Make sure you follow the best practices outlined and arm all your devices (mobile included!) with top-notch security, such as antivirus software, a VPN, and a password manager, all of which are included in McAfee +.
Privacy, excellent security habits, and an eagle eye can help you enjoy the most out of cryptocurrency and sidestep its costly pitfalls. Now, go forth confidently and prosper in the crypto realm!
1Cointelegraph, “Hodlers, beware! New malware targets MetaMask and 40 other crypto wallets”
2Halborn, “Explained: The Harmony Horizon Bridge Hack”
3Chainalysis, “Vulnerabilities in Cross-chain Bridge Protocols Emerge as Top Security Risk”
4Protocol, “Crypto is crumbling, and DeFi hacks are getting worse”
5Cointelegraph, “Beanstalk Farms loses $182M in DeFi governance exploit”
The post Cryptohacking: Is Cryptocurrency Losing Its Credibility? appeared first on McAfee Blog.
An old banking scam has a new look. And it’s making the rounds again.
Recently Bank of America alerted its customers of the “Pay Yourself Scam,” where scammers use phony fraud alerts and trick their victims into giving them access to their online banking accounts. It’s a form of phishing attack, and according to Bank of America it goes something like this:
The good news is that you can avoid this attack rather easily. If you receive a text or call about a possible fraud alert, don’t respond. (Scammers can easily “spoof” or fake caller ID information nowadays. So even if it appears that the number looks legitimate, it may not be after all.) Instead, contact your bank directly using the contact information on your debit or credit card. This way, you’ll know you’re speaking with the proper representatives about the matter.
Of course, this scam isn’t the only scam making the rounds these days. Whether it’s with some form of phishing attack, stealing passwords on public Wi-Fi, or malware that spies on your keystrokes, scammers use plenty of tricks to crack into online bank accounts. Yet with a few precautions and a sharp eye, you have several ways you can protect yourself.
Online protection software today goes far beyond antivirus. It can protect your privacy, identity, and your online accounts as well. McAfee+ Ultimate provides our most comprehensive coverage with features that monitor the dark web and sketchy data broker sites for your personal information, identity theft and ransomware protection, and identity restoration services should the unexpected happen—all along with our award-winning antivirus protection. In all, it protects you, not just your devices. Together, it offers your strongest line of defense in the face of hackers, scammers, and thieves.
Legitimate banks will never pressure, harass, or cajole you into action. If you get a message that strikes an aggressive tone, assume it’s fraudulent. Other things legitimate banks will never do include:
Earlier, I mentioned contacting your bank directly to ensure you’re speaking to a proper representative. Another way you can go directly to the source is to use your bank’s website or app to check up on your accounts. Once again, don’t click any links in a text or email. Just go to your bank’s website or app to check your account. You can make sure you have your bank’s official app by visiting the Google Play or Apple’s App Store and looking at the information section to ensure that it was indeed developed by your bank—not a copycat.
Strong and unique passwords for each of your online accounts can help keep hackers at bay. With data breaches occurring so often, updating them regularly is important too. Yet with all the accounts we keep, that can mean a lot of work. However, a password manager can create those passwords for you and safely store them as well. Comprehensive security software will include one.
Two-factor authentication is an extra layer of defense on top of your username and password. It adds in the use of a special one-time-use code to access your account, usually sent to you via email or to your phone by text or a phone call. In all, it combines something you know, like your password, with something you have, like your smartphone. Together, that makes it tougher for a crook to hack your account. If any of your accounts support two-factor authentication, the few extra seconds it takes to set up is more than worth the big boost in protection you’ll get.
When you log onto public Wi-Fi, potentially anyone can see your internet activity—and that includes things like entering your username and password. For that reason, only log into your bank account with public Wi-Fi if you’re using a virtual private network (VPN). McAfee Secure VPN protects your privacy by turning on automatically for unsecured networks. Your data is encrypted so it can’t be read by prying eyes. The VPN also keeps your online activity and physical location private and secure from advertisers.
Keeping an eye on your bills and statements as they come in can help you spot unusual activity on your accounts. A credit monitoring service can do that one better by keeping daily tabs on changes to your credit report. While you can do this manually, there are limitations. First, it involves logging into each bureau and doing some digging of your own. Second, there are limitations as to how many free credit reports you can pull each year. A service does that for you and without impacting your credit score.
Depending on your location and plan, McAfee’s credit monitoring allows you to look after your credit score and the accounts within it to see fluctuations and help you identify unusual activity, all in one place, checking daily for signs of identity theft.
When a fraud notification pops up on your phone, you can almost feel your stomach drop. Hackers and scammers play off that fear. They use it to get you to act—and to act quickly. Taking a moment to scrutinize these messages and following up directly with your bank can help you steer clear of their tricks. Likewise, putting up a strong defense with comprehensive online protection software can make you safer still. In the meantime, keep your eyes open for this “Pay Yourself Scam” and other scams like it. It’s certainly not the first of its kind, and it won’t be the last.
The post Steer Clear of the “Pay Yourself Scam” That’s Targeting Online Bank Accounts appeared first on McAfee Blog.
Safety has a feeling all its own, and that’s what’s at the heart of McAfee+.
We created McAfee+ so people can not only be safe but feel safe online, particularly in a time when there’s so much concern about identity theft and invasion of our online privacy.
And those concerns have merit. Last year, reported cases of identity theft and fraud in the U.S. shot up to 5.7 million, to the tune of $5.8 billion in losses, a 70% increase over the year prior. Meanwhile, online data brokers continue to buy and sell highly detailed personal profiles with the data cobbled together from websites, apps, smartphones, connected appliances, and more, all as part of a global data-gathering economy estimated at well over $200 billion a year.
Yet despite growing awareness of the ways personal information is collected, bought, sold, and even stolen, it remains a somewhat invisible problem. You simply don’t see it as it happens, let alone know who’s collecting what information about you and toward what ends—whether legal, illegal, or somewhere in between. A recent study we conducted showed that 74% of consumers are concerned about keeping their personal information private online. Yet, most of us have found out the hard way (when we search for our name on the internet) that there is a lot of information about us that has been made public. It is our belief that every individual should have the right to be private, yet we know too many individuals don’t know where to begin. It is this very worry that made us focus our new product line on empowering our users to take charge of their privacy and identity online.
McAfee+ gives you that control.
Now available in the U.S., McAfee+ provides all-in-one online protection for your identity, privacy, and security. With McAfee+, you’ll feel safer online because you’ll have the tools, guidance and support to take the steps to be safer online. Here’s how:
You can see the entire range of features that cover your identity, privacy, and security with a visit to our McAfee+ page.
McAfee+ Ultimate offers our most thorough protection, with which you can lock your credit with a click or put a comprehensive security freeze in place, both to thwart potential identity theft. You can keep tabs on your credit with daily credit monitoring and get an alert when there’s credit activity to spot any irregularities quickly.
You’ll also feel like someone has your back. Even with the most thorough measures in place, identity theft and ransomware attacks can still strike, which can throw your personal and financial life into a tailspin. What do you do? Where do you start? Here, we have you covered. We offer two kinds of coverage that can help you recover your time, money, and good name:
Starting today, customers in the U.S. can purchase McAfee+ online at McAfee.com in Premium, Advanced, and Ultimate plans, in addition to individual and family subscriptions. McAfee+ will also be available online in the U.K., Canada, and Australia in the coming weeks with additional regions coming in the months ahead (features may vary by region).
We are very excited about bringing these new protections to you and we hope you will be too.
The post The Feeling of Safety with McAfee+ appeared first on McAfee Blog.
Have you ever said something you wish you could take back? Maybe it was a comment muttered in the heat of the moment that hurt someone’s feelings. Or maybe you just had a night out full of silly antics that you wouldn’t want your boss or grandma to see.
These are completely normal occurrences that happen all the time. We’re human! We make mistakes and letting loose every now and again is good for us. When these scenarios happen in person, we’re able to apologize or explain ourselves; however, the social media age complicates things. High-def cameras and video recorders are in everyone’s pocket, meaning that in-person slip-ups or lapses in judgement can come back to haunt you in a cyberscheme known as doxing.
Doxing can be harmful to one’s reputation and can cost someone their job, their friends, or their privacy. Here are five things you should know about doxing, plus some tips on how to prevent it from happening to you.
The term doxing originated from the phrase “dropping documents/docs.” It refers to a situation where an enemy or a rival seeks to tarnish the reputation of someone else by releasing documents (aka dropping docs) about them. These documents often contain personally identifiable information (PII) – like full names, birthdates, addresses, employment details, financial information, phone numbers, email addresses – and private correspondences or embarrassing videos or photos. The doxer – or the person dropping the documents – will publish these private details online, whether that’s on a forum, on social media, or a blog.
Doxing is considered cyberbullying because it is a form of online harassment. The doxer often does so with the intent of drumming up widespread hate about the victim and having the release of these private details negatively affect the victim’s life, such as getting them fired from their job or breaking up a relationship.
Doxing happens most frequently to public figures, such as celebrities, politicians, streamers, and journalists. It is also a prevalent practice in the hacking community, where hackers reveal the identities of the real people behind forum usernames. However, anyone is susceptible to having their PII or sensitive photos or videos widely released on the internet for the sake of reputation sabotage. All it takes is for one scorned partner, a disgruntled coworker, or a disagreement to set a doxer on a warpath.
When the saboteur doesn’t have to dig into your past via the dark web or through hacking a personal device, doxing isn’t illegal. It’s malicious and can be emotionally damaging, but there is no law stopping a doxer from publishing the private details of someone else. Doxing crosses the line into a crime when it is accompanied by threats.
So, if a doxer didn’t hack a personal device or buy the PII off the dark web, where did they find these details? Oftentimes, people incriminate themselves with their social media footprint. What seems like ancient history in your social media timeline is again front and center after just a few minutes of scrolling.
Check out these tips that can lessen the chances of doxing happening to you:
In addition to the above tips, McAfee can help you fill in the gaps in your defense. McAfee Total Protection is an all-in-one privacy and identity protection service that includes all the tools you need to secure your PII and help you recover if identity theft occurs after a doxing incident. Personal Data Cleanup scans 40 risky data broker sites for your information. If you appear on any of those sites, McAfee will help you remove it to keep your PII out of a doxer’s hands.
The post 5 Things About Doxing You Should Know appeared first on McAfee Blog.
Password protection is one of the most common security protocols available. By creating a unique password, you are both proving your identity and keeping your personal information safer. However, when every account you have requires a separate password, it can be an overwhelming task. While you should be concerned about the safety of your data, you also want to avoid the frustration of forgetting your password and being blocked from the information you need. However, the benefits of using strong, unique passwords outweigh the occasional inconvenience.
The main benefit of a strong password is security. Hackers work quickly when they are trying to access accounts. They want to steal as much information as they can in as short a time as possible. This makes an account with a strong password less inviting because cracking the code is much more involved.
A strong password also limits the damage that hackers can do to your personal accounts. A common strategy involves cracking the passwords of less secure sites with limited personal information. The hackers hope that they can use the password from your gym membership app to access information in your online banking account. Strong password protection prevents this situation.
When someone is registering an online account, it can be tempting to blaze through the password process. In order to move quickly, there are several poor password practices that people employ.
A password is considered strong when it is difficult for a hacker to crack it quickly. Sophisticated algorithms can run through many password combinations in a short time. A password that is long, complex and unique will discourage attempts to break into your accounts.
If you want a password that is memorable but strong, you can easily turn a phrase into a layered, complex password. In this process, it is important to note that you should not use personal information that is available online as part of your phrase.
Now, you have a password that you can remember while challenging the algorithms hackers use.
When you consider the number of accounts you need to protect, coming up with a properly layered password is a time-consuming task. Even if you are able to decide on a memorable phrase, there are just too many accounts that need passwords. A password manager is a helpful tool to keep you safe while you are online. It acts as a database for all of your passwords. Each time you create a new code, it stores it so that you can automatically enter it later. You only need to remember a single password to access the tools of your manager.
Most managers can also do the work of creating complex, layered passwords for your accounts. These will be a string of random numbers, letters and characters. They will not be memorable, but you are relying on the manager to do the memorizing. These machine-generated passwords are especially helpful for accounts you rarely access or that do not hold significant information.
For critical accounts like your bank account or a work-related account, it can be helpful to keep an offline list of your passwords. Complex passwords are meant to be difficult to remember. You may recall the phrase but not all the detailed changes that make it layered. Keeping a document on a zip drive or even in a physical paper file or journal will allow you to access your information if your hardware fails or you are switching to a new system.
Cracking passwords is just one of the strategies hackers use to steal information. In addition to using strong passwords, it is important to employ comprehensive security software. Strong passwords will help protect your online accounts. Strong overall security will keep your hardware and network safe from danger.
The post Strong Password Ideas to Keep Your Information Safe appeared first on McAfee Blog.
It’s too bad cybercriminals don’t funnel their creativity into productive pursuits because they’re constantly coming up with nefarious new ways to eke out money and information from unsuspecting people. One of their newest schemes is called synthetic identity theft, a type of identity theft that can happen to anyone. Luckily, there are ways to lower the chance of it happening to you. And if it does happen to you, there are a few preventive measures you can take. Plus when you’re able to identify the early signs, you can minimize its damage to your finances and your credit.
Here’s everything you need to know about synthetic identity theft in order to keep your and your family’s information safe.
Synthetic identity theft occurs when a cybercriminal steals a real Social Security Number (SSN) but fabricates the rest of the details that are associated with that SSN, such as the full name and birthdate. With this valid SSN, they’re able to create an entirely new identity and use it to take out loans, apply for credit cards, or even purchase a house.
This form of identity theft is more difficult than traditional identity theft to detect. When a criminal steals someone’s entire identity – their name, birthdate, address, and SSN – there are more flags that could raise the alarm that something is amiss. Additionally, in some cases of synthetic identity theft, cybercriminals play the long game, meaning that they build up excellent credit with their new fake identity for months or even years. Then, once they’ve squeezed as much as they can from that great credit, they rack up huge charges against that credit and flee. It is only then when creditors demand payment that the rightful owner of the SSN finds out their identity was compromised.
Synthetic identity theft can severely damage the credit or finances of the person to whom the SSN truly belongs. It most often occurs to people who don’t closely monitor their credit, such as children, people in jail, or the elderly, but it can happen to anyone.
The signs of synthetic identity theft are a bit different than the signs of regular identity theft. In traditional identity theft, you may receive bills to your address either with someone else’s name on them or for organizations with which you don’t have an account. However, in the case of synthetic identity theft, since the thief makes up an entirely new name and address, you’re unlikely to accidentally get their mail.
The major red flag is if your credit score is drastically lower (or higher) than you remember it being. Did you know that you can request one free credit report per year from each major credit bureau? Get in the habit of ordering reports regularly to keep tabs on your credit and confirm that there are no new accounts that you didn’t create.
Check out these tips on how to protect your identity online to hopefully prevent it from ever happening to you:
McAfee Identity Protection is a comprehensive identity monitoring service that protects your identity and privacy from the fastest-growing financial crimes in America. McAfee can scan risky websites to see if your information was leaked in a recent breach. Additionally, with the new security freeze feature, you can deny access to your credit report, which stops fraudsters from opening new credit cards or bank or utility accounts in your name. Finally, if the worst does happen, McAfee Identity Protection offers up to $1 million in identity theft coverage and restoration.
If you don’t do so already, commit to a routine of monitoring your credit and financial accounts. It only takes a few minutes every month. To fill in the gaps, trust McAfee!
The post What Is Synthetic Identity Theft? appeared first on McAfee Blog.
“But everyone else has one.”
Those are familiar words to a parent, especially if you’re having the first smartphone conversation with your tween or pre-teen. In their mind, everyone else has a smartphone so they want a one too. But does “everyone” really have one? Well, your child isn’t wrong.
Our recent global study found that 76% of children aged 10 to 14 reported using a smartphone or mobile device, with Brazil leading the way at 95% and the U.S. trailing the global average at 65%.
Our figures show that younger children with smartphones and mobile devices make up a decisive majority of younger children overall.
Of course, just because everyone else has smartphone doesn’t mean that it’s necessarily right for your child and your family. After all, with a smartphone comes access to a wide and practically unfettered world of access to the internet, apps, social media, instant messaging, texting, and gaming, all within nearly constant reach. Put plainly, some tweens and pre-teens simply aren’t ready for that just yet, whether in terms of their maturity, habits, or ability to care for and use a device like that responsibly.
Yet from a parent’s standpoint, a first smartphone holds some major upsides. One of the top reasons parents give a child a smartphone is “to stay in touch,” and that’s understandable. There’s something reassuring knowing that your child is a call or text away—and that you can keep tabs on their whereabouts with GPS tracking. Likewise, it’s good to know that they can reach you easily too. Arguably, that may be a reason why some parents end up giving their children a smartphone a little sooner than they otherwise would.
However, you don’t need a smartphone to do to text, track, and talk with your child. You have alternatives.
One way to think about the first smartphone is that it’s something you ease into. In other words, if the internet is a pool, your child should learn to navigate the shallows with some simpler devices before diving into the deep end with a smartphone.
Introducing technology and internet usage in steps can build familiarity and confidence for them while giving you control. You can oversee their development, while establishing rules and expectations along the way. Then, when the time is right, they can indeed get their first smartphone.
But how to go about that?
It seems a lot of parents have had the same idea and device manufacturers have listened. They’ve come up with smartphone alternatives that give kids the chance to wade into the mobile internet, allowing them to get comfortable with device ownership and safety over time without making the direct leap to a fully featured smartphone. Let’s look at some of those options, along with a few other long-standing alternatives.
These small and ruggedly designed devices can clip to a belt loop, backpack, or simply fit in a pocket, giving you the ability to see your child’s location. In all, it’s quite like the “find my” functionality we have on our smartphones. When it comes to GPS trackers for kids, you’ll find a range of options and form factors, along with different features such as an S.O.S. button, “geofencing” that can send you an alert when your child enters or leaves a specific area (like home or school), and how often it sends an updated location (to regulate battery life).
Whichever GPS tracker you select, make sure it’s designed specifically for children. So-called “smart tags” designed to locate things like missing keys and wallets are just that—trackers designed to locate things, not children.
With GPS tracking and many other communication-friendly features for families, smart watches can give parents the reassurance they’re looking for while giving kids a cool piece of tech that they can enjoy. The field of options is wide, to say the least. Smart watches for kids can range anywhere from devices offered by mobile carriers like Verizon, T-Mobile, and Vodaphone to others from Apple, Explora, and Tick Talk. Because of that, you’ll want to do a bit of research to determine the right choice for you and your child.
Typical features include restricted texting and calling, and you’ll find that some devices are more durable and more water resistant than others, while yet others have cameras and simple games. Along those lines, you can select a smart watch that has a setting for “school time” so that it doesn’t become a distraction in class. Also, you’ll want to look closely at battery life, as some appear to do a better job of holding a charge than others.
Another relatively recent entry on the scene are smartphones designed specifically for children, which offer a great step toward full-blown smartphone ownership. These devices look, feel, and act like a smartphone, but without web browsing, app stores, and social media. Again, features will vary, yet there are ways kids can store and play music, stream it via Bluetooth to headphones or a speaker, and install apps that you approve of.
Some are paired with a parental control app that allows you to introduce more and more features over time as your child as you see fit—and that can screen texts from non-approved contacts before they reach your child. Again, a purchase like this one calls for some research, yet names like Gabb wireless and the Pinwheel phone offer a starting point.
The old reliable. Rugged and compact, and typically with a healthy battery life to boot, flip phones do what you need them to—help you and your child keep in touch. They’re still an option, even if your child may balk at the idea of a phone that’s “not as cool as a smartphone.” However, if we’re talking about introducing mobile devices and the mobile internet to our children in steps, the flip phone remains in the mix.
Some are just phones and nothing else, while other models can offer more functionality like cameras and slide-out keyboards for texting. And in keeping with the theme here, you’ll want to consider your options so you can pick the phone that has the features you want (and don’t want) for your child.
Despite what your younger tween or pre-teen might think, there’s no rush to get that first smartphone. And you know it too. You have time. Time to take eventual smartphone ownership in steps, with a device that keeps you in touch and that still works great for your child.
By easing into that first smartphone, you’ll find opportunities where you can monitor and guide their internet usage. You’ll also find plenty of moments to help your child start forming healthy habits around device ownership and care, etiquette, and safety online. In all, this approach can help you build a body of experience that will come in handy when that big day finally comes—first smartphone day.
The post Smartphone Alternatives: Ease Your Way into Your Child’s First Phone appeared first on McAfee Blog.
Fears and phobias. We all have them. But what are your biggest ones? I absolutely detest snakes but spiders don’t worry me at all. Well, new research by McAfee shows that cybercriminals and the fear of being hacked are now the 5th greatest fear among Aussies.
With news of data breaches and hacking crusades filling our news feed on a regular basis, many of us are becoming more aware and concerned about the threats we face in our increasingly digital world. And McAfee’s latest confirms this with hackers making their way into Australia’s Top 10 Fears.
According to research conducted by McAfee, snakes are the top phobia for Aussies followed by spiders, heights and sharks. Cybercriminals and the fear of being hacked come in in 5th place beating the dentist, bees, ghosts, aeroplane travel and clowns!
Aussie Top 10 Fears and Phobias
Fears and phobias develop when we perceive that we are at risk of pain, or worse, still, death. And while almost a third of respondents nominated snakes as their number one fear, there is less than one-in-fifty thousand chance of being bitten badly enough by a snake to warrant going to hospital in Australia, according to research from the Internal Medicine Journal.
In contrast, McAfee’s analysis of more than 108 billion potential online threats between October and December, identified 202 million of these threats as genuine risks. With a global population of 7.5 billion, that means there is approximately a one in 37 chance of being targeted by cybercrime. Now while this is not a life-threatening situation, these statistics show that chance of us being affected by an online threat is very real.
According to the research, 82% of Aussies believe that being hacked is a growing or high concern. And when you look at the sheer number of reported data breaches so far this year, these statistics make complete sense. Data breaches have affected Bunnings staff, Federal Parliament staff, Marriott guests, Victorian Government staff, QLD Fisheries members, Skoolbag app users and Big W customers plus many more.
Almost 1 in 5 (19%) of those interviewed said their top fear at work is doing something that will result in a data security breach, they will leak sensitive information or infect their corporate IT systems.
The fear that we are in the midst of a cyberwar is another big concern for many Aussies. Cyberwar can be explained as a computer or network-based conflict where parties try to disrupt or take ownership of the activities of other parties, often for strategic, military or cyberespionage purposes. 55% of Aussies believe that a cyberwar is happening right now but we just don’t know about it. And a fifth believe cyber warfare is the biggest threat to our nation.
Being proactive about protecting your online life is the absolute best way of reducing the chances of being hacked or being affected by a data breach. Here are my top tips on what you can now to protect yourself:
Using a password manager to create unique and complex passwords for each of your online accounts will definitely improve your online safety. If each on your online accounts has a unique password and you are involved in a breach, the hacker won’t be able to use the stolen password details to log into any of your other accounts.
Storing your financial data within your browser and being able to populate online forms quickly within seconds makes the autofill function very attractive however it is risky. Autofill will automatically fill out all forms on a page regardless of whether you can see all the boxes. You may just think you are automatically entering your email address into an online form however a savvy hacker could easily design an online form with hidden boxes designed to capture your financial information. So remove all your financial information from Autofill. I know this means you will have to manually enter information each time you purchase but your personal data will be better protected.
One of the easiest ways for a cybercriminal to compromise their victim is by using phishing emails to lure consumers into clicking links for products or services that could lead to malware, or a phoney website designed to steal personal information. If the deal seems too good to be true, or the email was not expected, always check directly with the source.
It’s important to put the right security solutions in place in order to surf the web safely. Add an extra layer of security to your browser with McAfee WebAdvisor.
I know public Wi-Fi might seem like a good idea, but if consumers are not careful, they could be unknowingly exposing personal information or credit card details to cybercriminals who are snooping on the network. If you are a regular Wi-Fi user, I recommend investing in a virtual private network or (VPN) such as McAfee Secure VPN which will ensure your connection is completely secure and that your data remains safe.
While it is tempting, putting our head in the sand and pretending hackers and cybercrime don’t exist puts ourselves and our families at even more risk! Facing our fears and making an action plan is the best way of reducing our worry and stress. So, please commit to being proactive about your family’s online security. Draw up a list of what you can do today to protect your tribe. And if you want to receive regular updates about additional ways you can keep your family safe online, check out my blog.
‘till next time.
Alex x
The post Aussies Fear Snakes, Spiders and Getting Hacked appeared first on McAfee Blog.
Using a VPN on your smartphone can boost your privacy in a big way, particularly with all the data tracking that’s happening out there today.
For some time now, we’ve recommended a VPN when using public Wi-Fi in airports, libraries, hotels, and coffee shops. Given that these are public networks, a determined hacker can snoop on the other devices transmitting data on it. With a VPN, any connection becomes a secure connection, which includes public Wi-Fi. That advice still holds true. Yet there’s a good reason to use it on your smartphone all the time—for your privacy.
Let’s start with a quick look at the two big things a VPN does for you.
The bank-grade encryption used by a strong VPN shields your data and information while it’s in transit, which makes it terrifically difficult for hackers to spy on your connection. (Think of your data and information traveling through a tunnel that no one else can use or see into.) In that way, at VPN makes all kinds of online activities more secure—like banking, shopping, and checking up on your finances.
By masking your whereabouts and your IP address, along with encryption that helps keep your activities private, a VPN reduces the personal information that others can collect and track. That includes internet service providers, social media companies, businesses, app developers, websites, and others who gather your data for marketing purposes or for resale to third parties.
As far as your privacy is concerned, a VPN on a smartphone can be a smart move. There are a couple of reasons for that: first, because of the way smartphones have additional tracking technologies built in, and second, because of all the trackable data we create when using smartphones as frequently as we do—up to six hours per day for some.
As for how your smartphone is built, data collectors can harvest your personal information that reveals what you’re doing, when you’re doing it, and where you’re doing it as well. Several technologies allow them to pinpoint where you are at any given time, such as GPS and location services, along with Bluetooth connectivity and location tracking based on which cell phone tower you’re connected to. Even scanning a QR code with your phone can reveal location information. It can all get rather precise, which is of interest to advertisers, businesses, and even governments.
Next, think about all the activities you do on your phone, with a special emphasis on the apps you use and the data they create, about your health, your shopping habits, your travels, who you’re chatting with, and what content you’re posting online—just to name a few things. Once again, that information in of itself is valuable to data collectors. It becomes even more valuable when they know where you do these things.
Taken together, data broker companies readily gather this information from millions of devices, generating billions of data points, and create massive lists of targeted information. And that information gets quite specific. With some data brokers collecting hundreds and into the thousands of data points per person, they can provide interested buyers with a high-resolution snapshot of who you are, where you live, who’s in your family, your income, where you shop, what you like to buy—right on down to your favorite shampoo. And that’s just for starters.
It’s little surprise that all this data brokering activity fuels a global business estimated at $200 billion U.S. dollars a year.
How’s this happening? In large part by way of the privacy policies you may or may not have read.
Within those policies, device manufacturers, social media companies, app developers, and so on will detail what data they collect, under what conditions, what they do with it, and if they share or resell that data to other parties. However, if you’ve ever taken a dive into the fine print of a privacy policy, what’s stated there isn’t always clear. Now consider all the apps you have on your phone and the privacy policies associated with each one—your personal data privacy picture gets even less clear.
With digital data and information collection baked into so much of what we do online, it’s little wonder that more than 70% of people feel like their data privacy is out of their control.
Yet there are things you can do.
Using a VPN on your smartphone can make you far more anonymous online. A VPN can minimize the data that gets exposed as it transmits to and from your smartphone. As a result, companies and data brokers can potentially learn far less about you, your shopping, your travels, your habits, and any other information that they could possibly collect and otherwise profit from.
While you have free VPN options available, I suggest steering clear of them. As with many “free” services, there’s going to be some catch, often involving data collection. For example, some so-called “free VPNs” have served up tracking malware or actually collected private data and information for sale—the very things you want a VPN to prevent.
Given that this is your privacy we’re talking about, do a little background check. Has the VPN you’re considering been independently audited for security? The technology that powers ours undergoes a thorough audit every year. Search news articles and see if the VPN you’re looking at has a track record of collecting and selling data in any way. Again, with our VPN technology, we don’t log or track what you do online so your online activity remains private.
What about the information that’s already out there? Our Personal Data Cleanup can help you remove your personal information from high-risk data broker sites, so you can prevent it from being further collected and sold online. If you’re unsure if your data and information are out there, consider what one major data brokers has touted in the past—a reach of over 62 countries and the ability to reach over 2.5 billion consumers globally. With 5 billion internet users today, that accounts for half of the world’s online population. And that’s just one data broker alone.
Moreover, consider that data brokers acquire plenty of information from places other than your smartphone and other connected devices. They skim and collate public records associated with you, information purchased from retailers with loyalty card programs, not to mention census data, court records, and motor vehicle records. And that’s just a few of the many sources. Using our Personal Data Cleanup can help remove those sorts of records too.
Together, the combination of a VPN and Personal Data Cleanup can help you become far more private than before. With so much of our digital lives getting collected, tracked, and tabulated, often without our knowledge thanks to confusing privacy policies, taking control of your privacy makes sense and only gets easier to do thanks to the tools and services available to you.
The post Privacy, please! Why a VPN on your smartphone may be a smart move for you. appeared first on McAfee Blog.
“Congratulations, you’re a winner!”
“Did you know this public figure is trying to make your life worse? Click here for what they don’t want you to know.”
“Save thousands today with just one click!”
Spam and bot accounts on social media are everywhere. You’ve likely encountered messages like these that attempt to get you to click on links or to stir your emotions in a frenzy. While bot accounts are usually more of an annoyance than anything, when they’re allowed to run rampant, they can quickly become dangerous to your personally identifiable information (PII) and create an emotionally charged mob mentality.
Here’s what you should know about bot accounts, including how to steer clear of menacing ones, plus a reminder to watch what you share on (and with) social media sites.
Bot accounts are software-automated accounts that try to blend in and act like a real user. They post updates and follow other users, though there isn’t a real person behind the account. A spam account is a type of bot account that attempts to gain financially from its automated posts. Everyday people should be wary of social media bot accounts because they can be used to disseminate false information or phishing scams.
One whistleblower of a social media giant recently divulged that the platform isn’t prioritizing deactivating bot accounts.1 This apathy sparks concerns about the company’s commitment to the security of its users. In the whistleblower’s same report, he stated that the social media site isn’t taking the necessary steps to protect itself from potential inside threats and it had fallen victim to at least 20 breaches in 2020 without reporting the incidents to the proper authorities.
Some bot accounts aren’t malicious (merely an annoying tactic by companies to spread the word about their business), but it’s best to give all of them a wide berth and never click on any links in their posts. Those links could direct to unsecured outside sites laden with malware or drop you in the middle of a phishing scheme.
You can often spot a malicious bot account by the tone of its messages. They’ll often try to inspire intense emotions, such as excitement, sadness, or rage, and attempt to get users to act or share the post. Do not engage with them, not even to argue their points. When you engage or share these posts with your network, it spreads false information and could dangerously manipulate public opinion.2
Here are a few ways you can take your cybersecurity into your own hands when you can’t be sure that social media sites are looking out for the safety of users’ information:
You can’t trust every company to look out for the safety of your personal information, but one organization you can trust is McAfee. McAfee Total Protection is a comprehensive identity and privacy protection solution for your digital life. Great social media habits go a long way toward keeping you safe online, and you can rest assured knowing that McAfee can fill in the gaps. McAfee Total Protection offers antivirus, identity monitoring, and security freeze in the case your information is leaked in a breach or a bot account gets ahold of key details.
Keep on sharing your life’s milestones with your closest friends and family online. The next time you update your status, flag any suspicious accounts you come across, so everyone can enjoy social media confidently!
1NBC News, “Twitter whistleblower alleges major security issues”
2Journal of Information Technology & Politics, “Harass, mislead & polarize: An analysis of Twitter political bots’ tactics in targeting the immigration debate before the 2018 U.S. midterm election”
The post Here’s How to Steer Clear of Bot Accounts on Social Media appeared first on McAfee Blog.
Data brokers are companies that collect your information from a variety of sources to sell or license it out to other businesses. Before they can pass your data along, brokers analyze it to put you into specific consumer profiles. Consumer profiles help businesses suggest products you might like and create targeted marketing campaigns based on your interests.
Companies who buy data from brokers use it for things like marketing or risk mitigation. For example, if you’re a guitarist, a guitar manufacturer might try to reach you with an ad for their instruments. If you’re in the market for car insurance, insurance providers might use your personal information to do a background check so they can assess the risk that you’ll be in a car accident.
While businesses don’t typically use your information maliciously, there are risks involved with having your personal data spread online. There might be certain details you don’t want to share with the world, like health or criminal records or financial issues.
Having your data featured online can also expose it to cybercriminals who might use it for identity theft. Sometimes, hackers can even breach information that’s stored in an information broker’s database. When a criminal has your data, they might be able to access your financial accounts, use your credit to secure a loan, or even use your insurance to receive medical care.
This article shows you how to remove your information from data broker sites and protect your data privacy online.
There are various ways for a data broker to access your personal information. Some of these information sources are offline. For example, a broker can peruse public records to view your voter registration information.
Other information sources that brokers use are online. For instance, a broker might track your buying history to see which products you’re likely interested in.
Below are some of the top sources data brokers use to collect consumer information.
Data brokering is a worldwide industry that brings in around $200 billion annually. An estimated 4,000 data broker companies exist. The largest data broker companies include organizations like Acxiom, Experian, and Epsilon.
Most data broker sites will give you the ability to have your personal information removed from their database — but don’t expect it to be easy.
You might have to follow a multi-step process to opt out of a broker site. Even after your information is removed, you may have to repeat the process periodically.
Different regions have different laws when it comes to protecting consumer data. The European Union has the General Data Protection Regulation (GDPR), which gives consumers the right to request that a company deletes any personal information they have stored.
In the United States, states have to create their own laws to safeguard consumer privacy. States like Colorado and California have enacted laws that allow consumers to have their personal information removed from data broker sites.
The next few sections go over steps you can follow to get your information removed from various data broker sites. Many broker sites allow you to opt out of their data collection and advertising programs.
Opting out can prevent brokers from collecting and sharing your information and help you avoid intrusive ads for things like pre-approved credit cards.
The first thing you’ll have to do is visit each data broker’s site that has your information. Some of the biggest data broker sites that might have your information include:
While these are some of the largest data broker sites around, this list is by no means exhaustive. There’s a large number of data-sharing sites out there. For example, people-search sites like PeekYou, Spokeo, and Whitepages, let average consumers search through databases of personal information.
It may seem counterintuitive to sign up for an account with a broker when all you want is to delete your information from their site, but most data brokers require you to register with them to opt out of data collection.
You’ll likely have to create an account with every data broker you want to opt out of. Unfortunately, this will require you to give the brokers some personal information, like your name, email address, and possibly a picture of your driver’s license. Cross out your license number if you have to send a photo of your ID.
After creating an account with a broker, you’ll likely have to visit their portal to find out whether they have your personal information listed. Checking to see what every data broker has listed about you can be a time-consuming process.
Services like DeleteMe and Kanary will delete your information from data brokers. However, most of these sites charge a fee, and they only delete your information from a select number of sites. For example, DeleteMe removes your information from 36 different data broker sites.
You should also be aware that some data broker sites don’t allow third parties to request for information to be deleted on behalf of consumers.
You’ll have to make a separate removal request for every data broker site you want to opt out of. Some data brokers make the process more difficult than others. Remember that data companies are always collecting records, so you may need to repeat the process of removing your information from data broker sites annually.
Here’s how to opt out of some of the largest data brokering companies we mentioned earlier:
The data broker industry is enormous. A data brokerage can collect a wealth of information about you from a huge number of sources, and provide that information to businesses that use it to do things like design targeted marketing campaigns for their ideal consumers.
Brokers can share sensitive information that you want to keep private, like medical data. Having your personal information floating around the internet makes it easier for cybercriminals to use it for personal gain.
By opting out of information-sharing programs, you can protect your online privacy, reduce the number of intrusive advertisements and emails you receive, and make it less likely that identity thieves will target you.
One of the best ways to protect yourself online is to use quality security software. When you sign up for McAfee’s Total Protection services, you’ll get features like award-winning antivirus software, 24/7 account monitoring, a secure virtual private network (VPN), and up to $1 million in identity theft coverage and restoration.
When it comes to protecting your privacy online, McAfee has your back.
The post How to Remove Personal Information From Data Broker Sites appeared first on McAfee Blog.
Our phones store a lot of personal data, including contacts, social media account details, and bank account logins. We use our smartphones for everything under the sun, from work-related communication to online shopping.
However, like computer viruses, our phones can be vulnerable to malware. Viruses are a type of malware that replicate themselves and spread throughout the entire system. They can affect your phone’s performance or, worse, compromise your sensitive information so that hackers can benefit monetarily.
In this article, we give you a rundown of viruses that can infect your phone and how you can identify and eliminate them. We also provide some tips for protecting your phone from viruses in the first place.
iPhones and Android devices run on different operating systems. So, there are differences in the viruses that affect each type of mobile device and how resistant each operating system is to viruses.
Viruses have a harder time penetrating iOS because of its design (although iOS hacks can still happen). By restricting interactions between apps, Apple’s operating system limits the movement of an iPhone virus across the device. However, if you jailbreak your iPhone or iPad to unlock tweaks or install third-party apps, then the security restrictions set by Apple’s OS won’t work. This exposes iPhone users to vulnerabilities that cybercriminals can exploit.
While Android phones are also designed with cybersecurity in mind, their reliance on open-source code makes them an easier target for hackers. Android devices allow users to access third-party apps not available in the Google Play Store.
Cybercriminals today are sophisticated and can launch a variety of cyberattacks on your smartphone. Some viruses that can infect your phone include:
Smartphones and computers get viruses in a similar way. The most common include:
Now that you know how your phone could be the target of a virus, look out for these seven signs to determine if your device has been infected with malicious software.
Most pop-up ads don’t carry viruses but are only used as marketing tools. However, if you find yourself shutting pop-up ads more often than usual, it might indicate a virus on your phone.
Don’t open any apps in your library that you don’t remember installing. Instead, uninstall them immediately. These apps tend to carry malware that’s activated when the app is opened or used.
Your phone isn’t built to support malware. When you accidentally download apps that contain malware, the device has to work harder to continue functioning. In this case, your phone might be overheating.
If your contacts receive unsolicited scam emails or messages on social media from your account, especially those containing suspicious links, a virus may have accessed your contact list. It’s best to let all the recipients know that your phone has been hacked so that they don’t download any malware themselves or forward those links to anybody else.
An unusually slow-performing device is a hint of suspicious activity on your phone. The device may slow down because it needs to work harder to support the downloaded virus. Alternatively, unfamiliar apps might be taking up storage space and running background tasks, causing your phone to run slowly.
Be sure to follow up on charges on your credit card or transactions in your banking statements that you don’t recognize. It could be an unfamiliar app or malware making purchases through your account without your knowledge.
A sudden rise in your data usage or phone bill can be suspicious. A virus might be running background processes or using your internet connection to transfer data out of your device for malicious purposes.
An unusually quick battery drain may also cause concern. Your phone will be trying to meet the energy requirements of the virus, so this problem is likely to persist for as long as the virus is on the device.
You may have an inkling that a virus is housed inside your phone, but the only way to be sure is to check.
An easy way to do this is by downloading a trustworthy antivirus app. The McAfee Mobile Security app scans for threats regularly and blocks them in real time. It prevents suspicious apps from attaching themselves to your phone and secures any public connections you might be using.
If you detect a virus on your iPhone or Android device, there are several things you can do.
It’s never too late to start caring for your phone. Follow these tips to stay safe online and help reduce the risk of your phone getting a virus.
McAfee Mobile Security is committed to keeping your mobile phone secure, whether it’s an iPhone or Android device. In addition to regularly scanning your phone to track suspicious activity, our technology responds to threats in real time. Our comprehensive tools also secure your internet connections and let you browse peacefully. Using our app makes sure that your phone and data are protected at all times.
So, what are you waiting for? Download McAfee Mobile Security today!
The post 7 Signs Your Phone Has a Virus and What You Can Do appeared first on McAfee Blog.
Today, we publish our annual Impact Report. In our 2021 report, we highlight initiatives and share stories about our progress in creating a more inclusive workplace, supporting our communities, and protecting the planet.
Reflecting on 2021, it’s easy to see it was a monumental year for McAfee. Our business underwent an incredible transformation — we divested our Enterprise business and McAfee emerged as a worldwide leader for online protection, empowering individuals and families to live a safer life online. We also kicked off our journey to become a privately held company.
As we accelerate our journey as a dedicated consumer business and I evaluate our strides since our first report in 2018, I am humbled by our progress. In the last year, we’ve seen our representation for women reach 30.9% overall and for underrepresented professionals reach 14.8 percent. In addition, we’ve seen a 40% increase in the proportion of women promoted to director and above in the last year.
We maintained pay parity for women globally and underrepresented professionals in the U.S with our most recent audit revealing no disparities. We rolled out a new inclusion and awareness training and were recognized as the best company for multicultural women and dads. We prioritized our people’s well-being with a rollout of the Calm app, fitness challenges, and a week focused on wellness.
All the while, McAfee rose to meet the increased needs of our community with laptop donation programs and employee giving campaigns. We also made progress for sustainability redefining how and where we work.
However, it’s not lost on me that 2021 followed a year fraught with challenges that didn’t disappear with the end of 2020. And today, we continue to live and work against the backdrop of a global pandemic, respond to acts of racial injustice, and hear undeniable lived experiences of hate and intolerance.
It’s fueled our desire to do better. We know there is so much work to do and our responsibility to create an equitable workplace and world has never been greater. It’s the right thing to do and a business imperative—we rely on the fresh ideas and unique perspectives of the people of McAfee. Truthfully, it’s their tenacity and resiliency that inspire me.
Whether it’s showing up for one another during a COVID-19 surge, asking for more resources to become a better ally, or rallying around each other to prioritize health, our people are exceptional.
As we progress in 2022, grow as a consumer-focused business, and welcome our new President and CEO Greg Johnson, we will have the opportunity to take all we’ve learned and help turn our aspirations into reality. We will invest in our people, our community, and our planet, but also ask what we can do better.
I invite you to read our 2021 Impact Report to see our progress and our commitment.
The post McAfee launches Impact Report: How we’re doing and the opportunities ahead appeared first on McAfee Blog.
Many people opt for encrypted messaging services because they like the additional layers of privacy they offer. They allow users to message their closest friends, family, and business partners without worrying about a stranger digitally eavesdropping on their conversation. The same people who message over encrypted services and apps are likely also diligent with securing their internet connections and using a VPN.
Despite all those safeguards, everyday people are left in the lurch when the companies with which they entrust their information are victims of cyberattacks. That was the case for users of the encrypted messaging app, Signal. Due to a phishing attack and subsequent leak of customer phone numbers, people are looking to identify potential consequences, protect themselves from SIM swapping, monitor their identity, and take measures to make sure their information is safe in the future.
A recent cyberattack targeted Signal, an end-to-end encrypted messaging service.1 The attackers exposed about 1,900 phone numbers belonging to Signal users. While other personally identifiable information (PII), message history, and contact lists were spared, valid phone numbers in the hands of a cybercriminal can be enough to wreak havoc on affected users.
It is likely that another recent and successful phishing scheme at Twilio was the entry point for the Signal hackers. (Signal partners with Twilio to send SMS verification codes to people registering for the Signal app.) At Twilio, phishers tricked employees into divulging their credentials.
To rectify the situation and protect users, Signal is contacting affected users and asking them to re-register their devices. Also, the company is urging all users to enable registration lock, which is an additional security measure that requires a unique PIN to register a phone with Signal.
There are many lessons not only companies but everyday people can learn from the Signal and Twilio hacks. Here are some ways you can take action at the first signs of a compromised phone number and to help prevent cyber-events like this from happening to you.
SIM swapping occurs when a cybercriminal gets ahold of your cellphone number and a few other pieces of your PII and registers your phone number to a device and a new SIM card that isn’t yours. If they successfully reregister your phone number, they can then access your data, change account passwords, and lock you out of your most important accounts.
Luckily, since most of us use our phones every day, SIM swapping is usually detected quickly. If your phone isn’t connecting to the network and you’re not receiving calls and texts, it could be a sign that your wireless provider may have reassigned your number to an impersonator. In this case, contact your wireless provider immediately.
To make SIM swapping nearly impossible, always turn on multifactor authentication. Also known as MFA, multifactor authentication is a method many online accounts use to ensure that only the authorized user can gain entry. This could entail sending a one-time code by email or text, prompting security questions, or scanning for fingerprint or facial recognition in addition to asking for the account password. MFA is an additional layer of security that’s quick to implement. The extra few seconds it takes to type in a code or stand still for a facial scan is well worth the frustration is causes cybercriminals.
These days, everyone has dozens of online accounts for everything from banking and shopping to streaming services and gaming. Since you can’t predict which company is going to be breached next, limit the number of possible doors a cybercriminal could break through to access your PII. In the Signal hack, it was their third-party vendor that was likely the cause of the leaked phone numbers. This unpredictability means it’s best to limit sharing your PII with as few accounts as possible. A great practice is to regularly organize your online accounts and deactivate the ones you no longer use.
A phishing attack seems to have been the first domino to fall in the Twilio and Signal incident. It could’ve been prevented if everyone followed this absolute rule: Never share your password! Your employer nor your bank nor the IRS, for example, will ever ask you for your password to an online account. If you receive correspondence asking you to share your password, no matter how official it looks, do not comply.
Phishers often lace their electronic correspondences with an urgent or authoritarian tone, threatening severe consequences if they don’t receive a response within a short timeframe. This is a ploy to get people to act too quickly without thinking through the request. If you receive a message that outlines dire consequences for seemingly small infractions, step away from the message for at least 15 minutes and think it through. Stay calm and follow up through official channels, such as a listed phone number on the organization’s website or a customer service chat room, to iron out the alleged situation instead.
Diligent cybersecurity habits go a long way toward keeping you and your family’s PII out of the hands of malicious characters. However, in the case you trust a company with your information but it’s leaked in a breach, McAfee Total Protection can give you peace of mind. McAfee Total Protection offers premium security in various areas including antivirus, identity monitoring, secure VPN, Protection Score, and Personal Data Cleanup. Its advanced monitoring abilities are faster and offer broader detection for your identity. Plus, McAfee Total Protection can cover you up to $1 million in identity theft restoration.
Keep your eyes peeled for cybersecurity news and breaches that may have affected your PII. From there, take action and leverage McAfee services to help you fill in the gaps.
1The Hacker News, “Nearly 1,900 Signal Messenger Accounts Potentially Compromised in Twilio Hack”
The post Encrypted Messaging Service Hack Exposes Phone Numbers appeared first on McAfee Blog.
Our personal and professional lives are becoming increasingly intertwined with the online world. Regular internet usage has made us all prone to cyber-security risks. You leave a digital footprint every time you use the internet, which is a trace of all your online activities.
When you create new accounts or subscribe to different websites, you give them explicit (or implicit, through their family of apps or subsidiary websites) access to your personal and credit card information. In other cases, websites might track basic information without your knowledge, such as your location and search history.
There is an industry of data brokers specifically dedicated to keeping track of user data, packaging it, and supplying it to tech companies who use it to run targeted ads and enhance on-platform user experience. Given the widespread use of the internet and exponential improvements in technology, data has become a valuable commodity — creating a need for the sale and purchase of user data.
This article discusses how data brokers sell your personal information and how you can minimize risk.
Data brokers are companies that aggregate user information from various sources on the internet. They collect, collate, package, and sometimes even analyze this data to create a holistic and coherent version of you online. This data is then supplied to tech companies to fuel their third-party advertising-centered business models.
Companies interested in buying data include but are not limited to:
These companies and social media platforms use your data to better understand target demographics and the content with which they interact. While the practice isn’t unethical in and of itself (personalizing user experiences and creating more convenient UIs are usually cited as the primary reasons for it), it does make your data vulnerable to malicious attacks targeted toward big-tech servers.
Most of your online activities are related. Devices like your phone, laptop, tablets, and even fitness watches are linked to each other. Moreover, you might use one email ID for various accounts and subscriptions. This online interconnectedness makes it easier for data brokers to create a cohesive user profile.
Mobile phone apps are the most common way for data brokerage firms to collect your data. You might have countless apps for various purposes, such as financial transactions, health and fitness, or social media.
A number of these apps usually fall under the umbrella of the same or subsidiary family of apps, all of which work toward collecting and supplying data to big tech platforms. Programs like Google’s AdSense make it easier for developers to monetize their apps in exchange for the user information they collect.
Data brokers also collect data points like your home address, full name, Social Security number, phone number, and date of birth. They have automated scraping tools to quickly collect relevant information from public profiles.[Text Wrapping Break]
Lastly, data brokers can gather data from other third parties that track your cookies or even place trackers or cookies on your browsers. Cookies are small data files that track your online activities when visiting different websites. They track your IP address and browsing history, which third parties can exploit. Cookies are also the reason you see personalized ads and products.
Data brokers collate your private information into one package and sell it to “people search” websites like Spokeo or TruePeopleSearch. You or a tech business can use these websites to search for people and get extensive consumer data. People search sites also contain public records like voter registration information, marriage records, and birth certificates. This data is used for consumer research and large-scale data analysis.
Next, marketing and sales firms are some of data brokers’ biggest clients. These companies purchase massive data sets from data brokers to research your data profile. They have advanced algorithms to segregate users into various consumer groups and target you specifically. Their predictive algorithms can suggest personalized ads and products to generate higher lead generation and conversation percentages for their clients.
We tend to accept the terms and conditions that various apps ask us to accept without thinking twice or reading the fine print. You probably cannot proceed without letting the app track certain data or giving your personal information. To a certain extent, we trade some of our privacy for convenience. This becomes public information, and apps and data brokers collect, track, and use our data however they please while still complying with the law.
There is no comprehensive privacy law in the U.S. on a federal level. This allows data brokers to collect personal information and condense it into marketing insights. While not all methods of gathering private data are legal, it is difficult to track the activities of data brokers online (especially on the dark web). As technology advances, there are also easier ways to harvest and exploit data.
Vermont and California have already enacted laws to regulate the data brokerage industry. In 2018, Vermont passed the country’s first data broker legislation. This requires data brokers to register annually with the Secretary of State and provide information about their data collection activities, opt-out policies, purchaser credentialing practices, and data breaches.
California has passed similar laws to make data brokering a more transparent industry. For risk mitigation of data brokerage, the Federal Trade Commission (FTC) has published reports and provided recommendations to Congress to reduce the engagement of data broker firms. Giving individuals the right to opt-out of the sale of their personal data is a step toward a more rigorous law regarding data privacy.
Some data brokers let you remove your information from their websites. There are also extensive guides available online that list the method by which you can opt-out of some of the biggest data brokering firms. For example, a guide by Griffin Boyce, the systems administrator at Harvard University’s Berkman Klein Center for Internet and Society, provides detailed information on how to opt-out of a long list of data broker companies.
Acxiom, LLC is one of the largest data brokering firms and has collected data for approximately 68% of people who have an online presence. You can opt-out of their data collection either through their website or by calling them directly.
Epsilon Data Management is another big player in the data broker industry that operates as a marketing service and marketing analytics company. You can opt-out of their website through various methods such as by email, phone, and mail. Credit rating agencies like Experian and Equifax are also notorious for collecting your data. Similarly, you can opt-out through their websites or by calling them.
McAfee is a pioneer in providing online and offline data protection to its customers. We offer numerous cybersecurity services for keeping your information private and secure.
With regard to data brokers, we enable users to do a personal data clean-up. Cleaning up your personal data online may be a difficult task, as it requires you to reach out to multiple data brokers and opt out. Instead, sign up for McAfee’s Personal Data Cleanup feature to do a convenient and thorough personal data clean-up. We will search for traces of your personal data and assist in getting it removed.
The post How Data Brokers Sell Your Identity appeared first on McAfee Blog.
The World Wide Web, invented in 1989 by Tim Berners-Lee, has undoubtedly made our lives more convenient in so many ways.
For example, family road trips looked a lot different than they do today. Preteens were designated backseat navigators, with huge atlases spread across their laps, yelling “Turn left here! No wait, right!” Then, when you finally arrived at your destination, what was there to do? Time to poll the hotel concierge, gas station attendants, and grocery store clerks about the best places to visit and directions on how to get there.
Now, your car and phone can speak to you in a calm voice, guide you where you need to go, and tell you what to do once you get there. Life changing!
However, the Web also has made our lives more complicated in several ways. The number of cybercrimes — in variety and prevalence — seem to rise every day. Luckily, what has also become more sophisticated are our available tools to combat cybercriminals and protect our online information, privacy, and identity.
Here’s a look back at the evolution of cyberthreats and cyber-protection to commemorate World Wide Web Day and share some tips on how to use the Web safely and with confidence.
In the early days of the Web, viruses and malware caused many a desktop computer to fall into disrepair. Though, whenever anyone caught a virus of the cyber variety, they were never too surprised. That was usually the cost of illegally downloading music or videos or clicking on pop-ups from sites that were notorious for spreading malicious software.
Fast forward to today and viruses and malware have been disguised by phishing, a tactic where malicious software is hidden within legitimate-looking electronic correspondences (email, text, or direct message). People are now wise to which sketchy websites to avoid, so, to spread their malicious software, cybercriminals use false authority and play on people’s emotions to get them to click on dangerous links and divulge valuable personal information. Phishing can result in huge financial losses. One study calculates that companies lose $15 million annually to phishing.1 Here are a few tips to avoid falling for a phishing attempt and keep your family’s personal information safe:
In the 1990s, portable phones weren’t in everyone’s pockets. And the cellphones that were available to the public at a reasonable price certainly didn’t connect to the Web. The average person was concerned primarily with their desktop security. As long as users steered clear of malicious software, subscribed to an antivirus, and didn’t leave their password on a sticky note on their desk, they were likely to remain in the clear.
Today, homes have multiple connected devices, all of which require that people protect them with great cyber-habits, passwords, and technology. Even your smart home assistants are vulnerable to cyberthreats. Don’t worry though, there are plenty of easy things you can do every day to keep your family’s information and devices safe.
Starting with passwords: The best passwords and passphrases are the ones you don’t have to remember. Apple is actually trying to eliminate the need for typing in passwords, instead relying on biometric security measures, such as face facial recognition and fingerprint scanning.2 If your device doesn’t have these scanning capabilities, a password manager is an excellent way to safeguard your passwords to all your accounts. McAfee True Key guards your passwords with one of the strongest encryption algorithms available. On top of that, multi-factor authentication is another layer of security that stops thieves from stealing your passwords and trading them on the dark Web. With a password manager, you’ll never have to write down, reuse, or worry about forgetting your password and username combinations.
Next, a VPN for your mobile devices and desktop is another great shield against cybercriminals. A virtual private network hides your location data and makes it extremely difficult for public wi-fi eavesdroppers to track your movements on the Web. It’s a great practice to never connect any device to a public wi-fi connection without a VPN, especially if you’re online shopping, handling sensitive information, or banking online.
Finally, another key tool in ensuring your mobile and desktop security is knowing where you stand: How protected are you? What are some habits you should improve? How can you constantly monitor your safety and be in the know when your status changes? The answer: McAfee Protection Score. This unique service scans your wi-fi connection, the dark Web, and data breach records for threats to your personally identifiable information (PII) and connected device. Then, the software recommends ways to improve your security, in turn boosting your score. It’s a quick and visual way to evaluate your habits and make sure you’re doing everything you can to protect your connected family.
In the infancy of the World Wide Web, identity theft via the internet wasn’t really a thing. Mostly, identities and PII were stolen through discarded mail, overheard conversations, or stealing someone’s physical wallet.
Identity theft is a major concern. Cybercriminals are becoming smarter and more determined to release PII on the dark Web for profit. Phishing, social media snooping, data breaches, and hacking are common modern ways criminals steal valuable personal information, in addition to low-tech dumpster diving and wallet theft. With your full name, birthdate, and Social Security Number, criminals can cause severe damage to your credit that could take years and a large investment to repair.
Some tips to avoid being a victim of identity theft is to improve your phishing detection skills, avoid oversharing on social media, delete old accounts you don’t use anymore and know how to identify the signs of identity theft. An identity monitoring service, like McAfee Advanced Protection, is your all-in-one privacy and identity protection service for your digital life. It covers you for $1 million in identity theft coverage and restoration. Plus, the service includes all the important tools outlined above: antivirus, VPN, password manager, and Protection Score.
The Web, not to be confused with the internet, is the collection of pages that one can access using the internet. You likely use it every day, thus it’s key to navigate it safely and with confidence. The Web has come a long way, and in a decade, it’s likely to look completely different than it does right now. The key is to be adaptable and careful and have the right tools to help you fill in the gaps.
1Ponemon Institute, “The 2021 Cost of Phishing Study”
2CNET, “Apple Is Trying to Kill Passwords With Passkeys Using Touch ID and Face ID”
The post Celebrate World Wide Web Day: The Evolution of Web Safety appeared first on McAfee Blog.
If you’re the parent of a tween or teen, chances are they’re not the only ones going back to school. Their smartphones are going back too.
Our recent global research showed just how many tweens and teens use a smartphone. Plenty. Depending on the age band, that figure ranges anywhere from 76% to 93%, with some noteworthy variations between countries.
One of the top reasons parents give their child a phone is to stay in touch, so it likely follows that those phones will likely make their way into the classroom. Whether or not that’s the case for your child, back-to-school time is still a great time to help your child stay safer on their phone—and keep their phones safer too in the event of loss or theft.
Comprehensive online protection software can protect your phone in the same way that it protects your laptops and computers. Unfortunately, while many people use it on their laptops and computers, far fewer people use it on their phones—only about 42% of tweens and teens worldwide use it on their smartphones according to our most recent research.
Installing it can protect their privacy, keep them safe from attacks on public Wi-Fi, and automatically block unsafe websites and links, just to name a few things it can do. You can find our smartphone apps in both Google Play and the Apple App Store.
Updates do all kinds of great things for gaming, streaming, and chatting apps, such as adding more features and functionality over time. Updates do something else—they make those apps more secure. Hackers will hammer away at apps to find or create vulnerabilities, which can steal personal info or compromise the device itself. Updates will often include security improvements, in addition to performance improvements.
iPhones update apps automatically by default, yet you can learn how to turn them back on here if they’ve been set to manual updates. For Android phones, this article can help you set apps to auto-update if they aren’t set that way already.
Much the same goes for the operating system on smartphones too. Updates can bring more features and more security. iOS users can learn how to update their phones automatically in this article. Likewise, Android users can refer to this article about automatic updates for their phones.
Another finding from our latest global research is just how few people use a lock screen on their phones. Only 56% of parents said that they protect their smartphone with a password or passcode, and only 42% said they do the same for their child’s smartphone—a further 14% drop between parents and kids.
The issue here is clear. If an unlocked phone gets lost or stolen, all the information on it is an open book to a potential hacker, scammer, or thief. Enabling a lock screen if you haven’t already. It’s a simple feature found in both iOS and Android devices.
Preventing the actual theft of your phone is important too, as some hacks happen simply because a phone falls into the wrong hands. This is a good case for password or PIN protecting your phone, as well as turning on device tracking so that you can locate your phone or even wipe it remotely if you need to. Apple provides iOS users with a step-by-step guide for remotely wiping devices, and Google offers up a guide for Android users as well.
Strong, unique passwords offer another primary line of defense. Yet with all the accounts we have floating around, juggling dozens of strong and unique passwords can feel like a task—thus the temptation to use (and re-use) simpler passwords. Hackers love this because one password can be the key to several accounts. Instead, try a password manager that can create those passwords for you and safely store them as well. Comprehensive security software will include one, and McAfee also offers a free service with True Key.
Google Play and Apple’s App Store have measures in place to review and vet apps to help ensure that they are safe and secure. Third-party sites may not have that process in place. In fact, some third-party sites may intentionally host malicious apps as part of a broader scam. Granted, cybercriminals have found ways to work around Google and Apple’s review process, yet the chances of downloading a safe app from them are far greater than anywhere else. Furthermore, both Google and Apple are quick to remove malicious apps once discovered, making their stores that much safer.
One way that crooks can hack their way into your phone is via public Wi-Fi, such as at coffee shops, libraries, and other places on the go. These networks are public, meaning that your activities are exposed to others on the network—your banking, your password usage, all of it. One way to make a public network private is with a VPN, which can keep you and all you do protect from others on that Wi-Fi hotspot. Note that our VPN can turn on automatically for public Wi-Fi, protecting account credentials, search habits, and other activities online.
The same advice applies for these devices as well—strong online protection software, password management, VPN usage, and so on. What’s good for a smartphone is good for laptops and desktops too.
For laptops in particular, you can track these devices as well, just like a smartphone. The process differs from smartphones, yet it’s still quite straightforward. Windows and Mac users can enable the following settings—and you can click the links below for complete instructions from the source:
Putting these same protections in place on your laptops and desktops will help make your child, and your whole family, safer than before.
Note that on school-issued devices, your school district will likely have technology teams who manage them. As part of that, they typically have policies and restrictions in place to help keep them running safe and sound. If you have any questions about what kind of protections are in place on these school-issued devices, contact your school district.
While we’ve largely focused on protecting the phone itself, there’s also the importance of protecting the person who’s using it. In this case, your child—what they see, do, and experience on the internet. Device security is only part of the equation there.
Parents of tweens and teens know the concerns that come along with smartphone usage, ranging anywhere from cyberbullying, too much screen time, and simply wanting to know what their child is up to on their phone.
As you can imagine, each of these topics deserves its own treatment. The “Family Safety” section of our blog offers parents and their kids alike plenty of resources, and the list below can get you started on a few of the most pressing issues:
Without a doubt, while a child may get their first smartphone to “keep in touch,” that ownership blossoms into something far greater. And quite quickly. As they dive into the world of apps, social media, messaging, and gaming, take an interest, take it as an opportunity to spend time talking about their day and what it was like online.
By asking if they grabbed any cool pictures, what their favorite games are, and how their friends are when your child is texting them, questions like these can open a look into a world that would otherwise remain closed. This way, talking about the phone and what they’re doing on it becomes part of normal, everyday conversation. This can reap benefits down the road when your child encounters the inevitable bumps along the way, whether they’re dealing with a technical issue or something as difficult as cyberbullying or harassment. Talking about their life online on a regular basis may make them more apt to come forward when there’s a problem than they otherwise might.
In all, think of the smartphone as a fast pass into adulthood, thanks to how it puts the entirety of the internet right in your child’s hand. Protecting the device and the kid who’s using it will help ensure they get the absolute best out of all that potential.
The post Getting Your Kids Ready for School—And Their Smartphones Too appeared first on McAfee Blog.
McAfee announces a partnership that will grant new and existing Telstra customers easy access to McAfee’s leading security solutions to deliver holistic security and privacy protection through its integrated suite of services including Antivirus, Parental Controls, Identity Protection, Secure VPN and more, to protect and secure multiple devices including mobiles, PCs and laptops. The partnership brings added protection to Telstra’s millions of customers and their devices via McAfee’s intuitive and integrated consumer security platform
“A recent McAfee study found 27% of Australians surveyed reported attempted account theft and 23% had experienced financial account information leaks,” said Pedro Gutierrez, Senior Vice President of Global Sales and Operations at McAfee. “As the proliferation of life online accelerates, we are thrilled to be partnering with Telstra who are showing through this collaboration, a commitment to innovation and to their customers by investing in new infrastructure and technologies that safeguard their mobile and broadband subscribers.
McAfee’s integrated consumer security platform offers a wide array of mobile security solutions to protect customers’ privacy and identity while blocking viruses, malware, spyware, and ransomware attacks. This partnership allows Telstra’s customers to take advantage of these capabilities and protect themselves from additional threats including potential hacks, identity theft and broader gaps in online and mobile security so they can live life confidently online.
“In today’s increasingly connected world the risk of cyber threats continues to grow. To counter the risk, Telstra is committed to providing our customers with the safety and security features needed to protect them online,” said Matthew O’Brien, Cyber Security Executive and Group Owner at Telstra. “This partnership with McAfee helps drive our mission to build a safe and secure connected future where everyone can thrive, and further complements Telstra’s T25 ambition to extend our network leadership position by delivering greater value to our customers.”
To activate Device Security, Telstra customers can simply go in-store, online or to their MyTelstra app. The full suite of McAfee features supported include Antivirus/System Scan, Safe Browsing, Protection Center, Identity Protection, Password Manager, Parental Controls, Protection Score and Secure VPN. All eligible Telstra customers can try Device Security for three months on Telstra, then auto-roll onto $10/month after.
The post McAfee and Telstra Partner to Bring Privacy, Identity and Security to Australian Customers appeared first on McAfee Blog.
In this digital age, communicating online and through our devices has become the norm. From sharing highlights of last night’s game to sending cute animal videos back and forth, so much of our connectedness happens virtually. It’s become so easy to chat with friends and loved ones through social media that we don’t even have to think about it. We know who’s on the other end of the screen, so why would we worry? We know our friends would never send us a malicious link that would steal our information, so why be cautious? Right?
Not necessarily. Though a message or link may seem like it’s coming from a friend, it’s also possible that it was sent without their knowledge. There are many ways for hackers to scam people very believably. The latest Facebook Messenger hack is just one of many examples.
According to PIXM, Facebook users have been conned for several months by a phishing scam that tricks them into handing over their account credentials. Users are shown a fake login page that copies Facebook’s user interface, giving it the illusion of being real. When someone enters their credentials, their password and login combo is sent to the hacker who then sends out the same link and fake login to the user’s friends through Facebook Messenger. Any user who clicks the link is asked to fill out their credentials, and the cycle repeats. PIXM estimates that over 10 million Facebook users have been duped by this scam since 2021.
This hacker was able to utilize a technique to evade Facebook’s security checks. When a user clicks on the link in the Messenger app, the browser redirects to a legitimate app deployment service, then redirects again to the actual phishing pages with advertisements and surveys that accrue revenue for the hacker. Using this legitimate service link prevents Facebook from blocking it without blocking other legitimate apps and links as well. Researchers say that even if Facebook managed to block one of these links, several others are created with new unique IDs every day to replace it.
Phishing scams like these are harder to detect due to the realistic-looking interface on the login pages and that these malicious links are seemingly coming from friends and family. However, there are always key things to look out for when faced with phishing scams.
Scams don’t always come from overtly sketchy emails or text messages from strangers. Sometimes they can (unintentionally) come from people we know personally. This isn’t to say that your friends online can’t be trusted! However, it’s important to always be cautious and keep an eye out for any odd behavior to stay on the safe side. Here are some key things to look out for when faced with potential malicious phishing scams:
When in doubt, just ask! If you’ve received a message and a link from a friend online, simply ask if they meant to send it to you. If they didn’t send it themselves, not only did you dodge a bullet, but your friend is also now aware that they’ve been hacked and can take the necessary precautions to ensure their information is protected. And if they did mean to send it to you, then you can click the link knowing that it’s safe to do so. It’s always best to err on the side of caution when it comes to your online security.
The post Over 10 Million Facebook Users Hacked in Ongoing Phishing Scam appeared first on McAfee Blog.
It’s Social Media Day! How are you celebrating? Reposting your very first profile picture from a decade ago? Sharing your most-loved status update or the photo you’re most proud of? This year, consider commemorating the day by learning more about how to keep your information safe. Enjoy your favorite platform, but be on the lookout for scams, such as social engineering.
Social engineering is a cybercrime common to social media sites. It is a tactic where a cybercriminal lurks on people’s social media pages, gleaning personal information that they then use to impersonate them elsewhere.
With more than half of the global population on social media, you may think that a cybercriminal will never single you out from such a huge pool; however, it is possible.1 Luckily, you only have to make a few, easy changes to your online habits to keep your valuable private information just that: private. Check out these tips to make smart decisions and be more confident about your and your family’s online security.
Think of the types of posts you share with your dozens – or even hundreds or thousands! – of followers: updates about your life, where you live, work, or favorite travel destinations, your hobbies, pets, family members, etc. All of these details, that only you and those closest to you should know, are a valuable commodity to cybercriminals. Plus, now that social media shopping is growing in popularity, the credit card information linked to accounts is sweetening the deal for cybercriminals.
Here are a few social engineering scams that are common to social media.
People commonly create passwords based on things, places, and people that are important. Have you ever published a 20 questions-style get-to-know-me post? Those contain a lot of valuable personally identifiable information (PII). With just a few of those details about your personal life, cybercriminals can make educated guesses at your passwords, a tactic called credential stuffing. If they’re able to crack the code to one of your accounts, they’ll then input that password and login variations in several other sites, especially online banking portals, to see if they can gain entry to those too.
You’ve won! Send us your banking information and address, and you’ll receive a package in the mail or a direct deposit to your bank account!
But did you enter a drawing for a prize? Very rarely does anyone win something just by being a follower of a certain page. If you receive a message similar to the above, it’s likely a phisher trying to draw more PII and sensitive banking information out of you. Or, the message may have links within it that redirect to an untrustworthy site. If you regularly enter social media contests, keep a list and only respond to legitimate ones. Also, never give your banking information out over social media, private messages, or email.
There are plenty of valid fundraisers and petitions circulating around social media; however, there are just as many social engineering scams that dupe social media users because they inspire a strong emotion in them. For example, there have been several scams around Ukrainian donation sites. Cybercriminals often use fear, anger, or sadness to inspire people to open their wallets and share confidential banking information.
Luckily, all it takes is a few smart habits to stop social engineers in their tracks. Consider the following tips and make these small changes to your social media usage:
At this point, you’ve probably had several of your social media accounts active for over a decade. That means it’s time to do some cleaning out of your friends and followers lists. It’s best to only accept requests from people you personally know and would actually like to keep in the loop about your life. A friend and follower request from strangers could be cyber criminals in disguise. Also, consider setting your account to private so that your posts are invisible to strangers.
Social engineering hacks often bank on people acting rashly and quickly because of strong emotion, either excitement, fear, sadness, or anger. If you see a post on your newsfeed or receive a direct message that gives you a tight window to respond and asks for PII, slow down and think before acting. Double-check the destination of every link in the message by hovering over it with your cursor and checking the link preview at the bottom of your browser screen. Be careful, because some link previews include slight misspellings of legitimate websites. As a great rule of thumb, be automatically skeptical of direct messages from people you do not personally know. And if a DM from a friend seems out of the ordinary, shoot them a text to confirm they actually sent it. It could be that their social media account was hacked and a criminal is spamming their followers.
A password manager will go a long way toward ensuring you have unique, strong passwords and passphrases for every account. Not reusing passwords makes credential stuffing impossible. McAfee True Key stores all your logins and passwords and guards them with one of the strongest encryption algorithms available. All you need to do is remember your master password. It’s a great practice to also enable multifactor authentication whenever a website offers it. This makes it incredibly difficult for a cybercriminal to break into your online accounts with their educated guesses at your password.
Now that you know what to look for and the best tricks to be safe, you can feel more confident that you’re doing everything you can to protect your online accounts and private information. McAfee Protection Score can also help you take control of your online safety. This service allows you to monitor your current online safety and encourages you to take specific steps to improve it. Now you can enjoy digitally keeping in touch with your friends with peace of mind!
1Smart Insights, “Global social media statistics research summary 2022”
The post It’s Social Media Day! Here’s How to Protect Yourself From Social Engineering Online appeared first on McAfee Blog.
Heard of the sandwich generation? Well, if you’ve got a tribe of kids and parents who are aging then you are a fully-fledged member! And as members of this special club, not only do we need to manage and keep our offspring in check, but we also have to reserve some energy to help our parents navigate life’s challenges which of course includes the online world.
In the broadest sense, the sandwich generation is the ‘caught in the middle’ generation who have living parents and children to care for. More often than not, it’s people like us, smack-bang in middle age, who support both their parents and children financially, physically, and/or emotionally. And with life expectancies looking rosier than ever and many of us choosing to have careers before we become parents, it’s inevitable that us middle-aged folks are feeling a little squeezed at both ends!
Getting our head around keeping our kids safe online can feel overwhelming for many of us. Keeping up with the latest apps, games and platforms can often feel relentless and let’s not forget about trying to weave in cyber safety messages to ensure our kids make safe decisions online too. But when the downside of not being vigilant about online safety is so great, it’s essential that we extend our digital education messages to the older members of the family too!
One of the silver linings of the pandemic is that it gave a real push to those who were resisting getting online. And in most cases, that was the older member of our society. Research from ACMA shows that by 2020, over 90% of Australian seniors had internet connectivity in their homes compared to 68% in 2017. But as we all know, owning a car and driving it are 2 very different tasks!
My parents, who are both in their late 70’s, do a pretty good job of managing their online lives. They bank online, are avid email senders and can even do a little Facetime, thanks to COVID! But they are a work in progress – like everyone. And while I try very hard to keep them up to date with new apps and risks, I have learnt over the years that less is more. That not overwhelming them is actually the key. In fact, the simpler I keep my updates and tips, the more likely they are to get onboard with my message.
So, in the spirit of the experience with my much-loved mum and Dad, I‘d like to share with you the top things you can do to keep your much loved older family members safe when they go online.
I accept that there are no real guarantees in life but there are risk-minimizing decisions. And ensuring all devices have top-level security software is one of those. Not only will this protect your loved ones from downloading viruses and malware, but it will also allow them to shop with confidence at approved ‘safe’ websites, help them manage their passwords, locate their devices plus loads more. It’s such a small price to pay for increased peace of mind. Check out McAfee+ protection which can protect your family’s entire fleet of devices.
A secure password is a key to keeping one’s online life safe so taking some time to formulate a strategy for older family members is so worthwhile. Downloading a password manager was a total life changer for me. Not only did it help me create complex passwords that no human could ever generate but it remembers them for me too. I only have to remember the master password and it then automatically logs me in! Now, if this was set up carefully for older family members, this could be an amazing tool to protect their online life.
I am also very aware that writing down passwords ‘in a special book’ is used very commonly. And if this is the only way that will work for your family members then try to make these passwords as complex as possible without overwhelming them. A complex, nonsensical sentence would work well here but just ensure each account has its own sentence in case the account gets hacked.
Out-of-date software is a little like leaving your front door unlocked – it makes it far easier for unwanted visitors. In almost every case, a software update includes a patch for a security vulnerability – a weak hole in the company’s software that could expose the user to risk. So, when I discovered that my parents were ignoring reminders for updates as they had become very annoying, I sprang into action! Most software updates can be automated so I strongly encourage taking some time to ensure all the software your family members use is set up to update automatically.
Unfortunately, older Aussies are often the target of online scams. Scammers will work overtime to get their trust with the aim of extracting dollars or their personal details. I wish I had a silver bullet that would protect all vulnerable types from these cybercrims, but I don’t. The next best option is to talk about scams and some of the sneaky techniques scammers will use with them. I remind my parents regularly not to reply to emails from people they don’t know, not to even answer calls from numbers they aren’t familiar with and that if they receive a call from their bank and they aren’t sure whether it is legitimate, ask for the caller’s number so you can ring them bank – if the caller is legit, that won’t be a problem.
If you think about it, keeping your older family members only is simply an extension of keeping your kids safe. The messages and strategies are almost identical! So, if your older family members use a Messenger app, why not set up a family group chat with both the younger and older family members? You can share news stories about online risks and better still, get the kids involved too! So, next time your parents have an issue with their phone – the kids will be able to help out! Awesome!!
Take care
Alex xx
The post Online Safety for Seniors – How to Keep Older Family Members Safe Online appeared first on McAfee Blog.
FreshRSS 