Login
Whether you’re spending time on the web or working in the office, you want peace of mind knowing that you are in a safe environment. While most of us know to take precautions when online — protecting ourselves from things like phishing attacks and other cyber threats — we should also attend to our physical security.
One concern is tailgating — a social engineering attack where someone gets physical access to a business to take confidential information or do other harm.
Here are some ways to protect yourself from tailgating attacks, such as an unauthorized person following you into a restricted area while on the job.
Tailgating is a type of social engineering attack where an unauthorized person gains physical access to an off-limits location — perhaps a password-protected area — where they might steal sensitive information, damage property, compromise user credentials or even install malware on computers.
“Piggybacking” is closely related to tailgating, but it involves consent from the duped employee. So, while a worker might be unaware that someone has tailgated them into a restricted area with piggybacking, the hacker might convince a worker to provide access because they are posing as, say, a delivery driver.
Companies, particularly at risk of being targeted by tailgating scams, include those:
Generally speaking, companies with robust security systems in place — including using biometrics, badges, or other identity and information security measures — are better protected from tailgating and piggybacking attacks.
But that’s not to say that some smooth-talking fraudster can’t talk someone into letting them in or finding some way around those protections.
Common types of tailgating attacks that you should be aware of on the job include:
Protecting yourself from tailgating attacks is partly a matter of learning about the issue, raising your level of awareness on the job, and depending on your employer, putting in place more effective security systems.
Some solutions include:
Many companies know how to train employees to recognize, avoid, and cope with online security issues but may forget to provide the same diligence to physical security. How to spot and deal with threats should be part of this training, plus cultivating an awareness of surroundings and people who might be out of place.
Management should offer a clearly stated security policy taught to everyone, which might insist that no one be allowed into a secure area without the proper pass or identification. As the security policy is updated, all employees should be aware of changes and additions.
These security measures should be part of an overall protection program, like McAfee+, which includes antivirus software, a firewall, identity monitoring, password management, web protection, and more.
If you have a large business spread over several floors, it can be hard for employees to know who works there and who doesn’t, leaving them susceptible to tailgating and piggybacking attacks. Requiring smart badges and cards to access restricted areas can help cut back on unauthorized intrusions and provide better access control.
Building fully staffed reception areas with dedicated security personnel could also be part of a larger security system.
Biometric scanners are an even more advanced way to provide proper authentication for a worker’s identity. They scan a unique physical or audible feature of a person and compare it to a database for approved personnel.
Examples of biometric security include:
One reason people are vulnerable to physical and cyberattacks is that they lack education on social engineering and the kinds of threats it poses.
Workers need to understand the full range of social engineering techniques and know-how to protect themselves, whether in their social media accounts or physical work environment.
For their part, companies can use simulated phishing emails and tailgating attacks to raise awareness and underline how to follow protocols in dealing with them.
If there are many ways to enter a business, it may make sense to put video surveillance on all entrances. Advanced video surveillance systems can use artificial intelligence (AI) and video analytics to scan the faces of people entering and compare them to a database of employee features.
Whether at work or at home, people want to be secure from attacks by cybercriminals who seek to take personal information.
To add a layer of security to all their connected devices — including computers, smartphones, and tablets — an increasing number of people are turning to the comprehensive coverage of McAfee+
Features range from advanced monitoring of possible threats to your identity, automatic implementation of virtual private networks (VPNs) to deal with unsafe networks, and personal data clean-up, removing your information from high-risk data broker sites.
McAfee protection allows you to work and play online with greater peace of mind.
The post What Are Tailgating Attacks and How to Protect Yourself From Them appeared first on McAfee Blog.
Smishing and vishing are scams where criminals attempt to get users to click a fraudulent link through a phone text message, email, or voicemail. These scams are becoming increasingly popular as cybercriminals try to take advantage of people who are more likely to fall for them, such as those who aren’t as familiar with technology or who may be experiencing a crisis.
Be aware that cybercrime and hacking can happen to anyone. Criminals are always looking for new ways to exploit people, and they know that others may not be cautious or recognize the warning signs of phishing scams when using the internet. That’s why it’s important to be aware of the different types of cybercrime and how to protect yourself.
This article discusses how to protect yourself from smishing attempts and scams where criminals try to get you to click on a fraudulent link or respond to their voicemail message to steal your personal data.
Most people are familiar with phishing scams, where scammers try to trick you into giving them your personal or financial information by pretending to be a legitimate company or organization. But have you ever heard of smishing or vishing?
Smishing is a type of phishing scam where attackers send SMS messages (or text messages) to trick victims into sharing personal information or installing malware on their devices. Vishing is almost identical to smishing, except cybercriminals use VoIP (Voice over IP) to place phone calls to trick victims instead of SMS (short message service) messages.
Smishing messages often appear to be from a legitimate source, such as a well-known company or government agency. It may even include urgent language or threats in an effort to get victims to act quickly. In some cases, the message may also include a link that directs victims to a fake website where they are prompted to enter personal information or download malware.
Here are some examples of smishing text messages hackers use to steal your personal details:
If you fall for a smishing scam, you could end up giving away your personal information or money. Cybercriminals use smishing messages to get personal and financial information, like your credit card number or access to your financial services.
For example, one type of smishing scam is when you get a text message that looks like it’s from your bank. The message might say there’s been suspicious activity on your account and that you need to click on a link to verify your identity. If you do click on the link, you’ll be taken to a fake website where you’ll be asked to enter your banking information. Once the scammers have your login information, they have access to clean out your account.
Smishing scams can be very difficult to spot, but there are some telltale signs to look for and steps to take to protect yourself.
One of the easiest ways to protect yourself from smishing scams is to be able to recognize the signs of a smishing text message. Here are some tips:
While you can’t avoid smishing attacks altogether, you can block spam text messages you receive on your mobile phone. iPhone and Android have cybersecurity tools like spam filters and phone number blocking to help protect you from phishing attacks and malicious links.
To set up spam filters on your iPhone:
To set up spam filters on your Android mobile device:
McAfee Mobile Security is a mobile security app that helps protect your phone from malware, phishing attacks, and other online threats. McAfee Mobile Security is available for Android and iOS cell phones.
One of the benefits of using McAfee Mobile Security is that it can help detect and block smishing attacks. With identity monitoring, McAfee Mobile Security monitors your sensitive information like email accounts, credit card numbers, phone numbers, Social Security numbers, and more to protect against identity theft. They notify you if they find any security breaches.
Other benefits include:
These days, our lives are more intertwined with our mobile devices than ever. We use them to stay connected with our loved ones on social media, conduct our business, and even access our most personal, sensitive data. It’s no surprise that mobile cybersecurity is becoming increasingly important.
McAfee Mobile Security is a comprehensive security solution that helps protect your device from viruses, malware, and other online threats. It also offers a variety of other features, like a secure VPN to protect your credit card numbers and other personal data.
Whether you’re browsing your favorite website, keeping up with friends on social media, or shopping online at Amazon, McAfee Mobile Security provides the peace of mind that comes from knowing your mobile device is safe and secure.
So why wait? Don‘t let the smishers win. Get started today with McAfee Mobile Security and rest easy knowing your mobile device and sensitive information are protected.
The post What Is Smishing and Vishing, and How Do You Protect Yourself? appeared first on McAfee Blog.
It’s Social Media Day! How are you celebrating? Reposting your very first profile picture from a decade ago? Sharing your most-loved status update or the photo you’re most proud of? This year, consider commemorating the day by learning more about how to keep your information safe. Enjoy your favorite platform, but be on the lookout for scams, such as social engineering.
Social engineering is a cybercrime common to social media sites. It is a tactic where a cybercriminal lurks on people’s social media pages, gleaning personal information that they then use to impersonate them elsewhere.
With more than half of the global population on social media, you may think that a cybercriminal will never single you out from such a huge pool; however, it is possible.1 Luckily, you only have to make a few, easy changes to your online habits to keep your valuable private information just that: private. Check out these tips to make smart decisions and be more confident about your and your family’s online security.
Think of the types of posts you share with your dozens – or even hundreds or thousands! – of followers: updates about your life, where you live, work, or favorite travel destinations, your hobbies, pets, family members, etc. All of these details, that only you and those closest to you should know, are a valuable commodity to cybercriminals. Plus, now that social media shopping is growing in popularity, the credit card information linked to accounts is sweetening the deal for cybercriminals.
Here are a few social engineering scams that are common to social media.
People commonly create passwords based on things, places, and people that are important. Have you ever published a 20 questions-style get-to-know-me post? Those contain a lot of valuable personally identifiable information (PII). With just a few of those details about your personal life, cybercriminals can make educated guesses at your passwords, a tactic called credential stuffing. If they’re able to crack the code to one of your accounts, they’ll then input that password and login variations in several other sites, especially online banking portals, to see if they can gain entry to those too.
You’ve won! Send us your banking information and address, and you’ll receive a package in the mail or a direct deposit to your bank account!
But did you enter a drawing for a prize? Very rarely does anyone win something just by being a follower of a certain page. If you receive a message similar to the above, it’s likely a phisher trying to draw more PII and sensitive banking information out of you. Or, the message may have links within it that redirect to an untrustworthy site. If you regularly enter social media contests, keep a list and only respond to legitimate ones. Also, never give your banking information out over social media, private messages, or email.
There are plenty of valid fundraisers and petitions circulating around social media; however, there are just as many social engineering scams that dupe social media users because they inspire a strong emotion in them. For example, there have been several scams around Ukrainian donation sites. Cybercriminals often use fear, anger, or sadness to inspire people to open their wallets and share confidential banking information.
Luckily, all it takes is a few smart habits to stop social engineers in their tracks. Consider the following tips and make these small changes to your social media usage:
At this point, you’ve probably had several of your social media accounts active for over a decade. That means it’s time to do some cleaning out of your friends and followers lists. It’s best to only accept requests from people you personally know and would actually like to keep in the loop about your life. A friend and follower request from strangers could be cyber criminals in disguise. Also, consider setting your account to private so that your posts are invisible to strangers.
Social engineering hacks often bank on people acting rashly and quickly because of strong emotion, either excitement, fear, sadness, or anger. If you see a post on your newsfeed or receive a direct message that gives you a tight window to respond and asks for PII, slow down and think before acting. Double-check the destination of every link in the message by hovering over it with your cursor and checking the link preview at the bottom of your browser screen. Be careful, because some link previews include slight misspellings of legitimate websites. As a great rule of thumb, be automatically skeptical of direct messages from people you do not personally know. And if a DM from a friend seems out of the ordinary, shoot them a text to confirm they actually sent it. It could be that their social media account was hacked and a criminal is spamming their followers.
A password manager will go a long way toward ensuring you have unique, strong passwords and passphrases for every account. Not reusing passwords makes credential stuffing impossible. McAfee True Key stores all your logins and passwords and guards them with one of the strongest encryption algorithms available. All you need to do is remember your master password. It’s a great practice to also enable multifactor authentication whenever a website offers it. This makes it incredibly difficult for a cybercriminal to break into your online accounts with their educated guesses at your password.
Now that you know what to look for and the best tricks to be safe, you can feel more confident that you’re doing everything you can to protect your online accounts and private information. McAfee Protection Score can also help you take control of your online safety. This service allows you to monitor your current online safety and encourages you to take specific steps to improve it. Now you can enjoy digitally keeping in touch with your friends with peace of mind!
1Smart Insights, “Global social media statistics research summary 2022”
The post It’s Social Media Day! Here’s How to Protect Yourself From Social Engineering Online appeared first on McAfee Blog.
With the holidays on the horizon, spirits are high—and it’s those same high spirits that hackers want to exploit. ‘Tis the season for clever social engineering attacks that play on your emotions, designed to trick you into giving up personal info or access to your accounts.
Social engineering attacks unfold much like a confidence scam. A crook takes advantage of someone’s trust, applies a little human psychology to further fool the victim, and then pulls off a theft. Online, a social engineering attack will likely involve a theft attempt of personal or account information that the crook can then use to make purchases, drain accounts, and so forth.
Not at all in the holiday spirit, right? Let’s take a look at some of their top tricks so that you can spot and avoid them.
As said, spirits can get high this time of year. There’s looking forward to gatherings with family and friends, the fun that comes along with hunting for that perfect gift, and the excitement of the holidays overall. And that’s what hackers count on—people getting caught up in the rush of the holidays, to the point where they may not look at emails, offers, shipping notices, and such with a critical eye. That’s how the scammers get their foot in the door.
Some of their favored tricks can look a little like this:
What are the holidays without that trendy “must-get” gift item, the one that’s seemingly out of stock no matter where you look? Scammers are keen on these items as well and will prop up phony ads and storefronts that pretend to sell those items but really don’t. Instead, they’re just a shady way for them to steal your debit or credit card information—or to lift a few bucks out of your pocket in return for nothing.
One way to keep from getting burned by one of these scams is to follow the old adage, “If it looks too good to be true, it probably is.” In this case, crooks are using feelings of scarcity and urgency to get you to bite. Here’s where you can take a moment before you click to do some research.
Answers to these questions can separate the good businesses from the bogus ones.
Like the above, crooks will create a sense of urgency about a hot holiday item or limited time offer. The twist comes when they request payment via a gift card rather than by credit or debit card or other legitimate online payment methods. This request is highly deliberate because gift cards are much like cash. Once the money on the card is spent, it’s gone, and these cards do not offer the same protections that come with other payment methods.
You can avoid this one easily. If anyone asks you to use a gift card as payment, it’s a scam. Gift cards are for gifts, not payment, says the Federal Trade Commission (FTC). If you come across such a scam, you can report it to the FTC as well.
Donating to a charity in someone else’s name is often a popular gift. Much the same, giving a donation to a worthy cause feels particularly good this time of year. Once again, scammers will take advantage of these good intentions by propping up phony charities designed to do nothing more than dupe you out of your money. Whether that’s a flat-out phony charity or one of the many other scam charities that have been known to pocket 90 cents of every dollar donated, this is the time of year to be on the lookout for both.
The advice here is much the same as the advice for avoiding phony businesses and retailers. Do your homework. The Better Business Bureau maintains a listing of charities that can help you make good donation choices. Also, your state government’s charity officials can help you separate good charities from bad—and even file a report if you suspect a scam is at play.
And once again, if a charity is asking for donations in the form of cash, gift cards, or wire transfer, just say no. That’s a surefire sign of a scam.
Scammers know you have packages in transit this holiday season, loaded with gifts that you’re eagerly tracking. Enter another classic scam—the phony shipping notice. The idea is that you already have so many packages on their way that you won’t think twice about opening an email with a “shipping notice” that comes in the form of an attachment. Of course, that attachment is a fake. And it’s loaded with malware.
Too bad for scammers, though. This is another one you can steer clear of rather easily. Don’t open such attachments. Shipping companies will almost certainly send along notices and invoices in the body of an email, not as an attachment. If you have a question, you can always visit the shipper’s website and look up your tracking info there. Likewise, follow up with the customer service department of the company that you purchased the item from in the first place.
While the holidays are a special time for scammers too, there are several things you can do to up the level of your protection now and year ‘round. A quick list includes:
No doubt, the holidays have a feel all to themselves, one which hackers and crooks want to take advantage of. They’ll craft their tricks accordingly and try to twist the good times that roll around at the end of the year into scams that capitalize on your good intentions. As you can see, it’s not too tough to spot them for what they are if you pause and take a moment to scrutinize those emails, offers, and sales. And that’s the thing with the holidays. We can all feel pinched for time at some point or other during this stretch. Look out for their pressure tactics and seemingly clever ways of using social engineering to rip you off. That way, you can spend the holidays focusing on what’s important—your friends and family.
The post Social Engineering: Tis the Season for Tricky Hackers appeared first on McAfee Blog.
FreshRSS 