Login
Trend Micro Research has developed a go-to resource for all things related to cybercriminal underground hosting and infrastructure. Today we released the second in this three-part series of reports which detail the what, how, and why of cybercriminal hosting (see the first part here).
As part of this report, we dive into the common life cycle of a compromised server from initial compromise to the different stages of monetization preferred by criminals. It’s also important to note that regardless of whether a company’s server is on-premise or cloud-based, criminals don’t care what kind of server they compromise.
To a criminal, any server that is exposed or vulnerable is fair game.
Cloud vs. On-Premise Servers
Cybercriminals don’t care where servers are located. They can leverage the storage space, computation resources, or steal data no matter what type of server they access. Whatever is most exposed will most likely be abused.
As digital transformation continues and potentially picks up to allow for continued remote working, cloud servers are more likely to be exposed. Many enterprise IT teams, unfortunately, are not arranged to provide the same protection for cloud as on-premise servers.
As a side note, we want to emphasize that this scenario applies only to cloud instances replicating the storage or processing power of an on-premise server. Containers or serverless functions won’t fall victim to this same type of compromise. Additionally, if the attacker compromises the cloud account, as opposed to a single running instance, then there is an entirely different attack life cycle as they can spin up computing resources at will. Although this is possible, however, it is not our focus here.
Attack Red Flags
Many IT and security teams might not look for earlier stages of abuse. Before getting hit by ransomware, however, there are other red flags that could alert teams to the breach.
If a server is compromised and used for cryptocurrency mining (also known as cryptomining), this can be one of the biggest red flags for a security team. The discovery of cryptomining malware running on any server should result in the company taking immediate action and initiating an incident response to lock down that server.
This indicator of compromise (IOC) is significant because while cryptomining malware is often seen as less serious compared to other malware types, it is also used as a monetization tactic that can run in the background while server access is being sold for further malicious activity. For example, access could be sold for use as a server for underground hosting. Meanwhile, the data could be exfiltrated and sold as personally identifiable information (PII) or for industrial espionage, or it could be sold for a targeted ransomware attack. It’s possible to think of the presence of cryptomining malware as the proverbial canary in a coal mine: This is the case, at least, for several access-as-a-service (AaaS) criminals who use this as part of their business model.
Attack Life Cycle
Attacks on compromised servers follow a common path:
|
|
The monetization lifecycle of a compromised server
Often, targeted ransomware is the final stage. In most cases, asset categorization reveals data that is valuable to the business but not necessarily valuable for espionage.
A deep understanding of the servers and network allows criminals behind a targeted ransomware attack to hit the company where it hurts the most. These criminals would know the dataset, where they live, whether there are backups of the data, and more. With such a detailed blueprint of the organization in their hands, cybercriminals can lock down critical systems and demand higher ransom, as we saw in our 2020 midyear security roundup report.
In addition, while a ransomware attack would be the visible urgent issue for the defender to solve in such an incident, the same attack could also indicate that something far more serious has likely already taken place: the theft of company data, which should be factored into the company’s response planning. More importantly, it should be noted that once a company finds an IOC for cryptocurrency, stopping the attacker right then and there could save them considerable time and money in the future.
Ultimately, no matter where a company’s data is stored, hybrid cloud security is critical to preventing this life cycle.
The post The Life Cycle of a Compromised (Cloud) Server appeared first on .
Introduction The CCNP, or Cisco Certified Network Professional, is a certification endorsing IT professionals who have the knowhow and skill to set up, configure and manage local and wide-area networks within an enterprise. CCNP certification takes you through video, voice, wireless and advanced security issues. Since the training module and examinations for the CCNP certification […]
The post Average CCNP salary 2020 appeared first on Infosec Resources.
At McAfee, we support team members who are passionate about giving back. You are encouraged and empowered to make a substantial impact in improving our community and volunteering to help others.
Piyush, a Software architect in our Bangalore office, is a team member particularly passionate about his community and has dedicated countless hours volunteering at the Sheila Kothavala Institute for the Deaf (SKID).
Two years ago, his impact was multiplied when he shared his volunteer story during McAfee’s Social Initiative Contest (SIC), a program that contributes resources to the causes important to select employees who volunteer for non-governmental organizations (NGO).
Moved by Piyush’s story, the judges funded his program for two years in a row! Funding enhanced infrastructure of a special school for hearing impaired kids and provided a tactile library that helps visually impaired students see the world through touch.
We asked Piyush four questions to learn more.
How did you get involved?
I’m a son of educators. My father was a principal and my mother was a university senior lecturer. The importance of educational success runs deep for me. Seven years ago, I found my own educational calling when I was introduced to the Sheila Kothavala Institute for the Deaf (SKID), an organization that supports the education of differently-abled students and equips them to successfully graduate high school.
How often do you volunteer?
What started as a weekend volunteer endeavor soon grew into an every-morning commitment. Before going into work at McAfee, I dedicate an hour each morning teaching math and volunteering with students at SKID.
What has helped you the most in your volunteer journey?
Figuring out how to communicate with hearing–impaired kids was a challenge for me. However, the immense support I received from the kids helped to relieve a lot of the pressure. I started to learn sign language along with them and became more effective at teaching. Spending time every day with these kids has motivated me in unexpected ways. Not only do I want to do as much as I can for them, but I also find myself more engaged at work. I’m thankful McAfee supports our passions in and out of the office.
Describe how your involvement evolved with SKID. What do you hope to accomplish in the future?
First, I want to thank McAfee for their encouragement as I can take my volunteer activities to greater heights and accomplish even more through their support. With the funds McAfee awarded, I was able to establish a complete science lab and build an interactive curriculum that complements day-to-day learning, procure games catered towards kids with special needs, and build a tactile library for visually impaired students.
After volunteering seven years with hearing-impaired students, this year, I’ve taken it upon myself to work more with the visually impaired. The joy on the faces of these kids continues to motivate me to do even more!
Piyush is a stunning example of how one person’s selfless contributions have the power to inspire others and spark change on a large scale. He continues to inspire, not just through his unrelenting dedication to helping others, but through his words by encouraging others to take simple steps in giving back.
Looking to work for a company that supports the extraordinary contributions of their team members? Search our job opportunities.
The post How Piyush’s remarkable efforts ignited a larger impact of giving back appeared first on McAfee Blogs.
Do you know the difference between Hispanic and Latino? What about the traditions that are important parts of the Hispanic culture? Or beloved Spanish or Portuguese phrases that don’t come across in English?
McAfee’s team spans 45 countries, making us a team rich in cultural diversity. We are always learning more about each other and celebrate Latin culture year-round. To commemorate Hispanic Heritage Month, which runs from September 15 – October 15, we’ve asked members of our McAfee Latino Community for their unique perspective on what being Latino means to them and to share more of the distinctive elements of their country of origin and traditions.
Check out some of the wonderful responses we received:
We couldn’t be more proud to celebrate Hispanic Heritage Month by elevating the voices of our team members and celebrating the diverse backgrounds and cultures that make up McAfee.
Simply put, a welcoming work culture where every team member feels accepted and celebrated is part of our DNA. We value all voices which make up McAfee and appreciate how they further enrich our culture.
Interested in joining a company that supports inclusion and belonging? Search our jobs. Subscribe to job alerts.
The post Celebrating multi-national cultures this Hispanic Heritage Month appeared first on McAfee Blogs.
Working at McAfee is so much more than fighting off cyber-attacks; it’s also about learning valuable life lessons and fostering meaningful relationships. Recipients of our Women in Technology (WIT) Scholarship learned firsthand the immeasurable growth and invaluable experience gained at McAfee through their participation in the summer internship program in Cork, Ireland.
As we accept applications for prospective scholars from now until November 20, we are reminded of the positive impact this program has had on previous participants. The program offers 3000 Euro annum for the chosen student per year of the course, a summer internship at McAfee Cork, and a mentor who offers guidance to the scholar on managing their academic career.
From building professional relationships to developing the skills needed for a successful career in STEM-related fields through mentorships and training, four Women in Technology (WIT) Scholarship winners share their unique experiences in the program:
The WIT Scholarship has been incredible for me in so many ways—from the practical experience of working at McAfee to the inspiration and support that I have received from my mentors and other brilliant people during my time here. I was able to put the monetary support I received towards studying at UC San Diego in 2019. The scholarship has opened so many doors for me.
The skills I have learned at McAfee have helped me with my University projects. I had the chance to improve my coding abilities, learn new languages, and use statistical tools. In an educational environment, you sometimes miss the “Why are we doing this?” aspect of learning a new skill. Through my projects at McAfee, I understood the practical implementation of coding and statistics, which gave me a greater appreciation for what I was learning in school and motivated me to further improve my skills.
Clodagh, Financial Maths and Actuarial ScienceDuring my internship, I had the chance to work with the Database Security team. I really felt like a member of the team and was made to feel valued. Everyone in McAfee was extremely friendly and approachable.
In addition to receiving the scholarship, I was lucky enough to receive two mentors. My initial mentor Ciara was incredibly thoughtful, motivational, and truly inspiring. She encouraged me to take part in extracurricular activities, so I became a committee member of the Math society in UCC. She provided me with numerous inspirational books and was always readily available to answer any questions. At the end of my second-year scholarship, I received a new mentor: Jill. She was incredibly helpful, kind, and a valuable resource in my career progression.
My plan for the future is to learn more coding languages and hopefully complete another internship with McAfee! It is truly an amazing experience.
I had the opportunity to work alongside the Applied Data Science team. They gave me lots of advice and enlightened me on their own career journeys. Their experiences gave me confidence and reassurance in my course choice and I realized that there are so many career opportunities in programming. I’ve learned so many new skills, some of which were not covered in school, and I feel like I have a true advantage in the industry.
I have learned so much about working in a multinational company. I participated in the daily stand-ups with the team. I learned about sprint demos as well as the Agile and Waterfall methods. I attended all-hands meetings, which was a brand-new experience for me. I learned how to research effectively and swiftly pass that information onto my team. I also participated in an internal dataset competition; First, learning about Machine Learning and then building my own. I managed to host my own meeting for others who wanted to get involved, which was nerve-wracking but I’m glad I did it.
I’m incredibly grateful for the vast support and opportunities that I have received through my learning path in STEM to date, particularly my involvement in the McAfee WIT Scholarship Program. My experience with McAfee has further enriched my educational experience and cultivated my passion for science and technology. As a result of receiving this scholarship, I’ve developed a particular interest in the application of data science in cyber-security. Cyber crime and cyber threats have an ever-increasing potential to cause serious harm to our society so I’m fascinated by the application of data science, machine learning and artificial intelligence in saving lives.
Know any future scientists? The closing date to apply for the WIT Scholarship is Friday, November 20, 2020. For more details on applying, click here.
Search Career Opportunities with McAfeeInterested in joining our team? We’re hiring! Apply now. Stay ConnectedFor more stories like this, follow @LifeAtMcAfee on Instagram and on Twitter @McAfee to see what working at McAfee is all about. |
The post Spotlighting McAfee’s Women in Technology Scholarship Recipients appeared first on McAfee Blogs.
By: Heiko, Senior Security Engineer, Germany
I never could have imagined that what started as a national duty to volunteer in Germany would spark an innate passion of giving back to those in need during a time of crisis.
For many years, German men were required to spend 15 months in the military after graduating from school or volunteer for community service for an equal amount of time over eight years. I chose to volunteer for the Technische Hilfswerk (THW). THW is a civic organization that provides professional help to people in distress.
Little did I know that the experience would be so rewarding that 23 years later, and with the help of McAfee’s Volunteer Time Off (VTO) benefit, I would be spending much of my free time helping those in need of THW’s services.
THW has been instrumental in providing much needed resources during the 2020 coronavirus pandemic, including erecting mobile clinical testing stations across the country and providing critical relief services for front line defense against the virus.
When the hot phase of COVID-19 reached Germany this spring, THW began preparing to build temporary hospital facilities in case the virus threatened to overwhelm hospitals. Temporary camps are built from scratch to house relief units of 500 people and more.
With more than two decades of disaster-response exercises and training behind me, I’ve become very acquainted with constructing these facilities. So, I wasn’t surprised when THW asked me to work with a local fire department to build one to increase the community’s hospital capacity for treating infected patients.
We organized containers with showers and toilets, designed the infrastructure to connect them to the existing water supply, arranged for beds and mattresses and planned needed power requirements. Volunteers assisted in transporting materials and supplies to the facility and assembling the various hospital pieces.
Over the years, volunteering for the THW has become a passion. Many of my best friends are part of the effort, which makes it even more rewarding.
Building the temporary camp was hard and required patience. For two weeks, the 12-hour days were taxing but it was worth it to contribute to the battle against COVID-19.
The spirit of our small group and others kept each of us motivated to meet our goal. Everyone did what he or she could do best, and people from other departments and organizations were willing to be as flexible as possible. I was proud to offer my training at THW to help pull together the community.
Regardless, it wouldn’t have been possible for me to help if not for McAfee’s support. My colleagues and manager chipped in to manage my projects, invoking the true spirit of teamwork.
There is no question that McAfee enables its employees to become a greater part of the community and assist whenever and wherever needed. That benefit makes it even more rewarding to give back to the community.
At McAfee, we encourage and support the efforts of our team members to make a difference in their communities. If you’re interested in joining the McAfee team, we’d love to hear from you.
|
Search Career Opportunities with McAfee Interested in joining our team? We’re hiring! Apply now.Stay Connected For more stories like this, follow @LifeAtMcAfee on Instagram and on Twitter @McAfee to see what working at McAfee is all about. |
The post One Team Member Selflessly Provides Relief to COVID-19’s Front Line appeared first on McAfee Blogs.
Paying Tribute
November 11 marks Veterans Day and Remembrance Day. It is a time for us to come together and honor the brave men and women who have risked their lives to protect our nations.
We pay tribute to those who have served in the U.S. military during Veterans Day. In the Commonwealth countries, we honor military members through Remembrance Day, a day to remember those who have passed on in the line of duty.
At McAfee, we’re proud to work with our veterans! They’ve served and protected our countries and today, they protect all that matters at McAfee.
To honor their sacrifice, we asked McAfee veterans to share throwback photos from their days of service or photos with loved ones in service. Check them out!
Thoughts from our veteran community
This Veterans Day, members from our McAfee Veterans Community share what this day means to them:
“This day reminds me of the people I worked with and the difference we made. It’s the people who volunteer to serve in the military, sacrificing years of their lives, and in some cases, their very lives, who guard and protect the freedoms guaranteed by the Constitution. All military personnel take an oath that, in part, says, ‘I will support and defend the Constitution of the United States against all enemies, foreign and domestic; that I will bear true faith and allegiance to the same.’ This oath doesn’t expire when a service member leaves military service.“
– Andrew, Senior Service Reliability Engineer, Cloud
“This day is the day we honor the silver haired guy in a Prius with a Silver Star license plate or the quiet thirty something mom in the store with her noisy kids wearing the Marine-Corps T-shirt with two tours in Afghanistan under her belt.. Not everyone was a Delta operative or a Navy SEAL. They all however – to a man and woman – had their place in the system that kept us safe. Find them; thank them for their service and your freedom.”
– Kevin, Customer Success Manager, CSG
“I will never stop being Ex Armed Forces. I think fondly of my time in the Royal Navy. I would do it all again in a heartbeat. I still get a lump in my throat when I hear “Heart of Oak” or the “The Last Post” being played. The friends I made and the people I met during my service from all countries and all parts of the Armed Forces, friend or foe, all have a similar vein running through them. Remembrance Day reminds me that while some of us are not here anymore, that vein is still with us and them.“
– Paul, Associate Technical Support Engineer, Customer Success Group
“My family has a history of service and I grew up knowing I would join the Military. I joined the Royal Navy in 1982 at age 18. I’m proud to have served and I will continue to observe the 1 minute silence and attend the remembrance service and take the time to remember the sacrifice. Lest we not forget. For those brave who gave their lives so we could live ours.”
– Tudor, Sr. Project Manager – New Product Information, Global Product Operations
We continue to make strides in actively recruiting veterans and nurturing career growth by empowering the transferable skills from active duty. Join us!
|
Search Career Opportunities with McAfee
Interested in joining our team? We’re hiring! Apply now. Stay Connected For more stories like this, follow @LifeAtMcAfee on Instagram and on Twitter @McAfee to see what working at McAfee is all about. |
The post Honoring Our Brave Military Veterans from the McAfee Community appeared first on McAfee Blogs.
At McAfee, ensuring our new team members are well prepared and supported for their roles is a top priority. From the first day of onboarding, team members are nurtured and given the tools they need for successful development.
McAfee’s traditional in-person orientation process has evolved virtually because of the pandemic. But the approach and goal is the same – to transition new team members as efficiently and comfortably as possible so they can make an immediate impact.
We asked four recent additions to the McAfee family what it’s like to join the company via virtual onboarding. They were asked to share how McAfee helped them acclimate to work life as a new employee and to offer highlights now that they’ve settled into their new roles.
Here is what they had to say:
Virtual resources make a difference: “It was my first time onboarding virtually and it felt like a once-in-a-lifetime experience. The process was executed very well, and all training materials were made available to me online. I believe providing these virtual resources was extremely helpful in my onboarding experience.”
Settling in with the right tools, team support: “Like most people in similar circumstances, I wondered what virtual onboarding was going to be like. How could I possibly retain this amount of information? At the end of the day, you realize that you really do have all the right resources. My manager was great and looped me in, and was able to help me to quickly acclimate to my role on the team. My onboarding buddy and fellow team members were also a huge help.”
Engaging and exceeding expectations: “I adapted to my new work life and virtually accomplished everything that most do in-person. I took all of my assessments online and team members offered the different resources that were essential to accomplishing my day-to-day work. My trainer was also very engaging throughout the process.”
Virtually learning to engage customers: “Through daily meetings, my sales coach prepared me for interactions with customers. I learned different ways to engage for meetings and customer visits, and was able to practice my sales pitch just as if it were in person.”
Building better relationships: “In cybersecurity, you are constantly in a state of learning. You never stop the process of improving yourself, your skills, your salesmanship and your relationships. I am now acclimated to my role and building better relationships with my customers.”
A Productive Day One: “The basic onboarding process was easy and enabled me to get the necessary tools like a badge, email and computer equipment prior so that the first day on the job was more productive than prior experiences. I could preview the excellent benefits and enroll shortly after starting, as well as acquire office equipment necessary for me to work from home.”
Easy-to-follow training, introductions: “As an experienced leader, I had no apprehension about virtual onboarding. McAfee’s training and general onboarding introductions were easy to follow and required no advance preparation. While some of the training was time consuming, it was not a burden and frankly insightful.”
Finding balance and having fun: “My role is global, so I found balance between work and family time by juggling the global time zones and meetings. The numerous social and professional groups as well as the MS Teams program with McAfee helped with acclimating to the company. McAfee always keeps it fun with competitions and challenges on the Social Hub between employees. Virtual coffee and happy hours help too.”
Collaborative and better together: “We’re having a strong year, and a big reason is that the team has been very welcoming and always willing to provide training and support – very collaborative. Our best days lie ahead. We are better together and getting better every day.”
A very normal virtual experience: “Initially, I experienced some apprehension about onboarding remotely. It’s difficult enough to learn a new job in the office, and I was worried that learning remotely without having someone sitting next to me might complicate training. But my anxiety quickly dissipated, and I can honestly say that the McAfee onboarding experience felt very normal. My manager, peers and those reporting to me were extremely helpful and stayed in constant communication as I navigated through the first several weeks at McAfee.”
Ease of learning through technology: “Virtual meetings via Teams helped me to quickly acclimate. Talking to others via video was comforting and enabled me to get to know other McAfee team members. McAfee’s onboarding technology made it very easy to learn remotely.”
No need to fear onboarding remotely: “I can truly say that the one major highlight that stands out for me is just getting to know so many amazing employees in this organization. No one should fear or have any anxiety when onboarding virtually at McAfee. It has been and continues to be a great and exciting experience!”
Easy to learn and understand: “The virtual onboarding experience was easy. The learning hub is an excellent resource and helped simplify the process, in addition to offering great product training. As someone who is not only new to McAfee but also the cybersecurity industry, I knew I would have a lot to catch up on. Everything was very easy to understand.”
Very responsive and helpful: “My recruiter stayed in touch with me and made sure my questions were answered. Any time I needed something, the human resources department was very responsive and helpful. My team also rallied around me and have provided a lot of support since I joined McAfee.”
Achieving a steady course: “I love it at McAfee and everyone has been so supportive. Teammates have been incredibly helpful in guiding me through each of their best practices so I could build my roadmap to success.”
Are you thinking about joining our team? McAfee takes great pride in providing a virtual onboarding experience with the right tools and support. Learn more about our jobs. Subscribe to job alerts.
|
Search Career Opportunities with McAfee
Interested in joining our team? We’re hiring! Apply now. Stay Connected For more stories like this, follow @LifeAtMcAfee on Instagram and on Twitter @McAfee to see what working at McAfee is all about. |
The post McAfee Team Members Share Their Virtual Onboarding Experiences appeared first on McAfee Blogs.
2020 has been quite the year for many, and through it all, we’re reflecting on everything we are thankful for. This includes the incredible stories and invaluable perspectives that come from our McAfee team members around the world.
As the year ends, we’re counting down the top 10 most read Life at McAfee blog stories. These are the stories from our team members that you love to read, and we love to tell!
When COVID-19 hit Germany, Heiko jumped into action and made an impact on his community with the help of THW and McAfee’s Volunteer Time Off (VTO) benefit. Read about Heiko’s experience and how he was able to help provide relief by helping to build a temporary hospital facility.
Navigating a global pandemic while balancing parenthood and adjusting to remote work is currently a challenge for many. In this blog, our team member, Paige, offers up four helpful tips for remote working parents.
In honor of International Women’s Day, we asked McAfee men around the world to share their perspectives on creating a more gender equal world. They offered candid and rich insights with takeaways to remember — inside and outside of the workplace. If you’re looking for an interesting conversation on gender equality, you won’t want to miss this blog.
Launching your career is an exciting experience that can also be a nerve-wracking feat. Our Women in Security (WISE) Community hosted a panel discussion to encourage our next generation of women in tech to pursue their passions. Whether you’re just starting your career or looking for a change, you’ll find useful insights on what it’s like to work in the tech industry and life at McAfee!
We talked to our Women in Technology (WIT) Scholarship recipients and discussed their participation in our summer internship program in Cork, Ireland. Read about their unique experiences being in the program — from building professional relationships to mentorships and training. This is a valuable read for anyone jumpstarting a new career.
Looking for a snapshot of McAfee internships? To celebrate National Intern Day, we asked ten global McAfee interns to share insights gained from their unique experiences.
To pay tribute to our veterans in honor of Veterans Day and Remembrance Day, we asked team members in our McAfee Veterans Community to share memories and photos from their service days. Check out what some of them had to say!
Meet Thomas, Advanced threat Researcher at McAfee by day, 3D–mask–printing expert by night. Read Thomas’ story and find out how he is making a significant impact and inspiring others to support healthcare workers during the pandemic.
In our Women in Sales series, McAfee’s sales professionals talked on how to break boundaries and achieve success in cybersecurity sales. If you want to dive into industry opportunities and gain advice to advance your career, this is the place to start!
Whether you’re an expert in remote work or working from home for the first time, you may be looking for helpful tips to set yourself up for success. In this blog, get advice from seasoned remote workers on navigating working from home and learn how you can incorporate practical tips.
The post 2020 In Review: The Top 10 Most Popular Life at McAfee Blogs appeared first on McAfee Blogs.
Today, we celebrate the life and legacy of Dr. Martin Luther King Jr. Dr. King diligently dedicated his life to dismantling systemic racism affecting marginalized groups and leading a peaceful movement to promote equality for all Americans, irrespective of color and creed. He leaves behind a legacy of courage, strength, perseverance, and a life-long dedication to pursuing a fair and just world.
At McAfee, we honor the diverse voices which make up our company and encourage every team member to bring their authentic selves to the workplace. We believe that our collective voice and action can make a difference in creating a more equal and unified world.
On this day, we commemorate MLK by honoring the man behind the message of equality. Members of the McAfee African Heritage Community share their perspectives on the impact that Martin Luther King Jr. has had on their lives and what this day means to them.
Alexus, Software Sales Engineer
When I think about what Martin Luther King Jr. Day means to me, I think of it as a time to reflect and think about the progress we have made as citizens of this country. We have made great strides, but there is much more that needs to be done for equality and justice.
I honor Martin Luther King Jr. by being of service to others around me.
I celebrate Martin Luther King Jr. Day by using my voice to uplift others.
Martin Luther King Jr. inspires me to be a man of excellence and courage.
Denise, People Operations Program ManagerFor me, Martin Luther King Jr. Day is a reminder of how far we’ve come, and how far we still have to go as a society – especially in today’s time of social unrest. Some of Dr. King’s most poignant quotes are still so applicable and impactful today.
For example – “People fail to get along because they fear each other; they fear each other because they don’t know each other; they don’t know each other because they have not communicated with each other.”
I honor Martin Luther King Jr. by doing what I can to have a positive impact on the lives of others.
I celebrate Martin Luther King Jr. Day by looking for areas to give back and serve.
Martin Luther King Jr. inspires me to do better, be better and influence the world around me accordingly.
Kristol, Global Sales Operations ManagerMLK Jr. Day is a reminder of the influence ONE person can have on people, perspectives, and shaping a platform. It means that my voice matters and that I have a right to live my dream—a dream that we continue to fight for today.
I honor Martin Luther King Jr. by never giving up on my dreams.
I celebrate Martin Luther King Jr. Day by freely bringing my authentic self to work, home and the community every day.
Martin Luther King Jr. inspires me to be a courageous, strategic and compassionate leader.
Le Var, Customer Success Manager
MLK Day always drives me to think about Dr. King’s dream and the work of the civil rights movement. I then look for ways I can make an impact in my local community to continue the work of those before me.
I honor Martin Luther King Jr. by passing the baton and sharing his dream to the next generation, molding my children to understand the past, and continuing to push Dr. King’s dream for future decades.
I celebrate Martin Luther King Jr. Day by researching African American history in an effort to broaden my own knowledge and share information I’ve learned with my peers.
Martin Luther King Jr. inspires me to make a positive impact on the community I live in. Much like Dr. King, I am one man who strives to be the dream of my ancestors. Individually, I can move boulders, but collectively, we can move mountains.
Lynne, EVP of Enterprise Global Sales and Marketing and Executive Sponsor
Martin Luther King Jr. Day means a chance to celebrate the legacy of a man who was a pivotal leader of the civil rights movement, hope and healing. Though his life was a short one, his impact was great, and there are so many lessons to learn from the words that MLK Jr. has left with us.
I honor Martin Luther King Jr. by showing up as an ally who’s ready to listen and take action.
I celebrate Martin Luther King Jr. Day by reflecting on the wise lessons shared by Martin Luther King Jr. and making it a point to have conversations about his impact.
Martin Luther King Jr. inspires me to use my voice to encourage conversation, connection and community.
Dr. Martin Luther King Jr.’s Biography
5 of Martin Luther King Jr.’s Most Memorable Speeches
MLK Day Playlist: 10 Songs in Honor of Dr. King
Interested in joining a company that celebrates diverse voices and promotes meaningful change in our world? Explore our career opportunities. Subscribe to job alerts.
The post Honoring Martin Luther King Jr.’s Legacy with McAfee’s African Heritage Community appeared first on McAfee Blogs.
Seems like the internet follows us wherever we go nowadays, whether it tags along via a smartphone, laptop, tablet, a wearable, or some combination of them all. Yet there’s something else that follows us around as well—our PII, a growing body of “personally identifiable information” that we create while banking, shopping, and simply browsing the internet. And no doubt about it, our PII is terrifically valuable.
What makes it so valuable? It’s no exaggeration to say that your PII is the key to your digital life, along with your financial and civic life as well. Aside from using it to create accounts and logins, it’s further tied to everything from your bank accounts and credit cards to your driver’s license and your tax refund.
Needless to say, your PII is something that needs protecting, so let’s take a look at several ways you can do just that.
What is PII? It’s information about you that others can use to identify you either directly or indirectly. Thus, that info could identify you on its own, or it could identify you when it’s linked to other identifiers, like the ones associated with the devices, apps, tools, and protocols you use.
A prime example of direct PII is your tax ID number because it’s unique and directly associated with your name. Further instances include your facial image to unlock your smartphone, your medical records, your finances, and your phone number because each of these can be easily linked back to you.
Then there are those indirect pieces of PII that act as helpers. While they may not identify you on their own, a few of them can when they’re added together. These helpers include things like internet protocol addresses, the unique device ID of your smartphone, or other identifiers such as radio frequency identification tags.
You can also find pieces of your PII in the accounts you use, like your Google to Apple IDs, which can be linked to your name, your email address, and the apps you have. You’ll also find it in the apps you use. For example, there’s PII in the app you use to map your walks and runs, because the combination of your smartphone’s unique device ID and GPS tracking can be used in conjunction with other information to identify who you are, not to mention where you typically like to do your 5k hill days. The same goes for messenger apps, which can collect how you interact with others, how often you use the app and your location information based on your IP address, GPS information, or both.
In all, there’s a cloud of PII that follows us around as we go about our day online. Some wisps of that cloud are more personally identifying than others. Yet gather enough of it and PII can create a high-resolution snapshot of you—who you are, what you’re doing when you’re doing it, and even where you’re doing it too—particularly if it gets into the wrong hands.
Remember Pig-Pen, the character straight from the old funny pages of Charles Schultz’s Charlie Brown? He’s hard to forget with that ever-present cloud of dust following him around. Charlie Brown once said, “He may be carrying the soil that trod upon by Solomon or Nebuchadnezzar or Genghis Khan!” It’s the same with us and our PII, except the cloud surrounding us, isn’t the dust of kings and conquerors, they’re motes of digital information that are of tremendously high value to crooks and bad actors—whether for purposes of identity theft or invasion of privacy.
With all PII we create and share on the internet, that calls for protecting it. Otherwise, our PII could fall into the hands of a hacker or identity thief and end up getting abused, in potentially painful and costly ways.
Here are several things you can do to help ensure that what’s private stays that way:
Square One is to protect your devices with comprehensive online protection software. This will defend you against the latest virus, malware, spyware, and ransomware attacks plus further protect your privacy and identity. In addition to this, it can also provide strong password protection by generating and automatically storing complex passwords to keep your credentials safer from hackers and crooks who may try to force their way into your accounts.
Further, security software can also include a firewall that blocks unwanted traffic from entering your home network, such as an attacker poking around for network vulnerabilities so that they can “break-in” to your computer and steal information.
Also known as a virtual private network, a VPN helps protect your vital PII and other data with bank-grade encryption. The VPN encrypts your internet connection to keep your online activity private on any network, even public networks. Using a public network without a VPN can increase your cybersecurity risk because others on the network can potentially spy on your browsing and activity.
If you’re new to the notion of using a VPN, check out this article on VPNs and how to choose one so that you can get the best protection and privacy possible.
In the U.S., the Social Security Number (SSN) is one of the most prized pieces of PII as it unlocks the door to employment, finances, and much more. First up, keep a close grip on it. Literally. Store your card in a secure location. Not your purse or wallet.
Certain businesses and medical practices may ask you for your SSN for billing purposes and the like. You don’t have to provide it (although some businesses could refuse service if you don’t), and you can always ask if they will accept some alternative form of information. However, there are a handful of instances where an SSN is a requirement. These include:
Be aware that hackers often get a hold of SSNs because the organization holding that information gets hacked or compromised itself. Minimizing how often you provide your SSN can offer an extra degree of protection.
Protecting your files with encryption is a core concept in data and information security, and thus it’s a powerful way to protect your PII. It involves transforming data or information into code that requires a digital key to access it in its original, unencrypted format. For example, McAfee Total Protection includes File Lock, which is our file encryption feature that lets you lock important files in secure digital vaults on your device.
Additionally, you can also delete sensitive files with an application such as McAfee Shredder, which securely deletes files so that thieves can’t access them. (Quick fact: deleting files in your trash doesn’t actually delete them in the truest sense. They’re still there until they’re “shredded” or otherwise overwritten such that they can’t be restored.)
Which Marvel Universe superhero are you? Does it really matter? After all, such quizzes and social media posts are often grifting pieces of your PII in a seemingly playful way. While you’re not giving up your SSN, you may be giving up things like your birthday, your pet’s name, your first car … things that people often use to compose their passwords or use as answers to common security questions on banking and financial sites. The one way to pass this kind of quiz is not to take it!
A far more direct form of separating you from your PII are phishing attacks. Posing as emails from known or trusted brands, financial institutions, or even a friend or family member a cybercrook’s phishing attack will attempt to trick you into sharing important information like your logins, account numbers, credit card numbers, and so on under the guise of providing customer service.
How do you spot such emails? Well, it’s getting a little tougher nowadays because scammers are getting more sophisticated and can make their phishing emails look nearly legitimate. However, there are several ways you can spot a phishing email and phony web pages as outlined here.
Comprehensive security offers another layer of prevention, in this case by offering browser protection like our own Web Advisor, which will alert you in the event you come across suspicious links and downloads that can steal your PII or otherwise expose you to attacks.
With social engineering attacks that deceive victims by posing as people the victim knows and the way we can sometimes overshare a little too much about our lives, you can see why a social media profile is a potential goldmine for cybercriminals.
Two things you can do to help protect your PII from being at risk via social media: one, think twice about what PII you might be sharing in that post or photo—like the location of your child’s school or the license plate on your car; two, set your profile to private so that only friends can see it. Review your privacy settings regularly to keep your profile information out of the public eye. And remember, nothing is 100% private on the internet. Never post anything you wouldn’t want to see shared.
The “S” stands for secure. Any time you are shopping, banking, or sharing any kind of PII, look for “https” at the start of the web address. Some browsers will also indicate HTTP by showing a small “lock” icon. Doing otherwise on plain HTTP sites exposes your PII for anyone who cares to monitor that site for unsecured connections.
By locking your devices, you protect yourself that much better from PII and data theft in the event your device is lost, stolen, or even left unattended for a short stretch. Use your password, PIN, facial recognition, thumbprint ID, what have you. Just lock your stuff. In the case of your smartphones, read up on how you can locate your phone or even wipe it remotely if you need to. Apple provides iOS users with a step-by-step guide for remotely wiping devices, and Google offers up a guide for Android users as well.
Theft of your PII can of course lead to credit cards and other accounts being opened falsely in your name. What’s more, it can sometimes be some time before you even become aware of it, until perhaps your credit score takes a hit or a bill collector comes calling. By checking your credit, you can address any issues that come up, as companies typically have a clear-cut process for contesting any fraud. You can get a free credit report in the U.S. via the Federal Trade Commission (FTC) and likewise, other nations like the UK have similar free offerings as well.
Consider identity theft protection as well. A strong identity theft protection package pairs well with keeping track of your credit and offers cyber monitoring that scans the dark web to detect for misuse of your PII. With our identity protection service, we help relieve the burden of identity theft if the unfortunate happens to you with $1M coverage for lawyer fees, travel expenses, lost wages, and more.
The post Take It Personally: Ten Tips for Protecting Your Personally Identifiable Information (PII) appeared first on McAfee Blog.
By: Smriti, People Partner
McAfee continues to recognize and celebrate hardworking mothers across our global workforce. We continue to advance in our workplace culture by offering policies and programs to better serve working parents.
Meet Smriti as she shares her incredible story as a new mother and how McAfee helped her to transition comfortably into a new role as a working parent.
My journey at McAfee began in 2017 as a People Partner. My role includes developing policies and processes for People Success.
My husband and I were delighted to welcome our first-born. In 2019, we welcomed our daughter into our family. While becoming a new parent is both rewarding and fulfilling, it can also be an overwhelming experience. The job of a parent is never-ending. There is no 9 – 5 schedule and you can’t check out. You’re always on parent duty 24 hours a day, 7 days a week.
McAfee’s family-friendly policies and benefits helped our new family bond together. I spent quality time with my daughter during my maternity leave. From receiving baby gifts in the mail from McAfee to getting the insurance coverage and mental health support that I needed, McAfee’s benefits for working parents were a blessing for us.
Parenthood is never without its obstacles, and most times, unforeseen ones. When my family could not make it home due to travel restrictions because of COVID-19, I got the support I needed to extend my leave. I also opted for the Gradual Return to Work Program designed for new moms. This ensured that I would not be overwhelmed when reentering the workforce and that my priorities were well understood.
I received a warm welcome from everyone, including my team and my manager. I consider myself fortunate to work for a company that understands the value of a new family. Working moms often struggle with work and family. Still, with a little support, they can indeed thrive in their workplaces and have a fruitful career.
My Life’s Manta is to always look at the bigger picture in life and be thankful for what you have, rather than think about the downsides. Personally, this helps me to be happy and content.
All over the world, McAfee’s benefits continue to evolve to reflect the needs of working parents. From extended bonding leave to expanded opportunities that help parents transition with our Return to Workplace program, we work tirelessly to create a range of programs unique to each country. We continue to support those who have paused their careers to care for their families as well as new working parents.
Learn more about the ways McAfee is serving working parents and building an inclusive workplace by following Life at McAfee on Instagram and @McAfee on Twitter.
Interested in joining forces with us? Explore our job opportunities. Subscribe to job alerts.
The post How McAfee’s Inclusive Maternity Benefits Helped Me Thrive as a New Mom appeared first on McAfee Blogs.
My McAfee Chronicles is a series featuring McAfee team members who have interesting and inspiring life stories to share. Meet Shiva, a Software Development Engineer in Bangalore, India.
When a traumatic road accident changed the course of Shiva’s life, he had two options – give up on life or give life his best shot. For Shiva, there was only one obvious choice. Through his unrelenting willpower and sheer determination, he was able to overcome all odds.
Shiva shares his deeply inspirational story below:
My journey at McAfee started in 2011 when I joined the company. In 2013, my life was turned upside down. I was on a road trip with a few friends when we got in a car accident. Although I was fortunate enough to survive, unlike two of my friends, I suffered from a severe nerve injury that left me paralyzed from the neck down.
The next few months were some of the roughest of my life. Due to the extent of my injuries, I spent several months recuperating in the hospital. Soon, I hit my limit for medical insurance coverage. No one is ever prepared to face such a financial situation and I was no different. However, I was extremely fortunate that McAfee came forward and supported me in every possible way, both financially and emotionally. With McAfee’s support, I was able to receive the best treatment for my needs.
I spent close to 10 months in the hospital and doing rehab, slowly picking up the pieces of my life again. Even simple things like sitting or talking to someone took me a great deal of effort. However, giving up was never an option for me. My doctors encouraged me to engage mentally, and that’s when I slowly started to contribute at work again.
Before my accident, I led two projects for my team. Even though my mobility was restricted, I still have the ability to think. So, my team came forward and encouraged me to work again. I started at a slow pace, mostly talking on the phone and sharing my thoughts with my team. My team served as my hands and legs, coding and working on my unfinished projects. My leaders and team members turned out to be my biggest strength. They would visit me often to cheer me up and we would celebrate special occasions together. I was overwhelmed by their love and support.
Finally, it was time to get back to the office. When I started walking a little, I slowly got back to work in a phased manner. McAfee gave me the flexibility that I needed to put together the pieces of my life. Although it was wonderful to be back, returning didn’t come without its challenges. I could not drive to work anymore. For some time, my teammates helped me get to the office. On other occasions, I would hire a taxi. On the days when it rained, it was challenging to find a cab, given Bangalore’s traffic.
Around the same time, McAbility was formed in India. I became a part of it and brought my commute issue to McAfee’s knowledge. I’m glad to say that McAfee did not hesitate to arrange a special cab exclusively for me. McAfee welcomed and acted on every suggestion that I shared regarding improving mobility issues in the office.
With the support of my family, team members and McAfee, life slowly started to get back to normal. I even got a chance to visit my colleagues in the Cork office, which was a life changing moment for me. The support that I received from everyone around me was a crucial part of my recovery. Even now when I’m in the office, people stop by and ask me how I am doing and it is heartwarming.
“Any emotion, if it is sincere, is involuntary”, by Mark Twain. If you want to be a good person or be kind to someone, it will come to you naturally. You wouldn’t have to try too hard.
For more stories like Shiva’s or to learn more about our company culture, follow @LifeatMcAfee on Instagram and @McAfee on Twitter.
Interested in joining McAfee? We’re hiring! Apply now.
The post Shiva’s Tragic Accident Turns into a Story of Resilience appeared first on McAfee Blogs.
The generosity and kindness displayed by team members across McAfee is one major factor that makes up the incredible culture of the company. At McAfee, we empower our team members to initiate meaningful ways to give back to the community. It came to no surprise when a large group of team members came together in order to run a donation drive to benefit the Make-A-Wish Foundation.
The Make-A-Wish Foundation is a nonprofit corporation that helps grant wishes to thousands of children fighting life-threatening medical conditions. One way to support the foundation is by donating airline miles. Nationally, Make-A-Wish needs more than 2.8 billion miles, or 50,000 round-trip tickets, to cover every child’s travel wish each year. Every mile donated will help kids and their families travel to destinations around the world, once it is safe to resume travel. It is just one of the ways that individuals can help create a life-changing wish experience.
Some of our team members organized an air miles donation drive and encouraged others to donate their miles to the cause. The impact was astronomical, with team members raising over 585,000 miles to benefit the Make–a–Wish Foundation in the Bay Area.
We reached out to three airline mile contributors at McAfee and discussed what inspired them to contribute to this extraordinary initiative.
Derek, Product Manager, Hawaii
I was happy to see the McAfee family come together and support a terrific cause by donating airline miles to the Make-A-Wish Foundation. Giving is a key element in my faith and a core value. I knew that I could either cash in the points and do something with my family, or I could put the miles towards an even greater purpose and help a child who is truly in need of experiencing something special. The choice was an easy one to make.
I believe that helping others is one of our top callings. That is why I choose to give and do so generously with joy. I know that I’m not alone here at McAfee. There is a great culture of generosity that I’ve witnessed across the organization and I’m happy to simply be a part of that and do what I can to help others.
Laura, Senior Manager Business Operations, Santa Clara, California Years ago, my brother was a starving college student who volunteered for a local charity and drove cancer patients to their medical appointments. When I asked him about his volunteer work, he said that he didn’t have a lot of money, but he had time. Volunteering allowed him to make a difference in someone’s life and give back. It was a life–changing moment for me because it expanded how I think about giving to include time, donations and acts of kindness.
I chose to participate in the air miles donation drive because I love that this program provides time for critically ill children to spend with their loved ones while creating memorable and happy experiences.
I am incredibly grateful to our McAfee leaders who create opportunities for us to give back. Giving back is at the core of McAfee’s DNA and having closely connected teams makes it easy for team members to answer a call to action.
Pramod, Principal Engineer, Portland, Oregon
Giving is all about making small differences whenever and wherever you can, in any form. We can make a huge difference in the lives of others, especially when we are in a position where we can help those who need us the most.
When team members from the enterprise organization set up a drive for the Make-A-Wish Foundation, it connected with me on a personal level. As I went through the stories of children whose wishes were granted through the program, I was moved to learn about how a little effort can create the best moments in someone’s life.
Meaningful communication from our HR team members and leadership promoting efforts to volunteer and give back to the community are motivating. I like that McAfee has a dedicated site that team members can access for giving and that there are opportunities in which McAfee matches team member donations. Collectively, we can make a big difference to the world around us. Truly, together is power.
At McAfee, we encourage and support the efforts of our team members to make a difference in their communities. If you’re interested in joining the McAfee team, we’d love to hear from you.
Search Career Opportunities with McAfee
Interested in joining our team? We’re hiring! Apply now.
Stay Connected
For more stories like this, follow @LifeAtMcAfee on Instagram and @McAfee on Twitter to see what working at McAfee is all about.
The post How a Group of McAfee Team Members Helped Change the Lives of Critically Ill Children appeared first on McAfee Blogs.
After experiencing a health scare that changed his life, VP of Technology Services, Paul, vowed to make incremental changes by incorporating four important health pledges into his daily routine.
Hear Paul’s life-changing story, how his diagnosis impacted his outlook on prioritizing his physical and mental health, and how he describes McAfee’s role in empowering him and others to follow their own wellness goals.
“To the leadership team and colleagues around me, thank you for giving me the time, space and flexibility to recover. The fact that we can 100% check out and focus on our wellbeing is paramount. At McAfee, that’s in our culture and our spirit.”
Here are Paul’s recommendations of four daily practices that every person can incorporate daily into their busy schedules.
Get up and Walk
Plan for virtual 1:1 walking meetings with your team, it allows you to stay active even on the busiest days.
Hydrate
Keep a cannister of ice, cold water at your desk so that you can stay hydrated throughout the workday.
Takes Breaks
Take mental breaks and intentionally unplug. Spend time away from your electronic devices by avoiding emails or going on chat.
Stand Up
It can be easy to sit at your desk all day. This doesn’t benefit your health. Instead, stand up and find ways to move.
At McAfee, we believe that your mental and physical wellbeing is a top priority. That’s why we encourage team members to take the time they need to reset, recharge, and care for their health. Between our paid holidays, unlimited vacation policy in the U.S., and leave policy, we enable our team to balance work with life’s responsibilities. We know that the key to living our best lives at and away from the office starts with focusing on wellbeing.
Want to work for a company that encourages team members to prioritize their health and wellbeing? Check out McAfee’s Latest Career Opportunities. Subscribe to Job Alerts.
Stay Connected
For more stories like this, follow @LifeAtMcAfee on Instagram and @McAfee on Twitter to see what working at McAfee is all about.
Search Career Opportunities with McAfee
Interested in joining our team? We’re hiring! Apply now.
The post McAfee VP Shares His Four Pledges for a Healthier Lifestyle appeared first on McAfee Blogs.
This post was written by Emmanuel
Making the most of opportunities and putting in the work with an employer who invests in you is a powerful combination. My journey at McAfee would not be complete had it not been for the chance to prove myself.
McAfee Rotation Program (MRP) program helps candidates find the right fit within the organization. MRP consists of five-month-long placements within Professional Services, Pre-Sales Engineering, Security Operations, and Sales Operations. To be accepted, candidates must complete and score well during three rigorous days of evaluation.
There is no promise you’ll be hired, only the promise that McAfee will give you every chance to prove your worth. And when you succeed, the benefits are far greater than just a paycheck.
In 2018, about a year after earning my Bachelor’s Degree in Mechanical Engineering and Mathematics, I learned about the program while looking for work. Even though cybersecurity wasn’t my background, I decided to take a chance.
McAfee flew me from my home in New Jersey to Dallas to complete an intensive course consisting of 10- to 12-hour days of interviews, presentations, logic tests, and team-building exercises. One of the toughest parts was presenting on McAfee products, something I knew very little about, and having only a few hours overnight to prepare once given the assignment.
Those days were extremely challenging and tested me in ways that I didn’t think possible. Even though it wasn’t really tailored to my area of studies, the program was an opportunity to work for one of the largest global corporations. I was resolved to stay focused and make an impression.
And I was hungry. Failing wasn’t an option. I had done my research and wanted the opportunity to work for McAfee.
About two weeks after the course, McAfee informed me that I was one of six candidates to be accepted into the MRP. The journey to help me find the best position soon began.
For the next two years, I worked five rotations or positions within the program’s designated areas. It wasn’t long before I began charting my path to what interested me most.
Last year, I achieved my goal of becoming an Enterprise Security Engineer.
I could not have achieved success without God, the help of a lot of people, and a diverse culture that embraces personal and professional growth.
McAfee gives you the opportunity to not just find what you do best but fulfill your passions. Along the way, you are recognized and mentored – a great achievement was receiving the “Who’s Doing This” award based on performance within my first year at McAfee.
The company invests in you personally and professionally, not just through training opportunities, but by encouraging healthy lifestyles and work-life balance. When we’re not working remotely, every Friday employees can bring their dogs to work through the Pups at Work Program. Some people have actually become attached to their coworkers’ pets!
Building connections has helped launch my career, understand where I want to go and how to get there. Like any new hire, you have to develop into your role, and that is only made possible with the right direction and encouragement. Coworkers and leadership have continually helped me along my journey.
Even through a period of remote working, McAfee has developed an online culture which makes you feel as though everybody is collaborating in person.
And the learning never stops. My mentor spends time each month guiding me down my career path, which is a huge plus.
What I like about McAfee is you are given every chance to succeed, which instills a strong work ethic and the ability to give back. I was fortunate to help lead another MRP soon after completing my rotation. Leadership entrusted me to coordinate the program from start to finish, and it was rewarding to watch the development of those who succeeded.
My time here has been sweet, and I could not pick a better company to launch my career. I’ve gone from somebody with no background in information technology and security to being a subject matter expert.
Those three days in Dallas were tough, but sometimes you have to put in a little sweat equity to reach your goal. They are among the greatest days of my career and make working for McAfee that much sweeter.
Are you thinking about joining our team? McAfee takes great pride in providing candidates every opportunity to show their true value. Learn more about our jobs. Subscribe to job alerts.
The post How I Seized McAfee’s Opportunities to Realize My Potential appeared first on McAfee Blogs.
I’m about to tell you an extraordinary fact about cybercrime. Some of the most significant data breaches in internet history weren’t after bank account numbers, cryptocurrency, or even credit card numbers. They were, in fact, after YOU. That’s right, the most valuable data on the internet is the data that comprises your identity. Let’s take a look at what that data is, how it gets leveraged by cybercriminals, and how you can get the online identity monitoring you deserve.
1 billion is a big number. In the case of a recent CVS database leak, that’s how many user records were accidentally released online, including details like email addresses and even searches about Covid vaccines. This is just one of the dozens of breaches that have occurred recently and will continue to happen as personally, identifiable information becomes more valuable to cybercriminals. Just as remarkable as the huge volume of user data being exposed online is the speed with which compromised data is used by hackers online. Cybersecurity researchers recently discovered that cybercriminals access leaked or stolen credentials within 12 hours to exploit them as soon as possible. These circumstances beg the question, why has your personally identifiable information has become so valuable lately?
While the value of some information, like a credit card number, is obvious, you may think your name and date of birth aren’t that big of a deal. After all, it wasn’t so long ago that you could find all that information in a phone book. In fact, personally identifiable information (PII), also known as data used to identify a specific individual, is what many data breaches are after.
Armed with just a mailing address, a phone number, and a date of birth, a cybercriminal can begin constructing a fake identity to take out loans and disguise many kinds of criminal activities. With a social security number and a few personal details from a social media account, they could take over a bank account. When it comes to your PII, any information is as good as gold to cybercriminals.
If our PII were treated like actual gold and held in a safe location like Fort Knox, I wouldn’t be writing this post. But in fact, it’s the currency we use to obtain many services in our connected lives. Social media sites are massive repositories of PII, and their access to our most personal details and the ability to sell it to marketers is the reason the service remains free. Free email services are the same. Now consider all the other accounts we may have created to, say, try out a streaming service for free, or even old accounts we no longer use. From that perspective, you can see how much of your data is being used by companies, may not be very well protected, and is a tempting target for cybercriminals. Fortunately, there are many things you can do to keep your identity safer online.
When it comes to protecting your PII, knowledge is power. Let’s start by identifying if you’ve been the target of a data breach. Here are a few tell-tale signs:
Okay, now that you know the signs of a data breach, let’s look at how you can take action to protect yourself. The best way to avoid being the victim of identity theft is by limiting the amount of PII you provide. There are some easy ways to do this.
Only a few types of organizations legitimately need your social security number. These include employers or when contracting with a business, group health insurance, financial and real estate transactions, applying for credit cards, car loans, and so forth.
Quizzes, social media games, and other kinds of interactive clickbait are often grifting pieces of your PII in a seemingly playful way. While you’re not giving up your SSN, you may be giving up things like your birthday, your pet’s name, your first car … things that people often use to compose their passwords or use as answers to common security questions on banking and financial sites.
A phishing email poses as a real email from known or trusted brands and financial institutions. These emails attempt to trick you into sharing important information like your logins, account numbers, credit card numbers, and so on under the guise of providing customer service. Here are some more ways to spot a phishing email.
Clearly, we’re in a new era when it comes to securing our identities online. In response, McAfee has created a new kind of identity monitoring.
We knew from the outset Identity monitoring had to be proactive, holistic, and accessible. We also wanted it to follow the timeline for how cybercrime actually affects your identity. When it comes to PII, the breach is just the first step for cybercriminals. The 10 months following a breach is when cybercriminals will use your PII to commit fraudulent acts using your data.
To address this, your identity monitoring looks after more personally identifiable information than other leading competitors. It will also alert you of stolen personal info an average of 10 months ahead of other monitoring services. And it’s accessible anywhere via mobile app, browser, and the web.
In practice, McAfee’s identity monitoring protects all your online accounts by doing the following:
As we spend more of our lives online, we need an approach to security that reflects this new reality. Identity monitoring is part of it. VPN is part of it. Antivirus is part of it. They are all pieces of a puzzle that we solve with products like McAfee Total Protection. Our premier security service is comprehensive, affordable, and, with identity monitoring, an indispensable part of your life online.
The post Identity Protection Service: The Best Solution to a Growing Problem appeared first on McAfee Blog.
The COVID-19 pandemic forced many of us to quickly adjust to the new normal — case and point, admitted that they switched to digital activities like online banking, social networking, and online shopping in 2020 out of convenience. Research now shows that consumers’ reliance on this technology is here to stay. PwC found that 44% of global consumers now shop more using their smartphones compared to when COVID-19 began. While having the world at your fingertips is convenient, how does this digital lifestyle change expose users to cyber threats, especially attacks on mobile devices?
It’s no secret that cybercriminals tend to manipulate their attacks based on the current trends set by technology users. As you reflect on how increased connectivity affected your everyday life, it’s important to ask yourself what could be lurking in the shadows while using your mobile devices. With more of us relying on our devices there’s plenty of opportunities for hackers. This begs the question, what does mobile security look like in a post-pandemic world?
In addition to the increased adoption of digital devices, we had to figure out how to live our best lives online – from working from home to distance learning to digitally connecting with loved ones. And according to McAfee’s 2021 Consumer Security Mindset Report, these online activities will remain a key part of consumers’ post-pandemic routines. But more time spent online interacting with various apps and services simultaneously increases your chance of exposure to cybersecurity risks and threats. Unsurprisingly, cybercriminals were quick to take advantage of this increase in connectivity. McAfee Labs saw an average of 375 new threats per minute and a surge of cybercriminals exploiting the pandemic through COVID-19 themed phishing campaigns, malicious apps, malware, and more. New mobile malware also increased by 71%, with total malware growing nearly 12% from July 2019 to July 2020. As consumers continue to rely on their mobile devices to complete various tasks, they will also need to adapt their security habits to accommodate for more time spent online.
Here at McAfee, we recognize that the way you and your family live your digital lives has changed. We want to help empower you to protect your online security in your hyper-connected lifestyle. To help provide greater peace of mind while using your mobile devices, follow these tips to help safeguard your security.
When setting up a new device or online account, always change the default credentials to a password or passphrase that is strong and unique. Using different passwords or passphrases for each of your online accounts helps protect the majority of your data if one of your accounts becomes vulnerable. If you are worried about forgetting your passwords, subscribe to a password management tool that will remember them for you.
Remember to physically lock your mobile devices with a security code or using facial recognition as well. This prevents a criminal from unlocking your device and uncovering your personally identifiable information in the event that your phone or laptop is stolen.
Multi-factor authentication provides an extra layer of security, as it requires multiple forms of verification like texting or emailing a secure code to verify your identity. Most popular online sites like Gmail, Dropbox, LinkedIn, Facebook, etc. offer multi-factor authentication, and it takes just a few minutes to set it up. This reduces the risk of successful impersonation by hackers who may have uncovered your credentials.
Hackers tend to lurk in the shadows on public Wi-Fi networks to catch unsuspecting users looking for free internet access on their mobile devices. If you have to conduct transactions on a public Wi-Fi network, use a virtual private network (VPN) like McAfee® Safe Connect to help keep you safe while you’re online.
Be skeptical of text messages claiming to be from companies with peculiar asks or information that seems too good to be true. Instead of clicking on a link within the text, it’s best to go straight to the organization’s website to check your account status or contact customer service.
Some cybercriminals send texts from internet services to hide their identities. Combat this by using the feature on your mobile device that blocks texts sent from the internet or unknown users. For example, you can disable all potential spam messages from the Messages app on an Android device by navigating to Settings, clicking on “Spam protection,” and turning on the “Enable spam protection” switch. Learn more about how you can block robotexts and spam messages on your device.
Prepare your mobile devices for any threat coming their way. To do just that, cover these devices with an extra layer of protection via a mobile security solution, such as McAfee Mobile Security.
COVID-19 changed our relationships with our digital devices, but that does not mean we have to compromise our online security for convenience. Incorporating these tips into your everyday life can help ward off mobile cyber threats and stay a step ahead of hackers.
The post The Future of Mobile in a Post-COVID World & How to Stay Secure appeared first on McAfee Blogs.
Written by Shuborno, Principal Engineer
At McAfee, architects and engineers continuously have opportunities to make decisions that impact customers and propel exciting and meaningful careers. They also work with leaders focused on supporting their learning and growth. These truths have been constant and driving forces for me throughout my 15+ years with the company.
Today, I am a Principal Engineer at McAfee. My job is to translate product and customer goals into the technology we must build to enable and sustain those goals. It is challenging, fulfilling work that impacts 40 million customers around the world and motivates me every day.
This role is also a high in my personal career journey, one that started with a McAfee internship while I was a student at the University of Waterloo in Ontario, Canada.
Supportive leadership is an important, and differentiating, element of McAfee’s culture. Being promoted to Principal Engineer was, of course, an incredibly proud moment in my career, but the support and encouragement of my managers and mentors helped me get there.
When I moved into the Software Architect role, I met with the head of Consumer Engineering who — to my surprise — arranged for the Chief Architect to mentor me. Things took off from there.
Jeremy, one of my mentors, helped me realize the impact I could make by asking a simple question: “If there is something important that needs to be done, why aren’t you doing it?”
That encouragement, support, and coaching gave me the confidence and motivation to achieve the Principal Engineer career goal. It also helped me understand the importance of supportive leaders focused on helping their teams learn, grow, and succeed.
Beyond the office, McAfee leaders supported my growth, too. Early on as an architect, my manager encouraged me to get involved with Toastmasters, an organization that teaches public speaking and leadership skills. I’ve used skills gained there when presenting to fellow architects and engineers, C-level executives including the CTO, as well as during my Principal Engineer Committee Panel presentation. (Today, I’m also the Vice President of Education for my local Toastmasters Club!)
The leadership support I’ve experienced at McAfee enabled me to learn, grow, and thrive, inside and outside the office. I know that the same support will be available for you — and anyone who joins the McAfee team — because when McAfee employees thrive, McAfee thrives, too.
Are you considering joining our team? McAfee takes great pride in a culture that promotes personal growth and professional success. Learn more about our jobs. Subscribe to job alerts.
The post My Journey from Intern to Principal Engineer appeared first on McAfee Blogs.
T-Mobile, the popular US mobile phone service provider, recently confirmed a data breach affecting 7.8 million current customers and 40 million records from past or prospective customers. The stolen data included customer names, dates of birth, social security numbers, and driver’s license information. Fortunately, subscriber credit card information and other financial details were not affected in the breach.
Even though financial data was spared in the breach, the types of information stolen, along with the vast volume of affected subscribers mean that all T-Mobile subscribers should take immediate action to secure their identities and accounts online.
This is the immediate step all affected subscribers should take.
As part of T-Mobile’s response, they are offering an identity protection service exclusively to all affected customers, free for two years. This identity protection service gives customers the ability to monitor personal info, including your SSN, bank account numbers, debit cards, email addresses, phone numbers, and more. If info is found on the dark web, customers will receive guidance to help secure online accounts. Should identity theft occur, the identity protection service includes fraud resolution support and identity theft insurance for peace of mind. The free 24 months of identity protection will be delivered directly by T-Mobile. The company is also encouraging customers to sign up for their Account Takeover Protection service.
One lesser-known type of data stolen in the breach was International Mobile Equipment Identity (IMEI) numbers, which allow individual devices to be identified on a mobile network. Access to IMEI numbers could enable SIM-swap attacks which make account takeovers possible. With an account takeover, two-factor authentication through text message becomes vulnerable, allowing hackers potential access to bank accounts, among others. App-based multi-factor authentication, using a solution like Google’s Authenticator, allows you to authenticate your identity from other devices, instead of having authentication tied to your mobile phone number.
T-Mobile will be contacting impacted customers directly. However, cybercriminals and scammers may also take advantage of this data breach to scam people using email. They will often pose as major corporations or other trustworthy entities to trick you into willingly providing information like website login credentials or, even worse, your credit card number. We’ve provided additional information here to help you to recognize legitimate emails.
In its simplest form, your digital identity is made up of a whole host of things that can be traced back to you and who you are. This includes email accounts, cell phone numbers, bank accounts, your tax ID, and more. Read our additional tips to protect your digital identity.
For regular updates and official news from T-Mobile, visit their Newsroom blog here.
The post T-Mobile’s data breach exposes the personal data of 40 million appeared first on McAfee Blog.
“My phone’s been hacked!” Words you probably don’t want to hear or say. Ever.
Your phone gets to be like an old friend after a while. You have things laid out the way you like, your favorite apps are at the ready, and you have the perfect home screen and wallpaper all loaded up. So, if you unlock your phone one day and notice that something is a little … off, you’ll know pretty quickly. And it could be a sign that your phone may be hacked.
It’s often pretty easy to tell when a piece of your tech isn’t working quite right. The performance is off, things crash, and so on. While there are several cases where there’s a legitimate technical issue behind that, it could also be the sign of a hacked device.
Many hacks and attacks involve the installation of malware on the device, which eats up system resources, creates conflicts with other apps, and uses your data or internet connection to pass along your personal information—all of which can make your smartphone feel a little off.
A few examples follow. Note that these may be signs of a hacked phone, yet not always.
A suddenly sluggish phone or one that simply can’t hold a charge anymore are often attributed to phones that are getting a little old (these things happen). Yet, those same behaviors can also be signs of a compromised phone. For example, malicious bitcoin miners can run in the background and cause all types of performance issues because they eat up battery life and take up resources that your phone could otherwise normally use. In a way, it’s like having a second person using your phone at the same time you are.
Similar to the performance issues mentioned above, malware or mining apps running in the background can burn extra computing power, battery life, and data. Aside from a performance hit, they can cause your phone to physically run hot or even overheat. So if your phone feels like it’s been sitting in the sun, this could be a sign that malware is present.
If you’re seeing more popup ads than usual or seeing them for the first time, it could be a sign that your phone has been hit with adware—a type of malicious app that hackers use to generate revenue by distributing ads without the consent of the user. Furthermore, those ads may be malicious in nature as well (which is a good reminder to never click on them). Such ads may lead to bogus products and services or pages designed to steal personal information. All in all, malicious adware is what hackers prop up to make money off unsuspecting people.
A potential telltale sign that your phone has been hacked is the appearance of new apps that you didn’t download, along with spikes in data usage that you can’t account for. Likewise, if you see calls in your phone bill that you didn’t make, that’s a warning as well.
Big red flag here. Like seeing an unknown charge or payment in your bank statement, this is a possible sign that a hacker has hijacked your phone and is using it to transfer data, make purchases, send messages, or make calls via your phone.
To help keep your phone from getting hacked in the first place, there are a few relatively easy steps you can take. Inside of a few minutes, you can find yourself much safer than you were before.
1. Use comprehensive security software on your phone. Over the years, we’ve gotten into the good habit of using this on our computers and laptops. Our phones? Not so much. Installing security software on your smartphone gives you the first line of defense against attacks, plus several of the additional security features mentioned below.
2. Stay safer on the go with a VPN. One way that crooks can hack their way into your phone is via public Wi-Fi, such as at airports, hotels, and even libraries. These networks are public, meaning that your activities are exposed to others on the network—your banking, your password usage, all of it. One way to make a public network private is with a VPN, which can keep you and all you do protected from others on that Wi-Fi hotspot.
3. Use a password manager. Strong, unique passwords offer another primary line of defense. Yet with all the accounts we have floating around, juggling dozens of strong and unique passwords can feel like a task—thus the temptation to use (and re-use) simpler passwords. Hackers love this because one password can be the key to several accounts. Instead, try a password manager that can create those passwords for you and safely store them as well. Comprehensive security software will include one.
4. Avoid public charging stations. Charging up at a public station seems so simple and safe. However, some hackers have been known to “juice jack” by installing malware into the charging station. While you “juice up,” they “jack” your passwords and personal info. So what to do about power on the road? You can look into a portable power pack that you can charge up ahead of time or run on AA batteries. They’re pretty inexpensive and can prevent malware from a public charging station.
5. Keep your eyes on your phone. Preventing the actual theft of your phone is important too, as some hacks happen simply because a phone falls into the wrong hands. This is a good case for password or PIN protecting your phone, as well as turning on device tracking so that you can locate your phone or even wipe it remotely if you need to. Apple provides iOS users with a step-by-step guide for remotely wiping devices and Google offers up a guide for Android users as well.
A phone that’s acting a little funny may indicate a run-of-the-mill tech issue, yet it could also be a tell-tale sign of a hack. At a minimum, following up on your gut instinct that something isn’t quite right can take care of a nagging tech issue. But in the event of a possible hack, it can save you the far greater headache of unauthorized charges and purchases, and even identity theft. If you spot a problem, it absolutely pays to take a closer look. Follow up with tech support for help, whether that’s through your device manufacturer, retailer, or your antivirus providers. They’ll help pinpoint the issue and get you on your way.
The post Help! I Think My Phone’s Been Hacked appeared first on McAfee Blog.
A good time to check if someone is using your identity is before it even happens.
One of identity theft’s several downsides is how people discover they’ve become a victim in the first place—by surprise. They go to rent an apartment, open a line of credit, or apply for financing, only to discover that their finances or reputation has taken a hit because of identity thief.
And those hits add up, particularly when you look at the dollars involved. In 2020, the Federal Trade Commission (FTC) reported $3.3 billion in financial losses from 4.7 million reported cases of fraud, a 45% increase over the year prior. Of those reports, identity theft was the leading fraud category, accounting for 29% of fraud incidents.
Plenty. Depending on the type and amount of information an identity thief gets their hands on, they can harm your finances and reputation in several ways, including:
Rather than ending up with a rude and potentially costly surprise of your own, you can get ahead of thieves by checking to see if someone is using your identity before it’s a problem or before it really takes root.
Major data breaches that expose personal information seem to hit the headlines with some regularity, not to mention the many, many more that don’t get national or international press coverage. Most recently we have the Neiman Marcus breach, where this major retailer alerted 4.6 million customers that “an unauthorized party obtained personal information associated with certain Neiman Marcus customers’ online accounts.”
And as it is with many such breaches, it took quite some time before the theft of information was discovered. Per Neiman Marcus, it’s believed that the breach occurred in May 2020 and only discovered in September of 2021. Potentially compromised information included:
Whether or not you have reason to suspect that your information got caught up in this recent large-scale breach, it serves as a good reminder that any time is the right time to check up on your identity. Acting now can save headaches, potentially big headaches, later.
Quite a bit of identity theft prevention begins with taking stock of the accounts and services you have in your name. This ranges anywhere from bank accounts to public utilities and from credit cards to loans, all of which contain varying degrees of personal information about you. With a sense of where your personal identity is being used, you can better look for instances where it’s being misused.
Ways you can spot for possible identity theft include:
If you stop receiving a bill that normally comes to you, such as a utility bill or for a department store credit card, that could be a sign that a thief has changed the mailing address and has potentially hijacked your identity.
This is rather straightforward, yet it reminds us how important it is to look at our statements closely. Charges that you didn’t ring up or that seem slightly higher than normal are a surefire sign that you should follow up with the bank or company involved and let them know of possible fraud.
In the U.S., you have annual access to free credit reports from the major credit reporting agencies. Not only will this give you a sense of your credit score, but it will also show the credit that’s open in your name, along with addresses associated with your identity. Spotting an account that you haven’t signed up for or seeing an address of a residence that you’re not renting are other common signs that your identity may have been compromised.
With the number of accounts many of us have these days, a credit monitoring service can help you stay on top of what’s happening in your name. Often offered through banks, credit unions, and even insurance providers, credit monitoring can alert you in several instances, including:
Overall, credit monitoring can act as another set of eyes for you and spot potential identity issues. Different services provide different levels of monitoring, so consider reviewing a few options to find the one that works best for you.
One like our own Identity Protection Service will monitor several types of personally identifiable information, alert you of potentially stolen personal info, and offer guided help to neutralize the threat—in addition to offering several preventative steps to help keep theft from happening in the first place. With this set up on your computers and smartphone you can stay in the know and address issues immediately.
Along with keeping an eye on what’s happening with your identity online and elsewhere, there are a few more things you can do to make it tougher for thieves to steal your identity.
Given all the banking and shopping we do on our computers and phones, installing and using comprehensive online protection software is a must these days. It puts several layers of security in place, such as creating complex passwords automatically, shielding credit card info from prying eyes, and protecting your privacy and data online by connecting with a VPN. In short, online protection software acts as a solid first line of defense.
As mentioned above, comprehensive online protection software often includes a password manager that can generate strong, unique passwords for each of your accounts and remember them for you. It’s extra protection that makes life a lot easier for you by managing all the accounts you’re juggling. Also, use MFA (multi-factor authentication) on the accounts that give you the option, which makes it harder for a thief to crack your accounts with a password alone.
Sensitive documents come in all forms. Top-of-the-line examples include things like tax returns, bank statements, and financial records. Yet there are also things like your phone and utility bills, statements from your doctor’s office, and offers that come to you via mail. Together, these things can contain personal information such as account numbers, your full Social Security Number, the last four digits of your Social Security Number (which can still be useful to thieves), and other information that may uniquely identify you. You’ll want to dispose of sensitive documents like these so that they can’t be harvested by hackers.
For physical documents, consider the low-cost investment of a paper shredder to help ensure they don’t fall into the wrong hands when you are done with them. (And let’s face it, they’re fun to use!) For digital documents, simply deleting a file is not enough – online protection software is a great resource that often includes a digital document shredder, designed to render the data practically unusable when you’re ready to trash the file.
Your Social Security Number is one of the most prized possessions a thief can run away with because it is so closely associated with you and things like your tax returns, employment, and so on. Keep it stored in a safe location rather than on your person or in your wallet. Likewise, be careful about giving out your SSN. While organizations like the IRS, your bank, and employer require it, there are other organizations who do not—but may ask for it anyway. (Doctor’s offices are a prime example.) If you get such a request, ask them what they intend to use it for and then ask if another form of identification will work instead.
Phishing attacks are one of the primary ways identity thieves steal personal information. Whether they come via a direct message, on social media, or through email, text, or phone calls, thieves use them to harvest your personal info by posing as a legitimate organization—such as in this recent IRS phishing scam. Phishing is a topic all unto itself, and you can check out this quick read to see how you can spot phishing scams and protect yourself from them.
Like any criminal, identity thieves do their dirtiest work in the shadows—quietly stealing money under your nose, or worse, as we outlined above. By shining a light on your identity and keeping regular track of what’s happening with it, you can spot unusual activity right away. Even the small stuff is important. A co-worker of mine once saw an incorrect address listed on his credit report. Turned out, that address was used to rack up several large charges at a retailer, which he was able to fix with the aid of the credit reporting agency and the retailer in question.
No doubt about it. Identity theft is indeed on the rise, and your best bet to avoid such a nasty surprise is to keep an eye on your digital identity the same way you keep an eye on your actual wallet.
The post How to Check if Someone is Using Your Identity appeared first on McAfee Blog.
The holidays are almost here! That means it’s time to start making your list and checking it twice. To help prepare you for this year’s holiday shopping spree, McAfee is providing you with the ultimate holiday shopping list for every Tech lover in your family. Here are the devices to keep on your radar this holiday shopping season and what you should use to protect them.
Know someone who enjoys vanquishing aliens, building virtual amusement parks, and online battle royale? There’s a good chance that you do, as online gaming traffic increased 30% from the first to the second quarter of 2020. For the gaming guru in your life, consider gifting them a top-of-the-line gaming laptop so, they don’t have to compromise portability for playability. If they prefer to play in the comfort of their own home, consider giving the gamer in your life a snazzy new gaming monitor. This will allow them to enjoy a crystal-clear resolution, rapid refresh rate, and size to bring their virtual world to life. And to truly immerse your gamer in a new realm, gift them a new gaming console so they can enjoy optimal speed and stellar game lineups.
When shopping for your gamer, consider how you can empower them to stay secure while they play. A security solution like McAfee Gamer Security not only delivers a faster, quieter, and safer experience, but it can also boost a rig’s performance. This antivirus software detects threats through the cloud and optimizes resources to minimize frame drops. Gamers can even customize which games to boost (or even add other apps they’d like to boost), which background services to pause, and more. This improves your gamer’s experience and also keeps them safe while they play.
Does your tech-savvy teen love to browse on the go? Or perhaps you have a college student who likes to bring their online studying and video streaming with them beyond the home. For the mobile mastermind in your family, gift them a new smartphone or tablet this holiday season. These devices will allow your loved ones to access all their favorite apps and surf the web anytime, anywhere.
With the World Wide Web constantly at their fingertips, enable your family members to surf the internet with confidence by employing the help of a safe browsing solution like McAfee WebAdvisor. This trusty companion, available for free and included in the McAfee Total Protection app for iOS and Android, helps keep users safe from threats like malware and phishing attempts. Web Advisor blocks malicious sites, scans downloads, and alerts the user if a known threat is detected. With comprehensive security on their side, your mobile user will be free to search, stream, and download on the go.
The number of smart households (households that contain connected technology and can interact with other IoT devices) in the U.S. is expected to grow to 77.05 million by 2025. That may not come as a surprise, since IoT devices have upped the convenience of tech users’ lives everywhere. Perhaps your spouse or parents love filling their home with the latest and greatest smart home gadgets. This holiday season, give them the gift of convenience with a smart TV, speaker, thermostat, kitchen appliances, a personal home assistant – the list of smart home devices goes on!
While these devices can provide greater efficiency to anyone’s life, it’s important to be aware of the potential risks that come with this level of interconnectivity. Many product designers treat security as an afterthought, rushing to get their smart devices to market and consequentially creating an easy access point for criminals to exploit. But fear not! A solution like McAfee Secure Home Platform can automatically secure connected devices through a router with McAfee protection. It can hide your IoT devices from hackers, giving you the confidence that you have a solid line of defense against online threats.
For the Fitness Fanatic
At the onset of the pandemic, people adjusted their workout routines to accommodate for gym closures and began to rely on other solutions to stay fit. In fact, many turned to IoT devices used for virtual fitness, including wearable fitness trackers and stationary machines equipped with digital interfaces. Sound like someone you know? Consider giving them a stylish new or upgraded smartwatch that allows them to track their daily step count, heart rate, and sleep patterns.
While these devices can be instrumental in tracking users’ activity levels, it’s important to remember that wearable gadgets collect valuable health and location data a criminal could exploit. To keep your fitness fanatic happy and healthy without sweating their security, encourage them to install software updates immediately. This will protect your loved one’s device from reported bugs, enhance functionality, and seal up any security loopholes.
As you plan your holiday shopping list this year, don’t forget about the gift that keeps on giving: the peace of mind that comes with having the right online security! With comprehensive solutions built to safeguard your loved one’s devices, personal data, and everything they do online, they can continue to live their digital lives with confidence.
The post The Ultimate Holiday Shopping Guide appeared first on McAfee Blog.
In this career-journey series, Marketing Director Trevor shares why patient listening is the most helpful skill he’s acquired, the top career advice he’s received, and how his career at McAfee has taken him across four countries and five roles in 11 years.
“Three continents, four countries, five roles, eleven years. At McAfee, I’ve lived and worked in the United Kingdom, Afghanistan (mobilized as an army reservist), Luxembourg, and the United States. I’ve worked in acquisition marketing, sales, marketing operations and technology, retention marketing, and strategic projects.”
“Great people, interesting problems, and we’re always driving new ways to innovate and grow the business.”
“In terms of a workday, no two are alike, but there are three constants to what I’m working on:
I’m delivering projects that drive or protect McAfee’s future revenue streams and profitability or I’m Uncovering, stitching, and interpreting facts and information into a narrative to advise and inform senior leadership decision making
I’m learning & developing myself. Since I joined McAfee the company has supported me in gaining an advanced degree in E-Commerce Technology from Manchester University and more recently supported me in attending Stanford University’s Graduate School of Business.
After March 2020 our local office went remote. This has meant I was able to restructure and balance out my home life. My day always starts the same (early) followed by coffee, gym, or training at ice hockey, and then family breakfast and dropping my son off at school. Workflows throughout the day. McAfee is an environment where you can balance your life and work.
Whilst I miss the daily interaction with my colleagues, the local ones all live within 5-30 minutes of me, allowing for many impromptu or planned meet-ups .”
“Listening persistently and patiently .
Being heard and delivering growth starts with listening. In a complex organization, there can be a lot of people impacted by what might, at first, be considered a simple change.
Persistence and tenacity are what helps you maintain your drive towards a goal or a project.
Patience is what pulls it all together. It takes time to get everyone on board, and then it takes more time for them to align, start, forget, get distracted, restart, fall down, pick themselves up and start running. “
“I love working and interacting with people across all functions, groups, and locations. I love learning about new cultures, perspectives, and the different behaviors of consumers worldwide that we have to plan and adapt for. I also love the diversity of work and activity of what I get to do! ”
“One day my leader asked me if I would be willing to move into a sales role to better align with the strategic direction of the company while building out my own skillset. Instead of panicking about the unknown, I made a decision to embrace this as a growth opportunity.
From scratch, I built up a sales pipeline, learned how to negotiate, run contracts, and negotiate. I shadowed our best sales leaders, read and re-read ‘How to Win Friends and Influence People’, learned Sandler methodology, and had to cold call (it’s not as scary as it sounds and there’s a true art in doing it well!).
The result of these efforts? I closed multiple deals and built up a digital reseller network. I still remember the first deal I closed. As soon as the prospect agreed to the number proposed, I kicked myself under the table… I realized I should have negotiated and asked for more! But experience is how we learn and the skills I acquired during this period ultimately made me a better marketer and put me on the path I’m on today.”
“I also wondered the same thing, so I asked a senior McAfee executive about how she’d managed to get to the top of the organization.
I’ll never forget her response – “I asked.”
I interpreted that as… be a positive force for the people around you, deliver results, ask for more… and your career will continue moving forwards.”
—
Thinking about how to propel your career forward? Interested in hearing more about how McAfee fosters career growth and development? Stay tuned for more in our ‘How I Got Here’ series as we spotlight the journeys of team members who cultivated rich and impressive career paths here at McAfee.
Want to join a team that invests in YOU? Check out our roles today.
The post How I Got Here: Trevor’s Career Journey Across Four Countries and Five Roles appeared first on McAfee Blog.
Can thieves steal identities with only a name and address?
In short, the answer is “no.” Which is a good thing, as your name and address are in fact part of the public record. Anyone can get a hold of them. However, because they are public information, they are still tools that identity thieves can use.
If you think of your identity as a jigsaw puzzle, your name and address are the first two pieces that they can use to build a bigger picture and ultimately put your identity at risk.
With that, let’s look at some other key pieces of your identity that are associated with your name and address—and what you can do to protect them.
For starters, this information is so general that it is of little value in of itself to an identity thief. Yet a determined identity thief can do a bit of legwork and take a few extra steps to use them as a springboard for other scams.
For example, with your name and address a thief could:
There are volumes of public information that are readily available should someone want to add some more pieces to your identity jigsaw puzzle, such as:
In the U.S., the availability of such information will vary from state-to-state and different levels of government may have different regulations about what information gets filed—in addition to whether and how those reports are made public. Globally, different nations and regions will collect varying amounts of public information and have their own regulations in place as well. More broadly, though, many of these public databases are now online. Consequently, accessing them is easier than the days when getting a hold of that information required an in-person visit a library or public office.
Thieves can gain additional information about you from other online sources, such as data brokers. And data brokerage is a big business, a global economy estimated at $200 billion U.S. dollars a year. What fuels it? Personal information, representing thousands of data points on billions of people scraped from public records, social media, smartphone apps, shopper loyalty cards, third-party sources, and sometimes other data broker sites as well.
The above-the-board legal intent of data broker sites is to sell that information to advertisers so that they can create highly targeted campaigns based on people’s behaviors, travels, interests, and even political leanings. Others such as law enforcement officials, journalists, and others who are conducting background checks will use them too.
On the dark side, hackers, scammers, and thieves will buy this information as well, which they can use to commit identity theft and fraud. The thing is, data brokers will sell to anyone. They don’t discriminate.
Phishing attacks aren’t just for email, texts, and direct messages. In fact, thieves are turning to old tricks via old-fashioned physical mail. That includes sending phony offers or by impersonating officials of government institutions, all designed to trick you into giving up your personally identifiable information (PII).
What might that look like in your mailbox? They can take the form of bogus lottery prizes that request bank information for routing (non-existent) winnings. Another favorite of scammers are bogus tax notifications that demand immediate payment. In all, many can look quite convincing at first blush, yet there are ready ways you can spot them. In fact, many of the tips for avoiding these physical mail phishing attacks are the same for avoiding phishing attacks online, which we outline in detail here.
Recently, I’ve seen a few news stories like this where thieves reportedly abuse the change-of-address system with the U.S. Postal Service. Thieves will simply forward your mail to an address of their choosing, which can drop sensitive information like bank and credit card statements in their mailbox. From there, they could potentially have new checks sent to them or perhaps an additional credit card—both of which they can use to drain your accounts and run up your bills.
The Postal Service has mechanisms in place to prevent this, however. Among which, the Postal Service will send you a physical piece of mail to confirm the forwarding. So, if you ever receive mail from the Postal Service, open it and give it a close look. If you get such a notice and didn’t order the forwarding, visit your local post office to get things straightened out. Likewise, if it seems like you’re missing bills in the mail, that’s another good reason to follow up with your post office and the business in question to see if there have been any changes made in your mail forwarding.
So while your name and address are out there for practically all to see, they’re largely of little value to an identity thief on their own. But as mentioned above, they are key puzzle pieces to your overall identity. With enough of those other pieces in hand, that’s where an identity thief can cause trouble.
Other crucial pieces of your identity include:
Let’s start with the biggest one. This is the master key to your identity, as it is one of the most unique identifiers you have. As I covered in my earlier blog on Social Security fraud, a thief can unlock everything from credit history and credit line to tax refunds and medical care with your Social Security or tax ID number. In extreme cases, they can use it to impersonate you for employment, healthcare, and even in the event of an arrest.
You can protect your Social Security Number by keeping it locked in a safe place (rather than in your wallet) and by providing your number only when absolutely necessary. For more tips on keeping your number safe, drop by that blog on Social Security fraud I mentioned.
Thieves have figured out ways of getting around the fact that IDs like these include a photo. They may be able to modify or emulate these documents “well enough” to pull off certain types of fraud, particularly if the people requesting their bogus documents don’t review them with a critical eye.
Protecting yourself in this case means knowing where these documents are at any time. (With passports, you may want to store those securely like your Social Security or tax ID number.) Also be careful when you share this information, as the identifiers on these documents are highly unique. If you’re uncomfortable with sharing this information, you can ask if other forms of ID might work—or if this information is really needed at all. Also, take a moment to make copies of these documents and store them in a secure place. This can help you provide important info to the proper authorities if they’re lost or stolen.
With data breaches large and small making the news (and many more that do not), keeping a sharp eye on your accounts is a major part of identity theft prevention. We talk about this topic quite often, and it’s worth another mention because protecting these means protecting yourself from thieves who’re after direct access to your finances and more.
Secure your digital accounts for banking, credit cards, financials, and shopping by using strong, unique passwords for each of your accounts that you change every 60 days. Sound like a lot of work? Let a password manager do it for you, which you can find in comprehensive online protection software. By changing your strong passwords and keeping them unique can help prevent you from becoming a victim if your account information is part of a breach—by the time a crook attempts to use it, you may have changed it and made it out of date.
In addition to protecting the core forms of identity mentioned above, a few other good habits go a long way toward keeping your identity secure.
By protecting your devices, you protect what’s on them, like your personal information. Comprehensive online protection software can protect your identity in several ways, like creating and managing the strong, unique passwords we talked about and providing further services that monitor and protect your identity—in addition to digital shredders that can permanently remove sensitive documents (simply deleting them won’t do that alone.) Further, it can monitor your identity and monitor your credit, further protecting you from theft and fraud.
Identity theft where thieves dig through trash or go “dumpster diving” for literal scraps of personal info in bills and statements, has been an issue for some time. You can prevent it by shredding up any paper medical bills, tax documents, and checks once you’re through with them. Paper shredders are inexpensive, and let’s face it, kind of fun too. Also, if you’re traveling, have a trusted someone collects your mail or have the post office put a temporary hold on your mail. Thieves still poach mail from mailboxes too.
Getting statements online cuts the paper out of the equation and thus removes another thing that a thief can physically steal and possibly use against you. Whether you use electronic statements through your bank, credit card company, medical provider, or insurance company, use a secure password and a secure connection provided by a VPN. Both will make theft of your personal info far tougher on identity thieves.
A VPN is a Virtual Private Network, a service that protects your data and privacy online. It creates an encrypted tunnel to keep you more anonymous online by masking your IP address, device information, and the data you’re passing along that connection. In this way, it makes if far more difficult for advertisers, data brokers, and bad actors to skim your private information—in addition to shielding your information from crooks and snoops while you’re banking, shopping, or handling any kind of sensitive information online.
Give your statements a close look each time they come around. While many companies and institutions have fraud detection mechanisms in place, they don’t always catch every instance of fraud. Look out for strange purchases or charges and follow up with your bank or credit card company if you suspect fraud. Even the smallest charge could be a sign that something shady is afoot.
This is a powerful tool for spotting identity theft. And in many cases, it’s free to do so. In the U.S., the Fair Credit Reporting Act (FCRA) requires the major credit agencies to provide you with a free credit check at least once every 12 months. Canada provides this service, and the UK has options to receive free reports as well, along with several other nations. It’s a great idea to check your credit report, even if you don’t suspect a problem.
If the thought of your personal info being bought and sold puts you off, there’s something you can do about it. Our Personal Data Cleanup service can scan some of the riskiest data broker sites and show you which ones are selling your personal info. It also provides guidance on how you can remove your data from those sites, and with select products, it can even manage the removal for you.
While thieves need more than just your name and address to commit the overwhelming majority of fraud, your name and address are centerpieces of the larger jigsaw puzzle that is your overall identity.
And the interesting thing is your puzzle gets larger and larger as time goes on. With each new account you create and service that you sign into, that’s one more piece added to the puzzle. Thieves love getting their hands on any pieces they can because with enough of them in place they can try and pull a fast one in your name. By looking after each piece and knowing what your larger jigsaw puzzle looks like, you can help keep identity thieves out of your business and your life.
The post Can Thieves Steal Identities With Only a Name and Address? appeared first on McAfee Blog.
Something’s not right. Maybe your phone is losing its charge way too quickly. Or one day it suddenly starts turning itself off and on again. Perhaps it’s running hot, so hot it’s hard to hold. Likewise, you might see outgoing calls that you never dialed or strange spikes in your data usage. Signs like these could mean that your smartphone’s been hacked. Learn how to protect your smartphone with McAfee Mobile Security
Several signs of a potential smartphone hack can look like a technical issue, at least on the surface. Yet the fact is that these issues may be a symptom of a deeper problem, such as malware installed on your smartphone. Malware can eat up system resources or conflict with other apps and your operating system, all of which can cause your phone to act sluggish or erratically.
Yet, in a way, that’s good news. Because malware can run inefficiently on your phone and create hiccups both large and small, it can tip you off to its presence. And with all the important information we carry in the palms of our hands nowadays, that’s good news twice over. Knowing the signs, subtle or otherwise can alert you to an otherwise largely invisible problem.
Whether hackers physically sneak it onto your phone or by tricking you into installing it via a phony app, a sketchy website, or a phishing attack, hacking software can create problems for you in a couple of ways:
Some possible signs of hacking software on your phone include:
Maybe you’ve seen some of the signs we mentioned earlier. Is your device operating slower, are web pages and apps harder to load, or does your battery never seem to keep a charge? These are all signs that you could have malware running in the background, zapping your phone’s resources.
Like the performance issues above, malware or mining apps running in the background can burn extra computing power (and data). Aside from sapping performance, malware and mining apps can cause your phone to run hot or even overheat.
If you find apps you haven’t downloaded, or calls, texts, and emails that you didn’t send, that’s a red flag. A hacker may have hijacked your phone to send premium-rate calls or messages or to spread malware to your contacts. Similarly, if you see spikes in your data usage, that could be a sign of a hack as well.
Malware can also be behind spammy pop-ups, changes to your home screen, or bookmarks to suspicious websites. In fact, if you see any configuration changes you didn’t personally make, this is another big clue that your smartphone has been hacked.
While there are several ways a hacker can get into your phone and steal personal and critical information, here are a few tips to keep that from happening:
The post How To Tell If Your Smartphone Has Been Hacked appeared first on McAfee Blog.
Most of us use the internet every day, so we’re comfortable sharing a lot of information online. However, cybercriminals want us to get a bit too comfortable so they can take our personal or financial data and use it for their benefit. This is called identity theft, and it can cost people money and may dip their credit score.
Fortunately, you can help minimize what happens by knowing the signs of identity theft and taking fast action when you recognize them. Find out how below.
Being online comes with many benefits, but it can also come with some risks. Identity theft usually begins with the criminal accessing sensitive personal data, such as Social Security numbers, birth dates, home addresses, bank account information, and driver’s license details. The fraudster can then take this information to fake your identity, using it to take out credit cards, apply for loans, and more.
Here’s a quick look at some ways identity thieves can get their hands on your valuable data:
There are many ways thieves can get their hands on your data. Luckily, there are ways you can protect yourself against these methods. For example, you can protect your computer, tablet, or mobile device against hackers by equipping it with a strong password and safeguarding against phishing by adding a firewall and utilizing a virtual private network (VPN) like those offered by McAfee.
With some best practices, you can protect your data and help safeguard you and your family against identity theft. One way to continue living your best life online is to watch for potential warning signs of identity theft. This ensures you can take fast action and minimize the effects if you’re targeted. Here are some essential signs to look out for.
Financial identity theft is one of the most common types of identity theft, and credit cards are a popular target. The rise in online shopping has made credit card fraud even more common.
Your online banking portal or app should allow you to set up alerts to email, call, or text you about suspected fraudulent credit card charges. If you get an alert, someone may have taken your identity.
If you apply for a loan or line of credit and your application is denied, dig deeper. A rejection could indicate that your credit score is lower than you thought, possibly due to fraudulent activity. For example, someone may use your information to get new credit cards and not pay them off, leaving you responsible.
Changes in your credit score can indicate identity theft. For example, if someone takes out utility bills in your name and doesn’t pay them, your credit score may dip. Checking your credit report from each of the three major credit bureaus (Equifax, Experian, and TransUnion) can help pinpoint the problem.
The Federal Trade Commission (FTC) allows U.S. consumers to get a free credit report every 12 months. Just visit AnnualCreditReport.com to get a copy of yours from the credit reporting agencies. You can also pay for credit monitoring services to track your score.
Once identity thieves obtain enough data, including your name and address, they might be able to open new accounts and credit cards. When you check your credit report, keep an eye out for new accounts that you didn’t open. Another red flag is if you start getting bank statements or bills addressed to you for accounts you don’t recognize.
Companies are required to notify customers of data breaches that could impact them. For example, if you save your payment information and home address on a music streaming provider’s website and their database is hacked, identity thieves may get your data. Keep an eye out for notifications and read the news. The McAfee blog is another great resource for information on data breaches.
If debt collectors start calling, be cautious, especially if they’re referring to accounts you aren’t familiar with. Don’t provide personal information to any collection agencies that call, as this can be a potential phishing scam. However, it’s a good idea to follow up on these cases by checking your credit report for new accounts. You could be liable if someone opened accounts under your name and didn’t pay them.
Medical theft occurs when a fraudster imitates another person to get health care or supplies. For example, a person might use your identity to get prescription medication at a pharmacy. If you get unfamiliar medical bills, follow up. Incorrect medical records could impact your insurance premiums or interfere with your ability to get the care you need in the future.
This could be an indicator of synthetic identity theft. This occurs when a fraudster creates a fake identity using various people’s real information. For example, they may use your address and Social Security number and another person’s photo to create a fake persona that’s creditworthy. They can then take out credit cards in that fake person’s name.
If you receive a confirmation of an annual tax filing before you’ve filed, take note. Criminals may try to file a tax return for another person to access their tax refund. Alternatively, you may find that you’re unable to e-file your taxes, which can occur if someone else has already filed under your name.
No one wants their identity stolen, but it’s still good to be prepared if it does happen. If you notice the above red flags, here are some steps you may need to take:
You may also want to visit IdentityTheft.gov to report identity theft and find resources to help guide your recovery plan.
Worries about identity fraud shouldn’t prevent your household from enjoying the benefits of a connected world. McAfee’s identity theft protection services can help you enjoy everyday conveniences while keeping you safe. Packages can be tailored to your needs, including 24/7 monitoring, ID theft coverage, VPN services, and more. It’s guided online protection made easy.
The post 9 Ways to Determine If Your Identity Has Been Stolen appeared first on McAfee Blog.
We live online these days, sharing everything from vacation pictures to what we eat for breakfast on the internet. The internet is also useful for daily activities, like buying groceries or paying bills.
While it’s convenient to connect with people and complete tasks online, cybercriminals are eager to use the internet to steal financial or personal data for their personal gain — otherwise known as identity theft. This is a criminal act and can affect your credit score in a negative way and cost money to fix. It can also affect employment opportunities since some employers conduct a credit check on top of drug testing and a criminal history check. Identity theft victims may even experience an impact to their mental health as they work to resolve their case.
The good news is that being able to recognize the signs of identity theft means you can act quickly to intervene and minimize any effects in case it happens to you. You can also protect yourself by using preventive measures and engaging in smart online behavior. This article provides essential information about identity theft, giving you the tools you need to become an empowered internet user and live your best life online.
The internet is a great place to be, but identity thieves hope to catch you off-guard and seek access to your personal information for their benefit. This could include private details like your birth date, bank account information, Social Security number, home address, and more. With data like this, an individual can adopt your identity (or even create a fake identity using pieces of your personal profile) and apply for loans, credit cards, debit cards, and more.
You don’t have to be kept in the dark, though. There are several signs that your identity has been stolen, from a change in your credit score to receiving unfamiliar bills and debt collectors calling about unfamiliar new accounts. If you suspect that you’ve been affected by identity fraud, you can act fast to minimize what happens. Here’s what to do.
Start by contacting law enforcement to file a report. Your local police department can issue a formal report, which you may need to get your bank or other financial institution to reverse fraudulent charges. An official report assures the bank that you have been affected by identity fraud and it’s not a scam.
Before going to the police, gather all the relevant information about what happened. This could include the dates and times of fraudulent activity and any account numbers affected. Bringing copies of your bank statements can be useful. Also, make note of any suspicious activity that could be related. For example, was your debit card recently lost or your email hacked? The police will want to know.
You should also notify any businesses linked to your identity theft case. Depending on the type of identity theft, this could include banks, credit card companies, medical offices, health insurers, e-commerce stores, and more. For example, if someone used your credit card to make purchases on Amazon, alert the retailer.
Medical identity theft is another good example. In this case, a fraudster may assume your identity to gain access to health care services, such as medical checkups, prescription drugs, or pricey medical devices like wheelchairs. If someone uses your health insurance to get prescription drugs from a pharmacy, for instance, make sure to alert the pharmacy and your insurer.
The Federal Trade Commission (FTC) is a government body that protects consumer interests. You can report identity theft via their portal, IdentityTheft.gov. They’ll then use the details you provide to create a free recovery plan you can use to address the effects of identity theft, like contacting the major credit bureaus or alerting the Internal Revenue Service (IRS) fraud department. You can report your case online or by calling 1-877-438-4338.
A common consequence of identity theft is a dip in the victim’s credit score. For example, a cybercriminal may take out new lines of credit in the victim’s name, accrue credit card debt, and then not pay the balance. For this reason, contacting the credit monitoring bureaus is one of the most important steps to take in identity theft cases.
There are three main agencies: TransUnion, Equifax, and Experian. You can get a free credit report from each agency every 12 months via AnnualCreditReport.com. Check the report and note all fraudulent activity or false information and flag it with the relevant bureau’s fraud department. You should also initiate a fraud alert with each agency.
A fraud alert requires any creditors to verify your identity before opening a new line of credit. This adds an extra layer of security. An initial fraud alert lasts for 90 days. Once this expires, you can prolong your protection via an extended fraud alert, which will remain valid for seven years. You can notify one of the big three bureaus to set it up. They are then required to notify the other two bureaus.
A credit freeze is another smart move, which you can do through each of the three major credit bureaus. You can either call them or start the process online. This prevents people from accessing your credit report. Lenders, creditors, retailers, landlords, and others may want to see your credit as proof of financial stability. For example, if someone tries to open a phone contract under your name, the retailer may check the credit report. If there is a credit freeze in place, they won’t be able to view it and won’t issue the contract. If you need to allow someone access to your credit report, you can temporarily lift the freeze.
Identity theft is often linked with leaked or hacked passwords. Even if you aren’t sure whether your passwords have been compromised, it’s best to play it safe. Change passwords to any affected accounts. Make sure to use strong passwords with a mix of numbers, letters, and symbols. Further, if there’s a chance to activate two-factor authentication on your accounts, this can provide added protection going forward.
Ideally, you’ll never become the victim of identity theft, but things can happen. Cybercriminals work hard, but you can stay one step ahead by taking a few preventative measures. These include:
You can further protect yourself with antivirus software like McAfee’s Total Protection plan. This can help protect your devices against spyware and viruses. You can also enhance your network security with a firewall and virtual private network (VPN). A firewall controls traffic on your internet network based on predefined security parameters, while a VPN hides your IP address and other personal data.
Don’t let concerns about identity fraud keep you from enjoying all the conveniences and perks the internet offers. McAfee’s identity theft protection services can help you stay connected while keeping you safe. Tailor your package to your household’s needs to get the safeguards you want, like ID theft coverage, VPN, and 24/7 monitoring. Our Total Protection plan also comes with $1 million in identity theft coverage to cover qualifying losses and hands-on support to help you reclaim your identity.
With McAfee by your side, you can stay online confidently.
The post What to Do If Your Identity Has Been Stolen appeared first on McAfee Blog.
Have you ever been online and replied to a comment or post? Maybe it was on Reddit or on an influencer’s Instagram. Did other people reply to you, and were any of them unexpectedly hostile? When you’re online, a little hostility is sadly par for the course, but most people brush it off and move on to enjoy other aspects of life online. But what would you do if that unpleasant interaction went much farther than was reasonable? What if one day you discovered the most important parts of your identity had been maliciously and intentionally revealed online? Let’s talk about doxxing – what it is and how you can avoid becoming a victim of this kind of harassment.
Doxxing, derived from the hacker term “dropping docs”, is internet slang for revealing someone’s identity online for the purposes of harassing them. It usually goes way beyond simply revealing someone’s email address or name and may involve personal information like a home address or workplace, SSN, financial information, phone number, pictures, texts, IP address, and other important details. The tricky thing about doxxing is that aspects of it may not be a crime, depending on what you’ve made publicly available online. However, the context in which doxxing occurs is crucial. Often it’s the first step taken to incite more severe harassment. For instance, the doxxer may not plan on taking action against their target but instead hope that someone else does. When put up against a recent Pew Research report showing that 41% of U.S. web users experience harassment in some form, it’s clear that Doxxing is a dangerous trend online.
Doxxing is a problem that’s grown in scope simply because there’s so much more data about us being kept online. Third-party services, called data brokers, capture our account info, the sites we visit, how long we spent on them, and other kinds of metadata to create profiles they then resell to advertisers. If someone gets access to these troves of data, they can reveal extremely damaging information about an individual, or data that allows a person to be damaged. For instance, with a phone number and a current address, some criminals were able to call in SWAT teams on innocent individuals. Political dissidents are often doxxed by the governments their protesting against. And on a lighter note, the adult website Ashley Madison, which promotes extramarital affairs, had their members’ data leaked online, to the embarrassment of a few public figures.
The response should be very similar to the one you’d take if your wallet was stolen. Move fast, stem the loss, and begin remediation as soon as possible. Here are some broad steps that can be taken.
Of course, not being doxxed in the first place is the ultimate goal of a proactive online protection plan. Here’s what we recommend:
Identity theft protection services help protect your data, monitor your online accounts like emails, SSNs, and more. In addition to online monitoring, they should also offer insurance and even theft remediation if the worst should occur.
Before you tag your location, friends, or workplace in a photo think about who has access to this information. What’s gained or lost by sharing all that info? Also, security questions for your accounts should not use the name of your pet or your first-born child if you have posted those on Facebook.
Public Wi-Fi networks at coffee shops and airports may not be secure against hackers and snooping. That’s why we recommend using a VPN whenever you’re connected online. This powerful tool hides your activity and location whenever you’re online on an unsecured network.
Googling yourself is a great way to see if anyone is using your online identity in bad ways.
Social networks allow you to control who can see your data. Usually, with a few clicks, you can restrict what you show online to a great degree. For instance, makes your payments viewable to other users as a default, but can easily be changed to hide them from the public.
Using long, complex, unique passwords for every account is convenient and maybe the best way to prevent your information from being stolen. Yes, we said convenient because with a password manager you only need to remember one key to create and manage much longer ones for all your most important accounts.
The reality is that the more we live online, the more our identities will too. This does not mean we need to live a restricted life online. In fact, using comprehensive online protection, which features most of the tools above, we can remain free to enjoy life on our terms. Doxxing is something to be aware of, but with great protection, it’s far from anything we need to be worried about as we make the most of our lives online.
The post Doxxing, The Internet, and How You Can Lock Down Your Data appeared first on McAfee Blog.
Authored by Oliver Devane and Vallabh Chole
Notifications on Chrome and Edge, both desktop browsers, are commonplace, and malicious actors are increasingly abusing this feature. McAfee previously blogged about how to change desktop browser settings to stop malicious notifications. This blog focuses on Chrome notifications on Android mobile devices such as phones and tablets, and how McAfee Mobile Security protects users from malicious sites leveraging these notifications.
Most users are unaware of the source of these notifications. Permission is granted when a user clicks ‘Allow’ on a prompt within Android Chrome.
Many malicious websites use language and images like the one above that entice the user to click ‘Allow’ such as ‘Just one more step! Click “Allow” to continue. Once allow is clicked, the website is added to a site permissions list, which will enable it to send notifications.
The notifications will look like a usual Android notification which you will be used to seeing such as you have a new WhatsApp message or email. To identify the source of the notification, we need to look for the application name which is like the one highlighted in the red box below.
The image above shows the notification came from Chrome and it is from the website premiumbros[.]com. This is something you should pay attention to as it will be needed when you want to stop annoying notifications.
Some notifications like the ones in this blog are malicious as they attempt to trick users into believing that their mobile device is infected with a virus and some action is required. When the users click the notification, Chrome will load a website which will present them with a fake warning like the example below:
Clicking either Cancel or Update Now on the above website will result in the same behavior. The browser will redirect the user to a google play store app so that they can download and install it.
The malicious websites will flood your phone with several notifications. The screenshot below shows an example of this:
You may ask yourself, why do malicious actors try to get me to install a google play application? The people behind these scams receive a commission when these applications are installed on devices. They rely on deceptive tactics to trick users into installing them to maximize profits.
To remove a website’s notification permission, you need to change a Chrome setting.
1- Find out the name of the website which is sending these notifications. This can be done by looking at the notification and noting down the name of the website. If we use this blog as an example, it would be premiumbros[.]com
2- Open the Chrome browser app which can be found by performing the following search:
3- Click the three … on the top right hand of the application
4- Scroll down and click on settings
5- Click on Notifications
6- Scroll down until you find the website which you identified in step 1
7- Pres the blue radio button so it turns grey
8- Notifications will now be disabled for that website. If you want to block multiple websites, click the radio button for them as well.
McAfee customers who have McAfee Mobile Security are protected against these malicious websites as long as they enable the ‘Safe Browsing’ feature within the application.
Upon trying to access a malicious website such as the one in the blog it will be blocked as shown in the image below:
Please read this guide on enabling the Safe Browsing feature within the Mobile Security Application.
The post Why Am I Getting All These Notifications on my Phone? appeared first on McAfee Blog.
International Women’s Day serves as an important reminder that each and every one of us plays a role in recognizing and addressing gender bias. Together, we can make a difference in creating a more equitable world for all.
At McAfee, we know that genuine change requires continuous commitment. And while we’re proud of the efforts we’re making as a company – from being the first cybersecurity company to achieve global pay parity (and maintain it), to expanded time off for new parents, to a woman on every hiring panel to help remove bias – we know there is more to do.
This International Women’s Day and beyond, McAfee team members around the globe share how they’ll continue to advance inclusion and gender equality by actively working to #BreakTheBias.
|
JaffarSadhik
Software Quality Engineer (India) A gender equal world starts with a change. A change within families, a change with perspectives, a change among society!
|
|
Arathi Program Manager (Canada) I am helping to #BreakTheBias by teaching my son that both boys and girls, men and women can do it all.
|
|
Krupali
Sr Market Research Analyst (USA) We need to think differently. Women have, are and will always be quintessential architects of society. Together we can #BreakTheBias
|
|
Ambareen Software Engineer (UK) Collectively we can all #BreakTheBias! I am doing my part and learning from my mum and helping the next generation believe in themselves irrespective of gender.
|
|
Kevin Real Estate & Workplace Strategy (Ireland) Equality can only be achieved if diversity, difference and qualities of woman are truly valued. We must work together to acknowledge and #BreakTheBias.
|
|
Darya Channel Marketing (Australia) Bias against anyone for simply being different, limits our growth and is a significant waste of talent, energy and happiness. I commit to taking an active role in questioning perceptions to do my part to influence change.
|
|
Natalia Software Sales (Canada) I will help #BreakTheBias by raising and supporting a strong independent young adult and setting an example for her. I do so by choosing my career path while leading and growing personally and professionally!
|
|
Winnie Talent Acquisition Partner (Australia) I will #BreakTheBias by addressing and challenging gender stereotypes.
|
|
Aisling Senior People Partner (Ireland) I will help #BreakTheBias by encouraging conversations around diversity, challenging myself and others to consider where we can make changes that will have a positive impact.
|
Join McAfee and millions of others around the world in celebrating International Women’s Day by sharing how you’ll #BreakTheBias.
Interested in building your career at a company that helps women thrive? Search our openings!
The post McAfee Teammates Share How They’ll Help #BreakTheBias this International Women’s Day appeared first on McAfee Blog.
At McAfee, we’re proud to protect. It’s part of our DNA.
We’re all dedicated to keeping the world safe from cyber threats. As a team, we’re driven by our mission to protect all that matters. Individually, we’re motivated by our own unique reasons – whether that’s family, friends, or our communities.
As part of our commitment to online safety, we asked our McAfee team to share what motivates them every day to make life online safe and enjoyable. Here are just a few incredible reasons shared by some of our team:
“I’m really proud to protect my father in the digital life as he did with me in the real life.”- Francisco
“I’m proud to protect my family. I want to ensure they are safe now that everything is online.” – Cagla
“I’m proud to be part of a community that helps millions of people stay safe online.” – Karan
“I’m proud to protect my kids with the gift of digital safety so that they can freely enjoy their screen time.” – Loretta
“I am proud to protect my McAfee family because I love this company so much! I’m also proud to protect my grandson’s online activity thanks to McAfee!” – Melody
“I’m proud to protect family, friends, and our society as a whole. It is important for me to lead the change for a safer environment and future for the one close to me.” – Benni
Watch the video below to see McAfee team members worldwide share their commitment to protecting all that matters to them.
Interested in building your career at a company that’s proud to protect? Search our openings!
The post Why I’m Proud to Protect appeared first on McAfee Blog.
What’s worse than a surprise call from a law enforcement official telling you to pay a fine or be forced to serve time? Providing your personal information and paying that fine only to find out that it was all a scam. You didn’t miss jury duty; you didn’t commit a crime — you were just tricked into thinking that you did.
Sound unbelievable? It’s more likely than you’d think.
According to ZDNet1, the FBI released a warning about scammers impersonating government officials or law enforcement agencies to steal personal information and money from unsuspecting people.
After acquiring phone numbers and names from real users, scammers use fake credentials from well-known law enforcement agencies to contact victims. Under the guise of these officials, scammers claim that the user’s identity was used in a crime and ask them to provide their social security number and date of birth for verification. The fraudsters will also call or text about apparently missed jury duty, missed court dates, warrants out for arrest, or other local fines that require payment to be solved.
These criminals demand payment in multiple forms, but the most common are prepaid cards, wire transfers, and cash sent through mail or through cryptocurrency ATMs. If victims do not pay these fines or provide their personal information, the scammers in disguise will threaten them with potential prosecution or arrest.
The FBI states that no law enforcement agency will ever contact you asking for money, but if you’re still unsure whether you’re being scammed, here are a few more phishing tips that can help:
Unsolicited phone calls or texts are best avoided altogether or confirmed with a second source. Verify the caller’s identity with the organization they claim they represent. Ask for a name and position and make it clear you will be following up to verify their identity.
Do not reveal any personal or financial information over the phone, through text, or through a link provided in a text message.
Generic greetings that do not address you by name, especially when asking you to verify your identity or pay a fine, are a definite indicator that you may be being scammed.
Any strange grammar or spelling mistakes in a text message can be signs that this is someone impersonating an official agency, company, or higher-up to scam you.
Although scammers try to trick users over the phone, phishing scams can also happen over email. In addition to the tactics mentioned above, here are some extra tips on how to detect and avoid phishing emails:
Cybercriminals will often impersonate well-known brands or individuals by using fraudulent email addresses with just a few alterations of letters or characters. An example is an email address that appears as “bank0famerica.con.”
If you receive a message or email with a link, hover over the link without clicking on it. This will allow you to see a link preview. If the URL looks suspicious or doesn’t match up with the content in the email, do not interact with it and delete the entire message.
Be cautious of any attachment in an email. Scammers often use attachments as a sneaky way to deliver viruses and malware onto unsuspecting people’s devices.
Phishing scams can be deceitful, especially with the added pressure of a seemingly real (but definitely fake) government official or law enforcement agency accusing you of breaking the law. However, by following the tips outlined above, you’ll be able to spot these scams from a mile away and stay safer online!
The post What the FBI Wants You to Know About the Latest Phishing Scheme appeared first on McAfee Blog.
Congratulations! You reached 10,000 steps today!
It’s a great feeling when a wearable fitness device vibrates to let you know when you hit the day’s fitness goal. The digital fireworks display that lights up your watch’s screen is a signal that you should keep on moving to challenge yourself more … or spend the rest of the day on the couch guilt-free.
While fitness wearable devices, trackers, and apps are excellent motivators for you, cybercriminals love them for their vulnerabilities and privacy loopholes. This doesn’t mean you have to chuck your expensive watch in the bin or delete your fitness apps from your smartphone. Awareness and smart habits go a long way in deterring cybercriminals. Keep reading to learn more about wearable technology vulnerabilities and how you can sidestep each.
Many fitness tracker apps and wearables are equipped with GPS. At the end of a run or long walk, you can view your exact route, sometimes with detailed maps that show street and town names. This tracking feature was potentially dangerous back in 2018 when a fitness app released a heat map of all its users’ running routes for the year, which clearly outlined secret military bases.1
Even if you’re stationed in a suburb and not hostile territory, you may consider the risks of sharing your location data. A determined criminal who has time to spare can guess your address and see the times of days when you’re commonly out at the gym or on a run.
When you purchase a wearable fitness device, you often have to pair it with an accompanying smartphone app to see your daily stats and tailor your fitness goals. Think about all the personally identifiable information (PII) that app now houses: your full name, password, address, height, weight, location, medical concerns, daily activity patterns, etc. In the hands of a cybercriminal, this information can bring a nefarious actor one step closer to impersonating you. Plus, if your health data makes it onto the dark web or is sold to health companies, it may result in serious privacy concerns.
Luckily, there are ways to get peace of mind about the security of your identity. Identity protection services, such as McAfee Identity Monitoring Service, provide expert identity theft support and up to $1 million in identity theft coverage.
Wearable devices complement any athleisure outfit and are a fun way to inspire athletic competition between a group of friends. Here are a few ways you can patch some of their security shortcomings:
When you first purchase any new device, fitness trackers included, your first step should always be to reset the factory password. Cybercriminals know that many people often skip this step, making it easy for them to walk right into new accounts. If you have a hard time remembering your passwords, consider entrusting them to a password manager to remember them for you. McAfee True Key makes it so that you only have to remember one master password to unlock the rest, and it’s protected by one of the strongest encryption algorithms available.
This is a tip you should consider for all your social media accounts. When you post about your life online, you actually divulge a lot of personal details that are helpful to cybercriminals. In the case of fitness trackers and apps, sharing the times of day when you go to the gym, are at the local track, or are on a bike path may give a criminal an idea of windows during the day when your home is empty. It’s unsettling to think that strangers can track your whereabouts, so it’s best to keep those details exclusive to people you personally know and trust.
In the case of fitness trackers and apps, a savvy cybercriminal may be able take an educated guess at your address, with which they can do a myriad of nefarious activities. Some running and fitness apps may be able to still create maps of your running routes but erase street names and other landmarks to make it more private. But when in doubt, turn off geolocation.
Fitness trackers are a fun way to stir up some friendly competition, keep connected with your fit friends, and motivate yourself to exercise and maintain healthy habits. While you’re shopping for a new device or when evaluating your current tracker, keep these tips in mind to enjoy this technology to its fullest.
The post Why You Should Care About Fitness Tracker Security appeared first on McAfee Blog.
The U.S. Department of Justice (DOJ) recently revised its policy on charging violations of the Computer Fraud and Abuse Act (CFAA), a 1986 law that remains the primary statute by which federal prosecutors pursue cybercrime cases. The new guidelines state that prosecutors should avoid charging security researchers who operate in “good faith” when finding and reporting vulnerabilities. But legal experts continue to advise researchers to proceed with caution, noting the new guidelines can’t be used as a defense in court, nor are they any kind of shield against civil prosecution.
In a statement about the changes, Deputy Attorney General Lisa O. Monaco said the DOJ “has never been interested in prosecuting good-faith computer security research as a crime,” and that the new guidelines “promote cybersecurity by providing clarity for good-faith security researchers who root out vulnerabilities for the common good.”
What constitutes “good faith security research?” The DOJ’s new policy (PDF) borrows language from a Library of Congress rulemaking (PDF) on the Digital Millennium Copyright Act (DMCA), a similarly controversial law that criminalizes production and dissemination of technologies or services designed to circumvent measures that control access to copyrighted works. According to the government, good faith security research means:
“…accessing a computer solely for purposes of good-faith testing, investigation, and/or correction of a security flaw or vulnerability, where such activity is carried out in a manner designed to avoid any harm to individuals or the public, and where the information derived from the activity is used primarily to promote the security or safety of the class of devices, machines, or online services to which the accessed computer belongs, or those who use such devices, machines, or online services.”
“Security research not conducted in good faith — for example, for the purpose of discovering security holes in devices, machines, or services in order to extort the owners of such devices, machines, or services — might be called ‘research,’ but is not in good faith.”
The new DOJ policy comes in response to a Supreme Court ruling last year in Van Buren v. United States (PDF), a case involving a former police sergeant in Florida who was convicted of CFAA violations after a friend paid him to use police resources to look up information on a private citizen.
But in an opinion authored by Justice Amy Coney Barrett, the Supreme Court held that the CFAA does not apply to a person who obtains electronic information that they are otherwise authorized to access and then misuses that information.
Orin Kerr, a law professor at University of California, Berkeley, said the DOJ’s updated policy was expected given the Supreme Court ruling in the Van Buren case. Kerr noted that while the new policy says one measure of “good faith” involves researchers taking steps to prevent harm to third parties, what exactly those steps might constitute is another matter.
“The DOJ is making clear they’re not going to prosecute good faith security researchers, but be really careful before you rely on that,” Kerr said. “First, because you could still get sued [civilly, by the party to whom the vulnerability is being reported], but also the line as to what is legitimate security research and what isn’t is still murky.”
Kerr said the new policy also gives CFAA defendants no additional cause for action.
“A lawyer for the defendant can make the pitch that something is good faith security research, but it’s not enforceable,” Kerr said. “Meaning, if the DOJ does bring a CFAA charge, the defendant can’t move to dismiss it on the grounds that it’s good faith security research.”
Kerr added that he can’t think of a CFAA case where this policy would have made a substantive difference.
“I don’t think the DOJ is giving up much, but there’s a lot of hacking that could be covered under good faith security research that they’re saying they won’t prosecute, and it will be interesting to see what happens there,” he said.
The new policy also clarifies other types of potential CFAA violations that are not to be charged. Most of these include violations of a technology provider’s terms of service, and here the DOJ says “violating an access restriction contained in a term of service are not themselves sufficient to warrant federal criminal charges.” Some examples include:
-Embellishing an online dating profile contrary to the terms of service of the dating website;
-Creating fictional accounts on hiring, housing, or rental websites;
-Using a pseudonym on a social networking site that prohibits them;
-Checking sports scores or paying bills at work.
Kerr’s warning about the dangers that security researchers face from civil prosecution is well-founded. KrebsOnSecurity regularly hears from security researchers seeking advice on how to handle reporting a security vulnerability or data exposure. In most of these cases, the researcher isn’t worried that the government is going to come after them: It’s that they’re going to get sued by the company responsible for the security vulnerability or data leak.
Often these conversations center around the researcher’s desire to weigh the rewards of gaining recognition for their discoveries with the risk of being targeted with costly civil lawsuits. And almost just as often, the source of the researcher’s unease is that they recognize they might have taken their discovery just a tad too far.
Here’s a common example: A researcher finds a vulnerability in a website that allows them to individually retrieve every customer record in a database. But instead of simply polling a few records that could be used as a proof-of-concept and shared with the vulnerable website, the researcher decides to download every single file on the server.
Not infrequently, there is also concern because at some point the researcher suspected that their automated activities might have actually caused stability or uptime issues with certain services they were testing. Here, the researcher is usually concerned about approaching the vulnerable website or vendor because they worry their activities may already have been identified internally as some sort of external cyberattack.
What do I take away from these conversations? Some of the most trusted and feared security researchers in the industry today gained that esteem not by constantly taking things to extremes and skirting the law, but rather by publicly exercising restraint in the use of their powers and knowledge — and by being effective at communicating their findings in a way that maximizes the help and minimizes the potential harm.
If you believe you’ve discovered a security vulnerability or data exposure, try to consider first how you might defend your actions to the vulnerable website or vendor before embarking on any automated or semi-automated activity that the organization might reasonably misconstrue as a cyberattack. In other words, try as best you can to minimize the potential harm to the vulnerable site or vendor in question, and don’t go further than you need to prove your point.
Security that is hard to deploy and complex to manage needs to become a distant memory if businesses are to be resilient through times of uncertainty. Even something as critical as a firewall, the sentinel in the security stack, can often require a lengthy setup, ongoing maintenance, and disjointed management. Over the long run, these additional costs accrue and can have a negative impact on security programs. When budgets are constrained, these effects can be exacerbated and become a barrier to providing the level of security organizations need to protect the integrity of their business.
At Cisco we have a rich history overcoming this challenge with Cisco Secure Firewall. Forrester Consulting recently conducted an independent analysis of organizations using Secure Firewall. The study showed that customers realized a 195% in total ROI when managing their firewall fleet through Cisco Secure Firewall Management Center (FMC). Improvements to security workflows through the FMC, which include deploying, managing, and updating policy, were the largest contributing factor to the tune of $18.6 million in total benefits achieved. The Forrester study states that “organizations reduced network operation work streams by up to 95%. Thanks to the latest features of Cisco Secure Firewall and the ease of management via Firewall Management Center.”
We are not done. Today we boost productivity even further, with the new cloud-delivered version of FMC within the Cisco Defense Orchestrator (CDO) platform. This leap brings all the features from FMC into the cloud and consolidates firewall management. Organizations save time, increase security, and gain a positive ROI. With cloud-delivered FMC, manually managing updates is a thing of the past. An agile delivery of updates is built in to ensure uptime, so you can focus on your most important priorities — protecting the integrity of the business with increased firewall capabilities. The CDO platform unifies the lifecycle of policy management across multiple Cisco security solutions in our cloud. By bringing the FMC experience directly into CDO, end users enjoy the same look, functionality, and workflow as on-premises and virtual versions of Firewall Management Center. Without the usual learning curve within a new “experience,” migration to the cloud is simplified. Organizations can now propel cloud-first strategies and enable the rapid delivery of firewall services no matter where your network may roam.
“Moving FMC into CDO isn’t just about cost savings for today and powering security resilience with flexibility and choice. We are also putting a firm foot into the near future for SASE and achieving unified policy across the multienvironment IT.”– Justin Buchanan, Sr. Director Product Management, Cisco Secure
Traditionally, customers have deployed FMC as a physical or virtual appliance. Now in addition to cost savings, security resilience is driving an increased need for hybrid multicloud deployments. Leveraging public cloud infrastructures, organizations are becoming more cost efficient — cloud-delivered applications reduce change management and operational overhead. But they are also ensuring organizations have the agility required to deploy network security workloads where and how they want to remain agile and adapt to uncertainty.
Hybrid work and business continuity is made possible within the CDO platform. A cloud-based and centralized platform unifies firewall management across the Cisco Secure and Meraki portfolio and provides the foundation to unify policy across the distributed network all within a platform that is built to drive increased ROI and preserve the user experience. IT can control and manage firewall policy from anywhere along with a low-touch provisioning and onboarding process for branch and firewall deployments. The cloud-delivered FMC integrates with Cisco Secure Analytics & Logging, and, as a result, enhanced data retention and meeting stringent compliance requirements has never been easier. Whether you are part of a smaller organization or a larger enterprise, you control how many Cisco Secure Firewalls are managed through the cloud-delivered FMC, and easily scale that number. So, when it comes to simplicity at scale, CDO is your answer.
To learn more about Cisco Secure Firewall Management Center, visit our product page and read the entire Forrester report here.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
Authorities in the United States, Germany, the Netherlands and the U.K. last week said they dismantled the “RSOCKS” botnet, a collection of millions of hacked devices that were sold as “proxies” to cybercriminals looking for ways to route their malicious traffic through someone else’s computer. While the coordinated action did not name the Russian hackers allegedly behind RSOCKS, KrebsOnSecurity has identified its owner as a 35-year-old Russian man living abroad who also runs the world’s top spam forum.
The RUSdot mailer, the email spamming tool made and sold by the administrator of RSOCKS.
According to a statement by the U.S. Department of Justice, RSOCKS offered clients access to IP addresses assigned to devices that had been hacked:
“A cybercriminal who wanted to utilize the RSOCKS platform could use a web browser to navigate to a web-based ‘storefront’ (i.e., a public web site that allows users to purchase access to the botnet), which allowed the customer to pay to rent access to a pool of proxies for a specified daily, weekly, or monthly time period. The cost for access to a pool of RSOCKS proxies ranged from $30 per day for access to 2,000 proxies to $200 per day for access to 90,000 proxies.”
The DOJ’s statement doesn’t mention that RSOCKS has been in operation since 2014, when access to the web store for the botnet was first advertised on multiple Russian-language cybercrime forums.
The user “RSOCKS” on the Russian crime forum Verified changed his name to RSOCKS from a previous handle: “Stanx,” whose very first sales thread on Verified in 2016 quickly ran afoul of the forum’s rules and prompted a public chastisement by the forum’s administrator.
Verified was hacked twice in the past few years, and each time the private messages of all users on the forum were leaked. Those messages show that after being warned of his forum infraction, Stanx sent a private message to the Verified administrator detailing his cybercriminal bona fides.
“I am the owner of the RUSdot forum (former Spamdot),” Stanx wrote in Sept. 2016. “In spam topics, people know me as a reliable person.”
A Google-translated version of the Rusdot spam forum.
RUSdot is the successor forum to Spamdot, a far more secretive and restricted forum where most of the world’s top spammers, virus writers and cybercriminals collaborated for years before the community’s implosion in 2010. Even today, the RUSdot Mailer is advertised for sale at the top of the RUSdot community forum.
Stanx said he was a longtime member of several major forums, including the Russian hacker forum Antichat (since 2005), and the Russian crime forum Exploit (since April 2013). In an early post to Antichat in January 2005, Stanx disclosed that he is from Omsk, a large city in the Siberian region of Russia.
According to the cyber intelligence firm Intel 471, the user Stanx indeed registered on Exploit in 2013, using the email address stanx@rusdot.com, and the ICQ number 399611. A search in Google for that ICQ number turns up a cached version of a Vkontakte profile for a Denis “Neo” Kloster, from Omsk, Russia.
Cybersecurity firm Constella Intelligence shows that in 2017, someone using the email address istanx@gmail.com registered at the Russian freelancer job site fl.ru with the profile name of “Denis Kloster” and the Omsk phone number of 79136334444. Another record indexed by Constella suggests Denis’s real surname may in fact be “Emilyantsev” [Емельянцев].
That phone number is tied to the WHOIS registration records for multiple domain names over the years, including proxy[.]info, allproxy[.]info, kloster.pro and deniskloster.com.
A copy of the passport for Denis Kloster, as posted to his Vkontakte page in 2019. It shows that in Oct. 2019, he obtained a visa from the American Embassy in Bangkok, Thailand.
The “about me” section of DenisKloster.com says the 35-year-old was born in Omsk, that he got his first computer at age 12, and graduated from high school at 16. Kloster says he’s worked in many large companies in Omsk as a system administrator, web developer and photographer.
According to Kloster’s blog, his first real job was running an “online advertising” firm he founded called Internet Advertising Omsk (“riOmsk“), and that he even lived in New York City for a while.
“Something new was required and I decided to leave Omsk and try to live in the States,” Kloster wrote in 2013. “I opened an American visa for myself, it was not difficult to get. And so I moved to live in New York, the largest city in the world, in a country where all wishes come true. But even this was not enough for me, and since then I began to travel the world.”
The current version of the About Me page on Kloster’s site says he closed his advertising business in 2013 to travel the world and focus on his new company: One that provides security and anonymity services to customers around the world. Kloster’s vanity website and LinkedIn page both list him as CEO of a company called “SL MobPartners.”
In 2016, Deniskloster.com featured a post celebrating three years in operation. The anniversary post said Kloster’s anonymity business had grown to nearly two dozen employees, most of whom were included in a group photo posted to that article (and some of whom Kloster thanked by their first names and last initials).
The employees who kept things running for RSOCKS, circa 2016.
“Thanks to you, we are now developing in the field of information security and anonymity!,” the post enthuses. “We make products that are used by thousands of people around the world, and this is very cool! And this is just the beginning!!! We don’t just work together and we’re not just friends, we’re Family.”
Mr. Kloster did not respond to repeated requests for comment.
It’s not clear if the coordinated takedown targeting the RSOCKS botnet will be permanent, as the botnet’s owners could simply rebuild — and possibly rebrand — their crime machine. Based on the RSOCKS owner’s posts, that is exactly what they intend to do.
“RSocks ceases to exist,” wrote the Rsocks account on the BlackHatWorld forum on June 17. “But don’t worry. All the active plans and fund balances will be transferred to another service. Stay tuned. We will inform you about its name and all the details later.”
Rsocks told the BlackHatWorld community they would be back soon under a new name.
Malware-based proxy services like RSOCKS have struggled to remain competitive in a cybercrime market with increasingly sophisticated proxy services that offer many additional features. The demise of RSOCKS follows closely on the heels of VIP72[.]com, a competing proxy botnet service that operated for a decade before its owners pulled the plug on the service last year.
In the spirit of #PrideMonth, McAfee hosted month-long celebrations across the world. One of these was a live event hosted by the McAfee Pride Community with a guest speaker from the Resource Center that focused on the history of Pride, support, allyship, and belonging.
We took a moment to ask our event guest speaker, Leslie McMurray, about the work that Resource Center does, the importance of pride, and what companies can do to create inclusive work environments.
“We like to say, if we had an “elevator pitch”, we would need a really tall building! Resource Center has been around for 39 years and is one of the largest LGBTQIA+ community centers in the United States, it is a primary HIV/AIDS service organization in Texas.
Some of the work that we do includes operating a food pantry and hot meal program that serves low-income people living with HIV. We have a case management department that helps locate resources that we don’t directly provide, like housing. And we have a primary care clinic that is gender-affirming and a ten-chair dental clinic that also serves those living with HIV.
We also have a youth program called Youth First that serves youth from middle-to-high school. We have a behavioral health program and a clinic that does free testing for HIV and STDs along with a mobile health unit that does free testing in outlying areas. Finally, our advocacy department has three full-time employees!
“Sometimes we get asked “What’s ‘Pride’ about? Why do you need a parade?”
It’s important to understand that LGBTQIA+ people are still working to achieve equal rights – the same as everyone else.
The tipping point of the fight for equal rights in the US dates back to 1969 when the Stonewall Uprising took place in Manhattan. The first Pride march was held a year later to honor the anniversary of the Stonewall Uprising and continues to take place during the month of June each year. And while we appreciate the attention during the month, the continued fight for equal rights for the LGBTQIA+ community is yearly, and we need continuous support and allyship of people and businesses year-round.
So it’s really important for people to learn about diverse populations, understand what their challenges are, and educate yourself on these issues – from that spring’s allies.”
“One of the simplest things for companies to do is to include ‘Sexual Orientation, Gender Identity and Gender expression’ in your Equal Employment Opportunity statement. Other things companies can do is to look at putting a policy in place for transgender employees who are transitioning and consider including transgender healthcare in your company benefits package.
Make sure to help foster understanding by getting employees to do training with organizations like Resource Center. And empower upper management to lead the way ensuring all employees can bring their whole selves to work. Finally, when the opportunity arises look at working with and bringing in non-profit organizations into your company to continue spreading awareness and support for the LGBTQIA+ community.
And while June wraps up Pride month, year-round we work towards a workplace and community where all can belong – a workplace where our unique differences are celebrated and where we all stand together for equality. #McAfeePride
Learn more about the incredible work that Resource Center does here
Interested in building your career at a company where you can belong? Search our openings!
The post #McAfeePride2022 appeared first on McAfee Blog.
Twice in the past month KrebsOnSecurity has heard from readers who had their accounts at big-three credit bureau Experian hacked and updated with a new email address that wasn’t theirs. In both cases the readers used password managers to select strong, unique passwords for their Experian accounts. Research suggests identity thieves were able to hijack the accounts simply by signing up for new accounts at Experian using the victim’s personal information and a different email address.
John Turner is a software engineer based in Salt Lake City. Turner said he created the account at Experian in 2020 to place a security freeze on his credit file, and that he used a password manager to select and store a strong, unique password for his Experian account.
Turner said that in early June 2022 he received an email from Experian saying the email address on his account had been changed. Experian’s password reset process was useless at that point because any password reset links would be sent to the new (impostor’s) email address.
An Experian support person Turner reached via phone after a lengthy hold time asked for his Social Security Number (SSN) and date of birth, as well as his account PIN and answers to his secret questions. But the PIN and secret questions had already been changed by whoever re-signed up as him at Experian.
“I was able to answer the credit report questions successfully, which authenticated me to their system,” Turner said. “At that point, the representative read me the current stored security questions and PIN, and they were definitely not things I would have used.”
Turner said he was able to regain control over his Experian account by creating a new account. But now he’s wondering what else he could do to prevent another account compromise.
“The most frustrating part of this whole thing is that I received multiple ‘here’s your login information’ emails later that I attributed to the original attackers coming back and attempting to use the ‘forgot email/username’ flow, likely using my SSN and DOB, but it didn’t go to their email that they were expecting,” Turner said. “Given that Experian doesn’t support two-factor authentication of any kind — and that I don’t know how they were able to get access to my account in the first place — I’ve felt very helpless ever since.”
Arthur Rishi is a musician and co-executive director of the Boston Landmarks Orchestra. Rishi said he recently discovered his Experian account had been hijacked after receiving an alert from his credit monitoring service (not Experian’s) that someone had tried to open an account in his name at JPMorgan Chase.
Rishi said the alert surprised him because his credit file at Experian was frozen at the time, and Experian did not notify him about any activity on his account. Rishi said Chase agreed to cancel the unauthorized account application, and even rescinded its credit inquiry (each credit pull can ding your credit score slightly).
But he never could get anyone from Experian’s support to answer the phone, despite spending what seemed like eternity trying to progress through the company’s phone-based system. That’s when Rishi decided to see if he could create a new account for himself at Experian.
“I was able to open a new account at Experian starting from scratch, using my SSN, date of birth and answering some really basic questions, like what kind of car did you take out a loan for, or what city did you used to live in,’ Rishi said.
Upon completing the sign-up, Rishi noticed that his credit was unfrozen.
Like Turner, Rishi is now worried that identity thieves will just hijack his Experian account once more, and that there is nothing he can do to prevent such a scenario. For now, Rishi has decided to pay Experian $25.99 a month to more closely monitor his account for suspicious activity. Even using the paid Experian service, there were no additional multi-factor authentication options available, although he said Experian did send a one-time code to his phone via SMS recently when he logged on.
“Experian now sometimes does require MFA for me if I use a new browser or have my VPN on,” Rishi said, but he’s not sure if Experian’s free service would have operated differently.
“I get so angry when I think about all this,” he said. “I have no confidence this won’t happen again.”
In a written statement, Experian suggested that what happened to Rishi and Turner was not a normal occurrence, and that its security and identity verification practices extend beyond what is visible to the user.
“We believe these are isolated incidents of fraud using stolen consumer information,” Experian’s statement reads. “Specific to your question, once an Experian account is created, if someone attempts to create a second Experian account, our systems will notify the original email on file.”
“We go beyond reliance on personally identifiable information (PII) or a consumer’s ability to answer knowledge-based authentication questions to access our systems,” the statement continues. “We do not disclose additional processes for obvious security reasons; however, our data and analytical capabilities verify identity elements across multiple data sources and are not visible to the consumer. This is designed to create a more positive experience for our consumers and to provide additional layers of protection. We take consumer privacy and security seriously, and we continually review our security processes to guard against constant and evolving threats posed by fraudsters.”
KrebsOnSecurity sought to replicate Turner and Rishi’s experience — to see if Experian would allow me to re-create my account using my personal information but a different email address. The experiment was done from a different computer and Internet address than the one that created the original account years ago.
After providing my Social Security Number (SSN), date of birth, and answering several multiple choice questions whose answers are derived almost entirely from public records, Experian promptly changed the email address associated with my credit file. It did so without first confirming that new email address could respond to messages, or that the previous email address approved the change.
Experian’s system then sent an automated message to the original email address on file, saying the account’s email address had been changed. The only recourse Experian offered in the alert was to sign in, or send an email to an Experian inbox that replies with the message, “this email address is no longer monitored.”
After that, Experian prompted me to select new secret questions and answers, as well as a new account PIN — effectively erasing the account’s previously chosen PIN and recovery questions. Once I’d changed the PIN and security questions, Experian’s site helpfully reminded me that I have a security freeze on file, and would I like to remove or temporarily lift the security freeze?
To be clear, Experian does have a business unit that sells one-time password services to businesses. While Experian’s system did ask for a mobile number when I signed up a second time, at no time did that number receive a notification from Experian. Also, I could see no option in my account to enable multi-factor authentication for all logins.
How does Experian differ from the practices of Equifax and TransUnion, the other two big consumer credit reporting bureaus? When KrebsOnSecurity tried to re-create an existing account at TransUnion using my Social Security number, TransUnion rejected the application, noting that I already had an account and prompting me to proceed through its lost password flow. The company also appears to send an email to the address on file asking to validate account changes.
Likewise, trying to recreate an existing account at Equifax using personal information tied to my existing account prompts Equifax’s systems to report that I already have an account, and to use their password reset process (which involves sending a verification email to the address on file).
KrebsOnSecurity has long urged readers in the United States to place a security freeze on their files with the three major credit bureaus. With a freeze in place, potential creditors can’t pull your credit file, which makes it very unlikely anyone will be granted new lines of credit in your name. I’ve also advised readers to plant their flag at the three major bureaus, to prevent identity thieves from creating an account for you and assuming control over your identity.
The experiences of Rishi, Turner and this author suggest Experian’s practices currently undermine both of those proactive security measures. Even so, having an active account at Experian may be the only way you find out when crooks have assumed your identity. Because at least then you should receive an email from Experian saying they gave your identity to someone else.
In April 2021, KrebsOnSecurity revealed how identity thieves were exploiting lax authentication on Experian’s PIN retrieval page to unfreeze consumer credit files. In those cases, Experian failed to send any notice via email when a freeze PIN was retrieved, nor did it require the PIN to be sent to an email address already associated with the consumer’s account.
A few days after that April 2021 story, KrebsOnSecurity broke the news that an Experian API was exposing the credit scores of most Americans.
Emory Roan, policy counsel for the Privacy Rights Clearinghouse, said Experian not offering multi-factor authentication for consumer accounts is inexcusable in 2022.
“They compound the problem by gating the recovery process with information that’s likely available or inferable from third party data brokers, or that could have been exposed in previous data breaches,” Roan said. “Experian is one of the largest Consumer Reporting Agencies in the country, trusted as one of the few essential players in a credit system Americans are forced to be part of. For them to not offer consumers some form of (free) MFA is baffling and reflects extremely poorly on Experian.”
Nicholas Weaver, a researcher for the International Computer Science Institute at University of California, Berkeley, said Experian has no real incentive to do things right on the consumer side of its business. That is, he said, unless Experian’s customers — banks and other lenders — choose to vote with their feet because too many people with frozen credit files are having to deal with unauthorized applications for new credit.
“The actual customers of the credit service don’t realize how much worse Experian is, and this isn’t the first time Experian has screwed up horribly,” Weaver said. “Experian is part of a triopoly, and I’m sure this is costing their actual customers money, because if you have a credit freeze that gets lifted and somebody loans against it, it’s the lender who eats that fraud cost.”
And unlike consumers, he said, lenders do have a choice in which of the triopoly handles their credit checks.
“I do think it’s important to point out that their real customers do have a choice, and they should switch to TransUnion and Equifax,” he added.
More greatest hits from Experian:
2017: Experian Site Can Give Anyone Your Credit Freeze PIN
2015: Experian Breach Affects 15 Million Customers
2015: Experian Breach Tied to NY-NJ ID Theft Ring
2015: At Experian, Security Attrition Amid Acquisitions
2015: Experian Hit With Class Action Over ID Theft Service
2014: Experian Lapse Allowed ID Theft Service Access to 200 Million Consumer Records
2013: Experian Sold Consumer Data to ID Theft Service
Update, 10:32 a.m.: Updated the story to clarify that while Experian does sometimes ask users to enter a one-time code sent via SMS to the number on file, there does not appear to be any option to enable this on all logins.
Our How I Got Here series spotlights the stories of team members who have successfully grown their careers here at McAfee. This journey features Jeremy whose passion for learning has seen him grow his career in our Technology Services Team.
In 2015, I started as a contract worker to help manage network cabling in McAfee’s buildings. While I was doing that, I was also asked to help manage our voice network (think of this as phones and conference lines) for North and South America. A year after working in both of those roles, I was asked to focus on voice network engineering. After a couple of years, I began training as an engineer for our audio-visual workspace, which helps bring efficiency and centralization to our conference room communications and collaboration tools. And today, I am a Unified Communications Engineer!
My other role within McAfee is Co-President of the McAfee Veterans Community. I absolutely love the community of veterans from around the globe and our community allies. It’s a wonderful group of people who are always willing to serve their local communities. We have hosted inspiring guest speakers, and volunteer events, and continue to hold monthly virtual Coffee Talks and Happy Hours.
I don’t believe that I’ve ever had a typical workday. One moment I’m entering new employees into our systems, and the next I’m providing backend call-center support. I also help run our big Microsoft Teams live events. And, of course, I troubleshoot communications issues as they arise.
I truly enjoy working with the Technology Services team and especially the Voice and Video Team. Being able to collaborate with such wonderful teams is a really rewarding part of my role.
For about a decade in my previous role, I managed a team doing general upkeep in computer systems and I felt really comfortable doing that! I joined McAfee to do a similar role, but shortly afterward I was asked to pivot to more of an engineering role. It was a bit overwhelming at first, but luckily the team I was with was very helpful and supportive of my learning curve. Even though it was out of my comfort zone, I’m so glad I was given the opportunity – it has blessed mine and my family’s life!
To never stop learning. There is ALWAYS something to learn and someone who can mentor you. I believe that if you are surrounded by smart people (and pay attention), you can’t help but learn and grow! I absolutely love to learn, so this has been one of top of the reasons why I have loved my job since my very first day.
The post Don’t Stop Learning! Jeremy’s McAfee Journey appeared first on McAfee Blog.
Our How I Got Here series spotlights the stories of team members who have successfully grown their career here at McAfee. This journey features Gayatri who kicked off her second career at McAfee after leaving her role and returning to further education.
McAfee truly kicked off my second career journey! I previously worked as a Software Engineer before I joined the McAfee Pre-sales Operations team as a summer intern as part of my business graduate program. One thing led to another, and I joined McAfee full-time as a Technical Project Analyst after I graduated later that year!
I’ve always believed in having a growth mindset, I embrace learning and looking for ways to build on my achievements. I’m proud to be part of an organization that nurtures this and helps you pursue your passions. For example, in 2019 I moved from a team focused on products and services for large businesses to a team focused on individual consumers. The needs of consumers versus big businesses are very different, so the business operations work supporting that focus are very different as well. It was a steep learning curve, but I felt supported every step of the way, and since then have grown so much!
Back in 2011, I was a software engineer spending my days doing programming and web development. While I was happy doing that, it was after working on many client-facing projects that I aspired to work at the intersection of business and technology. So, I left engineering and went to business school.
Taking a break from my full-time job to pursue formal business education in a new country was a big step outside my comfort zone. It was challenging to find balance, but the journey was worth it!
Today, I am a Sales Enablement and Operations Manager supporting sales teams all over the world. My focus areas include managing platforms and tools like Salesforce, Power BI, and SharePoint Sales Portal, as well as our department’s training and enablement programs – in other words, technology and professional development that help our team members be successful. Plus, I’m a key team member for an array of programs and projects that are pushing the business forward.
My work is highly collaborative, and I really enjoy working on projects with colleagues across different departments all over the world. I get to see the bigger picture, better understand the business context, and see the WHY behind the initiatives we drive.
From business projects to being a part of the McAfee WISE (Women in Security) Board, it’s the people, culture, and opportunity that sets McAfee apart. I love working with the amazing people at McAfee!
Underlying it all: Working at McAfee matters because ultimately what we do helps protect lives of millions of people online.
I have come to realize that the pain of staying the same is greater than the pain of changing and growing. Develop a growth mindset to keep moving forward!
The post Kicking off my Second Career: Gayatri’s McAfee Journey appeared first on McAfee Blog.
It’s been seven years since the online cheating site AshleyMadison.com was hacked and highly sensitive data about its users posted online. The leak led to the public shaming and extortion of many Ashley Madison users, and to at least two suicides. To date, little is publicly known about the perpetrators or the true motivation for the attack. But a recent review of Ashley Madison mentions across Russian cybercrime forums and far-right websites in the months leading up to the hack revealed some previously unreported details that may deserve further scrutiny.
As first reported by KrebsOnSecurity on July 19, 2015, a group calling itself the “Impact Team” released data sampled from millions of users, as well as maps of internal company servers, employee network account information, company bank details and salary information.
The Impact Team said it decided to publish the information because ALM “profits on the pain of others,” and in response to a paid “full delete” service Ashley Madison parent firm Avid Life Media offered that allowed members to completely erase their profile information for a $19 fee.
According to the hackers, although the delete feature promised “removal of site usage history and personally identifiable information from the site,” users’ purchase details — including real name and address — weren’t actually scrubbed.
“Full Delete netted ALM $1.7mm in revenue in 2014. It’s also a complete lie,” the hacking group wrote. “Users almost always pay with credit card; their purchase details are not removed as promised, and include real name and address, which is of course the most important information the users want removed.”
A snippet of the message left behind by the Impact Team.
The Impact Team said ALM had one month to take Ashley Madison offline, along with a sister property called Established Men. The hackers promised that if a month passed and the company did not capitulate, it would release “all customer records, including profiles with all the customers’ secret sexual fantasies and matching credit card transactions, real names and addresses, and employee documents and emails.”
Exactly 30 days later, on Aug. 18, 2015, the Impact Team posted a “Time’s up!” message online, along with links to 60 gigabytes of Ashley Madison user data.
One aspect of the Ashley Madison breach that’s always bothered me is how the perpetrators largely cast themselves as fighting a crooked company that broke their privacy promises, and how this narrative was sustained at least until the Impact Team decided to leak all of the stolen user account data in August 2015.
Granted, ALM had a lot to answer for. For starters, after the breach it became clear that a great many of the female Ashley Madison profiles were either bots or created once and never used again. Experts combing through the leaked user data determined that fewer than one percent of the female profiles on Ashley Madison had been used on a regular basis, and the rest were used just once — on the day they were created. On top of that, researchers found 84 percent of the profiles were male.
But the Impact Team had to know that ALM would never comply with their demands to dismantle Ashley Madison and Established Men. In 2014, ALM reported revenues of $115 million. There was little chance the company was going to shut down some of its biggest money machines.
Hence, it appears the Impact Team’s goal all along was to create prodigious amounts of drama and tension by announcing the hack of a major cheating website, and then letting that drama play out over the next few months as millions of exposed Ashley Madison users freaked out and became the targets of extortion attacks and public shaming.
Robert Graham, CEO of Errata Security, penned a blog post in 2015 concluding that the moral outrage professed by the Impact Team was pure posturing.
“They appear to be motivated by the immorality of adultery, but in all probability, their motivation is that #1 it’s fun and #2 because they can,” Graham wrote.
Per Thorsheim, a security researcher in Norway, told Wired at the time that he believed the Impact Team was motivated by an urge to destroy ALM with as much aggression as they could muster.
“It’s not just for the fun and ‘because we can,’ nor is it just what I would call ‘moralistic fundamentalism,'” Thorsheim told Wired. “Given that the company had been moving toward an IPO right before the hack went public, the timing of the data leaks was likely no coincidence.”
As the seventh anniversary of the Ashley Madison hack rolled around, KrebsOnSecurity went back and looked for any mentions of Ashley Madison or ALM on cybercrime forums in the months leading up to the Impact Team’s initial announcement of the breach on July 19, 2015. There wasn’t much, except a Russian guy offering to sell payment and contact information on 32 million AshleyMadison users, and a bunch of Nazis upset about a successful Jewish CEO promoting adultery.
Cyber intelligence firm Intel 471 recorded a series of posts by a user with the handle “Brutium” on the Russian-language cybercrime forum Antichat between 2014 and 2016. Brutium routinely advertised the sale of large, hacked databases, and on Jan. 24, 2015, this user posted a thread offering to sell data on 32 million Ashley Madison users:
“Data from July 2015
Total ~32 Million contacts:
full name; email; phone numbers; payment, etc.”
It’s unclear whether the postdated “July 2015” statement was a typo, or if Brutium updated that sales thread at some point. There is also no indication whether anyone purchased the information. Brutium’s profile has since been removed from the Antichat forum.
Flashpoint is a threat intelligence company in New York City that keeps tabs on hundreds of cybercrime forums, as well as extremist and hate websites. A search in Flashpoint for mentions of Ashley Madison or ALM prior to July 19, 2015 shows that in the six months leading up to the hack, Ashley Madison and its then-CEO Noel Biderman became a frequent subject of derision across multiple neo-Nazi websites.
On Jan. 14, 2015, a member of the neo-Nazi forum Stormfront posted a lively thread about Ashley Madison in the general discussion area titled, “Jewish owned dating website promoting adultery.”
On July 3, 2015, Andrew Anglin, the editor of the alt-right publication Daily Stormer, posted excerpts about Biderman from a story titled, “Jewish Hyper-Sexualization of Western Culture,” which referred to Biderman as the “Jewish King of Infidelity.”
On July 10, a mocking montage of Biderman photos with racist captions was posted to the extremist website Vanguard News Network, as part of a thread called “Jews normalize sexual perversion.”
“Biderman himself says he’s a happily married father of two and does not cheat,” reads the story posted by Anglin on the Daily Stormer. “In an interview with the ‘Current Affair’ program in Australia, he admitted that if he found out his own wife was accessing his cheater’s site, ‘I would be devastated.'”
The leaked AshleyMadison data included more than three years’ worth of emails stolen from Biderman. The hackers told Motherboard in 2015 they had 300 GB worth of employee emails, but that they saw no need to dump the inboxes of other company employees.
Several media outlets pounced on salacious exchanges in Biderman’s emails as proof he had carried on multiple affairs. Biderman resigned as CEO on Aug. 28, 2015. The last message in the archive of Biderman’s stolen emails was dated July 7, 2015 — almost two weeks before the Impact Team would announce their hack.
Biderman told KrebsOnSecurity on July 19, 2015 that the company believed the hacker was some type of insider.
“We’re on the doorstep of [confirming] who we believe is the culprit, and unfortunately that may have triggered this mass publication,” Biderman said. “I’ve got their profile right in front of me, all their work credentials. It was definitely a person here that was not an employee but certainly had touched our technical services.”
Certain language in the Impact Team’s manifesto seemed to support this theory, such as the line: “For a company whose main promise is secrecy, it’s like you didn’t even try, like you thought you had never pissed anyone off.”
But despite ALM offering a belated $500,000 reward for information leading to the arrest and conviction of those responsible, to this day no one has been charged in connection with the hack.
Microleaves, a ten-year-old proxy service that lets customers route their web traffic through millions of Microsoft Windows computers, recently fixed a vulnerability in their website that exposed their entire user database. Microleaves claims its proxy software is installed with user consent, but data exposed in the breach shows the service has a lengthy history of being supplied with new proxies by affiliates incentivized to distribute the software any which way they can — such as by secretly bundling it with other titles.
The Microleaves proxy service, which is in the process of being rebranded to Shifter[.[io.
Launched in 2013, Microleaves is a service that allows customers to route their Internet traffic through PCs in virtually any country or city around the globe. Microleaves works by changing each customer’s Internet Protocol (IP) address every five to ten minutes.
The service, which accepts PayPal, Bitcoin and all major credit cards, is aimed primarily at enterprises engaged in repetitive, automated activity that often results in an IP address being temporarily blocked — such as data scraping, or mass-creating new accounts at some service online.
In response to a report about the data exposure from KrebsOnSecurity, Microleaves said it was grateful for being notified about a “very serious issue regarding our customer information.”
Abhishek Gupta is the PR and marketing manager for Microleaves, which he said in the process of being rebranded to “Shifter.io.” Gupta said the report qualified as a “medium” severity security issue in Shifter’s brand new bug bounty program (the site makes no mention of a bug bounty), which he said offers up to $2,000 for reporting data exposure issues like the one they just fixed. KrebsOnSecurity declined the offer and requested that Shifter donate the amount to the Electronic Frontier Foundation (EFF), a digital rights group.
From its inception nearly a decade ago, Microleaves has claimed to lease between 20-30 million IPs via its service at any time. Riley Kilmer, co-founder of the proxy-tracking service Spur.us, said that 20-30 million number might be accurate for Shifter if measured across a six-month time frame. Currently, Spur is tracking roughly a quarter-million proxies associated with Microleaves/Shifter each day, with a high rate of churn in IPs.
Early on, this rather large volume of IP addresses led many to speculate that Microleaves was just a botnet which was being resold as a commercial proxy service.
Proxy traffic related to top Microleaves users, as exposed by the website’s API.
The very first discussion thread started by the new user Microleaves on the forum BlackHatWorld in 2013 sought forum members who could help test and grow the proxy network. At the time, the Microleaves user said their proxy network had 150,000 IPs globally, and was growing quickly.
One of BlackHatWorld’s moderators asked the administrator of the forum to review the Microleaves post.
“User states has 150k proxies,” the forum skeptic wrote. “No seller on BHW has 150k working daily proxies none of us do. Which hints at a possible BOTNET. That’s the only way you will get 150k.”
Microleaves has long been classified by antivirus companies as adware or as a “potentially unwanted program” (PUP), the euphemism that antivirus companies use to describe executable files that get installed with ambiguous consent at best, and are often part of a bundle of software tied to some “free” download. Security vendor Kaspersky flags the Microleaves family of software as a trojan horse program that commandeers the user’s Internet connection as a proxy without notifying the user.
“While working, these Trojans pose as Microsoft Windows Update,” Kaspersky wrote.
In a February 2014 post to BlackHatWorld, Microleaves announced that its sister service — reverseproxies[.]com — was now offering an “Auto CAPTCHA Solving Service,” which automates the solving of those squiggly and sometimes frustrating puzzles that many websites use to distinguish bots from real visitors. The CAPTCHA service was offered as an add-on to the Microleaves proxy service, and ranged in price from $20 for a 2-day trial to $320 for solving up to 80 captchas simultaneously.
“We break normal Recaptcha with 60-90% success rate, recaptcha with blobs 30% success, and 500+ other captcha,” Microleaves wrote. “As you know all success rate on recaptcha depends very much on good proxies that are fresh and not spammed!”
The exposed Microleaves user database shows that the first user created on the service — username “admin” — used the email address alex.iulian@aol.com. A search on that email address in Constella Intelligence, a service that tracks breached data, reveals it was used to create an account at the link shortening service bit.ly under the name Alexandru Florea, and the username “Acidut.” [Full disclosure: Constella is currently an advertiser on this website].
According to the cyber intelligence company Intel 471, a user named Acidut with the email address iulyan87_4u@gmail.com had an active presence on almost a dozen shadowy money-making and cybercrime forums from 2010 to 2017, including BlackHatWorld, Carder[.]pro, Hackforums, OpenSC, and CPAElites.
The user Microleaves (later “Shifter.io”) advertised on BlackHatWorld the sale of 31 million residential IPs for use as proxies, in late 2013. The same account continues to sell subscriptions to Shifter.io.
In a 2011 post on Hackforums, Acidut said they were building a botnet using an “exploit kit,” a set of browser exploits made to be stitched into hacked websites and foist malware on visitors. Acidut claimed their exploit kit was generating 3,000 to 5,000 new bots each day. OpenSC was hacked at one point, and its private messages show Acidut purchased a license from Exmanoize, the handle used by the creator of the Eleonore Exploit Kit.
By November 2013, Acidut was advertising the sale of “26 million SOCKS residential proxies.” In a March 2016 post to CPAElites, Acidut said they had a worthwhile offer for people involved in pay-per-install or “PPI” schemes, which match criminal gangs who pay for malware installs with enterprising hackers looking to sell access to compromised PCs and websites.
Because pay-per-install affiliate schemes rarely impose restrictions on how the software can be installed, such programs can be appealing for cybercriminals who already control large collections of hacked machines and/or compromised websites. Indeed, Acidut went a step further, adding that their program could be quietly and invisibly nested inside of other programs.
“For those of you who are doing PPI I have a global offer that you can bundle to your installer,” Acidut wrote. “I am looking for many installs for an app that will generate website visits. The installer has a silence version which you can use inside your installer. I am looking to buy as many daily installs as possible worldwide, except China.”
Asked about the source of their proxies in 2014, the Microleaves user responded that it was “something related to a PPI network. I can’t say more and I won’t get into details.”
Acidut authored a similar message on the forum BlackHatWorld in 2013, where they encouraged users to contact them on Skype at the username “nevo.julian.” That same Skype contact address was listed prominently on the Microleaves homepage up until about a week ago when KrebsOnSecurity first reached out to the company.
There is a Facebook profile for an Alexandru Iulian Florea from Constanta, Romania, whose username on the social media network is Acidut. Prior to KrebsOnSecurity alerting Shifter of its data breach, the Acidut profile page associated Florea with the websites microleaves.com, shrooms.io, leftclick[.]io, and online[.]io. Mr. Florea did not respond to multiple requests for comment, and his Facebook page no longer mentions these domains.
Leftclick and online[.]io emerged as subsidiaries of Microleaves between 2017 and 2018. According to a help wanted ad posted in 2018 for a developer position at online[.]io, the company’s services were brazenly pitched to investors as “a cybersecurity and privacy tool kit, offering extensive protection using advanced adblocking, anti-tracking systems, malware protection, and revolutionary VPN access based on residential IPs.”
A teaser from Irish Tech News.
“Online[.]io is developing the first fully decentralized peer-to-peer networking technology and revolutionizing the browsing experience by making it faster, ad free, more reliable, secure and non-trackable, thus freeing the Internet from annoying ads, malware, and trackers,” reads the rest of that help wanted ad.
Microleaves CEO Alexandru Florea gave an “interview” to the website Irishtechnews.ie in 2018, in which he explained how Online[.]io (OIO) was going to upend the online advertising and security industries with its initial coin offering (ICO). The word interview is in air quotes because the following statements by Florea deserved some serious pushback by the interviewer.
“Online[.]io solution, developed using the Ethereum blockchain, aims at disrupting the digital advertising market valued at more than $1 trillion USD,” Alexandru enthused. “By staking OIO tokens and implementing our solution, the website operators will be able to access a new non-invasive revenue stream, which capitalizes on time spent by users online.”
“At the same time, internet users who stake OIO tokens will have the opportunity to monetize on the time spent online by themselves and their peers on the World Wide Web,” he continued. “The time spent by users online will lead to ICE tokens being mined, which in turn can be used in the dedicated merchant system or traded on exchanges and consequently changed to fiat.”
Translation: If you install our proxy bot/CAPTCHA-solver/ad software on your computer — or as an exploit kit on your website — we’ll make millions hijacking ads and you will be rewarded with heaps of soon-to-be-worthless shitcoin. Oh, and all your security woes will disappear, too.
It’s unclear how many Internet users and websites willingly agreed to get bombarded with Online[.]io’s annoying ads and search hijackers — and to have their PC turned into a proxy or CAPTCHA-solving zombie for others. But that is exactly what multiple security companies said happened when users encountered online[.]io, which operated using the Microsoft Windows process name of “online-guardian.exe.”
Incredibly, Crunchbase says Online[.]io raised $6 million in funding for an initial coin offering in 2018, based on the plainly ludicrous claims made above. Since then, however, online[.]io seems to have gone…offline, for good.
Until this week, Shifter.io’s website also exposed information about its customer base and most active users, as well as how much money each client has paid over the lifetime of their subscription. The data indicates Shifter has earned more than $11.7 million in direct payments, although it’s unclear how far back in time those payment records go, or how complete they are.
The bulk of Shifter customers who spent more than $100,000 at the proxy service appear to be digital advertising companies, including some located in the United States. None of the several Shifter customers approached by KrebsOnSecurity agreed to be interviewed.
Shifter’s Gupta said he’d been with the company for three years, since the new owner took over the company and made the rebrand to Shifter.
“The company has been on the market for a long time, but operated under a different brand called Microleaves, until new ownership and management took over the company started a reorganization process that is still on-going,” Gupta said. “We are fully transparent. Mostly [our customers] work in the data scraping niche, this is why we actually developed more products in this zone and made a big shift towards APIs and integrated solutions in the past year.”
Ah yes, the same APIs and integrated solutions that were found exposed to the Internet and leaking all of Shifter’s customer information.
Gupta said the original founder of Microleaves was a man from India, who later sold the business to Florea. According to Gupta, the Romanian entrepreneur had multiple issues in trying to run the company, and then sold it three years ago to the current owner — Super Tech Ventures, a private equity company based in Taiwan.
“Our CEO is Wang Wei, he has been with the company since 3 years ago,” Gupta said. “Mr. Florea left the company two years ago after ending this transition period.”
Google and other search engines seem to know nothing about a Super Tech Ventures based in Taiwan. Incredibly, Shifter’s own PR person claimed that he, too, was in the dark on this subject.
“I would love to help, but I really don’t know much about the mother company,” Gupta said, essentially walking back his “fully transparent” statement. “I know they are a branch of the bigger group of asian investment firms focused on private equity in multiple industries.”
Adware and proxy software are often bundled together with “free” software utilities online, or with popular software titles that have been pirated and quietly fused with installers tied to various PPI affiliate schemes.
But just as often, these intrusive programs will include some type of notice — even if installed as part of a software bundle — that many users simply do not read and click “Next” to get on with installing whatever software they’re seeking to use. In these cases, selecting the “basic” or “default” settings while installing usually hides any per-program installation prompts, and assumes you agree to all of the bundled programs being installed. It’s always best to opt for the “custom” installation mode, which can give you a better idea of what is actually being installed, and can let you control certain aspects of the installation.
Either way, it’s best to start with the assumption that if a software or service online is “free,” that there is likely some component involved that allows the provider of that service to monetize your activity. As KrebsOnSecurity noted at the conclusion of last week’s story on a China-based proxy service called 911, the rule of thumb for transacting online is that if you’re not the paying customer, then you and/or your devices are probably the product that’s being sold to others.
Further reading on proxy services:
July 18, 2022: A Deep Dive Into the Residential Proxy Service ‘911’
June 28, 2022: The Link Between AWM Proxy & the Glupteba Botnet
June 22, 2022: Meet the Administrators of the RSOCKS Proxy Botnet
Sept. 1, 2021: 15-Year-Old Malware Proxy Network VIP72 Goes Dark
Aug. 19, 2019: The Rise of “Bulletproof” Residential Networks
Our personal and professional lives are becoming increasingly intertwined with the online world. Regular internet usage has made us all prone to cyber-security risks. You leave a digital footprint every time you use the internet, which is a trace of all your online activities.
When you create new accounts or subscribe to different websites, you give them explicit (or implicit, through their family of apps or subsidiary websites) access to your personal and credit card information. In other cases, websites might track basic information without your knowledge, such as your location and search history.
There is an industry of data brokers specifically dedicated to keeping track of user data, packaging it, and supplying it to tech companies who use it to run targeted ads and enhance on-platform user experience. Given the widespread use of the internet and exponential improvements in technology, data has become a valuable commodity — creating a need for the sale and purchase of user data.
This article discusses how data brokers sell your personal information and how you can minimize risk.
Data brokers are companies that aggregate user information from various sources on the internet. They collect, collate, package, and sometimes even analyze this data to create a holistic and coherent version of you online. This data is then supplied to tech companies to fuel their third-party advertising-centered business models.
Companies interested in buying data include but are not limited to:
These companies and social media platforms use your data to better understand target demographics and the content with which they interact. While the practice isn’t unethical in and of itself (personalizing user experiences and creating more convenient UIs are usually cited as the primary reasons for it), it does make your data vulnerable to malicious attacks targeted toward big-tech servers.
Most of your online activities are related. Devices like your phone, laptop, tablets, and even fitness watches are linked to each other. Moreover, you might use one email ID for various accounts and subscriptions. This online interconnectedness makes it easier for data brokers to create a cohesive user profile.
Mobile phone apps are the most common way for data brokerage firms to collect your data. You might have countless apps for various purposes, such as financial transactions, health and fitness, or social media.
A number of these apps usually fall under the umbrella of the same or subsidiary family of apps, all of which work toward collecting and supplying data to big tech platforms. Programs like Google’s AdSense make it easier for developers to monetize their apps in exchange for the user information they collect.
Data brokers also collect data points like your home address, full name, Social Security number, phone number, and date of birth. They have automated scraping tools to quickly collect relevant information from public profiles.[Text Wrapping Break]
Lastly, data brokers can gather data from other third parties that track your cookies or even place trackers or cookies on your browsers. Cookies are small data files that track your online activities when visiting different websites. They track your IP address and browsing history, which third parties can exploit. Cookies are also the reason you see personalized ads and products.
Data brokers collate your private information into one package and sell it to “people search” websites like Spokeo or TruePeopleSearch. You or a tech business can use these websites to search for people and get extensive consumer data. People search sites also contain public records like voter registration information, marriage records, and birth certificates. This data is used for consumer research and large-scale data analysis.
Next, marketing and sales firms are some of data brokers’ biggest clients. These companies purchase massive data sets from data brokers to research your data profile. They have advanced algorithms to segregate users into various consumer groups and target you specifically. Their predictive algorithms can suggest personalized ads and products to generate higher lead generation and conversation percentages for their clients.
We tend to accept the terms and conditions that various apps ask us to accept without thinking twice or reading the fine print. You probably cannot proceed without letting the app track certain data or giving your personal information. To a certain extent, we trade some of our privacy for convenience. This becomes public information, and apps and data brokers collect, track, and use our data however they please while still complying with the law.
There is no comprehensive privacy law in the U.S. on a federal level. This allows data brokers to collect personal information and condense it into marketing insights. While not all methods of gathering private data are legal, it is difficult to track the activities of data brokers online (especially on the dark web). As technology advances, there are also easier ways to harvest and exploit data.
Vermont and California have already enacted laws to regulate the data brokerage industry. In 2018, Vermont passed the country’s first data broker legislation. This requires data brokers to register annually with the Secretary of State and provide information about their data collection activities, opt-out policies, purchaser credentialing practices, and data breaches.
California has passed similar laws to make data brokering a more transparent industry. For risk mitigation of data brokerage, the Federal Trade Commission (FTC) has published reports and provided recommendations to Congress to reduce the engagement of data broker firms. Giving individuals the right to opt-out of the sale of their personal data is a step toward a more rigorous law regarding data privacy.
Some data brokers let you remove your information from their websites. There are also extensive guides available online that list the method by which you can opt-out of some of the biggest data brokering firms. For example, a guide by Griffin Boyce, the systems administrator at Harvard University’s Berkman Klein Center for Internet and Society, provides detailed information on how to opt-out of a long list of data broker companies.
Acxiom, LLC is one of the largest data brokering firms and has collected data for approximately 68% of people who have an online presence. You can opt-out of their data collection either through their website or by calling them directly.
Epsilon Data Management is another big player in the data broker industry that operates as a marketing service and marketing analytics company. You can opt-out of their website through various methods such as by email, phone, and mail. Credit rating agencies like Experian and Equifax are also notorious for collecting your data. Similarly, you can opt-out through their websites or by calling them.
McAfee is a pioneer in providing online and offline data protection to its customers. We offer numerous cybersecurity services for keeping your information private and secure.
With regard to data brokers, we enable users to do a personal data clean-up. Cleaning up your personal data online may be a difficult task, as it requires you to reach out to multiple data brokers and opt out. Instead, sign up for McAfee’s Personal Data Cleanup feature to do a convenient and thorough personal data clean-up. We will search for traces of your personal data and assist in getting it removed.
The post How Data Brokers Sell Your Identity appeared first on McAfee Blog.
Earlier this month, the administrator of the cybercrime forum Breached received a cease-and-desist letter from a cybersecurity firm. The missive alleged that an auction on the site for data stolen from 10 million customers of Mexico’s second-largest bank was fake news and harming the bank’s reputation. The administrator responded to this empty threat by purchasing the stolen banking data and leaking it on the forum for everyone to download.
On August 3, 2022, someone using the alias “Holistic-K1ller” posted on Breached a thread selling data allegedly stolen from Grupo Financiero Banorte, Mexico’s second-biggest financial institution by total loans. Holistic-K1ller said the database included the full names, addresses, phone numbers, Mexican tax IDs (RFC), email addresses and balances on more than 10 million citizens.
There was no reason to believe Holistic-K1ller had fabricated their breach claim. This identity has been highly active on Breached and its predecessor RaidForums for more than two years, mostly selling databases from hacked Mexican entities. Last month, they sold customer information on 36 million customers of the Mexican phone company Telcel; in March, they sold 33,000 images of Mexican IDs — with the front picture and a selfie of each citizen. That same month, they also sold data on 1.4 million customers of Mexican lending platform Yotepresto.
But this history was either overlooked or ignored by Group-IB, the Singapore-based cybersecurity firm apparently hired by Banorte to help respond to the data breach.
“The Group-IB team has discovered a resource containing a fraudulent post offering to buy Grupo Financiero Banorte’s leaked databases,” reads a letter the Breach administrator said they received from Group-IB. “We ask you to remove this post containing Banorte data. Thank you for your cooperation and prompt attention to this urgent matter.”
The administrator of Breached is “Pompompurin,” the same individual who alerted this author in November 2021 to a glaring security hole in a U.S. Justice Department website that was used to spoof security alerts from the FBI. In a post to Breached on Aug. 8, Pompompurin said they bought the Banorte database from Holistic-K1ller’s sales thread because Group-IB was sending emails complaining about it.
“They also attempted to submit DMCA’s against the website,” Pompompurin wrote, referring to legal takedown requests under the Digital Millennium Copyright Act. “Make sure to tell Banorte that now they need to worry about the data being leaked instead of just being sold.”
Group-IB CEO Dmitriy Volkov said the company has seen some success in the past asking hackers to remove or take down certain information, but that making such requests is not a typical response for the security firm.
“It is not a common practice to send takedown notifications to such forums demanding that such content be removed,” Volkov said. “But these abuse letters are legally binding, which helps build a foundation for further steps taken by law enforcement agencies. Actions contrary to international rules in the regulated space of the Internet only lead to more severe crimes, which — as we know from the case of Raidforums — are successfully investigated and stopped by law enforcement.”
Banorte did not respond to requests for comment. But in a brief written statement picked up on Twitter, Banorte said there was no breach involving their infrastructure, and the data being sold is old.
“There has been no violation of our platforms and technological infrastructure,” Banorte said. “The set of information referred to is inaccurate and outdated, and does not put our users and customers at risk.”
That statement may be 100 percent true. Still, it is difficult to think of a better example of how not to do breach response. Banorte shrugging off this incident as a nothingburger is baffling: While it is almost certainly true that the bank balance information in the Banorte leak is now out of date, the rest of the information (tax IDs, phone numbers, email addresses) is harder to change.
“Is there one person from our community that think sending cease and desist letter to a hackers forum operator is a good idea?,” asked Ohad Zaidenberg, founder of CTI League, a volunteer emergency response community that emerged in 2020 to help fight COVID-19 related scams. “Who does it? Instead of helping, they pushed the organization from the hill.”
Kurt Seifried, director of IT for the CloudSecurityAlliance, was similarly perplexed by the response to the Banorte breach.
“If the data wasn’t real….did the bank think a cease and desist would result in the listing being removed?” Seifried wondered on Twitter. “I mean, isn’t selling breach data a worse crime usually than slander or libel? What was their thought process?”
A more typical response when a large bank suspects a breach is to approach the seller privately through an intermediary to ascertain if the information is valid and what it might cost to take it off the market. While it may seem odd to expect cybercriminals to make good on their claims to sell stolen data to only one party, removing sold stolen items from inventory is a fairly basic function of virtually all cybercriminal markets today (apart from perhaps sites that traffic in stolen identity data).
At a minimum, negotiating or simply engaging with a data seller can buy the victim organization additional time and clues with which to investigate the claim and ideally notify affected parties of a breach before the stolen data winds up online.
It is true that a large number of hacked databases put up for sale on the cybercrime underground are sold only after a small subset of in-the-know thieves have harvested all of the low-hanging fruit in the data — e.g., access to cryptocurrency accounts or user credentials that are recycled across multiple websites. And it’s certainly not unheard of for cybercriminals to go back on their word and re-sell or leak information that they have sold previously.
But companies in the throes of responding to a data security incident do themselves and customers no favors when they underestimate their adversaries, or try to intimidate cybercrooks with legal threats. Such responses generally accomplish nothing, except unnecessarily upping the stakes for everyone involved while displaying a dangerous naiveté about how the cybercrime underground works.
Update, Aug. 17, 10:32 a.m.: Thanks to a typo by this author, a request for comment sent to Group-IB was not delivered in advance of this story. The copy above has been updated to include a comment from Group-IB’s CEO.
Chief Information Officers and other technology decision makers continuously seek new and better ways to evaluate and manage their investments in innovation – especially the technologies that may create consequential decisions that impact human rights. As Artificial Intelligence (AI) becomes more prominent in vendor offerings, there is an increasing need to identify, manage, and mitigate the unique risks that AI-based technologies may bring.
Cisco is committed to maintaining a responsible, fair, and reflective approach to the governance, implementation, and use of AI technologies in our solutions. The Cisco Responsible AI initiative maximizes the potential benefits of AI while mitigating bias or inappropriate use of these technologies.
Gartner® Research recently published “Innovation Insight for Bias Detection/Mitigation, Explainable AI and Interpretable AI,” offering guidance on the best ways to incorporate AI-based solutions that facilitates “understanding, trust and performance accountability required by stakeholders.” This newsletter describes Cisco’s approach to Responsible AI governance and features this Gartner report.
At Cisco, we are committed to managing AI development in a way that augments our focus on security, privacy, and human rights. The Cisco Responsible AI initiative and framework governs the application of responsible AI controls in our product development lifecycle, how we manage incidents that arise, engage externally, and its use across Cisco’s solutions, services, and enterprise operations.
Our Responsible AI framework comprises:
We base our Responsible AI initiative on principles consistent with Cisco’s operating practices and directly applicable to the governance of AI innovation. These principles—Transparency, Fairness, Accountability, Privacy, Security, and Reliability—are used to upskill our development teams to map to controls in the Cisco Secure Development Lifecycle and embed Security by Design, Privacy by Design, and Human Rights by Design in our solutions. And our principle-based approach empowers customers to take part in a continuous feedback cycle that informs our development process.
We strive to meet the highest standards of these principles when developing, deploying, and operating AI-based solutions to respect human rights, encourage innovation, and serve Cisco’s purpose to power an inclusive future for all.
Check out Gartner recommendations for integrating AI into an organization’s data systems in this Newsletter and learn more about Cisco’s approach to Responsible Innovation by reading our introduction “Transparency Is Key: Introducing Cisco Responsible AI.”
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
In this career-journey series, Internal Audit Manager Chris shares his recent journey joining the McAfee finance team and why he is always learning something new in his role.
I’m an Internal Audit Manager. Essentially, I work with my McAfee colleagues to understand the processes we follow and run tests to confirm everything is happening as it should.
Sometimes people find audits intimidating, but I do my best to reassure people that there are no hidden tricks and I respect their time. We’re just making sure things are going according to plan and we’re fulfilling our responsibilities.
In a typical day, I have three priorities: Dad, Work, Gym.
I’m normally up at 6 a.m. to cook breakfast for my son and myself, and then drop him off at school. His favorite is bacon and eggs! Since I work with people around the world, I catch up on emails and then review the day’s work and catch up with my team. From there, most of my day is spent in meetings with McAfee colleagues or external auditors.
Somewhere in the day I get in a one-hour workout. It’s tough to do sometimes, but I’d say I get to the gym 90% of the time. It’s a great reset for me: a time where I can focus on me and putting my body to the test.
And, of course, I pick up my son from school and have Dad Time! That’s really my day in repeat. It seems like the same thing but feels different every day. I’m always meeting new people and puzzling through different problems. Every day is a fresh challenge.
After interviewing with my future co-workers, I was excited to join the company. I thought, “Oh, this company is fun!” The culture seemed to be a place where not only do you get to come for work, but also have sense of community within it.
Also, it was a chance to work for a great boss. I knew she was a great boss because I worked for her before. She gives you the vision, then gives you the freedom to explore and get the work done. You really get to own your work. I appreciate that.
At McAfee, employees are a top priority. You’re not just a robot who has to work-work-work. It’s okay to have fun and take 10 minutes out to see how others are doing.
I like the way the company comes together to have contests and other fun activities. In Finance, we recently had a scavenger hunt with 70 people. It was great seeing the faces of people you’ve only talked to on the phone.
Another way we engage each other is with a recognition program called Bravo! You can write a letter to someone saying hey, I appreciate you. That makes you feel more valued as an employee.
I also like the quarterly updates we get from leaders. At other companies, I’ve seen that done once a year. It’s nice to hear from the CEO every quarter about what’s going on in the organization.
There are two parts that make my role so rewarding. The first is I enjoy interacting with people and have a passion for learning. In this job, you hear so many cool stories, and I’m exposed to so many different areas and processes in across the business. There’s always something new to learn. It makes every day different.
Secondly, at McAfee I’m part of the McAfee African Heritage Community (MAHC). We get together and talk about things we want to share with other Community members and the rest of McAfee. I’ve met people I never would run into otherwise. That’s important to me as someone who’s fairly new to McAfee plus having worked remote all this time. It’s very cool to be part of a company that supports having communities.
Honestly, my job is always outside my comfort zone. There’s always a new problem to be solved. But I like that. The way I see it, if you’re comfortable, you aren’t growing. You need to do something you haven’t done before to move to the next level.
As an auditor, I’m always helping others understand the audit process and how to provide solid information, so the audit goes well.
One of the most helpful skills I have developed during my career is communication. I need to establish a rapport quickly in my work so we can work well together. Everybody is different, right? Some are more direct, some are more indirect, and some people are more casual than others. You always need to adjust when you meet people. Good communication skills help prevent misunderstandings, which is especially important in a global company like McAfee with so many different cultures.
Embrace change! Change is just another way to grow, learn, and realize potential you didn’t know you had. Look at it as an opportunity. Raise your hand up when problems arise and take on that tough problem. The person who fixes the problem is the person everyone remembers.
The post Embrace change! Chris’s McAfee Journey appeared first on McAfee Blog.
“Congratulations, you’re a winner!”
“Did you know this public figure is trying to make your life worse? Click here for what they don’t want you to know.”
“Save thousands today with just one click!”
Spam and bot accounts on social media are everywhere. You’ve likely encountered messages like these that attempt to get you to click on links or to stir your emotions in a frenzy. While bot accounts are usually more of an annoyance than anything, when they’re allowed to run rampant, they can quickly become dangerous to your personally identifiable information (PII) and create an emotionally charged mob mentality.
Here’s what you should know about bot accounts, including how to steer clear of menacing ones, plus a reminder to watch what you share on (and with) social media sites.
Bot accounts are software-automated accounts that try to blend in and act like a real user. They post updates and follow other users, though there isn’t a real person behind the account. A spam account is a type of bot account that attempts to gain financially from its automated posts. Everyday people should be wary of social media bot accounts because they can be used to disseminate false information or phishing scams.
One whistleblower of a social media giant recently divulged that the platform isn’t prioritizing deactivating bot accounts.1 This apathy sparks concerns about the company’s commitment to the security of its users. In the whistleblower’s same report, he stated that the social media site isn’t taking the necessary steps to protect itself from potential inside threats and it had fallen victim to at least 20 breaches in 2020 without reporting the incidents to the proper authorities.
Some bot accounts aren’t malicious (merely an annoying tactic by companies to spread the word about their business), but it’s best to give all of them a wide berth and never click on any links in their posts. Those links could direct to unsecured outside sites laden with malware or drop you in the middle of a phishing scheme.
You can often spot a malicious bot account by the tone of its messages. They’ll often try to inspire intense emotions, such as excitement, sadness, or rage, and attempt to get users to act or share the post. Do not engage with them, not even to argue their points. When you engage or share these posts with your network, it spreads false information and could dangerously manipulate public opinion.2
Here are a few ways you can take your cybersecurity into your own hands when you can’t be sure that social media sites are looking out for the safety of users’ information:
You can’t trust every company to look out for the safety of your personal information, but one organization you can trust is McAfee. McAfee Total Protection is a comprehensive identity and privacy protection solution for your digital life. Great social media habits go a long way toward keeping you safe online, and you can rest assured knowing that McAfee can fill in the gaps. McAfee Total Protection offers antivirus, identity monitoring, and security freeze in the case your information is leaked in a breach or a bot account gets ahold of key details.
Keep on sharing your life’s milestones with your closest friends and family online. The next time you update your status, flag any suspicious accounts you come across, so everyone can enjoy social media confidently!
1NBC News, “Twitter whistleblower alleges major security issues”
2Journal of Information Technology & Politics, “Harass, mislead & polarize: An analysis of Twitter political bots’ tactics in targeting the immigration debate before the 2018 U.S. midterm election”
The post Here’s How to Steer Clear of Bot Accounts on Social Media appeared first on McAfee Blog.
*TW: Mentions Suicide
Our passion for protecting people doesn’t stop with online safety. We deeply care for our people, their families and friends, and our communities.
To recognize World Suicide Prevention on Sept. 10 and help normalize and encourage conversations about mental health year-round, we recently hosted a discussion with McAfee colleagues and suicide prevention activist and owner of The Jordan Legacy, Steve Phillip. During this session Steve discussed his own personal lived experience of suicide and what he’s learned since establishing The Jordan Legacy when it comes to creating an open and safe environment for all.
“I established The Jordan Legacy in 2020, following the suicide of my 34-year-old son, Jordan, in December 2019. It’s a registered not-for-profit Community Interest Company (CIC), whose mission is to raise awareness about suicide, open the conversation, help remove the stigma surrounding this topic and importantly, engage with communities and workplaces to discuss and identify practical solutions which will help prevent suicide.”
“#WSPD is important in highlighting the biggest killer of men and women under the age of 35. According to the W.H.O, we lose 700,000 people globally to suicide every year – that’s one person every 45 seconds. On average, each suicide will impact 135 other people. This means that more than 95 million people are impacted by suicide annually! And while #WSPD is an important day to highlight, it’s fundamental that we recognize that suicide awareness needs to happen 365 days a year.”
“There are several reasons why stigmas surrounding mental health and suicide exist. Generally, it’s due to a lack of understanding and people making assumptions – such as those with a mental health illness could be dangerous, unreliable or unemployable. Cultural backgrounds also play a part in creating stigma – certain cultures see mental illness and suicide as a taboo subject. The language used around mental health and suicide can also create stigma. In the UK, the act of attempting suicide was decriminalized in 1961 and yet the term ‘committed suicide’ is still frequently used, in the same way as commit murder or commit assault.”
“It’s important to ask people how they are with a genuine intent to listen to and understand their reply. Most people who are struggling with their mental health don’t necessarily want you to fix them, but they do want to feel that they’re being listened to. Ask open-ended questions, such as ‘tell me how are you really feeling?’, ‘explain to me how this is impacting on you?’, ‘describe to me, how this is making you feel?”
“We need to become a kinder and more compassionate society by recognizing that everyone can, at some point in their lives, struggle with poor mental health. Understanding this, would hopefully cause people to be less frustrated with others who don’t behave as they expect they might. We also need to check-in with family members, friends and colleagues more frequently and ask them ‘how are you really doing?”
“I am one of those individuals who probably works too hard and for too long! However, road cycling is a big escape for me and getting out in the fresh air in the countryside is a huge help. As is my part-time hobby of playing the drums – you can lose a lot of pent-up stress whilst playing along to Nirvana!! It’s so important that you make sure to look after yourself. So, my advice is to find out what works for you – whether that’s going for a walk, talking to a friend, speaking to a counsellor, joining a local group or seeing what resources are available to you through your company’s EAP. And remember most importantly to be kind to yourself.”
If you or someone you know is struggling, please call or text 988 to get support. And remember, you are not alone.
Together we can prevent suicide
The post #WSPD Creating hope through action with The Jordan Legacy appeared first on McAfee Blog.
Vernon has been our Manager of Technical Accounting for more than two years, but that doesn’t mean he’s busy with spreadsheets and numbers all day.
It’s been an amazing ride so far. My team touches on several areas of responsibility, including financial period closing, financial reporting, and accounting for complex transactions.
The most rewarding part of my role is definitely the variety and complexity – they really go hand-in-hand and I enjoy asking questions and figuring out the solutions, even when there is not always a textbook answer. I enjoy the challenge of working collectively with a team to find solutions by applying research and experience to a set of facts.
It’s also rewarding to be able to collaborate with auditors and other stakeholders who would be interested in the results.
My favorite thing about working at McAfee is the team. We have an amazing team. It’s full of really smart people. I’ve seen some companies try and find the best talent they can, but McAfee has just taken that to a whole different level. Everyone in their respective areas is really tuned in to the broader effort and we work well together. At McAfee, we enjoy both a high level of talent and collaborative effort. You don’t often find both in the same place.
I really believe that each person brings certain strengths to the table, and they should be able to exercise those strengths to develop and expand their capabilities. Once those natural roles are established, it’s best to trust them to determine how best to perform in their roles and collaborate with the team in achieving results that add value to the broader group.
First, expect the unexpected – consider each new experience an opportunity for personal growth.
Secondly, get involved in projects. If you have the opportunity to do something different or work with a cross-functional team, do it. It builds your own skill base, which opens the door for greater future opportunities and you get to meet people outside of your own department and develop relationships that may prove valuable over time.
The post For some, accounting is more than just spreadsheets! Vernon’s McAfee Journey appeared first on McAfee Blog.
FreshRSS 