Login
Tax season has always been a pretty nerve-wracking time for hard-working Americans. But over the years, technology advances have arrived to gradually make the process a bit easier. The bad news is that they can also introduce new cyber risks and even more stress.
There are two things that cybercriminals are always on the hunt for: people’s identity data from their accounts, and their money. And during the tax-filing season both can be unwittingly exposed. Over the years, cybercriminals have adapted multiple tools and techniques to part taxpayers with their personal information and funds.
Let’s take look at some of the main threats out there and what you can do to stay safe.
What do they want?
Cybercrime is a highly efficient money-making business. Some reports suggest this underground economy generates as much as $1.5 trillion each year. (See Into the Web of Profit, April 2018, McGuire, Bromium.) And tax-related scams are an increasingly popular way for the bad guys to drive-up profits. The Internal Revenue Service (IRS) claims that “thousands of people have lost millions of dollars and their personal information” to such attacks.
The bottom line is that they’re after one of two things: to trick you into wiring funds to them, and/or to get hold of your personally identifiable information (PII), including bank account and Social Security Numbers (SSNs). This personal data can subsequently be used to defraud you or the IRS, or may be deployed in follow-on identity fraud schemes to capture illicit funds from you.
There are various ways cyber-criminals can achieve these goals. The most common is by using social engineering tactics to trick taxpayers into sending money or personal information. But they might also use malware, either delivered to you personally or targeted at your tax preparer. This means you not only have to look after your own cybersecurity but also demand that the third-party businesses you work with store and transmit your sensitive information securely.
Look out for these scams
Here’s a round-up of the most popular tactics used by tax scammers today:
Impersonation: The fraudster gets in touch pretending to be an IRS representative. This could be via email, phone, social media or even SMS. They usually claim you owe the IRS money in unpaid taxes or fines and demand a wire transfer, or funds from a prepaid debit card. Sometimes they may ask for personal and financial details—for example, by claiming you’re entitled to a large tax refund and they just need you to supply your bank account info.
These interactions are usually pushy. The scammer knows the best way of making you pay up is by creating a sense of urgency and, sometimes, shaming the individual into believing they’ve been withholding tax payments. Phishing emails may look highly convincing, right down to the logo and sender domain, while phone callers will use fake names and badge numbers. Sometimes the scammers use personal data they may have stolen previously or bought on the Dark Web to make their communications seem more convincing.
In some impersonation scams, the fraudsters may even pretend to work for charities and ask for personal details to help disaster victims with tax refund claims.
Spoofing, phishing, and malware: In some cases, a text, email or social media message spoofed to appear as if sent from the IRS or your tax preparer actually contains malware. The scammers use the same tactics as above but trick the recipient into clicking on a malicious link or opening an attachment laden with malware. The covert download that follows could result in: theft of your personal information; your computer being completely hijacked by hackers via remote control software; or a ransomware download that locks your computer until you pay a fee.
Fake tax returns: Another trick the scammers employ is to use stolen SSNs and other personal information to file tax returns on your behalf. They can then try to claim a large payment in tax refunds from the IRS. The PII they use to file in your name may have been taken from a third-party source without your knowledge, and the first you might hear of it is when you go to file a legitimate tax return. It can take months to resolve the problem.
Attacks targeting tax preparers: Over half of Americans use third-party tax preparation companies to help them with their returns. However, this offers another opportunity for scammers to get hold of your sensitive information. In one recently discovered campaign, malware deployed on tax preparers’ websites was designed to download to the visitor’s computer as soon as they loaded the page. The IRS warns that businesses large and small are potentially at risk, as scammers are keen to get hold of tax information which enables them to file highly convincing fake returns in your name.
What to do
The good news is that by taking a few simple steps you can insulate yourself from the worst of these scams. Remember: the IRS does not contact taxpayers by email, text messages or social media to request personal/financial information— so if you receive communications that do, they are definitely a scam. It’s also important to remember that scams happen all year round, not just in the run-up to the tax filing deadline. That means, unfortunately, that you need to be on your guard all the time.
Here are a few other recommendations:
|
|
It also pays to demand that your tax preparer take their own precautions to keep your data secure. They should not be sending sensitive data or documents unencrypted in emails and must take steps on their own to combat phishing emails that target employees, since these can cascade to you during your tax preparation process. Whether hosted in the cloud or running on-premises, the servers that hold your data should also have adequate protection—and you have a right (and a duty to yourself) to ask ahead of time what they’re doing to protect it.
According to the IRS tax preparers should put the following internal controls in place:
|
|
How Trend Micro can help
Trend Micro offers a range of security tools to help taxpayers keep their personal and financial information safe from fraudsters.
Our flagship consumer solution Trend Micro Security (TMS) provides the following protections:
|
|
To find out more, go to our Trend Micro Security website.
The post Tax Scams – Everything you need to know to keep your money and data safe appeared first on .
Few national emergencies have the ability to strike panic into the populace quite like a virus pandemic. It’s fortunately something most of us have never had to experience, until now. At the time of writing, the number of global confirmed cases of Coronavirus infection, or COVID-19, has reached nearly 174,000 worldwide. Although the official US total currently remains a fraction of that (around 4,000), problems with testing mean many cases are likely to be going unreported here.
This is a difficult time for many Americans, as it is for citizens all over the world. But unfortunately it’s extraordinary global events like this that cyber-criminals look for in order to make their schemes more successful. True to form, they’re using mass awareness of the outbreak and a popular desire for more information on the virus, to trick users into giving away personal information and log-ins, or to unwittingly install malware on their devices.
As organizations enforce remote working to reduce the impact of the virus, many of you will be logging-on from home or your mobile computing devices, which may have fewer built-in protections from such threats. This makes it more important than ever to know how the bad guys are trying to cash in on COVID-19 and what you can do to stay safe.
Here’s a quick guide to the key online threats and security tips:
Phishing for trouble
Decades before COVID-19 burst onto the scene, a different kind of pandemic was spreading across the globe. Phishing messages have been one of the most popular tools in the hackers’ arsenal for years. In fact, Trend Micro blocked nearly 48 billion email-borne threats in 2019, 91% of the total we detected. Phishing is designed to trick the user into handing over their log-ins or personal and financial details, or persuading them to unwittingly download malware. Cyber-criminals typically achieve this by spoofing an email to make it appear as if sent from a legitimate and trustworthy source.
Once a user has been hooked, they are enticed into clicking on a malicious link or opening a malware-laden attachment. This could be anything from a banking trojan designed to steal online banking log-ins, to a piece of ransomware which will lock the user out of their PC until they pay a fee. It could even be cryptojacking malware which sits on the infected machine, quietly mining for Bitcoin while running up large energy bills and slowing down your PC.
The bad news is that phishing messages — whether sent by email, social media, text or messaging app — are getting harder to spot. Many now feature perfect English, and official logos and sender domains. They also often use current newsworthy events to trick the user into clicking. And they don’t get more high-profile than the COVID-19 pandemic.
Depending on how well protected your computing devices are, you may be more likely to receive one of these scam messages than be exposed to the virus itself. So, it pays to know what’s out there.
Watch out for these scams
The phishing landscape is evolving all the time. But here is a selection of some of the most common scams doing the rounds at the moment:
‘Official’ updates
Many of these emails purport to come from official organizations such as the US Center for Disease Control and Prevention (CDC), or the World Health Organization (WHO). They claim to contain key updates on the spread of the virus and must-read recommendations on how to avoid infection. Booby-trapped links and attachments carry malware and/or could redirect users to phishing sites.
Coronavirus map
Sometimes legitimate tools can be hijacked to spread malware. Researchers have spotted a version of the interactive Coronavirus dashboard created by Johns Hopkins University which was altered to contain information-stealing malware known as AZORult. If emails arrive with links to such sites, users should exercise extreme caution.
Corporate updates
Many big brands are proactively contacting their customer base to reassure them of the steps they are taking to keep staff and customers safe from the virus. But here too, the hackers are jumping in with spoof messages of their own purporting to come from the companies you may do business with. FedEx is one such global brand that has been spoofed in this way.
Donations
Another trick is to send phishing emails calling for donations to help fund research into the virus. One, claiming to come from the “Department of Health” has a subject line, “URGENT: Coronavirus, Can we count on your support today?” A key tactic in phishing emails is to create a sense of urgency like this to rush the reader into making hasty decisions.
Click here for a cure
One scam email claims to come from a medical professional and contains details about a vaccine for COVID-19 which has been “hushed up” by global governments. Of course, clicking through to find the non-existent ‘cure’ will bring the recipient nothing but trouble.
Tax refunds
In the UK, users have received emails spoofed to appear as if sent from the government, and promising a tax refund to help citizens cope with the financial shock of the pandemic. As governments in the US and elsewhere start to take more interventionist measures to prop up their economies, we can expect more of these types of phishing email.
How to stay safe
The good news is that there’s plenty you can do to protect you and your family from phishing emails like these. A blend of the following technical and human fixes will go a long way to minimizing the threat:
|
|
How Trend Micro can help
Fortunately, Trend Micro Security can also help. Among its anti-phishing features are the following:
Antispam for Outlook: includes checks on email sender reputation, employs web threat protection to block malicious URLs in messages, and scans for threats in files attached to email messages.
Fraud Buster: uses leading-edge AI technology to detect fake emails in Gmail and Outlook webmail that don’t contain malicious URLs or attachments, but still pose a risk to the user.
To find out more about how Trend Micro can help keep your family safe from online threats and phishing, go to our Trend Micro Security homepage, or watch our video series: How to Prevent Phishing, Part 1 and Part 2.
The post How to Stay Safe as Online Coronavirus Scams Spread appeared first on .
We’re all getting a little more worldly wise to the dangers that lurk around every corner of our digital lives. We know that the flipside of being able to shop, chat, bank and share online at the push of a button is the risk of data theft, ransomware and identity fraud. That’s why we protect our families’ PCs and mobile devices with security solutions from proven providers like Trend Micro, and take extra care each time we fire up the internet.
But what about the firms that we entrust to handle our data securely?
Unfortunately, many of these organizations still aren’t doing enough to protect our personal and financial information. It could be data we enter online to pay for an item or open an account. Or it could be payment card details that we’ve used at a local outlet which are subsequently stored online. These companies are big targets for the bad guys, who only have to get lucky once to crack open an Aladdin’s Cave of lucrative customer data.
What does this mean? That data breaches are the new normal. Last year in the US there were a reported 1,473 of these incidents, exposing nearly 165 million customer records. The latest affected customers of convenience store and gas station chain Wawa — and it could be one of the biggest ever, affecting 30 million cards.
Let’s take a look at what happened, and what consumers can do to steal a march on the bad guys.
What happened this time?
Wawa first notified its customers of a payment card breach in December 2019. But although the firm discovered malware on its payment processing servers that month, it had actually been sitting there since March, potentially siphoning card data silently from every single Wawa location. That’s more than 850 stores, across Pennsylvania, New Jersey, Delaware, Maryland, Virginia, Florida, and Washington DC.
The company itself has so far declined to put a number on how many customers have been affected. However, while cardholders were still wondering whether they’ve been impacted or not, something else happened. At the end of January, a hacker began to upload the stolen cards to a notorious dark web marketplace, known as Joker’s Stash.
They are claiming to have 30 million stolen cards in total, which if accurate could make this one of the biggest card breaches of its kind, placing it alongside other incidents at Home Depot (2014) and Target (2013).
How does it affect me?
Once the data goes on sale on a dark web market like this, it is usually bought by scammers, who use it in follow-on identity fraud attacks. In this case, the stolen data includes debit and credit card numbers, expiration dates and cardholder names, but not PINs or CVV records. That means they can’t be used at ATMs and fraudsters will find it hard to use the cards online, as most merchants require the CVV number.
However, if the cards are of the old magstripe type, they could be cloned for use in face-to-face transactions.
Although Wawa said it has informed the relevant card issuers and brands, the cardholders themselves must monitor their cards for unusual transactions and then report to their issuer “in a timely manner” if they want to be reimbursed for any fraudulent usage. This can be a distressing, time-consuming process.
What should I do next?
This is by no means the first and it won’t be the last breach of this kind. In the past, data stolen from customers of Hilton Hotels, supermarket chain Hy-Vee, retailer Bebe Stores, and restaurant chains including Krystal, Moe’s and Schlotzsky’s has turned up for sale on Joker’s Stash. It can be dispiriting for consumers to see their personal data time and again compromised in this way by cyber-criminals.
Too often in the aftermath of such incidents, the customers themselves are left in the dark. There is no information on whether they’ve definitively had their personal or card data stolen, just an ominous sense that something bad may be about to happen. If the company itself doesn’t even know how many cards have been affected, how can you act decisively?
Credit monitoring is often provided by breached firms, but this is a less-than-perfect solution. For one thing, such services only alert the user if a new line of credit is being opened in their name — not if a stolen card is being used. And second, they only raise the alarm after the incident, by which time the fraudsters may already have made a serious dent in your finances.
Monitoring your bank account for fraudulent transactions is arguably more useful in cases like the Wawa breach, but it’s still too reactive. Here’s a handy 2-step plan which could provide better results:
Step 1: Dark web monitoring works
To get more proactive, consumers need Dark Web monitoring. These tools typically scour dark web sites like Joker’s Stash to look for your personal information. The beauty of this approach is that it can raise the alarm after a breach has occurred, when the data is posted to the Dark Web, but before a fraudster has had time to monetize your stolen details. With this information, you can proactively request that your lender block a particular card and issue a new one.
This approach works for all personal data you may want to keep protected, including email addresses, driver’s license, passport numbers and passwords.
Step 2: Password protection
Once you’ve determined that your data has been part of a breach and is being sold on the dark web, one of the most important things you can do is to change your passwords to any stolen accounts, in order to minimize the potential damage that fraudsters can do.
This is where password manager tools can come in very handy. They allow users to store and recall long, strong and unique credentials for each of the websites and apps they use. This means that if one password is compromised, as in a breach scenario, your other accounts will remain secure. It also makes passwords harder for hackers to guess, which they may try to do with automated tools if they already have your email address.
Following a breach, it also makes sense to look out for follow-on phishing attacks which may try to trick you into handing over more information to the fraudsters. Here are a few tips:
|
|
How Trend Micro can help
Fortunately, Trend Micro has several products that can help you, as a potential or actual victim of a data breach, to proactively mitigate the fallout from a serious security incident, or to foil the fraudsters:
Trend Micro ID Security: checks if your personal information has been uploaded to Dark Web sites by hackers. This highly secure service, available in apps for Android and iOS mobile devices, uses data hashing and an encrypted connected to keep your details safe, alerting when it has found a match on the Dark Web so you can take action. Use it to protect your emails, credit card numbers, passwords, bank accounts, passport details and more.
Trend Micro Password Manager: provides a secure place to store, manage and update your passwords. It remembers your log-ins, so you can create secure and unique credentials for each website/app you need to sign-in to. This means if one site is breached, hackers will not be able to use that password to open your other accounts. Password Manager is available for Windows, Mac, iOS, and Android, synchronizing your passwords across all four platforms.
Trend Micro Fraud Buster: is a free online service you can use to check suspicious emails It uses advanced machine learning technology to identify scam emails that don’t contain malicious URLs or attachments but still pose a risk to the user, because the email (which may be extortionist) reflects the fact that the fraudster probably got your email address from the Dark Web in the first place. Users can then decide to report the scam, get more details, or proceed as before.
Fraud Buster is also now integrated into Trend Micro Security for Windows, protecting Gmail and Outlook webmail in Internet Explorer, Chrome, and Firefox. It’s also integrated in Trend Micro Antivirus for Mac, where it does the same for Gmail webmail in Safari, Chrome and Firefox on the Mac.
In the end, only you can guard your identity credentials with vigilance.
The post The Wawa Breach: 30 Million Reasons to Try Dark Web Monitoring appeared first on .
We continue our four-part series on protecting your home and family. See the links to the previous parts at the end of this blog.
We’re now done with familiarizing ourselves with the features of Trend Micro Home Network Security (HNS) It’s now time for you to get a bit more adept at regular monitoring and maintenance, to ensure you’re getting the best protection HNS can provide your connected home.
Once you’re tracking the various internet-capable devices in your home within HNS, as with any security-related device it’s essential to monitor the activities captured by it. In the same way that we need to periodically review the videos taken by our security cameras, to check for any unusual events in or around the home that need our attention; so too, do you need to keep abreast of the goings on in your home network, particularly those of an unusual or suspect nature, as revealed by HNS. This can easily be done in two ways: via Voice Control and Reports.
Voice Control. When you want just a quick overview of the status of your network, you can use HNS’s Voice Control. Voice Control is available as a skill for both Amazon Alexa and Google Home.
Once the skill has been enabled, you can ask Alexa or Google Assistant to control your Home Network Security (HNS) using the following voice commands:
|
|
Reports. On the other hand, if you have more time to spare, you can peruse the Reports for your devices, user profiles, and network usage.
|
|
Now that you’re more acquainted with your home network through HNS, it’s vital that you know what to do when, for instance, you received a Smart Alert notification indicating an unusually high network activity detected on one of your connected devices.
A Range of Network Events. In brief, you’ll need to review the recent activities and perform the required actions to eliminate risks such as the following:
|
|
For more specific information regarding these types of incidents, you may refer to this Technical Support article.
The Home Network Security Station takes care of your home and your family’s security and safety. In return, you should know how to check if it’s in good working condition.
Physical Status. Check whether the physical components (LED, Reset button, Power, and Ethernet ports) of your Station are intact.
Power. Ensure that the Station is powered on. To check if the Station has power supply, just follow these simple steps:
|
|
Offline Notifications. When the HNS Station is offline the user will receive a notification about it. In addition, the HNS app will indicate the Station is offline. This situation can be attributed to loss of either the internet or LAN connections.
Internet Connection. Make sure you have stable internet connection. Checking your internet connection is easy:
|
|
If you are able to connect to the internet, just reconnect your Home Network Security Station to the router.
LAN Connection. Check the connection between the router and the HNS Station.
|
|
Updates. Make sure that you update the HNS App if you receive a notification that indicates, “Update Needed. Please click the button below to get the latest version.” This will guarantee that your HNS is up-to-date with app improvements.
Getting Help. Always remember, if you encounter any questions, issues or concerns that you’re unable to resolve, Help is just a click away.
Home networks are everywhere these days. However, the user knowledge required to secure and maintain our home networks spans from tech newbies to gurus and often seems to be a rather complicated or even confusing task.
To help you maintain and monitor your home network, Trend Micro offers a simple plug-and-protect home network device to protect your smart home and connected devices from being hacked, while keeping the internet safe for your kids on any device. But plug-and-protect doesn’t mean plug-and-forget. As with any security device, ongoing monitoring and maintenance is needed to provide the best protection your home network and family members need and deserve.
For more information, go to Trend Micro Home Network Security.
To read the rest of our series on HNS, go to
You’re in Safe Hands with Trend Micro Home Network Security – Part 1: Setup and Configuration
Trend Micro Home Network Security Has Got You Covered – Part 2: Parental Controls
In Safe Hands with Trend Micro Home Network Security – Part 3: Testing Its Functions
The post Monitoring and Maintaining Trend Micro Home Network Security – Part 4: Best Practices appeared first on .
Full disclosure: I am a security product testing nerd*.
I’ve been following the MITRE ATT&CK Framework for a while, and this week the results were released of the most recent evaluation using APT29 otherwise known as COZY BEAR.
First, here’s a snapshot of the Trend eval results as I understand them (rounded down):
91.79% on overall detection. That’s in the top 2 of 21.
91.04% without config changes. The test allows for config changes after the start – that wasn’t required to achieve the high overall results.
107 Telemetry. That’s very high. Capturing events is good. Not capturing them is not-good.
28 Alerts. That’s in the middle, where it should be. Not too noisy, not too quiet. Telemetry I feel is critical whereas alerting is configurable, but only on detections and telemetry.
So our Apex One product ran into a mean and ruthless bear and came away healthy. But that summary is a simplification and doesn’t capture all the nuance to the testing. Below are my takeaways for you of what the MITRE ATT&CK Framework is, and how to go about interpreting the results.
Takeaway #1 – ATT&CK is Scenario Based
The MITRE ATT&CK Framework is intriguing to me as it mixes real world attack methods by specific adversaries with a model for detection for use by SOCs and product makers. The ATT&CK Framework Evaluations do this but in a lab environment to assess how security products would likely handle an attack by that adversary and their usual methods. There had always been a clear divide between pen testing and lab testing and ATT&CK was kind of mixing both. COZY BEAR is super interesting because those attacks were widely known for being quite sophisticated and being state-sponsored, and targeted the White House and US Democratic Party. COZY BEAR and its family of derivatives use backdoors, droppers, obfuscation, and careful exfiltration.
Takeaway #2 – Look At All The Threat Group Evals For The Best Picture
I see the tradeoffs as ATT&CK evals are only looking at that one scenario, but that scenario is very reality based and with enough evals across enough scenarios a narrative is there to better understand a product. Trend did great on the most recently released APT/29/COZY BEAR evaluation, but my point is that a product is only as good as all the evaluations. I always advised Magic Quadrant or NSS Value Map readers to look at older versions in order to paint a picture over time of what trajectory a product had.
Takeaway #3 – It’s Detection Focused (Only)
The APT29 test like most Att&ck evals is testing detection, not prevention nor other parts of products (e.g. support). The downside is that a product’s ability to block the attacks isn’t evaluated, at least not yet. In fact blocking functions have to be disabled for parts of the test to be done. I get that – you can’t test the upstairs alarm with the attack dog roaming the downstairs. Starting with poor detection never ends well, so the test methodology seems to be focused on ”if you can detect it you can block it”. Some pen tests are criticized that a specific scenario isn’t realistic because A would stop it before B could ever occur. IPS signature writers everywhere should nod in agreement on that one. I support MITRE on how they constructed the methodology because there has to be limitations and scope on every lab test, but readers too need to understand those limitations and scopes. I believe that the next round of tests will include protection (blocking) as well, so that is cool.
Takeaway #4 – Choose Your Own Weather Forecast
Att&ck is no magazine style review. There is no final grade or comparison of products. To fully embrace Att&ck imagine being provided dozens of very sound yet complex meteorological measurements and being left to decide on what the weather will be. Or have vendors carpet bomb you with press releases of their interpretations. I’ve been deep into the numbers of the latest eval scores and when looking at some of the blogs and press releases out there they almost had me convinced they did well even when I read the data at hand showing they didn’t. I guess a less jaded view is that the results can be interpreted in many ways, some of them quite creative. It brings to mind the great quote from the Lockpicking Lawyer review “the threat model does not include an attacker with a screwdriver”.
Josh Zelonis at Forrester provides a great example of the level of work required to parse the test outcomes, and he provides extended analysis on Github here that is easier on the eyes than the above. Even that great work product requires the context of what the categories mean. I understand that MITRE is taking the stance of “we do the tests, you interpret the data” in order to pick fewer fights and accommodate different use cases and SOC workflows, but that is a lot to put on buyers. I repeat: there’s a lot of nuance in the terms and test report categories.
If, in the absence of Josh’s work, if I have to pick one metric Detection Rate is likely the best one. Note that Detection rate isn’t 100% for any product in the APT29 test, because of the meaning of that metric. The best secondary metrics I like are Techniques and Telemetry. Tactics sounds like a good thing, but in the framework it is lesser than Techniques, as Tactics are generalized bad things (“Something moving outside!”) and Techniques are more specific detections (“Healthy adult male Lion seen outside door”), so a higher score in Techniques combined with a low score in Tactics is a good thing. Telemetry scoring is, to me, best right in the middle. Not too many alerts (noisy/fatiguing) and not too few (“about that lion I saw 5 minutes ago”).
Here’s an example of the interpretations that are valuable to me. Looking at the Trend Micro eval source page here I get info on detections in the steps, or how many of the 134 total steps in the test were detected. I’ll start by excluding any human involvement and exclude the MSSP detections and look at unassisted only. But the numbers are spread across all 20 test steps, so I’ll use Josh’s spreadsheet shows 115 of 134 steps visible, or 85.82%. I do some averaging on the visibility scores across all the products evaluated and that is 66.63%, which is almost 30% less. Besides the lesson that the data needs gathering and interpretation, it highlights that no product spotted 100% across all steps and the spread was wide. I’ll now look at the impact of human involvement add in the MSSP detections and the Trend number goes to 91%. Much clinking of glasses heard from the endpoint dev team. But if I’m not using an MSSP service that… you see my point about context/use-case/workflow. There’s effectively some double counting (i.e. a penalty, so that when removing MSSP it inordinately drops the detection ) of the MSSP factor when removing it in the analyses, but I’ll leave that to a future post. There’s no shortage of fodder for security testing nerds.
Takeaway #5 – Data Is Always Good
Security test nerdery aside, this eval is a great thing and the data from it is very valuable. Having this kind of evaluation makes security products and the uses we put them to better. So dig into ATT&CK and read it considering not just product evaluations but how your organization’s framework for detecting and processing attacks maps to the various threat campaigns. We’ll no doubt have more posts on APT29 and upcoming evals.
*I was a Common Criteria tester in a place that also ran a FIPS 140-2 lab. Did you know that at Level 4 of FIPS a freezer is used as an exploit attempt? I even dipped my toe into the arcane area of Formal Methods using the GYPSY methodology and ran from it screaming “X just equals X! We don’t need to prove that!”. The deepest testing rathole I can recall was doing a portability test of the Orange Book B1 rating for MVS RACF when using logical partitions. I’m never getting those months of my life back. I’ve been pretty active in interacting with most security testing labs like NSS and ICSA and their schemes (that’s not a pejorative, but testing nerds like to use British usages to sound more learned) for decades because I thought it was important to understand the scope and limits of testing before accepting it in any product buying decisions. If you want to make Common Criteria nerds laugh point out something bad that has happened and just say “that’s not bad, it was just mistakenly put in scope”, and that will then upset the FIPS testers because a crypto boundary is a very real thing and not something real testers joke about. And yes, Common Criteria is the MySpace of tests.
The post Getting ATT&CKed By A Cozy Bear And Being Really Happy About It: What MITRE Evaluations Are, and How To Read Them appeared first on .
The introduction of the MITRE ATT&CK evaluations is a welcomed addition to the third-party testing arena. The ATT&CK framework, and the evaluations in particular, have gone such a long way in helping advance the security industry as a whole, and the individual security products serving the market.
The insight garnered from these evaluations is incredibly useful. But let’s admit, for everyone except those steeped in the analysis, it can be hard to understand. The information is valuable, but dense. There are multiple ways to look at the data and even more ways to interpret and present the results (as no doubt you’ve already come to realize after reading all the vendor blogs and industry articles!) We have been looking at the data for the past week since it published, and still have more to examine over the coming days and weeks.
The more we assess the information, the clearer the story becomes, so we wanted to share with you Trend Micro’s 10 key takeaways for our results:
1. Looking at the results of the first run of the evaluation is important:
|
|
|
|
2. There is a hierarchy in the type of main detections – Techniques is most significant
|
|
https://attackevals.mitre.org/APT29/detection-categories.html
3. More alerts does not equal better alerting – quite the opposite
|
|
4. Managed Service detections are not exclusive
|
|
5. Let’s not forget about the effectiveness and need for blocking!
|
|
6. We need to look through more than the Windows
|
|
7. The evaluation shows where our product is going
|
|
8. This evaluation is helping us make our product better
|
|
9. MITRE is more than the evaluation
|
|
10. It is hard not to get confused by the fud!
|
|
The post Trend Micro’s Top Ten MITRE Evaluation Considerations appeared first on .
The number of VPN users has grown considerably over the past few years. According to the report of Go-Globe, 25% of netizens worldwide have used a VPN at least once in the last 30 days. Recently, VPN usage has surged in many countries and its popularity may see VPN usage surpass the estimated profit of USD$27.10 billion by the end of 2020. The VPN global market only seems to increase as time goes by. So, why is that? What do VPNs provide that make them so attractive?
What is a VPN?
A VPN, or a Virtual Private Network, creates a secure communication “tunnel” from your computer to the internet. It encrypts your connection and prevents others from seeing the data you’re transferring. This keeps your data secure from any spying attempts—including from home over your wired connection, but particularly on public Wi-Fi networks, when you’re out and about in places such as coffee shops, restaurants, airports and hotels. It helps ensure that no one can steal your personal details, passwords, or credit card information.
How does a VPN work and why you need a VPN service?
Among other things, a VPN can conceal your IP address to make your online actions virtually untraceable and anonymous, providing greater privacy for everything you do. In fact, there are so many ways a VPN can protect your privacy and security, we need to take a deeper look at what other benefits a VPN can provide.
|
|
This is the era of mobility and most transactions are being done by people on-the-go using their mobile devices to exchange data over public networks. From online shopping, to mobile banking or simply checking emails and social media accounts, these activities can expose your personal information and sensitive data to hackers and cybercriminals. This particularly applies to users relying on public Wi-Fi. Using a VPN will help to mitigate unwanted leakage or theft by securing data in transit to and from the systems that typically try to collect and store your private data.
|
|
One of the main drivers for using a VPN is to access better streaming content and restricted websites from the region you’re accessing the internet from. This may be true in your own country, but when traveling abroad, there are also chances that you cannot visit a popular website or a social media platform from the country you’re visiting. While using a VPN, you can connect to an IP address in your country and have full access to your favorite media contents and avoid wasting membership fees that you will likely pay for this streaming service.
|
|
Some retail apps, social media platforms, and search engines continuously collect and analyze results of your search history. They keep track of all your browsing activities such as items you viewed, contents you liked, and things you tapped and clicked, so they can provide you with more targeted contents and monetize these by showing the same information in your feed through ads.
Note that, simply clearing your browsing history does not completely remove traces of these searches, and targeted ads can get annoying. This is where a VPN can help enhance your browsing privacy. The VPN hides your browser cached data and location from advertisers, which prevents them from serving up content based on your searches and location.
|
|
Another motivating factor for the use of a VPN is to save on the cost of communicating with families and friends abroad. There are countries implementing restrictions on the use of certain messaging apps, banning their services. If you are planning to visit a country with such a restriction, a VPN can bypass this constraint, which allows you to make use of your trusted messaging app, eliminate the cost of long-distance calls to family and friends while abroad—and at the same time, maintain the level of security and encryption the messaging app provides.
|
|
The internet has evolved into streaming more content—videos, music, and more—and ISPs have responded by making higher data usage and higher throughput (bandwidth) pay-as-you-use-more services. But content is still at issue, particularly after the December 2017 FCC ruling. Potential ISP throttling based on content type, source, or destination (e.g., BitTorrent traffic), which could give priority to business over personal usage, is one of the reasons why everyday people are using VPN services, because a VPN provides more usage anonymity, preventing ISPs from potentially tracking your activities and limiting your bandwidth usage accordingly.
Choosing the right VPN for you
Now that you have some understanding of what a VPN is, and what benefits it can give you, it is also important to choose the right VPN for you.
Due to regulatory requirements and laws governing data privacy and securing personal information online, the demand for VPNs is growing. In response, there are a large number of VPN providers in the market today. So how do you choose a reliable VPN? Here are some criteria to help you pick one that best suits your needs:
|
|
Trend Micro’s Home Division provides two low-cost, safety-focused VPN solutions for everyday users: Trend Micro VPN Proxy One and Trend Micro Wi-Fi Protection, both of which can address light-to-medium VPN needs and meet most of the checklist criteria above.
Trend Micro VPN Proxy One offers fast, secure, stable and anonymous proxy connections for you to access various websites and applications. It connects to the best Trend Micro VPN server intelligently, without you having to do it, and does not limit bandwidth consumption. Trend Micro VPNs do not track your online activities, ensuring you a secure digital life and protecting your online privacy. Trend Micro VPN Proxy One is targeted to Mac and iOS devices.
Trend Micro Wi-Fi Protection turns any public hotspot into a secure Wi-Fi network and VPN with bank-grade data encryption to keep your information safe from hackers. While your VPN is active, Trend Micro Wi-Fi Protection provides exceptional web threat protection and checks websites you visit to safeguard your browsing from online fraud and internet scam. The VPN automatically kicks in when connecting to a Wi-Fi network with low security, such as one with no encryption. Trend Micro Wi-Fi Protection is available for all platforms (PC, Mac, Android, and iOS). Bundles can be purchased for multiple devices and platforms and some bundles can include other Trend Micro products, depending on the region.
Go to the Apple App Store for more details on Trend Micro VPN Proxy One; or for a 30-day trial or to buy, go here: Mac | iOS.
Or visit Trend Micro Wi-Fi Protection for more information, or to buy the multi-platform solution.
The post What is a VPN and How Does it Increase Your Online Security and Privacy? appeared first on .
As a leader in cybersecurity, we at McAfee understand that every aspect of your digital life has potential weak spots that could make you vulnerable to threats and attacks. By incorporating security into everything you do online, you’re better protected from potential threats. To mount your offense, we’ve enlisted a team of partners that puts your security needs first, seamlessly blending our security with their services so you can live a confident life online. We bring our McAfee security teams together with industry players like PC & smartphone manufacturers, software & operating system developers, and more to make sure we can keep scoring security wins for you.
When was the last time you worried about security while you were shopping for a new PC? You were probably checking out the specs, price, and making sure it had all the capabilities you needed for working remotely, distance learning, and maybe a little gaming. And that’s all in addition to the day-to-day productivity, banking, and browsing you do. Like a strong defensive line, HP, Dell, Lenovo, and ASUS work closely with us to make sure that your personal data and devices are secure, especially as you spend more time online than ever before. That’s why so many new PCs are preloaded with a free McAfee® LiveSafe trial to provide integrated protection from malware, viruses, and spyware from day 1 with minimal impact on performance.
McAfee protection goes beyond just antivirus. We help you keep apps and Windows up to date and patched against vulnerabilities, block intruders with our firewall, and help you clean up cookies and temporary files to minimize the digital footprint on your PC.
We build our security directly into the devices consumers rely on for everything from remote yoga to distance learning, so that they know they’ll be safer online, regardless of what their new normal looks like.
Part of a good defense is understanding how the game has changed. We recognize that our customers are using multiple devices to connect online these days. In fact, their primary device may not even be a computer. That’s why we work with mobile providers to ensure customers like you have access to our comprehensive multidevice security options. Devices like mobile phones and tablets allow users to access social media, stream content, and even bank on their terms. For that reason, our mobile protection includes features like VPN, so that you can connect any time, any place safely and use your apps securely.
Our online and brick & mortar retail partners are also irreplaceable on the field. We understand that shopping for security can be complicated – even intimidating – when faced with a wall of choices. Whether you’re in-store or browsing online, we’ll work together to address your security needs so that your devices and personal data are protected with the solution that works best for you. Many of our retailers offer additional installation and upgrade support so you can have one less thing to worry about.
Your web browser is more than a shortcut to the best chocolate chip cookie recipe; it connects you to endless content, information, and communication. Equally important is your operating system, the backbone that powers every app you install, every preference you save, and every vacation destination wallpaper that cycles through. We partner closely with web browsers, operating systems, and other software developers to ensure that our opponents can’t find holes in our defense. Everything that seamlessly works in the background stays that way, helping stop threats and intruders dead in their tracks. Whether it’s routine software updates or color-coded icons that help differentiate safe websites from phishing scams, we’re calling safety plays that keep our customers in the game.
At McAfee, we work tirelessly to do what we do best: blocking the threats you see, and even the ones you don’t. These days your “digital life” blurs the lines between security, identity, and privacy. So, we go into the dark web to hunt down leaked personal info stolen by identity thieves. We include Secure VPN in all our suites to give you privacy online. It’s these capabilities that strengthen both the offense and defense in our starting lineup of security suites like McAfee® Total Protection and McAfee® LiveSafe.
In short, your protection goes from a few reminders to scan your device to a team of experts helping you stay primed for the playoffs. It’s a roster that includes technology and humans solely devoted to staying ahead of the bad guys, from McAfee Advanced Threat Research (ATR) investigating and reporting like to artificial intelligence and machine learning that strengthens with every threat from every device. In fact, in just the first three months of this year, our labs detected over six threats per second!
Cybercriminals may be taking advantage of this current moment, but together, we can ensure our defense holds strong. After all, defense wins championships.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Together, We Block and Tackle to Give You Peace of Mind appeared first on McAfee Blogs.
2020 has propelled us into a new digital reality – one where we are reliant on technology to help us maintain our way of life. This forced all age groups, from 8-80, to learn how to conduct their day-to-day online. I personally had my mother asking a million questions about how to video conference!
But while we’re all looking to remain connected, we need to also focus on staying protected. For those of us a little more tech-savvy, that means helping our family and friends learn how this new digital reality impacts online security.
Let’s examine what that entails.
Digital healthcare’s rise was predicted back in January when Bain & Company reported that 40% of U.S. physicians expect to start using telemedicine over the next two years. Then came COVID-19, which drove healthcare providers to turn toward digital options to deliver socially distanced patient care. Many PCPs moved almost entirely to telehealth, with half of those surveyed using telemedicine in over 75% of their patient care.
While telehealth significantly increases patient care availability, there are also intrinsic privacy and security risks that go along with it. For example, telehealth requires that patients submit their health information through online platforms – some of which lack the proper data safeguards and don’t meet HIPAA requirements. Like all data transferred over the internet, private health information used for telemedicine could be intercepted by hackers if users don’t take proper security precautions. This means ensuring you and your loved one employ best practices – locking your platform account with a strong password, ensuring you only give your personal information to your doctor or verified resource, etc. These simple steps from McAfee experts are more important than ever before, as the healthcare industry is a preferred target for criminals.
School may be back in session, but it looks pretty different than previous years. For parents, this means navigating the unknown terrain that is a virtual classroom – and how the new environment affects your family’s online security.
Distance learning has led to a substantial spike in online video conferencing tools to conduct virtual lectures – which is only compounded by the fact that kids are already constantly on devices to play and socialize. However, some of the tools they use have proven to lack necessary security measures, which could jeopardize your students’ academic success and online security. Beyond video platform concerns, the combination of increased personal device usage on not-as-secure home networks poses a threat of its own.
Parents must ensure their students succeed – at both school and security. While they’re helping kids adjust to distance learning, parents can help keep them safe online by conducting router firmware updates, changing any default passwords on home networks, and leveraging a VPN. Additionally, parents must teach kids good security hygiene, such as always updating an app or device when an update is available. With parents juggling so much right now, they can also look for some extra support in the form of a comprehensive security solution that covers all their family’s devices with an extra layer of protection.
Many consumers have adopted digital financial services to make contactless payments or participate in online banking – some for convenience, others to help minimize contact in light of recent events. However, as this tech grows, so does the need for up-to-date security.
As users incorporate digital financial services into their everyday lives, they may fall victim to the risks commonly associated with making online payments. My mother, for example, is new to mobile banking and doesn’t know to look out for targeted phishing attacks from hackers who are trying to trick her out of money. Even the most tech-savvy online banking users can fall victim to more sophisticated phishing schemes out there.
To ensure cybercriminals don’t trick my mom into sharing sensitive information by impersonating her bank, we’ve discussed some ways she can identify an attack. Now, she knows to always hover over suspicious links, avoid interacting with messages from unknown senders, and to go directly to her bank’s official website.
We can use technology to adapt and grow during this time, just as long as we all employ security best practices. So, whether it be telehealth, distance learning, or digital finances, your family should always keep the aforementioned tips top of mind.
And remember – you’re not in this alone. You’ve got the support you need during this new digital reality in the form of a comprehensive security solution, McAfee® Total Protection. With this solution, consumers are safeguarded from malware with cloud-based threat protection that uses behavioral algorithms to detect new threats. It includes comprehensive internet security, multi-faceted privacy protection, and our secure VPN to ensure your family is prepared for any potential threat.
With robust, comprehensive security in place, your family’s devices will be consistently protected from the latest threats that came from our digital reality. With all these devices safe, everyone’s online life is free from worry.
To stay updated on all things McAfee and for more resources on staying secure from home, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Telehealth, Distance Learning, & Online Banking: Securing Digital Frontiers appeared first on McAfee Blogs.
With millions of people continuing to work and study remotely, scammers have followed them home—generating an average of 375 new threats per minute so far this year. In response, our enhanced consumer portfolio directly addresses the new needs and new threats people face.
McAfee Labs found that these new threats via malicious apps, phishing campaigns malware, and more, according to its McAfee COVID-19 Threat Report: July 2020, which amounted to an estimated $130 million in total losses in the U.S. alone.
To help people stay safer and combat these threats, today we announced our latest consumer security portfolio. Our enriched products come with better user experiences such as a native Virtual Private Network (VPN), along with new features, including integrated Social Media and Tech Scam Protection—all of which are pressing security essentials today.
Specifically, our product lineup has been updated to include:
Scams involving tech support and product activation have continued to sneak into people’s inboxes and search results, which require a critical eye to spot. Here are some tips on how to identify these scams. We’re making it easier for people to stay safer with new features such as:
With jobs and things that simply need to get done “right now,” security can be an afterthought. Sometimes that desire for convenience has consequences, leading to situations where people’s devices, data, and personal information get compromised. In response, we’re doing our part to make security more intuitive so that people can get things done quickly and safely:
With people’s newfound reliance on the internet, we’ve made new advances that help them live their increasingly connected lives—looking after security and privacy even more comprehensively than before on security and the apps they use:
McAfee is on a journey to ensure security allows users to be as carefree as possible online, now that more time is spent on devices as consumers navigate a new normal of life from home. For more information on our consumer product lineup, visit https://www.mcafee.com/en-us/antivirus/mcafee-total-protection.html
To stay updated on all things McAfee and for more resources on staying secure from home, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Evolving Security Products for the new Realities of Living Life From Home appeared first on McAfee Blogs.
During COVID-19, people stuck inside have scoured the internet for content to consume – often searching for free entertainment (movies, TV shows, and music) to avoid any extra costs. As these habits increase, so do the potential cyberthreats associated with free internet content – making our fourteenth Most Dangerous Celebrities study more relevant than ever.
To conduct our Most Dangerous Celebrities 2020 study, McAfee researched famous individuals to reveal which celebrities generate the most “dangerous” results – meaning those whose search results bring potentially malicious content to expose fans’ personal information.
Thanks to her recent starring roles, American actress Anna Kendrick has found herself at the top of McAfee’s 2020 Most Dangerous Celebrities list.
The Top Ten Most Dangerous Celebrities
You probably know Anna Kendrick from her popular roles in films like “Twilight,” Pitch Perfect,” and “A Simple Favor.” She also recently starred in the HBO Max series “Love Life,” as well as the 2020 children’s film “Trolls World Tour.” Kendrick is joined in the top ten list by fellow actresses Blake Lively (No. 3), Julia Roberts (No. 8), and Jason Derulo (No. 10). Also included in the top ten list are American singers Mariah Carey (No. 4), Justin Timberlake (No. 5), and Taylor Swift (No. 6). Rounding out the rest of the top ten are American rapper Sean (Diddy) Combs (No. 2), Kate McKinnon (No. 9), and late-night talk show host Jimmy Kimmel (No. 7).
Lights, Camera, Security
Many consumers don’t realize that simple internet searches of their favorite celebrities could potentially lead to malicious content, as cybercriminals often leverage these popular searches to entice fans to click on dangerous links. This year’s study emphasizes that consumers are increasingly searching for content, especially as they look for new forms of entertainment to stream amidst a global pandemic.
With a greater emphasis on streaming culture, consumers could potentially be led astray to malicious websites while looking for new shows and movies to watch. However, people must understand that torrent or pirated downloads can lead to an abundance of cyberthreats. If an unsuspecting user clicks on a malicious link while searching for their favorite celebrity film, their device could suddenly become plagued with adware or malware.
Whether you and your family are checking out your new favorite actress in her latest film or streaming a popular singer’s new album, it’s important to ensure that your searches aren’t potentially putting your online security at risk. Follow these tips so you can be a proactive fan while safeguarding your digital life:
Users looking for information on their favorite celebrities should be cautious and only click on links to reliable sources for downloads. The safest thing to do is to wait for official releases instead of visiting third-party websites that could contain malware.
When it comes to dangerous online behavior, using illegal streaming sites could wreak havoc on your device. Many illegal streaming sites are riddled with malware or adware disguised as pirated video files. Do yourself a favor and stream the show from a reputable source.
Safeguard yourself from cybercriminals with a comprehensive security solution like McAfee Total Protection. This can help protect you from malware, phishing attacks, and other threats.
Use a website reputation tool such as McAfee WebAdvisor, which alerts users when they are about to visit a malicious site.
Kids are fans of celebrities too, so ensure that limits are set for your child on their devices and use parental control software to help minimize exposure to potentially malicious or inappropriate websites.
To stay updated on all things McAfee and for more resources on staying secure from home, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Anna Kendrick Is McAfee’s Most Dangerous Celebrity 2020 appeared first on McAfee Blogs.
During COVID-19, people stuck inside have scoured the internet for content to consume – often searching for free entertainment (movies, TV shows, and music) to avoid any extra costs. As these habits increase, so do the potential cyber threats associated with free internet content – making our fourteenth Most Dangerous Celebrities study more relevant than ever.
To conduct our Most Dangerous Celebrities 2020 study, McAfee researched famous individuals to reveal which celebrities generate the most “dangerous” results – meaning those whose search results bring potentially malicious content to expose fans’ personal information. Owing to his international popularity and fan following that well resonates in India, Cristiano Ronaldo takes the top spot on the India edition of McAfee’s 2020 Most Dangerous Celebrities list.
Ronaldo is popular not only for his football skills, but also for his lifestyle, brand endorsements, yearly earnings, and large social media following, with fans devotedly tracking his every movement. This year, Ronaldo’s transfer to Juventus from Real Madrid for a reported £105M created quite a buzz, grabbing attention from football enthusiasts worldwide. Within the Top 10 list, Ronaldo is closely followed by veteran actress Tabu (No. 2) and leading Bollywood actresses, Taapsee Pannu, (No. 3) Anushka Sharma at (No. 4) and Sonakshi Sinha (No. 5). Also making the top ten is Indian singer Armaan Malik (No. 6), and young and bubbly actor Sara Ali Khan (No. 7). Rounding out the rest of the top ten are Indian actress Kangana Ranaut (No. 8), followed by popular TV soap actress Divyanka Tripathi (No. 9) and lastly, the King of Bollywood, Shah Rukh Khan (No. 10).
Many consumers don’t realize that simple internet searches of their favorite celebrities could potentially lead to malicious content, as cybercriminals often leverage these popular searches to entice fans to click on dangerous links. This year’s study emphasizes that consumers are increasingly searching for content, especially as they look for new forms of entertainment to stream amidst a global pandemic.
With a greater emphasis on streaming culture, consumers could potentially be led astray to malicious websites while looking for new shows, sports, and movies to watch. For example, Ronaldo is strongly associated with malicious search terms, as fans are constantly seeking news on his personal life, as well as searching for news on his latest deals with football clubs. In addition, users may be streaming live football matches through illegal streaming platforms to avoid subscription fees. If an unsuspecting user clicks on a malicious link while searching for their favorite celebrity related news, their device could suddenly become plagued with adware or malware.
Whether you and your family are checking out your new favorite actress in her latest film or streaming a popular singer’s new album, it’s important to ensure that your searches aren’t potentially putting your online security at risk. Follow these tips so you can be a proactive fan while safeguarding your digital life:
Users looking for information on their favorite celebrities should be cautious and only click on links to reliable sources for downloads. The safest thing to do is to wait for official releases instead of visiting third-party websites that could contain malware.
Refrain from using illegal streaming sites
When it comes to dangerous online behavior, using illegal streaming sites could wreak havoc on your device. Many illegal streaming sites are riddled with malware or adware disguised as pirated video files. Do yourself a favor and stream the show from a reputable source.
Protect your online safety with a cybersecurity solution
Safeguard yourself from cybercriminals with a comprehensive security solution like McAfee Total Protection. This can help protect you from malware, phishing attacks, and other threats.
Use a website reputation tool
Use a website reputation tool such as McAfee WebAdvisor, which alerts users when they are about to visit a malicious site.
Use parental control software
Kids are fans of celebrities too, so ensure that limits are set for your child on their devices and use parental control software to help minimize exposure to potentially malicious or inappropriate websites.
Stay Updated
To stay updated on all things McAfee and for more resources on staying secure from home, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Cristiano Ronaldo tops McAfee India’s Most Dangerous Celebrity 2020 List appeared first on McAfee Blogs.
2020 has certainly been the year for online entertainment. With many Aussies staying home to stay well, the internet and all its offerings have provided the perfect way for us all to pass time. From free movies and TV shows to the latest celebrity news, many of us have devoured digital content to entertain ourselves. But our love affair with online entertainment certainly hasn’t gone unnoticed by cybercriminals who have ‘pivoted’ in response and cleverly adapted their scams to adjust to our insatiable desire for content.
Cybercriminals are fully aware that we love searching for online entertainment and celebrity news and so devise their plans accordingly. Many create fake websites that promise users free content from a celebrity of the moment to lure unsuspecting Aussies in. But these malicious websites are purpose-built to trick consumers into sharing their personal information in exchange for the promised free content – and this is where many come unstuck!
McAfee, the world’s leading cybersecurity company, has researched which famous names generate the riskiest search results that could potentially trigger consumers to unknowingly install malware on their devices or unwillingly share their private information with cybercriminals.
And in 2020, English singer-songwriter Adele takes out the top honours as her name generates the most harmful links online. Adele is best known for smashing the music charts since 2008 with hit songs including ‘Rolling in the Deep’ and ‘Someone Like You’. In addition to her award-winning music, Adele is also loved for her funny and relatable personality, as seen on her talk show appearances (such as her viral ‘Carpool Karaoke’ segment) and concert footage. Most recently, her weight-loss and fitness journey have received mass media attention, with many trying to get to the bottom of her ‘weight-loss’ secrets.
Trailing Adele as the second most dangerous celebrity is actress and star of the 2020 hit show Stan ‘Love Life’ Anna Kendrick, followed by rapper Drake (no. 3), model and actress Cara Delevingne (no. 4), US TikTok star Charli D’Amelio (no. 5) and singer-songwriter Alicia Keys (no. 6). Rounding out the top ten are ‘Sk8r Boi’ singer Avril Lavigne (No. 7), New Zealand rising music star, Benee (no. 8), songstress Camila Cabello (no. 9), and global superstar, singer and actress Beyonce (no. 10).
Whether it was boredom or the fact that we just love a stickybeak, our love of celebrity news reached new heights this year with our many of us ‘needing’ to stay up to date with the latest gossip from our favourite public figures. Adele’s weight-loss journey (no.1), Drake’s first photos of ‘secret son’ Adonis (no. 4), and Cara Delevingne’s breakup with US actress Ashley Benson (no. 5), all had us Aussie fans flocking to the internet to search for the latest developments on these celebrity stories.
With many of us burning through catalogues of available movies and TV shows amid advice to stay at home, new release titles have definitely been the hottest ticket in town to stay entertained.
Rising to fame following her roles in ‘Twilight’ and musical comedy ‘Pitch Perfect’, Anna Kendrick (no. 2) starred in HBO Max series ‘Love Life’ which was released during the peak of COVID-19 in Australia, as well as the 2020 children’s film ‘Trolls World Tour’. R&B and pop megastar Beyonce (no. 10) starred in the 2019 remake of Disney cult classic ‘The Lion King’ and released a visual album ‘Black Is King’ in 2020.
While live concerts and festivals came to a halt earlier this year, many of us are still seeking music – both old and new – to help us navigate these unprecedented times. In fact, musicians make up 50% of the top 10 most dangerous celebrities – hailing from all genres, backgrounds and generations.
Canadian rapper Drake (No. 2) sparked fan interest by dropping his ‘Dark Lanes Demo Tapes’ album including hit songs ‘Chicago Freestyle’ and ‘Tootsie Slide’ that went massively viral on TikTok. New Zealand singer Benee also came out of the woodwork with viral sensations Supalonely and Glitter topping charts and reaching global popularity on TikTok.
Known for her enormously successful R&B/Soul music in the early 2000s, Alicia Keys (no. 6) released a string of new singles in 2020. Camila Cabello’s ‘Senorita’ duet with Canadian singer and now boyfriend Shawn Mendes, was Spotify’s most streamed song of 2019. The couple continued to attract copious attention as fans followed stories reporting on the lovebirds self-isolating together in Miami earlier this year.
Please don’t feel that getting caught by an ill-intentioned cybercrime is inevitable. If you follow these few simple tips, you can absolutely continue your love of online entertainment and all things celebrity:
If you are looking for new release music, movies or TV shows or even an update on your favourite celebrity then ALWAYS be cautious and only click on links to reliable sources. Avoid ‘dodgy’ looking websites that promise free content – I guarantee these sites will gift you a big dose of malware. The safest thing is to wait for official releases, use only legitimate streaming sites and visit reputable news sites.
Yes, illegal downloads are free but they are usually riddled with malware or adware disguised as mp3 files. Be safe and use only legitimate music streaming platforms – even if it costs a few bucks! Imagine how devastating it would be to lose access to everything on your computer thanks to a nasty piece of malware?
One of the best ways of safeguarding yourself (and your family) from cybercriminals is by investing in an comprehensive cybersecurity solution like McAfee’s Total Protection. This Rolls Royce cybersecurity package will protect you from malware, spyware, ransomware and phishing attacks. An absolute no brainer!
Kids love celebrities too! Parental control software allows you to introduce limits to your kids’ viewing which will help minimise their exposure to potentially malicious or inappropriate websites when they are searching for the latest new on TikTok star Charlie D’Amelio or go to download the latest Benee track.
I don’t know how my family of 6 would have survived this year without online entertainment. We’ve devoured the content from three different streaming services, listened to a record number of hours on Spotify and filled our heads with news courtesy of online news sites. And while things are looking up, it will be a while before life returns to normal. So, please take a little time to educate your family on the importance of ‘thinking before you click’ and the perils of illegal downloading. Let’s not make 2020 any more complicated!!
Stay safe everyone!
Alex x
The post How Searching For Your Favourite Celebrity May Not End Well appeared first on McAfee Blogs.
Video conferencing has really taken off this year. With more people working and learning from home than ever before, video calling has rapidly become the mainstream method for remote communication, allowing users to stay connected. But very few may realize that they might be giving away their passwords on video calls through their body language. According to Tom’s Guide, call participants can guess a user’s passwords through the arm and shoulder movements they make while they type.
Let’s unpack how this threat works so you can continue to connect via video calls worry-free.
Keyboard snooping, or a keyboard interference threat, occurs when an attacker is present on a video call and observes the target’s body and physiological features to infer what they are typing. To pull off this attack, the hacker would need to record the meeting or video stream and feed it through a computer program. This program eliminates the visual background and measures the user’s arm and shoulder movements relative to their face. From there, the program analyzes the user’s actions to guess which keys they are hitting on the keyboard – including passwords and other sensitive information.
So, how accurate is this program, anyway? While this shows that the program was only correct 20% of the time when subjects were on their own devices in an uncontrolled environment, the program’s accuracy increased to 75% if their password was one of the one million most commonly used passwords. And suppose the program already knew their email address or name. In that case, it could decipher when the target was typing this information during the video call (and when their password would immediately follow) 90% of the time. The less complex the target makes their password, the easier it is for the program to guess what they’re typing.
Keystroke inference attacks can have potentially dangerous effects, since the text typed can often contain sensitive or private information even beyond passwords, like credit card numbers, authentication codes, and physical addresses. It’s also important to note that any video conferencing tool or videos obtained from public video sharing/streaming platforms are susceptible to this attack.
Therefore, to prevent your meeting attendees from snooping on what you’re typing, follow these tips for greater peace-of-mind:
Avoid giving keyboard snoopers the upper hand by making your password or passphrase as unique as the information it’s protecting. If a hacker does manage to guess your password for one of your online accounts, they will likely check for repeat credentials across multiple sites. By using different passwords or passphrases for your online accounts, you can remain calm and collected knowing that the majority of your data is secure if one of your accounts becomes vulnerable.
Two or multi-factor authentication provides an extra layer of security, as it requires multiple forms of verification like texting or emailing a secure code to verify your identity. Most popular online sites like Gmail, Dropbox, LinkedIn, Facebook, etc. offer multi-factor authentication, and it takes just a few minutes to set it up. This reduces the risk of successful impersonation by criminals who may have uncovered your information by keyboard snooping.
Take your security to the next level with a password manager, like the one included in McAfee Total Protection. A password manager can help you create strong passwords, remove the hassle of remembering numerous passwords, and log you on to websites automatically.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post How to Prevent Keyboard Snooping Attacks on Video Calls appeared first on McAfee Blogs.
I’m pleased to report that I’ve achieved a number of personal bests in 2020 but the one I’m most proud about is my achievement in the highly skilled arena of online shopping. I’ve shopped online like I’m competing in the Olympics: groceries, homewares, clothing – even car parts! And my story is not unique. Living with a pandemic has certainly meant we’ve had to adapt – but when it came to ramping up my online shopping so we could stay home and stay safe – I was super happy to adapt!
And research from McAfee shows that I am not alone. In fact, over 40% of Aussies are buying more online since the onset of COVID-19 according to the 2020 Holiday Season: State of Today’s Digital e-Shopper survey. But this where it gets really interesting as the survey also shows that nearly 1/3 of us (29%) are shopping online 3-5 days a week, and over one in ten consumers (11%) are even shopping online daily!! But with many online retailers offering such snappy delivery, it has just made perfect sense to stay safe and stay home!
With just over a month till Santa visits, it will come as no surprise that many of us are starting to prepare for the Holiday season by purchasing gifts already. Online shopping events such as Click Frenzy or the Black Friday/Cyber Monday events are often very compelling times to buy. But some Aussies have decided they want to get in early to secure gifts for their loved ones in response to warnings from some retailers warning that some items may sell out before Christmas due to COVID-19 related supply chain issues. In fact, McAfee’s research shows that 48% of Aussies will be hitting the digital links to give gifts and cheer this year, despite 49% feeling cyber scams become more prevalent during the holiday season.
McAfee’s research shows very clearly that the bulk of us Aussies are absolutely aware of the risks and scams associated with online shopping but that we still plan to do more shopping online anyway. And with many of us still concerned about our health and staying well, it makes complete sense. However, if there was ever a time to take proactive steps to ensure you are minimizing risks online – it is now!
McAfee’s specialist online threat team (the Advanced Threat Research team) recently found evidence that online cybercrime is on increase this year, with McAfee Labs observing 419 threats per minute between April to June 2020 – an increase of almost 12% over the previous quarter.
And with many consumers gearing up to spend up big online in preparation for the Holiday season, many experts are worried that consumers are NOT taking these threats as seriously as they should. McAfee’s research showed that between April to June 2020, 41% of 18-24 year olds have fallen victim to an online scam and over 50% of the same age group are aware of the risks but have made no change to their online habits.
At the risk of sounding dramatic, I want you to channel your James Bond when you shop online this holiday period. Do your homework, think with your head and NOT your heart and always have your wits about you. Here are my top tips that I urge you to follow to ensure you don’t have any unnecessary drama this Christmas:
Click on random, unsafe links is the best way of falling victim to a phishing scam. Who wants their credit card details stolen? – no one! And Christmas is THE worst time for this to happen! If something looks too good to be true – it probably is. If you aren’t sure – check directly at the source – manually enter the online store address yourself to avoid those potentially nasty links!
This is a no-brainer – where possible, turn this on as it adds another lay of protection to your personal data and accounts. Yes, it will add another 10 seconds to the log-in process but it’s absolutely worth it.
If you have a VPN (or Virtual Private Network) on your laptop, you can use Wi-Fi without any concern – perfect for online purchases on the go! A VPN creates an encrypted tunnel between your device and the router which means anything you share is protected and safe! Check out McAfee’s Safe Connect which includes bank-grade encryption and private browsing services.
Ensuring all your devices are kitted out with comprehensive security software which will protect against viruses, phishing attacks and malicious website is key. Think of it as having a guardian cyber angel on your shoulder. McAfee’s Total Protection software does all that plus it has a password manager, a shredder and encrypted storage – and the Family Pack includes the amazing Safe Family app – which is lifechanging if you have tweens and teens!
So, yes – please make your list and check it twice BUT before you dive in and start spending please take a moment to ask yourself whether you are doing all you can to minimise the risks when online shopping this year. And don’t forget to remind your kids too – they may very well have their eye on a large gift for you too!
Happy Christmas Everyone
Alex xx
The post Christmas Shopping 2020 appeared first on McAfee Blogs.
And just like that, the holidays are here! That means it’s time to grab your devices and credit cards for some online holiday shopping. But while you plan to share the merry and shop for gifts, criminals are preparing some not-so-festive tricks of their own.
Let’s unwrap the top four phishing scams that users should beware of while making online purchases this week and through the rest of the year. Remember, there’s still time to shop for cybersecurity protection this holiday season.
It might surprise you to see that a tactic as old as email phishing is still so widely used today. Well, that’s because many people still fall for email phishing scams, as the criminals behind these attacks up the ante every year to make these threats more sophisticated.
Scammers also tend to take advantage of current events to trick unsuspecting consumers into falling for their tricks. Take earlier this year, for example, when many users received phishing emails claiming to be from a government entity regarding financial support due to the global health emergency. Cybercriminals will likely use similar, timely tactics leading up to the holidays, posing as famous retailers and promising fake discounts in the hope that a consumer will divulge their credit card details or click on a malicious link.
Like email phishing, spear phishing has been around for quite some time. With spear phishing attacks, hackers pretend to be an organization or individual that you’re familiar with and include a piece of content—a link, an email attachment, etc.—that they know you’ll want to interact with. For example, cybercriminals might claim to be charitable organizations asking for donations, knowing that many families like to donate during the holidays. The email might even include the recipient’s personal details to make it seem more convincing. But instead of making a generous contribution, users find that they infected their own system with malware by clicking on the fraudulent link.
No, that’s not the sound of Santa coming down the chimney – it’s the sound of voice phishing! “Vishing” attacks can be highly deceiving, as hackers will call a user and trick them into giving up their credentials or sharing other personal information. For example, a scammer could call an individual telling them that they won a large amount of cash as part of a holiday contest. Overjoyed with the thought of winning this so-called contest, the user may hand over their bank information to the criminal on the other end of the phone. But instead of receiving a direct deposit, all they find is that their banking credentials were used to make a fraudulent purchase.
SMS phishing, or “SMiShing,” is another threat users should watch out for this holiday season. This tactic uses misleading text messages claiming to come from a trusted person or organization to trick recipients into taking a certain action that gives the attacker exploitable information or access to their mobile device.
Due to the current global health emergency and the desire to do more digitally, consumers will likely rely on online shopping this holiday season. To take advantage of this trend, scammers will probably send fraudulent text messages disguised as online retailers. These messages will likely contain fake tracking links, shipping notices, and order confirmations. But if an unsuspecting user clicks on one of these links, they will be directed to a fake website prompting them to enter their credentials for the attackers to further exploit.
To prevent cybercriminals from messing with the festive spirit via phishing schemes, follow these tips so you can continue to make merry during the holiday shopping season:
If you receive an email, call, or text asking you to download software or pay a certain amount of money, don’t click on anything or take any direct action from the message. Instead, go straight to the organization’s website. This will prevent you from downloading malicious content from phishing links or forking over money unnecessarily.
If someone sends you a message with a link, hover over the link without actually clicking on it. This will allow you to see a link preview. If the URL looks suspicious, don’t interact with it and delete the message altogether.
Instead of clicking on a link in an email or text message, it’s always best to check directly with the source to verify a holiday shopping offer or track a package’s shipment.
Use a comprehensive security solution, like McAfee Total Protection, which can help protect devices against malware, phishing attacks, and other threats. It includes McAfee WebAdvisor, which can help identify malicious websites.
The post Top Phishing Lures to Look Out for This Holiday Season appeared first on McAfee Blog.
Seems like the internet follows us wherever we go nowadays, whether it tags along via a smartphone, laptop, tablet, a wearable, or some combination of them all. Yet there’s something else that follows us around as well—our PII, a growing body of “personally identifiable information” that we create while banking, shopping, and simply browsing the internet. And no doubt about it, our PII is terrifically valuable.
What makes it so valuable? It’s no exaggeration to say that your PII is the key to your digital life, along with your financial and civic life as well. Aside from using it to create accounts and logins, it’s further tied to everything from your bank accounts and credit cards to your driver’s license and your tax refund.
Needless to say, your PII is something that needs protecting, so let’s take a look at several ways you can do just that.
What is PII? It’s information about you that others can use to identify you either directly or indirectly. Thus, that info could identify you on its own, or it could identify you when it’s linked to other identifiers, like the ones associated with the devices, apps, tools, and protocols you use.
A prime example of direct PII is your tax ID number because it’s unique and directly associated with your name. Further instances include your facial image to unlock your smartphone, your medical records, your finances, and your phone number because each of these can be easily linked back to you.
Then there are those indirect pieces of PII that act as helpers. While they may not identify you on their own, a few of them can when they’re added together. These helpers include things like internet protocol addresses, the unique device ID of your smartphone, or other identifiers such as radio frequency identification tags.
You can also find pieces of your PII in the accounts you use, like your Google to Apple IDs, which can be linked to your name, your email address, and the apps you have. You’ll also find it in the apps you use. For example, there’s PII in the app you use to map your walks and runs, because the combination of your smartphone’s unique device ID and GPS tracking can be used in conjunction with other information to identify who you are, not to mention where you typically like to do your 5k hill days. The same goes for messenger apps, which can collect how you interact with others, how often you use the app and your location information based on your IP address, GPS information, or both.
In all, there’s a cloud of PII that follows us around as we go about our day online. Some wisps of that cloud are more personally identifying than others. Yet gather enough of it and PII can create a high-resolution snapshot of you—who you are, what you’re doing when you’re doing it, and even where you’re doing it too—particularly if it gets into the wrong hands.
Remember Pig-Pen, the character straight from the old funny pages of Charles Schultz’s Charlie Brown? He’s hard to forget with that ever-present cloud of dust following him around. Charlie Brown once said, “He may be carrying the soil that trod upon by Solomon or Nebuchadnezzar or Genghis Khan!” It’s the same with us and our PII, except the cloud surrounding us, isn’t the dust of kings and conquerors, they’re motes of digital information that are of tremendously high value to crooks and bad actors—whether for purposes of identity theft or invasion of privacy.
With all PII we create and share on the internet, that calls for protecting it. Otherwise, our PII could fall into the hands of a hacker or identity thief and end up getting abused, in potentially painful and costly ways.
Here are several things you can do to help ensure that what’s private stays that way:
Square One is to protect your devices with comprehensive online protection software. This will defend you against the latest virus, malware, spyware, and ransomware attacks plus further protect your privacy and identity. In addition to this, it can also provide strong password protection by generating and automatically storing complex passwords to keep your credentials safer from hackers and crooks who may try to force their way into your accounts.
Further, security software can also include a firewall that blocks unwanted traffic from entering your home network, such as an attacker poking around for network vulnerabilities so that they can “break-in” to your computer and steal information.
Also known as a virtual private network, a VPN helps protect your vital PII and other data with bank-grade encryption. The VPN encrypts your internet connection to keep your online activity private on any network, even public networks. Using a public network without a VPN can increase your cybersecurity risk because others on the network can potentially spy on your browsing and activity.
If you’re new to the notion of using a VPN, check out this article on VPNs and how to choose one so that you can get the best protection and privacy possible.
In the U.S., the Social Security Number (SSN) is one of the most prized pieces of PII as it unlocks the door to employment, finances, and much more. First up, keep a close grip on it. Literally. Store your card in a secure location. Not your purse or wallet.
Certain businesses and medical practices may ask you for your SSN for billing purposes and the like. You don’t have to provide it (although some businesses could refuse service if you don’t), and you can always ask if they will accept some alternative form of information. However, there are a handful of instances where an SSN is a requirement. These include:
Be aware that hackers often get a hold of SSNs because the organization holding that information gets hacked or compromised itself. Minimizing how often you provide your SSN can offer an extra degree of protection.
Protecting your files with encryption is a core concept in data and information security, and thus it’s a powerful way to protect your PII. It involves transforming data or information into code that requires a digital key to access it in its original, unencrypted format. For example, McAfee Total Protection includes File Lock, which is our file encryption feature that lets you lock important files in secure digital vaults on your device.
Additionally, you can also delete sensitive files with an application such as McAfee Shredder, which securely deletes files so that thieves can’t access them. (Quick fact: deleting files in your trash doesn’t actually delete them in the truest sense. They’re still there until they’re “shredded” or otherwise overwritten such that they can’t be restored.)
Which Marvel Universe superhero are you? Does it really matter? After all, such quizzes and social media posts are often grifting pieces of your PII in a seemingly playful way. While you’re not giving up your SSN, you may be giving up things like your birthday, your pet’s name, your first car … things that people often use to compose their passwords or use as answers to common security questions on banking and financial sites. The one way to pass this kind of quiz is not to take it!
A far more direct form of separating you from your PII are phishing attacks. Posing as emails from known or trusted brands, financial institutions, or even a friend or family member a cybercrook’s phishing attack will attempt to trick you into sharing important information like your logins, account numbers, credit card numbers, and so on under the guise of providing customer service.
How do you spot such emails? Well, it’s getting a little tougher nowadays because scammers are getting more sophisticated and can make their phishing emails look nearly legitimate. However, there are several ways you can spot a phishing email and phony web pages as outlined here.
Comprehensive security offers another layer of prevention, in this case by offering browser protection like our own Web Advisor, which will alert you in the event you come across suspicious links and downloads that can steal your PII or otherwise expose you to attacks.
With social engineering attacks that deceive victims by posing as people the victim knows and the way we can sometimes overshare a little too much about our lives, you can see why a social media profile is a potential goldmine for cybercriminals.
Two things you can do to help protect your PII from being at risk via social media: one, think twice about what PII you might be sharing in that post or photo—like the location of your child’s school or the license plate on your car; two, set your profile to private so that only friends can see it. Review your privacy settings regularly to keep your profile information out of the public eye. And remember, nothing is 100% private on the internet. Never post anything you wouldn’t want to see shared.
The “S” stands for secure. Any time you are shopping, banking, or sharing any kind of PII, look for “https” at the start of the web address. Some browsers will also indicate HTTP by showing a small “lock” icon. Doing otherwise on plain HTTP sites exposes your PII for anyone who cares to monitor that site for unsecured connections.
By locking your devices, you protect yourself that much better from PII and data theft in the event your device is lost, stolen, or even left unattended for a short stretch. Use your password, PIN, facial recognition, thumbprint ID, what have you. Just lock your stuff. In the case of your smartphones, read up on how you can locate your phone or even wipe it remotely if you need to. Apple provides iOS users with a step-by-step guide for remotely wiping devices, and Google offers up a guide for Android users as well.
Theft of your PII can of course lead to credit cards and other accounts being opened falsely in your name. What’s more, it can sometimes be some time before you even become aware of it, until perhaps your credit score takes a hit or a bill collector comes calling. By checking your credit, you can address any issues that come up, as companies typically have a clear-cut process for contesting any fraud. You can get a free credit report in the U.S. via the Federal Trade Commission (FTC) and likewise, other nations like the UK have similar free offerings as well.
Consider identity theft protection as well. A strong identity theft protection package pairs well with keeping track of your credit and offers cyber monitoring that scans the dark web to detect for misuse of your PII. With our identity protection service, we help relieve the burden of identity theft if the unfortunate happens to you with $1M coverage for lawyer fees, travel expenses, lost wages, and more.
The post Take It Personally: Ten Tips for Protecting Your Personally Identifiable Information (PII) appeared first on McAfee Blog.
I’ve had such a busy morning! I’ve hunted down my favourite foundation, bought a puzzle mat, stocked up on special dog food for our naughty new puppy, ordered the groceries, made a few appointments and chatted with several friends. And guess what? I haven’t left my study – or changed out of my pyjamas!! Ssshhh!! Because it’s all happened online…
Of course, some of us embraced the benefits of the online world long before 2020 but the Pandemic forced almost everyone to replace our in-person activities and routines with online ones. New research from McAfee in their 2021 Consumer Security Mindset Report shows that 72% of Aussies made changes in their online activities last year out of convenience which makes complete sense!
But what’s so interesting is that now we have these super handy new online routines in place – we aren’t that keen to give them up! McAfee’s report shows that 76% of Aussies are planning on continuing with online banking, 59% of us want to keep connecting with friends and family online and 55% of us remain totally committed to online shopping! Hear, hear, I say! I am absolutely staying that course too!!
There’s no doubt that there is a lot of upside to managing our lives online but unfortunately there is also a downside – increased risk! The more time spent online, the greater the chance that we will be exposed to potential risks and threats such as phishing attacks, entering details into malicious websites or even becoming a victim of fraud.
McAfee’s research shows that we are aware of the risks of being online. In fact, 66% of us are concerned about the potential dangers of living our lives online with losing control of our financial data top of the list for the majority of us. And almost 2/3 (65%) of us are also worried about having our social media accounts hacked.
But pandemic life has meant that we are now a lot more comfortable with sharing information online. Whether it’s paperless transaction records, text and email notifications, opting to stay logged in or auto-populating forms with our credit card, this level of online sharing does make life so convenient but it can be a risky business! Why, I hear you ask? Because these conveniences usually only work when you share multiple pieces of your contact details. And the more you share, the greater your chance of being hacked or compromised. But the report was very clear – if we can make our online life more seamless then we are only too happy to share our key contact information! Oh dear!!
In addition to confessing that they don’t always take the necessary security precautions, Aussie consumers in McAfee’s report also admitted that they haven’t thought about why hackers might want their data. I don’t know how many people tell me that they don’t need to really bother with a lot of online precautions because they live a pretty boring life and don’t spend that much time online.
But this is a very dangerous way to think. Your online data is like a pot of gold to hackers. Not only can they use it to possibly steal your identity and try to empty your bank accounts but they can also on-sell it for a profit. But the majority of Aussies don’t stop to consider this with the research showing that 64% of Aussies have never considered just how valuable their online data is worth.
Hackers are ALWAYS on the lookout for new ‘up-to-date’ ways to exploit others for money. Don’t forget how quick they were to conjure up scams around COVID in early 2020 – it was just a matter of weeks before Aussies received phishing emails and malicious text messages with the aim of extracting personal information from vulnerable consumers.
But, encouragingly, 85% of Aussies said they would be far more proactive about managing their data if it could be traded as a currency.
The good news is that there are ways to secure your online life and minimise the risk of being hacked. Here are my top tips:
Yes, it might take a minute or 2 more, but using multi-factor authentication is an easy way to add an additional layer of security to protect your personal data and information. Commit to using it wherever it is offered!
If you live your life out & about like I do then you’ll be very tempted to use Wi-Fi. Using public Wi-Fi to conduct transactions, particularly financial ones is a big no-no! It takes keen hackers minimal effort to set up a fraudulent wi-fi service which could easily fool a busy person into connecting. Using a Virtual Private Network (or VPN) like McAfee® Safe Connect, is the best way of ensuring everything you share over Wi-Fi is safe and secure.
Browsing the internet with a tool like the McAfee WebAdvisor is a great way of ensuring dangerous malware is blocked if you click on a malicious link in a phishing email. You’ll have real peace of mind knowing you can manage your online life while someone looks out for you!
With 4 kids, 3 pets, 2 jobs – I know I could never get to the bottom of my ‘to-do’ lists without managing the bulk of it online. I often think I should send the internet an e-card at Christmas!! Of course, I understand why corners are cut and precautions are overlooked when we all feel so stretched for time. But just think about how much more time it would take if you were hacked and had to spend hours on the phone to your bank or if you had to reconfigure all your online accounts and social media platforms!!
So, you know what you need to do! Stay safe online everyone!
The post How 2020 Has Shaped The Way We Live Our Lives appeared first on McAfee Blogs.
In the eyes of hackers, scammers, and thieves, your online privacy and identity look like a giant jigsaw puzzle. One that they don’t need every piece to solve. They only need a few bits to do their dirty work, which means protecting every piece you put out there—a sort of holistic view on your personal security. One that protects you, not just your devices.
Here’s what’s at stake: we create and share loads of personal information simply by going about our day online, where each bit of information makes up a piece of that giant jigsaw puzzle. Some pieces directly identify us, like our tax returns, bank account information, or driver’s licenses. Other pieces of information indirectly identify us, like the IP addresses assigned to our computers, tablets, and phones—or device ID numbers, location information, and browsing history. And bad actors only need a few key pieces to do you harm, such as committing identity crime in your name or selling your personal information on sketchy websites or the dark web.
While people show great concern about their personal information, who has it and what’s done with it, our research shows that 70% of people feel like they have little or no control over the data that’s collected about them. However, you have plenty of ways that you can indeed take control—ways that can prevent, detect, and correct attacks on your privacy and identity. That’s where holistic protection comes in.
You can think of holistic protection as layers of shields that protect you and the devices you use. It gives you three layers in all—a Prevention Layer, Detection Layer, and a Correction Layer.
A holistic and comprehensive security solution like McAfee+ combines those three layers in a way that protects your personal information and keep your identity private, showing you how it does it along the way, so you can see exactly how safe you are. Let’s take a quick look of some of the protections you’ll find in each layer …
In the Prevention Layer, you’ll see:
In the Detection Layer, you have …
In the Correction Layer, several other protections have your back …
These are just a few examples of the protections in each layer. And you’ll find our most comprehensive holistic protection in McAfee+ Ultimate, covering your privacy, identity, and devices.
While your online privacy and identity may look a jigsaw puzzle, protecting it shouldn’t be as complicated. With a holistic security solution for your personal protection, you can minimize your exposure with layers of security that do much of the work for you.
Antivirus on your PC is not enough. It has not been enough for many decades now. And this becomes more evident as we continue to spend more time online, with the average person spending 6 hours and 54 minutes online each day, leaving clouds of personal information in their wake.
While standalone apps like a password manager, a VPN app, and an identity solution from different vendors can be piecemealed together with your device security, these are difficult to keep track of and burdensome to maintain.
We have combined the important tools you need into a seamless and comprehensive experience because good security software is something that you use daily to feel safer online. This is why we are working on your behalf to redefine security, so you can enjoy your connected life with confidence.
The post True Security Requires a Holistic Approach appeared first on McAfee Blog.
Over the last 12 months, technology has featured in our lives in a way I don’t think any of us would have predicted. Whether you were in lockdown, choosing to stay home to stay well or quite simply, out of other option – technology saved the day. It helped us work and learn from home, stay connected with friends and family, entertain ourselves, shop and essentially, live our lives.
For many parents, this was a real ‘aha’ moment. A moment when technology went from being an annoying distraction to incredibly critical to the functioning of our day to day lives. Of course, many of us had always considered technology to be useful to help us order groceries and check Facebook but to experience first-hand that technology meant life could go on during a worldwide pandemic was a real game changer.
Whether it was downloading video calling apps like Zoom or Facetime, setting up a Twitter account to get updates from the Health Department, using Google Doc to work collaboratively or experiencing what online gaming really is via a few sessions on the Xbox, 2020 means many parents had to get up to date, real fast! And you know what – that’s a good thing! I’ve had so many parents remark to me that they know finally understand why their kids are so enamoured with technology. There really is nothing like walking in someone’s shoes to experience their world!
I’m a big believer in parents taking the time to truly understand the world in which their kids exist. For years, I’ve advised parents to download and use the apps and games their kids play so they can understand the attraction and complexity of their kids’ digital life. Well, it may have taken a global pandemic, but I am delighted to report that, anecdotally at this stage, more parents are now embracing their kids’ online world.
When we first become enamoured with something, we often enter the ‘honeymoon’ phase. As a married woman of 28 years, this was many years ago for me!! The honeymoon phase is when everything is wonderful and rosy, and negatives are not always considered. And our relationship with technology can be much the same. And I’ve been there – there’s nothing quite so wonderful as discovering a new app or piece of software and almost being joyous at just how transformational it could be for your life. And this often means we gloss over or even ignore the risks because we are in love!!!
So, as Cybermum, I’m here to cheer you on and pat you on the back for embracing and using new apps and software. Yes, I’m very proud! But I also want to share with you just a few steps that you need to take to ensure you are not taking on any unnecessary risks with your new favourite app. Here are my top tips:
1. Passwords
Every app, online account or piece of software needs it own individual password. Yes, I know that it is a real pain, but it is one of the most important things you will do to protect yourself online. I’m a big fan of password managers that not only generate the most incredibly complex passwords for each of your accounts but remember them for you. McAfee’s password manager, True Key, is a free option which has completely helped me manage my 80 plus collection of passwords!! Very grateful!
2. Software Updates
The main purpose of a software update is to protect the user from security threats. Yes, you may also get some new features and possibly have a glitch or 2 removed but it is all about the user’s safety. So, if you don’t update your software, it’s a little like leaving windows open when you go out. And the longer you leave between updates – the more windows you leave open!
So, automate these updates if you can or schedule them in your diary. Why not earmark the first day of the month to check and see what you need to download to protect yourself? And don’t forget about your operating system on your phone or laptop too!
3. Be Wi-Fi Wary
Dodgy wi-fi is where so many people come unstuck. Regardless of what app or software you are using, anything you share via unsecured wi-fi could be intercepted by a hacker. So, if you find yourself using wi-fi regularly, you might want to consider a Virtual Private Network or VPN. A VPN creates an encrypted tunnel so anything you share via Wi-Fi cannot be intercepted. Genius, really! Check out McAfee’s Safe Connect for peace of mind.
So, please keep going! Keep exploring new ways technology can work for you in our new COVID world. But remember to take a break too. There is no doubt that technology has saved the day and has ensure we can all still function but there must be a balance too. So, walk the dog, play a board game or having a cuppa outside. Remember you manage the technology; it doesn’t manage you!
Till next time
Stay safe online.
Alex xx
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, subscribe to our email, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post How 2020 Helped Parents Understand Their Kids’ Digital Lives appeared first on McAfee Blogs.
The number of new viruses grows every day. In fact, McAfee registers an average of 1.1 million new malicious programs and potentially unwanted apps (PUA) each day, which contributes to the millions and millions already in existence. While there is no way to know when or how cyberattacks will occur, it’s clear that antivirus software is one of the best ways to ensure you, and your devices, are safe.
Despite its proven strengths, some long-standing myths question the effectiveness of antivirus. To set the record straight, we’ve debunked five of the most common antivirus software myths, so you can rest assured that you are safely navigating the evolving cyber landscape.
We expect a lot from our devices—faster performance every time the latest model is released. As a result, many are reluctant to install apps or software that may jeopardize device performance, including antivirus software.
Many believe that antivirus software will slow down your devices. However, contrary to popular belief, quality antivirus software can improve device performance by using advanced optimizations. It’s this simple: antivirus software conducts regular system-wide scans to identify and prevent viruses and improve performance without compromising efficacy.
To run these scans, antivirus software requires system resources, which is where this myth originates. If you download or operate more than one antivirus program or download the wrong version for your system, then yes, your device will slow to a crawl. That is why it is essential to install one high-quality antivirus software that meets all your devices’ system requirements. Additionally, best-in-class antivirus software can be set to run during specific hours to avoid delays during the busiest times of your day.
The number of malware strains and potentially unwanted applications (PUA) increases every year. It is understandable why people might think that antivirus software cannot protect against them all.
However, antivirus software can provide extensive protection against the majority of malicious programs. It does so in two ways:
Taken together, a known list of threats paired with the unique capabilities of machine learning, data science, and AI for advanced threat detection enable antivirus software to protect against a wide range of existing and evolving threats.
Can you imagine grading your own driving test? You could omit the dreaded three-point turn and pass with flying colors, but the result wouldn’t be as accurate as that of an unbiased evaluator. This same concept applies to evaluating the efficacy of computer security.
It’s easy for a company to set up a test environment where they highlight all the excellent capabilities of their antivirus software and gloss over its shortcomings. It’s equally as easy for a company to commission a third-party to conduct a custom test painting the company in a good light. However, the results will not be as comprehensive or accurate as those from an independent third-party. Additionally, they also will not provide a comparative analysis with other company offerings to help users draw their own conclusions.
Independent third-party test results offer a more thorough evaluation of antivirus software. They also do a better job at evaluating security features. Furthermore, ISO-certified independent third parties lend transparency and credibility to the techniques used and ensure that evaluations align with industry standards.
There is a common belief that Apple products are protected against viruses because cybercriminals often target Windows and Android operating systems. However, Apple devices are just as vulnerable to viruses as any other computer or smartphone. Regardless of your device or operating system—macOS, iOS, Windows, or Android—if it connects to a network, it’s susceptible to viruses.
Windows and Android have long been the dominant operating systems for computers and smartphones. That’s why macOS and iOS have, up until recently, been the lesser focus for cybercriminals. The problem is that cybercriminals want to spread their viruses to the platforms with the largest customer base which just so happens to be Windows and Android. As Apple products continue to grow in popularity, cybercriminals will continue coming out with more viruses specifically targeting Macs, iPhones, and other iOS devices.
Antivirus software is not a guarantee of protection against all viruses. Some malware can and will slip through. This is where antivirus software’s ability to detect and remove malware comes in. Ours comes with a Virus Protection Pledge, which provides a 100% guarantee we’ll remove viruses on your devices, or we’ll give you your money back, all as part of your automatically renewable subscription.
However, viruses and malware are just one form of attack that hackers and bad actors will wage on their victims. They’ll also make attempts at identity theft or likewise try to invade your privacy—with the intent of stealing passwords, account information, and personal information, which could drain your debit cards, damage your credit, or otherwise impersonate you for their financial gain.
In this way, antivirus is just one form of protection. To truly stay safe as possible online, you need online protection software that looks after your identity and privacy as well. McAfee+ Ultimate offers our most comprehensive coverage, with
It is necessary to bust common myths about antivirus software to protect yourself and your family from cyberthreats. By educating yourself and selecting a best-in-class antivirus software that’s further bolstered by identity and privacy protection, you will be well on your way to implementing an effective protection strategy.
The post Myth-busting Antivirus Software Assumptions appeared first on McAfee Blog.
You flick through some reels and an ad for “a more private phone” crops up. You scroll through your news feed and catch wind of yet another data breach at a major retailer. You see a post from a friend who says their social media account was hacked. Maybe you don’t think about security every day, but when you do, it can feel … overwhelming. We’re here to solve that. We’re here to make security easy.
As security providers, we have to offer protection against a wide variety of threats without adding more complexity to your already busy life. Managing your security should be easy, and even enjoyable.
Enjoyable?
Yes. We want you to have a sense of accomplishment, both knowledge and a feeling that you’re safer than you were before.
With these things in mind, we set out to make your security software work better for you. We streamlined the experience to simplify what you see, while still offering robust protection. After all, true security is the security that you benefit from every day, and it’s up to us as providers to make it smooth and easy as possible.
Our new setup process now includes easier navigation, fewer screens, and clearer action items and alerts. It smoothly moves you through setting up protection across all the ways you interact online and your compatible devices. This way, you know that we’re helping to keep you safe whether you’re messaging, browsing, or shopping and banking online.
Another area where we put a lot of focus is the new home screen. This is your home base, where we clearly show you what your current protection status is in the areas that matter the most to you. This includes making it easier to monitor your personal information and strengthen protections you already use, like passwords.
The home screen is also where you come to perform essential tasks, such as running an antivirus scan. It guides you to take actions when needed, giving you proactive protection, and a clear view of your overall security in one convenient place. From here you can access details on the status of your PC, web, and identity protection.
While we’re always focused on helping you feel confident and protected online, we realize that making our tools easy to use is just as important. The digital security landscape will continue to be a complicated one, with more than a million new and unique threats cropping up each day, but we can and are making security simpler, and therefore, more effective.
With easier setup and protection that turns on automatically at the right moments, we want to make security easier for you so that you can feel safer online. We’ve heard your feedback about how we can improve, and we’ll bring all that goodness in a product that you can use every day.
You’ll find this interface across our McAfee+ family of products, along with continual upgrades and improvements as we roll out more features that will keep you safer online.
The post Let’s Make Security Easy appeared first on McAfee Blog.
Throw open the windows and let in some fresh air. It’s time for spring cleaning.
And that goes for your digital stuff too.
Whether it’s indeed spring where you are or not, you can give your devices, apps, and online accounts a good decluttering. Now’s the time. Cleaning them up can protect your privacy and your identity, because when there’s less lying about, there’s less for hackers to scoop up and exploit.
The reality is that we accumulate plenty of digital clutter that needs cleaning up from time to time. Think about it:
Together, these things take up space on your devices and, in some cases, can open you up to security hazards. Let’s take a look at how you can clean up in a few steps.
1. Review your accounts and delete the ones you don’t use. Look through your bookmarks, your password manager, or the other places where you store your passwords and usernames. Review the sites and services associated with them critically. If you haven’t used an account in some time, log in one last time, remove all personal info, and deactivate it.
Doing so can keep your email address, usernames, and passwords out of unnecessary circulation. Major breaches like this one happen with unfortunate regularity, and the sad thing is that you may not even be aware that a site you’ve used has been hit. Meanwhile, your name, password, and info associated with that account (such as your credit card) are in the hands of hackers. Limit your exposure. Close those old accounts.
2. Get organized, and safer too, with a password manager. While creating strong, unique passwords for each of our accounts is a must nowadays, it can be quite the feat, given all of the accounts in our lives. Here’s where a password manager comes in. It can create those strong, unique passwords for you. Not only that, but it also stores your passwords on secure servers, away from hackers and thieves.
Along those lines, never store your passwords on your computer or device, like a text document or spreadsheet. Should your device ever get compromised, lost, or stolen, having passwords stored on them are like handing over the keys to your digital life.
3. Clean your PC to improve your performance (and your security). Let’s face it, so many of us are so busy with the day-to-day that cleaning up our computers and laptops is way down the list. However, doing so once a month can keep our devices running stronger for longer and even give you that “new computer feeling,” particularly if you haven’t cleaned it up for some time. Check out or guide for improving PC performance. It’ll walk you through some straightforward steps that can make a marked difference.
Moreover, part of this process should entail bolstering your operating system and apps with the latest updates. Such updates can not only improve speed and functionality, but they also often include security upgrades as well that can make you safer in the long run. If your operating system and apps feature automatic updates, enable them, and they’ll do the work for you.
4. Organize and store your photos. Photos. Now there’s a topic all unto itself. Here’s the thing: Estimates show that worldwide we took somewhere around 1.2 trillion photos in 2018. And you certainly have your share.
However, your photos may be just sitting there, taking up storage space on your computer or phone, instead of becoming something special like an album, greeting cards, a wall hanging, or popping them into a digital picture frame for your kitchen or living room. And this is where a little spring cleaning can be a bit of fun. For tips on cleaning up your photos, backing them up, and making something special with them, check out my earlier blog.
5. Delete old apps and the data associated with them. Let’s say you have a couple of apps on your phone for tracking your walks, runs, and exercise. You’ve since stopped using one altogether. Go ahead and delete the old one. But before you do, go in and delete your account associated with the app to ensure that any data stored off your phone, along with your password and user id are deleted as well.
For your computers and laptops, follow the same procedure, recognizing that they also may have account data stored elsewhere other than on your device.
In short, many apps today store information that’s stored and maintained by the app provider. Make sure you close your accounts so that data and information is taken out of circulation as well.
6. Shred your old files and encrypt the important files you’re holding on to. This bit of advice calls for using comprehensive security software on your devices. In addition to protecting you from viruses, malware, and other cyberattacks on your privacy and identity, it can help you protect your sensitive information as well. Such security software can offer:
7. Throwing away old computers and tech—dispose of properly. When it comes time to say goodbye to an old friend, whether that’s a computer, laptop, phone, or tablet, do so in a way that’s friendly to the environment and your security.
Consider this … what’s on that old hard drive of yours? That old computer may contain loads of precious personal and financial info on it. Same thing goes for your tablets and phones. The Federal Trade Commission (FTC) offers some straightforward advice in their article about protecting your data before you get rid of your computer. You don’t want those old tax returns ending up in the trash unprotected.
When it comes time for disposal, you have a few options:
Enjoying the benefits of your work—that’s what spring cleaning is all about, right? With this little list, you can end up with a digital life that’s safer and faster than before.
The post Digital Spring Cleaning: Seven Steps for Faster, Safer Devices appeared first on McAfee Blog.
In a year where people relied on their digital lives more than ever before and a dramatic uptick in attacks quickly followed, McAfee’s protection stood strong.
We’re proud to announce several awards from independent third-party labs, which recognized our products, protection, and the people behind them over the course of last year.
The Cybersecurity Excellence Awards is an annual competition honoring individuals and companies that demonstrate excellence, innovation, and leadership in information security. We were honored with four awards:
Further recognition came by way of three independent labs known for their testing and evaluation of security products. Once more, this garnered several honors:
As the threat landscape continues to evolve, our products do as well. We’re continually updating them with new features and enhancements, which our subscribers receive as part of automatic product updates. So, if you bought your product one or two years ago, know that you’re still getting the latest award-winning protection with your subscription.
We’d like to acknowledge your part in these awards as well. None of this is possible without the trust you place in us and our products. With the changes in our work, lifestyles, and learning that beset millions of us this past year, your protection and your feeling of security remain our top priority.
With that, as always, thank you for selecting us.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, subscribe to our email, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post McAfee Awarded “Cybersecurity Excellence Awards” appeared first on McAfee Blogs.
While we’re enjoying the fruits of digital life—our eBooks, movies, email accounts, social media profiles, eBay stores, photos, online games, and more—there will come a time we should ask ourselves, What happens to all of this good stuff when I die?
Like anything else we own, those things can be passed along through our estates too.
With the explosion of digital media, commerce, and even digital currency too, there’s a very good chance you have thousands of dollars of digital assets in your possession. For example, we can look at research we conducted in 2011 which found that people placed an average value of $37,438 on the digital assets they owned at the time. Now, with the growth of streaming services, digital currency, cloud storage, and more in the past ten years, that figure feels conservative.
Enter the notion of a digital legacy, the way you can catalog and prepare your digital assets for passing through your estate.
Like so many aspects of digital life nowadays, estate planning law has started to catch up to the realities that attorneys, executors, and heirs face when dealing with an estate and its digital assets. In the U.S., new laws are rolling out that address how digital assets are treated when the owner passes away. For example, they give fiduciaries (like an estate executor, trustee, or an agent under a power of attorney) the right to manage a person’s digital assets if they already have the right to manage a person’s tangible assets. Such laws continue to evolve, and they can vary from state to state here in the U.S.
With that in mind, nothing offered in this article is legal advice, nor should it be construed as such. For legal advice, you can and should turn to your estate attorney for counsel on the best approach for you and the laws in your area. However, consider this article as a sort of checklist that can help you with your estate planning.
My hope is that this article will open your eyes to the digital value you have to pass along, both real and sentimental, and help you prepare your estate accordingly for the ones you care about.
The best answer you can get to this question will come from your legal counsel. However, for purposes of discussion, a digital asset is any text or media in digital form that has value and offers the bearer with the right to use it.
To frame it up in everyday terms, let’s look at some real-world examples of digital assets that quickly come to mind. They include but are not limited to:
However, digital assets can readily expand to further include:
And as far as your estate is concerned, you can also consider:
That’s quite the list, and it’s not entirely comprehensive, either.
The process of lining up your digital assets begins just like any other aspect of estate planning, by listing all the digital assets and accounts you own. From there, you can see what you have and what you’d like to distribute—and what you can distribute. In fact, when it comes to digital, there are some things you simply can’t pass along. Let’s take a closer look.
Generally speaking, digital assets that you own can be passed along. “Own” is the operative word here. Many digital things we have are in fact licensed to us, which are not transferrable. More on that next, yet examples of things you can likely transfer include:
Check with your legal counsel to ensure you’re following the letter of the law in your region, and also look into any licensing agreements you may have for items like internet domain names and airline miles that you may hold to determine if they are in fact transferrable.
This is an important topic. As mentioned above, some accounts you hold are simply licensed to you and you alone. Thus, they will not transfer. Two of the biggest examples are social media and email accounts. This can have serious repercussions if you do not leave specific instructions as to how those accounts should be handled after your passing.
For example, do you want your social media profiles to remain online as a memorial or do you want them simply to shut down? Note that different social media platforms have different policies for handling the accounts of users who have passed away. For example, Facebook allows for creating memorialized accounts that allow friends and families to continue sharing memories. Policies vary, so check with your social media platforms of choice for specifics.
Likewise, will your executor need access to your email account to handle affairs of the estate? And what about access to online accounts for paying bills and then ultimately closing those accounts? In all, these are points of discussion to have with an experienced estate attorney who knows the law in your region.
Other things to be aware of are that subscriptions to streaming accounts are likely non-transferrable as well. Often, eBooks and digital publications you own are only licensed to you as the sole owner and can’t be transferred. Again, check the agreements associated with items like these and have a talk with your attorney about them to determine what can and can’t be done with them.
Another aspect of your digital legacy is your voice. If you’re a blogger or a participant in an online community, you may wish for a fiduciary or family member to leave a farewell post. Additionally, in the case of a blog, you may want to set up some means for your work to stay online or get archived in some manner. Again, you can work with your attorney to leave specific instructions as to what should be said and then what should be done with the blog or site in question.
I have a real-life example of why this is so vital. A friend of mine lost the photos of her and her husband because they were kept in an online storage account to which she had no access. And sadly, the company would not grant her access after his passing. This is often the case with many online accounts and services. Legally speaking, while the deceased may have owned the storage account and the media kept within it, the cloud storage company owns the servers on which that media is stored. The potential difficulty here is that the online service provider may view giving your personal representatives access to your account as a breach of their privacy policy or user agreements.
One way you can avoid heartbreak like this is to discuss giving your executor access to your accounts. This can be provided through a list of accounts, usernames, and passwords that are kept in a sealed letter along with your will, along with instructions that outline your wishes. This is important: a will is public record after you pass away. You won’t want info like usernames and passwords getting out there. Again, you can discuss an option such as this with your attorney.
One thing you can do today that can protect your digital assets for the long haul is to use comprehensive security protection. Far more than just antivirus, comprehensive security can store precious and important files securely with encryption, arm all your online accounts with strong passwords, and protect your identity as well. Features like these will help you see to it that your digital legacy is secure.
When I’ve brought up the idea of a digital legacy with friends, a light goes on in their head. “Of course, that makes a lot of sense.” It’s easy to take our digital possessions somewhat for granted, perhaps in a way that we simply don’t with our physical possessions. Yet as you can see, there’s a good chance that you indeed have a digital legacy to pass along. By getting organized now, you can see to it that your wishes are followed, and I hope this checklist helps you get started.
The post Digital Estate Planning – What to Do With Your Digital Assets appeared first on McAfee Blog.
World Password Day isn’t the most popular day on the calendar, but it’s an important reminder that good password hygiene is essential to staying safe online. This World Password Day, we’d like to talk about improving your password hygiene, how you can help your friends and family improve theirs, and what the future of authentication holds.
The SolarWinds hack in 2020 is one of the most devastating hacks in the history of the internet. Close to 20,000 company’s systems were compromised, losing billions of pieces of data in the process. If you’re one of the 37% of Americans that go long periods of time without updating passwords*, large-scale attacks like SolarWinds can be devastating. By stealing so many login credentials simultaneously, attackers can potentially access exponentially more accounts by reusing leaked credentials on different sites. Unfortunately this is not an isolated event, data breaches from websites and services we frequently use continue to happen through 2021 as well.
According to a recent survey we conducted, 34% of Americans have reused the same, or similar, password more than once. By using the same password for multiple accounts, attackers only need to find one password, creating a domino effect that makes it easier to access more accounts. If that password is weak, it becomes even easier to tip over that first domino.
Our guidance is to create strong, hard-to-guess passwords to protect your accounts. We recommend creating a unique password for every online account, using more than 16 characters, with upper and lower case letters, some numbers, and special symbols, to make a stronger than average password. How are you supposed to remember all of those strong passwords, though?
Well, password managers, especially those included in comprehensive security suites like McAfee® Total Protection, do much of the heavy lifting for you. For instance, McAfee’s integrated password manager not only helps you create stronger passwords and store them, but will also autofill your credentials and log you into websites as well. These convenient features extend beyond just your computer and can be used on other devices like your phone and tablet. Best of all, password managers that are an integrated part of a security suite can be monitored, so you’ll be alerted if your passwords get exposed in a data breach.
You’ve already taken a step towards improving your password hygiene by reading this blog post. But the next step is, have an honest look at your passwords. Do you write them down, use the same for many accounts, or use weak ones? Then it may be time for a change to better protect your accounts and the personal info in those accounts.
If you’re like a certain member of my family—that will remain nameless, Mom—who kept their passwords written down in a notepad, making the change to a password manager (McAfee’s, naturally) was a life-changing moment. Not only did it help her see just how often she was using the same login credentials, she now has an easy way to store, auto-fill, and even generate strong passwords across all her accounts and devices. An intended bonus was that she also realized how many accounts she was no longer using!
Now that you know more about what makes a strong password and how to protect them, let’s talk about why strong passwords are just the start of keeping your accounts safe. You’re probably already using Two-Factor Authentication for apps and services, but you may not have heard the term before. Two-Factor Authentication, or 2FA, is the second layer of protection to authenticate or prove you are the owner of this account. If you’ve received a text message or an email to confirm a new account signup, that’s a type of 2FA.
Text messages and email aren’t the only types of 2FA. There are USB keys, apps, and even systems built-in to your phone, like facial recognition to open phone apps, for example. Some popular 2FA options are USB keys and Google Authenticator.
The great thing about 2FA is that it helps make your strong passwords even more effective by stopping an attacker from using stolen credentials. If you fell victim to a phishing attack that looked like your bank’s website, the attacker would have your email and password combination. Without 2FA, they could log into your account and pretend they’re you. With 2FA in place, it becomes much harder for an attacker to access your account because they’re missing that last important piece of information.
Humans are almost always the weakest link when it comes to securing information. But by committing ourselves to better password practices, with help from the latest technology, we can make sure passwords are a strong link in our security chain; one that will only get stronger in the future.
For instance, using a device like a key-fob, new passwordless systems can authenticate a user without entering their login details. Not only does this make logging into your accounts lightning fast, you also never have to remember a complicated password again.
Biometric locks, like FaceID, are another example of passwordless entry. Using your face, or a fingerprint to authenticate yourself makes it much harder for attackers to break into your accounts.
We hope this Password Day post has helped answer some questions about password hygiene and how to take better care of your online accounts. Online security changes from day to day, so staying aware of new technologies and building safe new habits is essential. Perhaps one day this day will no longer need to exist on our calendars, as we look to a future where we might not need passwords at all. While we collectively make strikes towards this future, let’s celebrate this day while it lasts.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, subscribe to our email, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post World Password Day: Make Passwords the Strongest Link in Your Online Security appeared first on McAfee Blogs.
When you open your laptop or your mobile device, what is the first thing you do? Do you head to your favorite social media site to skim the latest news, or do you place your weekly grocery delivery order? No matter what your daily online habits are, even the slightest degree of caution can go a long way in staying secure online.
That’s because hackers are experts at hiding malware in your everyday online routines, or even infiltrating your cookies to steal login information and learn about your personal preferences.
According to a StatsCan Canadian internet use survey, six out of ten internet users reported experiencing a cybersecurity incident. There are many hoops to jump through when navigating the digital landscape. By taking the necessary steps to remedy vulnerabilities in your digital activity, you can dramatically improve your online protection.
Cybercriminals take advantage of online users through routine avenues you would not expect. Here are three common ways that cybercriminals eavesdrop on online users.
Adware, or advertising-supported software, generates ads in the user interface of a person’s device. Adware is most often used to generate revenue for the developer by targeting unsuspecting online users with personalized ads paid by third parties. These third parties usually pay per view, click, or application installation.
Though not always malicious, adware crosses into dangerous territory when it is downloaded without a user’s consent and has nefarious intent. In this case, the adware becomes known as a potentially unwanted application (PUA) that can remain undetected on users’ devices for long periods of time. According to a report by the Cybersecure Policy Exchange, an unintentionally installed or downloaded computer virus or piece of malware is one of the top five cybercrimes that Canadians experience. The PUA can then create issues like frequent crashes and slow performance.
Users unknowingly download adware onto their device when they download a free ad-supported program or visit a non-secure site that does not use the Hypertext Transfer Protocol Secure (HTTPS) to encrypt online communication.
Hackers also use invasive tactics known as ad injections, where they inject ads with malicious code for increased monetary gain. This is a practice known as “malvertising.” If a user clicks on a seemingly legitimate and well-placed ad, they risk exposing themselves to numerous online threats. These ads can be infected with malware such as viruses or spyware. For example, hackers can exploit browser vulnerabilities to download malware, steal information about the device system, and gain control over its operations. Hackers can also use malvertising to run fraudulent tech support scams, steal cookie data, or sell information to third-party ad networks.
Another vulnerability that many may not realize is their browser’s built-in autofill functions. As tempting as it is to use your browser’s autofill function to populate a long form, this shortcut may not be safe. Cybercriminals have found ways to capture credentials by inserting fake login boxes onto a web page that users cannot see. So, when you accept the option to autofill your username and password, you are also populating these fake boxes.
Take a proactive approach to your digital protection the next time you are browsing the internet by reassessing your online habits. Check out these five tips to ensure you are staying as safe as possible online.
Cookie data can contain anything from login information to credit card numbers. Cybercriminals looking to exploit this information can hijack browser sessions to pose as legitimate users and steal cookies as they travel across networks and servers. As a result, it is essential for online users to regularly clear out their cookies to better protect their information from falling into the wrong hands. Navigate to your browser’s history, where you can wipe the data associated with each browser session, including your cookies.
Clearing your browser’s cookie data will also remove your saved logins, which is why leveraging a password manager can make it easier to access regularly visited online accounts.
Many browsers come with a built-in password generator and manager; however, it is better to entrust your logins and password to a reputable password manager. Browser password managers are not as secure as password managers, because anyone who has access to your device will also access your online information. A password manager, provides a more secure solution since it requires you to log in with a separate master password. A password manager also works across various browsers and can generate stronger passwords than those created by your browser.
In addition to clearing cookie data, users should adjust their browser settings to ensure their online sessions remain private.
Another option is to access the internet in Private Browsing Mode to automatically block third-party tracking, making it a quick and easy option to ensure private browsing. Users can also enable the “do not track” function of their browser to prevent third-party tracking by advertisers and websites. Additionally, you can adjust your browser settings to block pop-up ads and control site permissions, such as access to cameras and locations.
Ad blockers suppress unwanted and potentially malicious ads to ensure a safer browsing experience. Ad blockers can also make it easier to view page layout by removing distracting ads and optimizing page load speed. Additionally, they prevent websites from tracking your information that third parties can sell.
Deploying a security solution like McAfee+ Ultimate ensures the safest internet browsing experience through a holistic approach for threat detection, protection, and remediation. Equipped with a password manager, antivirus software, and firewall protection, users can effectively sidestep online threats while browsing the internet. Moreover, it includes comprehensive privacy and identity protection, such as our Personal Data Cleanup, dark web monitoring, credit monitoring, along with ways you can quickly Lock or freeze your credit file to help prevent accounts from being opened in your name.
Your online behavior can say a lot about you so make sure you safeguard your internet protection. Whether it is through malvertising or invisible forms, hackers can glean information to paint a picture of who you are to target you through deceptive tactics. Cybercriminals are always looking for vulnerabilities which is why assessing your online habits sooner rather than later is a critical first step to smarter online browsing.
The post 5 Ways to Protect Your Online Privacy appeared first on McAfee Blog.
Cybersecurity is often used as a blanket term to address online safety. Cybersecurity can refer to the software used to protect your devices, but it can also refer to the processes you put in place to protect yourself from online threats. Whether you’re implementing best practices, building awareness of security threats, or installing security software, taking a holistic approach to online security is crucial to remain secure and protected at all times.
Here are three tips for a holistic online security approach.
Efficient online protection ultimately begins with you, the end-user, and the steps you take to secure your devices.
The first step to ensure your device is secure is never to leave it unattended. Whether you’re at the grocery store or at home, always keep an eye on your devices. All it takes is a few minutes for someone to steal them or for kids to click on a malicious link while your attention is diverted. Make sure you have a contingency plan in case your device is compromised. For example, if someone steals your device, wipe the information on the device remotely. Revert it to the factory setting, so the thief can’t access your personal information. Regularly back up your data in the event of a lost or compromised device to ensure you retain important documents.
In some instances, you can also recover deleted files at any time given the right tools. Regularly shred unwanted documents for the files that you want permanently deleted. Install security measures across all devices and your networks to protect your data and privacy. Always lock your device before stepping away and layer your device security with multi-factor authentication to ensure you are the only one who can access your sensitive information.
Passwords are the gateway to your device and play just as critical a role in securing your personal information. Follow password best practices to prevent cybercriminals or mischievous children from infiltrating files and data. Use long and complex passwords and never reuse them across accounts. You can also use a password manager to keep track of your passwords in one centralized and secure location.
Strengthen your protection strategy by layering your physical device security with an enhanced awareness of relevant threats. Start by first taking a step back to assess your online persona. In other words, who are you? Are you a college student or a remote working parent who teleconferences frequently? Do you own an iOS device? Understand what your online devices and habits say about you as a person, as this will affect why and how cybercriminals target you.
For example, if you frequently teleconference for work or medical visits, you need to be aware of the teleconferencing risks of remote work or telehealth. Remote workers and telehealth patients face threats such as phishing emails or disrupted video conference calls. As a result, users must know the importance of using a video conferencing tool with end-to-end encryption and not sharing sensitive information through chat features.
Once you know the risks you face as an online user, consider the specific daily best practices for online safety. One good habit includes regularly updating your devices and software. Updating laptops, mobile devices, and routers ensure that existing bugs are fixed and security flaws are patched. Devices not equipped with the latest software are vulnerable to hackers.
Additionally, many cybercriminals will use social media to identify victims and target them through social engineering tactics. For example, they will send phishing emails to steal personal information and sell it on the dark web or hold it for ransom. Once you know what to look for, phishing emails are easy to spot. From there, you can send malicious messages straight to your trash folder and sidestep the threats that lie within. Check your privacy settings to control who can view your posts and ensure you receive notifications about suspicious activity on your account. Don’t respond to unknown messages and think twice before revealing sensitive information online. Practice better awareness by keeping up with new viruses and vulnerabilities. Use monitoring tools to check if your email or phone number is released in a recent data breach. Keep an eye on your financial accounts and consider freezing your credit to prevent hackers from taking out loans and opening new accounts in your name. Read reports such as McAfee Labs Threats Report and stay informed through credible news sources to stay one step ahead of the latest threats.
Also, stay aware of online fraud tactics since they are a significant risk for many Canadians. According to a CPA Canada Fraud Study conducted in January, almost three in four of those surveyed have received fraudulent requests including email and telemarketing requests. Evade online fraud by screening for unknown calls and steering clear of unsecured websites asking for sensitive information such as personal identification numbers and bank information.
The final component of a holistic security strategy involves implementing a complete security suite, such as McAfee Total Protection, across all your devices. Leveraging software security tools is one of the best ways to protect your devices and personal information from online threats. This software takes a multi-layered approach to security to prevent virus infection, detect vulnerabilities and minimize the risk of viruses.
For example, tools like a VPN and antivirus software take a preventive approach to online security. A VPN encrypts your data, so even if someone were to get their hands on your information, they would not be able to make much sense of it. Antivirus software guards against malware and monitors online traffic and activities for malware.
Detection and correction capabilities are also crucial to a well-rounded security suite. Identity theft protection is a critical part of this solution to ensure the integrity of your credit, as well as your court and criminal records, remain intact. Report missing ID cards and conduct a background if you suspect someone is impersonating you. The right security solution will be able to monitor your accounts and notify you when it detects unusual activity. It will also be able to guide you through the remediation process to restore your privacy and identity.
Effective cybersecurity requires a multifaceted approach to create a holistic security strategy. This approach should integrate layered protection starting with your devices, expanding to your threat awareness, and ending with the software tools you leverage to enhance your digital security. With a strategic framework in place, you can rest assured knowing that you are well equipped to handle whatever malicious threat comes your way.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, subscribe to our newsletter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post 3 Tips to a Holistic Online Security Approach appeared first on McAfee Blogs.
Today’s technology allows you to complete various tasks at the touch of a button wherever you go. As a result, you place trust in online services that make everyday chores more convenient without second-guessing their effects. One such service is online banking. More Canadians are doing their banking virtually with over 76% using online or mobile devices. Despite the extensive measures that banks take to strengthen their online security, no system is fail-safe. It is extremely important to practice proper security habits and be on the lookout for online fraud to ensure the safety of your financial information.
According to the Canadian Bankers Association (CBA), banks in Canada use sophisticated technology and layers of security to help protect customers from fraud when doing their banking online or using a mobile banking app. Although online banking is generally safe, it does provide cybercriminals with a potentially lucrative opportunity. Some scammers turn to phishing techniques to trick people into handing over their sensitive personal information. They call, text, or email you claiming to be a representative from your bank and state that they noticed some unusual activity related to your account. The imposters then ask you to click on a link in the email or text message to verify your credentials. Unfortunately, this “verification link” is actually a phishing link, and cybercriminals can use the password or credit card details to walk right into your account.
Once cybercriminals gain access to your password and username, they may then move on to credential stuffing. Credential stuffing occurs when an attacker inserts the username and password for one account into the login page of another online service. This tactic capitalizes on the fact that many people reuse the same username and password across multiple accounts.
Hackers also use phishing to spread malware onto the devices you use to access online banking services. These suspicious emails and text messages disguised as notifications from your bank could contain malicious links or attachments that trick you into downloading malware on your device. Furthermore, attackers mimic banking and money transfer institutions to collect your credentials and access your sensitive information.
The convenience of paying bills and depositing checks without running to the bank or post office is undeniable. Everyone is always rushing about, so if you’re now doing these things online securing your online privacy is not a responsibility to speed through.
It’s important that you put your privacy first when using online and mobile banking platforms so you can use these convenient services without jeopardizing your financial accounts. Follow these tips to enhance your online banking security:
Review your bank’s terms and conditions to understand your responsibilities as the account owner and the responsibilities of your bank. Check your accounts regularly for transactions you didn’t make and contact your financial provider as soon as you find an error. Most banks have policies that reimburse you for unauthorized purchases if someone uses your credit card without your permission.
Look at the recommendations provided by your bank, for example, CIBC recommends using longer passwords for your bank account that include a combination of uppercase, lowercase, numbers, and special characters. Additionally, do not reuse this password across your other accounts. If a hacker guesses your password for one of your online accounts, it’s likely that they will check for repeat credentials across multiple sites. By using different passwords or passphrases, you can feel secure knowing that the majority of your data is secure if one of your accounts becomes vulnerable. If you’re worried about forgetting your passwords, subscribe to a password management tool that will remember them for you.
Always opt-in for two- or multi-factor authentication if your financial institution offers it. This is a method of signing in that requires not only a username and password but also a one-time code that is sent by text or email. This extra layer of verification makes it much harder for a criminal to access your sensitive accounts.
From splitting the check when eating out with friends to dividing the cost of bills, third-party mobile payment apps are an incredibly easy way to share money. Before downloading these apps, do your research. Ensure that the company behind the app or the app itself hasn’t undergone any major security incidents and that they have a history of patching bugs immediately. If you decide to download a mobile payment app, set your account to private and limit the amount of data you share. Additionally, look for the lock icon in your web browser when logging in to online banking platforms. A closed lock or padlock indicates that the website you’re on is secure.
Phishing scammers often undo their own plans by making simple mistakes that are easy to spot once you know how to recognize them. These mistakes include spelling or grammar errors throughout the email or text message, using a company’s logo with the incorrect aspect ratio or low resolution, and using a URL with typos. For example, phishers may swap an “o” with a zero, or end the address with “.con” instead of “.com.” If you receive a message with any of these characteristics, do not click on any of the links and delete it immediately.
Never conduct your banking business on a public or unsecured wi-fi network. Connect to a virtual private network (VPN), which allows you to send and receive data while encrypting your information. When your data traffic is scrambled, it’s shielded from prying eyes, which protects your network and the devices connected to it.
While online banking adds a wealth of convenience to your lives, it’s important that you remain invested in your security first and foremost. Cybercriminals often take advantage of your reliance on digital platforms to disguise themselves as bank representatives and trick you into handing over your personal data. To remain secure while online banking, practice good cybersecurity hygiene by using strong, unique passwords, multi-factor authentication, and stay vigilant while looking for signs of phishing. These tips will help elevate your financial security so you can virtually bank with peace of mind.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, subscribe to our newsletter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Elevate Your Financial Security: How to Safely Bank Online appeared first on McAfee Blogs.
Personal devices and the information they carry are incredibly valuable to their owners. It is only natural to want to protect your device like a royal family fortifying a medieval castle. Unlike medieval castles that depended upon layers and layers of protection (moats, drawbridges, spiky gates, etc.), personal devices thrive on just one defense: a devoted guard called antivirus software.
Increasing your personal device’s security detail with more than one guard, or antivirus software is actually less effective than using a single, comprehensive option. Microsoft operating systems recognize the detriment of running two antivirus software programs simultaneously for real-time protection. Microsoft Windows automatically unregisters additional programs so they do not compete against each other. In theory, if you have a Microsoft device, you could run on-demand or scheduled scans from two different antivirus products without the operating system disabling one of them. But why invest in multiple software where one will do?
If you do not have a Microsoft device, here is what could happen to your device if you run more than one antivirus program at a time, and why you should consider investing in only one top-notch product.
Antivirus programs want to impress you. Each wants to be the one to catch a virus and present you with the culprit, like a cat with a mouse. When antivirus software captures a virus, it locks it in a secure place to neutralize it. If you have two programs running simultaneously, they could engage in a tussle over who gets to scan, report, and remove the virus. This added activity could cause your computer to crash or use up your device’s memory.
Antivirus software quietly monitors and collects information about how your system runs, which is similar to how viruses operate. One software could mark the other as suspicious because real-time protection software is lurking in the background. So, while one antivirus program is busy blowing the whistle on the other, malicious code could quietly slip by.
Additionally, users could be buried under a barrage of red flag notifications about each software reporting the other as suspicious. Some users become so distracted by the onslaught of notifications that they deactivate both programs or ignore notifications altogether, leaving the device vulnerable to real threats.
Running one antivirus software does not drain your battery, and it can actually make your device faster. However, two antivirus programs will not double your operating speed. In fact, it will make it run much slower and drain your battery in the process. With two programs running real-time protection constantly in the background, device performance is extremely compromised.
There is no reason to invest in two antivirus programs when one solid software will more than do the trick to protect your device. Here are some best practices to get the most out of your antivirus software:
One habit you should adopt is backing up your files regularly. You never know when malware could hit and corrupt your data. Add it to your weekly routine to sync with the cloud and back up your most important files to an external hard drive.
Whenever your software prompts you to install an update, do it! New cyber threats are evolving every day, and the best way to protect against them is to allow your software to stay as up-to-date as possible.
Always read your antivirus results reports. These reports let you know the suspicious suspects your software was busy rounding up. It will give you a good idea of the threats your devices face and perhaps the schemes that you unknowingly fell into, such as clicking on a link in a phishing email. This information can also help you improve your online safety habits.
Everyone needs strong antivirus. Yet antivirus alone isn’t enough to beat back today’s threats. Hackers, scammers, and thieves rely on far more tricks than viruses and malware to wage their attacks, and data breaches slip billions of personal and financial records into the hands of bad actors. You’ll want to pair antivirus with further protection that covers your privacy and identity as well.
For example the antivirus included with McAfee+ Ultimate can secure an unlimited number of household devices. Yet it offers far more than antivirus alone with our most comprehensive protection for your privacy, identity, and devices. The full list of features is long, yet you’ll get credit monitoring, dark web monitoring, removal of personal information from risky data broker sites, along with identity theft protection and restoration from a licensed expert if the unexpected happens. In all, it offers a single solution for antivirus, and far more that can protect you from the broad range of threats out there today.
The post Less Is More: Why One Antivirus Software Is All You Need appeared first on McAfee Blog.
To enjoy online life to the fullest these days, we often have to give out a certain amount of personal information. That also means the moment you go online you’re giving personal data away. Whether it’s your phone, a game console, or a connected speaker, someone, somewhere, is monitoring your connection. Knowing what data your device sends, and who has access to that information, is an important part of maintaining your online privacy. However, without the right tools, you’re probably giving away a lot more information than you realize. Many believe that one effective way to maintain online privacy is by using a private mode on a browser.
However, it’s a common misconception that “private browsing” modes–like Google’s Incognito–protect your online privacy. It makes sense, they’re called “private browsing”, what else would they do? Well, if you’ve read the news lately, you may have seen that Google is in a $5 billion lawsuit specifically because of their private browsing mode.
The thing is, incognito mode is often misunderstood. When you open an incognito window, you’re told that “You’ve gone incognito.” The explanation underneath says that your browsing history, website visits, cookies, and information you put in forms, won’t be saved. This is where the confusion starts. What the incognito explanation doesn’t tell you is that your browsing information isn’t blocked or hidden from advertisers while in incognito mode. So even though your browsing information “won’t be saved” on your device or available after you close the window, that doesn’t stop the internet from seeing everything you’ve been up to while in that session.
For these reasons, more people use virtual private networks, or VPNs, to protect their browsing history from prying eyes. If you’re new to VPN, this might be the perfect time to learn about what they are, how they work and why you might choose a VPN over private browsing.
VPN protects your devices by wrapping your internet connection in a secure tunnel that only you can access. This stops people —like those nosey advertisers—from seeing what sites you visit. With a secure connection to the Internet, every search request, every website you browse, is hidden from sight. It’s important to point out that VPN doesn’t make you anonymous; they make it so only you can see what you’re doing online. You can learn even more about VPN in this blog.
Without private browsing, your browser tells websites–and their owners–all kinds of things about you like what device you’re using, where you are, what sites you’ve visited, and when. Websites use this information to serve you relevant ads, but it can also be used to track your location and browsing habits.
With private browsing, your browser window is isolated from the rest of your operating system. Isolating the browser is supposed to help block websites from seeing who you are, block cookies and prevent access to your browsing history, but even when using private browsing, tests like EFF’s Panopticlick privacy test can see what device you’re on, where you’re connecting, if you can accept cookies, your OS, and many other types personally-identifying information.
We wouldn’t recommend using incognito mode instead of a VPN, ever. However, Incognito mode has its place in your online security toolkit, as long as you don’t think of it as a replacement for other types of protection. For instance, if you share a device with other people, like family members, then you might want to use incognito mode to make sure your partner doesn’t accidentally find out how much you spent on their surprise birthday gift. But, if you’re concerned with advertisers tracking you and watching what you do online, then you should consider also using a VPN to protect your privacy.
If you’re already a McAfee Total Protection subscriber, you have access to unlimited VPN usage. Protect your personal information, like your banking information and credit cards, from prying eyes with McAfee Total Protection’s Secure VPN. If you haven’t already signed up, now’s the perfect time. McAfee Total Protection provides security for all your devices, giving you peace of mind while you shop, bank, and browse online.
The post Private browsing vs VPN – Which one is more private? appeared first on McAfee Blog.
There are more online users now than ever before, thanks to the availability of network-capable devices and online services. The internet population in Canada is the highest it has been, topping the charts at 33 million. That number is only expected to increase through the upcoming years. However, this growing number and continued adoption of online services pose increasing cybersecurity risks as cybercriminals take advantage of more online users and exploit vulnerabilities in online infrastructure. This is why we need AI-backed software to provide advanced protection for online users.
The nature of these online threats is ever-changing, making it difficult for legacy threat detection systems to monitor threat behavior and detect new malicious code. Fortunately, threat detection systems such as McAfee’s Antivirus and Threat Detection Defense adapt to incorporate the latest threat intelligence and artificial intelligence (AI) driven behavioral analysis. Here’s how AI impacts cybersecurity to go beyond traditional methods to protect online users.
Most of today’s antivirus and threat detection software leverages behavioral heuristic-based detection based on machine learning models to detect known malicious behavior. Traditional methods rely on data analytics to detect known threat signatures or footprints with incredible accuracy. However, these conventional methods do not account for new malicious code, otherwise known as zero-day malware, for which there is no known information available. AI is mission-critical to cybersecurity since it enables security software and providers to take a more intelligent approach to virus and malware detection. Unlike AI–backed software, traditional methods rely solely on signature-based software and data analytics.
Similar to human-like reasoning, machine learning models follow a three-stage process to gather input, process it, and generate an output in the form of threat leads. Threat detection software can gather information from threat intelligence to understand known malware using these models. It then processes this data, stores it, and uses it to draw inferences and make decisions and predictions. Behavioral heuristic-based detection leverages multiple facets of machine learning, one of which is deep learning.
Deep learning employs neural networks to emulate the function of neurons in the human brain. This architecture uses validation algorithms for crosschecking data and complex mathematical equations, which applies an “if this, then that” approach to reasoning. It looks at what occurred in the past and analyzes current and predictive data to reach a conclusion. As the numerous layers in this framework process more data, the more accurate the prediction becomes.
Many antivirus and detection systems also use ensemble learning. This process takes a layered approach by applying multiple learning models to create one that is more robust and comprehensive. Ensemble learning can boost detection performance with fewer errors for a more accurate conclusion.
Additionally, today’s detection software leverages supervised learning techniques by taking a “learn by example” approach. This process strives to develop an algorithm by understanding the relationship between a given input and the desired output.
Machine learning is only a piece of an effective antivirus and threat detection framework. A proper framework combines new data types with machine learning and cognitive reasoning to develop a highly advanced analytical framework. This framework will allow for advanced threat detection, prevention, and remediation.
Online threats are increasing at a staggering pace. McAfee Labs observed an average of 588 malware threats per minute. These risks exist and are often exacerbated for several reasons, one of which is the complexity and connectivity of today’s world. Threat detection analysts are unable to detect new malware manually due to their high volume. However, AI can identify and categorize new malware based on malicious behavior before they get a chance to affect online users. AI–enabled software can also detect mutated malware that attempts to avoid detection by legacy antivirus systems.
Today, there are more interconnected devices and online usage ingrained into people’s everyday lives. However, the growing number of digital devices creates a broader attack surface. In other words, hackers will have a higher chance of infiltrating a device and those connected to it.
Additionally, mobile usage is putting online users at significant risk. Over 85% of the Canadian population owns a smartphone. Hackers are noticing the rising number of mobile users and are rapidly taking advantage of the fact to target users with mobile-specific malware.
The increased online connectivity through various devices also means that more information is being stored and processed online. Nowadays, more people are placing their data and privacy in the hands of corporations that have a critical responsibility to safeguard their users’ data. The fact of the matter is that not all companies can guarantee the safeguards required to uphold this promise, ultimately resulting in data and privacy breaches.
In response to these risks and the rising sophistication of the online landscape, security companies combine AI, threat intelligence, and data science to analyze and resolve new and complex cyber threats. AI-backed threat protection identifies and learns about new malware using machine learning models. This enables AI-backed antivirus software to protect online users more efficiently and reliably than ever before.
AI addresses numerous challenges posed by increasing malware complexity and volume, making it critical for online security and privacy protection. Here are the top 3 ways AI enhances cybersecurity to better protect online users.
The most significant difference between traditional signature-based threat detection methods and advanced AI-backed methods is the capability to detect zero-day malware. Functioning exclusively from either of these two methods will not result in an adequate level of protection. However, combining them results in a greater probability of detecting more threats with higher precision. Each method will ultimately play on the other’s strengths for a maximum level of protection.
AI enables threat detection software to think like a hacker. It can help software identify vulnerabilities that cybercriminals would typically exploit and flag them to the user. It also enables threat detection software to better pinpoint weaknesses in user devices before a threat has even occurred, unlike conventional methods. AI-backed security advances past traditional methods to better predict what a hacker would consider a vulnerability.
AI can help users understand the risks they face daily. An advanced threat detection software backed by AI can provide a more prescriptive solution to identifying risks and how to handle them. A better explanation results in a better understanding of the issue. As a result, users are more aware of how to mitigate the incident or vulnerability in the future.
AI and machine learning are only a piece of an effective threat detection framework. A proper threat detection framework combines new data types with the latest machine learning capabilities to develop a highly advanced analytical framework. This framework will allow for better threat cyber threat detection, prevention, and remediation.
The post The What, Why, and How of AI and Threat Detection appeared first on McAfee Blogs.
Over the past year, you may have seen the term ransomware popping up frequently. There’s good reason for that as ransomware is responsible for 21% of all cyberattacks, according to a new report. For enterprising hackers, this tactic has become standard operating procedure because it’s effective and organizations are willing to pay. But what does that mean for you and living a confident life online? Fortunately, there are a number of things individuals can do to avoid ransomware. But first, let’s start with the basics.
Ransomware is malware that employs encryption to hold a victim’s information at ransom. The hacker uses it to encrypt a user or organization’s critical data so that they cannot access files, databases, or applications. A ransom is then demanded to provide access. It is a growing threat, generating billions of dollars in payments to cybercriminals and inflicting significant damage and expenses for businesses and governmental organizations.
McAfee Labs counted a 60% increase in attacks from Q4 2019 to Q1 2020 in the United States alone. Unfortunately, the attacks targeting organizations also impact the consumers who buy from them, as the company’s data consists of its customers’ personal and financial information. That means your data if you’ve done business with the affected company. Fortunately, there are many ways you can protect yourself from ransomware attacks.
When a company is hit with a ransomware attack, they typically are quick to report the incident, even though a full analysis of what was affected and how extensive the breach may have been may take much longer. Once they have the necessary details they may reach out to their customers via email, through updates on their site, social media, or even the press to report what customer data may be at risk. Paying attention to official communications through these various channels is the best way to know if you’ve been affected by a ransomware attack.
The top ransomware infection vectors – a fancy term for the way you get ransomware on your device – are phishing and vulnerability exploits. Of these two, phishing is responsible for a full 41% of ransomware infections. Ironically, this is good news, because phishing is something we can learn to spot and avoid by educating ourselves about how scammers work. Before we get into specific tips, know that phishing can take the form of many types of communications including emails, texts, and voicemails. Also know that scammers are convincingly imitating some of the biggest brands in the world to get you to surrender your credentials or install malware on your device. With that in mind, here are several tips to avoid getting phished.
If you receive an email, call, or text asking you to download software or pay a certain amount of money, don’t click on anything or take any direct action from the message. Instead, go straight to the organization’s website. This will prevent you from downloading malicious content from phishing links or forking over money unnecessarily.
If someone sends you a message with a link, hover over the link without clicking on it. This will allow you to see a link preview. If the URL looks suspicious, don’t interact with it and delete the message altogether.
Instead of clicking on a link in an email or text message, it’s always best to check directly with the source to verify an offer, request, or link.
McAfee offers the free McAfee WebAdvisor, which can help identify malicious websites and suspect links that may be associated with phishing schemes.
If you do get ransomware, the story isn’t over. Below are 8 remediation tips that can help get your data back, along with your peace of mind.
If you get ransomware, you’ll want to immediately disconnect any infected devices from your networks to prevent the spread of it. This means you’ll be locked out of your files by ransomware and be unable to move the infected files. Therefore, it’s crucial that you always have backup copies of them, preferably in the cloud and on an external hard drive. This way, if you do get a ransomware infection, you can wipe your computer or device free and reinstall your files from backup. Backups protect your data, and you won’t be tempted to reward the malware authors by paying a ransom. Backups won’t prevent ransomware, but they can mitigate the risks.
If you discover that a data leak or a ransomware attack has compromised a company you’ve interacted with, act immediately and change your passwords for all your accounts. And while you’re at it, go the extra mile and create passwords that are seriously hard to crack with this next tip.
When updating your credentials, you should always ensure that your password is strong and unique. Many users utilize the same password or variations of it across all their accounts. Therefore, be sure to diversify your passcodes to ensure hackers cannot obtain access to all your accounts at once, should one password be compromised. You can also employ a password manager to keep track of your credentials and generate secure login keys.
Two or multi-factor authentication provides an extra layer of security, as it requires multiple forms of verification. For instance, you’ll be asked to verify your identity through another device, such as a phone. This reduces the risk of successful impersonation by hackers.
Be careful where you click. Don’t respond to emails and text messages from people you don’t know, and only download applications from trusted sources. This is important since malware authors often use social engineering to get you to install dangerous files. Using a security extension on your web browser is one way to browse more safely.
Avoid using public Wi-Fi networks, since many of them are not secure, and cybercriminals can snoop on your internet usage. Instead, consider installing a VPN, which provides you with a secure connection to the internet no matter where you go.
While it is often large organizations that fall prey to ransomware attacks, you can also be targeted by a ransomware campaign. If this happens, don’t pay the ransom. Although you may feel that this is the only way to get your encrypted files back, there is no guarantee that the ransomware developers will send a decryption tool once they receive the payment. Paying the ransom also contributes to the development of more ransomware families, so it’s best to hold off on making any payments. Thankfully there are free resources devoted to helping you like McAfee’s No More Ransomware initiative McAfee, along with other organizations, created www.nomoreransom.org/ to educate the public about ransomware and, more importantly, to provide decryption tools to help people recover files that have been locked by ransomware. On the site you’ll find decryption tools for many types of ransomware, including the Shade ransomware.
Adding an extra layer of security with a solution such as McAfee® Total Protection, which includes Ransom Guard, can help protect your devices from these cyber threats. In addition, make sure you update your devices’ software (including security software!) early and often, as patches for flaws are typically included in each update. Comprehensive security solutions also include many of the tools we mentioned above and are simply the easiest way to ensure digital wellness online.
The post 8 Tips for Staying Safe from Ransomware Attacks appeared first on McAfee Blog.
In 2018, Macs accounted for 10% of all active personal computers. Since then, popularity has skyrocketed. In the first quarter of 2021, Macs experienced 115% growth when compared to Q1 2020, putting Apple in fourth place in the global PC market share. It is safe to say that Macs are well-loved and trusted devices by a significant portion of the population — but just how safe are they from a security perspective?
Many users have historically believed that Macs are untouchable by hackers, giving Apple devices a reputation for being more “secure” than other PCs. However, recent attacks show that this is not the case. According to TechCrunch, a new malware called XCSSET was recently found exploiting a vulnerability that allowed it to access parts of macOS, including the microphone, webcam, and screen recorder — all without consent from the user.
Let’s dive deeper into how XCSSET works.
Researchers first discovered XCSSET in 2020. The malware targeted Apple developers and the projects they use to build and code apps. By targeting app development projects, hackers infiltrated apps early in their production, causing developers to unknowingly distribute the malware to their users.
Once the malware is running on a user’s device, it uses multiple zero-day attacks to alter the machine and spy on the user. These attacks allow the hacker to:
While macOS is supposed to ask users for permission before allowing any app to record the screen, access the microphone or webcam, or open the user’s storage, XCSSET can bypass all of these permissions. This allows the malware to sneak in under the radar and inject malicious code into legitimate apps that commonly ask for screen-sharing permissions such as Zoom, WhatsApp, and Slack. By disguising itself among these legitimate apps, XCSSET inherits their permissions across the computer and avoids getting flagged by macOS’s built-in security defenses. As a result, the bug could allow hackers to access the victim’s microphone, webcam, or capture their keystrokes for login credentials or credit card information.
It is unclear how many devices were affected by XCSSET. Regardless, it is crucial for consumers to understand that Mac’s historical security reputation does not replace the need for users to take online safety precautions. The following tips can help macOS users protect themselves from malware:
Software developers are continuously working to identify and address security issues. Frequently updating your devices’ operating systems, browsers, and apps is the easiest way to have the latest fixes and security protections. For example, Apple confirmed that it addressed the bug exploited by XCSSET in macOS 11.4, which was made available on May 24th, 2021.
Hackers often use phishing emails or text messages as a means to distribute malware by disguising their malicious code in links and attachments. Do not open suspicious or irrelevant messages, as this can result in malware infection. If the message claims to be from a business or someone you know, reach out to the source directly instead of responding to the message. This will allow you to confirm the sender’s legitimacy.
Use a solution like McAfee Total Protection, which can help protect devices against malware, phishing attacks, and other threats. It also includes McAfee WebAdvisor — a tool to help identify malicious websites.
Regardless of whether you are Team PC or Team Mac, it is important to realize that both platforms are susceptible to cyberthreats that are constantly changing. Doing your research on prevalent threats and software bugs puts you in a better position to protect your online safety.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, subscribe to our newsletter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Apple Users: This macOS Malware Could Be Spying on You appeared first on McAfee Blogs.
What do Burger King and the popular “Doge” meme have in common? They both have cryptocurrencies named after their likeliness. WhopperCoin and Dogecoin are just two examples of the thousands of types of cryptocurrencies that have caught users’ attention over the past few years. Cryptocurrencies are digital tokens generated by a computer after solving complex mathematical functions. These functions are used to verify the authenticity of a ledger, or blockchain.
Bitcoin is the most popular cryptocurrency today, increasing its value by almost 300% in 2020. Today, almost 46 million Americans own at least one share of Bitcoin, illustrating how these cryptocurrencies are the future of tomorrow’s digital payment system — or are they? The same benefits that make them a popular choice with online users have also made them popular amongst online thieves, sparking a wave of ransomware attacks and other cyberattacks more recently. This begs the question: do the benefits of Bitcoin outweigh the risks?
Every rose has its thorn, and several Bitcoin benefits seem to be hitched to online security risks. Here are some cryptocurrency characteristics that may seem appealing to users, but also provide cybercriminals with an opportunity to exploit:
As previously mentioned, cryptocurrency exchanges take place on an online public ledger, or blockchain, to secure online transactions. This means that anybody can observe the exchange online. However, the parties making the transactions are anonymous, disguised with a random number. Bitcoin users can make purchases that are never associated with their identity, similar to a cash transaction.
While the purchase discretion provided by Bitcoin may be appealing to users who want to remain private, this characteristic could also aid cybercriminals in malicious activity. Due to the anonymity of Bitcoin transactions, there is no way for someone to associate a person with a certain cryptocurrency wallet. Furthermore, a user could have multiple wallets, allowing them to spread their currency from one address to another.
For a cybercriminal looking to target an individual with ransomware, the purchase discretion and anonymity of Bitcoin provide a favorable solution. In fact, Bitcoin accounts for approximately 98% of ransomware payments today. Say a hacker carries out a ransomware attack and demands that the user pay a large sum in Bitcoin. If the user completes the payment, the hacker can keep moving the currency from one anonymous account to another. That makes it very difficult — though not impossible — to trace if the individual decides to investigate the case and tries to get their money back.
Another characteristic that Bitcoin users find appealing is the autonomy offered by digital currencies. In theory, they allow users more autonomy over their own money than government-regulated currencies do. With Bitcoin, users can control how they spend their money without dealing with an intermediary authority like a bank or government.
This lack of intermediary authority also opens a door for hackers to exploit. Say a user decides that they want to manage their finances using Bitcoin to bypass banking fees and send money to friends and family in different parts of the world. As previously mentioned, a Bitcoin user is assigned an anonymous private key that acts as their security credential. This key is generated and maintained by the user instead of a third-party agency. But what happens if the key isn’t random enough? An attacker could steal the user’s private key, and they will not be able to recover it since the Bitcoin blockchain is not dependent on any centralized third-party institutions. Therefore, it will be very difficult to track the attacker’s behaviors and recover lost funds.
It is safe to say that Bitcoin has caused a lot of buzz. But do the benefits outweigh the risks? Due to the nature of Bitcoin and most other public blockchains, anyone in the world can perform transactions or cryptographic computations — including cybercriminals. That’s why it is crucial for current cryptocurrency users and those considering cryptocurrency investment to do their research and know what vulnerabilities lie within the world of Bitcoin.
Follow these tips to help protect yourself from common threats that leverage cryptocurrency:
With blockchain, cryptocurrency, and any new and emerging technology, make sure you always remain a bit skeptical. Do your homework before you embrace the technology — research your options and make note of any known security issues and what you can do to mitigate known risks.
If a hacker does target you with ransomware demanding Bitcoin payment, it’s best not to pay the ransom. Although you may feel in the moment that this is the only way to get your encrypted files back, there is no guarantee that the ransomware developers will send a decryption tool once they receive the payment. Paying the ransom also contributes to the development of more ransomware families, so it is best to hold off on making any payments. Furthermore, a recent study found that 80% of businesses that choose to pay a ransom experience a subsequent ransomware attack. While it may feel like your only option in the moment, paying a ransom could show attackers that you’re willing to make the payment, therefore positioning you as an ideal target for yet another attack.
If you are targeted with ransomware, it’s crucial that you always have backup copies of your files, preferably in the cloud and on an external hard drive. This way, if you do get a ransomware infection, you can wipe your computer or device and reinstall your files from the backup. Backups protect your data, and you won’t be tempted to reward the hackers by paying a ransom. Backups won’t prevent ransomware, but they can mitigate the risks.
Large organizations often fall prey to ransomware attacks, so take necessary precautions if a company you’ve interacted with becomes compromised from a data leak or a ransomware attack. Immediately change your passwords for all your accounts, ensuring they are strong and unique. You can also employ a password manager to keep track of your credentials and generate secure login keys.
Add an extra layer of security with a solution such as McAfee® Total Protection, which includes Ransom Guard, to help protect your devices from these cyberthreats and ensure your digital wellness online.
The emergence of Bitcoin has indeed facilitated a wave of cybercrime that was previously difficult to perceive. In this new age of digital payments, blockchain, and cryptocurrencies, make sure that you do your research and stay vigilant when it comes to protecting your online safety. Remember: Bitcoin worth will continue to fluctuate, but your personal security will always remain invaluable.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, subscribe to our newsletter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Do the Benefits of Bitcoin Outweigh the Risks? appeared first on McAfee Blogs.
Every day you place your personal information in the hands of companies and trust that it will remain safe. However, what happens when external threats jeopardize your personal data security, especially while working remotely?
The transition to remote work environments and consumers’ online habits have made it more difficult for Canadian employees and consumers to protect their personal information. This challenge is primarily due to ransomware. To protect yourself, you need to first understand how cybercriminals take advantage of users’ online behaviors to launch strategic attacks against employees and consumers through the information they glean from stolen company data.
Ransomware has been on the rise this past year with attacks increasing 62% in 2020 according to Statista. In fact, 78% of Canadian cybersecurity professionals said that attacks increased due to employees working remotely in a recent VMware report. Cybercriminals target remote workers primarily through malicious links sent through phishing emails — in fact, over one third of Canadian respondents in a recent survey said they experienced at least one phishing attempt in the last year.
Hackers pose as legitimate organizations and prompt individuals to take action: say you decide to check your personal email on your work laptop during your lunch break. You open a message that claims to be from one of your favorite retailers claiming that you just won $500 in shopping credit – all you need to do is click on the link and fill out your banking information. This is an example of a phishing attack that could not only wreak havoc on your personal security, but your company’s as well. If the link in the message downloads a credential-stealing malware on your work laptop, there is a good chance that your organization’s private data or network could be compromised.
Knowing that many employees will be communicating virtually instead of face-to-face, hackers can take advantage of the remote work environment by posing as employees from finance departments and sending fake invoices for products or services. The goal of these fake invoices is for employees to call a support phone number to investigate, whereby hackers attain credit card numbers or other information they can leverage in spear-phishing scams. Hackers can also spoof phone calls to make it look like it is coming from a legitimate number within the organization. Revealing too much information to an unverified contact is a risk that remote workers must learn to identify and avoid.
Ransomware is always evolving, making it critical to understand the nature of these threats so you can better avoid them.
Cybercriminals are constantly finding new ways to automate their attacks and increase their profits. Here is a look at five active ransomware variants cybercriminals use today—and how they deploy them.
By the end of 2020, McAfee Labs observed a 69% increase in new ransomware, which Cryptodefense largely drove. This virus is similar to CryptoLocker, a trojan virus that spreads through email phishing to infiltrate hard drives and files. Both spread ransomware, use high levels of encryption to compromise users’ files, and claim that these files cannot be decrypted without a decryption key.
Maze ransomware has been active since November of 2019 and is operated by hackers notorious for leaking victim data upon non-payment. Maze operators first gain access to a network by using valid credentials. It will then scan the network for user devices, check these devices for additional credentials, and compromise user files.
In a Ransomware Task Force interview with an affiliate of the REvil/Sodinokibi syndicate, the interviewee revealed that companies with cyber insurance are prime targets since the chances of a payout are high. This ransomware spreads through software vulnerabilities, phishing scams, and exploit kits. Once it infiltrates a device, it spreads through escalated privilege to compromise user files and systems.
Ryuk has been around since August of 2018 and targets large companies, critical infrastructure, and hospitals. This ransomware is almost always spread through a banking trojan called Trickbot, used by hackers to steal financial and banking credentials. The operators behind this ransomware demand higher ransoms compared to other groups. They also use opensource tools and manual hacking techniques to bypass detection and infiltrate private networks.
The operators behind SamSam ransomware gain access through Windows servers using a Microsoft protocol that allows remote connections to other computers. Operators will then elevate their privilege to include admin rights once inside a network to infect servers with malware, requiring no action or authorization on the victim’s part.
Ransomware can affect anyone, regardless of whether you are an employee or a customer of a targeted company. Keep these tips in mind to reduce your risk of a ransomware attack and know what steps to take if you fall victim.
Phishing emails are one of the most common methods a hacker will use to infect devices and spread ransomware. They will send links through seemingly legitimate emails to trick users into clicking on them and downloading malicious files. Knowing how to spot one is the first step to prevent infection. If you receive an email you suspect is a phishing scam, start by analyzing its structure: common indicators of a phishing scam may include:
Once you identify a phishing email, don’t click on any links or download attachments. Simply delete it and carry on with your day.
Keep in mind that the cybercriminals behind Maze ransomware gained access to private networks through valid credentials. Hackers typically obtain these credentials through a “password spray” technique where they attempt to log in to accounts using a list of commonly used passwords. However, hackers have a higher chance of guessing valid passwords if they are too short or not complex enough. Additionally, a hacker is more likely to infiltrate multiple accounts if they share the same password.
Strong passwords help ensure that a hacker cannot access your private network, gain administrative rights to your device, or infect another device you are connected to. Create a password that is strong enough to withstand simple guess-and-check attempts by making them long, difficult, and unique. Multi-phrased passwords or passphrases also help to prevent hackers from breaking into your accounts, such as “P3anutbutter&J3lly.” Avoid reusing passwords across multiple accounts and change them periodically, especially after an account has been breached. Even if a hacker does steal your credentials, multi-factor authentication adds an extra validation layer to prohibit unauthorized sign-in attempts.
Your device is more susceptible to ransomware and viruses without the right security tools to help mitigate the chances of infection. Avoid the risk of a ransomware attack by employing a quality security solution like McAfee Total Protection. A holistic security solution can help you stay vigilant of cyber threats by monitoring for ransomware viruses in addition to malware and spyware. Security software can also monitor your internet connection and network traffic through regular scans to flag malicious activity and provide guidance on how to sidestep these threats. If a hacker attempts to launch an attack on your device, you can rest assured your security software will promptly alert you of the intrusion.
In addition to social engineering tactics, hackers will leverage vulnerabilities in software to create a back door through which they can infiltrate user devices. A way to keep cyber criminals out is to keep your software applications and devices up to date. This includes the apps on your mobile device as well as apps on your desktop. Regular updates ensure that the proper security patches are implemented, the right bugs are fixed and that hackers cannot exploit these vulnerabilities.
If worse comes to worst and your device is infected with ransomware, the first thing to do is isolate the device and disconnect from shared networks. Disconnecting the infected device ensures that ransomware cannot spread to other devices on that same network.
Immediately gather evidence on what type of malware you are dealing with so you can accurately report it to authorities and determine what your options are for remediation. You can then choose to remove it or wipe your system completely which is the most assured way to eliminate ransomware from your device. Afterwards you can reinstall your operating system and, provided you perform regular backups, restore your files to a previous version.
No one is truly out of the danger zone when hackers strike. Ransomware is on the rise, and online users must understand how to bypass these viruses to avoid the ramifications of a compromised device. By understanding online security best practices, users can safeguard their online presence and defend against ransomware threats.
To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, subscribe to our newsletter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post 5 Ransomware Threats Canadians Need to Know appeared first on McAfee Blogs.
Across the country, Canadians are moving out of cities in droves to stretch their legs and call a larger plot of land home. For those embracing the work-from-home lifestyle, they no longer need to live near metro-area offices in expensive shoebox apartments and condos. According to Statistics Canada, 50,000 people moved out of Toronto and nearly 25,000 people migrated from Montréal to suburban areas from July 2019 to July 2020.
The increased demand for suburban housing is making the Canadian real estate market a mad dash for limited supply. Additionally, some families who are out of work are struggling to keep their homes and are resorting to unsafe measures to keep a roof over their heads.
Leave it to scammers and identity thieves to pounce on a vulnerable situation. Scammers and identity thieves are increasingly taking advantage of unsuspecting homeowners, and in some cases, selling homes without the rightful owners even realizing it.
Be on the lookout for these three Canadian real estate scams.
Foreclosure occurs when a homeowner can no longer afford to pay their mortgage, so the lending institution takes over homeownership with the right to sell it. When homeowners are facing the prospect of having to move out, they may seek dubious loans to help them bridge the gap. Loan fraud is when a scammer pretends to extend a gracious loan. In exchange for the loan, the scammer may ask for the title of the home. With the title in hand, the thief may stop sending loan payments to the homeowner and instead resell or remortgage the property.
Not being able to make mortgage payments is a desperate situation, which causes struggling homeowners to make dramatic decisions. Before agreeing to any type of loan, homeowners must ask themselves if the terms of the loan are too good to be true. In cases of fake loans, they often advertise an incredibly low-interest rate. It is best to trust your financial matters to accredited institutions.
Title fraud is when someone steals the title of the home, usually by impersonating the homeowner. Once they have the title, the thief may attempt to sell the home or apply for a mortgage against it. In March 2021, the Times Colonist reported that a thief impersonated a British Columbian homeowner in order to transfer the home’s title to someone else’s name. Then, the thief tried to sell the home behind the rightful homeowner’s back. It was only when a neighbor alerted the real homeowner about the for-sale sign that they realized that their home could have been sold without their permission.
The best way to defend against title fraud is to keep your personal information as private as possible. Title fraud is closely related to identity theft, and fraudsters may gain access to your personal information through phishing methods. Phishing is a tactic where cybercriminals trick people into giving up personal details, including full names, birthdays, and financial information. Statistics Canada calculates that 34% of Canadians have experienced a phishing attempt since the beginning of the pandemic. This statistic emphasizes the importance of constant vigilance concerning your most sensitive personal information.
Mortgage fraud is a term that can apply to untruthful lenders who attempt to swindle cash from unsuspecting buyers or pitch mortgage terms that fall outside of the buyer’s means. The Financial Services Commission of Ontario lists several warning signs of mortgage fraud. For example, lenders who do not have your best interests in mind may ask for cash fees and upfront payments.
Again, it is best to only trust accredited financial institutions with your mortgages and loans. Research the institution before signing any contract. If the mortgage terms are too good to be true, it probably is. There are several online mortgage calculators that can give you an idea of the type of mortgage you can afford. Before entering any talks with a lender, conduct some research beforehand so you can spot unreasonable terms.
Also, an unscrupulous lender may try to hurry you along but also take a long time responding to your calls and emails. If you feel pressured or unsure at any point, remember that there are plenty of fish in the sea. Ask your friends or family for lender recommendations to make sure that you are not tricked into mortgage fraud, the consequences of which could follow you for years.
The post 3 Canadian Real Estate Scams You Should Know About appeared first on McAfee Blogs.
I’m about to tell you an extraordinary fact about cybercrime. Some of the most significant data breaches in internet history weren’t after bank account numbers, cryptocurrency, or even credit card numbers. They were, in fact, after YOU. That’s right, the most valuable data on the internet is the data that comprises your identity. Let’s take a look at what that data is, how it gets leveraged by cybercriminals, and how you can get the online identity monitoring you deserve.
1 billion is a big number. In the case of a recent CVS database leak, that’s how many user records were accidentally released online, including details like email addresses and even searches about Covid vaccines. This is just one of the dozens of breaches that have occurred recently and will continue to happen as personally, identifiable information becomes more valuable to cybercriminals. Just as remarkable as the huge volume of user data being exposed online is the speed with which compromised data is used by hackers online. Cybersecurity researchers recently discovered that cybercriminals access leaked or stolen credentials within 12 hours to exploit them as soon as possible. These circumstances beg the question, why has your personally identifiable information has become so valuable lately?
While the value of some information, like a credit card number, is obvious, you may think your name and date of birth aren’t that big of a deal. After all, it wasn’t so long ago that you could find all that information in a phone book. In fact, personally identifiable information (PII), also known as data used to identify a specific individual, is what many data breaches are after.
Armed with just a mailing address, a phone number, and a date of birth, a cybercriminal can begin constructing a fake identity to take out loans and disguise many kinds of criminal activities. With a social security number and a few personal details from a social media account, they could take over a bank account. When it comes to your PII, any information is as good as gold to cybercriminals.
If our PII were treated like actual gold and held in a safe location like Fort Knox, I wouldn’t be writing this post. But in fact, it’s the currency we use to obtain many services in our connected lives. Social media sites are massive repositories of PII, and their access to our most personal details and the ability to sell it to marketers is the reason the service remains free. Free email services are the same. Now consider all the other accounts we may have created to, say, try out a streaming service for free, or even old accounts we no longer use. From that perspective, you can see how much of your data is being used by companies, may not be very well protected, and is a tempting target for cybercriminals. Fortunately, there are many things you can do to keep your identity safer online.
When it comes to protecting your PII, knowledge is power. Let’s start by identifying if you’ve been the target of a data breach. Here are a few tell-tale signs:
Okay, now that you know the signs of a data breach, let’s look at how you can take action to protect yourself. The best way to avoid being the victim of identity theft is by limiting the amount of PII you provide. There are some easy ways to do this.
Only a few types of organizations legitimately need your social security number. These include employers or when contracting with a business, group health insurance, financial and real estate transactions, applying for credit cards, car loans, and so forth.
Quizzes, social media games, and other kinds of interactive clickbait are often grifting pieces of your PII in a seemingly playful way. While you’re not giving up your SSN, you may be giving up things like your birthday, your pet’s name, your first car … things that people often use to compose their passwords or use as answers to common security questions on banking and financial sites.
A phishing email poses as a real email from known or trusted brands and financial institutions. These emails attempt to trick you into sharing important information like your logins, account numbers, credit card numbers, and so on under the guise of providing customer service. Here are some more ways to spot a phishing email.
Clearly, we’re in a new era when it comes to securing our identities online. In response, McAfee has created a new kind of identity monitoring.
We knew from the outset Identity monitoring had to be proactive, holistic, and accessible. We also wanted it to follow the timeline for how cybercrime actually affects your identity. When it comes to PII, the breach is just the first step for cybercriminals. The 10 months following a breach is when cybercriminals will use your PII to commit fraudulent acts using your data.
To address this, your identity monitoring looks after more personally identifiable information than other leading competitors. It will also alert you of stolen personal info an average of 10 months ahead of other monitoring services. And it’s accessible anywhere via mobile app, browser, and the web.
In practice, McAfee’s identity monitoring protects all your online accounts by doing the following:
As we spend more of our lives online, we need an approach to security that reflects this new reality. Identity monitoring is part of it. VPN is part of it. Antivirus is part of it. They are all pieces of a puzzle that we solve with products like McAfee Total Protection. Our premier security service is comprehensive, affordable, and, with identity monitoring, an indispensable part of your life online.
The post Identity Protection Service: The Best Solution to a Growing Problem appeared first on McAfee Blog.
Among the many major shifts in lifestyle during the COVID-19 pandemic, the way we used healthcare was one of the most significant. Providers limited in-person visits, elective procedures were delayed, and we avoided hospitals. In response, we went online and started using telehealth and other virtual solutions in ways we never had before.
Our latest consumer mindset survey confirms this was more than a passing trend, showing an almost 50% rise since the beginning of the pandemic in the use of PCs and Mobile devices to access health information, meet virtually with health care providers, and manage prescriptions. Survey respondents also showed they adapted by increasing their usage of smart fitness devices, like Fitbits, to track their personal health.
Navigating the healthcare system and accessing more of our services through the web means more of our personal information is now online. From patient intake forms to test results, a great deal of data about our health, including confidential information like vaccination records, is potentially available. Survey respondents confirmed that they shared and accessed their personal health information across the internet, despite 1/3 or more of respondents having concerns for their privacy and security of their personal information.
This trend hasn’t gone unnoticed by cybercriminals. In fact, the US Department of Health and Human Services is currently investigating nearly 800 health-related data breaches impacting nearly 60 million individuals. All of which is to say that telehealth advances may help us avoid sitting in a doctor’s office, but we need to be more mindful about our security when using these new online services.
Despite the adoption of many telehealth and online health services, security was still a concern for many of our survey respondents. A majority said the primary reason they do not use smart devices for their personal health was because of privacy and security concerns. Fortunately, just as there is preventive medicine, there are also preventive cybersecurity measures we can take to keep our personal data safer online. Here are a few we recommend:
The shift to managing our health online comes with a few safety considerations, but by following the steps above, we can enjoy convenience and access to a healthier life online and off.
The post How to Make Telehealth Safer for a More Convenient Life Online appeared first on McAfee Blogs.
People in their 20s and 30s are losing it online. And by it, I mean money—thanks to digital identity theft.
In its simplest form, your digital identity is made up of a whole host of things that can be traced back to you and who you are. That can range anywhere from photos you post online to online shopping accounts, email accounts to telephone numbers, and bank accounts to your tax ID.
In this way, your digital identity is like dozens upon dozens of puzzle pieces made up of different accounts, ID numbers, and so forth. When put together, they create a picture of you. And that’s why those little puzzle pieces of your identity are such attractive targets for hackers. If they get the right combination of them, you can end up a victim of theft or fraud.
Here’s what’s happening: people in their 20s and 30s were twice as likely than people 40 and over to report losing money while shopping online. That’s according to recent figures from the U.S. Federal Trade Commission (FTC), which also found that people in their 20s to 30s are far more likely to report losing money to fraud. What’s more, they’re also 77% more likely than older people to lose it by way of an email scam.
And it’s no surprise younger adults get targeted this way. They’re far more likely than any other age group to use mobile apps for peer-to-peer payments, transfer money between accounts, deposit checks, and pay bills. In short, there’s a lot of money flowing through the palms of their hands thanks to their phones, as well as their computers.
Protecting yourself from hackers and fraud means protecting your digital identity. And that can feel like a pretty huge task given all the information your digital identity includes. It can be done, though, especially if you think about your identity like a puzzle. A piece here, another piece there, can complete the picture (or complete it just enough) to give a hacker what they need to separate you from your money. Thus, the way to stay safe is to keep those puzzle pieces out of other people’s hands.
It’s actually not that tough. With a few new habits and a couple of apps to help you out, you can protect yourself from the headaches and flat-out pain of fraud. Here’s a list of straightforward things that you can get started on right away:
1. Start with the basics—security software
Protect yourself by protecting your stuff. Installing and using security software on your computers and phones can prevent all kinds of attacks and make you safer while you surf, bank, and shop online. I should emphasize it again—protect your phone. Only about half of people protect their phones even though they use it to hail rides, order food, send money to friends, and more. Going unprotected on your phone means you’re sending all that money on the internet in a way that’s far, far less safe than if you use online protection.
2. Create strong passwords
You hear this one all the time and for good reason—strong, unique passwords offer one of your best defenses against hackers. Never re-use them (or slight alterations of them) across the different platforms and services you use. Don’t forget to update them on the regular (that means at least every 60 days)! While that sounds like a lot of work, a password manager can keep on top of it all for you. And if your platform or service offers the use of two-factor authentication, definitely make use of that. It’s a further layer of security that makes hacking tougher for crooks.
3. Keep up to date with your updates
Updates have a way of popping up on our phones and computers nearly every day, resist the urge to put them off until later. Aside from making improvements, updates often include important security fixes. So, when you get an alert for your operating system or app on your devices, go ahead and update. Think of it as adding another line of defense from hackers who are looking to exploit old flaws in your apps.
4. Think twice when you share
Social media is one place hackers go to harvest personal information because people sometimes have a way of sharing more than they should. With info like your birthday, the name of your first school, your mother’s maiden name, or even the make of your first car, they can answer common security questions that could hack into your accounts. Crank up the privacy settings on your accounts so only friends and family can see your posts—and realize the best defense here is not to post any possibly sensitive info in the first place. Also, steer clear of those “quizzes” that sometimes pop up in your social feeds. Those are other ways that hackers try to gain bits of info that can put your identity at risk.
5. Shred it
Even though so many of us have gone paperless with our bills, identity theft by digging through the trash, or “dumpster diving,” is still a thing. Things like medical bills, tax documents, and checks still might make their way to your mailbox. You’ll want to dispose of them properly when you’re through with them. First, invest in paper shredder. Once you’ve online deposited that check or paid that odd bill, shred it so that any personal or account info on there can’t be read (and can be recycled securely). Second, if you’re heading out of town for a bit, have a friend collect your mail or have the post office put a temporary hold on your mail. That’ll prevent thieves from lifting personal info right from your mailbox while you’re away.
6. Check your credit
Even if you don’t think there’s a problem, go ahead and check your credit. The thing is, someone could be charging things against your name without you even knowing it. Depending on where you live, different credit reporting agencies keep tabs on people’s credit. In the U.S., the big ones are Equifax, Experian, and TransUnion. Also in the U.S., the Fair Credit Reporting Act (FCRA) requires these agencies to provide you with a free credit check at least once every 12 months. Canada, the UK, and other nations likewise offer ways to get a free credit report. Run down your options—you may be surprised by what you find.
As I just mentioned, the quickest way to get sense of what’s happening with your identity is to check your credit. Identity theft goes beyond money. Crooks will steal identities to rent apartments, access medical services, and even get jobs. Things like that can show up on a credit report, such as when an unknown address shows up in a list of your current and former residences or when a company you’ve never worked for shows up as an employer. If you spot anything strange, track it down right away. Many businesses have fraud departments with procedures in place that can help you clear your name if you find a charge or service wrongfully billed under your name.
Other signs are far more obvious. You may find collection agencies calling or even see tax notices appearing in your mailbox (yikes). Clearly, cases like those are telltale signs that something is really wrong. In that case, report it right away:
Likewise, many nations offer similar government services. A quick search will point you in the right direction.
Another step you can take is to ask each credit bureau to freeze your credit, which prevents crooks from using your personal information to open new lines of credit or accounts in your name. Fraud alerts offer another line of protection for you as well, and you can learn more about fraud alerts here.
With so many bits and pieces of information making up your digital identity, a broader way of keeping it safe involves asking yourself a question: what could happen if someone got their hands on this info? Further realizing that even little snippets of unsecured info can lead to fraud or theft in your name helps—even that un-shredded bill or innocuous refund check for a couple of bucks could give a crook the puzzle piece they need. You can keep your digital identity safe by keeping those pieces of info out of other people’s hands.
The post Guide: Protecting Your Digital Identity appeared first on McAfee Blog.
How many rooms in your home contain a smart device? From Peloton bikes to showerheads with Bluetooth speakers, smart home technology is rapidly making its way into every room in every household. In fact, the number of smart households (those that contain smart home technology) in the U.S. is expected to grow to 77.05 million by 2025. But with new technology comes new challenges.
Many product designers rush to get their smart devices to market, treating security as an afterthought and consequentially creating an easy access point for criminals to exploit. Once a hacker taps in to a user’s home network, they could potentially gain access to all the devices connected to the network. And many consumers, amazed by the appliances’ efficiency, are unaware of the risks of interconnectivity. So, how can families prevent criminals from taking peeks into their home?
Let’s take a tour through an average smart home and uncover the security implications of the various devices in each room.
Believe it or not, the security risks of a smart home often apply before you even step foot inside the house. Approximately 21 million U.S. homes have professionally monitored security systems. However, these systems are not immune to hacks. One popular security camera system experienced a series of intrusions where hackers were able to communicate with residents, making inappropriate comments, taunting children, and even demanding a ransom payment for the hacker to leave the system. Some users of another security camera system experienced similar intrusions, with hackers playing vulgar music and cranking the homeowners’ heat up to 90 degrees.
Security cameras are just the beginning. Users control mowers, smart sprinklers, and other outdoor devices remotely with smartphone apps. Although they are meant to make consumers’ lives more convenient, outdoor devices with embedded computers could be at the greatest risk of attack, according to professor of computer science and cybersecurity expert, Dr. Zahid Anwar.
Outdoor devices like garage door openers, wireless doorbells, and smart sprinklers are more vulnerable because they may be easily accessible to someone driving down the street with a computer or other Wi-Fi transmitter. Outdoor smart devices can be used as entry points, allowing hackers to access the entire smart home network. To prevent a stranger from spying on your network, it’s important to check how these products store your data. If the device’s system stores your personal information and is connected to the main home network, there is a possibility that a breach of one device on the network could reveal your data to a hacker.
Once you step foot into a smart home, you’ll likely find a variety of devices adopted by residents for added convenience, including smart TVs, Wi-Fi routers, smart speakers, thermostats, lightbulbs, and personal home assistants — the list goes on! But the fact that these devices are connected to the internet opens the door for cybercriminals to make themselves at home. For example, the FBI issued warnings about the risks of smart TVs, noting that hackers could potentially gain access to an unsecured television and take control by changing channels, adjusting volume levels, and even showing inappropriate content to children.
Additionally, a recent study outlined multiple privacy concerns with a popular virtual assistant, ranging from misleading privacy policies to allowing third parties to change the code of their programs after receiving approval from the device’s parent company. Anupam Das, assistant professor of computer science at North Carolina State University, stated that third party software developers created many of the applications consumers interact with while using the virtual assistant. However, Das and their fellow researchers identified several flaws in the current vetting process that could allow those third parties to gain access to users’ personal information. The virtual assistant’s parent company does not verify the developer responsible for publishing the third-party program, so a cybercriminal could easily register under the name of a trusted developer and create a program that spreads malicious code. For these reasons, it is critical that consumers stay informed on potentially vulnerable entry points left open by device manufacturers so they can take action to better protect their smart home technology and their personal privacy.
Today, it is not so weird to talk to your refrigerator (well, maybe a little). Smart appliances are quickly making their way into consumers’ kitchens. You can control your blender or Instant Pot from your phone and use voice activation with various appliances, further blurring the lines between the physical and the digital. And while smart kitchen appliances empower you to do things like controlling your air fryer from an app and use voice activation to brew your coffee in the morning, living like a Jetson does come with potential security risks. In 2019, McAfee researchers discovered a vulnerability within a Mr. Coffee brand coffee maker that could allow a hacker to access the user’s home network. To prevent criminals from brewing up trouble in your home, ensure that you take measures to secure each of your devices and keep criminals from spying on your network.
For many people, the bedroom is more than just the place where they sleep at night — it is a relaxing sanctuary where they can unwind. It is no wonder that many people have adopted various gadgets to turn their sanctuaries into high-tech hubs for relaxation. Take a smart bed, for example. These mattresses incorporate biometric sensors to help you snooze better, and they connect to a smartphone app that tracks your sleep trends and health metrics. While this technology may provide insight on how you can sleep better, it is important to realize that these devices are collecting data and sending it back to the manufacturer. Often, consumers do not stop to research what specific data is being collected and how it is being used, placing a lot of trust in the device manufacturer to safeguard their private information. But what happens if the company suffers a data breach or ransomware attack? There is a chance that your data might fall into the hands of a hacker. To better protect your online security, understand that enjoying the convenience of connected IoT requires an assessment of where your information is being stored.
There is no denying that IoT devices have upped the convenience of tech users’ lives everywhere. But with these technological rewards comes added risk — cybersecurity risk, that is. The more connected devices you have in your home, the more opportunities criminals have to infiltrate your network and reach other data-rich devices. This can potentially put your private and financial information at risk, not to mention your privacy.
As our reliance on IoT and smart home technology grows, so will the need for users to step up their cybersecurity practices. Follow these tips to help protect your personal data and privacy while still enjoying all that your smart home gadgets have to offer:
1. Secure your Wi-Fi network
Out of the box, most Wi-Fi routers are either not secured or use a default password such as “admin,” making it easy for hackers to poke around and access devices that are connected to your router. To prevent cybercriminals from snooping on your network and the gadgets that are attached to it, secure your Wi-Fi network with a strong password.
A password or passphrase that is long, complex, and unique will discourage attempts to break into your accounts. Try creating a string that is at least 12 characters long, contains a combination of uppercase letters, lowercase letters, symbols, and numbers, and that is unique to each account.
Do your research before investing in a smart device. Ask yourself if the gadget is from a reputable manufacturer. Has the company had previous data breaches, or do they have an excellent reputation for providing secure products? Also, take note of the information your IoT device collects, how vendors use this information and what they release to other users or third parties.
Above all, understand what control you have over your privacy and information usage. It is a good sign if an IoT device allows you to opt-out of having your information collected or lets you access and delete the data it does collect.
In addition to the password/username combo, multi-factor authentication requires that users confirm a collection of things to verify their identity — usually something they have, and a factor unique to their physical being — such as a retina or fingerprint scan. This can prevent a cybercriminal from using credential-stuffing tactics (where they will use email and password combinations to hack into online profiles) to access your network or account if your login details were ever exposed during a data breach.
Stay on top of software updates from your device manufacturer. Available updates are not always advertised, so visit the manufacturer’s website regularly. Additionally, make sure to update mobile apps that pair with your IoT device. Adjust your settings to turn on automatic software updates, so you always have the latest security patches.
Your router is the central hub that connects all the devices in your home, so make sure that it’s secure. After you change the default password and name of your router, ensure that your network name does not give away your address, so hackers can’t locate it. Then check that your router is using an encryption method, like WPA2, which will keep your communications secure.
Additionally, consider setting up a “guest network” for your IoT devices. This is a second network on your router that allows you to keep your computers and smartphones separate from IoT devices. So, if a device is compromised, a hacker still cannot get all the valuable information that is saved on your computers. Check your router’s manual for instructions on how to set up a guest network.
You do not need to go it alone — employ the help of a security solution like McAfee Secure Home Platform, which provides smart security for your home network. By automatically protecting your connected devices through the router, you can feel confident that you have a solid line of defense against online threats.
McAfee Total Protection also includes a robust password management system that creates and saves strong passwords across all your accounts in one centralized location. It also includes home network security to protect your firewall and block hackers from accessing your home network. McAfee Total Protection includes a home network map that allows you to easily identify trusted devices on your network and flag potential intruders.
Recognize that every Wi-Fi connection, every Bluetooth connection, and every connection you make using a wireless connection is subject to hacking. This will help you better understand the risks associated with your smart home devices, and therefore will help you be more equipped to combat them. Remember: a secure home is the smartest home you can have!
The post How to Secure Your Smart Home: A Step-by-Step Guide appeared first on McAfee Blogs.
There’s a lot of misinformation about Virtual Private Networks, what they do, and the security benefits they offer. For this article, I’d like to do some myth-busting about how a VPN actually works and why you should use one.
A VPN is an app that you install on your device to help keep your personal data safe as you browse the internet
You may have heard that VPN apps live on your device and allow you to connect to the internet securely. What that means is, when you turn your VPN app on, your device makes a secure connection to a specialized computer that routes internet traffic, called a VPN server. You also may have heard that your connection is “wrapped in an encrypted tunnel” which means your device and the server share a secure connection so only you can see what you’re doing on the internet.
Every internet connection (like your cable modem) is assigned a unique set of numbers called an IP address, which is tied to information such as geographic location, ISP, etc. A VPN replaces your actual IP address to make it look like you’ve connected to the internet from a different location: the physical location of the VPN server, rather than your real location. This is just one reason why so many people use VPNs. This can be handy when you want to hide from advertising trackers or protect your search history.
To change your IP address, you simply open your VPN app, select the server location you’d like to connect to, and you’re done. You’re now browsing with a new IP address. If you’d like to make sure your IP has changed, open up a browser and search for “What’s my IP address” and click on one of the results.
When to use a VPN really depends on what you want it for. For example, 39% of users understand public Wi-Fi is unsafe but still do sensitive things, like banking or shopping on public WiFi, so using a VPN when you’re at the airport, or a café is a great use case.
As I mentioned before, a lot of people use a VPN for privacy reasons, like stopping advertisers from tracking them. Searches you perform, or websites you visit won’t be trackable, which means you’ll be able to surprise your spouse with a vacation you researched and planned on a computer you both use. Targeted ads could spoil things if your spouse is bombarded with ads for plane tickets and hotels while they browse.
A VPN protects your search history through the secure connection you share. When you search for a website, or type a URL into your navigation bar, your device sends something called a DNS request, which translates the website into the IP address of the web server; this is how your browser can find the website and serve its content to you. By encrypting your DNS requests, a VPN can hide your search habits and history from those that might use that info as part of building a profile of you. This type of info could be used in a wide variety of ways, from legitimately serving targeted ads to nefarious social engineering.
A VPN can protect your identity by blocking online trackers from following you around the internet. With your VPN on, trackers will think all of your browsing is coming from a different device in a different location. This throws off the profile advertisers try to build because they think you’re someone else.
Another way a VPN can protect your identity is by preventing some types of hacking. Stopping attacks on public WiFi where a bad actor tries to get between you and the website you’re visiting, is just one way VPNs can help. It’s called a Man-in-the-Middle attack, but that’s a subject for another article.
No, a VPN cannot make you anonymous. They help secure what you’re doing, but your ISP still knows when you’re using the internet. They just can’t see what you’re doing, what sites you visit, or how long you’ve been on a site.
Private browsing modes can help protect your privacy, but they’re useful if you share a device with other people and you don’t want them to see your search history. You can read all about the differences in the article I wrote a little while ago.
Apple’s Private Relay is currently in Beta and will be available with an iCloud+ subscription for Safari users on iOS and macOS soon. Private Relay is similar to a VPN in that it changes your IP address so websites you visit can’t tell exactly where you are.
When you turn Private Relay on, your device connects to a server that sends your browsing data to a second server, before it travels through the internet. The reason for the double hop is that first server gives you a new IP address, to make you harder to track, while the second server hides that information from the website you’re browsing. The first server only knows your original IP address, while the second server only knows what you’re browsing, but not your IP.
Private Relay only works with Safari on iOS and macOS. Even if you are using an Apple device, a VPN is still a good idea because it will protect the information that your device sends outside of Safari.
If you’re already a McAfee Total Protection subscriber, you have access to unlimited VPN usage. Protect your personal information, like your banking information and credit cards, from prying eyes with McAfee Total Protection’s Secure VPN. If you haven’t already signed up, now’s the perfect time. McAfee Total Protection provides security for all your devices, giving you peace of mind while you shop, bank, and browse online.
The post What is a VPN and Can it Hide My IP Address? appeared first on McAfee Blogs.
Picture this: you open your MacBook and see an email claiming to be from your favorite online store. In the email, there is an attachment with “important information regarding your recent purchase.” Out of curiosity, you open the attachment without checking the recipient’s email address. The next thing you know, your device is riddled with malware.
Unfortunately, this story is not far from reality. Contrary to popular belief, Apple computers can get viruses, and XLoader has Mac users in their sights.
Let’s break down XLoader’s ‘s origins and how this malware works.
Where Did XLoader Come From?
XLoader originated from FormBook, which has been active for at least five years and is among the most common types of malware. Designed as a malicious tool to steal credentials from different web browsers, collect screenshots, monitor and log keystrokes, and more, FormBook allowed criminals to spread online misfortune on a budget. Its developer, referred to as ng-Coder, charged $49, a relatively cheap price to use the malware, making it easily accessible to cybercriminals.
Although ng-Coder stopped selling FormBook in 2018, this did not stop cybercriminals from using it. Those who had bought the malware to host on their own servers continued to use it, and in turn, quickly noticed that FormBook had untapped potential. In February 2020, FormBook rebranded to XLoader. XLoader can now target Windows systems and macOS devices.
Typically, XLoader is spread via fraudulent emails that trick recipients into downloading a malicious file, such as a Microsoft Office document. Once the malware is on the person’s device, an attacker can eavesdrop on the user’s keystrokes and monitors. Once a criminal has collected enough valuable data, they can make fake accounts in the victim’s name, hack their online profiles, and even access their financial information.
According to recent data, Apple sold 20 million Mac and MacBook devices in 2020. With macOS’s growing popularity, it is no surprise that cybercriminals have set their sights on targeting Mac users. Check out these tips to safeguard your devices and online data from XLoader and similar hacks:
Hackers often use phishing emails or text messages to distribute and disguise their malicious code. Do not open suspicious or irrelevant messages, as this can result in malware infection. If the message claims to be from a business or someone you know, reach out to the source directly instead of responding to the message to confirm the sender’s legitimacy.
Hackers tend to hide malicious code behind the guise of fake websites. Before clicking on an unfamiliar hyperlink, hover over it with your cursor. This will show a preview of the web address. If something seems off (there are strange characters, misspellings, grammatical errors, etc.) do not click the link.
Use a solution like McAfee Total Protection, which can help protect devices against malware, phishing attacks, and other threats. It also includes McAfee WebAdvisor — a tool that identifies malicious websites.
Regardless of whether you use a PC or a Mac, it is important to realize that both systems are susceptible to cyberthreats that are constantly changing. Do your research on prevalent threats and software bugs to put you in a great position to protect your online safety.
XLoader is just the latest example of how the gap between the prevalence of PC versus macOS malware is steadily closing. To better anticipate what threats could be around the corner and how to best combat them, stay updated on all of the latest online safety trends and practice great security habits. This will not only help protect your devices and online accounts but also bring you greater peace of mind.
The post 3 Tips to Protect Yourself From XLoader Malware appeared first on McAfee Blogs.
Smart speakers. Banking online. Location tracking. If you are a senior adult, there’s no doubt, the digital leaps and bounds you’re asked to consider each day can be daunting. If you are the child of a senior adult trying to make digital life more accessible, helping your parent consistently stay safe online can also be a challenge.
According to the most recent Pew study on the topic, senior adults continue to become more digitally connected, but adoption rates continue to trail younger users, and digital divides remain. The study also revealed that 77% of older adults needed assistance in learning how to use technology.
As a senior, it’s easy to feel intimidated and even try to avoid technology altogether as a safety plan. However, more healthcare, banking, and retailers become almost 100% digital, opting out of digital life is becoming impossible.
Still, there’s a way forward. As with any challenge, it’s best to begin one step at a time. First, put your stake in the ground by committing to increase your awareness and consistency in the digital realm. Doing so will help you reduce your fear about potential data breaches, malware attacks, or worse, falling prey to an online scam. Here are seven more ways to build upon your privacy path.
1. Consider another layer of protection. Parental controls and antivirus software cover every age and stage of a family’s digital life. Here’s why: 1) If you are a senior and love exploring online but hate bumping into inappropriate content, parental controls will help you keep the fun and block the junk 2) Filtering software also keeps your PC clean and protected from viruses and malware. 3) If you are a caregiver to a senior and notice your parent struggling with online shopping limits, keeping personal information private on social media, or even sharing fake news, parental controls can help by blocking tempting sites.
2. Update and store your passwords. Updating your passwords regularly is an online privacy gamechanger. The only problem? It’s tough to remember all those passwords, so who wants to risk changing them, right? Consider a password manager (find the software packages that have a password manager built-in). Your Password Manager (PM) stores then populates the username and password fields every time you log on to a favorite site or app. Better yet, it makes changing your password an easy task since you don’t need to do any remembering—your PM does it all for you.
3. Use 2-Factor Authentication (2FA). What in the world? 2FA sounds complicated! Don’t worry, it’s not. Opting for 2FA means that before logging onto your account, you will have one more step to verify it’s you logging on. When given this privacy option, take it. Commonly, the 2FA process is a code generated by a smartphone app—no biggie. If you want to try, go to your settings in your favorite apps, such as Google or Facebook, and turn on the 2FA option.
4. Install software updates immediately. Along with strong passwords, updating your software is a front-line defense against identity theft and fraud. Installing software updates (those pesky pop-up notices that are critical to your privacy) is essential in securing your IoT devices, PCs and phones, and the social media, banking, and healthcare portals connected to them.
5. Use a Virtual Private Network (VPN). If we could write this one tip down a hundred times without losing our readers, we surely would. Every senior adult needs a VPN for practical, powerful privacy protection and peace of mind. A VPN keeps credit card and personal info contained in a secure network and away from prying eyes.
6. Fight back with knowledge. Fraudulent emails connected to fraudulent websites can look very legitimate. A secure website will have an “HTTPS” in the browser’s address bar. The “s” stands for “secure.” If the web address or URL is just HTTP, it’s not a secure site. Still unsure? Read reviews of the site from other users before making a purchase. Never send cash, cashier’s check, or a personal check to any online vendor. If purchasing, always use a credit card in case there is a dispute. Stay up-to-date on scams that target seniors specifically. Lately, elder scams have been constructed around COVID, dating apps, tax returns, employment, and, of course, the common military catfish scams.
7. Have fun as you skill up. When trying to boost your digital skills, don’t forget about all the amazing instructional content at your fingertips. A quick search of YouTube will render easy-to-understand videos on how to do just about everything (including install security software, change your router password, secure the smart devices in your home, and how to adjust your privacy settings on any device).
Learning or building a new skill isn’t always easy, but if you stop to think about it, as a senior, you’ve gained so many skills over your lifetime (far more than your juniors). So, practically speaking, building up your tech skills is one is just one more task to ace. So, lean into the challenge, have fun learning, and don’t hesitate to ask for help if you need it.
The post 7 Savvy Ways Senior Adults Can Safeguard Digital Privacy appeared first on McAfee Blogs.
Over the past few years, food delivery apps have made it easy for people to get their favorite cuisines brought to their doorsteps. In 2020, consumers grew more accustomed to the convenience of ordering take-out when dining in at restaurants was no longer an option. But as we look ahead into 2022, this trend is here to stay. According to a new report by ResearchAndMarkets, the global online food delivery services market will grow from $115.07 billion in 2020 to $126.91 billion by the end of 2021.
To get the latest deals and news from their favorite restaurants, many consumers opt in to receiving marketing emails from the dining locations they frequent the most. One such restaurant is the popular fast-food chain Chipotle Mexican Grill, which has added 22.9 million consumers to its loyalty program since launching two years ago. But customers who signed up to receive emails from Chipotle may have more to consider than whether they choose queso or guacamole. According to Bleeping Computer, Chipotle’s email vendor Mailgun was recently breached, which allowed hackers to take over the company’s email marketing efforts and reach out to unsuspecting customers.
Let’s look at how this threat emerged and what consumers can do to help protect themselves from phishing and live a happy and safe digital life online.
Many restaurant chains like Chipotle utilize a third-party vendor to engage with customers who sign up to receive the latest updates. Chipotle uses Mailgun to help send, receive, and track its marketing emails. However, bad actors were able to hack into Chipotle’s Mailgun account, allowing them to send out phishing emails to recipients.
Under the guise of the Chipotle restaurant chain, cybercriminals reportedly sent out at least 120 malicious emails within a three-day period, luring Chipotle customers to malicious links. Most of the emails directed the unsuspecting users to credential-harvesting sites, impersonating services like a Microsoft 365 login page. Some messages even included malware attachments.
Although phishing is by no means a new cyberthreat, criminals have made it more difficult to spot scam messages with their increasingly sophisticated tactics. Most scammers disguise themselves as major corporations or other trustworthy entities to trick you into willingly providing information like your website login credentials or, even worse, your credit card number. But in Chipotle’s case, cybercriminals were able to hack into the company’s legitimate email marketing account, making it more difficult for consumers to spot the scam.
As a consumer, what can you do to sidestep these stealthy tactics and continue to enjoy your life online? Follow these tips to help safeguard your security:
While phishing has been around for years, cybercriminals continuously make these scams more sophisticated in the hopes of tricking even the most seasoned online experts. That’s why it’s important to stay up to date on the latest phishing techniques so you know what to look out for. Doing a quick search on recent phishing scams every once in a while will help you better spot these cyberthreats well before you find them in your inbox.
If you receive an email that appears to be from a business you subscribe to, but they are asking you for personal information, stop and think. Don’t click on anything or take any direct action from the message. Cybercriminals know that consumers tend to let their guard down when they think they are communicating with an entity that they trust, so play it safe and never assume anything. Instead, go straight to the organization’s website. This will prevent you from downloading dangerous content from phishing links or forking over money unnecessarily.
If someone sends you a message with a link, hover over the link without actually clicking on it. This will allow you to see a link preview. If the URL looks suspicious, don’t interact with it and delete the message altogether.
Use a security solution, like McAfee Total Protection, which can help protect devices against malware, phishing attacks, and other threats. It includes McAfee WebAdvisor, which can help identify malicious websites.
Now that you know how to spot phishing emails and what to do if you suspect scammers are targeting you, you’re far less likely to fall for these schemes. Remember to be careful with your personal information when you use the internet and err on the side of caution whenever anybody asks you to divulge sensitive details about your identity, finances, or login information – even if the message appears to be from a business you recognize.
The post Chipotle’s Marketing Account Hacked: Protect Yourself From Phishing Lures appeared first on McAfee Blog.
As the new school year gets underway, many students will be returning to the classroom in-person, while others will opt to continue hybrid or remote learning indefinitely. Unfortunately, for families choosing the latter, remote learning could come at the expense of their online privacy.
According to the RAND Corporation’s 2020 research report, one in five U.S. school districts plan to offer online learning even after the pandemic ends. Many school districts are waiting to review the Centers for Disease Control (CDC) latest recommendations. Either way, there’s no better time for a data privacy refresh.
Protecting your child’s privacy while remote learning requires a three-part investment of parents, students, and schools. One of the first steps in that direction is to understand your district’s privacy practices. To do that, ask to take a closer look at its approach to data consent, secondary data use, as well as its data collection and retention practices.
According to The Center for Democracy and Technology, there are five areas where schools may put a child’s privacy at risk.
Using student data to assess needs and launch connectivity and device programs can pose a privacy risk.
Ask: To assess overall digital access, the school collected my child’s data. How will that data be used?
Sharing student data with third parties, such as broadband and device providers, is a common practice that can pose a privacy risk.
Ask: To connect my remote learner, the school shared my child’s data with the provider. Can the school ensure that data will be used by the third-party responsibly? May I view the data use policy?
Schools now have apps that allow teachers to monitor student progress.
Ask: With more teacher access to student devices and desktops, how can the school ensure that my child’s other data is secure?
Ongoing security and device management requirements should be established to avoid viruses and malicious activity.
Ask: What security measures are in place on school-owned devices to protect my child’s content or personal information? Will my child’s activity be tracked?
A lack of digital literacy and security knowledge on the part of students, families and even schools can put a child’s privacy at risk.
Ask: What digital literacy resources or training do you offer teachers, staff, students and families?
One sign your child’s privacy is in good hands is if your school has a solid Data Governance Policy (DGP) that staff, teachers, and students follow. A DGP establishes schools processes and structures for overseeing the school’s approach to management, usability, availability, quality and security of data and technology.
Going a step further, a privacy-aware school will engage students, families, teachers, and administrators (and even third-party providers) about the importance of data use and closing privacy gaps.
Rather than make assumptions, discuss what privacy is with your child. For example, with more time online, consider parental controls to filter risky content. Likewise, talk to your child about how to identify phishing scams and consider investing in security software that scans for malware and untrusted sites.
If your child uses video apps such as Zoom to connect remotely, be sure that personal information—such as birthdate, address, photographs, or a nickname—isn’t accidently visible in the background.
Whether your child uses Zoom, a chat app, website or another EdTech platform for learning, set privacy settings to provide maximum protection. Following the directions under “settings” of any new app are fast and easy.
Under FERPA, the Family Educational Rights and Privacy Act, schools must notify you of your right to opt out of Directory Information at the start of the school year. Don’t opt-out? Schools can share Directory Information about their child with third parties without parental or student consent.
If we could point to a positive consequence of the pandemic, it would be that with the sudden spike in connectivity during quarantine, data privacy concerns became more prevalent than ever—that shift deserves an A+. Moving forward, it’s critical for parents and schools to work together to create practices that protect online privacy for all students—on-site or remote.
The post Back-to-School: Privacy Worries in a Remote Learning World appeared first on McAfee Blog.
T-Mobile, the popular US mobile phone service provider, recently confirmed a data breach affecting 7.8 million current customers and 40 million records from past or prospective customers. The stolen data included customer names, dates of birth, social security numbers, and driver’s license information. Fortunately, subscriber credit card information and other financial details were not affected in the breach.
Even though financial data was spared in the breach, the types of information stolen, along with the vast volume of affected subscribers mean that all T-Mobile subscribers should take immediate action to secure their identities and accounts online.
This is the immediate step all affected subscribers should take.
As part of T-Mobile’s response, they are offering an identity protection service exclusively to all affected customers, free for two years. This identity protection service gives customers the ability to monitor personal info, including your SSN, bank account numbers, debit cards, email addresses, phone numbers, and more. If info is found on the dark web, customers will receive guidance to help secure online accounts. Should identity theft occur, the identity protection service includes fraud resolution support and identity theft insurance for peace of mind. The free 24 months of identity protection will be delivered directly by T-Mobile. The company is also encouraging customers to sign up for their Account Takeover Protection service.
One lesser-known type of data stolen in the breach was International Mobile Equipment Identity (IMEI) numbers, which allow individual devices to be identified on a mobile network. Access to IMEI numbers could enable SIM-swap attacks which make account takeovers possible. With an account takeover, two-factor authentication through text message becomes vulnerable, allowing hackers potential access to bank accounts, among others. App-based multi-factor authentication, using a solution like Google’s Authenticator, allows you to authenticate your identity from other devices, instead of having authentication tied to your mobile phone number.
T-Mobile will be contacting impacted customers directly. However, cybercriminals and scammers may also take advantage of this data breach to scam people using email. They will often pose as major corporations or other trustworthy entities to trick you into willingly providing information like website login credentials or, even worse, your credit card number. We’ve provided additional information here to help you to recognize legitimate emails.
In its simplest form, your digital identity is made up of a whole host of things that can be traced back to you and who you are. This includes email accounts, cell phone numbers, bank accounts, your tax ID, and more. Read our additional tips to protect your digital identity.
For regular updates and official news from T-Mobile, visit their Newsroom blog here.
The post T-Mobile’s data breach exposes the personal data of 40 million appeared first on McAfee Blog.
Have you ever come across a website that just didn’t look quite right? Perhaps the company logo looked slightly misshapen, or the font seemed off-brand. Odds are, you landed on a phony version of a legitimate corporation’s website—a tried and true tactic relied on by many cybercriminals.
A fake login page is essentially a knock-off of a real login page used to trick people into entering their login credentials, which hackers can later use to break into online accounts. These websites mirror legitimate pages by using company logos, fonts, formatting, and overall templates. Depending on the attention to detail put in by the hackers behind the imposter website, it can be nearly impossible to distinguish from the real thing. Consequentially, fake login pages can be highly effective in their end goal: credential theft.
How do these pages get in front of a consumer in the first place? Typically, scammers will target unsuspecting recipients with phishing emails spoofing a trusted brand. These emails may state that the user needs to reset their password or entice them with a deal that sounds too good to be true. If the consumer clicks on the link in the email, they will be directed to the fake login page and asked to enter their username and password. Once they submit their information, cybercriminals can use the consumer’s data to conduct credential stuffing attacks and hack their online profiles. This could lead to credit card fraud, data extraction, wire transfers, identity theft, and more.
Scammers have recently targeted Canadians with attacks leveraging fake login pages to harvest personal data. For example, criminals preyed on employees who were expecting COVID-19 relief grants in the form of the CERB (Canada Emergency Response Benefit). These funds were sent via an electronic transfer from Interac, a legitimate Canadian interbank network. However, a phishing campaign spoofing Interac’s e-transfer service circulated emails claiming that the Canada Revenue Agency (CRA) made a CERB deposit of $1,957.50 CAD.
These emails directed recipients to a fake CRA login page, which then redirected to a phony Interac e-transfer site where users were asked to select their personal bank. From there, the recipient was asked to enter their username, card number, password, security questions and answers for their online banking profile, and other personally identifiable information—providing all the information a criminal would need to hack into the user’s bank account.
If you Google “fake login pages,” you will quickly find countless guides on how to create fake websites in seconds. Ethical concerns aside, this demonstrates just how common vector spoofed websites are for cyberattacks. While it has been easier to distinguish between real and fake login pages in the past, criminals are constantly updating their techniques to be more sophisticated, therefore making it more difficult for consumers to recognize their fraudulent schemes.
One reason why fake login pages are so effective is due to inattentional blindness, or failure to notice something that is completely visible because of a lack of attention. One of the most famous studies on inattentional blindness is the “invisible gorilla test.” In this study, participants watched a video of people dressed in black and white shirts passing basketballs. Participants were asked to count the number of times the team in white passed the ball:
Because participants were intently focused on counting the number of times the players in white passed the ball, more than 50% failed to notice the person in the gorilla costume walking through the game. If this is the first time you’ve seen this video, it’s likely that you didn’t notice the gorilla, the curtain changing color from red to gold, or the player in black leaving the game. Similarly, if you come across a well-forged login page and aren’t actively looking for signs of fraud, you could inherently miss a cybercriminal’s “invisible gorilla.” That’s why it’s crucial for even those with phishing training to practice caution when they come across a website asking them to take action or enter personal details.
The most important defense against steering clear of fake login pages is knowing how to recognize them. Follow these tips to help you decipher between a legitimate and a fake website:
Most fake login pages are circulated vis phishing messages. If you receive a suspicious message that asks for personal details, there are a few ways to determine if it was sent by a phisher aiming to steal your identity. Phishers often send messages with a tone of urgency, and they try to inspire extreme emotions such as excitement or fear. If an unsolicited email urges you to “act fast!” slow down and evaluate the situation.
Oftentimes, hackers will use a URL for their spoofed website that is just one character off from the legitimate site, such as using “www.rbcr0yalbank.com” versus “www.rbcroyalbank.com.” Before clicking on any website from an email asking you to act, hover over the link with your cursor. This will allow you to preview the URL and identify any suspicious misspellings or grammatical errors before navigating to a potentially dangerous website.
HTTPS, or Hypertext Transfer Protocol Secure, is a protocol that encrypts your interaction with a website. Typically, websites that begin with HTTPS and feature a padlock in the top left corner are considered safer. However, cybercriminals have more recently developed malware toolkits that leverage HTTPS to hide malware from detection by various security defenses. If the website is secured with HTTPS, ensure that this isn’t the only way you’re analyzing the page for online safety.
Multi-factor authentication requires that users confirm a collection of things to verify their identity—usually something they have, and a factor unique to their physical being—such as a retina or fingerprint scan. This can prevent a cybercriminal from using credential-stuffing tactics (where they will use email and password combinations to hack into online profiles) to access your network or account if your login details were ever exposed during a data breach.
An identity theft alert service warns you about suspicious activity surrounding your personal information, allowing you to jump to action before irreparable damage is done. McAfee Total Protection not only keeps your devices safe from viruses but gives you the added peace of mind that your identity is secure, as well.
The post How to Spot Fake Login Pages appeared first on McAfee Blog.
You open your laptop and see an email from a healthcare organization that you don’t recognize. The subject line reads “URGENT – PROOF OF VACCINATION NEEDED.” Impulsively, you open the email and click on the link. You’re redirected to a website that asks you to enter your name, date of birth, Social Security Number, and a photo of your vaccine card. Scrambling, you enter the information and click “Submit.”
As you continue to adapt your lifestyle to the ongoing public health precautions, it’s important to consider how these precautions can affect your digital health as well. According to the Washington Post, pandemic-related email scams are on the rise, especially with the delta variant surging. McAfee Labs’ April 2021 Threats Report found that COVID-19-themed cyber-attack detections increased 114% in Q3 and Q4 of 2020. Research also shows that COVID-19 phishing attempts in June 2021 increased 33%. With confusion around proof of vaccination and booster shots emerging, it’s likely that cybercriminals will take advantage.
As employers re-evaluate their return-to-office plans, some are requiring proof of vaccination or negative COVID-19 test results. This creates a new opportunity for cybercriminals to exploit. Researchers have uncovered phishing emails disguised as human resources departments asking recipients to submit personally identifiable information about their vaccination status. Many of these types of emails contain links to fake login pages. If the recipient proceeds with entering their credentials and personal data, cybercriminals can use the consumer’s data to conduct credential stuffing attacks and hack their online profiles. This could lead to credit card fraud, data extraction, wire transfers, identity theft, and more.
With various organizations contacting individuals about potential virus exposure, testing and vaccination information, and other public health news, it’s important to remember that some of these organizations may not be what they say they are. That email from the healthcare company you’ve never heard of? It’s probably a cybercriminal in disguise. Some hackers are impersonating public health and government organizations, sending phishing emails in the hopes of collecting users’ names, Social Security Numbers, birthdates, and other valuable data. Criminals tend to sell this information on the dark web, making a profit while the recipients’ online safety is put in jeopardy.
As more news and recommendations for dealing with the pandemic continues to emerge, it’s important that you stay vigilant when it comes to protecting your digital wellness. After all, it’s just as important as your physical wellness! In addition to staying updated on the latest COVID-19-related scams, follow these tips to keep yourself secure from online threats like phishing scams:
If you receive an email or text message from an organization that you’re unfamiliar with, do some sleuthing. Verify that the organization is legitimate. The same goes if you receive a message from an entity that you recognize. If your “HR department” or a “doctor’s office” contacts you and asks for personal information, reach out to them directly instead of replying directly or clicking on any links in the message. This can prevent you from interacting with a hacker in disguise.
Oftentimes, hackers will use a URL for their spoofed website that is just one character off from the legitimate site. Before clicking on any website from an email asking you to act, hover over the link with your cursor. This will allow you to preview the URL and identify any suspicious misspellings or grammatical errors before navigating to a potentially dangerous website.
Multi-factor authentication requires that users confirm a collection of things to verify their identity—usually something they have, and a factor unique to their physical being—such as a retina or fingerprint scan. This can prevent a cybercriminal from using credential-stuffing tactics (where they will use email and password combinations to hack into online profiles) to access your network or account if your login details were ever exposed during a data breach and sold on the dark web.
An identity theft alert service warns you about suspicious activity surrounding your personal information, allowing you to jump to action before irreparable damage is done. McAfee Total Protection not only keeps your devices safe from viruses but gives you the added peace of mind that your identity is secure, as well.
The post How Fraudsters Are Fooling Users With This Proof of Vaccination Phishing Scam appeared first on McAfee Blog.
Customers often ask us some version of this question. It’s a good question and in the past, there was no direct answer – only recommendations. For instance, we recommend online protection that goes beyond antivirus to include identity and privacy protection, as well as promoting safety best practices like using multi-factor authentication. We wondered if there was a simpler and easier way to advise customers how to better protect themselves.
A recent survey shows how important online security has become to consumers. We found that 74% of you have concerns about keeping your information private online. 57% want to be more in control of their personal info online. And, since the pandemic started, 47% of online consumers feel unsafe compared to 29%. Simply put, customers are more conscious of their safety online than ever before, and eager to play an active role in their protection.
It’s time for a new approach – meet the Protection Score.
If you’re thinking this looks like a credit, fitness, sleep, or any of the other scores we now use to visualize and quantify aspects of our life, you’re on the right track.
Your personalized Protection Score is a measure of your security online. The higher your score, the safer you are online. Your score will highlight any weaknesses in your security and help you fix them with easy step-by-step instructions. We’ll also let you know which features haven’t been setup so you can get the most out of your protection.
When we developed Protection Score the idea was to give customers a simple solution to better protect themselves and get the most from their subscription, including security tips to protect their identity, privacy, and devices, while also improving their online habits. We wanted it to be easy for anyone to:
Now that we’ve talked about Protection Score generally, let’s look at how it works in practice. Your score is based on a few things, including setting up your McAfee protection, strengthening your security with our safety recommendations, and ensuring your personal info is safely monitored with Identity Protection.
For example, if your information is exposed in a data breach your score may drop, but you can improve it by following our easy-to-follow remediation steps. Once you’ve completed those steps your score will go back up and you can be confident knowing you’re better protected online.
A perfect score does not mean you’re perfectly safe, but it does mean that you’re doing an excellent job of preventing and managing risks.
Your Protection Score is a great way to understand how safe you are at a glance. Additionally, improving your score ensures your life online is being protected by many of the safety features and benefits McAfee has to offer. For instance, the subscriber, John Smith, can see they’re fairly safe based on their score. However, it isn’t a perfect score and there are a few actions they could still take to improve it. In this case, adding their email and phone number to dark web monitoring – a crucial step in protecting their personally identifiable information online.
Protection Score can be easily accessed* from your browser of choice on any device so you can review our guidance and take steps to improve your score from wherever you are. McAfee’s Protection Score is a first for the cybersecurity industry, but we’re not stopping there. We’re going to continue to improve the feature by adding more personalization and accessibility so you can enjoy your life online knowing exactly how protected you are.
*Note that Protection Score is currently live in the US, Canada, Brazil, Australia, New Zealand, Japan, UK, Germany, France, Spain, and Italy.
The post Stay on top of your online security with our Protection Score appeared first on McAfee Blog.
When it comes to crime, what do people worry about most? Having their car stolen? A break-in while they’re not at home? Good answers, but not the top answer by a long shot. In this U.S.-based survey, hacker-related crime weighed in at 72%, with a home burglary at 35% and auto theft at 34%, indicating that people’s concerns about cybercrime are very much front and center.
The good news is that plenty of cybercrime can be prevented, or at least made less likely, provided you protect yourself online, much in the same way you take steps to protect your car or home. And that’s the focus of this year’s Cybersecurity Awareness Month. With the theme of “Do Your Part. #BeCyberSmart,” it reminds us of how we can take charge of our own safety—the ways we can look out for ourselves and others as we enjoy our time online.
Throughout October, we’re participating in Cybersecurity Month here on our blogs and across our social media channels, posting a host of ways that you can help keep cybercrooks away from your digital doorstep. Each week, we’ll tackle a different aspect of online protection:
Maybe it comes as no surprise to hear it, yet one recent study shows the average person spends nearly eight hours a day online. With that, we’re taking this week to focus on the family, how they spend their time online and how they can be safer when they do.
Whether they come by email, text, or DM, phishing attacks account for the most common types of reported cybercrime, according to the FBI Internet Crime Complaint Center. This week, we’ll show you how you can indeed fight the phish!
This sentiment sums up the best of the internet in so many ways. Getting out there, discovering, catching up with friends online. Our focus this week is helping you enjoy it all without any of the bad apples out there spoiling your fun.
We wrap it up with a look at some of the top priorities so everyone in the family can #BeCyberSmart—online banking, app scams, privacy, identity theft, and more—along with plenty of straightforward tips that can help you stay safer.
We hope our posts throughout Cybersecurity Awareness Month help you get a little sharper and feel a little safer so you can enjoy your time online, free from hassles or headaches. Look for more from us throughout October!
The post Cybersecurity Awareness Month: Taking Charge of Your Safety Online appeared first on McAfee Blog.
A good time to check if someone is using your identity is before it even happens.
One of identity theft’s several downsides is how people discover they’ve become a victim in the first place—by surprise. They go to rent an apartment, open a line of credit, or apply for financing, only to discover that their finances or reputation has taken a hit because of identity thief.
And those hits add up, particularly when you look at the dollars involved. In 2020, the Federal Trade Commission (FTC) reported $3.3 billion in financial losses from 4.7 million reported cases of fraud, a 45% increase over the year prior. Of those reports, identity theft was the leading fraud category, accounting for 29% of fraud incidents.
Plenty. Depending on the type and amount of information an identity thief gets their hands on, they can harm your finances and reputation in several ways, including:
Rather than ending up with a rude and potentially costly surprise of your own, you can get ahead of thieves by checking to see if someone is using your identity before it’s a problem or before it really takes root.
Major data breaches that expose personal information seem to hit the headlines with some regularity, not to mention the many, many more that don’t get national or international press coverage. Most recently we have the Neiman Marcus breach, where this major retailer alerted 4.6 million customers that “an unauthorized party obtained personal information associated with certain Neiman Marcus customers’ online accounts.”
And as it is with many such breaches, it took quite some time before the theft of information was discovered. Per Neiman Marcus, it’s believed that the breach occurred in May 2020 and only discovered in September of 2021. Potentially compromised information included:
Whether or not you have reason to suspect that your information got caught up in this recent large-scale breach, it serves as a good reminder that any time is the right time to check up on your identity. Acting now can save headaches, potentially big headaches, later.
Quite a bit of identity theft prevention begins with taking stock of the accounts and services you have in your name. This ranges anywhere from bank accounts to public utilities and from credit cards to loans, all of which contain varying degrees of personal information about you. With a sense of where your personal identity is being used, you can better look for instances where it’s being misused.
Ways you can spot for possible identity theft include:
If you stop receiving a bill that normally comes to you, such as a utility bill or for a department store credit card, that could be a sign that a thief has changed the mailing address and has potentially hijacked your identity.
This is rather straightforward, yet it reminds us how important it is to look at our statements closely. Charges that you didn’t ring up or that seem slightly higher than normal are a surefire sign that you should follow up with the bank or company involved and let them know of possible fraud.
In the U.S., you have annual access to free credit reports from the major credit reporting agencies. Not only will this give you a sense of your credit score, but it will also show the credit that’s open in your name, along with addresses associated with your identity. Spotting an account that you haven’t signed up for or seeing an address of a residence that you’re not renting are other common signs that your identity may have been compromised.
With the number of accounts many of us have these days, a credit monitoring service can help you stay on top of what’s happening in your name. Often offered through banks, credit unions, and even insurance providers, credit monitoring can alert you in several instances, including:
Overall, credit monitoring can act as another set of eyes for you and spot potential identity issues. Different services provide different levels of monitoring, so consider reviewing a few options to find the one that works best for you.
One like our own Identity Protection Service will monitor several types of personally identifiable information, alert you of potentially stolen personal info, and offer guided help to neutralize the threat—in addition to offering several preventative steps to help keep theft from happening in the first place. With this set up on your computers and smartphone you can stay in the know and address issues immediately.
Along with keeping an eye on what’s happening with your identity online and elsewhere, there are a few more things you can do to make it tougher for thieves to steal your identity.
Given all the banking and shopping we do on our computers and phones, installing and using comprehensive online protection software is a must these days. It puts several layers of security in place, such as creating complex passwords automatically, shielding credit card info from prying eyes, and protecting your privacy and data online by connecting with a VPN. In short, online protection software acts as a solid first line of defense.
As mentioned above, comprehensive online protection software often includes a password manager that can generate strong, unique passwords for each of your accounts and remember them for you. It’s extra protection that makes life a lot easier for you by managing all the accounts you’re juggling. Also, use MFA (multi-factor authentication) on the accounts that give you the option, which makes it harder for a thief to crack your accounts with a password alone.
Sensitive documents come in all forms. Top-of-the-line examples include things like tax returns, bank statements, and financial records. Yet there are also things like your phone and utility bills, statements from your doctor’s office, and offers that come to you via mail. Together, these things can contain personal information such as account numbers, your full Social Security Number, the last four digits of your Social Security Number (which can still be useful to thieves), and other information that may uniquely identify you. You’ll want to dispose of sensitive documents like these so that they can’t be harvested by hackers.
For physical documents, consider the low-cost investment of a paper shredder to help ensure they don’t fall into the wrong hands when you are done with them. (And let’s face it, they’re fun to use!) For digital documents, simply deleting a file is not enough – online protection software is a great resource that often includes a digital document shredder, designed to render the data practically unusable when you’re ready to trash the file.
Your Social Security Number is one of the most prized possessions a thief can run away with because it is so closely associated with you and things like your tax returns, employment, and so on. Keep it stored in a safe location rather than on your person or in your wallet. Likewise, be careful about giving out your SSN. While organizations like the IRS, your bank, and employer require it, there are other organizations who do not—but may ask for it anyway. (Doctor’s offices are a prime example.) If you get such a request, ask them what they intend to use it for and then ask if another form of identification will work instead.
Phishing attacks are one of the primary ways identity thieves steal personal information. Whether they come via a direct message, on social media, or through email, text, or phone calls, thieves use them to harvest your personal info by posing as a legitimate organization—such as in this recent IRS phishing scam. Phishing is a topic all unto itself, and you can check out this quick read to see how you can spot phishing scams and protect yourself from them.
Like any criminal, identity thieves do their dirtiest work in the shadows—quietly stealing money under your nose, or worse, as we outlined above. By shining a light on your identity and keeping regular track of what’s happening with it, you can spot unusual activity right away. Even the small stuff is important. A co-worker of mine once saw an incorrect address listed on his credit report. Turned out, that address was used to rack up several large charges at a retailer, which he was able to fix with the aid of the credit reporting agency and the retailer in question.
No doubt about it. Identity theft is indeed on the rise, and your best bet to avoid such a nasty surprise is to keep an eye on your digital identity the same way you keep an eye on your actual wallet.
The post How to Check if Someone is Using Your Identity appeared first on McAfee Blog.
When you’re online, the world is at your fingertips. You can do amazing things like stream the latest movies while they’re still in theaters! Or you can enjoy the convenience of online shopping and avoiding the DMV by renewing your driver’s license remotely. This is possible because we’re able to communicate with these organizations through many different channels and we trust them. Unfortunately, many bad actors have taken advantage of this trust and the ease of communication to up their game when it comes to social engineering.
What is social engineering? One of the more famous examples of social engineering was the Nigerian Prince email scam. In this example, hackers relied on a novel, too-good-to-be-true story of a prince looking to transfer some of his fortune if only he could use your bank account number. The Nigerian Prince is a running joke these days, the internet version of “if you believe that, then I have a bridge to sell you,” but its original success made scammers realize they were onto something big.
Modern social engineering campaigns closely resemble communications from legitimate organizations. They’re carefully designed, may be grammatically correct, and appear in completely plausible scenarios. However, they’re all after the same thing – information to gain access to an organization or individual’s accounts.
Phishing is a type of social engineering that uses email or websites to convince people to give up their personal information, under the guise of a plausible reason. Instead of a Nigerian prince asking for a bank account number, an email posing as your bank may ask for you to confirm your account information. Often these emails are tied to circumstances that demand your attention and reflect a sense of urgency. Needless to say, many recent phishing scams have played into COVID-19 pandemic fears and economic concerns. Here are a few other scams related to phishing to watch out for:
First, does the message you’ve received contain any of the following:
If so, check for these tell-tale signs used by phishing scams
If the email you’re suspicious of has several of the above warning signs, chances are you’ve spotted a phishing email. Still not sure what we’re talking about? Check in your email’s spam and you’ll probably see some obvious examples of phishing right away. Spam doesn’t catch everything though, and the best phishing scams can be very difficult to separate from the legitimate emails. With that in mind, we’ve pulled together some safety precautions that will help keep you safer, from phishing emails.
The post Staying safer online from phishing and other attacks appeared first on McAfee Blog.
What was the first online service that you signed up for? Perhaps it was your middle school email address (“soccerloveR1450@hotmail.com” anyone?) or your very first Tumblr or Myspace account. Whatever it was, it’s likely that you haven’t used these accounts in years — but did you ever actually delete the account?
Over the past decade, you’ve likely collected various online accounts that you no longer use. But just because you stop using an account doesn’t mean that it doesn’t exist — and your data is likely still floating around on the World Wide Web. These old “zombie” accounts haunt your digital graveyard and are easy pickings for cybercriminals.
Today, most websites and apps either require or strongly encourage their visitors to create user accounts. Almost always, exchanging an email address for an exclusive offer seems a fair tradeoff. As a result, consumers quickly accumulate accounts, many of which they may not even remember creating.
According to Digital Guardian, 70% of consumers have more than 10 password-protected online accounts, and 30% have too many to keep track of. These accounts are comprised of free trials, stores that you no longer purchase from, one-time accounts that you create to buy something, gaming platforms, and apps that you only used a few times. While they may have once served a purpose, you no longer need them.
The problem with zombie accounts is that they contain credentials at risk of exposure. Say that you sign up for a free week trial of a meal kit delivery service. When creating your account, you include information like your email address, password, phone number, delivery address, and credit card information. Once your trial expires, you decide not to sign up for a membership, but your account information remains online. If the meal kit company is involved in a data breach, your personal data could be leaked and exploited by cybercriminals. And if you happen to reuse the same credentials across multiple accounts, a criminal could use credential stuffing techniques (where they use email and password combinations to hack into online profiles) to break into your other accounts.
So, how can you keep protect your online data and prevent a zombie account apocalypse? Follow these cybersecurity best practices to help keep your information secure:
Don’t remember which accounts you made and no longer use? No worries! If you browse with Google Chrome, check under chrome > settings > passwords. This will show all the accounts and passwords you’ve used and saved. Other browsers like Firefox and Safari have similar settings. If you use a password manager, this will also keep a record of your credentials. Once you’ve identified the online accounts you no longer used (or completely forgot you had), close the account for good! This may take some patience, as some websites require multiple steps to close an account. But it will be worth knowing that your information is safer from online exposure.
Having a strong, unique password for each of your online accounts helps protect them from credential stuffing. By using different passwords for your online accounts, you can take comfort in knowing that the majority of your data is secure if one of your accounts is vulnerable.
If you realize a company you buy from fell victim to a data breach, start investigating. A tool like McAfee Identity Protection Service can help you monitor multiple email addresses that allow you to see if you were impacted by a breach. If your credentials were potentially exposed, update them on the company’s website immediately.
Multifactor authentication is an online safety measure where more than one method of identity verification is needed to access the valuable information that lies within password-protected accounts. This can prevent a criminal from breaking into your online profile by providing an added layer of security.
McAfee Total Protection will help protect your personal information and privacy and provides identity restoration services and invaluable peace of mind. Ninety-two percent of Canadians are concerned about the protection of their privacy and 37% are extremely concerned, reports the Canadian Centre for Cybersecurity. All it takes is a few changes to your online habits and arming yourself with the right tools to feel secure about your online presence.
The post Don’t Let Old Accounts Haunt You: How to Maintain Your Digital Graveyard appeared first on McAfee Blog.
When it comes to identity theft, trust your gut when something doesn’t feel right. Follow up. What you’re seeing could be a problem.
A missing bill or a mysterious charge on your credit card could be the tip of an identity theft iceberg, one that can run deep if left unaddressed. Here, we’ll look at several signs of identity theft that likely need some investigation and the steps you can take to take charge of the situation.
Unfortunately, it can happen in several ways.
In the physical world, it can happen simply because you lost your wallet or debit card. However, there are also cases where someone gets your information by going through your mail or trash for bills and statements. In other more extreme cases, theft can happen by someone successfully registering a change of address form in your name (although the U.S. Postal Service has security measures in place that make this difficult).
In the digital world, that’s where the avenues of identity theft blow wide open. It could come by way of a data breach, a thief “skimming” credit card information from a point-of-sale terminal, or by a dedicated crook piecing together various bits of personal information that have been gathered from social media, phishing attacks, or malware designed to harvest information. Additionally, thieves may eavesdrop on public Wi-Fi and steal information from people who’re shopping or banking online without the security of a VPN.
Regardless of how crooks pull it off, identity theft is on the rise. According to the Federal Trade Commission (FTC), identity theft claims jumped up from roughly 650,000 claims in 2019 to nearly 1.4 million in 2020—practically double. Of the reported fraud cases where a dollar loss was reported, the FTC calls out the following top three contact methods for identity theft:
However, phone calls, texts, and email remain the most preferred contact methods that fraudsters use, even if they are less successful in creating dollar losses than malicious websites, ads, and social media.
Identity thieves leave a trail. With your identity in hand, they can charge things to one or more of your existing accounts—and if they have enough information about you, they can even create entirely new accounts in your name. Either way, once an identity thief strikes, you’re probably going to notice that something is wrong. Possible signs include:
As you can see, the signs of possible identity theft can run anywhere from, “Well, that’s strange …” to “OH NO!” However, the good news is that there are several ways to check if someone is using your identity before it becomes a problem – or before it becomes a big problem that gets out of hand.
The point is that if you suspect fraud, you need to act right away. With identity theft becoming increasingly commonplace, many businesses, banks, and organizations have fraud reporting mechanisms in place that can assist you should you have any concerns. With that in mind, here are some immediate steps you can take:
Whether you spot a curious charge on your bank statement or you discover what looks like a fraudulent account when you get your free credit report, let the bank or business involved know you suspect fraud. With a visit to their website, you can track down the appropriate number to call and get the investigation process started.
Some businesses will require you to file a local police report to acquire a case number to complete your claim. Even beyond a business making such a request, filing a report is still a good idea. Identity theft is still theft and reporting it provides an official record of the incident. Should your case of identity theft lead to someone impersonating you or committing a crime in your name, filing a police report right away can help clear your name down the road. Be sure to save any evidence you have, like statements or documents that are associated with the theft. They can help clean up your record as well.
The FTC’s identity theft website is a fantastic resource should you find yourself in need. Above and beyond simply reporting the theft, the FTC can provide you with a step-by-step recovery plan—and even walk you through the process if you create an account with them. Additionally, reporting theft to the FTC can prove helpful if debtors come knocking to collect on any bogus charges in your name. You can provide them with a copy of your FTC report and ask them to stop.
You can place a free one-year fraud alert with one of the major credit bureaus (Experian, TransUnion, Equifax), and they will notify the other two. A fraud alert will make it tougher for thieves to open accounts in your name, as it requires businesses to verify your identity before issuing new credit in your name.
A credit freeze goes a step further. As the name implies, a freeze prohibits creditors from pulling your credit report, which is needed to approve credit. Such a freeze is in place until you lift it, and it will also apply to legitimate queries as well. Thus, if you intend to get a loan or new credit card while a freeze is in place, you’ll likely need to take extra measures to see that through. Contact each of the major credit bureaus (Experian, TransUnion, Equifax) to put a freeze in place or lift it when you’re ready.
This can run the gamut from closing any false accounts that were set up in your name, removing bogus charges, and correcting information in your credit report such as phony addresses or contact information. With your FTC report, you can dispute these discrepancies and have the business correct the record. Be sure to ask for written confirmation and keep a record of all documents and conversations involved.
If you receive a notice from the IRS that someone used your identity to file a tax return in your name, follow the information provided by the IRS in the notice. From there, you can file an identity theft affidavit with the IRS. If the notice mentions that you were paid from an employer you don’t know, contact that employer as well and let them know of possible fraud—namely that someone has stolen your identity and that you don’t truly work for them.
Also, be aware that the IRS has specific guidelines as to how and when they will contact you. As a rule, they will most likely contact you via physical mail delivered by the U.S. Postal Service. (They won’t call or apply harassing pressure tactics—only scammers do that.) Identity-based tax scams are a topic all of their own, and for more on it, you can check out this article on tax scams and how to avoid them.
Another downside of identity theft is that it can mark the start of a long, drawn-out affair. One instance of theft can possibly lead to another, so even what may appear to be an isolated bad charge on your credit card calls for keeping an eye on your identity. Many of the tools you would use up to this point still apply, such as checking up on your credit reports, maintaining fraud alerts as needed, and reviewing your accounts closely.
With all the time we spend online as we bank, shop, and simply surf, we create and share all kinds of personal information—information that can get collected and even stolen. The good news is that you can prevent theft and fraud with online protection software, such as McAfee+ Ultimate.
With McAfee+ Ultimate you can:
In all, it’s our most comprehensive privacy, identity, and device protection plan, built for a time when we rely so heavily on the internet to go about our day, whether that’s work, play, or simply getting things done.
Realizing that you’ve become a victim of identity theft carries plenty of emotion with it, which is understandable—the thief has stolen a part of you to get at your money, information, and even reputation. Once that initial rush of anger and surprise has passed, it’s time to get clinical and get busy. Think like a detective who’s building – and closing – a case. That’s exactly what you’re doing. Follow the steps, document each one, and build up your case file as you need. Staying cool, organized, and ready with an answer for any questions you’ll face in the process of restoring your identity will help you see things through.
Once again, this is a good reminder that vigilance is the best defense against identity theft from happening in the first place. While there’s no absolute, sure-fire protection against it, there are several things you can do to lower the odds in your favor. And at the top of the list is keeping consistent tabs on what’s happening across your credit reports and accounts.
The post Top Signs of Identity Theft appeared first on McAfee Blog.
In the hands of a thief, your Social Security Number is the master key to your identity.
With a Social Security Number (SSN), a thief can unlock everything from credit history and credit line to tax refunds and medical care. In extreme cases, thieves can use it to impersonate others. So, if you suspect your number is lost or stolen, it’s important to report identity theft to Social Security right away.
Part of what makes an SSN so powerful in identity theft is that there’s only one like it. Unlike a compromised credit card, you can’t hop on the phone and get a replacement. No question, the theft of your SSN has serious implications. If you suspect it, report it. So, let’s take a look at how it can happen and how you can report identity theft to Social Security if it does.
Yes. Sort of. The Social Security Administration can assign a new SSN in a limited number of cases. However, per the SSA, “When we assign a different Social Security number, we do not destroy the original number. We cross-refer the new number with the original number to make sure the person receives credit for all earnings under both numbers.”
In other words, your SSN is effectively forever, which means if it’s stolen, you’re still faced with clearing up any of the malicious activity associated with the theft potentially for quite some time. That’s yet another reason why the protection of your SSN deserves particular attention.
There are several ways an SSN can end up with a thief. Some involve physical theft, and others can take the digital route. To what extent are SSNs at risk? Notably, there was the Equifax breach of 2017, which exposed some 147 million SSNs. Yet just because an SSN has been potentially exposed does not mean that an identity crime has been committed with it.
So, let’s start with the basics: how do SSNs get stolen or exposed?
That’s quite the list. Broadly speaking, the examples above give good reasons for keeping your SSN as private and secure as possible. With that, it’s helpful to know that there are only a handful of situations where your SSN is required for legitimate purposes, which can help you can make decisions about how and when to give it out. The list of required cases is relatively short, such as:
You’ll notice that places like doctor’s offices and other businesses are not listed here, though they’ll often request an SSN for identification purposes. While there’s no law preventing them from asking you for that information, they may refuse to work with you if you do not provide that info. In such cases, ask what the SSN would be used for and if there is another form of identification that they can use instead. In all, your SSN is uniquely yours, so be extremely cautious in order to minimize its potential exposure to theft.
Let’s say you spot something unusual on your credit report or get a notification that someone has filed a tax return on your behalf without your knowledge. These are possible signs that your identity, if not your SSN, is in jeopardy, which means it’s time to act right away using the steps below:
File a police report and a Federal Trade Commission (FTC) Identity Theft Report. This will help in case someone uses your Social Security number to commit fraud, since it will provide a legal record of the theft. The FTC can also assist by guiding you through the identity theft recovery process as well. Their site really is an excellent resource.
Get in touch with the fraud department at each of the businesses where you suspect theft has taken place, let them know of your situation, and follow the steps they provide. With your police and FTC reports, you will already have a couple of vital pieces of information that can help you clear your name.
Check your Social Security account to see if someone has gotten a job and used your SSN for employment purposes. Reviewing earnings associated with your SSN can uncover fraudulent use. You can also contact the Social Security Fraud Hotline at (800) 269-0271 or reach out to your local SSA office for further, ongoing assistance. Likewise, contact the Internal Revenue Service at (800) 908-4490 to report the theft and help prevent someone from submitting a tax return in your name.
As we’ve talked about in some of my other blog posts, identity theft can be a long-term problem where follow-up instances of theft can crop up over time. However, there are a few steps you can take to minimize the damage and ensure it doesn’t happen again. I cover several of those steps in detail in this blog here, yet let’s take a look at a few of the top items as they relate to SSN theft:
By placing a fraud alert, you can make it harder for thieves to open accounts in your name. Place it with one of the three major credit bureaus (Experian, TransUnion, Equifax), and they will notify the other two. During the year-long fraud alert period, it will require businesses to verify your identity before issuing new credit in your name.
A full credit freeze is in place until you lift it and will prohibit creditors from pulling your credit report altogether. This can help stop thieves dead in their tracks since approving credit requires pulling a report. However, this applies to legitimate inquires, including any that you make, like opening a new loan or signing up for a credit card. If that’s the case, you’ll need to take extra steps as directed by the particular institution or lender. Unlike the fraud alert, you’ll need to notify each of the three major credit bureaus (Experian, TransUnion, Equifax) when you want the freeze lifted.
Once every 12 months, you can access a free credit report from Experian, TransUnion, and Equifax. (And as of this writing during the pandemic, this can be done for free on a weekly basis, which is great news.) Doing so will allow you to spot any future discrepancies and offer you options for correcting them.
Using a service to help protect your identity can monitor several types of personally identifiable information and alert you of potentially unauthorized use. Our own Identity Protection Service will do all this and more, like offering guided help to neutralize threats and prevent theft from happening again. You can set it up on your computers and smartphone to stay in the know, address issues immediately, and keep your identity secured.
Of all the forms of identity theft, the theft of a Social Security Number is certainly one of the most potentially painful because it can unlock so many vital aspects of your life. It’s uniquely you, even more than your name alone – at least in the eyes of creditors, banks, insurance companies, criminal records, etc. Your SSN calls for extra protection, and if you have any concerns that it may have been lost or stolen, don’t hesitate to spring into action.
The post How to Report Identity Theft to Social Security appeared first on McAfee Blog.
What do social media companies really know about you? It’s a fair question. And the quick answer is this: the more you use social media, the more those companies likely know.
The moment you examine the question more closely, the answer takes on greater depth. Consider how much we use social media for things other than connecting with friends. While that was the original intent behind social networks, the role of social media has since evolved into something far more expansive. We use it to get our news, stay up to date on when artists will drop a new release, and sometimes reach out for customer service on a company’s social media page. In some cases, we use our social media accounts to log into other sites and apps or we even make payments through social media.
Taken together, all of those likes, taps, clicks, links, and time spent reading or watching videos can add up and paint a detailed picture of who you are.
Why are they collecting all this information? Largely, it’s for two reasons:
1. To make improvements to their platform, by better understanding your behavior and ways you like to use their service.
2. To create an exacting user profile that advertisers can use for targeting ads that they think will interest you.
That’s the exchange in play here. You use the company’s social media service for free, and in return, they gain rights to gather specific information about you, which you consent to by agreeing to their terms of service.
Let’s get into the details of what social media companies may collect and know about you—along with ways you can limit the data and information they gather.
Different social media platforms have different user agreements that cover what types of information they collect and use. For starters, we’ll speak broadly about social media companies in general, and then we’ll weave in a few specific examples along the way. Generally, they may know:
We collect information about how you use our Products, such as the types of content you view or engage with; the features you use; the actions you take; the people or accounts you interact with; and the time, frequency and duration of your activities.
When you communicate with others by sending or receiving Direct Messages, we will store and process your communications and information related to them. This includes link scanning for malicious content, link shortening to http://t.co URLs, detection of spam, abuse and prohibited images, and use of reported issues. We also use information about whom you have communicated with and when (but not the content of those communications) to better understand the use of our services, to protect the safety and integrity of our platform, and to show more relevant content.
If you use our Products for purchases or other financial transactions (such as when you make a purchase in a game or make a donation), we collect information about the purchase or transaction. This includes payment information, such as your credit or debit card number and other card information; other account and authentication information; and billing, shipping and contact details.
By the way, none of this is secret. What I’ve listed here can be found by simply reading the terms of use posted by various social media companies. Note that these terms of use can and do change. Checking up on them regularly will help you understand what is being collected and how it may be used.
This nearly goes without saying, yet another layer of data and information collection comes by way of the pictures and updates you post. Per Instagram (as of October 2021):
We collect the content, communications and other information you provide when you use our Products, including when you sign up for an account, create or share content, and message or communicate with others. This can include information in or about the content you provide (like metadata), such as the location of a photo or the date a file was created.
Another consideration is how the content you interact with on other sites may be shared with social media companies in return. Some social media companies partner with other third parties to gather this data, which is used to round out your user profile in yet more detail. That information can include purchases you made, how often you visited that third party’s site, and so on.
In the case of Facebook, they refer to this as “Off-Facebook Activity.” In their words:
Off-Facebook activity includes information that businesses and organizations share with us about your interactions with them. Interactions are things like visiting their website or logging into their app with Facebook. Off-Facebook activity does not include customer lists that businesses use to show a unique group of customers relevant ads.
The good news here is that you can take control of the Off-Facebook Activity setting with a few clicks.
No doubt about it, the content you create and interact with, both on the social media sites and sometimes off of them as well, can generate information about you that’s collected by social media companies.
Short of deleting your accounts altogether, there are several things you can do to take control and limit the amount of information you share.
For example, you can visit your Facebook Settings, Instagram Settings, and Twitter Settings, which each gives you options for managing your information—or download it and even delete it from their platform outright if you wish. (Note that this will likely only delete data associated with your account. Content you posted or shared with other people on their accounts will remain.)
As noted above, this isn’t an absolute fix because social media companies can infer your location other ways. Yet taking this step gives them one less piece of exacting information about you.
Each platform will have its own settings and options, so give them a look. Here, you can determine which information advertisers are allowed to use to serve up ads to you, set rules for facial recognition, enable or disable location history, and much more. If possible, do this from your computer or laptop rather than your smartphone. Often, the account controls that you can access from a computer browser are far more comprehensive than the ones in a mobile app.
Using direct messaging on social media platforms may tell social media companies even more about you and who you interact with. When possible, think about using text messaging instead or other means of communication that aren’t tied to a social media company.
Some apps and sites will allow you to use your social media login instead of creating a new one. While convenient, this can provide the social media company with more information about you. Additionally, if your social media account is compromised, it could compromise the other accounts that are tied to it as well. Check your settings and look for “Apps and Websites” to see what’s connected to your social media account, what’s being shared, and how you can disable it.
Protection like ours will include a VPN, which anonymizes your online activity and thus may shield you from certain types of information collection, such as your location. Additionally, using online protection software is simply a good move because it can create and store strong, unique passwords for you, steer you clear of risky sites, protect your identity, and make your time online safer overall.
The very nature of social media is sharing and exchanging. That’s the draw it has—the way it keeps us connected to the people, pastimes, and things we care about. Yet that exchange runs deeper. In return for using these free services, social media companies collect information on us which they use to improve their platforms and generate revenue. It’s all there for you to see in the various terms of use associated with your social media accounts. In short, using social media means sharing information about yourself with social media companies.
Yet you can do several things to reduce the amount of information that social media companies know about you. By spending some time on the account and privacy settings for each of your social media accounts, you can determine what information you’re providing to them and get a much better sense of what social media companies know about you.
The post What Do Social Media Companies Know About You? appeared first on McAfee Blog.
Spyware is tricky. Some types notify users that they’re monitoring activity. Others function in stealth mode and use the information they collect for nefarious purposes. Spyware is a type of software that collects data about online users and reports it to a company or an individual. What just about everyone can agree on is that anonymous browsing is looking more and more appealing and is likely the way of the future.
Here’s more about the types of spyware, which types are legal, and how you can scrub your device and live more confidently online.
Here are a few types of spyware and facts about each:
Is it legal? Definitely not!
What is its purpose? Criminal
Keyloggers are the most intrusive of the spyware variations. It does exactly as its name suggests: It takes note of keyboard strokes, logs them, and reports to the owner of the nefarious software. Once the cybercriminal has digitally looked over your shoulder at your online activity, they make note of your passwords, walk into your online accounts, and pilfer your private personal information. They could use this information to gain entry to your online bank accounts or steal your identity.
Keyloggers are downloaded onto devices (cellphones, tablets, laptops, or desktop computers) without the user’s knowledge. Cybercriminals can hide them within email attachments or in malicious web pages. So, the best way to steer clear of keyloggers is to never download attachments you’re unsure about and don’t visit sites that seem unprofessional. One rule of thumb is to mostly stick to URLs that begin with https and include a lock icon. These sites are almost always secure.
To determine if your device is infected with a keylogger, check your system’s performance. Is your device running slowly? See if there are any spikes in activity or unknown programs running in the background. This could indicate that your device is hosting a malicious program.
Is it legal? Sometimes
What is its purpose? Advertising and criminal
Adware is categorized as a type of spyware. It tracks users’ online activity and spits out targeted pop-up advertisements. If you have the pop-up blocker enabled on your browser, you’ll likely be spared from the annoyance. Additionally, pop-ups can slow your device, so that’s another reason to turn on the pop-up blocking feature. Legitimate adware often asks users to opt into targeted ads.
Adware turns malicious (and illegal) when it contains malware. Sometimes cyber criminals hide malware within pop-ups. It’s easy to accidentally hit a link within a pop-up when you’re aiming quickly for the X to close it.
It’s easy to spot a device with an adware infestation. First, the number of pop-ups will be out of control. Also, the device will crash often, run very slowly, and have a short battery life. An antivirus program will likely be able to identify and remove the culprit. You can also check out your system monitor and end tasks that are draining your device’s power.
Is it legal? Yes
What is its purpose? Advertising
Cookies are delicious, especially to advertisers who use them to better target ads and make profits selling collected user data to third-party companies. Cookies are sometimes categorized as spyware, because they log the websites you visit and report them. You may notice the banners on websites that ask you to accept cookies.
Many users today are uneasy with sharing their online activity with strangers and advertisers. Sometimes the ads that pop up on your social media feed or in sidebars seem a little too targeted and it feels like someone is listening in to your conversations and attempting to make a profit from them.
How to Browse Free of Spyware
To scrub cybercriminals from your devices and confuse advertisers, consider the following steps you can easily add to your daily routine:
The post How to Live a Digital Life Free of Spyware appeared first on McAfee Blog.
Can thieves steal identities with only a name and address?
In short, the answer is “no.” Which is a good thing, as your name and address are in fact part of the public record. Anyone can get a hold of them. However, because they are public information, they are still tools that identity thieves can use.
If you think of your identity as a jigsaw puzzle, your name and address are the first two pieces that they can use to build a bigger picture and ultimately put your identity at risk.
With that, let’s look at some other key pieces of your identity that are associated with your name and address—and what you can do to protect them.
For starters, this information is so general that it is of little value in of itself to an identity thief. Yet a determined identity thief can do a bit of legwork and take a few extra steps to use them as a springboard for other scams.
For example, with your name and address a thief could:
There are volumes of public information that are readily available should someone want to add some more pieces to your identity jigsaw puzzle, such as:
In the U.S., the availability of such information will vary from state-to-state and different levels of government may have different regulations about what information gets filed—in addition to whether and how those reports are made public. Globally, different nations and regions will collect varying amounts of public information and have their own regulations in place as well. More broadly, though, many of these public databases are now online. Consequently, accessing them is easier than the days when getting a hold of that information required an in-person visit a library or public office.
Thieves can gain additional information about you from other online sources, such as data brokers. And data brokerage is a big business, a global economy estimated at $200 billion U.S. dollars a year. What fuels it? Personal information, representing thousands of data points on billions of people scraped from public records, social media, smartphone apps, shopper loyalty cards, third-party sources, and sometimes other data broker sites as well.
The above-the-board legal intent of data broker sites is to sell that information to advertisers so that they can create highly targeted campaigns based on people’s behaviors, travels, interests, and even political leanings. Others such as law enforcement officials, journalists, and others who are conducting background checks will use them too.
On the dark side, hackers, scammers, and thieves will buy this information as well, which they can use to commit identity theft and fraud. The thing is, data brokers will sell to anyone. They don’t discriminate.
Phishing attacks aren’t just for email, texts, and direct messages. In fact, thieves are turning to old tricks via old-fashioned physical mail. That includes sending phony offers or by impersonating officials of government institutions, all designed to trick you into giving up your personally identifiable information (PII).
What might that look like in your mailbox? They can take the form of bogus lottery prizes that request bank information for routing (non-existent) winnings. Another favorite of scammers are bogus tax notifications that demand immediate payment. In all, many can look quite convincing at first blush, yet there are ready ways you can spot them. In fact, many of the tips for avoiding these physical mail phishing attacks are the same for avoiding phishing attacks online, which we outline in detail here.
Recently, I’ve seen a few news stories like this where thieves reportedly abuse the change-of-address system with the U.S. Postal Service. Thieves will simply forward your mail to an address of their choosing, which can drop sensitive information like bank and credit card statements in their mailbox. From there, they could potentially have new checks sent to them or perhaps an additional credit card—both of which they can use to drain your accounts and run up your bills.
The Postal Service has mechanisms in place to prevent this, however. Among which, the Postal Service will send you a physical piece of mail to confirm the forwarding. So, if you ever receive mail from the Postal Service, open it and give it a close look. If you get such a notice and didn’t order the forwarding, visit your local post office to get things straightened out. Likewise, if it seems like you’re missing bills in the mail, that’s another good reason to follow up with your post office and the business in question to see if there have been any changes made in your mail forwarding.
So while your name and address are out there for practically all to see, they’re largely of little value to an identity thief on their own. But as mentioned above, they are key puzzle pieces to your overall identity. With enough of those other pieces in hand, that’s where an identity thief can cause trouble.
Other crucial pieces of your identity include:
Let’s start with the biggest one. This is the master key to your identity, as it is one of the most unique identifiers you have. As I covered in my earlier blog on Social Security fraud, a thief can unlock everything from credit history and credit line to tax refunds and medical care with your Social Security or tax ID number. In extreme cases, they can use it to impersonate you for employment, healthcare, and even in the event of an arrest.
You can protect your Social Security Number by keeping it locked in a safe place (rather than in your wallet) and by providing your number only when absolutely necessary. For more tips on keeping your number safe, drop by that blog on Social Security fraud I mentioned.
Thieves have figured out ways of getting around the fact that IDs like these include a photo. They may be able to modify or emulate these documents “well enough” to pull off certain types of fraud, particularly if the people requesting their bogus documents don’t review them with a critical eye.
Protecting yourself in this case means knowing where these documents are at any time. (With passports, you may want to store those securely like your Social Security or tax ID number.) Also be careful when you share this information, as the identifiers on these documents are highly unique. If you’re uncomfortable with sharing this information, you can ask if other forms of ID might work—or if this information is really needed at all. Also, take a moment to make copies of these documents and store them in a secure place. This can help you provide important info to the proper authorities if they’re lost or stolen.
With data breaches large and small making the news (and many more that do not), keeping a sharp eye on your accounts is a major part of identity theft prevention. We talk about this topic quite often, and it’s worth another mention because protecting these means protecting yourself from thieves who’re after direct access to your finances and more.
Secure your digital accounts for banking, credit cards, financials, and shopping by using strong, unique passwords for each of your accounts that you change every 60 days. Sound like a lot of work? Let a password manager do it for you, which you can find in comprehensive online protection software. By changing your strong passwords and keeping them unique can help prevent you from becoming a victim if your account information is part of a breach—by the time a crook attempts to use it, you may have changed it and made it out of date.
In addition to protecting the core forms of identity mentioned above, a few other good habits go a long way toward keeping your identity secure.
By protecting your devices, you protect what’s on them, like your personal information. Comprehensive online protection software can protect your identity in several ways, like creating and managing the strong, unique passwords we talked about and providing further services that monitor and protect your identity—in addition to digital shredders that can permanently remove sensitive documents (simply deleting them won’t do that alone.) Further, it can monitor your identity and monitor your credit, further protecting you from theft and fraud.
Identity theft where thieves dig through trash or go “dumpster diving” for literal scraps of personal info in bills and statements, has been an issue for some time. You can prevent it by shredding up any paper medical bills, tax documents, and checks once you’re through with them. Paper shredders are inexpensive, and let’s face it, kind of fun too. Also, if you’re traveling, have a trusted someone collects your mail or have the post office put a temporary hold on your mail. Thieves still poach mail from mailboxes too.
Getting statements online cuts the paper out of the equation and thus removes another thing that a thief can physically steal and possibly use against you. Whether you use electronic statements through your bank, credit card company, medical provider, or insurance company, use a secure password and a secure connection provided by a VPN. Both will make theft of your personal info far tougher on identity thieves.
A VPN is a Virtual Private Network, a service that protects your data and privacy online. It creates an encrypted tunnel to keep you more anonymous online by masking your IP address, device information, and the data you’re passing along that connection. In this way, it makes if far more difficult for advertisers, data brokers, and bad actors to skim your private information—in addition to shielding your information from crooks and snoops while you’re banking, shopping, or handling any kind of sensitive information online.
Give your statements a close look each time they come around. While many companies and institutions have fraud detection mechanisms in place, they don’t always catch every instance of fraud. Look out for strange purchases or charges and follow up with your bank or credit card company if you suspect fraud. Even the smallest charge could be a sign that something shady is afoot.
This is a powerful tool for spotting identity theft. And in many cases, it’s free to do so. In the U.S., the Fair Credit Reporting Act (FCRA) requires the major credit agencies to provide you with a free credit check at least once every 12 months. Canada provides this service, and the UK has options to receive free reports as well, along with several other nations. It’s a great idea to check your credit report, even if you don’t suspect a problem.
If the thought of your personal info being bought and sold puts you off, there’s something you can do about it. Our Personal Data Cleanup service can scan some of the riskiest data broker sites and show you which ones are selling your personal info. It also provides guidance on how you can remove your data from those sites, and with select products, it can even manage the removal for you.
While thieves need more than just your name and address to commit the overwhelming majority of fraud, your name and address are centerpieces of the larger jigsaw puzzle that is your overall identity.
And the interesting thing is your puzzle gets larger and larger as time goes on. With each new account you create and service that you sign into, that’s one more piece added to the puzzle. Thieves love getting their hands on any pieces they can because with enough of them in place they can try and pull a fast one in your name. By looking after each piece and knowing what your larger jigsaw puzzle looks like, you can help keep identity thieves out of your business and your life.
The post Can Thieves Steal Identities With Only a Name and Address? appeared first on McAfee Blog.
You may have spotted the news last week that U.S. federal prosecutors brought charges against the former chief security officer of Uber. At issue was a breach that occurred in 2016, where prosecutors allege that he covered up a $100,000 payoff to the hackers responsible for the attack. The specific charges are obstructing justice and concealing a felony for the alleged cover-up.
While the breach itself is relatively old news and the company has since paid a $148 million settlement along with an agreement to regular audits of its privacy and security systems, this is a reminder that breaches happen. What’s more, it may be some time before you become aware of them, even in instances when companies move quickly, transparently, and in your best interest.
According to research we recently published, nearly three-quarters of all breaches have required public disclosure or have affected financial results, up five points from 2015. Additionally, industry studies show that it can take roughly nine month on average to identify and contain a breach. Yes, that’s more than nine months, and a lot can happen to your credit in that timeframe. Thus the onus is on us to be vigilant about our own credit.
Here’s a quick list of things you can do right now to keep on top of your credit—and that you can do on an ongoing basis as well, because that’s what it takes to keep tabs on your personal info today.
Closely monitor your online accounts: Whether it’s your credit card statements, banking statements, or your individual accounts for services like Uber, review them closely. If you see any suspicious activity, notify the institution or service and put a freeze on your account(s) as needed. Even a small charge can indicate a bigger problem, as that means your information is out there in the wild and could be used for bigger purchases down the pike. In the event you feel your Uber account has been compromised, you can contact them via their “I think my Uber account has been hacked” page.
Update your settings: That includes your privacy settings in addition to changing your password. As far as passwords go, strong and layered passwords are best, and never reuse your credentials across different platforms. Plus, update your passwords on a regular basis. That’ll further protect your data. Using a password manager will help you keep on top of it all, while also storing your passwords securely.
Enable two-factor authentication: While a strong and unique password is a good first line of defense, enabling app-based two-factor authentication across your accounts will help your cause by providing an added layer of security.
Check your credit: Depending on where you live, there are different credit reporting agencies that keep a centralized report of all your credit activities. For example, the major agencies in the U.S. are primarily Equifax, Experian, and TransUnion. Likewise in the U.S., the Fair Credit Reporting Act (FCRA) requires these agencies to provide you with a free credit check at least once every 12 months. It’s a relatively quick process, and you might be surprised what you find—anywhere to incorrect address information to bills falsely associated with your name. Get your free credit report here from the U.S. Federal Trade Commission (FTC). Other nations provide similar services, such as the free credit reports for UK customers.
Freeze your credit: Freezing your credit will make it impossible for criminals to take out loans or open up new accounts in your name. To do this effectively, you will need to freeze your credit at each of the three major credit-reporting agencies (Equifax, TransUnion, and Experian).
Consider using identity theft protection: A solution like McAfee Identify Theft Protection will help you to monitor your accounts and alert you of any suspicious activity in addition to the activities I’ve listed above. Additionally, you can use a comprehensive security solution such as McAfee Total Protection to help protect your devices and data from known vulnerabilities and emerging threats.
For all the technology we have at our fingertips, our best defense is our eyes. Keeping a lookout for fishy activity and following up with family members when unfamiliar charges show up on your accounts will help you keep your good name in good standing.
The thing is, we never know when the next data breach might hit and how long it may be until that information is discovered and finally disclosed to you. Staying on top of credit has always been important, but given all our apps, accounts, and overall exposure these days, it’s a must.
To stay updated on all things McAfee and for more resources on staying secure from home, follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.
The post Uber Data Breach and How to Protect Your Info appeared first on McAfee Blog.
FreshRSS 