McAfee Labs has discovered a massive, ongoing malware campaign called WeedHack that disguises itself as free Minecraft mods and game clients to infect players’ computers. Since January 2026, it has logged more than 116,000 victim infections, averaging 2,000 to 3,000 new hits every single day.
What makes WeedHack different from most malware is how cheap and easy it is to use.
Typically, a hacker would pay hundreds of dollars per month to access attack tools through underground criminal networks. WeedHack offers a free version to anyone with a Discord account and an internet connection. A premium upgrade, which includes the ability to secretly watch victims through their own webcam, starts at just $5 a month.
This low barrier has attracted a younger crowd of would-be attackers, many of them appear to be teenagers or young adults. Our researchers were startled to discover teens using these tools not just for financial theft, but to harass and bully their peers, a pattern we’ve documented and that makes this campaign especially concerning.
The good news for McAfee users: Web Protection actively blocks the sites distributing WeedHack, and Threat Explainer tells you exactly why a flagged file is dangerous, so you’re never left guessing.
| What | Details |
| Campaign name | WeedHack |
| Active since | January 2026 |
| Total victims logged | 116,464+ |
| New infections per day | ~2,000–3,000 |
| Malicious files discovered | 3,820+ unique files |
| Malicious download URLs | 240+ |
| Free tier available? | Yes. Anyone can sign up |
| Premium price | Starting at $5/month; $24.99 lifetime |
| Who is being targeted | Minecraft players worldwide |
| Most affected country | United States, followed by Germany, India, the UK, Italy, and others |
| What attackers can access | Once installed, it can steal passwords, hijack accounts, and, for paying customers, it can give the attacker live access to the victim’s screen, webcam, and files. |
| The financial impact | It can steal Discord tokens, crypto wallet credentials, Minecraft account credentials.
Hackers will hold your information for ransom, requiring a large payment in exchange for your data. |
Read our research team’s full report here.
WeedHack is a Malware-as-a-Service (MaaS) campaign, meaning it’s a criminal business that sells hacking tools to customers, the same way a legitimate software company sells subscriptions.
The “product” is malware that gets secretly installed on a victim’s computer when they download what they think is a Minecraft mod or client. Once installed, it can steal passwords, hijack accounts, and, for paying customers, it can give the attacker live access to the victim’s screen, webcam, and files.
The campaign operates a polished, professional-looking dashboard hosted openly on the internet (not the dark web). That dashboard lets customers track their victims, download stolen data, and launch remote access features, all from a browser.
One of the most disturbing findings from our investigation is how WeedHack is being used.
While monitoring the campaign’s Telegram channel, which had over 850 members during the time of our research, we observed that many customers appear to be teenagers and young adults, and a significant portion are using the remote access tools not for financial gain, but to harass and intimidate other players.
We observed attackers recording victims through their webcams without consent and sharing those recordings in the Telegram channel as trophies. Others used knowledge of victims’ IP addresses and system access to threaten them.
It’s important to note that, at the current time of publishing, the Telegram channel has been taken down, and no replacement channel has appeared. McAfee is continuing to monitor any new channels that may be established by the threat actors for further communication.
Still, what we observed is a form of cyberbullying with unusually invasive tools behind it. If you or your child has been contacted by someone online claiming they have hacked your computer, have your webcam footage, or know your IP address, take it seriously.
What to do if this happens:
WeedHack spreads in two main ways, and the campaign even provides its customers with step-by-step tutorials on how to carry out both.
Attackers create convincing YouTube videos reviewing or demonstrating Minecraft clients and mods.
The videos are well-produced, some include voiceover narration, and link to malicious download sites in the description and comments.
One video McAfee identified had over 7,500 views before being flagged. Comments are also sometimes planted by the attackers claiming the files are safe.
WeedHack instructs customers to build convincing-looking websites that mimic official Minecraft mod pages. These sites are deliberately designed to show up high in search engine results for popular mod names, a tactic called SEO poisoning.
Some fake sites include fake security warnings, Discord links, and GitHub references to appear legitimate. In one case, a site warned players to “only download from us,” while actively distributing malware.
Minecraft clients and mods specifically targeted include: Meteor Client, Radium Client, Wurst Client, LiquidBounce, Impact Client, Future Client, and others.
Infection happens in four stages that happen silently in the background after a victim opens the downloaded file.
Stage 1 – First Contact: The malicious file launches quietly (without showing a console window), connects to a hidden network, and phones home to receive further instructions. It uses a sophisticated technique involving the Ethereum blockchain to locate its command server in a way that’s difficult to block or take down.
Stage 2 – Taking Hold: The malware disables Windows Defender protections, gathers detailed information about the victim’s computer (processor, graphics card, RAM, operating system), and takes a screenshot of their screen. It then steals Discord tokens and browser passwords and cookies. For McAfee users, this is where Web Protection would prevent users from visiting the site, and where our Antivirus would prevent any downloaded malware from taking hold.
Stage 3 – Digging In: The malware installs itself so that it automatically restarts every time the victim logs into their computer. It sets up a hidden scheduled task that runs continuously, even at the highest system privileges.
Stage 4 – Full Access: For premium customers, an additional component is installed that connects the attacker to the victim’s computer in real time. This includes live screen sharing with keyboard and mouse control, webcam access, keylogging (recording every keystroke), a reverse shell (full command-line access to the computer), and the ability to upload or download any files.
A separate component specifically hunts for Telegram credentials and cryptocurrency wallets, sending that data to a different server every five minutes.
Visit our guide: How to Quickly Remove Malware in 2026.
Free tier steals:
Premium tier adds:
Minecraft’s mod ecosystem is enormous and largely unregulated. Kids routinely search YouTube and Google for performance-boosting clients, cosmetic mods, and gameplay cheats, exactly the kinds of things WeedHack exploits.
Here’s a practical guide for families:
| Red Flag | Safe Practice |
| The mod isn’t on the developer’s official website | Only download from CurseForge, Modrinth, or the mod’s verified GitHub |
| A site or video tells you to disable your antivirus to run the file | Never disable antivirus for a game mod. Legitimate mods don’t ask you to |
| A site you’ve never heard of claims to be the “only official” source | If you can’t verify the site is official, don’t download from it |
| Download links are in YouTube comment sections | Treat comment section links as a red flag, always |
| Your antivirus flags a file as malware, but they try to tell you to ignore it, it’s a “false alarm” | Use McAfee’s Threat Explainer to find out why this is malicious. Don’t disable antivirus |
One of the best ways parents can protect their families is with McAfee’s award-winning antivirus and Web Protection, which are specifically designed to detect threats like WeedHack and help block malicious downloads before a device can be compromised.
McAfee has been actively tracking WeedHack samples and detects this threat under the following signatures:
McAfee provides multiple layers of protection against threats like WeedHack.
Together, these protections help proactively block risky downloads, reactively stop malware, and explain what to watch for next.
McAfee Labs continues to monitor WeedHack and will update coverage as new samples and domains are identified. For the full technical report including indicators of compromise, see the McAfee Labs analysis.
| Term | What it means |
| Malware-as-a-Service (MaaS) | A criminal business model where hackers sell or rent attack tools to other people, just like a software subscription |
| RAT (Remote Access Trojan) | Malware that gives an attacker remote control over a victim’s device — screen, files, camera, and more |
| Infostealer | Malware designed to silently collect and transmit passwords, cookies, and account credentials |
| SEO Poisoning | Manipulating search engine results so a malicious website appears near the top when someone searches for a legitimate product |
| Minecraft Client/Mod | Third-party software that modifies or enhances the Minecraft game experience. Legitimate ones are common; WeedHack fakes them |
| Minecraft Session ID | A token that proves you’re logged into Minecraft. Stealing it lets an attacker take over your account without your password |
| Keylogger | Software that secretly records every key a person types — including passwords, messages, and search queries |
| Reverse Shell | A connection from the victim’s computer back to the attacker that gives the attacker full command-line control |
| EtherHiding | A technique that hides a malware’s server address inside the Ethereum blockchain, making it very difficult to block |
| Discord Token | A credential that lets someone access your Discord account. Stealing it gives attackers full access without needing your password |
The post New Malware Targeting Minecraft Infects 2K Daily, and Teens are Becoming Attackers appeared first on McAfee Blog.
Authored by Aayush Tyagi
Minecraft is a 2011 sandbox game developed and published by Mojang Studios. It is the best-selling video game in the world and has sold over 350 million copies worldwide. Its popularity has spanned over a decade due to its versatile gameplay, offering multiple game modes, including one of the most memorable Story Mode in gaming history.
It allows players to create and host multiplayer servers with a variety of gameplay options and offers a wide range of custom launchers, game mods, and cheats to choose from.
Its massive popularity and widespread use of third-party tools have also given rise to a dark side of the Minecraft ecosystem, which is filled with Remote Access Trojans (RATs), credential stealers, keyloggers and other malware threats.
McAfee Labs has recently uncovered a colossal Minecraft-focused Malware-as-a-Service (MaaS) campaign named ‘Weedhack’, that allows threat actors to remotely access and manipulate the victims’ screen, webcam and file system through a dashboard hosted on the clear net, making it easily accessible to anyone with a Discord account and an internet connection.
The post Game Over: WeedHack – The Rise of Minecraft Malware-as-a-Service Campaigns appeared first on McAfee Blog.
Whether you’re planning a once-in-a-lifetime trip or just hoping to catch a match while it’s in your city, the 2026 FIFA World Cup is already driving a surge in ticket searches, travel bookings, and last-minute plans.
But where there’s high demand and big money, scammers aren’t far behind.
“The World Cup is one of those events where excitement and cost collide,” says Abhishek Karnik, Head of Threat Research at McAfee. “Tickets have been expensive, and for many people, especially families or fans traveling, the costs add up quickly between tickets, flights, hotels, and everything else that comes with attending.”
“When prices feel out of reach, people naturally start looking for better deals or cheaper options. That is where things can get tricky. If someone suddenly offers what feels like a great price compared to everything else out there, it can feel like a rare opportunity worth jumping on. Scammers understand that.”
Let’s break down the new McAfee research, what scams to watch for, and how McAfee’s tools help you stay safe.
New research from McAfee shows that while most fans are aware of World Cup-related scams, many are still willing to take risks to secure tickets.
In fact, 40% say they would consider buying from an unofficial source if they can’t get tickets through the official FIFA site, as many expect tickets to sell out and hope to find affordable resale options.
That tension is what makes events like the World Cup especially vulnerable for scams.
With limited ticket availability, rising prices, and the pressure to act quickly, even informed fans can find themselves making decisions they normally wouldn’t, like buying tickets from a reseller on TikTok.
And scammers are counting on it.
Survey takeaways:
“Usually, it is not just one thing that gives a scam away,” Karnik says. “It is when a few warning signs start adding up at once, pressure to act quickly, prices that feel unusually low, or details that seem slightly off.”
“One of the biggest is urgency around pricing. If someone is pushing a deal that feels dramatically cheaper than similar tickets, claiming prices are about to go up, or creating pressure to buy immediately, that is worth paying attention to. Creating artificial urgency around a ‘great deal’ is one of the easiest ways scammers get people excited enough to move quickly.”
Below is a comprehensive breakdown of the most common scams tied to major global sporting events like the World Cup, including how they work and what to look for.
McAfee’s Scam Detector, Safe Browsing tools, VPN, and Password Manager work together to help you spot scams like these as they happen by flagging suspicious messages, blocking risky websites, and helping you make safer decisions before you click, pay, or share information.
| Scam Type |
What It Is | How It Works | Red Flags |
| Fake Ticket Resale Scam | Fraudulent tickets sold through unofficial sites or individuals | Scammers create fake listings or duplicate real tickets and sell them to multiple buyers | Prices far below or above market, refusal to use official transfer systems, pressure to act fast |
| Social Media Ticket Scam | Tickets sold through platforms like Instagram, Facebook, TikTok, or X | Fake or hacked accounts post “last-minute” ticket offers and move conversations to DMs | Urgent language (“only 2 left”), new or suspicious profiles, requests to pay outside the platform |
| Duplicate QR Code Scam | One legitimate ticket is resold multiple times | Multiple buyers receive the same QR code, but only the first scan works | Screenshots instead of official transfers, identical tickets sold repeatedly |
| Fake Ticket Website Scam | Websites designed to look like official ticket platforms | Victims enter payment info or purchase tickets that don’t exist | Slightly misspelled URLs, unfamiliar domains, lack of official branding verification |
| Travel & Accommodation Scam | Fake hotels, rentals, or travel packages | Listings appear legitimate but either don’t exist or are already booked | Prices that seem unusually low, requests for upfront payment, lack of verified reviews |
| Booking Impersonation Scam | Fraudsters pose as airlines, hotels, or booking platforms | Victims receive messages about “issues” with bookings and are asked to click links or provide info | Unexpected messages, requests for login or payment details, links that don’t match official sites |
| Public Wi-Fi & Phishing Scam | Data theft through unsecured networks while traveling | Scammers intercept data or create fake login portals on public Wi-Fi | Open networks with no password, login pages asking for unnecessary information |
| Fake Giveaway Scam | Promotions claiming free tickets or VIP access | Victims are asked to enter personal data, click links, or pay “processing fees” | “You’ve won” messages you didn’t enter, requests for payment to claim prizes |
| Betting & Prediction Scam | Fake betting tips or “guaranteed wins” tied to matches | Scammers sell fake predictions or direct users to malicious betting sites | Claims of guaranteed outcomes, requests for upfront payment, unfamiliar platforms |
| Merchandise Scam | Counterfeit World Cup gear sold online | Buyers receive low-quality or no product at all | Unverified sellers, poor site quality, deals that seem too good to be true |
Unfortunately, with the continued improvement of AI, these scams are becoming more convincing.
AI tools allow scammers to create:
That means traditional advice like “look for typos” is no longer enough on its own.
Today’s scams often look polished, professional, and believable.
For the World Cup, official ticket sales happen through designated FIFA sales phases and platforms.
Buying outside those channels increases the risk of:
Even if a ticket looks legitimate, it may be:
When in doubt, go directly to the official FIFA website instead of clicking links from messages or ads. You can also visit their comprehensive FAQ section for all your ticket and event questions.
Here are practical steps fans can take to reduce risk:
| Safety Check | What To Do |
| Buy from official sources | Use FIFA’s official ticket platform whenever possible |
| Avoid clicking links in messages | Navigate directly to official websites instead. McAfee’s Safe Browing tools help prevent you from opening malicious links. |
| Be cautious with resale offers | Verify platforms and avoid direct peer-to-peer payments |
| Check QR codes before you scan them | You can check for QR code scams on-demand with Scam Detector |
| Don’t pay with untraceable methods | Avoid wire transfers, gift cards, or crypto-only payments |
| Double-check URLs | Look for misspellings or unusual domains |
| Use secure connections | Avoid making purchases on public Wi-Fi, or use a VPN like McAfee’s. |
| Protect your accounts | Use strong passwords and enable two-factor authentication. Consider a password manager like McAfee’s. |
| Verify before you buy | If something feels off, pause and check before sending money |
If you think you may have purchased a fraudulent ticket, clicked a suspicious link, or shared information with a scammer, acting quickly can help limit the impact.
Stop communication immediately
Do not send additional money or information, even if the sender claims you need to “complete” a transaction. It’s also a good idea to take screenshots of messages in case the scammer disappears.
Contact your bank or payment provider
Report the transaction as soon as possible. Many institutions can help reverse charges or flag fraudulent activity if caught early.
Secure your accounts
Change passwords for any accounts that may be affected, especially email, banking, and ticketing platforms. Our password manager and free password generator help create unique passwords every time.
Enable two-factor authentication (2FA)
Adding an extra layer of security can help prevent unauthorized access, even if your password was exposed.
Scan your device for threats
If you clicked a suspicious link or downloaded a file, run a security scan to check for malware or malicious software. Check out our free security scan.
Monitor for unusual activity
Keep an eye on financial accounts, email logins, and any services tied to your personal information. Our free WebAdvisor helps protect you from malware and phishing attempts while you surf.
McAfee offers more than traditional antivirus, combining multiple layers of digital protection in one app to help you stay safer while searching, clicking, and buying online.
Scam Detector helps flag suspicious texts, emails, and videos automatically, so you can spot a scam before it hits you and your wallet
Safe Browsing tools help block risky websites, alert you to phishing attempts, and guide you away from malicious links
VPN helps keep your connection private on public Wi-Fi, protecting your personal and payment information
Password Manager helps create and store strong, unique passwords to reduce the risk of account takeover
Identity Monitoring and Alerts notify you if your personal information appears where it shouldn’t, so you can quickly take steps to fix it
Personal info removal helps find and remove your personal info from data broker sites and close out old forgotten accounts
Device and Account Security helps protect the devices and accounts you use every day
The World Cup isn’t just another event, it’s a moment when millions of people are making fast decisions involving real money, travel plans, and personal information.
What McAfee’s research makes clear is that the biggest risk isn’t a lack of awareness. Most fans already know scams exist. The risk is what happens next.
“When prices feel out of reach, people naturally start looking for better deals or cheaper options. That is where things can get tricky. If someone suddenly offers what feels like a great price compared to everything else out there, it can feel like a rare opportunity worth jumping on,” Karnik says. “Scammers understand that.”
“If somebody claims they have hard-to-get tickets at an unusually good price, especially for a popular match, people may feel pressure to act quickly before the opportunity disappears.”
As demand continues to build toward the tournament, more fans will be searching, comparing, and purchasing online.
The takeaway is simple: Staying safe isn’t just about knowing scams exist. It’s about slowing down, verifying before you buy, and using tools that help you make informed decisions in the moment.
*McAfee is not affiliated with or endorsed by FIFA.
The post Are Your World Cup Tickets Legit? 40% of Fans May Risk Unofficial Sellers appeared first on McAfee Blog.
Trevor Lawrence didn’t actually cut his hair.
But millions of people thought he did.
The Jacksonville Jaguars recently released a viral schedule announcement video that appeared to show their star quarterback chopping off his signature long blond hair. The clip spread quickly online, pulling in nearly 4 million views on X and triggering reactions from fans, friends, and even Lawrence’s grandmother.
The catch? It wasn’t real.
The team later confirmed the moment was partially staged, partially AI-generated and part of the joke. Even Lawrence admitted the fake looked convincing.
And that’s exactly the problem.
What started as a harmless sports prank is also a reminder of how realistic AI-generated videos have become and how easily scammers can use the same technology to fool people online.
Deepfake scams use artificial intelligence to clone someone’s face, voice, or likeness to create fake videos, ads, phone calls, or social media posts that appear real.
And increasingly, scammers are using celebrities, influencers, athletes, and trusted public figures to do it.
According to McAfee research:
Why does it work? Because scammers know familiarity lowers our guard.
When people see a recognizable face, whether it’s Trevor Lawrence, Taylor Swift, Tom Hanks, or a favorite influencer, they’re more likely to trust what they’re seeing before stopping to question it.
The Jaguars video was meant as entertainment.
But scammers are already using the same technology for fraud.
McAfee researchers recently identified a growing wave of celebrity deepfake scams involving fake giveaways, investment schemes, romance scams, and fraudulent ads.
Some recent examples include:
In one high-profile case, a woman reportedly lost nearly $900,000 to scammers impersonating Brad Pitt using AI-generated images and messages.
The technology is getting good enough that “seeing is believing” no longer applies online.
Here are some of the biggest red flags to watch for:
| Red Flag | What to Watch For |
| Emotional urgency | “Act now,” “limited time,” or panic-driven messaging |
| Too-good-to-be-true offers | Free giveaways, investment promises, miracle products |
| Slightly unnatural video details | Off-sync lips, robotic speech, strange blinking, awkward lighting |
| Fake verified-looking accounts | Usernames with extra characters or copied profile photos |
| Requests for money or personal data | Especially through DMs, crypto links, gift cards, or wire transfers |
AI scams are evolving fast, but layered protection can help you stay ahead of them.
McAfee’s Scam Detector, included in all core McAfee plans, can help identify suspicious links, messages, videos, and deepfake-related scams across texts, email, and social platforms before you click.
Additional protections like Web Protection and Identity Monitoring can also help reduce your risk if scammers attempt to steal your credentials or personal information.
Charter Communications confirmed a data breach tied to a third-party vendor, exposing customer information. Whenever breaches like this happen, scammers often follow up with phishing emails and fake customer support calls pretending to help affected users.
Reports surrounding a potential 7-Eleven data breach are circulating online. Consumers should stay alert for fake password reset emails, loyalty account phishing attempts, and scam texts impersonating retailers.
A tragic case tied to an alleged Tom Selleck impersonation scam is drawing attention to the growing threat of celebrity AI fraud. Experts warn that scammers are increasingly using fake celebrity profiles, AI-generated messages, cloned voices, and deepfake videos to build trust with victims online, especially older adults.
The case underscores how emotionally manipulative and financially devastating these scams can become.
Researchers told The Verge that attackers are beginning to manipulate chatbot behavior and personalities to trick users into unsafe actions, highlighting growing concerns around AI trust and social engineering.
A phishing scam making headlines this week uses fake inheritance notices and “unclaimed estate” emails to pressure victims into sharing personal information.
Unlike older scam emails full of spelling mistakes, newer versions look polished and professional, often using legal-sounding language, fake reference numbers, and urgent 48-hour deadlines designed to trigger panic before people stop to verify the message.
The next deepfake won’t always look fake. That’s what makes these scams dangerous.
Here are some practical, go-to tips
And we’ll be back next week with more.
The post Trevor Lawrence’s Viral “Haircut” is a Lesson in Deepfakes: This Week in Scams appeared first on McAfee Blog.
Your Windows PC or Mac already includes built-in security features, and that’s a good thing. These tools provide an important first layer of protection against malware and other common threats users encounter every day.
But today, staying safe online is about much more than blocking viruses.
Scam texts arrive daily. Phishing emails imitate trusted brands. Fake websites are designed to steal passwords and payment information. Personal details can appear on data broker sites. AI Deepfakes are more convincing than ever. And most households use multiple devices, from laptops and phones to tablets and Chromebooks.
That’s why McAfee+ Advanced combines device security with scam protection, identity monitoring, personal info removal, web protection, and secure VPN to help protect the many parts of your digital life.
Let’s break down what built-in security does, and what McAfee does differently:
Both Windows 11 and macOS include a range of built-in security features designed to help protect your device. Depending on your operating system and the apps you use, these may include:
Together, these features provide an important first layer of protection and help many users stay safer online.
Built-in security tools are primarily focused on protecting the device itself. However, today’s online threats often target something even more valuable: your identity, your money, and your personal information.
Recent McAfee research found that Americans receive an average of 14 scam messages every day, and more than three in four have encountered an online scam.
Threats now commonly include:
These risks can follow you across all your devices, not just the computer sitting on your desk.
Here are the key differences between built-in security alone, vs additional protection like McAfee.
| Built-In Security Has | McAfee+ Advanced Adds |
| Detecting viruses and malware | Scam protection for suspicious texts, emails, links, QR codes, and deepfakes |
| Basic privacy controls | Secure VPN to protect your connection on public Wi-Fi |
| Saving passwords | Password manager with unique password generation and storage. |
| Warning about some risky websites | Web Protection to help block dangerous sites before they load |
| Security on one device | Antivirus coverage across your PCs, Macs, phones, and tablets |
| Doesn’t have this support | Identity monitoring, so you know when your SSN and other info is exposed. Plus personal info removal, so your old data isn’t left spread out across the web. |
Unlike the old stereotype that stronger protection means a slower computer, independent testing shows McAfee is also the lightest on performance.
In the latest AV-Comparatives PC Performance Test, McAfee Total Protection posted the lowest system impact score of all 20 products tested: just 3.3, compared with the industry average of 12.8.
It also earned the highest possible rating, ADVANCED+. That means McAfee is not just adding more layers of protection. It is doing so while staying out of your way.
For consumers looking for security that goes beyond basic antivirus to help protect against scams, identity theft, privacy risks, and threats across all their devices, that combination is hard to ignore.
Most people no longer rely on a single computer. A typical household may use:
Managing security separately on every device can be difficult. McAfee+ Advanced is designed to provide coverage across your devices under one subscription, helping simplify online protection for individuals and families.
With McAfee+ Advanced, multiple layers work together before any damage is done:
Together, these protections are designed to address the broader range of online risks people face every day.
Built-in security tools provide an important starting point, but with scam attempts becoming more convincing and personal information more widely exposed, many people need a more comprehensive approach to staying safe online.
McAfee+ Advanced combines device security, scam protection, identity monitoring, privacy tools, and VPN coverage to help you browse, bank, shop, and connect with greater confidence.
The post Do Windows PCs and Macs Need Antivirus Software? How McAfee Goes Beyond Built-In Security appeared first on McAfee Blog.
Memorial Day weekend officially kicks off summer, and for millions of Americans, that means road trips, flights, cookouts, and a little online shopping for the deals.
Unfortunately, scammers know this. They count on the fact that you’re distracted, you’re moving fast, and you’re probably connected to a network you don’t own.
Here are five scams surging this holiday weekend, what they look like, and how to stay ahead of them.
You’re packing your bag when a text arrives: “Unusual activity detected on your account. Verify now to avoid suspension.”
It looks like it’s from your bank, or maybe your hotel loyalty program. There’s a link. There’s urgency. And that’s exactly the point.
These are brand impersonation scams, and they’re a dominant tactic year-round, but they spike around travel holidays when people are actively monitoring reservations and accounts.
According to McAfee research, trusted brands like banks, airlines, and hotels are among the most commonly impersonated, and email scams impersonating retail and financial brands have surged up to 85% as major holidays approach.
The message will typically ask you to click a link and “confirm your details” to secure your account or honor a reservation. That link leads to a convincing-looking fake site designed to capture your login credentials, payment info, or both.
How to Avoid Travel Alert Scams:
McAfee’s Scam Detector can flag suspicious messages before you interact with them, whether they come via text, email, or social media.
Memorial Day is one of the biggest shopping weekends of the year. Scammers treat it like an open invitation.
Fraudulent retailers flood social feeds with too-good-to-be-true deals on everything from patio furniture to electronics, often impersonating legitimate brands with copycat websites and paid ads.
According to McAfee’s holiday shopping research, 91% of shoppers see ads from unfamiliar retailers, 37% say they might buy from a brand they don’t recognize, and a full 40% of consumers have abandoned a purchase out of fear that the deal wasn’t real.
The most impersonated brands in McAfee’s research span luxury labels (Coach, Dior, Gucci) to mainstream favorites (Apple, Samsung, Nintendo, Disney), exactly the kind of items that show up in “blowout sale” ads. Fake storefronts have grown significantly, with technology URL scams rising nearly 50%.
Once shoppers enter their payment details on a fraudulent site, that information goes directly to criminals. The average scam loss during the holiday shopping period runs around $840 per victim.
How to Avoid Shopping Scams:
McAfee’s Web Protection blocks malicious and suspicious sites before they load, including fake checkout pages.
If you’re road-tripping this weekend, you may scan a QR code somewhere. It could be at the gas pump, a rest stop, a parking meter, or a roadside attraction. Scammers know this too.
Criminals increasingly place fake QR codes over legitimate ones on gas station pumps, parking kiosks, and public signs. When you scan, you’re redirected to a convincing-looking payment or login page that captures your financial information. This is known as “quishing” or phishing via QR code.
McAfee research shows just how widespread this risk has become: 68% of people scanned a QR code in the past three months, and 18% ended up on a suspicious or unsafe page after scanning. Among those who did, more than half took a risky action like entering personal information, installing an app, or connecting a digital wallet.
How to Avoid Sketchy QR Codes:
McAfee’s Scam Detector now includes instant QR code safety checks that assess risk before you tap, so you’re not flying blind at the gas pump.
Whether you’re waiting at the airport or grabbing coffee before hitting the highway, free Wi-Fi can feel like a gift. But not every “free Wi-Fi” network is what it appears to be.
Hackers set up what are called “evil twin” networks, hotspots with names designed to look exactly like the legitimate network at the airport, hotel, or café you’re in.
The moment you connect, they can use tools called packet sniffers to capture the data you send and receive: passwords, banking credentials, credit card numbers, email logins.
According to McAfee’s travel research, 63% of travelers connect to public Wi-Fi, and 49% use airport Wi-Fi, making these among the riskiest behaviors travelers engage in without realizing it.
Some of these fake networks go further, presenting a phony login screen that captures your username and password for popular services like Google or Apple before you even realize you’ve been compromised.
How to Avoid Malicious Wi-Fi :
A VPN creates an encrypted tunnel for your internet traffic, so even if a hacker intercepts it, they’ll only see scrambled data. McAfee’s VPN is included in McAfee+ plans and automatically connects when you join public Wi-Fi, exactly the protection you want when you’re traveling and connecting everywhere.
You may have seen these already: a text that says you owe an unpaid toll or parking fee, with a link to pay before penalties kick in. These scams have been circulating for a while, and there’s a good chance Memorial Day weekend is about to make them worse.
Scammers track news cycles and know that millions of Americans will be driving this weekend, many of them through toll roads and unfamiliar areas.
That means they can blast out fake “unpaid toll” texts after the holiday and a significant percentage of recipients will think: “Actually, I did drive somewhere new this weekend.” That uncertainty is exactly what they’re counting on.
These texts typically impersonate EZPass, SunPass, or state transportation departments and create urgency around a small fee to avoid larger fines. The link leads to a fake payment page designed to steal your credit card details.
How to Avoid Toll Scams:
Scammers don’t take holidays. If anything, long weekends are peak season. The good news: a little awareness goes a long way. Slow down before you click, verify before you scan, and protect your connection before you log on.
McAfee+ Advanced comes with layered protection across all the moments where scams are most likely to strike, from the gas station to the hotel lobby to your inbox.
Stay safe out there.
The post 5 Scams to Watch for This Memorial Day Weekend appeared first on McAfee Blog.
Login