Login
Say you’re getting married. You and your partner have booked the venue, made the seating arrangements, trained your dog to be the ring bearer – and everything is running smoothly. You’ve used a trusty wedding planning website to make everything a breeze. Nothing could ruin this day for you! Except, there’s an uninvited guest. They’re not crashing the wedding and making an awkward toast, but they’ve crashed into your wedding planning website account and now have access to your information.
There are many things that could go wrong during wedding planning – some of them out of anyone’s control. Maybe the caterer canceled last minute, or the live band is stuck in traffic. Other things may be easily avoided, but you don’t necessarily see them coming. Like a hacker accessing your wedding website and making fraudulent bank transfers right before your big day.
Zola, a wedding planning site allowing couples to create websites, budgets, and gift registries, confirmed that hackers had managed to access the accounts of some of their users, The Verge reported. Once these accounts were infiltrated, hackers used the linked bank accounts or funds held inside the site to make cash transfers. The main method these cybercriminals used was purchasing gift cards through the user’s account and sending them to their email addresses to avoid being easily traced.
These criminals did not hack the Zola website itself but hacked their users’ accounts with a method called credential stuffing. This is a strategy where hackers take email and password combinations involved in previous breaches of other websites and use them to log into other online profiles.
You may not even know that your information had been breached previously and that cybercriminals now had your logins for a number of different accounts. Luckily, there are ways to protect yourself and your information from credential stuffing tactics to stop hackers in their tracks.
Just because you’ve hypothetically grown up and are ready for lifelong commitments doesn’t mean you’ve outgrown those old trusty email addresses and passwords (hello, “basketball4life23”). There’s a level of nostalgia that comes with using the email account that you made in middle school, or maybe you just haven’t gotten around to changing it. However, keeping those old email addresses and logins are doing you more harm than good. Want to make sure that hackers aren’t able to credential stuff your accounts? Here are some trusty tips to keep your information safe.
The best way to know that your old accounts aren’t coming back to haunt you is to make sure those ancient logins are dead and gone. If you don’t remember all the accounts you’ve made and no longer use, don’t sweat it! There are settings through your internet browser that will show you all the accounts and passwords you have saved. A password manager also keeps track of all your credentials, so you don’t have to wrack your brain to try and remember every account you’ve ever made. Once you’ve gone through all your old online accounts you no longer use, close them for good! Though this step will require some time and patience, it’s always better to put in the effort and know your information is safe than to risk it.
Only having to remember one password for every account may make logging in easier, but ensuring that each of your accounts is unique and secure is worth the extra effort. Having a strong and unique password for each of your accounts helps protect them from credential stuffing and other threats. Varying your passwords across online accounts will assure you that if one of them is breached, the others will remain safe. A password manager can also help with this step, because many of them, such as True Key, can generate strong, random, and unique passwords for every account.
Keep an eye out to make sure that if a website or company you have an account with is breached, you are updating your credentials so that hackers can’t access them. If you see that there has been a hack and your information is vulnerable, immediately update your logins and passwords on that account to keep yourself safe.
Using multifactor authentication adds an extra layer of protection to your accounts. This safety measure requires more than one method of identity verification to access the account, helping to prevent criminals from gaining access to your password-protected information.
Don’t let cybercriminals get the jump on you! Take the necessary steps to protect your accounts and your personal information. Though combing through your old accounts and deleting them or coming up with a new and unique password for every site login isn’t a glamourous activity, you’ll enjoy greater peace of mind that your accounts are safe, leaving you free to enjoy life’s best moments.
The post Wedding Planning App Users Hacked Before the Big Day appeared first on McAfee Blog.
As a gamer, you love the stuff you’ve racked up over the years—that rare Fortnite skin from six seasons ago, a complete set of Tier 20 armor in World of Warcraft, or a Steam account loaded with your favorite titles. Hackers love it too. Because they can make money off it.
Hackers have been stealing and reselling online gaming accounts for some time now. Yet the recent 400 percent rise in online gaming theft shouldn’t come as a surprise, particularly as so many of us turned to games for entertainment lately. As people leveled up, gathered loot, and filled their libraries with games in the cloud, hackers saw the opportunity.
The opportunity is this: gaming accounts have a street value. The virtual items and perks we acquire through gaming take time, effort, participation, and sometimes just good luck to build up. In a way, we’ve worked hard to earn our fun. Meanwhile, others out there are willing to take a shortcut. There are those who’ll pay for a well-stocked gaming account that someone else has built up, and hackers are more than willing to hijack accounts from innocent victims and sell them online.
Put simply, the virtual goods in your gaming accounts are like any other good. They have value. And just like anything else you value, they’re worth protecting. That’s exactly what we’ll help you do here.
First up, let’s take a quick look at the different ways digital goods get moved and sold out there—just to get a sense of the marketplaces that have cropped up around gaming and where hackers fit into the mix.
And there are several. Over the years we’ve seen all kinds of gaming marketplaces crop up, whether they’re sanctioned marketplaces built inside of online games, gray marketplaces that exist outside of games, and dark marketplaces where stolen accounts and goods are exchanged.
As a gamer, you’re likely familiar with any number of sanctioned auction houses and marketplaces that are built right into online games, all designed and supported by the game’s developers. A classic example is the long-running auction house in World of Warcraft where players can buy and sell items with in-game currency, the World of Warcraft gold piece. And as marketplaces can go, the rarer and more coveted the item, the higher the price the seller can get for it. In fact, there are plenty of articles on how to play the markets for profit, in a quasi-stock market-like fashion, and all within the legitimate boundaries of the game.
In recent years, we’ve also seen the rise of in-game currencies that players can purchase for cash, again by design and with the support of the developer. A couple of examples are the World of Warcraft Tokens and Minecraft tokens and coins. What you can do with such tokens and coins varies from game to game, yet players can use them to acquire in-game currency, items, or paid to play time.
Increasingly common are in-game stores that allow players to purchase items and perks with cash, just like any other online store. Taken together with all the other ways a player can round up items in a game, it’s easy to see how a gamer’s account can grow into something somewhat unique and valuable over time, simply by playing and participating in the game.
With the time it takes for a player to level up a powerful character and acquire the items that can come along with it, there are out-of-game organizations that will, for a fee, do that work for a player in return for payment. Essentially it involves a player starting a gaming account, rolling up a character, and then handing over the account to a “booster” who will play the game on the owner’s behalf. When the agreed-upon level is reached, the booster hands back the character to the owner.
Of course, there are all kinds of potential problems with this. Strictly from a security standpoint, this means an account owner is handing over their credentials to a stranger, with no real guarantee that this stranger simply won’t change the account password, never hand back the account, and simply walk away with any funds that may have been paid upfront.
Further, “boosting” and other similar services may be against the user agreement the player signed when joining up for the game. For example, World of Warcraft recently updated its policy, stating that they now,
[P]rohibit organizations who offer boosting, matchmaking, escrow, or other non-traditional services, including those offered for gold. World of Warcraft accounts found to be in violation of this policy are subject to account actions. These actions can include warnings, account suspensions and, if necessary, permanent closure of the disruptive World of Warcraft account(s).
So while “boosting” services may not be illegal themselves, they can run counter to user agreements and may lead to cases of fraud when a booster service fails to fulfill its commitment or simply locks a player out of their own account.
Then there’s the theft and resale of online game accounts, clear examples of digital goods illegally changing hands. Stolen accounts make their way into dark web marketplaces and ads on chat platforms and social media, thanks to hackers who’ve cracked previously legitimate accounts and then packaged them up for sale. In some instances, cybercriminals will sell entire game collections, such as online gaming platform accounts where gamers may have purchased and have access to dozens and dozens of games stored in the cloud.
The method behind this theft is much like a credit card or bank account hack. Often using credentials lifted from a data breach, hackers will take known usernames and passwords and feed them into a credential stuffing application—which can then attempt to access hundreds, even thousands, of accounts through automated login requests.
Given that many users out there use the same passwords across their accounts makes them an easy target for this practice and can reap a large harvest of cracked accounts. From there, the account can be accessed, have its password changed, and then made ready for advertising and sale, where an account can be resold for a few dollars, or for potentially thousands depending on what the account contains.
There’s plenty you can do. A few simple steps on your part can drop some serious roadblocks in the way of a hacker who’s looking to crack your account or target you for a scam.
Each of your accounts should have its own strong, unique password. No repeats. And if you have some sixty-plus accounts across all the shopping, banking, gaming, and forum posting you do, not to mention your apps, that sounds like a lot of work. Because it is. Although it doesn’t have to be. A password manager can do the work for you by creating and storing strong, unique passwords for you.
Data breaches happen all the time now, striking businesses both large and small. If a business or organization where you have an online account gets breached, change your password right away. Related to the above, make sure the passwords across your other accounts are strong and unique. It’s not uncommon for hackers to try breaching passwords in other accounts, all in the hope that the victim is using the same or a similar password on other accounts as well.
Several gaming services offer multi-factor authentication (MFA) as a means of protecting accounts. In addition to requiring a username and password to log in, MFA further verifies account activity by sending a unique code to the email address or text to a device you own, which makes gaining illegal access that much tougher for hackers. Some gaming platforms even support an authentication app, such as the Battle.net Authenticator, offered by Blizzard. In all, the occasional extra clicks required by MFA can really save you some massive headaches by preventing theft. If you have MFA as an option, strongly consider using it.
Phishing attacks have made the jump from email to bogus ads on social media and in search too. In short, a phishing attack involves the hacker posing as a well-known company or organization with the intent of fooling you into providing your username and password. With that, they can drain your account, whether it’s money from your bank account or goods in your gaming account. Spotting phishing attacks can call for a sharp eye nowadays because some hackers can make the phishing emails and sites they use look like the real thing. Comprehensive online protection software will include web protection that can spot bogus links and sites and warn you away from them, even if they look legit.
Spearphishers are a special sort, in that they make more targeted attacks. While a phisher will send out an email blast or attempt to rope in a high volume of victims with an ad, a spearphisher will send a direct message to specific, potential victims. You may have seen or heard of this in massively multiplayer online games where an otherwise unknown player sends a message to another with a link to a website, complete with the promise of loot, in-game currency, or services to level up characters. Ignore and don’t visit that link. Chances are it’s a scammer, or at least someone who may be breaking the game’s user agreement by offering such services.
Whether you’re downloading a mod, an expansion, or a new game itself, go with a reputable online store or source. Hackers will drop malware into all kinds of files and applications, games included. Given that such malware could log keystrokes that steal login info, inject ransomware code to hold your device and data hostage, or simply wreak havoc on your files and things, it can have implications for more than just your gaming accounts and the virtual assets you have with them.
Hackers know there’s good money in gaming accounts. They wouldn’t bother with them otherwise. Realizing that your gaming account has value is the first step to protecting it.
In addition to taking the steps above, consider comprehensive online protection software. It offers defense in breadth and depth, covering everything from device security, privacy, and identity protection. However, if you want an even faster and safer gaming experience, gamer security is worth looking into. In addition to strong security features, it also offers performance-enhancing technologies that prioritize system resources and keep your gameplay going smooth.
In all, keep in mind that gaming accounts are serious business for hackers. Put up your defenses. Then get out and enjoy yourself, knowing that you have made it far, far tougher for them to ruin your fun.
The post Lock Down & Level Up: Protect Your Online Gaming from Hackers appeared first on McAfee Blog.
Something’s not right. Maybe your phone is losing its charge way too quickly. Or one day it suddenly starts turning itself off and on again. Perhaps it’s running hot, so hot it’s hard to hold. Likewise, you might see outgoing calls that you never dialed or strange spikes in your data usage. Signs like these could mean that your smartphone’s been hacked. Learn how to protect your smartphone with McAfee Mobile Security
Several signs of a potential smartphone hack can look like a technical issue, at least on the surface. Yet the fact is that these issues may be a symptom of a deeper problem, such as malware installed on your smartphone. Malware can eat up system resources or conflict with other apps and your operating system, all of which can cause your phone to act sluggish or erratically.
Yet, in a way, that’s good news. Because malware can run inefficiently on your phone and create hiccups both large and small, it can tip you off to its presence. And with all the important information we carry in the palms of our hands nowadays, that’s good news twice over. Knowing the signs, subtle or otherwise can alert you to an otherwise largely invisible problem.
Whether hackers physically sneak it onto your phone or by tricking you into installing it via a phony app, a sketchy website, or a phishing attack, hacking software can create problems for you in a couple of ways:
Some possible signs of hacking software on your phone include:
Maybe you’ve seen some of the signs we mentioned earlier. Is your device operating slower, are web pages and apps harder to load, or does your battery never seem to keep a charge? These are all signs that you could have malware running in the background, zapping your phone’s resources.
Like the performance issues above, malware or mining apps running in the background can burn extra computing power (and data). Aside from sapping performance, malware and mining apps can cause your phone to run hot or even overheat.
If you find apps you haven’t downloaded, or calls, texts, and emails that you didn’t send, that’s a red flag. A hacker may have hijacked your phone to send premium-rate calls or messages or to spread malware to your contacts. Similarly, if you see spikes in your data usage, that could be a sign of a hack as well.
Malware can also be behind spammy pop-ups, changes to your home screen, or bookmarks to suspicious websites. In fact, if you see any configuration changes you didn’t personally make, this is another big clue that your smartphone has been hacked.
While there are several ways a hacker can get into your phone and steal personal and critical information, here are a few tips to keep that from happening:
The post How To Tell If Your Smartphone Has Been Hacked appeared first on McAfee Blog.
“My phone’s been hacked!” Words you probably don’t want to hear or say. Ever.
Your phone gets to be like an old friend after a while. You have things laid out the way you like, your favorite apps are at the ready, and you have the perfect home screen and wallpaper all loaded up. So, if you unlock your phone one day and notice that something is a little … off, you’ll know pretty quickly. And it could be a sign that your phone may be hacked.
It’s often pretty easy to tell when a piece of your tech isn’t working quite right. The performance is off, things crash, and so on. While there are several cases where there’s a legitimate technical issue behind that, it could also be the sign of a hacked device.
Many hacks and attacks involve the installation of malware on the device, which eats up system resources, creates conflicts with other apps, and uses your data or internet connection to pass along your personal information—all of which can make your smartphone feel a little off.
A few examples follow. Note that these may be signs of a hacked phone, yet not always.
A suddenly sluggish phone or one that simply can’t hold a charge anymore are often attributed to phones that are getting a little old (these things happen). Yet, those same behaviors can also be signs of a compromised phone. For example, malicious bitcoin miners can run in the background and cause all types of performance issues because they eat up battery life and take up resources that your phone could otherwise normally use. In a way, it’s like having a second person using your phone at the same time you are.
Similar to the performance issues mentioned above, malware or mining apps running in the background can burn extra computing power, battery life, and data. Aside from a performance hit, they can cause your phone to physically run hot or even overheat. So if your phone feels like it’s been sitting in the sun, this could be a sign that malware is present.
If you’re seeing more popup ads than usual or seeing them for the first time, it could be a sign that your phone has been hit with adware—a type of malicious app that hackers use to generate revenue by distributing ads without the consent of the user. Furthermore, those ads may be malicious in nature as well (which is a good reminder to never click on them). Such ads may lead to bogus products and services or pages designed to steal personal information. All in all, malicious adware is what hackers prop up to make money off unsuspecting people.
A potential telltale sign that your phone has been hacked is the appearance of new apps that you didn’t download, along with spikes in data usage that you can’t account for. Likewise, if you see calls in your phone bill that you didn’t make, that’s a warning as well.
Big red flag here. Like seeing an unknown charge or payment in your bank statement, this is a possible sign that a hacker has hijacked your phone and is using it to transfer data, make purchases, send messages, or make calls via your phone.
To help keep your phone from getting hacked in the first place, there are a few relatively easy steps you can take. Inside of a few minutes, you can find yourself much safer than you were before.
1. Use comprehensive security software on your phone. Over the years, we’ve gotten into the good habit of using this on our computers and laptops. Our phones? Not so much. Installing security software on your smartphone gives you the first line of defense against attacks, plus several of the additional security features mentioned below.
2. Stay safer on the go with a VPN. One way that crooks can hack their way into your phone is via public Wi-Fi, such as at airports, hotels, and even libraries. These networks are public, meaning that your activities are exposed to others on the network—your banking, your password usage, all of it. One way to make a public network private is with a VPN, which can keep you and all you do protected from others on that Wi-Fi hotspot.
3. Use a password manager. Strong, unique passwords offer another primary line of defense. Yet with all the accounts we have floating around, juggling dozens of strong and unique passwords can feel like a task—thus the temptation to use (and re-use) simpler passwords. Hackers love this because one password can be the key to several accounts. Instead, try a password manager that can create those passwords for you and safely store them as well. Comprehensive security software will include one.
4. Avoid public charging stations. Charging up at a public station seems so simple and safe. However, some hackers have been known to “juice jack” by installing malware into the charging station. While you “juice up,” they “jack” your passwords and personal info. So what to do about power on the road? You can look into a portable power pack that you can charge up ahead of time or run on AA batteries. They’re pretty inexpensive and can prevent malware from a public charging station.
5. Keep your eyes on your phone. Preventing the actual theft of your phone is important too, as some hacks happen simply because a phone falls into the wrong hands. This is a good case for password or PIN protecting your phone, as well as turning on device tracking so that you can locate your phone or even wipe it remotely if you need to. Apple provides iOS users with a step-by-step guide for remotely wiping devices and Google offers up a guide for Android users as well.
A phone that’s acting a little funny may indicate a run-of-the-mill tech issue, yet it could also be a tell-tale sign of a hack. At a minimum, following up on your gut instinct that something isn’t quite right can take care of a nagging tech issue. But in the event of a possible hack, it can save you the far greater headache of unauthorized charges and purchases, and even identity theft. If you spot a problem, it absolutely pays to take a closer look. Follow up with tech support for help, whether that’s through your device manufacturer, retailer, or your antivirus providers. They’ll help pinpoint the issue and get you on your way.
The post Help! I Think My Phone’s Been Hacked appeared first on McAfee Blog.
FreshRSS 