testasofasfaslfasdahsdiohasodihasodnaosdinaisdnasdnaobvscivbxcv

!@#$%^&*()_+<>????~

The post Test Post 2 – 5 Dec Prod Release appeared first on McAfee Blog.

test post

test post

test postiowfwfsdfffffffffffffffffffffffffffoiwheoir weroihorih

dzfhsdfgusdkfsdkjfbasdlkfnsdlkfjsdjkf

!@#$%^&*()_+<>?~

The post Test Post – Prod Release 5 Dec appeared first on McAfee Blog.

This time of year, the air not only gets chillier but a bit cheerier for everyone … including online scammers. Holiday scams are a quick way to make a buck, and cybercriminals employ several holiday-themed schemes to weasel money and personally identifiable information (PII) from gift givers. 

Here are three common holiday scams to watch out for this year, plus a few tips to help you stay safe online. 

1. Gift Card Cracking

Gift cards are a standby present for the people on your list who are difficult to buy for or for people you don’t know too well but want to get them a small something. Whether the gift card is worth $5 or $500, an online scammer can steal the entire value through two techniques: a brute force attack or phishing. Known as gift card cracking, cybercriminals can take wild guesses at gift card codes and cash in the value for themselves by methodically guessing strings of numbers and letters and crossing their fingers for a match. Cybercriminals will also employ phishing emails, texts or social media direct messages to trick people into divulging gift card information. 

To avoid gift card cracking, encourage gift receivers to redeem their gift card quickly to shorten the amount of time a scammer has to guess the code correctly. Or, you could opt for a paper gift certificate from a small business that doesn’t require online redeeming at all. To avoid gift card phishing scams, do not engage with any type of correspondence that claims they can double the value of your gift card or claims that there’s a problem with it. Be instantly on alert if anyone asks for the activation code. If the gift card-issuing business really needs to replace your purchase, they’ll issue you a new code. They’ll never ask for your existing one. 

2. Last-minute Shopping Scams

Are you a procrastinator? Watch out for last-minute shopping scams that are targeted at people who leave their gift buying until deep in December. As with anything else, if it’s too good to be true, it probably is. Shopping scams often take the form of phishing emails where criminals impersonate a well-known merchant or shipping company.  

While sales often have a quick timeline, don’t let that short timeline pressure you into making an impulsive decision. Phishers rely on people’s excitement or inattention to trick them into giving up their credit card or banking information. Phishing emails, when you take the time to inspect them, are usually easy to spot. The logos are often blurry, there are often typos and grammar mistakes, and the tone of the message will seem “off.” Either it will sound very formal and impersonalized or it will sound very informal and seem pushy. 

To protect your finances during the holiday season, consider putting a lock on your credit. This is easy to do with McAfee credit lock. You can still use your credit card and shop as you normally would. A credit lock is useful because, in case a criminal gets ahold of your PII, they won’t be able to open lines of credit in your name. This protects your credit score, which is essential to keep in good standing if you hope to buy a house or take out a loan anytime soon. 

3. Social Media Ads and Fake Shopping Sites

Just because a “company” has an ad on Facebook or Instagram doesn’t mean that it’s a legitimate establishment. Before buying from an online store you’ve never heard of, do some background research on it and read customer reviews to make sure that it’s real and will deliver you a quality product.  

Take note of the online store’s URL before entering it. (You can preview the link by hovering over it with your cursor.) If the URL is a string of letters and numbers, it could be a malware site in disguise. One way to alert you to suspicious sites is McAfee Web Protection. Web Protection color codes links to identify potential malware and phishing sites and alert you to steer clear. 

Shop Safely This Holiday Season 

Your mind is already drawn in a bunch of different directions this holiday season (cooking, traveling, shopping, wrapping, tidying) so give yourself a respite from worrying about the safety of your identity and finances. McAfee+ Ultimate includes a VPN, Web Protection, credit lock, antivirus and more to cover all your bases to keep your devices and your PII safe. 

The post ‘Tis the Season for Holiday Scams appeared first on McAfee Blog.

Whether you’re standing around the water cooler at work, waiting for your kids at the school gate or sitting around the dinner table, data breaches are without doubt the hot topic of conversation. In late September, we were all shaken when news of the biggest Australian data breach to date broke – a record 10 million Optus customers had their details stolen. But unfortunately, the data breach stories have continued with Medibank, Energy Australia, and, most recently, Woolworths also reporting that private customer data had been stolen. 

Inevitably, many of us are feeling vulnerable worrying that our private identifying information (and our family’s) such as our Medicare and Drivers Licence details have potentially been stolen. We’ve all read the stories about victims of identity theft and are, rightly concerned, that it could happen to us. So, if you’re unsure as to what to do next – don’t worry – I’ve got you! In fact – I’m going to give you two action plans. The first is for those who have been personally affected by a data breach (or consider it highly likely they were affected) and the second, is a long-term plan to help you protect yourself and your family’s data online. 

What To Do If You’ve Been Affected By A Data Breach 

If you or a family member has been contacted by a company and informed that your private details have been compromised, then you need to caffeine up and bring your entire focus to this situation. And if you’re still awaiting the call but you’re thinking it’s likely you’re affected, then my advice is to assume you are. It never hurts to be too cautious when you’re dealing with a potential identity theft situation. So, here’s your plan: 

1. If you think you’ve been affected, contact the company directly. Hopefully they can confirm whether you’re affected and identify what information was stolen eg drivers licence, birthdate, address, Medicare details. 
2. If your drivers licence, passport or Medicare details have been stolen, then you are able to apply for new documents. You may need to apply for a Commonwealth Victim’s Certificate first. Do this as soon as possible. 
3. Contact your bank and credit card providers and inform them that you have been the victim of a data breach and ask them to monitor accounts for suspicious activity. Also ask them to put additional verification methods in place, particularly for over the phone authentication. You may also want to do this for your superannuation accounts, MyGov and Centrelink accounts too. 
4. Change your passwords for affected accounts immediately.  
5. Do not click on links in text messages or emails claiming to be from the company that was affected by the data breach. If you are unsure, contact the company directly to verify the communication. 
6. Monitor your bank accounts daily for suspicious or any unexpected activity. Also check your telephone and utilities accounts. Contact your bank or provider if you notice anything that looks a little suspect. 

What To Do To Ensure Your Online Data Is As Secure As Possible 

So, now it’s time to think long term. We all know prevention is key. So, what can we do to protect ourselves to minimise the risk of becoming a victim of identity theft (if and when) the next data breach occurs? Here’s your plan: 

1. Refine Your Password Strategy 

As we all know, it’s often the simplest things that can have the biggest impact. Ensuring you have a different but super complex password or passphrase for each of your online accounts is one of the best things you can do to protect yourself online. I appreciate that this may take a lot of work to implement but it’s so worth it. And here’s why – if you’re the victim of a data breach and your login details are stolen then you could be in a world of pain if you have just one password for all your accounts. Because within seconds of stealing your details, a hacker could potentially access your bank accounts, credit card accounts and online shopping sites where your credit card is saved – you get the picture! You see why it makes such sense! If it all feels a little overwhelming, why not use a password manager? Password managers can create and remember passwords that no human could even think of – genius! 

2. Use Multi-Factor Authentication When It’s Offered – Always! 

In summary, Multi-Factor Authentication (MFA) or 2 Factor Authentication (2FA) makes a hacker’s life a lot harder. In short, it requires the user to provide two or more verification factors to gain access to an account or app. This might be a text, email or even a code generated by an authentication app. So, even if a hacker has your password and username, if they can’t access the last piece of the puzzle, then you’re safe!!! 

3. Invest in A Top Tier Identity, Security and Protection Solution  

McAfee has just released a super-duper solution to help Aussies protect themselves online. McAfee+ is an all-in-one privacy, identity and device protection solution. Not only does it feature identity monitoring and a password manager but also an unlimited VPN, a file shredder, a protection score and parental controls. And the Rolls Royce version called McAfee+ Advanced, also offers subscribers additional identity protections including access to licensed restoration experts who can help you repair your identity and credit. It also gives subscribers access to lost wallet protection which help you cancel and replace your ID, credit cards if they are lost or stolen. 

4. Do A Little Cyber-Hygiene!  

Limiting your exposure online will also reduce the chance of being affected by a data breach. So, take some time to delete accounts you no longer use. Perhaps you had a side hustle on eBay a few years back but hadn’t bothered to close your accounts – well, now is the time. Close down those old eBay (and PayPal) accounts and any other accounts or subscriptions that you no longer use. 

And next time you purchase something from a new website, consider conducting your transaction as a guest only and not creating an account on their website. If there’s no benefit beyond saving a minute or two when you check out, why store your credit card number, address, and other identifying info on a website that may eventually be breached? 

If there is ever a time to take the management of your online data seriously, it’s now. Assuming that you won’t be a victim of a data breach and that ‘things like that don’t happen to you’ just doesn’t cut it. So, be proactive: sort out your passwords, turn on 2-factor authentication and practice some good quality cyber hygiene! And do yourself a favour and invest in some top-notch privacy and identity protection program like McAfee+ so you can continue living your best life online!  

The post How To Help Your Family Protect Their Online Data appeared first on McAfee Blog.

You flick through some reels and an ad for “a more private phone” crops up. You scroll through your news feed and catch wind of yet another data breach at a major retailer. You see a post from a friend who says their social media account was hacked. Maybe you don’t think about security every day, but when you do, it can feel … overwhelming. We’re here to solve that. We’re here to make security easy.  

As security providers, we have to offer protection against a wide variety of threats without adding more complexity to your already busy life. Managing your security should be easy, and even enjoyable. 

Enjoyable?  

Yes. We want you to have a sense of accomplishment, both knowledge and a feeling that you’re safer than you were before.  

With these things in mind, we set out to make your security software work better for you. We streamlined the experience to simplify what you see, while still offering robust protection. After all, true security is the security that you benefit from every day, and it’s up to us as providers to make it smooth and easy as possible. 

Smooth setup & a central hub 

Our new setup process now includes easier navigation, fewer screens, and clearer action items and alerts. It smoothly moves you through setting up protection across all the ways you interact online and your compatible devices. This way, you know that we’re helping to keep you safe whether you’re messaging, browsing, or shopping and banking online. 

Another area where we put a lot of focus is the new home screen. This is your home base, where we clearly show you what your current protection status is in the areas that matter the most to you. This includes making it easier to monitor your personal information and strengthen protections you already use, like passwords. 

The home screen is also where you come to perform essential tasks, such as running an antivirus scan. It guides you to take actions when needed, giving you proactive protection, and a clear view of your overall security in one convenient place. From here you can access details on the status of your PC, web, and identity protection.

Effective Security, Made Easier

While we’re always focused on helping you feel confident and protected online, we realize that making our tools easy to use is just as important. The digital security landscape will continue to be a complicated one, with more than a million new and unique threats cropping up each day, but we can and are making security simpler, and therefore, more effective. 

With easier setup and protection that turns on automatically at the right moments, we want to make security easier for you so that you can feel safer online. We’ve heard your feedback about how we can improve, and we’ll bring all that goodness in a product that you can use every day. 

You’ll find this interface across our McAfee+ family of products, along with continual upgrades and improvements as we roll out more features that will keep you safer online.   

The post Let’s Make Security Easy appeared first on McAfee Blog.

Even with the holidays in full swing, scammers won’t let up. In fact, it’s high time for some of their nastiest cons as people travel, donate to charities, and simply try to enjoy their time with friends and family. 

Unfortunate as it is, scammers see this time of year as a tremendous opportunity to profit. While people focus giving to others, they focus on taking, propping up all manner of scams that use the holidays as a disguise. So as people move quickly about their day, perhaps with a touch of holiday stress in the mix, they hope to catch people off their guard with scams that wrap themselves in holiday trappings. 

Yet once you know what to look for, they’re relatively easy to spot. The same scams roll out every year, sometimes changing in appearance yet remaining the same in substance. With a sharp eye, you can steer clear of them. 

Watch out for these online scams this holiday season 

1. Shopping scams 

With Black Friday and Cyber Monday in the books, we can look forward to what’s next—a wave of post-holiday sales events that will likewise draw in millions of online shoppers. And just like those other big shopping days, bad actors will roll out a host of scams aimed at unsuspecting shoppers. Shopping scams take on several forms, which makes this a topic unto itself, one that we cover thoroughly in our Black Friday & Cyber Monday shopping scams blog. It’s worth a read if you haven’t done so already, as digs into the details of these scams and shows how you can avoid them.  

However, the high-level advice for avoiding shopping scams is this: keep your eyes open. Deals that look too good to be true likely are, and shopping with retailers you haven’t heard of before requires a little bit of research to determine if their track record is clean. In the U.S., you can turn to the Better Business Bureau (BBB) for help with a listing of retailers you can search simply by typing in their names. You can also use https://whois.domaintools.com to look up the web address of the shopping site you want to research. There you can see its history and see when it was registered. A site that was registered only recently may be far less reputable than one that’s been registered for some time. 

2. Tech support scams  

Plenty of new tech makes its way into our homes during the holiday season. And some of that tech can be a little challenging to set up. Be careful when you search for help online. Many scammers will establish phony tech support sites that aim to steal funds and credit card information. Go directly to the product manufacturer for help. Often, manufacturers will offer free support as part of the product warranty, so if you see a site advertising support for a fee, that could be a sign of a scam. 

Likewise, scammers will reach out to you themselves. Whether through links from unsolicited emails, pop-up ads from risky sites, or by spammy phone calls, these scammers will pose as tech support from reputable brands. From there, they’ll falsely inform you that there’s something urgently wrong with your device and that you need to get it fixed right now—for a fee. Ignore these messages and don’t click on any links or attachments. Again, if you have concerns about your device, contact the manufacturer directly. 

3. Travel scams 

With the holidays comes travel, along with all the online booking and ticketing involved. Scammers will do their part to cash in here as well. Travel scams may include bogus emails that pose as reputable travel sites telling you something’s wrong with your booking. Clicking a link takes you to a similarly bogus site that asks for your credit card information to update the booking—which then passes it along to the scammer so they can rack up charges in your name. Other travel scams involve ads for cut-rate lodging, tours, airfare, and the like, all of which are served up on a phony website that only exists to steal credit card numbers and other personal information. 

Some of these scams can look quite genuine, even though they’re not. They’ll use cleverly disguised web addresses that look legitimate, but aren’t, so don’t click any links. If you receive notice about an issue with your holiday travel, contact the company directly to follow up. Also, be wary of ads with unusually deep discounts or that promise availability in an otherwise busy season or time. These could be scams, so stick with reputable booking sites or with the websites maintained by hotels and travel providers themselves. 

4. Fake charity scams 

Donations to an organization or cause that’s close to someone’s heart make for a great holiday gift, just as they offer you a way to give back during the holiday season. And you guessed it, scammers will take advantage of this too. They’ll set up phony charities and apply tactics that pressure you into giving. As with so many scams out there, any time an email, text, direct message, or site urges you into immediate action—take pause. Research the charity. See how long they’ve been in operation, how they put their funds to work, and who truly benefits from them.  

Likewise, note that there some charities pass along more money to their beneficiaries than others. As a general rule of thumb, most reputable organizations only keep 25% or less of their funds for operations, while some less-than-reputable organizations keep up to 95% of funds, leaving only 5% for advancing the cause they advocate. In the U.S., the Federal Trade Commission (FTC) has a site full of resources so that you can make your donation truly count. Resources like Charity Watch and Charity Navigator, along with the BBB’s Wise Giving Alliance can also help you identify the best charities. 

5. Online betting scams 

The holidays also mean a flight of big-time sporting events, and with the advent of online betting in many regions scammers want to cash in. This scam works quite like shopping scams, where bad actors will set up online betting sites that look legitimate. They’ll take your bet, but if you win, they won’t pay out. Per the U.S. Better Business Bureau (BBB), the scam plays out like this: 

“You place a bet, and, at first, everything seems normal. But as soon as you try to cash out your winnings, you find you can’t withdraw a cent. Scammers will make up various excuses. For example, they may claim technical issues or insist on additional identity verification. In other cases, they may require you to deposit even more money before you can withdraw your winnings. Whatever you do, you’ll never be able to get your money off the site. And any personal information you shared is now in the hands of scam artists.” 

You can avoid these sites rather easily. Stick with the online betting sites that are approved by your regional gambling commission. Even so, be sure to read the fine print on any promo offers that these sites advertise because even legitimate betting sites can freeze accounts and the funds associated with them based on their terms and conditions. 

Further protection from scams 

A complete suite of online protection software, such as McAfee+ Ultimate can offer layers of extra security. In addition to more private and secure time online with a VPN, identity monitoring, and password management, it includes web browser protection that can block malicious and suspicious links that could lead you down the road to malware or a phishing scam—which antivirus protection can’t do alone. Additionally, we offer $1M identity theft coverage and support from a recovery pro, just in case. 

And because scammers use personal information such as email addresses and cell phone numbers to wage their attacks, other features like our  Personal Data Cleanup service can scan high-risk data broker sites for your personal information and then help you remove it, which can help reduce spam, phishing attacks, and deny bad actors the information they need to commit identity theft. 

Scammers love a good thing—and will twist it for their own benefit. 

That’s why they enjoy the holidays so much. With all our giving, travel, and charity in play, it’s prime time for their scams. Yet a little insight into their cons, along with some knowledge as to how they play out, you can avoid them.  

Remember that they’re playing into the hustle and bustle of the season and that they’re counting on you to lower your guard more than you might during other times of the year. Keep an eye open for the signs, do a little research when it’s called for, and stick with reputable stores, charities, and online services. With a thoughtful pause and a second look, you can spare yourself the grief of a scam and fully enjoy your holidays. 

The post Unwrapping Some of the Holiday Season’s Biggest Scams appeared first on McAfee Blog.

Authored by SangRyol Ryu and Yukihiro Okutomi 

McAfee’s Mobile Research team recently analyzed new malware targeting mobile payment users in Japan. The malware which was distributed on the Google Play store pretends to be a legitimate mobile security app, but it is in fact a payment fraud malware stealing passwords and abusing reverse proxy targeting the mobile payment services. McAfee researchers notified Google of the malicious apps, スマホ安心セキュリティ, or ‘Smartphone Anshin Security’, package name ‘com.z.cloud.px.app’ and ‘com.z.px.appx’. The applications are no longer available on Google Play. Google Play Protect has also taken steps to protect users by disabling the apps and providing a warning. McAfee Mobile Security products detect this threat as Android/ProxySpy.  

How do victims install this malware? 

The malware actor continues to publish malicious apps on the Google Play Store with various developer accounts. According to the information posted on Twitter by Yusuke Osumi, Security Researcher at Yahoo! Japan, the attacker sends SMS messages from overseas with a Google Play link to lure users to install the malware. To attract more users, the message entices users to update security software. 

A SMS message from France (from Twitter post by Yusuke)

Malware on Google Play 

The Mobile Research team also found that the malware actor uses Google Drive to distribute the malware. In contrast to installing an application after downloading an APK file, Google Drive allows users to install APK files without leaving any footprint and makes the installation process simpler. Once the user clicks the link, there are only a few more touches required to run the application. Only three clicks are enough if users have previously allowed the installation of unknown apps on Google Drive. 

Following notification from McAfee researchers, Google has removed known Google Drive files associated with the malware hashes listed in this blog post. 

What does this malware look like?

When a user installs and launches this malware, it asks for the Service password. Cleverly, the malware shows incorrect password messages to collect the more precise passwords. Of course, it does not matter whether the password is correct or not. It is a way of getting the Service password. The Service password is used for the payment service which provides easy online payments. The user can start this payment service by setting a Service password. The charge will be paid along with the mobile phone bill. 

How does this malware work?

There is a native library named ‘libmyapp.so’ loaded during the app execution written in Golang. The library, when loaded, tries to connect to the C2 server using a Web Socket. Web Application Messaging Protocol (WAMP) is used to communicate and process Remote Procedure Calls (RPC). When the connection is made, the malware sends out network information along with the phone number. Then, it registers the client’s procedure commands described in the table below. The web socket connection is kept alive and takes the corresponding action when the command is received from the server like an Agent. And the socket is used to send the Service password out to the attacker when the user enters the Service password on the activity. 

Registered RPC functions description 

To make a fraudulent purchase by using leaked information, the attacker needs to use the user’s network. The RPC command ‘toggle_wifi’ can switch the connection state to Wi-Fi or cellular network, and ‘connect_to’ will provide a reverse proxy to the attacker. A reverse proxy can allow connecting the host behind a NAT (Network Address Translation) or a firewall. Via the proxy, the attacker can send purchase requests via the user’s network. 

Conclusion

It is an interesting point that the malware uses a reverse proxy to steal the user’s network and implement an Agent service with WAMP. McAfee Mobile Research Team will continue to find this kind of threat and protect our customers from mobile threats. It is recommended to be more careful when entering a password or confidential information into untrusted applications. 

IoCs (Indicators of Compromise) 

193[.]239[.]154[.]23
91[.]204[.]227[.]132
ruboq[.]com 

The post Fake Security App Found Abuses Japanese Payment System appeared first on McAfee Blog.

One concern is tailgating — a social engineering attack where someone gets physical access to a business to take confidential information or do other harm. 

Here are some ways to protect yourself from tailgating attacks, such as an unauthorized person following you into a restricted area while on the job. 

What is a tailgating attack?

Tailgating is a type of social engineering attack where an unauthorized person gains physical access to an off-limits location — perhaps a password-protected area — where they might steal sensitive information, damage property, compromise user credentials or even install malware on computers. 

“Piggybacking” is closely related to tailgating, but it involves consent from the duped employee. So, while a worker might be unaware that someone has tailgated them into a restricted area with piggybacking, the hacker might convince a worker to provide access because they are posing as, say, a delivery driver. 

Who’s at risk of tailgating attacks?

Companies, particularly at risk of being targeted by tailgating scams, include those: 

• With many employees, often moving inside and out of the premises 
• With multiple entrance points into a building 
• That receive deliveries of food, packages, documents, and other things regularly 
• That have many subcontractors working for them 
• Where employees aren’t thoroughly trained in physical and cybersecurity protocols 

Generally speaking, companies with robust security systems in place — including using biometrics, badges, or other identity and information security measures — are better protected from tailgating and piggybacking attacks.  

But that’s not to say that some smooth-talking fraudster can’t talk someone into letting them in or finding some way around those protections. 

What are common tailgating methods?

Common types of tailgating attacks that you should be aware of on the job include:  

• Someone walking behind you into a secure area, depending on your common courtesy to keep the door open for them 
• A courier or delivery driver who aren’t what they seem 
• Someone with their hands full of items to trick you into opening the door for them 
• A person who claims they’ve lost their work ID or forgotten it at home, so that you grant them admittance 

How to protect yourself from tailgating attacks 

Protecting yourself from tailgating attacks is partly a matter of learning about the issue, raising your level of awareness on the job, and depending on your employer, putting in place more effective security systems.  

Some solutions include: 

Increased security training

Many companies know how to train employees to recognize, avoid, and cope with online security issues but may forget to provide the same diligence to physical security. How to spot and deal with threats should be part of this training, plus cultivating an awareness of surroundings and people who might be out of place.   

Management should offer a clearly stated security policy taught to everyone, which might insist that no one be allowed into a secure area without the proper pass or identification. As the security policy is updated, all employees should be aware of changes and additions. 

These security measures should be part of an overall protection program, like McAfee+, which includes antivirus software, a firewall, identity monitoring, password management, web protection, and more. 

Smart badges and cards

If you have a large business spread over several floors, it can be hard for employees to know who works there and who doesn’t, leaving them susceptible to tailgating and piggybacking attacks. Requiring smart badges and cards to access restricted areas can help cut back on unauthorized intrusions and provide better access control. 

Building fully staffed reception areas with dedicated security personnel could also be part of a larger security system. 

Biometric scanners

Biometric scanners are an even more advanced way to provide proper authentication for a worker’s identity. They scan a unique physical or audible feature of a person and compare it to a database for approved personnel.  

Examples of biometric security include: 

• Voice recognition 
• Iris recognition 
• Fingerprint scans 
• Facial recognition 
• Heart-rate sensors 

Understanding social engineering

One reason people are vulnerable to physical and cyberattacks is that they lack education on social engineering and the kinds of threats it poses.  

Workers need to understand the full range of social engineering techniques and know-how to protect themselves, whether in their social media accounts or physical work environment.  

For their part, companies can use simulated phishing emails and tailgating attacks to raise awareness and underline how to follow protocols in dealing with them. 

Video surveillance

If there are many ways to enter a business, it may make sense to put video surveillance on all entrances. Advanced video surveillance systems can use artificial intelligence (AI) and video analytics to scan the faces of people entering and compare them to a database of employee features. 

Discover how McAfee can help keep devices secure from hacking

Whether at work or at home, people want to be secure from attacks by cybercriminals who seek to take personal information. 

To add a layer of security to all their connected devices — including computers, smartphones, and tablets — an increasing number of people are turning to the comprehensive coverage of McAfee+ 

Features range from advanced monitoring of possible threats to your identity, automatic implementation of virtual private networks (VPNs) to deal with unsafe networks, and personal data clean-up, removing your information from high-risk data broker sites. 

McAfee protection allows you to work and play online with greater peace of mind. 

The post What Are Tailgating Attacks and How to Protect Yourself From Them appeared first on McAfee Blog.

Do yourself a favor: Open a new browser tab and head to your search engine of choice. Type in your full name and home address. Then, see what pops up. 

Are the results sparking an ember of unease in the back of your brain? Whether you’re a private person online or you’re comfortable sharing your daily life updates on social media, there are likely to be several personal details about you on sites that shouldn’t have that information. Some of these sites may be data brokerage websites.  

Data brokerage sites are legal and are mostly used by annoying advertisers, though cybercriminals may also use them maliciously. The average person has their information for sale on 31 data brokerage sites, and 95% of people have their personal information on sale without their permission. 

So how do you scrub the internet of your personal details to keep your identity secure? McAfee Personal Data Cleanup is a service that prevents your personal information from being collected and sold online. Here’s why you should consider taking a few easy steps now to give you peace of mind about the security of your personally identifiable information (PII). 

Make Your Attack Surface as Small as Possible 

Attack surface is a term usually applied to corporate security, but it’s a great visualization for everyday people going about their personal online errands and entertainment. An attack surface is the number of possible entry points a cybercriminal could weasel their way through to get at your valuable and private information. Entry points include your social media profiles, your online shopping accounts, and data brokerage sites. The fewer entry points you have, the harder it is for cybercriminals to find and exploit them. 

While Social Security Numbers (SSNs) are generally revered as the piece of PII to guard most closely, a cybercriminal can still damage your identity with just your name and an address, email address, or phone number. For example, they can request new passwords or multifactor authentication one-time passcodes to break their way into online banking or shopping accounts. Security breaches are happening to huge companies all over the world. All it takes is for your SSN to be leaked in one of them, for a cybercriminal to piece together your digital clone and use it to harm your identity or credit. 

Personal Data Cleanup minimizes your attack surface by removing as much PII as possible that’s floating around the internet, just waiting for someone to buy it.  

Give Yourself a Blank Online Slate 

When you’re aware of how many unauthorized vendors are selling your PII, it could be the wakeup call you need start adopting more cautious online habits. For instance, oversharing on social media leaks a lot of valuable details that a savvy criminal can then use to take educated guesses at your passwords or craft a social engineering plot catered just to you. 

The present is as good a time as any to start protecting your identity for the future; however, getting started is often the most difficult step. It can seem overwhelming to reach out to every data brokerage site individually and request they remove your info. Personal Data Cleanup can be your partner not only in beginning the cleanup process but in monitoring your data security to keep your online presence as minimal as possible. The service scans the internet’s riskiest sites and then, before deleting your information from these sites, runs it by you to confirm. Then, it will continually monitor those same sites, as your information will likely reappear every two to four months. 

Cleaning Up Your Data Is So Easy, There’s No Reason Not To 

Do not underestimate the tenacity of a cybercriminal. Even for people who have the attitude that their PII is bound to be somewhere online and that it’s no big deal, McAfee Personal Data Cleanup manages three key steps in the data removal process: scanning, removing, and monitoring. So, even if you’re not convinced that data brokerage sites are a threat, the process is too easy to put off any longer! 

For those who are concerned about their online privacy, full-service Personal Data Cleanup is included in McAfee+ Ultimate, which is the complete package to let you live your online life in private. McAfee+ Ultimate also includes identity monitoring and identity theft resolution services, unlimited VPN, credit lock, and much more.  

In 2021, more than 1.4 million identity theft complaints were filed to the Federal Trade Commission.1 Identity theft can occur to anyone, so take steps today, starting with data brokerage sites, to live a more secure and more private digital life. 

1Federal Trade Commission, “New Data Shows FTC Received 2.8 Million Fraud Reports from Consumers in 2021” 

The post McAfee Personal Data Cleanup: Your Partner in Living a More Private Online Life appeared first on McAfee Blog.

Authored by Dennis Pang

What is antivirus? That’s a good question. What does it really protect? That’s an even better question. 

Over the years, I’ve come to recognize that different people define antivirus differently. Some see it as way to keep hackers from crashing their computers. Others see it as a comprehensive set of protections. Neither definition is entirely on the money. 

With this blog, I hope to give everyone a clear definition of what antivirus does well, along with what it doesn’t do at all. The fact is that antivirus is just one form of online protection. There are other forms of protection as well, and understanding antivirus’ role in your overall mix of online protection is an important part of staying safer online. 

What is antivirus? 

Antivirus software protects your devices against malware and viruses through a combination of prevention, detection, and removal.  

For years, people have installed antivirus software on their computers. Today, it can also protect your smartphones and tablets as well. In fact, we recommend installing it on those devices as well because they’re connected, just like a computer—and any device that connects to the internet is a potential target for malware and viruses.  

In short, if it’s connected, it must get protected. 

One important distinction about antivirus is its name, a name that first came into use decades ago when viruses first appeared on the scene. (More on that in a bit.) However, antivirus protects you from more than viruses. It protects against malware too. 

Malware is an umbrella term that covers all types of malicious software regardless of its design, intent, or how its delivered. Viruses are a subset of malicious software that infects devices and then replicates itself so that it can infect yet more devices. 

So while we popularly refer to protection software as antivirus, it protects against far more than just viruses. It protects against malware overall. 

Now here’s where some confusion may come in. Some antivirus apps are standalone. They offer malware protection and that’s it. Other antivirus apps are part of comprehensive online protection software, which can include several additional far-reaching features that can protect your privacy and your identity.  

The reason why antivirus gets paired up with other apps for your privacy and identity is because antivirus alone doesn’t offer these kinds of protections. Yet when paired with things like a password manager, credit monitoring, identity theft coverage, and a VPN, to name a few, you can protect your devices—along with your privacy and identity. All the things you need to stay safer online. 

In short, antivirus doesn’t cut it alone. 

With that, let’s take a closer look at what malware and viruses really are—how they evolved, and what they look like today, along with how antivirus protects you against them. 

What was the first computer virus? 

Viruses have a long history. And depending on how you define what a virus is, the first one arguably took root in 1971—more than 50 years ago.  

It was known as Creeper, and rather than being malicious in nature, it was designed to show how a self-replicating program could identify other connected devices on a network, transfer itself to them, and find yet more devices to repeat the process. Later, the same programmer who created a follow-on version of Creeper developed Reaper, a program that could remove the Creeper program. In a way, Reaper could be considered the first piece of antivirus software. 

From there, it wasn’t until the 1980’s that malware started affecting the broader population, a time when computers became more commonplace in businesses and people’s homes.  

At first, malware typically spread by infected floppy disks, much like the “Brain” virus in 1986. While recognized today as the first large-scale computer virus, its authors say they never intended it to work that way. Rather they say they created Brain as an anti-piracy measure to protect their proprietary software from theft. However, Brain got loose. It went beyond their software and affected computers worldwide. Although not malicious or destructive in nature, Brain most certainly put the industry, businesses, and consumers on notice.  

Computer viruses became a thing. 

Another piece of malware that got passed along via floppy disks was the “PC Cyborg” attack that targeted the medical research community in and around 1989. There the malware would lie in wait until the user rebooted their computer for the 90th time. And on that 90th boot, the user was presented with a digital ransom note like the one here: 

Along with that note, PC Cyborg encrypted the computer’s files, which would only get unencrypted if the victim paid a fee—making PC Cyborg the first widely recognized form of ransomware. 

Shortly thereafter, the internet started connecting computers, which opened millions of doors for hackers as people went online. Among the most noteworthy was 1999’s “Melissa” virus, which spread by way of infected email attachments and overloaded hundreds of corporate and governmental email servers worldwide.  

It was quickly followed in 2000 by what’s considered the among the most damaging malware to date—ILOVEYOU, which also spread by way of an attachment, this one posing as a love letter. Specifically, it was a self-replicating worm that installed itself on the victim’s computer where it destroyed some information and stole other information, then spread to other computers. One estimate puts the global cost of ILOVEYOU at $10 billion and further speculated that it infected 10% of the world’s internet-connected computers at the time. 

Today’s malware and viruses—even more malicious today 

With the advent of the internet, malware quickly established itself as a sad fact of connected life. Today, McAfee registers an average of 1.1 million new malicious programs and potentially unwanted apps (PUA) each day, which contributes to the millions and millions of malicious programs already in existence.   

Apart from the sheer volume of malware out there today, another thing that distinguishes today’s malware from early malware attacks—they’re created largely for profit. 

We can think of it this way:  

• Consider all the banking, shopping, and personal business you conduct on your computer, tablet, and smartphone. If a bad actor can hack into your device with malware, it may give them access to your online banking accounts, credit cards, and other financial information. 
• Further, think of the important files you have stored on your devices. That may include tax returns, financial documentation, or payment information, which hackers can steal using malware—and then use it to commit identity theft or sell it to other bad actors on the dark web. 
• Finally, consider the digital valuables you have stored on your devices, like photos, personal letters, music, and even games. If a hacker locks them up with a ransomware attack, you might find yourself wondering if you should take the risk of paying the ransom, even though payment is no assurance that you’ll get them back. 

Today’s malware is far more than an annoyance or headache. It can lead to follow-on attacks that target your finances, your identity, your privacy, or a mix of all three. 

How does antivirus keep you safe?  

So with a million or so new threats coming online each day, and millions more out there already, how does antivirus protect you from malware? It blocks, detects, and removes malware. And it does so in a couple of ways: 

1. It protects you from existing threats based on an extensive list of known threats, which is updated regularly (a good reason to set your software to update automatically rather than manually). 
2. It protects you from entirely new threats with technologies that can accurately detect those threats. Not to get overly technical about it, this entails a blend of deep learning algorithms and artificial intelligence (AI) that spots new threats identifying sketchy behavior, such as abnormal demands and instructions. In short, the best antivirus today is smart. 

However, as mentioned earlier, antivirus provides only one aspect of online protection today. While it protects your devices and the data that’s on them, your privacy and identity can come under attack as well. So while antivirus alone can protect you from malware, it can’t prevent other forms of online crime like identity theft, phishing attacks designed to steal personal information, or attacks on your accounts, to name a few of the many other types of threats out there. 

Yet comprehensive online protection can. 

Antivirus, an essential part of your overall security mix 

Comprehensive online protection software like ours offers antivirus, along with specific services and features that protect your privacy and identity online as well. It gives you dozens of other features like identity theft coverage & restoration, personal data cleanup, security freezes, and an online protection score that shows you just how safe you are, along with suggestions that can make you safer still.  

So while protecting your devices with antivirus is a great start, it’s only one part of staying safer online. Including privacy and identity protection rounds out your protection overall. 

The post What is Antivirus and What Does It Really Protect? appeared first on McAfee Blog.

Have you ever been browsing online and clicked a link or search result that took you to a site that triggers a “your connection is not private” or “your connection is not secure” error code? If you’re not too interested in that particular result, you may simply move on to another result option. But if you’re tempted to visit the site anyway, you should be sure you understand what the warning means, what the risks are, and how to bypass the error if you need to.   

What does “this connection is not private” mean?

A “your connection is not private” error means that your browser cannot determine with certainty that a website has safe encryption protocols in place to protect your device and data. You can bump into this error on any device connected to the internet — computer, smartphone, or tablet.  

So, what exactly is going on when you see the “this connection is not private” error?  

For starters, it’s important to know that seeing the error is just a warning, and it does not mean any of your private information is compromised. A “your connection is not private” error means the website you were trying to visit does not have an up-to-date SSL (secure sockets layer) security certificate. 

Website owners must maintain the licensing regularly to ensure the site encryption capabilities are up to date. If the website’s SSL certificate is outdated, it means the site owners have not kept their encryption licensing current, but it doesn’t necessarily mean they are up to no good. Even major websites like LinkedIn have had momentary lapses that would throw the error. LinkedIn mistakenly let their subdomain SSL certificates lapse.  

In late 2021, a significant provider of SSL certificates, Let’s Encrypt, went out of business. When their root domain officially lapsed, it created issues for many domain names and SSL certificates owned by legitimate companies. The privacy error created problems for unwitting businesses, as many of their website visitors were rightfully concerned about site security.  

While it does not always mean a website is unsafe to browse, it should not be ignored. A secure internet connection is critical to protecting yourself online. Many nefarious websites are dangerous to visit, and this SSL certificate error will protect you from walking into them unaware.   

SSL certification standards have helped make the web a safer place to transact. It helps ensure online activities like paying bills online, ordering products, connecting to online banking, or keeping your private email accounts safe and secure. Online security continues to improve with a new Transport Layer Security (TLS) standard, which promises to be the successor protocol to SSL. 

So be careful whenever visiting sites that trigger the “connection is not private” error, as those sites can potentially make your personal data less secure and make your devices vulnerable to viruses and malware.  

Note: The “your connection is not private” error is Google Chrome‘s phrasing. Microsoft Edge or Mozilla Firefox users will instead see a “your connection is not secure” error as the warning message.   

How to fix the “connection is not private” error

If you feel confident that a website or page is safe, despite the warning from your web browser, there are a few things you can do to troubleshoot the error.  

• Refresh the page. In some cases, the error is just a momentary glitch. Try reloading the page to rule out a temporary error.  
• Close browser and reopen. Closing and reopening your web browser might also help clear a temporary glitch.  
• If you’re on public WiFi, think twice. Hackers often exploit public WiFi because their routers are usually not as secure or well-maintained for security. Some public WiFi networks may not have an SSL connection, or they may limit your access to websites. You can safely browse more securely in public spaces if you have an antivirus software or virtual private network (VPN) solution. 
• Use “Incognito” mode. The most used browsers (Google Chrome browser, Mac‘s Safari, Mozilla Firefox, and Microsoft Edge) offer an “Incognito mode” that lets you browse without data collecting in your history or cache. Open the site in a new incognito window and see if the error still appears.  
• Clear the cache on your browser. While cookies make browsing the web more convenient and personalized, they also can hold on to sensitive information. Hackers will take advantage of cached data to try and get passwords, purchase information, and anything else they can exploit. Clear browsing data before going to a site with the “connection is not secure” error to help limit available data for hackers.  
• Check the computer’s date and time. If you frequently see the “connection is not private” error, you should check and ensure your computer has the accurate time and date. Your computer’s clock can sometimes have time and date stamp issues and get glitchy in multiple ways. If it’s incorrect, adjust the date and set the time to the correct settings.  
• Check your antivirus software. If your antivirus software is sensitive, you may have to disable it momentarily to bypass the error. Antivirus software protects you, so you should be careful to remember to turn the software back on again after you’ve bypassed the error.  
• Be sure your browsers and operating systems are up to date. You should always keep your critical software and the operating system fully updated. An outdated browser can start getting buggy and can increase the occurrence of this kind of error.  
• Research the website. Do a quick search for the company of the website you wish to visit and make sure they are a legitimate business. You can search for reviews, Better Business Bureau ratings, or check for forums to see if others are having the same issue. Be sure you are spelling the website address correctly and that you have the correct URL for the site. Hackers can take advantage of misspellings or alternative URLs to try and snare users looking for trusted brands. 
• If it’s not you, it’s them. If you’ve tried all the troubleshooting techniques above and you still see the error, the problem is likely coming from the site itself. If you’re willing to take your chances (after clearing your browser’s cache), you can click the option to “proceed to the domain,” though it is not recommended. You may have to choose “advanced settings” and click again to visit the site.   

Remember, you are taking your chances anytime you ignore an error. As we mentioned, you could leave yourself vulnerable to hackers after your passwords, personal information, and other risks.  

How to protect your privacy when browsing online

Your data and private information are valuable to hackers, so they will continue to find new ways to try and procure it. Here are some ways to protect yourself and your data when browsing online.  

• Antivirus solutions are, hands down, your best line of protection against hacking. Solutions like McAfee+ Ultimate offer all the tools you need to secure your data and devices.  
• Use strong passwords and two-factor authentication when available. 
• Delete unused browser extensions (or phone apps) to reduce access. 
• Always keep your operating system and browsers up-to-date. You can open system preferences and choose to update your system automatically. 
• Use a secure VPN solution to shield your data when browsing. 
• Use your favorite browser’s incognito mode to reduce the data connected to your devices. 
• Remove any 3rd party apps from your social media accounts — especially if you’ve recently taken a Facebook quiz or similar (also, don’t take Facebook quizzes). 
• Engage the highest privacy settings in each of your browsers. 
• Always check the address bar for HTTPS before sharing credit cards or other sensitive data on a website. 
• Share less personal and private information on social media.  

Discover how McAfee keeps you and your data safe from threats

As we continue to do more critical business online, we must also do our best to address the risks of the internet’s many conveniences.  

A comprehensive cybersecurity tool like McAfee+ Ultimate can help protect you from online scams, identity theft, and phishing attempts, and ensure you always have a secure connection. McAfee helps keep your sensitive information out of the hands of hackers and can help you keep your digital data footprints lighter with personal data cleanup.  

With McAfee’s experts on your side, you can enjoy everything the web offers with the confidence of total protection. 

The post “This Connection Is Not Private” – What it Means and How to Protect Your Privacy appeared first on McAfee Blog.

It’s important to know that not all websites are safe to visit. In fact, some sites may contain malicious software (malware) that can harm your computer or steal your personal contact information or credit card numbers.  

Phishing is another common type of web-based attack where scammers try to trick you into giving them your personal information, and you can be susceptible to this if you visit a suspicious site.  

Identity theft is a serious problem, so it’s important to protect yourself when browsing the web. Online security threats can be a big issue for internet users, especially when visiting new websites or following site links. 

So how can you tell if you’re visiting a safe website or an unsafe website? You can use a few different methods. This page discusses key things to look for in a website so you can stay safe online. 

Key signs of website safety and security

When you’re visiting a website, a few key indicators can help determine whether the site is safe. This section explores how to check the URL for two specific signs of a secure website. 

”Https:” in the website URL

“Https” in a website URL indicates that the website is safe to visit. The “s” stands for “secure,” and it means that the website uses SSL (Secure Sockets Layer) encryption to protect your information. A verified SSL certificate tells your browser that the website is secure. This is especially important when shopping online or entering personal information into a website. 

When you see “https” in a URL, the site is using a protocol that encrypts information before it’s sent from your computer to the website’s server. This helps prevent anyone from intercepting and reading your sensitive information as it’s transmitted. 

A lock icon near your browser’s URL field

The padlock icon near your browser’s URL field is another indicator that a webpage is safe to visit. This icon usually appears in the address bar and means the site uses SSL encryption. Security tools and icon and warning appearances depend on the web browser. 

Let’s explore the cybersecurity tools on the three major web browsers: 

• Safari. In the Safari browser on a Mac, you can simply look for the lock icon next to the website’s URL in the address bar. The lock icon will be either locked or unlocked, depending on whether the site uses SSL encryption. If it’s an unsafe website, Safari generates a red-text warning in the address bar saying “Not Secure” or “Website Not Secure” when trying to enter information in fields meant for personal data or credit card numbers. Safari may also generate an on-page security warning stating, “Your connection is not private” or “Your connection is not secure.” 
• Google Chrome. In Google Chrome, you’ll see a gray lock icon (it was green in previous Chrome versions) on the left of the URL when you’re on a site with a verified SSL certificate. Chrome has additional indicator icons, such as a lowercase “i” with a circle around it. Click this icon to read pertinent information on the site’s cybersecurity. Google Safe Browsing uses security tools to alert you when visiting an unsafe website. A red caution symbol may appear to the left of the URL saying “Not secure.” You may also see an on-page security message saying the site is unsafe due to phishing or malware. 
• Firefox. Like Chrome, Mozilla’s Firefox browser will tag all sites without encryption with a distinctive marker. A padlock with a warning triangle indicates that the website is only partially encrypted and may not prevent cybercriminals from eavesdropping. A padlock with a red strike over it indicates an unsafe website. If you click on a field on the website, it’ll prompt you with a text warning stating, “This connection is not secure.” 

In-depth ways to check a website’s safety and security

Overall, the ”https” and the locked padlock icon are good signs that your personal data will be safe when you enter it on a website. But you can ensure a website’s security is up to par in other ways. This section will explore five in-depth methods for checking website safety. 

Use McAfee WebAdvisor

McAfee WebAdvisor is a free toolbar that helps keep you safe online. It works with your existing antivirus software to provide an extra layer of protection against online threats. WebAdvisor also blocks unsafe websites and lets you know if a site is known for phishing or other malicious activity. In addition, it can help you avoid online scams and prevent you from accidentally downloading malware. Overall, McAfee WebAdvisor is a useful tool that can help you stay safe while browsing the web. 

Website trust seals

When you’re browsing the web, it’s important to be able to trust the websites you’re visiting. One way to determine if a website is trustworthy is to look for trust seals. Trust seals are logos or badges that indicate a website is safe and secure. They usually appear on the homepage or checkout page of a website. 

There are many types of trust seals, but some of the most common include the Better Business Bureau (BBB) seal, VeriSign secure seal, and the McAfee secure seal. These seals indicate that a third-party organization has verified the website as safe and secure. 

While trust seals can help determine whether a website is trustworthy, it’s important to remember that they are not foolproof. Website owners can create a fake trust seal, so it’s always important to do your own research to ensure a website is safe before entering personal information. 

Check for a privacy policy

Another way to determine if a website is safe to visit is to check for a privacy policy. A privacy policy is a document that outlines how a website collects and uses personal information. It should also state how the site protects your data from being accessed or shared by scammers, hackers, or other unauthorized individuals. 

If a website doesn’t have a privacy policy, that’s a red flag that you shouldn’t enter any personal information on the site. Even if a website does have a privacy policy, it’s important to read it carefully so you understand how the site uses your personal data. 

Check third-party reviews

It’s important to do some preliminary research before visiting a new website, especially if you’re shopping online or entering personal data like your address, credit card, or phone number. One way to determine if a website is safe and trustworthy is to check third-party reviews. Several websites provide reviews of other websites, so you should be able to find several reviews for any given site.  

Trustpilot is one example of a website that provides reviews of other websites. 

Look for common themes when reading reviews. If most of the reviews mention that a website is safe and easy to use, it’s likely that the site is indeed safe to visit. However, if a lot of negative reviews mention problems with viruses or malware, you might want to avoid the site. 

Look over the website design

You can also analyze the website design when deciding whether a website is safe to visit. Look for spelling errors, grammatical mistakes, and anything that appears off. If a website looks like it was made in a hurry or doesn’t seem to be well-designed, that’s usually a red flag that the site might not be safe. 

Be especially careful of websites that have a lot of pop-ups. These sites are often spammy or contain malware. Don’t download anything from a website unless you’re absolutely sure it’s safe. These malicious websites rarely show up on the top of search engine results, so consider using a search engine to find what you’re looking for rather than a link that redirects you to an unknown website. 

Download McAfee WebAdvisor for free and stay safe while browsing

If you’re unsure whether a website is safe to visit, download McAfee WebAdvisor for free. McAfee WebAdvisor is a program that helps protect you from online threats, such as malware and viruses. It also blocks pop-ups and other intrusive ads so you can browse the web without worry. Plus, it’s completely free to download and use. 

Download McAfee WebAdvisor now and stay safe while browsing the web. 

The post How to Tell Whether a Website Is Safe or Unsafe appeared first on McAfee Blog.

What color jersey will you be sporting this November and December? The World Cup is on its way to television screens around the world, and scores of fans are dreaming of cheering on their team at stadiums throughout Qatar. Meanwhile, cybercriminals are dreaming of stealing the personally identifiable information (PII) of fans seeking last-minute vacation and ticket deals. 

Don’t let the threat of phishers and online scammers dampen your team spirit this World Cup tournament. Here are three common schemes cybercriminals will likely employ and a few tips to help you dribble around their clumsy offense and protect your identity, financial information, and digital privacy. 

1. Fake Contests

Phishers will be out in full force attempting to capitalize on World Cup fever. People wrapped up in the excitement may jump on offers that any other time of the year they would treat with skepticism. For example, in years past, fake contests and travel deals inundated email inboxes across the world. Some companies do indeed run legitimate giveaways, and cybercriminals slip in their phishing attempts among them. 

If you receive an email or text saying that you’re the winner of a ticket giveaway, think back: Did you even enter a contest? If not, treat any “winner” notification with skepticism. It’s very rare for a company to automatically enter people into a drawing. Usually, companies want you to act – subscribe to a newsletter or engage with a social media post, for example – in exchange for your entry into their contest. Also, beware of emails that urge you to respond within a few hours to “claim your prize.” While it’s true that real contest winners must reply promptly, organized companies will likely give you at least a day if not longer to acknowledge receipt. 

2. Travel Scams

Traveling is rarely an inexpensive endeavor. Flights, hotels, rental cars, dining costs, and tourist attraction admission fees add up quickly. In the case of this year’s host country, Qatar, there’s an additional cost for American travelers: visas.  

If you see package travel deals to the World Cup that seem too good to pass up … pass them up. Fake ads for ultra-cheap flights, hotels, and tickets may appear not only in your email inbox but also on your social media feed. Just because it’s an ad doesn’t mean it comes from a legitimate company. Legitimate travel companies will likely have professional-looking websites with clear graphics and clean website copy. Search for the name of the organization online and see what other people have to say about the company. If no search results appear or the website looks sloppy, proceed with caution or do not approach at all. 

Regarding visas, be wary of anyone offering to help you apply for a visa. There are plenty of government-run websites that’ll walk you through the process, which isn’t difficult as long as you leave enough time for processing. Do not send your physical passport to anyone who is not a confirmed government official. 

3. Malicious Streaming Sites

Even fans who’ve given up on watching World Cup matches in person aren’t out of the path of scams. Sites claiming to have crystal clear streams of every game could be malware spreaders in disguise. Malware and ransomware targeting home computers often lurk on sketchy sites. All it takes is a click on one bad link to let a cybercriminal or a virus into your device.  

Your safest route to good-quality live game streams is through the official sites of your local broadcasting company or the official World Cup site. You may have to pay a fee, but in the grand scheme of things, that fee could be a lot less expensive than replacing or repairing an infected device. 

Shore Up Your Defense With McAfee+ 

Here’s an excellent rule to follow with any electronic correspondence: Never send anyone your passwords, routing and account number, passport information, or Social Security Number. A legitimate organization will never ask for your password, and it’s best to communicate any sensitive financial or identifiable information over the phone, not email or text as they can easily fall into the wrong hands. Also, do not wire large sums of money to someone you just met online. 

Don’t let scams ruin your enjoyment of this year’s World Cup! With these tips, you should be able to avoid the most common schemes but to boost your confidence in your online presence, consider signing up for McAfee+. Think of McAfee+ as the ultimate goalkeeper who’ll block any cybercriminals looking to score on you. With identity monitoring, credit lock, unlimited VPN and antivirus, and more, you can surf safely and with peace of mind.  

The post Watch Out for These 3 World Cup Scams appeared first on McAfee Blog.

Protecting your devices with antivirus is a great start, yet it’s only one part of staying safer online. With the way scammers and thieves target people today, you need to protect yourself too—specifically your identity and privacy. 

Threats have evolved over the years. While hackers still wage malware attacks on computers, tablets, and smartphones, the devices aren’t the ultimate target. You are. The personal and private information created and kept on your devices have tremendous value because scammers and thieves can use it to steal your identity, open credit cards in your name, and commit all kinds of identity theft and fraud. 

Yet just as using antivirus protection can keep you safer online, using privacy and identity protection will keep you far safer still. Let’s look at how all three can work in concert.   

Privacy protection  

Privacy protection focuses on keeping your information from getting into the hands of advertisers, cybercriminals, and data brokers who want to use it for their benefit. To boost your online privacy, consider a few thoughtful additions to your daily browsing, email, and social media routine.   

First, think carefully about your social media habits. Do you post everything about your day and childhood, pin your location, and share photos of documents that include your full name, birthday, or address? You may want to consider cutting back on what you broadcast on the internet, especially if your account is public for anyone to view.  

Unfortunately, while your friends and family may love your status updates, cybercriminals love them more. After only minutes of snooping, cybercriminals can glean enough personal details about you to impersonate you or target a social engineering attempt at you. To keep your private information more private, limit what you share on social media, pare down your follower and friend lists to only the closest people, and if your social media account platform supports it set your account to private.  

One more way to protect your privacy is to use a virtual private network (VPN). A VPN allows you to remain far more anonymous online by shielding your location and device information, along with the data passing along your connection—which includes things like your passwords, account information, and other sensitive info. 

A VPN offers further protection when you’re logged on to a public network, like those in coffee shops, libraries, and transportation hubs. Cybercriminals often lurk on non-password-protected Wi-Fi networks and eavesdrop on people paying bills or online shopping to steal their credentials.  

However, criminals aren’t the only ones who intrude on your privacy. Online data brokers collect thousands of data points on millions of people, then post bits of that information for anyone to see and offer far more detailed information for a price.  

Who buys this information? More legitimate purposes include people conducting background checks, journalists, law enforcement, and, largely, advertisers. With such in-depth information, advertisers can target highly specific audiences with their ads, all based on personal information that can include shopping habits from customer loyalty cards, health data from fitness apps, and information scraped from public social media posts—just to name a few of the umpteen sources they draw from. 

Yet data brokers won’t discriminate. They’ll sell to scammers and thieves as well, who can then use that personal information to help them commit identity fraud and theft. 

However, you can do something about this. Personal data cleanup can scan some of the riskiest data broker sites and show you which ones are selling your personal info. It can also provide guidance on how you can remove your data from those sites and can even manage the removal for you. And because data brokers continually update their data, personal data cleanup will continue to monitor those sites and help you get your information removed should it crop up again. 

In all, if you feel that your privacy shouldn’t be up for grabs, a personal data cleanup service can  

Identity protection  

Another form of protection focuses on keeping you safer from identity theft and fraud. Here, thieves will steal personal and account information to rack up charges on existing credit and debit cards, open entirely new accounts and lines of credit, or impersonating the victim themselves for employment, health insurance coverage, or to commit other crimes in someone else’s name. 

A few forms of identity crime include: 

• New account theft occurs when a criminal successfully steals personal identifiable information (PII) and financial information and uses a victim’s excellent credit score to open new credit cards, utility accounts, cellphone accounts, and so forth.  
• Account takeover fraud involves the use of an existing debit card, credit card, or other accounts to rack up charges—which usually happens when username and password information is stolen via a phishing attack or as the result of a data breach.  
• Synthetic identity theft is a rising form of identity crime where thieves use a core piece of PII, like a Social Security Number in the U.S., to create an entirely new identity under a false name. With this “synthetic” identity, a scammer or thief can potentially open all manner of accounts, lines of credit, and even apply for benefits.   
• Medical identity theft happens when thieves impersonate patients to gain access to their prescription medications or have their medical treatments paid for by the identity theft victim.  
• Business identity theft can plague businesses of all sizes. Here, scammers and thieves will attempt to open new credit lines in the business’ name or send customers phony bills and collect the payments themselves.  

This list provides just a few examples, yet in all its forms, identity crime can affect your finances, credit score, and ability to secure loans, a mortgage, or future credit cards.  

One way to keep your identity secure is to guard your PII carefully. Never give out your Social Security Number unless it’s necessary—such for employment, opening bank and credit accounts, applying for public assistance, filing tax returns, or obtaining a driver’s license. While other businesses may ask you for your Social Security Number for identification purposes, you are not legally bound to provide it. You can ask to provide an alternate form. Also, never share it over email or text where it can be potentially intercepted.  

Beyond your Social Security Number, you can take steps to protect the many other forms of personal information you have. An identity monitoring service can keep tabs on everything from email addresses to IDs and phone numbers for signs of breaches so you can take action to secure your accounts before they’re used for identity theft.​ Likewise, credit monitoring can watch for unusual credit activity that could be an indicator of identity theft as well. ​ 

Should the unfortunate occur, identity theft & recovery coverage like ours can help you get back on track in several ways. First, it provides $1 million in identity theft coverage that covers travel expenses, legal fees, and stolen funds reimbursement. Additionally, it provides the assistance of a licensed identity theft recovery pro who can help you repair your identity and credit.  

Device security  

The third form of protection involves our devices, like computers, tablets, and phones—protecting them from both physical and digital threats. 

The first step you can take is to use a password, PIN, facial recognition, or other form of lock to keep your devices safer in the event of loss or theft. With this protection, your device is effectively an open book, providing a thief with access to all manner of personal information, accounts, and apps. 

Taking this protection a step further is learning to remotely locate your devices and then lock or wipe them. Many laptops and mobile devices offer location tracking services to help find a lost device—and yet others allow the owner to remotely lock or even wipe the contents of that device if they fear it’s lost for good or fallen into the wrong hands.  

It’s all rather straightforward, and device manufacturers have put up helpful web pages that can walk you through the process:  

• Apple provides iOS users with a step-by-step guide for remotely wiping devices  
• Google offers up a guide for Android users as well   
• For laptops, Microsoft and Apple users can take the following steps:    
• Windows: Enable in Settings > Update & Security > Find my device  
• macOS: Enable via Settings > Your Name > iCloud > Find My Mac  

Another good step you can take is to back up your files, whether with an online cloud service, a physical external drive, or both. By storing your files in the cloud, you can recover them quickly if your device is stolen and you have to remotely wipe its contents. Storing them on an external drive also lets you recover your files if your device is stolen, however, you’ll want to keep it in a secure location so that it can’t be stolen as well. Options include a fireproof safe where you keep other valuables or even a safe deposit box. The drawback is that you will have to back up files manually and regularly whereas cloud backup is practically automatic when you’re connected to the internet.   

Another component of device security is defending against malicious software. Viruses and malware can make their way onto your devices through several avenues, including sketchy websites, dishonest downloads, phishing schemes, and clicking on ads. The challenge is that several of these avenues can look rather legitimate at first glance. Sophisticated hackers, scammers, and thieves have learned how to make their bogus websites and search results look like the real thing. One way you can prevent making a bad click or downloading an attachment loaded with malware is to use web advisor software that can protect you while you browse. 

And finally, yes, antivirus is a must now just as it’s ever been. When kept up to date with the latest updates, it can prevent malware from getting onto your devices—plus scan, detect, and delete viruses and malware from your devices should they make their way onto them.  

Protecting your privacy, identity, and devices—today calls for all three 

The threats out there are many, and they go beyond threats to your devices. Hackers, scammers, and thieves are quite interested in you. Your accounts, your personal information, and anything they can grab to commit theft or fraud. Protecting yourself today calls for not only protecting your devices but your privacy and identity too. 

Comprehensive online protection software like ours covers all three—privacy, identity, and devices. It includes the protections mentioned above, plus dozens of features more such as ransomware coverage, credit freezes, security locks, and an online protection score that shows you just how safe you are, along with suggestions that can make you safer still.  

In all, it gives you far more control over your privacy and personal information, control that should rest in your hands, and not in the hands of data brokers, hackers, scammers, and thieves. 

The post Privacy, Identity, and Device Protection: Why You Need to Invest in All Three appeared first on McAfee Blog.

You may hear corporate cybersecurity experts hail the benefits of a VPN, or a virtual private network, to keep company information safe from ransomware attacks and cybercriminals seeking to steal valuable business secrets. It’s unlikely that everyday people, such as yourself, will be targeted by a ransomware scheme, so you may be puzzled about how a VPN can help someone like you be safer online. Luckily, with a VPN being very easy to install and use, you can indeed experience these three everyday benefits to keep your browsing activities safe from eavesdroppers seeking to profit from your online comings and goings. 

1. Stay Safe on Unsecure Networks

The most widely known benefit of a VPN for daily use is to safeguard your device when it’s connected to a public Wi-Fi network. Coffee shops, libraries, hotels, transportation hubs, and other public places often provide courtesy internet service to visitors. Shifty characters often lurk on unprotected networks to lift personally identifiable information (PII) from people handling sensitive emails, making banking transactions, or shopping online. Public Wi-Fi eavesdroppers can lift credit card numbers, addresses, birthdays, and Social Insurance Numbers. 

When you connect to public Wi-Fi that doesn’t have a lock icon, that’s a sign that you should toggle on your VPN. Also, even if you’re required to enter a password, be wary of any network you share with strangers.  

2. Hide Location Data

A VPN can also hide your location data. How does this help you protect your browsing history? First, when you scramble your location, you’re likely to confuse ad networks trying to send you targeted ads. This will free your social media feeds and search engines from targeted ads that often are so accurate they seem like an invasion of privacy. 

Second, hiding your location can protect you from cybercriminals looking to mine PII. VPNs make it impossible for criminals to discover your IP address. (The internet protocol address is what ties your device to a specific local network.) When they’re visible, criminals can trace IP addresses to reveal home addresses, full names, and phone numbers: all of which are key pieces of PII that, in the wrong hands, can jeopardize your identity.  

3. Restrict Data Snooping and Sharing 

While Canada and the European Union don’t allow ISPs (internet service providers) to even collect the browsing data of their customers, keep in mind that in some countries, like the U.S., ISPs can collect, store, share, and/or sell customer data. While advertisers are often the buyers of customer data, in the case of a breach, the more places your PII lives, the more likely it may be involved in a security incident. The goal is to limit the extent and number of places where your browsing history is stored. 

VPNs can scramble your online movements to the point where not even ISPs can track it. Plus, when you log out, your device doesn’t keep a record of what you did while connected to the VPN. Incognito mode on your internet browser hides your IP address, but the websites you visit still collect cookies and store data about your online whereabouts, meaning that it’s not truly private browsing. 

Protect Your Privacy With McAfee 

McAfee Safe Connect VPN encrypts your online activity to protect your data from prying eyes. With a premium paid plan, you can protect up to five devices at once with bank-grade Wi-Fi encryption. Feel more confident whenever you hop on the internet across all your connected devices with just one quick and easy step. 

The post Why Everyone Needs a VPN appeared first on McAfee Blog.

Monkey in the middle, the beloved playground staple, extends beyond schoolyards into corporate networks, home desktops, and personal mobile devices in a not-so-fun way. Known as a monkey-in-the-middle or man-in-the-middle attack (MiTM), it’s a type of cybercrime that can happen to anyone. 

Here’s everything you need to know about mobile MiTM schemes specifically, how to identify when your mobile device is experiencing one, and how to protect your personally identifiable information (PII) and your device from cybercriminals. 

What Is a Man-in-the-Middle Mobile Attack? 

A man-in-the-middle attack, or MiTM attack, is a scheme where a cybercriminal intercepts someone’s online activity and impersonates a trusted person or organization. From there, the criminal may ask personal questions or attempt to get financial information; however, since the mobile device owner thinks they’re communicating with someone with good intentions, they give up these details freely. 

MiTM is an umbrella term that includes several cybercrime tactics, such as: 

• IP spoofing. In this scheme, a criminal squeezes their way between two communicating parties by hiding their true IP address. (An IP address is the unique code assigned to each device that connects to the internet.) For example, the criminal may eavesdrop on a conversation between a bank representative and a customer. The criminal will pretend to be either party, gaining confidential financial information or giving incorrect banking details to receive wire transfers to their own bank account. 

• MFA bombing. A side effect of MFA fatigue, this occurs when a criminal gains access to someone’s login and password details but still needs to surpass a final barrier to entry into a sensitive online account: a one-time, time-sensitive multifactor authentication (MFA) code. The criminal either barrages someone’s phone with code request texts until the person disables MFA in annoyance, or the criminal impersonates a support employee and requests the code via phone, email, or text.  
• Session hijacking. This occurs when a cybercriminal takes over a user’s conversation or sensitive internet session (like online banking or online shopping) and continues the session as if they are the legitimate user. The criminal can do this by stealing the user’s session cookie. 

Cybercriminals gain access to mobile devices to carry out MiTM mobile attacks through three main methods: Wi-Fi eavesdropping, malware, or phishing. 

How Can You Identify a MiTM Mobile Attack?  

The most common giveaway of a MiTM attack is a spotty internet connection. If a cybercriminal has a hold on your device, they may disconnect you from the internet so they can take your place in sessions or steal your username and password combination. 

If your device is overheating or the battery life is much shorter than normal, it could indicate that it is running malware in the background. 

How to Protect Your Mobile Device 

If you can identify the signs of a MiTM attack, that’s a great first step in protecting your device. Awareness of your digital surroundings is another way to keep your device and PII safe. Steer clear of websites that look sloppy, and do not stream or download content from unofficial sites. Malware is often hidden in links on dubious sites. 

To safeguard your Wi-Fi connection, protect your home router with a strong password or passphrase. When connecting to public Wi-Fi, confirm with the hotel or café’s staff their official Wi-Fi network name. Then, make sure to connect to a virtual private network (VPN). A VPN encrypts your online activity, which makes it impossible for someone to digitally eavesdrop. 

Finally, a comprehensive antivirus software can clean up your device of malicious programs it might have contracted. 

McAfee+ Ultimate includes unlimited VPN and antivirus, plus a whole lot more to keep all your devices safe. It also includes web protection that alerts you to suspicious websites, identity monitoring, and daily credit reports to help you browse safely and keep on top of any threats to your identity or credit. 

A cybercriminal’s prize for winning a mobile scheme of monkey in the middle is your personal information. With preparation and excellent digital protection tools on your team, you can make sure you emerge victorious and safe. 

The post Everything You Need to Know to Avoid a Man-in-the-Middle Mobile Attack appeared first on McAfee Blog.

Internet security is a broad term that refers to a wide range of tactics that aim to protect activities conducted over the internet. Implementing internet security measures helps protect users from different online threats like types of malware, phishing attacks, scams, and even unauthorized access by hackers. 

In this article, we highlight the importance of internet security in safeguarding your computer network and outline what you can do to have a comprehensive computer security system in place. 

Why is internet security so important today?

As the internet expands and becomes an even bigger part of our lives, cyberthreats continue to grow both in scope and sophistication. According to Forbes, data breaches and cyberattacks saw an increase of 15.1% in 2021 compared to the previous year. These security threats come in different forms and vary in terms of complexity and detectability.  

Some common online threats people face today include: 

• Malware: Malicious software is an umbrella term that refers to any program that exploits system vulnerabilities to damage a computer system or network and steal sensitive information from users. Examples of malware include viruses, Trojans, ransomware, spyware, and worms. 
• Phishing: Phishing is cyberattacks that involve stealing a user’s sensitive data by duping them into opening an email or an instant message and clicking a malicious link. The data that cybercriminals target can range from login credentials to credit card numbers. Phishing attacks are often used for identity theft purposes. 
• Spam: Spam is a term that describes unwanted email messages sent in bulk to your email inbox. This tactic is generally used to promote goods and services users aren’t interested in. Spam mail can also contain links to malicious websites that automatically install harmful programs that help hackers gain access to your data. 
• Botnets: This contraction of “robot network” refers to a network of computers that have been infected with malware. The computers are then prompted to perform several automated tasks without permission. Examples of these tasks include sending spam and carrying out denial-of-service (DDoS) attacks. 
• Wi-Fi threats: Wi-Fi networks can be subject to a wide range of attacks that involve hackers exploiting unprotected connections and breaching data security to obtain sensitive information. 

While these internet security threats may seem overwhelming at first glance, safeguarding your computer or mobile devices from them is relatively easy. Below is a detailed look at some security solutions available to you. 

Internet security features to keep you safe online

As we stated above, setting up an internet security system is a relatively straightforward process. Here are some basic network security measures you can implement right away. 

Antivirus protection

The first step in making sure you have internet security is installing antivirus software. These programs are designed to prevent, search for, detect, and get rid of viruses and other types of malicious software.  

Antivirus software can run automatic scans to make sure no network or data breach has occurred and scan specific files or directories for any malicious activity or patterns. 

There are plenty of options to choose from when it comes to antivirus software, however, few programs offer the comprehensive level of protection the antivirus software included in McAfee® Total Protection provides to its users.  

McAfee’s antivirus software comes with a wide selection of features, including malware detection, quarantine, and removal, different options for scanning files and applications, and an advanced firewall for home network security.  

Create strong passwords

While this may sound obvious, it’s important to create strong and unique passwords for all your online accounts and devices. A significant percentage of data breaches occur as a result of simple password guessing.  

Some tips to follow when creating a password include: 

• Never use personal information, such as date of birth. 
• Don’t reuse passwords. 
• Avoid sequential numbers or letters. 
• Combine letters, numbers, and symbols. 
• Don’t use common words. 

It can also be a good idea to use a password manager, as this will help reduce the risk of your passwords getting leaked or lost. McAfee’s password manager, is particularly convenient thanks to its advanced encryption and multi-factor authentication. 

Check that your computer firewall is enabled

A firewall is a network security system built into your operating system. It monitors incoming and outgoing network traffic to prevent unauthorized access to your network. For it to be able to identify and block these threats, you’ll want to make sure your firewall is enabled on your device. If you’re unsure if your device comes with a firewall, you can benefit from one included in McAfee Total Protection. 

Use multi-factor authentication when possible

Multi-factor authentication (MFA) is an authentication method that requires at least two pieces of evidence before granting access to an app or website. Using this method as much as possible can add another layer of security to your applications and reduce the likelihood of a data breach. 

Choose a safe web browser

Your choice of browser is an important part of implementing internet security measures. In fact, web browsers vary widely in terms of the security features that they offer, with some offering just the basics and others providing a more complete range of features. Ideally, you should opt for a web browser that offers the following security features: 

• Private session browsing 
• Pop-up blocking 
• Privacy features 
• Anti-phishing filter 
• Automatic blocking of reported malicious sites 
• Cross-site script filtering 

How can you keep children safe online?

As children grow older, their internet use becomes more extensive. This can also increase their exposure to various security threats. To keep them safe online, educate them about the risks associated with web browsing and introduce them to some of the best practices for avoiding online threats like not sharing passwords. 

Explain which information should be shared and which information should be kept private and instruct them to never click on links from unknown sources. 

You should also take a more active approach to protect your children by setting parental controls on certain websites. For instance, you can use YouTube’s parental controls to filter any inappropriate content and keep a child-friendly interface. 

Internet security tips to know

The following tips can help you stay on the safe side in regard to internet security. 

• Install antivirus software on all your devices. This is the first step you should take when securing your mobile and computer systems. Internet security software identifies vulnerabilities and can neutralize threats before they become a bigger problem. 
• Keep your operating system and programs up to date. Neglecting to update your applications and operating systems can leave you exposed to threats as hackers seek to exploit unpatched vulnerabilities. 
• Use strong passwords. Using strong passwords reduces the risk of a hacker cracking it and gaining access to your system. 
• Use an ad blocker. Adware pop-ups often trick users into clicking on links that lead to malicious websites. Using an ad-blocker to help prevent this from happening. 

• Use parental controls. Setting parental controls makes web browsing safer for children and reduces the chances of virus infection. 
• Only shop on secure websites with “ https://” URLs. The “S” at the end of the HTTP extension stands for “secure” and indicates that the website has a security certificate and is safe for transactions. 
• Never submit financial information when using public Wi-Fi. Public Wi-Fi hot spots lack security measures and encryption, making them vulnerable to prying eyes. Sharing sensitive information like bank card numbers when connected to one isn’t recommended. 
• Use multifactor authentication. As we mentioned, MFA adds a layer of protection to the sign-in process and makes unauthorized access to your data extremely difficult. 
• Check your bank statements regularly to catch any suspicious activity. Keep an eye for any transaction that you don’t recall initiating, as this could be a sign of a malware infection. 

Protect your device from online threats with McAfee

While malware attacks are common, their prevalence shouldn’t deter you from browsing the internet as usual. Adhering to the internet security best practices outlined in this article can help keep you safe from the majority of security threats that you might encounter online. 

For added security, consider using an all-in-one antivirus solution like McAfee+. This is one of the most effective ways to safeguard your devices from online threats.  

Let McAfee handle your security while you focus on enjoying the web.  

The post What Is Internet Security? appeared first on McAfee Blog.

Authored by Oliver Devane 

It hasn’t taken malicious actors long to take advantage of the recent bankruptcy filing of FTX,  McAfee has discovered several phishing sites targeting FTX users.  

One of the sites discovered was registered on the 15th of November and asks users to submit their crypto wallet phrase to receive a refund. After entering this phrase, the creators of the site would gain access to the victim’s crypto wallet and they would likely transfer all the funds out of it. 

Upon analyzing the website code used to create the phishing sites, we noticed that they were extremely similar to previous sites targeting WalletConnect customers, so it appears that they likely just modified a previous phishing kit to target FTX users.  

The image below shows a code comparison between a website from June 2022, and it shows that the FTX phishing site shares most of its code with it.  

McAfee urges anyone who was using FTX to be weary of any unsolicited emails or social media messages they receive and to double-check the authenticity before accessing them. If you are unsure of the signs to look for, please check out the McAfee Scam education portal (https://www.mcafee.com/consumer/en-us/landing-page/retention/scammer-education.html) 

McAfee customers are protected against the sites mentioned in this blog 

The post Threat Actors Taking Advantage of FTX Bankruptcy  appeared first on McAfee Blog.

Following up on our previous blog, How to Stop the Popups, McAfee Labs saw a sharp decrease in the number of deceptive push notifications reported by McAfee consumers running Microsoft’s Edge browser on Windows.

Such browser-delivered push messages appear as toaster pop-ups in the tray above the system clock and are meant to trick users into taking various actions, such as installing software, purchasing a subscription, or providing personal information.

Upon further investigation, this major drop seems to be associated with a change in the behavior of the Edge browser with two notable improvements over older versions.

First, when users visit websites known to deliver deceptive push notifications, Edge blocks authorization prompts that could trick users into opting-in to receive popups:

Second, when unwanted popups do occur, it is now easier than ever to disable them, on a per-site basis.  Users can simply click the three dots (…) on the right of the notification and choose to “Turn off all notifications for” the domain responsible for the popup.

This is a great improvement over the previous experience of having to manually navigate browser settings to achieve the desired result.

Earlier this year, 9TO5Google reported a Chrome code change may be indicative of a similar crack down by Google on nefarious popups.

One can hope Google will follow Microsoft’s example to improve browser security and usability.

The post Microsoft’s Edge over Popups (and Google Chrome) appeared first on McAfee Blog.

Hackers have posted another batch of stolen health records on the dark web—following a breach that could potentially affect nearly 8 million Australian Medibank customers, along with nearly 2 million more international customers. 

The records were stolen in October’s reported breach at Medibank, one of Australia’s largest private health insurance providers. Given Australia’s population of almost 26 million people, close to a third of the population could find themselves affected.  

The hackers subsequently issued ransomware demands with the threat of releasing the records. With their demands unmet, the hackers then started posting the records in batches, the first on November 8th and the latest dropping on November 14th. 

According to Medibank, the records and information could include diagnoses, a list of conditions, and further information such as: 

“[P]ersonal data such as names, addresses, dates of birth, phone numbers, email addresses, Medicare numbers for AHM customers (not expiry dates), in some cases passport numbers for our international students (not expiry dates), and some health claims data.” 

Medibank continues to keep its customers up to date on the latest developments on its website and further states they will contact customers, via email and post, to clarify what has been stolen and what has been published on the dark web.  

What should I do if I think my information was caught up in the Medibank breach? 

Any time a data breach occurs, it means that your personal information could end up in the hands of a bad actor. In the case of Medibank, the hackers posted the stolen information on the dark web, which unfortunately means that the likelihood of a potential scammer or thief obtaining this information is a near certainty. 

In light of this, there are a few steps you can take to protect yourself in the aftermath of a data breach, which involves a combination of preventative steps and some monitoring on your part. 

Report unauthorised use of your information or accounts immediately 

Home Affairs Minister Clare O’Neil called for Australians to “Contact Services Australia if you believe there has been unauthorised activity in your Medicare account.” Further, Australians can take the following additional steps to protect themselves in the wake of identity theft. 

Keep an eye out for phishing attacks 

With some personal information in hand, bad actors may seek out more. They may follow up a breach with rounds of phishing attacks that direct you to bogus sites designed to steal your personal information—either by tricking you into providing it or by stealing it without your knowledge. So as it’s always wise to keep a skeptical eye open for unsolicited messages that ask you for information in some form or other, often in ways that urge or pressure you into acting. Always look out for phishing attacks, particularly after breaches. 

If you are contacted by Medibank, make certain the communication is legitimate. Bad actors may pose as Medibank to steal personal information. Do not click on links sent in emails, texts, or messages. Instead, go straight to the Medibank website or contact them by phone directly. 

Change your passwords and use a password manager 

While it does not appear that login information was affected, a password update is still a strong security move. Strong and unique passwords are best, which means never reusing your passwords across different sites and platforms. Using a password manager will help you keep on top of it all, while also storing your passwords securely. Moreover, changing your passwords regularly can reduce your risk in the event of a data breach. Namely, a breached password is no good to a hacker if you’ve changed it. 

Enable two-factor authentication 

While a strong and unique password is a good first line of defense, enabling two-factor authentication across your accounts will help your cause by providing an added layer of security. It’s increasingly common to see nowadays, where banks and all manner of online services will only allow access to your accounts after you’ve provided a one-time passcode sent to your email or smartphone. If your accounts support two-factor authentication, enable it. 

Consider using identity monitoring 

An identity monitoring service can monitor everything from email addresses to credit cards, bank account numbers and phone numbers for signs of breaches so you can take action to secure your accounts before they’re used for identity theft. Personal information harvested from data breaches can end up on dark web marketplaces where it’s bought by other bad actors so they can launch their own attacks. McAfee’s identity monitoring service helps you keep an eye on your personal info and provides alerts if your data is found, averaging 10 months ahead of similar services. 

Check your credit and consider a credit freeze 

When personal information gets released, there’s a chance that a hacker, scammer, or thief will put it to use. This may include committing fraud, where they draw funds from existing accounts, and theft, where they create new accounts in your name. This may include identity theft, where someone pretends to be you, generally to gain access to more information or services, and may escalate to identity fraud, where funds are stolen from your account. 

Another step that customers can take is to place a credit freeze on their credit reports with the major credit agencies in Australia— Equifax, illion, and Experian. This will help prevent bad actors from opening new lines of credit or take out loans in your name by “freezing” your credit report so that potential creditors cannot pull it for reference. Terms of freezing a credit report will vary, so check with each agency for details. 

Consider using comprehensive online protection 

A complete suite of online protection software can offer layers of extra security. Identity thieves generally focus on easy targets to save time. Elevated security across the majority of your data can make you a far more difficult target. In addition to more private and secure time online with a VPN, identity monitoring, and password management, this includes web browser protection that can block malicious and suspicious links that could lead you down the road to malware or a phishing scam—which antivirus protection can’t do alone. Additionally, McAfee offers support from a licensed recovery pro who can help you restore your credit, just in case. 

Should I replace my driver’s licence? 

Per Medibank, some victims of the breach may have had their driver’s licence number exposed. Given that a licence number is such a unique piece of personally identifiable information, anyone notified by Medibank that theirs may have been affected should strongly consider changing them. The process for replacing a licence document will vary depending on your state or territory.  

The recent Optus breach of September 2022 saw some states and territories propose making exceptions to the rules for attack victims, so look to your local government for guidance.  

The Medibank data breach – you have ways to protect yourself 

Not all data breaches make the news. Businesses and organizations, large and small, have all fallen victim to them, and with regularity. The measures you can take here are measures you can take even if you don’t believe you were caught up in the Medibank breach.  

However, you have every reason to act now rather than wait for additional news. Staying on top of our credit and identity has always been important, but given all the devices, apps, and accounts we keep these days leaves us more exposed than ever, which makes protection a must.  

The post The Medibank Data Breach – Steps You Can Take to Protect Yourself appeared first on McAfee Blog.

The joy of purchasing a new device is liberating. Now you can work, learn, and play faster — along with enjoying ample storage space. So, the last thing you’d expect is your apparently safe device being exposed to vulnerabilities, or “bloat.”  

Exposure to unwanted software can derail its performance and hog its storage within a few months of usage. In technical terms, such pieces of software are referred to as bloatware. Bloatware has the potential to attack PCs with Microsoft systems and Android devices. It can also attack Apple iPhones and Macs although their systems tend to be built with a bit more protection.  

This article defines bloatware, offers common examples, explains how to identify it, and discusses its impact on your computer’s security.  

What is bloatware?

Bloatware, also called Junkware or Potentially Unwanted Programs (PUP), are third-party programs that slow down the performance of your device and lay it bare to cybersecurity risks.  

Manufacturers initially introduced bloatware to provide users with more utility, but the programs led to device issues. Software programs that identify as bloatware run in the background, and locating them is not child’s play.  

Bloatware finds its way into your device in two ways: it comes pre-installed or through programs downloaded from the internet. Lenovo‘s Superfish bloatware scandal from 2015 explains how bloatware can harm your devices.  

What are examples of bloatware?

Common examples of bloatware apps include:  

• Weather checking apps 
• Finance/money apps 
• Gaming/sports apps 
• Map or navigation apps 
• Fitness/health apps 
• Messaging or video apps 
• Music (listening and recording) apps 
• Toolbars and junk-browser extensions 
• System update apps 
• Fake cleaner apps 
• Productivity assistants 

As a piece of good advice, it is best to uninstall such apps when of no use — whether on your Android smartphone, Windows computer, or an iOS device. 

Signs a program may be bloatware

Performance degradation is a common symptom of a device carrying bloatware. Extended boot-up times, clogged storage, and startup delays are common occurrences. Let’s review some programs that may also be bloatware: 

• Utilities. This type of bloatware typically shows up as pre-installed software on new devices. Manufacturers and third-party developers create these software programs that offer added functionality to the end-user. Examples include weather tracking apps, music apps, and productivity apps. 
• Trialware. This is a frequent form of bloatware that comes with new devices for free and works for a set trial period until a license is purchased. In a few cases, trialware is harmless and can be removed easily.  
• Adware. This is a famous type of software that showcases or downloads advertising material like banners or pop-ups.  

Here’s how to identify bloatware: 

• Anonymous apps installed on your device. Don’t recall installing a specific app on your device? It could be bloatware. Promptly delete apps that are unnecessary.  
• Bothersome upsells while using an app. Often, the purpose of bloatware is to generate money. It might deploy invasive marketing and sales techniques that can disturb your browsing experience.  
• Annoying pop-up ads in your browser. If you experience too many pop-up ads redirecting you to unsafe and suspicious websites, that points toward adware. Adware comes from the web and can modify your homepage or tab settings and change the browser setup. 

How can bloatware impact your computer’s security?

As mentioned, not all bloatware is a threat to your device. Some may be useful and can be removed easily. But a major chunk of bloatware is known to slow down your computer.  

Bloatware eats up a good chunk of the disk space or hard drive as it runs in the background, and it drains the battery life. Bloatware that isn’t removed quickly may clog your device with annoying ads. These ads can pose a security threat or even corrupt your operating system.  

Can you remove bloatware?

Sadly, it can be a challenge to uninstall bloatware because it finds its way back into the device — sometimes even after it has been deleted. In some cases, it may even redirect you to fake bloatware removal websites and offer malicious removal tools. Such websites ask you to install a new program to remove the previous one, trapping your device further. Unfortunately, there are no secret hacks to stop it from finding a way into your system. 

Pro tip: Anytime you download a program or software, be sure it’s from an official source (like a secured website, the Google Play Store, or the Apple App Store). Installing a program from a suspicious website can put your device at risk, as the program can download bundles of other programs on the back end without your knowledge.  

Windows 10 comes with a special refresh tool to remove any bloatware disguised as user-installed programs. This tool can bring your PC back to a clean slate. It’s important to check your hard drive beforehand, as it can also remove licenses.  

Protect your computer from dangerous security threats with McAfee

Bloatware can be both harmful and annoying. New devices need full-fledged protection so they can last longer. The answer to your bloatware woes is an antivirus program. It safeguards your computer from dangerous security threats and prevents accidental downloads, so malicious bloatware or malware can’t access your device.  

Bloatware can compromise your online safety and security. McAfee+’s protection package is the ideal investment for your new device, so you can work without any hassles or doubts.  

McAfee+ enables a top-tier level of online security with full protection from pesky software programs like bloatware. Additionally, you get access to antivirus software for unlimited devices, lost wallet protection, a secure VPN, personal data clean-ups, and more. Sign up for McAfee + and rest easy while your devices remain bloatware-free.  

The post What Is Bloatware and How Can It Impact Security? appeared first on McAfee Blog.

Here’s one way you can help reduce your chances of identity theft: remove your personal information from the internet. 

And chances are, you have more personal information posted online than you think. 

According to the U.S. Federal Trade Commission (FTC), consumers registered 1.4 million identity theft complaints in 2021, all part of a year where consumers reported losing $5.8 billion to fraud overall—a 70% increase over the year prior.  

What fuels all this theft and fraud? Access to personal information.  

Scammers and thieves can get a hold of personal information in several ways, such as through phishing attacks that lure you into handing it over, malware that steals it from your devices, by purchasing your information on dark web marketplaces, or as a result of information leaked in data breaches, just to name a few. 

However, scammers and thieves have other resources to help them commit theft and fraud—data broker sites, places where personal information is posted online for practically anyone to see. Which makes removing your info from them so important, from both an identity and privacy standpoint. 

What are data broker sites? 

Think of data broker sites as huge repositories of personal information. Search your name and address online and you’ll see. You’ll likely find dozens of sites that turn up information about you, some of which offer a few pieces for free and others that offer far more information for a price. 

Data brokers collect and then aggregate personal information from several sources, including: 

• Your public records posted online. 
• Information from social media accounts you keep public. 
• The websites you visit and the smartphone apps you use. 
• Along with retailers, who share information associated with your loyalty cards. 

Data brokers also buy personal information from other data brokers. As a result, some data brokers have thousands of pieces of data for billions of individuals worldwide.  

What could that look like? A broker may know how much you paid for your home, your education level, where you’ve lived over the years and who your lived with, your driving record, and possibly your political leanings. A broker may also know your favorite flavor of ice cream and your preferred over-the-counter allergy medicine thanks to information from loyalty cards. Further, they may also have health-related information from fitness apps. The amount of personal information can run that broadly, and that deeply. 

With information at this potential level of detail, it’s no wonder that data brokers rake in an estimated at $200 billion U.S. dollars worldwide every year. 

Who uses the personal information found on data broker sites?  

On the legitimate side, it’s used by advertisers to create targeted ad campaigns. With information sold by data brokers, they can generate lists based on highly specific criteria, such as shopping histories, personal interests, and even political leanings as mentioned above. Likely without you being aware of it—and likely with no way to contest that information if it’s incorrect. 

Other legitimate uses include using these sites for background checks. Law enforcement, reporters, and employers will use data brokers as a starting point for research because the leg work has largely been done for them. Namely, data brokers have aggregated a person’s information already, which is an otherwise time-consuming process. 

If this seems a little shady, it’s still legal. As of now, the U.S. has no federal laws that regulate data brokers or require data them to remove personal information if requested. A few states, such as Nevada, Vermont, and California, have legislation in place aimed at protecting consumers. Meanwhile, the General Data Protection Regulation (GDPR) in the European Union has stricter rules about what information can be collected and what can be done with it. Still, the data broker economy thrives. 

On the darker side, scammers and thieves use personal information for identity theft and fraud. With enough personal information gathered from enough sources, they can create a high-fidelity profile of their victims. One that gives them enough information to open new accounts in their name. 

So, from the standpoint of both privacy and identity, cleaning up your personal information online makes a great deal of sense.  

How to remove your personal information from the internet 

Let’s review some ways you can remove your personal information from data brokers and other sources on the internet.  

1. Request to remove data from data broker sites 

The process starts with finding the sites that have your information. From there, you can request to have it removed. Yet as mentioned above, there are dozens and dozens of these sites. Knowing where to start is a challenge in of itself, as is manually making the requests once you have identified the sites that post and sell information about you.  

Our Personal Data Cleanup can do the work for you. Personal Data Cleanup scans some of the riskiest data broker sites and shows you which ones are selling your personal info. It also provides guidance on how you can remove your data from those sites and can even manage the removal for you depending on your plan. ​It also monitors those sites, so if your info gets posted again, you can request its removal again. 

2. Limit the data Google collects 

As of September 2022, Google accounts for just over 92% of search engine market share worldwide. Aside from being a search engine, Google offers a myriad of other services and applications, such as Gmail and Google Maps. While Google offers plenty of tools for productivity, travel, work, and play for free, they still come at a cost—the gathering and analysis of your personal information.   

You can limit the data Google associates with you by removing your name from Google search results with a removal request. This will disable anyone online from getting any results if they search your name. (Note that this will not remove your information from the original sites and sources where it’s posted.) Moreover, Google collects all your browsing data continuously. You have the option to turn on “Auto Delete” in your privacy settings to ensure that the data is deleted regularly and help limit the amount of time your sensitive data stays vulnerable.  

You can also occasionally delete your cookies or use your browser in incognito mode to prevent websites from being tracked back to you. Go to your Google Chrome settings to clear your browser and cookie history.  

3. Delete old social media accounts and make the ones you keep private 

As discussed above, data brokers can collect information from public social media profiles. You can minimize your presence on social media to the bare minimum. Make a list of the ones you use or have used in the past. If there are old accounts that you no longer use or websites that have gone by the wayside like Myspace or Tumblr, you may want to deactivate them or consider deleting them entirely.   

For social media platforms that you still may use regularly, like Facebook and Instagram, consider adjusting your privacy settings to ensure that your personal information on these social media platforms is the bare minimum. For example, on Facebook you can lock your profile, while on Instagram you can stay private.  

4. Remove personal info from other websites and blogs 

If you’ve ever published articles, written blogs, or created any content online, it might be a good time to consider taking it down if it is no longer serving a purpose. Depending on what you’ve posted, you may have shared personal details about your life. Additionally, you might be mentioned by other people in various social media posts, articles, or blogs. It is worth reaching out to these people to request them to take down posts with sensitive information.  

Social media and online articles that host your personal information are often used when businesses or hackers are doing “internet scrapes” to find better ways to use your targeted information. Asking your friends or third-party sites to remove that information can help protect your privacy.  

5. Delete unused phone apps and restrict the settings for the ones you use 

Another way you can tidy up your digital footprint online involves deleting all the unnecessary phone apps that you no longer need or use. Even when apps are not open or in use, they may be able to track personal information such as your real-time location and even your payment details if you have a paid subscription to the app.   

Some apps even sell this data as it can be extremely advantageous to other companies, which they use to target certain consumer segments and profiles for advertising. Try to share as little information with apps as possible if you’re looking to minimize your online footprint, and provide them access to your photos, contacts, and location only on as-needed basis and only when the app is in use. Your phone’s app and location services settings will give you the tools to do it. 

Online protection software can keep your personal information more private and secure 

In addition to the steps above, comprehensive online protection software can keep you more private and minimize your risk of cybercrime. It can include: 

• An unlimited VPN can create a private internet connection that makes your personal information much more difficult to collect and track.  
• Identity monitoring can track several pieces of personal information and alert you if it’s found on the dark web.  
• Identity theft coverage & restoration can help should the unfortunate happen, which covers you with $1 million for legal feels, travel expenses, and stolen funds reimbursement, plus provides further assistance from a licensed recovery pro to repair your identity and credit. 
• Other features like safe browsing can help you avoid dangerous links, bad downloads, malicious websites, and more when you’re online—all of which scammers and thieves can use to steal personal info. 

So while it may seem like all this rampant collecting and selling of personal information is out of your hands, there’s plenty you can do to take control. With the steps outlined above and strong online protection software at your back, you can keep your personal information more private and secure. 

The post 5 Steps to Removing Your Personal Information From the Internet appeared first on McAfee Blog.

Smishing and vishing are scams where criminals attempt to get users to click a fraudulent link through a phone text message, email, or voicemail. These scams are becoming increasingly popular as cybercriminals try to take advantage of people who are more likely to fall for them, such as those who aren’t as familiar with technology or who may be experiencing a crisis. 

Be aware that cybercrime and hacking can happen to anyone. Criminals are always looking for new ways to exploit people, and they know that others may not be cautious or recognize the warning signs of phishing scams when using the internet. That’s why it’s important to be aware of the different types of cybercrime and how to protect yourself. 

This article discusses how to protect yourself from smishing attempts and scams where criminals try to get you to click on a fraudulent link or respond to their voicemail message to steal your personal data. 

What is smishing?

Most people are familiar with phishing scams, where scammers try to trick you into giving them your personal or financial information by pretending to be a legitimate company or organization. But have you ever heard of smishing or vishing? 

Smishing is a type of phishing scam where attackers send SMS messages (or text messages) to trick victims into sharing personal information or installing malware on their devices. Vishing is almost identical to smishing, except cybercriminals use VoIP (Voice over IP) to place phone calls to trick victims instead of SMS (short message service) messages. 

Smishing messages often appear to be from a legitimate source, such as a well-known company or government agency. It may even include urgent language or threats in an effort to get victims to act quickly. In some cases, the message may also include a link that directs victims to a fake website where they are prompted to enter personal information or download malware. 

Examples of a smishing text message

Here are some examples of smishing text messages hackers use to steal your personal details: 

• “We have detected unusual activity on your account. Please call this number to speak to a customer service representative.” 
• “You have won a free gift card! Click here to claim your prize.” 
• “Hi! We noticed that you’re a recent customer of ours. To finish setting up your account, please click this link and enter your personal information.” 
• “Urgent! Your bank account has been compromised. Please click this link to reset your password and prevent any further fraud.” 
• “Hey, it’s [person you know]! I’m in a bit of a bind and could really use your help. I sent you a link to my PayPal, could you send me some money?” 

How dangerous can smishing be?

If you fall for a smishing scam, you could end up giving away your personal information or money. Cybercriminals use smishing messages to get personal and financial information, like your credit card number or access to your financial services.  

For example, one type of smishing scam is when you get a text message that looks like it’s from your bank. The message might say there’s been suspicious activity on your account and that you need to click on a link to verify your identity. If you do click on the link, you’ll be taken to a fake website where you’ll be asked to enter your banking information. Once the scammers have your login information, they have access to clean out your account. 

How can you protect yourself from smishing?

Smishing scams can be very difficult to spot, but there are some telltale signs to look for and steps to take to protect yourself. 

Recognize the signs of a smishing text

One of the easiest ways to protect yourself from smishing scams is to be able to recognize the signs of a smishing text message. Here are some tips: 

• Be suspicious of any text messages that ask for personal information or include a link. 
• Look closely at the sender’s name and number. Fraudulent messages often come from spoofed numbers that may look similar to a legitimate number but with one or two digits off. 
• Look for errors in spelling or grammar. This can be another sign that the message is not legitimate. 
• Beware of any text messages that create a sense of urgency or are threatening in nature. Scammers often use these tactics to get you to act quickly without thinking. 
• If you’re not expecting a message from the sender, be extra cautious. 
• If you’re unsure whether a text message is legitimate, call the company or organization directly to verify. 

Filter unknown text messages

While you can’t avoid smishing attacks altogether, you can block spam text messages you receive on your mobile phone. iPhone and Android have cybersecurity tools like spam filters and phone number blocking to help protect you from phishing attacks and malicious links. 

To set up spam filters on your iPhone: 

1. Go to the Settings App 
2. Go to Messages 
3. Find the Filter Unknown Senders option and turn it on 

To set up spam filters on your Android mobile device: 

1. Go to the Messaging App 
2. Choose Settings 
3. Tap Spam Protection and turn on Enable Spam Protection 

Use McAfee Mobile Security 

McAfee Mobile Security is a mobile security app that helps protect your phone from malware, phishing attacks, and other online threats. McAfee Mobile Security is available for Android and iOS cell phones. 

One of the benefits of using McAfee Mobile Security is that it can help detect and block smishing attacks. With identity monitoring, McAfee Mobile Security monitors your sensitive information like email accounts, credit card numbers, phone numbers, Social Security numbers, and more to protect against identity theft. They notify you if they find any security breaches. 

Other benefits include: 

• Antivirus 
• Secure VPN for privacy online 
• Identity monitoring for up to 10 emails 
• Guard your identity against risky Wi-Fi connections 
• Safe browsing 
• System Scan for the latest updates 

Keep your device and information secure with McAfee Mobile Security

These days, our lives are more intertwined with our mobile devices than ever. We use them to stay connected with our loved ones on social media, conduct our business, and even access our most personal, sensitive data. It’s no surprise that mobile cybersecurity is becoming increasingly important. 

McAfee Mobile Security is a comprehensive security solution that helps protect your device from viruses, malware, and other online threats. It also offers a variety of other features, like a secure VPN to protect your credit card numbers and other personal data.  

Whether you’re browsing your favorite website, keeping up with friends on social media, or shopping online at Amazon, McAfee Mobile Security provides the peace of mind that comes from knowing your mobile device is safe and secure. 

So why wait? Don‘t let the smishers win. Get started today with McAfee Mobile Security and rest easy knowing your mobile device and sensitive information are protected. 

The post What Is Smishing and Vishing, and How Do You Protect Yourself? appeared first on McAfee Blog.

Authored by: Christy Crimmins and Oliver Devane

Football (or Soccer as we call it in the U.S.) is the most popular sport in the world, with over 3.5 billion fans across the globe. On November 20th, the men’s World Cup kicks off (pun intended) in Qatar. This event, a tournament played by 32 national teams every four years, determines the sport’s world champion. It will also be one of the most-watched sporting events of at least the last four years (since the previous World Cup). 

An event with this level of popularity and interest also attracts fraudsters and cyber criminals looking to capitalize on fans’ excitement. Here’s how to spot these scams and stay penalty-free during this year’s tournament. 

New Cup, who’s this? 

Phishing is a tool that cybercriminals have used for years now. Most of us are familiar with the telltale signs—misspelled words, poor grammar, and a sender email whose email address makes no sense or whose phone number is unknown. But excitement and anticipation can cloud our judgment. What football fan wouldn’t be tempted to win a free trip to see their home team participate in the ultimate tournament? Cybercriminals are betting that this excitement will cloud fans’ judgment, leading them to click on nefarious links that ultimately download malware or steal personal information. 

It’s important to realize that these messages can come via a variety of channels, including email, text messages, (also known as smishing) and other messaging channels like WhatsApp and Telegram. No matter what the source is, it’s essential to remain vigilant and pause to think before clicking links or giving out personal or banking information.  

For more information on phishing and how to spot a phisher, see McAfee’s “What is Phishing?” blog. 

Real money for fake tickets 

According to ActionFraud, the UK’s national reporting center for fraud and cybercrime, thousands of people were victims of ticket fraud in 2019—and that’s just in the UK. Ticket fraud is when someone advertises tickets for sale, usually through a website or message board, collects the payment and then disappears, without the buyer ever receiving the ticket.  

The World Cup is a prime (and lucrative) target for this type of scam, with fans willing to pay thousands of dollars to see their teams compete. Chances are most people have their tickets firmly in hand (or digital wallet) by now, but if you’re planning to try a last-minute trip, beware of this scam and make sure that you’re using a legitimate, reputable ticket broker. To be perfectly safe, stick with well-known ticket brokers and those who offer consumer protection. Also beware of sites that don’t accept debit or credit cards and only accept payment in the form of bitcoin or wire transfers such as the one on the fake ticket site below:  

The red box on the right image shows that the ticket site accepts payment via Bitcoin.  

Other red flags to look out for are websites that ask you to contact them to make payment and the only contact information is via WhatsApp. 

Streaming the matches 

Let’s be realistic—most of us are going to have to settle for watching the World Cup from the comfort of our own home, or the pub down the street. If you’re watching the tournament online, be sure that you’re using a legitimate streaming service. A quick Google of “FIFA World Cup 2022 Official Streaming” along with your country should get you the information you need to safely watch the event through official channels. The FIFA site itself is also a good source of information.  

Illegal streaming sites usually contain deceptive ads and malware which can cause harm to your device.  

Don’t get taken to the bank 

In countries or regions where sports betting is legal, the 2022 World Cup is expected to drive an increase in activity. There’s no shortage of things to bet on, from a simple win/loss to the exact minute a goal will be scored by a particular player. Everything is subject to wager.   

As with our previous examples, this increase in legitimate gambling brings with it an increase in deceptive activity. Online betting scams often start when users are directed to or search for gambling site and end up on a fraudulent one. After placing their bets and winning, users realize that while they may have “won” money, they are unable to withdraw it and are even sometimes asked to deposit even more money to make winnings available, and even then, they still won’t be. By the end of this process, the bettor has lost all their initial money (and then some, potentially) as well as any personal information they shared on the site.  

Like other scams, users should be wary of sites that look hastily put together or are riddled with errors. Your best bet (yes, again, pun intended) is to look for an established online service that is approved by your government or region’s gaming commission. Finally, reading the fine print on incentives or bonuses is always a good idea. If something sounds too good to be true, it’s best to double-check. 

For more on how you can bet online safely, and for details on how legalized online betting works in the U.S., check out our blog on the topic.  

Keep that Connection Secure 

Using a free public Wi-Fi connection is risky. User data on these networks is unprotected, which makes it vulnerable to cyber criminals. Whether you’re traveling to Qatar for a match or watching the them with friends at your favorite pub, if you’re connecting to a public Wi-Fi connection, make sure you use a trusted VPN connection. 

Give scammers a straight red card this World Cup 

For more information on scams, visit our scam education page. Hopefully, with these tips, you’ll be able to enjoy and participate in some of the World Cup festivities, after all, fun is the goal!  

The post Don’t Get Caught Offsides with These World Cup Scams appeared first on McAfee Blog.

There’s no doubt that cyber bullying ranks towards the top of most parents ‘worry list’. As a mum of 4, I can tell you it always came in my top five, usually alongside driving, drugs, cigarettes and alcohol! But when McAfee research in May revealed that Aussie kids experience the 2nd highest rate of cyberbullying out of the 10 countries interviewed, my heart skipped a beat. Clearly cyberbullying is a big problem for Aussie kids. Bigger than I had previously thought. But many of us parents had so many more questions: what can it look like? where does it happen? and could my child be a perpetrator? 

So, as an ally of connected families, McAfee set out to answer these questions so undertook more research through a detailed 10-country online questionnaire to 11,687 parents and their children in June. And the answers were quite revealing… 

What is Cyberbullying? 

Before we get into the results, let’s clarify what cyberbullying means. There is often a lot of confusion because let’s be honest, different kids have different tolerances, standards and cultural lenses for what is and isn’t acceptable behaviour. The definition of cyberbullying used in McAfee’s report was based on the definition by StopBullying.Gov:   

Cyberbullying is bullying that takes place over digital devices like cell phones, computers, and tablets. Cyberbullying can occur through SMS, Text, and apps, or online in social media, forums, or gaming where people can view, participate in, or share content. Cyberbullying includes sending, posting, or sharing negative, harmful, false, or mean content about someone else. It can include sharing personal or private information about someone else causing embarrassment or humiliation. Some cyberbullying crosses the line into unlawful or criminal behaviour.  

McAfee’s definition was then expanded to include specific acts of cyberbullying, such as: 

• flaming – online arguments that can include personal attacks 
• outing – disclosing someone’s sexual orientation without their consent  
• trolling – intentionally trying to instigate a conflict through antagonistic messages 
• doxing – publishing private or identifying information without someone’s consent  

Along with other acts, including:  

• name calling  
• spreading false rumours  
• sending explicit images or messages  
• cyberstalking, harassment, and physical threats  
• exclusion from group chats and conversation 

What Is The Most Common Form of Cyberbullying for Aussie Kids? 

Even though racially motivated cyberbullying is on the rise, name-calling is the most common form of cyberbullying with 40% of kids globally reporting that they have been on the receiving end of it. Interestingly, in Australia, our kids receive this style of bullying more frequently, with 49% of Aussie kids affected.  

Exclusion from group chats and conversations is the 2nd most commonly reported form of cyberbullying with 36% of kids globally experiencing it. In Australia, this is higher at 42%. 

The spreading of false rumours rounds out the top three forms and was reported by 28% of children globally. Curiously, Aussie kids don’t seem to use this form just as commonly with just 24% affected. Japan stands out as the leader in this reported form of cyberbullying at 44% followed by Germany at 35% and India at 39%. 

1 in 8 Aussie kids reports receiving extreme cyberbullying threats eg stalking, harassment and physical threats online. This is in line with the global average however in India and the US, more young people are affected with 1 in 5 reporting this behaviour. 

Where Is Cyberbullying Taking Place? 

It’s All About Social Media 

It’s no surprise that the bulk of cyberbullying is happening on social media with 32% of kids affected globally. Group chats come in as the 2nd most commonplace with 24% of kids involved followed by online gaming being an issue for 22% of kids surveyed. 21% of kids experienced cyberbullying on websites and forums and 19% identified that they experienced cyberbullying via text messages.  

Globally, Facebook is the social media site where cyberbullying is most likely to occur. 53% of children report witnessing it and 50% report experiencing it. This is followed by Instagram (40% witnessing and 30% experiencing), YouTube, TikTok and then Twitter. 

Overall, Aussie kids appear to experience less cyberbullying on social media with just 47% witnessing it on Facebook and 37% experiencing it. Our kids also report lower levels on Instagram as well with 34% witnessing and 30% experiencing.  

Snapchat Is a Cyberbullying Hot Bed for Aussie Kids 

It appears that Snapchat is unfortunately where a lot of undesirable behaviour happens for our Aussie kids with 34% reporting that they have been affected on this platform – a huge 10% above the international average and the highest of any country included in the survey. 

Who’s Doing The Bullying? 

Most Cyberbullying Comes From Someone Known To The Victim 

I’m sure it’s not a surprise to many parents that most cyberbullying comes from someone known to the victim. In fact, 57% of kids worldwide confirmed this with just 45% nominating that the cyberbullying they received had been initiated by a stranger. And Aussie kids’ experiences reflect the global norm with 56% expressing that they also knew the perpetrator but only 36% experienced cyberbullying from a stranger. Interestingly, only India, reported more cyberbullying at the hands of strangers (70%) than by someone the child knows (66%). 

Most Kids Don’t Think They’ve Ever Been Cyberbullied But The Results Show Otherwise 

Globally, 81% of all children surveyed stated that they had never cyberbullied anyone while just 19% admitted that they had. But when questioned further, it became apparent that there may be some disconnect. In fact, when asked about specific cyberbullying behaviours, more than half of children worldwide (53%) admitted to committing one or more types of cyberbullying —perhaps indicating that their definition of cyberbullying differs from the clinically accepted definition. The most common acts that they admitted to included making a joke at someone else’s expense (22%), name-calling (18%) and excluding someone from a chat or conversation (15%).  

Are Aussie Kids and Parents Worried? 

It appears that our kids are calmer about the state of cyberbullying that their peers worldwide. Only 46% of our kids reported they were more concerned about being cyberbullied now than last year, compared to a 59% average worldwide. Aussie children said they are among the least concerned children in the world, alongside Canada at 44%, the U.K. at 43%, and Germany at 38%. 

And Aussie parents also appear calmer than parents from other countries with only 61% nominating they were more concerned about their child being cyberbullied today versus last year, compared to the 72% international average.  Australian parents also showed the least level of worry that their child may be a cyberbully. Only 41% said that they worried this was more likely this year than last, compared to 56% of parents elsewhere. 

Now, this could be because the online learning and tech-heavy phase of the pandemic is, thankfully, over and we are not as focussed on technology-related issues. Or perhaps it’s because we really are a nation of ‘laid-back’ types! The jury is still out… 

What Do We Do About It? 

We all know that it’s impossible to fix a problem if you don’t truly understand it. So, while these statistics might be a little overwhelming, please soak them in. Appreciating the complexities of this problem and digesting how cyberbullying can look and impact our kids is essential. Now, as first-generation digital parents, it may take us a little longer to wrap our heads around it and that’s ok. The most important thing is that we commit to understanding the problem so that we are in the best position possible to support and guide our kids. 

In my next blog post, I will be sharing more detailed strategies that will help you minimise the risk of your child becoming a victim of cyberbullying. I will also include advice on what to do if your child is affected by cyberbullying plus what to do if your child is in fact a cyberbully. 

‘Till next time. 

Stay Safe Online 

Alex  

The post How Cyberbullying Looks In Australia in 2022 appeared first on McAfee Blog.

Malicious software, or “malware,” refers to any program designed to infect and disrupt computer systems and networks. The risks associated with a malware infection can range from poor device performance to stolen data. 

However, thanks to their closed ecosystem, built-in security features, and strict policies on third-party apps, Apple devices tend to be less prone to malware infections compared to their Android counterparts. But it’s important to note that they’re not completely without vulnerabilities.  

Several iPhone viruses could infect your smartphone and affect its functionality, especially if you jailbreak your iPhone (that is, opening your iOS to wider features, apps, and themes).  

This article covers how you can detect malware infections and how to remove viruses from your device so you can get back to enjoying the digital world. 

How does malware affect iPhones?

Malware can affect your iPhone in a variety of ways. Here are a few telltale signs that your iPhone might have an unwelcome visitor.  

• Your iPhone’s battery life is shorter than usual. 
• Pop-up ads frequently appear. 
• Apps crash for no apparent reason. 
• Unfamiliar apps are installed on your iPhone. 
• You notice high data usage. 
• The operating system is noticeably slow. 
• Your iPhone is overheating. 

How to check your iPhone for malware

If you notice any of the signs above, it’s a good idea to check for malware. Here are some steps you can take. 

1. Look for unfamiliar apps. If you’re anything like the average smartphone user, you’ve probably downloaded dozens (if not hundreds) of apps. The sheer number of programs on your iPhone makes it easy for malicious apps to hide in plain sight and remain undetected for a long time. Take some time to swipe through all of your apps and closely inspect any that you don’t remember downloading or installing. 
2. Check your data usage. Heavy data usage can be a sign of a malware infection, which is why you should keep an eye on it if you suspect a virus is in your system. To do so, go to Settings > Mobile Data and check if your data usage is higher than usual. 
3. Check power consumption. Some types of malware run in the background and consume a significant amount of power without you noticing. To make sure that no such apps are installed on your phone, head over to Settings > Battery and select a period of your choice. Uninstall any unfamiliar apps that stand out. 
4. Keep an eye on pop-up ads. Running into pop-up ads is inevitable when browsing the internet. However, your phone might be infected with adware if you’re getting them at an alarming frequency. 
5. Scan your phone using antivirus software. As helpful as these steps are, running a complete scan using antivirus software is one of the most effective ways to detect malware. If you don’t have one installed already, consider using McAfee Mobile Security. This comprehensive security solution provides full-scale protection that includes a safe browsing feature to protect your digital life, Wi-Fi privacy, and a VPN for a more secure internet connection. Highly effective scans detect malicious apps and unwanted visitors before they enter your digital space. 

How to remove malware from your iPhone

If you’ve confirmed malware on your iPhone, don’t worry. There’s still time to protect yourself and your data. Below is an action plan you can follow to remove malware from your device. 

Update your iOS (if applicable)

In many cases, hackers exploit outdated versions of iOS to launch malware attacks. If you don’t have the latest version of your operating system, it’s a good idea to update iOS to close this potential vulnerability. Just follow these steps: 

1. Go to Settings. 
2. Click on General. 
3. Click on Software Update. 
4. Follow the instructions to update your iPhone. 

Restart your device

It might sound simple, but restarting your device can fix certain issues. The system will restart on its own when updating the iOS. If you already have the latest version, restart your iPhone now. 

Clear your iPhone browsing history and data

If updating the iOS and restarting your device didn’t fix the issue, try clearing your phone’s browsing history and data. If you’re using Safari, follow these steps: 

1. Go to Settings. 
2. Click on Clear History and Website Data.  
3. Click on Clear History and Data.  

Keep in mind that the process is similar for Google Chrome and most other popular web browsers. 

Remove any suspicious apps

Malicious software, such as spyware and ransomware, often end up on phones by masquerading as legitimate apps. To err on the side of caution, delete any apps that you don’t remember downloading or installing. 

Restore your iPhone

The option to restore to a previous backup is one of the most valuable features found on the iPhone and iPad. Essentially, this allows you to restore your device to an iCloud backup made before the malware infection.  

Here’s how: 

1. Go to Settings. 
2. Click on General. 
3. Click on Transfer or Reset iPhone. 
4. Choose Erase All Content and Settings. 
5. Choose Restore from iCloud Backup. 

Factory reset your iPhone

If none of the steps above solves the problem, a factory reset might be the next order of business. Restoring your phone to factory settings will reset it to its out-of-factory configuration, deleting all of your apps, content, and settings in the process and replacing them with original software only. 

To factory reset your iPhone, follow these steps: 

1. Go to Settings. 
2. Click on General.  
3. Click on Transfer or Reset iPhone.  
4. Choose Erase All Content and Settings. 
5. Choose Set Up as New iPhone. 

How to keep your iPhone safe from malware

The best way to protect your iOS device is to avoid malware in the first place. Follow these security measures to safeguard your device: 

• Don’t click on suspicious links. 
• Don’t install apps that Apple doesn’t recognize. 
• Only download apps from the App Store. 
• Don’t jailbreak your iPhone, as this will remove most Apple security features. 
• Enable automatic updates for iOS and iTunes to stay in line with Apple’s security updates and bug fixes. 
• Keep frequent data backups. 
• Avoid engaging with suspicious text messages on iMessage, as hackers use them to spread phishing scams. 

Secure your iPhone with McAfee Mobile Security 

If you have an iPhone and are like most other people, you probably use your device for almost everything you do online. And while it’s amazing to have the internet in the palm of your hands, it’s also important to be aware of online threats like malware, which can put your digital life at risk. 

The good news is that McAfee has your back with our award-winning and full-scale mobile security app. McAfee Mobile Security provides full protection against various types of malware targeting the Apple ecosystem. With safe browsing features, a secure VPN, and antivirus software, McAfee Security for iOS delivers protection against emerging threats, so you can continue to use your iPhone with peace of mind. 

Download the McAfee Security app today and get all-in-one protection. 

The post A Guide to Remove Malware From Your iPhone appeared first on McAfee Blog.

What you paid for your home, who lives there with you, your age, your children, your driving record, education, occupation, estimated income, purchasing habits, and any political affiliations you may have—all pretty personal information, right? Well, there’s a good chance that anyone can find it online. All it takes is your name and address.  

Thankfully, there’s something you can do about it. 

But first, go ahead and give it a try. Type your name and address in a search bar and see what comes up. If you’re like most people, your search results turned up dozens of sites with your information on them. Some sites offer bits of it for free. Other sites offer far more detailed information, for a price.  

Who’s behind all this? Data brokers. All part of a global data economy estimated at $200 billion U.S. dollars a year fueled by thousands of data points on billions of people scraped from public records, social media, third-party sources, and sometimes other data broker sites as well.  

The result? A chillingly accurate picture of you.  

So accurate, that reporters and law enforcement will often use profiles from data broker sites to dig up a person’s background. And so could scammers and thieves.  

Data brokers—a primary resource for spammers, scammers, and thieves 

Ever wonder how you end up with all those spam calls and texts? Look no further than the data brokers. They help scammers compile the calling and texting lists they use. Yet spammy calls and texts are just part of the problem with these sites. They can give thieves the tools they need to steal your identity.  

How? Visualize your identity as a jigsaw puzzle. Every bit of personal information makes up a piece, and if you cobble enough pieces together, a scammer or thief could have enough information to steal your identity. And data brokers compile all those pieces in one place and offer up them up in droves. 

If you’re wondering if this activity is legal or at least regulated in some way, it largely isn’t. For example, the U.S. has no federal laws that require data brokers to remove personal information from their sites if requested to do so. On the state level, Nevada, Vermont, and California have legislation in place aimed at protecting consumers from having their data disclosed on these sites. Other legislation is being considered, yet as of this writing there’s very little on the books right now. 

With next to no oversight, data brokers continue to collect personal information, which may or may not be accurate. It may be out of date or flat out wrong. Likewise, as it is with any large data store, data brokers are subject to hacks and attacks, which may lead to breaches that release detailed personal information onto the dark web and into the hands of bad actors. 

Put plainly, data brokers collect, buy, and sell high volumes of personal information, often in ways that leave no trace that it’s happening to you—or that the information is correct in any way. 

Removing your name and information from data broker sites 

All this can feel like it’s out of your control. And maybe the search you did on yourself made you a little uneasy. (Understandable!) Yet you have plenty of ways you can curb this activity and even remove your information from some of the riskiest data broker sites as well.  

It starts by finding out which sites have information on you, followed by filing requests to have it removed. Yet with dozens and dozens of these sites proliferating online, this can be a time-consuming process. Not to mention a frustrating one. We created McAfee+ so people can not only be safe but feel safe online, particularly in a time when there’s so much concern about identity theft and invasion of our online privacy.  McAfee+ contains a comprehensive set of tools, such as Personal Data Cleanup which are designed to help protect your online privacy. 

Personal Data Cleanup scans some of the riskiest data broker sites and shows you which ones are selling your personal info. It also provides guidance on how you can remove your data from those sites and can even manage the removal for you depending on your plan. ​ 

And because getting your info removed once isn’t a guarantee that a data broker won’t collect and post it again, Personal Data Cleanup can continually monitor those sites. So should your info get posted again, you can request its removal again as well. 

Seven ways you can keep your personal information from data brokers 

The other way you can thwart data brokers involves cleaning up your tracks when you go online, essentially leaving a smaller amount of data in your wake that they can collect and resell. 

1. Use a VPN: A VPN is a Virtual Private Network, which protects your data and privacy online by creating an encrypted tunnel that makes your activity far more anonymous than without one. Classically, it’s a great way to shield your information from crooks and snoops while you’re banking, shopping, or handling any kind of sensitive information online. However, it has some terrific privacy benefits as well because it makes your time online more private by reducing the personal information that others can collect and track—including data brokers.
2. Make your social media profile private: Public social media profiles provide data brokers with an absolute goldmine of personal information. If you’ve filled out things like your employer, school, spouse, and so on, data brokers will grab it. They may also cull your interests, likes, and groups for even more profiling information. While we’ve always recommended setting your profile private for friends and family only, data brokers and all their snooping make setting it to private all that more important. 
3. Think twice about using loyalty cards: Whether it’s at your drug store, supermarket, or any number of other retailers, the “discount” you get with a loyalty card may come with a price—your personal information. Data brokers buy and sell purchasing histories to round out the personal profiles they create. If you’d rather keep data brokers from knowing what things you buy, make your purchases without your loyalty card. In all, it’s a tradeoff. Is the discount worth the potential hit to your privacy?
4. Refuse those cookies: Thanks in large part to the General Data Protection Regulation (GDPR) in the European Union, many websites now prompt their visitors with options for tracking cookies. If you’ve come across these prompts already you know that they’re hard to miss. Once you click on them, you have the option to select only the most necessary, functional cookies—and if you’d like to enable other cookies for convenience and perhaps marketing purposes. Here, the most private bet is to enable the absolute minimum, which can prevent further information from ending up in the hands of data brokers.
5. Turn off location services for your smartphone apps: Just like real estate brokers, data brokers are all about “location, location, location.” By not only knowing what you’re doing but where you’re doing it too gives them that much more insight into your travels and behaviors. Advertisers particularly love location data and will create highly targeted ad campaigns based on where you’re going and where you are. One source for this location data are your apps. Depending on the app and the user agreement in place, various apps may collect and share location information. Head to your phone’s settings and disable your location services app-by-app, keeping it enabled for only the most necessary of apps and for only while using the app.
6. Turn off your phone’s Wi-Fi and Bluetooth when you’re not using them: Some retailers use “passive tracking” technologies while you’re in or nearby their stores. It works by tapping into your Wi-Fi or Bluetooth connections as they search for networks and devices they can pair with. Retailers have sensors that they can connect to, which then collect data. With that data they can determine several things, like when their stores see the most traffic, what the most popular items and displays are, or if you simply walk by the storefront and don’t enter. And because each smartphone has its own unique identifier, a MAC number (Media Access Control), there’s the possibility they can associate you with your phone. This one has a simple fix. Turn off your Wi-Fi and Bluetooth when you’re not using them so you can’t be tracked.
7. Install and use online protection software: By protecting your devices, you protect what’s on them, like your personal information. Comprehensive online protection software can protect your identity in several ways, like create and manage the strong, unique passwords and provide further services that monitor and protect your identity—in addition to digital shredders that can permanently remove sensitive documents (simply deleting them won’t do that alone.) 

Get your personal info back in your hands where it belongs 

Searching for your name and address can turn up some surprises and introduce you to the world of data brokers, the dozens and dozens of companies that collect, buy, and sell your personal information. While data brokers sell this information to companies for advertising and marketing purposes, they will also sell that information to hackers, scammers, and thieves. Simply put, they don’t discriminate when selling your personal info. That puts more than just your privacy at risk, it can put your identity at risk as well. By selling your personal information, it can give bad actors the info they need to commit identity fraud and theft.  

While cleaning up personal information from these sites is often a difficult and time-consuming task, tools like our Personal Data Cleanup can now dig out the sites where your personal info is posted and can help you remove it. Moreover, you now have several tricks and tactics you can use to reduce the amount of personal data these sites can collect. In all, you now have far more control over what data brokers can collect, buy, and sell than you had before. And now is most certainly a time to take that control given all the time we spend online and the many ways we rely on it to help us work, play, and simply get things done. 

The post How much of your personal info is available online? A simple search could show you plenty. appeared first on McAfee Blog.

There’s little rest for your hard-working smartphone. If you’re like many professionals today, you use it for work, play, and a mix of personal business in between. Now, what if something went wrong with that phone, like loss or theft? Worse yet, what if your smartphone got hacked? Let’s try and keep that from happening to you. 

Globally, plenty of people pull double duty with their smartphones. In Spain, one survey found that 55% of people use the same phone for a mix of personal and and work activity. The same survey showed that up to half of people interviewed in Japan, Australia, and the U.S. do so as well, while nations like the UK and Germany trailed at 31% and 23% respectively. 

Whether these figures trend on the low or high end, the security implications remain constant. A smartphone loaded with business and personal data makes for a desirable target. Hackers target smartphones because they’re often unprotected, which gives hackers an easy “in” to your personal information and to any corporate networks you may use.  It’s like two hacks with one stone.  

Put simply, as a working professional with a smartphone, you’re a high-value target.  

Protect your smartphone from being hacked 

As both a parent and a professional, I put together a few things you can do to protect your smartphone from hacks so that you can keep your personal and work life safe: 

1. Add extra protection with your face, finger, pattern, or PIN. 

First up, the basics. Locking your phone with facial ID, a fingerprint, pattern or a pin is your most basic form of protection, particularly in the event of loss or theft. (Your options will vary depending on the device, operating system, and manufacturer.) Take it a step further for even more protection. Secure the accounts on your phone with strong passwords and use two-factor authentication on the apps that offer it, which doubles your line of defense.    

2. Use a VPN. 

Or, put another way, don’t hop onto public Wi-Fi networks without protection. A VPN masks your connection from hackers allowing you to connect privately when you are on unsecure public networks at airports, cafes, hotels, and the like. With a VPN connection, you’ll know that your sensitive data, documents, and activities you do are protected from snooping, which is definitely a great feeling given the amount of personal and professional business we manage with our smartphones. 

3. Stick to the official app stores for your apps.

Both Google Play and Apple’s App Store have measures in place to help prevent potentially dangerous apps from making it into their stores. Malicious apps are often found outside of the app stores, which can run in the background and compromise your personal data like passwords, credit card numbers, and more—practically everything that you keep on your phone. Further, when you are in the app stores, look closely at the descriptions and reviews for apps before you download them. Malicious apps and counterfeits can still find their way into stores, and here are a few ways you can keep those bad apps from getting onto your phone.    

4. Back up the data on your phone. 

Backing up your phone is always a good idea for two reasons: 

• First, it makes the process of transitioning to a new phone easy by transferring that backed up data from your old phone to your new phone. 
• Second, it ensures that your data stays with you if your phone is lost or stolen—allowing you to remotely wipe the data on your lost or stolen phone while still having a secure copy of that data stored in the cloud.  

Both iPhones and Android phones have straightforward ways of backing up your phone regularly. 

5. Learn how to lock or wipe your phone remotely in case of emergency. 

Worst case scenario—your phone is gone. Really gone. Either it’s hopelessly lost or got stolen. What now? Lock it remotely or even wipe its data entirely. While that last bit about wiping the phone seems like a drastic move, if you maintain regular backups as mentioned above, your data is secure in the cloud—ready for you to restore. In all, this means that hackers won’t be able to access you, or your company’s, sensitive information—which can keep you out of trouble and your professional business safe. Apple provides iOS users with a step-by-step guide for remotely wiping devices, and Google offers up a guide for Android users as well. 

6. Get rid of old apps—and update the ones you keep. 

We all download apps, use them once, and then forget they are on our phone. Take a few moments to swipe through your screen and see which ones you’re truly done with and delete them along with their data. Some apps have an account associated with them that may store data off your phone as well. Take the extra step and delete those accounts so any off-phone data is deleted.  

The reason for this is that every extra app is another app that needs updating or that may have a security issue associated with it. In a time of data breaches and vulnerabilities, deleting old apps is a smart move. As for the ones you keep, update them regularly and turn on auto-updates if that’s an option. Updates not only introduce new features to apps, but they also often address security issues too. 

7. Protect your phone. 

With so much of your life on your phone, getting security software installed on it can protect you and the things you keep on your phone. Whether you’re an Android owner or iOS owner, mobile security software can keep your data, your shopping, and payments secure. 

The post 7 Tips to Protect Your Smartphone from Getting Hacked appeared first on McAfee Blog.

On Black Friday and Cyber Monday, the deals roll out. So do some of the worst Black Friday and Cyber Monday scams. 

Hackers, scammers, and thieves look to cash in this time of year by blending in with the holiday rush, spinning up their own fake shipping notices, phony deals, and even bogus charities that look legitimate at first glance, yet are anything but. Instead, they may be loaded with malware, point you to phishing sites that steal your personal info, or they may simply rip you off.   

Classically, many online scams play on emotions by creating a sense of urgency or even fear. And for the holidays, you can throw stress into that mix as well—the stress of time, money, or even the pressure of finding that hard-to-get gift that seems to be out of stock everywhere. The bad actors out there will tailor their attacks around these feelings, hoping that they’ll catch you with your guard down during this busy time of year. 

”The Five Least Wanted” – Top online shopping scams to avoid 

So while knowing how to spot a great gift at a great price is solid skill to have this time of year, so is the ability to spot a scam. Let’s look at some of the worst ones out there, along with what you can do to steer clear of them. 

1) The fake order scam  

Come this time of year, keeping tabs on all the packages you have in transit can get tricky. You may have an armload of them enroute at any given time, and scammers will look to slip into this mix with phony order confirmations sent to your mailbox or your phone by text. Packed with either an email attachment or a link to a bogus website, they’ll try to get you to download malware or visit a site that attempts to steal your identity.  

These messages can look quite legit, so the best way to keep track of your orders is on the sites where you purchased them. Go directly to those sites rather than clicking on any links or attachments you get. 

2) The phony tracking number scam 

This scam plays out much like the fake order scam, yet in this case the crooks will send a phony package tracking notification, again either as a link or as an attachment. For starters, legitimate retailers won’t send tracking numbers in an attached file. If you see anything like that, it’s surely a scam designed to inject malware onto your device. In the case of a link, the scammers aim to send you to a site that will steal your personal info, just like in the case above.  

Once again, the best way to track your packages is to go to the source. Visit the online store where you made your purchase, open your current orders, and get your package tracking information from there. 

3) The bogus website scam  

A classic scammer move is to “typosquat” phony email addresses and URLs that look awfully close to legitimate addresses of legitimate companies and retailers. So close that you may overlook them. They often appear in phishing emails and instead of leading you to a great deal, these can in fact link you to scam sites that can then lift your login credentials, payment info, or even funds should you try to place an order through them.  

You can avoid these sites by going to the retailer’s site directly. Be skeptical of any links you receive by email, text, or direct message—it’s best to go to the site yourself by manually typing in the legitimate address yourself and look for the deal there.  

4) The hot deal scam  

At the heart of holiday shopping is scarcity. And scarcity is something scammers love. There’s always some super-popular holiday item that’s tough to find, and scammers will spin up phony websites and offers around those items to lure you in. They may use the typosquatting technique mentioned above to pose as a legitimate retailer, or they may set up a site with their own branding to look legitimate on their own (or at least try). Either way, these scams can hurt you in a couple of ways—one, you’ll pay for the goods and never receive them; and two, the scammers will now have your payment info and address, which they can use to commit further fraud. 

If the pricing, availability, or delivery time all look too good to be true for the item in question, it may be a scam designed to harvest your personal info and accounts. Use caution here before you click. If you’re unsure about a product or retailer, read reviews from trusted websites to help see if it’s legitimate. (The Better Business Bureau is a great place to start—more on that in moment.) 

5) The fake charity scam 

In the season of giving, donating to charities in your name or in the name of others makes for a popular holiday gesture. Scammers know this too and will set up phony charities to cash in. Some indications that a phony charity has reached you include an urgent pitch that asks you to “act now.” A proper charity will certainly make their case for a donation, yet they won’t pressure you into it. Moreover, phony charities will outright ask for payment in the form of gift cards, wire transfers (like Western Union), money orders, or even cryptocurrency—because once those funds are sent, they’re nearly impossible to reclaim when you find out you’ve been scammed. 

There are plenty of ways to make donations to legitimate charities, and the U.S. Federal Trade Commission (FTC) has a site full of resources so that you can make your donation truly count.  

So, how can I avoid getting scammed on Black Friday and Cyber Monday? 

Some of it takes an eagle eye that can spot these scams as they pop up in your inbox, texts, social media feed, and so on. Yet you have further ways you can keep safe while shopping on Black Friday, Cyber Monday, and any time. 

Stick with known, legitimate retailers online 

This is a great one to start with. Directly typing in the correct address for online stores and retailers is a prime way to avoid scammers online. In the case of retailers that you don’t know much about, the U.S. Better Business Bureau (BBB) asks shoppers to do their research and make sure that retailer has a good reputation. The BBB makes that easier with a listing of retailers you can search simply by typing in their name. 

Look for the lock icon in your browser when you shop 

Secure websites begin their address with “https,” not just “http.” That extra “s” in stands for “secure,” which means that it uses a secure protocol for transmitting sensitive info like passwords, credit card numbers, and the like over the internet. It often appears as a little padlock icon in the address bar of your browser, so double-check for that. If you don’t see that it’s secure, it’s best to avoid making purchases on that website.  

Pay with a credit card instead of your debit card  

In the U.S., the Fair Credit Billing Act offers the public protection against fraudulent charges on credit cards, where citizens can dispute charges over $50 for goods and services that were never delivered or otherwise billed incorrectly. Note that many credit card companies have their own policies that improve upon the Fair Credit Billing Act as well. However, debit cards aren’t afforded the same protection under the Act. Avoid using a debit card while shopping online and use your credit card instead.  

Use two-factor authentication on your accounts  

Two-factor authentication is an extra layer of defense on top of your username and password. It adds in the use of a special one-time-use code to access your account, usually sent to you via email or to your phone by text or a phone call. In all, it combines something you know, like your password, with something you have, like your smartphone. Together, that makes it tougher for a crook to hack your account. If any of your accounts support two-factor authentication, the few extra seconds it takes to set up is more than worth the big boost in protection you’ll get.  

Use a VPN if you’re shopping on public Wi-Fi  

Public Wi-Fi in coffee shops and other public locations can expose your private surfing to prying eyes because those networks are open to all. Using a virtual private network (VPN) encrypts your browsing, shopping, and other internet traffic, thus making it secure from attempts at intercepting your data on public Wi-Fi, such as your passwords and credit card numbers.  

What’s more, a VPN masks your whereabouts and your IP address, plus uses encryption that helps keep your activities private. As a result, companies and data brokers can potentially learn far less about you, your shopping, your travels, your habits, and any other information that they could possibly collect and otherwise profit from. 

Clean up your personal data online 

Yes, it’s true. Your information gets collected, bought, and solid online. In fact, personal information fuels a global data trading economy estimated at $200 billion U.S. dollars a year. Run by data brokers that keep hundreds and even thousands of data points on billions of people, these sites gather, analyze, buy, and sell this information to other companies as well as to advertisers. Likewise, these data brokers may sell this information to bad actors, such as hackers, spammers, and identity thieves who would twist this information for their own purposes. 

Getting your info removed from these sites can seem like a daunting task. (Where do I start, and just how many of these sites are out there?) Our Personal Data Cleanup can help by regularly scanning these high-risk data broker sites for info like your home address, date of birth, and names of relatives. It identifies which sites are selling your data, and depending on your plan, automatically requests removal. 

Protect your identity from identity thieves 

Another place where personal information is bought and sold, stored, and exchanged is the dark web. The problem is that it’s particularly difficult for you to determine what, if any, of your info is on the dark web, stashed away in places where hackers and thieves can get their hands on it. Identity monitoring can help. McAfee’s identity monitoring helps you keep your personal info safe by alerting you if your data is found on the dark web, an average of 10 months before our competitors. 

Monitored info can range anywhere from bank account and credit card numbers to your email addresses and government ID number, depending on your location. If your information gets spotted, you’ll get an alert, along with steps you can take to minimize or even prevent damage if the information hasn’t already been put to illegal use. 

Take advantage of identity protection 

Identity protection through McAfee takes identity monitoring a step further by offering, depending on your location and plan, identity theft coverage for financial losses and expenses due to identity theft, in addition to hands-on help from a recovery professional to help restore your identity—all in addition to the identity monitoring called out above, again depending on your location and plan. 

Monitor your credit 

Keeping an eye on your bills and statements as they come in can help you spot unusual activity on your accounts. A credit monitoring service can do that one better by keeping daily tabs on your credit report. While you can do this manually, there are limitations. First, it involves logging into each bureau and doing some digging of your own. Second, there are limitations as to how many free credit reports you can pull each year. A service does that for you and without impacting your credit score. 

Depending on your location and plan, McAfee’s credit monitoring allows you to look after your credit score and the accounts within it to see fluctuations and help you identify unusual activity, all in one place, checking daily for signs of identity theft. 

Use protection while you shop  

A complete suite of online protection software like McAfee+ can offer layers of extra security while you shop. In addition to the VPN, identity, credit monitoring, and other features mentioned above, it includes web browser protection that can block malicious and suspicious links that could lead you down the road to malware or a phishing scam—along with a password manager that can create strong, unique passwords and store them securely as well. Taken together, McAfee+ offers all-in-one online protection for your identity, privacy, and security that can keep you far safer when you shop online—and as you spend your time online in general. 

What should I do if I fall victim to a Black Friday or Cyber Monday scam? 

Even if you take the proper precautions the unexpected can happen. Whether it’s a scam, an identity crime, or flat-out theft, there are steps you can take right away to help minimize the damage. 

The first bit of advice is to take a deep breath and get right to work on recovery. From there, you can take the following steps: 

1. Notify the companies involved 

Whether you spot a curious charge on your bank statement, discover potentially a fraudulent account when you check credit report, or when you get an alert from your monitoring service, let the bank or organization involved know you suspect fraud or theft. With a visit to their website, you can track down the appropriate number to call and get the investigation process started. 

2. File a police report 

Some businesses will require you to file a local police report and acquire a case number to complete your claim. Beyond that, filing a report is a good idea in itself. Identity theft is still theft and reporting it provides an official record of the incident. Should your case of identity theft lead to someone impersonating you or committing a crime in your name, filing a police report right away can help clear your name down the road. Be sure to save any evidence you have, like statements or documents that are associated with the theft. They can help clean up your record as well. 

3. Contact your governmental anti-fraud or trade organization 

In the U.S., the identity theft website from the Federal Trade Commission (FTC) is a fantastic resource should you find yourself in need. In addition to keeping records of the theft, the FTC can provide you with a step-by-step recovery plan—and even walk you through the process if you create an account with them. Additionally, reporting theft to the FTC can prove helpful if debtors come knocking to collect on any bogus charges in your name. With a copy of your report, you can ask debtors to stop. 

4. Put on a credit freeze or lock 

An instance of identity fraud or theft, suspected or otherwise, is a good time to review your options for a credit freeze or lock. As mentioned earlier, see what the credit bureaus in your region offer, along with the terms and conditions of each. With the right decision, a freeze or lock can help minimize and prevent further harm. 

5. Continue to monitor 

Strongly consider using a monitoring service like the one we described earlier to help you continue to keep tabs on your identity. The unfortunate fact of identity theft and fraud is that it can mark the start of a long, drawn-out affair. One instance of theft can possibly lead to another, so even what may appear to be an isolated bad charge on your credit card calls for keeping an eye on your identity all around. Many of the tools you would use up to this point still apply, such as checking up on your credit reports, maintaining fraud alerts as needed, and reviewing your accounts closely—along with utilizing an identity monitoring service. 

6. Work with a recovery pro 

A recovery service can help you clean up your credit in the wake of fraud or theft, all by working on your behalf. Given the time, money, and stress that can come along with setting your financial record straight, leaning on the expertise of a professional can provide you with much-needed relief on several counts. 

Take an extra moment to spot those Black Friday and Cyber Monday scams  

Just as it’s always been, hackers, scammers, and thieves want to ruin a good thing. In this case, it’s your spirit of giving and sharing in the holiday season. Yet with this list of top scams and ways you can avoid them, you can keep bad actors like them at bay. Remember, they’re counting on you to be in a hurry this time of year, and maybe a bit stressed and a little disorganized to boot. Take your time while shopping out there and keep an eye out for their tricks. That extra moment can save you far more time and money than you may think. 

The post The Worst Black Friday and Cyber Monday Scams – And How to Avoid Them appeared first on McAfee Blog.

Personal devices and the information they carry are incredibly valuable to their owners. It is only natural to want to protect your device like a royal family fortifying a medieval castle. Unlike medieval castles that depended upon layers and layers of protection (moats, drawbridges, spiky gates, etc.), personal devices thrive on just one defense: a devoted guard called antivirus software.  

Increasing your personal device’s security detail with more than one guard, or antivirus software is actually less effective than using a single, comprehensive option. Microsoft operating systems recognize the detriment of running two antivirus software programs simultaneously for real-time protection. Microsoft Windows automatically unregisters additional programs so they do not compete against each other. In theory, if you have a Microsoft device, you could run on-demand or scheduled scans from two different antivirus products without the operating system disabling one of them. But why invest in multiple software where one will do?  

If you do not have a Microsoft device, here is what could happen to your device if you run more than one antivirus program at a time, and why you should consider investing in only one top-notch product.  

Fight over potential viruses  

Antivirus programs want to impress you. Each wants to be the one to catch a virus and present you with the culprit, like a cat with a mouse. When antivirus software captures a virus, it locks it in a secure place to neutralize it. If you have two programs running simultaneously, they could engage in a tussle over who gets to scan, report, and remove the virus. This added activity could cause your computer to crash or use up your device’s memory.  

Report each other as suspicious  

Antivirus software quietly monitors and collects information about how your system runs, which is similar to how viruses operate. One software could mark the other as suspicious because real-time protection software is lurking in the background. So, while one antivirus program is busy blowing the whistle on the other, malicious code could quietly slip by.  

Additionally, users could be buried under a barrage of red flag notifications about each software reporting the other as suspicious. Some users become so distracted by the onslaught of notifications that they deactivate both programs or ignore notifications altogether, leaving the device vulnerable to real threats.  

Drain your battery and slow down your device  

Running one antivirus software does not drain your battery, and it can actually make your device faster. However, two antivirus programs will not double your operating speed. In fact, it will make it run much slower and drain your battery in the process. With two programs running real-time protection constantly in the background, device performance is extremely compromised.  

Antivirus software best practices 

There is no reason to invest in two antivirus programs when one solid software will more than do the trick to protect your device. Here are some best practices to get the most out of your antivirus software:  

1. Back up files regularly  

One habit you should adopt is backing up your files regularly. You never know when malware could hit and corrupt your data. Add it to your weekly routine to sync with the cloud and back up your most important files to an external hard drive.   

2. Keep your software up to date  

Whenever your software prompts you to install an update, do it! New cyber threats are evolving every day, and the best way to protect against them is to allow your software to stay as up-to-date as possible.  

3. Read the results reports    

Always read your antivirus results reports. These reports let you know the suspicious suspects your software was busy rounding up. It will give you a good idea of the threats your devices face and perhaps the schemes that you unknowingly fell into, such as clicking on a link in a phishing email. This information can also help you improve your online safety habits.  

Go with the single strongest antivirus, and more  

Everyone needs strong antivirus. Yet antivirus alone isn’t enough to beat back today’s threats. Hackers, scammers, and thieves rely on far more tricks than viruses and malware to wage their attacks, and data breaches slip billions of personal and financial records into the hands of bad actors. You’ll want to pair antivirus with further protection that covers your privacy and identity as well. 

For example the antivirus included with McAfee+ Ultimate can secure an unlimited number of household devices. Yet it offers far more than antivirus alone with our most comprehensive protection for your privacy, identity, and devices. The full list of features is long, yet you’ll get credit monitoring, dark web monitoring, removal of personal information from risky data broker sites, along with identity theft protection and restoration from a licensed expert if the unexpected happens. In all, it offers a single solution for antivirus, and far more that can protect you from the broad range of threats out there today. 

The post Less Is More: Why One Antivirus Software Is All You Need appeared first on McAfee Blog.

When you open your laptop or your mobile device, what is the first thing you do? Do you head to your favorite social media site to skim the latest news, or do you place your weekly grocery delivery order? No matter what your daily online habits are, even the slightest degree of caution can go a long way in staying secure online.  

That’s because hackers are experts at hiding malware in your everyday online routines, or even infiltrating your cookies to steal login information and learn about your personal preferences.  

According to a StatsCan Canadian internet use survey, six out of ten internet users reported experiencing a cybersecurity incident. There are many hoops to jump through when navigating the digital landscape. By taking the necessary steps to remedy vulnerabilities in your digital activity, you can dramatically improve your online protection.  

Three online threats to watch out for  

Cybercriminals take advantage of online users through routine avenues you would not expect. Here are three common ways that cybercriminals eavesdrop on online users.  

1.  Adware  

Adware, or advertising-supported software, generates ads in the user interface of a person’s device. Adware is most often used to generate revenue for the developer by targeting unsuspecting online users with personalized ads paid by third parties. These third parties usually pay per view, click, or application installation.   

Though not always malicious, adware crosses into dangerous territory when it is downloaded without a user’s consent and has nefarious intent. In this case, the adware becomes known as a potentially unwanted application (PUA) that can remain undetected on users’ devices for long periods of time. According to a report by the Cybersecure Policy Exchange, an unintentionally installed or downloaded computer virus or piece of malware is one of the top five cybercrimes that Canadians experience. The PUA can then create issues like frequent crashes and slow performance.   

Users unknowingly download adware onto their device when they download a free ad-supported program or visit a non-secure site that does not use the Hypertext Transfer Protocol Secure (HTTPS) to encrypt online communication.   

2.  Malvertising  

Hackers also use invasive tactics known as ad injections, where they inject ads with malicious code for increased monetary gain. This is a practice known as “malvertising.” If a user clicks on a seemingly legitimate and well-placed ad, they risk exposing themselves to numerous online threats. These ads can be infected with malware such as viruses or spyware. For example, hackers can exploit browser vulnerabilities to download malware, steal information about the device system, and gain control over its operations. Hackers can also use malvertising to run fraudulent tech support scams, steal cookie data, or sell information to third-party ad networks.  

3.  Autofill  

Another vulnerability that many may not realize is their browser’s built-in autofill functions. As tempting as it is to use your browser’s autofill function to populate a long form, this shortcut may not be safe. Cybercriminals have found ways to capture credentials by inserting fake login boxes onto a web page that users cannot see. So, when you accept the option to autofill your username and password, you are also populating these fake boxes.   

Tips for rethinking your online habits  

Take a proactive approach to your digital protection the next time you are browsing the internet by reassessing your online habits. Check out these five tips to ensure you are staying as safe as possible online.  

1.  Clear your cookies on your browser  

Cookie data can contain anything from login information to credit card numbers. Cybercriminals looking to exploit this information can hijack browser sessions to pose as legitimate users and steal cookies as they travel across networks and servers. As a result, it is essential for online users to regularly clear out their cookies to better protect their information from falling into the wrong hands. Navigate to your browser’s history, where you can wipe the data associated with each browser session, including your cookies.   

2.  Use a reliable password manager  

Clearing your browser’s cookie data will also remove your saved logins, which is why leveraging a password manager can make it easier to access regularly visited online accounts.   

Many browsers come with a built-in password generator and manager; however, it is better to entrust your logins and password to a reputable password manager. Browser password managers are not as secure as password managers, because anyone who has access to your device will also access your online information. A password manager,  provides a more secure solution since it requires you to log in with a separate master password. A password manager also works across various browsers and can generate stronger passwords than those created by your browser.   

3.  Adjust browser privacy settings  

In addition to clearing cookie data, users should adjust their browser settings to ensure their online sessions remain private.   

Another option is to access the internet in Private Browsing Mode to automatically block third-party tracking, making it a quick and easy option to ensure private browsing. Users can also enable the “do not track” function of their browser to prevent third-party tracking by advertisers and websites. Additionally, you can adjust your browser settings to block pop-up ads and control site permissions, such as access to cameras and locations.   

4.  Use an ad blocker  

Ad blockers suppress unwanted and potentially malicious ads to ensure a safer browsing experience. Ad blockers can also make it easier to view page layout by removing distracting ads and optimizing page load speed. Additionally, they prevent websites from tracking your information that third parties can sell.  

5.  Leverage a reputable security solution   

Deploying a security solution like McAfee+ Ultimate ensures the safest internet browsing experience through a holistic approach for threat detection, protection, and remediation. Equipped with a password manager, antivirus software, and firewall protection, users can effectively sidestep online threats while browsing the internet. Moreover, it includes comprehensive privacy and identity protection, such as our Personal Data Cleanup, dark web monitoring, credit monitoring, along with ways you can quickly Lock or freeze your credit file to help prevent accounts from being opened in your name. 

Take action to ensure safe browsing  

Your online behavior can say a lot about you so make sure you safeguard your internet protection. Whether it is through malvertising or invisible forms, hackers can glean information to paint a picture of who you are to target you through deceptive tactics. Cybercriminals are always looking for vulnerabilities which is why assessing your online habits sooner rather than later is a critical first step to smarter online browsing.  

The post 5 Ways to Protect Your Online Privacy appeared first on McAfee Blog.

Vernon has been our Manager of Technical Accounting for more than two years, but that doesn’t mean he’s busy with spreadsheets and numbers all day.

My McAfee career journey story

It’s been an amazing ride so far. My team touches on several areas of responsibility, including financial period closing, financial reporting, and accounting for complex transactions.

​​​​​​​The most rewarding part of my role is definitely the variety and complexity – they really go hand-in-hand and I enjoy asking questions and figuring out the solutions, even when there is not always a textbook answer. I enjoy the challenge of working collectively with a team to find solutions by applying research and experience to a set of facts.

It’s also rewarding to be able to collaborate with auditors and other stakeholders who would be interested in the results.

Talent and collaboration – a rare combo

​​​​​​​My favorite thing about working at McAfee is the team. We have an amazing team. It’s full of really smart people. I’ve seen some companies try and find the best talent they can, but McAfee has just taken that to a whole different level. Everyone in their respective areas is really tuned in to the broader effort and we work well together. At McAfee, we enjoy both a high level of talent and collaborative effort. You don’t often find both in the same place. ​​​​​​​

My leadership philosophy

I really believe that each person brings certain strengths to the table, and they should be able to exercise those strengths to develop and expand their capabilities. Once those natural roles are established, it’s best to trust them to determine how best to perform in their roles and collaborate with the team in achieving results that add value to the broader group.

My advice for anyone looking to drive their career forward is

​​​​​​​First, expect the unexpected – consider each new experience an opportunity for personal growth.

Secondly, get involved in projects. If you have the opportunity to do something different or work with a cross-functional team, do it. It builds your own skill base, which opens the door for greater future opportunities and you get to meet people outside of your own department and develop relationships that may prove valuable over time.

The post For some, accounting is more than just spreadsheets! Vernon’s McAfee Journey appeared first on McAfee Blog.

When you’re online, the world is at your fingertips. You can do amazing things like stream the latest movies while they’re still in theaters! Or you can enjoy the convenience of online shopping and avoiding the DMV by renewing your driver’s license remotely.  This is possible because we’re able to communicate with these organizations through many different channels and we trust them. Unfortunately, many bad actors have taken advantage of this trust and the ease of communication to up their game when it comes to social engineering.  

What is social engineering? One of the more famous examples of social engineering was the Nigerian Prince email scam. In this example, hackers relied on a novel, too-good-to-be-true story of a prince looking to transfer some of his fortune if only he could use your bank account number. The Nigerian Prince is a running joke these days, the internet version of “if you believe that, then I have a bridge to sell you,” but its original success made scammers realize they were onto something big.  

Modern social engineering campaigns closely resemble communications from legitimate organizations. They’re carefully designed, may be grammatically correct, and appear in completely plausible scenarios. However, they’re all after the same thing – information to gain access to an organization or individual’s accounts.  

Phishing is common form of social engineering 

Phishing is a type of social engineering that uses email or websites to convince people to give up their personal information, under the guise of a plausible reason. Instead of a Nigerian prince asking for a bank account number, an email posing as your bank may ask for you to confirm your account information. Often these emails are tied to circumstances that demand your attention and reflect a sense of urgency. Needless to say, many recent phishing scams have played into COVID-19 pandemic fears and economic concerns. Here are a few other scams related to phishing to watch out for: 

• Vishing refers to phone calls trying to get information from people. Think cruise ship vacations and car warranties and you’re on the right track. Chances are you’ve gotten a robocall that qualifies as vishing 
• Smshing is the text version of a phishing campaign. These messages are especially malicious as they may have links that take you to fake web pages or dial a phone number.  

Here’s how to identify a phishing campaign in a few easy steps 

First, does the message you’ve received contain any of the following: 

• Notification of suspicious activity or log-in attempts 
• A claim that’s there’s a problem with your account or your payment information 
• Request to confirm personal information 
• A fake invoice 
• A link to make a payment 
• Says you’re eligible to register for a government refund 
• A coupon for free stuff 

If so, check for these tell-tale signs used by phishing scams 

• A sender address that’s just slightly off – Cybercriminals addresses that closely resemble ones from a reputable company with just a few alterations of letters or other characters.  
• Lack of personalization – Generic greetings that don’t reference your name or email address may be an indicator of a phishing email. 
• Hyperlinks and site addresses that don’t match the sender – Hover your mouse over the hyperlink or call-to-action button in the email. Is the address shortened or is it different from what you’d expect from the sender? It may be a spoofed address from the  
• Spelling and layout – Strange grammar and less-than-polished email layouts can be obvious signs that this is a scam email impersonating a large company.  
• Attachments – Be wary of any attachment in an email. Attachments are great way to deliver viruses and malware to your device. 

If the email you’re suspicious of has several of the above warning signs, chances are you’ve spotted a phishing email. Still not sure what we’re talking about? Check in your email’s spam and you’ll probably see some obvious examples of phishing right away. Spam doesn’t catch everything though, and the best phishing scams can be very difficult to separate from the legitimate emails. With that in mind, we’ve pulled together some safety precautions that will help keep you safer, from phishing emails. 

Preventing and avoiding phishing scams 

• Confirm the source. Unsolicited phone calls, visits, or emails are best avoided altogether or confirmed with a second source. Verify the sender or caller’s identity with the organization they claim to represent. Use contact information from a previous communication you know to be legitimate. 
• Keep personal information private over email. Don’t reveal personal or financial info over an email or do so by following links provided in an email. 
• Install and maintain online protection, like McAfee’s Total Protection. This kind of protection includes firewalls and even web browsing advisors to help you reduce spam and verify sites.  
• Take advantage of email client and web browser antispam and link verification features. 
• Use multi-factor authentication and a password manager to ensure even if your login information is stolen, scammers can’t access your accounts. 

The post Staying safer online from phishing and other attacks appeared first on McAfee Blog.

A new ransomware threat is currently sweeping its way across home computers. And what’s making it extra tricky is that it’s disguised as an operating system update. 

Be on the lookout for this new ransomware scheme and protect yourself from ransomware with a few of these tips. 

What Is Magniber Ransomware? 

Magniber is a new type of ransomware that is disguised at almost every touchpoint until it seemingly pops out of nowhere demanding money. The attack begins when someone visits a fake Windows 10 update website owned by the Magniber cybercriminal group. Once someone clicks on a malicious link on that site, file-encrypting malware downloads onto the device. 

Another stealth maneuver of Magniber is that the encryption malware downloads as a JavaScript file straight to the memory of the device, which can often slide under an antivirus’ radar. This malware allows the criminal to view, delete, and encrypt files and gain administrator access of the device. Usually, before the person even knows their device is in danger, Magniber reveals itself and demands a ransom payment in exchange for releasing the documents and giving back control of the computer. If the device owner refuses to pay, the criminal threatens to delete the files forever.1 

Personal Ransomware May Be on the Rise 

For the last several years, large companies fell left and right to breaches. Hacker groups infiltrated complex cybersecurity defenses, got ahold of sensitive company or customer information, and threatened to release their findings on the dark web if not paid a hefty ransom. The reasons cybercriminals targeted corporate databases versus personal devices wasn’t just because they could demand multiple millions, but because companies were better equipped to make ransom transactions anonymously. Often, cryptocurrency transactions are untraceable, which allows criminals to remain at large. 

Now that more everyday people are proficient in cryptocurrency, ransomware may shift to targeting personal devices. Though the ransom payments won’t be as lucrative, there also won’t be corporate cybersecurity experts hot on the cybercriminal’s tail. 

How to Keep Your Device Safe 

To avoid ransomware schemes similar to Magniber, adopt these three habits to better protect your device and digital privacy: 

• Turn on automatic updates. It’s best practice to accept all new software and device updates, which makes Magniber an especially difficult threat to detect. Consider configuring your device to auto-update. If you enable automatic updates, you can then treat any other popups or update websites with skepticism. To validate if an update prompt is genuine, go to your operating system or device’s corporate page and search for any announcements about new updates.  
• Regularly back up your important files. If you store sensitive documents (like your tax returns) or sentimental files (like your wedding photos) on your computer, consider also backing them up on an external hard drive. Not only will that free up memory on your device, but it’ll also protect them in case a cybercriminal takes control of your computer. When your device is scrubbed of these important files in the first place, you can factory reset your device without losing anything. That way, the cybercriminal gets nothing: neither your personal information nor your money. 
• Avoid risky sites. Magniber downloaded onto devices after a person visited a site controlled by the cybercriminal. If you’re ever suspicious about any site, it’s best to leave and not click on any links while you’re there. Even sites that attempt to mimic legitimate ones leave a few clues that they’re fake. Check for typos, blurry logos, incorrect grammar, and hyperlinks that direct to long, unfamiliar URLs. 

Ransomware Protection 

If a cybercriminal gets in touch with you and demands a ransom, immediately contact your local FBI field office and file a report with the FBI’s Internet Criminal Complaint Center. From there, the authorities will advise you on how to proceed.  

Something you can start with now to defend against ransomware is to invest in McAfee+ Ultimate. It provides the most thorough device, privacy, and identity protection, including $25,000 in ransomware coverage. 

1ZDNET, “This unusual ransomware attack targets home PCs, so beware” 

The post Ransomware Masquerading as Microsoft Update Targets Home Computers appeared first on McAfee Blog.

It’s Diwali, a time of light, a time of togetherness, and, of course, a time of celebration. Along with Diwali comes the traditional acts of dana and seva, as well as gift-giving to the friends and family members they honor and love. However, it’s also a time when thieves get busy—where they hop online and take advantage of all that goodwill with all manner of scams. 

It’s unfortunate yet true. Thieves flock to where the money is, and plenty of money gets exchanged online during Diwali. As you shop online for that thoughtful gift or to donate online to a cause you care about, keep an eye out for the scams that these thieves set. Because they’re out there.  

Yet you have several ways you can spot their scams, along with several ways you can protect yourself further from them. The thing is, online thieves tend to use the same old tricks, which means a sharp eye and a little prevention on your part can keep you far safer during Diwali.  

For starters, let’s look at some of the most common scams out there. 

Top online shopping scams to avoid during Diwali 

1) The bogus website scam  

A classic scammer move is to “typosquat” phony email addresses and URLs that look awfully close to legitimate addresses of legitimate companies and retailers. So close that you may overlook them. They often appear in phishing emails and instead of leading you to a great deal, these can in fact link you to scam sites that can then lift your login credentials, payment info, or even funds should you try to place an order through them.  

You can avoid these sites by going to the retailer’s site directly. Be skeptical of any links you receive by email, text, or direct message—it’s best to go to the site yourself by manually typing in the legitimate address yourself and looking for the deal there.  

2) The hot deal scam  

In some cases, thieves will set up shopping websites that offer a popular or hard-to-find item at a great price. Yet if the pricing, availability, or delivery time all look too good to be true for the item in question, it may be a scam designed to harvest your personal info and accounts—because, surprise, they don’t have the item at all. The site will take your payment, yet you’ll never receive the item. What’s more, the scammers will have your payment info and address, which they can use to cause further harm. 

Use caution here before you click. If you’re unsure about a product or retailer, read reviews from trusted websites to help see if it’s legitimate. You can also use a service like Who.Is and see how recently the site was created. If the site was only put up very recently, it could be a sign of a scam. 

3) The fake charity scam 

In the spirit of dana, donating to charities makes for a popular Diwali gesture. Scammers know this too and will set up phony charities to cash in. Some indications that a phony charity has reached you include an urgent pitch that asks you to “act now.” A proper charity will certainly make their case for a donation, yet they won’t pressure you into it. Moreover, phony charities will outright ask for payment in the form of gift cards, wire transfers, money orders, or even cryptocurrency—because once those funds are sent, they’re nearly impossible to reclaim when you find out you’ve been scammed. 

There are plenty of ways to make donations to legitimate charities, and the NGO Darpan site offers resources that can help you make an informed choice.  

4) Prize and gift scams 

Whether they come to you by email, direct message, or text message, scammers will blast out phoney prize and gift notifications during Diwali. And of course, there’s a catch. To claim your “prize” or “gift,” the scammers require you to fill out a questionnaire. Once again, there’s no gift or prize in play here. Just a thief on the other end attempting to steal your personal information to commit other fraud down the road.  

Look out for these scams, as many have URLs that end in .cn (the Chinese domain). Both .xyz, and .top are popular URL domains for these scams. Several can look quite legitimate, yet if you haven’t entered in a legitimate contest, drawing, or lottery yourself, there’s a very good chance this is a scam. 

Avoid getting scammed during Diwali 

Aside from knowing how to spot scams, you can take several other preventative measures that can keep you safe as you shop, donate, or simply spend time online. 

Stick with known, legitimate retailers and charities online 

This is a great one to start with. Directly typing in the correct address for online stores and retailers is a prime way to avoid scammers online. As mentioned in the bogus website scam and the prize scams above, thieves will often create web addresses that look nearly identical to legitimate addresses of well-known companies hoping that you won’t look closely at them, then click or tap that bad link.  

If you get an offer sent to you via email, text, or any other message, don’t click the link. Visit the site directly and look for the offer there. 

Look for the lock icon in your browser when you shop 

Secure websites begin their address with “https,” not just “http.” That extra “s” in stands for “secure,” which means that it uses a secure protocol for transmitting sensitive info like passwords, credit card numbers, and the like over the internet. It often appears as a little padlock icon in the address bar of your browser, so double-check for that. If you don’t see that it’s secure, it’s best to avoid making purchases on that website.  

Use a VPN if you’re shopping on public Wi-Fi  

Public Wi-Fi in coffee shops and other public locations can expose your private surfing to prying eyes because those networks are open to all. Using a virtual private network (VPN) encrypts your browsing, shopping, and other internet traffic, thus making it secure from attempts at intercepting your data on public Wi-Fi, such as your passwords and credit card numbers.  

What’s more, a VPN masks your whereabouts and your IP address, plus uses encryption that helps keep your activities private. As a result, companies and data brokers can potentially learn far less about you, your shopping, your travels, your habits, and any other information that they could possibly collect and otherwise profit from. 

Use protection while you shop online 

A complete suite of online protection software like McAfee can offer layers of extra security while you shop. In addition to the VPN, identity, credit monitoring, and other features mentioned above, it includes web browser protection that can block malicious and suspicious links that could lead you down the road to malware or a phishing scam—along with a password manager that can create strong, unique passwords and store them securely as well. Taken together, McAfee offers all-in-one online protection for your identity, privacy, and security that can keep you far safer when you shop online—and as you spend your time online in general. 

A brighter, safer Diwali for you and your family online 

If celebrating Diwali takes you online in any way, keep an eye open for the scams that typically pop up this time of year. Sadly, they’re out there, because it’s such a prime time of year for online shopping, gift-giving, and donations.  

As you can see, thieves use several types of common scams that simply dress themselves up in different ways. Taking a moment to pause and consider what you’re seeing before you click or buy can help you spot those scams.  

Further, using online protection software can help you stay safer still with features that make your time online more private and secure while also preventing you from clicking on any of those malicious links or attachments that crop up during Diwali—and any time of year. 

The post Protect yourself from scams this Diwali appeared first on McAfee Blog.

When it comes to identity theft, trust your gut when something doesn’t feel right. Follow up. What you’re seeing could be a problem.  

A missing bill or a mysterious charge on your credit card could be the tip of an identity theft iceberg, one that can run deep if left unaddressed. Here, we’ll look at several signs of identity theft that likely need some investigation and the steps you can take to take charge of the situation.  

How does identity theft happen in the first place?  

Unfortunately, it can happen in several ways.   

In the physical world, it can happen simply because you lost your wallet or debit card. However, there are also cases where someone gets your information by going through your mail or trash for bills and statements. In other more extreme cases, theft can happen by someone successfully registering a change of address form in your name (although the U.S. Postal Service has security measures in place that make this difficult).   

In the digital world, that’s where the avenues of identity theft blow wide open. It could come by way of a data breach, a thief “skimming” credit card information from a point-of-sale terminal, or by a dedicated crook piecing together various bits of personal information that have been gathered from social media, phishing attacks, or malware designed to harvest information. Additionally, thieves may eavesdrop on public Wi-Fi and steal information from people who’re shopping or banking online without the security of a VPN.    

Regardless of how crooks pull it off, identity theft is on the rise. According to the Federal Trade Commission (FTC), identity theft claims jumped up from roughly 650,000 claims in 2019 to nearly 1.4 million in 2020—practically double. Of the reported fraud cases where a dollar loss was reported, the FTC calls out the following top three contact methods for identity theft:  

• Online ads that direct you to a scammer’s site are designed to steal your information.  
• Malicious websites and apps also steal information when you use them.  
• Social media scams lure you into providing personal information, whether through posts or direct messages.  

However, phone calls, texts, and email remain the most preferred contact methods that fraudsters use, even if they are less successful in creating dollar losses than malicious websites, ads, and social media.  

What are some signs of identity theft?  

Identity thieves leave a trail. With your identity in hand, they can charge things to one or more of your existing accounts—and if they have enough information about you, they can even create entirely new accounts in your name. Either way, once an identity thief strikes, you’re probably going to notice that something is wrong. Possible signs include:  

• You start getting mail for accounts that you never opened.   
• Statements or bills stop showing up from your legitimate accounts.  
• You receive authentication messages for accounts you don’t recognize via email, text, or phone.   
• Debt collectors contact you about an account you have no knowledge of.  
• Unauthorized transactions, however large or small, show up in your bank or credit card statements.  
• You apply for credit and get unexpectedly denied.  
• And in extreme cases, you discover that someone else has filed a tax return in your name.  

As you can see, the signs of possible identity theft can run anywhere from, “Well, that’s strange …” to “OH NO!” However, the good news is that there are several ways to check if someone is using your identity before it becomes a problem – or before it becomes a big problem that gets out of hand.   

Steps to take if you suspect that you’re the victim of identity theft  

The point is that if you suspect fraud, you need to act right away. With identity theft becoming increasingly commonplace, many businesses, banks, and organizations have fraud reporting mechanisms in place that can assist you should you have any concerns. With that in mind, here are some immediate steps you can take:  

1) Notify the companies and institutions involved  

Whether you spot a curious charge on your bank statement or you discover what looks like a fraudulent account when you get your free credit report, let the bank or business involved know you suspect fraud. With a visit to their website, you can track down the appropriate number to call and get the investigation process started.   

2) File a police report  

Some businesses will require you to file a local police report to acquire a case number to complete your claim. Even beyond a business making such a request, filing a report is still a good idea. Identity theft is still theft and reporting it provides an official record of the incident. Should your case of identity theft lead to someone impersonating you or committing a crime in your name, filing a police report right away can help clear your name down the road. Be sure to save any evidence you have, like statements or documents that are associated with the theft. They can help clean up your record as well.  

3) Contact the Federal Trade Commission (FTC)  

The FTC’s identity theft website is a fantastic resource should you find yourself in need. Above and beyond simply reporting the theft, the FTC can provide you with a step-by-step recovery plan—and even walk you through the process if you create an account with them. Additionally, reporting theft to the FTC can prove helpful if debtors come knocking to collect on any bogus charges in your name. You can provide them with a copy of your FTC report and ask them to stop.  

4) Place a fraud alert and consider a credit freeze  

You can place a free one-year fraud alert with one of the major credit bureaus (Experian, TransUnion, Equifax), and they will notify the other two. A fraud alert will make it tougher for thieves to open accounts in your name, as it requires businesses to verify your identity before issuing new credit in your name.  

A credit freeze goes a step further. As the name implies, a freeze prohibits creditors from pulling your credit report, which is needed to approve credit. Such a freeze is in place until you lift it, and it will also apply to legitimate queries as well. Thus, if you intend to get a loan or new credit card while a freeze is in place, you’ll likely need to take extra measures to see that through. Contact each of the major credit bureaus (Experian, TransUnion, Equifax) to put a freeze in place or lift it when you’re ready.  

5) Dispute any discrepancies in your credit reports  

This can run the gamut from closing any false accounts that were set up in your name, removing bogus charges, and correcting information in your credit report such as phony addresses or contact information. With your FTC report, you can dispute these discrepancies and have the business correct the record. Be sure to ask for written confirmation and keep a record of all documents and conversations involved.   

6) Contact the IRS, if needed  

If you receive a notice from the IRS that someone used your identity to file a tax return in your name, follow the information provided by the IRS in the notice. From there, you can file an identity theft affidavit with the IRS. If the notice mentions that you were paid from an employer you don’t know, contact that employer as well and let them know of possible fraud—namely that someone has stolen your identity and that you don’t truly work for them.  

Also, be aware that the IRS has specific guidelines as to how and when they will contact you. As a rule, they will most likely contact you via physical mail delivered by the U.S. Postal Service. (They won’t call or apply harassing pressure tactics—only scammers do that.) Identity-based tax scams are a topic all of their own, and for more on it, you can check out this article on tax scams and how to avoid them.  

7) Continue to monitor your credit report, invoices, and statements  

Another downside of identity theft is that it can mark the start of a long, drawn-out affair. One instance of theft can possibly lead to another, so even what may appear to be an isolated bad charge on your credit card calls for keeping an eye on your identity. Many of the tools you would use up to this point still apply, such as checking up on your credit reports, maintaining fraud alerts as needed, and reviewing your accounts closely.  

Preventing identity theft 

With all the time we spend online as we bank, shop, and simply surf, we create and share all kinds of personal information—information that can get collected and even stolen. The good news is that you can prevent theft and fraud with online protection software, such as McAfee+ Ultimate.  

With McAfee+ Ultimate you can: 

• Monitor your credit activity on all three major credit bureaus to stay on top of unauthorized use.​ 
• Also monitor the dark web for breaches involving your personal info and notify you if it’s found.​ 
• Lock or freeze your credit file to help prevent accounts from being opened in your name. 
• Remove your personal info from over 40 data broker sites collecting and selling it. 
• Restore your identity with a licensed expert should the unexpected happen.​ 
• Receive $1M identity theft and stolen funds coverage along with additional $25K ransomware coverage. 

​In all, it’s our most comprehensive privacy, identity, and device protection plan, built for a time when we rely so heavily on the internet to go about our day, whether that’s work, play, or simply getting things done. 

Righting the wrongs of identity theft: deep breaths and an even keel  

Realizing that you’ve become a victim of identity theft carries plenty of emotion with it, which is understandable—the thief has stolen a part of you to get at your money, information, and even reputation. Once that initial rush of anger and surprise has passed, it’s time to get clinical and get busy. Think like a detective who’s building – and closing – a case. That’s exactly what you’re doing. Follow the steps, document each one, and build up your case file as you need. Staying cool, organized, and ready with an answer for any questions you’ll face in the process of restoring your identity will help you see things through.  

Once again, this is a good reminder that vigilance is the best defense against identity theft from happening in the first place. While there’s no absolute, sure-fire protection against it, there are several things you can do to lower the odds in your favor. And at the top of the list is keeping consistent tabs on what’s happening across your credit reports and accounts.  

The post Top Signs of Identity Theft appeared first on McAfee Blog.

Have you ever come across a website that just didn’t look quite right? Perhaps the company logo looked slightly misshapen, or the font seemed off-brand. Odds are, you landed on a phony version of a legitimate corporation’s website—a tried and true tactic relied on by many cybercriminals.  

Fake Login Pages Explained  

A fake login page is essentially a knock-off of a real login page used to trick people into entering their login credentials, which hackers can later use to break into online accounts. These websites mirror legitimate pages by using company logos, fonts, formatting, and overall templates. Depending on the attention to detail put in by the hackers behind the imposter website, it can be nearly impossible to distinguish from the real thing. Consequentially, fake login pages can be highly effective in their end goal: credential theft.  

How do these pages get in front of a consumer in the first place? Typically, scammers will target unsuspecting recipients with phishing emails spoofing a trusted brand. These emails may state that the user needs to reset their password or entice them with a deal that sounds too good to be true. If the consumer clicks on the link in the email, they will be directed to the fake login page and asked to enter their username and password. Once they submit their information, cybercriminals can use the consumer’s data to conduct credential stuffing attacks and hack their online profiles. This could lead to credit card fraud, data extraction, wire transfers, identity theft, and more. 

How Fake Login Pages Are Affecting Canadians 

Scammers have recently targeted Canadians with attacks leveraging fake login pages to harvest personal data. For example, criminals preyed on employees who were expecting COVID-19 relief grants in the form of the CERB (Canada Emergency Response Benefit). These funds were sent via an electronic transfer from Interac, a legitimate Canadian interbank network. However, a phishing campaign spoofing Interac’s e-transfer service circulated emails claiming that the Canada Revenue Agency (CRA) made a CERB deposit of $1,957.50 CAD.  

These emails directed recipients to a fake CRA login page, which then redirected to a phony Interac e-transfer site where users were asked to select their personal bank. From there, the recipient was asked to enter their username, card number, password, security questions and answers for their online banking profile, and other personally identifiable information—providing all the information a criminal would need to hack into the user’s bank account.  

Why Fake Login Pages are Effective  

If you Google “fake login pages,” you will quickly find countless guides on how to create fake websites in seconds. Ethical concerns aside, this demonstrates just how common vector spoofed websites are for cyberattacks. While it has been easier to distinguish between real and fake login pages in the past, criminals are constantly updating their techniques to be more sophisticated, therefore making it more difficult for consumers to recognize their fraudulent schemes.  

One reason why fake login pages are so effective is due to inattentional blindness, or failure to notice something that is completely visible because of a lack of attention. One of the most famous studies on inattentional blindness is the “invisible gorilla test.” In this study, participants watched a video of people dressed in black and white shirts passing basketballs. Participants were asked to count the number of times the team in white passed the ball: 

Because participants were intently focused on counting the number of times the players in white passed the ball, more than 50% failed to notice the person in the gorilla costume walking through the game. If this is the first time you’ve seen this video, it’s likely that you didn’t notice the gorilla, the curtain changing color from red to gold, or the player in black leaving the game. Similarly, if you come across a well-forged login page and aren’t actively looking for signs of fraud, you could inherently miss a cybercriminal’s “invisible gorilla.” That’s why it’s crucial for even those with phishing training to practice caution when they come across a website asking them to take action or enter personal details.  

How to Steer Clear of Fake Login Pages  

The most important defense against steering clear of fake login pages is knowing how to recognize them. Follow these tips to help you decipher between a legitimate and a fake website:  

1. Don’t fall for phishing  

Most fake login pages are circulated vis phishing messages. If you receive a suspicious message that asks for personal details, there are a few ways to determine if it was sent by a phisher aiming to steal your identity. Phishers often send messages with a tone of urgency, and they try to inspire extreme emotions such as excitement or fear. If an unsolicited email urges you to “act fast!” slow down and evaluate the situation. 

2. Look for misspellings or grammatical errors  

Oftentimes, hackers will use a URL for their spoofed website that is just one character off from the legitimate site, such as using “www.rbcr0yalbank.com” versus “www.rbcroyalbank.com.” Before clicking on any website from an email asking you to act, hover over the link with your cursor. This will allow you to preview the URL and identify any suspicious misspellings or grammatical errors before navigating to a potentially dangerous website. 

3. Ensure the website is secured with HTTPS 

HTTPS, or Hypertext Transfer Protocol Secure, is a protocol that encrypts your interaction with a website. Typically, websites that begin with HTTPS and feature a padlock in the top left corner are considered safer. However, cybercriminals have more recently developed malware toolkits that leverage HTTPS to hide malware from detection by various security defenses. If the website is secured with HTTPS, ensure that this isn’t the only way you’re analyzing the page for online safety.  

4. Enable multi-factor authentication  

Multi-factor authentication requires that users confirm a collection of things to verify their identity—usually something they have, and a factor unique to their physical being—such as a retina or fingerprint scan. This can prevent a cybercriminal from using credential-stuffing tactics (where they will use email and password combinations to hack into online profiles) to access your network or account if your login details were ever exposed during a data breach.  

5. Sign up for an identity theft alert service 

An identity theft alert service warns you about suspicious activity surrounding your personal information, allowing you to jump to action before irreparable damage is done. McAfee Total Protection not only keeps your devices safe from viruses but gives you the added peace of mind that your identity is secure, as well.  

The post How to Spot Fake Login Pages  appeared first on McAfee Blog.

Smishing and vishing are scams where criminals attempt to get users to click a fraudulent link through a phone text message, email, or voicemail. These scams are becoming increasingly popular as cybercriminals try to take advantage of people who are more likely to fall for them, such as those who aren’t as familiar with technology or who may be experiencing a crisis.

Be aware that cybercrime and hacking can happen to anyone. Criminals are always looking for new ways to exploit people, and they know that others may not be cautious or recognize the warning signs of phishing scams when using the internet. That’s why it’s important to be aware of the different types of cybercrime and how to protect yourself.

This article discusses how to protect yourself from smishing attempts and scams where criminals try to get you to click on a fraudulent link or respond to their voicemail message to steal your personal data.

What is smishing?

Most people are familiar with phishing scams, where scammers try to trick you into giving them your personal or financial information by pretending to be a legitimate company or organization. But have you ever heard of smishing or vishing?

Smishing is a type of phishing scam where attackers send SMS messages (or text messages) to trick victims into sharing personal information or installing malware on their devices. Vishing is almost identical to smishing, except cybercriminals use VoIP (Voice over IP) to place phone calls to trick victims instead of SMS (short message service) messages.

Smishing messages often appear to be from a legitimate source, such as a well-known company or government agency. It may even include urgent language or threats in an effort to get victims to act quickly. In some cases, the message may also include a link that directs victims to a fake website where they are prompted to enter personal information or download malware.

Examples of a smishing text message

Here are some examples of smishing text messages hackers use to steal your personal details:

• “We have detected unusual activity on your account. Please call this number to speak to a customer service representative.”
• “You have won a free gift card! Click here to claim your prize.”
• “Hi! We noticed that you’re a recent customer of ours. To finish setting up your account, please click this link and enter your personal information.”
• “Urgent! Your bank account has been compromised. Please click this link to reset your password and prevent any further fraud.”
• “Hey, it’s [person you know]! I’m in a bit of a bind and could really use your help. I sent you a link to my PayPal, could you send me some money?”

How dangerous can smishing be?

If you fall for a smishing scam, you could end up giving away your personal information or money. Cybercriminals use smishing messages to get personal and financial information, like your credit card number or access to your financial services.

For example, one type of smishing scam is when you get a text message that looks like it’s from your bank. The message might say there’s been suspicious activity on your account and that you need to click on a link to verify your identity. If you do click on the link, you’ll be taken to a fake website where you’ll be asked to enter your banking information. Once the scammers have your login information, they have access to clean out your account.

How can you protect yourself from smishing?

Smishing scams can be very difficult to spot, but there are some telltale signs to look for and steps to take to protect yourself.

Recognize the signs of a smishing text

One of the easiest ways to protect yourself from smishing scams is to be able to recognize the signs of a smishing text message. Here are some tips:

• Be suspicious of any text messages that ask for personal information or include a link.
• Look closely at the sender’s name and number. Fraudulent messages often come from spoofed numbers that may look similar to a legitimate number but with one or two digits off.
• Look for errors in spelling or grammar. This can be another sign that the message is not legitimate.
• Beware of any text messages that create a sense of urgency or are threatening in nature. Scammers often use these tactics to get you to act quickly without thinking.
• If you’re not expecting a message from the sender, be extra cautious.
• If you’re unsure whether a text message is legitimate, call the company or organization directly to verify.

Filter unknown text messages

While you can’t avoid smishing attacks altogether, you can block spam text messages you receive on your mobile phone. iPhone and Android have cybersecurity tools like spam filters and phone number blocking to help protect you from phishing attacks and malicious links.

To set up spam filters on your iPhone:

1. Go to the Settings App
2. Go to Messages
3. Find the Filter Unknown Senders option and turn it on

To set up spam filters on your Android mobile device:

1. Go to the Messaging App
2. Choose Settings
3. Tap Spam Protection and turn on Enable Spam Protection

Use McAfee Mobile Security

McAfee Mobile Security is a mobile security app that helps protect your phone from malware, phishing attacks, and other online threats. McAfee Mobile Security is available for Android and iOS cell phones.

One of the benefits of using McAfee Mobile Security is that it can help detect and block smishing attacks. With identity monitoring, McAfee Mobile Security monitors your sensitive information like email accounts, credit card numbers, phone numbers, Social Security numbers, and more to protect against identity theft. They notify you if they find any security breaches.

Other benefits include:

• Antivirus
• Secure VPN for privacy online
• Identity monitoring for up to 10 emails
• Guard your identity against risky Wi-Fi connections
• Safe browsing
• System Scan for the latest updates

Keep your device and information secure with McAfee Mobile Security

These days, our lives are more intertwined with our mobile devices than ever. We use them to stay connected with our loved ones on social media, conduct our business, and even access our most personal, sensitive data. It’s no surprise that mobile cybersecurity is becoming increasingly important.

McAfee Mobile Security is a comprehensive security solution that helps protect your device from viruses, malware, and other online threats. It also offers a variety of other features, like a secure VPN to protect your credit card numbers and other personal data.

Whether you’re browsing your favorite website, keeping up with friends on social media, or shopping online at Amazon, McAfee Mobile Security provides the peace of mind that comes from knowing your mobile device is safe and secure.

So why wait? Don‘t let the smishers win. Get started today with McAfee Mobile Security and rest easy knowing your mobile device and sensitive information are protected.

The post What Is Smishing and Vishing, and How Do You Protect Yourself appeared first on McAfee Blog.

Whether you’re spending time on the web or working in the office, you want peace of mind knowing that you are in a safe environment. While most of us know to take precautions when online — protecting ourselves from things like phishing attacks and other cyber threats — we should also attend to our physical security.

One concern is tailgating — a social engineering attack where someone gets physical access to a business to take confidential information or do other harm.

Here are some ways to protect yourself from tailgating attacks, such as an unauthorized person following you into a restricted area while on the job.

What is a tailgating attack?

Tailgating is a type of social engineering attack where an unauthorized person gains physical access to an off-limits location — perhaps a password-protected area — where they might steal sensitive information, damage property, compromise user credentials or even install malware on computers.

“Piggybacking” is closely related to tailgating, but it involves consent from the duped employee. So, while a worker might be unaware that someone has tailgated them into a restricted area with piggybacking, the hacker might convince a worker to provide access because they are posing as, say, a delivery driver.

Who’s at risk of tailgating attacks?

Companies, particularly at risk of being targeted by tailgating scams, include those:

• • With many employees, often moving inside and out of the premises
  • With multiple entrance points into a building
  • That receive deliveries of food, packages, documents, and other things regularly
  • That have many subcontractors working for them
  • Where employees aren’t thoroughly trained in physical and cybersecurity protocols

Whether you’re spending time on the web or working in the office, you want peace of mind knowing that you are in a safe environment. While most of us know to take precautions when online — protecting ourselves from things like phishing attacks and other cyber threats — we should also attend to our physical security.

One concern is tailgating — a social engineering attack where someone gets physical access to a business to take confidential information or do other harm.

Here are some ways to protect yourself from tailgating attacks, such as an unauthorized person following you into a restricted area while on the job.

What is a tailgating attack?

Tailgating is a type of social engineering attack where an unauthorized person gains physical access to an off-limits location — perhaps a password-protected area — where they might steal sensitive information, damage property, compromise user credentials or even install malware on computers.

“Piggybacking” is closely related to tailgating, but it involves consent from the duped employee. So, while a worker might be unaware that someone has tailgated them into a restricted area with piggybacking, the hacker might convince a worker to provide access because they are posing as, say, a delivery driver.

Who’s at risk of tailgating attacks?

Companies, particularly at risk of being targeted by tailgating scams, include those:

• With many employees, often moving inside and out of the premises
• With multiple entrance points into a building
• That receive deliveries of food, packages, documents, and other things regularly
• That have many subcontractors working for them
• Where employees aren’t thoroughly trained in physical and cybersecurity protocols

Generally speaking, companies with robust security systems in place — including using biometrics, badges, or other identity and information security measures — are better protected from tailgating and piggybacking attacks.

But that’s not to say that some smooth-talking fraudster can’t talk someone into letting them in or finding some way around those protections.

What are common tailgating methods?

Common types of tailgating attacks that you should be aware of on the job include:

• Someone walking behind you into a secure area, depending on your common courtesy to keep the door open for them
• A courier or delivery driver who aren’t what they seem
• A courier or delivery driver who aren’t what they seem
• Someone with their hands full of items to trick you into opening the door for them
• A person who claims they’ve lost their work ID or forgotten it at home, so that you grant them admittance

How to protect yourself from tailgating attacks

Protecting yourself from tailgating attacks is partly a matter of learning about the issue, raising your level of awareness on the job, and depending on your employer, putting in place more effective security systems.

Some solutions include:

Increased security training

Many companies know how to train employees to recognize, avoid, and cope with online security issues but may forget to provide the same diligence to physical security. How to spot and deal with threats should be part of this training, plus cultivating an awareness of surroundings and people who might be out of place.

Management should offer a clearly stated security policy taught to everyone, which might insist that no one be allowed into a secure area without the proper pass or identification. As the security policy is updated, all employees should be aware of changes and additions.

These security measures should be part of an overall protection program, like McAfee® Total Protection, which includes antivirus software, a firewall, identity monitoring, password management, web protection, and more.

Smart badges and cards

If you have a large business spread over several floors, it can be hard for employees to know who works there and who doesn’t, leaving them susceptible to tailgating and piggybacking attacks. Requiring smart badges and cards to access restricted areas can help cut back on unauthorized intrusions and provide better access control.

Building fully staffed reception areas with dedicated security personnel could also be part of a larger security system.

Biometric scanners

Biometric scanners are an even more advanced way to provide proper authentication for a worker’s identity. They scan a unique physical or audible feature of a person and compare it to a database for approved personnel.

Examples of biometric security include:

• Voice recognition
• Iris recognition
• Fingerprint scans
• Facial recognition
• Heart-rate sensors

Understanding social engineering

One reason people are vulnerable to physical and cyberattacks is that they lack education on social engineering and the kinds of threats it poses.

Workers need to understand the full range of social engineering techniques and know-how to protect themselves, whether in their social media accounts or physical work environment.

For their part, companies can use simulated phishing emails and tailgating attacks to raise awareness and underline how to follow protocols in dealing with them.

Video surveillance

If there are many ways to enter a business, it may make sense to put video surveillance on all entrances. Advanced video surveillance systems can use artificial intelligence (AI) and video analytics to scan the faces of people entering and compare them to a database of employee features.

Discover how McAfee can help keep devices secure from hacking

Whether at work or at home, people want to be secure from attacks by cybercriminals who seek to take personal information.

To add a layer of security to all their connected devices — including computers, smartphones, and tablets — an increasing number of people are turning to the comprehensive coverage of McAfee® Total Protection.

Features range from advanced monitoring of possible threats to your identity, automatic implementation of virtual private networks (VPNs) to deal with unsafe networks, and personal data clean-up, removing your information from high-risk data broker sites.

McAfee protection allows you to work and play online with greater peace of mind.

The post What Are Tailgating Attacks and How to Protect Yourself From Them appeared first on McAfee Blog.

People in their 20s and 30s are losing it online. And by it, I mean money—thanks to digital identity theft. 

In its simplest form, your digital identity is made up of a whole host of things that can be traced back to you and who you are. That can range anywhere from photos you post online to online shopping accounts, email accounts to telephone numbers, and bank accounts to your tax ID.  

In this way, your digital identity is like dozens upon dozens of puzzle pieces made up of different accounts, ID numbers, and so forth. When put together, they create a picture of you. And that’s why those little puzzle pieces of your identity are such attractive targets for hackers. If they get the right combination of them, you can end up a victim of theft or fraud.  

Millennials are major targets for fraud 

Here’s what’s happening: people in their 20s and 30s were twice as likely than people 40 and over to report losing money while shopping online. That’s according to recent figures from the U.S. Federal Trade Commission (FTC), which also found that people in their 20s to 30s are far more likely to report losing money to fraud. What’s more, they’re also 77% more likely than older people to lose it by way of an email scam. 

And it’s no surprise younger adults get targeted this way. They’re far more likely than any other age group to use mobile apps for peer-to-peer payments, transfer money between accounts, deposit checks, and pay bills. In short, there’s a lot of money flowing through the palms of their hands thanks to their phones, as well as their computers. 

Protecting yourself from hackers and fraud means protecting your digital identity. And that can feel like a pretty huge task given all the information your digital identity includes. It can be done, though, especially if you think about your identity like a puzzle. A piece here, another piece there, can complete the picture (or complete it just enough) to give a hacker what they need to separate you from your money. Thus, the way to stay safe is to keep those puzzle pieces out of other people’s hands.  

Six ways you can protect your digital identity from hackers and fraud 

It’s actually not that tough. With a few new habits and a couple of apps to help you out, you can protect yourself from the headaches and flat-out pain of fraud. Here’s a list of straightforward things that you can get started on right away: 

1. Start with the basics—security software  

Protect yourself by protecting your stuff. Installing and using security software on your computers and phones can prevent all kinds of attacks and make you safer while you surf, bank, and shop online. I should emphasize it again—protect your phone. Only about half of people protect their phones even though they use it to hail rides, order food, send money to friends, and more. Going unprotected on your phone means you’re sending all that money on the internet in a way that’s far, far less safe than if you use online protection. 

2. Create strong passwords  

You hear this one all the time and for good reason—strong, unique passwords offer one of your best defenses against hackers. Never re-use them (or slight alterations of them) across the different platforms and services you use. Don’t forget to update them on the regular (that means at least every 60 days)! While that sounds like a lot of work, a password manager can keep on top of it all for you. And if your platform or service offers the use of two-factor authentication, definitely make use of that. It’s a further layer of security that makes hacking tougher for crooks. 

3. Keep up to date with your updates  

Updates have a way of popping up on our phones and computers nearly every day, resist the urge to put them off until later. Aside from making improvements, updates often include important security fixes. So, when you get an alert for your operating system or app on your devices, go ahead and update. Think of it as adding another line of defense from hackers who are looking to exploit old flaws in your apps.   

4. Think twice when you share  

Social media is one place hackers go to harvest personal information because people sometimes have a way of sharing more than they should. With info like your birthday, the name of your first school, your mother’s maiden name, or even the make of your first car, they can answer common security questions that could hack into your accounts. Crank up the privacy settings on your accounts so only friends and family can see your posts—and realize the best defense here is not to post any possibly sensitive info in the first place. Also, steer clear of those “quizzes” that sometimes pop up in your social feeds. Those are other ways that hackers try to gain bits of info that can put your identity at risk. 

5. Shred it  

Even though so many of us have gone paperless with our bills, identity theft by digging through the trash, or “dumpster diving,” is still a thing. Things like medical bills, tax documents, and checks still might make their way to your mailbox. You’ll want to dispose of them properly when you’re through with them. First, invest in paper shredder. Once you’ve online deposited that check or paid that odd bill, shred it so that any personal or account info on there can’t be read (and can be recycled securely). Second, if you’re heading out of town for a bit, have a friend collect your mail or have the post office put a temporary hold on your mail. That’ll prevent thieves from lifting personal info right from your mailbox while you’re away. 

6. Check your credit  

Even if you don’t think there’s a problem, go ahead and check your credit. The thing is, someone could be charging things against your name without you even knowing it. Depending on where you live, different credit reporting agencies keep tabs on people’s credit. In the U.S., the big ones are Equifax, Experian, and TransUnion. Also in the U.S., the Fair Credit Reporting Act (FCRA) requires these agencies to provide you with a free credit check at least once every 12 months. Canada, the UK, and other nations likewise offer ways to get a free credit report. Run down your options—you may be surprised by what you find. 

How do I know if my identity has been stolen?  

As I just mentioned, the quickest way to get sense of what’s happening with your identity is to check your credit. Identity theft goes beyond money. Crooks will steal identities to rent apartments, access medical services, and even get jobs. Things like that can show up on a credit report, such as when an unknown address shows up in a list of your current and former residences or when a company you’ve never worked for shows up as an employer. If you spot anything strange, track it down right away. Many businesses have fraud departments with procedures in place that can help you clear your name if you find a charge or service wrongfully billed under your name. 

Other signs are far more obvious. You may find collection agencies calling or even see tax notices appearing in your mailbox (yikes). Clearly, cases like those are telltale signs that something is really wrong. In that case, report it right away: 

• If you live in the U.S. and think that someone is using your personal information, visit IdentityTheft.gov. 
• In Canada, visit antifraudcentre-centreantifraude.ca for help.  
• And in the UK, check out CIFAS, the UK’s fraud prevention service, at cifas.org.uk. 

Likewise, many nations offer similar government services. A quick search will point you in the right direction. 

Another step you can take is to ask each credit bureau to freeze your credit, which prevents crooks from using your personal information to open new lines of credit or accounts in your name. Fraud alerts offer another line of protection for you as well, and you can learn more about fraud alerts here. 

Keeping your digital identity in your hands 

With so many bits and pieces of information making up your digital identity, a broader way of keeping it safe involves asking yourself a question: what could happen if someone got their hands on this info? Further realizing that even little snippets of unsecured info can lead to fraud or theft in your name helps—even that un-shredded bill or innocuous refund check for a couple of bucks could give a crook the puzzle piece they need. You can keep your digital identity safe by keeping those pieces of info out of other people’s hands.    

The post Guide: Protecting Your Digital Identity appeared first on McAfee Blog.

It’s important to know that not all websites are safe to visit. In fact, some sites may contain malicious software (malware) that can harm your computer or steal your personal contact information or credit card numbers.

Phishing is another common type of web-based attack where scammers try to trick you into giving them your personal information, and you can be susceptible to this if you visit a suspicious site.

Identity theft is a serious problem, so it’s important to protect yourself when browsing the web. Online security threats can be a big issue for internet users, especially when visiting new websites or following site links.

So how can you tell if you’re visiting a safe website or an unsafe website? You can use a few different methods. This page discusses key things to look for in a website so you can stay safe online.

Key signs of website safety and security

When you’re visiting a website, a few key indicators can help determine whether the site is safe. This section explores how to check the URL for two specific signs of a secure website.

”Https:” in the website URL

“Https” in a website URL indicates that the website is safe to visit. The “s” stands for “secure,” and it means that the website uses SSL (Secure Sockets Layer) encryption to protect your information. A verified SSL certificate tells your browser that the website is secure. This is especially important when shopping online or entering personal information into a website.

When you see “https” in a URL, the site is using a protocol that encrypts information before it’s sent from your computer to the website’s server. This helps prevent anyone from intercepting and reading your sensitive information as it’s transmitted.

A lock icon near your browser’s URL field

The padlock icon near your browser’s URL field is another indicator that a webpage is safe to visit. This icon usually appears in the address bar and means the site uses SSL encryption. Security tools and icon and warning appearances depend on the web browser.

Let’s explore the cybersecurity tools on the three major web browsers:

• Safari. In the Safari browser on a Mac, you can simply look for the lock icon next to the website’s URL in the address bar. The lock icon will be either locked or unlocked, depending on whether the site uses SSL encryption. If it’s an unsafe website, Safari generates a red-text warning in the address bar saying “Not Secure” or “Website Not Secure” when trying to enter information in fields meant for personal data or credit card numbers. Safari may also generate an on-page security warning stating, “Your connection is not private” or “Your connection is not secure.”
• Google Chrome. In Google Chrome, you’ll see a gray lock icon (it was green in previous Chrome versions) on the left of the URL when you’re on a site with a verified SSL certificate. Chrome has additional indicator icons, such as a lowercase “i” with a circle around it. Click this icon to read pertinent information on the site’s cybersecurity. Google Safe Browsing uses security tools to alert you when visiting an unsafe website. A red caution symbol may appear to the left of the URL saying “Not secure.” You may also see an on-page security message saying the site is unsafe due to phishing or malware.
• Firefox. Like Chrome, Mozilla’s Firefox browser will tag all sites without encryption with a distinctive marker. A padlock with a warning triangle indicates that the website is only partially encrypted and may not prevent cybercriminals from eavesdropping. A padlock with a red strike over it indicates an unsafe website. If you click on a field on the website, it’ll prompt you with a text warning stating, “This connection is not secure.”

In-depth ways to check a website’s safety and security

Overall, the ”https” and the locked padlock icon are good signs that your personal data will be safe when you enter it on a website. But you can ensure a website’s security is up to par in other ways. This section will explore five in-depth methods for checking website safety.

Use McAfee WebAdvisor

McAfee WebAdvisor is a free toolbar that helps keep you safe online. It works with your existing antivirus software to provide an extra layer of protection against online threats. WebAdvisor also blocks unsafe websites and lets you know if a site is known for phishing or other malicious activity. In addition, it can help you avoid online scams and prevent you from accidentally downloading malware. Overall, McAfee WebAdvisor is a useful tool that can help you stay safe while browsing the web.

Website trust seals

When you’re browsing the web, it’s important to be able to trust the websites you’re visiting. One way to determine if a website is trustworthy is to look for trust seals. Trust seals are logos or badges that indicate a website is safe and secure. They usually appear on the homepage or checkout page of a website.

There are many types of trust seals, but some of the most common include the Better Business Bureau (BBB) seal, VeriSign secure seal, and the McAfee secure seal. These seals indicate that a third-party organization has verified the website as safe and secure.

While trust seals can help determine whether a website is trustworthy, it’s important to remember that they are not foolproof. Website owners can create a fake trust seal, so it’s always important to do your own research to ensure a website is safe before entering personal information.

Check for a privacy policy

Another way to determine if a website is safe to visit is to check for a privacy policy. A privacy policy is a document that outlines how a website collects and uses personal information. It should also state how the site protects your data from being accessed or shared by scammers, hackers, or other unauthorized individuals.

If a website doesn’t have a privacy policy, that’s a red flag that you shouldn’t enter any personal information on the site. Even if a website does have a privacy policy, it’s important to read it carefully so you understand how the site uses your personal data.

Check third-party reviews

It’s important to do some preliminary research before visiting a new website, especially if you’re shopping online or entering personal data like your address, credit card, or phone number. One way to determine if a website is safe and trustworthy is to check third-party reviews. Several websites provide reviews of other websites, so you should be able to find several reviews for any given site.

Trustpilot is one example of a website that provides reviews of other websites.Look for common themes when reading reviews. If most of the reviews mention that a website is safe and easy to use, it’s likely that the site is indeed safe to visit. However, if a lot of negative reviews mention problems with viruses or malware, you might want to avoid the site.

Look over the website design

You can also analyze the website design when deciding whether a website is safe to visit. Look for spelling errors, grammatical mistakes, and anything that appears off. If a website looks like it was made in a hurry or doesn’t seem to be well-designed, that’s usually a red flag that the site might not be safe.

Be especially careful of websites that have a lot of pop-ups. These sites are often spammy or contain malware. Don’t download anything from a website unless you’re absolutely sure it’s safe. These malicious websites rarely show up on the top of search engine results, so consider using a search engine to find what you’re looking for rather than a link that redirects you to an unknown website.

Download McAfee WebAdvisor for free and stay safe while browsing

If you’re unsure whether a website is safe to visit, download McAfee WebAdvisor for free. McAfee WebAdvisor is a program that helps protect you from online threats, such as malware and viruses. It also blocks pop-ups and other intrusive ads so you can browse the web without worry. Plus, it’s completely free to download and use.

Download McAfee WebAdvisor now and stay safe while browsing the web.

The post How to Tell Whether a Website Is Safe or Unsafe appeared first on McAfee Blog.

Have you ever been browsing online and clicked a link or search result that took you to a site that triggers a “your connection is not private” or “your connection is not secure” error code? If you’re not too interested in that particular result, you may simply move on to another result option. But if you’re tempted to visit the site anyway, you should be sure you understand what the warning means, what the risks are, and how to bypass the error if you need to.

What does “this connection is not private” mean?

A “your connection is not private” error means that your browser cannot determine with certainty that a website has safe encryption protocols in place to protect your device and data. You can bump into this error on any device connected to the internet — computer, smartphone, or tablet.

So, what exactly is going on when you see the “this connection is not private” error?

For starters, it’s important to know that seeing the error is just a warning, and it does not mean any of your private information is compromised. A “your connection is not private” error means the website you were trying to visit does not have an up-to-date SSL (secure sockets layer) security certificate.

Website owners must maintain the licensing regularly to ensure the site encryption capabilities are up to date. If the website’s SSL certificate is outdated, it means the site owners have not kept their encryption licensing current, but it doesn’t necessarily mean they are up to no good. Even major websites like LinkedIn have had momentary lapses that would throw the error. LinkedIn mistakenly let their subdomain SSL certificates lapse.

In late 2021, a significant provider of SSL certificates, Let’s Encrypt, went out of business. When their root domain officially lapsed, it created issues for many domain names and SSL certificates owned by legitimate companies. The privacy error created problems for unwitting businesses, as many of their website visitors were rightfully concerned about site security.

While it does not always mean a website is unsafe to browse, it should not be ignored. A secure internet connection is critical to protecting yourself online. Many nefarious websites are dangerous to visit, and this SSL certificate error will protect you from walking into them unaware.

SL certification standards have helped make the web a safer place to transact. It helps ensure online activities like paying bills online, ordering products, connecting to online banking, or keeping your private email accounts safe and secure. Online security continues to improve with a new Transport Layer Security (TLS) standard, which promises to be the successor protocol to SSL.

So be careful whenever visiting sites that trigger the “connection is not private” error, as those sites can potentially make your personal data less secure and make your devices vulnerable to viruses and malware.

Note: The “your connection is not private” error is Google Chrome’s phrasing. Microsoft Edge or Mozilla Firefox users will instead see a “your connection is not secure” error as the warning message.

How to fix the “connection is not private” error

If you feel confident that a website or page is safe, despite the warning from your web browser, there are a few things you can do to troubleshoot the error.

• • Refresh the page. In some cases, the error is just a momentary glitch. Try reloading the page to rule out a temporary error.
  • Close browser and reopen. Closing and reopening your web browser might also help clear a temporary glitch.
  • If you’re on public WiFi, think twice. Hackers often exploit public WiFi because their routers are usually not as secure or well maintained for security. Some public WiFi networks may not have an SSL connection, or they may limit your access to websites. You can safely browse more securely in public spaces if you have an antivirus software or virtual private network (VPN) solution.
  • Use “Incognito” mode. The most used browsers (Google Chrome browser, Mac’s Safari, Mozilla Firefox, and Microsoft Edge) offer an “Incognito mode” that lets you browse without data collecting in your history or cache. Open the site in a new incognito window and see if the error still appears.
  • Clear the cache on your browser. While cookies make browsing the web more convenient and personalized, they also can hold on to sensitive information. Hackers will take advantage of cached data to try and get passwords, purchase information, and anything else they can exploit. Clear browsing data before going to a site with the “connection is not secure” error to help limit available data for hackers.
  • Check the computer’s date and time. If you frequently see the “connection is not private” error, you should check and ensure your computer has the accurate time and date. Your computer’s clock can sometimes have time and date stamp issues and get glitchy in multiple ways. If it’s incorrect, adjust the date and set the time to the correct settings.
  • Check your antivirus software. If your antivirus software is sensitive, you may have to disable it momentarily to bypass the error. Antivirus software protects you, so you should be careful to remember to turn the software back on again after you’ve bypassed the error.
  • Be sure your browsers and operating systems are up to date. You should always keep your critical software and the operating system fully updated. An outdated browser can start getting buggy and can increase the occurrence of this kind of error.
  • Research the website. Do a quick search for the company of the website you wish to visit and make sure they are a legitimate business. You can search for reviews, Better Business Bureau ratings, or check for forums to see if others are having the same issue. Be sure you are spelling the website address correctly and that you have the correct URL for the site. Hackers can take advantage of misspellings or alternative URLs to try and snare users looking for trusted brands.
  • If it’s not you, it’s them. If you’ve tried all the troubleshooting techniques above and you still see the error, the problem is likely coming from the site itself. If you’re willing to take your chances (after clearing your browser’s cache), you can click the option to “proceed to the domain,” though it is not recommended. You may have to choose “advanced settings” and click again to visit the site.

Remember, you are taking your chances anytime you ignore an error. As we mentioned, you could leave yourself vulnerable to hackers after your passwords, personal information, and other risks.

How to protect your privacy when browsing online

Your data and private information are valuable to hackers, so they will continue to find new ways to try and procure it. Here are some ways to protect yourself and your data when browsing online.

• Antivirus solutions are, hands down, your best line of protection against hacking. Solutions like McAfee+ Ultimate offer all the tools you need to secure your data and devices.
• Use strong passwords and two-factor authentication when available.
• Delete unused browser extensions (or phone apps) to reduce access.
• Always keep your operating system and browsers up-to-date. You can open system preferences and choose to update your system automatically.
• Use a secure VPN solution to shield your data when browsing.
• Use your favorite browser’s incognito mode to reduce the data connected to your devices.
• Remove any 3rd party apps from your social media accounts — especially if you’ve recently taken a Facebook quiz or similar (also, don’t take Facebook quizzes).
• Engage the highest privacy settings in each of your browsers.
• Always check the address bar for HTTPS before sharing credit cards or other sensitive data on a website.
• Share less personal and private information on social media.

Discover how McAfee keeps you and your data safe from threats

As we continue to do more critical business online, we must also do our best to address the risks of the internet’s many conveniences.

A comprehensive cybersecurity tool like McAfee+ Ultimate can help protect you from online scams, identity theft, and phishing attempts, and ensure you always have a secure connection. McAfee helps keep your sensitive information out of the hands of hackers and can help you keep your digital data footprints lighter with personal data cleanup.

With McAfee’s experts on your side, you can enjoy everything the web offers with the confidence of total protection.

The post “This Connection Is Not Private” – What it Means and How to Protect Your Privacy appeared first on McAfee Blog.

Authored by SangRyol Ryu

Cybercriminals are always after illegal advertising revenue. As we have previously reported, we have seen many mobile malwares masquerading as a useful tool or utility, and automatically crawling ads in the background. Recently the McAfee Mobile Research Team has identified new Clicker malware that sneaked into Google Play. In total 16 applications that were previously on Google Play have been confirmed to have the malicious payload with an assumed 20 million installations.

McAfee security researchers notified Google and all of the identified apps are no longer available on Google Play. Users are also protected by Google Play Protect, which blocks these apps on Android. McAfee Mobile Security products detect this threat as Android/Clicker and protect you from malware. For more information, to get fully protected, visit McAfee Mobile Security.

How it works

The malicious code was found on useful utility applications like Flashlight (Torch), QR readers, Camara, Unit converters, and Task managers:

Once the application is opened, it downloads its remote configuration by executing an HTTP request. After the configuration is downloaded, it registers the FCM (Firebase Cloud Messaging) listener to receive push messages. At first glance, it seems like well-made android software. However, it is hiding ad fraud features behind, armed with remote configuration and FCM techniques.

The FCM message has various types of information and that includes which function to call and its parameters. The picture below shows some of FCM message history:

When an FCM message receives and meets some condition, the latent function starts working. Mainly, it is visiting websites which are delivered by FCM message and browsing them successively in the background while mimicking user’s behavior. This may cause heavy network traffic and consume power without user awareness during the time it generates profit for the threat actor behind this malware. In the picture below there is an example of the network traffic generated to get the information required to generate fake clicks and the websites visited without user’s consent or interaction:

Malicious components: CAS and LivePosting

So far, we have identified two pieces of code related to this threat. One is “com.click.cas” library which focuses on the automated clicking functionality while “com.liveposting” library works as an agent and runs hidden adware services:

Depending on the version of the applications, some have both libraries working together while other applications only have “com.liveposting” library. The malware is using installation time, random delay and user presence to avoid the users from noticing these malicious acts. The malicious behavior won’t start if the installation time is within an hour and during the time the user is using the device, probably to stay under the radar and avoid being detected right away:

Conclusion

Clicker malware targets illicit advertising revenue and can disrupt the mobile advertising ecosystem. Malicious behavior is cleverly hidden from detection. Malicious actions such as retrieving crawl URL information via FCM messages start in the background after a certain period of time and are not visible to the user.

McAfee Mobile Security detects and removes malicious applications like this one that may run in the background without user’s knowledge. Also, we recommend having a security software installed and activated so you will be notified of any mobile threats present on your device in a timely manner. Once you remove this and other malicious applications, you can expect an extended battery time and you will notice reduced mobile data usage while ensuring that your sensitive and personal data is protected from this and other types of threats.

IoCs (Indicators of Compromise)

liveposting[.]net

sideup[.]co[.]kr

msideup[.]co[.]kr

post-blog[.]com

pangclick[.]com

modooalba[.]net

The post New Malicious Clicker found in apps installed by 20M+ users appeared first on McAfee Blog.

Automobile manufacturer Toyota recently announced a data breach that may have exposed the emails of up to 300,000 customers for a period of nearly five years. 

Toyota says the breach is the result of a subcontractor posting source code for Toyota’s “T-Connect” app on the software development platform GitHub in December 2017. This code included an access key to the data server that hosted the e-mail addresses and customer management numbers of T-Connect users. The publicly available source code was found on September 15th, 2022, at which time Toyota changed the access key. 

Toyota customers affected by this data breach include T-Connect users who registered their email on the Toyota T-Connect site since July 2017. 

According to Toyota’s announcement and apology no other personal information such as customer names, phone numbers, and credit cards were affected. (Note that this announcement was published in Japanese—you can use your browser to translate.) 

The company further could not confirm whether this information was in fact accessed. However, the company could not deny the possibility that it was at some point during that five-year period. 

Toyota said that it will individually send an apology and notification to the registered email address of any customer whose information may have been leaked.   

I’m a Toyota owner. What should I do about the Toyota T-Connect data leak? 

Any time a data breach occurs, it means that your personal information could end up in the hands of a bad actor. Different pieces of personal information can be more useful to them than others. Some are directly useful, such as a Social Security Number or credit card information because they uniquely identify you. Others are indirectly helpful, like device IDs, browsing history, geolocation information, and internet protocol addresses. On their own, such information will not uniquely identify you. Yet with enough indirect information, and in the right combination, a bad actor could use them to piece together your identity. 

In light of this, there are a few steps you can take to protect yourself in the aftermath of a data breach, which involves a combination of preventative steps and some monitoring on your part. 

Keep an eye out for phishing attacks 

Given that email addresses may have been compromised, Toyota specifically warned its customers about the possibility of phishing attacks and other unsolicited emails that may contain malware or links to malicious sites. While it’s always wise to keep a skeptical eye open for unsolicited messages that ask you for information or that contain attachments you weren’t expecting, it’s particularly important after breaches. If you receive such emails, delete them, and don’t click on any links or attachments.  

Also note that bad actors may launch phishing attacks where they pose as Toyota, all with the aim to steal personal information. Such emails can clearly look like a scam, such as when they include typos, grammatical errors, or sloppy graphics. Others can look far more sophisticated, almost like a legitimate email. Learning how to tell the two apart can take a little skill, and you can check out this quick read so you can spot and protect yourself from phishing scams. 

Consider using comprehensive online protection 

A complete suite of online protection software can offer layers of extra security. In addition to more private and secure time online with a VPN, identity monitoring, and password management, it includes web browser protection that can block malicious and suspicious links that could lead you down the road to malware or a phishing scam—which antivirus protection can’t do alone. Additionally, we offer $1M identity theft coverage and support from a recovery pro, just in case. 

Change your passwords and use a password manager 

As far as passwords go, strong and unique passwords are best, which means never reusing your passwords across different sites and platforms. Using a password manager will help you keep on top of it all, while also storing your passwords securely. Moreover, changing your passwords regularly may make a stolen password worthless because it’s out of date. 

Because so many accounts use an email address as the username, and because email addresses were exposed in the Toyota leak, updating your passwords across your accounts can provide an extra level of protection. 

Enable two-factor authentication 

While a strong and unique password is a good first line of defense, enabling two-factor authentication across your accounts will help your cause by providing an added layer of security. It’s increasingly common to see nowadays, where banks and all manner of online services will only allow access to your accounts after you’ve provided a one-time passcode sent to your email or smartphone. If your accounts support two-factor authentication, enable it. 

Consider using identity monitoring 

An identity monitoring service can monitor everything from email addresses to IDs and phone numbers for signs of breaches so you can take action to secure your accounts before they’re used for identity theft.​ Personal information harvested from data breaches can end up on dark web marketplaces where it’s bought by other bad actors so they can launch their own attacks. McAfee’s monitors the dark web for your personal info and provides early alerts if your data is found on there, an average of 10 months ahead of similar services.​ We also provide guidance to help you act if your information is found. 

Clean up your personal data online 

As mentioned earlier, information stolen in a data breach may indirectly identify you. Yet when pieced together with other information, it can then directly identify you. Cad actors can complete this identity picture puzzle with information provided by data brokers that buy and sell personal information online. However, you can take some control over this. Our Personal Data Cleanup service scans high-risk data broker sites for your personal information and then helps you remove it—which denies bad actors the information they may need to commit identity theft. 

Staying Safe in the Wake of the Toyota Data Leak 

If your personal information gets caught up in a data leak or breach, take the steps to protect yourself. Should that information get into the hands of bad actors, it could lead to follow-on attacks such as phishing attempts, account hacks, and, in extreme cases, identity crime. 

Further, as in the case of Toyota, it can take months or even years for companies to discover leaks and breaches. From there, it can take yet longer before a company announces the leak or breach. Together, that leaves bad actors with plenty of opportunity to commit all kinds of identity crime in the meantime.  

Because of this, taking preventative steps to secure and monitor your identity can help protect you from harm—even if your information wasn’t involved in an attack. With data leaks and breaches of all sizes now commonplace, a proactive stance offers far better protection than reactionary measures taken after the fact. 

The post Toyota Data Breach Exposes Customer Data – What You Can Do to Protect Yourself appeared first on McAfee Blog.

In the eyes of hackers, scammers, and thieves, your online privacy and identity look like a giant jigsaw puzzle. One that they don’t need every piece to solve. They only need a few bits to do their dirty work, which means protecting every piece you put out there—a sort of holistic view on your personal security. One that protects you, not just your devices.

Here’s what’s at stake: we create and share loads of personal information simply by going about our day online, where each bit of information makes up a piece of that giant jigsaw puzzle. Some pieces directly identify us, like our tax returns, bank account information, or driver’s licenses. Other pieces of information indirectly identify us, like the IP addresses assigned to our computers, tablets, and phones—or device ID numbers, location information, and browsing history. And bad actors only need a few key pieces to do you harm, such as committing identity crime in your name or selling your personal information on sketchy websites or the dark web. 

While people show great concern about their personal information, who has it and what’s done with it, our research shows that 70% of people feel like they have little or no control over the data that’s collected about them. However, you have plenty of ways that you can indeed take control—ways that can prevent, detect, and correct attacks on your privacy and identity. That’s where holistic protection comes in. 

What do we mean by holistic protection? 

You can think of holistic protection as layers of shields that protect you and the devices you use. It gives you three layers in all—a Prevention Layer, Detection Layer, and a Correction Layer. 

A holistic and comprehensive security solution like McAfee+ combines those three layers in a way that protects your personal information and keep your identity private, showing you how it does it along the way, so you can see exactly how safe you are. Let’s take a quick look of some of the protections you’ll find in each layer … 

In the Prevention Layer, you’ll see:  

• A virtual private network (VPN), allowing you to connect securely on a public Wi-Fi network by encrypting, or scrambling, your data while in transit so no one else sees it. It’ll also make your activity far more private, making it harder for advertisers and data collectors to track. 
• Safe browsing that warns you if a website is risky before you enter your information and can steer you clear of risky links, while a download scanner can prevent downloads of malware or malicious email attachments. 
• An integrated password manager that can create and store strong and unique passwords for each of your accounts. This way if one of your accounts is hacked, your other accounts won’t be at risk. 
• A security freeze service that can prevent hackers and thieves from opening of new credit, bank, and utility accounts in your name.​ 
• Real-time antivirus that protects your data and devices. 

In the Detection Layer, you have … 

• Identity monitoring that keeps tabs on everything from email addresses to IDs and phone numbers for signs of breaches so you can take action to secure your accounts before they’re used for identity theft. 
• McAfee’s industry-first Protection Score that monitors the health of your online protection and shows you ways you can improve your security and stay safe online. 

In the Correction Layer, several other protections have your back … 

• Identity theft protection & restoration that aids with many of the costs associated with restoring one’s identity through up to $1 million in coverage—along with the services of a licensed recovery pro to help restore your identity.​ 
• Personal data cleanup that scans some of the riskiest data broker sites and shows you which ones are selling your personal info so that you can remove it on your own or with our help, depending on your plan. 

These are just a few examples of the protections in each layer. And you’ll find our most comprehensive holistic protection in McAfee+ Ultimate, covering your privacy, identity, and devices. 

A Unified Solution for your Privacy, Identity, and Devices 

While your online privacy and identity may look a jigsaw puzzle, protecting it shouldn’t be as complicated. With a holistic security solution for your personal protection, you can minimize your exposure with layers of security that do much of the work for you. 

Antivirus on your PC is not enough. It has not been enough for many decades now. And this becomes more evident as we continue to spend more time online, with the average person spending 6 hours and 54 minutes online each day, leaving clouds of personal information in their wake. 

While standalone apps like a password manager, a VPN app, and an identity solution from different vendors can be piecemealed together with your device security, these are difficult to keep track of and burdensome to maintain. 

We have combined the important tools you need into a seamless and comprehensive experience because good security software is something that you use daily to feel safer online. This is why we are working on your behalf to redefine security, so you can enjoy your connected life with confidence. 

The post True Security Requires a Holistic Approach appeared first on McAfee Blog.

No one likes the feeling that someone is looking over their shoulder when they work, shop or surf online. But this is just what crooks and scammers do without our knowledge using “spyware.”

Spyware is a piece of software that can covertly gather information on you. It can track the websites you visit and even record what you type on your keyboard, including passwords and credit card numbers.

So, now the bad guys don’t have to steal your wallet to get access to your personal and financial information. All they need to do is trick you into installing spyware on your computer or device. Or they could install it themselves on public or shared computers using a USB drive, or similar device.

One of the more common forms of spyware found on shared computers is called a “keylogger.” It can record everything you type and send it back to the cybercrook. That’s why you should avoid using shared computers in hotels or public libraries, since they can be easily compromised.
Most spyware masquerades as legitimate software, such as free games or mobile apps. In fact, researchers believe that over three years, 1 million Google Play users downloaded a single piece of spyware alone. It appeared to be an official “System Update” application, but actually monitored the users’ location information and text messages without their knowledge.

Spyware can also easily spread online in the form of dangerous links in emails, and on social media or torrent sites, which offer free access to online content. That’s why you need to be careful where you click.

Another common form of spyware is called “adware.” Adware is used to display advertisements on your computer, or redirect your search inquiries to an advertiser’s website. Although this isn’t as harmful as spyware designed to steal your information, it is still invasive and annoying.

Since spyware is so prevalent and potentially harmful, putting both your private information and privacy at risk, it’s important that you take steps to protect yourself.

Here are some tips to keep you safe:

• Only visit trusted websites and be suspicious of sites offering “free” content or applications.
• Be careful when downloading any software or mobile apps from the web. Read other users’ reviews first to make sure the product is safe. Also, read any licensing or service agreements carefully to see if the provider is accessing more information than it needs to.
• Never leave your computer or devices unattended in public, since a cybercrook could potentially install spyware when you’re not looking.
• Avoid clicking on online ads, since they could lead to adware.
• Look out for anti-spyware scams. There are many phony “anti-spyware” tools online that offer free scans. They falsely detect multiple spyware programs on your computer to get you to buy their product.
• Make sure you use comprehensive security software that includes spyware protection, and keep it up-to-date.

The post What is Spyware? appeared first on McAfee Blog.

While we’re enjoying the fruits of digital life—our eBooks, movies, email accounts, social media profiles, eBay stores, photos, online games, and more—there will come a time we should ask ourselves, What happens to all of this good stuff when I die?

Like anything else we own, those things can be passed along through our estates too.

With the explosion of digital media, commerce, and even digital currency too, there’s a very good chance you have thousands of dollars of digital assets in your possession. For example, we can look at research we conducted in 2011 which found that people placed an average value of $37,438 on the digital assets they owned at the time. Now, with the growth of streaming services, digital currency, cloud storage, and more in the past ten years, that figure feels conservative.

Enter the notion of a digital legacy, the way you can catalog and prepare your digital assets for passing through your estate.

Getting started with estate planning for your digital assets

Like so many aspects of digital life nowadays, estate planning law has started to catch up to the realities that attorneys, executors, and heirs face when dealing with an estate and its digital assets. In the U.S., new laws are rolling out that address how digital assets are treated when the owner passes away. For example, they give fiduciaries (like an estate executor, trustee, or an agent under a power of attorney) the right to manage a person’s digital assets if they already have the right to manage a person’s tangible assets. Such laws continue to evolve, and they can vary from state to state here in the U.S.

With that in mind, nothing offered in this article is legal advice, nor should it be construed as such. For legal advice, you can and should turn to your estate attorney for counsel on the best approach for you and the laws in your area. However, consider this article as a sort of checklist that can help you with your estate planning.

My hope is that this article will open your eyes to the digital value you have to pass along, both real and sentimental, and help you prepare your estate accordingly for the ones you care about.

What are digital assets in a will?

The best answer you can get to this question will come from your legal counsel. However, for purposes of discussion, a digital asset is any text or media in digital form that has value and offers the bearer with the right to use it.

To frame it up in everyday terms, let’s look at some real-world examples of digital assets that quickly come to mind. They include but are not limited to:

• Photo libraries
• eBook libraries
• Digital movies
• Digital music
• Digital currency, such as bitcoin
• Air miles
• Hotel points

However, digital assets can readily expand to further include:

• Subscriptions to streaming services and online publications
• Online game accounts—and in-game items associated with them
• Currency stored in online payment platforms
• Online storefronts, such as eBay, Etsy, or business websites
• Website domain names, whether in use or held speculatively for later resale
• Documents kept in cloud storage, like financial documents and ancestry research

And as far as your estate is concerned, you can also consider:

• Online banking and financial accounts
• Email accounts
• Chatrooms and message boards for your interests and hobbies
• Medical and insurance accounts
• Blogs
• Utility accounts
• And any other similar accounts that may help your executor manage your estate

That’s quite the list, and it’s not entirely comprehensive, either.

Start with an inventory of your digital assets

The process of lining up your digital assets begins just like any other aspect of estate planning, by listing all the digital assets and accounts you own. From there, you can see what you have and what you’d like to distribute—and what you can distribute. In fact, when it comes to digital, there are some things you simply can’t pass along. Let’s take a closer look.

What digital assets can you pass along through your will?

Generally speaking, digital assets that you own can be passed along. “Own” is the operative word here. Many digital things we have are in fact licensed to us, which are not transferrable. More on that next, yet examples of things you can likely transfer include:

• Funds kept in an online payment account like PayPal or Venmo.
• Funds due to you via an online store you maintain.
• Cryptocurrency, like bitcoin.
• Digital music that you’ve purchased and own.

Check with your legal counsel to ensure you’re following the letter of the law in your region, and also look into any licensing agreements you may have for items like internet domain names and airline miles that you may hold to determine if they are in fact transferrable.

What digital assets are non-transferrable through your will?

This is an important topic. As mentioned above, some accounts you hold are simply licensed to you and you alone. Thus, they will not transfer. Two of the biggest examples are social media and email accounts. This can have serious repercussions if you do not leave specific instructions as to how those accounts should be handled after your passing.

For example, do you want your social media profiles to remain online as a memorial or do you want them simply to shut down? Note that different social media platforms have different policies for handling the accounts of users who have passed away. For example, Facebook allows for creating memorialized accounts that allow friends and families to continue sharing memories. Policies vary, so check with your social media platforms of choice for specifics.

Likewise, will your executor need access to your email account to handle affairs of the estate? And what about access to online accounts for paying bills and then ultimately closing those accounts? In all, these are points of discussion to have with an experienced estate attorney who knows the law in your region.

Other things to be aware of are that subscriptions to streaming accounts are likely non-transferrable as well. Often, eBooks and digital publications you own are only licensed to you as the sole owner and can’t be transferred. Again, check the agreements associated with items like these and have a talk with your attorney about them to determine what can and can’t be done with them.

Blogs and online communities

Another aspect of your digital legacy is your voice. If you’re a blogger or a participant in an online community, you may wish for a fiduciary or family member to leave a farewell post. Additionally, in the case of a blog, you may want to set up some means for your work to stay online or get archived in some manner. Again, you can work with your attorney to leave specific instructions as to what should be said and then what should be done with the blog or site in question.

Giving your executor access to your digital assets

I have a real-life example of why this is so vital. A friend of mine lost the photos of her and her husband because they were kept in an online storage account to which she had no access. And sadly, the company would not grant her access after his passing. This is often the case with many online accounts and services. Legally speaking, while the deceased may have owned the storage account and the media kept within it, the cloud storage company owns the servers on which that media is stored. The potential difficulty here is that the online service provider may view giving your personal representatives access to your account as a breach of their privacy policy or user agreements.

One way you can avoid heartbreak like this is to discuss giving your executor access to your accounts. This can be provided through a list of accounts, usernames, and passwords that are kept in a sealed letter along with your will, along with instructions that outline your wishes. This is important: a will is public record after you pass away. You won’t want info like usernames and passwords getting out there. Again, you can discuss an option such as this with your attorney.

Protecting your digital assets

One thing you can do today that can protect your digital assets for the long haul is to use comprehensive security protection. Far more than just antivirus, comprehensive security can store precious and important files securely with encryption, arm all your online accounts with strong passwords, and protect your identity as well. Features like these will help you see to it that your digital legacy is secure.

Make a plan

When I’ve brought up the idea of a digital legacy with friends, a light goes on in their head. “Of course, that makes a lot of sense.” It’s easy to take our digital possessions somewhat for granted, perhaps in a way that we simply don’t with our physical possessions. Yet as you can see, there’s a good chance that you indeed have a digital legacy to pass along. By getting organized now, you can see to it that your wishes are followed, and I hope this checklist helps you get started.

The post Digital Estate Planning – What to Do With Your Digital Assets appeared first on McAfee Blog.

“I’ll just Uber home.” 

Who hails a taxi anymore? These days, city streets are full of double-parked sedans with their hazards on, looking for their charges. Uber is synonymous with ridesharing and has made it so far into our culture that it’s not just a company name but a verb.  

Uber’s reputation has ebbed and flowed since its creation in 2009, and it’s taken another hit recently as more details are coming to light about a massive 2016 cybersecurity breach and the chief security officer’s attempts to cover it up.  

What Happened in the 2016 Uber Breach?